func NewServiceRuntime(configStore *config.Store, dns, hostIP string) *ServiceRuntime {
var err error
var client *docker.Client
dockerZero, err := dockerBridgeIp()
if err != nil {
log.Fatalf("ERROR: Unable to find docker0 bridge: %s", err)
}
endpoint := GetEndpoint()
if certPath := os.Getenv("DOCKER_CERT_PATH"); certPath != "" {
cert := certPath + "/cert.pem"
key := certPath + "/key.pem"
ca := certPath + "/ca.pem"
client, err = docker.NewTLSClient(endpoint, cert, key, ca)
} else {
client, err = docker.NewClient(endpoint)
}
if err != nil {
log.Fatalf("ERROR: Unable to initialize docker client: %s: %s", err, endpoint)
}
client.HTTPClient.Timeout = 60 * time.Second
return &ServiceRuntime{
dns: dns,
configStore: configStore,
hostIP: hostIP,
dockerIP: dockerZero,
dockerClient: client,
}
}
func main() {
flag.Parse()
log.SetOutput(os.Stdout)
log.SetLevel(log.DebugLevel)
var client *docker.Client
if os.Getenv("DOCKER_HOST") != "" {
var err error
certPath := os.Getenv("DOCKER_CERT_PATH")
client, err = docker.NewTLSClient(os.Getenv("DOCKER_HOST"), path.Join(certPath, "cert.pem"), path.Join(certPath, "key.pem"), path.Join(certPath, "ca.pem"))
if err != nil {
log.Fatal(err)
}
} else {
var err error
client, err = docker.NewClient("unix:///var/run/docker.sock")
if err != nil {
log.Fatal(err)
}
}
handler := Handler{docker: client, domain: fmt.Sprintf("%s.", *domain)}
server := dns.Server{}
server.Handler = &handler
server.Net = *network
server.Addr = *addr
err := server.ListenAndServe()
if err != nil {
log.Fatal(err)
}
}
func newDockerClient() (*docker.Client, error) {
if len(*tlscert) == 0 {
return docker.NewClient(*serverIP)
} else {
return docker.NewTLSClient(*serverIP, *tlscert, *tlskey, *tlscacert)
}
}
// dockerClient creates *docker.Client. In test / dev mode we can use ENV vars
// to connect to the docker daemon. In production mode we will read
// docker.endpoint from the config file.
func (d *DockerDriver) dockerClient() (*docker.Client, error) {
if client != nil {
return client, nil
}
var err error
createClient.Do(func() {
// Default to using whatever is configured in docker.endpoint. If this is
// not specified we'll fall back on NewClientFromEnv which reads config from
// the DOCKER_* environment variables DOCKER_HOST, DOCKER_TLS_VERIFY, and
// DOCKER_CERT_PATH. This allows us to lock down the config in production
// but also accept the standard ENV configs for dev and test.
dockerEndpoint := d.config.Read("docker.endpoint")
if dockerEndpoint != "" {
cert := d.config.Read("docker.tls.cert")
key := d.config.Read("docker.tls.key")
ca := d.config.Read("docker.tls.ca")
if cert+key+ca != "" {
d.logger.Printf("[DEBUG] driver.docker: using TLS client connection to %s", dockerEndpoint)
client, err = docker.NewTLSClient(dockerEndpoint, cert, key, ca)
} else {
d.logger.Printf("[DEBUG] driver.docker: using standard client connection to %s", dockerEndpoint)
client, err = docker.NewClient(dockerEndpoint)
}
return
}
d.logger.Println("[DEBUG] driver.docker: using client connection initialized from environment")
client, err = docker.NewClientFromEnv()
})
return client, err
}
func tlsClient() *dockerclient.Client {
ca := fmt.Sprintf("%s/ca.pem", dockerCertPath)
cert := fmt.Sprintf("%s/cert.pem", dockerCertPath)
key := fmt.Sprintf("%s/key.pem", dockerCertPath)
client, _ := dockerclient.NewTLSClient(dockerHost, cert, key, ca)
return client
}
func (c *Config) GetDockerClient() (*docker.Client, error) {
endpoint := c.GetDockerEndpoint()
if !c.DockerServerUseHttps {
return docker.NewClient(endpoint)
}
cert, key, ca := c.certFilePaths()
return docker.NewTLSClient(endpoint, cert, key, ca)
}
func (cd *CheckDocker) setupClient(endpoint string) error {
var err error
if cd.TLSCertPath != "" && cd.TLSKeyPath != "" && cd.TLSCAPath != "" {
cd.dockerclient, err = dockerlib.NewTLSClient(endpoint, cd.TLSCertPath, cd.TLSKeyPath, cd.TLSCAPath)
} else {
cd.dockerclient, err = dockerlib.NewClient(endpoint)
}
return err
}
// GetClient returns a valid Docker client, the address of the client, or an error
// if the client couldn't be created.
func (_ *Helper) GetClient() (client *docker.Client, endpoint string, err error) {
cfg := getDockerConfig("")
endpoint = cfg.Endpoint
if cfg.IsTLS() {
client, err = docker.NewTLSClient(cfg.Endpoint, cfg.Cert(), cfg.Key(), cfg.CA())
return
}
client, err = docker.NewClient(cfg.Endpoint)
return
}
func NewClient() (cli *docker.Client, err error) {
if certpath != "" {
ca := fmt.Sprintf("%s/ca.pem", certpath)
cert := fmt.Sprintf("%s/cert.pem", certpath)
key := fmt.Sprintf("%s/key.pem", certpath)
cli, err = docker.NewTLSClient(endpoint, cert, key, ca)
} else {
cli, err = docker.NewClient(endpoint)
}
return
}
// NewClient() returns a new Docker client.
func (c *Config) NewClient() (*dc.Client, error) {
// If there is no cert information, then just return the direct client
if c.CertPath == "" {
return dc.NewClient(c.Host)
}
// If there is cert information, load it and use it.
ca := filepath.Join(c.CertPath, "ca.pem")
cert := filepath.Join(c.CertPath, "cert.pem")
key := filepath.Join(c.CertPath, "key.pem")
return dc.NewTLSClient(c.Host, cert, key, ca)
}
func NewDockerClient(endpoint string) (*docker.Client, error) {
if strings.HasPrefix(endpoint, "unix:") {
return docker.NewClient(endpoint)
} else if tlsVerify || tlsEnabled() {
if tlsVerify {
if e, err := pathExists(tlsCaCert); !e || err != nil {
return nil, errors.New("TLS verification was requested, but CA cert does not exist")
}
}
return docker.NewTLSClient(endpoint, tlsCert, tlsKey, tlsCaCert)
}
return docker.NewClient(endpoint)
}
// dockerClients creates two *docker.Client, one for long running operations and
// the other for shorter operations. In test / dev mode we can use ENV vars to
// connect to the docker daemon. In production mode we will read docker.endpoint
// from the config file.
func (d *DockerDriver) dockerClients() (*docker.Client, *docker.Client, error) {
if client != nil && waitClient != nil {
return client, waitClient, nil
}
var err error
var merr multierror.Error
createClients.Do(func() {
if err = shelpers.Init(); err != nil {
d.logger.Printf("[FATAL] driver.docker: unable to initialize stats: %v", err)
return
}
// Default to using whatever is configured in docker.endpoint. If this is
// not specified we'll fall back on NewClientFromEnv which reads config from
// the DOCKER_* environment variables DOCKER_HOST, DOCKER_TLS_VERIFY, and
// DOCKER_CERT_PATH. This allows us to lock down the config in production
// but also accept the standard ENV configs for dev and test.
