I have Docker on my Windows dextop PC running a server for a little routine work.
However, since we also do development on the same PC, we do not want to have production affected by the work done in development, so we separate the machines running the Docker Server for development and production.
This is a step-by-step memo on how to set up multiple Docker Servers. Also, since access to the Docker Servers is done through WSL, not PowerShell, I will also note the settings for that as well.
procedure
Docker Machine" can be used to easily add a virtual machine that runs Docker.
Start PowerShell with administrative privileges
Set the PowerShell console character encoding to UTF-8
chcp 65001
Create a new Docker Server virtual terminal with docker-machine
docker-machine create ` —driver hyperv ` —hyperv-memory 2048 ` —hyperv-virtual-switch "既定のスイッチ" ` devVM
This will add a new Docker Server called "devVM".
MobyLinuxVM" is the default Docker Server that is created when Docker Desktop is installed, as described below.
Brief explanation about Docker on Windows
The following is a brief description of the above work.
Docker runs on a client-server model: Docker on Windows creates a Linux virtual terminal in Hyper-V, and Docker Server runs on that virtual terminal to execute Docker.
In other words, Docker is not running natively on Windows, but rather Docker is running on Linux created on Windows, and you are simply accessing that Linux from PowerShell, command prompt, WSL, or other clients. (There is also a Windows container that runs natively on Windows, but I will omit that from this explanation.)
To enable Hyper-V virtual terminals to access the Internet, the switch used by the virtual terminal must be the "default switch" and is specified with the "-hyperv-virtual-switch" option. However, since the "default switch" is in Japanese and cannot be passed as a command argument without modification, the PowerShell terminal character code is changed to UTF-8 with "chcp 65001".
Accessing Docker from a WSL
Accessing the default Docker Server from a WSL
To access the default Docker Server, which is installed when you install Docker Desktop on WIndows, from WSL, you need to configure the Docker Desktop settings
- [General]-[Expose daemon on tcp://localhost:2375 without TLS]にチェック
This can be done at
Access the added Docker Server from WSL
Accessing the added Docker Server requires a step.
As mentioned earlier, Docker is a client-server model, so this is done by changing the destination of the WSL (Docker client) from the default Docker Server to the created Docker Server.
The destination is set by the "DOCKER_HOST", "DOCKER_CERT_PATH", and "DOCKER_TLS_VERIFY" environment variables.
- The files related to Docker Server authentication indicated by "DOCKER_CERT_PATH" are generated during Docker Machine creation and stored in the "/mnt/c/Users/\
/.docker/machine/machines/\<Docker_ Server name>" directory. - The IP address of the Docker Server is found in the "Network" of the virtual terminal created by the Hyper-V manager.
Based on this information, set the environment variables as shown below, and thereafter Docker commands will be issued to and accessible from the added Docker Server.
export DOCKER_HOST=tcp://<ip_address>:2376 export DOCKER_CERT_PATH=/mnt/c/Users/<user_name>/.docker/machine/machines/<docker_server_name> export DOCKER_TLS_VERIFY=1
Restore access to the default Docker Server
If you remove the configured environment variables as shown below, you will be able to access the default Docker Server from then on.
export DOCKER_HOST=tcp://0.0.0.0:2375 unset DOCKER_CERT_PATH unset DOCKER_TLS_VERIFY
Notes on using Docker Compose
Docker Compose uses TLS version 1.0 by default, so using Docker Compose with WSL for the added Docker Server will result in the following error due to security issues.
ERROR: SSL error: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version
In such a case, set the TLS version of Docker Compose to 1.2 in the environment variable, as shown below, and the error will not occur.
export COMPOSE_TLS_VERSION=TLSv1_2
By the way, the default Docker Server is set to "without TLS" in the access settings from WSL, so no error will occur regardless of the TLS version.
Fix the IP address of the Docker Server
Using the "default switch," the added Docker Server will be assigned an appropriate IP address via DHCP.
If not, the IP address will change every time the PC is booted, which is inconvenient, so fix the IP address.
information gathering
The following information is required for IP address fixation.
- IP address
- net-mask
- gateway
- DNS
Netmask, Gateway, DNS
Go to [Control Panel] - [Network and Sharing Center] - [Change Adapter Settings] and open [Right Click] - [Show Status] - [Details] where "vEthernet (default switch)" is located.
- The "IPv4 address" is the "gateway" and "DNS."
- IPv4 subnet mask" becomes "netmask".
- The "IP address" can be set in any "host part" obtained from the "IPv4 address" and "IPv4 subnet mask". (You may leave the IP address set in the previous section as it is.)
Set information to Docker Server
From the Hyper-V Manager, double-click the added Docker Server to log in.
Since "/var/lib/boot2docker/bootlocal.sh" is called when Docker Server is started, create a "bootlocal.sh" file and include the following
bootlocal.sh
ifconfig eth0 <IPアドレス> netmask <ネットマスク> up echo nameserver <DNS> >> /etc/resolv.conf route add default gw <ゲートウェイ>
Shut down and start the Docker Server again
The Docker Server will then be at the new specified IP address, and the specified IP address will be fixed even if the PC is started up again.
Restructuring of certification
Because authentication is tied to IP addresses, if the IP address changes, the authentication created when the Docker Machine was built will no longer be available, so rebuild it from PowerShell running with administrator privileges using the following command.
docker-machine regenerate-certs <マシン名>
Switching Docker Servers
I think it will be easier to switch if you create an alias like the following in ".bashrc", etc.
alias machine_default='export DOCKER_HOST=tcp://0.0.0.0:2375 && unset DOCKER_CERT_PATH && unset DOCKER_TLS_VERIFY' alias machine_dev='export DOCKER_HOST=tcp//<ip_address>:2376 && export DOCKER_CERT_PATH="/mnt/c/Users/<user_name>/.docker/machine/machines/<machine_name>" && export DOCKER_TLS_VERIFY=1'
impressions
The Hyper-V area was complicated and addicting.... It's not good for my mental health to have a virtual terminal running all the time, and I wouldn't have to go through all this trouble if Docker worked with WSL alone....
###### Postscript ######. It looks like Docker will work with WSL2.
I was going to wait and see but now I'm getting curious because it works with Windows 10 Home and WSL2 is Hyper-V but it seems to be fast unlike regular VMs.
Insider で降ってきたWindows build 18917にWSL 2が入ってた。VMで動くけどUtilityVMなのでHyper-Vマネージャーにからは見えない(画像のはDocker DesktopのVM)。起動は一瞬でござるね。 pic.twitter.com/XEDzBsrkMI
— Toru Makabe (@tmak_tw) June 13, 2019
