Docker - 在企业网络中构建映像时,网络呼叫失败 [英] Docker - Network calls fail during image build on corporate network
问题描述
#DOCKER- VERSION 0.3.4
FROM centos:6.4
#启用Node.js的EPEL
运行rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel -release-6-8.noarch.rpm
#安装Node.js和npm
运行yum install -y npm
#捆绑应用程序源
添加。 / src
#安装应用程序依赖项
RUN cd / src; npm安装
EXPOSE 8080
CMD [node,/src/index.js]
当我在家里的笔记本电脑上建立自己的无线网络时,这个工作正常。它会拉下必要的依赖关系并正确地构建图像。
然而,当我在工作中的公司网络上时,同样的Docker构建在尝试下拉时失败来自download.fedoraproject.org的RPM,出现以下错误信息:
步骤2:运行rpm -Uvh http://download.fedoraproject.org/pub/epel/6/ i386 / epel-release-6-8.noarch.rpm
--->在e0c26afe9ed5中运行
curl:(5)无法解析代理proxy.fsglobal.net
错误:跳过 http:/ /download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm - 转移失败
在我的公司网络上,我可以从我的笔记本电脑访问该网址。但是,一旦Docker正在尝试构建容器,突然间就无法解决。对于各种外部资源(apt-get等),这种行为是一样的:他们都可以在公司网络上的笔记本电脑上解决问题,但Docker无法解决问题。
我没有网络技术知道这里发生了什么。有人知道为什么在构建Docker容器时会发生这种奇怪的行为?
我能够弄清楚这个问题。在Ubuntu上,Docker将容器的DNS服务器设置为8.8.8.x的Google服务器。据了解,这是Ubuntu的一个解决方法,因为Ubuntu将/etc/resolv.conf设置为127.0.0.1。
这些Google服务器无法从防火墙后面访问,这就是为什么我们无法解析任何URL。
修复是告诉Docker要使用的DNS服务器。这个修复取决于您如何安装Docker:
Ubuntu软件包
如果您安装了Ubuntu软件包,请编辑/ etc / default / docker并添加以下行:
DOCKER_OPTS = - dns< your_dns_server_1> --dns< ; your_dns_server_2>中
您可以根据需要添加尽可能多的DNS服务器。编辑此文件后,您将需要重新启动Docker服务:
sudo service docker restart
二进制文件
如果您已经通过二进制文件方法安装了Docker (即没有包),然后在启动Docker守护程序时设置DNS服务器:
sudo docker -d -D - -dns< your_dns_server_1> --dns< your_dns_server_2> &安培;
I'm having a problem building Docker images on my corporate network. I'm just getting started with Docker, so I have the following Dockerfile for a hello-world type app:
# DOCKER-VERSION 0.3.4
FROM centos:6.4
# Enable EPEL for Node.js
RUN rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
# Install Node.js and npm
RUN yum install -y npm
# Bundle app source
ADD . /src
# Install app dependencies
RUN cd /src; npm install
EXPOSE 8080
CMD ["node", "/src/index.js"]
This works fine when I build it on my laptop at home, on my own wireless network. It pulls down the requisite dependencies and builds the image correctly.
However, when I'm on my corporate network at work, this same docker build fails when trying to pull down the RPM from download.fedoraproject.org, with this error message:
Step 2 : RUN rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm ---> Running in e0c26afe9ed5 curl: (5) Couldn't resolve proxy 'proxy.fsglobal.net' error: skipping http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm - transfer failed
On my corporate network, I can access that URL just fine from my laptop. But once Docker is trying to build the container, all of a sudden it can't resolve at all. This behavior is the same for a variety of external resources (apt-get, etc.): They all can resolve just fine on my laptop on the corporate network, but Docker can't resolve them.
I don't have the network know-how to figure out what's going on here. Does anyone know why this strange behaviour would be occurring when building Docker containers?
I was able to figure out the issue. On Ubuntu, Docker sets the DNS servers for container to Google's servers at 8.8.8.x. As I understand it, this is a workaround on Ubuntu due to the fact that Ubuntu sets /etc/resolv.conf to be 127.0.0.1.
Those Google servers weren't accessible from behind our firewall, which is why we couldn't resolve any URLs.
The fix is to tell Docker which DNS servers to use. This fix depends on how you installed Docker:
Ubuntu Package
If you have the Ubuntu package installed, edit /etc/default/docker and add the following line:
DOCKER_OPTS="--dns <your_dns_server_1> --dns <your_dns_server_2>"
You can add as many DNS servers as you want to this config. Once you've edited this file you'll want to restart your Docker service:
sudo service docker restart
Binaries
If you've installed Docker via the binaries method (i.e. no package), then you set the DNS servers when you start the Docker daemon:
sudo docker -d -D --dns <your_dns_server_1> --dns <your_dns_server_2> &
这篇关于Docker - 在企业网络中构建映像时,网络呼叫失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
