I've switched docker daemon to listen on TCP port (more here). Docker command (cli) is already working, but when I run shipyard with this docker-compose I don't see any image which was visible before. Should I change something in the docker-compose or this won't work ever?
Thanks
Solution was to configure the service (in my case on CentOs)
creating file
/etc/systemd/system/docker.service.d/override.conf
with content
[Service]
ExecStart=
ExecStart=/usr/bin/docker daemon -H tcp://0.0.0.0:2375 -H fd:// --insecure-registry 10.0.1.70:5000
and reloading and restarting the daemon did the trick.
so I have both tcp and ?filedscriptor?
Related
I have launched Jenkins as a Docker container and in the Jenkins dashboard I am configuring the Docker plugin to communicate with the Docker daemon. However, when I add "-H tcp://0.0.0.0:2375" in the Docker daemon and I restart Docker, executing any docker commands results in the message: "Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?"
This is the first time I am working with Docker and Jenkins and I have spent a lot of time looking for a solution everywhere.
I have modified the /lib/systemd/system/docker.service by replacing the line:
ExecStart=/usr/bin/dockerd
with
ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375
Then I restart the Docker daemon:
systemctl daemon-reload
systemctl reload docker
systemctl restart docker.service
I check that the process is listening in the port 2375:
netstat -lntp | grep dockerd
tcp6 0 0 :::2375 :::* LISTEN 10855/dockerd
When I try any docker command I get the following:
docker ps
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
Docker normally listens on the unix socket /var/run/docker.sock. You have asked it to instead listen on the tcp socket tcp://0.0.0.0:2375, so attempts by the client to connect to the default unix socket will fail.
If you want it to listen to both places, then you need:
dockerd -H tcp://0.0.0.0:2735 -H unix:///var/run/docker.sock
Thank so much, I was forgetting to also add listening on the default UNIX socket /var/run/docker.sock. Now, I can use Jenkins and and its Docker plugin.
I installed docker on an Ubuntu 16.04 following the official directions and am successfully running the registry as a container. I want to remote connect into another container, so I try:
docker -H tcp://1.2.3.4:2375 exec -it 19f36d1bdfaf /bin/bash
And I get an error:
error during connect: Post
http://1.2.3.4:2375/v1.29/containers/19f36d1bdfaf/exec: dial tcp
1.2.3.4:2375: connectex: No connection could be made because the target machine actively refused it.
Why am I getting this error and how do I resolve it?
The docker.json file has contents:
{
"hosts": [
"tcp://0.0.0.0:2375",
"npipe://"
]
}
When I view the services it looks like the daemon is not listening on tcp://0.0.0.0:2375 as I would expect (this is just for testing, I'm going to secure this once I can get it actually working):
UPDATE:
Got it to partially work by creating a daemon.json file (a copy of docker.json), then running:
sudo dockerd
The problem with this is that now the client does not work: docker info results in an error:
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
UPDATE and SOLUTION:
Andreas' answer helped me realize the daemon was not being run properly. Looking at that screenshot earlier in this post, the docker daemon was not being launched with the right -H option. I then found this Github issue which solved the problem. So all that was needed was:
Edit the $DOCKER_OPTS variable in /etc/default/docker: DOCKER_OPTS="-H tcp://0.0.0.0:2375" (note that this is not very secure, it's just for testing)
Edit the /lib/systemd/system/docker.service file by adding a line under [Service] for the EnvironmentFile: EnvironmentFile=-/etc/default/docker then update the ExecStart line: ExecStart=/usr/bin/dockerd $DOCKER_OPTS -H fd://
Restart the service sudo service docker restart
Restart the daemon with systemctl daemon-reload
Note that I did not add a daemon.json file -- I left the existing docker.json file.
By default the docker daemon isn't exposed to the outside world for security reasons. You can of course change this setting when starting your docker daemon with the -H flag.
To test it out, you can simply start your daemon manually (be sure to stop the service before). Assuming 1.2.3.4 is the ip of the host running the daemon you want to connect to.
