连接到 Docker 容器上的服务器时读取超时

Read timeout connecting to server on Docker container

我正在尝试连接到 DB/2 容器(图像:ibmcom/db2),但它给我一个读取超时错误。主机 OS 是 Windows 10。我可以在 Windows PowerShell 提示符中看到端口 (50000),但它让我读取超时。

我添加了一个入站 Windows Defender 规则以允许所有本地端口和一个输出规则以允许所有远程端口。无论程序如何,我都有这个。我意识到这不是一个好的做法,但我试图排除防火墙问题。尽管如此,它仍然给我一个读取超时错误。我之前添加了更具体的规则,但它们自然没有帮助。

我还在该容器中启动了一个 SSH 服务器,并且可以从容器内登录到它,但不能从容器外登录。从外部连接时,我收到了相同的读取超时消息。我觉得这是一个 db2 问题。

话虽如此,我能够让 sickp/alpine-sshd:7.5-r2 和 gists/lighttpd 开始并可以从主机访问。也就是说,我可以看到 lighttpd 的 web 默认网页,并登录到 alpine-sshd 的 SSHD 服务器。这两个都没有明显的延迟。这在进行上述防火墙调整之前有效。

我确信这个容器不知何故不适合我。其他人已经尝试过与我在下面提供的完全相同的 docker 运行,并且它适合他们。

我使用的是 Win 10、WSL2。 Docker 版本 20.10.7,构建 f0df350。

我通过以下方式启动容器:

docker run -itd --name mydb-db2 \
                --privileged=true \
        -p 50000:50000 \
        -e LICENSE=accept \
        -e B2INSTANCE=db2inst1 \
        -e DB2INST1_PASSWORD=<mypassword> \
        -e DBNAME=MYDB \
        -e TO_CREATE_SAMPLEDB=false \
        -v db2:/database \
        ibmcom/db2 

Netstat 证据:

C:\Software>netstat /a /n |grep 50000
  TCP    0.0.0.0:50000          0.0.0.0:0              LISTENING
  TCP    [::]:50000             [::]:0                 LISTENING

尝试连接到 jdbc:db2://localhost:50000/MYDB 在主机系统上导致“读取超时。ERRORCODE=-4499,SQLSTATE=08001”

Docker 容器状态:

~/projects-new/db2$ docker container ls
CONTAINER ID   IMAGE        COMMAND                  CREATED      STATUS          PORTS
                                              NAMES
110aa19976dd   ibmcom/db2   "/var/db2_setup/lib/…"   2 days ago   Up 28 minutes   22/tcp, 55000/tcp, 60006-60007/tcp, 0.0.0.0:50000->50000/tcp, :::50000->50000/tcp   mydb-db2

集装箱检验:

