MacOS上的Docker无法通过HTTP API访问Vault

您好，我正在尝试在MacOS上的Docker中设置保险柜。但成功安装后，我无法通过HTTP API（ https://www.vaultproject.io/intro/getting-started/apis.html ）。

Dockerfile：

FROM centos:centos6 ENV VAULT_VERSION=0.3.0 ENV VAULT_SHA256=30b8953e98059d1e8d97f6a164aa574a346a58caf9c5c74a911056f42fbef4d5 RUN yum install -y wget unzip RUN \ wget http://dl.bintray.com/mitchellh/vault/vault_${VAULT_VERSION}_linux_amd64.zip &&\ echo "${VAULT_SHA256} vault_${VAULT_VERSION}_linux_amd64.zip" | sha256sum -c - &&\ unzip vault_${VAULT_VERSION}_linux_amd64.zip &&\ rm vault_${VAULT_VERSION}_linux_amd64.zip &&\ mv vault /usr/bin EXPOSE 8200 ENTRYPOINT ["vault"] CMD ["server", "-dev"]

我在做什么：

 $ docker build -t hyzhak/vault-dev . Sending build context to Docker daemon 2.56 kB Step 0 : FROM centos:centos6 ---> 72703a0520b7 Step 1 : ENV VAULT_VERSION 0.3.0 ---> Using cache ---> 3a7cefb4b4aa Step 2 : ENV VAULT_SHA256 30b8953e98059d1e8d97f6a164aa574a346a58caf9c5c74a911056f42fbef4d5 ---> Using cache ---> f2279f3a8d9a Step 3 : RUN yum install -y wget unzip ---> Running in bf584ef3432f Loaded plugins: fastestmirror Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package unzip.x86_64 0:6.0-2.el6_6 will be installed ---> Package wget.x86_64 0:1.12-5.el6_6.1 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: unzip x86_64 6.0-2.el6_6 base 149 k wget x86_64 1.12-5.el6_6.1 base 483 k Transaction Summary ================================================================================ Install 2 Package(s) Total download size: 633 k Installed size: 2.1 M Downloading Packages: -------------------------------------------------------------------------------- Total 180 kB/s | 633 kB 00:03 warning: rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID c105b9de: NOKEY Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 Importing GPG key 0xC105B9DE: Userid : CentOS-6 Key (CentOS 6 Official Signing Key) <[email protected]> Package: centos-release-6-7.el6.centos.12.3.x86_64 (installed) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : wget-1.12-5.el6_6.1.x86_64 1/2 install-info: No such file or directory for /usr/share/info/wget.info.gz Installing : unzip-6.0-2.el6_6.x86_64 2/2 Verifying : unzip-6.0-2.el6_6.x86_64 1/2 Verifying : wget-1.12-5.el6_6.1.x86_64 2/2 Installed: unzip.x86_64 0:6.0-2.el6_6 wget.x86_64 0:1.12-5.el6_6.1 Complete! ---> 39319a2a5d82 Removing intermediate container bf584ef3432f Step 4 : RUN wget http://dl.bintray.com/mitchellh/vault/vault_${VAULT_VERSION}_linux_amd64.zip && echo "${VAULT_SHA256} vault_${VAULT_VERSION}_linux_amd64.zip" | sha256sum -c - && unzip vault_${VAULT_VERSION}_linux_amd64.zip && rm vault_${VAULT_VERSION}_linux_amd64.zip && mv vault /usr/bin ---> Running in 668009a0a95c --2015-10-05 09:07:55-- http://dl.bintray.com/mitchellh/vault/vault_0.3.0_linux_amd64.zip Resolving dl.bintray.com... 5.153.24.114 Connecting to dl.bintray.com|5.153.24.114|:80... connected. HTTP request sent, awaiting response... 