Connect to a Service running inside a docker container from outside - docker

I have a service running in a docker container (local machine). I can see the service URL in the Ambari service config.
Now I want to connect to that service using my local development environment.
I found I can connect to that within the container but when I use that URL outside in my local I get connection refused.
Cause: org.apache.http.conn.HttpHostConnectException: Connect to
xx.xx.xx.com:12008 [xx.xx.xx.com/195.169.98.101] failed: Connection refused
How to connect to a service running inside a container from outside?
In my case code execute in my local machine.

If your container has mapped its port on the VM 12008 port, you would need to make sure you have port forwarded 12008 in your VirtualBox connection settings, as I mention in "How to connect mysql workbench to running mysql inside docker?"
VBoxManage controlvm "boot2docker-vm" --natpf1 "tcp-port12008 ,tcp,,12008,,12008"
VBoxManage controlvm "boot2docker-vm" --natpf1 "udp-port12008 ,udp,,12008,,12008"

The question needs more clarification, but I will answer with some assumptions.
I used an Ambari docker image (chose this randomly based on popularity).
Then I started 3 clusters as mentioned and my amb-settings and docker ps looked like this:
anovil#anovil-Latitude-E6440:~/tmp/docker-ambari$ amb-settings
NODE_PREFIX=amb
CLUSTER_SIZE=3
AMBARI_SERVER_NAME=amb-server
AMBARI_SERVER_IMAGE=hortonworks/ambari-server:latest
AMBARI_AGENT_IMAGE=hortonworks/ambari-agent:latest
DOCKER_OPTS=
AMBARI_SERVER_IP=172.17.0.6
CONSUL=amb-consul
CONSUL_IMAGE=sequenceiq/consul:v0.5.0-v6
EXPOSE_DNS=false
DRY_RUN=false
anovil#anovil-Latitude-E6440:~/tmp/docker-ambari$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d2483a74d919 hortonworks/ambari-agent:latest "/usr/sbin/init syste" 20 minutes ago Up 20 minutes amb2
4acaec766eaa hortonworks/ambari-agent:latest "/usr/sbin/init syste" 21 minutes ago Up 20 minutes amb1
47e9419de59f hortonworks/ambari-server:latest "/usr/sbin/init syste" 21 minutes ago Up 21 minutes 8080/tcp amb-server
548730bb1824 sequenceiq/consul:v0.5.0-v6 "/bin/start -server -" 22 minutes ago Up 22 minutes 53/tcp, 53/udp, 8300-8302/tcp, 8400/tcp, 8301-8302/udp, 8500/tcp amb-consul
27c725af6531 sequenceiq/ambari "/usr/sbin/init" 23 minutes ago Up 23 minutes 8080/tcp awesome_tesla
anovil#anovil-Latitude-E6440:~/tmp/docker-ambari$
As of now, I can visit the Ambari server through: http://172.17.0.6:8080/
This works also from my host computer. However, if you want this to be connected from another computer from a similar network, then one option is to have a haproxy which does the redirection from:
localhost:8080 -> 172.17.0.6:8080
So, I created a small haproxy.cfg and Dockerfile to achieve this:
anovil#anovil-Latitude-E6440:~/tmp/docker-ambari$ cat Dockerfile
FROM haproxy:1.6
COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
anovil#anovil-Latitude-E6440:~/tmp/docker-ambari$ cat haproxy.cfg
frontend localnodes
bind *:8080
mode http
default_backend ambari
backend ambari
mode http
server ambari-server 172.17.0.6:8080 check
anovil#anovil-Latitude-E6440:~/tmp/docker-ambari$ docker build --rm -t ambariproxy .
Sending build context to Docker daemon 9.635 MB
Step 1 : FROM haproxy:1.6
---> af749d0291b2
Step 2 : COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
---> Using cache
---> 60cdd2c7bb05
Successfully built 60cdd2c7bb05
anovil#anovil-Latitude-E6440:~/tmp/docker-ambari$ docker run -d -p 8080:8080 ambariproxy
63dd026349bbb6752dbd898e1ae70e48a8785e792b35040e0d0473acb00c2834
Now if I say localhost:8080 or MY_HOST_IP:8080 I can see the ambari-server and this should work also from computers in the same network.
Hope I managed to answer your question :)
Thanks,

