为 Cloud Foundry 安装 IBM 容器插件 (cf ic) 挂起然后失败
Installing the IBM containers plug-in (cf ic) for Cloud Foundry hangs and then fails
IBM containers plug-in for the Cloud Foundry CLI 在 cf install-plugin https://static-ice.ng.bluemix.net/ibm-containers-linux_x64 之后挂起。
下载成功:
Attention: Plugins are binaries written by potentially untrusted authors. Install and use plugins at your own risk.
Do you want to install the plugin https://static-ice.ng.bluemix.net/ibm-containers-linux_x64? (y or n)> y
Attempting to download binary file from internet address...
10270368 bytes downloaded...
但是在尝试安装插件时挂起:
Installing plugin /tmp/ibm-containers-linux_x64...
几分钟后超时:
FAILED
exit status 1
系统信息:
NAME="CentOS Linux"
VERSION="7 (Core)"
Linux 3.10.0-229.14.1.el7.x86_64 #1 SMP Tue Sep 15 15:05:51 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
Cloud Foundry CLI version: cf version 6.17.0+5d0be0a-2016-04-15
Docker version:Docker version 1.11.1, build 5604cbe
总结
确保主机环回接口上允许通信。
例如,如果 iptables 正在限制此流量,则以下规则可以解决问题:
iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
更多信息
容器插件安装使用环回接口上的随机端口。如果无法通信,则安装失败。就我而言,iptables 不允许通信。例如,这里的 tcpdump 输出显示了两次失败的尝试:
Watching the local interface withtcpdump -i lo`
# Attempt 1
15:50:16.255178 IP test-host.55308 > test-host.48267: Flags [S], seq 1877515918, win 43690, options [mss 65495,sackOK,TS val 964453 ecr 0,nop,wscale 8], length 0
15:50:17.257624 IP test-host.55308 > test-host.48267: Flags [S], seq 1877515918, win 43690, options [mss 65495,sackOK,TS val 965456 ecr 0,nop,wscale 8], length 0
15:50:19.261636 IP test-host.55308 > test-host.48267: Flags [S], seq 1877515918, win 43690, options [mss 65495,sackOK,TS val 967460 ecr 0,nop,wscale 8], length 0
# Attempt 2
15:51:00.594373 IP test-host.34226 > test-host.40708: Flags [S], seq 2060304501, win 43690, options [mss 65495,sackOK,TS val 1008792 ecr 0,nop,wscale 8], length 0
15:51:01.595663 IP test-host.34226 > test-host.40708: Flags [S], seq 2060304501, win 43690, options [mss 65495,sackOK,TS val 1009794 ecr 0,nop,wscale 8], length 0
15:51:03.601633 IP test-host.34226 > test-host.40708: Flags [S], seq 2060304501, win 43690, options [mss 65495,sackOK,TS val 1011800 ecr 0,nop,wscale 8], length 0
添加快速规则以允许环回地址上的流量有效:
iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
这是在 iptables 中添加规则并再次尝试安装插件后的 tcpdump:
listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes
16:19:05.431084 IP test-host.37935 > test-host.38894: Flags [S], seq 895212894, win 43690, options [mss 65495,sackOK,TS val 2693629 ecr 0,nop,wscale 8], length 0
16:19:05.431105 IP test-host.38894 > test-host.37935: Flags [S.], seq 2727344571, ack 895212895, win 43690, options [mss 65495,sackOK,TS val 2693629 ecr 2693629,nop,wscale 8], length 0
16:19:05.431122 IP test-host.37935 > test-host.38894: Flags [.], ack 1, win 171, options [nop,nop,TS val 2693629 ecr 2693629], length 0
16:19:05.431224 IP test-host.37935 > test-host.38894: Flags [F.], seq 1, ack 1, win 171, options [nop,nop,TS val 2693629 ecr 2693629], length 0
16:19:05.431263 IP test-host.37936 > test-host.38894: Flags [S], seq 349222338, win 43690, options [mss 65495,sackOK,TS val 2693629 ecr 0,nop,wscale 8], length 0
16:19:05.431270 IP test-host.38894 > test-host.37936: Flags [S.], seq 496327229, ack 349222339, win 43690, options [mss 65495,sackOK,TS val 2693629 ecr 2693629,nop,wscale 8], length 0
16:19:05.431279 IP test-host.37936 > test-host.38894: Flags [.], ack 1, win 171, options [nop,nop,TS val 2693629 ecr 2693629], length 0
