www.icesr.com
IT运维工程师的摇篮

Docker绑定Remote API端口

Docker官方提供了Go、Python两种不同的SDK和HTTP形式的API,不熟悉Go语言,尝试了一下Python的SDK。Docker官方的Python SDK是针对2.x版本的,就直接在CentOS的Python2.7.5上进行了测试,可是却出现了错误:

<code><span class="hljs-preprocessor"># python</span>
Python <span class="hljs-number">2.7</span><span class="hljs-number">.5</span> (<span class="hljs-keyword">default</span>, Aug  <span class="hljs-number">4</span> <span class="hljs-number">2017</span>, <span class="hljs-number">00</span>:<span class="hljs-number">39</span>:<span class="hljs-number">18</span>) 
[GCC <span class="hljs-number">4.8</span><span class="hljs-number">.5</span> <span class="hljs-number">20150623</span> (Red Hat <span class="hljs-number">4.8</span><span class="hljs-number">.5</span>-<span class="hljs-number">16</span>)] <span class="hljs-keyword">on</span> linux2
Type <span class="hljs-string">"help"</span>, <span class="hljs-string">"copyright"</span>, <span class="hljs-string">"credits"</span> <span class="hljs-keyword">or</span> <span class="hljs-string">"license"</span> <span class="hljs-keyword">for</span> more information.
&gt;&gt;&gt; import docker
/usr/<span class="hljs-keyword">lib</span>/python2<span class="hljs-number">.7</span>/site-packages/requests/__init__.py:<span class="hljs-number">80</span>: RequestsDependencyWarning: urllib3 (<span class="hljs-number">1.22</span>) <span class="hljs-keyword">or</span> chardet (<span class="hljs-number">2.2</span><span class="hljs-number">.1</span>) doesn<span class="hljs-comment">'t match a supported version!</span>
  RequestsDependencyWarning)
&gt;&gt;&gt;</code>

第一条import竟然就出现了问题,考虑了项目的实际场景,决定暂时方式研究python API,改向HTTP API。

按照官网文档的说明,直接运行:

<code><span class="hljs-comment"># curl --unix-socket /var/run/docker.sock http:/v1.35/containers/json?all=true</span>
[{<span class="hljs-string">"Id"</span><span class="hljs-symbol">:<span class="hljs-string">"af08e69d49be5db6caaf24e1509b69e07baea24f6ac7633b74e76bb3e88aa981"</span></span>,<span class="hljs-string">"Names"</span><span class="hljs-symbol">:</span>[<span class="hljs-string">"/boring_booth"</span>],<span class="hljs-string">"Image"</span><span class="hljs-symbol">:<span class="hljs-string">"demo:latest"</span></span>,<span class="hljs-string">"ImageID"</span><span class="hljs-symbol">:<span class="hljs-string">"sha256:a432acdcjkb22ac42819b9dd53b87930e9016b64eb0a63707f9698e1d90e8a6a"</span></span>,<span class="hljs-string">"Command"</span><span class="hljs-symbol">:<span class="hljs-string">"/bin/bash"</span></span>,<span class="hljs-string">"Created"</span><span class="hljs-symbol">:</span><span class="hljs-number">1515726419</span>,<span class="hljs-string">"Ports"</span><span class="hljs-symbol">:[]</span>,<span class="hljs-string">"Labels"</span><span class="hljs-symbol">:</span>{<span class="hljs-string">"build-date"</span><span class="hljs-symbol">:<span class="hljs-string">"20171128"</span></span>,<span class="hljs-string">"license"</span><span class="hljs-symbol">:<span class="hljs-string">"GPLv2"</span></span>,<span class="hljs-string">"name"</span><span class="hljs-symbol">:<span class="hljs-string">"CentOS Base Image"</span></span>,<span class="hljs-string">"vendor"</span><span class="hljs-symbol">:<span class="hljs-string">"CentOS"</span></span>},<span class="hljs-string">"State"</span><span class="hljs-symbol">:<span class="hljs-string">"exited"</span></span>,<span class="hljs-string">"Status"</span><span class="hljs-symbol">:<span class="hljs-string">"Exited (0) 17 seconds ago"</span></span>,<span class="hljs-string">"HostConfig"</span><span class="hljs-symbol">:</span>{<span class="hljs-string">"NetworkMode"</span><span class="hljs-symbol">:<span class="hljs-string">"default"</span></span>},<span class="hljs-string">"NetworkSettings"</span><span class="hljs-symbol">:</span>{<span class="hljs-string">"Networks"</span><span class="hljs-symbol">:</span>{<span class="hljs-string">"bridge"</span><span class="hljs-symbol">:</span>{<span class="hljs-string">"IPAMConfig"</span><span class="hljs-symbol">:null</span>,<span class="hljs-string">"Links"</span><span class="hljs-symbol">:null</span>,<span class="hljs-string">"Aliases"</span><span class="hljs-symbol">:null</span>,<span class="hljs-string">"NetworkID"</span><span class="hljs-symbol">:<span class="hljs-string">"3125372fde203e6916bc96502ef5951670cbc558e4e0069cc51f8f05dc19a45f"</span></span>,<span class="hljs-string">"EndpointID"</span><span class="hljs-symbol">:<span class="hljs-string">""</span></span>,<span class="hljs-string">"Gateway"</span><span class="hljs-symbol">:<span class="hljs-string">""</span></span>,<span class="hljs-string">"IPAddress"</span><span class="hljs-symbol">:<span class="hljs-string">""</span></span>,<span class="hljs-string">"IPPrefixLen"</span><span class="hljs-symbol">:</span><span class="hljs-number">0</span>,<span class="hljs-string">"IPv6Gateway"</span><span class="hljs-symbol">:<span class="hljs-string">""</span></span>,<span class="hljs-string">"GlobalIPv6Address"</span><span class="hljs-symbol">:<span class="hljs-string">""</span></span>,<span class="hljs-string">"GlobalIPv6PrefixLen"</span><span class="hljs-symbol">:</span><span class="hljs-number">0</span>,<span class="hljs-string">"MacAddress"</span><span class="hljs-symbol">:<span class="hljs-string">""</span></span>,<span class="hljs-string">"DriverOpts"</span><span class="hljs-symbol">:null</span>}}},<span class="hljs-string">"Mounts"</span><span class="hljs-symbol">:[]</span>}]</code>