Related

Add a new route to a minikube application (Ansible-awx)

I installed awx-operator on my local server (let's call it GFX server) by following this tutorial: https://github.com/ansible/awx-operator
My network is like:
The GFX server :
eth0: 192.168.1.40 (local address)
tun0: 172.17.3.114 (a vpn address using openvpn)
I have a host BOX1 with:
eth0: 192.168.1.150 (local address)
I have another host BOX2 (not locally)
tun0: 172.17.3.30
When I launch a template with hello_word example on the local host (BOX1) everything went good:
When I try to launch the same template on the distant box (BOX2) I get this error:
"Failed to connect to the host via ssh: ssh: connect to host 172.17.3.30 port 22: No route to host"
Here is a diagram explaining what I have.
here is the output of docker ps command:
$docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c90bb11eecf5 gcr.io/k8s-minikube/kicbase:v0.0.30 "/usr/local/bin/entr…" 21 hours ago Up 2 hours 127.0.0.1:49157->22/tcp, 127.0.0.1:49156->2376/tcp, 127.0.0.1:49155->5000/tcp, 127.0.0.1:49154->8443/tcp, 127.0.0.1:49153->32443/tcp minikube
e4fdd5c95a5e hawkbit/hawkbit-update-server:latest-mysql "java -jar hawkbit-u…" 12 months ago Up 3 hours 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp hawkbit-server_hawkbit_1
8ab8f6efdcbf mysql:5.7 "docker-entrypoint.s…" 12 months ago Up 3 hours 0.0.0.0:3306->3306/tcp, :::3306->3306/tcp, 33060/tcp hawkbit-server_mysql_1
Question: there is a solution to let minikube add the route of the VPN ?
Thank you

