Develop Reference

Containerized Jenkins: establish connection to docker cloud in internal network

I am trying to connect a mac to a raspberry running Jenkins, to start docker build slaves on the mac on demand. But I can't establish the connection in Jenkins' docker cloud configuration.
My setup is as follows:
raspberry pi at 192.168.2.111: Jenkins running in docker
mac mini at 192.168.2.220 using docker for mac: this should run docker containers as build slaves on demand via Jenkins docker plugin
The SSH connection from Jenkins to mac works. The mac agent is up and running.
Now I want to use the docker plugin for Jenkins and trying to configure the docker cloud.
As docker for mac does not run directly on the host machine (but on hyperkit), they say I should run socat to expose the Unix socket like this:
docker run -d -v /var/run/docker.sock:/var/run/docker.sock -p 127.0.0.1:2376:2375 alpine/socat TCP-LISTEN:2375,fork unix-connect:/var/run/docker.sock
The container is running:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
76a75c5249d7 alpine/socat "socat tcp-listen:23…" 19 seconds ago Up 17 seconds 127.0.0.1:2376->2375/tcp compassionate_feynman
Then on the Raspberry pi where the Jenkins container is running, I have also added
DOCKER_OPTS="-H tcp://127.0.0.1:2375 -H unix:///var/run/docker.sock"
at the end of the file /etc/default/docker as described here.
Then in Jenkins cloud config "docker", I set "Docker Host URI" to tcp://127.0.0.1:2376, and the Docker Hostname (The mac mini) to 192.168.2.220. Testing this setting failed.
All the tutorials I find seem to have Jenkins on the same host where the docker slaves will be run. I assume this is why the socat container is not enough in my case?
What is also interesting:
Running curl 127.0.0.1:2376/versionon the mac works (shows expected information), but running curl 192.168.2.220:2376/version from the raspberry does not work (Connection refused). Maybe this can help someone who knows more about networks...

Captain Obvious strikes back.
Just use the network IP instead of localhost when starting socat on the mac.
docker run -d -v /var/run/docker.sock:/var/run/docker.sock -p 192.168.2.220:2376:2375 alpine/socat TCP-LISTEN:2375,fork unix-connect:/var/run/docker.sock

docker-compose exposing ports on remote container

I run my docker-compose service remotely on another physical machine on my local network via -H=ssh://user#192.168.0.x.
I'm exposing ports using docker-compose:
ports:
- 8001:8001
However, when I start the service, the port 8001 is not exposed to my localhost. I can ssh into the machine running the container, and port 8001 is indeed listening there.
How do I instruct docker-compose to tunnel this port from the remote machine running the container, to my local docker client?

Docker doesn't have the ability to do this. But from your ssh client's point of view, the container is no different from any other program running on the remote host, and you can use the ssh -L option to forward a local port to the remote system.
# Tell ssh to forward local port 8001 to remote port 8001
ssh -L 8001:localhost:8001 user#192.168.0.x \
# Incidentally the remote port happens to be via a Docker container
docker run -p 127.0.0.1:8001:8001 ...
Whenever you set DOCKER_HOST or use the docker -H option, you're giving instructions to a remote Docker daemon which interprets them relative to itself. docker -H ... -v ... mounts a directory on the same system as the Docker daemon into a container; docker -H ... -p ... publishes a port on the same system as the Docker daemon. Docker has no ability to somehow take into account the content or network stack of the local system when doing this.
(The one exception is docker -H ... build, which actually creates a tar file of the local directory and sends it across the network to use as the build context, so you can have a remote Docker daemon build an image of a local source tree.)

Pycharm use Docker Container Python as Remote Interpreter

I am trying to use the python in a docker container on a remote machine as the interpreter in Pycharm. Since that is a mouthful, here is a diagram:
There is a Jupyter Notebook running in the container, which I am able to connect to through my local browser (although this is just for testing the connection). The command I am using to launch the Docker container is
docker run --runtime=nvidia -it --rm --shm-size=2g -v /home/timo/storage:/storage -v /etc/passwd:/etc/passwd -v /etc/group:/etc/group --ulimit memlock=-1 -p 8888:8888 -p 7722:22 --ipc=host latest:latest
I can forward the port 8888 which the Jupyter notebook is running on with ssh -L 8888:0.0.0.0:8888 BBB.BBB.BBB.BBB and thus use it on the local machine. But I don't much like using Jupyter for developing and would like to use the Python interpreter in the Docker Container in Pycharm.
When I select "Add Python Interpreter" in Pycharm, I get the following options:
The documentation for Pycharm suggests using the "Add Python Interpreter/Docker" tool which looks like this:
However the documentation doesn't say how to set up the Docker container and the connections if the Docker is on a remote machine.
So my questions are: should I use a Unix or a TCP socket to connect to my remote docker? Or should I somehow forward all the relevant ports from the container and use the "SSH Interpreter" option? And if so, how do I set this all up? Am I setting up my Docker Container properly in the first place?
I think I have trawled through every forum and online resource, over the last two days, but have not come any closer to getting this to work. I have also tried to get this to work in Spyder, but to no avail either. So any advice is very appreciated!
Many thanks!

Thank you for depicting the dilemma so poignantly and clearly in your cartoon :-). My colleague and I were trying to do something similar and what ultimately worked beautifully was creating an SSH config directly to the Docker container jumping from the remote machine, and then setting it as a remote SSH interpreter so that pycharm doesn't even realize it's a Docker container. It also works well for vscode.
set up ssh service in docker container (subset of steps in https://dev.to/s1ntaxe770r/how-to-setup-ssh-within-a-docker-container-i5i, port22 stuff wasn't needed)
docker exec -it <container> bash: create admin interactive prompt for docker
apt-get install openssh-server
service ssh start
confirm with service ssh status -> * sshd is running
determine IP and test SSHing from remote machine into container (adapted from https://phoenixnap.com/kb/how-to-ssh-into-docker-container, steps 2 and 3)
from normal command prompt on remote machine (not within container): docker inspect -f "{{ .NetworkSettings.IPAddress }}" <container> to get container IP
test: ping -c 3 <container_ip>
ssh: ssh <container_ip>; should drop you into the container as your user; however, requires container to be configured properly (docker run cmd has -v /etc/passwd:/etc/passwd:ro \ etc.). It may ask for a password. note: if you do this for a different container later that is assigned the same IP, you will get a warning and may need to delete the previous key from known_hosts; just follow the instructions in the warning.
test SSH from local machine
if you don't have it set up already, set up passwordless ssh key-based authentication to the remote machine with the docker container
make SSH command that uses your remote machine as a jump server to the container: ssh -J <remote_machine> <container_ip>, as described in https://wiki.gentoo.org/wiki/SSH_jump_host; if successful you should drop into the container just as you did from the remote machine
save this setup in your ~/.ssh/config; follow the ProxyJump Example from https://wiki.gentoo.org/wiki/SSH_jump_host
test config with ssh <container_host_name_defined_in_ssh_config>; should also drop you into interactive container
configure pycharm (or vscode or any IDE that accepts remote SSH interpreter)
Preferences -> Project -> Python Interpreter -> Add -> SSH Interpreter -> New server configuration
host: <container_host_name_defined_in_ssh_config>
port: 22
username: <username_on_remote_server>
select interpreter, can navigate using the folder icon, which will walk you through paths within the docker, or you can enter the result of which python from the container
follow pycharm prompts

Connect docker container

I´ve been looking in google but i cannot find any answer.
It is possible connect to a virtualbox docker container that I just start up. I have the IP of the virtual machine, but if I try to connect by SSH of course ask me for a password.
Regards.

see
https://github.com/BITPlan/docker-stackoverflowanswers/tree/master/33232371
to repeat steps.
On my Mac OS X machine
docker-machine env default
shows
export DOCKER_HOST="tcp://192.168.99.100:2376"
So i added an entry
192.168.99.100 docker
to my /etc/hosts
so that ping docker works.
As a Dockerfile i am using:
# Ubuntu image
FROM ubuntu:14.04
which I am building with
docker build -t bitplan/sshtest:0.0.1 .
and testing with
docker run -it bitplan/sshtest:0.0.1 /bin/bash
Now ssh docker will react with
The authenticity of host 'docker (192.168.99.100)' can't be established.
ECDSA key fingerprint is SHA256:osRuE6B8bCIGiL18uBBrtySH5+iGPkiHHiq5PZNfDmc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'docker,192.168.99.100' (ECDSA) to the list of known hosts.
wf#docker's password:
But here you are connecting to the docker machine not your image!
The ssh port is at port 22. You need to redirect it to another port and configure your image to support ssh to root or a valid user.
See e.g. https://docs.docker.com/examples/running_ssh_service/

Are you trying to connect to a running container or trying to connect to the virtualbox image running the docker daemon?
If the first, you cannot just SSH into a running container unless that container is running an ssh daemon. The easiest way to get a shell into a running container is with docker exec -ti <container name/id> /bin/sh. Do a docker ps to see running containers.
If the second, if your host was created with docker-machine then you can ssh into it with docker-machine ssh <machine name>. You can see all of you're running machines with docker-machine ls.
If this doesn't help can you clarify your question a little and provide details around how your creating your image and starting the container.

You can use ssh keys to access passwordless.
Here's some intro
https://wiki.archlinux.org/index.php/SSH_keys

Error when doing a docker ps

I have Docker installed and it runs fine, but when I have created a container and run it, I want to know the ID of the container, so I do a docker ps. But then I always get this message:
Get http:///var/run/docker.sock/v1.15/containers/json: dial unix /var/run/docker.sock: no such file or directory
What could be wrong here?

Make sure you export the docker environment variables:
where it says
after you run
boot2docker start
and it says:
To connect the Docker client to the Docker daemon, please set:
export DOCKER_CERT_PATH=/Users/jbielick/.boot2docker/certs/boot2docker-vm
export DOCKER_TLS_VERIFY=1
export DOCKER_HOST=tcp://192.168.59.103:2376
You need to export those variables. Check that they are empty with
echo $DOCKER_HOST
and if it's blank, docker can't talk to your VM.

make sure boot2docker is running:
$boot2docker start
make sure docker host variable is exposed:
# Will print boot2docker VM IP
boot2docker ip
The VM's Host only interface IP address is: 192.168.59.103
# Set docker host variable with value from previous command
export DOCKER_HOST tcp://192.168.59.103:2375
Check if the docker daemon is running on the boot2docker host
boot2docker ssh
ps aux | grep docker
/usr/local/bin/docker -d ....
If you are running on Linux make sure you are running as root user