Skip to the content.

两个容器网络互通

2018-01-05

问题

在Centos 7宿主机上安装的Docker 17.12.0-ce,启动了Gitlab和Read The Docs两个容器,两个容器通过端口映射后宿主机都可以正常访问。Read The Docs容器中Ping Gitlab网络正常,但是用wget访问Gitlab报no route to host 错误。多方查找解法方案如下:

解决方案

快速解决

以管理员身份运行以下命令就可以快速解决问题,想了解详细信息请看下节:

nmcli connection modify docker0 connection.zone trusted
systemctl stop NetworkManager.service
firewall-cmd --permanent --zone=trusted --change-interface=docker0
systemctl start NetworkManager.service
nmcli connection modify docker0 connection.zone trusted
systemctl restart docker.service

详细说明

The explained version and how to check everything worked

The current workaround that seems to work ends up creating a trusted.xml file AND a ifcfg-docker0 file. The trusted.xml file would set the zone after a reboot (read and used by firewalld) and the ifcfg-docker0 would set the zone after reload or restart of services and interface or connections restarted (read and used mainly by NetworkManager).

To achieve that:

…specifically, it should have a:

ZONE=trusted
<?xml version="1.0" encoding="utf-8"?>
<zone target="ACCEPT">
  <short>Trusted</short>
  <description>All network connections are accepted.</description>
  <interface name="docker0"/>
</zone>

…we can see that the docker0 interface was added to this trusted zone by the:

<interface name="docker0"/>
trusted
connection.zone:                        trusted
systemctl restart docker.service

参考