0

I am trying to connect to docker daemon running on a remote host (a camera running on a remote location).

Steps followed:

I have followed the steps in the docker documentation in order to create the certificates needed for this. After this, I have uploaded the certificates to the remote server and I have initialized docker daemon. The log messages indicate that docker daemon is running and listening:

2021-12-14T11:09:18.871+01:00 axis-b8a44f0e633b [ INFO    ] dockerdwrapper[32307]: Started logging.
2021-12-14T11:09:18.900+01:00 axis-b8a44f0e633b [ INFO    ] dockerdwrapper[32307]: Starting dockerd in TLS mode using SD card as storage.
2021-12-14T11:09:19.307+01:00 axis-b8a44f0e633b [ INFO    ] dockerdwrapper[32314]: time="2021-12-14T11:09:19.305675739+01:00" level=info msg="Starting up"
2021-12-14T11:09:19.316+01:00 axis-b8a44f0e633b [ INFO    ] dockerdwrapper[32314]: time="2021-12-14T11:09:19.315363522+01:00" level=info msg="parsed scheme: \"unix\"" module=grpc
2021-12-14T11:09:19.316+01:00 axis-b8a44f0e633b [ INFO    ] dockerdwrapper[32314]: time="2021-12-14T11:09:19.315509937+01:00" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
2021-12-14T11:09:19.317+01:00 axis-b8a44f0e633b [ INFO    ] dockerdwrapper[32314]: time="2021-12-14T11:09:19.315661800+01:00" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///run/containerd/containerd.sock  <nil> 0 <nil>}] <nil> <nil>}" module=grpc
2021-12-14T11:09:19.317+01:00 axis-b8a44f0e633b [ INFO    ] dockerdwrapper[32314]: time="2021-12-14T11:09:19.316791271+01:00" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
2021-12-14T11:09:19.326+01:00 axis-b8a44f0e633b [ INFO    ] dockerdwrapper[32314]: time="2021-12-14T11:09:19.324681745+01:00" level=info msg="parsed scheme: \"unix\"" module=grpc
2021-12-14T11:09:19.326+01:00 axis-b8a44f0e633b [ INFO    ] dockerdwrapper[32314]: time="2021-12-14T11:09:19.324845221+01:00" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
2021-12-14T11:09:19.326+01:00 axis-b8a44f0e633b [ INFO    ] dockerdwrapper[32314]: time="2021-12-14T11:09:19.325024579+01:00" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///run/containerd/containerd.sock  <nil> 0 <nil>}] <nil> <nil>}" module=grpc
2021-12-14T11:09:19.326+01:00 axis-b8a44f0e633b [ INFO    ] dockerdwrapper[32314]: time="2021-12-14T11:09:19.325135502+01:00" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
2021-12-14T11:09:19.411+01:00 axis-b8a44f0e633b [ INFO    ] dockerdwrapper[32314]: time="2021-12-14T11:09:19.408483444+01:00" level=info msg="[graphdriver] using prior storage driver: overlay2"
2021-12-14T11:09:19.434+01:00 axis-b8a44f0e633b [ INFO    ] dockerdwrapper[32314]: time="2021-12-14T11:09:19.430353521+01:00" level=warning msg="Your kernel does not support swap memory limit"
2021-12-14T11:09:19.434+01:00 axis-b8a44f0e633b [ INFO    ] dockerdwrapper[32314]: time="2021-12-14T11:09:19.430512819+01:00" level=warning msg="Your kernel does not support CPU realtime scheduler"
2021-12-14T11:09:19.434+01:00 axis-b8a44f0e633b [ INFO    ] dockerdwrapper[32314]: time="2021-12-14T11:09:19.431814516+01:00" level=info msg="Loading containers: start."
2021-12-14T11:09:20.103+01:00 axis-b8a44f0e633b [ INFO    ] dockerdwrapper[32314]: time="2021-12-14T11:09:20.102087081+01:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"
2021-12-14T11:09:20.377+01:00 axis-b8a44f0e633b [ INFO    ] dockerdwrapper[32314]: time="2021-12-14T11:09:20.375156590+01:00" level=info msg="Loading containers: done."
2021-12-14T11:09:20.530+01:00 axis-b8a44f0e633b [ INFO    ] dockerdwrapper[32314]: time="2021-12-14T11:09:20.528313336+01:00" level=info msg="Docker daemon" commit=unsupported graphdriver(s)=overlay2 version=dev
2021-12-14T11:09:20.530+01:00 axis-b8a44f0e633b [ INFO    ] dockerdwrapper[32314]: time="2021-12-14T11:09:20.529844450+01:00" level=info msg="Daemon has completed initialization"
2021-12-14T11:09:20.663+01:00 axis-b8a44f0e633b [ INFO    ] dockerdwrapper[32314]: time="2021-12-14T11:09:20.662757526+01:00" level=info msg="API listen on [::]:2376"

When running netstat -anp |grep 2376 I get: tcp 0 0 :::2376 :::*LISTEN 31526/dockerd.

Issue:

However, when I try to make a call from the client (my laptop at home) using:

sudo docker -D --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem -H=<camera_ip_address>:2376 images

I get the following response:

DEBU[0062] FIXME: Got an status-code for which error does not match any expected type!!!: -1  module=api status_code=-1
Cannot connect to the Docker daemon at tcp://<camera_ip_address>:2376. Is the docker daemon running

My suspicion:

Since docker daemon seems to be running correctly and listing on the right port on the remote server, I believe the issue could be related to the DNS and IP address that I'm setting during the creation of the certificates. However, the information that I have found is that a docker container inherits the DNS settings of the host.

I'm using the host (in my case a camera) DNS and the IP that I'm setting is the one that I use to ssh into the host from my laptop.

s0x
  • 73
  • 1
  • 4
  • Can you connect to the port with other tools (netcat, telnet, or curl), remotely, or from the host itself, using the host's public ip and not loopback? What are the firewall policies on the host and network? – BMitch Dec 14 '21 at 11:48
  • Replaced the screenshot with text. I cannot connect with other tools remotely. By using nmap I see that said port is filtered so but I would expect that being that I need certificates to access it: `2376/tcp filtered docker` – s0x Dec 14 '21 at 12:18

0 Answers0