Support for remote Docker Host over SSH?

tomwillfixit · October 20, 2020, 8:16pm

Hi there,

I was testing out the remote docker host access introduced in version 0.1.3 (https://github.com/hashicorp/waypoint/pull/631) and tried to connect to a remote docker host using ssh just to see if it worked. Just mentioning here in case anyone else is trying this.

Deploy error :

» Deploying…
⠹ Checking Docker image cache for Image waypoint.local/example-python:latest
! unable to pull image from Docker registry: unable to list images in local Docker
cache: error during connect: Get
“http://ubuntu%!.(MISSING)64.22/v1.24/images/json?filter=waypoint.local%!F(MISSING)example-python%!A(MISSING)latest”:
dial tcp: lookup ubuntu@192.168.64.22: no such host

waypoint.hcl :

project = "example-python"

app "example-python" {
  labels = {
    "service" = "example-python",
    "env" = "dev"
  }

  build {
    use "docker" {}
  }

  deploy {
    use "docker" {
      client_config {
       host = "ssh://ubuntu@192.168.64.22"
    }
  }
}

}

Verified that the ssh config works : DOCKER_HOST=ssh://ubuntu@192.168.64.22 docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

nic · October 21, 2020, 1:16pm

Thanks Tom, I will have a look at this, I will need to find out how the SDK is implemented differently from the Docker client.

spoelstraethan · October 21, 2020, 5:00pm

The Docker CLI definitely uses a different communication mechanism than the Docker SDK packages for Go/Python/etc which use the HTTP API since that is more universal/consistent to access rather than tcp://dockerhost or unix://dockersocket etc.

Docker provides an API for interacting with the Docker daemon (called the Docker Engine API), as well as SDKs for Go and Python. The SDKs allow you to build and scale Docker apps and solutions quickly and easily. If Go or Python don’t work for you, you can use the Docker Engine API directly.

The Docker Engine API is a RESTful API accessed by an HTTP client such as wget or curl , or the HTTP library which is part of most modern programming languages.

It looks like setting the DOCKER_HOST or similar in the environment should allow the SDK to automatically detect how it should connect. If it can’t connect directly to the HTTP interface of the remote host then an SSH tunnel with port forwarding might be required which could be trickier.