func NewServiceRuntime(configStore *config.Store, dns, hostIP string) *ServiceRuntime { var err error var client *docker.Client dockerZero, err := dockerBridgeIp() if err != nil { log.Fatalf("ERROR: Unable to find docker0 bridge: %s", err) } endpoint := GetEndpoint() if certPath := os.Getenv("DOCKER_CERT_PATH"); certPath != "" { cert := certPath + "/cert.pem" key := certPath + "/key.pem" ca := certPath + "/ca.pem" client, err = docker.NewTLSClient(endpoint, cert, key, ca) } else { client, err = docker.NewClient(endpoint) } if err != nil { log.Fatalf("ERROR: Unable to initialize docker client: %s: %s", err, endpoint) } client.HTTPClient.Timeout = 60 * time.Second return &ServiceRuntime{ dns: dns, configStore: configStore, hostIP: hostIP, dockerIP: dockerZero, dockerClient: client, } }
func main() { flag.Parse() log.SetOutput(os.Stdout) log.SetLevel(log.DebugLevel) var client *docker.Client if os.Getenv("DOCKER_HOST") != "" { var err error certPath := os.Getenv("DOCKER_CERT_PATH") client, err = docker.NewTLSClient(os.Getenv("DOCKER_HOST"), path.Join(certPath, "cert.pem"), path.Join(certPath, "key.pem"), path.Join(certPath, "ca.pem")) if err != nil { log.Fatal(err) } } else { var err error client, err = docker.NewClient("unix:///var/run/docker.sock") if err != nil { log.Fatal(err) } } handler := Handler{docker: client, domain: fmt.Sprintf("%s.", *domain)} server := dns.Server{} server.Handler = &handler server.Net = *network server.Addr = *addr err := server.ListenAndServe() if err != nil { log.Fatal(err) } }
func newDockerClient() (*docker.Client, error) { if len(*tlscert) == 0 { return docker.NewClient(*serverIP) } else { return docker.NewTLSClient(*serverIP, *tlscert, *tlskey, *tlscacert) } }
// dockerClient creates *docker.Client. In test / dev mode we can use ENV vars // to connect to the docker daemon. In production mode we will read // docker.endpoint from the config file. func (d *DockerDriver) dockerClient() (*docker.Client, error) { if client != nil { return client, nil } var err error createClient.Do(func() { // Default to using whatever is configured in docker.endpoint. If this is // not specified we'll fall back on NewClientFromEnv which reads config from // the DOCKER_* environment variables DOCKER_HOST, DOCKER_TLS_VERIFY, and // DOCKER_CERT_PATH. This allows us to lock down the config in production // but also accept the standard ENV configs for dev and test. dockerEndpoint := d.config.Read("docker.endpoint") if dockerEndpoint != "" { cert := d.config.Read("docker.tls.cert") key := d.config.Read("docker.tls.key") ca := d.config.Read("docker.tls.ca") if cert+key+ca != "" { d.logger.Printf("[DEBUG] driver.docker: using TLS client connection to %s", dockerEndpoint) client, err = docker.NewTLSClient(dockerEndpoint, cert, key, ca) } else { d.logger.Printf("[DEBUG] driver.docker: using standard client connection to %s", dockerEndpoint) client, err = docker.NewClient(dockerEndpoint) } return } d.logger.Println("[DEBUG] driver.docker: using client connection initialized from environment") client, err = docker.NewClientFromEnv() }) return client, err }
func tlsClient() *dockerclient.Client { ca := fmt.Sprintf("%s/ca.pem", dockerCertPath) cert := fmt.Sprintf("%s/cert.pem", dockerCertPath) key := fmt.Sprintf("%s/key.pem", dockerCertPath) client, _ := dockerclient.NewTLSClient(dockerHost, cert, key, ca) return client }
func (c *Config) GetDockerClient() (*docker.Client, error) { endpoint := c.GetDockerEndpoint() if !c.DockerServerUseHttps { return docker.NewClient(endpoint) } cert, key, ca := c.certFilePaths() return docker.NewTLSClient(endpoint, cert, key, ca) }
func (cd *CheckDocker) setupClient(endpoint string) error { var err error if cd.TLSCertPath != "" && cd.TLSKeyPath != "" && cd.TLSCAPath != "" { cd.dockerclient, err = dockerlib.NewTLSClient(endpoint, cd.TLSCertPath, cd.TLSKeyPath, cd.TLSCAPath) } else { cd.dockerclient, err = dockerlib.NewClient(endpoint) } return err }
