Please create internal route to 172.17 network

[Kushmaro]

Expected behavior

for the docker experience to be 'as if on actual linux' I should be able to reach my containers on 172.17.x.x networks

Actual behavior

Can't reach internal container network

Information

Diagnostic ID: A81E916C-50CE-4FB8-BE42-673929B53C19
Docker for Mac: 1.12.0-a (Build 11213)
macOS: Version 10.11.6 (Build 15G1004)

Solution

When starting up docker for mac, create a static route to the xhyve vm, routing network 172.17.x.x through its 192.168 interface... it's really simple :)

Steps to reproduce

1. start docker for mac
2. start a container
3. inspect container internal ip
4. can ping or reach that ip :(

[ascotan]

+1

This actually confused the hell out of me setting up a vagrant docker provider. Vagrant ssh-config shows that the ip of the created container is on the 172.17.x.x network and attempts to ssh to it on startup but I get:

default: Warning: Host unreachable. Retrying... default: Warning: Host unreachable. Retrying...

The problem is that the 172.17.x.x network is not reachable on docker for mac. Currently I'm searching for a work around to this.

[vespasien]

+1

I used to make it works with docker-machine with the following command but I don't know how to adapt it with the new docker "native".

sudo route -n delete 172.17.0.0
sudo /sbin/route -n add -net 172.17.0.0 -netmask 255.255.0.0 -gateway $(docker-machine ip default)

[Kushmaro]

Can someone please prioritize this?

[ascotan]

BTW my solution for this (which is terrible) is to port forward ever required reachable port in every container onto localhost with unique port numbers.

[ijc]

@Kushmaro thanks for your suggestions, I have added a note to an existing internal ticket which is tracking possible solutions to this problem. Please could you elaborate on your use case so that we can ensure that it is taken into account.

@ascotan @vespasien you two too please.

[ijc]

Closing as dup of #155. Please subscribe there for further updates

[ascotan]

Commenting on a closed ticket :/ however as per request:

my use case:
I have a DOCKERFILE that sets an ENTRYPOINT on sshd. I uses this as part of a vagrant 'docker provider' to generate a container and run it. Once the container is up I use a 'ansible_local' provisioner to provision the container. (I realize this is not the kosher docker way, however, I'm doing this as a halfway house for using containers as a quasi vm for software that doesn't quite yet support containerization easily)

The problem is that vagrant attempts to get the ip of the container and ssh into it to run providers. Vagrant is smart enough to realize that the IP of the container is some 172.xxx address but cannot ssh into the container to run a provisioner because this network is not reachable from the host.

[docker-robott]

Closed issues are locked after 30 days of inactivity.
This helps our team focus on active issues.

If you have found a problem that seems similar to this, please open a new issue.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle locked