Date
1 - 3 of 3
container cannot communicate with the host
Youzhi Zhu
Hi all
I have an app A and a service B, service B is running on the dea server(ip 10.0.0.254), app A need to connect with service B through tcp, it works normally in my LAN, but when I push A to cf, it cannot connect to B, then I execute bin/wsh to get into the container and ping the host ip, it's unreachable, as below: *root(a)18mkbd9n808:~# ping 10.0.0.254PING 10.0.0.254 (10.0.0.254) 56(84) bytes of data.From 10.0.0.254 icmp_seq=1 Destination Port UnreachableFrom 10.0.0.254 icmp_seq=2 Destination Port Unreachable^C--- 10.0.0.254 ping statistics ---2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1002ms* But if I ping another host in the LAN. it can be reached!!! *root(a)18mkbd9n808:~# ping 10.0.0.253PING 10.0.0.253 (10.0.0.253) 56(84) bytes of data.64 bytes from 10.0.0.253 <http://10.0.0.253>: icmp_seq=1 ttl=63 time=1.60 ms64 bytes from 10.0.0.253 <http://10.0.0.253>: icmp_seq=2 ttl=63 time=0.421 ms^C--- 10.0.0.253 ping statistics ---2 packets transmitted, 2 received, 0% packet loss, time 1001msrtt min/avg/max/mdev = 0.421/1.013/1.606/0.593 ms* It's wired!!! my cf-release is cf-175 and I have only one dea server.Does anyone met this situation before? thanks! |
|
Lev Berman <lev.berman@...>
As far as I know, it is so by design - in order to setup a connection to
toggle quoted message
Show quoted text
the same host you need to explicitly tell Warden to allow external traffic - https://github.com/cloudfoundry/warden/blob/master/warden/README.md#net-handle-out-addressmaskport . In more details: 1) ssh into your VM with DEA 2) find your Warden handle in /var/vcap/data/dea_ng/db/instances.json - "warden_handle" field for the hash describing your specific application ("application_id" value is the same as cf app --guid) 3) cd into /var/vcap/packages/warden/warden 4) bundle install 5) ./bin/warden --socket /var/vcap/data/warden/warden.sock 6) > net_out --handle <your handle from instances.json> --port <your port to open> This is for CF v208, an earlier version of Warden client may have slightly different API - see command help.
On Fri, May 22, 2015 at 10:21 AM, Youzhi Zhu <zhuyouzhi03(a)gmail.com> wrote:
Hi all
--
Lev Berman Altoros - Cloud Foundry deployment, training and integration Github *: https://github.com/ldmberman <https://github.com/ldmberman>* |
|
Matthew Sykes <matthew.sykes@...>
Warden explicitly disables access to the container host. If you move up to
toggle quoted message
Show quoted text
a more recent level of cf-release, that behavior is configurable with the `allow_host_access` flag. When that flag is true, this line is skipped: https://github.com/cloudfoundry/warden/blob/4f1e5c049a12199fdd1f29cde15c9a786bd5fac8/warden/root/linux/net.sh#L128 At the level you're at, that rule is always specified so you'd have to manually change it. https://github.com/cloudfoundry/warden/blob/17f34e2d7ff1994856a61961210a82e83f24ecac/warden/root/linux/net.sh#L124
On Fri, May 22, 2015 at 3:21 AM, Youzhi Zhu <zhuyouzhi03(a)gmail.com> wrote:
Hi all
--
Matthew Sykes matthew.sykes(a)gmail.com |
|