yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1595762] [NEW] HTTPS connection failing for Docker >= 1.10

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Michael Stieler <michael@xxxxxxxxxx>
Date: Fri, 24 Jun 2016 00:57:03 -0000
Reply-to: Bug 1595762 <1595762@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

We experience problems with outgoing HTTPS connections from inside
Docker containers when running in OpenStack.

- Ubuntu 14, 16 and CoreOS show the same problems
- While there are no problems with Docker 1.6.2 and 1.9.1, 1.10 and 1.11 versions are broken
- The same containers work outside OpenStack 

This is why we assume that the bug must be related to OpenStack.

The bug can easily be reproduced with:

docker run -it ubuntu apt-get update

Expected output: Ubuntu updates its package list
Actual output: Nothing is downloaded, package sources are skipped after a timeout.

The same problem seems to occur with wget and curl and our Java
application.

Please note that plain HTTP works as expected, also issuing the Https
requests from the host machine.

Disabling network virtualization with Docker flag --net="host" fixes the
problems with wget, curl and apt-get, unfortunately not with the Java
app we're trying to deploy in OpenStack.

For our current project this is actually a blocker since CoreOS comes
bundles with a recent Docker version which is not so easy to downgrade.

I can't see any version information in the Horizon interface of our
provider, however I think I heard they are using Mitaka release.

Links:
- Related issue at Docker: https://github.com/docker/docker/issues/20178
- ServerFault question by me: http://serverfault.com/questions/785768/https-request-fails-in-docker-1-10-with-virtualized-network
- StackOverflow question by someone else: http://stackoverflow.com/questions/35300497/docker-container-not-connecting-to-https-endpoints

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1595762

Title:
  HTTPS connection failing for Docker >= 1.10

Status in neutron:
  New

Bug description:
  We experience problems with outgoing HTTPS connections from inside
  Docker containers when running in OpenStack.

  - Ubuntu 14, 16 and CoreOS show the same problems
  - While there are no problems with Docker 1.6.2 and 1.9.1, 1.10 and 1.11 versions are broken
  - The same containers work outside OpenStack 

  This is why we assume that the bug must be related to OpenStack.

  The bug can easily be reproduced with:

  docker run -it ubuntu apt-get update

  Expected output: Ubuntu updates its package list
  Actual output: Nothing is downloaded, package sources are skipped after a timeout.

  The same problem seems to occur with wget and curl and our Java
  application.

  Please note that plain HTTP works as expected, also issuing the Https
  requests from the host machine.

  Disabling network virtualization with Docker flag --net="host" fixes
  the problems with wget, curl and apt-get, unfortunately not with the
  Java app we're trying to deploy in OpenStack.

  For our current project this is actually a blocker since CoreOS comes
  bundles with a recent Docker version which is not so easy to
  downgrade.

  I can't see any version information in the Horizon interface of our
  provider, however I think I heard they are using Mitaka release.

  Links:
  - Related issue at Docker: https://github.com/docker/docker/issues/20178
  - ServerFault question by me: http://serverfault.com/questions/785768/https-request-fails-in-docker-1-10-with-virtualized-network
  - StackOverflow question by someone else: http://stackoverflow.com/questions/35300497/docker-container-not-connecting-to-https-endpoints

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1595762/+subscriptions

Follow ups

[Bug 1595762] Re: HTTPS connection failing for Docker >= 1.10
From: Rossella Sblendido, 2016-06-28