I'd like to add support for exposing the Docker API via TCP like it is <a href="https:

Hi <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="

Support for exposing the Docker API via TCP about ansible-role-docker-rootless HOT 4 OPEN

konstruktoid commented on August 21, 2024

Support for exposing the Docker API via TCP

from ansible-role-docker-rootless.

Comments (4)

monsdar commented on August 21, 2024

I also tried adding the -p .. parameter to docker-rootless.sh directly instead of going through the DOCKERD_ROOTLESS_ROOTLESSKIT_FLAGS variable. A few other different approaches to escape/mask the space did not work as well.

from ansible-role-docker-rootless.

konstruktoid commented on August 21, 2024

Hi @monsdar, I haven't tried exposing the port, but I'll have a look later tonight

from ansible-role-docker-rootless.

monsdar commented on August 21, 2024

Let me know if I can provide any more info or if there is anything I can test out on my end.

from ansible-role-docker-rootless.

konstruktoid commented on August 21, 2024

I cheated a bit and used port 2375 to skip the cert generation.

First update the docker.service for the Docker user and then restart the service.

~$ grep 2375 ~/.config/systemd/user/docker.service
Environment="DOCKERD_ROOTLESS_ROOTLESSKIT_FLAGS=-p 0.0.0.0:2375:2375/tcp"
ExecStart=/home/dockeruser/bin/dockerd-rootless.sh -H tcp://0.0.0.0:2375 -H unix:///run/user/1001/docker.sock
~$ XDG_RUNTIME_DIR="/run/user/1001" DOCKER_HOST="unix:///run/user/1001/docker.sock" systemctl --user daemon-reload
~$ XDG_RUNTIME_DIR="/run/user/1001" DOCKER_HOST="unix:///run/user/1001/docker.sock" systemctl restart --user docker

~$ sudo ss -ltnap
State        Recv-Q       Send-Q               Local Address:Port               Peer Address:Port        Process
LISTEN       0            128                        0.0.0.0:22                      0.0.0.0:*            users:(("sshd",pid=736,fd=3))
LISTEN       0            4096                 127.0.0.53%lo:53                      0.0.0.0:*            users:(("systemd-resolve",pid=650,fd=13))
ESTAB        0            0                        10.0.2.15:22                     10.0.2.2:50352        users:(("sshd",pid=1970,fd=4),("sshd",pid=1922,fd=4))
LISTEN       0            128                           [::]:22                         [::]:*            users:(("sshd",pid=736,fd=4))
LISTEN       0            4096                             *:2375                          *:*            users:(("rootlesskit",pid=2405,fd=9))

The log will notify you about the bad choice of configuration.

[DEPRECATION NOTICE]: API is accessible on http://0.0.0.0:2375 without encryption...

As another user, copy the docker binary, unalias docker, and then export DOCKER_HOST.

~$ sudo cp /home/dockeruser/bin/docker .
~$ unalias docker
~$ DOCKER_HOST=tcp://127.0.0.1:2375 ./docker ps -a
CONTAINER ID   IMAGE                COMMAND                  CREATED          STATUS                      PORTS     NAMES
3d4a6390e8df   konstruktoid/nginx   "/usr/sbin/nginx -g …"   40 minutes ago   Exited (0) 22 minutes ago             nginxport
eced319b8a6e   konstruktoid/nginx   "/usr/sbin/nginx -g …"   41 minutes ago   Exited (0) 22 minutes ago             nginx
~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:c1:34:b9 brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic eth0
       valid_lft 83818sec preferred_lft 83818sec
    inet6 fe80::a00:27ff:fec1:34b9/64 scope link
       valid_lft forever preferred_lft forever
~$ DOCKER_HOST=tcp://10.0.2.15:2375 ./docker ps -a
CONTAINER ID   IMAGE                COMMAND                  CREATED          STATUS                      PORTS     NAMES
3d4a6390e8df   konstruktoid/nginx   "/usr/sbin/nginx -g …"   41 minutes ago   Exited (0) 23 minutes ago             nginxport
eced319b8a6e   konstruktoid/nginx   "/usr/sbin/nginx -g …"   41 minutes ago   Exited (0) 23 minutes ago             nginx

from ansible-role-docker-rootless.

Support for exposing the Docker API via TCP about ansible-role-docker-rootless HOT 4 OPEN

Comments (4)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent