Docker says it is running but it isn't - macos

Docker says it is running, but it clearly isn't.
Machine is OSX 10.15.4
Detecting operating system of created instance...
Waiting for SSH to be available...
Detecting the provisioner...
Provisioning with boot2docker...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...
Checking connection to Docker...
Docker is up and running!
To see how to connect your Docker Client to the Docker Engine running on this virtual machine, run: docker-machine env default
machine:file user$ ps aux | grep "docker"
user 56224 0.0 0.0 4258892 256 s006 R+ 4:56PM 0:00.00 grep docker
machine:file user$

It seems like you are using docker with boot2docker. It means that docker will run inside a virtual machine instead of your local machin and explain why you don't see the process with "ps". As mention in the Boot2docker github project https://github.com/boot2docker/boot2docker, you should use docker desktop for mac.

Related

Disallow egress from Docker containers on Docker for Mac

I want to disable all outgoing connections that are initiated by docker containers to the outside world. I can do this in linux by adding a rule to the FORWARD chain in linux. How do I do this in Docker for Mac?
I found out that Docker for Mac uses an xhyve vm and that’s where docker0 interface lives. What interface in the host does this connect to? I used nettop on Mac and I see that Docker uses my en0 wireless interface. But, I’m not sure if Docker and xhyve are using the same interface.
Edit: Added docker-for-windows tag because they might have similar solutions (Hoping)
Edit 2: Docker for Mac has changed so the accepted solution changed a bit
Docker
$ docker run --net=host --privileged -ti alpine sh
# apk update && apk add iptables
# iptables -vnL
This and the rules could be turned into a Dockerfile and run with a -- restart option. I think on-failure might work to reapply the rules when Docker for Mac starts up.
Virtual Machine
To get to the linux VM:
mac$ brew install screen
mac$ screen ~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/tty
Since the move to linuxkit, this is not your average linux host, everything's a container:
linuxkit:~# ctr -n services.linuxkit tasks ls
TASK PID STATUS
acpid 925 RUNNING
diagnose 967 RUNNING
host-timesync-daemon 1116 RUNNING
ntpd 1248 RUNNING
vpnkit-forwarder 1350 RUNNING
docker-ce 1011 RUNNING
kubelet 1198 RUNNING
trim-after-delete 1303 RUNNING
vsudd 1398 RUNNING
Use runc to move into the docker-ce (or docker) namespace
linuxkit:~# runc --root /run/containerd/runc/default exec -t docker-ce /bin/sh
docker-ce # iptables -vnL
Note that rules will disappear after a restart of Docker for Mac. I haven't found the secret sauce for persisting system changes yet.
Use ctrl-a then d to exit the screen session otherwise you will bork the terminal.
OSX
For the easy but € option, use Little Snitch and block outbound connections on OSX from com.docker.supervisor via vpnkit.
Try Mac's pfctl command, it's kind of equivalent to iptables.
Here's man page: https://developer.apple.com/legacy/library/documentation/Darwin/Reference/ManPages/man8/pfctl.8.html

Docker machine timeout - how to fix without destroying the machine?