~/projects-new/db2$ docker container inspect 110aa
[
    {
        "Id": "110aa19976ddb53d16eac9376476f974fee8e9c699da3f76c1e2e13c444655c2",
        "Created": "2021-07-16T04:10:51.1247765Z",
        "Path": "/var/db2_setup/lib/setup_db2_instance.sh",
        "Args": [],
        "State": {
            "Status": "running",
            "Running": true,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 5459,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2021-07-18T03:56:45.0493495Z",
            "FinishedAt": "2021-07-18T03:54:18.4239523Z"
        },
        "Image": "sha256:a6a5ee354fb1242a75d508982041cd48883f3fe7c9c9b485be0da6c0ebd44a39",
        "ResolvConfPath": "/var/lib/docker/containers/110aa19976ddb53d16eac9376476f974fee8e9c699da3f76c1e2e13c444655c2/resolv.conf",
        "HostnamePath": "/var/lib/docker/containers/110aa19976ddb53d16eac9376476f974fee8e9c699da3f76c1e2e13c444655c2/hostname",
        "HostsPath": "/var/lib/docker/containers/110aa19976ddb53d16eac9376476f974fee8e9c699da3f76c1e2e13c444655c2/hosts",
        "LogPath": "/var/lib/docker/containers/110aa19976ddb53d16eac9376476f974fee8e9c699da3f76c1e2e13c444655c2/110aa19976ddb53d16eac9376476f974fee8e9c699da3f76c1e2e13c444655c2-json.log",
        "Name": "/mydb-db2",
        "RestartCount": 0,
        "Driver": "overlay2",
        "Platform": "linux",
        "MountLabel": "",
        "ProcessLabel": "",
        "AppArmorProfile": "",
        "ExecIDs": null,
        "HostConfig": {
            "Binds": [
                "db2:/database"
            ],
            "ContainerIDFile": "",
            "LogConfig": {
                "Type": "json-file",
                "Config": {}
            },
            "NetworkMode": "default",
            "PortBindings": {
                "50000/tcp": [
                    {
                        "HostIp": "",
                        "HostPort": "50000"
                    }
                ]
            },
            "RestartPolicy": {
                "Name": "no",
                "MaximumRetryCount": 0
            },
            "AutoRemove": false,
            "VolumeDriver": "",
            "VolumesFrom": null,
            "CapAdd": null,
            "CapDrop": null,
            "CgroupnsMode": "host",
            "Dns": [],
            "DnsOptions": [],
            "DnsSearch": [],
            "ExtraHosts": null,
            "GroupAdd": null,
            "IpcMode": "private",
            "Cgroup": "",
            "Links": null,
            "OomScoreAdj": 0,
            "PidMode": "",
            "Privileged": true,
            "PublishAllPorts": false,
            "ReadonlyRootfs": false,
            "SecurityOpt": [
                "label=disable"
            ],
            "UTSMode": "",
            "UsernsMode": "",
            "ShmSize": 67108864,
            "Runtime": "runc",
            "ConsoleSize": [
                0,
                0
            ],
            "Isolation": "",
            "CpuShares": 0,
            "Memory": 0,
            "NanoCpus": 0,
            "CgroupParent": "",
            "BlkioWeight": 0,
            "BlkioWeightDevice": [],
            "BlkioDeviceReadBps": null,
            "BlkioDeviceWriteBps": null,
            "BlkioDeviceReadIOps": null,
            "BlkioDeviceWriteIOps": null,
            "CpuPeriod": 0,
            "CpuQuota": 0,
            "CpuRealtimePeriod": 0,
            "CpuRealtimeRuntime": 0,
            "CpusetCpus": "",
            "CpusetMems": "",
            "Devices": [],
            "DeviceCgroupRules": null,
            "DeviceRequests": null,
            "KernelMemory": 0,
            "KernelMemoryTCP": 0,
            "MemoryReservation": 0,
            "MemorySwap": 0,
            "MemorySwappiness": null,
            "OomKillDisable": false,
            "PidsLimit": null,
            "Ulimits": null,
            "CpuCount": 0,
            "CpuPercent": 0,
            "IOMaximumIOps": 0,
            "IOMaximumBandwidth": 0,
            "MaskedPaths": null,
            "ReadonlyPaths": null
        },
        "GraphDriver": {
            "Data": {
                "LowerDir": "/var/lib/docker/overlay2/b6ecb6d5e949ab8e58d9238e34878a563a45f5045d57c684e5a08b6ec833ebb4-init/diff:/var/lib/docker/overlay2/6cf25bf1ac29315c3832316ef32b1cae8cf1ed6e71e4ddd9d08ab5566f81da9e/diff:/var/lib/docker/overlay2/76ca13571a6d253356b48ac20b408d33f80c5e6b429c132533e60c7578e99fb3/diff:/var/lib/docker/overlay2/e1a78196ef6f70929701e708904cb2696189c37a40839a0f20407148d2d90f1d/diff:/var/lib/docker/overlay2/efa2b4a3bc7e7411a671f05ad9121a4bb609452560b5f73d4b765e8519bfa36d/diff:/var/lib/docker/overlay2/933425814e17216adcfcac390e789c6dfc8ada12ded902db2ca9a542a5ff555c/diff:/var/lib/docker/overlay2/2ec2f25d859b77fd93a16468e40de569c41b35055c58277ad97d839cb33a01ac/diff:/var/lib/docker/overlay2/62aeaecc9fea67541671d95f691a2d8ddc9076ee0ae3bc96cd3b030a3ecc663b/diff:/var/lib/docker/overlay2/f04ce4e91dedc0c14073e43734ca252a7c0bd6f6ed9ab89f77d6797f72312f2d/diff:/var/lib/docker/overlay2/21b929e594040a64ffb0cd2c8bd4d3d7f630a3ec3dd79e8157c41c0d9783faa6/diff:/var/lib/docker/overlay2/c5e235fc2e9dc254394bcae472264b133530f5dfbb285cfe5f0ba0dac26ce4c4/diff:/var/lib/docker/overlay2/8f68a8bb1e9ca565aa1d8debc221bb498512a6ed24cc07bcf3ef07c8c42e045f/diff:/var/lib/docker/overlay2/745a0aa01d1a904ce08c22d07be527cdb39da0c37b87a66a57062cc307ca4d4c/diff:/var/lib/docker/overlay2/f0a873fda45d17a036833dd0dc9362f02b0ab00c590f23bf38ba59d06c624272/diff",
                "MergedDir": "/var/lib/docker/overlay2/b6ecb6d5e949ab8e58d9238e34878a563a45f5045d57c684e5a08b6ec833ebb4/merged",
