Share Docker Machine Hosts Between Users and Machines
The problem
- Scenario 1: You want to share docker-machine keys access to users across your organization
- Scenario 2: You want to use docker-machine keys in some sort of CI pipeline or release process
You might be tempted to try to add them to a new machine using a generic driver as such:
docker-machine create --driver generic --generic-ip-address my.server.com --generic-ssh-key ~/.ssh/id_rsa --generic-ssh-user myuser my.server.com
You’ll end up with something like this:
$ docker-machine ls
NAME ACTIVE DRIVER STATE URL SWARM DOCKER ERRORS
my.server.com - generic Running tcp://my.server.com:2376 Unknown Unable to query docker version: Get https://my.server.com:2376/v1.15/version: x509: certificate signed by unknown authority
And when running an eval command eval $(docker-machine env my.server.com)
Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "my.server.com:2376": x509: certificate signed by unknown authority
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which might stop running containers.
The simple solution
There’s a very simple solution to sharing docker machine keys across your organization don’t. There’s another far easier option to doing this.
If you make the server available via ssh you can just change your DOCKER_HOST env and you will be able to run commands remotely.
There are two methods to do this:
DOCKER_HOST=ssh://user@my.server.com run -it ubuntu bash
docker -H ssh://user@my.server.com run -it ubuntu bash
$ export DOCKER_HOST=ssh://rancher@my.server.com
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
As simple as that you have remote docker at your fingertips.
Note
- This requires docker-engine v18.0.9+
- The ssh user must have permissions to access docker
- To unset $DOCKER_HOST (if you used export) you can use
unset DOCKER_HOST
or just close your terminal session ;)
Happy Dockering
Read other posts