Feature Request: support "use_ssh_client" parameter for Docker SSH connections

[MisterWS]

In attempting to use the community.docker collection with a Docker host I access via SSH, I have found that the current reliance on Paramiko is flaky, and does not support a lot of edge cases for SSH authentication. On doing a bit of research, I have found that the Docker SDK for Python recently added a new parameter use_ssh_client to allow the use of the local ssh client instead of the Paramiko module (see documentation here).

I think that this is called here:

community.docker/plugins/module_utils/common.py

Lines 261 to 264 in f2d16da

	# No TLS
	return dict(base_url=auth['docker_host'],
	version=auth['api_version'],
	timeout=auth['timeout'])

I made a quick and dirty change to these lines to try it out (by adding use_ssh_client=True to the dictionary), and it seems to work on my local machine! I'd like to submit a pull request - however, I've no idea what other changes I'd need to make in order to make this a configurable parameter instead of hard-coded, or what testing/regression testing I'd need to do to validate it didn't screw some other setup up!

Looking for advice/guidance from the group about how best to proceed - or happy for someone else to take this and run with it 🙂.

[MisterWS]

Details on the pull request that added the upstream functionality: docker/docker-py#2680

[felixfontein]

Sounds reasonable. I'll take a closer look tomorrow morning, it's time for bed now :)

[felixfontein]

Unfortunately that flag isn't mentioned in the changelog. It was added in docker/docker-py@180414d, which first apeared in docker-py 4.4.0. Since we support older versions as well, this makes adding support for it a bit more complicated.

I can implement this (probably this weekend) if you don't want to crawl through the details. Since the auth code is used by both plugins and modules, it will be a bit more tricky to handle it correctly (including returning a meaningful error message when this feature is used with an older docker-py version).

[felixfontein]

@MisterWS can you take a look at #114 and test whether it works for you?

[MisterWS]

Will do - will have a look tomorrow 🙂.

[MisterWS]

OK - so life got in the way a little bit! @felixfontein - have managed to test this with my specific use-case - and the PR works as advertised. Leaving the flag off the tasks continues to fails (as expected), but setting use_ssh_client: yes against the specific tasks connects and works!

One thing I've noticed (unrelated) - the docker_stack module doesn't accept a docker_host parameter like other modules do - as such, this function has to be used in a different way. Happy to raise a separate item about whether this can be added in future - for consistency?

[felixfontein]

OK - so life got in the way a little bit! @felixfontein - have managed to test this with my specific use-case - and the PR works as advertised. Leaving the flag off the tasks continues to fails (as expected), but setting use_ssh_client: yes against the specific tasks connects and works!

🎉

One thing I've noticed (unrelated) - the docker_stack module doesn't accept a docker_host parameter like other modules do - as such, this function has to be used in a different way. Happy to raise a separate item about whether this can be added in future - for consistency?

The docker_stack* modules (there are a few now) work completely different from the other modules, they call the docker CLI tool. I'm not 100% sure what the CLI tool does, but it definitely does not use paramiko (since it's written in Go). So the docker_stack* modules might not need this option at all.

[MisterWS]

Understood 👍