Docker Composeの名前解決まわり 備忘録
Docker Composeのネットワーク 備忘録
DL;DR
- サービスディスカバリしたければ、Compose管理外で
docker network disconnect/connect
しないこと docker network disconnect
/docker network connect
後は…- コンテナ名での名前解決は可能
- サービス名での名前解決ができなくなる
再現
C-S構成の環境を立てる
docker-compose up -d
C->Sの疎通確認
server
というサービス名で
docker-compose exec client ping -c 1 server
PING server (172.28.0.3) 56(84) bytes of data. 64 bytes from dns_server_1.dns_default (172.28.0.3): icmp_seq=1 ttl=64 time=0.032 ms --- server ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.032/0.032/0.032/0.000 ms
dns_server_1
というコンテナ名で
docker-compose exec client ping -c 1 dns_server_1
PING dns_server_1 (172.29.0.3) 56(84) bytes of data. 64 bytes from dns_server_1.dns_dns_experiment (172.29.0.3): icmp_seq=1 ttl=64 time=0.051 ms --- dns_server_1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.051/0.051/0.051/0.000 ms
サーバーをネットワークから引き剥がしてみる
docker network disconnect dns_experiment dns_server_1
- 疎通できないことを確認する
server
というサービス名で
docker-compose exec client ping -c 1 server
ping: server: Name or service not known
dns_server_1
というコンテナ名で
docker-compose exec client ping -c 1 dns_server_1
ping: dns_server_1: Name or service not known
サーバーをネットワークに戻すと…
docker network connect dns_experiment dns_server_1
- ネットワークに戻したのに、
server
というサービス名では疎通できない
docker-compose exec client ping -c 1 server
ping: server: Name or service not known
- cf.
dns_server_1
というコンテナ名では疎通できる
docker-compose exec client ping -c 1 dns_server_1
PING dns_server_1 (172.31.0.2) 56(84) bytes of data. 64 bytes from dns_server_1.dns_experiment (172.31.0.2): icmp_seq=1 ttl=64 time=0.048 ms --- dns_server_1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.048/0.048/0.048/0.000 ms
DNSのゾーン設定の変化
疎通している状態でdigる
- 環境つくりなおす
docker-compose down
docker-compose up -d
server
というサービス名で
docker-compose exec client dig server
; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> server ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8672 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;server. IN A ;; ANSWER SECTION: server. 600 IN A 192.168.0.2 ;; Query time: 0 msec ;; SERVER: 127.0.0.11#53(127.0.0.11) ;; WHEN: Sun Feb 23 08:20:54 UTC 2020 ;; MSG SIZE rcvd: 46
dns_server_1
というコンテナ名で
docker-compose exec client dig dns_server_1
; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> dns_server_1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49658 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;dns_server_1. IN A ;; ANSWER SECTION: dns_server_1. 600 IN A 192.168.0.2 ;; Query time: 1 msec ;; SERVER: 127.0.0.11#53(127.0.0.11) ;; WHEN: Sun Feb 23 08:21:02 UTC 2020 ;; MSG SIZE rcvd: 58
- いずれも、AレコードでサーバーコンテナのIPが設定されている
docker-compose exec server hostname -i
192.168.0.2
ネットワークからサーバーコンテナを外してdigる
docker network disconnect dns_experiment dns_server_1
server
というサービス名で
docker-compose exec client dig server
; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> server ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3008 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;server. IN A ;; AUTHORITY SECTION: . 76700 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2020022300 1800 900 604800 86400 ;; Query time: 5 msec ;; SERVER: 127.0.0.11#53(127.0.0.11) ;; WHEN: Sun Feb 23 08:25:34 UTC 2020 ;; MSG SIZE rcvd: 110
dns_server_1
というコンテナ名で
docker-compose exec client dig dns_server_1
; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> dns_server_1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 57829 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;dns_server_1. IN A ;; AUTHORITY SECTION: . 86327 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2020022300 1800 900 604800 86400 ;; Query time: 5 msec ;; SERVER: 127.0.0.11#53(127.0.0.11) ;; WHEN: Sun Feb 23 08:25:46 UTC 2020 ;; MSG SIZE rcvd: 116
- サービス名、コンテナ名ともにAレコードが無くなっている
ネットワークにサーバーコンテナを再度追加してdigる
