Running docker commands on remote machine through ssh - docker

I have two machines:
Ubuntu workstation running docker
Macbook with Mac OS
I want to be able to run docker commands from MacOS through ssh on my Ubuntu workstation.
Docker works fine when running commands on Ubuntu.
SSH works fine (key based with entity saved).
I've tried creating a context:
docker context create ubuntu --docker "host=ssh://myuser#192.168.1.100"
docker context use ubuntu
docker run -it alpine sh
and I get:
docker: Cannot connect to the Docker daemon at http://docker. Is the docker daemon running?.
the same error I get when trying to:
docker -H ssh://myuser#192.168.1.100 run -it alpine sh
Nothing from the solutions I've found seems to be helping.
PS: 192.168.1.100 is only for the question. When running commands I use real IP, which is correct and not colliding with anything. Dirrect SSH is working perfectly.

For your case you can use docker-machine:
Install:
base=https://github.com/docker/machine/releases/download/v0.16.0 &&
curl -L $base/docker-machine-$(uname -s)-$(uname -m) >/tmp/docker-machine &&
sudo mv /tmp/docker-machine /usr/local/bin/docker-machine &&
chmod +x /usr/local/bin/docker-machine
Run/create:
docker-machine create \
--driver generic \
--generic-ip-address=put_here_ip_of_remote_docker \
--generic-ssh-key ~/.ssh/id_rsa \
vm_123
Check:
docker-machine ls
docker-machine ip vm_123
docker-machine inspect vm_123
Use:
docker-machine ssh vm_123
docker run -it alpine sh
exit
exit
eval $(docker-machine env -u)
Extra tips:
Also you can make vm_123 as the active docker machine via this command:
eval $(docker-machine env vm_123)
docker run -it alpine sh
exit
eval $(docker-machine env -u)
and unset docker machine vm_123 as active via this command:
eval $(docker-machine env -u)
https://docs.docker.com/machine/drivers/generic/
https://docs.docker.com/machine/examples/aws/
https://docs.docker.com/machine/install-machine/
https://docs.docker.com/machine/reference/ssh/

Is you sure that ip on your Ubuntu is 192.168.1.1 ?
Because I think that its your router ip :)
Can you post ip a from your Ubuntu, please ?

Related

Access host iptables and ufw from privileged Docker container

I would like to access iptables, ufw and reboot running on host OS (Snappy Ubuntu Core 18.04) from Docker container (running on the same host).
What volumes or Docker container parameters are required to make this possible? Container can be run with root user and privileged access.
I´m totally aware of the security implications here, but security is not a concern in this context.
Using SSH
You can run the container with --net=host option, then it's possible to connect to the host from the container using ssh.
in the host mode, connecting to the port 22 on the host from the container is possible.
Without SSH
if you don't want to use ssh, one way is explained in this post. You need to run the container with --privileged and --pid=host and then use nsenter command. Using this command you get an interactive shell form the host. You can also only run desired command.
$ sudo docker run --privileged --pid=host -it alpine:3.8 \
nsenter -t 1 -m -u -n -i sh
$ sudo docker run --privileged --pid=host -it alpine:3.8 \
nsenter -t 1 -m -u -n | sudo iptables -S
note that if you are using MacOS or Windows, the docker is running in a hypervisor, so using this, you would be in the shell of the hypervisor.

