The problem

  • Scenario 1: You want to share docker-machine keys access to users across your organization
  • Scenario 2: You want to use docker-machine keys in some sort of CI pipeline or release process

You might be tempted to try to add them to a new machine using a generic driver as such:

docker-machine create --driver generic --generic-ip-address my.server.com --generic-ssh-key ~/.ssh/id_rsa --generic-ssh-user myuser my.server.com

You’ll end up with something like this:

$ docker-machine ls
NAME             ACTIVE   DRIVER    STATE     URL                         SWARM   DOCKER    ERRORS
my.server.com   -        generic   Running   tcp://my.server.com:2376           Unknown   Unable to query docker version: Get https://my.server.com:2376/v1.15/version: x509: certificate signed by unknown authority

And when running an eval command eval $(docker-machine env my.server.com)

Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "my.server.com:2376": x509: certificate signed by unknown authority
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which might stop running containers.

The simple solution

There’s a very simple solution to sharing docker machine keys across your organization don’t. There’s another far easier option to doing this.

If you make the server available via ssh you can just change your DOCKER_HOST env and you will be able to run commands remotely.

There are two methods to do this:

  1. DOCKER_HOST=ssh://user@my.server.com run -it ubuntu bash
  2. docker -H ssh://user@my.server.com run -it ubuntu bash
$ export DOCKER_HOST=ssh://rancher@my.server.com
$ docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES

As simple as that you have remote docker at your fingertips.

Note

  • This requires docker-engine v18.0.9+
  • The ssh user must have permissions to access docker
  • To unset $DOCKER_HOST (if you used export) you can use unset DOCKER_HOST or just close your terminal session ;)

Happy Dockering