docker network connect dns_experiment dns_server_1
server
というサービス名で
docker-compose exec client dig server
; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> server ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 49529 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;server. IN A ;; AUTHORITY SECTION: . 5385 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2020022102 1800 900 604800 86400 ;; Query time: 5 msec ;; SERVER: 127.0.0.11#53(127.0.0.11) ;; WHEN: Sun Feb 23 08:28:06 UTC 2020 ;; MSG SIZE rcvd: 110
dns_server_1
というコンテナ名で
docker-compose exec client dig dns_server_1
; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> dns_server_1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15705 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;dns_server_1. IN A ;; ANSWER SECTION: dns_server_1. 600 IN A 192.168.0.2 ;; Query time: 0 msec ;; SERVER: 127.0.0.11#53(127.0.0.11) ;; WHEN: Sun Feb 23 08:28:24 UTC 2020 ;; MSG SIZE rcvd: 58
- サービス名のAレコードがない
- cf. コンテナ名のAレコードは復活している
serverサービスを複数コンテナで立ててゾーン設定を見てみる
- サーバーコンテナを3つ立てて環境を作り直す
docker-compose down -v docker-compose up -d --scale server=3
Creating network "dns_experiment" with the default driver Creating dns_server_1 ... Creating dns_server_2 ... Creating dns_server_3 ... Creating dns_client_1 ...
- clientからserverをdigる
docker-compose exec client dig server
; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> server ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2282 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;server. IN A ;; ANSWER SECTION: server. 600 IN A 192.168.32.5 server. 600 IN A 192.168.32.4 server. 600 IN A 192.168.32.2 ;; Query time: 0 msec ;; SERVER: 127.0.0.11#53(127.0.0.11) ;; WHEN: Sun Feb 23 08:34:51 UTC 2020 ;; MSG SIZE rcvd: 90
dns_server_2
コンテナをネットワークからdisconnect/再connectする
docker network disconnect dns_experiment dns_server_2 docker network connect dns_experiment dns_server_2
- 再度dig
docker-compose exec client dig server
; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> server ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26776 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;server. IN A ;; ANSWER SECTION: server. 600 IN A 192.168.32.4 server. 600 IN A 192.168.32.5 ;; Query time: 0 msec ;; SERVER: 127.0.0.11#53(127.0.0.11) ;; WHEN: Sun Feb 23 08:36:45 UTC 2020 ;; MSG SIZE rcvd: 68
dns_server_2
コンテナのIPアドレス192.168.32.2
を指していたAレコードが消えた
- server. 600 IN A 192.168.32.2
docker exec dns_server_2 hostname -i
192.168.32.2
- スケールアウトしてみても、欠けたAレコードは復活しない
docker-compose up -d --scale server=4
dns_client_1 is up-to-date Starting dns_server_1 ... Starting dns_server_2 ... Starting dns_server_3 ... Creating dns_server_4 ...
docker-compose exec client dig server
; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> server ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8891 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;server. IN A ;; ANSWER SECTION: server. 600 IN A 192.168.32.6 server. 600 IN A 192.168.32.5 server. 600 IN A 192.168.32.4 ;; Query time: 0 msec ;; SERVER: 127.0.0.11#53(127.0.0.11) ;; WHEN: Sun Feb 23 08:40:30 UTC 2020 ;; MSG SIZE rcvd: 90
- スケールイン/アウトして作り直すと復活する
docker-compose up -d --scale server=1 docker-compose up -d --scale server=4 docker-compose exec client dig server
; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> server ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16479 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;server. IN A ;; ANSWER SECTION: server. 600 IN A 192.168.32.4 server. 600 IN A 192.168.32.6 server. 600 IN A 192.168.32.5 server. 600 IN A 192.168.32.2 ;; Query time: 0 msec ;; SERVER: 127.0.0.11#53(127.0.0.11) ;; WHEN: Sun Feb 23 08:48:17 UTC 2020 ;; MSG SIZE rcvd: 112
- サービスディスカバリしたければ、Compose管理外で
docker network disconnect/connect
するなってことですね