Docker Community Forums

Share and learn in the Docker community.

Adding a docker-machine pointing to the docker-engine created by Docker.app


(Hugues Alary) #1

Hi there,

I have an internal tool that make an intensive use of docker-machine.

You basically create docker-machines with the docker-machine command line, my tool then automatically connects to the docker-engine running inside the docker-machines you created.

I currently have a few docker-machines listed by docker-machine ls. I would like to add the docker-engine created by the Docker.app to the list of my docker-machines so that my internal tool can connect to the docker-engine.

I haven’t been able to find how to connect to the docker-engine provided by the Docker.app and as such cna’t add it to my docker-machines.

Is it possible to do that?

Thanks!
-Hugues


(Hugues Alary) #2

Answering my own question, I finally realized that there is a socket in /var/run/docker.sock

Running docker-machine create -d none --url=unix:///var/run/docker.sock mac did the trick. My tool can now use the Docker.app docker-engine.


(Vitaly Kushner) #3

interesting. When I’m trying this it doesn’t really work. create succeeds but docker fails to talk to the daemon:

✗ docker-machine create -d none --url=unix:///var/run/docker.sock localbox
Running pre-create checks...
Creating machine...
To see how to connect your Docker Client to the Docker Engine running on this virtual machine, run: docker-machine env localbox

✗ docker-machine ls
...
localbox   -        none           Running   unix:///var/run/docker.sock           Unknown   Unable to query docker version: Unable to read TLS config: open /Users/vitaly/.docker/machine/machines/localbox/server.pem: no such file or directory

✗ docker-machine env localbox
Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "": open /Users/vitaly/.docker/machine/machines/localbox/server.pem: no such file or directory
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which will stop running containers.

(Jaredkipe) #4

Yeah, thats where I’m basically at.

It says “Waiting for SSH to be available…” and hangs.

I need docker-machine currently because thats how the intellij docker plugin works at the moment, you need to be able to pick a machine.


(Richard Tong) #5

There is another post about how you can use socat to expose socket interface maybe that will work?


(Jaredkipe) #6

Not really, I still cannot docker-machine create with the socat’s TCP connection. At least I haven’t found a way to do so without somehow doing SSL, which I’ve kinda gotten to work using another machines certs, but the certs are created for the IP of the original VM, and I just don’t have time to work out something better.

Why can’t docker-machine create -d none add a machine without TLS?


(Jaredkipe) #7

Well after looking at the docker-machine go docs, it appears pretty set on using TLS :frowning:

running socat with openssl seems like the obvious way to go, unfortunately, after a few tries I haven’t been able to get docker-machine to connect with it because it requires IP SANs in the running server, so I guess I’ll have to look into this.

“nable to query docker version: Get https://127.0.0.1:2075/v1.15/version: x509: cannot validate certificate for 127.0.0.1 because it doesn’t contain any IP SANs”


(Jaredkipe) #8

At this point I’ve used the default .docker/machine/certs/ca.pem and ca-key.pem to generate new server certificates with the IP of 127.0.0.1 and everything seems ok.
I can add it with docker-machine, and docker-machine can get env and ls will show the correct version of docker.

However the docker client always fails with handshake failure. Same if I specify all the --tls* params by hand.

In fact, I went through creating a brand new CA, ca-key, server key-csr-cert, client key-csr-cert and specifying all those by hand. Same deal. Docker-machine is fine, a normal browser is fine (though depending on settings it will ask for a client cert).

The only socat ‘handshake failure’ kind of things I can find relate to generating dhparams which I did and appended to my server-cert.pem. Didn’t help.

The only thing I can find that seems off is that you cannot start ‘socat openssl-listen:’ with the ‘dhparams=file’ parameter. ‘unknown option “dhparams”’

I’ve tried a wide variety of other ‘socat openssl-listen:’ params like verify{0:1} method, cipher, capath etc. Nothing seems to work. So either a bug in socat and/or openssl on OS X 10.11.4, or bug in docker client.

Even more bizarre, I can get Pycharm to ‘add’ the server. But it still refuses to get the list of images, and if you type one by hand that you know exists it doesn’t work. (Pycharm takes the settings from docker-machine, and since docker-machine ls and docker-machine env give working what appears to be correct info, its not surprising this works. Though it is surprising that it can connect to it, even if it doesn’t manage to work right…)