dockerEndpoint := d.config.Read("docker.endpoint")
if dockerEndpoint != "" {
cert := d.config.Read("docker.tls.cert")
key := d.config.Read("docker.tls.key")
ca := d.config.Read("docker.tls.ca")
if cert+key+ca != "" {
d.logger.Printf("[DEBUG] driver.docker: using TLS client connection to %s", dockerEndpoint)
client, err = docker.NewTLSClient(dockerEndpoint, cert, key, ca)
} else {
d.logger.Printf("[DEBUG] driver.docker: using standard client connection to %s", dockerEndpoint)
client, err = docker.NewClient(dockerEndpoint)
}
client.HTTPClient.Timeout = dockerTimeout
return
}
d.logger.Println("[DEBUG] driver.docker: using client connection initialized from environment")
client, err = docker.NewClientFromEnv()
if err != nil {
merr.Errors = append(merr.Errors, err)
}
client.HTTPClient.Timeout = dockerTimeout
waitClient, err = docker.NewClientFromEnv()
if err != nil {
merr.Errors = append(merr.Errors, err)
}
})
return client, waitClient, merr.ErrorOrNil()
}
func GetDockerClient(endpoint string) *docker.Client {
if strings.HasPrefix(endpoint, "unix://") {
client, _ := docker.NewClient(endpoint)
return client
} else if strings.HasPrefix(endpoint, "tcp://") {
path := os.Getenv("DOCKER_CERT_PATH")
ca := fmt.Sprintf("%s/ca.pem", path)
cert := fmt.Sprintf("%s/cert.pem", path)
key := fmt.Sprintf("%s/key.pem", path)
client, _ := docker.NewTLSClient(endpoint, cert, key, ca)
return client
}
return nil
}
func (s *BPacker) Build(endpoint string, certpath string, imagename string) {
cert := fmt.Sprintf(certFileFormat, certpath)
key := fmt.Sprintf(keyFileFormat, certpath)
ca := fmt.Sprintf(caFileFormat, certpath)
client, err := docker.NewTLSClient(endpoint, cert, key, ca)
outputbuf, errbuf := bytes.NewBuffer(nil), bytes.NewBuffer(nil)
dockerfileString := s.CreateDockerFile()
fmt.Println(dockerfileString)
ioutil.WriteFile("./Dockerfile", []byte(dockerfileString), os.ModePerm)
defer os.Remove("Dockerfile")
reader := strings.NewReader("")
inputbuf := ioutil.NopCloser(reader)
endpoint = strings.TrimPrefix(endpoint, fmt.Sprintf("%s://", DefaultProto))
dcli := dkr.NewDockerCli(inputbuf, outputbuf, errbuf, key, DefaultProto, endpoint, client.TLSConfig)
err = dcli.CmdBuild("--force-rm=true", "--rm=true", fmt.Sprintf("--tag=\"%s\"", imagename), "./")
fmt.Println(err)
fmt.Println(outputbuf)
}
// Docker generates a docker client
func Docker() (client *Client, err error) {
var c *api.Client
if misc.ZeroOrNil(current.CertPath) {
c, err = api.NewClient(current.Endpoint)
} else {
cert := fmt.Sprintf("%s/cert.pem", current.CertPath) // X.509 Certificate
key := fmt.Sprintf("%s/key.pem", current.CertPath) // Private Key
ca := fmt.Sprintf("%s/ca.pem", current.CertPath) // Certificate authority
c, err = api.NewTLSClient(current.Endpoint, cert, key, ca)
}
if !misc.ZeroOrNil(c) {
err = c.Ping()
}
if misc.ZeroOrNil(err) {
c.SkipServerVersionCheck = true
return &Client{c, current}, nil
}
return nil, err
}
func clientFromEnv() (client *dockerapi.Client, endpointUrl *url.URL, err error) {
endpoint := getopt("DOCKER_HOST", "unix:///var/run/docker.sock")
endpointUrl, err = url.Parse(endpoint)
if err != nil {
return
}
if os.Getenv("DOCKER_TLS_VERIFY") == "" {
client, err = dockerapi.NewClient(endpoint)
} else {
certPath := os.Getenv("DOCKER_CERT_PATH")
client, err = dockerapi.NewTLSClient(endpoint,
filepath.Join(certPath, "cert.pem"),
filepath.Join(certPath, "key.pem"),
filepath.Join(certPath, "ca.pem"),
)
}
return
}
// NewClient() returns a new Docker client.
