0

I'm using Java but this isn't necessarily a Java question. Google's "java-compat" image is Debian (3.16.7-ckt20-1+deb8u3~bpo70+1 (2016-01-19)).

Here is my Dockerfile:

FROM gcr.io/google_appengine/java-compat
RUN apt-get -qqy update && apt-get qqy install curl xvfb x11vnc
RUN mkdir -p ~/.vnc
RUN x11vnc -storepasswd xxxxxxxx ~/.vnc/passwd 
EXPOSE 5900

ADD . /app

And in the Admin Console I created a firewall rule to open up 5900. And lastly I am calling the vnc server itself in the "_ah/start" startup hook with this command: 

x11vnc -forever -usepw -create

All seems to be setup correctly but I'm unable to connect with TightVNC. I use the public (ephemeral) IP address for the instance I find in the Admin Console followed by ::5900 (TightVNC requires two colons for some reason). I'm getting a message that the server refused the connection. And indeed when I try to telnet to port 5900 it's blocked.

Next I SSH into the container machine and when I test the port on the container with wget xxx.xxx.xxx.xxx:5900 I get a connection. So it seems to me the container is not accepting connections on port 5900. Am I getting this right? Is it possible to open up ports and route my VNC client into the docker container? Any help appreciated.

Why I can't use Compute Engine. Just to preempt some comments about using google's Compute Engine environment instead of Managed VMs. I make heavy use of the Datastore and Task Queues in my code. I don't think those can run (or run natively/efficiently) on Compute Engine. But I may pose that as a separate question.

Update: Per Paul in the comments... having learned some of the docker terminology: Can I publish a port on the container in Google's environment?

Robert
  • 1,220
  • 16
  • 19
  • I believe expose only exposes the port to other docker instances. Try publishing it. http://stackoverflow.com/questions/22111060/difference-between-expose-and-publish-in-docker – Paul Collingwood Feb 13 '16 at 12:13
  • Great reference Paul. I think that's my problem--I don't have control over the "docker run" parameters to put that "-p" flag in. That command is executed by the Google environment (hence the "managed" in managed vm). – Robert Feb 13 '16 at 15:05
  • fyi http://stackoverflow.com/questions/25602132/how-do-i-access-my-appengine-datastore-entities-from-my-compute-engine-vm – Paul Collingwood Feb 13 '16 at 17:21

1 Answers1

1

Out of curiosity - why are you trying to VNC into your instances? If it's just for management purposes, you can SSH into Managed VM instances.

Use SSH instead of VNC if you can

That having been said - you can use the network/forwarded_ports config to route traffic from the VM to the application container:

network:
  forwarded_ports:
  - 5900
  instance_tag: vnc

Put that in your app.yaml, and re-deploy your app. You'll also need to open the port in your firewall (if you intend on accessing this from the public internet):

gcloud compute firewall-rules create default-allow-vnc \
  --allow tcp:5900 \
  --target-tags vnc \
  --description "Allow vnc traffic on port 5900"

Hope this helps!

Justin Beckwith
  • 7,686
  • 1
  • 33
  • 55
  • Those settings on app.yaml were the deep magic that I needed! Thank you Justin. I wonder what other undocumented secrets are lurking in app.yaml.... – Robert Feb 16 '16 at 15:35
  • Ha, glad it was helpful. FWIW, we do have this covered here: https://cloud.google.com/appengine/docs/managed-vms/nodejs/configuring-your-app-with-app-yaml – Justin Beckwith Feb 16 '16 at 16:23
  • Also - I have to know - why are you using VNC here? – Justin Beckwith Feb 16 '16 at 16:23
  • Top secret. But it involves world domination. And the evils of GUI app automation in a headless environment. As for the app.yaml documentation... I've made a "note to self" that if I *really* want to search the docs I'll have to go through each language... those details on the Node.js side are nowhere to be found in Python or Java configs. – Robert Feb 16 '16 at 17:29
  • Sorry about that - looks like google search hasn't caught up with google cloud yet :P It's the same doc in each language: https://cloud.google.com/appengine/docs/managed-vms/python/configuring-your-app-with-app-yaml – Justin Beckwith Feb 16 '16 at 17:32