// GetClient returns a valid Docker client, the address of the client, or an error // if the client couldn't be created. func (_ *Helper) GetClient() (client *docker.Client, endpoint string, err error) { cfg := getDockerConfig("") endpoint = cfg.Endpoint if cfg.IsTLS() { client, err = docker.NewTLSClient(cfg.Endpoint, cfg.Cert(), cfg.Key(), cfg.CA()) return } client, err = docker.NewClient(cfg.Endpoint) return }
func NewClient() (cli *docker.Client, err error) { if certpath != "" { ca := fmt.Sprintf("%s/ca.pem", certpath) cert := fmt.Sprintf("%s/cert.pem", certpath) key := fmt.Sprintf("%s/key.pem", certpath) cli, err = docker.NewTLSClient(endpoint, cert, key, ca) } else { cli, err = docker.NewClient(endpoint) } return }
// NewClient() returns a new Docker client. func (c *Config) NewClient() (*dc.Client, error) { // If there is no cert information, then just return the direct client if c.CertPath == "" { return dc.NewClient(c.Host) } // If there is cert information, load it and use it. ca := filepath.Join(c.CertPath, "ca.pem") cert := filepath.Join(c.CertPath, "cert.pem") key := filepath.Join(c.CertPath, "key.pem") return dc.NewTLSClient(c.Host, cert, key, ca) }
func NewDockerClient(endpoint string) (*docker.Client, error) { if strings.HasPrefix(endpoint, "unix:") { return docker.NewClient(endpoint) } else if tlsVerify || tlsEnabled() { if tlsVerify { if e, err := pathExists(tlsCaCert); !e || err != nil { return nil, errors.New("TLS verification was requested, but CA cert does not exist") } } return docker.NewTLSClient(endpoint, tlsCert, tlsKey, tlsCaCert) } return docker.NewClient(endpoint) }
// dockerClients creates two *docker.Client, one for long running operations and // the other for shorter operations. In test / dev mode we can use ENV vars to // connect to the docker daemon. In production mode we will read docker.endpoint // from the config file. func (d *DockerDriver) dockerClients() (*docker.Client, *docker.Client, error) { if client != nil && waitClient != nil { return client, waitClient, nil } var err error var merr multierror.Error createClients.Do(func() { if err = shelpers.Init(); err != nil { d.logger.Printf("[FATAL] driver.docker: unable to initialize stats: %v", err) return } // Default to using whatever is configured in docker.endpoint. If this is // not specified we'll fall back on NewClientFromEnv which reads config from // the DOCKER_* environment variables DOCKER_HOST, DOCKER_TLS_VERIFY, and // DOCKER_CERT_PATH. This allows us to lock down the config in production // but also accept the standard ENV configs for dev and test. dockerEndpoint := d.config.Read("docker.endpoint") if dockerEndpoint != "" { cert := d.config.Read("docker.tls.cert") key := d.config.Read("docker.tls.key") ca := d.config.Read("docker.tls.ca") if cert+key+ca != "" { d.logger.Printf("[DEBUG] driver.docker: using TLS client connection to %s", dockerEndpoint) client, err = docker.NewTLSClient(dockerEndpoint, cert, key, ca) } else { d.logger.Printf("[DEBUG] driver.docker: using standard client connection to %s", dockerEndpoint) client, err = docker.NewClient(dockerEndpoint) } client.HTTPClient.Timeout = dockerTimeout return } d.logger.Println("[DEBUG] driver.docker: using client connection initialized from environment") client, err = docker.NewClientFromEnv() if err != nil { merr.Errors = append(merr.Errors, err) } client.HTTPClient.Timeout = dockerTimeout waitClient, err = docker.NewClientFromEnv() if err != nil { merr.Errors = append(merr.Errors, err) } }) return client, waitClient, merr.ErrorOrNil() }
func GetDockerClient(endpoint string) *docker.Client { if strings.HasPrefix(endpoint, "unix://") { client, _ := docker.NewClient(endpoint) return client } else if strings.HasPrefix(endpoint, "tcp://") { path := os.Getenv("DOCKER_CERT_PATH") ca := fmt.Sprintf("%s/ca.pem", path) cert := fmt.Sprintf("%s/cert.pem", path) key := fmt.Sprintf("%s/key.pem", path) client, _ := docker.NewTLSClient(endpoint, cert, key, ca) return client } return nil }
