We Keep Coding

Connect celery-flower and prometheus in separate docker-compose files

I want to connect celery-flower and prometheus. I work following this instruction - https://github.com/mher/flower/blob/master/docs/prometheus-integration.rst
I have 2 docker-compose.yml.
app/docker-compose.yml
celery-flower:
...
container_name: celery-flower
command: celery -A configs flower -l INFO --url_prefix=flower --port=5555 --persisten=True
ports:
- "5555:5555"
networks:
- default
- flower
networks:
default:
flower:
external: true
observability/docker-compose.yml
prometheus:
...
volumes:
- $PWD/prometheus.yml:/etc/prometheus/prometheus.yml
command:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--storage.tsdb.path=/prometheus'
- '--web.console.libraries=/etc/prometheus/console_libraries'
- '--web.console.templates=/etc/prometheus/consoles'
- '--web.enable-lifecycle'
expose:
- 9090
ports:
- 9090:9090
networks:
- observability
- flower
networks:
observability:
flower:
external: true
observability/prometheus.yml
scrape_configs:
- job_name: flower
static_configs:
- targets:
- celery-flower:5555
But i don't see celery-flower on the http://localhost:9090/graph
Both containers see the flower network (via docker inspect)
Ping from prometheus container
PING celery-flower (172.21.0.3): 56 data bytes
64 bytes from 172.21.0.3: seq=0 ttl=64 time=0.122 ms
64 bytes from 172.21.0.3: seq=1 ttl=64 time=0.113 ms
64 bytes from 172.21.0.3: seq=2 ttl=64 time=0.116 ms
64 bytes from 172.21.0.3: seq=3 ttl=64 time=0.093 ms
64 bytes from 172.21.0.3: seq=4 ttl=64 time=0.072 ms
64 bytes from 172.21.0.3: seq=5 ttl=64 time=0.076 ms
--- celery-flower ping statistics ---
6 packets transmitted, 6 packets received, 0% packet loss
round-trip min/avg/max = 0.072/0.098/0.122 ms
Connection
telnet celery-flower 5555
Connected to celery-flower

Incorrect command for celery-flower running (need to remove --url_prefix=flower)
app/docker-compose.yml
celery-flower:
restart: always
image: mher/flower:1.2.0
container_name: celery-flower
command: celery flower -l INFO --persisten=True
volumes:
- flower_data:/data
environment:
- CELERY_BROKER_URL=redis://redis:6379
ports:
- 5555:5555
networks:
- default
- flower

Register gitab-runner throws cannot assign requested address (ubuntu, docker)

