How can I use the docker daemon from a container running on a host provisioned by Docker Machine?

I am trying to use the docker daemon from a container on a host created by docker machine.

Initially I was trying to connect to the host daemon via a volume-mounted unix socket (-v /var/run/docker.sock:/var/run/docker.sock), but that kept failing:

  • Cloudbees jenkins plugin fails to start containers
  • Working with HDFS within docker container
  • Heroku-docker not working on osx
  • Attempting to access USB device from Docker in Windows
  • Rails can't find a temporary directory when run inside Docker container
  • Why is sbt-native-packager staging bin/start as a directory instead of a script?
  • [root@f57377672f7f docker]# env | grep DOCKER
    [root@bd4154b372d5 code]# docker images
    An error occurred trying to connect: Get https://%2Fvar%2Frun%2Fdocker.sock/v1.23/images/json: tls: oversized record received with length 20527

    I’m not sure why it’s trying to connect over HTTPS even though DOCKER_HOST is unix://.

    Next I tried tcp://, but this failed because the TLS certs generated by docker machine are generated to work only for the host’s external interfaces.

    # On the host
    ubuntu@spot:~$ ps aux | grep 'docker daemon'
    root     23678  0.4  0.7 907564 59648 ?        Ssl  10:01   1:16 /usr/bin/docker daemon -H tcp:// -H unix:///var/run/docker.sock --storage-driver aufs --tlsverify --tlscacert /etc/docker/ca.pem --tlscert /etc/docker/server.pem --tlskey /etc/docker/server-key.pem --label provider=amazonec2
    # From the container
    [root@f57377672f7f docker]# env | grep DOCKER
    [root@f57377672f7f docker]# docker images
    An error occurred trying to connect: Get x509: certificate is valid for, not

    Thus, in order to connect to the host’s daemon from a container, I need to:

    1. Copy the certs from my local ~/.docker/machines/machine/$machine/ to the container at build-time.
    2. Hard-wire the external IP of that host as DOCKER_HOST (eg. tcp:// in the container at build-time, too.

    Is there a way to get around this with without turning TLS off on the external interface? I also don’t want to modify my the container’s Dockerfile for every host that it has to run on.

  • Docker RUN groupadd && useradd directives have no effect
  • Remote access to container
  • docker exec: rpc error: code = 2 desc = oci runtime error: exec failed
  • Create a volume in docker from windows host
  • An error occurred trying to connect - docker when not using sudo
  • Docker PostgreSQL query output
  • One Solution collect form web for “How can I use the docker daemon from a container running on a host provisioned by Docker Machine?”

    The docker client only attempts HTTPS connections if DOCKER_TLS_VERIFY is enabled or even set in the environment. It attempts to translate the DOCKER_HOST URI to an https:// address.

    To allow the client to use a local socket instead of HTTPS, you must first set DOCKER_TLS_VERIFY

    [root@f57377672f7f docker]# unset DOCKER_TLS_VERIFY

    docker [command] works over the unix socket!

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.