Docker綁定Remote API端口

Docker官方提供了Go、Python兩種不同的SDK和HTTP形式的API，不熟悉Go語言，嘗試了一下Python的SDK。Docker官方的Python SDK是針對2.x版本的，就直接在CentOS的Python2.7.5上進行了測試，可是卻出現了錯誤：

# python
Python 2.7.5 (default, Aug  4 2017, 00:39:18) 
[GCC 4.8.5 20150623 (Red Hat 4.8.5-16)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import docker
/usr/lib/python2.7/site-packages/requests/__init__.py:80: RequestsDependencyWarning: urllib3 (1.22) or chardet (2.2.1) doesn't match a supported version!
  RequestsDependencyWarning)
>>>

第一條import竟然就出現了問題，考慮了項目的實際場景，決定暫時方式研究python API，改向HTTP API。

按照官網文檔的說明，直接運行：

# curl --unix-socket /var/run/docker.sock http:/v1.35/containers/json?all=true
[{"Id":"af08e69d49be5db6caaf24e1509b69e07baea24f6ac7633b74e76bb3e88aa981","Names":["/boring_booth"],"Image":"demo:latest","ImageID":"sha256:a432acdcjkb22ac42819b9dd53b87930e9016b64eb0a63707f9698e1d90e8a6a","Command":"/bin/bash","Created":1515726419,"Ports":[],"Labels":{"build-date":"20171128","license":"GPLv2","name":"CentOS Base Image","vendor":"CentOS"},"State":"exited","Status":"Exited (0) 17 seconds ago","HostConfig":{"NetworkMode":"default"},"NetworkSettings":{"Networks":{"bridge":{"IPAMConfig":null,"Links":null,"Aliases":null,"NetworkID":"3125372fde203e6916bc96502ef5951670cbc558e4e0069cc51f8f05dc19a45f","EndpointID":"","Gateway":"","IPAddress":"","IPPrefixLen":0,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"","DriverOpts":null}}},"Mounts":[]}]

很顯然上面的命令形式，並不適合在遠程使用HTTP調用，要想在遠程使用，就需要暴露管理端口。修改/etc/docker/daemon.json（如果該文件不存在，就新建一個），增加hosts配置：

{
   "hosts": ["unix:///var/run/docker.sock", "0.0.0.0:4789"]
}

後面就指定了可以在主機任意IP上訪問Docker的API，建議這裏改爲固定值，可以減少暴露，降低風險。然後重新啓動docker服務。

# systemctl daemon-reload
# systemctl restart docker
# systemctl -l status docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2018-01-12 14:22:13 CST; 6s ago
     Docs: https://docs.docker.com
 Main PID: 21991 (dockerd)
   Memory: 28.6M
   CGroup: /system.slice/docker.service
           ├─21991 /usr/bin/dockerd
           └─21998 docker-containerd --config /var/run/docker/containerd/containerd.toml

......
Jan 12 14:22:13 plouto-docker-host-01 systemd[1]: Started Docker Application Container Engine.
Jan 12 14:22:13 plouto-docker-host-01 dockerd[21991]: time="2018-01-12T14:22:13.397856641+08:00" level=info msg="API listen on 0.0.0.0:4789"
Jan 12 14:22:13 plouto-docker-host-01 dockerd[21991]: time="2018-01-12T14:22:13.397938735+08:00" level=info msg="API listen on /var/run/docker/sock"

從上面可以看出已經綁定了4789端口，下面換臺可以訪問該主機的另一臺主機測試下：

# curl http://192.168.1.21:4789/containers/json?all=true
[{"Id":"af08e69d49be5db6caaf24e1509b69e07baea24f6ac7633b74e76bb3e88aa981","Names":["/boring_booth"],"Image":"demo:latest","ImageID":"sha256:a432acdcjkb22ac42819b9dd53b87930e9016b64eb0a63707f9698e1d90e8a6a","Command":"/bin/bash","Created":1515726419,"Ports":[],"Labels":{"build-date":"20171128","license":"GPLv2","name":"CentOS Base Image","vendor":"CentOS"},"State":"exited","Status":"Exited (0) 17 seconds ago","HostConfig":{"NetworkMode":"default"},"NetworkSettings":{"Networks":{"bridge":{"IPAMConfig":null,"Links":null,"Aliases":null,"NetworkID":"3125372fde203e6916bc96502ef5951670cbc558e4e0069cc51f8f05dc19a45f","EndpointID":"","Gateway":"","IPAddress":"","IPPrefixLen":0,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"","DriverOpts":null}}},"Mounts":[]}]