I have a docker-compose.yml file that starts my application server. I then use a few different tools to run integration/stress tests against it.
However, on my Mac the application server starts on localhost, and on Windows it starts on the VirtualBox VM at 192.168.99.100.
I've heard that docker-machine ip is a cross-platform way to "find" your Docker containers, and it works for Windows:
Craig#Work-PC MINGW64 ~
$ docker-machine ip
192.168.99.100
But on my Mac:
craig$ docker-machine ip
Error: No machine name(s) specified and no "default" machine exists
Is there a way to use docker-machine or some other already established method for finding the container hostname in a cross-platform way?
My goal would be to have this run out-of-the-box without any config on both a new Mac, and new Windows, environment. I can update all my scripts to check for Windows vs Mac (vs Unix), but then I have to duplicate the logic in a bunch of different places.
Docker machine provides a wrapper around setting $DOCKER_HOST in your environment. So you can check this variable, if it's defined strip off the port number and that's your target IP. And if it's not defined, you can use localhost.
Related
I have been running a media cluster for sometime without any issues. I have everything networked into two different docker networks... the first network just bridges the docker instance to the local machine, the second network is a docker VPN container that I use for the other media services (an earlier version of what I am working on can be found here: https://github.com/Xander-Rudolph/MediaDocker)
The strangest thing happened today though. I ran the docker update for windows and now docker spools up without any errors or issues, however none of the services work outside of the machine running docker. Usually I have a poke through for a couple of the services in my router (namely wordpress/joomla which is on the bridge) and they work outside of my local network, but none of them are working anymore. I was able to confirm its not the DNS A record because I'm able to use the RDP ports I have mapped for my router, and when I test on another machine in the same network, it can't access the services via the internal IP (but it can RDP).
Anyone have any idea what could have changed to break this? I've already updated all my docker images and even rebuilt my VPN container (before I realized its a networking issue). What are some steps I can do to try to troubleshoot what is going wrong in docker to prevent access outside of localhost?
Update
I've been able to rule out the docker update as the root cause... I upgraded docker on my laptop (which was previously running the same version as my desktop) and its not having the same issue... this configuration must be localized to this desktop... No idea what the issue is... Will try a linux VM on the desktop instead of docker for windows...
Update 2
After a lot of screwing around in both a VM and in WSL, I'm still only able to access the docker services from localhost but not a different machine on my network or via the IP on the host machine (perhaps something similar to this: Can't access localhost via IP address). RDP does work so the computer is accessible but the services are not.
I'm not sure if this is a result of a docker networking config or a windows network config (I'm using WSL with docker installed on ubuntu 20.08) but I'm not seeing anything stick out. I'm going to remove the tag for docker windows but this is definitely an issue with networking and I suspect it has something to do with the fact that the containers are running behind a VPN... although I don't know why I would be able to access them on localhost but not the IP on another VM...
When I run
netstat -a -o
on WSL I can see the established ports on localhost... EX:
tcp 0 0 localhost:7878 localhost:37520 ESTABLISHED
but when I look on the host machine (for wsl) I don't see the connection. I tried to use netsh to create a firewall rule to see if that would help:
netsh advfirewall firewall add rule name="TCP Port 7878" dir=in localport=7878 protocol=TCP action=allow
but it didn't have any effect.
Any suggestions for ways to trace the network to see where/how its failing/getting blocked would be extremely helpful.
Your question: "...What are some steps I can do to try to troubleshoot what is going wrong in docker to prevent access outside of localhost?..."
Troubleshooting help for you, first do you have multiple networking adapters (Ethernet, Wi-Fi, etc.) present on the host. First ensure, the priority of these adapters needs to be configured in correct order so the Windows networking stack can correctly choose gateway routes.
Now, to fix this set your primary internet-connected networking adapter to have the lowest InterfaceMetric value, use can use these Powershell commands from an elevated console:
Get-NetIPInterface -AddressFamily IPv4 | Sort-Object -Property InterfaceMetric -Descending
Please ensure that the host's primary internet-connected network adapter has the lowest InterfaceMetric value.
// Use this command to make the change for e.g. lets say your
// primary adapter InterfaceAlias is 'Wi-Fi'
Set-NetIPInterface -InterfaceAlias 'Wi-Fi' -InterfaceMetric 3
Now step two, if your host's primary network adapter is bridged because you have an External virtual switch setup in Hyper-V, then you will set the external virtual switch to have the lowest InterfaceMetric value.
Lastly, confirm/verify your routing tables, when you run this, the last line should show the primary adapter's gateway address along with it's ifMetric value):
Get-NetRoute -AddressFamily IPv4
If you’re using Docker Toolbox then any port you publish with docker run -p will be published on the Toolbox VM’s private IP address.
docker-machine ip will tell you.
It is frequently
192.168.99.100
Taken from: https://forums.docker.com/t/cant-connect-to-container-on-localhost-with-port-mapping/52716/25
After several attempts using the references below, I was still not getting anywhere. The recommendation by #derple didn't get me anywhere (since I was in wsl) but the article he linked someone had said they switched to linux and uninstalled and reinstalled docker desktop... and for some stupid reason that works.
