docker Image build時のyum connection timeout を解消する方法

発生した事象

Dockerfileをdocker buildした際にyumで詰まりました。

エラーログはこちら。

[0m[91mhttps://[IP]/mypath/rhel/7Server/repodata/repomd.xml: [Errno 12] Timeout on https://[IP]/mypath/rhel/7Server/repodata/repomd.xml: (28, 'Connection timed out after 30001 milliseconds')
Trying other mirror.
[0m[91m

 One of the configured repositories failed (myrepo Repo),
 and yum doesn't have enough cached data to continue. At this point the only
 safe thing yum can do is fail. There are a few ways to work "fix" this:

     1. Contact the upstream for the repository and get them to fix the problem.

     2. Reconfigure the baseurl/etc. for the repository, to point to a working
        upstream. This is most often useful if you are using a newer
        distribution release than is supported by the repository (and the
        packages for the previous distribution release still work).

     3. Disable the repository, so yum won't use it by default. Yum will then
        just ignore the repository until you permanently enable it again or use
        --enablerepo for temporary usage:

            yum-config-manager --disable reponame

     4. Configure the failing repository to be skipped, if it is unavailable.
        Note that yum will try to contact the repo. when it runs most commands,
        so will have to try and fail each time (and thus. yum will be be much
        slower). If it is a very temporary problem though, this is often a nice
        compromise:

            yum-config-manager --save --setopt=reponame.skip_if_unavailable=true

failure: repodata/repomd.xml from myrepo: [Errno 256] No more mirrors to try.
https://[IP]/mypath/rhel/7Server/repodata/repomd.xml: [Errno 12] Timeout on https://[IP]/mypath/rhel/7Server/repodata/repomd.xml: (28, 'Connection timed out after 30002 milliseconds')

環境

• OS: RHEL7.2
• docker:

# docker version
Client:
 Version:         1.10.3
 API version:     1.22
 Package version: docker-common-1.10.3-44.el7.x86_64
 Go version:      go1.4.2
 Git commit:      7ffc8ee-unsupported
 Built:           Fri Jun 17 15:27:21 2016
 OS/Arch:         linux/amd64

Server:
 Version:         1.10.3
 API version:     1.22
 Package version: docker-common-1.10.3-44.el7.x86_64
 Go version:      go1.4.2
 Git commit:      7ffc8ee-unsupported
 Built:           Fri Jun 17 15:27:21 2016
 OS/Arch:         linux/amd64

原因

Dockerは外部と通信する際にiptablesのNATテーブルにルールを追加し外部への通信を実現します。ここで罠なのが、iptablesの設定はメモリ上にしか載っていないためiptablesのみをrestartするとdockerが設定したNATルールが綺麗さっぱり消え去ります。

そのため、yumで使われる外部通信向けのNATルールもないのでyumが失敗するわけです。

そのため再度Dockerのルールをiptablesに載せてあげましょう。

解決策

dockerサービスをrestartする。

systemctl restart docker

※「あくまで今回の事象ではこうだったよ」という切り口の一つです。