Running WebTunnelAgent in docker

[nhi-vanye]

I'm looking to run the WebTunnelAgent (as proof of concept) in a container and I'm getting confused about the port mapping in docker vs the ports in the agent.

My use case is to support remote management (ssh) of a software appliance that comprises a number of containers in a VM. Adding a container to run the remote agent is preferred to running the agent on the host itself.

How does the webtunnel.host relate to the container ? Using 127.0.0.1 means the container, should this be the host ip address instead.

Have people been running this on the host network or using port mapping ?

I'm assuming that I need the ssh binary in the docker container, but do I need sshd as well ?

I think I've tried the various combinations but no success - it seems that there has been some communication because it (WebTunnelSSH) seems to fail at ssh handshake.

[obiltschnig]

Interesting use case. You'll have to see all IP addresses and ports from the point of your container running WebTunnelAgent. So if you need to access a different container's shell via ssh, you'll have to make that container's SSH port visible/accessible to the container running WebTunnelAgent. Try running ssh from the WebTunnelAgent container to your application's container, and note the IP address and port number used. Then use that IP address for webtunnel.host in your WebTunnelAgent.properties file. If the application container's SSH port is mapped to a different port, or a port other than default 22 in your container, make sure that this port number is included in the webtunnel.ports setting.

When running WebTunnelSSH, make sure to specify your device's URI (take the URI from the link under the device name in the Remote Manager Dashboard). If the target SSH port is not 22, use the --remote-port or -R option to specify it when running WebTunnelSSH.

Hope this helps.

[nhi-vanye]

Yes it did Gunther. Thanks

What I needed to do was make sure I was using the correct SSH keys at both the WebTunnelAgent and WebTunnelSSH (only public/private keys are used throughout my configuration) - I think my issues was that I didn't have a valid set of (public and private) keys inside the container so that when it initiated the outgoing ssh connection to the host it had to fall back to password auth. I was stupid in that I kept thinking it was trying to use passwords to access the sshd in the container...

Any chance of adding support for description or tags as properties on WebTunnelAgent that can be set without needing to compile. I can do a pull request but am not sure which of the various repositories is the master for WebTunnelAgent...

[obiltschnig]

Yes, I will add a feature to set arbitrary device properties including tags to the SDK this week. For now, master repository for the Remote Manager SDK is still https://github.com/my-devices/sdk. This will probably consolidated to the macchina-io organization at one point in the future.