Start ssh using systemctl inside the docker container

I' m a beginner in the Docker;
I have pulled a CentOS 7 image from Hub and ran it ;
I need to ssh in to the docker container(CentOS 7) from my host.
Got the docker container's IP using docker inspect container-id
I have installed the following using
initscripts
systemd.x86_64
systemd-libs.x86_64
open-ssh
firewalld
net-tools
when i tried to start the firewall to open the port for ssh(22)
[root#a6f3e3eb095c ~]# systemctl start firewall
Failed to get D-Bus connection: Operation not permitted
Also tried,
[root#a6f3e3eb095c ~]# /usr/lib/systemd/systemd --system &
[1] 353
[root#a6f3e3eb095c ~]# systemd 219 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN)
Detected virtualization xen.
Detected architecture x86-64.
Welcome to CentOS Linux 7 (Core)!
Set hostname to <a6f3e3eb095c>.
Cannot determine cgroup we are running in: No such file or directory
Failed to allocate manager object: No such file or directory
[1]+ Exit 1 /usr/lib/systemd/systemd --system
How to start the firewall/ssh inside the docker container ?
inside docker container run following commands :
yum update -y glibc-common
yum install -y sudo passwd openssh-server openssh-clients tar screen crontabs strace telnet perl libpcap bc patch ntp dnsmasq unzip pax which
rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum install -y hiera lsyncd sshpass rng-tools
service sshd start;
sed -i 's/UsePAM yes/#UsePAM yes/g' /etc/ssh/sshd_config;
sed -i 's/#UsePAM no/UsePAM no/g' /etc/ssh/sshd_config;
sed -i 's/#PermitRootLogin yes/PermitRootLogin yes/' /etc/ssh/sshd_config;
sed -i 's/enabled=0/enabled=1/' /etc/yum.repos.d/CentOS-Base.repo
mkdir -p /root/.ssh/;
rm -f /var/lib/rpm/.rpm.lock;
echo "StrictHostKeyChecking=no" > /root/.ssh/config;
echo "UserKnownHostsFile=/dev/null" >> /root/.ssh/config
echo "root:password" | chpasswd
( or )
Simply you can pull docker image of centos with ssh in docker hub
https://hub.docker.com/search/?isAutomated=0&isOfficial=0&page=1&pullCount=0&q=centos+ssh&starCount=0
https://hub.docker.com/r/kinogmt/centos-ssh/
https://hub.docker.com/r/jdeathe/centos-ssh/
You can avoid the "Failed to get D-Bus connection: Operation not permitted" / aka installing systemd inside a docker by using the https://github.com/gdraheim/docker-systemctl-replacement ... after that the docker-exec stuff should be all fine to do things inside a container.
If you really do need an ssh or sftp container, then you can use my Docker Image as a source image for your own or run it directly:
If using the official CentOS-7 Image and you require systemd, there are instructions on how to enable it under the section "Systemd integration".
However, based on the following:
I need to ssh in to the docker container(CentOS 7) from my host.
You can use docker exec to run commands in a running, (backgrounded), container so, for images that have bash available, you can access an interactive tty and run bash as follows from your host - where container can be either the name or id:
docker exec --tty --interactive <container> bash
OR
docker exec -ti <container> bash
Finally, it's unlikely to be necessary to install the firewall package in your image as the operator will decide what ports to publish from those which are exposed and you can make use of Docker Networking to only expose the necessary public facing services.
If you are using the Docker CLI, then you can get into the Docker container using the following command
docker exec -it containerId bash
I am not sure how to ssh into the docker container, but if you want to do basic operation inside the Docker container, you can make use of the above docker command.

Can't connect to docker daemon

I installed docker and docker-compose on my ec2 instance. I have also started docker but when I try docker-compose I get an error:
[ec2-user#ip-172-31-16-150 ~]$ sudo service docker start
[ec2-user#ip-172-31-16-150 ~]$ docker --version
Docker version 1.9.1, build a34a1d5/1.9.1
[ec2-user#ip-172-31-16-150 ~]$ docker-compose --version
docker-compose version: 1.4.2
[ec2-user#ip-172-31-16-150 ~]$ docker-compose -p docker -f my-compose.yml up -d
Couldn't connect to Docker daemon at http+docker://localunixsocket - is it running?
If it's at a non-standard location, specify the URL with the DOCKER_HOST environment variable.
[ec2-user#ip-172-31-16-150 ~]$ sudo docker-compose -p docker -f my-compose.yml up -d
sudo: docker-compose: command not found
[ec2-user#ip-172-31-16-150 ~]$ echo $DOCKER_HOST
I've tried the command with sudo as well but it doesn't recognize docker-compose as a command
I have not set any DOCKER_HOST environment variable. I am not sure if I need to..
You'll need to run the actually command with sudo:
sudo docker-compose -p docker -f my-compose.yml up -d
Docker runs as root on your Linux system, so all the interactions with the running daemon need to be as root. You can run the commands as a user, but you're not interacting with the running system!
You can install docker-compose on Amazon Linux with:
curl -L https://github.com/docker/compose/releases/download/1.4.0/docker-compose-`uname -s`-`uname -m` | sudo tee /usr/local/bin/docker-compose > /dev/null
sudo chmod +x /usr/local/bin/docker-compose

