Docker 构建无法解析 Windows Server 2019 上的 DNS

Question

问题

运行以下命令：

docker build  --rm -f "c:\Users\...\iotedgeModbus\Dockerfile.amd64.debug" -t
modbus:dev-amd64.debug "c:\Users\...\iotedgeModbus" ; if ($?) { iotedgehubdev start -d "c:\Users\...\iotedgeModbus\config\deployment.debug.amd64.json" -v }

输出与解析 DNS 名称相关的错误：

Step 2/21 : RUN apt-get update &&     apt-get install -y --no-install-recommends unzip procps
&&     rm -rf /var/lib/apt/lists/*
 ---> Running in a389a7d1ff0d
Err:1 http://security.debian.org/debian-security buster/updates InRelease
  Temporary failure resolving 'security.debian.org'
Err:2 http://deb.debian.org/debian buster InRelease
  Temporary failure resolving 'deb.debian.org'
Err:3 http://deb.debian.org/debian buster-updates InRelease
  Temporary failure resolving 'deb.debian.org'
Reading package lists...

完整的堆栈跟踪：

docker build  --rm -f "c:\Users\...\iotedgeModbus\Dockerfile.amd64.debug" -t
modbus:dev-amd64.debug "c:\Users\...\iotedgeModbus" ; if ($?) { iotedgehubdev start -d "c:\Users\...\iotedgeModbus\config\deployment.debug.amd64.json" -v }
Sending build context to Docker daemon  699.9kB
Step 1/21 : FROM mcr.microsoft.com/dotnet/core/runtime:3.0.0-buster-slim AS base
 ---> b525e32f0752
Step 2/21 : RUN apt-get update &&     apt-get install -y --no-install-recommends unzip procps
&&     rm -rf /var/lib/apt/lists/*
 ---> Running in a389a7d1ff0d
Err:1 http://security.debian.org/debian-security buster/updates InRelease
  Temporary failure resolving 'security.debian.org'
Err:2 http://deb.debian.org/debian buster InRelease
  Temporary failure resolving 'deb.debian.org'
Err:3 http://deb.debian.org/debian buster-updates InRelease
  Temporary failure resolving 'deb.debian.org'
Reading package lists...
W: Failed to fetch http://deb.debian.org/debian/dists/buster/InRelease  Temporary failure resolving 'deb.debian.org'
W: Failed to fetch http://security.debian.org/debian-security/dists/buster/updates/InRelease
Temporary failure resolving 'security.debian.org'
W: Failed to fetch http://deb.debian.org/debian/dists/buster-updates/InRelease  Temporary failure resolving 'deb.debian.org'
W: Some index files failed to download. They have been ignored, or old ones used instead.
Reading package lists...
Building dependency tree...
Reading state information...
E: Unable to locate package unzip
E: Unable to locate package procps
The command '/bin/sh -c apt-get update &&     apt-get install -y --no-install-recommends unzip procps &&     rm -rf /var/lib/apt/lists/*' returned a non-zero code: 100

设置

我有以下配置：

• Azure VM（标准 D2s v3 [2 个 vcpu，8 GiB 内存]）
• VM操作系统是Windows Server 2019 Datacenter v1809
• Docker EE（v19.03.04 适用于服务器和客户端引擎）
• 通过本指南安装和测试 WSL 。
• 通过本指南启用、测试并设置为默认值 LCOW
• 配置了 DNS 服务器的 daemon.json 文件
• 主机已连接到互联网

背景

我正在尝试调试我的容器在生产环境中遇到的问题，因此我想在生产计算机上运行它。

Docker配置

文件内容daemon.json：

{
    "experimental": true,
    "dns": ["208.67.222.222", "208.67.220.220"],
    "bridge": "none"
}

根据本文档，该文件位于“C:\ProgramData\Docker\config”中。

运行docker info输出：

Client:
 Debug Mode: false
 Plugins:
  cluster: Manage Docker clusters (Docker Inc., v1.2.0)

