Moving Docker Machines Definitions

Docker Machine is a new tool from Docker that allows you quickly create Docker hosts on your local machine or a cloud provider such as EC2 or Google Compute.  During the machine creation process the docker machine library creates a new ssh key and ssl certificate to interact with this machine via the docker client tools.

This is all great and allows a developer to quickly create a new cloud instance in minutes.  However if you want to share the docker machine with coworker things become a little murky.

The easiest way to grant a coworker access to the machine is to pass them the id_rsa file which contains the ssh key.  You can then access the host via the following command.

[code lang=text]
ssh -i id_rsa <user>@<host>

[/code]

once logged into the machine you can use regular docker commands as normal. Although typically sudo will be required.  The key is usually located in ~/.docker/machine/machines/<machine_name>

[code lang=text]
sudo docker ps

[/code]

This generally works in most cases but if you want your coworkers to be able to access the machine using docker-machine, some manually manipulation of the config.json file is required.

The following tested with Docker-Machine config files version 1.  Make a backup copy before testing this out.

  1. Copy the contents of ~/.docker/machine/machines/<machinename> to the target pc.
  2. Update the following sections of config.json. In most cases just updating the home directory is all that is needed.
    • Driver.CaCertPath  – the CA cert should point to the ca cert in the machine directory rather then the one in the certs directory.

      /Users/jellin/.docker/machine/machines/dev/ca.pem,

    • AuthOptions.ServerCertPath – Update to the Cert in the machine directory

    • AuthOptions.ServerKeyPath – Update to the Key in the machine directory

    • AuthOptions.ClientKeyPath – the client key should point to the client key in the machine directory rather then the one in the certs directory.

      /Users/jellin/.docker/machine/machines/dev/key.pem,

    • AuthOptions.ClientCertPath –

      the Client cert should point to the caclientcert in the machine directory rather then the one in the certs directory.

      /Users/jellin/.docker/machine/machines/dev/cert.pem,

    • StorePath – Update to the directory of the machine
  3. In the case of EC2,  the IAM credentials used to create the instance are also present.  You may wish to remove these as well before passing the key onto your colleague.
    • Driver.AccessKey
    • Driver.SecretKey

Hopefully in the future the docker machine people will come up with a more portable way to share your machine creations.

You may also like...