After the work of Building CentOS8 on ESXi6.7 with the minimum configuration I wrote earlier, I installed docker, but it broke with dnf.
I can't resolve the name with DNS even though I can ping the IP directly. Has been resolved, so I will keep it as a record.
I didn't want to do --net = host
when starting the container, so I searched for information.
On the host side, I set NAPT and it worked.
# firewall-cmd --add-masquerade --permanent
# firewall-cmd --reload
Is it because I installed it with the minimum configuration? nftables wasn't running, firewalld was working, and iptables was running behind the scenes.
nftables is stopped.
# systemctl status nftables
● nftables.service - Netfilter Tables
Loaded: loaded (/usr/lib/systemd/system/nftables.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:nft(8)
firewalld is running.
# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2020-02-08 16:28:47 JST; 27min ago
Docs: man:firewalld(1)
Main PID: 1182 (firewalld)
Tasks: 2 (limit: 23585)
Memory: 38.9M
CGroup: /system.slice/firewalld.service
mq1182 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork --nopid
iptables is running.
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (1 references)
target prot opt source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Since it will be hit by the version of the package at the time of installation, install it with --nobest
.
# dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
# dnf install --nobest docker-ce docker-ce-cli containerd.io
As a side note, include docker-compose
curl -L "https://github.com/docker/compose/releases/download/1.25.3/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
Service settings
# systemctl enable docker
# systemctl start docker
Try launching hello-world
in the test.
Hopefully you'll see Hello from Docker!
As shown below
# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
1b930d010525: Pull complete
Digest: sha256:9572f7cdcee8591948c2963463447a53466950b3fc15a247fcad1917ca215a2f
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
In order for systemctl
to work, you have to run it in / sbin / init
.
# docker pull centos:centos8
# docker run --privileged -it -d --name centos8_check centos:centos8 /sbin/init
# docker exec -it centos8_check /bin/bash
[root@fced0781866f /]#
I was able to log in.
When I try to install the epel package inside the container, I can't.
[root@fced0781866f /]# dnf install epel-release
Failed to set locale, defaulting to C.UTF-8
CentOS-8 - AppStream 0.0 B/s | 0 B 00:05
Failed to download metadata for repo 'AppStream'
Error: Failed to download metadata for repo 'AppStream'
Container → Google Public DNS can be reached by directly hitting the IP.
[root@fced0781866f /]# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=52 time=5.60 ms
The DNS of the container refers to the server in the LAN
[root@fced0781866f /]# cat /etc/resolv.conf
# Generated by NetworkManager
search prosper2.net
nameserver 10.254.10.241
Container → DNS ping passes
[root@fced0781866f /]# ping 10.254.10.241
PING 10.254.10.241 (10.254.10.241) 56(84) bytes of data.
64 bytes from 10.254.10.241: icmp_seq=1 ttl=127 time=0.467 ms
But I can't resolve the name
[root@fced0781866f /]# ping dns.google
ping: dns.google: Name or service not known
Why. .. ..
On the host side, I set NAPT and it worked.
# firewall-cmd --add-masquerade --permanent
# firewall-cmd --reload
I was able to properly dnf install epel-release
.
# dnf install epel-release
Failed to set locale, defaulting to C.UTF-8
CentOS-8 - AppStream 4.7 MB/s | 6.4 MB 00:01
CentOS-8 - Base 4.8 MB/s | 5.0 MB 00:01
CentOS-8 - Extras 6.2 kB/s | 2.1 kB 00:00
Dependencies resolved.
===============================================================================================
Package Architecture Version Repository Size
===============================================================================================
Installing:
epel-release noarch 8-5.el8 extras 22 k
Transaction Summary
===============================================================================================
Install 1 Package
Total download size: 22 k
Installed size: 30 k
Is this ok [y/N]: y
Downloading Packages:
epel-release-8-5.el8.noarch.rpm 915 kB/s | 22 kB 00:00
-----------------------------------------------------------------------------------------------
Total 36 kB/s | 22 kB 00:00
warning: /var/cache/dnf/extras-cbfb2f07b0021b7e/packages/epel-release-8-5.el8.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID 8483c65d: NOKEY
CentOS-8 - Extras 1.6 MB/s | 1.6 kB 00:00
Importing GPG key 0x8483C65D:
Userid : "CentOS (CentOS Official Signing Key) <[email protected]>"
Fingerprint: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
Is this ok [y/N]: y
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : epel-release-8-5.el8.noarch 1/1
Running scriptlet: epel-release-8-5.el8.noarch 1/1
Verifying : epel-release-8-5.el8.noarch 1/1
Installed:
epel-release-8-5.el8.noarch
Complete!
At the time of installation, --nobest
was fine for the time being, but I kept getting dependency errors.
