curl挂在docker中,但不在主机上
[英]curl hangs in docker, but not on host machine
问题描述
We're currently having an issue where curl bigquery.googleapis.com sometimes hangs indefinitely inside a ubuntu:20.04 local docker container, but always works (returns a 404) on the host macOS machine and in production.
我们目前遇到的问题是curl bigquery.googleapis.com有时会在ubuntu:20.04本地 docker 容器内无限期挂起,但在主机 macOS 机器上和生产环境中始终有效(返回 404)。 The container is running a Python Flask application.容器正在运行 Python Flask 应用程序。
Some observations:一些观察:
- It's flakey,
curl bigquery.googleapis.comworks when the container initializes, but trying again ~10 mins later hangs.它很脆弱, curl bigquery.googleapis.com在容器初始化时工作,但在大约 10 分钟后再次尝试挂起。 Eventually, the command will work again andcurl -vshows it's trying to connect to a different IP.最终,该命令将再次运行,并且curl -v显示它正在尝试连接到不同的 IP。 - We don't have this issue on production, or on any host machine.我们在生产或任何主机上都没有这个问题。
- Different people on our team experience the issue at different times, on different IPs.我们团队中的不同人在不同的时间、不同的 IP 上遇到了这个问题。
- During the issue, connections to other google services (eg
curl servicemanagement.googleapis.com) works fine.在此问题期间,与其他谷歌服务(例如curl servicemanagement.googleapis.com)的连接工作正常。 - During the issue, the command works in another docker container with a different image.在问题期间,该命令在另一个具有不同图像的 docker 容器中工作。
- Issue has occurred across many macOS Docker versions.许多 macOS Docker 版本都出现了问题。
- Curling directly to the IPv4 address also hangs.直接卷曲到 IPv4 地址也会挂起。
Interestingly, doing netstat on the host machine shows all connections as ESTABLISHED , but doing netstat inside the container shows them as SYN_SENT .有趣的是,在主机上执行netstat所有连接显示为ESTABLISHED ,但在容器内执行netstat会将它们显示为SYN_SENT 。
We hypothesize that the connection is being kept alive on the host, but is killed in the container.我们假设连接在主机上保持活动状态,但在容器中被终止。 Or, certain ACKs aren't being forwarded correctly to the container for some reason.或者,由于某种原因,某些 ACK 没有正确转发到容器。
netstat on macOS macOS 上的netstat
netstat inside container容器内的netstat
TCP Dump TCP 转储
curl -v output curl -v 输出
root@cf8bd850e9ab:/code# curl -v bigquery.googleapis.com
* Trying 142.251.35.170:80...
* TCP_NODELAY set
* Trying 2607:f8b0:4006:81e::200a:80...
* TCP_NODELAY set
* Immediate connect fail for 2607:f8b0:4006:81e::200a: Cannot assign requested address
* Trying 2607:f8b0:4006:81e::200a:80...
* TCP_NODELAY set
* Immediate connect fail for 2607:f8b0:4006:81e::200a: Cannot assign requested address
* Trying 2607:f8b0:4006:81e::200a:80...
* TCP_NODELAY set
* Immediate connect fail for 2607:f8b0:4006:81e::200a: Cannot assign requested address
* Trying 2607:f8b0:4006:81e::200a:80...
* TCP_NODELAY set
* Immediate connect fail for 2607:f8b0:4006:81e::200a: Cannot assign requested address
Additional output:附加输出:
-
netstat -p: https://pastebin.com/sKQ23yahnetstat -p: https ://pastebin.com/sKQ23yah -
curl --ipv4: https://pastebin.com/3N7Q6aB4curl --ipv4: https ://pastebin.com/3N7Q6aB4
1 个解决方案
解决方案1
0 2022-06-16 17:04:41
您可以在使用--dns标志运行容器时指定 DNS,也可以通过在/etc/docker/daemon.json中添加一个条目来配置它,这可能有助于解决问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.