How to link containers in RHEL Atomic ?

In this article I am going to link two containers. It will help to provide connectivity between the containers. I would suggest you to refer the link to know more about linking container.

Step 1 : I have run the new container using below command port 8080 is exposed to host port 8080.

-bash-4.2# docker run –name job1 -p 8080:8080 -it rhel

We can verify the same using below.

-bash-4.2# docker port job1
8080/tcp -> 0.0.0.0:8080

Step 2 : Check the status of docker and networking configuration from host.

-bash-4.2# docker ps
CONTAINER ID        IMAGE                                   COMMAND             CREATED             STATUS              PORTS                    NAMES
de3bdc15e436        registry.access.redhat.com/rhel:7.1-4   “/usr/bin/bash”     2 minutes ago       Up 2 minutes        0.0.0.0:8080->8080/tcp   job1

After starting the container ip address is showing in output bridge to which docker interfaces will be connected.

-bash-4.2# ifconfig -a
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
inet 172.17.42.1  netmask 255.255.0.0  broadcast 0.0.0.0
inet6 fe80::5484:7aff:fefe:9799  prefixlen 64  scopeid 0x20<link>
ether 56:84:7a:fe:97:99  txqueuelen 0  (Ethernet)
RX packets 7  bytes 460 (460.0 B)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 16  bytes 2018 (1.9 KiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

In iptables as well we can see the new rule has been added in FORWARD chain.

-bash-4.2# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  —  anywhere             172.17.0.2           tcp dpt:webcache
ACCEPT     all  —  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  —  anywhere             anywhere
ACCEPT     all  —  anywhere             anywhere

Step 3 : Lets start another container(job2) by linking to already running container (job1).

-bash-4.2# docker run –name job2 –link job1:job1 -it rhel

Inside that container we can check the environment information and we will find the settings for job1 container these are for communication between the containers.

[root@62609febed2b /]# printenv | grep -i job1
JOB1_PORT=tcp://172.17.0.2:8080
JOB1_PORT_8080_TCP_PORT=8080
JOB1_PORT_8080_TCP=tcp://172.17.0.2:8080
JOB1_NAME=/job2/job1
JOB1_ENV_container=docker
JOB1_PORT_8080_TCP_PROTO=tcp
JOB1_PORT_8080_TCP_ADDR=172.17.0.2

We can also find the entry added in output of /etc/hosts.

[root@62609febed2b /]# cat /etc/hosts | grep -i job1
172.17.0.2      job1

Step 4 : We can see the new rule has been added for container job2 in host iptables.

-bash-4.2# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  —  172.17.0.2           172.17.0.3           tcp spt:webcache
ACCEPT     tcp  —  172.17.0.3           172.17.0.2           tcp dpt:webcache
ACCEPT     tcp  —  anywhere             172.17.0.2           tcp dpt:webcache
ACCEPT     all  —  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  —  anywhere             anywhere
ACCEPT     all  —  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

As we are not exposing any port hence nothing is shown in below output.

-bash-4.2# docker port job2

Check the output of bridge to see the interfaces of docker which are connected to bridge.

-bash-4.2# brctl show
bridge name     bridge id               STP enabled     interfaces
docker0         8000.56847afe9799       no              veth953e475
vetha66139a

Step 5 : As I was testing this inside Atomic RHEL host, containers were not having ping command hence to verify the work I have followed the below workaround to make the ping command work inside the container.

Installed iputils.x86_64 0:20121221-6.el7 package.

[root@62609febed2b /]# mkdir -p /opt/ping
[root@62609febed2b /]# cp /usr/bin/ping /opt/ping/
[root@62609febed2b /]# /opt/ping/ping job1
PING job1 (172.17.0.2) 56(84) bytes of data.
64 bytes from job1 (172.17.0.2): icmp_seq=1 ttl=64 time=0.300 ms
64 bytes from job1 (172.17.0.2): icmp_seq=2 ttl=64 time=0.076 ms

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s