使用Docker Machine連線自己的Docker
原則上我們也可以使用
docker-machine create --url=tcp://192.168.99.100:2376 mytest
認證部分設定
認證設定的部分,可以直接參考之前設定成功的docker machine的資料夾:
$ ls -l /Users/peihsinsu/.docker/machine/machines/google-machine/
total 72
-rw-r--r-- 1 peihsinsu staff 1038 9 13 14:12 ca.pem
-rw-r--r-- 1 peihsinsu staff 1062 9 13 14:12 cert.pem
-rw------- 1 peihsinsu staff 1826 9 13 19:52 config.json
-rw-r--r-- 1 peihsinsu staff 271 9 13 14:10 gce_token
-rw------- 1 peihsinsu staff 1679 9 13 14:10 id_rsa
-rw------- 1 peihsinsu staff 381 9 13 14:10 id_rsa.pub
-rw------- 1 peihsinsu staff 1679 9 13 14:12 key.pem
-rw------- 1 peihsinsu staff 1675 9 13 14:12 server-key.pem
-rw-r--r-- 1 peihsinsu staff 1107 9 13 14:12 server.pem
有一些參數的設定可以直接在Docker Server上尋找:
root@google-machine:/etc/docker# ls -l
total 16
-rw-r--r-- 1 root root 1038 Sep 13 06:12 ca.pem
-rw------- 1 root root 281 Sep 13 06:11 key.json
-rw-r--r-- 1 root root 1675 Sep 13 06:12 server-key.pem
-rw-r--r-- 1 root root 1107 Sep 13 06:12 server.pem
筆者測試,只要備妥下面檔案,應該就可以正常連線:
ls -l /Users/peihsinsu/.docker/machine/machines/mytest/
total 48
-rw-r--r-- 1 peihsinsu staff 1038 9 13 19:56 ca.pem
-rw-r--r-- 1 peihsinsu staff 1062 9 13 20:19 cert.pem
-rw------- 1 peihsinsu staff 1533 9 13 19:58 config.json
-rw------- 1 peihsinsu staff 1679 9 13 20:20 key.pem
-rw------- 1 peihsinsu staff 1675 9 13 19:58 server-key.pem
-rw-r--r-- 1 peihsinsu staff 1107 9 13 19:57 server.pem
最後,需要針對config.json做最後的確認(原則上在最初設定完成後,應該就具備):
cat /Users/peihsinsu/.docker/machine/machines/mytest/config.json | json
{
"ConfigVersion": 1,
"Driver": {
"IPAddress": "192.168.99.100:2376",
"SSHUser": "",
"SSHPort": 0,
"MachineName": "mytest",
"CaCertPath": "/Users/peihsinsu/.docker/machine/certs/ca.pem",
"PrivateKeyPath": "/Users/peihsinsu/.docker/machine/certs/ca-key.pem",
"SwarmMaster": false,
"SwarmHost": "",
"SwarmDiscovery": "",
"URL": "tcp://192.168.99.100:2376"
},
"DriverName": "none",
"HostOptions": {
"Driver": "",
"Memory": 0,
"Disk": 0,
"EngineOptions": {
"ArbitraryFlags": [],
"Dns": null,
"GraphDir": "",
"Env": [],
"Ipv6": false,
"InsecureRegistry": [],
"Labels": [],
"LogLevel": "",
"StorageDriver": "",
"SelinuxEnabled": false,
"TlsCaCert": "",
"TlsCert": "",
"TlsKey": "",
"TlsVerify": true,
"RegistryMirror": [],
"InstallURL": "https://get.docker.com"
},
"SwarmOptions": {
"IsSwarm": false,
"Address": "",
"Discovery": "",
"Master": false,
"Host": "tcp://0.0.0.0:3376",
"Image": "swarm:latest",
"Strategy": "spread",
"Heartbeat": 0,
"Overcommit": 0,
"TlsCaCert": "",
"TlsCert": "",
"TlsKey": "",
"TlsVerify": false,
"ArbitraryFlags": []
},
"AuthOptions": {
"StorePath": "",
"CaCertPath": "/Users/peihsinsu/.docker/machine/certs/ca.pem",
"CaCertRemotePath": "",
"ServerCertPath": "/Users/peihsinsu/.docker/machine/machines/mytest/server.pem",
"ServerKeyPath": "/Users/peihsinsu/.docker/machine/machines/mytest/server-key.pem",
"ClientKeyPath": "/Users/peihsinsu/.docker/machine/certs/key.pem",
"ServerCertRemotePath": "",
"ServerKeyRemotePath": "",
"PrivateKeyPath": "/Users/peihsinsu/.docker/machine/certs/ca-key.pem",
"ClientCertPath": "/Users/peihsinsu/.docker/machine/certs/cert.pem"
}
},
"StorePath": "/Users/peihsinsu/.docker/machine/machines/mytest"
}
如果一切設定無誤,應該就可以正確地執行docker的操作了 :D
參考
- Create a CA, server and client keys with OpenSSL: https://docs.docker.com/articles/https/