Docker login through ssh tunneling


#1

Hello,

I use CircleCI to test my product then build docker packages, docker tag, docker login and docker push them.
I am trying to reproduce what I did with CC1.0 :

  • Create my docker package locally
  • Add my domain to /etc/hosts as 127.0.0.1 mydomain.com
  • Set up a SSH tunnel binding local port 5000 to my remote server 5000 port
  • Docker Login on mydomain.com:5000 (real login is done through SSH tunnel)
  • Docker push my local docker to domain.com:5000 (127.0.0.1:5000) which in fact push to the remote server

It seems a bit complex but it is a simple solution for private docker registries

With CCI2.0 I understand that I have to use the setup_remote_docker step. But I am struggling for hours on this, trying to have my ssh tunnel (created in the deploy command) used by the docker engine. But the engine keeps failing docker login with https://domain.com:5000/v1/users/: dial tcp AAA.BBB.CCC.DDD:5000: i/o timeout. The docker engine does not take into account my /etc/hosts (nor my ssh tunnel I think).

With CCI2.0, is there a way to have my ssh tunnel and my local /etc/hosts configuration used by docker engine ?

Best regards,

Karim


#2

At the top of https://circleci.com/docs/2.0/building-docker-images/ you’ll see:

For security reasons, the Docker Executor doesn’t allow building Docker images within a job space.

To help users build, run, and publish new images, we’ve introduced a special feature which creates a separate environment for each build. This environment is remote, fully-isolated and has been configured to execute Docker commands.

I’m thinking this is why this isn’t working for you. Using setup_remote_docker sets up a remote Docker instance to run, which isn’t in your current environment, thus not reading /etc/hosts.

My first instinct would be to try this using the machine executor instead of docker. That would run Docker locally, within the build VM, meaning you’d have a much better chance of this working.


#3

You’d need to use the machine executor, not the base docker executor. Since it is a remote environment, your SSH tunnel and /etc/hosts aren’t reachable.


#4

hello karim, did you ever find a resolution to this i am running into the same issue.


#5

I moved back to cci 1.0 for this repository. I will try machine executor when i have more time


#6

This topic was automatically closed 41 days after the last reply. New replies are no longer allowed.