Could not resolve host: github.com for SamSaffron/pups.git

Hi all -

We’re enjoying discourse thus far. I’m having an issue with running a rebuild of the docker container. The container won’t rebuild because for some reason it can’t resolve github.com. I know the host system (debian jessie) can resolve at that time via dig && ping. However if I issue a systemctl restart docker the issue goes away.

I turned to the goog or alphabet machine which suggested starting the docker daemon using the goog’s dns which I’ve done and confirmed that it seems to have taken via a systemctl status docker.

I’ve been able to reproduce on a debian droplet and a virtual box vm.

Also I’ve been able to successfully pull a Ubuntu image, and run the container.

I’m not sure if there’s something in launcher or any other suggestions? Working off of git master, and is up to date.

shortlist:

• Debian Jessie Kernel 3.16
• Docker version 1.6.2, build 7c8fca2

launch rebuild app

root@alpha:/var/discourse# ./launcher rebuild app
Ensuring discourse docker is up to date
Fetching origin
Discourse Docker is up-to-date
Stopping old container
+ /usr/bin/docker stop -t 10 app
app
cd /pups && git pull && /pups/bin/pups --stdin
fatal: unable to access 'https://github.com/SamSaffron/pups.git/': Could not resolve host: github.com
210c421dbe03e0339d110f1eec9eb3c985b0a0d4e32709d569c9cd1f235a7964
** FAILED TO BOOTSTRAP ** please scroll up and look for earlier error messages, there may be more than one

systemctl status - shows --dns

root@alpha:/var/discourse# systemctl status docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/lib/systemd/system/docker.service; enabled)
   Active: active (running) since Thu 2015-08-13 03:42:17 UTC; 26min ago
     Docs: http://docs.docker.com
 Main PID: 22232 (docker)
   CGroup: /system.slice/docker.service
           └─22232 /usr/bin/docker -d -H fd:// --dns 8.8.8.8 --dns 8.8.4.4

Aug 13 04:03:40 alpha docker[22232]: time="2015-08-13T04:03:40Z" level=info msg="+job wait(7d602b0addff82e7626b659c5e30131a11ab7f35034198983a19e2b8861111b5)"
Aug 13 04:03:40 alpha docker[22232]: time="2015-08-13T04:03:40Z" level=info msg="-job wait(7d602b0addff82e7626b659c5e30131a11ab7f35034198983a19e2b88... = OK (0)"
Aug 13 04:03:40 alpha docker[22232]: time="2015-08-13T04:03:40Z" level=info msg="DELETE /v1.18/containers/7d602b0addff82e7626b659c5e30131a11ab7f3503...8861111b5"
Aug 13 04:03:40 alpha docker[22232]: time="2015-08-13T04:03:40Z" level=info msg="+job rm(7d602b0addff82e7626b659c5e30131a11ab7f35034198983a19e2b8861111b5)"
Aug 13 04:03:40 alpha docker[22232]: time="2015-08-13T04:03:40Z" level=info msg="+job log(destroy, 7d602b0addff82e7626b659c5e30131a11ab7f35034198983...e:1.0.12)"
Aug 13 04:03:40 alpha docker[22232]: time="2015-08-13T04:03:40Z" level=info msg="-job log(destroy, 7d602b0addff82e7626b659c5e30131a11ab7f35034198983... = OK (0)"
Aug 13 04:03:40 alpha docker[22232]: time="2015-08-13T04:03:40Z" level=info msg="-job rm(7d602b0addff82e7626b659c5e30131a11ab7f35034198983a19e2b8861... = OK (0)"
Aug 13 04:04:15 alpha docker[22232]: time="2015-08-13T04:04:15Z" level=info msg="GET /v1.18/containers/json"
Aug 13 04:04:15 alpha docker[22232]: time="2015-08-13T04:04:15Z" level=info msg="+job containers()"
Aug 13 04:04:15 alpha docker[22232]: time="2015-08-13T04:04:15Z" level=info msg="-job containers() = OK (0)"
Hint: Some lines were ellipsized, use -l to show in full.

docker info

root@alpha:/var/discourse# docker info
Containers: 3
Images: 18
Storage Driver: aufs
 Root Dir: /var/lib/docker/aufs
 Backing Filesystem: extfs
 Dirs: 24
 Dirperm1 Supported: true
Execution Driver: native-0.2
Kernel Version: 3.16.0-4-amd64
Operating System: Debian GNU/Linux 8 (jessie)
CPUs: 1
Total Memory: 2.879 GiB
Name: alpha
ID: WF4H:KABY:JPTX:RW2U:FWCT:PNKZ:DR2P:2ZFE:ZLUD:AB4R:D3CH:EXCA
WARNING: No memory limit support
WARNING: No swap limit support

edit: formatting fix code block

This is very likely the solution

Hi @sam thanks for taking the time to review.
I have that option uncommented in /etc/defaults/docker, and I’ve restarted the docker service many times.