I'm having a recurring problem with Docker Machine - every few days it decides to timeout and I am unable to recover it once this happens.
Example
docker-machine ls
NAME ACTIVE DRIVER STATE URL SWARM DOCKER ERRORS
default virtualbox Timeout
Environment Info
uname -a Darwin ColeyMBPR 15.4.0 Darwin Kernel Version 15.4.0: Fri Feb 26 22:08:05 PST 2016; root:xnu-3248.40.184~3/RELEASE_X86_64 x86_64
docker version 1.11.0
docker-machine version 0.7.0
vboxmanage --version 5.0.20r106931
Attempted Solutions
I've tried the following things in no particular order:
Restarting the docker machine.
Running eval "$(docker-machine env default)"
Regenerating the certificates docker-machine regenerate-certs default
Restarting my host box.
Upgrading Docker.
Reinstalling Docker.
Upgrading VirtualBox.
Removing all VirtualBox host-only network devices.
Hack
The only thing that's working for me right now is destroying the docker machine and recreating it. This destroys all my images and containers, and it's incredibly time consuming to set it up again.
docker-machine rm -y default && docker-machine create -d virtualbox default && eval $(docker-machine env)
Is there anything I can try? Thanks!
Update: 9th May (Steps to Reproduce)
I can reliably reproduce this problem with the following steps:
Start with a freshly created Docker machine.
Use docker-compose up to build some containers.
Shutdown the computer with the containers running.
After reboot the Docker CLI doesn't work due to the Docker machine timing out.
This command worked for me with the digitalocean driver:
docker-machine ls -t 20
It seems as though the default timeout of 10 seconds was too short.
This is usually a problem related to the way you start and stop your machine.
You can solve it using
$ docker-machine stop default
$ docker-machine start default
$ docker-machine regenerate-certs default
Do not use docker-machine restart default because it will not refresh your networking configs.
Check if you are are using a proxy or VPN!
None of the above suggestions worked for me until I turned off my VPN and suddenly:
docker-machine.exe ls
NAME ACTIVE DRIVER STATE URL SWARM DOCKER ERRORS
default * virtualbox Running tcp://192.168.99.102:2376 v19.03.5
I had the same issue with Docker version 1.11.2, build b9f10c9
This worked for me - my docker machine is back to the Running state
$ docker-machine restart
$ eval $(docker-machine env)
So far I have a bit of a hacky solution - this fixes the docker machine but destroys all containers and images.
Script: rebuild-machine.sh
docker-machine rm -y default
docker-machine create -d virtualbox default
docker-machine stop default
VBoxManage modifyvm "default" --natpf1 "Forwarding App 1,tcp,127.0.0.1,3000,,3000"
VBoxManage modifyvm "default" --natpf1 "Forwarding App 2,tcp,127.0.0.1,3001,,3001"
VBoxManage modifyvm "default" --natpf1 "Forwarding App 3,tcp,127.0.0.1,3004,,3004"
VBoxManage modifyvm "default" --natpf1 "Forwarding App 4,tcp,127.0.0.1,3005,,3005"
VBoxManage modifyvm "default" --natpf1 "Forwarding App 5,tcp,127.0.0.1,3006,,3006"
VBoxManage modifyvm "default" --natpf1 "Forwarding App 6,tcp,127.0.0.1,8081,,8081"
docker-machine start default
eval $(docker-machine env)
Explanation
Destroys the default docker machine, containers and images.
Creates a new docker machine on VirtualBox and stops it so we can modify VirtualBox.
Adds port forwarding for various applications on VirtualBox.
Starts the docker machine.
Ensures the Terminal is setup for the new IP address of the docker machine.
My problem was very simple. I was blocking port 2376 with my ufw firewall. Docker-machine needs this port open to connect to the remote.
I found the answer to my problem in on this page:
I have opened virtualbox and closed and start all vm manually/. State is running again
This worked for me and my containers were not destroyed:
Opened Oracle virtual box and paused the VM
Restarted the VM on docker machine
$ docker-machine restart default
docker version: 1.12.3
docker-machine version: 0.8.2, build e18a919
My problem was very trivial - I did the docker machine ls command right after restarting a docker machine, so it was not running yet, and that caused a timeout.

docker-machine cant connect to host/daemon and using insecure registry

So im having some weird problems with docker-machine. I am trying to set up a docker-machine on my Mac OS El Capitan and also have the daemon flagged for a few insecure registries. I was able to successfully push/pull on a local Ubuntu install (without docker-machine) by setting the DOCKER_OPTS options to flag my insecure Nexus docker registries. I am trying to accomplish the same end goal on my Mac OS. So far I have installed the Docker Toolbox using a default installation and have tried the following in Terminal.
Vinays-MacBook-Pro:~ Vinay$ sudo docker-machine create --driver virtualbox --
engine-insecure-registry mynexusrepo.cloudapp.net:18443 --engine-insecure-registry mynexusrepo.cloudapp.net:18444 --engine-insecure-registry mynexusrepo.cloudapp.net:18445 dev
Creating VirtualBox VM...
Creating SSH key...
Starting VirtualBox VM...
Starting VM...
To see how to connect Docker to this machine, run: docker-machine env dev
Vinays-MacBook-Pro:~ Vinay$ eval "$(sudo docker-machine env dev)"
Vinays-MacBook-Pro:~ Vinay$ sudo docker-machine ls
NAME ACTIVE DRIVER STATE URL SWARM
dev virtualbox Running tcp://192.168.99.100:2376
Vinays-MacBook-Pro:~ Vinay$ sudo docker pull mynexusrepo.cloudapp.net:18445/docker-thirdparty/mongodb:3.0.2
Password:
Post http:///var/run/docker.sock/v1.20/images/create?fromImage=mynexusrepo.cloudapp.net%3A18445%2Fdocker-thirdparty%2Fmongodb%3A3.0.2: dial unix /var/run/docker.sock: no such file or directory.
* Are you trying to connect to a TLS-enabled daemon without TLS?
* Is your docker daemon up and running?
Vinays-MacBook-Pro:~ Vinay$ sudo docker images
Password:
Get http:///var/run/docker.sock/v1.20/images/json: dial unix /var/run/docker.sock: no such file or directory.
* Are you trying to connect to a TLS-enabled daemon without TLS?
* Is your docker daemon up and running?
Vinays-MacBook-Pro:~ Vinay$ docker-machine -version
docker-machine version 0.4.1 (e2c88d6)
So I know the sudo docker pull mynexusrepo.cloudapp.net:18445/docker-thirdparty/mongodb:3.0.2 command works since it works fine on my straight Ubuntu OS with a docker install. Is there something else I am missing? I have tried closing all the terminals, deleting all of the docker-machines, restarting, etc.
Thanks!

How to Setup a Docker Tomcat Container on Mac OS X

I'm new to Docker...
From my understanding, Docker is only compatible with Linux, is it possible to run docker for development purposes on a Mac?
I installed virtualbox using homebrew and have tried to create a virtualbox instance. I installed docker, but am having trouble getting my mac to communicate with the vm docker instance. My end goal is to get a locally debuggable instance of tomcat running on the docker container.
Any help or tips would be helpful.
Information:
Because Docker only runs on Linux you will need to install some kind of virtual instance on your local machine. An easy and popular way to do that is to install
Boot2docker and VirtualBox. VirtualBox is a dependency of Boot2docker. You can download, setup and install the latest versions from their websites or if you are using Homebrew, as you mentioned, you can quickly get the working binaries both in one step.
After installing boot2docker, you're ready to use Boot2docker to create a Tomcat Container. You can find a pre-configured tomcat image by searching Docker's community repository, docker hub registry.
Notes:
Each time you execute the docker run command a new container is created.
The VM running Docker requires a ssh private/public encryption key handshake to connect to. If you follow my steps below, one will be generated for you.
Steps to Setup Tomcat using the tomcat image:
Open Terminal and run this command: brew install boot2docker
Create a new Boot2Docker VM instance using the init command: boot2docker init
Run this command in Terminal to forward local ports to the vm:
for i in {10000..10999}; do VBoxManage modifyvm "boot2docker-vm" --natpf1 "tcp-port$i,tcp,,$i,,$i”; VBoxManage modifyvm "boot2docker-vm" --natpf1 "udp-port$i,udp,,$i,,$i";done
Start the boot2docker daemon: boot2docker start or boot2docker up
After starting docker, copy the exports that are displayed from the previous command to your clipboard
Edit your bash profile file ~/.bash_profile (or if you are using zsh, edit the resource configuration file ~/.zshrc) with a text editor (I prefer using Sublime text): subl .zshrc *note: this will permanently save the docker env variables.
Paste the exports into that file and save
Execute the source command on the file: source .zshrc
Pull the latest tomcat image to create a container and start tomcat: docker run -it --rm -p 10080:8080 tomcat:8.0 *note: this will forward your local 10080 port to the vm's 8080 port.
Go to http://localhost:10080, you should see the tomcat start page!
Useful Docker commands:
$ boot2docker status
$ docker version
$ docker ps #shows running containers
$ docker ps -a # shows all containers
$ docker exec -it NAME /bin/bash #to start a bash session on the container. -i = interactive, -t = tty
External Resources:
https://docs.docker.com/installation/mac/#installation
https://registry.hub.docker.com/_/tomcat/
Most people use boot2docker to run on Macs. You may also want to take a look at Kitematic, which gives you a GUI to play with.
Finally, the future is probably to use docker machine, which can provision a VM for you.
Docker requires Linux Kernel features, hence it cannot be run natively on OSX.
See instead Boot2Docker. This link gives you instructions on how to get going.

