如何从运行 Docker Toolbox(docker 机器)的 Windows 启用 Docker API 访问 [英] How to enable Docker API access from Windows running Docker Toolbox (docker machine)
问题描述
我正在运行最新的 Docker Toolbox,使用最新的 Oracle VirtualBox,并使用 Windows 7 作为主机操作系统.
我正在尝试启用对 Docker 远程 API 的非 TLS 访问,因此我可以使用在 Windows 上运行的 Postman REST 客户端并在 VirtualBox 的 docker-machine 上运行 docker API.我发现如果 Docker 配置包含 -H tcp://0.0.0.0:2375
,那么可以在 docker 机器的端口 2375 上公开 API,但对于我来说,我可以'找不到此配置的存储位置并且可以更改.
我从 Toolbox CLI 执行了 docker-machine ssh
,然后去查看 /etc/init.d/docker
文件,但没有更改文件存活 docker-machine restart
.
我能够在 Ubuntu 和 OSX 上找到这个问题的答案,但在 Windows 上却找不到.
@CarlosRafaelRamirez 提到了正确的地方,但我会添加一些细节并提供更详细的分步说明,因为 Windows 开发人员通常不流畅在 Linux 生态系统中.
免责声明:以下步骤可以从 Windows 主机访问 Docker Remote API,但请记住两点:
- 这不应该在生产环境中完成,因为这会使 Docker 机器非常不安全.
- 当前解决方案禁用了大部分
docker-machine
和所有docker
CLI 功能.docker-machine ssh
仍然可以运行,强制一个人通过 SSH 进入 docker 机器以访问docker
命令.
解决方案现在,这里是将 Docker API 切换到非 TLS 端口所需的步骤.(Docker 机器名称假定为默认".如果您的机器名称有不同的名称,则需要在下面的命令中指定它.)
- 启动Docker 快速入门终端".它启动 Bash shell,是运行以下所有命令的地方.运行
docker-machine ip
命令并记下 docker 主机的 IP 地址.然后做 docker-machine ssh
cd/var/lib/boot2docker
sudo vi profile
这会在提升权限模式下启动vi"编辑器,以编辑 Docker 主机设置所在的profile"文件.(如果你是 Windows 用户对 vi 不熟悉,这里是关于它的超级基础速成课程.在 vi 中打开文件时,vi 不处于编辑模式.按i"进入编辑模式.现在你可以进行更改.完成所有更改后,按Esc
然后按ZZ
保存更改并退出 vi.如果您需要退出 vi 而不保存更改,请在之后Esc
请输入:q!
回车.:"开启vi的命令模式,q!"命令表示不保存退出.详细的vi命令信息为这里.)- 使用 vi,将 DOCKER_HOST 更改为
DOCKER_HOST='-H tcp://0.0.0.0:2375'
,并设置DOCKER_TLS=no
.如上所述保存更改. exit
退出 SSH 会话.docker-machine 重启
doocker 机器重启后,您应该能够访问 docker API URL,例如 http://dokerMachineIp:2375/containers/json?all=1
,并返回有效的 JSON.
这是实现主要目标所需步骤的结束.
但是,如果此时您尝试运行 docker-machine config
或 docker images
,您将看到一条错误消息,指示 docker CLI 客户端正在尝试获取通过旧的端口/TLS 设置到 Docker,这是可以理解的.但我没想到的是,即使我遵循了所有 入门方向,然后运行 export DOCKER_HOST=tcp://192.168.99.101:2375
和 export DOCKER_TLS_VERIFY=0
,结果
$ 环境 |grep 码头工人DOCKER_HOST=tcp://192.168.99.101:2375DOCKER_MACHINE_NAME=默认DOCKER_TLS_VERIFY=0DOCKER_TOOLBOX_INSTALL_PATH=C:Program FilesDocker 工具箱DOCKER_CERT_PATH=C:UsersUSERNAME.dockermachinemachinesdefault
结果是一样的:
$ docker-machine 环境
<块引用>
检查 TLS 连接时出错:检查和/或重新生成证书时出错:验证主机证书时出错192.168.99.101:2376"
如果您发现我如何更改环境变量以将 Docker CLI 指向新的 Docker 主机地址有问题,请发表评论.
要解决此问题,请使用 docker-machine ssh
命令并在此之后运行 docker
命令.
I am running the latest Docker Toolbox, using latest Oracle VirtualBox, with Windows 7 as a host OS.
I am trying to enable non-TLS access to Docker remote API, so I could use Postman REST client running on Windows and hit docker API running on docker-machine in the VirtualBox. I found that if Docker configuration included -H tcp://0.0.0.0:2375
, that would do the trick exposing the API on port 2375 of the docker machine, but for the life of me I can't find where this configuration is stored and can be changed.
I did docker-machine ssh
from the Toolbox CLI, and then went and pocked around the /etc/init.d/docker
file, but no changes to the file survive docker-machine restart
.
I was able to find answer to this question for Ubuntu and OSX, but not for Windows.
@CarlosRafaelRamirez mentioned the right place, but I will add a few details and provide more detailed, step-by-step instructions, because Windows devs are often not fluent in Linux ecosystem.
Disclaimer: following steps make it possible to hit Docker Remote API from Windows host, but please keep in mind two things:
- This should not be done in production as it makes Docker machine very not secure.
- Current solution disables most of the
docker-machine
and alldocker
CLI functionality.docker-machine ssh
remains operational, forcing one to SSH into docker machine to accessdocker
commands.
Solution Now, here are the steps necessary to switch Docker API to non-TLS port. (Docker machine name is assumed to be "default". If your machine name has a different name, you will need to specify it in the commands below.)
- Start "Docker Quickstart Terminal". It starts Bash shell and is the place where all following commands will be run. Run
docker-machine ip
command and note the IP address of the docker host machine. Then do docker-machine ssh
cd /var/lib/boot2docker
sudo vi profile
This starts "vi" editor in elevated privileges mode required for editing "profile" file, where Docker host settings are. (If as a Windows user you are not familiar with vi, here's is super-basic crash course on it. When file is open in the vi, vi is not in editing mode. Press "i" to start edit mode. Now you can make changes. After you made all the changes, hitEsc
and thenZZ
to save changes and exit vi. If you need to exit vi without saving changes, afterEsc
please type:q!
and hit Enter. ":" turns on vi's command mode, and "q!" command means exit without saving. Detailed vi command info is here.)- Using vi, change DOCKER_HOST to be
DOCKER_HOST='-H tcp://0.0.0.0:2375'
, and setDOCKER_TLS=no
. Save changes as described above. exit
to leave SSH session.docker-machine restart
After doocker machine has restarted, your sould be able to hit docker API URL, like http://dokerMachineIp:2375/containers/json?all=1
, and get valid JSON back.
This is the end of steps required to achieve the main goal.
However, if at this point you try to run docker-machine config
or docker images
, you will see an error message indicating that docker CLI client is trying to get to the Docker through the old port/TLS settings, which is understandable. What was not expected to me though, is that even after I followed all the Getting Started directions, and ran export DOCKER_HOST=tcp://192.168.99.101:2375
and export DOCKER_TLS_VERIFY=0
, resulting in
$ env | grep DOCKER
DOCKER_HOST=tcp://192.168.99.101:2375
DOCKER_MACHINE_NAME=default
DOCKER_TLS_VERIFY=0
DOCKER_TOOLBOX_INSTALL_PATH=C:Program FilesDocker Toolbox
DOCKER_CERT_PATH=C:UsersUSERNAME.dockermachinemachinesdefault
the result was the same:
$ docker-machine env
Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "192.168.99.101:2376"
If you see a problem with how I changed environment variables to point Docker CLI to the new Docker host address, please comment.
To work around this problem, use docker-machine ssh
command and run your docker
commands after that.
这篇关于如何从运行 Docker Toolbox(docker 机器)的 Windows 启用 Docker API 访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!