Docker 在 CentOS 7 上 - DNS 在容器中不工作
Docker on CentOS 7 - DNS not workin within containers
我在一台 CentOS 7 机器上安装了 Docker,但 DNS 在容器中不工作。
因此,如果我 运行 nslookup google.com 在我的主机上,它会正确解析。但是,如果我这样做 docker container run busybox nslookup google.com 我得到:
Server: 8.8.8.8
Address: 8.8.8.8:53
Non-authoritative answer:
Name: google.com
Address: 142.250.72.46
*** Can't find google.com: No answer
root@XXX [~]# docker info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Build with BuildKit (Docker Inc., v0.5.1-docker)
scan: Docker Scan (Docker Inc.)
Server:
Containers: 57
Running: 0
Paused: 0
Stopped: 57
Images: 10
Server Version: 20.10.6
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc io.containerd.runc.v2 io.containerd.runtime.v1.linux
Default Runtime: runc
Init Binary: docker-init
containerd version: 05f951a3781f4f2c1911b05e61c160e9c30eaa8e
runc version: 12644e614e25b05da6fd08a38ffa0cfe1903fdec
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-1160.25.1.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 3.7GiB
Name: cgh.cgh.net
ID: X2YB:LILA:S5Q3:CLRJ:ACY7:ST4T:YRDD:3D3E:PLXV:DHGS:3IE2:QMIP
Docker Root Dir: /var/lib/docker
Debug Mode: false
Username: akhtariev
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
root@xxx [~]# docker version
Client: Docker Engine - Community
Version: 20.10.6
API version: 1.41
Go version: go1.13.15
Git commit: 370c289
Built: Fri Apr 9 22:45:33 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.6
API version: 1.41 (minimum version 1.12)
Go version: go1.13.15
Git commit: 8728dd2
Built: Fri Apr 9 22:43:57 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.4
GitCommit: 05f951a3781f4f2c1911b05e61c160e9c30eaa8e
runc:
Version: 1.0.0-rc93
GitCommit: 12644e614e25b05da6fd08a38ffa0cfe1903fdec
docker-init:
Version: 0.19.0
GitCommit: de40ad0
root@XXX [~]# docker network inspect bridge
[
{
"Name": "bridge",
"Id": "609282cb44a298bb8f69b424d4ba2b1e3ab391b37fc171d2ec032f592dc3afbb",
"Created": "2021-05-23T14:52:38.789641794-05:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
我已经尝试将默认 DNS 服务器设置为 8.8.8.8 并遵循各种其他故障排除指南,但没有任何效果。值得一提的是,服务器由 hostgator 提供并安装了 cPanel。我要求 hostgator 禁用防病毒和防火墙。他们不提供 Docker 支持,无法帮助解决我的问题。
非常感谢任何帮助,如果需要更多信息来帮助解决此问题,请告诉我。
更新:
这不仅发生在 busybox 上,也发生在其他平台上。我的主要问题是我无法 运行 从以下 Docker 文件构建的图像容器:
FROM python:3.9.5-buster
ENV HOME_PATH=/root
ENV PATH="${HOME_PATH}/.local/bin:${PATH}"
WORKDIR ${HOME_PATH}
COPY requirements.txt cron-job ${HOME_PATH}/
RUN apt-get update
RUN apt-get install -y cron
RUN useradd --create-home service
RUN pip install --user -r ${HOME_PATH}/requirements.txt
COPY . ${HOME_PATH}
RUN ls \
&& mv cron-job /etc/cron.d/cron-job \
&& chmod 0644 /etc/cron.d/cron-job \
&& crontab /etc/cron.d/cron-job \
&& touch ${HOME_PATH}/agl_history.log
CMD cron && tail -f ${HOME_PATH}/agl_history.log
docker-compose.yml:
version: "3.9"
services:
agl-history:
depends_on:
- mariadb
build: .