                "UpperDir": "/var/lib/docker/overlay2/b6ecb6d5e949ab8e58d9238e34878a563a45f5045d57c684e5a08b6ec833ebb4/diff",
                "WorkDir": "/var/lib/docker/overlay2/b6ecb6d5e949ab8e58d9238e34878a563a45f5045d57c684e5a08b6ec833ebb4/work"
            },
            "Name": "overlay2"
        },
        "Mounts": [
            {
                "Type": "volume",
                "Name": "db2",
                "Source": "/var/lib/docker/volumes/db2/_data",
                "Destination": "/database",
                "Driver": "local",
                "Mode": "z",
                "RW": true,
                "Propagation": ""
            },
            {
                "Type": "volume",
                "Name": "47c06e44c75f70947a907a0972924536761f70f15971459e8be6015b29e2e48c",
                "Source": "/var/lib/docker/volumes/47c06e44c75f70947a907a0972924536761f70f15971459e8be6015b29e2e48c/_data",
                "Destination": "/hadr",
                "Driver": "local",
                "Mode": "",
                "RW": true,
                "Propagation": ""
            }
        ],
        "Config": {
            "Hostname": "110aa19976dd",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "ExposedPorts": {
                "22/tcp": {},
                "50000/tcp": {},
                "55000/tcp": {},
                "60006/tcp": {},
                "60007/tcp": {}
            },
            "Tty": true,
            "OpenStdin": true,
            "StdinOnce": false,
            "Env": [
                "LICENSE=accept",
                "B2INSTANCE=db2inst1",
                "DB2INST1_PASSWORD=<mypassword>",
                "DBNAME=BLUECOST",
                "TO_CREATE_SAMPLEDB=false",
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "container=oci",
                "STORAGE_DIR=/database",
                "HADR_SHARED_DIR=/hadr",
                "DBPORT=50000",
                "TSPORT=55000",
                "SETUPDIR=/var/db2_setup",
                "SETUPAREA=/tmp/setup",
                "NOTVISIBLE=in users profile",
                "LICENSE_NAME=db2dec.lic"
            ],
            "Cmd": null,
            "Image": "ibmcom/db2",
            "Volumes": {
                "/database": {},
                "/hadr": {}
            },
            "WorkingDir": "",
            "Entrypoint": [
                "/var/db2_setup/lib/setup_db2_instance.sh"
            ],
            "OnBuild": null,
            "Labels": {
                "architecture": "x86_64",
                "build-date": "2021-06-01T05:31:45.840349",
                "com.redhat.build-host": "cpt-1007.osbs.prod.upshift.rdu2.redhat.com",
                "com.redhat.component": "ubi7-container",
                "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI",
                "description": "The Universal Base Image is designed and engineered to be the base layer for all of your containerized applications, middleware and utilities. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly.",
                "desktop.docker.io/wsl-distro": "Ubuntu-20.04",
                "distribution-scope": "public",
                "io.k8s.description": "The Universal Base Image is designed and engineered to be the base layer for all of your containerized applications, middleware and utilities. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly.",
                "io.k8s.display-name": "Red Hat Universal Base Image 7",
                "io.openshift.tags": "base rhel7",
                "name": "ubi7",
                "release": "405",
                "summary": "Provides the latest release of the Red Hat Universal Base Image 7.",
                "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/ubi7/images/7.9-405",
                "vcs-ref": "a4e710a688a6374670ecdd56637c3f683d11cbe3",
                "vcs-type": "git",
                "vendor": "Red Hat, Inc.",
                "version": "7.9"
            }
        },
        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "570856178f99951c7cdfccc638a3404f906a7a89905ba9d39181cd9310f4380b",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {
                "22/tcp": null,
                "50000/tcp": [
                    {
                        "HostIp": "0.0.0.0",
                        "HostPort": "50000"
                    },
                    {
                        "HostIp": "::",
                        "HostPort": "50000"
                    }
                ],
                "55000/tcp": null,
                "60006/tcp": null,
                "60007/tcp": null
            },
            "SandboxKey": "/var/run/docker/netns/570856178f99",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "a50d8643af88c0d677a9dc2d889f20ab909f46707bb7bd0f8168666b18d1b414",
            "Gateway": "172.17.0.1",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "172.17.0.2",
            "IPPrefixLen": 16,
            "IPv6Gateway": "",
            "MacAddress": "02:42:ac:11:00:02",
            "Networks": {
                "bridge": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": null,
                    "NetworkID": "408fe3a7130f9791810b8668b60b7f90478f4673f79270539044362e8c12d88f",
                    "EndpointID": "a50d8643af88c0d677a9dc2d889f20ab909f46707bb7bd0f8168666b18d1b414",
                    "Gateway": "172.17.0.1",
                    "IPAddress": "172.17.0.2",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:11:00:02",
                    "DriverOpts": null
                }
            }
        }
    }
]

