`docker run` on a remote host
is it possible (using the docker command or the docker-py API directly) to start a container from a remote host?
Lets assume I have two mac
-
Check if the latest docker 18.09 includes that feature.
See docker/cli PR 1014Added support for SSH connection. e.g.
docker -H ssh://me@server- The cli should accept
ssh://me@serverforDOCKER_HOSTand-H. Using that would execute ssh with the passed config. - The ssh command would call a hidden command on the docker CLI binary on the remote side. For example, docker dial-stdio.
This command will make a connection to the local
DOCKER_HOSTvariable (almost always the default local socket) and forward that connection on the commands stdio.
Even though this command is supposed to run locally to thedockerdbinary, we think that it is an invalid configuration for this feature to remove the localdockerbinary so we can rely on it always being present.How to verify it
docker -H ssh://me@server run -it --rm busyboxThe reaction so far:
From ops and sysadmins everywhere, we thank you for this fantastic and unexpected feature.
I'm hoping this will seriously cut down the number of times I see people openingdockerdTCP w/o TLS and just opt for SSH endpoints for remote mgmt.讨论(0) - The cli should accept
-
This article explains the concept very well: https://docs.docker.com/engine/reference/commandline/dockerd/#bind-docker-to-another-hostport-or-a-unix-socket
Considering the huge warning on the page, I suggest you resort to using a secure connection via SSH ie.
ssh user@host 'docker run hello-from-B'Warning: Changing the default docker daemon binding to a TCP port or Unix docker user group will increase your security risks by allowing non-root users to gain root access on the host. Make sure you control access to docker. If you are binding to a TCP port, anyone with access to that port has full Docker access; so it is not advisable on an open network.
With -H it is possible to make the Docker daemon to listen on a specific IP and port. By default, it will listen on
unix:///var/run/docker.sockto allow only local connections by the root user. You could set it to0.0.0.0:2375or a specific host IP to give access to everybody, but that is not recommended because then it is trivial for someone to gain root access to the host where the daemon is running.Similarly, the Docker client can use
-Hto connect to a custom port. The Docker client will default to connecting tounix:///var/run/docker.sockon Linux, andtcp://127.0.0.1:2376on Windows.-H accepts host and port assignment in the following format:
tcp://[host]:[port][path] or unix://path
You can use multiple -H, for example, if you want to listen on both TCP and a Unix socket
# Run docker in daemon mode $ sudo <path to>/dockerd -H tcp://127.0.0.1:2375 -H unix:///var/run/docker.sock & # Download an ubuntu image, use default Unix socket $ docker pull ubuntu # OR use the TCP port $ docker -H tcp://127.0.0.1:2375 pull ubuntu讨论(0) -
As you said the connectivity is available between the servers, you can make use of Docker rich APIs.
There are 2 ways in configuring the docker daemon port
1) Configuring at /etc/default/docker file:
DOCKER_OPTS="-H tcp://127.0.0.1:5000 -H unix:///var/run/docker.sock"2) Configuring at /etc/docker/daemon.json:
{ "hosts": ["tcp://127.0.0.1:5000", "unix:///var/run/docker.sock"] }For more details on configuring docker daemon port, refer configure-docker-daemon-port
Once the Docker ports are configured, you can access the Docker APIs in the remote host.
JSON input file:
#cat container_create.json { "AttachStdin": true, "AttachStdout": true, "AttachStderr": true, "ExposedPorts": { "property1": {}, "property2": {} }, "Tty": true, "OpenStdin": true, "StdinOnce": true, "Cmd": null, "Image": "ubuntu:14.04", "Volumes": { "additionalProperties": {} }, "Labels": { "property1": "string", "property2": "string" } }API to create a container:
curl -X POST http://192.168.56.101:6000/containers/create -d @container_create.json --header "Content-Type: application/json" | jq . % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 602 100 90 100 512 1737 9883 --:--:-- --:--:-- --:--:-- 10039 { "Warnings": null, "Id": "f5d3273e48350d606bd8b9d2a5bd876dc5c2d1a73183f876a1dd56473cad8940" }The ID generated is the container ID and status will not be active/running.
API for starting the created container.
