This question already has answers here:
docker: SSH access directly into container
(4 answers)
Closed 6 years ago.
I am running Docker for Mac (Version 1.12.0-rc2-beta16 (Build: 9493)).
I have pulled an image from my local repository, and used 'docker run -d' to create a container. Using 'docker ps' I obtained the 'CONTAINER ID', and then used 'docker inspect <CONTAINER_ID>| grep IPA' to obtain the IP address for the running container.
I now want to connect to the container using SSH with 'ssh root#<IP address>' but the command gives the following error: 'Operation timed out'.
Further investigation shows that I can not ping the <IP address> -> 'Request timeout for icmp_seq 0'
How can I connect to the container using SSH? What is the correct command?
UPDATE: This IS NOT a duplicate (as stated above). The entry that begins "The scenario you described" is the correct solution.
The scenario you have described is the approach that would be used on 'normal' Docker.
As Docker on Mac has been created from scratch specifically for the Mac, it has been tweaked to make it easier to use. Therefore, the IP address of the container cannot be used in this way on the Mac.
The documentation Getting Started with Docker for Mac states that:
Previous beta releases used docker as the hostname to build the URL.
From this release forward, ports are exposed on the private IP
addresses of the VM and forwarded to localhost with no other host name
set. See also, Release Notes for Beta 9.
Therefore, the correct way to SSH into a container is to spin it up on Docker for Mac using a port mapping to the SSH port (22). e.g.
docker run -d -p 2022:22 <Image Name>
And the SSH connection is instigated using this command (N.B. it uses 'localhost' on the port specified instead of having to determine and use the container's IP Address):
ssh -p 2022 root#localhost
N.B. It is NOT possible to simply map port 22 to itself i.e. '-p 22:22' as this caused the following error (at least is did for me!):
docker: Error response from daemon: driver failed programming external
connectivity on endpoint pensive_wilson
(2e832b82fc67d3e48864975c6eb02f6c099e34eee64b29634cfde286c41e00a7):
Error starting userland proxy: Failed to bind: EADDRINUSE.
To use bash prompt you could use docker exec -ti %container-name-or-id% /bin/bash. If you want to use ssh and ensure that an ssh daemon is up and running you should expose corresponding ports from the container with -p parameter like this: docker run -d -p 22:22 my_image.
Related
I'm new with docker and I'm probably missing a lot, although i went through the basic documentation and I'm trying to deploy a simple Spring Boot API
I've deployed my API as a docker-spring-boot .jar file , then i installed docker and pushed it with the following commands:
sudo docker login
sudo docker tag docker-spring-boot phillalexakis/myfirstapi:01
sudo docker push phillalexakis/myfirstapi:01
Then i started the API with the docker run command:
sudo docker run -p 7777:8085 phillalexakis/myfirstapi:01
When i visit localhost:7777/hello I'm getting the desired response
This is my Dockerfile
FROM openjdk:8
ADD target/docker-spring-boot.jar docker-spring-boot.jar
EXPOSE 8085
ENTRYPOINT ["java","-jar","docker-spring-boot.jar"]
Based on this answered post this the command to get the ip address
docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' container_name_or_id
So, i run it with container_name_or_id = phillalexakis/myfirstapi:01 and I'm getting this error
Template parsing error: template: :1:24: executing "" at <.NetworkSettings.Networks>: map has no entry for key "NetworkSettings"
If i manage somehow to get the IP will i be able to visit it and get the same response?
This is how i have it in my mind: ip:7777/hello
You have used the image name and not the container name.
Get the container name by executing docker ps.
The container ID is the value in the first column, the container name is the value in the last column. You can use both.
Then, when you have the IP, you will be able to access your API at IP:8085/hello, not IP:7777/hello
The port 7777 is available on the Docker Host and maps to the port 8085 on the container. If you are accessing the container directly - which you do, when you use its IP address - you need to use the port that the container exposes.
