// CreateClient creates a docker client based on the specified options.
func CreateClient(c ClientOpts) (*dockerclient.Client, error) {
if c.TLSOptions.CAFile == "" {
c.TLSOptions.CAFile = filepath.Join(dockerCertPath, defaultCaFile)
}
if c.TLSOptions.CertFile == "" {
c.TLSOptions.CertFile = filepath.Join(dockerCertPath, defaultCertFile)
}
if c.TLSOptions.KeyFile == "" {
c.TLSOptions.KeyFile = filepath.Join(dockerCertPath, defaultKeyFile)
}
if c.Host == "" {
defaultHost := os.Getenv("DOCKER_HOST")
if defaultHost == "" {
if runtime.GOOS != "windows" {
// If we do not have a host, default to unix socket
defaultHost = fmt.Sprintf("unix://%s", opts.DefaultUnixSocket)
} else {
// If we do not have a host, default to TCP socket on Windows
defaultHost = fmt.Sprintf("tcp://%s:%d", opts.DefaultHTTPHost, opts.DefaultHTTPPort)
}
}
defaultHost, err := opts.ValidateHost(defaultHost)
if err != nil {
return nil, err
}
c.Host = defaultHost
}
if c.TrustKey == "" {
c.TrustKey = filepath.Join(homedir.Get(), ".docker", defaultTrustKeyFile)
}
if c.TLSVerify {
c.TLS = true
}
if c.TLS {
c.TLSOptions.InsecureSkipVerify = !c.TLSVerify
}
apiVersion := c.APIVersion
if apiVersion == "" {
apiVersion = DefaultAPIVersion
}
if c.TLS {
client, err := dockerclient.NewVersionedTLSClient(c.Host, c.TLSOptions.CertFile, c.TLSOptions.KeyFile, c.TLSOptions.CAFile, apiVersion)
if err != nil {
return nil, err
}
if c.TLSOptions.InsecureSkipVerify {
client.TLSConfig.InsecureSkipVerify = true
}
return client, nil
}
return dockerclient.NewVersionedClient(c.Host, apiVersion)
}
// Client returns a Docker client for the given Docker machine
func Client(name string) (*docker.Client, error) {
output, _, err := localcmd.New(dockerMachineBinary()).Args("env", name).Output()
if err != nil {
return nil, ErrDockerMachineExec("env", err)
}
scanner := bufio.NewScanner(bytes.NewBufferString(output))
var (
dockerHost, certPath string
tlsVerify bool
)
prefix := "export "
if runtime.GOOS == "windows" {
prefix = "SET "
}
for scanner.Scan() {
line := scanner.Text()
if strings.HasPrefix(line, prefix) {
line = strings.TrimPrefix(line, prefix)
parts := strings.SplitN(line, "=", 2)
if len(parts) != 2 {
continue
}
switch strings.ToUpper(parts[0]) {
case "DOCKER_HOST":
dockerHost = strings.Trim(parts[1], "\"")
case "DOCKER_CERT_PATH":
certPath = strings.Trim(parts[1], "\"")
case "DOCKER_TLS_VERIFY":
tlsVerify = len(parts[1]) > 0
}
}
}
var client *docker.Client
if tlsVerify {
cert := filepath.Join(certPath, "cert.pem")
key := filepath.Join(certPath, "key.pem")
ca := filepath.Join(certPath, "ca.pem")
client, err = docker.NewVersionedTLSClient(dockerHost, cert, key, ca, "")
} else {
client, err = docker.NewVersionedClient(dockerHost, "")
}
if err != nil {
return nil, errors.NewError("could not get Docker client for machine %s", name).WithCause(err)
}
client.SkipServerVersionCheck = true
return client, nil
}
// Client returns a Docker client for the given Docker machine
func Client(name string) (*docker.Client, *dockerclient.Client, error) {
output, _, err := localcmd.New(dockerMachineBinary()).Args("env", name).Output()
if err != nil {
return nil, nil, ErrDockerMachineExec("env", err)
}
scanner := bufio.NewScanner(bytes.NewBufferString(output))
var (
dockerHost, certPath string
tlsVerify bool
)
prefix := "export "
if runtime.GOOS == "windows" {
prefix = "SET "
}
for scanner.Scan() {
line := scanner.Text()
if strings.HasPrefix(line, prefix) {
line = strings.TrimPrefix(line, prefix)
parts := strings.SplitN(line, "=", 2)
if len(parts) != 2 {
continue
}
switch strings.ToUpper(parts[0]) {
case "DOCKER_HOST":
dockerHost = strings.Trim(parts[1], "\"")
case "DOCKER_CERT_PATH":
certPath = strings.Trim(parts[1], "\"")
case "DOCKER_TLS_VERIFY":
tlsVerify = len(parts[1]) > 0
}
}
}
var client *docker.Client
if len(certPath) > 0 {
cert := filepath.Join(certPath, "cert.pem")
key := filepath.Join(certPath, "key.pem")
ca := filepath.Join(certPath, "ca.pem")
client, err = docker.NewVersionedTLSClient(dockerHost, cert, key, ca, "")
} else {
client, err = docker.NewVersionedClient(dockerHost, "")
}
if err != nil {
return nil, nil, errors.NewError("could not get Docker client for machine %s", name).WithCause(err)
}
client.SkipServerVersionCheck = true
var httpClient *http.Client
if len(certPath) > 0 {
tlscOptions := tlsconfig.Options{
CAFile: filepath.Join(certPath, "ca.pem"),
CertFile: filepath.Join(certPath, "cert.pem"),
KeyFile: filepath.Join(certPath, "key.pem"),
InsecureSkipVerify: !tlsVerify,
}
tlsc, tlsErr := tlsconfig.Client(tlscOptions)
if tlsErr != nil {
return nil, nil, errors.NewError("could not create TLS config client for machine %s", name).WithCause(tlsErr)
}
httpClient = &http.Client{
Transport: net.SetTransportDefaults(&http.Transport{
TLSClientConfig: tlsc,
}),
}
}
engineAPIClient, err := dockerclient.NewClient(dockerHost, "", httpClient, nil)
if err != nil {
return nil, nil, errors.NewError("cannot create Docker engine API client").WithCause(err)
}
return client, engineAPIClient, nil
}