Dear community,
Background
I am working on my first docker container. After a steep learning curve and a lot of help from @meyay, the experience has been great.
I have currently a Ubuntu Server (22.04.1 LTS) on a HP EliteDesk 800 G2 hosting a Docker Engine 20.10.22.
I have two Docker containers: Graylog and HomeAssistant.
I have set up two macvlans, which provide IP-adresses for the containers.
The HP is wired to a Unifi-Switch. The respective port is defined on the default net, but allows two taged VLANs.
So far, so good. I can access the Ubuntu (192.168.1.57) via ssh, I can access Graylog via its IP (192.168.70.3:9000) and I can access HomeAssistant via its IP (192.168.30.20:8123).
Question
I would like to have the Ubuntu Server on 192.168.70.2. I believe, I can provide this IP to the HP via DHCP - or at least I can set a static IP within the Ubuntu. As soon as I do, I cannot ssh into the ubuntu anymore and I cannot reach it via ping. The HP disapears from my Unifi environment. It is, as if the traffic is recieved by one of the containers and hits a wall there.
What do I need to configure, so that I can have the Ubuntu in the same VLAN as one of the containers?
please note:
- I have not yet been able to active the promiscous mode on eno1 permanently. Would this solve the issue? EDIT: I was able to activate promiscous mode permanently.
- I don’t need host-to-container communication. the host only runs the containers, I will access them via my laptop.
Some more details
Docker network overview
uadmin@ubuntu:/$ docker network ls
NETWORK ID NAME DRIVER SCOPE
bd88d99b9caf bridge bridge local
a8ed596cd6d7 graylog_graylog_backend bridge local
989a7cc8de67 host host local
96834b94c746 macvlan30 macvlan local
4663a4b40f99 macvlan70 macvlan local
fb9e3c4b2724 none null local
The macvlans have been created with this commands
# Server-Netz (VLAN 70)
docker network create -d macvlan \
--subnet=192.168.70.0/24 \
--ip-range=192.168.70.127/26 \
--gateway=192.168.70.1 \
--aux-address="Ubuntu-Docker-Server=192.168.70.2" \
-o parent=eno1.70 macvlan70
# IoT-Netz (VLAN 30)
docker network create -d macvlan \
--subnet=192.168.30.0/24 \
--ip-range=192.168.30.127/26 \
--gateway=192.168.30.1 \
--aux-address="HomeAssistant=192.168.30.2" \
-o parent=eno1.30 macvlan30
Ubuntu server IP configuration
uadmin@ubuntu:/$ ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether fc:3f:db:07:69:e5 brd ff:ff:ff:ff:ff:ff
altname enp0s31f6
inet 192.168.1.57/24 metric 100 brd 192.168.1.255 scope global dynamic eno1
valid_lft 84692sec preferred_lft 84692sec
inet6 fe80::fe3f:dbff:fe07:69e5/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:41:ed:87:d9 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
4: br-a8ed596cd6d7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:9a:40:9f:7a brd ff:ff:ff:ff:ff:ff
inet 10.10.10.1/24 brd 10.10.10.255 scope global br-a8ed596cd6d7
valid_lft forever preferred_lft forever
inet6 fe80::42:9aff:fe40:9f7a/64 scope link
valid_lft forever preferred_lft forever
6: eno1.70@eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether fc:3f:db:07:69:e5 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fe3f:dbff:fe07:69e5/64 scope link
valid_lft forever preferred_lft forever
8: veth8a48f36@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-a8ed596cd6d7 state UP group default
link/ether e6:e9:93:f0:68:37 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::e4e9:93ff:fef0:6837/64 scope link
valid_lft forever preferred_lft forever
10: vethde00d6a@if9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-a8ed596cd6d7 state UP group default
link/ether ca:5c:e2:00:ec:95 brd ff:ff:ff:ff:ff:ff link-netnsid 2
inet6 fe80::c85c:e2ff:fe00:ec95/64 scope link
