During build getting Failed connect to 10.0.2.225:80; No route to host

macedemo · March 21, 2016, 7:05pm

I have a unique environment where i can’t have the VM or the containers access to the internet. I have a local NFS where I can pull updates/packages for installing for the CentoOS. We have a NFS share that is a mirror of Centos. I started up an Apache server on my local VM (where i also have docker and am trying build containers) to allow me to install updates to the OS etc. Now the webserver is accessible to all the systems on my lan (10.0.2.225), able to bring it up. But when i try to build the container I get " http://10.0.2.225/repo/centos/7/os/x86_64/repodata/repomd.xml: [Errno 14] curl#7 - “Failed connect to 10.0.2.225:80; No route to host” for the line RUN yum update

Now I made a custom /etc/yum.repos.d/CentOS-Base.repo file where it points to this host: baseurl=http://10.0.2.225/repo/centos/$releasever/os/$basearch/

I was thinking it was the DNS problem I read able having the docker daemon point to my DNS server but that did not seem to fix the issue.

I really need containers to point and get their updates from my repository during a build and not the internet. If I am unable to do this docker will have no value to our organization.

nathanleclaire · March 21, 2016, 8:38pm

It seems to not be the case that 10.0.2.225 is reachable via your container, though. I’d do a few one-off interactive runs with docker run -ti to verify that you can properly access the repo across the network and debug using dig, ping, curl etc. as needed. It seems to be the case that you have not properly configured your networking so that the container can access those yum repos.

macedemo · March 22, 2016, 12:13pm

Well the VM that I’m building the container from can access the webserver just fine and can update from that server/url’s.

How can I run a container per your suggestion (“docker run -ti”) when it fails to build? All the systems on that LAN network can access the webserver including the VM where I’m building only the build of the container seems to have issues, i.e. the docker daemon. Now if I understand docker correctly the docker daemon on my VM is the one during build that is interpreting each line from the dockerfile. I have seen read some issues with this WRT DNS issue with the docker daemon and I created a /etc/default/docker file with “DOCKER_OPTS=”–dns 10.0.2.1 " which points to my local DNS server.

I agree the container is not capable of accessing the yum repo. That’s why I posted here. What do I have to do to get the container to be able to access this repo when the system/VM it is being build on can access the repo just fine? I.e. maybe a networking issue but it’s one related to docker and how it works.

macedemo · March 22, 2016, 5:27pm

Ok I’ll take that back, now I’m really confused. I did a ping in the container per nathanleclair and it worked!!

Sending build context to Docker daemon 476.2 kB
Step 1 : FROM centos:latest
—> c8a648134623
Step 2 : RUN set -x && ping -c 5 10.0.2.225
—> Running in 2a814838e662

ping -c 5 10.0.2.225
PING 10.0.2.225 (10.0.2.225) 56(84) bytes of data.
64 bytes from 10.0.2.225: icmp_seq=1 ttl=64 time=0.134 ms
64 bytes from 10.0.2.225: icmp_seq=2 ttl=64 time=0.078 ms
64 bytes from 10.0.2.225: icmp_seq=3 ttl=64 time=0.095 ms
64 bytes from 10.0.2.225: icmp_seq=4 ttl=64 time=0.138 ms
64 bytes from 10.0.2.225: icmp_seq=5 ttl=64 time=0.145 ms

— 10.0.2.225 ping statistics —
5 packets transmitted, 5 received, 0% packet loss, time 3999ms
rtt min/avg/max/mdev = 0.078/0.118/0.145/0.026 ms
—> 735ac71db396

but still get later on in the build:
Step 5 : RUN yum update
—> Running in 9fb4b2142890
Loaded plugins: fastestmirror, ovl
http://10.0.2.225/repo/centos/7/os/x86_64/repodata/repomd.xml: [Errno 14] curl#7 - "Failed connect to 10.0.2.225:80; No route to host"
Trying other mirror.
http://10.0.2.225/repo/centos/7/os/x86_64/repodata/repomd.xml: [Errno 14] curl#7 - “Failed connect to 10.0.2.225:80; No route to host”

nathanleclaire · March 23, 2016, 12:47am

Hm… Is your yum configured to use some kind of proxy or anything like that? Or maybe there is a firewall which allows icmp but not other kinds of traffic?

macedemo · March 24, 2016, 12:03pm

"Is your yum configured to use some kind of proxy or anything like that " Here is what I have I don’t see any such proxy.

yum.conf:
[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
exactarch=1
obsoletes=1
gpgcheck=1
plugins=1
installonly_limit=5
bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum
distroverpkg=centos-release

CentOS-Base.repo:
[base]
name=CentOS-$releasever - Base
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
#baseurl=file:/updates/centos/$releasever/os/$basearch/
baseurl=http://10.0.2.225/repo/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

" Or maybe there is a firewall which allows icmp but not other kinds of traffic?"
Now I don’t have a FW between these are they are VM’s on the same physical server. Now does the base Centos you get from the docker hub have iptables enabled to stop it, that I don’t know. Why I posted here would have thought someone would have run into the same issue as used the Centos from the docker hub.

macedemo · March 24, 2016, 12:26pm

Also
$ sudo systemctl show docker | grep EnvironmentFile

print no results so I don’t have a http_proxy configures as explained here: https://docs.docker.com/engine/admin/systemd/

macedemo · March 24, 2016, 1:27pm

Oh this seems weird ping works curl does not and the same curl command works on the VM where i build but not in the dockerfile/build process:

Step 1 : FROM centos:latest
—> c8a648134623
Step 2 : RUN set -x && ping -c 5 10.0.2.225 && curl http://10.0.2.225/repo/centos/7/os/X86_64/
—> Running in 3139a9ed819d

ping -c 5 10.0.2.225
PING 10.0.2.225 (10.0.2.225) 56(84) bytes of data.
64 bytes from 10.0.2.225: icmp_seq=1 ttl=64 time=0.133 ms
64 bytes from 10.0.2.225: icmp_seq=2 ttl=64 time=0.046 ms
64 bytes from 10.0.2.225: icmp_seq=3 ttl=64 time=0.101 ms
64 bytes from 10.0.2.225: icmp_seq=4 ttl=64 time=0.113 ms
64 bytes from 10.0.2.225: icmp_seq=5 ttl=64 time=0.056 ms

— 10.0.2.225 ping statistics —
5 packets transmitted, 5 received, 0% packet loss, time 3999ms
rtt min/avg/max/mdev = 0.046/0.089/0.133/0.035 ms

curl http://10.0.2.225/repo/centos/7/os/X86_64/
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:–:-- --:–:-- --:–:-- 0curl: (7) Failed connect to 10.0.2.225:80; No route to host
The command ‘/bin/sh -c set -x && ping -c 5 10.0.2.225 && curl http://10.0.2.225/repo/centos/7/os/X86_64/’ returned a non-zero code: 7

from VM/build host:

$curl http://10.0.2.225/repo/centos/7/os/x86_64/

Index of /repo/centos/7/os/x86_64

Parent Directory
.discinfo
.treeinfo
CentOS_BuildTag
EFI/
EULA
GPL
LiveOS/
Packages/
RPM-GPG-KEY-CentOS-7
RPM-GPG-KEY-CentOS-Testing-7
images/
isolinux/
repodata/

macedemo · March 25, 2016, 1:36pm

Ok my bad. I thought I connected to the webserver using curl from other systems but I only pinged and only did it from the local host. It was iptables/firewalld that screwed me up not allowing connections to port 80.