docker

时间:2015-10-11 13:18:58

标签: elasticsearch docker 

[2015-10-11 13:08:26,587][WARN ][transport.netty          ] [Joseph] exception caught on transport layer [[id: 0x7e9f652b]], closing connection
java.net.NoRouteToHostException: No route to host
        at sun.nio.ch.SocketChannelImpl.checkConnect(Native Method)
        at sun.nio.ch.SocketChannelImpl.finishConnect(Unknown Source)
        at org.elasticsearch.common.netty.channel.socket.nio.NioClientBoss.connect(NioClientBoss.java:152)
        at org.elasticsearch.common.netty.channel.socket.nio.NioClientBoss.processSelectedKeys(NioClientBoss.java:105)
        at org.elasticsearch.common.netty.channel.socket.nio.NioClientBoss.process(NioClientBoss.java:79)
        at org.elasticsearch.common.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337)
        at org.elasticsearch.common.netty.channel.socket.nio.NioClientBoss.run(NioClientBoss.java:42)
        at org.elasticsearch.common.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)

我在docker中启动elasticsearch时遇到此异常(实际上我在CentOS7 docker host中只有这个问题)

首先,我的dockefile暴露了UDP端口。

EXPOSE 9200 9300/udp 9301/udp 9302/udp 9303/udp 9304/udp 9305/udp

当我启动docker容器时,我通过-p 9200:9200 -p 9300:9300/udp -p 9301:9301/udp -p 9302:9302/udp -p 9303:9303/udp -p 9304:9304/udp -p 9305:9305/udp

打开了这些端口

docker ps内,我确实看到这些端口以0.0.0.0:9300-9305->9300-9305/udp

打开

以下是elasticsearch.yml

的一些内容 
cluster.name: changsha
discovery.zen.ping.unicast.hosts: [ "10.0.5.241" ]
network.publish_host: 10.0.5.241

10.0.5.241是我的泊坞主机的IP地址。请问这里有什么问题?它在CentOS6主机上取得了成功,但在这个CentOS7主机上失败了。

更新

answer之后,我从tcpdump -p -nn icmp获得以下结果。 

09:26:53.277117 IP 10.0.5.241 > 172.17.0.8: ICMP host 10.0.5.241 unreachable - admin prohibited, length 68
09:26:53.277494 IP 10.0.5.241 > 172.17.0.8: ICMP host 10.0.5.241 unreachable - admin prohibited, length 68
09:26:53.277822 IP 10.0.5.241 > 172.17.0.8: ICMP host 10.0.5.241 unreachable - admin prohibited, length 68
09:26:53.278043 IP 10.0.5.241 > 172.17.0.8: ICMP host 10.0.5.241 unreachable - admin prohibited, length 68
09:26:54.277753 IP 10.0.5.241 > 172.17.0.8: ICMP host 10.0.5.241 unreachable - admin prohibited, length 68
09:27:04.280703 IP 10.0.5.241 > 172.17.0.8: ICMP host 10.0.5.241 unreachable - admin prohibited, length 68

2 个答案:

答案 0 :(得分:2)

首先,找出docker interface ip address 

# ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.42.1  netmask 255.255.0.0  broadcast 0.0.0.0
        ether 56:84:7a:fe:97:99  txqueuelen 0  (Ethernet)
        RX packets 115761  bytes 12605533 (12.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 55687  bytes 22647938 (21.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

然后将所有docker IP地址添加到白名单

firewall-cmd --permanent --zone=trusted --add-source=172.17.0.0/16
firewall-cmd --reload

问题解决了

答案 1 :(得分:0)

如果有人在centos 7.4中遇到这个问题,那是因为码头服务和firewalld服务之间存在冲突。

你可以通过禁用firewalld来解决,然后重启docker service。

请参阅https://sanenthusiast.com/docker-and-firewalld-mess-in-centos-7/

相关问题
最新问题