docker.errors.InvalidArgument: "host" network_mode is incompatible with port_bindings

nettech · January 25, 2021, 12:49am

Hi,

I am trying to install a Nuclias container running and getting an error on the port binding.
Could anyone suggest what needs to be changed with the network?

Thank you

docker-compose version 1.28.0, build d02a7b1a
docker-py version: 4.4.1
CPython version: 3.9.0
OpenSSL version: OpenSSL 1.1.1d  10 Sep 2019

Client: Docker Engine - Community
 Version:           20.10.2
 API version:       1.41
 Go version:        go1.13.15
 Git commit:        2291f61
 Built:             Mon Dec 28 16:17:43 2020
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          20.10.2
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.13.15
  Git commit:       8891c58
  Built:            Mon Dec 28 16:15:19 2020
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.4.3
  GitCommit:        269548fa27e0089a8b8278fc4fc781d7f65a939b
 runc:
  Version:          1.0.0-rc92
  GitCommit:        ff819c7e9184c13b7c2607fe6c30ae19403a7aff
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

sudo docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
e411c24d32be   bridge    bridge    local
5f833bbd12a8   host      host      local
fd2830d3a4b6   none      null      local

Building with native build. Learn about native build in Compose here: https://docs.docker.com/go/compose-native-build/
Creating volume "nuclias_connect_MONGO-DATA" with default driver
Creating mongo ...

ERROR: for mongo  "host" network_mode is incompatible with port_bindings

ERROR: for DB  "host" network_mode is incompatible with port_bindings
Traceback (most recent call last):
  File "docker-compose", line 3, in <module>
  File "compose/cli/main.py", line 80, in main
  File "compose/cli/main.py", line 192, in perform_command
  File "compose/metrics/decorator.py", line 18, in wrapper
  File "compose/cli/main.py", line 1165, in up
  File "compose/cli/main.py", line 1145, in up
  File "compose/project.py", line 703, in up
  File "compose/parallel.py", line 106, in parallel_execute
  File "compose/parallel.py", line 204, in producer
  File "compose/project.py", line 685, in do
  File "compose/service.py", line 558, in execute_convergence_plan
  File "compose/service.py", line 472, in _execute_convergence_create
  File "compose/parallel.py", line 106, in parallel_execute
  File "compose/parallel.py", line 204, in producer
  File "compose/service.py", line 477, in <lambda>
  File "compose/service.py", line 456, in create_and_start
  File "compose/service.py", line 329, in create_container
  File "compose/service.py", line 935, in _get_container_create_options
  File "compose/service.py", line 1010, in _get_container_host_config
  File "docker/api/container.py", line 598, in create_host_config
  File "docker/types/containers.py", line 338, in __init__
docker.errors.InvalidArgument: "host" network_mode is incompatible with port_bindings
[10353] Failed to execute script docker-compose
-e Nuclias Connect services are running...

terpz · January 25, 2021, 11:25am

Hi

not sure how you start it, but i guess its some docker-compose command.
In the docker-compose.yml, there is network_mode: host
either delete that line, or whatever is in the ports: array

network_mode: host tells docker to run the container as if it was running on the server itself, so all ports exports by the container will directly be mapped to the server

filipetoyoshima · January 30, 2021, 7:39pm

I had the same problem with network_mode: 'host'.

When downgrading docker-compose from 1.28 to 1.25.4, it worked fine. Maybe some bug added in new versions?

nettech · January 31, 2021, 10:54pm

Thanks for responding Martin!

It’s my understanding that the container has to run on the host network as it needs to communicate with physical clients on the same network.

How would I downgrade docker-compose to 1.25 or even 1.23 ?

Thank you

nettech · January 31, 2021, 11:20pm

Found a tutorial on how to downgrade here.

terpz · February 1, 2021, 8:08am

Hi

there is no need to downgrade, maybe docker-compose didnt care about ports/network_mode in the past, but that dosnt mean you should downgrade to fix this error.

Your container dosnt have to be on the “host” network in order to talk to the other clients on the network/internet.

But if you prefer to run network_mode: host, you can remove the “ports” part from the docker-compose.
Or if you prefer to use the docker network, remove the “network_mode:” part

nettech · February 2, 2021, 12:56am

I downgraded docker-compose to 1.25.4 as filipetoyoshima suggested and was able to deploy the container

here is the content of the docker-compose.yml file

version: '3'
services:
  DB:
    container_name: mongo
    image: 'mongo:3.6.11'
    restart: 'always'
    ports:
      - '27010:27010'
    volumes:
      - 'MONGO-DATA:/data/db'
      - '/etc/localtime:/etc/localtime'
      - './entrypoint-initdb.sh:/docker-entrypoint-initdb.d/entrypoint-initdb.'
    network_mode: host
    environment:
      - MONGO_INITDB_ROOT_USERNAME=admin#      - MONGO_INITDB_ROOT_PASSWORD=admin
    command: 'mongod --port 27010  --auth'

  CORE:
    environment:
      - NODE_ENV=Production_hualian
    container_name: nuclias_connect_core
    image: 'nuclias/nuclias_connect_core'
    restart: 'always'
    ports:
      - '8443:8443'
      - '62992:62992'
    volumes:
      - './appconfig.json:/app/config/appconfig.json'
      - './dbConfig.js:/app/node_modules/DView-SP1-common/db/dbConfig.js'
      - './log/core/logFiles:/app/logFiles'
      - '/etc/localtime:/etc/localtime'
    network_mode: host
    depends_on:
      - DB
    command: './nuclias_connect_core'
    privileged: true

