I have installed docker (v17.06.2-ce) under CentOS using systemd. Docker works fine and listens to the unix socket. Now i would like to have docker to listen to the Unix socket and to the TCP socket 2375. Since this is an in-house development machine security is no issue.
I scanned the inte.net found several articles but still got some questions.
My understanding is that I have systemd file (docker.service) which starts the dockerd without any parameters. ExecStart=/usr/bin/dockerd
Then there is the file demon.json here I can list what I will listen to. My question is what to enter here. It could be.
{
"hosts": [ "unix:///var/run/docker.sock",
"tcp://0.0.0.0:2375"
]
}
Or is it something like this for socket activation?
{
"hosts": [ "unix:///var/run/docker.sock",
"fd://"
]
}
Then the second thing I found out is to prepare systemd socket by providing a file docker.sockst like this
[Unit] Description=Docker Socket for the API
PartOf=docker.service
[Socket]
ListenStream=tcp://0.0.0.0:2375
SocketMode=0660
SocketUser=root
SocketGroup=docker
[Install]
WantedBy=sockets.target
But this will define only one TCP socket. According to one article then docker will respond to TCP port but no longer to the unix socket.
It would be nice if someone could point out the details.
So don't touch the docker.socket file or anything. Systemd has a concept of DropIns and you can override parts of the services using a dropin file.
So create the dropin folder for the service first
mkdir -p /etc/systemd/system/docker.service.d/
Then your create a config file
cat > /etc/systemd/system/docker.service.d/90-docker.conf <<EOF
[Service]
ExecStart=
ExecStart=/usr/bin/docker daemon -H fd:// -H tcp://0.0.0.0:2375
The first ExecStart=
blanks the original command and second ExecStart
specifies the new command we want to override
Now we should restart the docker service
systemctl daemon-reload
systemctl restart docker
Now your service would also be listening at 2375. I believe currently the host option cannot be controlled using /etc/docker/daemon.json
. See the below link for more details
https://docs.docker.com/engine/reference/commandline/dockerd/#docker-runtime-execution-options
cd /lib/systemd/system/
vim docker-tcp.socket
paste thie to docker-tcp.socket
[Unit] Description=Docker Socket for the API PartOf=docker.service [Socket] ListenStream=2375 BindIPv6Only=both Service=docker.service [Install] WantedBy=sockets.target
systemctl daemon-reload
systemctl stop docker.service
systemctl enable docker-tcp.socket
systemctl start docker-tcp.socket
systemctl start docker.service
I actually just posted this answer to an open issue on Github for PhotonOS. I created a gist with the instructions doc markdown as well as the equivalent shell script.
It allows for maintaining both local unix socket as well as remote TCP-based access to the API. Unlike most instructions, it follows the Docker supported method of creating the docker.socket service and binding it to docker service as a dependency, rather than hard-coding either/or TCP or unix fd sock on the command line, or hacking any system files that get overwritten at every upgrade.
Gist is at: https://git.io/fjhhO
To listen on both - socket and tcp:
/etc/systemd/system/docker.socket.d
10-tcp.conf
inside the folder with the content:[Socket]
ListenStream=0.0.0.0:2375
systemctl daemon-reload
systemctl stop docker.socket
systemctl stop docker.service
systemctl start docker
Plus are:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.