Docker Community Forums

Share and learn in the Docker community.

docker.errors.InvalidArgument: "host" network_mode is incompatible with port_bindings

Hi,

I am trying to install a Nuclias container running and getting an error on the port binding.
Could anyone suggest what needs to be changed with the network?

Thank you

docker-compose version 1.28.0, build d02a7b1a
docker-py version: 4.4.1
CPython version: 3.9.0
OpenSSL version: OpenSSL 1.1.1d  10 Sep 2019

Client: Docker Engine - Community
 Version:           20.10.2
 API version:       1.41
 Go version:        go1.13.15
 Git commit:        2291f61
 Built:             Mon Dec 28 16:17:43 2020
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          20.10.2
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.13.15
  Git commit:       8891c58
  Built:            Mon Dec 28 16:15:19 2020
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.4.3
  GitCommit:        269548fa27e0089a8b8278fc4fc781d7f65a939b
 runc:
  Version:          1.0.0-rc92
  GitCommit:        ff819c7e9184c13b7c2607fe6c30ae19403a7aff
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0
sudo docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
e411c24d32be   bridge    bridge    local
5f833bbd12a8   host      host      local
fd2830d3a4b6   none      null      local
Building with native build. Learn about native build in Compose here: https://docs.docker.com/go/compose-native-build/
Creating volume "nuclias_connect_MONGO-DATA" with default driver
Creating mongo ...

ERROR: for mongo  "host" network_mode is incompatible with port_bindings

ERROR: for DB  "host" network_mode is incompatible with port_bindings
Traceback (most recent call last):
  File "docker-compose", line 3, in <module>
  File "compose/cli/main.py", line 80, in main
  File "compose/cli/main.py", line 192, in perform_command
  File "compose/metrics/decorator.py", line 18, in wrapper
  File "compose/cli/main.py", line 1165, in up
  File "compose/cli/main.py", line 1145, in up
  File "compose/project.py", line 703, in up
  File "compose/parallel.py", line 106, in parallel_execute
  File "compose/parallel.py", line 204, in producer
  File "compose/project.py", line 685, in do
  File "compose/service.py", line 558, in execute_convergence_plan
  File "compose/service.py", line 472, in _execute_convergence_create
  File "compose/parallel.py", line 106, in parallel_execute
  File "compose/parallel.py", line 204, in producer
  File "compose/service.py", line 477, in <lambda>
  File "compose/service.py", line 456, in create_and_start
  File "compose/service.py", line 329, in create_container
  File "compose/service.py", line 935, in _get_container_create_options
  File "compose/service.py", line 1010, in _get_container_host_config
  File "docker/api/container.py", line 598, in create_host_config
  File "docker/types/containers.py", line 338, in __init__
docker.errors.InvalidArgument: "host" network_mode is incompatible with port_bindings
[10353] Failed to execute script docker-compose
-e Nuclias Connect services are running...
2 Likes

Hi

not sure how you start it, but i guess its some docker-compose command.
In the docker-compose.yml, there is network_mode: host
either delete that line, or whatever is in the ports: array

network_mode: host tells docker to run the container as if it was running on the server itself, so all ports exports by the container will directly be mapped to the server

2 Likes

I had the same problem with network_mode: 'host'.

When downgrading docker-compose from 1.28 to 1.25.4, it worked fine. Maybe some bug added in new versions? :thinking:

2 Likes

Thanks for responding Martin!

It’s my understanding that the container has to run on the host network as it needs to communicate with physical clients on the same network.

How would I downgrade docker-compose to 1.25 or even 1.23 ?

Thank you

Found a tutorial on how to downgrade here.

Hi

there is no need to downgrade, maybe docker-compose didnt care about ports/network_mode in the past, but that dosnt mean you should downgrade to fix this error.

Your container dosnt have to be on the “host” network in order to talk to the other clients on the network/internet.

