Nir, Try to add "network_mode: bridge" under your services inside of the docker-compose file. I know I had to do this to build under Linux, but works fine under OSX Docker Engine.
We do have the problem here since we don't allow docker to manage iptables. This problem is limited to docker-compose as it will create a new network. https://docs.docker.com/compose/compose-file/#network_mode Example : traffic_router_build: image: traffic_router_builder build: dockerfile: infrastructure/docker/build/Dockerfile-traffic_router context: ../../.. volumes: - ../../..:/trafficcontrol network_mode: bridge Let me know if that works for you. Steve On Thu, Oct 5, 2017 at 5:55 PM, Nir Sopher <n...@qwilt.com> wrote: > Hi Rawlin and thank you very much for your help! > The link to http://www.verisignlabs.com/jdnssec-tools/packages/ > old-releases/jdnssec-tools-0.12.tar.gz is not available from our > environment (in Israel). > Curl first tries IPv4 and when failed, fallback to IPv6... (see output > below). > Pinging verisignlabs.com > <http://www.verisignlabs.com/jdnssec-tools/packages/old- > releases/jdnssec-tools-0.12.tar.gz> > also > fails. It is trying to approach an IPv4 address, but fails to connect to it > - as if I'm blocked by a firewall. > > I'll discuss our IT team about method to resolve the issue, possibly trying > to connect verisignlabs (are there any contact information in their > website?). > 10x, > Nir > > curl -vvv > http://www.verisignlabs.com/jdnssec-tools/packages/old- > releases/jdnssec-tools-0.12.tar.gz > * About to connect() to www.verisignlabs.com port 80 (#0) > * Trying 72.13.58.64... Connection timed out > * Trying 2620:74:13:4400::201... Failed to connect to > 2620:74:13:4400::201: Network is unreachable > * Success > * couldn't connect to host > * Closing connection #0 > curl: (7) Failed to connect to 2620:74:13:4400::201: Network is unreachable > > > On Thu, Oct 5, 2017 at 11:49 PM, Rawlin Peters <rawlin.pet...@gmail.com> > wrote: > > > Hey Nir, > > > > Are you still having build issues? > > > > I found an interesting tidbit from `curl --manual` using Curl version > > 7.29.0 (x86_64-redhat-linux-gnu) inside a centos:7 Docker container > > (what the build uses): > > > > IPv6 > > > > curl will connect to a server with IPv6 when a host lookup returns an > > IPv6 > > address and fall back to IPv4 if the connection fails. The --ipv4 and > > --ipv6 > > options can specify which address to use when both are available. > > > > So assuming curl would've fallen back to an IPv4 address if it was > > able to get an A record, I think we can assume that in this case your > > local resolver did not get an A record when it resolved that hostname > > or your build environment is ipv6-only. Is it possible that happened > > in your environment, Nir? > > > > To fix builds in IPv6-only environments, I think we'd have to > > configure the docker network to enable ipv6. This doesn't appear > > possible using docker-compose format version 2 (what the build > > currently uses), but maybe in format version 2.1 [1]. However, > > enabling IPv6 might then require an IPv6-enabled host, and IPv6 > > doesn't appear to be supported on at least Docker For Mac [2]. On > > operating systems that support it, maybe you'd just have to configure > > the Docker daemon for IPv6 and update the docker-compose.yml file to > > enable it for the build. > > > > - Rawlin > > > > [1] https://docs.docker.com/compose/compose-file/compose- > file-v2/#network- > > configuration-reference > > [2] https://docs.docker.com/docker-for-mac/troubleshoot/#known-issues > > > > On Tue, Oct 3, 2017 at 10:06 PM, Mark Torluemke <mtorlue...@apache.org> > > wrote: > > > I think we should be resilient and try both address families...curl > might > > > even do this 'for free' if we enable retries. > > > > > > On Tue, Oct 3, 2017 at 3:21 PM, Rawlin Peters <rawlin.pet...@gmail.com > > > > > wrote: > > > > > >> It's possible that Docker isn't playing nicely with IPv6 in your build > > >> environment. The RPM build script is curling > > >> http://www.verisignlabs.com/jdnssec-tools/packages/old- > > >> releases/jdnssec-tools-0.12.tar.gz, > > >> and in your case is using the AAAA record for some reason. My guess is > > >> that the container doing the build probably only routes IPv4 by > > >> default in some environments. Checking in my build environment, none > > >> of the Docker networks have IPv6 enabled. > > >> > > >> Should we pass `-4` to the curl command here [1] to force it to > > >> resolve to IPv4 addresses only? > > >> > > >> - Rawlin > > >> > > >> [1] https://github.com/apache/incubator-trafficcontrol/blob/ > > >> master/traffic_router/build/build_rpm.sh#L41 > > >> > > >> On Tue, Oct 3, 2017 at 3:02 PM, Nir Sopher <n...@qwilt.com> wrote: > > >> > I now see that "./pkg traffic_portal_build" fails as well. This time > > with > > >> > no log. > > >> > It worked before, back when I was building it from master. > > >> > Where is jdnssec brought from? Is it built during the process? I > > failed > > >> to > > >> > find it in the standard public repositories. > > >> > Nir > > >> > > > >> > On Tue, Oct 3, 2017 at 11:56 PM, David Neuman < > > david.neuma...@gmail.com> > > >> > wrote: > > >> > > > >> >> I have not seen this issue. It's interesting that it is trying > ipv6 > > for > > >> >> that. > > >> >> > > >> >> On Tue, Oct 3, 2017 at 2:33 PM, Nir Sopher <n...@qwilt.com> wrote: > > >> >> > > >> >> > Hi, > > >> >> > > > >> >> > Yesterday I tried to build the latest 2.1.x traffic-control, > > calling > > >> the > > >> >> > ./pkg command. > > >> >> > The command failed on traffic-router build, and according to the > > below > > >> >> log, > > >> >> > it is related to bringing the JDNSSEC tools library, not sure > from > > >> which > > >> >> > repository. > > >> >> > > > >> >> > Does anybody else encountered a similar issue? > > >> >> > > > >> >> > Thanks, > > >> >> > Nir > > >> >> > > > >> >> > Building the rpm. > > >> >> > % Total % Received % Xferd Average Speed Time Time > > Time > > >> >> > Current > > >> >> > Dload Upload Total Spent > > Left > > >> >> > Speed > > >> >> > 0 0 0 0 0 0 0 0 --:--:-- 0:02:07 > > >> --:--:-- > > >> >> > 0curl: (7) Failed to connect to 2620:74:13:4400::201: Network is > > >> >> > unreachable > > >> >> > Could not download required jdnssec-tools-0.12 library: 7 > > >> >> > > > >> >> > > >> > > >
