After little trouble with running Docker in Fedora 31 I found myself yet again in a similar situation. This time the DNS inside Docker containers could not resolve github.com hostname.
This was the welcome of a first Docker build on Fedora 32:
... Step 12/32 : RUN export MIX_ENV=k8s_develop && cd backend && MIX_ENV=k8s_develop mix deps.get && MIX_ENV=k8s_develop mix release k8s_develop && cd .. ---> Running in 12a32a3ac7cf * Getting currency_conversion (https://github.com/jshmrtn/currency-conversion.git) fatal: unable to access 'https://github.com/jshmrtn/currency-conversion.git/': Could not resolve host: github.com ** (Mix) Command "git --git-dir=.git fetch --force --quiet --progress" failed
Is GitHub down? Am I connected to the Internet? It does seem to work in my Firefox…
ping from your host system worked fine:
workstation$ ping github.com PING github.com (126.96.36.199) 56(84) bytes of data. 64 bytes from github.com (188.8.131.52): icmp_seq=1 ttl=50 time=263 ms 64 bytes from github.com (184.108.40.206): icmp_seq=2 ttl=50 time=359 ms
…but no luck in Docker.
Could not resolve host: github.com.
This is what happened to me this week after upgrading my Fedora 31 to Fedora 32.
In my particular case it seems to be an issue with the firewall (it’s always the firewall or SELinux isn’t is?). What worked for me was to add IP masquerading to the firewalld zone I am on. IP masquerading allows internal systems access the host’s network.
Find out the right interface with
ip addr show:
$ ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever ... 4: wlp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether f8:59:71:33:11:f2 brd ff:ff:ff:ff:ff:ff inet 192.168.42.3/24 brd 192.168.42.255 scope global dynamic noprefixroute wlp4s0 valid_lft 16928sec preferred_lft 16928sec inet6 fe80::68a7:8161:7367:e450/64 scope link noprefixroute valid_lft forever preferred_lft forever ...
In my case I am on
Let’s find its zone:
$ sudo firewall-cmd --get-zone-of-interface=wlp4s0 FedoraWorkstation
Now we simply enable masquerading for this zone, reload firewalld configuration and restart Docker:
$ sudo firewall-cmd --zone=FedoraWorkstation --add-masquerade --permanent success $ sudo firewall-cmd --reload success $ sudo systemctl restart docker
And that’s it. After this little change I was able to build my containers again.
← IT'S OUT NOW
I wrote a complete guide on web application deployment. Ruby with Puma, Python with Gunicorn, NGINX, PostgreSQL, Redis, networking, processes, systemd, backups, and all your usual suspects.