Netstat support inside Docker containers

docker

#1

Dear CircleCI Team,

With the Docker LXC driver you use, the netstat command does not work inside the containers. It runs the netstat command in the host instead of in the container, so its output is wrong.

There is a tool called lxc-netstat to solve this problem, but it is not available on CircleCI machines. I tried installing the lxc-netstat command by hand, but requires cgroups, so that does not work either. I also tried using netcat (nc -z), with no luck.

In my case, I need this to run Serverspec port tests, which use netstat underneath.

Usage example here: https://circleci.com/gh/zuazo/keywhiz-docker/2

The error output in this case:

Failures:

  1) Docker Build from path: "/home/ubuntu/keywhiz-docker" Serverspec on tag: "keywhiz" Port "4444" should be listening
     Failure/Error: should be_listening
       expected Port "4444" to be listening
       netstat -tunl | grep -- :4444\ 

     # ./spec/keywhiz_spec.rb:30:in `block (4 levels) in <top (required)>'

Either way, what I’m trying to say is that it would be good to support netstat inside containers or some way to test listening ports, does not matter if we need to run another tool like lxc-netstat.

Thanks for your time :wink:

Regards,


#2

Just in case you need it, here is the same test running successfully on Travis CI: https://travis-ci.org/zuazo/keywhiz-docker/builds/86794676

  Port "4444"
    should be listening

#3

Thank you for your suggestion, we’ll see what we can do about this.


#4

OK. Thanks @alexey. Let me know if you need any help or information.


#5