Hello everyone,
I have been fighting with this for 7 days now and am getting nowhere (only frustrated). I really hope someone can help me. Please keep in mind that I am no network expert, as I believe the problem lies here.
The problem:
Attempts to register a gitlab-runner results in this error:
screenshot of the error
The setup
Everything is installed on a single server in my home network. So it's
- Laptop accessing the server
Internet - Router (FritzBox) 192.168.1.1 - Server 192.168.1.100
- Other
The server runs
Ubuntu 18.04.4 LTS
Docker version 19.03.8, build afacb8b7f0
I got my gitlab and gitlab-runner working a few months ago without https (I figured being a one-man team inside my own network I don't need https). I used docker-compose to run gitlab, postgresql and redis and 'normal' docker to run a gitlab-runner. That too was a struggle for me and it took me a while to figure out that I had to use url = "http://192.168.1.100:30080/" to register the runner.
But then I decided to upgrade to https using a self-signed certificate. I did this because I wanted to use the gitlab-buildin docker registry to speed up my builds, and as I understand that requires https.
I succeeded with gitlab. I can view my repositores, push changed, create issues and whatnot. But, as the title says, I am unable to register a gitlab-runner over https.
docker-compose.yml
Lets start with the docker-compose, which starts postgres, redis, gitlab and now also the gitlab-runner:
version: '3.7'
services:
postgresql:
restart: always
image: postgres:12-alpine
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "10"
environment:
- POSTGRES_USER=xxxxxxxxxxx
- POSTGRES_PASSWORD=xxxxxxxxxxx
- POSTGRES_DB=xxxxxxxxxxx
volumes:
- /opt/postgresql:/var/lib/postgresql:rw
redis:
restart: always
image: redis:5-alpine
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "10"
gitlab:
image: 'gitlab/gitlab-ce'
restart: always
hostname: 'treffer-technologies.home-webserver.de'
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "10"
links:
- postgresql:postgresql
- redis:redis
environment:
GITLAB_OMNIBUS_CONFIG: |
# postgres
postgresql['enable'] = false
gitlab_rails['db_username'] = "xxxxxxxxxxx"
gitlab_rails['db_password'] = "xxxxxxxxxxx"
gitlab_rails['db_host'] = "postgresql"
gitlab_rails['db_port'] = "5432"
gitlab_rails['db_database'] = "xxxxxxxxxxx"
gitlab_rails['db_adapter'] = 'postgresql'
gitlab_rails['db_encoding'] = 'utf8'
# redis
redis['enable'] = false
gitlab_rails['redis_host'] = 'redis'
gitlab_rails['redis_port'] = '6379'
# nginx
nginx['redirect_http_to_https'] = true
registry_nginx['redirect_http_to_https'] = true
# email
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.gmail.com"
gitlab_rails['smtp_port'] = 587
gitlab_rails['smtp_user_name'] = "xxxxxxxxxxx"
gitlab_rails['smtp_password'] = "xxxxxxxxxxx"
gitlab_rails['smtp_domain'] = "xxxxxxxxxxx"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = false
gitlab_rails['smtp_openssl_verify_mode'] = 'peer'
# other
gitlab_rails['gitlab_shell_ssh_port'] = 30022
# https://docs.gitlab.com/omnibus/settings/ssl.html#lets-encrypt-integration
external_url 'https://treffer-technologies.home-webserver.de:30443'
# registry
registry_external_url 'https://treffer-technologies.home-webserver.de:30090'
ports:
# host:container
# both ports must match the port from external_url above
- "30080:30080"
# the mapped port must match ssh_port specified above.
- "30022:22"
# https
- "30443:30443"
# registry
- "30090:30090"
volumes:
- /opt/gitlab/config:/etc/gitlab:rw
- /opt/gitlab/log:/var/log/gitlab:rw
- /opt/gitlab/data:/var/opt/gitlab:rw
depends_on:
- postgresql
- redis
runner:
image: 'gitlab/gitlab-runner:alpine'
restart: always
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "10"
volumes:
- /opt/gitlab-runner/config:/etc/gitlab-runner
- /var/run/docker.sock:/var/run/docker.sock
depends_on:
- gitlab
As you can see, the url of my gitlab is https://treffer-technologies.home-webserver.de:30443.
gitlab-runner register
And here is the registration code:
docker run --rm -t -i -v /opt/gitlab-runner/config:/etc/gitlab-runner gitlab/gitlab-runner:alpine --debug register \
--non-interactive \
--executor "docker" \
--docker-image alpine:3 \
