With automation in mind, when you want to execute docker commands remotely, you want to do it in a secure manner, as you don’t want to expose your Docker port to the whole world.
One way in doing that, is forwarding the remote docker socket via a local port over a SSH Tunnel. With this way, you can execute docker commands locally on your workstation, as if the swarm is running on your workstation/laptop/node/bastion host etc.
Without the tunnel, I have a swarm on my laptop with no running services:
1 2 |
|
As you can see, we have no services running, but the remote swarm has a couple, so after forwarding the connection, we should see our remote services.
Setting up the SSH Tunnel:
Here we will forward the remote docker socket: /var/run/docker.sock
to a local port bound to localhost: localhost:2377
:
1 2 |
|
Now the SSH Tunnel will be established, and you can detach your screen session, or open a new shell session. To detach your screen session: 'ctrl + a' then d
Verifying that the tunnel is established:
You can use netstat to verify that the port is listening:
1 2 |
|
Inform the Docker Client to use the Port:
Now we need to inform the docker client, to use the new port to talk to the docker daemon. We do that by setting the DOCKER_HOST
environment variable to point to localhost:2377
:
1
|
|
This will remain for the lifetime of the shell session.
Testing it Out:
Now we can run our commands locally, and we should see the output of our remote swarm:
1 2 3 4 5 |
|
Terminating our SSH Tunnel:
To terminate our SSH Tunnel, reconnect to your shell session, and hit ctrl + c
:
1 2 3 4 |
|
Hit ctrl + c
:
1
|
|
And exit the screen session:
1
|
|
With this way, you can do lots of automation with docker swarm, not limited to swarm, but one of them.