These are my exact steps I took to fix it:
Uninstall docker desktop
Install WSL and docker inside an ubuntu18.04 instance in wsl
Test docker in wsl with localhost (worked only on localhost still)
Uninstall WSL using windows add/remove features
reinstall docker desktop
Oddly the get-netipinterface and get-netroute look exactly the same as they did before I did the uninstall and reinstall but things seem to be working now... I have no idea why the above worked...
I have Docker Desktop installed on my Mac (not Docker Toolkit) and I installed docker-machine according to the official documentation
I'm triying to add my localhost Docker engine like a docker node under docker machine with no success.
The steps that I made were:
Enable sshd in localhost (ssh localhost works)
Add localhost Docker to Docker Machine:
docker-machine create --driver generic --generic-ip-address 127.0.0.1 --generic-ssh-user <"ssh_username"> <node_name>
Running pre-create checks...
Creating machine...
(localhost) No SSH key specified. Assuming an existing key at the default location.
Waiting for machine to be running, this may take a few minutes...
Detecting operating system of created instance...
Waiting for SSH to be available...
Password:
Detecting the provisioner...
Password:
Error creating machine: Error detecting OS: Error getting SSH command: ssh command error:
command : cat /etc/os-release
err : exit status 1
output : cat: /etc/os-release: No such file or directory
Output of docker-machine ls
docker-machine ls
NAME ACTIVE DRIVER STATE URL SWARM DOCKER ERRORS
localhost - generic Running tcp://127.0.0.1:2376 Unknown Unable to query docker version: Cannot connect to the docker engine endpoint
Sorry for my English, I'm not native.
docker-machine is dangerous. I wouldn't recommend it for managing production servers as it requires passwordless sudo and makes it very easy to damage your Docker installation. I managed to completely remove all containers an images from a server, not realizing the command I ran was not merely connecting to the server, but initializing it from scratch.
If you want to control multiple Docker daemons from single CLI try Docker Contexts.
Edit:
docker-machine's purpose is provisioning and managing machines with Docker daemon.
It can be used both with local VM's and with various cloud providers. With a single command it can create and start a VM, then install and configure Docker on that new VM (including generating TLS certificates).
It can create an entire Docker Swarm cluster.
It can also install Docker on a physical machine, given SSH access with passwordless sudo (that is what generic driver you tried to use is for).
Once a machine is fully provisioned with Docker it also can set environment variables that configure Docker CLI to send commands to a remote Docker daemon installed on that machine - see here for details.
Finally, one can also add machines with Docker manually configured by not using any driver - as described here. The only purpose of that is to allow for a unified workflow when switching between various remote machines.
However, as I stated before docker-machine is dangerous - it can also remove existing VMs and in case of physical machines reprovsion them, thereby removing all existing images, containers, etc. A simple mistake can wipe a server clean. Not to mention it requires both key-based SSH and passwordless sudo, so if an unauthorized person gets their hands on an SSH key for a production server, then that's it - they have full root access to everything.
It is possible to use docker-machine with preexisting Docker installations safely - you need to add them without using any driver as described here. In this scenario, however, most docker-machine commands won't work, so the only benefit is easy generation of those environment variables for Docker CLI I mentioned before.
Docker Contexts are a new way of telling Docker CLI which Docker daemon it's supposed to communicate with. They essentially are meant to replace all those environment variables docker-machine generates.
Since Docker CLI only communicates with Docker daemon, there is no risk of accidentally deleting a VM or reprovisioning already configured physical machine. And since they are a part of Docker CLI, there is no need to install additional software.
On the other hand, Docker contexts cannot be used to create or provision new machines - one needs to either do that manually or use some other mechanism or tool (like Vagrant or some kind of template provided by the cloud provider).
So if you really need a tool that'll let you easily create, provision and remove docker-enabled machines then use docker-machine. If, however, all you wan is to have a list of all your Docker-enabled machines in one place and a way to easily set up which one your local Docker CLI is supposed to talk to, Docker Contexts are a much safer alternative.
here's the thing: I tried to install docker inside a windows which runs inside virtualbox, and off course I failed due it's not possible (now I know this is due Hyper-V not used by virtualbox and required by docker).
Since for me migrating to VMWare ain't an option, I dig a little bit and found out that there's no problem on running docker inside a linux distro (which runs inside a vbox), so here's the question.
Is it possible to run 2 different virtual machines with virtualbox, one with linux (running docker inside it), and the other one with windows as my development environment, both at the same time and to develop on windows and then deploy and run tests on docker? If this is possible, how? Any links or keywords for me to search for would be appreciated.
Sure! You need to do following steps:
You should set your VMs network so then can see easily each other https://superuser.com/questions/119732/how-to-do-networking-between-virtual-machines-in-virtualbox
You should expose docker daemon on TCP socket on VM with linux https://success.docker.com/article/how-do-i-enable-the-remote-api-for-dockerd
On VM with windows you need to create some override for docker client so he will connect to remote daemon on linux machine https://gist.github.com/kekru/4e6d49b4290a4eebc7b597c07eaf61f2#create-bat-file-for-windows
Please keep in mind when you expose some service under ports you won't access that on VM with windows on localhost - instead of that you need to type: :
I'm trying to learn Docker and so far I have run into a lot of "work arounds" that are needed in docker-machine but not in boot2docker.
