Proposal : Use NAT with the Virtualbox Driver to reach containers published port #2383
Comments
Very interesting proposal (and thank you very much for the level of detail, this use case is something we're adamant about supporting)... I've thought a lot about what to implement in these types of situations and I will follow up in more detail, but FWIW I wanted to point out that your SSH command is probably doable in one step with: $ docker-machine ssh default -f -N -D 5000 |
I had no idea about |
Hello, @nathanleclaire ! Thank you for taking time for a feedback. I'm on my way to implement this design proposal, but i'm a slow Go coder :) |
Just out of curiosity, why not start with adding a guide to the docs to explain how to set this up on Windows and on OSX and maybe modify FWIW, I don't really think we want to get Machine into the scope of actually managing the created SSH process though (forking and/or cleaning it up). That needs to be visible to the user somehow. |
Follow up: I tried to connect to Docker on |
Hello @nathanleclaire ! On the Docker part, I also tried and failed like you and fall on this issue : moby/moby#5989 (Tl;DR : docker client does not handle the socks proxy to reach the Engine, it seems). I'm likely to test on a modified docker client and let you know, or add a forwarding port for 2375 and 2376 for Docker it does not works :) |
If moby/moby#18373 or something like it were to get merged, I think we could build-in to |
@nathanleclaire WoW ! That is a cool work ! Thanks ! |
Just for info : started working with 2 flags :
My work is visible here : https://github.com/dduportal/machine (Diff master...dduportal:master ) I'll pull request when it will be functional, with tests and all lint/build passing :) |
Hi ! Just to let you know that i'm waiting for the integration of @nathanleclaire before going more inside :) |
@dduportal This looks super useful. Docker 1.11.0 is out now with SOCKS proxy support; any idea when this might become a PR? |
Also, it seems worth noting that this has drifted a bit from the original scope of the issue. For instance, this would be useful for other drivers than It might also be worth considering adding the Come to think of it... maybe that's what I should be doing over in #3319. Hmm. @nathanleclaire - thoughts on any of these things? While I was testing the ssh config work at #3319, I was just starting to run into the problem that the remote host doesn't actually seem to have the default docker port (or any I could find, other than ssh) open, so I was going to have to tunnel or use a SOCKS proxy anyway. With docker 1.11.0, I can accomplish that by setting Maybe that's what you meant by "we could use this for everything!" above. 😄 |
@dduportal, @nathanleclaire |
Hello ! Happy to see someone interested ! @brettdh , I'm happy to let you implement the idea ! (Since I'm not efficient at writing Go and don't have much time). Since Docker was going native, I was letting this down, but yeah, in fact this can be pretty useful for remote machines, even outside virtualbox ! Anyway, before closing my issue, I just want to see what @nathanleclaire and @dgageot want to do about splitting, to have atomics implementations (even if they both depend on another): Another think to know (and understand) to provide a good end-user experience:
|
Hi, I see this issue has not received much love lately. IMHO the work needed to make docker-machine manage the ssh client process which need to keep the proxy up is not trivial and hard to do within virtualbox driver boundaries. |
FWIW I am closing this proposal, since I no longer have this use case. |
@aitorpazos Did you ever create a PR for this? I would like to get |
@sebinsua docker-machine SSH into the VirtualBox VM through a VirtualBox NAT that requires no 'Host Only' interface. aitorpazos@048b71a allows the docker daemon on the VM to use the same mechanism, so the 'Host Only' interface is not used (it is still required to access exposed ports though). Didn't create a PR, as I'll need to put extra work to make it PR'able but I will soon as it seems that it will be useful not just for myself. |
Hi all, maintainers and users !
My use case seems quite specific at first. But after discussing with a lot of people at the DockerCon EU 2015, i'm not alone here.
After discussing with @ehazlett and @dgageot, here is the resume idea and a design proposal to address global virtualbox stability and usage.
Do not hesitate to comment, discuss, etc, it's a first "idea shot" !
WHY ? (aka. the "specific" problem)
Running Docker on my company laptops is quite a challenge :
WHAT ?
Some thought around Virtualbox
Virtualbox is a quite good default solution :
But it has some downsides (life happens !) :
What is the problem ?
I want to address here the newtork part.
Host-only is used as default mode and help to ease the docker usage :
But it's somehow very host-intrusive (rights to create a network interface) and quite unstable since monthes at each Virtualbox releases.
On the other side, NAT mode of virtualbox is quite robust and portable.But:
=> So : How to enable NAT to enable more stability using Virtualbox without sacrificing docker usability ?
How ?
The proposal
Idea is to use a SOCKS proxy on the host level to contact containers and not having trouble understanding basic ports system.
Socks is :
Today, running Docker machine require :
Proposed lifecyle would be :
Some think i'm not sure of (or should be known) :
--use-socks-overnat
or something like thatProof of concept
This PoC is run with the freshly installed docker-toolbox 1.9.1 on a Mac OS El Capitan 10.11 host.
I need to try on my Win7 laptop (but it was with legacy Vagrant boxes so... shoud be OK, i'll comment later)
channel 4: open failed: administratively prohibited: open failed
messages :So here is the basic idea, I want to hear more advises before trying to implement this.
What do you think ?
The text was updated successfully, but these errors were encountered: