I want to work in a container in a remote server.
But it doesn't work.
Environment:
Local: Windows 10
Local Terminal for ssh: WSL in Windows 10
Server: Ubuntu 18.04
I checked these two articles.
https://code.visualstudio.com/docs/remote/containers-advanced
https://code.visualstudio.com/docs/containers/ssh
I followed these steps.
I installed [Remote Development] extension in VS Code.
Remote-SSH: Connect to host. It works fine.
I Installed [Docker] extension on the remoter server.
Now I can see my containers and images in a docker tab.
I clicked one container and clicked [Attach Visual Studio Code] and it says There are no running containers to attach to.
I resolved this problem by switching to the remote server's Docker context on my local machine:
docker context create some-context-label --docker "host=ssh://user#remote_server_ip"
docker context use some-context-label
docker ps
# A list of remote containers on my local machine! It works!
After that:
Connect via Remote-SSH to the container server
Right click relevant container -> the "Attach Visual Studio Code"
That works for me.
(Note: One would think that I should be able to just use my local VSCode (skip step 1) to connect to said remote container after switching my local context, but VSCode complains Failed to connect. Is docker running? in the Docker control pane.)
I solve this issue using SSH tunneling following the steps found in https://florian-kriegel.de/blog/?p=234
Summarizing:
Set (or add) "docker.host": "tcp://localhost:23750" in settings.json
in VSCode.
Open a SSH tunnel like this in your local machine
changing the user and hostname by the remote machine (where the docker daemon is running) credentials:
ssh -NL localhost:23750:/var/run/docker.sock user#hostname.
Now, in the docker tab, you will be able to see and attach to containers in the remote machine.
Note that the Remote SSH Extension is not used in this case.
This might sound very strange, but for me, I had to open a folder on the remote SSH server prior to using the Remote Containers extension in VS Code. If I didn't do that, then it would constantly try to find the docker service running locally, even though the terminal tab was connected to the remote SSH server.
This seems very weird, because if you're conncted via SSH in VS Code, then the extension should assume you're trying to attach to the container on the remote server. Shouldn't have to open a remote folder first.
By "opening a folder" on the remote server, the Remote Containers extension was then able to attach VS code to the container running on the remote SSH server. I didn't have to do any of the steps in any of those articles. Just simply use Remote SSH to connect VS Code remotely via SSH, open a folder, and then use Remote Containers.
Solution using the "Remote SSH" and the "Remote Explorer" extension in Visual Studio Code.
Following the steps above (https://stackoverflow.com/a/61728799/11687201) I figured out how to make use of the SSH Remote and Remote Explorer Extension. The first step is the same as above:
Open the settings.json file in VSCode, press F1 and select ">Preferences: Open Settings (JSON)" and add/edit the following line:"docker.host": "tcp://localhost:23750"
Open the ssh config file, click on the "Remote Explorer" Extension, then click on the "SSH Targets" "Configure" button and open the ssh config file.
Add the following line to your ssh connection:
LocalForward localhost:23750 /var/run/docker.sock
Remark: Previously I used the solution described earlier in this thread (https://stackoverflow.com/a/61728799/11687201). I had to reboot both machines the local machine and remote machine before the solution described below worked out.
Afterwards I have to use multiple VSCode Windows:
Local Machine: Start VSCode and use the "Remote Explorer" to connect to the remote machine using a new VSCode window
VSCode window connected to remote (SSH)
→ startup the Docker container of your choice
(I was not able to "Attach Visual Studio Code" from this VSCode window)
VSCode window connected to local machine
→ Click on the "Docker" extension, the docker containers running on the remote get listed. Attach VSCode to a running container using one of the folling options:
Right-click on the desired container and chose "Attach Visual Studio Code"
Press F1 and chose">Remote-Containers: Attach to Running Container..." and select the container of your choice afterwards
A third VSCode window will open being attached to the Docker container.
Pros and cons of this solution
(+) Using the "Remote Explorer" extension I can directly connect and open a previously used project folder on my remote machine with one click
(-) 3 VSCode windows (local machine, remote ssh and remote container) are needed instead of 2 VSCode windows
Do you see the error message as of following?
Failed to connect. Is Docker running?
Error: connect EACCES /var/run/docker.sock
Error Message on VSCode
It's because VSCode uses /var/run/docker.sock of remote host to communicate with the Docker service.
There're two methods.
Method 1. (Secure, Need reboot or logging out) After executing following code of dockerode npm getting error "connect EACCES /var/run/docker.sock" on ubuntu 14.04
Method 2. (Instant effect. Use it if you're not dealing with production server)
Run the following command on SSH console.
sudo chmod o+rw /var/run/docker.sock
For some reason, this problem is fixed for me when I open a folder in the remote window before trying to attach to a container.
I found Daniel's answer really helpful but didn't work for me. I put my two cents.
TL;DR
Create a new docker context for the remote machine where remote container is running.
docker context create some-context-label --docker "host=ssh://user#remote_server_ip"
docker context use some-context-label
Just open VSC, go to Docker (you should have installed the extension) tab and you'll see listed all running containers from the remote context you recently created.
Right click on your desired container and attach visual studio code
You can also use the remote-explorer tab, just select containers from the dropdown at the top left.
Why not to ssh remote host
When attaching visual studio code to a container, you can check logs by clicking the notification Setting up Remote-Containers (show log) at the bottom left. There, you can check that:
...
[26154 ms] Start: Run: ssh some-remote-host /bin/sh
[26160 ms] Start: Run in host: id -un
Here, my guess is that it's trying to ssh to the remote host from itself ,since we already connected via remote-ssh.
If you can reach the remote node running Docker engine via SSH why you need yet another SSH server inside the container? From the host running your container, it is possible and safe to use tty, i.e. attach.
I don't think that this is not a good idea to use SSHD running inside the container although it is possible. To be useful SSHD has to listen to non-conflict port in every container. Otherwise, 2 containers occasionally exposing the same port on the same node will conflict like any other service running on same the node.
Of course, ports can be randomized using -P option but it is not so convenient. It is also less convenient to manage keys and users at the container level than at host level where all machinery is provided by the Host software.
Loading every container with SSHD increases the container size. In Kubernetes, every container is reachable without any SSHD running inside containers via pass Pod->Container because Pod, has IP and containers are attachable by id, i.e. "Docker-host->container"
Step 1 - Docker daemon on the remote machine
make sure your remote Docker daemon can accept connections from your host
for testing purposes, I use the following command on the remote
machine to force Docker daemon to listen on port 4243 on all IPs,
beware this is not secure
There is no support for reading a file from /etc/sysconfig or elsewhere to modify the command line. Fortunately, systemd gives us the tools we need to change this behavior.
The simplest solution is probably to create the file /etc/systemd/system/docker.service.d/docker-external.conf (the exact filename doesn't matter; it just needs to end with .conf) with the following contents:
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:4243 -H unix:///var/run/docker.sock
And then:
systemctl daemon-reload
systemctl restart docker
Step 3 - Opening Docker Ports Using FirewallD
firewall-cmd --permanent --zone=public --change-interface=docker0
firewall-cmd --permanent --zone=public --add-port=4243/tcp
firewall-cmd --reload
Step 4 - Set (or add) "docker.host": "tcp://localhost:4243" in settings.json in VSCode.
Related
On my office desktop machine, I'm running a docker container that accesses the GPU. Now, since I'm working from home, I'm connected through ssh to my office desktop computer in vs code via remote ssh plugin which works really well. However, I would like to further connect via remote containers to that running container in order to be able to debug the code I'm running in that container. Failed to get this done yet.
Anyone has any idea if this is possible at all and in case any idea how to get this done?
Install and activate ssh server in a container.
Expose ssh port via docker
create user with home directory and password in container
(install remote ssh extension for vs code and) setup ssh connection within the remote extension in vs code and add config entry:
Host <host>-docker
Hostname your.host.name
User userIdContainer
Port exposedSshPortInContainer
Connect in vs code.
Note: Answer provided by OP on question section.
I am running a cuda enabled docker container inside wsl2 and when i try to use VSCode to run scripts inside it i cannot connect to it. The message in the docker plugin window is:
Error: connect EACCESS /var/run/docker.sock
I added the default user in the wsl to the docker group. I double-checked and i know for sure that i can run docker as a user. How do I elevate the VSCode privillages to make it able to access the docker inside the wsl image?
Btw. I cannot use docker desktop because it does not allow to use the gpu inside the container.
UPDATE
So with the set of plugins locally:Docker, Remote - WSL, Remote - Containers, Remote SSH, Remote Development, Remote SSH - editing configuration files
in the WSL: Docker Explorer, Docker, Docker Extension Pack
I am able to log from VSCode directly to the console and perform other basic operations (starting containers etc). Attaching VSCode is still impossible as for now. At least the menu option under RMB throws an error
What are the dependencies and steps to connect to a remote docker container from VSCode? So I can properly compile and run the code with the tools in my container environment?
I have tried to follow the instructions here without much luck:
https://code.visualstudio.com/docs/remote/containers-advanced#_developing-inside-a-container-on-a-remote-docker-host
My setup involves:
Host with VSCode, no docker installed, ssh client installed, ssh keys are in place
Server with VSCode, docker installed, ssh client and server installed
Docker container already running on Server
Host can connect to Server, through VSCode using the Remote Development Version: 0.17.0 extension, through Remote - SSH Version: 0.47.2 extension
Version: 0.47.2
Server can connect to Docker container, through VSCode using the Remote Development Version: 0.17.0 extension, through Remote - Containers Version: 0.83.1 extension.
