Docker Graylog macvlan vs. IPvlan?

1. Describe your incident:
I am currently testing Graylog in a Docker envirnment. Graylog is running, but it is in the wrong VLAN. I would like to change it to my “server-VLAN”. I am not sure, if the concepts of macvlan or IPvlan are possible with Graylog in Docker?
I have used a docker-compose.yml to get Docker running. At the begining, I thought, there would be one container including Graylog, MongoDB and Elasticsearch. As it turned out, there are now 3 containers. How are they communicating with each other? Will this still be working, if I introduce IPvlan or macvlan? (I only want to make Graylog available to the network.)

2. Describe your environment:

• OS Information: Ubuntu 22.04.1 LTS / Docker 20.10.22
• Network infrastructure:
  I have a Unifi-network, which provides a “software defined” network. I should be able to define a 802.1q trunk switch port. (I did not yet test it, but theoretically, this should be possible.)
• Hardware: the Ubuntu is running on a HP EliteDesk 800 G2. I don’t know yet, if that network interface is able of handling the IPVlan-|macvlan-traffic.

4. How can the community help?

• Does anybody has a similar setup?
• Will the communication between Graylog, MongoDB and Elasticsearch still work, if I introduce IPvlan or macvlan? Any reccomendation, which to use?

Any input is very much appreciated.

Hello @schneich

Yes, Since the VLAN tagging from the host node to the swtich is configured, this would mean the host node with vlan tagging say, vlan001 /w ipaddress of 192.168.1.100.
When installing Graylog through Docker-Compose ( as you seen) make three containers installed then docker uses localhost/127.0.0.1, or network “172.17.0.0” , and Docker by default creates a Bridge called docker0

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:15:5d:60:20:06 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.100/24 brd 10.200.6.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::215:5dff:fe60:2006/64 scope link
       valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:7f:b0:26:1d brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:7fff:feb0:261d/64 scope link
       valid_lft forever preferred_lft foreve

In the docker-compose file you need to make adjustments for the network like so.

 graylog:
   - network_mode: bridge

so basically your going from ip address of the container to host address.

172.17.0.4 ---docker0---> 192.168.1.100 ---vlan001--> google.com

If you using Localhost/127.0.0.1 or container name for MongoDb and Elasticsearch/opensearch VLAN will not affect it not unless you have muiltiple host/s with Docker containers on them , meaning remote nodes that need to connect to each other, then your CCNA guys need to make adjustments.

Havent used niether one of those, I perfer to use my Firewall which tag’s VLANS and my Routers for directing vlan traffic.

Dear @gsmith,
thank you very much for your reply.
I am currently playing around with the ipvlan-settings. I am not yet happy with it.

That sounds familiar and I could imaging doing the same. The Graylog-Container would have to show up on my network with a docker-container-specific mac-address, so that I can assigne a fixed IP. (DHCP reservation) How would you achieve this?
I have one HP EliteDesk 800 G2 with one network card, through which all the traffic of all docker containers will have to run.

Thanks in advance,
Chris

EDIT:
Perhaps some more explanation on what I am trying to achieve.
This is my network, where you can see the Ubuntu Server on Port 1.

grafik1472×1006 74.5 KB

Within the Docker on that Ubuntu Server, I would like to run several things:

• Graylog: gathering of the logs of some systems - Server-VLAN70
• HomeAssistant: currently running on a RaspberryPi - IoT-VLAN30
• AdGuard: removing advertisements from webpages - Server-VLAN70
• VPN-Server: Unifi does not support the new VPN protocolls, my new phone does not support the old ones - Management-LAN-VLAN1
• some more cool stuff (any ideas are welcome)
  …

hey, @schneich

Thx for the logical graph

Basically, think of a docker container as a Virtal machine on a physical/virtual machine. You could do this but it makes more sence to only open the port needed to give Graylog Access for inputs, ect… If you want Graylog to be shown on your network then I personally would just install Graylg, MongoDb, & Opensearch/Elasticseach on the Ubunut host and not worry about Docker.

