Skip to content

Windows Docker Daemon on Fusion VM

Micah Young edited this page Oct 15, 2020 · 20 revisions

Purpose

Allow a MacOS workstation to run a local Docker for Windows daemon in a VMware Fusion¹ Virtual Machine that is accessible by setting DOCKER_HOST.

On Mac workstation

  1. Download and Install VMware Fusion
  2. Create a new Fusion Network Interface
    • Open Fusion
    • VMWare Fusion Menu -> Preferences -> Network tab -> Unlock -> + (Add Network)
      • Default name is vmnet2
    • New network adapter:
      • Enable NAT: Allow virtual machines ... (using NAT)
      • Subnet IP: 192.168.2.0
      • Click Apply
  3. Download Windows Server 2019 VHD Image
  4. Install Windows VM
    • File -> Import -> Choose File -> Pick your VHD
    • Customize Settings:
      • General:
        • Memory: 4GB or more
        • CPU: 2 processors or more
        • Enable hypervisor applications
      • Network Adapter: use your new network adapter (ex: vmnet2)
  5. Start Windows VM
  6. Optional: Shutdown, Create Snapshot, Restart, Login

On Windows VM

  1. Perform First-time VM setup
    • Log-off/Restart VM if prompted by dialogs
    • Install Updates (Start Menu -> Type "Updates" -> Click "Check for Updates" -> Click "Install Now")
    • Enable Developer Mode (Start Menu -> Type "Dev" -> Click "Developer Settings" -> Select "Developer mode")
  2. Install Docker for Windows
    Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
    Install-Package -Name docker -ProviderName DockerMsftProvider -Force
    Restart-Computer -Force
  3. Log in again after machine reboots
    • Wait for Docker to start
    • Note: some versions require an extra reboot to enable Hyper-V
  4. Enable Docker Daemon TCP listening
    • Docker Tray Icon -> Menu -> Settings -> Check Expose daemon on tcp://localhost:2375
    • Click Apply & Restart
  5. Optional: Enable Insecure registries for VM IP
    • Docker Tray Icon -> Menu -> Settings -> Docker Engine
    • Edit the JSON config in the text box
    • Add "192.168.2.0/24" (VM network) and "172.24.0.0/16" (container network) to "insecure-registries", such as:
      {
          "insecure-registries":["192.168.2.0/24","172.24.0.0/16"]
      }
    • This allows registry containers to be run and pushed to and from the Host
    • Click Apply & Restart
  6. Optional: Set default container isolation to fastest
    • Docker Tray Icon -> Menu -> Settings -> Docker Engine
    • Edit the JSON config in the text box
    • Add anywhere:
      {
          "exec-opts": ["isolation=process"]
      }
    • Note: this means you can only run :1809 images on Windows 10 version 1809 for some images (servercore and windows)
    • Click Apply & Restart
  7. Open Administrator Powershell
    • Right-click Windows Icon -> Windows Powershell (Admin)
  8. In Admin Powershell, add public port forward port, pointing to local docker port
    netsh interface portproxy add v4tov4 listenport=23750 connectport=2375 connectaddress=127.0.0.1
    
    • Warning: this allows anyone with access to your 192.168.2.0/24 network to reach your VM's daemon
  9. In Admin Powershell, add firewall rule
    New-NetFirewallRule -DisplayName DockerPublic -LocalPort 23750 -Protocol TCP
    
    • Warning: this allows anyone with access to your 192.168.2.0/24 network to reach your VM's daemon
  10. In Admin Powershell, get IP address
    Get-NetIPAddress -InterfaceAlias Ethernet0 -AddressFamily IPv4
    
  11. Optional: Shutdown, Create Snapshot, Restart, Login

On Mac workstation

  1. Open Terminal
  2. In Terminal, set DOCKER_HOST
    export DOCKER_HOST="tcp://<vm ip address>:23750"
    
  3. In Terminal, test Docker
    docker info
    
    # Expected output
    Client:
    Debug Mode: false
    
    Server:
    Containers: 0
     Running: 0
     Paused: 0
     Stopped: 0
    Images: 1
    Server Version: 19.03.2
    Storage Driver: windowsfilter
     Windows:
    Logging Driver: json-file
    Plugins:
     Volume: local
     Network: ics l2bridge l2tunnel nat null overlay transparent
     Log: awslogs etwlogs fluentd gcplogs gelf json-file local logentries splunk syslog
    Swarm: inactive
    Default Isolation: hyperv
    Kernel Version: 10.0 17763 (17763.1.amd64fre.rs5_release.180914-1434)
    Operating System: Windows 10 Enterprise Evaluation Version 1809 (OS Build 17763.379)
    OSType: windows
    Architecture: x86_64
    CPUs: 1
    Total Memory: 4GiB
    Name: MSEDGEWIN10
    ID: 5MKL:VDT7:YM72:IFOB:YTIC:2NTH:5YUO:VNN6:VMII:SUR7:DNQI:REVH
    Docker Root Dir: C:\ProgramData\Docker
    Debug Mode: true
     File Descriptors: -1
     Goroutines: 27
     System Time: 2019-10-09T09:04:13.5781811-07:00
     EventsListeners: 1
    Registry: https://index.docker.io/v1/
    Labels:
    Experimental: false
    Insecure Registries:
     127.0.0.0/8
    Live Restore Enabled: false
    Product License: Community Engine
    

Troubleshooting

If you can connect to the Docker Daemon but can't connect to any published container port, it may be related to this. I tried several workarounds but the only re-creating VM from scratch worked.

If you can't connect to your VM, your new Adapter (vmnet2) may be conflicting with your default adapter (vmnet8) IP address range. Your best option is to set your default network to a different IP range: https://spin.atomicobject.com/2017/04/03/vmware-fusion-custom-virtual-networks/

Footnotes

¹ Fusion is used for its VT-x (nested hypervisor) support, which is required to run Docker for Windows. There appears to be no open-source hypervisor for MacOS currently with this feature.

Clone this wiki locally