restart: on-failure
networks:
- main
mariadb:
image: "mariadb:10.5"
restart: on-failure
environment:
MYSQL_ROOT_PASSWORD: ${MARIADB_PASSW}
ports:
- 3306:3306
volumes:
- /var/lib/docker/volumes/add3-data:/var/lib/mysql
networks:
- main
networks:
main:
driver: bridge
此服务运行良好并在我的个人计算机上测试过 运行使用最新的 Ubuntu
更新 2:
因此,评论中的建议通过 docker run --rm busybox nslookup -type=a google.com
解决了 nslookup 的问题
但是,我仍然遇到 运行 上面提到的 buster 容器的问题。事情是这样的:
Building agl-history
Sending build context to Docker daemon 918.5kB
Step 1/12 : FROM python:3.9.5-buster
---> a6a0779c5fb2
Step 2/12 : ENV HOME_PATH=/root
---> Using cache
---> 7aea834621d4
Step 3/12 : ENV PATH="${HOME_PATH}/.local/bin:${PATH}"
---> Using cache
---> dc16e6178688
Step 4/12 : WORKDIR ${HOME_PATH}
---> Using cache
---> 950712b33f21
Step 5/12 : COPY requirements.txt cron-job ${HOME_PATH}/
---> Using cache
---> 6923c1410731
Step 6/12 : RUN apt-get update
---> Using cache
---> aa4c4a4d25c4
Step 7/12 : RUN apt-get install -y cron
---> Running in 26c7517a05d0
Reading package lists...
Building dependency tree...
Reading state information...
E: Unable to locate package cron
The command '/bin/sh -c apt-get install -y cron' returned a non-zero code: 100
ERROR: Service 'agl-history' failed to build : Build failed
由于 Dockerfile:
中的这两行,您似乎遇到了缓存问题
RUN apt-get update
RUN apt-get install -y cron
正如 best practices for writing a Dockerfile 中指出的那样,在两个单独的 RUN 指令中使用 apt-get update 和 apt-get install 可能会使您面临缓存问题:
Using apt-get update alone in a RUN statement causes caching issues and subsequent apt-get install instructions fail. For example, say you have a Dockerfile:
FROM ubuntu:18.04
RUN apt-get update
RUN apt-get install -y curl
After building the image, all layers are in the Docker cache. Suppose you later modify apt-get install by adding extra package:
FROM ubuntu:18.04
RUN apt-get update
RUN apt-get install -y curl nginx
Docker sees the initial and modified instructions as identical and reuses the cache from previous steps. As a result the apt-get update is not executed because the build uses the cached version. Because the apt-get update is not run, your build can potentially get an outdated version of the curl and nginx packages.
Using RUN apt-get update && apt-get install -y ensures your Dockerfile installs the latest package versions with no further coding or manual intervention. This technique is known as “cache busting”.
来源:https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run
所以你最好的选择是:
RUN apt-get update && apt-get install -y \
cron
有包,每行一个,在后续行,按字母顺序排序是 another recommandation of the best practices。
我在一台 CentOS 7 机器上安装了 Docker,但 DNS 在容器中不工作。
因此,如果我 运行 nslookup google.com 在我的主机上,它会正确解析。但是,如果我这样做 docker container run busybox nslookup google.com 我得到:
Server: 8.8.8.8
Address: 8.8.8.8:53
Non-authoritative answer:
Name: google.com
Address: 142.250.72.46
*** Can't find google.com: No answer
root@XXX [~]# docker info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Build with BuildKit (Docker Inc., v0.5.1-docker)
scan: Docker Scan (Docker Inc.)
Server:
Containers: 57
Running: 0
Paused: 0
Stopped: 57
Images: 10
Server Version: 20.10.6
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc io.containerd.runc.v2 io.containerd.runtime.v1.linux
Default Runtime: runc
Init Binary: docker-init
containerd version: 05f951a3781f4f2c1911b05e61c160e9c30eaa8e
runc version: 12644e614e25b05da6fd08a38ffa0cfe1903fdec
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-1160.25.1.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 3.7GiB
Name: cgh.cgh.net
ID: X2YB:LILA:S5Q3:CLRJ:ACY7:ST4T:YRDD:3D3E:PLXV:DHGS:3IE2:QMIP
Docker Root Dir: /var/lib/docker
Debug Mode: false
Username: akhtariev
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
root@xxx [~]# docker version
Client: Docker Engine - Community
Version: 20.10.6
API version: 1.41
Go version: go1.13.15
Git commit: 370c289
Built: Fri Apr 9 22:45:33 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.6
