I have created a ubuntu docker container on my mac
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5d993a622d23 ubuntu "/bin/bash" 42 minutes ago Up 42 minutes 0.0.0.0:123->123/tcp kickass_ptolemy
I set port as 123.
My container IP is 172.17.0.2
docker inspect 5d993a622d23 | grep IP
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"IPAMConfig": null,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
On my Mac I try to ping my container,
Ping 172.17.0.2, I got Request timeout for icmp_seq 0....
What should I do? So my local machine can ping the container I installed. Did I missing some app installation on my container, which is a plain ubuntu system?
You can't ping or access a container interface directly with Docker for Mac.
The current best solution is to connect to your containers from
another container. At present there is no way we can provide routing
to these containers due to issues with OSX that Apple have not yet
resolved. we are tracking this requirement, but we cannot do anything
about it at present.
Docker Toolbox/VirtualBox
When running Docker Toolbox, Docker Machine via VirtualBox or any VirtualBox VM (like a Vagrant definition) you can setup a "Host-Only Network" and access the Docker VMs network via that.
If you are using the default boot2docker VM, don't change the existing interface as you will stop a whole lot of Docker utilities from working, add a new interface.
You will also need to setup routing from your Mac to the container networks via your VM's new IP address. In my case the Docker network range is 172.22.0.0/16 and the Host Only adapter IP on the VM is 192.168.99.100.
sudo route add 172.22.0.0/16 192.168.99.100
Adding a permanent route to osx is bit more complex
Then you can get to containers from your Mac
machost:~ ping -c 1 172.22.0.2
PING 172.22.0.2 (172.22.0.2): 56 data bytes
64 bytes from 172.22.0.2: icmp_seq=0 ttl=63 time=0.364 ms
--- 172.22.0.2 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.364/0.364/0.364/0.000 ms
Vagrant + Ansible setup
Here's my running config...
Vagrant.configure("2") do |config|
config.vm.box = "debian/contrib-buster64"
config.vm.hostname = "docker"
config.vm.network "private_network", ip: "10.7.7.7", hostname: true
config.vm.provider "virtualbox" do |vb|
vb.gui = false
vb.memory = "4000"
vb.cpus = "4"
end
config.vm.provision "ansible" do |ansible|
ansible.verbose = "v"
ansible.playbook = "tasks.yaml"
end
end
The ansible tasks.yaml to configure a fixed network.
- hosts: all
become: yes
vars:
ansible_python_interpreter: auto_silent
docker_config:
bip: 10.7.2.1/23
host: ["tcp://10.7.7.7:2375"]
userland-proxy: false
tasks:
- ansible.builtin.apt:
update_cache: yes
force_apt_get: yes
pkg:
- bridge-utils
- docker.io
- python3-docker
- python-docker
- iptables-persistent
- ansible.builtin.hostname:
name: docker
- ansible.builtin.copy:
content: "{{ docker_config | to_json }}"
dest: /etc/docker/daemon.json
- ansible.builtin.lineinfile:
line: 'DOCKER_OPTS="{% for host in docker_config.host %} -H {{ host }} {% endfor %}"'
regexp: '^DOCKER_OPTS='
path: /etc/default/docker
- ansible.builtin.systemd:
name: docker.service
state: restarted
- ansible.builtin.iptables:
action: insert
chain: DOCKER-USER
destination: 10.7.2.0/23
in_interface: eth1
out_interface: docker0
jump: ACCEPT
- ansible.builtin.shell: iptables-save > /etc/iptables/rules.v4
Add the route for the docker bridge network via the VM to the mac
$ sudo /sbin/route -n -v add -net 10.7.2.0/23 10.7.7.7
Then set DOCKER_HOST=10.7.7.7 in the environment to use the new VM.
$ export DOCKER_HOST=10.7.7.7
$ docker run --name route_test --rm -d node:14-slim node -e "require('http').createServer((req, res) => {
res.writeHead(200, {'Content-Type':'text/plain'})
res.end('hello')
}).listen(3000)"
$ docker container inspect route_test -f '{{ .NetworkSettings.Networks.bridge.IPAddress }}'
$ curl http://10.7.2.3:3000
hello
$ docker rm -f route_test
You don't get volumes mapped from the host to the vm, but as a bonus it uses a lot less cpu than the Docker 2.5.x release.