  WEB:
    environment:
      - NODE_ENV=Production_hualian
    container_name: nuclias_connect_web
    image: 'nuclias/nuclias_connect_web'
    restart: 'always'
    ports:
      - '30001:30001'
    volumes:
      - './config/systemconfig.json:/app/config/systemconfig.json'
      - './customer:/app/customer'
      - './dbConfig.js:/app/node_modules/DView-SP1-common/db/dbConfig.js'
      - './log/web/logFiles:/app/logFiles'
      - '/etc/localtime:/etc/localtime'
    network_mode: host
    depends_on:
      - CORE
    command: './nuclias_connect_web'
    privileged: true

volumes:
  MONGO-DATA:

nfmiddle · June 8, 2021, 3:47pm

Hi, I found root of the problem.
The problem is the check on the slave server that have been added in the file
/usr/local/lib/python3.5/dist-packages/docker/types/containers.py
on the 336-340 lines.
In my ansible-playbook I’m deleting this file and copying it on the server from old version of the file that i grabbed from another server of mine.
Also, I have tried commenting it out and it worked fine for me. It took one man about a week and me about two days to find the solution for the problem that have been artificially created by docker developers. Thanks a lot!

meyay · June 8, 2021, 4:03pm

It is like terpz wrote: the validation aims to prevent ambigous miss configuration. It should have existed from day 1. Seems it was missed until recently.

When network_mode: host is used the port mapping is ignored. The container will use the hosts network namespace and act network-wise like any other local process on the machine. There is no portmapping involved, as there is no privat network to map to.

I am puzzled why someone would spend time in fighting a validation warning caused by an incosistent configuration (network_mode: host and port mappings at the same time) instead of just removing the incosistancy (the port mappings) as they are ignored anyway.

nfmiddle · June 11, 2021, 7:30am

Because it is necessary for the legacy project I’m working on. We have some services that are looking for those ports in the docker-compose.yml and the container itself should have network_mode: host.

Yes, I know it is ignored, it is fine for me, but I need those lines present in the file and work as intended. This validation is redundant and does not affect workflow. They should’ve just show warning and not raise an error. While it ignoring the port bindings, it shouldn’t stop the program if port bindings are present.

pandasauce · June 25, 2021, 2:03pm

Another way to look at it: if Docker CLI allows it, then it’s docker-compose that is introducing an inconsistency.

The use case where I’ve run into this is PyCharm’s override compose file that sets a port option for debug runs and does not allow you to influence the override file’s contents. If the project uses host networking, docker-compose breaks for this use case, but Docker CLI works as expected.

fshields · July 30, 2021, 8:10pm

I couldn’t let this go without researching how & when this new behavior was introduced. It wasn’t easy to find out. I could not find any trace of it in the docker-compose source code. I started to wonder if it might be in one of the included packages. So, I took a closer look at the stack trace where the error happened. The last lines were:

  File "docker/types/containers.py", line 339, in __init__
docker.errors.InvalidArgument: "host" network_mode is incompatible with port_bindings
[4218] Failed to execute script docker-compose

Some Google searching on “docker/types/containers.py” led me to the docker-py Python package (which is used by docker-compose). After that the rest was more straightforward:

Found pull-request 2511
Which led to the offending commit
That commit was included in version 4.4.0 of docker-py on November 23, 2020
docker-compose version 1.28.0 was released on January 20, 2021 and bumped its version of docker-py to 4.4.1 (skipping 4.4.0)

So any version of docker-compose v1.28.0 or higher is subject to throwing these error messages if you specify BOTH “network_mode: host” and “ports:”

jailtons7 · March 16, 2022, 1:26pm

pandasauce, I’m currently with this issue when trying to debug with Pycharm, did you solve this problem? How?

viniciusgava · July 11, 2022, 2:45pm

I am also opting to keep the docker-compose to the latest version before this change for while.

I worked with a bundle of legacy systems that are executed using docker-compose. Also we use the network_mode as host on Linux to make the container able to access other apps being executed in the IDEA(usually the apps we are changing/developing in the moment) while the rest keep executing in the docker-compose.

Combined with this situation we have Mac and Linux developers in the team, most of them are Mac users so we keep most of the stack/settings for Docker for Mac compatibility. We already have a lot of other custom settings required to execute the legacy systems(we are reducing/automating it everyday) and I will not add this a extra step for the mac developers for now.

Before this change we were only adding this override config for Linux and everything works perfect.

services:
  myservice:
    network_mode: host
    extra_hosts:
      - "host.docker.internal:host-gateway"

We are going to check in the future if Docker for Linux is a possibility to avoid different docker-composes between Mac and Linux.

viniciusgava · July 13, 2022, 2:39am

Due other issues we found on the way we end up having a different docker-extension for mac(docker-compose.mac.yaml).

Topic		Replies	Views
ERROR: for hass "host" network_mode is incompatible with port_bindings General	1	11976	January 25, 2021
Network_mode host doesn't work Compose	2	31723	May 31, 2018
Stacks with `network_mode: host` do not bind ports on Ubuntu Docker Desktop linux	1	2085	October 25, 2022
Host mode returns connection refused General	0	395	April 3, 2020
Network_mode: "host" breaking port mapping Docker Desktop docker	0	3601	July 25, 2016

docker.errors.InvalidArgument: "host" network_mode is incompatible with port_bindings

Related topics