--url "https://treffer-technologies.home-webserver.de:30443" \
--registration-token "xxxxxxxxxxx" \
--description "gitlab-runner-docker" \
--tag-list "build,test,deploy" \
--locked="false"
which, wenn executed, results in this error:
Runtime platform arch=amd64 os=linux pid=6 revision=4c96e5ad
version=12.9.0
Checking runtime mode GOOS=linux uid=0
Running in system-mode.
Trying to load /etc/gitlab-runner/certs/treffer-technologies.home-webserver.de.crt ...
Dialing: tcp treffer-technologies.home-webserver.de:30443 ...
ERROR: Registering runner... failed runner=xxxxxxxx status=couldn't execute
POST against https://treffer-technologies.home-webserver.de:30443/api/v4/runners:
Post https://treffer-technologies.home-webserver.de:30443/api/v4/runners:
dial tcp [2001:16b8:a582:1800:314f:5277:9434:77ad]:30443:
connect: cannot assign requested address
PANIC: Failed to register this runner. Perhaps you are having network problems
According to Supported options for self-signed certificates I copied the same certificate I created and use for my gitlab to /opt/gitlab-runner/config/certs/treffer-technologies.home-webserver.de.crt. The content beginns with -----BEGIN, so I think it is encoded in PEM.
Firewall
ufw is inactive until this problem is resolved.
Logs
As far as I can tell, the registration process is not reaching my gitlab, since I can find no signs of a request in the gitlab logs. This is why I believe I have a network problem.
Probing gitlab-runner container
Using docker-compose exec runner /bin/sh I found out that:
ping gitlab
PING gitlab (172.22.0.5): 56 data bytes
64 bytes from 172.22.0.5: seq=0 ttl=64 time=0.055 ms
64 bytes from 172.22.0.5: seq=1 ttl=64 time=0.105 ms
64 bytes from 172.22.0.5: seq=2 ttl=64 time=0.150 ms
64 bytes from 172.22.0.5: seq=3 ttl=64 time=0.154 ms
64 bytes from 172.22.0.5: seq=4 ttl=64 time=0.151 ms
^C
--- gitlab ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.055/0.123/0.154 ms
172.22.0.5 is exactly the IP of the docker-container gitlab, as expected. However, using register against https://gitlab:30443 results in
Dialing: tcp gitlab:30443 ...
ERROR: Registering runner... failed runner=xxxxxx
status=couldn't execute POST against https://gitlab:30443/api/v4/runners: Post https://gitlab:30443/api/v4/runners: dial tcp: lookup gitlab on 8.8.8.8:53: no such host
PANIC: Failed to register this runner. Perhaps you are having network problems
ping treffer-technologies.home-webserver.de
PING treffer-technologies.home-webserver.de (2001:16b8:a582:1800:314f:5277:9434:77ad): 56 data bytes
ping: sendto: Address not available
Adding the line
172.22.0.5 treffer-technologies.home-webserver.de
to the hosts of the gitlab-runner-container makes the ping work, but the register still results in
Trying to load /etc/gitlab-runner/certs/treffer-technologies.home-webserver.de.crt ...
Dialing: tcp treffer-technologies.home-webserver.de:30443 ...
ERROR: Registering runner... failed runner=xxxxxxxx status=couldn't execute POST against https://treffer-technologies.home-webserver.de:30443/api/v4/runners: Post https://treffer-technologies.home-webserver.de:30443/api/v4/runners: dial tcp [2001:16b8:a582:1800:314f:5277:9434:77ad]:30443: connect: cannot assign requested address
PANIC: Failed to register this runner. Perhaps you are having network problems
/etc/hosts
of gitlab-runner docker container
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.22.0.4 0181ad73e31f
# manually added to make ping work
# 172.22.0.5: gitlab-container
172.22.0.5 treffer-technologies.home-webserver.de
of host / the server
127.0.0.1 localhost
127.0.1.1 HP-ProDesk-400-G5-Desktop-Mini
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
The self-signed certificate
I used this guide. Basically, I did openssl genrsa and used treffer-technologies.home-webserver.de and FQDN. The content starts with ----- BEGIN.
More information
Thank you for reading all of this. If you want to help and need more information I will provide them as fast as I can. Thanks :)
edit: entered image description, typos, grammar (I am german), removed statement that this is my first question (not true, it is my second), added probing gitlab-container, changed ips to reflect the current state after my tinkering

