Well! This unix tool is pretty amazing. Socat let’s you connect two things together, there the two things are pretty much anything that might behave like a stream. There is a nice overview article written in 2009 over here. You can do crazy things like make a device on machine A available on a machine B. Running this command on A will bring us to machine B’s /dev/random:
socat \ PIPE:/tmp/machine_a_urandom \ SYSTEM:"ssh machine_a socat - /dev/urandom"
What brought this up, you ask.
I have been up machines to run Docker Containers on, at Digital Ocean, for short periods of time to run batch jobs. Docker’s deamon listens on a unix socket, /var/run/docker.sock, for your instructions. I develop on my Mac, so I need to transmit my instructions to the VM at Digital Ocean. Let’s call him mr-doh.
One option is to reconfigure mr-doh’s Docker deamon to listening on localhost tcp port. Having done that you can have ssh forward that back to your Mac and then your set/export the DOCKER_HOST environment variable and your good to go.
The problem with that is it adds the work of spinning up mr-doh, which if your only going to have him running for a short period of time adds to the tedium.
Well, as we can see in the /dev/urandom example above you can use socat to forward things. That might look like this:
socat \ "UNIX-LISTEN:/tmp/mr-doh-docker.sock,reuseaddr,fork" \ "EXEC:'ssh -kTax root@mr-doh.example.com socat STDIO UNIX-CONNECT\:/var/run/docker.sock'" &
Which will fork a soccat to manages /tmp/mr-doh-docker.sock. We can then teach the docker client on the Mac to use that by doing:
export DOCKER_HOST=unix:///tmp/mr-doh-docker.sock When the client uses it socat will fire up ssh and connect to the docker deamon's socket on mr-doh. Of course for this to work you'll want to have your ssh key installed in root@mr-doh's authorized_keys etc.
For your enjoyment is a somewhat raw script which will arrange to bring the /var/run/docker.sock from mr-doh back home. get-docker-socket-from-remote prints the export command you’ll need.
It’s cool that docker supports TLS. You have to setup and manage keys etc. So, that’s another approach.