16:19:05.431486 IP test-host.38894 > test-host.37935: Flags [F.], seq 1, ack 2, win 171, options [nop,nop,TS val 2693629 ecr 2693629], length 0
16:19:05.431503 IP test-host.37935 > test-host.38894: Flags [.], ack 2, win 171, options [nop,nop,TS val 2693629 ecr 2693629], length 0
16:19:05.431654 IP test-host.37936 > test-host.38894: Flags [P.], seq 1:3043, ack 1, win 171, options [nop,nop,TS val 2693630 ecr 2693629], length 3042
16:19:05.431666 IP test-host.38894 > test-host.37936: Flags [.], ack 3043, win 505, options [nop,nop,TS val 2693630 ecr 2693630], length 0
16:19:05.432294 IP test-host.38894 > test-host.37936: Flags [P.], seq 1:97, ack 3043, win 512, options [nop,nop,TS val 2693630 ecr 2693630], length 96
16:19:05.432304 IP test-host.37936 > test-host.38894: Flags [.], ack 97, win 171, options [nop,nop,TS val 2693630 ecr 2693630], length 0
16:19:05.432993 IP test-host.37936 > test-host.38894: Flags [F.], seq 3043, ack 97, win 171, options [nop,nop,TS val 2693631 ecr 2693630], length 0
16:19:05.433059 IP test-host.38894 > test-host.37936: Flags [F.], seq 97, ack 3044, win 512, options [nop,nop,TS val 2693631 ecr 2693631], length 0
16:19:05.433070 IP test-host.37936 > test-host.38894: Flags [.], ack 98, win 171, options [nop,nop,TS val 2693631 ecr 2693631], length 0
插件输出:
Attention: Plugins are binaries written by potentially untrusted authors. Install and use plugins at your own risk.
Do you want to install the plugin https://static-ice.ng.bluemix.net/ibm-containers-linux_x64? (y or n)> y
Attempting to download binary file from internet address...
10270368 bytes downloaded...
Installing plugin /tmp/ibm-containers-linux_x64...
OK
Plugin IBM-Containers v0.8.878 successfully installed.
您可以选择使用浏览器手动下载它,然后从下载路径安装它。
例如
$ cf install-plugin path/to/ibm-plugin-file
这是 IBM 插件存储库 links 的 link。
没试过,如果有效请告诉我:)
IBM containers plug-in for the Cloud Foundry CLI 在 cf install-plugin https://static-ice.ng.bluemix.net/ibm-containers-linux_x64 之后挂起。
下载成功:
Attention: Plugins are binaries written by potentially untrusted authors. Install and use plugins at your own risk.
Do you want to install the plugin https://static-ice.ng.bluemix.net/ibm-containers-linux_x64? (y or n)> y
Attempting to download binary file from internet address...
10270368 bytes downloaded...
但是在尝试安装插件时挂起:
Installing plugin /tmp/ibm-containers-linux_x64...
几分钟后超时:
FAILED
exit status 1
系统信息:
NAME="CentOS Linux"
VERSION="7 (Core)"
Linux 3.10.0-229.14.1.el7.x86_64 #1 SMP Tue Sep 15 15:05:51 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
Cloud Foundry CLI version: cf version 6.17.0+5d0be0a-2016-04-15
Docker version:Docker version 1.11.1, build 5604cbe
总结
确保主机环回接口上允许通信。
例如,如果 iptables 正在限制此流量,则以下规则可以解决问题:
iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
更多信息
容器插件安装使用环回接口上的随机端口。如果无法通信,则安装失败。就我而言,iptables 不允许通信。例如,这里的 tcpdump 输出显示了两次失败的尝试:
Watching the local interface withtcpdump -i lo`
# Attempt 1
15:50:16.255178 IP test-host.55308 > test-host.48267: Flags [S], seq 1877515918, win 43690, options [mss 65495,sackOK,TS val 964453 ecr 0,nop,wscale 8], length 0
15:50:17.257624 IP test-host.55308 > test-host.48267: Flags [S], seq 1877515918, win 43690, options [mss 65495,sackOK,TS val 965456 ecr 0,nop,wscale 8], length 0
15:50:19.261636 IP test-host.55308 > test-host.48267: Flags [S], seq 1877515918, win 43690, options [mss 65495,sackOK,TS val 967460 ecr 0,nop,wscale 8], length 0
# Attempt 2
15:51:00.594373 IP test-host.34226 > test-host.40708: Flags [S], seq 2060304501, win 43690, options [mss 65495,sackOK,TS val 1008792 ecr 0,nop,wscale 8], length 0
