Putting gitlab in docker with a different ip (Bridged networking)

Docker is amazing.  These thin containers are much more resource efficient than full virtual machines, and I rarely need to have an OS that is much different from my host OS. What I really want to do is put up generic environment walls so that my application stack is happy, but not so separate that it hurts my wallet.  The beautiful part of exposing an actual ip address is we can use normal DNS to have these containers look like different servers.

There are some old instructions on this, but docker has come a long way, and it is much easier now than some of the complicated setups I saw people discussing back in 2013.

Beginning Docker

After testing the basics, I ended up wanting to docker something useful.  The first service I wanted to containerize was Gitlab.  Why Gitlab? Similar to chef-server, Gitlab uses many services behind the scenes, and can start colliding with other services on standard ports. So, it can start becoming easier to put these software stacks in containers, rather than customizing/remapping all the ports (because it isn’t just 80->81 anymore).

In retrospect, using docker is really easy, but I still haven’t taken that final step of customizing my own image. So, I was quite excite that the amazing people at Gitlab already did the hard part!

Before I continue, my top docker commands:

First, you’ll need to download an image.  Intro testing encourages downloading busybox or fedora.

# docker pull busybox
# docker pull fedora 
# docker pull gitlab/gitlab-ce:latest

Check what you have pulled already

# docker images

REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
docker.io/gitlab/gitlab-ce latest 0251581ae8b0 7 days ago 1.225 GB
docker.io/fedora latest ded7cd95e059 9 weeks ago 186.5 MB
docker.io/busybox latest 8c2e06607696 3 months ago 2.43 MB

Run something

# docker run -i -t fedora /bin/bash
[root@898aa7d5f394 /]# ls
bin dev home lib64 media opt root sbin sys usr
boot etc lib lost+found mnt proc run srv tmp var
exit

Look for all containers

# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
898aa7d5f394 fedora:latest "/bin/bash" 4 minutes ago Exited (0) 4 minutes ago

Start an old container, and reattach if interactive

# docker start 898aa7d5f394 
# docker attach 898aa7d5f394 
[root@898aa7d5f394 /]# exit

Preparing our bridged networking

I’m always trying out new tools. The problem with that is sometimes they aren’t ready and I forget to go check them back out when they have been updated.  So, I was excited to learn that the NetworkManager CLI does everything I’d ever want it to do now!

# nmcli con add type bridge ifname br0
# nmcli con add type bridge-slave ifname enp3s0 master bridge-br0

I also end up editing the br0 to specify an exact MAC address so my DHCP->static ipaddress mapping works the way I want.  I’m also pretty sure I rebooted at this point to test the bridge.  Most network-bridge walk-throughs use static IPs, but when you want a DHCP address from your bridge device you may have some sync/ordering issues when using the classic walk-through. But NetworkManager solves these and is easier to set up!  If you’ve never done this, make sure you have raw ethernet device that has no IP address anymore, and a bridge device that has one.

Adding the docker daemon options

Fedora provides a nice place to put the docker networking options.

# cat /etc/sysconfig/docker-network
DOCKER_NETWORK_OPTIONS=-b br0

Start it up and test it out!

Make sure docker started up with the correct options:

# pgrep -a docker
4051 /usr/bin/docker -d --selinux-enabled -b br0

docker run with the recommended gitlab command (notice both port mapping and path mapping ! ):

# docker run --detach --publish 8443:443 --publish 8080:80 --publish 2222:22 --name gitlab --restart always --volume /srv/gitlab/config:/etc/gitlab --volume /srv/gitlab/logs:/var/log/gitlab --volume /srv/gitlab/data:/var/opt/gitlab gitlab/gitlab-ce:latest

Find the container id

# docker ps
 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
 f23194daeb0f gitlab/gitlab-ce:latest "/usr/local/bin/wrap 2 days ago Up 2 hours 0.0.0.0:2222->22/tcp, 0.0.0.0:8080->80/tcp, 0.0.0.0:8443->443/tcp gitlab

Find the new ip address !

[root@master3 network-scripts]# docker exec f23194daeb0f ifconfig
 eth0 Link encap:Ethernet HWaddr 02:42:c0:a8:01:02
 inet addr:192.168.1.2 Bcast:0.0.0.0 Mask:255.255.255.0

You should now be able to verify that you can see gitlab on your host ip address on the mapped port (for me 192.168.1.151:8080), but also on the bridged ip (for me 192.168.1.2)!