I found a working setup:
after noticing that running register against 192.168.1.100 resulted in a different error:
different erros for different register targets
I created a self-signed SSL using this guide which includes 192.168.1.100 alongside treffer-technologies.home-webserver.de. Than I moved that into gitlab-runner/config/certs/ca.crt instead of gitlab-runner/config/certs/treffer-technologies.home-webserver.de.crt.
[ v3_ca ]
subjectAltName = #alternate_names
# added manually
# https://stackoverflow.com/questions/21488845/how-can-i-generate-a-self-signed-certificate-with-subjectaltname-using-openssl
[ alternate_names ]
DNS.1 = treffer-technologies.home-webserver.de
DNS.2 = www.treffer-technologies.home-webserver.de
IP = 192.168.1.100
With that, gitlab-runner picked up the certificate and the register was successful. No need to edit any hosts or add additional networks or links to docker. I dont know if this is the proper way to do it but at least it works for me

RHEL8 and docker-compose default network error EHOSTUNREACH

We have been using single container Docker images for some time without issues on RHEL8. We need to move toward integrating multiple services using docker-compose but have not been successful in even simple attempts.
We are using Mongo (mongo:4.2.3-bionic) and NodeJS (node:alpine).
We created a simple node application which is trying to add a single document to a MongoDB collection. The code for dbwrite.js is:
var MongoClient = require('mongodb').MongoClient;
MongoClient.connect("mongodb://mongo:27017/", function(err, mongodb) {
if (err) throw err;
var mongodbo = mongodb.db("test");
var doc = {"payload":"test doc"};
mongodbo.collection("test2").insertOne(doc, function(err, res) {
if (err) throw err;
});
mongodb.close();
});
The Dockerfile for dbwrite.js is:
FROM node:alpine
ADD . /
CMD ["node", "dbwrite.js"]
The Mongo container was pulled from DockerHub as was the Node container.
The docker-compose.yaml file:
version: '3.1'
services:
mongo:
image: mongo:4.2.3-bionic
container_name: mongo
restart: always
ports:
- 27017:27017
volumes:
- ./mongo_db:/data/db
app:
image: dbwrite:v0.1
container_name: dbwrite
If we perform "docker-compose up" the dbwrite container throws an error:
dbwrite | /node_modules/mongodb/lib/topologies/server.js:233
dbwrite | throw err;
dbwrite | ^
dbwrite |
dbwrite | MongoNetworkError: failed to connect to server [mongo:27017] on first connect [Error: connect EHOSTUNREACH 172.22.0.2:27017
dbwrite | at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1137:16) {
dbwrite | name: 'MongoNetworkError',
dbwrite | [Symbol(mongoErrorContextSymbol)]: {}
dbwrite | }]
dbwrite | at Pool.<anonymous> (/node_modules/mongodb/lib/core/topologies/server.js:438:11)
dbwrite | at Pool.emit (events.js:321:20)
dbwrite | at /node_modules/mongodb/lib/core/connection/pool.js:561:14
dbwrite | at /node_modules/mongodb/lib/core/connection/pool.js:994:11
dbwrite | at /node_modules/mongodb/lib/core/connection/connect.js:31:7
dbwrite | at callback (/node_modules/mongodb/lib/core/connection/connect.js:264:5)
dbwrite | at Socket.<anonymous> (/node_modules/mongodb/lib/core/connection/connect.js:294:7)
dbwrite | at Object.onceWrapper (events.js:428:26)
dbwrite | at Socket.emit (events.js:321:20)
dbwrite | at emitErrorNT (internal/streams/destroy.js:84:8) {
dbwrite | name: 'MongoNetworkError',
dbwrite | [Symbol(mongoErrorContextSymbol)]: {}
dbwrite | }
dbwrite exited with code 1
Rebuilding the container (doing it the hard way -- I know -- but wanting to keep everything as identical as possible), and replacing the Dockerfile CMD line
CMD ["node", "dbwrite.js"]
with
CMD ["ping", "-c", "20", "mongo"]
yields normal ping responses from "mongo" so I believe the default network was created right and the DNS is happening as expected, yet my node application gets EHOSTUNREACH.
dbwrite | 64 bytes from 172.22.0.2: seq=15 ttl=64 time=0.072 ms
dbwrite | 64 bytes from 172.22.0.2: seq=16 ttl=64 time=0.080 ms
dbwrite | 64 bytes from 172.22.0.2: seq=17 ttl=64 time=0.067 ms
dbwrite | 64 bytes from 172.22.0.2: seq=18 ttl=64 time=0.121 ms
dbwrite | 64 bytes from 172.22.0.2: seq=19 ttl=64 time=0.097 ms
dbwrite |
dbwrite | --- mongo ping statistics ---
dbwrite | 20 packets transmitted, 20 packets received, 0% packet loss
dbwrite | round-trip min/avg/max = 0.065/0.086/0.121 ms
dbwrite exited with code 0
If we edit the dbwrite.js code and replace, "mongo" in the connect() method with "localhost" and execute "node dbwrite.js" from the localhost (outside a container), the Document to the Collection. The Mongo container log reports that it is listening on 0.0.0.0.
mongo | 2020-02-10T19:35:26.337+0000 I NETWORK [listener] Listening on 0.0.0.0
mongo | 2020-02-10T19:35:26.337+0000 I NETWORK [listener] waiting for connections on port 27017
While I don't have the output captured, previous executions of "docker network inspect" showed both containers and their assigned IPv4 addresses on 172.22.0.x/16. IPAM showed using the default driver "bridge" on subnet 172.22.0.0/16 and a gateway of 172.22.0.1.
Any suggestions on what could be wrong would be greatly appreciated. We are on the verge of down-grading off RHEL8 to see if that is related to our problem given that Red Hat so vocally claims NOT to support Docker. Seems like it is some network security issue since ICMP ping can traverse the bridge but TCP socket connection cannot.

