[英]Docker containers can't communicate in one network
我相信這個話題不止一次被提出過。 但是我找不到任何合理的解決方案。 所以這里是...
我已經在容器中部署了 Zabbix。 我只有一台運行 3 個容器的主機: zabbix-server 、 zabbix-web-nginx-mysql 、 zabbix-agent 。 所有 3 個都在一個docker-compose.yaml中定義:
我運行 Ubuntu 20.04 和 Docker 版本 20.10.1,構建 831ebea
version: '3.5'
networks:
zbx_net:
driver: bridge
services:
zabbix-server:
image: zabbix/zabbix-server-mysql:alpine-5.2-latest
ports:
- "10051:10051"
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro
- ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro
- ./zbx_env/var/lib/zabbix/export:/var/lib/zabbix/export:rw
- ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
- ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
- ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro
- ./zbx_env/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro
ulimits:
nproc: 65535
nofile:
soft: 20000
hard: 40000
env_file:
- .env_db_mysql
- .env_srv
secrets:
- MYSQL_USER
- MYSQL_PASSWORD
networks:
zbx_net:
aliases:
- zabbix-server
- zabbix-server-mysql
- zabbix-server-alpine-mysql
- zabbix-server-mysql-alpine
stop_grace_period: 30s
sysctls:
- net.ipv4.ip_local_port_range=1024 65000
- net.ipv4.conf.all.accept_redirects=0
- net.ipv4.conf.all.secure_redirects=0
- net.ipv4.conf.all.send_redirects=0
labels:
com.zabbix.description: "Zabbix server with MySQL database support"
com.zabbix.company: "Zabbix LLC"
com.zabbix.component: "zabbix-server"
com.zabbix.dbtype: "mysql"
com.zabbix.os: "alpine"
zabbix-web-nginx-mysql:
image: zabbix/zabbix-web-nginx-mysql:alpine-5.2-latest
ports:
- "8081:8080"
- "8443:8443"
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/etc/ssl/nginx:/etc/ssl/nginx:ro
- ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
env_file:
- .env_db_mysql
- .env_web
secrets:
- MYSQL_USER
- MYSQL_PASSWORD
depends_on:
- zabbix-server
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080/"]
interval: 10s
timeout: 5s
retries: 3
start_period: 30s
networks:
zbx_net:
aliases:
- zabbix-web-nginx-mysql
- zabbix-web-nginx-alpine-mysql
- zabbix-web-nginx-mysql-alpine
stop_grace_period: 10s
sysctls:
- net.core.somaxconn=65535
labels:
com.zabbix.description: "Zabbix frontend on Nginx web-server with MySQL database support"
com.zabbix.company: "Zabbix LLC"
com.zabbix.component: "zabbix-frontend"
com.zabbix.webserver: "nginx"
com.zabbix.dbtype: "mysql"
com.zabbix.os: "alpine"
zabbix-agent:
image: zabbix/zabbix-agent:alpine-5.2-latest
ports:
- "10050:10050"
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/etc/zabbix/zabbix_agentd.d:/etc/zabbix/zabbix_agentd.d:ro
- ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
- ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
- ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro
env_file:
- .env_agent
privileged: true
pid: "host"
networks:
zbx_net:
aliases:
- zabbix-agent
- zabbix-agent-passive
- zabbix-agent-alpine
stop_grace_period: 5s
labels:
com.zabbix.description: "Zabbix agent"
com.zabbix.company: "Zabbix LLC"
com.zabbix.component: "zabbix-agentd"
com.zabbix.os: "alpine"
secrets:
MYSQL_USER:
file: ./.MYSQL_USER
MYSQL_PASSWORD:
file: ./.MYSQL_PASSWORD
所有 3 個容器都在同一個用戶定義的網絡中。 因此,根據 Docker Compose 文檔,他們能夠進行通信就足夠了。 但是,如果嘗試從zabbix-agent容器中nc zabbix-server 10051連接失敗,我在zabbix-server上看不到任何連接嘗試。
我檢查了它是否可能是由防火牆引起的。 我使用nftables並創建了一個規則,允許172.0.0.0/8和172.0.0.0/8之間的所有流量。 它以某種方式幫助我連接到<host IP>:10051 (如 172.26.0.1:10051)。 雖然zabbix-agent日志仍然顯示連接被拒絕的錯誤所以我認為它仍然無法正常工作。
無論如何,我主要關心的是容器能夠按照預期的方式直接相互通信。 我也嘗試從zabbix-agent連接到zabbix-web-nginx-mysql:8081但它也沒有連接。 所以我的理解是容器間通信根本不起作用。
如果我查看zabbix_zbx.net .network,我可以看到所有 3 個容器都在那里:
[
{
"Name": "zabbix_zbx_net",
"Id": "def0d254c1077d3874c74ebd6f93a9a9895683a2cc97ffe53a0fa2524649f790",
"Created": "2020-12-22T10:02:59.55942359+01:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.27.0.0/16",
"Gateway": "172.27.0.1"
}
]
},
"Internal": false,
"Attachable": true,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"95ed96686a7607b5c8aa22bc86f69916dcc117ae118859a5254d3e001df70de9": {
"Name": "zabbix_zabbix-server_1",
"EndpointID": "98e7c97886308716b5bf85bf5c8a4bb9655df9e3d79d34a05c8b9d6bca10ae15",
"MacAddress": "02:42:ac:1b:00:03",
"IPv4Address": "172.27.0.3/16",
"IPv6Address": ""
},
"ab9216585795561226e608dc5f8a074de3d551f4e09f4caba48a111ec2d89c2b": {
"Name": "zabbix_zabbix-web-nginx-mysql_1",
"EndpointID": "0159042e1b64b7ac7f5ca3d675b7a855fa7d22aa42b4765877f4f09723f73307",
"MacAddress": "02:42:ac:1b:00:04",
"IPv4Address": "172.27.0.4/16",
"IPv6Address": ""
},
"d17b6314e3f0ade5af7f7bf770fa72f82677e3d6fe82b62bea3ae05567ceb836": {
"Name": "zabbix_zabbix-agent_1",
"EndpointID": "8799fe8af03e945fb020d39e66912a20501c08d7b715b3f4aeed531f57392c65",
"MacAddress": "02:42:ac:1b:00:02",
"IPv4Address": "172.27.0.2/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {
"com.docker.compose.network": "zbx_net",
"com.docker.compose.project": "zabbix",
"com.docker.compose.version": "1.25.0"
}
}
]
所以我不知道還有什么可以檢查的。
好的,在我的案例中,罪魁禍首是nftables 。 似乎 Docker 不適用於一個( https://github.com/moby/moby/issues/26824 )。
所以我卸載了 nftables 並將所有規則移至 iptables。 重新啟動后(但僅在此之后)問題就消失了。
Docker 容器(MariaDb、AspNet)無法在 Compose 網絡上通信
[英]Docker Containers (MariaDb, AspNet) Can't Communicate on Compose Network
如何將 2 個獨立的 docker 容器聯網以相互通信?
[英]How to network 2 separate docker containers to communicate with eachother?
為什么docker容器不能在一個網絡內通過ip互相訪問?
[英]Why docker containers can't access each other by ip within one network?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.