# dnf update
Final confirmation of metadata expiration: 0:53:It was held 51 hours ago on February 08, 2020 at 16:38:36.
error:
problem: package docker-ce-3:19.03.5-3.el7.x86_64 requires containerd.io >= 1.2.2-3, but none of the providers can be installed
- cannot install the best update candidate for package docker-ce-3:18.09.1-3.el7.x86_64
- package containerd.io-1.2.10-3.2.el7.x86_64 is excluded
- package containerd.io-1.2.2-3.3.el7.x86_64 is excluded
- package containerd.io-1.2.2-3.el7.x86_64 is excluded
- package containerd.io-1.2.4-3.1.el7.x86_64 is excluded
- package containerd.io-1.2.5-3.1.el7.x86_64 is excluded
- package containerd.io-1.2.6-3.3.el7.x86_64 is excluded
(To skip non-installable packages'--skip-broken'Or try adding'--nobest'Do not use only the best candidate packages)
I don't like this, so let's force the RPM. First, find out where it is.
# grep stable /etc/yum.repos.d/docker-ce.repo
[docker-ce-stable]
baseurl=https://download.docker.com/linux/centos/7/$basearch/stable
Well, is CentOS 7 the target in the first place? .. .. Let's pick it up from here.
# dnf update https://download.docker.com/linux/centos/7/x86_64/stable/Packages/containerd.io-1.2.10-3.2.el7.x86_64.rpm
Final confirmation of metadata expiration: 1:00:It was held 47 hours ago on February 08, 2020 at 16:38:36.
containerd.io-1.2.10-3.2.el7.x86_64.rpm 7.5 MB/s | 23 MB 00:03
The dependency has been resolved.
========================================================================================================================================================================
Package architecture version repository size
========================================================================================================================================================================
upgrade:
containerd.io x86_64 1.2.10-3.2.el7 @commandline 23 M
Transaction overview
========================================================================================================================================================================
Upgrade 1 package
Total size: 23 M
Is this okay? [y/N]: y
Download package:
Performing transaction confirmation
The transaction was confirmed successfully.
Running transaction test
You have successfully tested the transaction.
Transaction is in progress
Preparation: 1/1
scriptlet running: containerd.io-1.2.10-3.2.el7.x86_64 1/1
During upgrade: containerd.io-1.2.10-3.2.el7.x86_64 1/2
scriptlet running: containerd.io-1.2.10-3.2.el7.x86_64 1/2
scriptlet running: containerd.io-1.2.0-3.el7.x86_64 2/2
Organize: containerd.io-1.2.0-3.el7.x86_64 2/2
scriptlet running: containerd.io-1.2.0-3.el7.x86_64 2/2
Verification: containerd.io-1.2.10-3.2.el7.x86_64 1/2
Verification: containerd.io-1.2.0-3.el7.x86_64 2/2
Upgraded:
containerd.io-1.2.10-3.2.el7.x86_64
Has completed!
Alright, do a big update.
# dnf update
Final confirmation of metadata expiration: 1:01:It was held 08 hours ago on February 08, 2020 at 16:38:36.
The dependency has been resolved.
========================================================================================================================================================================
Package architecture version repository size
========================================================================================================================================================================
upgrade:
docker-ce x86_64 3:19.03.5-3.el7 docker-ce-stable 24 M
Transaction overview
========================================================================================================================================================================
Upgrade 1 package
Total download size: 24 M
Is this okay? [y/N]: y
Download package:
docker-ce-19.03.5-3.el7.x86_64.rpm 7.2 MB/s | 24 MB 00:03
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
7 in total.2 MB/s | 24 MB 00:03
Performing transaction confirmation
The transaction was confirmed successfully.
Running transaction test
You have successfully tested the transaction.
Transaction is in progress
Preparation: 1/1
scriptlet running: docker-ce-3:19.03.5-3.el7.x86_64 1/1
During upgrade: docker-ce-3:19.03.5-3.el7.x86_64 1/2
scriptlet running: docker-ce-3:19.03.5-3.el7.x86_64 1/2
scriptlet running: docker-ce-3:18.09.1-3.el7.x86_64 2/2
/usr/bin/dockerd is not configured for compatibility with dockerd.
Organize: docker-ce-3:18.09.1-3.el7.x86_64 2/2
scriptlet running: docker-ce-3:18.09.1-3.el7.x86_64 2/2
Verification: docker-ce-3:19.03.5-3.el7.x86_64 1/2
Verification: docker-ce-3:18.09.1-3.el7.x86_64 2/2
Upgraded:
docker-ce-3:19.03.5-3.el7.x86_64
Has completed!
Yeah, it looks okay.
# dnf update
Final confirmation of metadata expiration: 1:01:It was held 38 hours ago on February 08, 2020 at 16:38:36.
The dependency has been resolved.
There is nothing to do.
Has completed!
Was good.
ELK Try it with the official image.
git clone https://github.com/elastic/stack-docker.git
cd stack-docker
docker-compose -f setup.yml up
docker-compose up -d
Use the password displayed during setup.
setup_1 | setup_elasticsearch | Elastic password is: [password]
https://serverfault.com/questions/987686/no-network-connectivity-to-from-docker-ce-container-on-centos-8