Failure to connect to configured mongo instance (Connection refused)

Based on this guide:
https://docs.opsmanager.mongodb.com/current/tutorial/install-simple-test-deployment/
I am installing MongoDB and MongoDB Manager. I have created a docker image for each application and start them on the same virtual network:
docker network create --driver bridge mongo-network
with:
MongoDB:
docker run -ti -d --network mongo-network -p 27017:27017 --name mongodb-container mongodb-image
docker exec -ti -u mongod mongodb-container "mongod --port 27017 --dbpath /data/appdb --logpath /data/appdb/mongodb.log --wiredTigerCacheSizeGB 1 --fork"
And verified that its up and running with:
$ docker exec -ti -u mongod mongodb-container tail -f /data/appdb/mongodb.log
2019-04-21T15:26:05.208+0000 I CONTROL [initandlisten] ** WARNING: This server is bound to localhost.
2019-04-21T15:26:05.208+0000 I CONTROL [initandlisten] ** Remote systems will be unable to connect to this server.
2019-04-21T15:26:05.208+0000 I CONTROL [initandlisten] ** Start the server with --bind_ip <address> to specify which IP
2019-04-21T15:26:05.208+0000 I CONTROL [initandlisten] ** addresses it should serve responses from, or with --bind_ip_all to
2019-04-21T15:26:05.208+0000 I CONTROL [initandlisten] ** bind to all interfaces. If this behavior is desired, start the
2019-04-21T15:26:05.208+0000 I CONTROL [initandlisten] ** server with --bind_ip 127.0.0.1 to disable this warning.
2019-04-18T06:23:35.268+0000 I CONTROL [initandlisten]
2019-04-18T06:23:35.269+0000 I STORAGE [initandlisten] createCollection: admin.system.version with provided UUID: c0736278-72ec-4dfc-893c-8105eefa0ba8
2019-04-18T06:23:35.320+0000 I COMMAND [initandlisten] setting featureCompatibilityVersion to 4.0
2019-04-18T06:23:35.341+0000 I STORAGE [initandlisten] createCollection: local.startup_log with generated UUID: 397c17a3-3c5e-4605-b4dc-8a936dd9e40e
2019-04-18T06:23:35.394+0000 I FTDC [initandlisten] Initializing full-time diagnostic data capture with directory '/data/appdb/diagnostic.data'
2019-04-18T06:23:35.396+0000 I NETWORK [initandlisten] waiting for connections on port 27017
2019-04-18T06:23:35.397+0000 I STORAGE [LogicalSessionCacheRefresh] createCollection: config.system.sessions with generated UUID: ac7bdb6e-4a60-430f-b1a4-34b09012e6da
2019-04-18T06:23:35.475+0000 I INDEX [LogicalSessionCacheRefresh] build index on: config.system.sessions properties: { v: 2, key: { lastUse: 1 }, name: "lsidTTLIndex", ns: "config.system.sessions", expireAfterSeconds: 1800 }
2019-04-18T06:23:35.475+0000 I INDEX [LogicalSessionCacheRefresh] building index using bulk method; build may temporarily use up to 500 megabytes of RAM
2019-04-18T06:23:35.477+0000 I INDEX [LogicalSessionCacheRefresh] build index done. scanned 0 total records. 0 secs
MongoDB Manager:
docker run -ti -d --network mongo-network -p 8080:8080 --name mongodb-manager-container mongodb-manager-image
docker exec -ti -u root mongodb-manager-container "/opt/mongodb/mms/bin/mongodb-mms start"
Below error message:
Generating new Ops Manager private key...
Starting pre-flight checks
Failure to connect to configured mongo instance:Config{
loadBalance=false,
encryptedCredentials=false,
ssl='false',
dbNames=' [
mmsdb,
