Closed meichthys closed 4 years ago
Yes, it should work (only I have tested it myself yet). The underlying aiodocker library supports it.
You can modify your configuration as follows with the url
:
monitor_docker:
- url: tcp://192.168.0.11:2376/
name: Docker
containers:
...
Needs to be tcp
, not http
.
@ualex73 Great news! I tried adding the 'url' parameter like you suggested:
# configuration.yaml entry
monitor_docker:
- url: tcp://10.0.7.12:2376/
name: Docker
containers:
- container_name
but i get the following:
aiodocker.exceptions.DockerError: DockerError(900, "Cannot connect to Docker Engine via tcp://10.0.7.12:2376/ [Connect call failed ('10.0.7.12', 2376)]")
I think i would need some kind of authentication to pass along with the url(?)
I will try to build a docker server with a remote tcp connection this tomorrow/weekend and test it.
Does the following work?
docker -H tcp://10.0.7.12:2376 ps
If that doesn't work, then you need to investigate that. You're sure your docker is listening on port 2376? it could be something else too.
@ualex73 Indeed, the docker -H tcp://10.0.7.12:2376 ps
command is not working on my machine. I'll need to look into that if i get a chance and report back.
I ran into this issue using Sanderhuisman version of this, I found a workaround using another docker container to espose the tcp ports (both securely and unsecurely) which I am still using.
https://github.com/Sanderhuisman/docker_monitor/issues/19#issuecomment-525962793
I used it on my Proxmox version of HAOS (Whiskey script) to get the conatiner running using Portainer as for the life of me could not get it to access the underlying docker on the install without some messing with the Supervisor and homeassistant containers.
I don't know if this is still the best way to do this but it works and saves messing with editing files etc and has worked on every docker instance I have with no problem.
@meichthys I tested it on my setup with a TCP connection, and it works 👍 Ofcourse, the "docker -H ... ps" need to work first.
@IAmTheDude Thanks for the comments, I will investigate TLS (SSL), then I can implement that open too.
@IAmTheDude I don't have a test Docker with TLS, but if you change the url to:
https://ip:2376
Then it should connect via TLS, according to the underlying code of aiodocker.
how to get it working tls?
[custom_components.monitor_docker.helpers]
Can not connect to Docker API (Missing protocol scheme in docker_host.)
monitor_docker
- name: RemoteDocker
url: https://docker.lan:2376
I have setup the certs according to this guide on the docker vm (proxmox) https://docs.docker.com/engine/security/https/
imported the certs on the client machine below and execute the command :
edit:
cat /etc/docker/daemon.json
{
"hosts": ["fd://", "tcp://0.0.0.0:2376"],
"data-root": "/mnt/dietpi_userdata/docker-data",
"tlscacert": "/etc/docker/certs/ca.pem",
"tlscert": "/etc/docker/certs/server-cert.pem",
"tlskey": "/etc/docker/certs/server-key.pem",
"tlsverify": true
}
Looked into the TLS code again, and https is set afterwards (oeps). I don't have TLS set, so it is difficult for me to test it.
I think the following should work: (1) set url to tcp://docker.lan:2376 (http:// is also allowed)
(2) set the following environment variables in Docker/your environment:
DOCKER_TLS_VERIFY=1
DOCKER_CERT_PATH=
I’ll take another look at this this afternoon, but I’m still working on getting a response when running the ‘docker tls-verify’ command.
Looked into the TLS code again, and https is set afterwards (oeps). I don't have TLS set, so it is difficult for me to test it.
