Warn if a docker network may cause issues on macOS #1115
Conversation
2e5f7ba to
a43bf71
Compare
The default docker local network address pool includes addresses that are commonly used on home networks. This configuration can prevent containers from accessing the network host on the LAN addresses discovered by the peer. This often surfaces in integration tests as chaincode registration failures with a "no route to host" message. This change attempts to discover and highlight the broken configuration so that it can be addressed. (pun, heh) The network pools can be configured by adding some JSON to the Docker daemon configuration to prevent the overlaps. The comment near the warning message describes the syntax. Change-Id: I11b5ad72df497053dc2a07f68b6370b06679d995 Signed-off-by: Matthew Sykes <sykesmat@us.ibm.com>
a43bf71 to
85d931a
Compare
|
Hit flake FAB-17762 multiple times. |
|
#1092 should help for now. |
I'm not sure I see how. The change in that PR modifies timing but does not appear to address the root cause. I'll go comment over there. |
| // {"base":"172.80.0.0/16","size":24}, | ||
| // {"base":"172.81.0.0/16","size":24} |
There was a problem hiding this comment.
Just a nit, but wouldn't it be better to pick from the officially reserved ranges just in case someone looks at the comment?
| // {"base":"172.80.0.0/16","size":24}, | |
| // {"base":"172.81.0.0/16","size":24} | |
| // {"base":"172.16.0.0/16","size":16}, | |
| // {"base":"172.17.0.0/16","size":16} |
but I guess those are in the default. You can also override the bridge network with the "bip" config option but again I guess this is just a comment
There was a problem hiding this comment.
Just a nit, but wouldn't it be better to pick from the officially reserved ranges just in case someone looks at the comment?
They're from the reserved range of 172.16.0.0/12. So, I'm not sure why it's wrong? The example is showing how to get 512 different /24 networks for local use that do no overlap with common prefixes.
There was a problem hiding this comment.
You are correct and my math is not. I'll address this with the spelling fix.
| // | ||
| // https://github.com/moby/libnetwork/blob/1a17fb36132631a95fe6bb055b91e24a516ad81d/ipamutils/utils.go#L18-L20 | ||
| // | ||
| // Docker can be configured to use different addresses by addding an |
There was a problem hiding this comment.
| // Docker can be configured to use different addresses by addding an | |
| // Docker can be configured to use different addresses by adding an |
There was a problem hiding this comment.
I'll push a spelling fix on top.
The default docker local network address pool includes addresses that are commonly used on home networks. This configuration can prevent containers from accessing the network host on the LAN addresses discovered by the peer. This often surfaces in integration tests as chaincode registration failures with a "no route to host" message.
This change attempts to discover and highlight the broken configuration so that it can be addressed. (pun, heh)
The network pools can be configured by adding some JSON to the Docker daemon configuration to prevent the overlaps. The comment near the warning message describes the syntax.