How can I access a docker container started with setup_remote_docker from my base docker container started from (build: docker: image:)

kirksl · April 9, 2018, 6:06pm

I am working with the config.yml below and can’t seem to access a proxy server on the docker container started via setup_remote_docker by accessing its proxy from the docker container spec’d in (build: docker: image:) in my config.yml. Is this possible? I’ve started the second container running the proxy with -p 8080:8080 which failed. I additionally tried starting it with --network=“host” which also failed.

Curl returns “Failed to connect to IP address at port 8080: Connection timed out. Exited with code 1”

Appreciate any insight as to why networking appears to be failing between these two containers and what my options are.

version: 2

general:
  branches:
    only:
      - never-build

jobs:
  build:
    docker:
      - image: circleci/node:8.11
    steps:
      - checkout
      - run:
          name: Install Project
          command: |
            cd project
            npm install
      - setup_remote_docker
      - run:
          name: Run Proxy
          command: |
            docker pull owasp/zap2docker-stable
            docker run --name zap -u zap -p 8080:8080 --network="host" -i owasp/zap2docker-stable zap.sh -daemon -host 0.0.0.0 -port 8080 -config api.disablekey=true -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true
          background: true
      - run:
          name: Wait For Proxy
          command: |
            CONTAINER_STATUS="unhealthy"
            until [ $CONTAINER_STATUS == "healthy" ]
            do
              sleep 10
              {
                CONTAINER_STATUS=$(docker inspect --format='{{.State.Health.Status}}' zap)
              } || {
                CONTAINER_STATUS="unhealthy"
              }
            done

            CONTAINER_HOST_IP=$(echo $DOCKER_HOST | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")
            curl http://$CONTAINER_HOST_IP:8080/JSON/core/view/version/?zapapiformat=JSON | grep ‘version’

workflows:
  version: 2
  scheduled-workflow:
    triggers:
      - schedule:
          cron: "0 4 * * *"
          filters:
            branches:
              only: master
    jobs:
      - build

halfer · April 9, 2018, 7:39pm

Would you walk readers through each part of your docker run command? For example, what is the purpose of --network="host"? The run command with the -p feature will give you access to the container’s service on localhost:8080 in your build env without that.

(Meta: I’m not sure your title is very clear. What does “stood up” mean? I’ve tried to parse that several times mentally, and really come up blank ).

kirksl · April 9, 2018, 8:29pm

Cleaned up the title of this post. Stood up meaning started.

Regarding the docker run command. ‘–name zap’ enables downstream docker commands to reference this specific container by name. ‘-p 8080:8080’ maps the internal port 8080 within the container to the docker hosting this container’s port 8080. The purpose there so that you can do http://docker_host_ip:8080 and have the HTTP traffic forward over to the container and access the proxy. ‘–network=“host”’ from the docs seems to let the container’s network stack use the docker host’s network stack. So extra layers like network translation are removed. This was a test I was performing to help remove these extra layers in hopes of accessing the proxy from the CircleCI Node docker container.

Researching online it appears it may be impossible to access a docker container running on the docker host created by the setup_remote_docker command by the docker container executor specified in build: docker: image:.

Researching more. It appears there is another way to attempt this whole mission by specifying multiple docker containers right in build: docker: image: as shown at this link.
https://circleci.com/docs/2.0/executor-types/#using-multiple-docker-images

Appears to work. proxy on owasp/zap2docker-stable container can be accessed successfully by nc, curl and REST. I think this issue can be put to bed. Hope this helps someone not waste the countless hours I spent on this.

jobs:
  build:
    docker:
      - image: circleci/node:8.11
      - image: owasp/zap2docker-stable
        name: zap
        command: zap.sh -daemon -host 0.0.0.0 -port 8080 -config api.disablekey=true -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true
    steps:
      - checkout
      - run:
          name: Wait For Proxy
          command: |
            until nc -z zap 8080
            do
              echo "Waiting for ZAP..."
              sleep 1
            done

            curl http://zap:8080/JSON/core/view/version/?zapapiformat=JSON | grep ‘version’

Topic		Replies	Views
How to communicate with a Docker Container over TCP? Build Environment docker , circle-yml , workflow	10	13465	April 8, 2018
Accessing a port on a Docker container launched from the job Build Environment networking , docker , remote-docker	1	1285	October 31, 2023
How to build new Docker image and access running dependencies? Build Environment docker	3	3938	March 7, 2019
How to curl running container Build Environment docker , container-image , 2.0	4	22325	July 8, 2018
¨Docker run --network host¨ doesn't set docker container in same network as host Build Environment docker , circle-yml	1	4865	June 25, 2020

How can I access a docker container started with setup_remote_docker from my base docker container started from (build: docker: image:)

Related topics