Home > database >  Link docker.sock in /var/run
Link docker.sock in /var/run

Time:09-21

<TL;DR>
I have a binary tool that relies on docker UNIX socket /var/run/docker.sock
I am running the binary in a Gitlab CI job, thus having a docker on a TCP socket tcp://docker:2375
How to bind UNIX socket /var/run/docker.sock with TCP tcp://docker:2375?
</TL;DR>

[What I have]

  • I use Gitlab pipelines with Docker-in-Docker. Docker works perfectly
  • ```yml
services:
  - docker:19-dind
variables:
  DOCKER_HOST: tcp://docker:2375
  DOCKER_TLS_CERTDIR: ""
```
  • I use twistcli (PaloAlto/PrismaCloud) to do runtime image scanning

[The problem]

  • Twistcli looks for UNIX socket /var/run/docker.sock (hardcoded in the binary no cli flag for changing that (see here))
  • Docker daemon is here available with a TCP socket tcp://docker:2375 (see here)

[What I tried]

# TEST 1
ln -s tcp://docker:2375 /var/run/docker.sock
./twistcli sandbox image_to_scan
ERROR: Get "http://unix.sock/version": dial unix /var/run/docker.sock: connect: no such file or directory

# TEST 2
touch /var/run/docker.sock
socat -v TCP-LISTEN:docker:2375,fork UNIX-CONNECT:/var/run/docker.sock
./twistcli sandbox image_to_scan
ERROR: cannot connect to Docker endpoint

# TEST 3 (@larsks' proposition)
socat -v tcp-connect:docker:2375 unix-listen:/var/run/docker.sock,fork
ERROR: Failed to extract Platform data from docker version: failed to fetch docker api version 'Get "http://unix.sock/version": EOF'

[My question]

  • How to trick the system so /var/run/docker.sock actually points to the tcp://docker:2375 docker.sock ?

CodePudding user response:

You have the right idea with your socat command, but you have your parameters backwards. You already have a Docker daemon listening on port 2375, so you don't want socat to listen on that address: You want socat to listen on the unix socket, and proxy connections to the TCP socket:

socat -v tcp-connect:docker:2375 unix-listen:/var/run/docker.sock,fork

With this in place, I can successfully access a TCP-enabled remote docker daemon using a local Unix socket.

CodePudding user response:

thank you for your help!

Inverting the 2 helps. Docker daemon seems reachable... but only "a little bit" sort of. Now I have a Failed to extract Platform data from docker version: failed to fetch docker api version 'Get "http://unix.sock/version": EOF'

./twistcli sandbox 1/2 (gitlab)
./twistcli sandbox 2/2 (gitlab)
(Sorry, I need 10 reputation to post images)

Same happened on WSL2 on which I also socat the docker.sock:
./twistcli sandbox 1/1 (wsl2)

I have to admit I am a bit confused on having the docker.sock "partially working"

Cheers,

Page link:https//www.codepudding.com/database/552310.html

Prev:Connection refused listing fluentd plugins via in_monitor_agent
Next:docker compose exec mysqldump prints sql instead of writing it
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding