Beispiel #1
0
func NewServiceRuntime(configStore *config.Store, dns, hostIP string) *ServiceRuntime {
	var err error
	var client *docker.Client

	dockerZero, err := dockerBridgeIp()
	if err != nil {
		log.Fatalf("ERROR: Unable to find docker0 bridge: %s", err)
	}

	endpoint := GetEndpoint()

	if certPath := os.Getenv("DOCKER_CERT_PATH"); certPath != "" {
		cert := certPath + "/cert.pem"
		key := certPath + "/key.pem"
		ca := certPath + "/ca.pem"
		client, err = docker.NewTLSClient(endpoint, cert, key, ca)
	} else {
		client, err = docker.NewClient(endpoint)
	}

	if err != nil {
		log.Fatalf("ERROR: Unable to initialize docker client: %s: %s", err, endpoint)
	}

	client.HTTPClient.Timeout = 60 * time.Second

	return &ServiceRuntime{
		dns:          dns,
		configStore:  configStore,
		hostIP:       hostIP,
		dockerIP:     dockerZero,
		dockerClient: client,
	}
}
Beispiel #2
0
func main() {
	flag.Parse()

	log.SetOutput(os.Stdout)
	log.SetLevel(log.DebugLevel)

	var client *docker.Client
	if os.Getenv("DOCKER_HOST") != "" {
		var err error
		certPath := os.Getenv("DOCKER_CERT_PATH")
		client, err = docker.NewTLSClient(os.Getenv("DOCKER_HOST"), path.Join(certPath, "cert.pem"), path.Join(certPath, "key.pem"), path.Join(certPath, "ca.pem"))
		if err != nil {
			log.Fatal(err)
		}
	} else {
		var err error
		client, err = docker.NewClient("unix:///var/run/docker.sock")
		if err != nil {
			log.Fatal(err)
		}
	}

	handler := Handler{docker: client, domain: fmt.Sprintf("%s.", *domain)}

	server := dns.Server{}
	server.Handler = &handler
	server.Net = *network
	server.Addr = *addr

	err := server.ListenAndServe()
	if err != nil {
		log.Fatal(err)
	}
}
Beispiel #3
0
func newDockerClient() (*docker.Client, error) {
	if len(*tlscert) == 0 {
		return docker.NewClient(*serverIP)
	} else {
		return docker.NewTLSClient(*serverIP, *tlscert, *tlskey, *tlscacert)
	}
}
Beispiel #4
0
// dockerClient creates *docker.Client. In test / dev mode we can use ENV vars
// to connect to the docker daemon. In production mode we will read
// docker.endpoint from the config file.
func (d *DockerDriver) dockerClient() (*docker.Client, error) {
	if client != nil {
		return client, nil
	}

	var err error
	createClient.Do(func() {
		// Default to using whatever is configured in docker.endpoint. If this is
		// not specified we'll fall back on NewClientFromEnv which reads config from
		// the DOCKER_* environment variables DOCKER_HOST, DOCKER_TLS_VERIFY, and
		// DOCKER_CERT_PATH. This allows us to lock down the config in production
		// but also accept the standard ENV configs for dev and test.
		dockerEndpoint := d.config.Read("docker.endpoint")
		if dockerEndpoint != "" {
			cert := d.config.Read("docker.tls.cert")
			key := d.config.Read("docker.tls.key")
			ca := d.config.Read("docker.tls.ca")

			if cert+key+ca != "" {
				d.logger.Printf("[DEBUG] driver.docker: using TLS client connection to %s", dockerEndpoint)
				client, err = docker.NewTLSClient(dockerEndpoint, cert, key, ca)
			} else {
				d.logger.Printf("[DEBUG] driver.docker: using standard client connection to %s", dockerEndpoint)
				client, err = docker.NewClient(dockerEndpoint)
			}
			return
		}

		d.logger.Println("[DEBUG] driver.docker: using client connection initialized from environment")
		client, err = docker.NewClientFromEnv()
	})
	return client, err
}
Beispiel #5
0
func tlsClient() *dockerclient.Client {
	ca := fmt.Sprintf("%s/ca.pem", dockerCertPath)
	cert := fmt.Sprintf("%s/cert.pem", dockerCertPath)
	key := fmt.Sprintf("%s/key.pem", dockerCertPath)
	client, _ := dockerclient.NewTLSClient(dockerHost, cert, key, ca)
	return client
}
Beispiel #6
0
func (c *Config) GetDockerClient() (*docker.Client, error) {
	endpoint := c.GetDockerEndpoint()

