Posts mit dem Label VirtualBox werden angezeigt. Alle Posts anzeigen
Posts mit dem Label VirtualBox werden angezeigt. Alle Posts anzeigen

2015-09-26

Connect to Vagrant box from docker container running on same host

Labels: , , ,
As described in my last blog post, I could not access my Vagrant box from the Docker container. The reason was that the Vagrant Box had only a NAT interface. This NAT interface is required by Vagrant and you can not change it, e.g. to a Bridged interface. But you can add another interface.

I have added the following entry to the Vagrantfile:
config.vm.network "private_network", type: "dhcp"
After restart the Vagrant Box I determine the assigned IP
$ vagrant ssh -c "ip address"
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp0s3:  mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:39:18:3c brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic enp0s3
       valid_lft 86365sec preferred_lft 86365sec
    inet6 fe80::a00:27ff:fe39:183c/64 scope link
       valid_lft forever preferred_lft forever
3: enp0s8:  mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:e2:20:14 brd ff:ff:ff:ff:ff:ff
    inet 172.28.128.3/24 brd 172.28.128.255 scope global dynamic enp0s8
       valid_lft 1170sec preferred_lft 1170sec
    inet6 fe80::a00:27ff:fee2:2014/64 scope link
       valid_lft forever preferred_lft forever
Connection to 127.0.0.1 closed.
From the docker container the box is now reachable using 172.28.128.3 .
um
Post first comment

2015-09-25

Unable to access Vagrant box from docker container running in VirtualBox

Labels: , , , ,
I want to setup my home server with a new OS (CentOS 7). I decided to use Ansible to provisioning the server because I want to document the different steps, and to learn Ansible. To be able to play with Ansible and to try out different steps I had the idea to use a virtual box image with CentOS7 as target (simulating my new server) and a docker container with ansible as provisioner. Both systems/boxes was setup in just a few minutes. Since I already have installed Vagrant, VirtualBox and Docker I just need to do the following
  • Download and start the virtualbox
  • Build a docker image with this Dockerfile by execute

    docker build -t thomo/ansible .

    and run it with
    docker run --rm -i -t -v $(pwd):/data -w /data thomo/ansible bash
Afterwards I had the shown structure

Fine - I thought at least ...

Next I tried to ping "new host" from the ansible container.
$ docker run --rm -i -t -v $(pwd):/data -w /data thomo/ansible bash
[root@07091097c2ca data]# ping 10.0.2.15
PING 10.0.2.15 (10.0.2.15) 56(84) bytes of data.
64 bytes from 10.0.2.15: icmp_seq=1 ttl=64 time=0.055 ms
64 bytes from 10.0.2.15: icmp_seq=2 ttl=64 time=0.073 ms
64 bytes from 10.0.2.15: icmp_seq=3 ttl=64 time=0.103 ms
64 bytes from 10.0.2.15: icmp_seq=4 ttl=64 time=0.108 ms
^C
--- 10.0.2.15 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3000ms
rtt min/avg/max/mdev = 0.055/0.084/0.108/0.024 ms
[root@07091097c2ca data]#
Seams to work ...

Next: Login in with ssh 
[root@07091097c2ca data]# ssh 10.0.2.15
The authenticity of host '10.0.2.15 (10.0.2.15)' can't be established.
ECDSA key fingerprint is d2:62:41:e4:a3:d2:40:cf:a0:02:eb:d0:16:ab:49:bc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.2.15' (ECDSA) to the list of known hosts.
root@10.0.2.15's password:
Permission denied, please try again.
root@10.0.2.15's password:
Permission denied, please try again.
root@10.0.2.15's password:
Permission denied (publickey,password,keyboard-interactive).
[root@07091097c2ca data]#
Huh, what the heck ...?

After some investigations (mainly by comparing the host key fingerprints) I realize that I did not communicate with my "new host" box but with the docker host. In fact the "new host" box and the docker host both use the VirtualBox NAT interface but the boxes can not reach each other.
In VirtualBox this router [the NAT interface] is placed between each virtual machine and the host. This separation maximizes security since by default virtual machines cannot talk to each other. (source)
You wonder why the ping trial worked? The reason is the docker host has the same ip address (10.0.2.15) as the "new host". So I did ping the docker host instead of "new host".

I hope my documentation helps other to avoid similar errors or at least facilitates troubleshooting in a similar situation.
um
Post first comment
Abonnieren Posts (Atom)