从另一个容器访问Docker容器 [英] accessing a docker container from another container

问题描述

我基于两个不同的映像创建了两个docker容器。一个数据库，另一个用于网络服务器。这两个容器都在我的Mac OS X上运行。

i created two docker containers based on two different images. one of db and another for webserver. both containers are running on my mac osx.

我可以从主机访问db容器，并且可以从主机访问Web服务器。

i can access db container from host machine and same way can access webserver from host machine.

但是，如何从Web服务器访问数据库连接？

however, how do i access db connection from webserver?

我启动数据库容器的方式是

the way i started db container is

docker run --name oracle-db -p 1521:1521 -p 5501:5500 oracle/database:12.1.0.2-ee

我将wls容器启动为

docker run --name oracle-wls -p 7001:7001 wls-image:latest

我可以通过连接到

sqlplus scott/welcome1@//localhost:1521/ORCLCDB

我可以通过以下方式访问主机上的wls

I can access wls on host as

http://localhost:7001/console

推荐答案

最简单的方法是使用--link，但是较新版本的docker正在逐渐远离实际上，该开关将很快被移除。

Easiest way is to use --link, however the newer versions of docker are moving away from that and in fact that switch will be removed soon.

下面的链接也很好地说明了如何连接两个容器。您可以跳过附加部分，因为这只是向图像添加项目的有用方法。

The link below offers a nice how too, on connecting two containers. You can skip the attach portion, since that is just a useful how to on adding items to images.

https://deis.com/blog/2016/connecting-docker-containers-1/

您感兴趣的部分是两个容器之间的通信。最简单的方法是从Web服务器容器中按名称引用数据库容器。

The part you are interested in is the communication between two containers. The easiest way, is to refer to the DB container by name from the webserver container.

示例：

您命名了db容器DB1和Web服务器容器WEB0。容器都应该在桥接网络上，这意味着Web容器应该能够通过引用其名称来连接到DB容器。

you named the db container DB1 and the webserver container WEB0. The containers should both be on the bridge network, which means the web container should be able to connect to the DB container by referring to it's name.

因此，如果您有一个应用程序的Web配置文件，然后对于数据库主机，将使用名称DB1。

So if you have a web config file for your app, then for DB host you will use the name DB1.

如果您使用的是较旧版本的docker，则应使用--link。

if you are using an older version of docker, then you should use --link.

示例：

步骤1： docker run --name db1 oracle / database ：12.1.0.2-ee

然后，当您启动Web应用程序时。使用：

then when you start the web app. use:

步骤2： docker run --name web0 --link db1 webapp / webapp：3.0

，网络应用将链接到数据库。但是，正如我所说的--link开关将很快被删除。

and the web app will be linked to the DB. However, as I said the --link switch will be removed soon.

我改用docker compose，它将为您建立一个网络。然而;您将需要为您的系统下载docker compose。 https://docs.docker.com/compose/install/#prerequisites

I'd use docker compose instead, which will build a network for you. However; you will need to download docker compose for your system. https://docs.docker.com/compose/install/#prerequisites

示例设置如下：

文件名是 base.yml

version: "2"
services:
  webserver:
    image: "moodlehq/moodle-php-apache:7.1
    depends_on:
      - db
    volumes:
      - "/var/www/html:/var/www/html"
      - "/home/some_user/web/apache2_faildumps.conf:/etc/apache2/conf-enabled/apache2_faildumps.conf"
    environment:
      MOODLE_DOCKER_DBTYPE: pgsql
      MOODLE_DOCKER_DBNAME: moodle
      MOODLE_DOCKER_DBUSER: moodle
      MOODLE_DOCKER_DBPASS: "m@0dl3ing"
      HTTP_PROXY: "${HTTP_PROXY}"
      HTTPS_PROXY: "${HTTPS_PROXY}"
      NO_PROXY: "${NO_PROXY}"
  db:
    image: postgres:9
    environment:
      POSTGRES_USER: moodle
      POSTGRES_PASSWORD: "m@0dl3ing"
      POSTGRES_DB: moodle
      HTTP_PROXY: "${HTTP_PROXY}"
      HTTPS_PROXY: "${HTTPS_PROXY}"
      NO_PROXY: "${NO_PROXY}"

这将为网络命名一个通用名称，我不记得那个名字是什么，除非您可以使用--name开关。

this will name the network a generic name, I can't remember off the top of my head what that name is, unless you use the --name switch.

IE docker-compose --name setup1 up base.yml

注意：如果使用--name开关，则在调用docker compose时将需要使用它，因此 docker-compose --name setup1这样，您可以拥有一个以上的webserver和db实例，在这种情况下，docker知道您要针对哪个实例运行命令；并且因此您可以一次运行多个。如果要在同一服务器上并行运行测试，则非常适合CI / CD。

NOTE: if you use the --name switch, you will need to use it when ever calling docker compose, so docker-compose --name setup1 down this is so you can have more then one instance of webserver and db, and in this case, so docker compose knows what instance you want to run commands against; and also so you can have more then one running at once. Great for CI/CD, if you are running test in parallel on the same server.

Docker compose也具有与docker相同的命令，因此 docker-compose --name setup1 exec webserver do_some_command

Docker compose also has the same commands as docker so docker-compose --name setup1 exec webserver do_some_command

最好的部分是，如果您想更改数据库或类似的东西用于单元测试，则可以在up命令中包含一个附加的.yml文件，它将覆盖所有类似的项目名称，我认为它是键=>值替换。

best part is, if you want to change db's or something like that for unit test you can include an additional .yml file to the up command and it will overwrite any items with similar names, I think of it as a key=>value replacement.

示例：

db.yml

version: "2"
services:
  webserver:
    environment:
      MOODLE_DOCKER_DBTYPE: oci
      MOODLE_DOCKER_DBNAME: XE
  db:
    image: moodlehq/moodle-db-oracle

然后调用 docker-compose --name setup1 up base.yml db.yml

这将覆盖数据库。使用不同的设置。当需要从每个容器连接到这些服务时，可以使用在服务下设置的名称，在本例中为webserver和db。

This will overwrite the db. with a different setup. When needing to connect to these services from each container, you use the name set under service, in this case, webserver and db.

在您的情况下，这实际上可能是更有用的设置。由于您可以在yml文件中设置所需的所有变量，并在需要启动时为docker compose运行命令。因此，多启动它，然后忘记它的设置。

I think this might actually be a more useful setup in your case. Since you can set all the variables you need in the yml files and just run the command for docker compose when you need them started. So a more start it and forget it setup.

注意：我没有使用-port 命令，因为容器不需要暴露端口， >容器通讯。仅当您希望主机从主机外部连接到容器或应用程序时才需要它。如果公开端口，则该端口对主机允许的所有通信开放。因此，在端口80上公开Web与在物理主机上启动Web服务器相同，并且如果主机允许，则将允许外部连接。另外，如果您出于某种原因想要一次运行一个Web应用程序，则无论出于何种原因，如果您也尝试在该端口上进行公开，则暴露端口80将阻止您运行其他Web应用程序。因此，对于CI / CD，最好根本不公开端口，如果将docker compose与--name开关配合使用，则所有容器都将位于其自己的网络上，因此它们不会发生冲突。因此，您几乎会有一个容器容器。

NOTE: I did not use the --port command, since exposing the ports is not needed for container->container communication. It is needed only if you want the host to connect to the container, or application from outside of the host. If you expose the port, then the port is open to all communication that the host allows. So exposing web on port 80 is the same as starting a webserver on the physical host and will allow outside connections, if the host allows it. Also, if you are wanting to run more then one web app at once, for whatever reason, then exposing port 80 will prevent you from running additional webapps if you try exposing on that port as well. So, for CI/CD it is best to not expose ports at all, and if using docker compose with the --name switch, all containers will be on their own network so they wont collide. So you will pretty much have a container of containers.

更新：在进一步使用了功能并了解其他人如何为诸如詹金斯之类的CICD程序做完之后。网络也是可行的解决方案。

UPDATE: After using features further and seeing how others have done it for CICD programs like Jenkins. Network is also a viable solution.

示例：

docker network create test_network

上述命令将创建一个 test_network，您也可以附加其他容器。通过-network 开关运算符可以轻松实现。

The above command will create a "test_network" which you can attach other containers too. Which is made easy with the --network switch operator.

示例：

docker run \
    --detach \
    --name DB1 \
    --network test_network \
    -e MYSQL_ROOT_PASSWORD="${DBPASS}" \
    -e MYSQL_DATABASE="${DBNAME}" \
    -e MYSQL_USER="${DBUSER}" \
    -e MYSQL_PASSWORD="${DBPASS}" \
    --tmpfs /var/lib/mysql:rw \
    mysql:5

当然，如果您具有代理网络设置，则仍应使用 -e或 --env-file开关语句将这些设置传递到容器中。因此，容器可以与Internet通信。 Docker表示代理设置应由较新版本的Docker容器吸收；但是，我还是把它们当作习惯来传递。这是即将消失的 --link开关的替代品。将容器连接到您创建的网络后，您仍然可以使用容器的名称来引用其他容器中的那些容器。根据上面的示例，它将是DB1。您只需要确保所有容器都连接到同一网络，就可以了。

Of course, if you have proxy network settings you should still pass those into the containers using the "-e" or "--env-file" switch statements. So the container can communicate with the internet. Docker says the proxy settings should be absorbed by the container in the newer versions of docker; however, I still pass them in as an act of habit. This is the replacement for the "--link" switch which is going away. Once the containers are attached to the network you created you can still refer to those containers from other containers using the 'name' of the container. Per the example above that would be DB1. You just have to make sure all containers are connected to the same network, and you are good to go.

有关在cicd管道中使用网络的详细示例，您可以参考以下链接：
https://git.in.moodle.com/integration/nightlyscripts/blob/master/runner/master /run.sh

For a detailed example of using network in a cicd pipeline, you can refer to this link: https://git.in.moodle.com/integration/nightlyscripts/blob/master/runner/master/run.sh

这是Jenkins中运行的用于Moodle大规模集成测试的脚本，但是该想法/示例可以在任何地方使用。我希望这对其他人有帮助。

Which is the script that is ran in Jenkins for a huge integration tests for Moodle, but the idea/example can be used anywhere. I hope this helps others.

这篇关于从另一个容器访问Docker容器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！