There is also another alternative:
You can give the container a name when you start it by specifying the --name parameter:
sudo docker run -p 7777:8085 --name spring_api phillalexakis/myfirstapi:01
Now, from your Docker host, you can access your API by using that name: spring_api:8085/hello
You should never need to look up that IP address, and it often isn't useful.
If you're trying to call the service from outside Docker space, you've done the right thing: use the docker run -p option to publish its port to the host, and use the name of the host to access it. If you're trying to call it from another container, create a network, make sure to run both containers with a --net option pointing at that network, and they can reach other using the other's --name as a hostname, and the container-internal port the other service is listening on (-p options have no effect and aren't required).
The Docker-internal IP address just doesn't work in a variety of common situations. If you're on a different host, it will be unreachable. If your local Docker setup uses a virtual machine (Docker Machine, Docker for Mac, minikube, ...) you can't reach the IP address directly from the host. Even if it does work, when you delete and recreate the container, it's likely to change. Looking it up as you note also requires an additional (privileged) operation, which the docker run -p path avoids.
The invocation you have matches the docker inspect documentation (as #DanielHilgarth notes, make sure to run it on the container and not the image). In the specific situation where it will work (you are on the same native-Linux host as the container) you will need to use the unmapped port, e.g. http://172.17.0.2:8085/hello.
I use Docker CE for Windows on latest Windows 10 and have built an image with a
script that runs a test against a web server.
(A litmus test suite for a WebDAV server to be exact, but I think the problem
is general.)
I run the web server on a Powershell console:
> wsgidav -p 8080 -H localhost
21:04:19.107 - <13348)> wsgidav INFO : Running WsgiDAV/3.0.0a3 Cheroot/6.4.0 Python/3.6.5
21:04:19.107 - <13348)> wsgidav INFO : Serving on http://localhost:8080 ...
From another Powershell console, I run my script in a Docker container (using FROM alpine).
The script starts and tries to access the endpoint, but does not succeed:
> docker pull mar10/litmus
> docker run --rm -p 8080:8080 mar10/litmus http://gateway.docker.internal:8080
-> running `basic':
0. init.................. FAIL (connection refused by `gateway.docker.internal' port 8080: Operation timed out)
I tried so far
Using the gateway.docker.internal hostname
using -p PORT:PORT
using --net=host
restarting the docker daemon (which interestingly sometimes also was neccessary to
fix timeouts in docker pull)
different IP addresses for the web server (127.0.0.1, localhost, 0.0.0.0, local IP)
Nothing worked so far (although the failure message may be different).
Maybe I just missed a working combination of the above, or any other trick?
FWIW, I was able to solve it by building the container with the --network host option and use a real IP of the client (instead of localhost or 0.0.0.0).
Details here: https://hub.docker.com/r/mar10/docker-litmus/
[Context: Host is AWS-EC2 / Ubuntu 14.04.5 with Docker version 17.05.0-ce. Containers are built from publicly available repo image cbhihe/serf-alpine-bash. Containers are located on the same EC2 instance and share the same default bridge network as well as the instance's eth0 interface.]
This question builds on an answer to a different issue.
Working with two running docker containers, each with a live serf agent in it, I want to form a two node serf cluster from an unattended bash script, executing on the host where the two containers run.
For one serf agent in container "DC2" to join another in container "DC1" with private IP 172.17.0.2, my script looks like:
docker run -d --name DC1 --rm cbhihe/serf-alpine-bash agent -node=NODE1 -iface=eth0
docker run -d --name DC2 --rm cbhihe/serf-alpine-bash agent -node=NODE2 -iface=eth0
docker exec -d DC2 serf join 172.17.0.2
The two first line produce the expected result, i.e. 2 running containers. The third line seem to fail:
either silently, when using the detached switch,
or with the following error in the absence of such switch.
Error joining the cluster: 1 error(s) occurred:
Failed to resolve 172.17.0.2 : lookup 172.17.0.2 : invalid domain name
Either way joining does not occur.
