背景
- 宿主机:Mac
- 容器:在Mac上安装的 CentOS8 容器,容器IP为 172.20.30.1
- 现象:进入容器中,可以Ping通宿主机Mac的IP,但在宿主机Mac上却无法Ping通容器的IP,提示信息如下:
1
2
3
4
|
✗ ping 172.20.30.1
PING 172.20.30.1 (172.20.30.1): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
|
解决方案
参考
我的
1、首先 Mac 端通过 brew 安装 docker-connector
保留重要信息如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
✗ brew install wenjunxiao/brew/docker-connector
...
==> Tapping wenjunxiao/brew
Cloning into '/opt/homebrew/Library/Taps/wenjunxiao/homebrew-brew'...
remote: Enumerating objects: 73, done.
remote: Counting objects: 100% (73/73), done.
remote: Compressing objects: 100% (49/49), done.
remote: Total 73 (delta 38), reused 44 (delta 17), pack-reused 0 (from 0)
Receiving objects: 100% (73/73), 11.35 KiB | 2.84 MiB/s, done.
Resolving deltas: 100% (38/38), done.
Tapped 2 formulae (16 files, 24.6KB).
==> Fetching wenjunxiao/brew/docker-connector
==> Downloading https://github.com/wenjunxiao/mac-docker-connector/releases/download/v3.1/docker-connector-darwin.tar.gz
==> Downloading from https://objects.githubusercontent.com/github-production-release-asset-2e65be/266031479/3f51cb4b-e37f-4f12-a4
########################################################################################################################## 100.0%
==> Installing docker-connector from wenjunxiao/brew
Warning: A newer Command Line Tools release is available.
Update them from Software Update in System Settings.
If that doesn't show you any updates, run:
sudo rm -rf /Library/Developer/CommandLineTools
sudo xcode-select --install
Alternatively, manually download them from:
https://developer.apple.com/download/all/.
You should download the Command Line Tools for Xcode 15.2.
==> Caveats
For the first time, you can add all the bridge networks of docker to the routing table by the following command:
docker network ls --filter driver=bridge --format "{{.ID}}" | xargs docker network inspect --format "route {{range .IPAM.Config}}{{.Subnet}}{{end}}" >> /opt/homebrew/etc/docker-connector.conf
Or add the route of network you want to access to following config file at any time:
/opt/homebrew/etc/docker-connector.conf
Route format is `route subnet`, such as:
route 172.17.0.0/16
The route modification will take effect immediately without restarting the service.
You can also expose you docker container to other by follow settings in /opt/homebrew/etc/docker-connector.conf:
expose 0.0.0.0:2512
route 172.17.0.0/16 expose
Let the two subnets access each other through iptables:
iptables 172.17.0.0+172.18.0.0
To start wenjunxiao/brew/docker-connector now and restart at login:
brew services start wenjunxiao/brew/docker-connector
Or, if you don't want/need a background service you can just run:
sudo /opt/homebrew/opt/docker-connector/bin/docker-connector -config /opt/homebrew/etc/docker-connector.conf
==> Summary
🍺 /opt/homebrew/Cellar/docker-connector/3.1: 6 files, 5.4MB, built in 1 second
==> Running `brew cleanup docker-connector`...
Disable this behaviour by setting HOMEBREW_NO_INSTALL_CLEANUP.
Hide these hints with HOMEBREW_NO_ENV_HINTS (see `man brew`).
==> `brew cleanup` has not been run in the last 30 days, running now...
Disable this behaviour by setting HOMEBREW_NO_INSTALL_CLEANUP.
...
|
或者
1
2
|
$ brew tap wenjunxiao/brew
$ brew install docker-connector
|
2、通过以下命令把所有Docker所有bridge子网放入配置文件,后续的增减可以参考后面的详细配置
1
|
✗ docker network ls --filter driver=bridge --format "{{.ID}}" | xargs docker network inspect --format "route {{range .IPAM.Config}}{{.Subnet}}{{end}}" >> "$(brew --prefix)/etc/docker-connector.conf"
|
执行完后查看 /opt/homebrew/etc/docker-connector.conf
文件,该文件在安装 wenjunxiao/brew/docker-connector
时的返回信息中提到,见最后三行,最后两行是我容器环境的IP网段。
1
2
3
|
route 172.17.0.0/16
route 172.20.30.0/24
route 172.20.40.0/24
|
3、启动Mac端的服务
1
2
3
4
5
6
7
8
9
10
11
|
✗ brew services start wenjunxiao/brew/docker-connector
==> Tapping homebrew/services
Cloning into '/opt/homebrew/Library/Taps/homebrew/homebrew-services'...
remote: Enumerating objects: 3487, done.
remote: Counting objects: 100% (633/633), done.
remote: Compressing objects: 100% (248/248), done.
remote: Total 3487 (delta 451), reused 477 (delta 381), pack-reused 2854 (from 1)
Receiving objects: 100% (3487/3487), 1019.83 KiB | 604.00 KiB/s, done.
Resolving deltas: 100% (1692/1692), done.
Tapped 2 commands (52 files, 1.2MB).
==> Successfully started `docker-connector` (label: homebrew.mxcl.docker-connector)
|
4、安装Docker端的容器mac-docker-connector
1
2
3
4
5
6
7
8
9
|
✗ docker pull wenjunxiao/mac-docker-connector
✗ docker run -it -d --restart always --net host --cap-add NET_ADMIN --name mac-connector wenjunxiao/mac-docker-connector
Unable to find image 'wenjunxiao/mac-docker-connector:latest' locally
latest: Pulling from wenjunxiao/mac-docker-connector
26d14edc4f17: Pull complete
8190e2a13d0f: Pull complete
Digest: sha256:3408a58f96d7dccf28df68f422ce215a4a21d5e8302aee2e8c23acc2feab4948
Status: Downloaded newer image for wenjunxiao/mac-docker-connector:latest
ef1d98ebf2a196e61333899fdeb628d12925c64eaa8bb821531a76312d8d8cd2
|
5、重新在宿主机上Ping容器IP
1
2
3
4
5
|
✗ ping 172.20.30.1
PING 172.20.30.1 (172.20.30.1): 56 data bytes
64 bytes from 172.20.30.1: icmp_seq=0 ttl=63 time=0.599 ms
64 bytes from 172.20.30.1: icmp_seq=1 ttl=63 time=1.210 ms
64 bytes from 172.20.30.1: icmp_seq=2 ttl=63 time=0.755 ms
|
说明
- 在这过程中也并非一帆风顺,安装
docker-connector
并非直接执行【2】的命令,而是手动配置的 /opt/homebrew/etc/docker-connector.conf
文件,内容为如下。然后继续后面的操作,结果还是不能成功Ping通。
1
2
3
4
5
6
7
8
9
10
|
# addr 192.168.251.1/24
# mtu 1400
# host 127.0.0.1
# port 2511
# route 172.17.0.0/16
# route 172.18.0.0/16
route 172.18.0.0/24
# iptables 172.17.0.0+172.18.0.0
# hosts /etc/hosts .local
# proxy 127.0.0.1:80:80
|
- 期间还有出现执行
brew services start wenjunxiao/brew/docker-connector
失败的情况,后面反复了几次终于不再出现错误信息。
- 另外还有在配置完后还有重启了宿主机的操作。
- 最后是看到参考 Github 后改用命令添加IP的方式才得以解决。
小结
- 需了解
Docker Desktop for Mac and Windows
为何没有提供从宿主的 macOS 或 Windows 通过容器IP访问容器的方式。