func (s *BPacker) Build(endpoint string, certpath string, imagename string) { cert := fmt.Sprintf(certFileFormat, certpath) key := fmt.Sprintf(keyFileFormat, certpath) ca := fmt.Sprintf(caFileFormat, certpath) client, err := docker.NewTLSClient(endpoint, cert, key, ca) outputbuf, errbuf := bytes.NewBuffer(nil), bytes.NewBuffer(nil) dockerfileString := s.CreateDockerFile() fmt.Println(dockerfileString) ioutil.WriteFile("./Dockerfile", []byte(dockerfileString), os.ModePerm) defer os.Remove("Dockerfile") reader := strings.NewReader("") inputbuf := ioutil.NopCloser(reader) endpoint = strings.TrimPrefix(endpoint, fmt.Sprintf("%s://", DefaultProto)) dcli := dkr.NewDockerCli(inputbuf, outputbuf, errbuf, key, DefaultProto, endpoint, client.TLSConfig) err = dcli.CmdBuild("--force-rm=true", "--rm=true", fmt.Sprintf("--tag=\"%s\"", imagename), "./") fmt.Println(err) fmt.Println(outputbuf) }
// Docker generates a docker client func Docker() (client *Client, err error) { var c *api.Client if misc.ZeroOrNil(current.CertPath) { c, err = api.NewClient(current.Endpoint) } else { cert := fmt.Sprintf("%s/cert.pem", current.CertPath) // X.509 Certificate key := fmt.Sprintf("%s/key.pem", current.CertPath) // Private Key ca := fmt.Sprintf("%s/ca.pem", current.CertPath) // Certificate authority c, err = api.NewTLSClient(current.Endpoint, cert, key, ca) } if !misc.ZeroOrNil(c) { err = c.Ping() } if misc.ZeroOrNil(err) { c.SkipServerVersionCheck = true return &Client{c, current}, nil } return nil, err }
func clientFromEnv() (client *dockerapi.Client, endpointUrl *url.URL, err error) { endpoint := getopt("DOCKER_HOST", "unix:///var/run/docker.sock") endpointUrl, err = url.Parse(endpoint) if err != nil { return } if os.Getenv("DOCKER_TLS_VERIFY") == "" { client, err = dockerapi.NewClient(endpoint) } else { certPath := os.Getenv("DOCKER_CERT_PATH") client, err = dockerapi.NewTLSClient(endpoint, filepath.Join(certPath, "cert.pem"), filepath.Join(certPath, "key.pem"), filepath.Join(certPath, "ca.pem"), ) } return }
// NewClient() returns a new Docker client. func (c *Config) NewClient() (*dc.Client, error) { if c.Ca != "" || c.Cert != "" || c.Key != "" { if c.Ca == "" || c.Cert == "" || c.Key == "" { return nil, fmt.Errorf("ca_material, cert_material, and key_material must be specified") } return dc.NewTLSClientFromBytes(c.Host, []byte(c.Cert), []byte(c.Key), []byte(c.Ca)) } if c.CertPath != "" { // If there is cert information, load it and use it. ca := filepath.Join(c.CertPath, "ca.pem") cert := filepath.Join(c.CertPath, "cert.pem") key := filepath.Join(c.CertPath, "key.pem") return dc.NewTLSClient(c.Host, cert, key, ca) } // If there is no cert information, then just return the direct client return dc.NewClient(c.Host) }
func New(endpoint, certPath string) (d Docker, err error) { var c *dockerclient.Client if certPath != "" { cert := fmt.Sprintf("%s/cert.pem", certPath) key := fmt.Sprintf("%s/key.pem", certPath) ca := fmt.Sprintf("%s/ca.pem", certPath) c, err = dockerclient.NewTLSClient(endpoint, cert, key, ca) } else { c, err = dockerclient.NewClient(endpoint) } if err != nil { return } log.Debugln("Connecting to Docker on:", endpoint) if _, err := c.Info(); err != nil { return d, err } d = Docker{client: c} return }
// NewDockerClient creates a new docker client from client options func NewDockerClient(co *clientutil.ClientOptions) (client DockerClient, err error) { tlsConfig := co.TLSConfig() var dc *dockerclient.Client if tlsConfig != nil { dc, err = dockerclient.NewTLSClient(co.DaemonURL(), co.ClientCertFile(), co.ClientKeyFile(), co.CACertFile()) if err != nil { return } } else { dc, err = dockerclient.NewClient(co.DaemonURL()) if err != nil { return } } return DockerClient{ Client: dc, options: co, }, nil }
