Docker Community Forums

Share and learn in the Docker community.

Need to turn off ipv6 or rm all ipv6 from /etc/hosts


(Jschwenk1) #1

Background info:

  • Docker version 18.03.0-ce, build 0520e24
  • using FROM ubuntu:16.04

Issue:
If there are any ipv6 addresses in the /etc/hosts file, the legacy executable we are moving into a container crashes on startup. We do not have the source and our underlying hardware is changing so a container is our best option. This software in used in house, runs 24x7, and we only use ipv4 here.

Goal:
Be able to run the legacy software in a container and this means no ipv6 addresses in the /etc/hosts file.

Here’s what I’ve tried so far:

Create the image X1, start the container, log in, edit /etc/hosts, save the image X2 and then start the container from the image X2. And … Docker overwrites /etc/hosts on startup. I found posts here in the forums that explains that case but those were trying to add to the file not remove from.

Next, I have the final CMD in the Dockerfile call a script to edit the /etc/hosts stripping out all the ipv6 addresses but it looks like the OS has a lock on the file. Script and output follow. The new file /etc/hosts_ipv4_only is present, and its contents are correct.

Script:
grep -v :: /etc/hosts > /etc/hosts_ipv4_only
ls -al /etc/hosts_ipv4_only
mv -f /etc/hosts_ipv4_only /etc/hosts

Output:
-rw-r–r-- 1 root root 44 Aug 7 22:58 /etc/hosts_ipv4_only
mv: cannot move ‘/etc/hosts_ipv4_only’ to ‘/etc/hosts’: Device or resource busy

Permanently turn off ipv6 inside the container. This doesn’t really solve the problem as if it restarted, we’d be back to crashing. Added to sysctl.conf and then ran sysctl -p:

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

Output of the sysctl -p command:

sysctl: setting key “net.ipv6.conf.all.disable_ipv6”: Read-only file system
sysctl: setting key “net.ipv6.conf.default.disable_ipv6”: Read-only file system
sysctl: setting key “net.ipv6.conf.lo.disable_ipv6”: Read-only file system

Suggestions for how to accomplish the goal?