How can I SSH into the Beta's MobyLinuxVM

I would like to be able to SSH into the MobyLinuxVM that the Docker for Windows Beta creates and uses in Hyper-V. I used to be able to do this using docker-machine (pre-Beta), but since it’s not used to manage this Beta VM (why?), I don’t seem to be able to any more.

Aside from being able to debug internals of the VM when something isn’t working, we SSH into that VM in scripts in order to automatically figure out the location of docker inside the VM (eg. “which docker”) so it can be mapped into a container, along with the docker.sock so that we can do docker stuff inside our containers (we use containers to build other containers as a part of our CI solution).

As a temporary workaround I manually found the location of docker inside the VM by mounting various bits of its filesystem as a volume in a container and then ls-ing, and I’ve hardcoded that location in my scripts, but that’s not a great solution.

How can I SSH into this new magical MobyLinuxVM?

Thanks in advance.

6 Likes

I second this - we also have scripts to set up our (rather large, complicated to manually setup) test environment.
Normally I would clone our GIT repository or add a shared directory from host to client to be able to execute the script(s).

SSH access would be great :slight_smile:

Kind Regards
Denis Germ

1 Like

+1 for being able to ssh into mobylinux host

Yes, I need to that too, I want to mount a different volume than User’s default as that disk is full :). But since I cannot SSH I cannot mount it.

Yes, I would like to see this as well.

Yes, I would like to modify docker.sock in one of the containers …

For those who are looking for docker.sock
it is located at /run/docker.sock

Not exactly ssh but equivalent results. “Docker Saigon” solution:

#get a privileged container with access to Docker daemon
docker run --privileged -it --rm -v /var/run/docker.sock:/var/run/docker.sock -v /usr/bin/docker:/usr/bin/docker alpine sh

#run a container with full root access to MobyLinuxVM and no seccomp profile (so you can mount stuff)
docker run --net=host --ipc=host --uts=host --pid=host -it --security-opt=seccomp=unconfined --privileged --rm -v /:/host alpine /bin/sh

#switch to host FS
chroot /host

6 Likes

When designing Docker for Windows, we weighed trade-offs between flexibility and customizability vs. dependability and determinism.

docker-machine is very flexible (there are lots of different drivers) and customizable (the setup has lots of parameters and there’s SSH access to the machines). But the experience is also very variable (not all features work with all drivers or settings) and inexperienced users can quickly get in trouble.

With Docker for Windows, we’ve tried to build a more dependable Docker environment. We know that this has come at some cost to flexibility. Your feedback is very valuable as we continue to work towards the right balance.

Michael

1 Like

Thanks for your response Michael. But if you allow my 2cents on this…

DfW will inevitably be compared to the current Docker Toolbox. And I would expect that a “docker-machine create -d dfw …” to be on the horizon… :slight_smile:

Why would that make a less dependable Docker environment? I see DfW as a dev environment replacing Virtualbox by hyperv and (hopefully) making things more robust and speedier…

2 Likes

Without SSH access, how can we add a registry mirror or whitelist an insecure registry?

1 Like

We’re working on making this a setting from the systray menu - it should land in the next beta which is imminent.

5 Likes

Fantastic. Thanks for listening to the feedback. Looking forward to playing with that!

I was looking for ssh access to set the http proxy. I want to be able to set the proxy for the VM since docker for windows does not work behind our corporate proxies.

A variant of How can I SSH into the Beta's MobyLinuxVM is to use nsenter on PID 1. Build a Docker image that has nsenter inside, like this:

FROM alpine
MAINTAINER You <you@example.com>
RUN apk update && \
    apk add util-linux && \
    rm -rf /var/cache/apk/*
ENTRYPOINT ["nsenter", "--target", "1", "--mount", "--uts", "--ipc", "--net", "--pid"]

Then you can “docker build . -t hostenter” and enter the host with “docker run --rm -it --privileged --pid=host hostenter”:

PS C:\Users\You> docker run -it --privileged --pid=host hostenter
moby:/#

I was able to add the mfsymlinks option to my Windows mounts using this approach.

2 Likes

Is it possible to install docker plugins such as Rancher Convoy without SSH?

Running docker images to look at the filesystem of the MobyVM is useful and educational, but still no good if you are wanting to do anything which requires restarting the docker engine. e.g. installing plugins, changing drive sizes, defaults for DNS, etc. Some of these options are in the UI…

I am running the latest beta and can see that the tray app has a UI to set some settings, which is helpful. However, in my case I some SSL certs that need to be trusted (I’m behind a transparent SSL proxy and need to trust its CA certs). Is there a way to do that?

1 Like

Hi Michael,

Is it enabled now? Will i be able to SSH to MobyLinuxVM with latest docker for windows beta release 1.13.0-beta38 (9805)

Is it enabled now?
I want to change ip/port mapping but do not want to recreate the container.

Any update? I need to be able to ssh into the host machine ASAP.