BTW I have Synology DS 1515+ been running for 5+ years.

If you have thos VLANS tags on the switches you can configrue Ubuntu with those taggings like so
Example:

root# sudo apt-get install vlan

auto eth0.VLAN70
iface eth0.VLAN70 inet static
    address 10.0.70.1
    netmask 255.255.0.0

auto eth0.VLAN30
iface eth0.VLAN30 inet static
    address 10.0.30.1
    netmask 255.255.0.0

Hi @gsmith,
thank you for all that infos.
I will play around with all that and hopefully, I will find a good solution within the next 14 days and then I will post it here.

good night

Dear @gsmith,

I finally have a running solution, which I am happy to share.

# version: as December 2022 https://docs.docker.com/compose/compose-file/

services:
# MongoDB: https://hub.docker.com/_/mongo/
  mongodb:
    image: mongo:5.0.13
    restart: unless-stopped
  #DB in share for persistence
    volumes:
      - type: volume
        source: mongo_data
        target: /data/db
    networks:
      graylog_backend:
        ipv4_address: 10.10.10.3


# Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/7.10/docker.html
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
    #data folder in share for persistence
    volumes:
      - type: volume
        source: es_data
        target: /usr/share/elasticsearch/data
    environment:
      - http.host=0.0.0.0
      - transport.host=localhost
      - network.host=0.0.0.0
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    deploy:
      resources:
         limits:
            memory: 1gb
    ulimits:
      memlock:
        soft: -1
        hard: -1
    restart: unless-stopped
    networks:
      graylog_backend:
        ipv4_address: 10.10.10.4


# Graylog: https://hub.docker.com/r/graylog/graylog/
  graylog:
    image: graylog/graylog:5.0
    #journal and config directories in local NFS share for persistence
    volumes:
      - type: volume
        source: graylog_journal
        target: /usr/share/graylog/data/journal
    environment:
      # CHANGE ME (must be at least 16 characters)!
      - GRAYLOG_PASSWORD_SECRET=[...secret...]
      # Password: admin
      - GRAYLOG_ROOT_PASSWORD_SHA2=[...e795d4cb...]
      - GRAYLOG_HTTP_EXTERNAL_URI=http://192.168.70.3:9000/
      - GRAYLOG_HTTP_ENABLE_CORS=true
    entrypoint: /usr/bin/tini -- wait-for-it elasticsearch:9200 --  /docker-entrypoint.sh
    networks:
      macvlan70:
        ipv4_address: 192.168.70.3
      graylog_backend:
        ipv4_address: 10.10.10.2
    links:
      - mongodb:mongo
      - elasticsearch
    restart: unless-stopped
    depends_on:
      - mongodb
      - elasticsearch
    ports:
      # Graylog web interface and REST API
      - "9000:9000"
      # Syslog TCP
      - "1514:1514/tcp"
      # Syslog UDP
      - "1514:1514/udp"
      # GELF TCP
      - "12201:12201/tcp"
      # GELF UDP
      - "12201:12201/udp"


# Volumes for persisting data, see https://docs.docker.com/engine/admin/volumes/volumes/
volumes:
  mongo_data:
    driver: local
  es_data:
    driver: local
  graylog_journal:
    driver: local


# Network specifications
networks:
  macvlan70:
    external: true
  graylog_backend:
    internal: true
    ipam:
      driver: default
      config:
        - subnet: "10.10.10.0/24"

• I have rewritten the compose.yaml to be in line with the current docker compose-specification.
• I have changed from ipvlan to macvlan. It is easier for me to see the containers in my Unifi-environment. (IP-allocation has still to be done in docker…)
• I have only puplished the graylog container to the external network. Mongo and Elasticsearch are not visible outside docker.

There is one thing, I can’t get my head arround.

• I would like to have my Ubuntu server, which hosts the docker engine, to be on this IP: 192.168.70.2. It receives its IP via DHCP.
• The Docker container is obviously on 192.168.70.3.
• As soon as I configure the server to receive the IP 192.168.70.2, the server is not reachable anymore. It is, as if the network traffic goes to the container, where it just hits a wall.

Have you got any idea, how I can have the host (-> ubuntu server) and the containers (-> e.g. Graylog) in the same IP-range/VLAN?

Any ideas are welcome.

Hey,

Awesome and thank for sharing

You can make the Ubuntu server with a staic IP address from that DHCP server ( i.e., root# ip add ) and adjust the Ubuntu’s network file for the corrections but I’m not sure how you set up your network or how your resolving IP Addresses ( DNS).

Static Address Example:

Navigate to /etc/netplan

root@ansible:/etc/netplan# ls -al
total 20
drwxr-xr-x   2 root root  4096 Mar  2  2021 .
drwxr-xr-x 144 root root 12288 Dec 12 21:08 ..
-rw-r--r--   1 root root   276 Mar  2  2021 00-installer-config.yaml

In that directory there is a file called something like “00-installer-config.yaml”.

Here is an example of the configuration needed to be made.

# This is the network config written by 'subiquity'
network:
  ethernets:
     eth0:
       addresses: [192.168.1.100/24]
       gateway4: 192.168.1.1
       nameservers:
         addresses: [.8.8.8.8,8.8.4.4]
  version: 2

Depending what you wanting to do, you could use 8.8.8.8/8.8.4.4. for resolving some stuff but google would not know your internal network.

OR

You can create two network ports

Example:

eth0 = 192.168.1.100
eth1 = 192.168.30.2 

I forgot but i think a Bridge needs to be made to what ever ethernet port you want to use.

auto eth0.macvlan70
iface eth0.macvlan70 inet static
    address 192.168.70.2
    netmask 255.255.255.0

Dear @gsmith,

I thought, if I create the networks via docker, all the needed routing is done by docker, isn’t it?

I did some more testing, this is my current state:

• Ubuntu Server (HP EliteDesk 800 G2) is on 192.168.70.2 - IP provided via DHCP - accessible via ssh
• HomeAssistant is on 192.168.30.20 - IP based on macvlan30 - accessible via web GUI
• Graylog is on 192.168.70.3 - IP based on macvlan70 - not accessible via GUI, no ping from Asus-laptop possible.

Any idea, how I can make Graylog accessible again?

some more info

uadmin@ubuntu:~$ ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether fc:3f:db:07:69:e5 brd ff:ff:ff:ff:ff:ff
    altname enp0s31f6
    inet 192.168.70.2/25 metric 100 brd 192.168.70.127 scope global dynamic eno1
       valid_lft 85046sec preferred_lft 85046sec
    inet6 fe80::fe3f:dbff:fe07:69e5/64 scope link
       valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:19:e8:1c:24 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
4: br-a8ed596cd6d7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:ed:11:77:13 brd ff:ff:ff:ff:ff:ff
    inet 10.10.10.1/24 brd 10.10.10.255 scope global br-a8ed596cd6d7
       valid_lft forever preferred_lft forever
    inet6 fe80::42:edff:fe11:7713/64 scope link
       valid_lft forever preferred_lft forever
5: eno1.70@eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether fc:3f:db:07:69:e5 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fe3f:dbff:fe07:69e5/64 scope link
       valid_lft forever preferred_lft forever
6: eno1.30@eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether fc:3f:db:07:69:e5 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fe3f:dbff:fe07:69e5/64 scope link
       valid_lft forever preferred_lft forever
8: vethec8b94d@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-a8ed596cd6d7 state UP group default
    link/ether f2:38:a9:31:6d:bb brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::f038:a9ff:fe31:6dbb/64 scope link
       valid_lft forever preferred_lft forever
11: vethe028d4a@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-a8ed596cd6d7 state UP group default
    link/ether 22:18:8f:c0:f7:b3 brd ff:ff:ff:ff:ff:ff link-netnsid 3
    inet6 fe80::2018:8fff:fec0:f7b3/64 scope link
       valid_lft forever preferred_lft forever
13: veth9e0bd48@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-a8ed596cd6d7 state UP group default
    link/ether 7a:c6:ce:56:66:9f brd ff:ff:ff:ff:ff:ff link-netnsid 1
    inet6 fe80::78c6:ceff:fe56:669f/64 scope link
       valid_lft forever preferred_lft forever

