如何连接到在 Ubuntu 主机上运行的远程 docker
[英]How to connect to remote docker running on Ubuntu host
问题描述
I installed docker on an Ubuntu 16.04 following the official directions and am successfully running the registry as a container.
我按照官方说明在 Ubuntu 16.04 上安装了 docker,并且成功地将注册表作为容器运行。 I want to remote connect into another container, so I try:我想远程连接到另一个容器,所以我尝试:
docker -H tcp://1.2.3.4:2375 exec -it 19f36d1bdfaf /bin/bash
And I get an error:我收到一个错误:
error during connect: Post http://1.2.3.4:2375/v1.29/containers/19f36d1bdfaf/exec : dial tcp 1.2.3.4:2375: connectex: No connection could be made because the target machine actively refused it.
Why am I getting this error and how do I resolve it?为什么我会收到此错误以及如何解决?
The docker.json file has contents: docker.json 文件包含以下内容:
{
"hosts": [
"tcp://0.0.0.0:2375",
"npipe://"
]
}
When I view the services it looks like the daemon is not listening on tcp://0.0.0.0:2375 as I would expect (this is just for testing, I'm going to secure this once I can get it actually working):当我查看服务时,看起来守护进程没有像我期望的那样监听 tcp://0.0.0.0:2375(这只是为了测试,一旦我可以让它实际工作,我将确保它的安全):
UPDATE:更新:
Got it to partially work by creating a daemon.json file (a copy of docker.json), then running:通过创建 daemon.json 文件(docker.json 的副本),然后运行:
sudo dockerd
The problem with this is that now the client does not work: docker info results in an error:这样做的问题是现在客户端不起作用: docker info导致错误:
Cannot connect to the Docker daemon at unix:///var/run/docker.sock.
UPDATE and SOLUTION: Andreas' answer helped me realize the daemon was not being run properly.更新和解决方案:安德烈亚斯的回答帮助我意识到守护进程没有正常运行。 Looking at that screenshot earlier in this post, the docker daemon was not being launched with the right -H option.查看本文前面的截图,docker 守护进程没有使用正确的 -H 选项启动。 I then foundthis Github issue which solved the problem.然后我发现了这个 Github issue解决了这个问题。 So all that was needed was:所以只需要:
- Edit the $DOCKER_OPTS variable in /etc/default/docker:
DOCKER_OPTS="-H tcp://0.0.0.0:2375"(note that this is not very secure, it's just for testing)编辑/etc/default/docker中的$DOCKER_OPTS变量: DOCKER_OPTS="-H tcp://0.0.0.0:2375"(注意这不是很安全,只是为了测试) - Edit the /lib/systemd/system/docker.service file by adding a line under
[Service]for the EnvironmentFile:EnvironmentFile=-/etc/default/dockerthen update the ExecStart line:ExecStart=/usr/bin/dockerd $DOCKER_OPTS -H fd://通过在[Service]为 EnvironmentFile 添加一行来编辑 /lib/systemd/system/docker.service 文件:EnvironmentFile=-/etc/default/dockerdocker 然后更新 ExecStart 行:ExecStart=/usr/bin/dockerd $DOCKER_OPTS -H fd:// - Restart the service
sudo service docker restart重启服务sudo service docker restart - Restart the daemon with
systemctl daemon-reload使用systemctl daemon-reload重启守护systemctl daemon-reload
Note that I did not add a daemon.json file -- I left the existing docker.json file.请注意,我没有添加daemon.json文件——我保留了现有的docker.json文件。
2 个解决方案
解决方案1
4 2017-04-18 20:49:26
By default the docker daemon isn't exposed to the outside world for security reasons.默认情况下,出于安全原因,docker 守护进程不会暴露给外界。 You can of course change this setting when starting your docker daemon with the -H flag.您当然可以在使用-H标志启动 docker 守护程序时更改此设置。
To test it out, you can simply start your daemon manually (be sure to stop the service before).要测试它,您可以简单地手动启动您的守护程序(请务必先停止该服务)。 Assuming 1.2.3.4 is the ip of the host running the daemon you want to connect to.假设 1.2.3.4 是运行要连接的守护程序的主机的 IP。
<path to>/dockerd -H tcp://1.2.3.4:2375
Or you bind it to all network interfaces:或者您将其绑定到所有网络接口:
<path to>/dockerd -H tcp://0.0.0.0:2375
You can provide more than one -H option here to not disable the unix socket when binding to the tcp socket.您可以在此处提供多个-H选项,以便在绑定到 tcp 套接字时不禁用 unix 套接字。 For details on the daemon binding options, please see the docs (Bind Docker to another host/port or a Unix socket) .有关守护进程绑定选项的详细信息,请参阅文档(将 Docker 绑定到另一个主机/端口或 Unix 套接字) 。
To have this permanently, you can configure your daemon startup settings in a daemon.json file where you can also specify an array of hosts.要永久使用它,您可以在daemon.json文件中配置守护程序启动设置,您还可以在其中指定主机数组。 Please see the docs (Configure the Docker daemon) and Linux configuration File for this, too.请参阅文档(配置 Docker 守护程序)和Linux 配置文件。
{
"hosts": [
"tcp://0.0.0.0:2375",
"unix:///var/run/docker.sock"
]
}
You can provide a list of entries for hosts , so your daemon can listen to tcp and the unix socket at the same time.您可以为hosts提供一个条目列表,以便您的守护进程可以同时侦听 tcp 和 unix 套接字。
Please be aware that by just binding to tcp 0.0.0.0 anyone that is able to reach your machine is also able to start containers remotely and thus is almost able to do anything on your system like with a really bad root user password.请注意,只要绑定到 tcp 0.0.0.0,任何能够访问您机器的人也可以远程启动容器,因此几乎可以在您的系统上执行任何操作,例如使用非常糟糕的 root 用户密码。 You should only do this for testing or in an environment that is isolated / firewalled correctly.您应该仅在测试或在正确隔离/防火墙的环境中执行此操作。
解决方案2
2 已采纳 2017-04-19 13:10:20
Andreas' answer helped me realize the daemon was not being run properly. Andreas 的回答帮助我意识到守护进程没有正常运行。 Looking at that screenshot earlier in this post, the docker daemon was not being launched with the right -H option.查看本文前面的截图,docker 守护进程没有使用正确的 -H 选项启动。 I then foundthis Github issue which solved the problem.然后我发现了这个 Github issue解决了这个问题。 So all that was needed was:所以只需要:
- Edit the $DOCKER_OPTS variable in /etc/default/docker:
DOCKER_OPTS="-H tcp://0.0.0.0:2375"(note that this is not very secure, it's just for testing)编辑/etc/default/docker中的$DOCKER_OPTS变量: DOCKER_OPTS="-H tcp://0.0.0.0:2375"(注意这不是很安全,只是为了测试) - Edit the /lib/systemd/system/docker.service file by adding a line under
[Service]for the EnvironmentFile:EnvironmentFile=-/etc/default/dockerthen update the ExecStart line:ExecStart=/usr/bin/dockerd $DOCKER_OPTS -H fd://通过在[Service]为 EnvironmentFile 添加一行来编辑 /lib/systemd/system/docker.service 文件:EnvironmentFile=-/etc/default/dockerdocker 然后更新 ExecStart 行:ExecStart=/usr/bin/dockerd $DOCKER_OPTS -H fd:// - Restart the service
sudo service docker restart重启服务sudo service docker restart
Note that I did not add a daemon.json file -- I left the existing docker.json file.请注意,我没有添加daemon.json文件——我保留了现有的docker.json文件。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.