As an alternative, if your container has a bash shell incorporated, you can access it through
docker exec -it <CONTAINER ID> bash
and then you can ping your virtual ip
It works in this scenario:
Windows host
Linux VM installed on Windows host
Docker container installed on Linux VM host
Now you have to note this. Containers are in a isolated network but connected to the internet throught your Docker container host adapter.So you have to tell kernel linux to be available in your network then in your Linux VM:
# sysctl net.ipv4.conf.all.forwarding=1
# sudo iptables -P FORWARD ACCEPT
Now in you Windows host you have to add a route for our container network:
route add "Docker container network" "Linux VM IP" for example
# route add 172.17.0.0/16 192.168.1.20
setup:
PC-A a is docker host, PC-B is a another PC in the network. To ping/access docker's container from PC-B, run the below iptables-rules in the host.
iptables -A FORWARD -i docker0 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o docker0 -j ACCEPT
note: eth0 is host's interface and docker0 is docker's virtual default bridge.
Now add route in PC-B
route add -net <dockerip> netmask <net mask> gw <docker's host>
ping/access container services directly.
Let's say you have W-> windows machine, L-Linux Vbox VM (eth0,eth1) and docker app (using port 8989) running on this L-Linux Vbox VM. Provider does not have to Vbox anyway or W-> a win.You want to type http://app:8989 on your browser.There are two methods afak; easy way to run vagrant automatically or manually configure Vbox VM with port forwarding through "Host-only Adapter" which is actually eth1; normally eth0 is Vbox's default reserved 10.0.2.15 IP assignment.Or on command prompt on win/lin/mac through "VBoxManage" command you can set up networks or automate through scripts.
webtier.vm.network "forwarded_port", guest: 8989, host: 8989
run docker app
sudo docker run -p 8989:8989 ...
on windows explorer(W-> windows machine) browse your app
http://app:8989
You still can not ping "172.17.0.2" which is docker container IP in this situation from W-> windows machine.This could run cross-platform win/lin/mac.You might want to look into Vbox Manual and Vagrant Manual, particularly networks.
It is possible to run the containers of interest in one and the same network with an additional container with OpenVPN server, so that you can see containers over VPN connection from the host:
Use docker network create --subnet=172.19.0.0/24 my-net to create a network where containers will see each other.
Attach containers to it using --net my-net parameter for docker run.
Run an additional container with OpenVPN in the same network. This time you need a port mapping for VPN connection -p 1194:1194/udp.
Use OpenVPN client on the host to connect to this network with containers to ping them.
Also, you may need to comment out redirect-gateway instruction in OpenVPN client config file and add push "route 172.19.0.0 255.255.255.0" to (and remove other pushes from) the server config file.
Related
I'm running an Ubuntu VM with multipass hyperkit do run microk8s. Within the VM all things checkout and available with skaffold/kubectl port forwarding. For instance:
$ multipass list
Name State IPv4 Image
microk8s-vm Running 192.168.64.2 Ubuntu 20.04 LTS
10.0.1.1
172.17.0.1
10.1.254.64
Port forwarding service/my-app in namespace default, remote port 80 -> 127.0.0.1:4503
Within the VM:curl localhost:4503 ✅
From the host: curl 192.168.64.2:4503🛑
I know the VM is reachable on port 80 because curl 192.168.64.2 returns default ngnix not found page. FWIW I never installed ngnix and the service doesn't seem to be running /cannot turn it off.
I've been at this for a day and I'm stumped. I even tried the Vbox driver and manually configured a bridge adapter. I even created my own adapter...
$ multipass exec -- microk8s-vm sudo bash -c "cat > /etc/netplan/60-bridge.yaml" <<EOF
network:
ethernets:
enp0s8: # this is the interface name from above
dhcp4: true
dhcp4-overrides: # this is needed so the default gateway
route-metric: 200 # remains with the first interface
version: 2
EOF
$ multipass exec microk8s-vm sudo netplan apply
How can I reach this VM from the host?
You cant access your pod ip /portlike this.
If you want to access your pods port over the nodes ip address, you need to define a service type NodePort and then use ipaddressOfNode:NodePort.
curl http://ipaddressOfNode:NodePort
With port-forward you must use the localhost of your host system.
kubectl port-forward svc/myservice 8000:yourServicePort
then
curl http://localhost:8000
I would like any computer on the same network as my Mac to be able to access the dockerized Rails web app running on my Mac.
On my Mac (10.9.5) my Rails 4.2.4 web app is running fine in Docker when I access it via the docker ip and the port I assigned, 192.168.99.100:3000
Docker 1.8.1 is running under Virtualbox 5.0.2.