I think the following should work: (1) set url to tcp://docker.lan:2376 (http:// is also allowed)
(2) set the following environment variables in Docker/your environment: DOCKER_TLS_VERIFY=1 DOCKER_CERT_PATH= (should be "/etc/docker/certs/" in your example, but needs to be mounted properly, if you run it inside a container)
made the necessary export on the client and adjusted the docker url but still an error
monitor_docker:
- name: RemoteDocker
url: tcp://docker.lan:2376
home/homeassistant/.homeassistant/custom_components/monitor_docker/__init__.py", line 74, in RunDocker
hass.data[DOMAIN][entry[CONF_NAME]][API] = DockerAPI(hass, entry)
File "/home/homeassistant/.homeassistant/custom_components/monitor_docker/helpers.py", line 102, in __init__
File "/srv/homeassistant/lib/python3.7/site-packages/aiodocker/docker.py", line 166, in version
File "/srv/homeassistant/lib/python3.7/site-packages/aiodocker/docker.py", line 297, in _query_json
File "/srv/homeassistant/lib/python3.7/site-packages/aiodocker/utils.py", line 309, in __aenter__
File "/srv/homeassistant/lib/python3.7/site-packages/aiodocker/docker.py", line 229, in _do_query
File "/srv/homeassistant/lib/python3.7/site-packages/aiodocker/docker.py", line 181, in _check_version
File "/srv/homeassistant/lib/python3.7/site-packages/aiodocker/docker.py", line 297, in _query_json
File "/srv/homeassistant/lib/python3.7/site-packages/aiodocker/utils.py", line 309, in __aenter__
File "/srv/homeassistant/lib/python3.7/site-packages/aiodocker/docker.py", line 266, in _do_query
raise DockerError(response.status, {"message": what.decode("utf8")})
aiodocker.exceptions.DockerError: DockerError(400, 'Client sent an HTTP request to an HTTPS server.\n')
Strange, if you set the environment values correctly (that is what I tested), it tries to connect with HTTPS/TLS. Not sure where this error comes from. I am not sure what wrong here, it almost looks like the Home Assistant instance doesn't have the environment variables set properly. I will add this type of information to the debug logging, makes troubleshooting easier.
Can you replace the "helpers.py" with the one in the repository? You can do this like:
cd ~/custom_components/monitor_docker
rm helpers.py
wget https://raw.githubusercontent.com/ualex73/monitor_docker/master/custom_components/monitor_docker/helpers.py
Also add the following your logging section of HA:
logger:
logs:
custom_components.monitor_docker: debug
And then restart your HA.
Then you need to see something like:
2020-06-21 18:16:24 DEBUG (Thread-2) [custom_components.monitor_docker.helpers] Docker URL is 'tcp://192.168.1.1:2376'
2020-06-21 18:16:24 DEBUG (Thread-2) [custom_components.monitor_docker.helpers] Docker environment set for 'DOCKER_TLS_VERIFY=1'
2020-06-21 18:16:24 DEBUG (Thread-2) [custom_components.monitor_docker.helpers] Docker environment set for 'DOCKER_CERT_PATH=/var/tmp/cert'
If you don't see those 2 last lines, there is an issue with your environment variables.
Really strange my environment variables are correct as per screenshot below. I am running home assistant as venv setup.
It still thinks the environment are not set
This confirms the environment variables aren't passed to HA. I added some code to the master branch (const.py/init.py/helpers.py you need to download) to workaround your environment issues (it is possible your venv doesn't pick it up correctly out of /etc).
I added a 'certpath' parameter, this will explicitly set the docker environment variables for you.
monitor_docker:
- name: Docker
url: tcp://192.168.1.1:2376
certpath: /etc/certpath
containers:
- appdaemon
...
...
@ualex73 just tested, it now works thank you very much for your patience and follow up.
I prefer to securely expose my Docker API this way.
@elRadix Thanks for the confirmation and testing it (I couldn't test the TLS option myself). This "certpath" option will be also included in the next official release in HACS (currently it is only in the main repository).
Yes, i agree the TLS is only option to go when using TCP (there doesn't seem to be any other authentication option?).
I believe all is fixed in the latest 1.0/1.1 releases. Please open a new issue if the problem persist, with 'fresh' logging/information.
From what I've read, this integration is meant to report the stats from containers running on the same machine as home-assistant.
Is it possible to use this integration with a remote docker host? Something like: