2016-06-24 13:33:41 |
Michael Stieler |
description |
We experience problems with outgoing HTTPS connections from inside Docker containers when running in OpenStack.
- Ubuntu 14, 16 and CoreOS show the same problems
- While there are no problems with Docker 1.6.2 and 1.9.1, 1.10 and 1.11 versions are broken
- The same containers work outside OpenStack
This is why we assume that the bug must be related to OpenStack.
The bug can easily be reproduced with:
docker run -it ubuntu apt-get update
Expected output: Ubuntu updates its package list
Actual output: Nothing is downloaded, package sources are skipped after a timeout.
The same problem seems to occur with wget and curl and our Java application.
Please note that plain HTTP works as expected, also issuing the Https requests from the host machine.
Disabling network virtualization with Docker flag --net="host" fixes the problems with wget, curl and apt-get, unfortunately not with the Java app we're trying to deploy in OpenStack.
For our current project this is actually a blocker since CoreOS comes bundles with a recent Docker version which is not so easy to downgrade.
I can't see any version information in the Horizon interface of our provider, however I think I heard they are using Mitaka release.
Links:
- Related issue at Docker: https://github.com/docker/docker/issues/20178
- ServerFault question by me: http://serverfault.com/questions/785768/https-request-fails-in-docker-1-10-with-virtualized-network
- StackOverflow question by someone else: http://stackoverflow.com/questions/35300497/docker-container-not-connecting-to-https-endpoints |
We experience problems with outgoing HTTPS connections from Docker containers when running in OpenStack VMs.
We assume this could be a bug in OpenStack because:
- Ubuntu 14, 16 and CoreOS show the same problems
- While there are no problems with Docker 1.6.2 and 1.9.1, it fails with Docker 1.10 and 1.11
- The same containers work outside OpenStack
- We found similar problem descriptions in the web that occured on other OpenStack providers
The issue can easily be reproduced with:
1.) Installing a docker version >= 1.10
2.) docker run -it ubuntu apt-get update
Expected output: Ubuntu updates its package list
Actual output: Download does not start and runs into a timeout
The same problem seems to occur with wget and curl and our Java application.
Please note that plain HTTP works as expected, so does issuing the Https requests from the Docker host machine.
Disabling network virtualization with Docker flag --net="host" fixes the problems with wget, curl and apt-get, unfortunately not with the Java app we're trying to deploy in OpenStack.
For our current project this is actually a blocker since CoreOS comes bundled with a recent Docker version which is not trivial to downgrade.
I can't see any version information in the Horizon interface of our provider, however I think I heard they are using Mitaka release.
Links:
- Related issue at Docker: https://github.com/docker/docker/issues/20178
- ServerFault question by me: http://serverfault.com/questions/785768/https-request-fails-in-docker-1-10-with-virtualized-network
- StackOverflow question by someone else: http://stackoverflow.com/questions/35300497/docker-container-not-connecting-to-https-endpoints |
|