我没有看到列出的 db2 容器。这些是我的网络:

C:\Software>docker network ls
NETWORK ID     NAME                             DRIVER    SCOPE
408fe3a7130f   bridge                           bridge    local
38fc17e8e6f1   cirrus-ssc-file-sender_default   bridge    local
1668ab71959f   host                             host      local
4bf4f6b3a57e   minikube                         bridge    local
e07fc0032414   none                             null      local

相反,我在桥接网络上找到了它。

我不想做任何花哨的事情。我真的宁愿它 运行 在同一个网络主机上。如果主机系统可以通过Netstat“看到”暴露的端口50000,那岂不是不是防火墙的问题?

更新:我关闭了 Windows Defender,它仍然不起作用。

更新 2:我在另一台机器上托管了同一个容器,但在我的家庭网络上。当我尝试从有问题的机器连接到它时,它给了我同样的读取超时错误。但是,它 可以从主机上运行 。这台特定的 Windows 机器和这个特定的容器之间似乎存在某种问题。

更新 3:SVCENAME 信息: 我 运行 db2 容器中的以下内容:

$su db2inst1 (when I log in it goes to root)
$cd ~
$. ./.bashrc
$db2 get dbm cfg |grep SVCENAME
TCP/IP Service name                          (SVCENAME) = db2c_db2inst1
 SSL service name                         (SSL_SVCENAME) =
$grep dbc2_db2inst1 /etc/services
db2c_db2inst1      50000/tcp
db2c_db2inst1_ssl  50001/tcp

DB2 容器OS 版本信息:

$ cat /etc/*release
NAME="Red Hat Enterprise Linux Server"
VERSION="7.9 (Maipo)"
ID="rhel"
ID_LIKE="fedora"
VARIANT="Server"
VARIANT_ID="server"
VERSION_ID="7.9"
PRETTY_NAME="Red Hat Enterprise Linux Server 7.9 (Maipo)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:7.9:GA:server"
HOME_URL="https://www.redhat.com/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"

REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 7"
REDHAT_BUGZILLA_PRODUCT_VERSION=7.9
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="7.9"
Red Hat Enterprise Linux Server release 7.9 (Maipo)
Red Hat Enterprise Linux Server release 7.9 (Maipo)

