AgentSkillsCN

networking

使用Podman Compose为RabbitMQ配置容器网络

SKILL.md
--- frontmatter
name: networking
description: Container networking configuration for RabbitMQ with Podman compose
license: MIT
compatibility: opencode
metadata:
  networking: container
  tool: podman
  domain: infrastructure

What I Do

Provide networking configuration and troubleshooting guidance for RabbitMQ container deployment in the crypto-scout ecosystem.

Network Architecture

code
┌─────────────────────────────────────────────────────────────────┐
│                         Host System                              │
│                                                                  │
│  ┌──────────────────────────────────────────────────────────┐   │
│  │              crypto-scout-bridge (Network)                │   │
│  │                                                           │   │
│  │   ┌──────────────┐         ┌─────────────────────┐       │   │
│  │   │ crypto-scout │◀───────▶│  crypto-scout-      │       │   │
│  │   │     -mq      │  5672   │    client           │       │   │
│  │   │              │  5552   │                     │       │   │
│  │   └──────┬───────┘         └─────────────────────┘       │   │
│  │          │                                               │   │
│  │          │  ┌─────────────────────┐                      │   │
│  │          └──▶  crypto-scout-      │                      │   │
│  │             │    collector        │                      │   │
│  │             └─────────────────────┘                      │   │
│  │                                                           │   │
│  └──────────────────────────────────────────────────────────┘   │
│                                                                  │
│  External access: 127.0.0.1:15672 ──▶ Management UI             │
└─────────────────────────────────────────────────────────────────┘

Port Configuration

Internal Ports (Container Network Only)

PortProtocolPurposeExposure
5672AMQPQueue messagingContainer only
5552StreamsStream messagingContainer only
4369EPMDErlang discoveryContainer only
25672ClusteringInter-node communicationContainer only

External Ports (Host Access)

PortBindingPurpose
15672127.0.0.1:15672Management UI (localhost only)

Network Configuration

External Network Creation

bash
# Create once for all services using helper script
./script/network.sh

# Or manually
podman network create crypto-scout-bridge

# Verify creation
podman network ls
podman network inspect crypto-scout-bridge

Compose Network Declaration

yaml
networks:
  crypto-scout-bridge:
    name: crypto-scout-bridge
    external: true

Service Network Attachment

yaml
services:
  crypto-scout-mq:
    networks:
      - crypto-scout-bridge

DNS and Discovery

Container Hostnames

yaml
services:
  crypto-scout-mq:
    hostname: crypto_scout_mq  # Underscores for Erlang compatibility
    container_name: crypto-scout-mq

Service Discovery

Services connect using container names:

java
// From crypto-scout-client
Environment.builder()
    .host("crypto-scout-mq")  // Container name resolves
    .port(5552)
    .build();

Advertised Host (Streams)

ini
# rabbitmq.conf
stream.advertised_host = crypto_scout_mq
stream.advertised_port = 5552

Connectivity Testing

From Host

bash
# Management UI (localhost only)
curl http://127.0.0.1:15672

# AMQP/Streams NOT accessible from host
nc -zv localhost 5672  # Should fail
nc -zv localhost 5552  # Should fail

From Other Containers

bash
# Test from client container
podman exec crypto-scout-client nc -zv crypto-scout-mq 5672
podman exec crypto-scout-client nc -zv crypto-scout-mq 5552

# Test DNS resolution
podman exec crypto-scout-client nslookup crypto-scout-mq

# Ping test
podman exec crypto-scout-client ping -c 3 crypto-scout-mq

Diagnostics

bash
# Container network info
podman inspect crypto-scout-mq | jq '.[0].NetworkSettings.Networks'

# IP address
podman inspect -f '{{.NetworkSettings.IPAddress}}' crypto-scout-mq

# Check listening ports
podman exec crypto-scout-mq rabbitmq-diagnostics -q listeners

Troubleshooting

Connection Refused

bash
# Check if RabbitMQ is running
podman ps | grep crypto-scout-mq
./script/rmq_compose.sh status

# Check logs for startup errors
podman logs crypto-scout-mq

# Verify port binding
podman exec crypto-scout-mq netstat -tlnp

DNS Resolution Failure

bash
# Check network connectivity
podman exec crypto-scout-client ping crypto-scout-mq

# Verify network membership
podman inspect crypto-scout-mq | grep -A 10 "Networks"

# Restart with network
./script/rmq_compose.sh down
./script/rmq_compose.sh up -d

Port Conflicts

bash
# Check host port usage
lsof -i :15672
lsof -i :5672
lsof -i :5552

# Change management port if needed
# In podman-compose.yml:
ports:
  - "127.0.0.1:15673:15672"

Network Not Found

bash
# Create network if missing
./script/network.sh

# Or manually
podman network create crypto-scout-bridge

# Then restart service
./script/rmq_compose.sh restart

Advanced Configuration

Custom Subnet

bash
# Create network with specific subnet
podman network create \
  --subnet 10.88.10.0/24 \
  --gateway 10.88.10.1 \
  crypto-scout-bridge

IPv6 Support

yaml
# podman-compose.yml
networks:
  crypto-scout-bridge:
    enable_ipv6: true
    ipam:
      config:
        - subnet: 2001:db8::/64

MTU Configuration

yaml
# If experiencing network issues
networks:
  crypto-scout-bridge:
    driver_opts:
      mtu: 1400

Security Considerations

Network Isolation

bash
# Verify no host exposure for AMQP/Streams
podman port crypto-scout-mq
# Should only show: 127.0.0.1:15672 -> 15672

# Verify internal ports not exposed
podman inspect crypto-scout-mq | grep -A 20 PortBindings

Inter-Service Communication

  • Services should use container names for DNS resolution
  • No hardcoded IP addresses
  • Communication encrypted at application level if needed
  • All services must be on crypto-scout-bridge network

Performance Tuning

Connection Limits

yaml
ulimits:
  nofile:
    soft: 65536
    hard: 65536

Network Mode

yaml
# For host networking (not recommended for production)
network_mode: host

Monitoring

Network Metrics

bash
# Container network I/O
podman stats crypto-scout-mq

# Connection count
podman exec crypto-scout-mq rabbitmqctl list_connections | wc -l

# Network interfaces in container
podman exec crypto-scout-mq ip addr

Bridge Network Inspection

bash
# Inspect the bridge network
podman network inspect crypto-scout-bridge

# List containers on network
podman network inspect crypto-scout-bridge | jq '.[0].containers'

When to Use Me

Use this skill when:

  • Setting up container networking
  • Troubleshooting connectivity issues
  • Configuring service discovery
  • Understanding port exposure
  • Implementing network security
  • Optimizing network performance
  • Debugging DNS resolution