To clarify, after restarting the docker service the laucher rebuild will work once, after that I have to restart the service.

You can see this via my systemd status.

CGroup: /system.slice/docker.service
           └─22232 /usr/bin/docker -d -H fd:// --dns 8.8.8.8 --dns 8.8.4.4

Same issue, I went to add the cloudflare template and when rebuilding it could not resolve github.com.

I have already tried the solution of using googles DNS servers in dockers configuration file with no success.

doing ping github.com works but again, it cant seem to resolve when rebuilding.

Here is the error:

Here is me pinging github.com
https://i.imgur.com/oUjgq8p.png

Interestingly though, when I ping6 github.com I of course do not recieve a response because github does not have AAAA records i believe.
https://i.imgur.com/Qu9OJg9.png

Any idea how to fix this?

This isn’t a Discourse problem, it’s a Docker problem. You’ll probably get more knowledgeable help at the Docker support forums (which, helpfully, also run Discourse).

I figured out the issue and solution to this problem at least for me.

The issue was that Docker uses 8.8.8.8 and 8.8.4.4 as its DNS and I had an OVH network based firewall blocking ALL IPv4 traffic that did not match port 80, 443, and a few other specific rules. I had to authorize IPv4 traffic for 8.8.8.8 and 8.8.4.4

我在最新的 Discourse Git 版本上也遇到了类似的问题。这个问题是在通过 Web UI 执行系统更新和/或 Discourse 更新后开始的。现在当我尝试重建应用时，出现以下错误：

[root@forum /var/discourse]# ./launcher rebuild app
Ensuring launcher is up to date
Fetching origin
Launcher is up-to-date
Stopping old container
+ /usr/bin/docker stop -t 60 app
app
cd /pups && git pull && /pups/bin/pups --stdin
fatal: unable to access 'https://github.com/discourse/pups.git/': Could not resolve host: github.com
8f082ebcb977f9efafbdbff15ab69e8d06c0a7e2cb99410f85e1f90b03ae733b
** FAILED TO BOOTSTRAP ** please scroll up and look for earlier error messages, there may be more than one.
./discourse-doctor may help diagnose the problem.

我可以 ping 通 github.com 和 8.8.8.8，并且我尝试编辑 /etc/default/docker 文件以切换 DNS 选项：DOCKER_OPTS="--dns 8.8.8.8 --dns 8.8.4.4"

我应该继续从哪里排查这个问题？

我的系统是 Ubuntu 18.04，并已应用了所有最新更新。

在尝试升级到最新版本的 Discourse 后，我遇到了与 gekkonen 相同的错误。

看起来 Docker 在默认的桥接网络中已完全无法访问互联网：

docker run -it --net=bridge --rm busybox ping -c 1 github.com
ping: bad address 'github.com'

如果强制其使用主机网络，则可以访问互联网：

docker run -it --net=host --rm busybox ping -c 1 github.com
PING github.com (140.82.112.4): 56 data bytes
64 bytes from 140.82.112.4: seq=0 ttl=53 time=6.902 ms

--- github.com ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 6.902/6.902/6.902 ms

我同时运行的是 Ubuntu 18.04.4 LTS，在按照 Discourse 升级流程操作之前，我已升级了所有软件包并安装了所有安全更新。

@gekkonen 我的已经恢复运行了。作为临时解决方案，要让 Docker 中的互联网连接正常工作，你可以将 docker0 网络配置为“混杂模式”：

[root@forum /var/discourse]# ifconfig docker0 promisc

之后你应该就可以使用 launcher 重新构建应用，Discourse 论坛也能正常工作。需要注意的是，每次重启后你可能需要再次执行该命令。

请告诉我这对你是否有效。

我仍然不清楚问题的根本原因。

是的，这暂时解决了 DNS 的问题。感谢您的建议。

在 CentOS 8 上，此错误是由于 RHEL 7 的 Docker RPM 包（目前尚无 RHEL 8 版本）无法识别基于 nftables 的新防火墙所致。必须手动为 docker0 接口配置地址伪装（masquerading）。

https://serverfault.com/questions/987686/no-network-connectivity-to-from-docker-ce-container-on-centos-8

我想确认此解决方案是否有效。我使用的是 CentOS 8，托管在 Hetzner 上。

具体来说，我按以下顺序执行了这些命令（来源）——感谢 @paulraines68。

# 地址伪装允许 Docker 的入站和出站流量（这是关键部分）
firewall-cmd --zone=public --add-masquerade --permanent

# 特别允许 80/443 端口的入站流量（这里没有新内容）
firewall-cmd --zone=public --add-port=80/tcp
firewall-cmd --zone=public --add-port=443/tcp

# 重新加载防火墙以应用永久规则
firewall-cmd --reload