服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 在Ubuntu 16.04上的Dockernetworking问题
Intereting Posts
在HP服务器上configurationILO端口 什么是根服务器托pipe? 随机高CPU负载在Linux机器上 在GKE日志中检测Kubernetes OOMKilled事件 慢加载Magento商务主页 监控Apache:parsing状态页面? NTBackup失败,声称硬件故障或权限问题,但所有硬件被replace /etc/resolv.conf不断重置自己 如何在iscsi目标上设置基于客户端的ACL? 在Windows Server 2008 R2上WINNT Apache MPM“ThreadsPerChild”configuration 启动托pipe的Windows部署 我需要在Rackspace专用/托pipe的Web和数据库(Linux)服务器上使用防病毒软件吗? nginx重写特定的文件 CentOS作为Windows 7的驱动器 如何检查Windows服务器是否是虚拟服务器

在Ubuntu 16.04上的Dockernetworking问题

我有一个运行在cloudfoundry下的Ubuntu 16.04 x86_64系统。
最新的docker ce被安装了,然后我也尝试了beta。

目前在
Docker版本17.09.0-ce,编译afdb6d4

我正在Docker下运行hadoop(HDP 2.6.1),这暴露了一堆端口,可以在docker主机上正常访问。

不过,我似乎无法从其他系统访问任何这些端口。 尽我所能看到的

  1. 在内核中启用转发(请参阅下面的sysctl -a)
  2. 我认为iptables是好的
  3. CFnetworking中的外部防火墙被设置为允许这些端口 – 事实上,我正在使用与我自己的系统运行几乎相同的代码(非docker)相同的安全组之一,并且在那里工作,build议防火墙configuration就好了。

这个93b77a0480c7 sandbox-hdp “/usr/sbin/sshd -D” 12 hours ago Up 12 hours 0.0.0.0:1000->1000/tcp, 0.0.0.0:1100->1100/tcp, 0.0.0.0:1220->1220/tcp, 0.0.0.0:1988->1988/tcp, 0.0.0.0:2100->2100/tcp, 0.0.0.0:2181->2181/tcp, 0.0.0.0:4040->4040/tcp, 0.0.0.0:4200->4200/tcp, 0.0.0.0:5007->5007/tcp, 0.0.0.0:5011->5011/tcp, 0.0.0.0:6001->6001/tcp, 0.0.0.0:6003->6003/tcp, 0.0.0.0:6008->6008/tcp, 0.0.0.0:6080->6080/tcp, 0.0.0.0:6188->6188/tcp, 0.0.0.0:8000->8000/tcp, 0.0.0.0:8005->8005/tcp, 0.0.0.0:8020->8020/tcp, 0.0.0.0:8040->8040/tcp, 0.0.0.0:8042->8042/tcp, 0.0.0.0:8050->8050/tcp, 0.0.0.0:8080->8080/tcp, 0.0.0.0:8082->8082/tcp, 0.0.0.0:8086->8086/tcp, 0.0.0.0:8088->8088/tcp, 0.0.0.0:8090-8091->8090-8091/tcp, 0.0.0.0:8188->8188/tcp, 0.0.0.0:8443->8443/tcp, 0.0.0.0:8744->8744/tcp, 0.0.0.0:8765->8765/tcp, 0.0.0.0:8886->8886/tcp, 0.0.0.0:8888-8889->8888-8889/tcp, 0.0.0.0:8983->8983/tcp, 0.0.0.0:8993->8993/tcp, 0.0.0.0:9000->9000/tcp, 0.0.0.0:9090->9090/tcp, 0.0.0.0:9995-9996->9995-9996/tcp, 0.0.0.0:10000-10001->10000-10001/tcp, 0.0.0.0:10500->10500/tcp, 0.0.0.0:11000->11000/tcp, 0.0.0.0:15000->15000/tcp, 0.0.0.0:16010->16010/tcp, 0.0.0.0:16030->16030/tcp, 0.0.0.0:18080->18080/tcp, 0.0.0.0:19888->19888/tcp, 0.0.0.0:21000->21000/tcp, 0.0.0.0:42111->42111/tcp, 0.0.0.0:50070->50070/tcp, 0.0.0.0:50075->50075/tcp, 0.0.0.0:50095->50095/tcp, 0.0.0.0:50111->50111/tcp, 0.0.0.0:60000->60000/tcp, 0.0.0.0:60080->60080/tcp, 0.0.0.0:61888->61888/tcp, 0.0.0.0:2222->22/tcp sandbox镜像正在运行: 93b77a0480c7 sandbox-hdp “/usr/sbin/sshd -D” 12 hours ago Up 12 hours 0.0.0.0:1000->1000/tcp, 0.0.0.0:1100->1100/tcp, 0.0.0.0:1220->1220/tcp, 0.0.0.0:1988->1988/tcp, 0.0.0.0:2100->2100/tcp, 0.0.0.0:2181->2181/tcp, 0.0.0.0:4040->4040/tcp, 0.0.0.0:4200->4200/tcp, 0.0.0.0:5007->5007/tcp, 0.0.0.0:5011->5011/tcp, 0.0.0.0:6001->6001/tcp, 0.0.0.0:6003->6003/tcp, 0.0.0.0:6008->6008/tcp, 0.0.0.0:6080->6080/tcp, 0.0.0.0:6188->6188/tcp, 0.0.0.0:8000->8000/tcp, 0.0.0.0:8005->8005/tcp, 0.0.0.0:8020->8020/tcp, 0.0.0.0:8040->8040/tcp, 0.0.0.0:8042->8042/tcp, 0.0.0.0:8050->8050/tcp, 0.0.0.0:8080->8080/tcp, 0.0.0.0:8082->8082/tcp, 0.0.0.0:8086->8086/tcp, 0.0.0.0:8088->8088/tcp, 0.0.0.0:8090-8091->8090-8091/tcp, 0.0.0.0:8188->8188/tcp, 0.0.0.0:8443->8443/tcp, 0.0.0.0:8744->8744/tcp, 0.0.0.0:8765->8765/tcp, 0.0.0.0:8886->8886/tcp, 0.0.0.0:8888-8889->8888-8889/tcp, 0.0.0.0:8983->8983/tcp, 0.0.0.0:8993->8993/tcp, 0.0.0.0:9000->9000/tcp, 0.0.0.0:9090->9090/tcp, 0.0.0.0:9995-9996->9995-9996/tcp, 0.0.0.0:10000-10001->10000-10001/tcp, 0.0.0.0:10500->10500/tcp, 0.0.0.0:11000->11000/tcp, 0.0.0.0:15000->15000/tcp, 0.0.0.0:16010->16010/tcp, 0.0.0.0:16030->16030/tcp, 0.0.0.0:18080->18080/tcp, 0.0.0.0:19888->19888/tcp, 0.0.0.0:21000->21000/tcp, 0.0.0.0:42111->42111/tcp, 0.0.0.0:50070->50070/tcp, 0.0.0.0:50075->50075/tcp, 0.0.0.0:50095->50095/tcp, 0.0.0.0:50111->50111/tcp, 0.0.0.0:60000->60000/tcp, 0.0.0.0:60080->60080/tcp, 0.0.0.0:61888->61888/tcp, 0.0.0.0:2222->22/tcp sandbox 93b77a0480c7 sandbox-hdp “/usr/sbin/sshd -D” 12 hours ago Up 12 hours 0.0.0.0:1000->1000/tcp, 0.0.0.0:1100->1100/tcp, 0.0.0.0:1220->1220/tcp, 0.0.0.0:1988->1988/tcp, 0.0.0.0:2100->2100/tcp, 0.0.0.0:2181->2181/tcp, 0.0.0.0:4040->4040/tcp, 0.0.0.0:4200->4200/tcp, 0.0.0.0:5007->5007/tcp, 0.0.0.0:5011->5011/tcp, 0.0.0.0:6001->6001/tcp, 0.0.0.0:6003->6003/tcp, 0.0.0.0:6008->6008/tcp, 0.0.0.0:6080->6080/tcp, 0.0.0.0:6188->6188/tcp, 0.0.0.0:8000->8000/tcp, 0.0.0.0:8005->8005/tcp, 0.0.0.0:8020->8020/tcp, 0.0.0.0:8040->8040/tcp, 0.0.0.0:8042->8042/tcp, 0.0.0.0:8050->8050/tcp, 0.0.0.0:8080->8080/tcp, 0.0.0.0:8082->8082/tcp, 0.0.0.0:8086->8086/tcp, 0.0.0.0:8088->8088/tcp, 0.0.0.0:8090-8091->8090-8091/tcp, 0.0.0.0:8188->8188/tcp, 0.0.0.0:8443->8443/tcp, 0.0.0.0:8744->8744/tcp, 0.0.0.0:8765->8765/tcp, 0.0.0.0:8886->8886/tcp, 0.0.0.0:8888-8889->8888-8889/tcp, 0.0.0.0:8983->8983/tcp, 0.0.0.0:8993->8993/tcp, 0.0.0.0:9000->9000/tcp, 0.0.0.0:9090->9090/tcp, 0.0.0.0:9995-9996->9995-9996/tcp, 0.0.0.0:10000-10001->10000-10001/tcp, 0.0.0.0:10500->10500/tcp, 0.0.0.0:11000->11000/tcp, 0.0.0.0:15000->15000/tcp, 0.0.0.0:16010->16010/tcp, 0.0.0.0:16030->16030/tcp, 0.0.0.0:18080->18080/tcp, 0.0.0.0:19888->19888/tcp, 0.0.0.0:21000->21000/tcp, 0.0.0.0:42111->42111/tcp, 0.0.0.0:50070->50070/tcp, 0.0.0.0:50075->50075/tcp, 0.0.0.0:50095->50095/tcp, 0.0.0.0:50111->50111/tcp, 0.0.0.0:60000->60000/tcp, 0.0.0.0:60080->60080/tcp, 0.0.0.0:61888->61888/tcp, 0.0.0.0:2222->22/tcp sandbox