WSL Linux 使用的版本:

$ cat /etc/*release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=20.04
DISTRIB_CODENAME=focal
DISTRIB_DESCRIPTION="Ubuntu 20.04.1 LTS"
NAME="Ubuntu"
VERSION="20.04.1 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.1 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal

Windows 主机系统的版本信息(来自 winver): Windows 10 版本 21H1(OS 内部版本 19043.1110)

计算机成功连接到 DB/2 容器:

$ cat /etc/*release
Fedora release 30 (Thirty)
NAME=Fedora
VERSION="30 (Workstation Edition)"
ID=fedora
VERSION_ID=30
VERSION_CODENAME=""
PLATFORM_ID="platform:f30"
PRETTY_NAME="Fedora 30 (Workstation Edition)"
ANSI_COLOR="0;34"
LOGO=fedora-logo-icon
CPE_NAME="cpe:/o:fedoraproject:fedora:30"
HOME_URL="https://fedoraproject.org/"
DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora/f30/system-administrators-guide/"
SUPPORT_URL="https://fedoraproject.org/wiki/Communicating_and_getting_help"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=30
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=30
PRIVACY_POLICY_URL="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
VARIANT="Workstation Edition"
VARIANT_ID=workstation
Fedora release 30 (Thirty)
Fedora release 30 (Thirty)

您的症状可能是由某些机器特定配置或某些下层组件(特别是 WSL2)引起的。

在我的硬件上,在当前日期,使用当前版本的 WSL2,ibmcom/db2 接受来自本地 MS-Windows 主机的连接(通过 jdbc ),具有以下组合组件数:

  • MS-Windows 10 专业版 19043 (21H1) x64
  • “Linux x64 机器的 WSL2 内核包”的最新版本
  • Docker Desktop 3.5.2 配置为使用 WSL2

但是,通过先前的混合配置,我用 WSL2 重新创建了您的失败症状,即 jdbc 从本地 MSWindows 主机到 linux 容器的连接尝试给出了 sqlcode - 4499(在我的例子中 reply.fill() 数据不足)。

失败的组合是:

  • MS-Windows 10 专业版 19041 x64。
  • “Linux x64 机器的 WSL2 内核包”的旧版本(在 22/July/2021 之前下载)
  • Docker 为 WSL2 配置的桌面 3.5.2

对于之前的失败组合,只有 WSL2 后端重新创建了您的症状,但 Hyper-V 后端工作正常。

在Win10PRO环境下使用Docker-Desktop,右击它的图标,选择设置,它会让你勾选(或取消勾选)“使用基于WSL2的引擎”,点击应用并重启。您可能会收到其他通知。您可能会丢失您的容器和图像,需要重新下载它们,因此如果您需要保留任何数据,请在更改后端之前单独安排。

如果您无法通过升级组件取得进展,则可以选择重新安装或映像。

容器看不到下层文件的只读副本

复制使容器高效

启动容器时,会在其他层之上添加一个薄的可写容器层。容器对文件系统所做的任何更改都存储在这里。容器未更改的任何文件都不会复制到此可写层。这意味着可写层越小越好。

当容器中的现有文件被修改时,存储驱动程序会执行写时复制操作。涉及的具体步骤取决于具体的存储驱动程序。对于 aufs、overlay 和 overlay2 驱动程序,写时复制操作遵循以下大致顺序:

  • 在图像层中搜索要更新的文件。过程 从最新层开始,向下工作到基础层一层 一次。找到结果后,会将它们添加到缓存中以加快速度 未来的行动。

  • 对文件的第一个副本执行copy_up操作 找到,将文件复制到容器的可写层。

  • 对文件的这个副本进行任何修改,并且 容器无法看到存在于中的文件的只读副本 下层

Btrfs、ZFS 和其他驱动程序以不同方式处理写时复制。您可以在后面的详细说明中阅读有关这些驱动程序方法的更多信息。

写入大量数据的容器比不写入的容器消耗更多space。这是因为大多数写操作在容器的薄可写顶层消耗新的space。

About Storage Devices