<path to>/dockerd -H tcp://1.2.3.4:2375
Or you bind it to all network interfaces:
<path to>/dockerd -H tcp://0.0.0.0:2375
You can provide more than one -H option here to not disable the unix socket when binding to the tcp socket. For details on the daemon binding options, please see the docs (Bind Docker to another host/port or a Unix socket).
To have this permanently, you can configure your daemon startup settings in a daemon.json file where you can also specify an array of hosts. Please see the docs (Configure the Docker daemon) and Linux configuration File for this, too.
{
"hosts": [
"tcp://0.0.0.0:2375",
"unix:///var/run/docker.sock"
]
}
You can provide a list of entries for hosts, so your daemon can listen to tcp and the unix socket at the same time.
Please be aware that by just binding to tcp 0.0.0.0 anyone that is able to reach your machine is also able to start containers remotely and thus is almost able to do anything on your system like with a really bad root user password. You should only do this for testing or in an environment that is isolated / firewalled correctly.
Andreas' answer helped me realize the daemon was not being run properly. Looking at that screenshot earlier in this post, the docker daemon was not being launched with the right -H option. I then found this Github issue which solved the problem. So all that was needed was:
Edit the $DOCKER_OPTS variable in /etc/default/docker: DOCKER_OPTS="-H tcp://0.0.0.0:2375" (note that this is not very secure, it's just for testing)
Edit the /lib/systemd/system/docker.service file by adding a line under [Service] for the EnvironmentFile: EnvironmentFile=-/etc/default/docker then update the ExecStart line: ExecStart=/usr/bin/dockerd $DOCKER_OPTS -H fd://
Restart the service sudo service docker restart
Note that I did not add a daemon.json file -- I left the existing docker.json file.
I'm in the process of setting up a Docker Swarm cluster
Im on this step:
sudo docker daemon -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock
However, it looks like it's not deamonizing it (the program is still holding the screen)
How do I daemonize it?
You need to make sure you run the daemon as a background process using nohup / &, using your example:
sudo nohup docker daemon -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock &
Note: docker daemon has been deprecated and this should be dockerd now.
This is no different than running any other Linux process in the background: How to run process as background and never die?
I have added
DOCKER_OPTS="-H tcp://0.0.0.0:2375"
to /etc/default/docker to make the Docker API accessible on my host machine (I'm running Docker in Virtualbox on an Ubuntu VM). However, when I try to run any Docker commands now, I just get this error message:
Cannot connect to the Docker daemon. Is the docker daemon running on this host?
I have tried sudo service docker restart, and restarted the machine, but nothing has worked. Any idea what the problem is?
To use the daemon through the tcp socket the option -H tcp://0.0.0.0:2375 should be added to the command docker (both for the daemon and run).
To access the daemon with its default unix socket make sure that the Docker daemon is also started with the option -H=unix:///var/run/docker.sock.
Note that using the tcp is dangerous if you do not trust the network you are in. Here is the doc from the man page:
-H, --host=[unix:///var/run/docker.sock]: tcp://[host]:[port][path] to bind or unix://[/path/to/socket] to use.
The socket(s) to bind to in daemon mode specified using one or more
tcp://host:port/path, unix:///path/to/socket, fd://* or fd://socketfd.
If the tcp port is not specified, then it will default to either 2375 when
--tls is off, or 2376 when --tls is on, or --tlsverify is specified.
I have installed Ubuntu and Docker. I am trying to launch Raik container:
$ DOCKER_RIAK_AUTOMATIC_CLUSTERING=1 DOCKER_RAIK_CLUSTER_SIZE=5 DOCKER_RIAK_BACKEND=leveldb make start-cluster ./bin/start
and get the error message:
It looks like the environment variable DOCKER_HOST has not been set.
The Riak cluster cannot be started unless this has been set
appropriately. For example:
export DOCKER_HOST="tcp://127.0.0.1:2375"
If I set
export DOCKER_HOST="tcp://127.0.0.1:2375"
all my other containers stop working and said, that can not find the Docker daemon.
It looks like my Docker damon use other than 2375 port. How can I check it ?
