Docker 🤷

[spences10]

Hi @ethanhs,

I think docker works now on WSL, I'm going to take a look at this to try set up a dockerised node environment

I'm having a bit of a hard time trying to remove docker.io (which was working) from my WSL install so I'm about to trash my system and start again.

Would you like a PR to reflect this if I get it working?

[ethanhs]

Yes, if docker is not usable (or more usable?) then it'd be great to make a PR to reflect that. Thank you!

[spences10]

Waiting to hear back on this it's not looking promising though.

confused as I could install docker via Linuxbrew and it seemed to run the hello container

[WSLUser]

Docker Client works. Docker engine does NOT as the daemon isn't supported. Suggest checking out Ubuntu's own implementation of containers LXD. Be curious if someone could successfully get that running on Ubuntu on Windows since it's coming from the same group (Canonical).

[raesene]

So it's worth noting that the ubuntu package 'docker' is not the software product from docker.com, for that you want the docker.io package.

However for the docker-ce client (latest version of docker) the best path is to download that from docker's site (https://docs.docker.com/install/linux/docker-ce/binaries/).

The docker-ce client works just fine under WSL. You can run the docker daemon on Windows using Docker for Windows (https://www.docker.com/docker-windows) which lets you run linux and windows containers, however to to get the docker client on WSL to speak to the Docker daemon running on windows, requires a bit of additional work detailed here (http://wslcorsair.blogspot.co.uk/2018/02/secure-nested-lcow-part-2.html - the Securing the Docker daemon section) and here ( http://wslcorsair.blogspot.co.uk/2018/02/secure-nested-lcow-part-3.html )

[spences10]

Thanks @raesene 👍

Maybe you could make a PR and link this issue to the section covering how to get it set up?

[raesene]

Sure I'll do a write-up with a bit more depth to it and then put a link in a PR.

[WSLUser]

There's actually a blog post from Microsoft that describes exactly how to get Docker for Windows running with the Docker client on WSL. I didn't mention before about Docker for Windows because I assumed there would be underlying assumption of since only the Docker client works, Docker for Windows would be required for the daemon part. Here's the link: https://blogs.msdn.microsoft.com/commandline/2017/12/08/cross-post-wsl-interoperability-with-docker/

[raesene]

Yeah I've read that, but it uses a non-standard method (npiperelay) which they admit is buggy, whilst using client authenticated TLS is a standard Docker mechanism.

Whilst there's a decent amount of setup involved in the SSL/TLS stuff, it's probably no harder than compiling setting up npiperelay...

[WSLUser]

From the blog:

What about opening another port to have docker listen on and protect that with TLS? Well, Docker for Windows doesn’t support the requirements needed to make this happen. So this brings up back to npiperelay.

Sounds like a limitation to Docker for Windows to me, which is why npiperelay is used.

which they admit is buggy

Hence the caveat:

Note: the tool we are about to use works best with insider builds--it can be a little buggy on ver. 1709.

1803 is going to be released very soon and with the amount of support added for WSL on both WSL and Windows (AF_Unix, interop, etc.) npiperelay may or may not be the best option. For awareness, the original repo for npiperelay isn't maintained so here's the link to the maintainer who forked it and added a change to it. https://github.com/NZSmartie/npiperelay
This maintainer doesn't seem to do anything with it either but I'm guessing it's not as buggy with the fixes he originally put into it. Note: Based on the issue I found on this repo, I recommend installing and using the latest available version of Go not in beta. At least ver 1.9 appears needed.

[raesene]

So that was indeed the case, but I ran into some blog posts (that I linked above) which showed it's possible. From some experimentation, the trick is to put docker for Windows into "windows containers" mode at which point the -H setting works just fine so TLS is possible.

Got a write-up here https://raesene.github.io/blog/2018/03/29/WSL-And-Docker/ which I've tested on two systems, both of which worked ok.

so personally I'd recommend that approach as for Docker TLS over TCP is the generally approved method and it also means that any other tools you might want to use for Docker management can be used...

[WSLUser]

I'm personally waiting for AF_Packet to light up and spin up a TLS connection using that. Or I might just see what the next blocker is for say Kubernetes.

Edit: Technically if somebody was really motivated, they could use dbus instead of TCP using AF_Unix interop. Docker for Windows just needs to know (which I'm not sure if it does) how to accept the dbus connection.

[raesene]

Created a PR with the instructions and an updated rating #121

[spences10]

Closed with #121