	if !c.DockerServerUseHttps {
		return docker.NewClient(endpoint)
	}

	cert, key, ca := c.certFilePaths()
	return docker.NewTLSClient(endpoint, cert, key, ca)
}
Beispiel #7
0
func (cd *CheckDocker) setupClient(endpoint string) error {
	var err error

	if cd.TLSCertPath != "" && cd.TLSKeyPath != "" && cd.TLSCAPath != "" {
		cd.dockerclient, err = dockerlib.NewTLSClient(endpoint, cd.TLSCertPath, cd.TLSKeyPath, cd.TLSCAPath)
	} else {
		cd.dockerclient, err = dockerlib.NewClient(endpoint)
	}

	return err
}
Beispiel #8
0
// GetClient returns a valid Docker client, the address of the client, or an error
// if the client couldn't be created.
func (_ *Helper) GetClient() (client *docker.Client, endpoint string, err error) {
	cfg := getDockerConfig("")
	endpoint = cfg.Endpoint

	if cfg.IsTLS() {
		client, err = docker.NewTLSClient(cfg.Endpoint, cfg.Cert(), cfg.Key(), cfg.CA())
		return
	}
	client, err = docker.NewClient(cfg.Endpoint)
	return
}
Beispiel #9
0
func NewClient() (cli *docker.Client, err error) {
	if certpath != "" {
		ca := fmt.Sprintf("%s/ca.pem", certpath)
		cert := fmt.Sprintf("%s/cert.pem", certpath)
		key := fmt.Sprintf("%s/key.pem", certpath)
		cli, err = docker.NewTLSClient(endpoint, cert, key, ca)
	} else {
		cli, err = docker.NewClient(endpoint)
	}
	return
}
Beispiel #10
0
// NewClient() returns a new Docker client.
func (c *Config) NewClient() (*dc.Client, error) {
	// If there is no cert information, then just return the direct client
	if c.CertPath == "" {
		return dc.NewClient(c.Host)
	}

	// If there is cert information, load it and use it.
	ca := filepath.Join(c.CertPath, "ca.pem")
	cert := filepath.Join(c.CertPath, "cert.pem")
	key := filepath.Join(c.CertPath, "key.pem")
	return dc.NewTLSClient(c.Host, cert, key, ca)
}
Beispiel #11
0
func NewDockerClient(endpoint string) (*docker.Client, error) {
	if strings.HasPrefix(endpoint, "unix:") {
		return docker.NewClient(endpoint)
	} else if tlsVerify || tlsEnabled() {
		if tlsVerify {
			if e, err := pathExists(tlsCaCert); !e || err != nil {
				return nil, errors.New("TLS verification was requested, but CA cert does not exist")
			}
		}

		return docker.NewTLSClient(endpoint, tlsCert, tlsKey, tlsCaCert)
	}
	return docker.NewClient(endpoint)
}
Beispiel #12
0
// dockerClients creates two *docker.Client, one for long running operations and
// the other for shorter operations. In test / dev mode we can use ENV vars to
// connect to the docker daemon. In production mode we will read docker.endpoint
// from the config file.
func (d *DockerDriver) dockerClients() (*docker.Client, *docker.Client, error) {
	if client != nil && waitClient != nil {
		return client, waitClient, nil
	}

	var err error
	var merr multierror.Error
	createClients.Do(func() {
		if err = shelpers.Init(); err != nil {
			d.logger.Printf("[FATAL] driver.docker: unable to initialize stats: %v", err)
			return
		}

		// Default to using whatever is configured in docker.endpoint. If this is
		// not specified we'll fall back on NewClientFromEnv which reads config from
		// the DOCKER_* environment variables DOCKER_HOST, DOCKER_TLS_VERIFY, and
		// DOCKER_CERT_PATH. This allows us to lock down the config in production
		// but also accept the standard ENV configs for dev and test.
		dockerEndpoint := d.config.Read("docker.endpoint")
		if dockerEndpoint != "" {
			cert := d.config.Read("docker.tls.cert")
			key := d.config.Read("docker.tls.key")
			ca := d.config.Read("docker.tls.ca")