Doing exactly the same thing from console works flawlessly.
I looked at importing the host's environment in my script's bash shebang context. Was not successsful. Pointers are welcome. Tx
From the information in your question, I think that there could be a dependency to the shell, that sets environment variables.
Try executing serf launched by bash. Something like this:
docker exec "$cont_id" bash -c 'serf join '"$join_IP"
I'm runner Docker for OSX, and having trouble getting the Docker remote API to work.
My situation is this:
Docker daemon running natively on OSX (https://www.docker.com/products/docker#/mac, so not the boot2docker variant)
Jenkins running as docker image
No I want to use the Jenkins docker-build-step plugin to build a docker image, but I want it to use the docker daemon on the host machine, so in Jenkins settings, DOCKER_URL should be something like :2375. (Reason for this is I don't want to install docker on the jenkins container if I already have it on my host machine).
Is there a way to to this or is de Docker for Mac currently not supporting this? I tried fiddling with export DOCKER_OPTS or DOCKER_HOST options but still get a Connection refused on calling http://localhost:2375/images/json for example.
Basicly the question is more about enabling the Docker for OSX remote api, with use case calling it from a Jenkins docker container.
You could consider using socat. It solved my problem, which seem to be similar.
socat TCP-LISTEN:2375,reuseaddr,fork UNIX-CONNECT:/var/run/docker.sock &
This allows you to access your macOS host Docker API from a Docker container using: tcp://[host IP address]:2375
On macOS socat can be installed like this:
brew install socat
See here for a long discussion on this topic: Plugin: Docker fails to connect via unix:// on Mac OS X
If you already added an SSH public key to your remote server, then you can use this ssh credentials for your docker connection, too. You don't need to configure the remote api on the server for this approach.
When connecting to macOS Docker Desktop, you could use ssh (after you have enabled it on Mac)
docker -H ssh:user#192.168.64.1 images
or
export DOCKER_HOST=ssh:user#192.168.64.1
docker images
I had the same issue but with mysql. I needed to expose the port of my docker hosts on port 43306 to docker image mysql running on port 3306.
Solution:
Create your docker image with -p parameter.
Example:
#> docker run -p 0.0.0.0:43306:3306 --name mysql-5.7.23xx -e MYSQL_ROOT_PASSWORD=myrootdba -d mysql/mysql-server:5.7.23 --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
Now I can connect from my host docker server on port 43306 to mysql docker image.
I run private registry on UBUNTU 14.04:
docker run -d -p 5000:5000 registry
The proces appeard on my docker proces list. I wrote command : curl my-external-ip and I got this:
"\"docker-registry server\""
THE PROBLEM IS that
when I try to push image on localhost it works fine, but after I want to push to external ip (It must be available for for more people) I got this:
The push refers to a repository [MY-EXTERNAL-IP:5000/hello] (len: 1)
unable to ping registry endpoint https://MY-EXTERNAL-IP:5000/v0/
v2 ping attempt failed with error: Get https://MY-EXTERNAL-IP:5000/v2/: EOF
v1 ping attempt failed with error: Get ht*ps://MY-EXTERNAL-IP:5000/v1/_ping: EOF
I am using proxy at my company, but I added export http_proxy, https_proxy, ftp_proxy to my docker file and --insecure-registry.
It looks that your docker daemon can't access docker registry(your-external-ip) through https protocol(usually it uses 443 port).
Maybe you can check it first.
But with insecure mode, the network occured on http protocol. So you can tell you docker daemon to trust insecure-registry.
Try to run docker daemon with --insecure-registry="YOUR_EXTERNAL_IP"
It seems like your Docker daemon still doesn't understand that registry on your $EXTERNAL_IP should be accessed over HTTP rather than HTTPS. You need to be sure that daemon runs with the --insecure-registry $EXTERNAL_IP option:
ps aux | grep docker
If you'll not be able to find it there, you probably made a mistake in your DOCKER_OPTIONS.