Bug 1830188 - docker containers cannot resolve after fc32 upgrade
Summary: docker containers cannot resolve after fc32 upgrade
Keywords:
Status: CLOSED DUPLICATE of bug 1817022
Alias: None
Product: Fedora
Classification: Fedora
Component: moby-engine
Version: 32
Hardware: x86_64
OS: Linux
unspecified
urgent
Target Milestone: ---
Assignee: Olivier Lemasle
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-05-01 03:28 UTC by Mohammed Arafa
Modified: 2020-05-06 10:28 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2020-05-06 10:28:18 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Mohammed Arafa 2020-05-01 03:28:09 UTC 
Description of problem:

i have a fc31 server edition docker host running moby-engine 
after upgrading to fc32 i discovered none of my containers on that host can resolve from the internet. it pings but does not resolve. 



Version-Release number of selected component (if applicable):
Version     : 19.03.8


How reproducible:
every time

Steps to Reproduce:
1. upgrade from fc31 server to fc32
2. run container
3. try to resolve

Actual results:
fails to resolve hostnames


Expected results:
works (tm)

Additional info:

  server.marafa.vm  root  /  var  log  docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' nxfilter 
172.17.0.7

iptables -nL |grep 172.17.0.7
ACCEPT     tcp  --  0.0.0.0/0            172.17.0.7           tcp dpt:19004
ACCEPT     tcp  --  0.0.0.0/0            172.17.0.7           tcp dpt:19003
ACCEPT     tcp  --  0.0.0.0/0            172.17.0.7           tcp dpt:19002
ACCEPT     tcp  --  0.0.0.0/0            172.17.0.7           tcp dpt:443
ACCEPT     tcp  --  0.0.0.0/0            172.17.0.7           tcp dpt:80
ACCEPT     udp  --  0.0.0.0/0            172.17.0.7           udp dpt:53


root@~ > nslookup www.redhat.com 1.1.1.1
Server:    1.1.1.1
Address 1: 1.1.1.1

nslookup: can't resolve 'www.redhat.com': Try again
root@~ > nslookup www.redhat.com 8.8.8.8
Server:    8.8.8.8
Address 1: 8.8.8.8

nslookup: can't resolve 'www.redhat.com': Try again
root@~ > nc -vz 1.1.1.1 53
nc: 1.1.1.1 (1.1.1.1:53): Host is unreachable
root@~ > nc -vz 8.8.8.8
nc: 8.8.8.8 (8.8.8.8:0): Host is unreachable
root@~ > ping -c 3 -w3 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
64 bytes from 1.1.1.1: seq=0 ttl=55 time=19.502 ms
64 bytes from 1.1.1.1: seq=1 ttl=55 time=34.335 ms
64 bytes from 1.1.1.1: seq=2 ttl=55 time=20.785 ms

--- 1.1.1.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 19.502/24.874/34.335 ms
root@~ > ping -c 3 -w3 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=53 time=24.301 ms
64 bytes from 8.8.8.8: seq=1 ttl=53 time=20.081 ms
64 bytes from 8.8.8.8: seq=2 ttl=53 time=25.819 ms

--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 20.081/23.400/25.819 ms
root@~ > 


command used to launch the container: 
docker run -dt --name nxfilter -p 7180:80 -p 7443:443 -p 53:53/udp -p 19002-19004:19002-19004 -v /opt/nxfilter/conf:/nxfilter/conf -v /opt/nxfilter/log:/nxfilter/log -v /opt/nxfilter/db:/nxfilter/db --restart always packetworks/nxfilter:latest
(rebuilt from the original Dockerfile for the latest version) - however this is true for all other containers. i have 16 of them all failing similarly
Comment 1 Mohammed Arafa 2020-05-01 21:49:15 UTC 
i see https://pagure.io/fesco/issue/2231 says that moby-engine will be left stranded and unsupported without an announcement.

thanks for the warning.
Comment 2 Olivier Lemasle 2020-05-06 10:28:18 UTC 

*** This bug has been marked as a duplicate of bug 1817022 ***
Note You need to log in before you can comment on or make changes to this bug.