valid_lft forever preferred_lft forever
13: veth2d34f9b@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-a8ed596cd6d7 state UP group default
link/ether f2:84:a0:a0:00:a0 brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet6 fe80::f084:a0ff:fea0:a0/64 scope link
valid_lft forever preferred_lft forever
15: eno1.30@eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether fc:3f:db:07:69:e5 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fe3f:dbff:fe07:69e5/64 scope link
valid_lft forever preferred_lft forever
Docker containers
uadmin@ubuntu:/$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS
PORTS NAMES
1f94654d29a6 ghcr.io/home-assistant/home-assistant:stable "/init" 7 minutes ago Up 6 minutes
homeassistant
5ce7fed1ccb8 graylog/graylog:5.0 "/usr/bin/tini -- wa…" 37 hours ago Up 31 minutes (healthy) graylog-graylog-1
25656120d793 docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2 "/tini -- /usr/local…" 45 hours ago Up 31 minutes
graylog-elasticsearch-1
983d99b7b11e mongo:5.0.13 "docker-entrypoint.s…" 45 hours ago Up 31 minutes
graylog-mongodb-1
Docker compose.yaml for Graylog
# version: as December 2022 https://docs.docker.com/compose/compose-file/
services:
# MongoDB: https://hub.docker.com/_/mongo/
mongodb:
image: mongo:5.0.13
restart: unless-stopped
#DB in share for persistence
volumes:
- type: volume
source: mongo_data
target: /data/db
networks:
graylog_backend:
ipv4_address: 10.10.10.3
# Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/7.10/docker.html
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
#data folder in share for persistence
volumes:
- type: volume
source: es_data
target: /usr/share/elasticsearch/data
environment:
- http.host=0.0.0.0
- transport.host=localhost
- network.host=0.0.0.0
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
deploy:
resources:
limits:
memory: 1gb
ulimits:
memlock:
soft: -1
hard: -1
restart: unless-stopped
networks:
graylog_backend:
ipv4_address: 10.10.10.4
# Graylog: https://hub.docker.com/r/graylog/graylog/
graylog:
image: graylog/graylog:5.0
#journal and config directories in local NFS share for persistence
volumes:
- type: volume
source: graylog_journal
target: /usr/share/graylog/data/journal
environment:
# CHANGE ME (must be at least 16 characters)!
- GRAYLOG_PASSWORD_SECRET=[abcd]
# Password: admin
- GRAYLOG_ROOT_PASSWORD_SHA2=[efgh]
- GRAYLOG_HTTP_EXTERNAL_URI=http://192.168.70.3:9000/
- GRAYLOG_HTTP_ENABLE_CORS=true
entrypoint: /usr/bin/tini -- wait-for-it elasticsearch:9200 -- /docker-entrypoint.sh
networks:
macvlan70:
ipv4_address: 192.168.70.3
graylog_backend:
ipv4_address: 10.10.10.2
links:
- mongodb:mongo
- elasticsearch
restart: unless-stopped
depends_on:
- mongodb
- elasticsearch
ports:
- target: 9000
host_ip: 0.0.0.0
published: 9000
mode: host
- target: 1514
host_ip: 0.0.0.0
published: 1514
mode: host
- target: 12201
host_ip: 0.0.0.0
published: 12201
mode: host
# Volumes for persisting data, see https://docs.docker.com/engine/admin/volumes/volumes/
volumes:
mongo_data:
driver: local
es_data:
driver: local
graylog_journal:
driver: local
# Network specifications
networks:
macvlan70:
external: true
graylog_backend:
internal: true
ipam:
driver: default
config:
- subnet: "10.10.10.0/24"
Unifi network topology
Unifi client devices
Unifi switch port profile
EDIT: promiscous mode active
2: eno1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether fc:3f:db:07:69:e5 brd ff:ff:ff:ff:ff:ff
altname enp0s31f6
inet 192.168.1.57/24 metric 100 brd 192.168.1.255 scope global dynamic eno1
valid_lft 86383sec preferred_lft 86383sec
inet6 fe80::fe3f:dbff:fe07:69e5/64 scope link
valid_lft forever preferred_lft forever
What else do you need to help me solve this? 