`docker_environment` use of `DOCKER_HOST` only supports unix domain sockets currently

[stuhood]

Currently, the docker::CommandRunner hardcodes use of Docker::connect_with_local_defaults, which under the hood assumes unix domain sockets are in use (i.e. that DOCKER_HOST is a unix:// connection string).

It seems clear based on the dockerd documentation that Pants (or the bollard crate) could do a bit of DOCKER_HOST parsing to decide between attempting a unix or tcp connection, so we should do that.

But there is an additional unknown: tcp:// connection strings might be using TLS, which requires a separate bollard connect_with_ssl_defaults method. There does not appear from the docs to be a guaranteed indicator in the connection string that would indicate that TLS should be used.

It's possible that just trying first ssl and then http connection methods would be sufficient... or adding a flag to force SSL.

[tdyas]

https://www.howtogeek.com/devops/how-to-secure-dockers-tcp-socket-with-tls/ has some good commentary.

[tdyas]

Basically, it looks like docker relies on command-line configuration (or via environment variables) to know when to use TLS.

[tdyas]

Maybe Pants needs some new options to configure TLS for Docker?