302 Location: http://d29vzk4ow07wi7.cloudfront.net/b11b4f3d90450515f9930da49953649fe0848057?response-content-disposition=attachment%3Bfilename%3D%22vault_0.3.0_linux_amd64.zip%22&Policy=eyJTdGF0ZW1lbnQiOiBbeyJSZXNvdXJjZSI6Imh0dHAqOi8vZDI5dnprNG93MDd3aTcuY2xvdWRmcm9udC5uZXQvYjExYjRmM2Q5MDQ1MDUxNWY5OTMwZGE0OTk1MzY0OWZlMDg0ODA1Nz9yZXNwb25zZS1jb250ZW50LWRpc3Bvc2l0aW9uPWF0dGFjaG1lbnQlM0JmaWxlbmFtZSUzRCUyMnZhdWx0XzAuMy4wX2xpbnV4X2FtZDY0LnppcCUyMiIsIkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTQ0NDAzNjc5Nn0sIklwQWRkcmVzcyI6eyJBV1M6U291cmNlSXAiOiIwLjAuMC4wLzAifX19XX0_&Signature=bRNeHgbTenO1ZNzZYTxf6iLvZYJS3YKxbHKH-pIdN0-K59Osn5qtWNbyqLHG~MNMp-4l4tW6tgeW6cZIx9c5ZtOcj8-CfQOpCU8hXhJQ48drj2GlU2DRnWJxER8r3cLkJz75ZLK7KJiB2-XUJxfHufmIhhatpxsnxIjJ~EuPkdj0mBdhoa4MaVa9rOzW~aCjCp980YTkzDXgJmIR0DNs8guQZ5F1tqf4SkxWPKiHvFkHOf0KgY6LVQP9pl8M6XNTYszG1bEyZ7gWvINMcs50Ha3mGIwB714HEjadTUTIMKDGy8ZYOFEym8zRxxZieE67DCcmG2IN-UT2iYEyVWfDdA__&Key-Pair-Id=APKAIFKFWOMXM2UMTSFA [following] --2015-10-05 09:07:56-- http://d29vzk4ow07wi7.cloudfront.net/b11b4f3d90450515f9930da49953649fe0848057?response-content-disposition=attachment%3Bfilename%3D%22vault_0.3.0_linux_amd64.zip%22&Policy=eyJTdGF0ZW1lbnQiOiBbeyJSZXNvdXJjZSI6Imh0dHAqOi8vZDI5dnprNG93MDd3aTcuY2xvdWRmcm9udC5uZXQvYjExYjRmM2Q5MDQ1MDUxNWY5OTMwZGE0OTk1MzY0OWZlMDg0ODA1Nz9yZXNwb25zZS1jb250ZW50LWRpc3Bvc2l0aW9uPWF0dGFjaG1lbnQlM0JmaWxlbmFtZSUzRCUyMnZhdWx0XzAuMy4wX2xpbnV4X2FtZDY0LnppcCUyMiIsIkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTQ0NDAzNjc5Nn0sIklwQWRkcmVzcyI6eyJBV1M6U291cmNlSXAiOiIwLjAuMC4wLzAifX19XX0_&Signature=bRNeHgbTenO1ZNzZYTxf6iLvZYJS3YKxbHKH-pIdN0-K59Osn5qtWNbyqLHG~MNMp-4l4tW6tgeW6cZIx9c5ZtOcj8-CfQOpCU8hXhJQ48drj2GlU2DRnWJxER8r3cLkJz75ZLK7KJiB2-XUJxfHufmIhhatpxsnxIjJ~EuPkdj0mBdhoa4MaVa9rOzW~aCjCp980YTkzDXgJmIR0DNs8guQZ5F1tqf4SkxWPKiHvFkHOf0KgY6LVQP9pl8M6XNTYszG1bEyZ7gWvINMcs50Ha3mGIwB714HEjadTUTIMKDGy8ZYOFEym8zRxxZieE67DCcmG2IN-UT2iYEyVWfDdA__&Key-Pair-Id=APKAIFKFWOMXM2UMTSFA Resolving d29vzk4ow07wi7.cloudfront.net... 54.239.168.131, 54.239.168.113, 54.239.168.149, ... Connecting to d29vzk4ow07wi7.cloudfront.net|54.239.168.131|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 7144775 (6.8M) [application/unknown] Saving to: `vault_0.3.0_linux_amd64.zip' 0K .......... .......... .......... .......... .......... 0% 245K 28s 50K .......... .......... .......... .......... .......... 1% 536K 20s 6900K .......... .......... .......... .......... .......... 99% 897K 0s 6950K .......... .......... ....... 100% 905K=11s 2015-10-05 09:08:07 (644 KB/s) - `vault_0.3.0_linux_amd64.zip' saved [7144775/7144775] vault_0.3.0_linux_amd64.zip: OK Archive: vault_0.3.0_linux_amd64.zip inflating: vault ---> 4a7ad17d1c3e Removing intermediate container 668009a0a95c Step 5 : ENTRYPOINT vault ---> Running in 5d94eea8c63a ---> 615ebbc603eb Removing intermediate container 5d94eea8c63a Step 6 : CMD server -dev ---> Running in 534d6b77a08f ---> e4972008c99e Removing intermediate container 534d6b77a08f Step 7 : EXPOSE 8200 ---> Running in cdaeb80c9f6d ---> 3d102a6ca778 Removing intermediate container cdaeb80c9f6d Successfully built 3d102a6ca778

