问题
I'm trying to find some way to be able to both use my company's VPN and Docker-Machine; at the moment, I cannot use both, or else if I use the VPN at any point, then I cannot do anything Docker related until I shut off the VPN and restart my machine. Specifically, the following command just hangs and times out:
eval $(docker-machine env dev)
where dev is the name of my Docker-Machine VM.
Nothing involving Docker works without that eval command, and the eval command simply does not work either while connected to the VPN or even after. I've read that using an older version of VirtualBox (4.3.1 or some such) will fix this issue, but unfortunately, Docker Toolbox always makes sure that the latest VirtualBox is installed. I'm using Docker Toolbox 1.8.1b and VirtualBox 5.0.2. Is there a way to get Cisco AnyConnect VPN and Docker-Machine to work together? It seems like the main problem is that AnyConnect is messing with network routing.
回答1:
I'm sure a clever bash person could explain why, but eval "$(docker-machine env dev)" (note the quotes) is the recommended (by Docker) way to setup the DOCKER environment variables.
回答2:
This answer applies the findings from: https://stackoverflow.com/a/26913705/3471672
I'm using the Toolbox on Mac OS X (Docker v1.10) from: https://docs.docker.com/mac/step_one/
It looks like the issue is a firewall rule introduced by starting Cisco AnyConnect. The following shows the issue getting introduced and how to resolve it:
- Make sure Cisco AnyConnect is STOPPED (!)
- Make sure you can see no firewall rule issue; to validate, run (using the Toolbox, in the Docker Quickstart Terminal):
$ sudo ipfw -a list | grep "deny ip"
- Create docker machine named e.g.: dev, run:
$ docker-machine create --driver virtualbox dev
- Validate the machine can be accessed, run e.g.:
$ docker-machine ls
- START Cisco AnyConnect: --- THE ISSUE GETS INTRODUCED HERE ---
- Validate the machine cannot be accessed anymore, run:
$ docker-machine ls
- You will see an error like:
Unable to query docker version [...] connect: permission denied
- Check for a new firewall rule that has been introduced, run:
$ sudo ipfw -a list | grep "deny ip"
- You get something like e.g.:
00411 72 6160 deny ip from any to any keep-state
- Based on the first number (in this case:
00411), remove the rule, run e.g.:$ sudo ipfw delete 00411
- Validate the machine can be accessed again, run:
$ docker-machine ls
- Now you can successfully do stuff again like:
$ eval $(docker-machine env dev)$ docker ps- etc.
来源:https://stackoverflow.com/questions/32616647/docker-machine-doesnt-work-when-connected-to-cisco-anyconnect-mac-os-x