我怎么能从我的主机 ping 我的 docker 容器 [英] How could I ping my docker container from my host

问题描述

我在我的 mac 上创建了一个 ubuntu docker 容器

I have created a ubuntu docker container on my mac

CONTAINER ID  IMAGE   COMMAND      CREATED         STATUS         PORTS                 NAMES
5d993a622d23  ubuntu  "/bin/bash"  42 minutes ago  Up 42 minutes  0.0.0.0:123->123/tcp  kickass_ptolemy

我将端口设置为 123.

I set port as 123.

我的容器IP是172.17.0.2

docker inspect 5d993a622d23 | grep IP
"LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "172.17.0.2",
            "IPPrefixLen": 16,
            "IPv6Gateway": "",
                    "IPAMConfig": null,
                    "IPAddress": "172.17.0.2",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,

在我的 Mac 上，我尝试 ping 我的容器，

On my Mac I try to ping my container,

Ping 172.17.0.2，我收到 icmp_seq 0 的请求超时....

Ping 172.17.0.2, I got Request timeout for icmp_seq 0....

我该怎么办?所以我的本地机器可以ping我安装的容器.我是不是在我的容器上安装了一些应用程序，这是一个普通的 ubuntu 系统?

What should I do? So my local machine can ping the container I installed. Did I missing some app installation on my container, which is a plain ubuntu system?

推荐答案

你无法使用 Docker for Mac 直接 ping 或访问容器接口.

当前最好的解决方案是从以下位置连接到您的容器另一个容器.目前我们没有办法提供路由由于 Apple 尚未解决的 OSX 问题，这些容器解决.我们正在跟踪此要求，但我们无能为力目前关于它.

The current best solution is to connect to your containers from another container. At present there is no way we can provide routing to these containers due to issues with OSX that Apple have not yet resolved. we are tracking this requirement, but we cannot do anything about it at present.

Docker 工具箱/虚拟箱

当运行 Docker Toolbox、Docker Machine 通过 VirtualBox 或任何 VirtualBox VM(如 一个 Vagrant 定义) 您可以设置一个 Host-Only Network" 并访问Docker 虚拟机网络通过它.

Docker Toolbox/VirtualBox

When running Docker Toolbox, Docker Machine via VirtualBox or any VirtualBox VM (like a Vagrant definition) you can setup a "Host-Only Network" and access the Docker VMs network via that.

如果您使用的是 default boot2docker VM，请不要更改现有接口，因为您将停止大量 Docker 实用程序的工作，请添加新接口.

If you are using the default boot2docker VM, don't change the existing interface as you will stop a whole lot of Docker utilities from working, add a new interface.

您还需要通过虚拟机的新 IP 地址设置从 Mac 到容器网络的路由.在我的例子中，Docker 网络范围是 172.22.0.0/16，VM 上的 Host Only 适配器 IP 是 192.168.99.100.

You will also need to setup routing from your Mac to the container networks via your VM's new IP address. In my case the Docker network range is 172.22.0.0/16 and the Host Only adapter IP on the VM is 192.168.99.100.

sudo route add 172.22.0.0/16 192.168.99.100

添加永久路由到osx 有点复杂

然后你可以从你的 Mac 访问容器

Then you can get to containers from your Mac

machost:~ ping -c 1 172.22.0.2
PING 172.22.0.2 (172.22.0.2): 56 data bytes
64 bytes from 172.22.0.2: icmp_seq=0 ttl=63 time=0.364 ms

--- 172.22.0.2 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.364/0.364/0.364/0.000 ms

Vagrant + Ansible 设置

这是我的运行配置...

Vagrant + Ansible setup

Here's my running config...

Vagrant.configure("2") do |config|
  config.vm.box = "debian/contrib-buster64"
  config.vm.hostname = "docker"
  config.vm.network "private_network", ip: "10.7.7.7", hostname: true
  config.vm.provider "virtualbox" do |vb|
    vb.gui = false
    vb.memory = "4000"
    vb.cpus = "4"
  end
  config.vm.provision "ansible" do |ansible|
    ansible.verbose = "v"
    ansible.playbook = "tasks.yaml"
  end
end

ansible tasks.yaml 配置固定网络.

The ansible tasks.yaml to configure a fixed network.

- hosts: all
  become: yes
  vars:
    ansible_python_interpreter: auto_silent
    docker_config:
      bip: 10.7.2.1/23
      host: ["tcp://10.7.7.7:2375"]
      userland-proxy: false
  tasks:

  - ansible.builtin.apt:
      update_cache: yes
      force_apt_get: yes
      pkg:
      - bridge-utils
      - docker.io
      - python3-docker
      - python-docker
      - iptables-persistent

  - ansible.builtin.hostname:
      name: docker

  - ansible.builtin.copy:
      content: "{{ docker_config | to_json }}"
      dest: /etc/docker/daemon.json

  - ansible.builtin.lineinfile:
      line: 'DOCKER_OPTS="{% for host in docker_config.host %} -H {{ host }} {% endfor %}"'
      regexp: '^DOCKER_OPTS='
      path: /etc/default/docker

  - ansible.builtin.systemd:
      name: docker.service
      state: restarted
  
  - ansible.builtin.iptables:
      action: insert
      chain: DOCKER-USER
      destination: 10.7.2.0/23
      in_interface: eth1
      out_interface: docker0
      jump: ACCEPT
  - ansible.builtin.shell: iptables-save > /etc/iptables/rules.v4

通过VM添加docker bridge网络到mac的路由

Add the route for the docker bridge network via the VM to the mac

$ sudo /sbin/route -n -v add -net 10.7.2.0/23 10.7.7.7

然后在环境中设置DOCKER_HOST=10.7.7.7以使用新的VM.

Then set DOCKER_HOST=10.7.7.7 in the environment to use the new VM.

$ export DOCKER_HOST=10.7.7.7 
$ docker run --name route_test --rm -d node:14-slim node -e "require('http').createServer((req, res) => {
 res.writeHead(200, {'Content-Type':'text/plain'})
 res.end('hello')
}).listen(3000)"
$ docker container inspect route_test -f '{{ .NetworkSettings.Networks.bridge.IPAddress }}'
$ curl http://10.7.2.3:3000
hello
$ docker rm -f route_test

您不会将卷从主机映射到虚拟机，但作为奖励，它使用的 CPU 比 Docker 2.5.x 版本少得多.

You don't get volumes mapped from the host to the vm, but as a bonus it uses a lot less cpu than the Docker 2.5.x release.

这篇关于我怎么能从我的主机 ping 我的 docker 容器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！