uadmin@ubuntu:~$ docker network ls
NETWORK ID     NAME                      DRIVER    SCOPE
628aaf5ad141   bridge                    bridge    local
a8ed596cd6d7   graylog_graylog_backend   bridge    local
989a7cc8de67   host                      host      local
96834b94c746   macvlan30                 macvlan   local
4663a4b40f99   macvlan70                 macvlan   local
fb9e3c4b2724   none                      null      local

Unifi client devices

grafik2543×949 150 KB

The docker container just went offline in my Unifi environment, but if I inspect the container, it is still there, healhy and running.

uadmin@ubuntu:~$ docker container inspect graylog-graylog-1
[
    {
        "Id": "5ce7fed1ccb8cfb770337da8d0b66c0627e58e73eb295b9f2372deb51cebd17a",
        "Created": "2022-12-23T23:12:33.678519391Z",
        "Path": "/usr/bin/tini",
        "Args": [
            "--",
            "wait-for-it",
            "elasticsearch:9200",
            "--",
            "/docker-entrypoint.sh"
        ],
        "State": {
            "Status": "running",
            "Running": true,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 1223,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2022-12-25T15:29:16.577137314Z",
            "FinishedAt": "2022-12-25T15:28:35.425159405Z",
            "Health": {
                "Status": "healthy",
                "FailingStreak": 0,
                "Log": [
                    {
                        "Start": "2022-12-25T17:02:56.30703134+01:00",
                        "End": "2022-12-25T17:02:56.438637326+01:00",
                        "ExitCode": 0,
                        "Output": "{\"cluster_id\":\"d1055499-7afa-4e63-883d-191dfd68ac27\",\"node_id\":\"e3923345-1eb2-43a2-8339-c60bf94e7539\",\"version\":\"5.0.1+f28b729\",\"tagline\":\"Manage your logs in the dark and have lasers going and make it look like you're from space!\"}"
                    },
                    {
                        "Start": "2022-12-25T17:03:06.455849725+01:00",
                        "End": "2022-12-25T17:03:06.594247158+01:00",
                        "ExitCode": 0,
                        "Output": "{\"cluster_id\":\"d1055499-7afa-4e63-883d-191dfd68ac27\",\"node_id\":\"e3923345-1eb2-43a2-8339-c60bf94e7539\",\"version\":\"5.0.1+f28b729\",\"tagline\":\"Manage your logs in the dark and have lasers going and make it look like you're from space!\"}"
                    },
                    {
                        "Start": "2022-12-25T17:03:16.608613815+01:00",
                        "End": "2022-12-25T17:03:16.743843181+01:00",
                        "ExitCode": 0,
                        "Output": "{\"cluster_id\":\"d1055499-7afa-4e63-883d-191dfd68ac27\",\"node_id\":\"e3923345-1eb2-43a2-8339-c60bf94e7539\",\"version\":\"5.0.1+f28b729\",\"tagline\":\"Manage your logs in the dark and have lasers going and make it look like you're from space!\"}"
                    },
                    {
                        "Start": "2022-12-25T17:03:26.760143886+01:00",
                        "End": "2022-12-25T17:03:26.894179526+01:00",
                        "ExitCode": 0,
                        "Output": "{\"cluster_id\":\"d1055499-7afa-4e63-883d-191dfd68ac27\",\"node_id\":\"e3923345-1eb2-43a2-8339-c60bf94e7539\",\"version\":\"5.0.1+f28b729\",\"tagline\":\"Manage your logs in the dark and have lasers going and make it look like you're from space!\"}"
                    },
                    {
                        "Start": "2022-12-25T17:03:36.909386108+01:00",
                        "End": "2022-12-25T17:03:37.022068941+01:00",
                        "ExitCode": 0,
                        "Output": "{\"cluster_id\":\"d1055499-7afa-4e63-883d-191dfd68ac27\",\"node_id\":\"e3923345-1eb2-43a2-8339-c60bf94e7539\",\"version\":\"5.0.1+f28b729\",\"tagline\":\"Manage your logs in the dark and have lasers going and make it look like you're from space!\"}"
                    }
                ]
            }
        },
        "Image": "sha256:a2705548029a105aa0a5fe79a6e9c3d92d4a624b519d0f5ab67862a68138423c",
        "ResolvConfPath": "/var/lib/docker/containers/5ce7fed1ccb8cfb770337da8d0b66c0627e58e73eb295b9f2372deb51cebd17a/resolv.conf",
        "HostnamePath": "/var/lib/docker/containers/5ce7fed1ccb8cfb770337da8d0b66c0627e58e73eb295b9f2372deb51cebd17a/hostname",
        "HostsPath": "/var/lib/docker/containers/5ce7fed1ccb8cfb770337da8d0b66c0627e58e73eb295b9f2372deb51cebd17a/hosts",
        "LogPath": "/var/lib/docker/containers/5ce7fed1ccb8cfb770337da8d0b66c0627e58e73eb295b9f2372deb51cebd17a/5ce7fed1ccb8cfb770337da8d0b66c0627e58e73eb295b9f2372deb51cebd17a-json.log",
        "Name": "/graylog-graylog-1",
        "RestartCount": 0,
        "Driver": "overlay2",
        "Platform": "linux",
        "MountLabel": "",
        "ProcessLabel": "",
        "AppArmorProfile": "docker-default",
        "ExecIDs": null,
        "HostConfig": {
            "Binds": [],
            "ContainerIDFile": "",
            "LogConfig": {
                "Type": "json-file",
                "Config": {}
            },
            "NetworkMode": "macvlan70",
            "PortBindings": {
                "12201/": [
                    {
                        "HostIp": "0.0.0.0",
                        "HostPort": "12201"
                    }
                ],
                "1514/": [
                    {
                        "HostIp": "0.0.0.0",
                        "HostPort": "1514"
                    }
                ],
                "9000/": [
                    {
                        "HostIp": "0.0.0.0",
                        "HostPort": "9000"
                    }
                ]
            },
            "RestartPolicy": {
                "Name": "unless-stopped",
                "MaximumRetryCount": 0
            },
            "AutoRemove": false,
            "VolumeDriver": "",
            "VolumesFrom": null,
            "CapAdd": null,
            "CapDrop": null,
            "CgroupnsMode": "private",
            "Dns": [],
            "DnsOptions": [],
            "DnsSearch": [],
            "ExtraHosts": [],
            "GroupAdd": null,
            "IpcMode": "private",
            "Cgroup": "",
            "Links": null,
            "OomScoreAdj": 0,
            "PidMode": "",
            "Privileged": false,
            "PublishAllPorts": false,
            "ReadonlyRootfs": false,
            "SecurityOpt": null,
            "UTSMode": "",
            "UsernsMode": "",
            "ShmSize": 67108864,
            "Runtime": "runc",
            "ConsoleSize": [
                0,
                0
            ],
            "Isolation": "",
            "CpuShares": 0,
            "Memory": 0,
            "NanoCpus": 0,
            "CgroupParent": "",
            "BlkioWeight": 0,
            "BlkioWeightDevice": null,
            "BlkioDeviceReadBps": null,
            "BlkioDeviceWriteBps": null,
            "BlkioDeviceReadIOps": null,
            "BlkioDeviceWriteIOps": null,
            "CpuPeriod": 0,
            "CpuQuota": 0,
            "CpuRealtimePeriod": 0,
            "CpuRealtimeRuntime": 0,
            "CpusetCpus": "",
            "CpusetMems": "",
            "Devices": null,
            "DeviceCgroupRules": null,
            "DeviceRequests": null,
            "KernelMemory": 0,
            "KernelMemoryTCP": 0,
            "MemoryReservation": 0,
            "MemorySwap": 0,
            "MemorySwappiness": null,
            "OomKillDisable": null,
            "PidsLimit": null,
            "Ulimits": null,
            "CpuCount": 0,
            "CpuPercent": 0,
            "IOMaximumIOps": 0,
            "IOMaximumBandwidth": 0,
            "Mounts": [
                {
                    "Type": "volume",
                    "Source": "368e86bfb2209e3c04a3bf1137dd98b6c06293e652cff2ef9670c840d3a705be",
                    "Target": "/usr/share/graylog/data"
                },
                {
                    "Type": "volume",
                    "Source": "graylog_graylog_journal",
                    "Target": "/usr/share/graylog/data/journal"
                }
            ],
            "MaskedPaths": [
                "/proc/asound",
                "/proc/acpi",
                "/proc/kcore",
                "/proc/keys",
                "/proc/latency_stats",
                "/proc/timer_list",
                "/proc/timer_stats",
                "/proc/sched_debug",
                "/proc/scsi",
                "/sys/firmware"
            ],
            "ReadonlyPaths": [
                "/proc/bus",
                "/proc/fs",
