I have a Jenkins stack running in my Docker Swarm. I want to use the Jenkins Docker Swarm plugin to allow me to use my swarm to spin up slaves, but I cannot figure out the API URI section.
It requires it in the format http://ip:2376 and I can see that my Docker daemon is exposed as the socket but also as tcp://ip:2376 but it can't seem to connect back to the host. I am using Traefik as a reverse proxy and the jenkins is in the proxy network as it has an external URL.
Do I need to add a config to Traefik to allow the container to talk to the host?
You need to expose the docker daemon via tcp on port 2376, try the following:
On your swarm manger node:
vi /etc/systemd/system/docker.service.d/override.conf
The content should be:
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -H tcp://0.0.0.0:2376
Then restart docker daemon.
When you now exec docker infoyou will get a message like this:
WARNING: API is accessible on http://0.0.0.0:2376 without encryption.
...
Now you can give your jenkins the following URL:
http://your.docker.manager.ip:2376
Related
I've already make my my host Docker daemon protected by the steps in this official page. However my zabbix agent does not work. It was monitored status of the docker containers by the following module enabled in file /etc/zabbix/zabbix_agentd.conf.d/docker.conf:
LoadModule=zabbix_module_docker.so
What should I do?
I've solved it by adding docker socket, /var/run/docker.sock, to the daemon's hosts list:
dockerd --tlsverify --tlscacert=ca.pem --tlscert=server-cert.pem --tlskey=server-key.pem -H=0.0.0.0:2376 -H unix:///var/run/docker.sock
Just this!
I have an allowed IP range to configure dockers and I want to export docker daemon on a port?
I have exposed it using the standard way on 2375 port the docker connects on docker -H tcp://localhost:2375 ps
but when I connect using ip address or hostname it doesnot work
docker -H tcp://hostname:2375 ps
This command doesn't work
You need to start the docker daemon to listen on port 2375, so something like:
dockerd -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock
then you need to tell the docker client how to connect to the server. A common way to do so is using the DOCKER_HOST environment variable. Like
export DOCKER_HOST=tcp://192.168.99.101:2375
docker info
Note, you need to change 192.168.99.101 to the IP address of your server.
You also need to make sure that the server does not block port 2375 with its firewall.
I'm trying to connect to a Manager with swarm version 1.12.1 from the docker client:
$ docker -H tcp://MY_MANAGER_1_IP:2377 info
I got the following error message:
Are you trying to connect to a TLS-enabled daemon without TLS?
Anyone has idea, thank you in advance.
The integrated docker swarm in 1.12 is managed via the docker host, not via the swarm port as you would have done before in the standalone swarm product (which you can still install in a 1.12 environment if you wish). Connect to the docker host as you always have, and manage it via docker swarm, docker service, and docker node commands.
The port you open for the integrated swarm isn't for the docker API, it's for traffic between swarm managers and workers. To see the info on the swarm, the docker info on the swarm manager will include some details, and docker node will give a status of managers and workers. Note that this also means you cannot submit jobs to the integrated swarm with a docker -H ... run ... command, you must use the new docker service commands to manage containers in the new swarm.
For remote access to any docker host, which would let you run API commands from another machine, see the docs on securing the Docker API which is a procedure to enable TLS and setup the daemon to listen for external traffic instead of using the docker.sock socket.
I have installed the Docker build step plugin for Jenkins.
The documentation is telling me:
Name : Choose a name for this Docker cloud provider
Docker URL: The URL to use to access your Docker server API (e.g: http://172.16.42.43:4243)
How can I find my URL to the REST API (I have Docker installed on my host)?
If you are on Linux and need to connect to Docker API on the local machine, its URL is probably unix:///var/run/docker.sock, like it is mentioned in documentation: Develop with Docker Engine SDKs and API
By default the Docker daemon listens on unix:///var/run/docker.sock and the client must have root access to interact with the daemon. If a group named docker exists on your system, docker applies ownership of the socket to the group.
This might be helpful if you are connecting to Docker from a JetBrains IDE.
Here are two approaches.
How do I access the Docker REST API remotely?
Warning: After this setup your Docker REST API port (in this case 1111) is exposed to remote
access.
Here is how I enabled it on Ubuntu 16.04 (Xenial Xerus).
Edit the docker service file (it is better to avoid directly editing /lib/systemd/system/docker.service as it will be replaced on upgrades)
sudo systemctl edit docker.service
Add the following content
[Service]
ExecStart=
ExecStart=/usr/bin/docker daemon -H fd:// -H tcp://0.0.0.0:1111
For docker 18+, the content is a bit different:
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -H tcp://0.0.0.0:1111
Save the modified file. Here I used port 1111, but any free port can be used.
Make sure the Docker service notices the modified configuration:
systemctl daemon-reload
Restart the Docker service:
sudo service docker restart
Test
curl http://localhost:1111/version
See the result
{"Version":"17.05.0-ce","ApiVersion":"1.29","MinAPIVersion":"1.12","GitCommit":"89658be","GoVersion":"go1.7.5","Os":"linux","Arch":"amd64","KernelVersion":"4.15.0-20-generic","BuildTime":"2017-05-04T22:10:54.638119411+00:00"}
Now you can use the REST API.
How do I access the Docker REST API through a socket (from localhost)?
Connect the internal Unix socket somewhat like this,
Using curl
curl --unix-socket /var/run/docker.sock http:/localhost/version
And here is how to do it using PHP
$fs = fsockopen('/var/run/docker.sock');
fwrite($fs, "GET / HTTP/1.1\r\nHOST: http:/images/json\r\n\r\n");
while (!feof($fs)) {
print fread($fs,256);
}
In PHP 7 you can use curl_setopt with the CURLOPT_UNIX_SOCKET_PATH option.
