Yesterday I installed the docker-beata (https://beta.docker.com/) for osx. So far it seems great but the links defined between containers still do not to work out of the box, e.g their respective DNS name does not seem to be resolved.
How can I change this to make the dns-name of the linked container available on the (osx/ windows)host using docker-beta?
links:
- someName
A pinata list returns the following, and a ping to docker.local fails with unknown host
🐳 hostname = docker
Hostname of the virtual machine endpoint, where container ports will be
exposed if using nat networking. Access it via 'docker.local'.
🐳 hypervisor = native (memory=8, ncpu=4)
The Docker.app includes embedded hypervisors that run the virtual machines
that power the containers. This setting allows you to control which the
default one used for Linux is.
▸ native: a version of the xhyve hypervisor that uses the MacOSX
Hypervisor.framework to run container VMs. Parameters:
memory (VM memory in gigabytes), ncpu (vCPUs)
🐳 network = hostnet (docker-ipv4=192.168.65.2, host-ipv4=192.168.65.1)
Controls how local containers can access the external network via the
MacOS X host. This includes outbound traffic as well as publishing ports
for external access to the local containers.
▸ hostnet: a mode that helps if you are using a VPN that restricts
connectivity. Activating this mode will proxy container network
packets via the Docker.app process as host socket traffic.
Parameters: docker-ipv4 (docker node), host-ipv4 (host node)
▸ nat: a mode that uses the MacOS X vmnet.framework to route container
traffic to the host network via a NAT.
🐳 filesystem = osxfs
Controls the mode by which files from the MacOS X host and the container
filesystem are shared with each other.
▸ osxfs: a FUSE-based filesystem that bidirectionally forwards OSX
filesystem events into the container.
🐳 native/port-forwarding = true
Expose container ports on the Mac, rather than the VM
▸ true: Container ports will be exposed on the Mac
▸ false: Container ports will be exposed on the VM
🐳 daemon = run 'pinata get daemon' or 'pinata set daemon [#file|-]>
JSON configuration of the local Docker daemon. Configure any custom
options you need as documented in:
https://docs.docker.com/engine/reference/commandline/daemon/. Set it
directly, or a #file or - for stdin.
Described here with the old docker https://github.com/databricks/spark-integration-tests
With boot2docker, the Docker containers will be run inside of a
VirtualBox VM, which creates some difficulties for communication
between the Mac host and the containers. Follow these instructions to
work around those issues:
Network access: Our tests currently run the SparkContext from outside
of the containers, so we need both host <-> container and container
<-> container networking to work properly. This is complicated by the
fact that boot2docker runs the containers behind a NAT in VirtualBox.
One workaround is to add a routing table entry that routes traffic to
containers to the VirtualBox VM's IP address:
sudo route -n add 172.17.0.0/16 boot2docker ip You'll have to
re-run this command if you restart your computer or assign a new IP to
the VirtualBox VM.
but this no longer works, as the docker-beata runs already in hostnet
I had this problem too, it seems to be fixed after disabling OS X firewall
I could swear I saw some documentation of an executable to whitelist instead of disabling the firewall, but I can't find it...
Related
I have docker installed on Windows Server and need to access something running on the host machine. The containers are Windows containers.
All other answers I can find which state host.docker.internal, docker.for.win.localhost or docker.for.win.host.internal do not work as you cannot have 'Docker Desktop' installed on a Windows Server machine (these names do not resolve).
This is confirmed by the official Docker docs:
The host has a changing IP address (or none if you have no network
access). We recommend that you connect to the special DNS name
host.docker.internal which resolves to the internal IP address used by
the host. This is for development purpose and will not work in a
production environment outside of Docker Desktop for Windows.
So what's the alternative?
I know there are similar questions on the SO but many of the suggestions have not worked for me. I'm running Docker Desktop for Mac and I startup a docker container I've built that has ssh configured and running (I use these to connect to AWS, Azure etc). I startup the container with something like (the ubc/jlbase/jlbase image has ssh configure... and the following all works on a linux machine with docker0 network in place)
docker run -P --name test -d ubc/jlbase/jlbase
docker inspect test |grep IP
ping -c *the_ip_from_above*
does not connect. From what I can find, this is a known issue with Docker on Mac... but the help and links I've found don't seem to solve the problem. Can someone tell me what I've missed?
