OpenStack Routing for VMs running Docker Containers. Is there a smarter way of doing this?

asked 2014-03-07 11:01:48 -0600

qeedy gravatar image

updated 2014-03-15 17:41:45 -0600

When I run Docker within a VM, I'm required to explicitly set routing so that I can access the docker container by using the floating IP address and the exposed Docker port. My machine is a lab machine with only one physical NIC. Therefore this NIC is used to access OpenStack itself and its VMs.

Question: Editing the iptables manually is very cumbersome and error prone and therefore I'm wondering if you can think of a smarter, a more generic, way of doing this? Note: This machine is for testing only and not exposed to the Internet and therefore lax security wouldn't be an issue.

  • Installed Ubuntu 12.04
  • Made below network setting

    $ apt-get install bridge-utils

    $ nano /etc/network/interfaces


Content of /etc/network/interfaces

 # The loopback network interface
    auto lo
    iface lo inet loopback

    # The primary network interface
    auto eth0
    iface eth0 inet manual
            up ip address add 0/0 dev $IFACE
            up ip link set $IFACE up
            down ip link set $IFACE down

    # Bridge for OpenStack to work with single NIC
    auto br-openstack
    iface br-openstack inet static
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0
            address 10.20.24.10
            netmask 255.255.248.0
            broadcast 10.20.31.255
            gateway 10.20.24.1
            dns-nameservers 10.20.24.1
            dns-search my.company.com
            up ifconfig $IFACE promisc

*Configure forwarding

# sysctl net.ipv4.ip_forward=1

# iptables -t nat -A POSTROUTING -o br-openstack -j MASQUERADE

*Created VM and installed Apache *Edited iptables as VM listens on IP 10.11.12.2:8080. Command was executed on DevStack host machine!

# iptables -t nat -A PREROUTING -i br-openstack -p tcp --dport 8080 -j DNAT --to-destination 10.11.12.2

Note: With above settings, I can run the VM and access its Apache HTTP Server on port 8080 with either 10.11.12.2:8080 or with 10.20.24.15:8080, which is the VM's floating IP address.

*Installed Docker on the VM *Run a Docker container, which runs Apache HTTP Server on port 80. Used command below to expose the port.

# docker run -p 80:8080 -d mbentley/ubuntu-tomcat7

*Edited ipatables to be able to access the Docker container on port 80.

This command is executed on the DevStack machine!

# iptables -t nat -A PREROUTING -i br-openstack -p tcp --dport 80 -j DNAT --to-destination 10.11.12.2

This command is executed on the VM!

# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 172.17.42.2:80

Note: The docker container is now accessible via the floating IP address on port 80.


Side note: I tried my best to format this post consistently but somehow this WYSIWYG editor didn't allow me to.

edit retag flag offensive close merge delete