                "/proc/irq",
                "/proc/sys",
                "/proc/sysrq-trigger"
            ]
        },
        "GraphDriver": {
            "Data": {
                "LowerDir": "/var/lib/docker/overlay2/f3a3a4955e31fad30cf273b1d3668f79a6fa2e9ea94d0d22cf2dee7f9a42d49c-init/diff:/var/lib/docker/overlay2/f27f6ad61fe72b6be4f6d5223bb5048ff81c6d1a422e1a8696ab90021d0ad487/diff:/var/lib/docker/overlay2/4615c550dfa661ddf40130f0961c76931444e016a13bdd7f49a2e39aad0ba8fa/diff:/var/lib/docker/overlay2/adecbf556df26c1eba0cf49c964cf7449229d9a049504dcf9d87bdcdc5f08e82/diff:/var/lib/docker/overlay2/253967d726a16b6c1fbe457efeec2d64263004df7655d9e8e1c8084c3ec4a3e4/diff:/var/lib/docker/overlay2/0953c46a993fa25a52b2ecedfc267e63011e17074ca713e05ff74da0a2e2a62a/diff:/var/lib/docker/overlay2/71e63935ad88f2319a3fae3ddc343594478cbe4b7fc1f8a71ffa33d8ea83e9b1/diff:/var/lib/docker/overlay2/8775c2724ae112034133247712972d3b41c226d68b265503383c26b68dff5567/diff:/var/lib/docker/overlay2/40aa18738583838a0223bd4addb86a8e66800bbd1dd517116930c96b0b5adb25/diff:/var/lib/docker/overlay2/767af6d51eeac5c67d8b3f33b16064ab2e00e553d6ad73ea120564d69b85ba98/diff",
                "MergedDir": "/var/lib/docker/overlay2/f3a3a4955e31fad30cf273b1d3668f79a6fa2e9ea94d0d22cf2dee7f9a42d49c/merged",
                "UpperDir": "/var/lib/docker/overlay2/f3a3a4955e31fad30cf273b1d3668f79a6fa2e9ea94d0d22cf2dee7f9a42d49c/diff",
                "WorkDir": "/var/lib/docker/overlay2/f3a3a4955e31fad30cf273b1d3668f79a6fa2e9ea94d0d22cf2dee7f9a42d49c/work"
            },
            "Name": "overlay2"
        },
        "Mounts": [
            {
                "Type": "volume",
                "Name": "graylog_graylog_journal",
                "Source": "/var/lib/docker/volumes/graylog_graylog_journal/_data",
                "Destination": "/usr/share/graylog/data/journal",
                "Driver": "local",
                "Mode": "z",
                "RW": true,
                "Propagation": ""
            },
            {
                "Type": "volume",
                "Name": "368e86bfb2209e3c04a3bf1137dd98b6c06293e652cff2ef9670c840d3a705be",
                "Source": "/var/lib/docker/volumes/368e86bfb2209e3c04a3bf1137dd98b6c06293e652cff2ef9670c840d3a705be/_data",
                "Destination": "/usr/share/graylog/data",
                "Driver": "local",
                "Mode": "z",
                "RW": true,
                "Propagation": ""
            }
        ],
        "Config": {
            "Hostname": "5ce7fed1ccb8",
            "Domainname": "",
            "User": "graylog",
            "AttachStdin": false,
            "AttachStdout": true,
            "AttachStderr": true,
            "ExposedPorts": {
                "12201/": {},
                "1514/": {},
                "9000/": {},
                "9000/tcp": {}
            },
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "GRAYLOG_PASSWORD_SECRET=[abcd]",
                "GRAYLOG_ROOT_PASSWORD_SHA2=[efgh]",
                "GRAYLOG_HTTP_EXTERNAL_URI=http://192.168.70.3:9000/",
                "GRAYLOG_HTTP_ENABLE_CORS=true",
                "PATH=/opt/java/openjdk/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "JAVA_HOME=/opt/java/openjdk",
                "LANG=en_US.UTF-8",
                "LANGUAGE=en_US:en",
                "LC_ALL=en_US.UTF-8",
                "JAVA_VERSION=jdk-17.0.5+8"
            ],
            "Cmd": null,
            "Healthcheck": {
                "Test": [
                    "CMD-SHELL",
                    "/health_check.sh"
                ],
                "Interval": 10000000000,
                "Timeout": 2000000000,
                "Retries": 12
            },
            "Image": "graylog/graylog:5.0",
            "Volumes": {
                "/usr/share/graylog/data": {},
                "/usr/share/graylog/data/journal": {}
            },
            "WorkingDir": "/usr/share/graylog",
            "Entrypoint": [
                "/usr/bin/tini",
                "--",
                "wait-for-it",
                "elasticsearch:9200",
                "--",
                "/docker-entrypoint.sh"
            ],
            "OnBuild": null,
            "Labels": {
                "com.docker.compose.config-hash": "ccb1d575c41352be5745fe0611afbcfb47bee2953159ae4d17aad6b6ac380c26",