func (c *Config) NewClient() (*dc.Client, error) {
if c.Ca != "" || c.Cert != "" || c.Key != "" {
if c.Ca == "" || c.Cert == "" || c.Key == "" {
return nil, fmt.Errorf("ca_material, cert_material, and key_material must be specified")
}
return dc.NewTLSClientFromBytes(c.Host, []byte(c.Cert), []byte(c.Key), []byte(c.Ca))
}
if c.CertPath != "" {
// If there is cert information, load it and use it.
ca := filepath.Join(c.CertPath, "ca.pem")
cert := filepath.Join(c.CertPath, "cert.pem")
key := filepath.Join(c.CertPath, "key.pem")
return dc.NewTLSClient(c.Host, cert, key, ca)
}
// If there is no cert information, then just return the direct client
return dc.NewClient(c.Host)
}
func New(endpoint, certPath string) (d Docker, err error) {
var c *dockerclient.Client
if certPath != "" {
cert := fmt.Sprintf("%s/cert.pem", certPath)
key := fmt.Sprintf("%s/key.pem", certPath)
ca := fmt.Sprintf("%s/ca.pem", certPath)
c, err = dockerclient.NewTLSClient(endpoint, cert, key, ca)
} else {
c, err = dockerclient.NewClient(endpoint)
}
if err != nil {
return
}
log.Debugln("Connecting to Docker on:", endpoint)
if _, err := c.Info(); err != nil {
return d, err
}
d = Docker{client: c}
return
}
// NewDockerClient creates a new docker client from client options
func NewDockerClient(co *clientutil.ClientOptions) (client DockerClient, err error) {
tlsConfig := co.TLSConfig()
var dc *dockerclient.Client
if tlsConfig != nil {
dc, err = dockerclient.NewTLSClient(co.DaemonURL(), co.ClientCertFile(), co.ClientKeyFile(), co.CACertFile())
if err != nil {
return
}
} else {
dc, err = dockerclient.NewClient(co.DaemonURL())
if err != nil {
return
}
}
return DockerClient{
Client: dc,
options: co,
}, nil
}
// New creates a new implementation of the STI Docker interface
func New(config *api.DockerConfig, auth docker.AuthConfiguration) (Docker, error) {
var client *docker.Client
var err error
if config.CertFile != "" && config.KeyFile != "" && config.CAFile != "" {
client, err = docker.NewTLSClient(
config.Endpoint,
config.CertFile,
config.KeyFile,
config.CAFile)
} else {
client, err = docker.NewClient(config.Endpoint)
}
if err != nil {
return nil, err
}
return &stiDocker{
client: client,
pullAuth: auth,
}, nil
}
func NewSupervisor(config Config) (*Supervisor, error) {
var client *docker.Client
var err error
if config.TLS != nil {
client, err = docker.NewTLSClient(
config.DockerHost,
config.TLS.CertPath,
config.TLS.KeyPath,
config.TLS.CertAuthorityPath,
)
if err != nil {
return nil, stackerr.Wrap(err)
}
} else {
client, err = docker.NewClient(config.DockerHost)
if err != nil {
return nil, err
}
}
s := &Supervisor{Client: client}
return s, nil
}
func GetDockerClient() (*dockerclient.Client, error) {
var (
client *dockerclient.Client
err error
)
endpoint := os.Getenv("DOCKER_HOST")
if os.Getenv("DOCKER_TLS_VERIFY") == "1" {
certPath := os.Getenv("DOCKER_CERT_PATH")
cert := filepath.Join(certPath, "cert.pem")
key := filepath.Join(certPath, "key.pem")
ca := filepath.Join(certPath, "ca.pem")
client, err = dockerclient.NewTLSClient(endpoint, cert, key, ca)
} else {
client, err = dockerclient.NewClient(endpoint)
}
if err != nil {
return nil, err
}
return client, nil
}
// Creates docker client and calls an anonymous func passed as argument
// If DOCKER_CERT_PATH is set, it creates HTTPS client, otherwise defaults to HTTP
