Instructions missing prerequisites, network configuration "gotchas" #2
Description
I believe the README should include what resources are required for the demo (I've been told 64 cores, but will fewer work?), and when I ran through the README (after hitting some issues that I will log in other issues), I hit some common networking issues that should probably be documented in here:
I believe that the "best" way to configure the container networks is to create a public bridge network, and add all of the containers to it, with mapped ports from container to host. That is: add a "networks" section to compose.yaml as follows:
networks:
- public:
driver: bridgethen instead of network-mode: host you can add:
networks:
- publicto every service definition. This will automatically connect the containers to a Docker bridge and NAT traffic to and from the Internet from these containers. You still need your ports section to expose container ports as host ports.
I also hit an issue with firewalld - used for firewalls in recent versions of Ubuntu - in the Ubuntu image on OCI. To fix the issue, I needed to set the following in the host firewall to ensure that NATted traffic from the containers was not being dropped on the host side:
# Enable masquerading
sudo firewall-cmd --zone=public --add-masquerade --permanent
# Assign Internet-facing NIC to zone (from 'ip route | grep default')
sudo firewall-cmd --zone=public --add-interface=enp0s10 --permanent
# Reload firewalld
sudo firewall-cmd --reload
You should also document that sysctl net.ipv4.ip_forward is set to 1 - if the command returns 0 you need to run the following to set it, and ensure it persists:
sudo sysctl -w net.ipv4.ip_forward=1
echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf
I have hit these issues several times, including while following these instructions with an OCI A1 instance. I expect anyone following this tutorial will as well.