I believe the README should include what resources are required for the demo (I've been told 64 cores, but will fewer work?), and when I ran through the README (after hitting some issues that I will log in other issues), I hit some common networking issues that should probably be documented in here:
I believe that the "best" way to configure the container networks is to create a public bridge network, and add all of the containers to it, with mapped ports from container to host. That is: add a "networks" section to compose.yaml as follows:
networks:
- public:
driver: bridgethen instead of network-mode: host you can add:
to every service definition. This will automatically connect the containers to a Docker bridge and NAT traffic to and from the Internet from these containers. You still need your ports section to expose container ports as host ports.
I also hit an issue with firewalld - used for firewalls in recent versions of Ubuntu - in the Ubuntu image on OCI. To fix the issue, I needed to set the following in the host firewall to ensure that NATted traffic from the containers was not being dropped on the host side:
# Enable masquerading
sudo firewall-cmd --zone=public --add-masquerade --permanent
# Assign Internet-facing NIC to zone (from 'ip route | grep default')
sudo firewall-cmd --zone=public --add-interface=enp0s10 --permanent
# Reload firewalld
sudo firewall-cmd --reload
You should also document that sysctl net.ipv4.ip_forward is set to 1 - if the command returns 0 you need to run the following to set it, and ensure it persists:
sudo sysctl -w net.ipv4.ip_forward=1
echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf
I have hit these issues several times, including while following these instructions with an OCI A1 instance. I expect anyone following this tutorial will as well.
I believe the README should include what resources are required for the demo (I've been told 64 cores, but will fewer work?), and when I ran through the README (after hitting some issues that I will log in other issues), I hit some common networking issues that should probably be documented in here:
I believe that the "best" way to configure the container networks is to create a public bridge network, and add all of the containers to it, with mapped ports from container to host. That is: add a "networks" section to compose.yaml as follows:
then instead of
network-mode: hostyou can add:to every service definition. This will automatically connect the containers to a Docker bridge and NAT traffic to and from the Internet from these containers. You still need your
portssection to expose container ports as host ports.I also hit an issue with firewalld - used for firewalls in recent versions of Ubuntu - in the Ubuntu image on OCI. To fix the issue, I needed to set the following in the host firewall to ensure that NATted traffic from the containers was not being dropped on the host side:
You should also document that
sysctl net.ipv4.ip_forwardis set to 1 - if the command returns 0 you need to run the following to set it, and ensure it persists:I have hit these issues several times, including while following these instructions with an OCI A1 instance. I expect anyone following this tutorial will as well.