Docker绑定Remote API端口

Docker官方提供了Go、Python两种不同的SDK和HTTP形式的API，不熟悉Go语言，尝试了一下Python的SDK。Docker官方的Python SDK是针对2.x版本的，就直接在CentOS的Python2.7.5上进行了测试，可是却出现了错误：

# python
Python 2.7.5 (default, Aug  4 2017, 00:39:18) 
[GCC 4.8.5 20150623 (Red Hat 4.8.5-16)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import docker
/usr/lib/python2.7/site-packages/requests/__init__.py:80: RequestsDependencyWarning: urllib3 (1.22) or chardet (2.2.1) doesn't match a supported version!
  RequestsDependencyWarning)
>>>

第一条import竟然就出现了问题，考虑了项目的实际场景，决定暂时方式研究python API，改向HTTP API。

按照官网文档的说明，直接运行：

# curl --unix-socket /var/run/docker.sock http:/v1.35/containers/json?all=true
[{"Id":"af08e69d49be5db6caaf24e1509b69e07baea24f6ac7633b74e76bb3e88aa981","Names":["/boring_booth"],"Image":"demo:latest","ImageID":"sha256:a432acdcjkb22ac42819b9dd53b87930e9016b64eb0a63707f9698e1d90e8a6a","Command":"/bin/bash","Created":1515726419,"Ports":[],"Labels":{"build-date":"20171128","license":"GPLv2","name":"CentOS Base Image","vendor":"CentOS"},"State":"exited","Status":"Exited (0) 17 seconds ago","HostConfig":{"NetworkMode":"default"},"NetworkSettings":{"Networks":{"bridge":{"IPAMConfig":null,"Links":null,"Aliases":null,"NetworkID":"3125372fde203e6916bc96502ef5951670cbc558e4e0069cc51f8f05dc19a45f","EndpointID":"","Gateway":"","IPAddress":"","IPPrefixLen":0,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"","DriverOpts":null}}},"Mounts":[]}]

很显然上面的命令形式，并不适合在远程使用HTTP调用，要想在远程使用，就需要暴露管理端口。修改/etc/docker/daemon.json（如果该文件不存在，就新建一个），增加hosts配置：

{
   "hosts": ["unix:///var/run/docker.sock", "0.0.0.0:4789"]
}

后面就指定了可以在主机任意IP上访问Docker的API，建议这里改为固定值，可以减少暴露，降低风险。然后重新启动docker服务。

# systemctl daemon-reload
# systemctl restart docker
# systemctl -l status docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2018-01-12 14:22:13 CST; 6s ago
     Docs: https://docs.docker.com
 Main PID: 21991 (dockerd)
   Memory: 28.6M
   CGroup: /system.slice/docker.service
           ├─21991 /usr/bin/dockerd
           └─21998 docker-containerd --config /var/run/docker/containerd/containerd.toml

......
Jan 12 14:22:13 plouto-docker-host-01 systemd[1]: Started Docker Application Container Engine.
Jan 12 14:22:13 plouto-docker-host-01 dockerd[21991]: time="2018-01-12T14:22:13.397856641+08:00" level=info msg="API listen on 0.0.0.0:4789"
Jan 12 14:22:13 plouto-docker-host-01 dockerd[21991]: time="2018-01-12T14:22:13.397938735+08:00" level=info msg="API listen on /var/run/docker/sock"

从上面可以看出已经绑定了4789端口，下面换台可以访问该主机的另一台主机测试下：

# curl http://192.168.1.21:4789/containers/json?all=true
[{"Id":"af08e69d49be5db6caaf24e1509b69e07baea24f6ac7633b74e76bb3e88aa981","Names":["/boring_booth"],"Image":"demo:latest","ImageID":"sha256:a432acdcjkb22ac42819b9dd53b87930e9016b64eb0a63707f9698e1d90e8a6a","Command":"/bin/bash","Created":1515726419,"Ports":[],"Labels":{"build-date":"20171128","license":"GPLv2","name":"CentOS Base Image","vendor":"CentOS"},"State":"exited","Status":"Exited (0) 17 seconds ago","HostConfig":{"NetworkMode":"default"},"NetworkSettings":{"Networks":{"bridge":{"IPAMConfig":null,"Links":null,"Aliases":null,"NetworkID":"3125372fde203e6916bc96502ef5951670cbc558e4e0069cc51f8f05dc19a45f","EndpointID":"","Gateway":"","IPAddress":"","IPPrefixLen":0,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"","DriverOpts":null}}},"Mounts":[]}]