boot2docker vm forgets changes when restarted

Basically any changes I make while SSHed into the VM are lost at restart of the VM. I am assuming the problem is associated with the error when I stop the VM.
C:\Users\Tom>boot2docker stop
error in run: Failed to stop machine "boot2docker-vm": exit status 1
But, I may just be doing something dumb.
The sequence I followed is below (docker logo elided), you can see it losing the sample directory across the restart.
C:\Users\Tom>boot2docker up
Waiting for VM and Docker daemon to start.......................ooo
Started.
Writing C:\Users\Tom\.boot2docker\certs\boot2docker-vm\ca.pem
Writing C:\Users\Tom\.boot2docker\certs\boot2docker-vm\cert.pem
Writing C:\Users\Tom\.boot2docker\certs\boot2docker-vm\key.pem
Docker client does not run on Windows for now. Please use
"boot2docker" ssh
to SSH into the VM instead.
C:\Users\Tom>boot2docker ssh
Boot2Docker version 1.5.0, build master : a66bce5 - Tue Feb 10 23:31:27 UTC 2015
Docker version 1.5.0, build a8a31ef
docker#boot2docker:~$ ls
boot2docker, please format-me
docker#boot2docker:~$ mkdir testdir
docker#boot2docker:~$ ls
boot2docker, please format-me testdir/
docker#boot2docker:~$ exit
C:\Users\Tom>boot2docker stop
error in run: Failed to stop machine "boot2docker-vm": exit status 1
C:\Users\Tom>boot2docker status
poweroff
C:\Users\Tom>boot2docker start
Waiting for VM and Docker daemon to start...
....................ooo
Started.
Writing C:\Users\Tom\.boot2docker\certs\boot2docker-vm\ca.pem
Writing C:\Users\Tom\.boot2docker\certs\boot2docker-vm\cert.pem
Writing C:\Users\Tom\.boot2docker\certs\boot2docker-vm\key.pem
Docker client does not run on Windows for now. Please use
"boot2docker" ssh
to SSH into the VM instead.
C:\Users\Tom>boot2docker ssh
Boot2Docker version 1.5.0, build master : a66bce5 - Tue Feb 10 23:31:27 UTC 2015
Docker version 1.5.0, build a8a31ef
docker#boot2docker:~$ ls
boot2docker, please format-me
docker#boot2docker:~$
Running
Windows: 8.1
VirtualBox: 4.3.12 r93733
Boot2Docker version 1.5.0, build master : a66bce5 - Tue Feb 10 23:31:27 UTC 2015
Docker version 1.5.0, build a8a31ef
That is what I explained in "Windows Boot2Docker behind corporate proxy": there is no persistence in the Tiny Core used by boot2docker as a Linux VM.
You need to make sure the VirtualBox has the Oracle_VM_VirtualBox_Extension_Pack downloaded and added in the Virtual Box / File / Settings / Extension / add the Oracle_VM_VirtualBox_Extension_Pack-4.x.yy-zzzzz.vbox-extpack file).
As documented in boot2docker, you will have access (from your Tiny Core ssh session) to /c/Users/<yourLogin> (ie the %USERPROFILE% is shared by Virtual Box)
What I do in my b2d.bat start script is copy the files I want to be restored (mainly docker profile or .ashrc, for http_proxy settings and favorite aliases), and keep all my other modifications in /c/Users/<yourLogin>.

Resources