Create image from local Dockerfile towards a remote docker daemon

bigboulard · November 23, 2023, 1:16pm

Hi,

It may be a stupid question but … I’m trying to build an image from my local computer and create the images to a local VM. I’ve created a docker context like this:

> docker context create multipass --description "Multipass Docker Desktop" --docker "host=ssh://ubuntu@manager.local"

> docker context use multipass

> docker context ls                                 
NAME                TYPE                DESCRIPTION                               DOCKER ENDPOINT                                       KUBERNETES ENDPOINT   ORCHESTRATOR
default             moby                Current DOCKER_HOST based configuration   unix:///var/run/docker.sock                                                 
desktop-linux       moby                Docker Desktop                            unix:///Users/boulard/.docker/run/docker.sock                         
multipass *         moby                Multipass Docker Desktop                  ssh://boulard@manager.local

I can ssh into the VM:

> ssh boulard@manager.local
Welcome to Ubuntu 22.04.3 LTS (GNU/Linux 5.15.0-87-generic aarch64)
...

Then, I tried to build assuming the new context was taken into account:

> docker image build -t gorilla-server -f ./gorilla/server/Dockerfile .
ERROR: Cannot connect to the Docker daemon at http://docker.example.com. Is the docker daemon running?

So, I checked that the daemon was running:

> ssh boulard@manager.local
...
> docker info
Client: Docker Engine - Community
...

… then I tried with the DOCKER_HOST environment variable:

> DOCKER_HOST="ssh://boulard@manager.local" docker image build -t myapp -f ./myapp/Dockerfile .
ERROR: Cannot connect to the Docker daemon at http://docker.example.com. Is the docker daemon running?

…and finally with the -H option on the docker command without success:

> docker -H ssh://boulard@manager.local image build -t myapp -f ./myapp/Dockerfile .
ERROR: Cannot connect to the Docker daemon at http://docker.example.com. Is the docker daemon running?

Thanks for your help

rimelek · November 23, 2023, 10:38pm

To be honest I’m not sure why it doesn’t work what you want. Maybe I miss the same thing as you, but my multipass on macOS has a builtin docker command which I don’t perfectly understand yet.

multipass docker ps

I don’t think I made this. My Vm is called docker-vm

docker-vm               Running           192.168.211.2    Ubuntu 22.04 LTS
                                          172.17.0.1

And somehow multipass knows what VM it has to connect to. Of course I used the VM image called “docker”

multipass find | grep docker

docker                                        0.4              A Docker environment with Portainer and related tools

BAck to the original question:

I assume you can SSH into the virtual machine without password, right?

bigboulard · November 24, 2023, 8:42am

It seems like you have an alias ( https://multipass.run/docs/using-aliases )

multipass aliases

Your docker-vm is probably defined as the primary instance (https://multipass.run/docs/primary-instance)

bigboulard · November 24, 2023, 12:22pm

I overlooked at the output from docker info from the manager node.

Server:
ERROR: permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/info": dial unix /var/run/docker.sock: connect: permission denied

boulard@manager:~$ docker info
Client: Docker Engine - Community
 Version:    24.0.7
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.11.2
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.21.0
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
ERROR: permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/info": dial unix /var/run/docker.sock: connect: permission denied
errors pretty printing info

I’m searching for a fix …

rimelek · November 24, 2023, 5:13pm

Is your user in the virtual machine in the “docker” group?

bigboulard · November 24, 2023, 5:25pm

Now :

I can ssh into the container,
the docker context works,
the Docker daemon from the multipass instance is up and running.

Explanation: The error was in the cloud-init function used to create the multipass instance, especially the command that assigns the user to the docker group. Therefore, the docker daemon in the instance wasn’t started.

#cloud-config
users:
  - name: boulard # CREATE USER BOULARD
    ssh-authorized-keys:
      - ecdsa-sha2-nistp256 PUBLIC_KEY boulard@mymac
    sudo: ALL=(ALL) NOPASSWD:ALL
    groups: sudo
    shell: /bin/bash
package_update: true
packages:
  - docker
  - avahi-daemon
  - apt-transport-https
  - ca-certificates
  - curl
  - gnupg
  - lsb-release
runcmd:
  - sudo curl -fsSL https://get.docker.com | sudo bash
  - sudo systemctl enable docker
  - sudo systemctl enable -s HUP ssh
  - sudo groupadd docker
  - sudo usermod -aG docker boulard # ADD USER BOULARD TO THE DOCKER GROUP

Now, if I build from the host, it takes the code from it, creates an image, and sends it through ssh to the manager instance. Thanks for your support @rimalek

meyay · November 25, 2023, 12:07pm

Thank you for sharing the final solution with us!

rimelek · November 25, 2023, 2:20pm

Now I understand why I wasn’t notified

The Docker daemon wasn’t started or the user didn’t have access to the socket without the docker group which is the group of the socket? Didn’t the installer create the docker group?

bigboulard · November 26, 2023, 4:38pm

Sorry for the mistype @rimelek

Good question. The docker CLI was invoked by user boulard which was not part of the docker group, so when I typed docker info, I got this error.

Server:
ERROR: permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/info": dial unix /var/run/docker.sock: connect: permission denied

Probably the daemon was running but the docker CLI couldn’t access it. When I typed docker build from the host using a context tied to the manager node, it couldn’t access it cause the context is just a way to say “hey I want to use this remote docker CLI, so ssh into this instance and try to make it work, user is boulard, ssh host is manager.local so it’s boulard@manager.local and for the security stuff, just take the ssh keys in my ~/.ssh/ folder” … but this also fails because boulard is not part of the docker group.