By default, the docker daemon will use the unix socket unix:///var/run/docker.sock (you can check this is the case for you by doing a sudo netstat -tunlp and note that there is no docker daemon process listening on any ports). It's recommended to keep this setting for security reasons but it sounds like Riak requires the daemon to be running on a TCP socket.
To start the docker daemon with a TCP socket that anybody can connect to, use the -H option:
sudo docker -H 0.0.0.0:2375 -d &
Warning: This means machines that can talk to the daemon through that TCP socket can get root access to your host machine.
Related docs:
http://basho.com/posts/technical/running-riak-in-docker/
https://docs.docker.com/install/linux/linux-postinstall/#configure-where-the-docker-daemon-listens-for-connections
Prepare extra configuration file. Create a file named /etc/systemd/system/docker.service.d/docker.conf. Inside the file docker.conf, paste below content:
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock
Note that if there is no directory like docker.service.d or a file named docker.conf then you should create it.
Restart Docker. After saving this file, reload the configuration by systemctl daemon-reload and restart Docker by systemctl restart docker.service.
Check your Docker daemon. After restarting docker service, you can see the port in the output of systemctl status docker.service
like /usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock.
Hope this may help
Thank you!
Reference docs of docker: https://docs.docker.com/install/linux/linux-postinstall/#configure-where-the-docker-daemon-listens-for-connections
There are 2 ways in configuring the docker daemon port
1) Configuring at /etc/default/docker file:
DOCKER_OPTS="-H tcp://127.0.0.1:5000 -H unix:///var/run/docker.sock"
2) Configuring at /etc/docker/daemon.json:
{
"debug": true,
"hosts": ["tcp://127.0.0.1:5000", "unix:///var/run/docker.sock"]
}
If the docker default socket is not configured Docker will wait for infinite period.i.e
Waiting for /var/run/docker.sock
Waiting for /var/run/docker.sock
Waiting for /var/run/docker.sock
Waiting for /var/run/docker.sock
Waiting for /var/run/docker.sock
NOTE : BUT DON'T CONFIGURE IN BOTH THE CONFIGURATION FILES, the following error may occur :
Waiting for /var/run/docker.sock
unable to configure the Docker daemon with file /etc/docker/daemon.json: the following directives are specified both as a flag and in the configuration file: hosts: (from flag: [tcp://127.0.0.1:5000 unix:///var/run/docker.sock], from file: tcp://127.0.0.1:5000)
The reason for adding both the user port[ tcp://127.0.0.1:5000] and default docker socket[unix:///var/run/docker.sock] is that the user port enables the access to the docker APIs whereas the default socket enables the CLI. In case the default port[unix:///var/run/docker.sock] is not mentioned in /etc/default/docker file the following error may occur:
# docker ps
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
This error is not because that the docker is not running, but because of default docker socket is not enabled.
Once the configuration is enabled restart the docker service and verify the docker port is enabled or not:
# netstat -tunlp | grep -i 5000
tcp 0 0 127.0.0.1:5000 0.0.0.0:* LISTEN 31661/dockerd
Applicable for Docker Version 17.04, may vary with different versions of docker.
Since I also had the same problem of "How to detect a docker daemon port" however I had on OSX and after little digging in I found the answer. I thought to share the answer here for people coming from osx.
If you visit known-issues from docker for mac and github issue, you will find that by default the docker daemon only listens on unix socket /var/run/docker.sock and not on tcp. The default port for docker is 2375 (unencrypted) and 2376(encrypted) communication over tcp(although you can choose any other port).
On OSX its not straight forward to run the daemon on tcp port. To do this one way is to use socat container to redirect the Docker API exposed on the unix domain socket to the host port on OSX.
docker run -d -v /var/run/docker.sock:/var/run/docker.sock -p 127.0.0.1:2375:2375 bobrik/socat TCP-LISTEN:2375,fork UNIX-CONNECT:/var/run/docker.sock
and then
export DOCKER_HOST=tcp://localhost:2375
However for local client on mac os you don't need to export DOCKER_HOST variable to test the api.
If you run ps -aux | grep dockerd you should see the endpoints it is running on.
Try add -H tcp://0.0.0.0:2375(at end of Execstart line) instead of -H 0.0.0.0:2375.