Univention Bugzilla – Bug 49275
Multicontainer apps use arbitrary network, no bridged connection on network bridge IP (BIP) change
Last modified: 2019-07-10 10:50:37 CEST
Created attachment 9964 [details] Appcenter Log See also Bug #49055 """Single container apps are started via the docker cli. The network that daemon uses is configured by UCRv docker/daemon/default/opts/bip, our default is 172.17.42.1/16. All singlecontainer apps connect to the default docker bridge, see # docker network ls Multicontainer apps are started via docker-compose, which does not take this network configuration into account. Starting such an app creates a new docker network with a completely different network.""" --- All multicontainer apps have a correctly bridged network connection on installation. The bridge will also work correctly for new Apps, if the UCRv docker/daemon/default/opts/bip is modified before installation. Unfortunately though, the bridge will break for existing multicontainer apps, if the mentioned UCRv is changed after their proper installation. The multicontainers will still be able to reach each other in their separate network and reach the localhost, but won't be able to reach anything outside. This is a problem, if an App is installed on a member server and the LDAP server needs to be reached for authentications. The following actions WON'T resolve the problem: System reboot Container restart through App-Settings (Stop -> Start) App reinstallation (Uninstall -> Reboot -> Install) --- Keypoints appcenter.log: Install rocketchat: L1771 (19-04-10 16:45:29) Uninstall rocketchat: L2705 (19-04-10 17:23:29) Reinstall rocketchat: L3376 (19-04-10 17:33:03)
How to reproduce: install guacamole on a member: → default works. Change ip: ucr set docker/daemon/default/opts/bip='172.22.43.1/16' reboot docker logs shows: 11:34:59.949 [http-nio-8080-exec-9] ERROR o.a.g.a.ldap.LDAPConnectionService - Unable to connect to LDAP server: Connect Error 11:34:59.952 [http-nio-8080-exec-9] ERROR o.a.g.a.l.AuthenticationProviderService - Unable to bind using search DN "cn=guaca-68944094,cn=memberserver,cn=computers,dc=schein,dc=ig" 11:34:59.953 [http-nio-8080-exec-9] WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from [192.168.0.212, 172.18.0.1] for user "cscheini" failed. change IP back ucr set docker/daemon/default/opts/bip='172.17.42.1/16' reboot App is still not working with the same error message: 11:42:30.030 [http-nio-8080-exec-10] ERROR o.a.g.a.ldap.LDAPConnectionService - Unable to connect to LDAP server: Connect Error 11:42:30.034 [http-nio-8080-exec-9] ERROR o.a.g.a.ldap.LDAPConnectionService - Unable to connect to LDAP server: Connect Error 11:42:30.039 [http-nio-8080-exec-9] ERROR o.a.g.a.l.AuthenticationProviderService - Unable to bind using search DN "cn=guaca-68944094,cn=memberserver,cn=computers,dc=schein,dc=ig" 11:42:30.041 [http-nio-8080-exec-9] WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from [192.168.0.212, 172.18.0.1] for user "cscheini" failed. 11:42:30.041 [http-nio-8080-exec-10] ERROR o.a.g.a.l.AuthenticationProviderService - Unable to bind using search DN "cn=guaca-68944094,cn=memberserver,cn=computers,dc=schein,dc=ig" 11:42:30.043 [http-nio-8080-exec-10] WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from [192.168.0.212, 172.18.0.1] for user "cscheini" failed. remove app and install with a new IP. guacamlole does not work, with the same message 2-Apr-2019 12:23:20.561 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 11695 ms 12:25:21.946 [http-nio-8080-exec-9] ERROR o.a.g.a.ldap.LDAPConnectionService - Unable to connect to LDAP server: Connect Error 12:25:21.948 [http-nio-8080-exec-9] ERROR o.a.g.a.l.AuthenticationProviderService - Unable to bind using search DN "cn=guaca-05687084,cn=memberserver,cn=computers,dc=schein,dc=ig" 12:25:21.949 [http-nio-8080-exec-9] WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from [192.168.0.212, 172.18.0.1] for user "cscheini" failed. 12:25:21.956 [http-nio-8080-exec-10] ERROR o.a.g.a.ldap.LDAPConnectionService - Unable to connect to LDAP server: Connect Error 12:25:21.960 [http-nio-8080-exec-10] ERROR o.a.g.a.l.AuthenticationProviderService - Unable to bind using search DN "cn=guaca-05687084,cn=memberserver,cn=computers,dc=schein,dc=ig" 12:25:21.961 [http-nio-8080-exec-10] WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from [192.168.0.212, 172.18.0.1] for user "cscheini" failed.