			if cert+key+ca != "" {
				d.logger.Printf("[DEBUG] driver.docker: using TLS client connection to %s", dockerEndpoint)
				client, err = docker.NewTLSClient(dockerEndpoint, cert, key, ca)
			} else {
				d.logger.Printf("[DEBUG] driver.docker: using standard client connection to %s", dockerEndpoint)
				client, err = docker.NewClient(dockerEndpoint)
			}
			client.HTTPClient.Timeout = dockerTimeout
			return
		}

		d.logger.Println("[DEBUG] driver.docker: using client connection initialized from environment")
		client, err = docker.NewClientFromEnv()
		if err != nil {
			merr.Errors = append(merr.Errors, err)
		}
		client.HTTPClient.Timeout = dockerTimeout

		waitClient, err = docker.NewClientFromEnv()
		if err != nil {
			merr.Errors = append(merr.Errors, err)
		}
	})
	return client, waitClient, merr.ErrorOrNil()
}
Beispiel #13
0
func GetDockerClient(endpoint string) *docker.Client {
	if strings.HasPrefix(endpoint, "unix://") {
		client, _ := docker.NewClient(endpoint)
		return client
	} else if strings.HasPrefix(endpoint, "tcp://") {
		path := os.Getenv("DOCKER_CERT_PATH")
		ca := fmt.Sprintf("%s/ca.pem", path)
		cert := fmt.Sprintf("%s/cert.pem", path)
		key := fmt.Sprintf("%s/key.pem", path)
		client, _ := docker.NewTLSClient(endpoint, cert, key, ca)
		return client

	}
	return nil
}
Beispiel #14
0
func (s *BPacker) Build(endpoint string, certpath string, imagename string) {
	cert := fmt.Sprintf(certFileFormat, certpath)
	key := fmt.Sprintf(keyFileFormat, certpath)
	ca := fmt.Sprintf(caFileFormat, certpath)
	client, err := docker.NewTLSClient(endpoint, cert, key, ca)
	outputbuf, errbuf := bytes.NewBuffer(nil), bytes.NewBuffer(nil)
	dockerfileString := s.CreateDockerFile()
	fmt.Println(dockerfileString)
	ioutil.WriteFile("./Dockerfile", []byte(dockerfileString), os.ModePerm)
	defer os.Remove("Dockerfile")
	reader := strings.NewReader("")
	inputbuf := ioutil.NopCloser(reader)
	endpoint = strings.TrimPrefix(endpoint, fmt.Sprintf("%s://", DefaultProto))
	dcli := dkr.NewDockerCli(inputbuf, outputbuf, errbuf, key, DefaultProto, endpoint, client.TLSConfig)
	err = dcli.CmdBuild("--force-rm=true", "--rm=true", fmt.Sprintf("--tag=\"%s\"", imagename), "./")
	fmt.Println(err)
	fmt.Println(outputbuf)
}
Beispiel #15
0
// Docker generates a docker client
func Docker() (client *Client, err error) {
	var c *api.Client
	if misc.ZeroOrNil(current.CertPath) {
		c, err = api.NewClient(current.Endpoint)
	} else {
		cert := fmt.Sprintf("%s/cert.pem", current.CertPath) // X.509 Certificate
		key := fmt.Sprintf("%s/key.pem", current.CertPath)   // Private Key
		ca := fmt.Sprintf("%s/ca.pem", current.CertPath)     // Certificate authority
		c, err = api.NewTLSClient(current.Endpoint, cert, key, ca)
	}
	if !misc.ZeroOrNil(c) {
		err = c.Ping()
	}
	if misc.ZeroOrNil(err) {
		c.SkipServerVersionCheck = true
		return &Client{c, current}, nil
	}
	return nil, err
}
Beispiel #16
0
func clientFromEnv() (client *dockerapi.Client, endpointUrl *url.URL, err error) {
	endpoint := getopt("DOCKER_HOST", "unix:///var/run/docker.sock")
	endpointUrl, err = url.Parse(endpoint)
	if err != nil {
		return
	}

	if os.Getenv("DOCKER_TLS_VERIFY") == "" {
		client, err = dockerapi.NewClient(endpoint)
	} else {
		certPath := os.Getenv("DOCKER_CERT_PATH")
		client, err = dockerapi.NewTLSClient(endpoint,
			filepath.Join(certPath, "cert.pem"),
			filepath.Join(certPath, "key.pem"),
			filepath.Join(certPath, "ca.pem"),
		)
	}