I'm using Docker-compose and the relevant part of the docker-compose.yml file is:
web:
build: .
command: 'bash -c ''bundle exec unicorn -p $PORT -c ./config/unicorn-local.rb'''
working_dir: /app/user
env_file:
- .docker_dev_env_config
- .docker_dev_env_personal
environment:
PORT: 3000
DATABASE_URL: 'postgres://postgres:#herokuPostgresql:5432/postgres'
ports:
- '3000:3000'
links:
- herokuPostgresql
and my Dockerfile is
FROM heroku-ruby2.0.0 # a local image based on heroku/ruby with ruby 2.0.0
EXPOSE 3000
ENV widget foo
My Mac's ip address on the local network is always set to 192.168.0.33.
How do I permit testers on the local network to access the running dockerized app via 192.168.0.33:3000 ?
(FWIW if I run my web app under Vagrant - instead of Docker - other testers on the network can access the web app by browsing 192.168.0.33:3000. My Vagrant is also running under Virtualbox. My Vagrantfile contains config.vm.network :forwarded_port, guest: 3000, host: 3000 but I do not see any equivalent for docker-compose.yml)
You need to port forward the port 3000 from the VM to your localhost. For this you can run the following script
VBoxManage modifyvm "boot2docker-vm" --natpf1 "tcp-port$3000,tcp,,$3000,,$3000";
VBoxManage modifyvm "boot2docker-vm" --natpf1 "udp-port$3000,udp,,$3000,,$3000";
This will port forward to your localhost. In case you want to port forward to some other interface, you have to provide that interface's IP address in the command. This is the general syntax for the --natpf command
[--natpf<1-N> [<rulename>],tcp|udp,[<hostip>],<hostport>,[<guestip>],<guestport>]
So you can modify it accordingly.
Refer to this for further reading. Docker on Mac. The Missing Guide
The 'default' Virtualbox created when using docker-toolkit's Docker Quickstart Terminal app does not have any port other than an ssh defined.
The solution on the Mac, when using VirtualBox with Docker is:
Run VirtualBox
click the 'default' box (or whichever box your Docker setup uses)
go to 'Settings > Network > Adapter 1
click 'Port Forwarding'
create a new rule the example below fwds 3000 to 3000
(be sure to leave the host ip column blank)
I am running a Vagrant VM under Windows 7 . The Vagrant VM is running a docker container. So the configuration is :
Windows7[Vagrant[Docker]]
I want to ssh from Windows into the Docker container.
The docker container is running sshd and I can successfully ssh from Vagrant VM to Docker container.
sudo docker ps
gives:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
64b13daab5f2 ubuntu:12.04 "/bin/bash" 14 minutes ago Up 14 minutes 0.0.0.0:49153->22/tcp thirsty_morse
From the Vagrant VM:
ssh root#localhost -p 49153
works just fine. So Vagrant VM's port 49153 is forwarded to Docker container's port 22.
I've added
config.vm.network "forwarded_port", guest:49153, host:49155
to Vagrantfile so that localhost:49155 on Windows is forwarded to Vagrant VM:49153
This is where things break down. When I try to ssh from Windows to localhost:49155, I get:
ssh: connect to host localhost port 49155: Connection refused
So Windows:49155 -> Vagrant:49153 is not working. I thought that it may be a problem related to listening on a port on Vagrant VM's external ip so I've installed rinetd into Vagrant VM and I've done:
bindadress bindport connectaddress connectport
0.0.0.0 49153 127.0.0.1 49153
Still no luck. What am I missing here?
Ok, answering my own question. It works now. I think the most likely reason for the problem was that port 49153/55 and its neighbours is actually used by some windows services by default. I changed to mapping for ports in the Vagrant file to use 9090 for Windows and everything worked. No need to rinetd either. I've also done:
sudo docker run -v /vagrant:/opt/data -p 0.0.0.0:49153:22 -i -t ubuntu:12.04
Notice the 0.0.0.0: it may or may not be relevant but this configuration is working for me.
first time poster, but have been very impressed with this community. I've spent an embarrassing amount of time this week trying to resolve this issue - there doesn't seem to be much info on the net & I am stuck. Thanks in advance for any insights!
I am moving an existing WLS application into Docker. Goal is to have a repeatable Dev environment with WLS inside container & those containers running inside Vagrant (custom RHEL 6.5 VirtualBox).
I configured & started WLS container. I am also able to access WLS services from the container on VM. However, when I try to access the container from the host, I receive a connection timeout error.