检查图像

 $ docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE hyzhak/vault-dev latest 3d102a6ca778 10 minutes ago 275 MB start docker

运行保险库docker

 $ docker run -p 49161:8200 -d hyzhak/vault-dev 31a7925fa08a5483f11a4d307f28813b01c3e4527a6e035c00227ab1aa21df48

检查它现在是否工作

 $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 344af48eb05b hyzhak/vault-dev "vault server -dev" 25 minutes ago Up 17 minutes 0.0.0.0:49161->8200/tcp admiring_brahmagupta

检查日志

 $ docker logs admiring_brahmagupta ==> WARNING: Dev mode is enabled! In this mode, Vault is completely in-memory and unsealed. Vault is configured to only have a single unseal key. The root token has already been authenticated with the CLI, so you can immediately begin using the Vault CLI. The only step you need to take is to set the following environment variables: export VAULT_ADDR='http://127.0.0.1:8200' The unseal key and root token are reproduced below in case you want to seal/unseal the Vault or play with authentication. Unseal Key: ab8f054f17c20954ab4bb319ebd9547a8e270b23f3cce7ab84a170eba37c1a6d Root Token: 6ae939f8-0cb0-fcb4-82f4-07fdeef289a7 ==> Vault server configuration: Log Level: info Mlock: supported: true, enabled: false Backend: inmem Listener 1: tcp (addr: "127.0.0.1:8200", tls: "disabled") ==> Vault server started! Log data will stream in below: 2015/10/05 09:11:53 [INFO] core: security barrier initialized (shares: 1, threshold 1) 2015/10/05 09:11:53 [INFO] core: post-unseal setup starting 2015/10/05 09:11:53 [INFO] core: mounted backend of type generic at logical/19fa5174-70fa-90ed-fa4f-ef08040bbe6e/ 2015/10/05 09:11:53 [INFO] core: mounted backend of type cubbyhole at logical/a00018a6-ce98-3df4-28af-955e2f572f8d/ 2015/10/05 09:11:53 [INFO] core: mounted backend of type system at sys/ 2015/10/05 09:11:53 [INFO] core: post-unseal setup complete 2015/10/05 09:11:53 [INFO] core: root token generated 2015/10/05 09:11:53 [INFO] core: pre-seal teardown starting 2015/10/05 09:11:53 [INFO] rollback: starting rollback manager 2015/10/05 09:11:53 [INFO] rollback: stopping rollback manager 2015/10/05 09:11:53 [INFO] core: pre-seal teardown complete 2015/10/05 09:11:53 [INFO] core: vault is unsealed 2015/10/05 09:11:53 [INFO] core: post-unseal setup starting 2015/10/05 09:11:53 [INFO] core: mounted backend of type generic at logical/19fa5174-70fa-90ed-fa4f-ef08040bbe6e/ 2015/10/05 09:11:53 [INFO] core: mounted backend of type cubbyhole at logical/a00018a6-ce98-3df4-28af-955e2f572f8d/ 2015/10/05 09:11:53 [INFO] core: mounted backend of type system at sys/ 2015/10/05 09:11:53 [INFO] core: post-unseal setup complete 2015/10/05 09:11:53 [INFO] rollback: starting rollback manager

通过CLI运行良好

 $ alias vault='docker exec -it admiring_brahmagupta vault "$@"' $ vault --version Vault v0.3.0

得到docker的IP

 $ docker-machine ip default 192.168.99.100

并尝试连接到Vault（这个不起作用！）

 $ curl -i http://192.168.99.100:49161/v1/sys/init curl: (7) Failed to connect to 192.168.99.100 port 49161: Connection refused

任何在http://192.168.99.100:49161/的结果相同。同时从示例https://docs.docker.com/examples/nodejs_web_app/的 Node.js公开8080没有任何问题。所以我有我的docker文件在https://docs.docker.com/examples/nodejs_web_app/，但没有任何运气。此外，我已经尝试准备docker文件https://hub.docker.com/r/voxxit/vault/和其他人从集线器。这给出了相同的结果。

为什么节点没有问题暴露8080，但保险柜不起作用？以及如何解决它？

由于Vault中“dev”模式的缺省安全性，它会绑定到回送（127.0.0.1）。如果您打算从同一networking名称空间之外访问它，则必须提供configuration以在0.0.0.0:8200上进行侦听。

看到这里： https : //vaultproject.io/docs/config/index.html