	return
}
Beispiel #17
0
// NewClient() returns a new Docker client.
func (c *Config) NewClient() (*dc.Client, error) {
	if c.Ca != "" || c.Cert != "" || c.Key != "" {
		if c.Ca == "" || c.Cert == "" || c.Key == "" {
			return nil, fmt.Errorf("ca_material, cert_material, and key_material must be specified")
		}

		return dc.NewTLSClientFromBytes(c.Host, []byte(c.Cert), []byte(c.Key), []byte(c.Ca))
	}

	if c.CertPath != "" {
		// If there is cert information, load it and use it.
		ca := filepath.Join(c.CertPath, "ca.pem")
		cert := filepath.Join(c.CertPath, "cert.pem")
		key := filepath.Join(c.CertPath, "key.pem")
		return dc.NewTLSClient(c.Host, cert, key, ca)
	}

	// If there is no cert information, then just return the direct client
	return dc.NewClient(c.Host)
}
Beispiel #18
0
func New(endpoint, certPath string) (d Docker, err error) {
	var c *dockerclient.Client
	if certPath != "" {
		cert := fmt.Sprintf("%s/cert.pem", certPath)
		key := fmt.Sprintf("%s/key.pem", certPath)
		ca := fmt.Sprintf("%s/ca.pem", certPath)
		c, err = dockerclient.NewTLSClient(endpoint, cert, key, ca)
	} else {
		c, err = dockerclient.NewClient(endpoint)
	}
	if err != nil {
		return
	}
	log.Debugln("Connecting to Docker on:", endpoint)
	if _, err := c.Info(); err != nil {
		return d, err
	}
	d = Docker{client: c}
	return
}
Beispiel #19
0
// NewDockerClient creates a new docker client from client options
func NewDockerClient(co *clientutil.ClientOptions) (client DockerClient, err error) {
	tlsConfig := co.TLSConfig()
	var dc *dockerclient.Client
	if tlsConfig != nil {
		dc, err = dockerclient.NewTLSClient(co.DaemonURL(), co.ClientCertFile(), co.ClientKeyFile(), co.CACertFile())
		if err != nil {
			return
		}
	} else {
		dc, err = dockerclient.NewClient(co.DaemonURL())
		if err != nil {
			return
		}
	}

	return DockerClient{
		Client:  dc,
		options: co,
	}, nil
}
Beispiel #20
0
// New creates a new implementation of the STI Docker interface
func New(config *api.DockerConfig, auth docker.AuthConfiguration) (Docker, error) {
	var client *docker.Client
	var err error
	if config.CertFile != "" && config.KeyFile != "" && config.CAFile != "" {
		client, err = docker.NewTLSClient(
			config.Endpoint,
			config.CertFile,
			config.KeyFile,
			config.CAFile)
	} else {
		client, err = docker.NewClient(config.Endpoint)
	}
	if err != nil {
		return nil, err
	}
	return &stiDocker{
		client:   client,
		pullAuth: auth,
	}, nil
}
Beispiel #21
0
func NewSupervisor(config Config) (*Supervisor, error) {
	var client *docker.Client
	var err error
	if config.TLS != nil {
		client, err = docker.NewTLSClient(
			config.DockerHost,
			config.TLS.CertPath,
			config.TLS.KeyPath,
			config.TLS.CertAuthorityPath,
		)
		if err != nil {
			return nil, stackerr.Wrap(err)
		}
	} else {
		client, err = docker.NewClient(config.DockerHost)
		if err != nil {
			return nil, err
		}
	}
	s := &Supervisor{Client: client}
	return s, nil
}
Beispiel #22
0
func GetDockerClient() (*dockerclient.Client, error) {
	var (
		client *dockerclient.Client
		err    error
	)
	endpoint := os.Getenv("DOCKER_HOST")
	if os.Getenv("DOCKER_TLS_VERIFY") == "1" {
		certPath := os.Getenv("DOCKER_CERT_PATH")
		cert := filepath.Join(certPath, "cert.pem")
		key := filepath.Join(certPath, "key.pem")
		ca := filepath.Join(certPath, "ca.pem")
		client, err = dockerclient.NewTLSClient(endpoint, cert, key, ca)
	} else {
		client, err = dockerclient.NewClient(endpoint)
	}

