0

2017年新年快乐!

大家好!

当我尝试在 BlueMix 容器中部署 docker 映像时遇到一些问题(其中cf ic run = docker run
,即使映像在内部运行良好,我也无法从 Web 访问容器。我ping了绑定的地址:

ping 169.46.18.91
PING 169.46.18.91 (169.46.18.91): 56 data bytes
64 bytes from 169.46.18.91: icmp_seq=0 ttl=48 time=124.247 ms
64 bytes from 169.46.18.91: icmp_seq=1 ttl=48 time=122.701 ms

该映像在本地工作,但现在我给了它一个 IP 并将其托管在 bluemix 容器服务上,我报告了一个问题,而该映像在cf ic -v run命令之后设置

以下是命令的日志:

cf ic -v run -p 3000 --name bootingtest 1ed1b527771b

DEMANDE : [2017-01-18T10:32:31+01:00]
POST /UAALoginServerWAR/oauth/token HTTP/1.1
Host: login.ng.bluemix.net
Accept: application/json
Authorization: [DONNEES PRIVEES MASQUEES]
Connection: close
Content-Type: application/x-www-form-urlencoded
User-Agent: go-cli 6.22.2+a95e24c / darwin

grant_type=refresh_token&refresh_token=eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiIwNzJlYTFmNy00NGRlLTRmYmYtODUxOS1lNmU0NmU2MTk1Y2ItciIsInN1YiI6ImZkMWVmM2Q3LTI2OTQtNDQ4Ni1iNjY2LWRmNTVjY2M4MzVmOCIsInNjb3BlIjpbIm9wZW5pZCIsInVhYS51c2VyIiwiY2xvdWRfY29udHJvbGxlci5yZWFkIiwicGFzc3dvcmQud3JpdGUiLCJjbG91ZF9jb250cm9sbGVyLndyaXRlIl0sImlhdCI6MTQ4NDczMTE3MSwiZXhwIjoxNDg3MzIzMTcxLCJjaWQiOiJjZiIsImNsaWVudF9pZCI6ImNmIiwiaXNzIjoiaHR0cHM6Ly91YWEubmcuYmx1ZW1peC5uZXQvb2F1dGgvdG9rZW4iLCJ6aWQiOiJ1YWEiLCJncmFudF90eXBlIjoicGFzc3dvcmQiLCJ1c2VyX25hbWUiOiJlbW1hbnVlbC5zb2xvbUBmci5pYm0uY29tIiwib3JpZ2luIjoidWFhIiwidXNlcl9pZCI6ImZkMWVmM2Q3LTI2OTQtNDQ4Ni1iNjY2LWRmNTVjY2M4MzVmOCIsInJldl9zaWciOiI2MWNkZjM4MiIsImF1ZCI6WyJjZiIsIm9wZW5pZCIsInVhYSIsImNsb3VkX2NvbnRyb2xsZXIiLCJwYXNzd29yZCJdfQ._gxevCN9cCYX3Fw_FUEYvxFsRhHqfOT9KhjZFiHcNao&scope=

REPONSE : [2017-01-18T10:32:32+01:00]
HTTP/1.1 200 OK
Connection: close
Transfer-Encoding: chunked
Cache-Control: no-cache, no-store, max-age=0, must-revalidate,no-store
Content-Security-Policy: default-src 'self' www.ibm.com 'unsafe-inline';
Content-Type: application/json;charset=UTF-8
Date: Wed, 18 Jan 2017 09:32:31 GMT
Expires: 0
Pragma: no-cache,no-cache
Server: Apache-Coyote/1.1
Strict-Transport-Security: max-age=2592000 ; includeSubDomains
X-Backside-Transport: OK OK,OK OK
X-Client-Ip: 91.151.65.169
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Global-Transaction-Id: 1804077409
X-Powered-By: Servlet/3.1
X-Vcap-Request-Id: e683d47d-28aa-43c1-6356-d5818dfd86f1
X-Xss-Protection: 1; mode=block

6f6
{"access_token":"[DONNEES PRIVEES MASQUEES]","token_type":"[DONNEES PRIVEES MASQUEES]","refresh_token":"[DONNEES PRIVEES MASQUEES]","expires_in":1209599,"scope":"cloud_controller.read password.write cloud_controller.write openid uaa.user","jti":"edcd9c51-4521-4f49-bf03-def030e81626"}
0


a9dc3ad4-1a34-4848-9b16-8d1410b79a06

那么有没有办法在我运行或构建图像时将连接从“关闭”状态设置为“等待传入连接”状态?

