使用容器名称从主机访问 docker 容器 [英] Access docker container from host using containers name
问题描述
我正在开发一项服务,并在那里使用 docker compose 来旋转 postgres、redis、elasticsearch 等服务.我有一个基于 RubyOnRails 的 Web 应用程序,可以从所有这些服务中写入和读取.
I am developing a service and using there docker compose to spin services like postgres, redis, elasticsearch. I have a web application that is based on RubyOnRails and writes and reads from all those services.
这是我的docker-compose.yml
version: '2'
services:
redis:
image: redis:2.8
networks:
- frontapp
elasticsearch:
image: elasticsearch:2.2
networks:
- frontapp
postgres:
image: postgres:9.5
environment:
POSTGRES_USER: elephant
POSTGRES_PASSWORD: smarty_pants
POSTGRES_DB: elephant
volumes:
- /var/lib/postgresql/data
networks:
- frontapp
networks:
frontapp:
driver: bridge
我可以在这个网络中 ping 容器
And i can ping containers within this network
$ docker-compose run redis /bin/bash
root@777501e06c03:/data# ping postgres
PING postgres (172.20.0.2): 56 data bytes
64 bytes from 172.20.0.2: icmp_seq=0 ttl=64 time=0.346 ms
64 bytes from 172.20.0.2: icmp_seq=1 ttl=64 time=0.047 ms
...
到目前为止一切顺利.现在我想在我的主机上运行 ruby on rails 应用程序,但能够使用像 postgresql://username:password@postgres/database
这样的 url 访问 postgres 实例,目前这是不可能的
So far so good. Now I want to run ruby on rails application on my host machine but be able to access postgres instance with url like postgresql://username:password@postgres/database
currently that is not possible
$ ping postgres
ping: unknown host postgres
我可以在 docker 中看到我的网络
I can see my network in docker
$ docker network ls
NETWORK ID NAME DRIVER
ac394b85ce09 bridge bridge
0189d7e86b33 elephant_default bridge
7e00c70bde3b elephant_frontapp bridge
a648554a72fa host host
4ad9f0f41b36 none null
我可以看到它的界面
$ ifconfig
br-0189d7e86b33 Link encap:Ethernet HWaddr 02:42:76:72:bb:c2
inet addr:172.18.0.1 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:76ff:fe72:bbc2/64 Scope:Link
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:36 errors:0 dropped:0 overruns:0 frame:0
TX packets:60 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2000 (2.0 KB) TX bytes:8792 (8.7 KB)
br-7e00c70bde3b Link encap:Ethernet HWaddr 02:42:e7:d1:fe:29
inet addr:172.20.0.1 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:e7ff:fed1:fe29/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1584 errors:0 dropped:0 overruns:0 frame:0
TX packets:1597 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:407137 (407.1 KB) TX bytes:292299 (292.2 KB)
...
但我不知道接下来该怎么做.我尝试使用 /etc/resolv.conf
,主要使用 nameserver
指令,但没有效果.
But i am not sure what should I do next. I tried to play a bit with /etc/resolv.conf
, mainly with nameserver
directive, but that had no effect.
如果您能提供有关如何正确配置此设置的建议,我将不胜感激.
I would appreciate any help of suggestions how to configure this setup correctly.
更新
浏览互联网资源后,我设法为盒子分配了静态 IP 地址.现在我继续开发就够了.这是我当前的 docker-compose.yml
After browsing through Internet resources I managed to assign static IP addresses to boxes. For now it is enough for me to continue development. Here is my current docker-compose.yml
version: '2'
services:
redis:
image: redis:2.8
networks:
frontapp:
ipv4_address: 172.25.0.11
elasticsearch:
image: elasticsearch:2.2
networks:
frontapp:
ipv4_address: 172.25.0.12
postgres:
image: postgres:9.5
environment:
POSTGRES_USER: elephant
POSTGRES_PASSWORD: smarty_pants
POSTGRES_DB: elephant
volumes:
- /var/lib/postgresql/data
networks:
frontapp:
ipv4_address: 172.25.0.10
networks:
frontapp:
driver: bridge
ipam:
driver: default
config:
- subnet: 172.25.0.0/16
gateway: 172.25.0.1
推荐答案
我正在使用 bash 脚本来更新 /etc/hosts
.为什么是这个解决方案?
I'm using a bash script to update /etc/hosts
. Why this solution?
- 简短的脚本,易于审查(不想让一些未经审查的具有大量依赖项的应用程序访问 Docker 套接字(这意味着 root 访问权限))
- 它使用
docker events
在每次容器启动或停止时运行(此处发布的其他解决方案每秒运行一次,效率较低) - 更新
/etc/hosts
,不需要单独的DNS服务器. - 只有依赖项是
bash
、mktemp
、grep
、xargs
、sed
、jq
和docker
,我都已经安装好了.
- Short script, easy to review (didn't want to give some un-reviewed application with lots of dependencies access to the Docker socket (which means root access))
- It uses
docker events
to run every time a container is started or stopped (other solutions posted here run every second in a loop, which is way less efficient) - Updates
/etc/hosts
, no separate DNS server needed. - Only dependencies are
bash
,mktemp
,grep
,xargs
,sed
,jq
anddocker
, all of which I had already installed.
只需将脚本放在某处,例如/usr/local/bin/docker-update-hosts
:
Just put the script somewhere, e.g. /usr/local/bin/docker-update-hosts
:
#!/usr/bin/env bash
set -e -u -o pipefail
hosts_file=/etc/hosts
begin_block="# BEGIN DOCKER CONTAINERS"
end_block="# END DOCKER CONTAINERS"
if ! grep -Fxq "$begin_block" "$hosts_file"; then
echo -e "
${begin_block}
${end_block}
" >> "$hosts_file"
fi
(echo "| container start |" && docker events) |
while read event; do
if [[ "$event" == *" container start "* ]] || [[ "$event" == *" network disconnect "* ]]; then
hosts_file_tmp="$(mktemp)"
docker container ls -q | xargs -r docker container inspect |
jq -r '.[]|"(.NetworkSettings.Networks[].IPAddress|select(length > 0) // "# no ip address:") (.Name|sub("^/"; "")|sub("_1$"; ""))"' |
sed -ne "/^${begin_block}$/ {p; r /dev/stdin" -e ":a; n; /^${end_block}$/ {p; b}; ba}; p" "$hosts_file"
> "$hosts_file_tmp"
chmod 644 "$hosts_file_tmp"
mv "$hosts_file_tmp" "$hosts_file"
fi
done
注意:该脚本从容器名称中删除了 docker-compose 添加的 _1
后缀.如果您不想这样做,只需从脚本中删除 |sub("_1$"; "")
即可.
Note: The script removes the _1
suffix added by docker-compose from container names. If you don't want that just remove |sub("_1$"; "")
from the script.
您可以使用 systemd 服务与 Docker 同步运行:/etc/systemd/system/docker-update-hosts.service
:
You can use a systemd service to run this synchronously with Docker: /etc/systemd/system/docker-update-hosts.service
:
[Unit]
Description=Update Docker containers in /etc/hosts
Requires=docker.service
After=docker.service
PartOf=docker.service
[Service]
ExecStart=/usr/local/bin/docker-update-hosts
[Install]
WantedBy=docker.service
要激活,请运行:
systemctl daemon-reload
systemctl enable docker-update-hosts.service
systemctl start docker-update-hosts.service
这篇关于使用容器名称从主机访问 docker 容器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!