func withDockerClient(fn func(*docker.Client) error) error {
dockerEP, err := getDockerEndPoint()
if err != nil {
return err
}
dTLSCerPaths := getDockerTLSCertPaths()
// Use HTTPS client
if len(dTLSCerPaths) == 3 {
ca, cert, key := dTLSCerPaths[0], dTLSCerPaths[1], dTLSCerPaths[2]
client, err := docker.NewTLSClient(dockerEP, cert, key, ca)
if err != nil {
return err
}
return fn(client)
}
// Use plain HTTP client
client, err := docker.NewClient(dockerEP)
if err != nil {
return err
}
return fn(client)
}
// NewClient returns a new docker client or an error
func NewClient(dcfg Config) (Client, error) {
var client *docker.Client
var err error
if dcfg.Endpoint != "" {
client, err = docker.NewClient(dcfg.Endpoint)
} else if dcfg.UseBoot2Docker {
endpoint := os.Getenv("DOCKER_HOST")
if endpoint != "" {
path := os.Getenv("DOCKER_CERT_PATH")
cert := fmt.Sprintf("%s/cert.pem", path)
key := fmt.Sprintf("%s/key.pem", path)
ca := fmt.Sprintf("%s/ca.pem", path)
client, err = docker.NewTLSClient(endpoint, cert, key, ca)
}
} else {
return Client{}, errors.New("empty docker configuration")
}
if err != nil || client == nil {
return Client{dcfg, client}, err
}
return Client{dcfg, client}, client.Ping()
}
// dockerClient creates the client to interact with the docker daemon
func (d *DockerScriptCheck) dockerClient() (*docker.Client, error) {
if client != nil {
return client, nil
}
var err error
createClient.Do(func() {
if d.dockerEndpoint != "" {
if d.tlsCert+d.tlsKey+d.tlsCa != "" {
d.logger.Printf("[DEBUG] executor.checks: using TLS client connection to %s", d.dockerEndpoint)
client, err = docker.NewTLSClient(d.dockerEndpoint, d.tlsCert, d.tlsKey, d.tlsCa)
} else {
d.logger.Printf("[DEBUG] executor.checks: using standard client connection to %s", d.dockerEndpoint)
client, err = docker.NewClient(d.dockerEndpoint)
}
return
}
d.logger.Println("[DEBUG] executor.checks: using client connection initialized from environment")
client, err = docker.NewClientFromEnv()
})
return client, err
}
func newClient() (*client, error) {
defaultEndpoint := "unix:///var/run/docker.sock"
endpoint := os.Getenv("DOCKER_HOST")
if endpoint == "" {
endpoint = defaultEndpoint
}
// parse the host url from the endpoint address
host, err := parseEndpoint(endpoint)
if err != nil {
return nil, err
}
var dClient *docker.Client
certPath := os.Getenv("DOCKER_CERT_PATH")
if certPath == "" {
// connect to the local docker daemon and initialise a new API client
dClient, err = docker.NewClient(endpoint)
if err != nil {
return nil, err
}
} else {
// the docker daemon is configured to use TLS (probably using
// boot2docker), so we need to load the appropriate certificates and
// keys
ca := fmt.Sprintf("%s/ca.pem", certPath)
cert := fmt.Sprintf("%s/cert.pem", certPath)
key := fmt.Sprintf("%s/key.pem", certPath)
dClient, err = docker.NewTLSClient(endpoint, cert, key, ca)
if err != nil {
return nil, err
}
}
return &client{client: dClient, Host: host}, nil
}
// DockerClient returns dockerclient.Client which handles Docker connection.
func DockerClient(endpoint string) (*dockerclient.Client, error) {
var conn *dockerclient.Client
var err error
if endpoint == "" {
endpoint = os.Getenv("DOCKER_HOST")
if endpoint == "" {
endpoint = "unix:///var/run/docker.sock"
}
}
if connections == nil {
connections = make(map[string]*dockerclient.Client)
}
// Do not create connection if one already exist.