类似选项的东西cf ic (docker) run -p 3000 --accept_all imageid cmd(我没有在 --help 菜单中看到它)或者您在其他地方看到了错误?

我想过用 bash 命令登录容器,docker exec -it ID /bin/bash但我不知道接受所有传入连接的 bash 命令……(而且我认为这是 VM 的 bash 而不是容器本身)

感谢您的回答,祝您有美好的一天!

伊曼纽尔

其他信息

Dockerfile

FROM ubuntu:14.04
RUN apt-get update && apt-get -y install python2.7
RUN apt-get -y install python-pip
RUN pip install Flask
RUN pip install ibmiotf
RUN pip install requests
RUN pip install flask-socketio
RUN pip install cloudant
ENV PORT=12345
EXPOSE 12345
ADD ./SIARA /opt/SIARA/
WORKDIR /opt/SIARA/
CMD sleep 80 && python testGUI.py

Flask 服务器端口映射和运行:

if __name__ == '__main__':
    # Bind to PORT if defined, otherwise default to 5000.
    port = int(os.environ.get('PORT', 5000))
    socketio.run(app, host='0.0.0.0', port=port)

线索

当我过去在本地测试我的图像时,我收到了这个警告消息,他们不对任何崩溃负责,但也许现在它在云上,这种错误是导致网络连接尝试失败的原因?

tl;博士:显然 SSH 连接不可用,因为(显然)我的 python 版本(2.7)需要更新(??)但是 SSH 不应该只在 https:// 连接的情况下才相关?

cf ic logs -ft guiplay

2017-01-19T09:17:38.870006264Z /usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:334: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
32017-01-19T09:17:38.870062551Z   SNIMissingWarning
�2017-01-19T09:17:38.870081733Z /usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:132: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
92017-01-19T09:17:38.870089026Z   InsecurePlatformWarning
�2017-01-19T09:17:39.145906849Z /usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:132: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
92017-01-19T09:17:39.145950355Z   InsecurePlatformWarning
�2017-01-19T09:17:39.186165706Z WebSocket transport not available. Install eventlet or gevent and gevent-websocket for improved performance.
Y2017-01-19T09:17:39.192990810Z  * Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)
4

2 回答 2

1

嗯 - 我看到您发布了端口 3000(运行命令中的 -p 3000 参数),但默认端口为 5000。在 dockerfile 中,您将其切换为 12345,所以这可能是您实际正在监听的端口. 猜猜这就是您要打开所有端口的原因?

Docker 仅公开您告诉它的端口 - 为该默认值添加额外的 -p 5000 或根据该 Dockerfile 添加 -p 12345 ,或两者都允许您在这些情况下连接到应用程序。或者,如果您只想发布通过 Dockerfile 公开的所有端口(在本例中为 12345),请使用 -P 参数。

更多信息:在云中运行,您的容器只能通过您要发布的端口访问,这具有额外的安全性。在一个空间内(来自同一空间内其他容器的私有 ip,或者肯定来自容器本身),您仍然应该能够访问这些端口。但是,从外部只能访问您发布的端口。我看不到有效发布 * 的方法(而且,从安全角度来看,这似乎是一种相当有问题的做法)

于 2017-01-18T19:48:08.100 回答
0

看起来 Bluemix 单容器服务有点棘手,很难从 Web 访问,直到我添加了一个要求所需 HTTP 端口的“可扩展”容器。

我认为问题是这个http端口没有暴露,但现在问题已经按照我上面所说的方式解决了。

于 2017-01-25T08:41:04.173 回答