# curl -X POST http://192.168.56.101:6000/containers/f5d3273e48350/start | jq . % Total % Received % Xferd Average Speed Time Time Time CurrentAPI to check the status/inspect the container:
# curl -X GET http://192.168.56.101:6000/containers/f5d3273e48350/json | jq . % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 4076 0 4076 0 0 278k 0 --:--:-- --:--:-- --:--:-- 306k { "NetworkSettings": { "Networks": { "bridge": { "MacAddress": "02:42:ac:11:00:03", "GlobalIPv6PrefixLen": 0, "GlobalIPv6Address": "", "IPv6Gateway": "", "IPAMConfig": null, "Links": null, "Aliases": null, "NetworkID": "689d6b65ce1b06c93b2c70f41760a3e7fb2b50697d71cd9c1f39c64c865e5fa6", "EndpointID": "76bf1f8638d1ff0387e6c3fe89e8ccab1670c709ad550f9acc6f46e559654bee", "Gateway": "172.17.0.1", "IPAddress": "172.17.0.3", "IPPrefixLen": 16 } }, "MacAddress": "02:42:ac:11:00:03", "SecondaryIPAddresses": null, "SandboxKey": "/var/run/docker/netns/24a031d9dfda", "Ports": { "0/tcp": null }, "LinkLocalIPv6PrefixLen": 0, "LinkLocalIPv6Address": "", "HairpinMode": false, "SandboxID": "24a031d9dfda70026a875f4841269c5e790b12ccafcc11869111faa240020b99", "Bridge": "", "SecondaryIPv6Addresses": null, "EndpointID": "76bf1f8638d1ff0387e6c3fe89e8ccab1670c709ad550f9acc6f46e559654bee", "Gateway": "172.17.0.1", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "IPAddress": "172.17.0.3", "IPPrefixLen": 16, "IPv6Gateway": "" }, }, "AttachStderr": true, "AttachStdout": true, "AttachStdin": true, "User": "", "Domainname": "", "Hostname": "f5d3273e4835", "OpenStdin": true, "StdinOnce": true, "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], "Cmd": [ "/bin/bash" ], "ArgsEscaped": true, "Image": "ubuntu:14.04", <*************REMOVING THE OUTPUT CONTENT********> "ExecIDs": null, "HostnamePath": "/var/lib/docker/containers/f5d3273e48350d606bd8b9d2a5bd876dc5c2d1a73183f876a1dd56473cad8940/hostname", "ResolvConfPath": "/var/lib/docker/containers/f5d3273e48350d606bd8b9d2a5bd876dc5c2d1a73183f876a1dd56473cad8940/resolv.conf", "Image": "sha256:132b7427a3b40f958aaeae8716e0cbb2177658d2410554ed142e583ef522309f", "State": { "FinishedAt": "0001-01-01T00:00:00Z", "StartedAt": "2017-06-09T06:53:45.120357144Z", "Error": "", "Status": "running", "Running": true, "Paused": false, "Restarting": false, "Path": "/bin/bash", "Created": "2017-06-09T06:52:51.820429355Z", "Id": "f5d3273e48350d606bd8b9d2a5bd876dc5c2d1a73183f876a1dd56473cad8940", "HostsPath": "/var/lib/docker/containers/f5d3273e48350d606bd8b9d2a5bd876dc5c2d1a73183f876a1dd56473cad8940/hosts", "LogPath": "/var/lib/docker/containers/f5d3273e48350d606bd8b9d2a5bd876dc5c2d1a73183f876a1dd56473cad8940/f5d3273e48350d606bd8b9d2a5bd876dc5c2d1a73183f876a1dd56473cad8940-json.log", "Name": "/objective_bartik", "RestartCount": 0, "Driver": "aufs", "MountLabel": "", "ProcessLabel": "", "AppArmorProfile": "docker-default" }Refer this for more info:
DOCKER APIs
How to build an Image using Docker API?
How to commit Docker Container using API
Hope this info will he helpful.
讨论(0) -
if your targeted machine B could be created on one of these platform then I guess docker-machine would serve your needs. you would create your machine using
docker-machine create --driver <..driver setup..> MACHINE_Bthen you activate it usingeval $(docker-machine env MACHINE_B).docker-machine env MACHINE_Bwill print out some export statements:export DOCKER_TLS_VERIFY="1" export DOCKER_HOST="tcp://...." export DOCKER_CERT_PATH="/..." export DOCKER_MACHINE_NAME="MACHINE_B"once your machine is active, you can use the
dockercommand as you would locally to act remotely on MACHINE_B.讨论(0)
加载中...
- 热议问题