Server:
 Containers: 5
  Running: 0
  Paused: 0
  Stopped: 5
 Images: 3
 Server Version: 19.03.4
 Storage Driver: windowsfilter (windows) lcow (linux)
  Windows:
  LCOW:
 Logging Driver: json-file
 Plugins:
  Volume: local
  Network: ics internal l2bridge l2tunnel nat null overlay private transparent
  Log: awslogs etwlogs fluentd gcplogs gelf json-file local logentries splunk syslog
 Swarm: inactive
 Default Isolation: process
 Kernel Version: 10.0 17763 (17763.1.amd64fre.rs5_release.180914-1434)
 Operating System: Windows Server 2019 Datacenter Version 1809 (OS Build 17763.864)
 OSType: windows
 Architecture: x86_64
 CPUs: 2
 Total Memory: 8GiB
 Name: xxxxxxxx
 ID: GMKH:37MH:LDBL:AXQA:DYNK:342Y:A2AR:OLJP:WRJM:YQV2:4XZA:XJCR
 Docker Root Dir: C:\ProgramData\docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: true
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

运行docker network ls输出：

NETWORK ID          NAME                DRIVER              SCOPE
3c451e980ddd        nat                 nat                 local
c2d54c8da069        none                null                local

运行docker network inspect nat输出：

[
    {
        "Name": "nat",
        "Id": "3c451e980dddda1b46005caba457f56efb4aba610668c5d58f7c3cc839604347",
        "Created": "2019-11-12T22:07:47.6443712Z",
        "Scope": "local",
        "Driver": "nat",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "windows",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.20.160.0/20",
                    "Gateway": "172.20.160.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {},
        "Options": {
            "com.docker.network.windowsshim.hnsid": "8991C564-50DB-4AE0-9C75-7B117787CC7E",
            "com.docker.network.windowsshim.networkname": "nat"
        },
        "Labels": {}
    }
]

内容Dockerfile.amd64.debug有：

FROM mcr.microsoft.com/dotnet/core/runtime:3.0.0-buster-slim AS base

RUN apt-get update && \
    apt-get install -y --no-install-recommends unzip procps && \
    rm -rf /var/lib/apt/lists/*

RUN useradd -ms /bin/bash moduleuser
USER moduleuser
RUN curl -sSL https://aka.ms/getvsdbgsh | bash /dev/stdin -v latest -l ~/vsdbg

FROM mcr.microsoft.com/dotnet/core/sdk AS build-env
WORKDIR /app

COPY *.csproj ./
RUN dotnet restore

COPY . ./
RUN dotnet publish -c Debug -o out

FROM gcc:7 AS build-env-2
WORKDIR /app

# copy .c and .h file
COPY *.c ./
COPY *.h ./

# build
RUN gcc -shared -o libcomWrapper.so -fPIC comWrapper.c

FROM base
WORKDIR /app
COPY --from=build-env /app/out ./
COPY --from=build-env-2 /app/libcomWrapper.so /usr/lib/

ENTRYPOINT ["dotnet", "iotedgeModbus.dll"]

我的文件与此示例deployment.debug.template.json具有相同的结构。

尝试过的解决方案

我已尝试以下方法来尝试纠正该问题：

• 确认主机可以是pinggoogle.com、deb.debian.org 和 security.debian.org。
• 确认主机成功返回nslookupgoogle.com、deb.debian.org 和 security.debian.org 的结果。
• 使用 Google DNS、OpenDNS 和主机适配器 DNS 的 DNS 条目更新了 daemon.json 文件，然后重新启动 docker 服务以测试连接。
• docker build使用标志指定在命令中使用的适配器--network，我已经尝试了 nat 和 none 网络。
• 将 DNS 使用设置为主机上 vEthernet (nat) 适配器上的 Google DNS 和 OpenDNS 服务器。
• 指定要与标志一起使用的 DNS 服务器--dns（似乎仅适用于 dockerd 而不是 docker.
• 根据此评论InterfaceMetric，将主机用于连接互联网的适配器的设置低于其他适配器的设置。
• 根据文档，已确认主机网络不适用于 Windows Server 上的 Docker EE 。
• 尝试创建桥接网络，docker network create -d bridge mynetwork但遇到：“来自守护程序的错误响应：无法在 v1 插件注册表中找到插件桥：找不到插件”。
• 使用创建了一个透明网络适配器docker network create -d transparent MyNetwork，但由于docker build未完成，因此我无法将其附加到容器。

Answer 1

打开守护进程配置并添加json格式的DNS 8.8.8.8。然后重新启动 docker 守护进程。apt get 会起作用。条目是

{
    "dns": ["8.8.8.8"]
}