Docker Community Forums

Share and learn in the Docker community.

How can docker-machine add an exist docker host?


(Tdy218) #1

This is an old problem, but i cann’t find the usefull method.

I have the following env

Local Host (My Laptop) Name : Chris-Laptop , docker-machine is already installed , Mac OS X 10.11
Remote Host (My VPS) Name : li845-130 , docker-engine is already installed, CentOS 7.0

1.Docker Daemon Process in Remote Host
[root@li845-130 ~]# ps -ef|grep docker | grep -v grep
root 12093 1 0 02:09 ? 00:00:00 /usr/bin/docker daemon -H tcp://0.0.0.0:2376

2.Configure the ssh connection without password
[tdy218@Chris-Laptop .ssh]$ ssh root@139.162.3.130
Last failed login: Mon Mar 21 02:54:06 UTC 2016 from 125.88.177.95 on ssh:notty
There were 54 failed login attempts since the last successful login.
Last login: Mon Mar 21 02:25:25 2016 from 114.248.235.223
[root@li845-130 ~]#

3.Add remote docker host to local docker machines
[tdy218@Chris-Laptop .ssh]$ docker-machine create --driver none -url=tcp://139.162.3.130:2376 linodevps
Running pre-create checks…
Creating machine…
To see how to connect your Docker Client to the Docker Engine running on this virtual machine, run: docker-machine env linodevps
[tdy218@Chris-Laptop .ssh]$ docker-machine ls
NAME ACTIVE DRIVER STATE URL SWARM DOCKER ERRORS
default * virtualbox Running tcp://192.168.99.100:2376 v1.10.3
linodevps - none Running tcp://139.162.3.130:2376 Unknown Unable to query docker version: Unable to read TLS config: open /Users/tdy218/.docker/machine/machines/linodevps/server.pem: no such file or directory
[tdy218@Chris-Laptop .ssh]$

[tdy218@Chris-Laptop .ssh]$ docker-machine -D regenerate-certs linodevps
Docker Machine Version: 0.6.0, build e27fb87
Regenerate TLS machine certs? Warning: this is irreversible. (y/n): y
Regenerating TLS certificates
Found binary path at /usr/local/bin/docker-machine
Launching plugin server for driver none
Plugin server listening at address 127.0.0.1:54648
() Calling .GetVersion
Using API Version 1
() Calling .SetConfigRaw
() Calling .GetMachineName
command=configureAuth machine=linodevps
Waiting for SSH to be available…
Getting to WaitForSSH function…
(linodevps) Calling .GetSSHHostname
(linodevps) Calling .GetSSHPort
(linodevps) Calling .GetSSHKeyPath
(linodevps) Calling .GetSSHUsername
Using SSH client type: external
{[-o BatchMode=yes -o PasswordAuthentication=no -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=no -o ControlPath=none @ -p 0] /usr/bin/ssh}
About to run SSH command:
exit 0
SSH cmd err, output: exit status 255: usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b

Error getting ssh command ‘exit 0’ : Something went wrong running an SSH command!
command : exit 0
err : exit status 255
output : usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]

It report “Too many retries waiting for SSH to be available. Last error: Maximum number of retries (60) exceeded…” at last.

Why ? i have configurated the ssh connection between local host and remote docker host without password.

How can export the docker host to local docker-machine command line ?


(Kostasmistos) #2

Use the generic driver.

docker-machine create --driver generic --generic-ip-address ipofdockerhost --generic-ssh-user sshuser
The ssh user should have sudo access with no password

Notice that after a successful connection between docker-machine and the docker host all containers running on that host will be stopped and docker daemon will be restarted


(Hashlash) #3

Is there any work around for setting a sudo user without password?
I’m not security expert, but doesn’t it really dangerous? The user could really do anything without any additional privilege