Bind Rockons/Docker to a specific interface

kupan787 · March 1, 2018, 3:53am

My box has three network interfaces: enp6s0, enp7s0, and enp9s0

I would like to have docker bind to using only enp6s0, and ignore the other two. The other two are tied out to some VLANS foley for NFS file shares. I don’t want any docker traffic running over those.

I found this:

Or if you always want Docker port forwards to bind to one specific IP address, you can edit your system-wide Docker server settings and add the option --ip=IP_ADDRESS. Remember to restart your Docker server after editing this setting.

But I am not sure where to make this change in Rockstor to control docker/rockons.

Any help would be appreciated.

phillxnet · March 1, 2018, 2:18pm

@kupan787 Hello again.

I’m not sure if this will server you purpose but from a quick look you may be able to change Rockstor system wide docker settings by editing it’s initialisation command line arguments via the dockerd wrapper found at:

/opt/rockstor/src/rockstor/scripts/docker_wrapper.py

and it’s GitHub reference:

github.com

rockstor/rockstor-core/blob/master/src/rockstor/scripts/docker_wrapper.py#L24-L38


DOCKERD = '/usr/bin/dockerd'




def main():
mnt_pt = sys.argv[1]
sname = mnt_pt.split('/')[-1]
try:
    so = Share.objects.get(name=sname)
    mount_share(so, mnt_pt)
except Exception as e:
    sys.exit('Failed to mount Docker root(%s). Exception: %s' %
             (mnt_pt, e.__str__()))
run_command([DOCKERD, '--log-driver=journald', '--storage-driver',
             'btrfs', '--storage-opt', 'btrfs.min_space=1G', '--data-root',
             mnt_pt])

Hope that helps

DylanCharpentier · July 27, 2019, 1:48am

I know this is a necro thread but I was actually looking for this exact information and searched for over an hour before I found this thread by following the coding on the docker systemd service. Is there a chance that this information could be added to the docs and/or an advanced menu could be created to add extra docker run options right from the main rockstor gui? I know the argument about keeping it simplistic, but it would be a relatively simple change that would allow those looking to learn and grow their docker skills farther. In my case I wanted to open the docker api for swarm control and for portainer management so that I could manage my cluster from a single interface. (that being said I do use some of the rock-ons for their ease of use and because it integrates with the NAS side better - e.g. plex)

Flox · July 28, 2019, 6:25pm

Hi @DylanCharpentier,

Thanks for requesting a follow-up on this and for your suggestions; I do like them and agree this could represent a good improvement. I’ll thus try to bring my two cents to it as I’ve been working on a very related area of Rockstor lately.

I do like the idea. As you say, I believe it is important to keep the UI simple but in this case we can easily offer an “advanced” feature like that to it without breaking the current simplicity. If you’re willing, would you mind opening a Github issue linking to this thread so that we can keep track of it? I probably won’t be able to start working on it in the near future but somebody else might.

On a related note, and related to my mention of working in this area above, I wanted to point out that a lot of work has been put into enhancing the docker side of Rockstor and especially the implementation of docker networking. You can find more details in the issue linked below (and its multiple other related issues linked therein), but the overall idea is to implement the ability to create and manage user-defined docker networks from within Rockstor’s UI.
https://github.com/rockstor/rockstor-core/issues/2009#issue-400910662

The reason I’m bringing this up is because there may be some interesting bits in it that may allow to bind rock-ons to a specific interface. The com.docker.network.bridge.host_binding_ipv4, in particular, may be helpful there. Although the main work on this is near complete, I still need to build up the testing part of it so it still need a fair amount of time, but that will most likely represent another way to achieve what you were looking for.

On yet another note, I wanted to mention–in case you’re interested and are not already using it–that there is a PR for a Portainer rock-on thanks to @alazare619:
https://github.com/rockstor/rockon-registry/pull/140#issue-159185281

Hope this helps,

DylanCharpentier · July 30, 2019, 3:18pm

Hello again @Flox! I don’t know if you remember me but I actually used rockstor awhile back and I have recently returned to it on my new NAS. Been great so far!

Will do! Forgive me as my work has me on a mixture of days and nights and I’m actually on my way to work now lol but I’ll create that GitHub issue in the next day or so!

Good to see the portainer request! I actually have a VM that ATM is just running PhotonOS with portainer so it would be nice to drop it and run it all in one place! My recommendation in that regard would be to make sure that portainer was running as a service and not only as a container as that allows for better flexibility and upgradeability. Also I know this is off topic lol but an option in the advanced section to setup docker on rockstor as a swarm manager and have the token listed in the gui advanced section wouldn’t be a bad upgrade either…