monitor_docker
monitor_docker copied to clipboard
ualex73
Support connecting to docker host via ssh
Per https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-socket-option starting in Docker version 18.09 the following can be used to connect to a remote docker host:
$ docker -H ssh://[email protected]:22 ps
$ docker -H ssh://[email protected] ps
$ docker -H ssh://example.com ps
When I tried to specify ssh://[email protected] in the URL, I get the following error:
2020-10-07 12:33:25 ERROR (Thread-6) [custom_components.monitor_docker.helpers] Can not connect to Docker API (Missing protocol scheme in docker_host.)
Traceback (most recent call last):
File "/config/custom_components/monitor_docker/helpers.py", line 140, in __init__
self._api = aiodocker.Docker(url=url)
File "/usr/local/lib/python3.8/site-packages/aiodocker/docker.py", line 125, in __init__
raise ValueError("Missing protocol scheme in docker_host.")
ValueError: Missing protocol scheme in docker_host.
The underlying library used for the Docker API doesn't support the "ssh://" option, sorry. You need to use tcp with certificates for security.
I was able to work around this limitation using socat over SSH.
Instructions here: https://serverfault.com/a/362833
Just incase anyone else is in a similar situation
For a bit more convenience, I created a systemd daemon
Do everything as root. location: /etc/systemd/system/[email protected]
Description=Setup a secure tunnel for docker.sock to %i
After=network.target
[Service]
Group=docker
ExecStart=ssh -o StreamLocalBindUnlink=yes -o StreamLocalBindMask=0117 -nNT -L /var/run/docker.%i.sock:/var/run/docker.sock %i
RestartSec=30
Restart=always
[Install]
WantedBy=multi-user.target
Enable it on boot with systemctl enable docker-remote-sock@server
Be sure you have placed the id_rsa.pub into the authorized_keys file for the root of the other server, so no login is needed.