How do I connect Host to a Running Docker container?
UPDATE 1
Small advance
I have added this line to my ~/.config/Code/User/settings.json file. The option gets highlighed with a message unknown configuration setting
{
...
"docker.host":"tcp://localhost:23750",
...
}
Run this command in another terminal:
ssh -N -L localhost:23750:/var/run/docker.sock <user>#<serveraddr>
And now I can see the running containers in Remote explorer > Containers > Other Containers. However, when trying to connect to it, I get the following error message.
Setting up container with bc1700db049858ba20f1c830bbeff6d6a4e04de58a2b35a61df1016788bc07db
Docker returned an error code 127, signal null, message: Command failed: docker system info
/bin/sh: docker: command not found
So, it appears that docker must be installed on the host machine to prevent the last mentioned error.
Note: docker service does not need to be running in the host (systemctl disable docker)
With this in mind, these are the steps.
Host:
Install docker and ssh client
Add your user to docker group
Install VSCode
Configure Server
(After server config below): edit ~/.config/Code/User/settings.json with
"docker.host":"tcp://localhost:23750",
Configure your ssh keys for the Server
(After every reboot run on terminal: ssh -N -L localhost:23750:/var/run/docker.sock <user>#<serveraddr>)
Run VSCode and install Remote Development extension. Restart VSCode
Now you should see your running containers in VSCode Remote explorer > Containers > Other Containers
Server:
Install docker and ssh server
Install VSCode (this may not be a requirement on the server)
Add your user to docker group and start your container
I realize this was already answered, but I stumbled across this while trying to set this up myself today. I found an additional issue I had appeared to be that my local SSH key had not been added to the agent. I was following the instructions here.
I am running Windows 10 Version 1909 Build 18363.1082.
After doing an ssh-add $Env:USERPROFILE\.ssh\id_rsa and restarting the ssh-agent, I was able to connect to the remote container without having to employ the ssh tunneling method you show above.
I'm trying to access the contents of remote docker containers on a linux server from my windows machine by forwarding the remote docker socket over SSH. However, the localhost port I am forwarding it to just gives me {"message":"page not found"}, and the remote docker containers are not detected.
Ideally, I want to access the contents of the remote containers in VSCode. I've been following their walkthrough (https://code.visualstudio.com/docs/remote/containers-advanced#_option-2-connect-using-an-ssh-tunnel) on how to connect to a remote docker container. Per their walkthrough, I've also made sure to set "AllowStreamLocalForwarding yes" on the server's sshd_config
C:\Users\me> ssh -nNT -L localhost:23750:/var/run/docker.sock user#remote_server
goto http://localhost:23750/:
{"message":"page not found"}
Following the VSCode instructions:
In settings,
"docker.host":"tcp://localhost:23750"
however, clicking "Remote-Containers: Attach to a Running Container" only lists my local containers, to the server ones
I've not gotten any error messages from following these steps; however, I still don't have any access to the remote docker containers
Solved - I was entering the docker.host setting wrong on vscode
(I had entered
"docker.host":""tcp://localhost:23750""
instead of
"docker.host":"tcp://localhost:23750"
)
Sorry for spam
I'm trying to access Docker remote API from within a container because I need to start other containers.
The host address is 172.19.0.1, so I'm using http://172.19.0.1:2375/images/json to get the list of images (from host, http://localhost:2375/images/json works as expected.
The connection is refused, I guess because Docker (for Windows) listens on 127.0.0.1 and not on 0.0.0.0.
I've tried to change configuration (both from UI and daemon.json) adding the entry:
"hosts": ["tcp://0.0.0.0:2375"]
but the daemon fails to start. How can I access the api?
You can set DOCKER_OPTS in windows as below and try. In Windows, Docker runs inside a VM. So, you have to ssh into the VM and make the changes.
DOCKER_OPTS='-H tcp://0.0.0.0:4243 -H unix:///var/run/docker.sock'
Check if it works for you.
Update :- To ssh into the VM (assuming default is the VM name you have created using Docker toolbox), enter the following command in the Docker Quickstart Terminal,
docker-machine ssh default
You can find more details here.
You could link the host's /var/run/docker.sock within the container where you need it. This way, you don't expose the Docker Remote API via an open port.
Be aware that it does provide root-like access to docker.
-v /var/run/docker.sock:/var/run/docker.sock
You should use "tcp://host.docker.internal:2375" to connect to host machine from container. Please make sure that you can ping the "host.docker.internal" address
https://github.com/docker/for-win/issues/1976