Docker
Contents
Manage VMs with docker-machine
Introduction
https://docs.docker.com/machine/overview/ Docker Machine is a tool that lets you install Docker Engine on virtual hosts, and manage the hosts with docker-machine commands. You can use Machine to create Docker hosts on your local Mac or Windows box, on your company network, in your data center, or on cloud providers like Azure, AWS, or Digital Ocean.
Using docker-machine commands, you can start, inspect, stop, and restart a managed host, upgrade the Docker client and daemon, and configure a Docker client to talk to your host.
When people say “Docker” they typically mean Docker Engine, the client-server application made up of the Docker daemon, a REST API that specifies interfaces for interacting with the daemon, and a command line interface (CLI) client that talks to the daemon (through the REST API wrapper). Docker Engine accepts docker commands from the CLI, such as docker run <image>, docker ps to list running containers, docker image ls to list images, and so on.
Docker Machine is a tool for provisioning and managing your Dockerized hosts (hosts with Docker Engine on them). Typically, you install Docker Machine on your local system. Docker Machine has its own command line client docker-machine and the Docker Engine client, docker. You can use Machine to install Docker Engine on one or more virtual systems. These virtual systems can be local (as when you use Machine to install and run Docker Engine in VirtualBox on Mac or Windows) or remote (as when you use Machine to provision Dockerized hosts on cloud providers). The Dockerized hosts themselves can be thought of, and are sometimes referred to as, managed “machines”.
Install software
First we have to install the docker-machine app itself:
base=https://github.com/docker/machine/releases/download/v0.14.0 && curl -L $base/docker-machine-$(uname -s)-$(uname -m) >/tmp/docker-machine && sudo install /tmp/docker-machine /usr/local/bin/docker-machine
Secondly we have to install the hypervisor driver for the docker-machine to be able to create, manage Virtual Machines running on the hypervisor. As we are going to use the KVM hypervisor, we have to install the "docker-machine-driver-kvm" driver:
# curl -Lo docker-machine-driver-kvm \ https://github.com/dhiltgen/docker-machine-kvm/releases/download/v0.7.0/docker-machine-driver-kvm \ && chmod +x docker-machine-driver-kvm \ && sudo mv docker-machine-driver-kvm /usr/local/bin
We suppose that KVM and the libvirt is already installed on the system.
Create machines
Create the KVM netwrok
Before a new machine can be created with the docker-machine command, the proper KVM virtual network must be created.
See How to create KVM networks for details.
Create machine
Machine can be created with the docker-machine create command. Most simple usage:
docker-machine create -d <hybervisor driver name> --<driver options> <machine name>
- -d: hypervisor driver. Default value: "virtalbox". For KVM use: "kvm".
- --kvm-network: The name of the kvm virtual (public) network that we would like to use. If this is not set, the new machine will be connected to the "default" KVM virtual network.
Note
Docker will always create a second, isolated virtual network (bridge), called "docker-machines", that all the VMs will be connected to regardless of the value of the --kvm-network paramter that controls only the name of the "public" network. It seems the the name of the isolated virtual network is hardcoded, and can't be changed.
# docker-machine create -d kvm --kvm-network "docker-network" manager Running pre-create checks... Creating machine... (manager) Copying /root/.docker/machine/cache/boot2docker.iso to /root/.docker/machine/machines/manager/boot2docker.iso... Waiting for machine to be running, this may take a few minutes... Detecting operating system of created instance... Waiting for SSH to be available... Detecting the provisioner... Provisioning with boot2docker... Copying certs to the local machine directory... Copying certs to the remote machine... Setting Docker configuration on the remote daemon... Checking connection to Docker... Docker is up and running! To see how to connect your Docker Client to the Docker Engine running on this virtual machine, run: docker-machine env manager
Tip
The machine is created under /USER_HOME/.docker/machine/machines/<machine_name> directory
If the new VM was created with virtualbox driver, the VirtualBox graphical interface must be started with the same user, that the VM was created with, and the VirtualBox will discover the new VM automatically
Check what was created
Interfaces on the host
# ifconfig
eno1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.105 netmask 255.255.255.0 broadcast 192.168.0.255
....
virbr1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.42.1 netmask 255.255.255.0 broadcast 192.168.42.255
...
virbrDocker: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.123.1 netmask 255.255.255.0 broadcast 192.168.123.255
inet6 2001:db8:ca2:2::1 prefixlen 64 scopeid 0x0<global>
...
On the host, upon the regular interfaces, we can see the two bridges for the two virtual networks:
- virbrDocker: That is the virtual network that we created in libvirt. This is connected to the host network with NAT. We assigned these IP addresses, when we defined the network.
- virbr1: That is the host-only virtual network that was created out-of-the-box. This one has no internet access.
Interface the new VM
You can log in to the newly created VM with the docker-machine ssh <machine_name> command On the newly created docker ready VM, four interfaces were created.
# docker-machine ssh manager
## .
## ## ## ==
## ## ## ## ## ===
/"""""""""""""""""\___/ ===
~~~ {~~ ~~~~ ~~~ ~~~~ ~~~ ~ / ===- ~~~
\______ o __/
\ \ __/
\____\_______/
_ _ ____ _ _
| |__ ___ ___ | |_|___ \ __| | ___ ___| | _____ _ __
| '_ \ / _ \ / _ \| __| __) / _` |/ _ \ / __| |/ / _ \ '__|
| |_) | (_) | (_) | |_ / __/ (_| | (_) | (__| < __/ |
|_.__/ \___/ \___/ \__|_____\__,_|\___/ \___|_|\_\___|_|
Boot2Docker version 18.05.0-ce, build HEAD : b5d6989 - Thu May 10 16:35:28 UTC 2018
Docker version 18.05.0-ce, build f150324
Check the interfaces of the new VM:
docker@manager:~$ ifconfig
docker0 inet addr:172.17.0.1 Bcast:172.17.255.255 Mask:255.255.0.0
...
eth0 inet addr:192.168.123.195 Bcast:192.168.123.255 Mask:255.255.255.0
...
eth1 inet addr:192.168.42.118 Bcast:192.168.42.255 Mask:255.255.255.0
- eth0:192.168.123.195 - Interface to the new virtual network (docker-network) created by us. this network is connected to the host network,so it has public internet access as well.
- eth1:192.168.42.118 - This connect to the dynamically created host-only virtual network. Just for VM-to-VM communication
- docker0:172.17.0.1 - This VM is ment to host docker container, so the docker daemon was already installed and started on it. Form docker point of view, this VM is also a (docker) host, and therefore the docker daemon created the default virtual bridge, that the containers will be connected to unless it is specified implicitly otherwise during container creation.
Inspect the new VM with the docker-machine inspect command
# docker-machine inspect manager
{
"ConfigVersion": 3,
"Driver": {
....
"CPU": 1,
"Network": "docker-network",
"PrivateNetwork": "docker-machines",
"ISO": "/root/.docker/machine/machines/manager/boot2docker.iso",
"...
},
"DriverName": "kvm",
"HostOptions": {
....
},
"SwarmOptions": {
"IsSwarm": false,
...
},
"AuthOptions": {
....
}
},
"Name": "manager"
}
Routing table
All the packages that ment to go to the docker VMs are routed to the bridges # route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface ... 192.168.42.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr1 <<<<this 192.168.123.0 0.0.0.0 255.255.255.0 U 0 0 0 virbrDocker <<<this