I am running a private network 10.10.10.41 on Vagrant with port forwarding 7771:7001 - if I access that IP:Port (as I normally would when running a service within Vagrant), I get a connection refused.
I am able to run WLS "natively" from the VM and access from the host successfully. I am also able to run Apache conatiners from within the VM and access them from the host successfully. So the issue appears specific to WLS running inside a container in VM.
I turned off the firewall on the VM, which I've read is a common issue with Vagrant + Docker.
I have a whole host of information to share, but rather than drink from the firehose I will start out with a couple pieces. Happy to attach any further info as necessary. Thanks again!
Vagrantfile
config.vm.network "private_network", ip: "10.10.10.41"
config.vm.network :forwarded_port, host: 7771, guest: 7001
Dockerfile
EXPOSE 7001
Dockerrun
docker run -d -p 7001:7001 -v /my/release:/domain/release --name "wladmin" --link wlmanaged:wlmanaged my/wladmin
Container IP
docker inspect -f '{{ .NetworkSettings.IPAddress }}' wladmin
172.17.0.13
nmap VM (localhost)
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000044s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
111/tcp open rpcbind
nmap VM (Vagrant private network IP)
Nmap scan report for 10.10.10.41
Host is up (0.000053s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
nmap WLS Docker Container
Nmap scan report for my.domain.com (172.17.0.11)
Host is up (0.000055s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
7001/tcp open afs3-callback
7002/tcp open afs3-prserver
I found the root cause & wanted to share back.
It turns out that because Vagrant has a private network adapter, we have to bind the container to that adapter using.
docker run -d -p 10.10.10.41:7001:7001 -v /my/release:/domain/release --name "wladmin" --link wlmanaged:wlmanaged my/wladmin
Docker (www.docker.io) looks terrific. However, after installing VirtualBox, Vagrant
... and finally Docker on a Mac, I'm finding it's not possible to access the service running in the Docker container from another computer (or from a terminal session on the Mac). The service I'm trying to access is Redis.
The problem appears to be that there's no route to the IP address assigned to the Docker container. In this case the container's IP is 172.16.42.2 while the Mac's IP is 196.168.0.3.
A couple notes:
It IS possible to access it - but only from within the VirtualBox session. This can be done using redis-cli -h 172.16.42.2 -p 6379.
I have added "config.vm.network :bridged" to the VagrantFile in an attempt to get the, but that didn't solve the problem.
The VM generated by vagrant is indeed isolated, in order to access it from your host, you can allocate a private network to it.
Instead of doing config.vm.network :bridged, try config.vm.network :private_network, ip: "192.168.50.4", It should do the trick
However, this will only allow you to access the VM itself, not the containers.
In order to do so, when running the container, you can add the -p option
ex: docker run -d -p 8989 base nc -lkp 8989
This will run a netcat listening on 8989 within a container and expose the port publicly. As it is also run with -d, the container will be in detached mode and the only output will be the container's ID
In order to expose the port, Docker do a simple NAT. In order to know the real port, you can
do docker port <ID of the container> 8989
Netcat will be available from the mac at 192.168.50.4:<result>
I just wrote a tutorial of how to use a host-only network and TCP routing to make this pretty easy. This way you don't have to map every specific port.
http://ispyker.blogspot.com/2014/04/accessing-docker-container-private.html
Important points ...
1) Add host-only network to Virtual Box
2) Tell the boot2docker VM to have an adapter on the host-only network
3) Add an IP for the new boot2docker VM host-only networking adapter
4) Route all Mac OS X traffic for the docker container subnet to that boot2docker VM host-only networking IP
Actual steps are on the blog with output so you can compare to what you see as you follow them.
I have installed tomcat from my Dockerfile and forwarded that to 6060 using vagrant`s port forwarding. These are the steps worked for me:
vagrant provision
vagrant up
vagrant ssh
box_name$ docker run -i -t -p 8080:8080 bsb_tomcat6 /bin/bash
Able to see tomcat up & running on localhost:6060, as I have done port forwarding to 6060 in my Vagrantfile
you also can define PRIVATE_NETWORK and FORWARD_DOCKER_PORTS environment variables to access your services that are running in docker containers:
$ vagrant halt
$ export PRIVATE_NETWORK=192.168.50.4
$ export FORWARD_DOCKER_PORTS=1
$ vagrant up
In my case i can access postgres from Mac using
$ telnet 192.168.50.4 49154
to find out actual application port you can use
$ sudo docker port 1854499c6547 5432
0.0.0.0:49154