很显然上面的命令形式,并不适合在远程使用HTTP调用,要想在远程使用,就需要暴露管理端口。修改/etc/docker/daemon.json(如果该文件不存在,就新建一个),增加hosts配置:

<code>{
   "<span class="hljs-attribute">hosts</span>": <span class="hljs-value">[<span class="hljs-string">"unix:///var/run/docker.sock"</span>, <span class="hljs-string">"0.0.0.0:4789"</span>]
</span>}</code>

后面就指定了可以在主机任意IP上访问Docker的API,建议这里改为固定值,可以减少暴露,降低风险。然后重新启动docker服务。

<code><span class="hljs-preprocessor"># systemctl daemon-reload</span>
<span class="hljs-preprocessor"># systemctl restart docker</span>
<span class="hljs-preprocessor"># systemctl -l status docker</span>
● docker<span class="hljs-preprocessor">.service</span> - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker<span class="hljs-preprocessor">.service</span><span class="hljs-comment">; enabled; vendor preset: disabled)</span>
   Active: active (running) since Fri <span class="hljs-number">2018</span>-<span class="hljs-number">01</span>-<span class="hljs-number">12</span> <span class="hljs-number">14</span>:<span class="hljs-number">22</span>:<span class="hljs-number">13</span> CST<span class="hljs-comment">; 6s ago</span>
     Docs: https://docs<span class="hljs-preprocessor">.docker</span><span class="hljs-preprocessor">.com</span>
 Main PID: <span class="hljs-number">21991</span> (dockerd)
   Memory: <span class="hljs-number">28.6</span>M
   CGroup: /system<span class="hljs-preprocessor">.slice</span>/docker<span class="hljs-preprocessor">.service</span>
           ├─<span class="hljs-number">21991</span> /usr/bin/dockerd
           └─<span class="hljs-number">21998</span> docker-containerd --config /var/run/docker/containerd/containerd<span class="hljs-preprocessor">.toml</span>

......
Jan <span class="hljs-number">12</span> <span class="hljs-number">14</span>:<span class="hljs-number">22</span>:<span class="hljs-number">13</span> plouto-docker-host-<span class="hljs-number">01</span> systemd[<span class="hljs-number">1</span>]: Started Docker Application Container Engine.
Jan <span class="hljs-number">12</span> <span class="hljs-number">14</span>:<span class="hljs-number">22</span>:<span class="hljs-number">13</span> plouto-docker-host-<span class="hljs-number">01</span> dockerd[<span class="hljs-number">21991</span>]: time=<span class="hljs-string">"2018-01-12T14:22:13.397856641+08:00"</span> level=info msg=<span class="hljs-string">"API listen on 0.0.0.0:4789"</span>
Jan <span class="hljs-number">12</span> <span class="hljs-number">14</span>:<span class="hljs-number">22</span>:<span class="hljs-number">13</span> plouto-docker-host-<span class="hljs-number">01</span> dockerd[<span class="hljs-number">21991</span>]: time=<span class="hljs-string">"2018-01-12T14:22:13.397938735+08:00"</span> level=info msg=<span class="hljs-string">"API listen on /var/run/docker/sock"</span></code>

