mal / docker-for-mac-host-bridge Goto Github PK

Host-accessible containers with Docker for Mac

Shell 100.00%

docker-for-mac-host-bridge's Introduction

This project is no longer maintained as my team have moved away from developing on MacOS. A more active project with similar aims may be found here. For those that prefer the approach taken by this project, there are several forks that may offer some support for newer versions of Docker and can be found via the network and forks pages of this repo.

Docker for Mac - Host Bridge

As of the time of writing Docker for Mac can't access containers via IP from the host. Let's fix that.

It's worth remembering that this appears to be a commonly requested feature, so it might be worth checking to see if it's been fixed in recent versions.

Docker Version	Host Bridge Version	Fully Tested
`17.03.1-ce, build c6d412e`	`>= 1.0.0`	✔️
`17.04.0-ce-rc2, build 2f35d73`	`>= 1.1.0`	✔️
`17.05 *`	`>= 1.1.0`	✔️
`17.06 *`	`>= 1.1.0`	✔️
`17.09.0-ce-mac33 (19543)`	`>= 1.1.0`	✔️
`18.03.0-ce-rc1, build c160c73`	`>= 1.2.0`	✔️

Approach

Add an additional network interface (provided by tuntap OSX) to moby (the VM containing the Linux kernel and Docker daemon) that's also accessible to the host. Create a docker bridge network and then, inside moby, add the tap backed interface to the network's bridge thus providing direct conectivity to the host.

Install

Download the tuntap OSX kernel extensions
Extract the .pkg file within the tuntap archive
Download install.sh
(Optional, but encouraged) Read install.sh!
Run install.sh (see example below)

n.b. There are several environment variable settings.

# DOCKER_TAP_NETWORK=acme ./install.sh tuntap_20150118.pkg
Install tuntap kernel extension
Password: ***************
installer: Package name is TunTap Installer package
installer: Upgrading at base path /
installer: The upgrade was successful.
Ensure tap extension is loaded
Permit non-root usage of tap1 device
Move original com.docker.hyperkit
Install com.docker.hyperkit shim
>>>>>>> RESTART DOCKER NOW <<<<<<<
When docker is responding (i.e. docker image ls), press return:
Create host-accessible network
efe009821235c9568f7ee66d882c22ce94edefa446abefb0159c392ac6024dbb
Bridge tap into docker network
Assign the network gateway IP to the tap interface

# docker container run -d --net acme --rm nginx:alpine
796c40fb6c78f769d502d21f2a339d08d2c75f545c579a41b6f4f7966e23ae1d

# docker container inspect -f '{{.NetworkSettings.Networks.acme.IPAddress}}' 796c40fb6c78
172.18.0.2

# curl -I 172.18.0.2
HTTP/1.1 200 OK
Server: nginx/1.11.12
Date: Fri, 31 Mar 2017 04:23:09 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Mon, 27 Mar 2017 19:48:13 GMT
Connection: keep-alive
ETag: "58d96c7d-264"
Accept-Ranges: bytes

# docker container stop 796c40fb6c78
796c40fb6c78

WARNING:

Unfortunately install.sh must currently be run after every restart of Docker. This is because both moby and the tap interface only persist while Docker is running. Hopefully this can be improved upon in the future.

Uninstall

There's no dedicated uninstaller, but the process is fairly simple:

Move com.docker.hyperkit.real back to com.docker.hyperkit
Reboot Docker
Restore the owner of the chosen tap device to root, or alternatively
Removal instructions for tuntap OSX can be found in their FAQ.

Thanks

Michael Henkel -- Without these forum posts this wouldn't exist.
tuntaposx.sourceforge.net
@tinychaos42 and @idio -- Without whose Mac this investigation wouldn't have been possible.
@muz -- Without whose beta testing containers wouldn't even have internet. >_>;;

docker-for-mac-host-bridge's People

Contributors

Stargazers

Watchers

docker-for-mac-host-bridge's Issues

interface tap1 does not exist

Hi -

I cloned this repository down in an attempt to install it. Unfortunately, it errors out at this point:

Bridge tap into docker network
Assign the network gateway IP to the tap interface
**ifconfig: interface tap1 does not exist**

Has anyone fixed this previously?

macOS Sierra (10.12.6)
Docker version:

Client:
 Version:      17.09.0-ce
 API version:  1.32
 Go version:   go1.8.3
 Git commit:   afdb6d4
 Built:        Tue Sep 26 22:40:09 2017
 OS/Arch:      darwin/amd64

Server:
 Version:      17.09.0-ce
 API version:  1.32 (minimum version 1.12)
 Go version:   go1.8.3
 Git commit:   afdb6d4
 Built:        Tue Sep 26 22:45:38 2017
 OS/Arch:      linux/amd64
 Experimental: true

interface tap1 does not exist

Hello,
after rebooting macos(10.12.4) the error 'interface tap1 does not exist' appears.
The kext is loaded and the device has the privileges for the current user.
manually "ifconfig tap1 up" results in the same error.
I don't know, how to regain a working tap0 device (except resetting docker, do install.sh and rebuild all images)

Support for 19.03

Any change you can help with support for 18.03 ?