You can say that this is a know feature of Docker on Mac, not an issue. Docker on Mac is running on a virtual machine inside macOS, so the IP address you receive is the IP of the container inside the VM, not on macOS.
To address the two issues from the question:
How to enable ssh
To be able to ssh on your container, you will need to have the sshd running in the container and to publish the port 22. Check here to see how you can try this with a container that is already prepared
How to ping
Since the docker is running inside a VM, to be able to route traffic to the containers, you will need to setup the network layer to route the traffic. One approach is to create a tunnel between the VM and the machine.
This is much more complex setup and will require a help of a CNF (Conteinerized Network Function). One of the simplest CNF that was created just for this problem is soctun which creates a tunnel between the host and the docker network layer.
I have set up a couple of containers that interact with each other. The main application container runs on --network = host because it queries several mySQL containers running on different ports exposed on the host network.
I am trying to hit the application on the host but get an error:
curl: (7) Failed to connect to 0.0.0.0 port 36081: Connection refused
I am working on Docker installed on MacOS.
I have read several questions that indicate that docker on MacOS runs on a VM. But what is the workaround to access the application from the host? Any way to get the IP of the said VM?
You cannot use --network=host on Mac to connect via host ports but binding to host port using -p options works.
https://docs.docker.com/docker-for-mac/networking/#/there-is-no-docker0-bridge-on-osx
I WANT TO CONNECT TO A CONTAINER FROM THE MAC
Port forwarding works
for localhost; --publish, -p, or -P all work. Ports exposed from Linux
are forwarded to the host.
Our current recommendation is to publish a port, or to connect from
another container. This is what you need to do even on Linux if the
container is on an overlay network, not a bridge network, as these are
not routed.
For your use case,
You need to create a docker network and attach both the DB and application containers to this network. Then the containers will be able to talk to each other by their name. You can also publish the application container port so that you can access it from your host.
https://docs.docker.com/network/bridge/
Instead of creating the network, attaching the containers to the network etc manually, you can use docker-compose.
https://docs.docker.com/compose/
In my job I working with docker and the option --net=host working like a charm forwarding the docker container ports to the machine. This allows me to adding grunt tasks that use certain ports by example:
A taks for serving my coverage report in a port 9001
A local deployed version of my app served in the port 9000
A watch live reload the port 35729
For Unit testing runner use the 9876 port
When I begin to use Docker in Mac, the first problem that i had was: The option --net=host don't work anymore.
I researched and I understand why this is not possible (Docker in Mac runs in a own virtual machine) and my momentary solution it's use the -p option for expose the ports, but this limit to me to add more and more task that use ports because i need run the explicit -p command for each port that i need expose.
Anyone with this same problem? How to dealing with this ?
Your issue is most probably that you are using dockertoolbox or dhingy/dlite or anything else providing a full-fledged linux VM, which then hosts docker to run your container inside this VM. This VM has, of course, its own network stack and own IP on the host, and thats were your tools will have issues with. The exposed ports of the container are not exposed to OSX host localhost, but rather OSX Docker-VM-ip.
