Support remote docker over ssh

[dgageot]

I've got a remote docker daemon that I connect to over ssh.
Something like DOCKER_HOST=ssh://docker-remote docker ps works well

When I use linuxkit, with DOCKER_HOST set to ssh://docker-remote it'll silently fail to connect.

This introduced the support for a remote docker over ssh.

Signed-off-by: David Gageot david.gageot@docker.com

[djs55]

LGTM. I tested by setting DOCKER_HOST=ssh://username@windows.host on my Mac (to be adventurous) and then linuxkit build -format iso-efi examples/getty.yml. Initially I wasn't sure what was happening but then I deliberately misconfigured my Windows Docker Desktop HTTP proxy and verified that the error was reported on my Mac.

[dgageot]

Hi @deitch, do you think this one can be merged too? It pretty important when using a remote docker to be able to connect over ssh.

[deitch]

I am not sure I get the use case. Is this for building packages lkt pkg build? Linuxkit already has a set of rules for using docker contexts for that. Or is it for getting to the docker daemon where the contexts are provided? Or something else entirely?

[dgageot]

@deitch When one sets DOCKER_HOST or creates a docker context, linuxkit will indeed pick it up correctly. However, if the docker daemon that this points to is reached over ssh, linuxkit will fail to actually talk to the daemon.
Connecting over ssh is something not too old and the standard docker library doesn't do that auto magically.

[deitch]

I still don't fully get it.

• is this for lkt pkg build? Or some other scenario.
• when running lkt pkg build, it just uses docker contexts based on the docker daemon to which it communicates. Is this to set which docker daemon that is?

[dgageot]

It's for lkt pkg build and lkt build. Anytime linuxkit tries to connect to Docker.
Let me try to rephrase what this PR is doing:

It adds the support to ssh: scheme to connect to a remote Docker.

Let's say I run those commands to create a dedicated context:

$ docker context create mybuilder --docker host=ssh://docker-remote
$ docker context use mybuilder
$ linuxkit build -docker linuxkit.yml
Extract kernel image: docker.io/linuxkit/kernel:5.10.104
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

Because linuxkit doesn't support ssh:* as a daemon url, it'll just connect locally, totally ignoring the docker context. And it'll do that silently because in the code, we swallow all the errors for the (good) reason that we should be able to build without docker. (The "Cannot connect" error I pasted, is not shown, I had to change the linuxkit code to show it)

[deitch]

OK got it.