But if you prefer to run network_mode: host, you can remove the “ports” part from the docker-compose.
Or if you prefer to use the docker network, remove the “network_mode:” part

1 Like

I downgraded docker-compose to 1.25.4 as filipetoyoshima suggested and was able to deploy the container

here is the content of the docker-compose.yml file

version: '3'
services:
  DB:
    container_name: mongo
    image: 'mongo:3.6.11'
    restart: 'always'
    ports:
      - '27010:27010'
    volumes:
      - 'MONGO-DATA:/data/db'
      - '/etc/localtime:/etc/localtime'
      - './entrypoint-initdb.sh:/docker-entrypoint-initdb.d/entrypoint-initdb.'
    network_mode: host
    environment:
      - MONGO_INITDB_ROOT_USERNAME=admin#      - MONGO_INITDB_ROOT_PASSWORD=admin
    command: 'mongod --port 27010  --auth'

  CORE:
    environment:
      - NODE_ENV=Production_hualian
    container_name: nuclias_connect_core
    image: 'nuclias/nuclias_connect_core'
    restart: 'always'
    ports:
      - '8443:8443'
      - '62992:62992'
    volumes:
      - './appconfig.json:/app/config/appconfig.json'
      - './dbConfig.js:/app/node_modules/DView-SP1-common/db/dbConfig.js'
      - './log/core/logFiles:/app/logFiles'
      - '/etc/localtime:/etc/localtime'
    network_mode: host
    depends_on:
      - DB
    command: './nuclias_connect_core'
    privileged: true

  WEB:
    environment:
      - NODE_ENV=Production_hualian
    container_name: nuclias_connect_web
    image: 'nuclias/nuclias_connect_web'
    restart: 'always'
    ports:
      - '30001:30001'
    volumes:
      - './config/systemconfig.json:/app/config/systemconfig.json'
      - './customer:/app/customer'
      - './dbConfig.js:/app/node_modules/DView-SP1-common/db/dbConfig.js'
      - './log/web/logFiles:/app/logFiles'
      - '/etc/localtime:/etc/localtime'
    network_mode: host
    depends_on:
      - CORE
    command: './nuclias_connect_web'
    privileged: true

volumes:
  MONGO-DATA:

Hi, I found root of the problem.
The problem is the check on the slave server that have been added in the file
/usr/local/lib/python3.5/dist-packages/docker/types/containers.py
on the 336-340 lines.
In my ansible-playbook I’m deleting this file and copying it on the server from old version of the file that i grabbed from another server of mine.
Also, I have tried commenting it out and it worked fine for me. It took one man about a week and me about two days to find the solution for the problem that have been artificially created by docker developers. Thanks a lot!

It is like terpz wrote: the validation aims to prevent ambigous miss configuration. It should have existed from day 1. Seems it was missed until recently.

When network_mode: host is used the port mapping is ignored. The container will use the hosts network namespace and act network-wise like any other local process on the machine. There is no portmapping involved, as there is no privat network to map to.

I am puzzled why someone would spend time in fighting a validation warning caused by an incosistent configuration (network_mode: host and port mappings at the same time) instead of just removing the incosistancy (the port mappings) as they are ignored anyway.

1 Like

Because it is necessary for the legacy project I’m working on. We have some services that are looking for those ports in the docker-compose.yml and the container itself should have network_mode: host.

Yes, I know it is ignored, it is fine for me, but I need those lines present in the file and work as intended. This validation is redundant and does not affect workflow. They should’ve just show warning and not raise an error. While it ignoring the port bindings, it shouldn’t stop the program if port bindings are present.

1 Like

Another way to look at it: if Docker CLI allows it, then it’s docker-compose that is introducing an inconsistency.

The use case where I’ve run into this is PyCharm’s override compose file that sets a port option for debug runs and does not allow you to influence the override file’s contents. If the project uses host networking, docker-compose breaks for this use case, but Docker CLI works as expected.

I couldn’t let this go without researching how & when this new behavior was introduced. It wasn’t easy to find out. I could not find any trace of it in the docker-compose source code. I started to wonder if it might be in one of the included packages. So, I took a closer look at the stack trace where the error happened. The last lines were:

  File "docker/types/containers.py", line 339, in __init__
docker.errors.InvalidArgument: "host" network_mode is incompatible with port_bindings
[4218] Failed to execute script docker-compose

Some Google searching on “docker/types/containers.py” led me to the docker-py Python package (which is used by docker-compose). After that the rest was more straightforward:

  • Found pull-request 2511
  • Which led to the offending commit
  • That commit was included in version 4.4.0 of docker-py on November 23, 2020
  • docker-compose version 1.28.0 was released on January 20, 2021 and bumped its version of docker-py to 4.4.1 (skipping 4.4.0)

So any version of docker-compose v1.28.0 or higher is subject to throwing these error messages if you specify BOTH “network_mode: host” and “ports:”

1 Like