logo标签列表

连接到远程Docker守护程序

dockerubuntucontainersvirtualboxfirewall
4

我已经安装了VirtualBox并在VirtualBox虚拟机中安装了Ubuntu服务器版本。我的宿主机是Windows 10。

我还在我的Windows宿主机上安装了Docker。 我的意图是在Windows上使用docker CLI连接到VM内部的docker daemon(服务器)。

我已经在Ubuntu VM中进行了更改,并使其监听端口2375。

tcp        0      0 127.0.0.1:2375          0.0.0.0:*                LISTEN 2305/dockerd

我在我的Windows主机上设置了环境变量DOCKER_HOST为虚拟机的IP地址和端口。

 set DOCKER_HOST=tcp://192.168.56.107:2375

我的Windows机器IP地址是192.168.56.1,ping测试正常。

Pinging 192.168.56.107 with 32 bytes of data:
Reply from 192.168.56.107: bytes=32 time<1ms TTL=64
Reply from 192.168.56.107: bytes=32 time<1ms TTL=64

但是当我尝试从我的Windows电脑连接时,会出现以下错误:
error during connect: Get http://192.168.56.107:2375/v1.27/info: dial tcp 192.168.56.107:2375: connectex: No connection could be made because the target machine actively refused it.

请查看Docker信息输出:
controller@ubuntuserver:~$ docker info
Containers: 4
 Running: 0
 Paused: 0
 Stopped: 4
Images: 2
Server Version: 18.09.6
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: bb71b10fd8f58240ca47fbb579b9d1028eea7c84
runc version: 2b18fe1d885ee5083ef9f0838fee39b62d653e30
init version: fec3683
Security Options:
 apparmor
 seccomp
  Profile: default
Kernel Version: 4.15.0-50-generic
Operating System: Ubuntu 18.04.2 LTS
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 7.79GiB
Name: ubuntuserver
ID: AWDW:34ET:4J2J:2NWB:UPK7:EQHB:W64E:22AT:W6J4:BMRD:NDO6:CNR2
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine

WARNING: API is accessible on http://127.0.0.1:2375 without encryption.
         Access to the remote API is equivalent to root access on the host. Refer
         to the 'Docker daemon attack surface' section in the documentation for
         more information: https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface
WARNING: No swap limit support

 cat /lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
BindsTo=containerd.service
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket

[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0:2375 --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always

# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3

# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s

# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity

# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this option.
TasksMax=infinity

# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes

# kill only the docker process, not all processes in the cgroup
KillMode=process

[Install]
WantedBy=multi-user.target

你能帮我解决这个问题吗?
2个回答
11
您需要在Ubuntu服务器中配置Docker守护进程以接受tcp连接。 默认情况下,Docker侦听Unix套接字/var/run/docker.sock。 要配置您的守护程序,您可以查看此处的文档(链接)
逐步配置(在此示例中,所有操作都在Ubuntu VM上执行): 配置守护程序
在Ubuntu上,默认情况下您正在使用systemd。您需要编辑配置文件(通常位于/lib/systemd/system/docker.service):
[Service]
ExecStart=/usr/bin/dockerd --containerd=/run/containerd/containerd.sock -H tcp://0.0.0.0:2375

通过这个例子,Docker守护进程不再监听Unix套接字。它只会监听来自本地主机的TCP调用。
重新启动守护进程:

$> sudo systemctl daemon-reload
$> sudo systemctl restart docker.service

配置客户端(仍在虚拟机上)
重启守护程序后,您的Docker客户端将不再工作(因为您刚刚告诉客户端只侦听tcp连接)。因此,如果您运行docker image ls,它应该不会响应。为了使客户端正常工作,您需要告诉它要连接哪个服务器:

$> export DOCKER_HOST="tcp://0.0.0.0:2375"

现在,您的客户端应该能够连接到守护程序(即:docker image ls 应该打印出所有的镜像)。

这在您的Ubuntu服务器上应该可以正常工作。您只需要在Windows上应用相同的客户端配置。如果在Windows上无法正常工作,则意味着有其他东西阻止了流量(可能是防火墙)。

希望这能帮助到您。

感谢Marc提供的详细步骤。我已经进行了更改。如果我连接到本地主机,我可以获得docker输出,但是如果我使用同一台VM机器的IP地址(其中运行着docker CLI),则无法连接:controller@ubuntuserver:~$ docker -H 192.168.56.107:2375 ps Cannot connect to the Docker daemon at tcp://192.168.56.107:2375. Is the docker daemon running? controller@ubuntuserver:~$ docker -H localhost:2375 ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - SRaj
下面是截断的“ifconfig”输出: enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.56.107 netmask 255.255.255.0 broadcast 192.168.56.255 inet6 fe80::a00:27ff:fe70:dff2 prefixlen 64 scopeid 0x20<link> - SRaj
但奇怪的是,似乎没有防火墙或其他阻止它的东西。如果我在Docker中启动服务器(例如WordPress网站),我可以使用主机和虚拟机的IP访问它。我怀疑虚拟机本身可能会阻止对Docker服务器的访问(我使用Virtualbox VM的6.0版本)。 - SRaj
Marc,我在问题上方粘贴了docker info的输出。由于有字符限制,我无法在此处粘贴它。非常感谢你帮助我解决这个问题所花费的时间。 - SRaj
错误来自于您的守护进程配置。这一行是错误的:ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0:2375 ... 您需要将 0.0.0.0:2375 替换为您的 IP 地址。 - Marc ABOUCHACRA
显示剩余14条评论
0

可能您的服务器ICMP协议已被禁止,请通过以下命令进行检查:

iptables -L INPUT --line-numbers

如果终端显示:

result

通过 cmd 删除此记录

iptables -D INPUT 7

希望这能有所帮助。
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接