	if err != nil {
		return nil, err
	}

	return client, nil
}
Beispiel #23
0
// Creates docker client and calls an anonymous func passed as argument
// If DOCKER_CERT_PATH is set, it creates HTTPS client, otherwise defaults to HTTP
func withDockerClient(fn func(*docker.Client) error) error {
	dockerEP, err := getDockerEndPoint()
	if err != nil {
		return err
	}
	dTLSCerPaths := getDockerTLSCertPaths()
	// Use HTTPS client
	if len(dTLSCerPaths) == 3 {
		ca, cert, key := dTLSCerPaths[0], dTLSCerPaths[1], dTLSCerPaths[2]
		client, err := docker.NewTLSClient(dockerEP, cert, key, ca)
		if err != nil {
			return err
		}
		return fn(client)
	}
	// Use plain HTTP client
	client, err := docker.NewClient(dockerEP)
	if err != nil {
		return err
	}
	return fn(client)
}
Beispiel #24
0
// NewClient returns a new docker client or an error
func NewClient(dcfg Config) (Client, error) {
	var client *docker.Client
	var err error
	if dcfg.Endpoint != "" {
		client, err = docker.NewClient(dcfg.Endpoint)
	} else if dcfg.UseBoot2Docker {
		endpoint := os.Getenv("DOCKER_HOST")
		if endpoint != "" {
			path := os.Getenv("DOCKER_CERT_PATH")
			cert := fmt.Sprintf("%s/cert.pem", path)
			key := fmt.Sprintf("%s/key.pem", path)
			ca := fmt.Sprintf("%s/ca.pem", path)
			client, err = docker.NewTLSClient(endpoint, cert, key, ca)
		}
	} else {
		return Client{}, errors.New("empty docker configuration")
	}
	if err != nil || client == nil {
		return Client{dcfg, client}, err
	}

	return Client{dcfg, client}, client.Ping()
}
Beispiel #25
0
// dockerClient creates the client to interact with the docker daemon
func (d *DockerScriptCheck) dockerClient() (*docker.Client, error) {
	if client != nil {
		return client, nil
	}

	var err error
	createClient.Do(func() {
		if d.dockerEndpoint != "" {
			if d.tlsCert+d.tlsKey+d.tlsCa != "" {
				d.logger.Printf("[DEBUG] executor.checks: using TLS client connection to %s", d.dockerEndpoint)
				client, err = docker.NewTLSClient(d.dockerEndpoint, d.tlsCert, d.tlsKey, d.tlsCa)
			} else {
				d.logger.Printf("[DEBUG] executor.checks: using standard client connection to %s", d.dockerEndpoint)
				client, err = docker.NewClient(d.dockerEndpoint)
			}
			return
		}

		d.logger.Println("[DEBUG] executor.checks: using client connection initialized from environment")
		client, err = docker.NewClientFromEnv()
	})
	return client, err
}
Beispiel #26
0
func newClient() (*client, error) {

	defaultEndpoint := "unix:///var/run/docker.sock"
	endpoint := os.Getenv("DOCKER_HOST")
	if endpoint == "" {
		endpoint = defaultEndpoint
	}

	// parse the host url from the endpoint address
	host, err := parseEndpoint(endpoint)
	if err != nil {
		return nil, err
	}

	var dClient *docker.Client
	certPath := os.Getenv("DOCKER_CERT_PATH")
	if certPath == "" {
		// connect to the local docker daemon and initialise a new API client
		dClient, err = docker.NewClient(endpoint)
		if err != nil {
			return nil, err
		}
	} else {
		// the docker daemon is configured to use TLS (probably using
		// boot2docker), so we need to load the appropriate certificates and
		// keys
		ca := fmt.Sprintf("%s/ca.pem", certPath)
		cert := fmt.Sprintf("%s/cert.pem", certPath)
		key := fmt.Sprintf("%s/key.pem", certPath)
		dClient, err = docker.NewTLSClient(endpoint, cert, key, ca)
		if err != nil {
			return nil, err
		}
	}

	return &client{client: dClient, Host: host}, nil
}
Beispiel #27
0
// DockerClient returns dockerclient.Client which handles Docker connection.
func DockerClient(endpoint string) (*dockerclient.Client, error) {
	var conn *dockerclient.Client
	var err error