Cannot conect to Docker container running in VSTS

I have a test which starts a Docker container, performs the verification (which is talking to the Apache httpd in the Docker container), and then stops the Docker container.
When I run this test locally, this test runs just fine. But when it runs on hosted VSTS, thus a hosted build agent, it cannot connect to the Apache httpd in the Docker container.
This is the .vsts-ci.yml file:
queue: Hosted Linux Preview
steps:
- script: |
./test.sh
This is the test.sh shell script to reproduce the problem:
#!/bin/bash
set -e
set -o pipefail
function tearDown {
docker stop test-apache
docker rm test-apache
}
trap tearDown EXIT
docker run -d --name test-apache -p 8083:80 httpd
sleep 10
curl -D - http://localhost:8083/
When I run this test locally, the output that I get is:
$ ./test.sh
469d50447ebc01775d94e8bed65b8310f4d9c7689ad41b2da8111fd57f27cb38
HTTP/1.1 200 OK
Date: Tue, 04 Sep 2018 12:00:17 GMT
Server: Apache/2.4.34 (Unix)
Last-Modified: Mon, 11 Jun 2007 18:53:14 GMT
ETag: "2d-432a5e4a73a80"
Accept-Ranges: bytes
Content-Length: 45
Content-Type: text/html
<html><body><h1>It works!</h1></body></html>
test-apache
test-apache
This output is exactly as I expect.
But when I run this test on VSTS, the output that I get is (irrelevant parts replaced with …).
2018-09-04T12:01:23.7909911Z ##[section]Starting: CmdLine
2018-09-04T12:01:23.8044456Z ==============================================================================
2018-09-04T12:01:23.8061703Z Task : Command Line
2018-09-04T12:01:23.8077837Z Description : Run a command line script using cmd.exe on Windows and bash on macOS and Linux.
2018-09-04T12:01:23.8095370Z Version : 2.136.0
2018-09-04T12:01:23.8111699Z Author : Microsoft Corporation
2018-09-04T12:01:23.8128664Z Help : [More Information](https://go.microsoft.com/fwlink/?LinkID=613735)
2018-09-04T12:01:23.8146694Z ==============================================================================
2018-09-04T12:01:26.3345330Z Generating script.
2018-09-04T12:01:26.3392080Z Script contents:
2018-09-04T12:01:26.3409635Z ./test.sh
2018-09-04T12:01:26.3574923Z [command]/bin/bash --noprofile --norc /home/vsts/work/_temp/02476800-8a7e-4e22-8715-c3f706e3679f.sh
2018-09-04T12:01:27.7054918Z Unable to find image 'httpd:latest' locally
2018-09-04T12:01:30.5555851Z latest: Pulling from library/httpd
2018-09-04T12:01:31.4312351Z d660b1f15b9b: Pulling fs layer
[…]
2018-09-04T12:01:49.1468474Z e86a7f31d4e7506d34e3b854c2a55646eaa4dcc731edc711af2cc934c44da2f9
2018-09-04T12:02:00.2563446Z % Total % Received % Xferd Average Speed Time Time Time Current
2018-09-04T12:02:00.2583211Z Dload Upload Total Spent Left Speed
2018-09-04T12:02:00.2595905Z
2018-09-04T12:02:00.2613320Z 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (7) Failed to connect to localhost port 8083: Connection refused
2018-09-04T12:02:00.7027822Z test-apache
2018-09-04T12:02:00.7642313Z test-apache
2018-09-04T12:02:00.7826541Z ##[error]Bash exited with code '7'.
2018-09-04T12:02:00.7989841Z ##[section]Finishing: CmdLine
The key thing is this:
curl: (7) Failed to connect to localhost port 8083: Connection refused
10 seconds should be enough for apache to start.
Why can curl not communicate with Apache on its port 8083?
P.S.:
I know that a hard-coded port like this is rubbish and that I should use an ephemeral port instead. I wanted to get it running first wirth a hard-coded port, because that's simpler than using an ephemeral port, and then switch to an ephemeral port as soon as the hard-coded port works. And in case the hard-coded port doesn't work because the port is unavailable, the error should look different, in that case, docker run should fail because the port can't be allocated.
Update:
Just to be sure, I've rerun the test with sleep 100 instead of sleep 10. The results are unchanged, curl cannot connect to localhost port 8083.
Update 2:
When extending the script to execute docker logs, docker logs shows that Apache is running as expected.
When extending the script to execute docker ps, it shows the following output:
2018-09-05T00:02:24.1310783Z CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2018-09-05T00:02:24.1336263Z 3f59aa014216 httpd "httpd-foreground" About a minute ago Up About a minute 0.0.0.0:8083->80/tcp test-apache
2018-09-05T00:02:24.1357782Z 850bda64f847 microsoft/vsts-agent:ubuntu-16.04-docker-17.12.0-ce-standard "/home/vsts/agents/2…" 2 minutes ago Up 2 minutes musing_booth
The problem is that the VSTS build agent runs in a Docker container. When the Docker container for Apache is started, it runs on the same level as the VSTS build agent Docker container, not nested inside the VSTS build agent Docker container.
There are two possible solutions:
Replacing localhost with the ip address of the docker host, keeping the port number 8083
Replacing localhost with the ip address of the docker container, changing the host port number 8083 to the container port number 80.
Access via the Docker Host
In this case, the solution is to replace localhost with the ip address of the docker host. The following shell snippet can do that:
host=localhost
if grep '^1:name=systemd:/docker/' /proc/1/cgroup
then
apt-get update
apt-get install net-tools
host=$(route -n | grep '^0.0.0.0' | sed -e 's/^0.0.0.0\s*//' -e 's/ .*//')
fi
curl -D - http://$host:8083/
The if grep '^1:name=systemd:/docker/' /proc/1/cgroup inspects whether the script is running inside a Docker container. If so, it installs net-tools to get access to the route command, and then parses the default gw from the route command to get the ip address of the host. Note that this only works if the container's network default gw actually is the host.
Direct Access to the Docker Container
After launching the docker container, its ip addresses can be obtained with the following command:
docker container inspect --format '{{range .NetworkSettings.Networks}}{{.IPAddress}} {{end}}' <container-id>
Replace <container-id> with your container id or name.
So, in this case, it would be (assuming that the first ip address is okay):
ips=($(docker container inspect --format '{{range .NetworkSettings.Networks}}{{.IPAddress}} {{end}}' nuance-apache))
host=${ips[0]}
curl http://$host/

