连接到远程 Docker 守护进程 [英] Connecting to a Remote Docker Daemon

问题描述

我已经安装了 VirtualBox 并在 VirtualBox VM 中安装了 Ubuntu 服务器版本.我的主机是 Windows 10.

I have installed VirtualBox and installed Ubuntu server version in VirtualBox VM. My host machine is Windows 10.

我还在我的主机 Windows 框中安装了 Docker.我的目的是使用 Windows 中的 docker CLI 连接到 VM 内的 docker daemon(服务器).

I have also installed Docker in my host Windows box. My intention is to use the docker CLI in Windows to connect to docker daemon (server) inside the VM.

我在 Ubuntu VM 中进行了更改，它正在侦听端口 2375.

I have made the changes in the Ubuntu VM and it is listening at port 2375.

tcp        0      0 127.0.0.1:2375          0.0.0.0:*                LISTEN 2305/dockerd

此外，我已将主机(Windows)中的环境变量 DOCKER_HOST 设置为 VM 机器 IP 和端口.

Also I have set the environment variable DOCKER_HOST in my host(Windows) to the VM machine IP and port.

 set DOCKER_HOST=tcp://192.168.56.107:2375

我的 Windows 机器 IP 是 192.168.56.1，ping 工作正常.

My Windows machine IP is 192.168.56.1 and the ping is working fine.

Pinging 192.168.56.107 with 32 bytes of data:
Reply from 192.168.56.107: bytes=32 time<1ms TTL=64
Reply from 192.168.56.107: bytes=32 time<1ms TTL=64

但是当我尝试从我的 Windows 机器连接时，它给出了以下错误:

But when I try to connect from my Windows machine, it gives the following error:

error during connect: Get http://192.168.56.107:2375/v1.27/info: dial tcp 192.168.56.107:2375: connectex: No connection could be made because the target machine actively refused it.

请找到 docker info 输出:

Please find docker info output:

controller@ubuntuserver:~$ docker info
Containers: 4
 Running: 0
 Paused: 0
 Stopped: 4
Images: 2
Server Version: 18.09.6
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: bb71b10fd8f58240ca47fbb579b9d1028eea7c84
runc version: 2b18fe1d885ee5083ef9f0838fee39b62d653e30
init version: fec3683
Security Options:
 apparmor
 seccomp
  Profile: default
Kernel Version: 4.15.0-50-generic
Operating System: Ubuntu 18.04.2 LTS
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 7.79GiB
Name: ubuntuserver
ID: AWDW:34ET:4J2J:2NWB:UPK7:EQHB:W64E:22AT:W6J4:BMRD:NDO6:CNR2
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine

WARNING: API is accessible on http://127.0.0.1:2375 without encryption.
         Access to the remote API is equivalent to root access on the host. Refer
         to the 'Docker daemon attack surface' section in the documentation for
         more information: https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface
WARNING: No swap limit support

<小时>

 cat /lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
BindsTo=containerd.service
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket

[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0:2375 --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always

# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3

# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s

# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity

# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this option.
TasksMax=infinity

# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes

# kill only the docker process, not all processes in the cgroup
KillMode=process

[Install]
WantedBy=multi-user.target

<小时>

你能帮我解决这个问题吗?

---

Can you please help me to resolve this?

推荐答案

您需要在 ubuntu 服务器中配置 Docker 守护进程，以便它接受 tcp 连接.默认情况下，Docker 侦听 unix 套接字 /var/run/docker.sock.要配置您的守护进程，您可以查看文档 here

You need to configure the Docker daemon in your ubuntu server in order for it to accept tcp connection. By default Docker listen on the unix socket /var/run/docker.sock. To configure your daemon, you can have a look at the documentation here

分步配置(在本例中，一切都在 Ubuntu VM 上完成):

Step-by-step configuration (in this example, everything is done on the Ubuntu VM) :

配置守护进程
在 Ubuntu 上，默认情况下您使用的是 systemd.您需要编辑配置文件(通常位于/lib/systemd/system/docker.service):

[Service]
ExecStart=/usr/bin/dockerd --containerd=/run/containerd/containerd.sock -H tcp://0.0.0.0:2375

在这个例子中，Docker 守护进程不再监听 unix 套接字.它只监听来自本地主机的 tcp 调用.
重启守护进程:

With this example, the Docker daemon no longer listen on the unix socket. It only listen on tcp call from localhost.
Restart the daemon :

$> sudo systemctl daemon-reload
$> sudo systemctl restart docker.service

配置客户端(仍在 VM 上)
重新启动守护程序后，您的 docker 客户端不再工作(因为您刚刚告诉客户端只侦听 tcp 连接).因此，如果你执行 docker image ls 它不应该响应.为了让您的客户端工作，您需要告诉它要连接到哪个服务器:

Configure the client (still on the VM)
After restarting the daemon, your docker client does not work anymore (as you've just told the client to only listen to tcp connection). Thus, if you do docker image ls it should not respond. In order for your client to work, you need to tell it which server to connect to :

$> export DOCKER_HOST="tcp://0.0.0.0:2375"

现在，您的客户端应该能够连接到守护程序(即:docker image ls 应该打印所有图像)

Now, your client should be able to connect to the daemon (i.e : docker image ls should print all the images)

这应该可以在您的 Ubuntu 服务器上正常工作.您只需要在 Windows 上应用相同的客户端配置.如果它在 Windows 上不起作用，则意味着有其他东西阻止了流量(可能是防火墙).

This should work fine on your Ubuntu server. You just need to apply the same client configuration on Windows. If it does not work on Windows, then it means something else is blocking the trafic (probably a firewall).

希望这会有所帮助.

这篇关于连接到远程 Docker 守护进程的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！