Description of problem: There is no outside network access for user created docker container on Atomic-7.4.2 Version-Release number of selected component (if applicable): openshift v3.7.0-0.147.1 kubernetes v1.7.6+a08f5eeb62 ah_image:qe-rhel-atomic-cloud-742-3 docker-1.12.6-61.git85d7426.el7.x86_64 How reproducible: Always Steps to Reproduce: 1. Setup a OCP env based on atomic-7.4.2 2. ssh into node create a docker container # docker run -td --name=test-container bmeng/hello-openshift 0c5e5e5af4e6230735eca6e359c0190fe5f2dd42ded0340e9dee50664b79434d 3. Enter the container and try to access outside network 4. Create a project and do docker build # oc new-app https://github.com/openshift/ruby-hello-world Actual results: step3: # docker exec -ti 0c5e5e5af4e6 bash bash-4.3# ping www.redhat.com PING www.redhat.com (23.55.5.42): 56 data bytes step4: Build failed $ oc logs ruby-hello-world-1-build Step 1 : FROM centos/ruby-22-centos7@sha256:c1a4adbc02d74fad74ce107f68e782f6d0658c8077ae113586b1a6f786742c3b ---> 7ced0be17916 Step 2 : USER default ---> Running in aa6c63418831 ---> 58649fcbfef0 Removing intermediate container aa6c63418831 Step 3 : EXPOSE 8080 ---> Running in 5af8d113c2bc ---> 3a5cf2a3be1e Removing intermediate container 5af8d113c2bc Step 4 : ENV RACK_ENV production ---> Running in e8944d907367 ---> 94116ae6c76b Removing intermediate container e8944d907367 Step 5 : ENV RAILS_ENV production ---> Running in 00bb62cca1ac ---> 6de7bec90aa6 Removing intermediate container 00bb62cca1ac Step 6 : COPY . /opt/app-root/src/ ---> bd3c00c15796 Removing intermediate container 06793e874289 Step 7 : RUN scl enable rh-ruby22 "bundle install" ---> Running in 6e1406948cc9 /opt/rh/rh-ruby22/root/usr/share/ruby/net/http.rb:879:in `initialize': No route to host - connect(2) for "bundler.rubygems.org" port 443 (Errno::EHOSTUNREACH) from /opt/rh/rh-ruby22/root/usr/share/ruby/net/http.rb:879:in `open' from /opt/rh/rh-ruby22/root/usr/share/ruby/net/http.rb:879:in `block in connect' from /opt/rh/rh-ruby22/root/usr/share/ruby/timeout.rb:74:in `timeout' from /opt/rh/rh-ruby22/root/usr/share/ruby/net/http.rb:878:in `connect' Expected results: step3: docker container should have outside network access step4: docker build succeed Additional info:
Did you install openshift with ansible? If you "systemctl restart docker", does that fix things? If so, this is https://github.com/openshift/origin/issues/16709 (and is believed to be fixed with newer openshift-ansible).
The openshift env installed by ansible. And seems yes, container network works wel after restart docker.
Should be fixed by https://github.com/openshift/openshift-ansible/pull/5721 (commit c38f63c). Feel free to switch this from "Component: Networking" to "Component: Installer" if that makes sense.
Test on latest OCP env, issue have been fixed. openshift v3.7.0-0.176.0 kubernetes v1.7.6+a08f5eeb62
so... VERIFIED?
Test on latest OCP again, issue have been fixed. Move bug to verify. openshift v3.7.0-0.178.0 kubernetes v1.7.6+a08f5eeb62
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2017:3188