I have a unique environment where i can’t have the VM or the containers access to the internet. I have a local NFS where I can pull updates/packages for installing for the CentoOS. We have a NFS share that is a mirror of Centos. I started up an Apache server on my local VM (where i also have docker and am trying build containers) to allow me to install updates to the OS etc. Now the webserver is accessible to all the systems on my lan (10.0.2.225), able to bring it up. But when i try to build the container I get " http://10.0.2.225/repo/centos/7/os/x86_64/repodata/repomd.xml: [Errno 14] curl#7 - “Failed connect to 10.0.2.225:80; No route to host” for the line RUN yum update
Now I made a custom /etc/yum.repos.d/CentOS-Base.repo file where it points to this host: baseurl=http://10.0.2.225/repo/centos/$releasever/os/$basearch/
I was thinking it was the DNS problem I read able having the docker daemon point to my DNS server but that did not seem to fix the issue.
I really need containers to point and get their updates from my repository during a build and not the internet. If I am unable to do this docker will have no value to our organization.
It seems to not be the case that 10.0.2.225 is reachable via your container, though. I’d do a few one-off interactive runs with docker run -ti to verify that you can properly access the repo across the network and debug using dig, ping, curl etc. as needed. It seems to be the case that you have not properly configured your networking so that the container can access those yum repos.
Well the VM that I’m building the container from can access the webserver just fine and can update from that server/url’s.
How can I run a container per your suggestion (“docker run -ti”) when it fails to build? All the systems on that LAN network can access the webserver including the VM where I’m building only the build of the container seems to have issues, i.e. the docker daemon. Now if I understand docker correctly the docker daemon on my VM is the one during build that is interpreting each line from the dockerfile. I have seen read some issues with this WRT DNS issue with the docker daemon and I created a /etc/default/docker file with “DOCKER_OPTS=”–dns 10.0.2.1 " which points to my local DNS server.
I agree the container is not capable of accessing the yum repo. That’s why I posted here. What do I have to do to get the container to be able to access this repo when the system/VM it is being build on can access the repo just fine? I.e. maybe a networking issue but it’s one related to docker and how it works.
Ok I’ll take that back, now I’m really confused. I did a ping in the container per nathanleclair and it worked!!
Sending build context to Docker daemon 476.2 kB
Step 1 : FROM centos:latest
—> c8a648134623
Step 2 : RUN set -x && ping -c 5 10.0.2.225
—> Running in 2a814838e662
ping -c 5 10.0.2.225
PING 10.0.2.225 (10.0.2.225) 56(84) bytes of data.
64 bytes from 10.0.2.225: icmp_seq=1 ttl=64 time=0.134 ms
64 bytes from 10.0.2.225: icmp_seq=2 ttl=64 time=0.078 ms
64 bytes from 10.0.2.225: icmp_seq=3 ttl=64 time=0.095 ms
64 bytes from 10.0.2.225: icmp_seq=4 ttl=64 time=0.138 ms
64 bytes from 10.0.2.225: icmp_seq=5 ttl=64 time=0.145 ms
Hm… Is your yum configured to use some kind of proxy or anything like that? Or maybe there is a firewall which allows icmp but not other kinds of traffic?
" Or maybe there is a firewall which allows icmp but not other kinds of traffic?"
Now I don’t have a FW between these are they are VM’s on the same physical server. Now does the base Centos you get from the docker hub have iptables enabled to stop it, that I don’t know. Why I posted here would have thought someone would have run into the same issue as used the Centos from the docker hub.
ping -c 5 10.0.2.225
PING 10.0.2.225 (10.0.2.225) 56(84) bytes of data.
64 bytes from 10.0.2.225: icmp_seq=1 ttl=64 time=0.133 ms
64 bytes from 10.0.2.225: icmp_seq=2 ttl=64 time=0.046 ms
64 bytes from 10.0.2.225: icmp_seq=3 ttl=64 time=0.101 ms
64 bytes from 10.0.2.225: icmp_seq=4 ttl=64 time=0.113 ms
64 bytes from 10.0.2.225: icmp_seq=5 ttl=64 time=0.056 ms
— 10.0.2.225 ping statistics —
5 packets transmitted, 5 received, 0% packet loss, time 3999ms
rtt min/avg/max/mdev = 0.046/0.089/0.133/0.035 ms
curl http://10.0.2.225/repo/centos/7/os/X86_64/
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:–:-- --:–:-- --:–:-- 0curl: (7) Failed connect to 10.0.2.225:80; No route to host
The command ‘/bin/sh -c set -x && ping -c 5 10.0.2.225 && curl http://10.0.2.225/repo/centos/7/os/X86_64/’ returned a non-zero code: 7
Ok my bad. I thought I connected to the webserver using curl from other systems but I only pinged and only did it from the local host. It was iptables/firewalld that screwed me up not allowing connections to port 80.