Public bug reported: We experience problems with outgoing HTTPS connections from inside Docker containers when running in OpenStack.
- Ubuntu 14, 16 and CoreOS show the same problems - While there are no problems with Docker 1.6.2 and 1.9.1, 1.10 and 1.11 versions are broken - The same containers work outside OpenStack This is why we assume that the bug must be related to OpenStack. The bug can easily be reproduced with: docker run -it ubuntu apt-get update Expected output: Ubuntu updates its package list Actual output: Nothing is downloaded, package sources are skipped after a timeout. The same problem seems to occur with wget and curl and our Java application. Please note that plain HTTP works as expected, also issuing the Https requests from the host machine. Disabling network virtualization with Docker flag --net="host" fixes the problems with wget, curl and apt-get, unfortunately not with the Java app we're trying to deploy in OpenStack. For our current project this is actually a blocker since CoreOS comes bundles with a recent Docker version which is not so easy to downgrade. I can't see any version information in the Horizon interface of our provider, however I think I heard they are using Mitaka release. Links: - Related issue at Docker: https://github.com/docker/docker/issues/20178 - ServerFault question by me: http://serverfault.com/questions/785768/https-request-fails-in-docker-1-10-with-virtualized-network - StackOverflow question by someone else: http://stackoverflow.com/questions/35300497/docker-container-not-connecting-to-https-endpoints ** Affects: neutron Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1595762 Title: HTTPS connection failing for Docker >= 1.10 Status in neutron: New Bug description: We experience problems with outgoing HTTPS connections from inside Docker containers when running in OpenStack. - Ubuntu 14, 16 and CoreOS show the same problems - While there are no problems with Docker 1.6.2 and 1.9.1, 1.10 and 1.11 versions are broken - The same containers work outside OpenStack This is why we assume that the bug must be related to OpenStack. The bug can easily be reproduced with: docker run -it ubuntu apt-get update Expected output: Ubuntu updates its package list Actual output: Nothing is downloaded, package sources are skipped after a timeout. The same problem seems to occur with wget and curl and our Java application. Please note that plain HTTP works as expected, also issuing the Https requests from the host machine. Disabling network virtualization with Docker flag --net="host" fixes the problems with wget, curl and apt-get, unfortunately not with the Java app we're trying to deploy in OpenStack. For our current project this is actually a blocker since CoreOS comes bundles with a recent Docker version which is not so easy to downgrade. I can't see any version information in the Horizon interface of our provider, however I think I heard they are using Mitaka release. Links: - Related issue at Docker: https://github.com/docker/docker/issues/20178 - ServerFault question by me: http://serverfault.com/questions/785768/https-request-fails-in-docker-1-10-with-virtualized-network - StackOverflow question by someone else: http://stackoverflow.com/questions/35300497/docker-container-not-connecting-to-https-endpoints To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1595762/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