My current issue is accessing my docker containers from my host.
I have my Windows host, running a VM created with docker-machine, and inside that docker VM I'm running a simple nginx server container.
The nginx container is ran to expose it's 80 port to the docker-machine's 8000.
docker run -d -p 8000:80 nginx
And what I'm trying to achieve is being able to open this server from my Windows using a browser.
If I in Windows use curl (Git bash, not ssh-ed into the docker-machine VM) using the IP that docker-machine ip gives me, then it works. But using my browser doesn't (I'm using Microsoft Edge currently), I can get the browser to work if I set up a NAT port forwarding.
curl $(docker-machine ip dev):8000
As I've read it should be possible to access the VM ports without specifying port forwarding rules for every port, that VirtualBox should expose and forward those automatically.
What am I doing wrong or do I have to specify port forwarding rules for every port between my VM and host OS that I want to use?
After another day of digging I had the wild and crazy idea to try another browser and it works fine.
So for anyone running into this issue and you're using Microsoft Edge (to try it out like me), switch browser. Chrome and even old IE works fine.
In Bash, $(docker-machine ip dev) means "run the command docker-machine ip dev, take the output of that command and insert it into the command-line here".
If you run
docker-machine ip dev
in your shell, it will print an IP address which you can use in your web browser.
If you put this address in /etc/hosts (or your platform's analog) you can use a friendly alias for the IP address.
In my case, it was because my browser was configured with a proxy pac (Proxy_auto-config file) which did not include 192.169.x.y internal boot2docker machines ips.
That means:
the browser tries to contact the enterprise proxy (and that fails),
while a regular CMD shell session, with a NO_PROXY environment variable set to 192.168.x.y, would allow a curl http://192.168.x.y/... to work without a glitch.
I'm new to a docker and tried to create docker host with docker-machine.
Currently, I use VirutalBox for trial environment.
When I created docker host with docker-mahine, it created VM with Boot2Docker on VirtualBox by default. But I want to create a docker host with Ubuntu 15.10 on Virtualbox.
Is it possible to use docker-machine for creating Ubuntu based docker host on VirtualBox?
OP didn't describe how they used the generic driver to solve their problem, so here's how I did it in case anyone's interested:
Get Ubuntu Server ISO
Create a machine in VirtualBox. I called mine "Ubuntu template" because I want to learn Swarm locally, so I want a machine that I'll be able to duplicate and get subsequent machines quickly after the longer initial setup.
Enable bridged networking instead of NAT for the machine in the settings
Start the machine and install Ubuntu using the ISO. During installation it'll give you an option to install OpenSSH, select that option. It'll also ask you to create a new user. I called mine "ubuntu" with password "ubuntu". You'll use this user a few times, so set the credentials to something easy to remember
After installation, switch to root: sudo su
Change root's password to something easy to remember using passwd
Generate keys: ssh-keygen
Make the keys you just generated authorized: cp ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys
Edit the file /etc/ssh/sshd_config and change the line with "PermitRootLogin" so it reads PermitRootLogin yes
Restart SSH to activate the changes: service ssh restart
Run ifconfig and take note of the machine's IP
Open terminal on your host computer
Run (with your machine's IP substituted):
ssh root#10.10.10.89 'cat ~/.ssh/id_rsa' > ~/.ssh/docker_test
Run:
ssh root#10.10.10.89 'cat ~/.ssh/id_rsa.pub' > ~/.ssh/docker_test.pub
Run (back in the VM) shutdown now
In VirtualBox, clone the template machine (check the checkbox to reinitialize MAC address). I named mine ubuntu-1
Start the new virtual machine and run echo 'ubuntu-1' > /etc/hostname and then reboot. That's only necessary if you're going to create more machines from the same template, then you'd name them ubuntu-1, ubuntu-2 and so on
Run ifconfig to find out the IP of the cloned machine
On your host machine run:
docker-machine create --driver generic --generic-ip-address 10.10.10.90 --generic-ssh-key ~/.ssh/docker_test ubuntu-1
It might take a few minutes to complete (mostly on the "Installing docker" step) but you should then have a working Ubuntu-based docker machine. You can verify that it works by running docker-machine use ubuntu-1 and then docker run hello-world
It's more involved than using Boot2Docker, but after the initial setup it should be quite workable. I haven't done too much with it yet, I just verified that it seems to work by running hello-world, so there might be more gotchas down the road like there often are with Docker.
Extra tip: VirtualBox allows you to run machines in headless mode. After the initial setup and allowing root access via SSH it'll probably be more convenient to run the machines headless and connect to them via SSH if necessary and you can close VB's GUI and the machines are now running like services in the background.
Is it possible to use docker-machine for creating Ubuntu based docker host on VirtualBox?
Yes, but not with docker-machine directly, which relies on a TinyCore-based linux distribution of 30 Mo only.
You can try and launch a full-fledge Ubuntu VM, and in it follows the regular docker installation for Ubuntu.