To solve those issues elegantly
Expose ports to OSX localhost from the container
First, use/install docker-for-mac https://docs.docker.com/engine/installation/mac/ instead of dockertoolbox or others. Its based on a special xhyve stack which reuses your hosts network stack
when you now do docker run -p 3306:3306 percona it will bind 3306 on the osx-host-localhost, thus every other osx-tool trying to attach to localhost:3306 will work ( very useful ) just as you have been used to it when you installed mysql using brew install mysql or likewise
If you experience performance issues with code shares on OSX with docker containers, check http://docker-sync.io - it is compatible with docker-for-mac ( hint: i am biased on this one )
Export ports from the OSX-host to a containter
You do not really export anything in particular, you rather make them accessable as a whole from all containers ( all ports of the OSX-host-localhost)
If you want to attach to a port you offered on the OSX host, from within a container, e.g. during a xdebug session were your IDE listens on port 9000 on the OSX-host-localhost and the container running FPM/PHP should attach to this osx-localhost:9000 on the mac, you need to do this: https://gist.github.com/EugenMayer/3019516e5a3b3a01b6eac88190327e7c
So you create a dummy loopback ip, so you can access your OSX-host ports from without containers using 10.254.254.254:9000 - this is portable and basically gives you all you need to develop like you have used to
So one gives you the connectivity to container-exposed ports to apps running on the mac and trying to connect to localhost:port
And the second the inverse, if something in the container wants to attach to a port on the host.
One workaround, mentioned in "Bind container ports to the host" would be to use -P:
(or --publish-all=true|false) to docker run which is a blanket operation that identifies every port with an EXPOSE line in the image’s Dockerfile or --expose <port> commandline flag and maps it to a host port somewhere within an ephemeral port range.
The docker port command then needs to be used to inspect created mapping.
So if your app can use docker port <CONTAINER> to retrieve the mapped port, you can add as many containers as you want and get the mapped ports that way (without needed an "explicit -p command for each port").
Not sure if docker for mac can support bi-directional connection later https://forums.docker.com/t/will-docker-for-mac-support-bi-directional-connection-between-host-and-container-in-the-future/19871
I have two solution:
you can write a simple wrapper script and pass the port you want to expose to the script
use vagrant to start a virtual machine with network under control.
Overview:
Host: Mac OS X running boot2docker and Docker
Guest: Windows 7
The Problem:
For my web-development I have set up a docker container via boot2docker on OS X. Within OS X I can access my docker services via boot2docker.
Running boot2docker ip, I get:
The VM's Host only interface IP address is: 192.168.59.103
I am running a Django application on port 1234 (I have mapped the port 5000 on the docker image to port 1234 on my Mac) which I can access within OS X in an web-browser via the address 192.168.59.103:1234. Everything works fine in OS X.
Now I have to test the Web stuff on IE which is why I have downloaded IE8, IE10 and so forth via Microsofts modern.IE website. As a result I have some more VirtualBox images, which are running Windows 7 and come with the propriate IE version.
The question is now how to access the Docker container in those Windows instances to test it under several IE versions.
What I have done so far:
Idea 1
To access the Django application I have looked up my local IP address and tried to access it via NAT in the Windows guests. Given my local IP adress 192.168.178.24, I have tried to access 192.168.178.24:1234 from Windows. Although I can ping 192.168.178.24 from Windows, I do get only a timeout on the port 1234.
Idea 2
Boot2docker runs a VirtualBox machine called boot2docker-vm. It comes with two network adapters, NAT and a host-only adapter called vboxnet0. The latter has the address 192.168.59.3 (which is the one which boot2docker ip returns) with the network mask 255.255.255.0. It runs a DHCP-Server on Server Adress 192.168.59.99 which gives addresses from 192.168.59.103-254.
I have added a second network adapter for my Windows guest systems which can also access via a host-only adapter the network vboxnet0. When being connected to the network the Windows machines do get a valid IP and can ping the IP 192.168.59.103. But I cannot connect to my Django instance on port 1234. If I try to call 192.168.59.103:1234 within Windows, I get a timeout.
Why is it not possible to connect to the Django instance? Can you help me? Thanks in advance.
I have found a solution to my problem here.
To get access to the Django instance I had to open the port on the boot2docker-vm machine.
This can be done by either by boot2docker-vm → settings → Network → Adapter 1 (NAT) → Port Forwarding and add a new rule where Host IPand Guest IP can be left empty and Host Port and Guest Port should be set to 1234.
Another way to do so is executing the following command in the command line
VBoxManage modifyvm "boot2docker-vm" --natpf1 "tcp-port1234,tcp,,1234,,1234";
Of course this needs to be done for all ports, if more than one port is being used.