// New creates a new implementation of the STI Docker interface func New(config *api.DockerConfig, auth docker.AuthConfiguration) (Docker, error) { var client *docker.Client var err error if config.CertFile != "" && config.KeyFile != "" && config.CAFile != "" { client, err = docker.NewTLSClient( config.Endpoint, config.CertFile, config.KeyFile, config.CAFile) } else { client, err = docker.NewClient(config.Endpoint) } if err != nil { return nil, err } return &stiDocker{ client: client, pullAuth: auth, }, nil }
func NewSupervisor(config Config) (*Supervisor, error) { var client *docker.Client var err error if config.TLS != nil { client, err = docker.NewTLSClient( config.DockerHost, config.TLS.CertPath, config.TLS.KeyPath, config.TLS.CertAuthorityPath, ) if err != nil { return nil, stackerr.Wrap(err) } } else { client, err = docker.NewClient(config.DockerHost) if err != nil { return nil, err } } s := &Supervisor{Client: client} return s, nil }
func GetDockerClient() (*dockerclient.Client, error) { var ( client *dockerclient.Client err error ) endpoint := os.Getenv("DOCKER_HOST") if os.Getenv("DOCKER_TLS_VERIFY") == "1" { certPath := os.Getenv("DOCKER_CERT_PATH") cert := filepath.Join(certPath, "cert.pem") key := filepath.Join(certPath, "key.pem") ca := filepath.Join(certPath, "ca.pem") client, err = dockerclient.NewTLSClient(endpoint, cert, key, ca) } else { client, err = dockerclient.NewClient(endpoint) } if err != nil { return nil, err } return client, nil }
// Creates docker client and calls an anonymous func passed as argument // If DOCKER_CERT_PATH is set, it creates HTTPS client, otherwise defaults to HTTP func withDockerClient(fn func(*docker.Client) error) error { dockerEP, err := getDockerEndPoint() if err != nil { return err } dTLSCerPaths := getDockerTLSCertPaths() // Use HTTPS client if len(dTLSCerPaths) == 3 { ca, cert, key := dTLSCerPaths[0], dTLSCerPaths[1], dTLSCerPaths[2] client, err := docker.NewTLSClient(dockerEP, cert, key, ca) if err != nil { return err } return fn(client) } // Use plain HTTP client client, err := docker.NewClient(dockerEP) if err != nil { return err } return fn(client) }
// NewClient returns a new docker client or an error func NewClient(dcfg Config) (Client, error) { var client *docker.Client var err error if dcfg.Endpoint != "" { client, err = docker.NewClient(dcfg.Endpoint) } else if dcfg.UseBoot2Docker { endpoint := os.Getenv("DOCKER_HOST") if endpoint != "" { path := os.Getenv("DOCKER_CERT_PATH") cert := fmt.Sprintf("%s/cert.pem", path) key := fmt.Sprintf("%s/key.pem", path) ca := fmt.Sprintf("%s/ca.pem", path) client, err = docker.NewTLSClient(endpoint, cert, key, ca) } } else { return Client{}, errors.New("empty docker configuration") } if err != nil || client == nil { return Client{dcfg, client}, err } return Client{dcfg, client}, client.Ping() }
// dockerClient creates the client to interact with the docker daemon func (d *DockerScriptCheck) dockerClient() (*docker.Client, error) { if client != nil { return client, nil } var err error createClient.Do(func() { if d.dockerEndpoint != "" { if d.tlsCert+d.tlsKey+d.tlsCa != "" { d.logger.Printf("[DEBUG] executor.checks: using TLS client connection to %s", d.dockerEndpoint) client, err = docker.NewTLSClient(d.dockerEndpoint, d.tlsCert, d.tlsKey, d.tlsCa) } else { d.logger.Printf("[DEBUG] executor.checks: using standard client connection to %s", d.dockerEndpoint) client, err = docker.NewClient(d.dockerEndpoint) } return } d.logger.Println("[DEBUG] executor.checks: using client connection initialized from environment") client, err = docker.NewClientFromEnv() }) return client, err }
func newClient() (*client, error) { defaultEndpoint := "unix:///var/run/docker.sock" endpoint := os.Getenv("DOCKER_HOST") if endpoint == "" { endpoint = defaultEndpoint } // parse the host url from the endpoint address host, err := parseEndpoint(endpoint) if err != nil { return nil, err } var dClient *docker.Client certPath := os.Getenv("DOCKER_CERT_PATH") if certPath == "" { // connect to the local docker daemon and initialise a new API client dClient, err = docker.NewClient(endpoint) if err != nil { return nil, err } } else { // the docker daemon is configured to use TLS (probably using // boot2docker), so we need to load the appropriate certificates and // keys ca := fmt.Sprintf("%s/ca.pem", certPath) cert := fmt.Sprintf("%s/cert.pem", certPath) key := fmt.Sprintf("%s/key.pem", certPath) dClient, err = docker.NewTLSClient(endpoint, cert, key, ca) if err != nil { return nil, err } } return &client{client: dClient, Host: host}, nil }