map internal port 80 to localhost port 80 in docker

I had ran the docker image and it is showing the following:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cbcc0a6d5c1e programming_applicationserver "bin/wait-for-it.sh …" About an hour ago Up About an hour 0.0.0.0:80->80/tcp, 5436/tcp programming_applicationserver_run_3
4cb5bdbb6c1d programming_onlineaccountverifier "bin/wait-for-it.sh …" 5 days ago Up About an hour 127.0.0.1:5435->5435/tcp programming_onlineaccountverifier_1
bf39ba383cec programming_onlineballotregulator "bin/docker_entrypoi…" 5 days ago Up About an hour 8545/tcp, 127.0.0.1:5434->5434/tcp, 30303/tcp programming_onlineballotregulator_1
but when I go to localhost:80 nothing is shown.
What should I do now ?
This is likely due to an error in the application itself and not docker.
To verify that, you can go into the container and make sure the application is port is working reachable:
docker exec -it programming_applicationserver_run_3 bash
Once you are inside the container, try accessing the port using one of the following command:
curl localhost:80
wget localhost:80
If non of these are successful, this would imply that the problem is related to the application and not to docker itself.

Docker port mapping not working, "connection refused"

I have a docker container running in Windows, as per the below.
C:\magento2-devbox>docker-compose ps
Name Command State Ports
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
magento2devbox_db_046616a8b9fbb28b8fe4b01a66076f5e docker-entrypoint.sh mysqld Up 0.0.0.0:32776->3306/tcp
magento2devbox_elastic_046616a8b9fbb28b8fe4b01a66076f5e /docker-entrypoint.sh elas ... Up 0.0.0.0:32771->9200/tcp, 9300/tcp
magento2devbox_rabbit_046616a8b9fbb28b8fe4b01a66076f5e docker-entrypoint.sh rabbi ... Up 15671/tcp, 0.0.0.0:32773->15672/tcp, 25672/tcp, 4369/tcp, 5671/tcp, 0.0.0.0:32774->5672/tcp
magento2devbox_redis_046616a8b9fbb28b8fe4b01a66076f5e docker-entrypoint.sh redis ... Up 6379/tcp
magento2devbox_varnish_046616a8b9fbb28b8fe4b01a66076f5e /usr/local/bin/entrypoint.sh Up 0.0.0.0:32775->6081/tcp
magento2devbox_web_046616a8b9fbb28b8fe4b01a66076f5e /usr/local/bin/entrypoint.sh Up 0.0.0.0:32770->22/tcp, 44100/tcp, 0.0.0.0:32768->5000/tcp, 0.0.0.0:32769->80/tcp, 9000/tcp
However, when i try to reach to http://localhost:32769 which should map to the container web-server I get "connection refused". How can I start debugging what's happening?
Thanks.
I've found the solution. In Windows the container doesn't run on Windows per se, but inside the tocket VM in Virtualbox. Thus you have to run:
C:\magento2-devbox>docker-machine ip
192.168.99.100
And then use that IP to reach the application: http://192.168.99.100:32769 - now it works. In my specific case above, I needed to reach the Varnish IP of the application http://192.168.99.100:32775

binding of ports not working in docker

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2047cd997469 q1 "/bin/bash" 2 hours ago Up 2 hours **8001/tcp, 0.0.0.0:8001->9001/tcp** wicket1
ddb02ced5a0b q2 "/bin/bash" 28 hours ago Up 2 hours 0.0.0.0:8080->8080/tcp tender_fermi
3966528ee466 q3 "/start.sh -D FOREGR 5 days ago Up 3 hours 0.0.0.0:3306->3306/tcp
As you can see I have three docker images running everything is working fine except for the image q1 I am not able to run through the port 9001 ..says connection refused. what may be the possible reason. application is working fine inside the container.
below is the port command:
sudo docker port 2047cd997469
9001/tcp -> 0.0.0.0:8001
Are you using vagrant or boot2docker? If need to connect 8001 port on your virtual machine. For the boot2docker, you can use boot2docker ip to get the ip. For the vagrant, you can use vagrant ssh to login and get the ip.

Resources