Any way in which to specific a static IP address for the acme network?

Crash with 17.04.0-ce-rc2

Reported by @artemkaint
docker/for-mac#155 (comment)

@mal thnx, it works perfectly on Stable!!!!
But suddenly crashed on morning update on 17.04 (Beta) I hope the author will fix script in short time)

Failed to connect to container

My test result is that Failed to connect to container when i excecute curl -I container_ip
I don't know what caused this

Thank you

My list of steps：

##### 1.install tuntaposx #######
╭─bullfly at npc in ~/Downloads/tuntap_20150118 using
╰─○ ls -lh /dev/tap*
crw-rw----  1 root     wheel   38,   0  8 13 11:39 /dev/tap0
crw-rw----  1 bullfly  wheel   38,   1  8 13 11:39 /dev/tap1
crw-rw----  1 root     wheel   38,  10  8 13 11:39 /dev/tap10
crw-rw----  1 root     wheel   38,  11  8 13 11:39 /dev/tap11
crw-rw----  1 root     wheel   38,  12  8 13 11:39 /dev/tap12
crw-rw----  1 root     wheel   38,  13  8 13 11:39 /dev/tap13
crw-rw----  1 root     wheel   38,  14  8 13 11:39 /dev/tap14
crw-rw----  1 root     wheel   38,  15  8 13 11:39 /dev/tap15
crw-rw----  1 root     wheel   38,   2  8 13 11:39 /dev/tap2
crw-rw----  1 root     wheel   38,   3  8 13 11:39 /dev/tap3
crw-rw----  1 root     wheel   38,   4  8 13 11:39 /dev/tap4
crw-rw----  1 root     wheel   38,   5  8 13 11:39 /dev/tap5
crw-rw----  1 root     wheel   38,   6  8 13 11:39 /dev/tap6
crw-rw----  1 root     wheel   38,   7  8 13 11:39 /dev/tap7
crw-rw----  1 root     wheel   38,   8  8 13 11:39 /dev/tap8
crw-rw----  1 root     wheel   38,   9  8 13 11:39 /dev/tap9



##### 2.DOCKER_TAP_NETWORK=acme ./install.sh tuntap_20150118.pkg ######
╭─bullfly at npc in ~/Downloads/tuntap_20150118 using
╰─○ DOCKER_TAP_NETWORK=acme ./install.sh tuntap_20150118.pkg
Install tuntap kernel extension
Password:
installer: Package name is TunTap Installer package
installer: Upgrading at base path /
installer: The upgrade was successful.
Ensure tap extension is loaded
Permit non-root usage of tap1 device
Bridge tap into docker network
Assign the network gateway IP to the tap interface
ifconfig: interface tap1 does not exist

################   3.ifconfig       ############
tap1: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
  ether 12:5d:50:4d:40:02
  media: autoselect
  status: active
  open (pid 3624)


################ 4.restart docker ############

##### 5.DOCKER_TAP_NETWORK=acme ./install.sh tuntap_20150118.pkg ######
╭─bullfly at npc in ~/Downloads/tuntap_20150118 using
╰─○ DOCKER_TAP_NETWORK=acme ./install.sh tuntap_20150118.pkg
Bridge tap into docker network
Assign the network gateway IP to the tap interface

################   6.ifconfig       ############
tap1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
  ether 12:5d:50:4d:40:02
  inet 172.19.0.1 netmask 0xffff0000 broadcast 172.19.255.255
  media: autoselect
  status: active
  open (pid 3624)

##### 7.docker container run -d --net acme --rm nginx:alpine #####
╭─bullfly at npc in ~/Downloads/tuntap_20150118 using
╰─○ docker container run -d --net acme --rm nginx:alpine
47096aee5d1df7c1afb9d8af46469693750c94013b2d3a8031d42d1448b8bd3d