                "com.docker.compose.container-number": "1",
                "com.docker.compose.depends_on": "mongodb:service_started,elasticsearch:service_started",
                "com.docker.compose.image": "sha256:a2705548029a105aa0a5fe79a6e9c3d92d4a624b519d0f5ab67862a68138423c",
                "com.docker.compose.oneoff": "False",
                "com.docker.compose.project": "graylog",
                "com.docker.compose.project.config_files": "/home/uadmin/Docker/Graylog/compose.yaml",
                "com.docker.compose.project.working_dir": "/home/uadmin/Docker/Graylog",
                "com.docker.compose.service": "graylog",
                "com.docker.compose.version": "2.14.1",
                "maintainer": "Graylog, Inc. <hello@graylog.com>",
                "org.label-schema.build-date": "2022-12-14T15:57:38Z",
                "org.label-schema.description": "Official Graylog Docker image",
                "org.label-schema.name": "Graylog Docker Image",
                "org.label-schema.schema-version": "1.0",
                "org.label-schema.url": "https://www.graylog.org/",
                "org.label-schema.vcs-ref": "",
                "org.label-schema.vcs-url": "https://github.com/Graylog2/graylog-docker",
                "org.label-schema.vendor": "Graylog, Inc.",
                "org.label-schema.version": "5.0.1"
            }
        },
        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "44a74b851c8298b69b36a19f31c327445a0e13639c383879512f697240731e3f",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {},
            "SandboxKey": "/var/run/docker/netns/44a74b851c82",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "",
            "Gateway": "",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "",
            "IPPrefixLen": 0,
            "IPv6Gateway": "",
            "MacAddress": "",
            "Networks": {
                "graylog_graylog_backend": {
                    "IPAMConfig": {
                        "IPv4Address": "10.10.10.2"
                    },
                    "Links": [
                        "graylog-mongodb-1:mongo",
                        "graylog-mongodb-1:mongodb-1",
                        "graylog-mongodb-1:graylog-mongodb-1",
                        "graylog-elasticsearch-1:elasticsearch",
                        "graylog-elasticsearch-1:elasticsearch-1",
                        "graylog-elasticsearch-1:graylog-elasticsearch-1"
                    ],
                    "Aliases": [
                        "graylog-graylog-1",
                        "graylog",
                        "5ce7fed1ccb8"
                    ],
                    "NetworkID": "a8ed596cd6d7427f869458366dab0168f2682f091e762a3e4163b8b1b4303ae4",
                    "EndpointID": "15dd4975a40f76e1324d8d9d8ba4dd55aba191080fdd6d83403b37ba722ed365",
                    "Gateway": "10.10.10.1",
                    "IPAddress": "10.10.10.2",
                    "IPPrefixLen": 24,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:0a:0a:0a:02",
                    "DriverOpts": null
                },
                "macvlan70": {
                    "IPAMConfig": {
                        "IPv4Address": "192.168.70.3"
                    },
                    "Links": [
                        "graylog-mongodb-1:mongo",
                        "graylog-mongodb-1:mongodb-1",
                        "graylog-mongodb-1:graylog-mongodb-1",
                        "graylog-elasticsearch-1:elasticsearch",
                        "graylog-elasticsearch-1:elasticsearch-1",
                        "graylog-elasticsearch-1:graylog-elasticsearch-1"
                    ],
                    "Aliases": [
                        "graylog-graylog-1",
                        "graylog",
                        "5ce7fed1ccb8"
                    ],
                    "NetworkID": "4663a4b40f994de81c1b9a55312163270d1cf59bf8be56043920ab293c99e888",
                    "EndpointID": "36c6bc23c59d4a99d1c292397cc7d72ad2cbbb15646a8bdb19f713b29e75f318",
                    "Gateway": "192.168.70.1",
                    "IPAddress": "192.168.70.3",
                    "IPPrefixLen": 24,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:c0:a8:46:03",
                    "DriverOpts": null
                }
            }
        }
    }
]

Is there anybody in the Graylog-Community, who knows how to put the host and the container(s) in the same macvlan? Or is there a better solution to using macvlans?

I asked the same question here:

but no answer so far.

Hey,

The Browswer is on what network? if its different,you need access from that VLAN.
This is network routing issue.

From that screenshot your on two different netoworks, So let’s say I logged on to my PC on 192.168.30.100, which the browswer is on. and Graylog is on let’s say 192.168.70.100. This is where DNS should route you to that Ip address/Web UI

Hi @gsmith,

My browser/laptop is on 192.168.10.6.
Ubuntu-server (host) is on 192.168.70.2, IP-address provided by DHCP from router.
Graylog-docker-container is on 192.168.70.3, IP-address provided by Docker-macvlan.

If I stop the Graylog-container, I can ssh into the ubuntu-server. If I start the Graylog-docker-container, I can access Graylog, but I cannot ssh into the ubuntu anymore.

Could this be some hardware limitation on the networking card? A miss-configuration on my docker network-settings?

EDIT:
I tested it again: I cannot reach Ubuntu, nor Graylog. Does this have to do with the mac-adresses? Do eno1, eno1.30 and eno1.70 share the same mac-adresses our should those be different?

EDIT2:
In my Unifi-environment, the server and the container have different mac-addresses.

I changed my macvlan70 to a ipvlan70 and now, my host is reachable via ssh on 192.168.70.2, where as Graylog is reachable on 192.168.70.3.
Graylog is not visible anymore in my routers dashboard of connected devices, because there is not mac-address to the container…

Well, for now, I can live with this. If someone has an explanation, why it is not possible to have host and container on the same vlan, I am happy to learn something.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.