"hairpin" connection fails with Rancher 1.3.0 on one image

I believe it is called a hairpin connection - when a container attempts to connect to itself, via an IP address external to the container.

When I attempt to run this container: solr:5.5.3 from Rancher 1.3.0 (with port 8983 exposed), if I then connect into a shell inside the container, and attempt to curl the running process:

curl http://localhost:8983

will return without problem (some kind of redirect).

However this won’t return, but should:

curl http://172.17.0.1:8983

From outside the container, I can connect to the host:

curl http://localhost:8983

And from other containers, I don’t see any problem at all.

I have this exact same container running in Rancher 1.1.4 with no problem.

Note, I destroyed the services and host, and rebuilt them from scratch (with Terraform and rancher-compose) and found exactly the same issue.

However, if I use docker-compose on the host itself to start the container, it works fine. This suggests that the problem is something to do with how Rancher is managing its networking.

What is wrong with this (public) container and why does it appear not to work in Rancher 1.3.0?

Thanks for any pointers.

I worked it out. I had upgraded a Rancher 1.1.4 to 1.2.0, and in the process it created some Infrastructure services. When I upgraded to 1.3.0, I didn’t realise that I needed to upgrade the Infrastructure Services too. After a bit of a battle (involving deleting the environment and recreating it) I managed to get a fresh set of infrastructure services up, and after that my services came up as I would have expected.