API version: 1.41 (minimum version 1.12)
Go version: go1.13.15
Git commit: 8728dd2
Built: Fri Apr 9 22:43:57 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.4
GitCommit: 05f951a3781f4f2c1911b05e61c160e9c30eaa8e
runc:
Version: 1.0.0-rc93
GitCommit: 12644e614e25b05da6fd08a38ffa0cfe1903fdec
docker-init:
Version: 0.19.0
GitCommit: de40ad0
root@XXX [~]# docker network inspect bridge
[
{
"Name": "bridge",
"Id": "609282cb44a298bb8f69b424d4ba2b1e3ab391b37fc171d2ec032f592dc3afbb",
"Created": "2021-05-23T14:52:38.789641794-05:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
我已经尝试将默认 DNS 服务器设置为 8.8.8.8 并遵循各种其他故障排除指南,但没有任何效果。值得一提的是,服务器由 hostgator 提供并安装了 cPanel。我要求 hostgator 禁用防病毒和防火墙。他们不提供 Docker 支持,无法帮助解决我的问题。
非常感谢任何帮助,如果需要更多信息来帮助解决此问题,请告诉我。
更新: 这不仅发生在 busybox 上,也发生在其他平台上。我的主要问题是我无法 运行 从以下 Docker 文件构建的图像容器:
FROM python:3.9.5-buster
ENV HOME_PATH=/root
ENV PATH="${HOME_PATH}/.local/bin:${PATH}"
WORKDIR ${HOME_PATH}
COPY requirements.txt cron-job ${HOME_PATH}/
RUN apt-get update
RUN apt-get install -y cron
RUN useradd --create-home service
RUN pip install --user -r ${HOME_PATH}/requirements.txt
COPY . ${HOME_PATH}
RUN ls \
&& mv cron-job /etc/cron.d/cron-job \
&& chmod 0644 /etc/cron.d/cron-job \
&& crontab /etc/cron.d/cron-job \
&& touch ${HOME_PATH}/agl_history.log
CMD cron && tail -f ${HOME_PATH}/agl_history.log
docker-compose.yml:
version: "3.9"
services:
agl-history:
depends_on:
- mariadb
build: .
restart: on-failure
networks:
- main
mariadb:
image: "mariadb:10.5"
restart: on-failure
environment:
MYSQL_ROOT_PASSWORD: ${MARIADB_PASSW}
ports:
- 3306:3306
volumes:
- /var/lib/docker/volumes/add3-data:/var/lib/mysql
networks:
- main
networks:
main:
driver: bridge
此服务运行良好并在我的个人计算机上测试过 运行使用最新的 Ubuntu
更新 2:
因此,评论中的建议通过 docker run --rm busybox nslookup -type=a google.com
但是,我仍然遇到 运行 上面提到的 buster 容器的问题。事情是这样的:
Building agl-history
Sending build context to Docker daemon 918.5kB
Step 1/12 : FROM python:3.9.5-buster
---> a6a0779c5fb2
Step 2/12 : ENV HOME_PATH=/root
---> Using cache
---> 7aea834621d4
Step 3/12 : ENV PATH="${HOME_PATH}/.local/bin:${PATH}"
---> Using cache
---> dc16e6178688
Step 4/12 : WORKDIR ${HOME_PATH}
---> Using cache
---> 950712b33f21
Step 5/12 : COPY requirements.txt cron-job ${HOME_PATH}/
---> Using cache
---> 6923c1410731
Step 6/12 : RUN apt-get update
---> Using cache
---> aa4c4a4d25c4
Step 7/12 : RUN apt-get install -y cron
---> Running in 26c7517a05d0
Reading package lists...
Building dependency tree...
Reading state information...
E: Unable to locate package cron
The command '/bin/sh -c apt-get install -y cron' returned a non-zero code: 100
ERROR: Service 'agl-history' failed to build : Build failed
由于 Dockerfile:
中的这两行,您似乎遇到了缓存问题RUN apt-get update
RUN apt-get install -y cron
正如 best practices for writing a Dockerfile 中指出的那样,在两个单独的 RUN 指令中使用 apt-get update 和 apt-get install 可能会使您面临缓存问题:
Using
apt-get updatealone in aRUNstatement causes caching issues and subsequentapt-get installinstructions fail. For example, say you have a Dockerfile:FROM ubuntu:18.04 RUN apt-get update RUN apt-get install -y curlAfter building the image, all layers are in the Docker cache. Suppose you later modify
apt-get installby adding extra package:FROM ubuntu:18.04 RUN apt-get update RUN apt-get install -y curl nginxDocker sees the initial and modified instructions as identical and reuses the cache from previous steps. As a result the
apt-get updateis not executed because the build uses the cached version. Because theapt-get updateis not run, your build can potentially get an outdated version of thecurlandnginxpackages.Using
RUN apt-get update && apt-get install -yensures your Dockerfile installs the latest package versions with no further coding or manual intervention. This technique is known as “cache busting”.
来源:https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run
所以你最好的选择是:
RUN apt-get update && apt-get install -y \
cron
有包,每行一个,在后续行,按字母顺序排序是 another recommandation of the best practices。