	if endpoint == "" {
		endpoint = os.Getenv("DOCKER_HOST")
		if endpoint == "" {
			endpoint = "unix:///var/run/docker.sock"
		}
	}

	if connections == nil {
		connections = make(map[string]*dockerclient.Client)
	}

	// Do not create connection if one already exist.
	if existingConnection, ok := connections[endpoint]; ok && existingConnection != nil {
		return existingConnection, nil
	}

	dockerCertPath := os.Getenv("DOCKER_CERT_PATH")
	if dockerCertPath != "" {
		cert := path.Join(dockerCertPath, "cert.pem")
		key := path.Join(dockerCertPath, "key.pem")
		ca := path.Join(dockerCertPath, "ca.pem")

		conn, err = dockerclient.NewTLSClient(endpoint, cert, key, ca)
	} else {
		conn, err = dockerclient.NewClient(endpoint)
	}

	if err == nil && conn != nil {
		connections[endpoint] = conn
	}

	return conn, err
}
Beispiel #28
0
func (c *Config) GetDockerClient() (*docker.Client, error) {
	endpoint := c.GetDockerEndpoint()

	if !c.DockerServerUseHttps {
		return docker.NewClient(endpoint)
	}

	certPath := c.DockerCertPath
	// expand if the path starts with "~/"
	if strings.HasPrefix(certPath, "~/") {
		home, err := homedir.Dir()
		if err != nil {
			return nil, fmt.Errorf("Cannot detect home directory: %v", err)
		}
		certPath = filepath.Join(home, certPath[2:])
	}

	var (
		cert = filepath.Join(certPath, "cert.pem")
		key  = filepath.Join(certPath, "key.pem")
		ca   = filepath.Join(certPath, "ca.pem")
	)
	return docker.NewTLSClient(endpoint, cert, key, ca)
}
Beispiel #29
0
// Init constructor for the client wrapper
func (wrapper *FSouza_Wrapper) Init(logger log.Log, settings FSouza_ClientFactorySettings) bool {
	var client *docker.Client
	var err error
	logger.Debug(log.VERBOSITY_DEBUG_WOAH, "Docker client conf: ", settings)

	if strings.HasPrefix(settings.Host, "tcp://") {

		if _, err := os.Stat(settings.CertPath); err == nil {
			// TCP DOCKER CLIENT WITH CERTS
			client, err = docker.NewTLSClient(
				settings.Host,
				path.Join(settings.CertPath, "cert.pem"),
				path.Join(settings.CertPath, "key.pem"),
				path.Join(settings.CertPath, "ca.pem"),
			)
		} else {
			// TCP DOCKER CLIENT WITHOUT CERTS
			client, err = docker.NewClient(settings.Host)
		}

	} else if strings.HasPrefix(settings.Host, "unix://") {
		// TCP DOCKER CLIENT WITHOUT CERTS
		client, err = docker.NewClient(settings.Host)
	} else {
		err = errors.New("Unknown client host :" + settings.Host)
	}

	if err == nil {
		logger.Debug(log.VERBOSITY_DEBUG_WOAH, "FSouza Docker client created:", client)
		wrapper.Client = client
		return true
	} else {
		logger.Error(err.Error())
		return false
	}
}
Beispiel #30
0
func newDockerClient(host string) (*docker.Client, error) {
	var err error
	var newClient *docker.Client
	dockerCertPath := os.Getenv("DOCKER_CERT_PATH")

	homeDir, _ := homedir.Dir()
	dockerConfigDir := path.Join(homeDir, ".docker")

	_, err = os.Stat(path.Join(dockerConfigDir, "cert.pem"))
	certExists := err == nil

	_, err = os.Stat(path.Join(dockerConfigDir, "ca.pem"))
	caExists := err == nil

	_, err = os.Stat(path.Join(dockerConfigDir, "key.pem"))
	keyExists := err == nil

	if dockerCertPath == "" && certExists && caExists && keyExists {
		dockerCertPath = dockerConfigDir
	}

	if dockerCertPath != "" {
		cert := path.Join(dockerCertPath, "cert.pem")
		key := path.Join(dockerCertPath, "key.pem")
		ca := path.Join(dockerCertPath, "ca.pem")

		newClient, err = docker.NewTLSClient(host, cert, key, ca)
	} else {
		newClient, err = docker.NewClient(host)
	}

	if err != nil {
		return nil, err
	}
	return newClient, err
}