15:51:01.595663 IP test-host.34226 > test-host.40708: Flags [S], seq 2060304501, win 43690, options [mss 65495,sackOK,TS val 1009794 ecr 0,nop,wscale 8], length 0
15:51:03.601633 IP test-host.34226 > test-host.40708: Flags [S], seq 2060304501, win 43690, options [mss 65495,sackOK,TS val 1011800 ecr 0,nop,wscale 8], length 0
添加快速规则以允许环回地址上的流量有效:
iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
这是在 iptables 中添加规则并再次尝试安装插件后的 tcpdump:
listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes
16:19:05.431084 IP test-host.37935 > test-host.38894: Flags [S], seq 895212894, win 43690, options [mss 65495,sackOK,TS val 2693629 ecr 0,nop,wscale 8], length 0
16:19:05.431105 IP test-host.38894 > test-host.37935: Flags [S.], seq 2727344571, ack 895212895, win 43690, options [mss 65495,sackOK,TS val 2693629 ecr 2693629,nop,wscale 8], length 0
16:19:05.431122 IP test-host.37935 > test-host.38894: Flags [.], ack 1, win 171, options [nop,nop,TS val 2693629 ecr 2693629], length 0
16:19:05.431224 IP test-host.37935 > test-host.38894: Flags [F.], seq 1, ack 1, win 171, options [nop,nop,TS val 2693629 ecr 2693629], length 0
16:19:05.431263 IP test-host.37936 > test-host.38894: Flags [S], seq 349222338, win 43690, options [mss 65495,sackOK,TS val 2693629 ecr 0,nop,wscale 8], length 0
16:19:05.431270 IP test-host.38894 > test-host.37936: Flags [S.], seq 496327229, ack 349222339, win 43690, options [mss 65495,sackOK,TS val 2693629 ecr 2693629,nop,wscale 8], length 0
16:19:05.431279 IP test-host.37936 > test-host.38894: Flags [.], ack 1, win 171, options [nop,nop,TS val 2693629 ecr 2693629], length 0
16:19:05.431486 IP test-host.38894 > test-host.37935: Flags [F.], seq 1, ack 2, win 171, options [nop,nop,TS val 2693629 ecr 2693629], length 0
16:19:05.431503 IP test-host.37935 > test-host.38894: Flags [.], ack 2, win 171, options [nop,nop,TS val 2693629 ecr 2693629], length 0
16:19:05.431654 IP test-host.37936 > test-host.38894: Flags [P.], seq 1:3043, ack 1, win 171, options [nop,nop,TS val 2693630 ecr 2693629], length 3042
16:19:05.431666 IP test-host.38894 > test-host.37936: Flags [.], ack 3043, win 505, options [nop,nop,TS val 2693630 ecr 2693630], length 0
16:19:05.432294 IP test-host.38894 > test-host.37936: Flags [P.], seq 1:97, ack 3043, win 512, options [nop,nop,TS val 2693630 ecr 2693630], length 96
16:19:05.432304 IP test-host.37936 > test-host.38894: Flags [.], ack 97, win 171, options [nop,nop,TS val 2693630 ecr 2693630], length 0
16:19:05.432993 IP test-host.37936 > test-host.38894: Flags [F.], seq 3043, ack 97, win 171, options [nop,nop,TS val 2693631 ecr 2693630], length 0
16:19:05.433059 IP test-host.38894 > test-host.37936: Flags [F.], seq 97, ack 3044, win 512, options [nop,nop,TS val 2693631 ecr 2693631], length 0
16:19:05.433070 IP test-host.37936 > test-host.38894: Flags [.], ack 98, win 171, options [nop,nop,TS val 2693631 ecr 2693631], length 0
插件输出:
Attention: Plugins are binaries written by potentially untrusted authors. Install and use plugins at your own risk.
Do you want to install the plugin https://static-ice.ng.bluemix.net/ibm-containers-linux_x64? (y or n)> y
Attempting to download binary file from internet address...
10270368 bytes downloaded...
Installing plugin /tmp/ibm-containers-linux_x64...
OK
Plugin IBM-Containers v0.8.878 successfully installed.
您可以选择使用浏览器手动下载它,然后从下载路径安装它。 例如
$ cf install-plugin path/to/ibm-plugin-file
这是 IBM 插件存储库 links 的 link。 没试过,如果有效请告诉我:)