Can the docker machines created from one developer workstation using docker-machine commands, be managed from another workstation. I am not looking for a solution involving docker swarm, but just docker machine.
From my understanding when docker-machine creates the machine on a remote environment like AWS EC2, it creates keys and certs which are then used for TLS based communication to the machine going forward. Therefore, in theory if I copy those keys and certs to another developer machine I should be able to connect to that remote docker machine.
However, I would like to know if that is the expected method to accomplish what I am looking to do. IMO this will be a scenario most of the docker community might be facing since multiple team members will need to share and manage the same remote docker machine.
Any guidance in this matter would be really appreciated.
Docker Swarm allows you to load-balancing by creating a cluster of multiple machines running Docker. By assigning nodes as managers, you can pass Docker commands to other machines.
The main reason you would use docker-machine is when you want to create a deployment environment for your application and manage all the micro-services running on it. For instance, you can easily have a development, staging and production environment accessible from your own machine and update them accordingly.
By using TLS based communication, docker is utilizing two-way SSL verification. In other words, not only does the client verify the server but also the other way round. By creating a docker machine with TLS enabled, you are becoming your own Certificate Authority (CA), and thus you are responsible for managing the SSL certificates. Docker machine does this behind the scenes, but I believe you can manually setup self-signed CA and repoint Docker to use the certs and keys you setup. Thus, instead of sharing a single certificate and key to all developer workstations, issue a unique certificate and private key for every developer signed by the CA private key. The only thing that has to be shared by everyone is the CA certificate, which is public.
The advantage of this is, you can revoke a certificate say once a developer leaves, although this is difficult with self-signed certificates, and it allows accountability where you can check who did what from the logs.
Docker TLS setup.
Becoming your own CA tutorial and certificate revocation
There's an external tool to import/export docker-machines: machine-share.
machine-export <machine-name>
>> exported to <machine-name>.zip
machine-import <machine-name>.zip
>> imported
As an aside, I believe Daniel's solution is superior, but requires a significant investment in tools/workflows. machine-export
should be sufficient in 95% of the cases.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With