It depends on your host, but look for /etc/default/docker or /var/lib/boot2docker/profile (for Docker Machine hosts using a boot2docker VM).
You will see the port used by the docker daemon, for instance:
DOCKER_OPTS="-H unix:// -H tcp://0.0.0.0:2375"
^^^^^
Then get the IP address of the machine hosting your Docker daemon.
(With a Docker Machine created host, that would be: docker-machine ip <yourmachine>.)
The URL to use is the combination of those the IP address and the port.
If you are on windows:
npipe:////./pipe/docker_engine
source: https://docs.docker.com/docker-for-windows/faqs/#how-do-i-connect-to-the-remote-docker-engine-api
I have installed Ubuntu and Docker. I am trying to launch Raik container:
$ DOCKER_RIAK_AUTOMATIC_CLUSTERING=1 DOCKER_RAIK_CLUSTER_SIZE=5 DOCKER_RIAK_BACKEND=leveldb make start-cluster ./bin/start
and get the error message:
It looks like the environment variable DOCKER_HOST has not been set.
The Riak cluster cannot be started unless this has been set
appropriately. For example:
export DOCKER_HOST="tcp://127.0.0.1:2375"
If I set
export DOCKER_HOST="tcp://127.0.0.1:2375"
all my other containers stop working and said, that can not find the Docker daemon.
It looks like my Docker damon use other than 2375 port. How can I check it ?
By default, the docker daemon will use the unix socket unix:///var/run/docker.sock (you can check this is the case for you by doing a sudo netstat -tunlp and note that there is no docker daemon process listening on any ports). It's recommended to keep this setting for security reasons but it sounds like Riak requires the daemon to be running on a TCP socket.
To start the docker daemon with a TCP socket that anybody can connect to, use the -H option:
sudo docker -H 0.0.0.0:2375 -d &
Warning: This means machines that can talk to the daemon through that TCP socket can get root access to your host machine.
Related docs:
http://basho.com/posts/technical/running-riak-in-docker/
https://docs.docker.com/install/linux/linux-postinstall/#configure-where-the-docker-daemon-listens-for-connections
Prepare extra configuration file. Create a file named /etc/systemd/system/docker.service.d/docker.conf. Inside the file docker.conf, paste below content:
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock
Note that if there is no directory like docker.service.d or a file named docker.conf then you should create it.
Restart Docker. After saving this file, reload the configuration by systemctl daemon-reload and restart Docker by systemctl restart docker.service.
Check your Docker daemon. After restarting docker service, you can see the port in the output of systemctl status docker.service
like /usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock.
Hope this may help
Thank you!
Reference docs of docker: https://docs.docker.com/install/linux/linux-postinstall/#configure-where-the-docker-daemon-listens-for-connections
There are 2 ways in configuring the docker daemon port
1) Configuring at /etc/default/docker file:
DOCKER_OPTS="-H tcp://127.0.0.1:5000 -H unix:///var/run/docker.sock"
2) Configuring at /etc/docker/daemon.json:
{
"debug": true,
"hosts": ["tcp://127.0.0.1:5000", "unix:///var/run/docker.sock"]
}
If the docker default socket is not configured Docker will wait for infinite period.i.e
Waiting for /var/run/docker.sock
Waiting for /var/run/docker.sock
Waiting for /var/run/docker.sock
Waiting for /var/run/docker.sock
Waiting for /var/run/docker.sock
NOTE : BUT DON'T CONFIGURE IN BOTH THE CONFIGURATION FILES, the following error may occur :
Waiting for /var/run/docker.sock
unable to configure the Docker daemon with file /etc/docker/daemon.json: the following directives are specified both as a flag and in the configuration file: hosts: (from flag: [tcp://127.0.0.1:5000 unix:///var/run/docker.sock], from file: tcp://127.0.0.1:5000)
The reason for adding both the user port[ tcp://127.0.0.1:5000] and default docker socket[unix:///var/run/docker.sock] is that the user port enables the access to the docker APIs whereas the default socket enables the CLI. In case the default port[unix:///var/run/docker.sock] is not mentioned in /etc/default/docker file the following error may occur:
# docker ps
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
This error is not because that the docker is not running, but because of default docker socket is not enabled.
Once the configuration is enabled restart the docker service and verify the docker port is enabled or not:
# netstat -tunlp | grep -i 5000
tcp 0 0 127.0.0.1:5000 0.0.0.0:* LISTEN 31661/dockerd
Applicable for Docker Version 17.04, may vary with different versions of docker.
Since I also had the same problem of "How to detect a docker daemon port" however I had on OSX and after little digging in I found the answer. I thought to share the answer here for people coming from osx.
If you visit known-issues from docker for mac and github issue, you will find that by default the docker daemon only listens on unix socket /var/run/docker.sock and not on tcp. The default port for docker is 2375 (unencrypted) and 2376(encrypted) communication over tcp(although you can choose any other port).
On OSX its not straight forward to run the daemon on tcp port. To do this one way is to use socat container to redirect the Docker API exposed on the unix domain socket to the host port on OSX.
docker run -d -v /var/run/docker.sock:/var/run/docker.sock -p 127.0.0.1:2375:2375 bobrik/socat TCP-LISTEN:2375,fork UNIX-CONNECT:/var/run/docker.sock
and then
export DOCKER_HOST=tcp://localhost:2375
However for local client on mac os you don't need to export DOCKER_HOST variable to test the api.
If you run ps -aux | grep dockerd you should see the endpoints it is running on.
Try add -H tcp://0.0.0.0:2375(at end of Execstart line) instead of -H 0.0.0.0:2375.