为了测试容器互联,在机器上开了两个不同的容器。启动后发现作为客户端的容器没有telnet等常用网络工具,于是执行 apt-get update & apt-get install telnet命令安装。命令意外地出现了如下的错误输出:

root@793880f44c90:/# apt-get update && apt-get install telnet
Err http://deb.debian.org jessie InRelease

Err http://nginx.org jessie InRelease

Err http://deb.debian.org jessie-updates InRelease

Err http://deb.debian.org jessie Release.gpg
  Could not resolve 'deb.debian.org'
Err http://nginx.org jessie Release.gpg
  Could not resolve 'nginx.org'
Err http://deb.debian.org jessie-updates Release.gpg
  Could not resolve 'deb.debian.org'
Err http://security.debian.org jessie/updates InRelease

Err http://security.debian.org jessie/updates Release.gpg
  Could not resolve 'security.debian.org'
Reading package lists... Done
W: Failed to fetch http://deb.debian.org/debian/dists/jessie/InRelease

W: Failed to fetch http://deb.debian.org/debian/dists/jessie-updates/InRelease

W: Failed to fetch http://security.debian.org/dists/jessie/updates/InRelease

W: Failed to fetch http://nginx.org/packages/mainline/debian/dists/jessie/InRelease

W: Failed to fetch http://deb.debian.org/debian/dists/jessie/Release.gpg  Could not resolve 'deb.debian.o
rg'

W: Failed to fetch http://nginx.org/packages/mainline/debian/dists/jessie/Release.gpg  Could not resolve
'nginx.org'

W: Failed to fetch http://deb.debian.org/debian/dists/jessie-updates/Release.gpg  Could not resolve 'deb.
debian.org'

W: Failed to fetch http://security.debian.org/dists/jessie/updates/Release.gpg  Could not resolve 'securi
ty.debian.org'

W: Some index files failed to download. They have been ignored, or old ones used instead.
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package telnet

看错误信息是解析不了软件包仓库的域名,导致无法获取软件包列表。尝试ping一下www.baidu.com,输出:“ping: unknown host”。接着cat容器的/etc/resolv.conf,和宿主机的resolv.conf对比,发现内容一致。尝试ping 114.114.114.114,没有回应。这几个现象表明容器网络出了问题,导致无法ping通外网,也无法解析域名。

通过google,找到了栈爆网上的一个帖子,顺利解决了问题。解决步骤如下:

  1. 找出宿主机的dns: cat /etc/resolv.conf。一般是两个,例如: 10.0.0.2, 10.0.0.3;
  2. 编辑/etc/docker/daemon.json文件(该文件不存在,需新建),输入内容:
{                                                                          
    "dns": ["10.0.0.2", "10.0.0.3"]                                                                           
}    
  1. 重启docker服务: systemctl restart docker。此条命令将会关掉所有的容器。

通过以上三个步骤,即可在容器内正常进行dns解析并顺利访问外网。可以通过启动alpine容器验证:

docker run -it alpine ping www.baidu.com

输出如下:

PING www.baidu.com (220.181.112.244): 56 data bytes
64 bytes from 220.181.112.244: seq=0 ttl=52 time=24.200 ms
64 bytes from 220.181.112.244: seq=1 ttl=52 time=24.056 ms
64 bytes from 220.181.112.244: seq=2 ttl=52 time=24.125 ms
64 bytes from 220.181.112.244: seq=3 ttl=52 time=24.158 ms
64 bytes from 220.181.112.244: seq=4 ttl=52 time=24.151 ms
64 bytes from 220.181.112.244: seq=5 ttl=52 time=24.007 ms

参考

  1. https://stackoverflow.com/questions/24991136/docker-build-could-not-resolve-archive-ubuntu-com-apt-get-fails-to-install-a