Add support for Docker TLS
This commit is contained in:
parent
c2755f5c00
commit
6ad042a62b
2 changed files with 32 additions and 2 deletions
|
@ -8,6 +8,8 @@ import (
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"os"
|
"os"
|
||||||
"time"
|
"time"
|
||||||
|
"crypto/tls"
|
||||||
|
"crypto/x509"
|
||||||
|
|
||||||
"github.com/drone/drone/Godeps/_workspace/src/github.com/samalba/dockerclient"
|
"github.com/drone/drone/Godeps/_workspace/src/github.com/samalba/dockerclient"
|
||||||
"github.com/drone/drone/pkg/docker"
|
"github.com/drone/drone/pkg/docker"
|
||||||
|
@ -23,6 +25,11 @@ var (
|
||||||
|
|
||||||
// Docker host address from environment variable
|
// Docker host address from environment variable
|
||||||
DockerHost = os.Getenv("DOCKER_HOST")
|
DockerHost = os.Getenv("DOCKER_HOST")
|
||||||
|
|
||||||
|
// Docker TLS variables
|
||||||
|
DockerHostCa = os.Getenv("DOCKER_CA")
|
||||||
|
DockerHostKey = os.Getenv("DOCKER_KEY")
|
||||||
|
DockerHostCert = os.Getenv("DOCKER_CERT")
|
||||||
)
|
)
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
|
@ -40,6 +47,7 @@ type Runner struct {
|
||||||
func (r *Runner) Run(w *queue.Work) error {
|
func (r *Runner) Run(w *queue.Work) error {
|
||||||
var workers []*worker
|
var workers []*worker
|
||||||
var client dockerclient.Client
|
var client dockerclient.Client
|
||||||
|
var tlc *tls.Config
|
||||||
|
|
||||||
defer func() {
|
defer func() {
|
||||||
recover()
|
recover()
|
||||||
|
@ -86,14 +94,34 @@ func (r *Runner) Run(w *queue.Work) error {
|
||||||
w.Build.Status = types.StateRunning
|
w.Build.Status = types.StateRunning
|
||||||
err := r.SetBuild(w.User, w.Repo, w.Build)
|
err := r.SetBuild(w.User, w.Repo, w.Build)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
log.Errorf("failure to set build. %s", err)
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// create the Docket client TLS config
|
||||||
|
if len(DockerHostCert) > 0 && len(DockerHostKey) > 0 && len(DockerHostCa) > 0 {
|
||||||
|
cert, err := tls.LoadX509KeyPair(DockerHostCert, DockerHostKey)
|
||||||
|
if err != nil {
|
||||||
|
log.Errorf("failure to load SSL cert and key. %s", err)
|
||||||
|
}
|
||||||
|
caCert, err := ioutil.ReadFile(DockerHostCa)
|
||||||
|
if err != nil {
|
||||||
|
log.Errorf("failure to load SSL CA cert. %s", err)
|
||||||
|
}
|
||||||
|
caCertPool := x509.NewCertPool()
|
||||||
|
caCertPool.AppendCertsFromPEM(caCert)
|
||||||
|
tlc = &tls.Config{
|
||||||
|
Certificates: []tls.Certificate{cert},
|
||||||
|
RootCAs: caCertPool,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// create the Docker client. In this version of Drone (alpha)
|
// create the Docker client. In this version of Drone (alpha)
|
||||||
// we do not spread builds across clients, but this can and
|
// we do not spread builds across clients, but this can and
|
||||||
// (probably) will change in the future.
|
// (probably) will change in the future.
|
||||||
client, err = dockerclient.NewDockerClient(DockerHost, nil)
|
client, err = dockerclient.NewDockerClient(DockerHost, tlc)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
log.Errorf("failure to connect to docker. %s", err)
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -106,6 +134,7 @@ func (r *Runner) Run(w *queue.Work) error {
|
||||||
job.Started = time.Now().UTC().Unix()
|
job.Started = time.Now().UTC().Unix()
|
||||||
err = r.SetJob(w.Repo, w.Build, job)
|
err = r.SetJob(w.Repo, w.Build, job)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
log.Errorf("failure to set job. %s", err)
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -121,6 +150,7 @@ func (r *Runner) Run(w *queue.Work) error {
|
||||||
}
|
}
|
||||||
in, err := json.Marshal(work)
|
in, err := json.Marshal(work)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
log.Errorf("failure to marshalise work. %s", err)
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -91,7 +91,7 @@ func PostHook(c *gin.Context) {
|
||||||
build.Status = common.StatePending
|
build.Status = common.StatePending
|
||||||
build.RepoID = repo.ID
|
build.RepoID = repo.ID
|
||||||
|
|
||||||
// featch the .drone.yml file from the database
|
// fetch the .drone.yml file from the database
|
||||||
raw, err := remote.Script(user, repo, build)
|
raw, err := remote.Script(user, repo, build)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Errorf("failure to get .drone.yml for %s. %s", repo.FullName, err)
|
log.Errorf("failure to get .drone.yml for %s. %s", repo.FullName, err)
|
||||||
|
|
Loading…
Reference in a new issue