NOTE THIS ISNT WORKING YET, JUST SOME INTERMEDIATE NOTES!
Roughly this involves: (1) Getting a simple docker client w/o the server, (2) configuring SSH on a swarm node to allow you to forward Tcp sockets, and finally (3) properly telling docker to use a unix domain socket to talk to your remote docker socket.
On the machine you want to use as the client ~ First, get your act together and get a daemonless docker install:
0) First get a docker client. Note that the whole point here is that you are *not* going to run a daemon. If you download a docker release and untar it, you'll get something like this:
[ from stack overflow : https://stackoverflow.com/questions/38675925/is-it-possible-to-install-only-the-docker-cli-and-not-the-daemon ]
curl -fsSLO https://get.docker.com/builds/Linux/x86_64/docker-17.04.0-ce.tgz \
&& tar xzvf docker-17.04.0-ce.tgz \
&& mv docker/docker /usr/local/bin \
&& rm -r docker docker-17.04.0-ce.tgz
1) Now, just move /opt/docker/docker to /usr/local/bin/docker and you can delete the rest of the directory. For example, you basically can do this:
RUN curl -fsSLO https://get.docker.com/builds/Linux/x86_64/docker-17.04.0-ce.tgz \
&& tar xzvf docker-17.04.0-ce.tgz \
&& mv docker/docker /opt/docker \
&& rm -r docker docker-17.04.0-ce.tgzNow, connect your docker client to a daemon living somewhere else: Since this involves steps that involve both CLIENT and SERVER, I'm prefixing each step with the location that you're going to run these commands.
1) SERVER: Make sure your local host Enables TCP forwarding in your SSHD configs ( /etc/ssh/sshd_config). Not that you have to systemctl restart sshd after this.
3) CLIENT: Now you run (on the host you want as your docker client):
sudo ssh -v -nNT -L /opt/docker.sock:/var/run/docker.sock -i '/home/centos/.ssh/id_rsa' -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null root@********.us-east-2.compute.amazonaws.com.
And you should see this:
Now, your /opt/docker.sock is forwarding to /var/run/docker.sock on a remote host.
4) CLIENT: I was getting a cannot connect to the Docker daemon at tcp://localhost:2375/opt/docker.sock. Is the docker daemon running? Errors when I first tried to use this (by exporting DOCKER_HOST=/opt/docker.sock). The error was because my DOCKER_HOST wasn't specifying unix:// as the protocol ! , doing export DOCKER_HOST="unix://opt/docker.sock , instead of export DOCKER_HOST=/opt/docker.sock fixed that issue. The docs on this are pretty scarce, but, yeah , it works., you just have to specify unix:// as the proto.
Alternative: just Launching the SSH command so that you do something like this: sudo ssh -v -nNT -L /opt/docker.sock:/var/run/docker.sock -i '/home/centos/.ssh/id_rsa' -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null root@********.us-east-2.compute.amazonaws.com, won't work by default unless you export "unix:///..." as the DOCKER_HOST. However, if you unset DOCKER_HOST, and just bind to the default docker host (/var/run/socket), then you don't have to worry about getting the unix:// part right :).
5) SERVER: But alas, we still get some interesting errors if on RHEL 7.4... on the far left, the server was receiving the actual attempt to connect to the socket but rejecting it !
6) SERVER: Okay so I tried AllowStreamLocalForwarding yes but that still didn't work. I'll let you know if this works out for me :). In any case, thanks to drew for helping me get started here https://medium.com/@dperny/forwarding-the-docker-socket-over-ssh-e6567cfab160
No comments:
Post a Comment