##### 8. get container  ip #####
╭─bullfly at npc in ~/Downloads/tuntap_20150118 using
╰─○ docker container inspect -f '{{.NetworkSettings.Networks.acme.IPAddress}}' 47096aee5d1df7c
172.19.0.2

#### 9. docker ps #####
╭─bullfly at npc in ~/Downloads/tuntap_20150118 using
╰─○ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
47096aee5d1d        nginx:alpine        "nginx -g 'daemon of…"   3 minutes ago       Up 3 minutes        80/tcp              hopeful_jang


##### 10. test container port 80 #######
╭─bullfly at npc in ~/Downloads/tuntap_20150118 using
╰─○ curl -I 172.19.0.2
curl: (7) Failed to connect to 172.19.0.2 port 80: Operation timed out

Containers lose connectivity to the internet after being connected to by the host

To reproduce:

Create a new container on the acme network
Drop to shell inside it using docker exec
Run ping 8.8.8.8, and get back responses
Run python -m http.server
Connect from a browser on the mac and look at the directory listing
Quit the python server with Ctrl-C
Run ping 8.8.8.8 again

Expected behavior:

ping command behaves as before

Actual behavior:

ping hangs and all packets are lost

Two docker networks at the same time

Hello,

I am using this project to create a custom domain connection between a container and my host machine (ex, 'http://myapp.dev' redirects to the corresponding container). I wrote a script that helps my development process by performing the following instructions:

executes docker-compose up <other options>
runs docker-for-mac-host-bridge project's install.sh script to create connection between my host machine and the container (network name: myapp_net)
retrieves container's ip address within its network (.NetworkSettings.Networks.IPAddress)
updates /etc/hosts file accordingly

This works perfectly fine only when one docker network is being used with tuntap. However, If I want to work on two different projects with two separate docker networks (myapp_net and anotherapp_net), and use the same script to spawn up those projects, both of the projects' custom domain will not work (connection timeout). I tested and checked that both containers were running correctly with two unique network ip addresses, docker networks were set up correctly, and /etc/hosts file was updated with correct information(ex, 172.21.0.3 myapp.dev and 172.18.0.3 anotherApp.dev). Also, the containers were reachable by localhost port bindings (ex, 0.0.0.0:32778->80/tcp and 0.0.0.0:33061->80/tcp) but not by ip addresses assigned in their networks (ex, 172.21.0.3 and 172.18.0.3) which causes connection timeout error. I assume this problem is causing due to attempts of connecting two networks with only one tuntap interface (I only have one tuntap interface on my host machine, tap1). Is there a way to support two different docker networks at the same time?

At this point, If I want to work on a different project, I have to perform docker-compose down on current running project and remove its network, and then run the script from above to start the different one.

Thank you.

Bridge doesn't installed on edge version 18.05.0-ce-mac67

Version 18.05.0-ce-mac67 (25042)

Plugin is successfully installed, but host doesn't have access to docker network

Bridge tap into docker network
Assign the network gateway IP to the tap interface

Installation failed on Version 18.03.0-ce-rc1-mac54

Move original hyperkit
mv: rename hyperkit to hyperkit.real: No such file or directory

ls -la /Applications/Docker.app/Contents/Resources/bin/

-rwxr-xr-x   1 artemkaint  admin   4876320 Feb 27 18:05 com.docker.hyperkit
-rwxr-xr-x   1 artemkaint  admin  20042784 Feb 27 18:05 com.docker.vpnkit
-rwxr-xr-x   1 artemkaint  admin  38267040 Feb 27 18:05 docker
-rwxr-xr-x   1 artemkaint  admin   6338528 Feb 27 18:05 docker-compose
-rwxr-xr-x   1 artemkaint  admin   1633424 Feb 27 18:05 docker-credential-osxkeychain
-rwxr-xr-x   1 artemkaint  admin   4768000 Feb 27 18:05 docker-diagnose
-rwxr-xr-x   1 artemkaint  admin  31535504 Feb 27 18:05 docker-machine
-rwxr-xr-x   1 artemkaint  admin  67727776 Feb 27 18:05 kubectl
-rwxr-xr-x   1 artemkaint  admin   8453936 Feb 27 18:05 notary

issue docker 18.09.0 build 4d60db4

Install log:

Install tuntap kernel extension
Password:
installer: Package name is TunTap Installer package
installer: Installing at base path /
installer: The install was successful.
Ensure tap extension is loaded
Permit non-root usage of tap1 device
./install.sh: line 60: pushd: /Applications/Docker.app/Contents/Resources/bin: No such file or directory