29

Can the docker machines created from one developer workstation using docker-machine commands, be managed from another workstation. I am not looking for a solution involving docker swarm, but just docker machine.

From my understanding when docker-machine creates the machine on a remote environment like AWS EC2, it creates keys and certs which are then used for TLS based communication to the machine going forward. Therefore, in theory if I copy those keys and certs to another developer machine I should be able to connect to that remote docker machine.

However, I would like to know if that is the expected method to accomplish what I am looking to do. IMO this will be a scenario most of the docker community might be facing since multiple team members will need to share and manage the same remote docker machine.

Any guidance in this matter would be really appreciated.

4

2 回答 2

29

通过使用基于 TLS 的通信,docker 正在利用双向 SSL 验证。换句话说,客户端不仅验证服务器,而且反过来验证服务器。通过创建启用了 TLS 的 docker 机器,您将成为自己的证书颁发机构 (CA),因此您负责管理 SSL 证书。Docker 机器在幕后执行此操作,但我相信您可以手动设置自签名 CA 并重新指向 Docker 以使用您设置的证书和密钥。因此,与其向所有开发人员工作站共享单个证书和密钥,不如为每个由 CA 私钥签名的开发人员颁发唯一证书和私钥。唯一必须由每个人共享的是 CA 证书,它是公开的。

这样做的好处是,一旦开发人员离开,您就可以撤销证书,尽管这对于自签名证书很困难,并且它允许问责,您可以从日志中检查谁做了什么。

Docker TLS 设置。

成为您自己的 CA 教程和证书吊销

于 2015-05-13T03:50:07.317 回答
4

有一个用于导入/导出 docker-machines 的外部工具:machine-share

machine-export <machine-name>
>> exported to <machine-name>.zip
machine-import <machine-name>.zip
>> imported

顺便说一句,我相信 Daniel 的解决方案非常出色,但需要对工具/工作流程进行大量投资。machine-export在 95% 的情况下应该足够了。

于 2017-08-23T21:37:42.830 回答