mmsdbprovisionlog,
mmsdbautomation,
mmsdbserverlog,
mmsdbpings,
mmsdbprofile,
mmsdbrrd,
mmsdbconfig,
mmsdblogcollection,
mmsdbjobs,
mmsdbagentlog,
mmsdbbilling,
backuplogs,
automationcore,
monitoringstatus,
mmsdbautomationlog,
automationstatus,
ndsstatus,
cloudconf,
backupdb,
mmsdbprovisioning,
mmsdbqueues
] ',
uri=mongodb://mongodb-container:27017/?maxPoolSize=150
}Error:Timed out after 30000 ms while waiting to connect. Client view of cluster state is{
type=UNKNOWN,
servers= [
{
address=mongodb-container:27017,
type=UNKNOWN,
state=CONNECTING,
exception= {
com.mongodb.MongoSocketOpenException:Exception opening socket
},
caused by {
java.net.ConnectException:Connection refused (Connection refused)
}
}
]
And for mongodb - based on suggestions below - I am now using:
/etc/mongod.conf:
# network interfaces
net:
port: 27017
#bindIp: 127.0.0.1 # Enter 0.0.0.0,:: to bind to all IPv4 and IPv6 addresses or, alternatively, use the net.bindIpAll setting.
bindIp: 0.0.0.0,::
and for MongoDB manager I am specifying the name of the mongodb container in:
/opt/mongodb/mms/conf/conf-mms.properties
#mongo.mongoUri=mongodb://127.0.0.1:27017/?maxPoolSize=150
#mongo.mongoUri=mongodb://0.0.0.0:27017/?maxPoolSize=150
mongo.mongoUri=mongodb://mongodb-container:27017/?maxPoolSize=150
I have verified that I can ping mongodb-container from mongodb-manager-container with:
docker exec -it -u root mongodb-manager-container bash
[root#e23a34bf2161 /]# ping mongodb-container
PING mongodb-container (172.18.0.2) 56(84) bytes of data.
64 bytes from mongodb-container.mongo-network (172.18.0.2): icmp_seq=1 ttl=64 time=0.077 ms
64 bytes from mongodb-container.mongo-network (172.18.0.2): icmp_seq=2 ttl=64 time=0.059 ms
64 bytes from mongodb-container.mongo-network (172.18.0.2): icmp_seq=3 ttl=64 time=0.052 ms
^C
--- mongodb-container ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2042ms
rtt min/avg/max/mdev = 0.052/0.062/0.077/0.013 ms
[root#e23a34bf2161 /]#
What am I missing?
EDIT:
Based on below suggestions I have now tried:
docker network create --driver bridge mongo-network
docker run -ti -d --network mongo-network -p 27017:27017 --name mongodb-container mongodb-image
# Copy modified version of mongod.conf file to container before starting mongodb
docker cp mongod.conf mongodb-container:/etc/mongod.conf
docker exec -ti -u mongod mongodb-container "mongod --port 27017 --dbpath /data/appdb --logpath /data/appdb/mongodb.log --wiredTigerCacheSizeGB 1 --fork"
docker run -it --rm --net container:mongodb-container nicolaka/netshoot ss -lnt
Which gives:
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 127.0.0.11:36001 0.0.0.0:*
LISTEN 0 128 127.0.0.1:27017 0.0.0.0:*
Not sure if this is expected/good output and why I need to spin up container from the nicolaka/netshoot image...
EDIT 2:
As suggested below if I pass: --bind_ip_all on the command line for starting mongod it works:
docker exec -ti -u mongod mongodb-container "mongod --bind_ip_all --port 27017 --dbpath /data/appdb --logpath /data/appdb/mongodb.log --wiredTigerCacheSizeGB 1 --fork"
So it seems when running as a docker container it completely ignores the /etc/mongod.conf file and you need to specify all the options in the docker exec command instead :-(

DNS on the container name will resolve to the container ip. To connect to mongo on that name, even from inside the container, you need to have mongo listening on all interfaces:
# network interfaces
net:
port: 27017
bindIp: 0.0.0.0,::

The problem was that it was ignoring the configuration in /etc/mongod.conf file. After googling e.g.:
https://jira.mongodb.org/browse/SERVER-36572
I found that you need to pass the --config parameter to mongod e. to get it to read the mongod.conf file e.g.:
mongod --config /etc/mongod.conf
and with docker:
docker exec -ti -u mongod mongodb-container "mongod --config /etc/mongod.conf"
After doing the above I can now get it to listen on all interfaces with the below configuration in /etc/mongod.conf:
# network interfaces
net:
port: 27017
bindIp: 0.0.0.0

You are running two separate containers and expect them to talk to each other over localhost? That never gonna work. You have to add "--link mongodb-container:mongo" to second docker run command and then use address mongodb://mongo:27017 in manager container.

How to pass container ip as ENV to other container in docker-compose file

this is my docker-compose file:
version: '3.0'
services:
app-web:
restart: always
build: ./web
environment:
PG_HOST: $(APP_DB_IP)
PG_PORT: 5432
ports:
- "8081:8080"
links:
- app-db
app-db:
build: ./db
expose:
- "5432"
volumes:
- /var/lib/postgresql/data
I want to pass to app-web the ip of app-db (Postgresql in this case) as ENV var so it can connect to the DB smoothly... any idea on how to achieve it?

You actually don't need to do any of this, since you're already using the links feature in Docker Compose. Just get rid of the PG_HOST variable and use the app-db hostname:
services:
app-web:
restart: always
build: ./web
environment:
PG_PORT: 5432
ports:
- "8081:8080"
links:
- app-db
Since you included the app-db entry under links, you can simply use app-db as a hostname in your app-web container. Docker will set up a hostname mapping in the app-web container that resolves the app-db hostname to the database container's IP address.
You can verify that by running the following, which will try to ping the app-db container from the app-web container:
docker-compose exec app-web bash -c "ping app-db"
This should show output from the ping command showing the resolved IP address of the app-db container, for example like this:
PING app-db (172.19.0.2): 56 data bytes
64 bytes from 172.19.0.2: icmp_seq=0 ttl=64 time=0.055 ms
64 bytes from 172.19.0.2: icmp_seq=1 ttl=64 time=0.080 ms
64 bytes from 172.19.0.2: icmp_seq=2 ttl=64 time=0.098 ms
Press ctrl+c to stop the ping command.
Like shown in the other answer, if you still want to pass in the hostname (which is probably a good idea, just in case you ever want to point to a different database), you can just use app-db as a value:
services:
app-web:
restart: always
build: ./web
environment:
PG_HOST: app-db
PG_PORT: 5432
ports:
- "8081:8080"
links:
- app-db

You can use app-db as name instead of ip, docker will automatically determine what the right ip. As stated in the Docker docs: A container can always discover other containers on the same stack using just the container name as hostname.
So in your example you can use:
environment:
PG_HOST: app-db
Source:https://docs.docker.com/docker-cloud/apps/service-links/#discovering-containers-on-the-same-service-or-stack