Creating a virtual adapter to use for a container

Post Reply
colindean
Getting the hang of things
Posts: 69
Joined: Tue Dec 04, 2007 10:59 am
Contact:

Creating a virtual adapter to use for a container

Post by colindean » Wed Jun 10, 2020 12:25 pm

I have a container that I want to be able to respond on port 80 on an IP address like 10.1.1.3 when my NAS's two adapters are trunked in ALB on 10.1.1.2. I'm OK with 10.1.1.2 being a redirect to the NAS's control panel on 8080. I'm setting up Traefik in Container Station and want it, not another reverse proxy setup, to handle port 80 traffic on a secondary IP. I can't figure out how to do this with Network and Virtual Switch, having already created a configuration that caused the NAS to become inaccessible, resetting it, and having to recreate all of the container configurations in a fury of copypasta.

How I think I'd do this is to create a virtual adapter with something like

Code: Select all

ip addr add 10.1.1.3/24 dev eth0
, but probably qvs0 because that's the interface that has 10.1.1.2. Then, I'd be able to specify

Code: Select all

ports:
  - 10.1.1.3:80:80
in the docker-compose configuration. Is this the right way to accomplish this?
TS-453be, 4x Seagate 6 TB in RAID5
TS-809, 4x Seagate 2 TB & 4x WD 2 TB in RAID6
TS-469L, 2x Seagate 3 TB & 2x WD 3 TB in RAID5
macOS backup with Time Machine
Windows backup with Duplicati using QNAP Object Storage

colindean
Getting the hang of things
Posts: 69
Joined: Tue Dec 04, 2007 10:59 am
Contact:

Re: Creating a virtual adapter to use for a container

Post by colindean » Fri Jun 12, 2020 1:55 pm

I tried deconfiguring the port trunking and leaving the two physical Ethernet adapters separate. Through some finagling, I was able to get eth0 routing to the VMs and the containers again, which broke when I turned off port trunking.

Steps I took:

Enable service binding in Network & File Services -> Network Access control panel.
Uncheck all of the boxes on interface #2
Change port mapping like above: "10.1.1.33:80:80"

I still got an "address in use" error, indicating that the service binding adjustment didn't take effect. I rebooted the NAS. When it came back up, only a few of the containers came back up. Looking at Network & Virtual Switch, it looks like most of the virtual switches associated with the containers have gone away. What the heck is going on?
TS-453be, 4x Seagate 6 TB in RAID5
TS-809, 4x Seagate 2 TB & 4x WD 2 TB in RAID6
TS-469L, 2x Seagate 3 TB & 2x WD 3 TB in RAID5
macOS backup with Time Machine
Windows backup with Duplicati using QNAP Object Storage

colindean
Getting the hang of things
Posts: 69
Joined: Tue Dec 04, 2007 10:59 am
Contact:

Re: Creating a virtual adapter to use for a container

Post by colindean » Fri Jun 12, 2020 2:05 pm

Code: Select all

ERROR: for transmission  Cannot start service transmission: failed to create endpoint transmission on network transmission_default: network 9df4ba1e529f819ea70fb2e751ee892f66dc8d5c1bd36ce8a3e4ef225eddabe2 does not exist
is what I get in both Container Station and when I try to run docker-compose manually via SSH:

Code: Select all

docker-compose -f /share/Container/container-station-data/application/transmission/docker-compose.yml up
.

I'm going to try deleting and recreating these container configurations in Container Station.
TS-453be, 4x Seagate 6 TB in RAID5
TS-809, 4x Seagate 2 TB & 4x WD 2 TB in RAID6
TS-469L, 2x Seagate 3 TB & 2x WD 3 TB in RAID5
macOS backup with Time Machine
Windows backup with Duplicati using QNAP Object Storage

colindean
Getting the hang of things
Posts: 69
Joined: Tue Dec 04, 2007 10:59 am
Contact:

Re: Creating a virtual adapter to use for a container

Post by colindean » Fri Jun 12, 2020 2:18 pm

Code: Select all

# docker-compose -f docker-compose.yml up
Starting traefik_traefik_1 ... error

ERROR: for traefik_traefik_1  Cannot start service traefik: failed to create endpoint traefik_traefik_1 on network traefik_external: network e510334018ab3a989aa0e8a4ce911620fe6a53ccc4690b0400f0c0cf2f79aa1e does not exist

ERROR: for traefik  Cannot start service traefik: failed to create endpoint traefik_traefik_1 on network traefik_external: network e510334018ab3a989aa0e8a4ce911620fe6a53ccc4690b0400f0c0cf2f79aa1e does not exist
ERROR: Encountered errors while bringing up the project.
[/share/Container/container-station-data/application/traefik] # docker network ls | grep e510
e510334018ab        traefik_external       bridge              local
I read a little more after searching the generic parts of that error and ran

Code: Select all

docker system prune
. After that, Container Station wasn't able to bring up the traefik container but docker-compose was, and complained about the address 10.1.1.3:80 already being in use.