// DockerClient returns dockerclient.Client which handles Docker connection. func DockerClient(endpoint string) (*dockerclient.Client, error) { var conn *dockerclient.Client var err error if endpoint == "" { endpoint = os.Getenv("DOCKER_HOST") if endpoint == "" { endpoint = "unix:///var/run/docker.sock" } } if connections == nil { connections = make(map[string]*dockerclient.Client) } // Do not create connection if one already exist. if existingConnection, ok := connections[endpoint]; ok && existingConnection != nil { return existingConnection, nil } dockerCertPath := os.Getenv("DOCKER_CERT_PATH") if dockerCertPath != "" { cert := path.Join(dockerCertPath, "cert.pem") key := path.Join(dockerCertPath, "key.pem") ca := path.Join(dockerCertPath, "ca.pem") conn, err = dockerclient.NewTLSClient(endpoint, cert, key, ca) } else { conn, err = dockerclient.NewClient(endpoint) } if err == nil && conn != nil { connections[endpoint] = conn } return conn, err }
func (c *Config) GetDockerClient() (*docker.Client, error) { endpoint := c.GetDockerEndpoint() if !c.DockerServerUseHttps { return docker.NewClient(endpoint) } certPath := c.DockerCertPath // expand if the path starts with "~/" if strings.HasPrefix(certPath, "~/") { home, err := homedir.Dir() if err != nil { return nil, fmt.Errorf("Cannot detect home directory: %v", err) } certPath = filepath.Join(home, certPath[2:]) } var ( cert = filepath.Join(certPath, "cert.pem") key = filepath.Join(certPath, "key.pem") ca = filepath.Join(certPath, "ca.pem") ) return docker.NewTLSClient(endpoint, cert, key, ca) }
// Init constructor for the client wrapper func (wrapper *FSouza_Wrapper) Init(logger log.Log, settings FSouza_ClientFactorySettings) bool { var client *docker.Client var err error logger.Debug(log.VERBOSITY_DEBUG_WOAH, "Docker client conf: ", settings) if strings.HasPrefix(settings.Host, "tcp://") { if _, err := os.Stat(settings.CertPath); err == nil { // TCP DOCKER CLIENT WITH CERTS client, err = docker.NewTLSClient( settings.Host, path.Join(settings.CertPath, "cert.pem"), path.Join(settings.CertPath, "key.pem"), path.Join(settings.CertPath, "ca.pem"), ) } else { // TCP DOCKER CLIENT WITHOUT CERTS client, err = docker.NewClient(settings.Host) } } else if strings.HasPrefix(settings.Host, "unix://") { // TCP DOCKER CLIENT WITHOUT CERTS client, err = docker.NewClient(settings.Host) } else { err = errors.New("Unknown client host :" + settings.Host) } if err == nil { logger.Debug(log.VERBOSITY_DEBUG_WOAH, "FSouza Docker client created:", client) wrapper.Client = client return true } else { logger.Error(err.Error()) return false } }
func newDockerClient(host string) (*docker.Client, error) { var err error var newClient *docker.Client dockerCertPath := os.Getenv("DOCKER_CERT_PATH") homeDir, _ := homedir.Dir() dockerConfigDir := path.Join(homeDir, ".docker") _, err = os.Stat(path.Join(dockerConfigDir, "cert.pem")) certExists := err == nil _, err = os.Stat(path.Join(dockerConfigDir, "ca.pem")) caExists := err == nil _, err = os.Stat(path.Join(dockerConfigDir, "key.pem")) keyExists := err == nil if dockerCertPath == "" && certExists && caExists && keyExists { dockerCertPath = dockerConfigDir } if dockerCertPath != "" { cert := path.Join(dockerCertPath, "cert.pem") key := path.Join(dockerCertPath, "key.pem") ca := path.Join(dockerCertPath, "ca.pem") newClient, err = docker.NewTLSClient(host, cert, key, ca) } else { newClient, err = docker.NewClient(host) } if err != nil { return nil, err } return newClient, err }