Docker Daemon Config - Opening ports for dockerd

english
#1

I want to open up TCP to the docker daemon so that Jenkins can build containers against it.

I'm getting lots of info about how to do this. Hoping to get the best method.

Goals of dockerd:

  • Listen over TCP and local unix socket.
  • Persistence through reboots.
  • Host-Specific Authorization for security. Only allow access from specific host. (could be done w/ iptables)

This is an Ubuntu Xenial host.

Current Dockerd Run Info: 

root@host:# ps -ef |grep dockerd
root      1171     1  0 17:51 ?        00:00:04 /usr/bin/dockerd -H fd://

Docker config snippet (/etc/init/docker.conf): 

post-start script
        DOCKER_OPTS=
        DOCKER_SOCKET=
        if [ -f /etc/default/$UPSTART_JOB ]; then
                . /etc/default/$UPSTART_JOB
        fi

        if ! printf "%s" "$DOCKER_OPTS" | grep -qE -e '-H|--host'; then
                DOCKER_SOCKET=/var/run/docker.sock
        else
                DOCKER_SOCKET=$(printf "%s" "$DOCKER_OPTS" | grep -oP -e '(-H|--host)\W*unix://\K(\S+)' | sed 1q)
        fi

        if [ -n "$DOCKER_SOCKET" ]; then
                while ! [ -e "$DOCKER_SOCKET" ]; do
                        initctl status $UPSTART_JOB | grep -qE "(stop|respawn)/" && exit 1
                        echo "Waiting for $DOCKER_SOCKET"
                        sleep 0.1
                done
                echo "$DOCKER_SOCKET is up"
        fi
end script

How should I go about this?

#2

Found an applicable and clean answer on this blog

Steps:

Edit This file: 

sudo vi /lib/systemd/system/docker.service

Look for the existing ExecStart line:

ExecStart=/usr/bin/docker daemon -H fd://

Add your desired config: 

ExecStart=/usr/bin/docker daemon -H fd:// -H tcp://0.0.0.0:3272

Restart:

systemctl daemon-reload
sudo service docker restart

After that, my daemon was listening on 3272 and was ready to go!

#3

I had a similar challenge. When I started looking to begin moving some systems from Ubuntu 14.04 to Ubuntu 16.04. My goal was to use one dockerd configuration file with dockerd flags (DOCKER_OPTS) for both Ubuntu 16.04 (systemd) and Ubuntu 14.04 (Upstart) other than /etc/docker/daemon.json. I chose not to use /etc/docker/daemon.json for docker daemon configuration because json does not support comments.

I wanted a systemd design to use an override file, which only modifies dockerd flags. It uses the default Docker systemd configuration file (/lib/systemd/system/docker.service) for other Docker settings. Another objective was to customise systemd on each system after each change or boot.

It solves my challenge. It may help you.

git clone https://github.com/BradleyA/docker-security-infrastructure
cd docker-security-infrastructure/dockerd-configuration-options
more README.md