-
Notifications
You must be signed in to change notification settings - Fork 433
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EasyEngine v4 network bridges not following Docker Daemon "default-address-pools" #1794
Comments
Hi all, Digging into the repos more. I found the issue specifically here when trying to get "existing_host_subnets" Line 817 = This particular line looks at current interface IP address pools but ONLY ones starting with "10." Line 839 = Since it's hard-coded here, I can see why it's not specifically looking at the "default-address-pools" setting. I don't have a fix yet, but wanted to bring that information to this Issue. |
1. System Information (Click to open details)
Client: Docker Engine - Community Version: 24.0.2 API version: 1.43 Go version: go1.20.4 Git commit: cb74dfc Built: Thu May 25 21:52:17 2023 OS/Arch: linux/amd64 Context: default Server: Docker Engine - Community Engine: Version: 24.0.2 API version: 1.43 (minimum version 1.12) Go version: go1.20.4 Git commit: 659604f Built: Thu May 25 21:52:17 2023 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.6.21 GitCommit: 3dce8eb055cbb6872793272b4f20ed16117344f8 runc: Version: 1.1.7 GitCommit: v1.1.7-0-g860f061 docker-init: Version: 0.19.0 GitCommit: de40ad0
2. Issue
I have an IP collision between the Host LAN and EasyEngine v4 default docker network bridges. After reading this article: Configuring Docker Daemon for EE4, I edited my "default-address-pools" inside
/etc/docker/daemon.json
but some EasyEngine Docker bridge networks are still using the original10.0.0.0\/8
pools and not my updated192.168.0.0\/16
allowed pools...I am filing an issue cause I think it's a bug in the EasyEngine setup (specifically with the
ee-global-backend-network
andee-global-frontend-network
docker bridges) and not a "discussion" of how to setup my unique case.So now I don't know how to fix this and move forward...
Thanks for building EasyEngine and let me know if I missed any info/logs in the stuff below:
3. Step by Step Debugging/Logging
(Sorry I know it's verbose, trying to be thorough)
Just installed Easy Engine v4 (latest version 4.6.6) today and it all installed properly with no issues.
$
wget -qO ee rt.cx/ee4 && sudo bash ee
(Click to open terminal output)Next I created a website which also worked properly with no issues
$
ee site create EXAMPLE.COM --type=wp --php=8.1 --mu=subdom --ssl=self
(Click to open terminal output)Then I noticed I could not access port 80 or 443 from a different computer to this Debian host I just installed ee and the site on. After determining it was not a firewall issue, I looked at the interface networks and saw overlap between the docker created interfaces and my LAN (LAN = 10.1.10.1/23)
AFTER ABOVE DEFAULTS: $
ip a
(Click to open terminal output)Next I edited
/etc/docker/daemon.json
and changed10.0.0.0\/8
to192.168.0.0\/16
and then restarted the Docker services (per the above article). It DID change the docker0 interface but did not change some of the ee networks... I still have the same issue that I can't access the newly created site from another machine on the LAN away from the host.AFTER CIDR CHANGE AND RESTART: $
ip a
(Click to open terminal output)So then I decided to start fresh. So I uninstalled using
ee cli self-uninstall
(yes I know it destroys everything, this is a new install) and then reinstalled EasyEngine like before. BUT before adding a site, I edited the/etc/docker/daemon.json
file first with the new CIDR pools allowed to make sure it was setup BEFORE creating a site. (Yes I did restart Docker as well, then did a FULL computer restart just to make sure)Current network interfaces list:
BEFORE ADDING SITE: $
ip a
(Click to open terminal output)Now when I try to create a site using the same command as above it fails with the log below:
Notice how it couldn't connect to
global-db
on the mysql default port... I checked the network interfaces docker created next and saw:AFTER ADDING SITE: $
ip a
(Click to open terminal output)You can see TWO interfaces that ignored my allowed ranges,
br-fe63d6ee2a68 = 10.0.0.1/16
andbr-d1a92170df06 = 10.1.0.1/16
Running
docker network list
returned the following:So it looks like
ee-global-backend-network
andee-global-frontend-network
docker networks are being configured with the default (but old and not wanted) allowed CIDR ranges and ignoring my updated pool changes.I am not sure where in the Github repositories these networks get called/created so I don't know what to do next.
Thanks for your help with this.
The text was updated successfully, but these errors were encountered: