您好!docker swarm worker节点 上的容器内无法访问外网
来源:6-5 微服务部署
慕粉0022507194
2020-07-03
swarm 集群中的两个节点和服务
[root@localhost rfid-ms]# docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
dldgmmlcemh2m501u527sjs1g * manager-123 Ready Active Leader 19.03.12
boawbwy8nmr2vcszqkboorako worker-125 Ready Active 19.03.12
[root@localhost rfid-ms]# docker service ps rfid-ms_ivg-base-service
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
qfjsh40qu9ts rfid-ms_ivg-base-service.1 reg.invengo.cn:8888/rfid_cloud/ivg-base-service:latest manager-123 Running Running 19 minutes ago
qf349uhlf75v rfid-ms_ivg-base-service.2 reg.invengo.cn:8888/rfid_cloud/ivg-base-service:latest worker-125 Running Running 57 seconds ago
在manager-123节点上主机和容器内部都可以访问外网
[root@localhost rfid-ms]# docker ps -f name=rfid-ms_ivg-base-service
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
203b38a5ab42 reg.invengo.cn:8888/rfid_cloud/ivg-base-service:latest "java -jar /base-com…" 22 minutes ago Up 22 minutes 9003/tcp rfid-ms_ivg-base-service.1.qfjsh40qu9tslo77ef92etm8p
[root@localhost rfid-ms]# docker exec -it 203b38a5ab42 /bin/bash
root@203b38a5ab42:/# ping www.baidu.com
PING www.wshifen.com (103.235.46.39) 56(84) bytes of data.
64 bytes from 103.235.46.39 (103.235.46.39): icmp_seq=1 ttl=48 time=66.5 ms
64 bytes from 103.235.46.39 (103.235.46.39): icmp_seq=2 ttl=48 time=64.7 ms
64 bytes from 103.235.46.39 (103.235.46.39): icmp_seq=5 ttl=48 time=65.2 ms
64 bytes from 103.235.46.39 (103.235.46.39): icmp_seq=8 ttl=48 time=66.0 ms
root@203b38a5ab42:/# ping 116.62.155.230
PING 116.62.155.230 (116.62.155.230) 56(84) bytes of data.
64 bytes from 116.62.155.230: icmp_seq=1 ttl=48 time=26.9 ms
64 bytes from 116.62.155.230: icmp_seq=2 ttl=48 time=26.6 ms
64 bytes from 116.62.155.230: icmp_seq=3 ttl=48 time=26.5 ms
64 bytes from 116.62.155.230: icmp_seq=4 ttl=48 time=26.6 ms
在worker-125节点主机是可以访问外网的
[root@swarm-worker125 conf.d]# ping 116.62.155.230
PING 116.62.155.230 (116.62.155.230) 56(84) bytes of data.
64 bytes from 116.62.155.230: icmp_seq=1 ttl=49 time=27.4 ms
64 bytes from 116.62.155.230: icmp_seq=2 ttl=49 time=28.2 ms
64 bytes from 116.62.155.230: icmp_seq=3 ttl=49 time=27.5 ms
64 bytes from 116.62.155.230: icmp_seq=4 ttl=49 time=27.5 ms
64 bytes from 116.62.155.230: icmp_seq=5 ttl=49 time=26.8 ms
64 bytes from 116.62.155.230: icmp_seq=6 ttl=49 time=26.8 ms
^C
--- 116.62.155.230 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5008ms
rtt min/avg/max/mdev = 26.810/27.394/28.216/0.514 ms
在worker-125节点上的容器内部无法访问外网
[root@swarm-worker125 conf.d]# docker ps -f name=rfid-ms_ivg-base-service
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ef6a4e92c2c7 reg.invengo.cn:8888/rfid_cloud/ivg-base-service:latest "java -jar /base-com…" About a minute ago Up 53 seconds 9003/tcp rfid-ms_ivg-base-service.2.tfxv7o8opjedkr7vunveov5s1
[root@swarm-worker125 conf.d]# docker exec -it ef6a4e92c2c7 /bin/bash
root@ef6a4e92c2c7:/# ping www.baidu.com
ping: www.baidu.com: Temporary failure in name resolution
root@ef6a4e92c2c7:/# ping 116.62.155.230
PING 116.62.155.230 (116.62.155.230) 56(84) bytes of data.
^C
--- 116.62.155.230 ping statistics ---
38 packets transmitted, 0 received, 100% packet loss, time 1035ms
写回答
1回答
-
刘果国
2020-07-04
docker inspect 一下,对比一下两个容器的参数设置,特别是网络这部分。
另外检查一下宿主机的防火墙。
00
相似问题