docker inside docker container

I want to install docker inside a running docker container.
docker run -it centos:centos7
My base container is using centos, I can login to running container using docker exec. But when I try to install docker inside it using yum install -y docker it installs.
But somehow I can't start the docker service with docker -d &, it gives me error as:
INFO[0000] Option DefaultNetwork: bridge
WARN[0000] Running modprobe bridge nf_nat br_netfilter failed with message: , error: exit status 1
FATA[0000] Error starting daemon: Error initializing network controller: Error initializing bridge driver: Setup IP forwarding failed: open /proc/sys/net/ipv4/ip_forward: read-only file system
Is there a way I can install docker inside docker container or build image already having running docker? I have already seen these examples but none works for me.
The output of uname -r on the host machine:
[fedora# ~]$ uname -r
4.2.6-200.fc22.x86_64
Any help would be appreciated.
Thanks in advance
Update
Thanks to https://stackoverflow.com/a/38016704/372019 I want to show another approach.
Instead of mounting the host's docker binary, you should copy or install a container specific release of the docker binary. Since you're only using it in a client mode, you won't need to install it as a system service. You still need to mount the Docker socket into the container so that you can easily communicate with the host's Docker engine.
Assuming that you got a base image with a working Docker binary (e.g. the official docker image), the example now looks like this:
docker run\
-v /var/run/docker.sock:/var/run/docker.sock\
docker:1.12 docker info
Without actually answering your question I'd suggest you to read Using Docker-in-Docker for your CI or testing environment? Think twice.
It explains why running docker-in-docker should be replaced with a setup where Docker containers run as siblings of the "outer" or "base" container. The article also links to the original https://github.com/jpetazzo/dind project where you can find working examples how to run Docker in Docker - in case you still want to have docker-in-docker.
An example how to enable a container to access the host's Docker daemon look like this:
docker run\
-v /var/run/docker.sock:/var/run/docker.sock\
-v /usr/bin/docker:/usr/bin/docker\
busybox:latest /usr/bin/docker info
If you are on Mac with Docker toolbox.
The below command WON’T WORK
docker run\
-v /var/run/docker.sock:/var/run/docker.sock\
-v /usr/bin/docker:/usr/bin/docker\
busybox:latest /usr/bin/docker info
Because /var/run/docker.sock will not be on your OSX filesystem
the Docker daemon is running inside the boot2docker VM - and that's where the unix socket is.
So you have to run the container from boot2docker VM
$ docker-machine ssh default
$ docker run\
-v /var/run/docker.sock:/var/run/docker.sock\
-v $(which docker):/usr/bin/docker\
busybox:latest /usr/bin/docker info
$ exit
This looks like Docker-in-Docker, feels like Docker-in-Docker, but it’s not Docker-in-Docker, when this container will create more containers, those containers will be created in the top-level Docker.
You need the --privileged parameter.
By default, Docker containers are “unprivileged” and cannot, for
example, run a Docker daemon inside a Docker container.
Source
Run your base image with the command docker run --privileged -it centos:centos7 bash. Then you may install and run another docker container inside that container.
I`ve a similar problems in my vms.
I`ve solve the problem with change the storage file system from image to vfs(in daemon.json file)
like the image bellow
For image works first create a base image, in my case with centos7
FROM centos:7
ENV container docker
RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == \
systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*;\
rm -f /etc/systemd/system/*.wants/*;\
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*;\
rm -f /lib/systemd/system/anaconda.target.wants/*;
VOLUME [ "/sys/fs/cgroup" ]
CMD ["/usr/sbin/init"]
with this image builded (in my case i called local/c7-systemd) create a second image, installing docker and moving daemon.json to inside.
FROM local/c7-systemd
RUN yum install -y yum-utils
RUN yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
RUN yum install -y docker-ce docker-ce-cli containerd.io
RUN curl -L "https://github.com/docker/compose/releases/download/1.28.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
RUN chmod +x /usr/local/bin/docker-compose
RUN ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
COPY daemon.json /etc/docker/daemon.json
RUN yum install -y nano
RUN systemctl enable docker
EXPOSE 80
EXPOSE 8080
EXPOSE 8161
EXPOSE 6379
EXPOSE 8761
CMD ["/usr/sbin/init"]
enjoy!

Virtualbox inside Docker

I'm trying to get VirtualBox to run inside of Docker. I'm using this: https://registry.hub.docker.com/u/jess/virtualbox/dockerfile/.
When I run the command:
sudo docker run -d \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-e DISPLAY=unix$DISPLAY \
--privileged \
--name virtualbox \
jess/virtualbox
It adds virtualbox inside a container. When I run sudo docker start container_id, it echoes back the container_id but doesn't add it to the running containers. I check with sudo docker ps and it is not there; however, it is there with sudo docker ps -a.
What am I doing wrong? I get no errors either.
EDIT: I'm running Docker in Ubuntu 15.04 (Not inside VirtualBox)
You have to let docker to connect to your local X server. There are different ways to do this. One straight way is running xhost +local:docker before running your container (i.e.: before docker run).

Resources