Code: Select all

# netstat -ltnp | grep ':80'
tcp        0      0 0.0.0.0:8010            0.0.0.0:*               LISTEN      1560/python
tcp        0      0 0.0.0.0:8011            0.0.0.0:*               LISTEN      1236/python
tcp        0      0 :::80                   :::*                    LISTEN      5257/apache
tcp        0      0 :::8080                 :::*                    LISTEN      9078/fcgi-pm
tcp        0      0 :::8081                 :::*                    LISTEN      5257/apache
tcp        0      0 :::8088                 :::*                    LISTEN      1960/uwsgi
tcp        0      0 :::8089                 :::*                    LISTEN      1960/uwsgi
Why is apache listening on all hosts when I specifically turned on service binding and disabled listening on 10.1.1.3 for all services?
TS-453be, 4x Seagate 6 TB in RAID5
TS-809, 4x Seagate 2 TB & 4x WD 2 TB in RAID6
TS-469L, 2x Seagate 3 TB & 2x WD 3 TB in RAID5
macOS backup with Time Machine
Windows backup with Duplicati using QNAP Object Storage

colindean
Getting the hang of things
Posts: 69
Joined: Tue Dec 04, 2007 10:59 am
Contact:

Re: Creating a virtual adapter to use for a container

Post by colindean » Fri Jun 12, 2020 10:35 pm

Even after disabling the web server in Control Panel -> Applications -> Web Server, there's still a process listening on port 80 on all interfaces: Qhttpd, and it seems only to redirect to port 8080 for the admin tool. How can I make this Qhttpd listen only on the primary interface?
TS-453be, 4x Seagate 6 TB in RAID5
TS-809, 4x Seagate 2 TB & 4x WD 2 TB in RAID6
TS-469L, 2x Seagate 3 TB & 2x WD 3 TB in RAID5
macOS backup with Time Machine
Windows backup with Duplicati using QNAP Object Storage

colindean
Getting the hang of things
Posts: 69
Joined: Tue Dec 04, 2007 10:59 am
Contact:

Re: Creating a virtual adapter to use for a container

Post by colindean » Fri Jun 12, 2020 10:43 pm

I've contemplating setting up a VM for traefik and configuring it to talk to the Container Station Docker daemon via SSH, but apparently that SSH endpoint is only available as of Docker 18.09+ and Container Station provides only 17.09.1:

Code: Select all

 # docker --version
Docker version 17.09.1-ce, build 0bbe3ac
TS-453be, 4x Seagate 6 TB in RAID5
TS-809, 4x Seagate 2 TB & 4x WD 2 TB in RAID6
TS-469L, 2x Seagate 3 TB & 2x WD 3 TB in RAID5
macOS backup with Time Machine
Windows backup with Duplicati using QNAP Object Storage

colindean
Getting the hang of things
Posts: 69
Joined: Tue Dec 04, 2007 10:59 am
Contact:

Re: Creating a virtual adapter to use for a container

Post by colindean » Thu Jun 18, 2020 12:47 pm

Somehow while adding in a new configuration of watchtower, docker registry in a container, and a custom container for something I'm building (ultra basic configuration, ports and pulling from the local registry), I've managed to kill access to the control panel and SSH of the NAS. Port 8080 gives a connection reset and SSH on port 22 starts to connect, but then aborts:

Code: Select all

> ssh -v admin@mynas.mydomain.lan
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
debug1: Connecting to mynas.mydomain.lan [10.1.1.2] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\cad/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\cad/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\cad/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\cad/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\cad/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\cad/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\cad/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\cad/.ssh/id_ed25519-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\cad/.ssh/id_xmss type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\cad/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.7
ssh_exchange_identification: read: Connection aborted
I've rebooted, too. No luck. My containers seem to be online, though. I'm looking at yet another network-level reset and I'm frustrated because I don't know what I could have possibly changed in a docker-compose config that would mess up the built-in webserver and SSH simultaneously.
TS-453be, 4x Seagate 6 TB in RAID5
TS-809, 4x Seagate 2 TB & 4x WD 2 TB in RAID6
TS-469L, 2x Seagate 3 TB & 2x WD 3 TB in RAID5
macOS backup with Time Machine
Windows backup with Duplicati using QNAP Object Storage

colindean
Getting the hang of things
Posts: 69
Joined: Tue Dec 04, 2007 10:59 am
Contact:

Re: Creating a virtual adapter to use for a container

Post by colindean » Mon Oct 12, 2020 6:14 am

I got really busy with life and unfortunately, that busyness hit while my NAS at the center of this post was in an "out of order" swing. Somehow, I'd killed access to the control panel, SSH, AFP, SMB, and more, but the containers were still operational. A major reason I chose this unit was Container Station, so I'm really unhappy with the events that have led to this and the software's inability to prevent me from setting settings that would kill access so catastrophically.

Fortunately, Virtualization Station still exists, so in order to have my NAS be adequately reliable that I can move to it before another drive dies in my EOL'd TS-809, I'm going to spin up RancherOS or Ubuntu+Portainer in a VM, having declared Container Station inadequate for my needs: a few simple containers behind a Traefik reverse proxy.
TS-453be, 4x Seagate 6 TB in RAID5
TS-809, 4x Seagate 2 TB & 4x WD 2 TB in RAID6
TS-469L, 2x Seagate 3 TB & 2x WD 3 TB in RAID5
macOS backup with Time Machine
Windows backup with Duplicati using QNAP Object Storage

JarrodS
New here
Posts: 2
Joined: Sat Nov 07, 2020 1:47 am

Re: Creating a virtual adapter to use for a container

Post by JarrodS » Wed Nov 11, 2020 10:50 pm

I agree it shouldn’t be this difficult. The networking in container station is a hot mess. It insists on putting “official” containers, third party containers, and custom docker-compose apps all in different networks that do not route to each other. Incredibly annoying, especially for a docker novice.

Post Reply

Return to “Container Station”