内核转发似乎是好的:

cloudu 

 sr@dev:~$ sudo sysctl -a | grep '.forwarding' net.ipv4.conf.all.forwarding = 1 net.ipv4.conf.default.forwarding = 1 net.ipv4.conf.docker0.forwarding = 1 net.ipv4.conf.ens3.forwarding = 1 net.ipv4.conf.lo.forwarding = 1 net.ipv4.conf.veth61e5501.forwarding = 1 sysctl: reading key "net.ipv6.conf.all.stable_secret" net.ipv6.conf.all.forwarding = 1 sysctl: reading key "net.ipv6.conf.default.stable_secret" net.ipv6.conf.default.forwarding = 1 sysctl: reading key "net.ipv6.conf.docker0.stable_secret" net.ipv6.conf.docker0.forwarding = 1 sysctl: reading key "net.ipv6.conf.ens3.stable_secret" net.ipv6.conf.ens3.forwarding = 1 sysctl: reading key "net.ipv6.conf.lo.stable_secret" net.ipv6.conf.lo.forwarding = 1 sysctl: reading key "net.ipv6.conf.veth61e5501.stable_secret" net.ipv6.conf.veth61e5501.forwarding = 1

iptables看起来对我好 

 cloudusr@dev:~$ sudo iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy DROP) target prot opt source destination DOCKER-USER all – anywhere anywhere DOCKER-ISOLATION all – anywhere anywhere ACCEPT all – anywhere anywhere ctstate RELATED,ESTABLISHED DOCKER all – anywhere anywhere ACCEPT all – anywhere anywhere ACCEPT all – anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain DOCKER (1 references) target prot opt source destination ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:61888 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:60080 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:60000 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:50111 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:50095 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:50075 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:50070 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:42111 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:21000 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:19888 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:18080 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:16030 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:16010 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:15000 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:11000 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:10500 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:10001 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:webmin ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:9996 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:9995 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:9090 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:9000 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:8993 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:8983 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:8889 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:8888 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:8886 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:8765 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:8744 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:8443 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:8188 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:8091 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:8090 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:omniorb ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:8086 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:8082 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:http-alt ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:8050 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:8042 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:8040 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:8020 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:8005 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:8000 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:6188 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:6080 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:6008 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:x11-3 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:x11-1 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:5011 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:5007 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:4200 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:4040 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:2181 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:2100 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:1988 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:1220 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:1100 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:1000 ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:ssh Chain DOCKER-ISOLATION (1 references) target prot opt source destination RETURN all – anywhere anywhere Chain DOCKER-USER (1 references) target prot opt source destination RETURN all – anywhere anywhere

Ubuntu本身是最新的 – 目前的内核是 

 cloudusr@dev:~$ uname -a Linux dev 4.4.0-96-generic #119-Ubuntu SMP Tue Sep 12 14:59:54 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux