docker - 连接到远程 Docker 守护程序

Question

我已经在 VirtualBox VM 中安装了 VirtualBox 并安装了 Ubuntu 服务器版本。我的主机是 Windows 10。

我还在我的主机 Windows 框中安装了 Docker。我的意图是使用 Windows 中的 docker CLI 连接到 VM 内的 docker 守护进程(服务器)。

我已经在 Ubuntu VM 中进行了更改，它正在监听端口 2375。

tcp        0      0 127.0.0.1:2375          0.0.0.0:*                LISTEN 2305/dockerd

此外，我已将主机(Windows)中的环境变量 DOCKER_HOST 设置为 VM 机器 IP 和端口。

 set DOCKER_HOST=tcp://192.168.56.107:2375

我的 Windows 机器 IP 是 192.168.56.1 并且 ping 工作正常。

Pinging 192.168.56.107 with 32 bytes of data:
Reply from 192.168.56.107: bytes=32 time<1ms TTL=64
Reply from 192.168.56.107: bytes=32 time<1ms TTL=64

但是当我尝试从我的 Windows 机器连接时，它给出了以下错误:

error during connect: Get http://192.168.56.107:2375/v1.27/info: dial tcp 192.168.56.107:2375: connectex: No connection could be made because the target machine actively refused it.

请找到 docker info 输出:

controller@ubuntuserver:~$ docker info
Containers: 4
 Running: 0
 Paused: 0
 Stopped: 4
Images: 2
Server Version: 18.09.6
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: bb71b10fd8f58240ca47fbb579b9d1028eea7c84
runc version: 2b18fe1d885ee5083ef9f0838fee39b62d653e30
init version: fec3683
Security Options:
 apparmor
 seccomp
  Profile: default
Kernel Version: 4.15.0-50-generic
Operating System: Ubuntu 18.04.2 LTS
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 7.79GiB
Name: ubuntuserver
ID: AWDW:34ET:4J2J:2NWB:UPK7:EQHB:W64E:22AT:W6J4:BMRD:NDO6:CNR2
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine

WARNING: API is accessible on http://127.0.0.1:2375 without encryption.
         Access to the remote API is equivalent to root access on the host. Refer
         to the 'Docker daemon attack surface' section in the documentation for
         more information: https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface
WARNING: No swap limit support

 cat /lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
BindsTo=containerd.service
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket

[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0:2375 --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always

# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3

# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s

# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity

# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this option.
TasksMax=infinity

# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes

# kill only the docker process, not all processes in the cgroup
KillMode=process

[Install]
WantedBy=multi-user.target

你能帮我解决这个问题吗？

Answer 1

您需要在您的 ubuntu 服务器中配置 Docker 守护程序，以便它接受 tcp 连接。
默认情况下，Docker 监听 unix 套接字 /var/run/docker.sock .
要配置您的守护进程，您可以查看文档 here

逐步配置(在本例中，一切都在 Ubuntu VM 上完成):

配置守护进程
在 Ubuntu 上，默认情况下您使用的是 systemd。您需要编辑配置文件(通常位于 /lib/systemd/system/docker.service ):

[Service]
ExecStart=/usr/bin/dockerd --containerd=/run/containerd/containerd.sock -H tcp://0.0.0.0:2375

在这个例子中，Docker 守护进程不再监听 unix 套接字。它只监听来自 localhost 的 tcp 调用。
重启守护进程:

$> sudo systemctl daemon-reload
$> sudo systemctl restart docker.service

配置客户端(仍在虚拟机上)
重新启动守护程序后，您的 docker 客户端不再工作(因为您刚刚告诉客户端只监听 tcp 连接)。因此，如果你这样做 docker image ls它不应该响应。为了让您的客户端工作，您需要告诉它要连接到哪个服务器:

$> export DOCKER_HOST="tcp://0.0.0.0:2375"

现在，您的客户端应该能够连接到守护进程(即: docker image ls 应该打印所有图像)

这应该可以在您的 Ubuntu 服务器上正常工作。您只需在 Windows 上应用相同的客户端配置。如果它在 Windows 上不起作用，则意味着其他东西正在阻止流量(可能是防火墙)。

希望这可以帮助。