从上面可以看出已经绑定了4789端口,下面换台可以访问该主机的另一台主机测试下:

<code><span class="hljs-comment"># curl http://192.168.1.21:4789/containers/json?all=true</span>
[{<span class="hljs-string">"Id"</span><span class="hljs-symbol">:<span class="hljs-string">"af08e69d49be5db6caaf24e1509b69e07baea24f6ac7633b74e76bb3e88aa981"</span></span>,<span class="hljs-string">"Names"</span><span class="hljs-symbol">:</span>[<span class="hljs-string">"/boring_booth"</span>],<span class="hljs-string">"Image"</span><span class="hljs-symbol">:<span class="hljs-string">"demo:latest"</span></span>,<span class="hljs-string">"ImageID"</span><span class="hljs-symbol">:<span class="hljs-string">"sha256:a432acdcjkb22ac42819b9dd53b87930e9016b64eb0a63707f9698e1d90e8a6a"</span></span>,<span class="hljs-string">"Command"</span><span class="hljs-symbol">:<span class="hljs-string">"/bin/bash"</span></span>,<span class="hljs-string">"Created"</span><span class="hljs-symbol">:</span><span class="hljs-number">1515726419</span>,<span class="hljs-string">"Ports"</span><span class="hljs-symbol">:[]</span>,<span class="hljs-string">"Labels"</span><span class="hljs-symbol">:</span>{<span class="hljs-string">"build-date"</span><span class="hljs-symbol">:<span class="hljs-string">"20171128"</span></span>,<span class="hljs-string">"license"</span><span class="hljs-symbol">:<span class="hljs-string">"GPLv2"</span></span>,<span class="hljs-string">"name"</span><span class="hljs-symbol">:<span class="hljs-string">"CentOS Base Image"</span></span>,<span class="hljs-string">"vendor"</span><span class="hljs-symbol">:<span class="hljs-string">"CentOS"</span></span>},<span class="hljs-string">"State"</span><span class="hljs-symbol">:<span class="hljs-string">"exited"</span></span>,<span class="hljs-string">"Status"</span><span class="hljs-symbol">:<span class="hljs-string">"Exited (0) 17 seconds ago"</span></span>,<span class="hljs-string">"HostConfig"</span><span class="hljs-symbol">:</span>{<span class="hljs-string">"NetworkMode"</span><span class="hljs-symbol">:<span class="hljs-string">"default"</span></span>},<span class="hljs-string">"NetworkSettings"</span><span class="hljs-symbol">:</span>{<span class="hljs-string">"Networks"</span><span class="hljs-symbol">:</span>{<span class="hljs-string">"bridge"</span><span class="hljs-symbol">:</span>{<span class="hljs-string">"IPAMConfig"</span><span class="hljs-symbol">:null</span>,<span class="hljs-string">"Links"</span><span class="hljs-symbol">:null</span>,<span class="hljs-string">"Aliases"</span><span class="hljs-symbol">:null</span>,<span class="hljs-string">"NetworkID"</span><span class="hljs-symbol">:<span class="hljs-string">"3125372fde203e6916bc96502ef5951670cbc558e4e0069cc51f8f05dc19a45f"</span></span>,<span class="hljs-string">"EndpointID"</span><span class="hljs-symbol">:<span class="hljs-string">""</span></span>,<span class="hljs-string">"Gateway"</span><span class="hljs-symbol">:<span class="hljs-string">""</span></span>,<span class="hljs-string">"IPAddress"</span><span class="hljs-symbol">:<span class="hljs-string">""</span></span>,<span class="hljs-string">"IPPrefixLen"</span><span class="hljs-symbol">:</span><span class="hljs-number">0</span>,<span class="hljs-string">"IPv6Gateway"</span><span class="hljs-symbol">:<span class="hljs-string">""</span></span>,<span class="hljs-string">"GlobalIPv6Address"</span><span class="hljs-symbol">:<span class="hljs-string">""</span></span>,<span class="hljs-string">"GlobalIPv6PrefixLen"</span><span class="hljs-symbol">:</span><span class="hljs-number">0</span>,<span class="hljs-string">"MacAddress"</span><span class="hljs-symbol">:<span class="hljs-string">""</span></span>,<span class="hljs-string">"DriverOpts"</span><span class="hljs-symbol">:null</span>}}},<span class="hljs-string">"Mounts"</span><span class="hljs-symbol">:[]</span>}]</code>

未经允许不得转载:冰点网络 » Docker绑定Remote API端口

分享到:更多 ()

评论 抢沙发

评论前必须登录!