Machine: Managing local unix-socket based docker via docker-machine

What about just adding the host without specifying the driver?
docker-machine create --url=unix:///var/run/docker.sock localbox

$ docker-machine create --url=unix:///var/run/docker.sock localbox
$ docker-machine env localbox
export DOCKER_TLS_VERIFY=1
export DOCKER_CERT_PATH="/Users/myuser/.docker/machine/machines/localbox"
export DOCKER_HOST=unix:///var/run/docker.sock

# Run this command to configure your shell: eval "$(docker-machine env localbox)"

ps: I'm on MacOSX so I don't have an actual docker daemon running on the above mentioned socket. However it didn't complain about certs during the eval.

Adding the host without specifying the driver is the same as -d none, AFAIK...
Just to clarify, I get the CA cert error when I attempt to run any docker commands after running the eval:

$ eval "$(docker-machine env)"
$ docker ps
Couldn't read ca cert /home/development/.docker/machine/machines/localbox/ca.pem: open /home/development/.docker/machine/machines/localbox/ca.pem: no such file or directory

The problem is that since DOCKER_TLS_VERIFY=1 gets set as part of the eval, the client will attempt to use TLS to talk to the local daemon via the unix socket, which fails as I haven't setup any certs for my local daemon.

I'm a fan of detecting any hosts listening at /var/run/docker.sock and displaying them in docker-machine ls by default, so maybe we can make this work somehow.

Any workaround for this? I cannot use docker virtualbox machines on windows at all due to certificate signed by unknown authority

docker run hello-world
Unable to find image 'hello-world:latest' locally
Pulling repository docker.io/library/hello-world
Error while pulling image: Get https://index.docker.io/v1/repositories/library/hello-world/images: x509: certificate signed by unknown authority

Normally if you are managing local stuff you can just not use docker-machine. I wanted to use PyCharm with docker, and PyCharm only manages docker via docker-machine. In this case I could work around it, to some degree, by writing a fake docker-machine shell script that emulated docker-machine for local docker.

@dobesv - could I grab a copy of that script, I have exactly the same use case :-)

@martynsmith

You can get the script in the PyCharm issue tracker: https://youtrack.jetbrains.com/issue/PY-17454

Can I +1 this? I use HSM-based (Yubikey Neo) SSH keys for my remote hosts and am not a fan of using filesystem files (client keys/certs), especially _unencrypted_ ones, for auth to my docker hosts (malware could easily steal them). I'm currently using a wacky gpg-agent+socat+ssh setup to create local sockets that run over a persistent, key-based ssh link to the remotes - I talk to docker only over the socket and not via TLS.

I use multiple hosts this way, with different local socket paths.

Being able to just add local socket paths (with env showing DOCKER_TLS_VERIFY=0) to docker-machine would be awesome, because then I can fit them into my existing docker-machine env workflows.

Any progress on this?

user@host:~$ docker-machine create localhost -d none --url unix:///var/run/docker.sock
Running pre-create checks...
Creating machine...
To see how to connect your Docker Client to the Docker Engine running on this virtual machine, run: docker-machine env localhost
user@host:~$ docker-machine ls
NAME        ACTIVE   DRIVER   STATE     URL                           SWARM   DOCKER     ERRORS
localhost   -        none     Running   unix:///var/run/docker.sock           v18.09.0   
user@host:~$ docker-machine env localhost
Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "": dial tcp: missing address
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which might stop running containers.

user@host:~$ docker --version
Docker version 18.09.0, build 4d60db4
user@host:~$ docker-machine --version
docker-machine version 0.16.0, build 702c267f
user@host:~$ 

Even after more than five years, this feature is still needed.

I need to create an instance that could be managed from my host using the standard /var/run/docker.sock socket so that applications could use it.

Something like:

docker-machine create default --driver vmware --url unix:///var/run/docker.sock

But it's returning flag provided but not defined: -url.

docker-machine is abandonware, and Docker the company seems more interested in shipping proprietary, closed-source spyware (such as Docker Desktop, or Docker for Windows) than things like docker-machine.

It's time to find a new tool.