I have setup a docker-machine with 3 docker containers on my mac (server). Now I have setup third network-adapter in bridged mode, on my virtualbox instance. I can access my docker instances in the internal network now, without problems.
If also setup a port forwarding on my router, but I can't reach my docker instances from there any ideas?
This is how the structure looks like:
Internet --> Router (External-IP:80 -> Docker-Host-IP:80) -> Mac -> Virutalbox -> Docker Webserver
Related
I have a server VLAN of 10.101.10.0/24 and my Docker host is 10.101.10.31. How do I configure a bridge network on my Docker host (VM) so that all the containers can connect directly to my LAN network without having to redirect ports around on the default 172.17.0.0/16? I tried searching but all the howtos I've found so far have resulted in losing SSH session which I had to go into the VM from a console to revert the steps I did.
There's multiple ways this can be done. The two I've had most success with are routing a subnet to a docker bridge and using a custom bridge on the host LAN.
Docker Bridge, Routed Network
This has the benefit of only needing native docker tools to configure docker. It has the down side of needing to add a route to your network, which is outside of dockers remit and usually manual (or relies on the "networking team").
Enable IP forwarding
/etc/sysctl.conf: net.ipv4.ip_forward = 1
sysctl -p /etc/sysctl.conf
Create a docker bridge with new subnet on your VM network, say 10.101.11.0/24
docker network create routed0 --subnet 10.101.11.0/24
Tell the rest of the network that 10.101.11.0/24 should be routed via 10.101.10.X where X is IP of your docker host. This is the external router/gateway/"network guy" config. On a linux gateway you could add a route with:
ip route add 10.101.11.0/24 via 10.101.10.31
Create containers on the bridge with 10.101.11.0/24 addresses.
docker run --net routed0 busybox ping 10.101.10.31
docker run --net routed0 busybox ping 8.8.8.8
Then your done. Containers have routable IP addresses.
If you're ok with the network side, or run something like RIP/OSPF on the network or Calico that takes care of routing then this is the cleanest solution.
Custom Bridge, Existing Network (and interface)
This has the benefit of not requiring any external network setup. The downside is the setup on the docker host is more complex. The main interface requires this bridge at boot time so it's not a native docker network setup. Pipework or manual container setup is required.
Using a VM can make this a little more complicated as you are running extra interfaces with extra MAC addresses over the main VM's interface which will need additional "Promiscuous" config first to allow this to work.
The permanent network config for bridged interfaces varies by distro. The following commands outline how to set the interface up and will disappear after reboot. You are going to need console access or a seperate route into your VM as you are changing the main network interface config.
Create a bridge on the host.
ip link add name shared0 type bridge
ip link set shared0 up
In /etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=shared0
TYPE=Bridge
BOOTPROTO=static
DNS1=8.8.8.8
GATEWAY=10.101.10.1
IPADDR=10.101.10.31
NETMASK=255.255.255.0
ONBOOT=yes
Attach the primary interface to the bridge, usually eth0
ip link set eth0 up
ip link set eth0 master shared0
In /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
TYPE=Ethernet
IPV6INIT=no
USERCTL=no
BRIDGE=shared0
Reconfigure your bridge to have eth0's ip config.
ip addr add dev shared0 10.101.10.31/24
ip route add default via 10.101.10.1
Attach containers to bridge with 10.101.10.0/24 addresses.
CONTAINERID=$(docker run -d --net=none busybox sleep 600)
pipework shared1 $CONTAINERID 10.101.10.43/24#10.101.10.Y
Or use a DHCP client inside the container
pipework shared1 $CONTAINERID dhclient
Docker macvlan network
Docker has since added a network driver called macvlan that can make a container appear to be directly connected to the physical network the host is on. The container is attached to a parent interface on the host.
docker network create -d macvlan \
--subnet=10.101.10.0/24 \
--gateway=10.101.10.1 \
-o parent=eth0 pub_net
This will suffer from the same VM/softswitch problems where the network and interface will need be promiscuous with regard mac addresses.
I am running proxmox 4 with around 10 KVM and 14LXC.
I can configure ips and network from web GUI for LXC container.
I want to configure the Network interface For KVM without accessing the VM.
Is is possible to configure Network interface without accessing the VM.
As far as I know you can't configure the IP address in proxmox for a KVM vm (only for the lxc container you can define the ip address). For a KVM vm you can configure if the network connection is in Bridged mode or NAT.
For LXC containers you can use the pct command to set network for the container. More info about that on the Proxmox WIKI (scroll down to the Network section) - https://pve.proxmox.com/wiki/Linux_Container
What you could do for KVM would be to use a local DHCP server (you can install one on your proxmox if you want (apt-get install isc-dhcp-server). You have to define an ip address pool that will be assigned to your vms by the dhcp server.
Then configure the kvm machine using: qm command
qm set vmid options
From a man qm you discover this:
-net[n] [model=]<enum> [,bridge=<bridge>] [,firewall=<1|0>] [,link_down=<1|0>] [,macaddr=<XX:XX:XX:XX:XX:XX>] [,queues=<integer>]
[,rate=<number>] [,tag=<integer>] [,trunks=<vlanid[;vlanid...]>] [,<model>=<macaddr>]
So basically you can define the network for your kvm vm, say if it's bridged, set a specific mac address for that card.
If you want to add a specific ip to that vm you can do it based on its mac address (you have to configure in the dhcp server that a specific ip address is assigned to the desired mac address).
I'm new to Docker (have been working with KVM earlier). The first problem I ran in to was how to configure a bridged network in Docker. I would to have a similiar configuration as a KVM bridged network. Does anyone know if this is possible?
docker run --network=host
But if what you want is to access your container from outside use the port mapping option.
docker run -p 80:80
You will access your container using the host ip and the port you specified.
Docker internally in linux use iptables to redirect the traffic from your host to the container.
Regards
I have two servers on the same LAN. Their IP addresses are 10.0.0.1 (Server A) and 10.0.0.2 (Server B).
The MySQL server runs on Server B.
The docker container runs on Server A. It's IP address is 172.17.0.2, and the eth0 of the host is 172.17.0.1.
My question is, how to connect to Server B in the docker container inside Server A?
Thanks.
Something very easy to setup is the new Docker swarm mode (if you have Docker 1.12.2) https://docs.docker.com/engine/swarm/
With this all you have to do is connect your two servers by following the doc. You can then create an overlay network. Then to create your containers you will have to use the command docker service create instead of docker run.
You may also want to use some constraints to specify where the services should run.
Being new to Docker and VM's, I have run into a blocker. I have a node app that needs to send a POST request from a Docker container to a Virtual Machine or to my local machine.
I have read through the Docker documentation, but still don't understand what I need to do in order to accomplish this.
So how can I send an http request from my node app running in a Docker Container to my Vagrant Box?
By default, Docker creates a virtual interface (docker0) in your host machine with IP 172.17.42.1. Each of the container launched will have an IP of the network 172.17.42.1/16, and they will be able to connect to host machine connecting to IP 172.17.42.1.
If you want to connect a docker container with another service running in a virtual machine running with other provider (e.g.: virtualbox, vmware), the easiest way is forwarding the ports needed by the service to you host machine and then, from your docker container, connecting to IP 172.17.42.1. You should check your virtual machine provider documentation to see details about this. And if you are using libvirt/KVM (or with any other provider), you can use iptables to enable port forwarding.