Public Repository

Last pushed: 3 months ago
Short Description
Full Description

Docker Cloud Federation

Docker Repositories

Repo Description
dockercloud/client Provides an interactive shell to talk to a remote docker cluster using Docker ID credentials
dockercloud/client-proxy Forwards local docker API calls to a remote swarm cluster injecting Docker ID authorization information on each request
dockercloud/server-proxy Authenticates and authorizes incoming docker API calls and forwards them to the local docker engine
dockercloud/registration Registers the swarm cluster to Docker Cloud, and launches server-proxy


Remote swarm side

Bring Your Own Cluster:

docker run -ti --rm -v /var/run/docker.sock:/var/run/docker.sock dockercloud/registration

Launch Docker For AWS with Docker Cloud registration (nightly build):

Launch Docker For Azure with Docker Cloud registration:

Client side

Client container:

docker run --rm -ti -v /var/run/docker.sock:/var/run/docker.sock -e DOCKER_HOST dockercloud/client

This will interactively ask for Docker ID credentials and for a remote swarm to connect to.

After logging in with a Docker ID account, an export command will be shown:

# You can now start using the swarm namespace/swarmname by executing:
export DOCKER_HOST=tcp://

This new DOCKER_HOST environment variable will point to the port published by the client proxy to make the local CLI talk to the remote cluster directly. The client proxy will inject appropriate credentials automatically.

How to update

Remote swarm side

Please run the following command:

docker service update --image dockercloud/server-proxy:latest dockercloud-server-proxy

Client side

  1. Remove the client proxy container by docker rm -f client_proxy_<namespace>_<swarmname>
  2. Pull the latest client image by docker pull dockercloud/client
  3. Create a new client proxy by docker run --rm -ti -v /var/run/docker.sock:/var/run/docker.sock -e DOCKER_HOST dockercloud/client <namespace>/<swarmname>

Known issues

  • If you are using docker machine, please run unset DOCKER_TLS_VERIFY to make sure that DOCKER_TLS_VERIFY=1 is not in your environment variable. Otherwise, you will receive the following TLS error message:
    $ docker ps
    An error occurred trying to connect: Get tls: oversized record received with length 20527
Docker Pull Command

Comments (7)
16 days ago

I'm having issues related to my Swarm being behind a company firewall NAT. I'm not sure how in 2017 NAT wasn't a consideration in designing this registration service but here we are. I've opened port 2376 in my firewall per documentation and port forwarded that to my internal Swarm manager. No dice. Has anyone been successful in tweaking NAT settings such as reflection to get this working?

a month ago

Probably not, but i have a docker swarm with some pi, probably with this docker won't work, isn't it?

2 months ago

We're using Terraform to bring up our own Swarms on AWS (using Container Linux "alpha" channel):

    Version:      17.05.0-ce
    API version:  1.29 (minimum version 1.12)
    Go version:   go1.7.6
    Git commit:   89658be
    Built:        Wed Aug 16 02:57:51 2017
    OS/Arch:      linux/amd64
    Experimental: true

and successfully init'ing each node into a Swarm of 3 manager nodes and 3 worker nodes:

    $ docker node ls
    ID                            HOSTNAME               STATUS              AVAILABILITY        MANAGER STATUS
    onzoiosatrka0704ue1zcjbug *   sandbox-v1-manager-0   Ready               Active              Leader
    3ifq7s53b9niru2c1hmb9kywn     sandbox-v1-manager-1   Ready               Active              Reachable
    rdrq6jepbonj2yla0a6kc5eq0     sandbox-v1-manager-2   Ready               Active              Reachable
    4h7u51579j7kr7620e8je9wet     sandbox-v1-worker-0    Ready               Active              
    5707hxxk1uw43n9yf9ieituld     sandbox-v1-worker-1    Ready               Active              
    vq70m4rlqww0hj65zzi1u5scw     sandbox-v1-worker-2    Ready               Active

At seemingly random intervals, our client-proxy's (whether run manually on our CI machine, launched via Docker For Mac native client, or as viewed in Docker Cloud Swarms list) cannot connect. Docker Cloud will list the Swarm as UNREACHABLE.

The containers running on our Swarm managers do not output any errors. The Swarm will eventually either become reachable on its own, or stopping the container on each manager and letting the service definition recreate them will also make the Swarm become reachable.

We don't even know where to start debugging this issue - any insight would be appreciated.

3 months ago

Are there any plans to allow registration for a Windows-based swarm?

4 months ago

I am running into the same issue as alainvanhoof.

5 months ago

This is for x86 achitecture only:
standard_init_linux.go:178: exec user process caused "exec format error"
Error on ARM architecture.

6 months ago

Does not appear to work if you are running Docker on a Socket outside of /var/run/docker.sock.

obpt5921s4r7 dockercloud-server-proxy.tqvy6qolsvb9pfovfi0bs0p7a dockercloud/server-proxy:latest stlpopsdock02 Shutdown Rejected 5 seconds ago "invalid bind mount source, so…"
diqlzhwul58b dockercloud-server-proxy.skkktnf5s9rcv8agcdrco2cr4 dockercloud/server-proxy:latest stlpopsdock01 Shutdown Rejected 5 seconds ago "invalid bind mount source, so…"
okrrr6pvxcoz dockercloud-server-proxy.j6yih55yiexxv78fv12xz7tn0 dockercloud/server-proxy:latest stlpopsdock03 Shutdown Rejected 5 seconds ago "invalid bind mount source, so…"

My Socket runs out of /docker (/docker/docker.sock). I've tried all three of the following run commands (the first should be right, it should mount my existing /docker/docker.sock file into the container at it's expected location of /var/run):
sudo docker run -ti --rm -v /docker/docker.sock:/var/run/docker.sock dockercloud/registration
sudo docker run -ti --rm -v /docker/docker.sock:/docker/docker.sock dockercloud/registration
sudo docker run -ti --rm -v /var/run/docker.sock:/var/run/docker.sock dockercloud/registration