连接到远程 Docker 守护进程
Connecting to a Remote Docker Daemon
我已经安装了VirtualBox,并且在VirtualBox VM中安装了Ubuntu服务器版本。我的主机是Windows10.
我还在主机 Windows 框中安装了 Docker。我的意图是使用 Windows 中的 docker CLI 连接到 VM 内的 docker 守护程序(服务器)。
我已经在 Ubuntu VM 中进行了更改,它正在侦听端口 2375。
tcp 0 0 127.0.0.1:2375 0.0.0.0:* LISTEN 2305/dockerd
另外,我在主机(Windows)中设置了环境变量DOCKER_HOST为虚拟机IP和端口。
set DOCKER_HOST=tcp://192.168.56.107:2375
我的 Windows 机器 IP 是 192.168.56.1 并且 ping 正常。
Pinging 192.168.56.107 with 32 bytes of data:
Reply from 192.168.56.107: bytes=32 time<1ms TTL=64
Reply from 192.168.56.107: bytes=32 time<1ms TTL=64
但是当我尝试从我的 Windows 机器连接时,出现以下错误:
error during connect: Get http://192.168.56.107:2375/v1.27/info: dial tcp 192.168.56.107:2375: connectex: No connection could be made because the target machine actively refused it.
请查找docker信息输出:
controller@ubuntuserver:~$ docker info
Containers: 4
Running: 0
Paused: 0
Stopped: 4
Images: 2
Server Version: 18.09.6
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: bb71b10fd8f58240ca47fbb579b9d1028eea7c84
runc version: 2b18fe1d885ee5083ef9f0838fee39b62d653e30
init version: fec3683
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.15.0-50-generic
Operating System: Ubuntu 18.04.2 LTS
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 7.79GiB
Name: ubuntuserver
ID: AWDW:34ET:4J2J:2NWB:UPK7:EQHB:W64E:22AT:W6J4:BMRD:NDO6:CNR2
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine
WARNING: API is accessible on http://127.0.0.1:2375 without encryption.
Access to the remote API is equivalent to root access on the host. Refer
to the 'Docker daemon attack surface' section in the documentation for
more information: https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface
WARNING: No swap limit support
cat /lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
BindsTo=containerd.service
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0:2375 --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3
# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this option.
TasksMax=infinity
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
[Install]
WantedBy=multi-user.target
你能帮我解决这个问题吗?
您需要在 ubuntu 服务器中配置 Docker 守护程序,以便它接受 tcp 连接。
默认情况下 Docker 监听 unix 套接字 /var/run/docker.sock。
要配置您的守护进程,您可以查看文档 here
Step-by-step 配置(在这个例子中,一切都在 Ubuntu VM 上完成):
配置守护进程
在 Ubuntu,默认情况下您使用的是 systemd。您需要编辑配置文件(通常位于/lib/systemd/system/docker.service):
[Service]
ExecStart=/usr/bin/dockerd --containerd=/run/containerd/containerd.sock -H tcp://0.0.0.0:2375
在这个例子中,Docker 守护进程不再监听 unix 套接字。它只监听来自本地主机的 tcp 调用。
重启守护进程:
$> sudo systemctl daemon-reload
$> sudo systemctl restart docker.service
配置客户端(仍在虚拟机上)
重新启动守护程序后,您的 docker 客户端不再工作(因为您刚刚告诉客户端只监听 tcp 连接)。因此,如果您执行 docker image ls 它不应该响应。为了让您的客户端工作,您需要告诉它连接到哪个服务器:
$> export DOCKER_HOST="tcp://0.0.0.0:2375"
现在,您的客户端应该能够连接到守护程序(即:docker image ls 应该打印所有图像)
这应该可以在您的 Ubuntu 服务器上正常工作。您只需要在 Windows 上应用相同的客户端配置。如果它在 Windows 上不起作用,则意味着有其他东西阻止了流量(可能是防火墙)。
希望对您有所帮助。
我已经安装了VirtualBox,并且在VirtualBox VM中安装了Ubuntu服务器版本。我的主机是Windows10.
我还在主机 Windows 框中安装了 Docker。我的意图是使用 Windows 中的 docker CLI 连接到 VM 内的 docker 守护程序(服务器)。
我已经在 Ubuntu VM 中进行了更改,它正在侦听端口 2375。
tcp 0 0 127.0.0.1:2375 0.0.0.0:* LISTEN 2305/dockerd
另外,我在主机(Windows)中设置了环境变量DOCKER_HOST为虚拟机IP和端口。
set DOCKER_HOST=tcp://192.168.56.107:2375
我的 Windows 机器 IP 是 192.168.56.1 并且 ping 正常。
Pinging 192.168.56.107 with 32 bytes of data:
Reply from 192.168.56.107: bytes=32 time<1ms TTL=64
Reply from 192.168.56.107: bytes=32 time<1ms TTL=64
但是当我尝试从我的 Windows 机器连接时,出现以下错误:
error during connect: Get http://192.168.56.107:2375/v1.27/info: dial tcp 192.168.56.107:2375: connectex: No connection could be made because the target machine actively refused it.
请查找docker信息输出:
controller@ubuntuserver:~$ docker info
Containers: 4
Running: 0
Paused: 0
Stopped: 4
Images: 2
Server Version: 18.09.6
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: bb71b10fd8f58240ca47fbb579b9d1028eea7c84
runc version: 2b18fe1d885ee5083ef9f0838fee39b62d653e30
init version: fec3683
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.15.0-50-generic
Operating System: Ubuntu 18.04.2 LTS
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 7.79GiB
Name: ubuntuserver
ID: AWDW:34ET:4J2J:2NWB:UPK7:EQHB:W64E:22AT:W6J4:BMRD:NDO6:CNR2
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine
WARNING: API is accessible on http://127.0.0.1:2375 without encryption.
Access to the remote API is equivalent to root access on the host. Refer
to the 'Docker daemon attack surface' section in the documentation for
more information: https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface
WARNING: No swap limit support
cat /lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
BindsTo=containerd.service
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0:2375 --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3
# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this option.
TasksMax=infinity
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
[Install]
WantedBy=multi-user.target
你能帮我解决这个问题吗?
您需要在 ubuntu 服务器中配置 Docker 守护程序,以便它接受 tcp 连接。
默认情况下 Docker 监听 unix 套接字 /var/run/docker.sock。
要配置您的守护进程,您可以查看文档 here
Step-by-step 配置(在这个例子中,一切都在 Ubuntu VM 上完成):
配置守护进程
在 Ubuntu,默认情况下您使用的是 systemd。您需要编辑配置文件(通常位于/lib/systemd/system/docker.service):
[Service]
ExecStart=/usr/bin/dockerd --containerd=/run/containerd/containerd.sock -H tcp://0.0.0.0:2375
在这个例子中,Docker 守护进程不再监听 unix 套接字。它只监听来自本地主机的 tcp 调用。
重启守护进程:
$> sudo systemctl daemon-reload
$> sudo systemctl restart docker.service
配置客户端(仍在虚拟机上)
重新启动守护程序后,您的 docker 客户端不再工作(因为您刚刚告诉客户端只监听 tcp 连接)。因此,如果您执行 docker image ls 它不应该响应。为了让您的客户端工作,您需要告诉它连接到哪个服务器:
$> export DOCKER_HOST="tcp://0.0.0.0:2375"
现在,您的客户端应该能够连接到守护程序(即:docker image ls 应该打印所有图像)
这应该可以在您的 Ubuntu 服务器上正常工作。您只需要在 Windows 上应用相同的客户端配置。如果它在 Windows 上不起作用,则意味着有其他东西阻止了流量(可能是防火墙)。
希望对您有所帮助。