if existingConnection, ok := connections[endpoint]; ok && existingConnection != nil {
return existingConnection, nil
}
dockerCertPath := os.Getenv("DOCKER_CERT_PATH")
if dockerCertPath != "" {
cert := path.Join(dockerCertPath, "cert.pem")
key := path.Join(dockerCertPath, "key.pem")
ca := path.Join(dockerCertPath, "ca.pem")
conn, err = dockerclient.NewTLSClient(endpoint, cert, key, ca)
} else {
conn, err = dockerclient.NewClient(endpoint)
}
if err == nil && conn != nil {
connections[endpoint] = conn
}
return conn, err
}
func (c *Config) GetDockerClient() (*docker.Client, error) {
endpoint := c.GetDockerEndpoint()
if !c.DockerServerUseHttps {
return docker.NewClient(endpoint)
}
certPath := c.DockerCertPath
// expand if the path starts with "~/"
if strings.HasPrefix(certPath, "~/") {
home, err := homedir.Dir()
if err != nil {
return nil, fmt.Errorf("Cannot detect home directory: %v", err)
}
certPath = filepath.Join(home, certPath[2:])
}
var (
cert = filepath.Join(certPath, "cert.pem")
key = filepath.Join(certPath, "key.pem")
ca = filepath.Join(certPath, "ca.pem")
)
return docker.NewTLSClient(endpoint, cert, key, ca)
}
// Init constructor for the client wrapper
func (wrapper *FSouza_Wrapper) Init(logger log.Log, settings FSouza_ClientFactorySettings) bool {
var client *docker.Client
var err error
logger.Debug(log.VERBOSITY_DEBUG_WOAH, "Docker client conf: ", settings)
if strings.HasPrefix(settings.Host, "tcp://") {
if _, err := os.Stat(settings.CertPath); err == nil {
// TCP DOCKER CLIENT WITH CERTS
client, err = docker.NewTLSClient(
settings.Host,
path.Join(settings.CertPath, "cert.pem"),
path.Join(settings.CertPath, "key.pem"),
path.Join(settings.CertPath, "ca.pem"),
)
} else {
// TCP DOCKER CLIENT WITHOUT CERTS
client, err = docker.NewClient(settings.Host)
}
} else if strings.HasPrefix(settings.Host, "unix://") {
// TCP DOCKER CLIENT WITHOUT CERTS
client, err = docker.NewClient(settings.Host)
} else {
err = errors.New("Unknown client host :" + settings.Host)
}
if err == nil {
logger.Debug(log.VERBOSITY_DEBUG_WOAH, "FSouza Docker client created:", client)
wrapper.Client = client
return true
} else {
logger.Error(err.Error())
return false
}
}
func newDockerClient(host string) (*docker.Client, error) {
var err error
var newClient *docker.Client
dockerCertPath := os.Getenv("DOCKER_CERT_PATH")
homeDir, _ := homedir.Dir()
dockerConfigDir := path.Join(homeDir, ".docker")
_, err = os.Stat(path.Join(dockerConfigDir, "cert.pem"))
certExists := err == nil
_, err = os.Stat(path.Join(dockerConfigDir, "ca.pem"))
caExists := err == nil
_, err = os.Stat(path.Join(dockerConfigDir, "key.pem"))
keyExists := err == nil
if dockerCertPath == "" && certExists && caExists && keyExists {
dockerCertPath = dockerConfigDir
}
if dockerCertPath != "" {
cert := path.Join(dockerCertPath, "cert.pem")
key := path.Join(dockerCertPath, "key.pem")
ca := path.Join(dockerCertPath, "ca.pem")
newClient, err = docker.NewTLSClient(host, cert, key, ca)
} else {
newClient, err = docker.NewClient(host)
}
if err != nil {
return nil, err
}
return newClient, err
}
