Can the docker machines created from one developer workstation using docker-machine commands, be managed from another workstation. I am not looking for a solution involving docker swarm, but just docker machine.
From my understanding when docker-machine creates the machine on a remote environment like AWS EC2, it creates keys and certs which are then used for TLS based communication to the machine going forward. Therefore, in theory if I copy those keys and certs to another developer machine I should be able to connect to that remote docker machine.
However, I would like to know if that is the expected method to accomplish what I am looking to do. IMO this will be a scenario most of the docker community might be facing since multiple team members will need to share and manage the same remote docker machine.
Any guidance in this matter would be really appreciated.
By using TLS based communication, docker is utilizing two-way SSL verification. In other words, not only does the client verify the server but also the other way round. By creating a docker machine with TLS enabled, you are becoming your own Certificate Authority (CA), and thus you are responsible for managing the SSL certificates. Docker machine does this behind the scenes, but I believe you can manually setup self-signed CA and repoint Docker to use the certs and keys you setup. Thus, instead of sharing a single certificate and key to all developer workstations, issue a unique certificate and private key for every developer signed by the CA private key. The only thing that has to be shared by everyone is the CA certificate, which is public.
The advantage of this is, you can revoke a certificate say once a developer leaves, although this is difficult with self-signed certificates, and it allows accountability where you can check who did what from the logs.
There's an external tool to import/export docker-machines: machine-share.
machine-export <machine-name>
>> exported to <machine-name>.zip
machine-import <machine-name>.zip
>> imported
As an aside, I believe Daniel's solution is superior, but requires a significant investment in tools/workflows. machine-export should be sufficient in 95% of the cases.
来源:https://stackoverflow.com/questions/30204313/managing-remote-docker-machines-from-multiple-development-machines