在企业网络上构建映像期间网络调用失败 [英] Network calls fail during image build on corporate network
问题描述
我在公司网络上构建 Docker 映像时遇到问题.我刚刚开始使用 Docker,所以我有以下 Dockerfile 用于 hello-world 类型的应用程序:
I'm having a problem building Docker images on my corporate network. I'm just getting started with Docker, so I have the following Dockerfile for a hello-world type app:
# DOCKER-VERSION 0.3.4
FROM centos:6.4
# Enable EPEL for Node.js
RUN rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
# Install Node.js and npm
RUN yum install -y npm
# Bundle app source
ADD . /src
# Install app dependencies
RUN cd /src; npm install
EXPOSE 8080
CMD ["node", "/src/index.js"]
当我在家里的笔记本电脑上,在我自己的无线网络上构建它时,这很好用.它会提取必要的依赖项并正确构建映像.
This works fine when I build it on my laptop at home, on my own wireless network. It pulls down the requisite dependencies and builds the image correctly.
然而,当我在我的公司网络上工作时,当我尝试从 download.fedoraproject.org 拉下 RPM 时,同样的 docker build 会失败,并显示以下错误消息:
However, when I'm on my corporate network at work, this same docker build fails when trying to pull down the RPM from download.fedoraproject.org, with this error message:
第 2 步:运行 rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm---> 在 e0c26afe9ed5 中运行curl: (5) 无法解析代理some.proxy.address"错误:跳过 http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm - 传输失败
Step 2 : RUN rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm ---> Running in e0c26afe9ed5 curl: (5) Couldn't resolve proxy 'some.proxy.address' error: skipping http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm - transfer failed
在我的公司网络上,我可以通过笔记本电脑很好地访问该 URL.但是一旦 Docker 尝试构建容器,突然之间它根本无法解析.对于各种外部资源(apt-get 等),这种行为是相同的:它们都可以在公司网络上的笔记本电脑上正常解析,但 Docker 无法解析它们.
On my corporate network, I can access that URL just fine from my laptop. But once Docker is trying to build the container, all of a sudden it can't resolve at all. This behavior is the same for a variety of external resources (apt-get, etc.): They all can resolve just fine on my laptop on the corporate network, but Docker can't resolve them.
我没有网络知识来弄清楚这里发生了什么.有谁知道为什么在构建 Docker 容器时会发生这种奇怪的行为?
I don't have the network know-how to figure out what's going on here. Does anyone know why this strange behaviour would be occurring when building Docker containers?
推荐答案
我能够找出问题所在.在 Ubuntu 上,Docker 将容器的 DNS 服务器设置为 8.8.8.x 处的 Google 服务器.据我了解,这是 Ubuntu 上的一种解决方法,因为 Ubuntu 将/etc/resolv.conf 设置为 127.0.0.1.
I was able to figure out the issue. On Ubuntu, Docker sets the DNS servers for container to Google's servers at 8.8.8.x. As I understand it, this is a workaround on Ubuntu due to the fact that Ubuntu sets /etc/resolv.conf to be 127.0.0.1.
无法从我们的防火墙后面访问那些 Google 服务器,这就是我们无法解析任何 URL 的原因.
Those Google servers weren't accessible from behind our firewall, which is why we couldn't resolve any URLs.
解决方法是告诉 Docker 使用哪些 DNS 服务器.此修复取决于您安装 Docker 的方式:
The fix is to tell Docker which DNS servers to use. This fix depends on how you installed Docker:
如果您安装了 Ubuntu 软件包,请编辑/etc/default/docker 并添加以下行:
If you have the Ubuntu package installed, edit /etc/default/docker and add the following line:
DOCKER_OPTS="--dns <your_dns_server_1> --dns <your_dns_server_2>"
您可以在此配置中添加任意数量的 DNS 服务器.编辑此文件后,您将需要重新启动 Docker 服务:
You can add as many DNS servers as you want to this config. Once you've edited this file you'll want to restart your Docker service:
sudo service docker restart
二进制文件
如果你已经通过二进制方法安装了 Docker(即没有包),那么你在启动 Docker 守护进程时设置了 DNS 服务器:
Binaries
If you've installed Docker via the binaries method (i.e. no package), then you set the DNS servers when you start the Docker daemon:
sudo docker -d -D --dns <your_dns_server_1> --dns <your_dns_server_2> &
这篇关于在企业网络上构建映像期间网络调用失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
