Docker Cloud Federation
|dockercloud/client||Provides an interactive shell to talk to a remote docker cluster using Docker ID credentials|
|dockercloud/client-proxy||Forwards local docker API calls to a remote swarm cluster injecting Docker ID authorization information on each request|
|dockercloud/server-proxy||Authenticates and authorizes incoming docker API calls and forwards them to the local docker engine|
|dockercloud/registration||Registers the swarm cluster to Docker Cloud, and launches server-proxy|
Remote swarm side
Bring Your Own Cluster:
docker run -ti --rm -v /var/run/docker.sock:/var/run/docker.sock dockercloud/registration
Launch Docker For AWS with Docker Cloud registration (nightly build):
Launch Docker For Azure with Docker Cloud registration:
docker run --rm -ti -v /var/run/docker.sock:/var/run/docker.sock -e DOCKER_HOST dockercloud/client
This will interactively ask for Docker ID credentials and for a remote swarm to connect to.
After logging in with a Docker ID account, an
export command will be shown:
# You can now start using the swarm namespace/swarmname by executing: export DOCKER_HOST=tcp://0.0.0.0:32781
DOCKER_HOST environment variable will point to the port published by the client proxy to make the local CLI talk to the remote cluster directly. The client proxy will inject appropriate credentials automatically.
How to update
Remote swarm side
Please run the following command:
docker service update --image dockercloud/server-proxy:latest dockercloud-server-proxy
- Remove the client proxy container by
docker rm -f client_proxy_<namespace>_<swarmname>
- Pull the latest client image by
docker pull dockercloud/client
- Create a new client proxy by
docker run --rm -ti -v /var/run/docker.sock:/var/run/docker.sock -e DOCKER_HOST dockercloud/client <namespace>/<swarmname>
- If you are using docker machine, please run
unset DOCKER_TLS_VERIFYto make sure that
DOCKER_TLS_VERIFY=1is not in your environment variable. Otherwise, you will receive the following TLS error message:
$ docker ps An error occurred trying to connect: Get https://192.168.99.100:32769/v1.23/containers/json: tls: oversized record received with length 20527
I'm having issues related to my Swarm being behind a company firewall NAT. I'm not sure how in 2017 NAT wasn't a consideration in designing this registration service but here we are. I've opened port 2376 in my firewall per documentation and port forwarded that to my internal Swarm manager. No dice. Has anyone been successful in tweaking NAT settings such as reflection to get this working?
Probably not, but i have a docker swarm with some pi, probably with this docker won't work, isn't it?
We're using Terraform to bring up our own Swarms on AWS (using Container Linux "alpha" channel):
Server: Version: 17.05.0-ce API version: 1.29 (minimum version 1.12) Go version: go1.7.6 Git commit: 89658be Built: Wed Aug 16 02:57:51 2017 OS/Arch: linux/amd64 Experimental: true
and successfully init'ing each node into a Swarm of 3 manager nodes and 3 worker nodes:
$ docker node ls ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS onzoiosatrka0704ue1zcjbug * sandbox-v1-manager-0 Ready Active Leader 3ifq7s53b9niru2c1hmb9kywn sandbox-v1-manager-1 Ready Active Reachable rdrq6jepbonj2yla0a6kc5eq0 sandbox-v1-manager-2 Ready Active Reachable 4h7u51579j7kr7620e8je9wet sandbox-v1-worker-0 Ready Active 5707hxxk1uw43n9yf9ieituld sandbox-v1-worker-1 Ready Active vq70m4rlqww0hj65zzi1u5scw sandbox-v1-worker-2 Ready Active
At seemingly random intervals, our
client-proxy's (whether run manually on our CI machine, launched via Docker For Mac native client, or as viewed in Docker Cloud Swarms list) cannot connect. Docker Cloud will list the Swarm as
The containers running on our Swarm managers do not output any errors. The Swarm will eventually either become reachable on its own, or stopping the container on each manager and letting the service definition recreate them will also make the Swarm become reachable.
We don't even know where to start debugging this issue - any insight would be appreciated.
Are there any plans to allow registration for a Windows-based swarm?
I am running into the same issue as alainvanhoof.
This is for x86 achitecture only:
standard_init_linux.go:178: exec user process caused "exec format error"
Error on ARM architecture.
Does not appear to work if you are running Docker on a Socket outside of /var/run/docker.sock.
obpt5921s4r7 dockercloud-server-proxy.tqvy6qolsvb9pfovfi0bs0p7a dockercloud/server-proxy:latest stlpopsdock02 Shutdown Rejected 5 seconds ago "invalid bind mount source, so…"
diqlzhwul58b dockercloud-server-proxy.skkktnf5s9rcv8agcdrco2cr4 dockercloud/server-proxy:latest stlpopsdock01 Shutdown Rejected 5 seconds ago "invalid bind mount source, so…"
okrrr6pvxcoz dockercloud-server-proxy.j6yih55yiexxv78fv12xz7tn0 dockercloud/server-proxy:latest stlpopsdock03 Shutdown Rejected 5 seconds ago "invalid bind mount source, so…"
My Socket runs out of /docker (/docker/docker.sock). I've tried all three of the following run commands (the first should be right, it should mount my existing /docker/docker.sock file into the container at it's expected location of /var/run):
sudo docker run -ti --rm -v /docker/docker.sock:/var/run/docker.sock dockercloud/registration
sudo docker run -ti --rm -v /docker/docker.sock:/docker/docker.sock dockercloud/registration
sudo docker run -ti --rm -v /var/run/docker.sock:/var/run/docker.sock dockercloud/registration