Add support for Docker TLS

This commit is contained in:
Alexander Simonov 2015-07-13 22:26:36 +03:00
parent c2755f5c00
commit 6ad042a62b
No known key found for this signature in database
GPG key ID: 5CCFFED829314C35
2 changed files with 32 additions and 2 deletions

View file

@ -8,6 +8,8 @@ import (
"io/ioutil" "io/ioutil"
"os" "os"
"time" "time"
"crypto/tls"
"crypto/x509"
"github.com/drone/drone/Godeps/_workspace/src/github.com/samalba/dockerclient" "github.com/drone/drone/Godeps/_workspace/src/github.com/samalba/dockerclient"
"github.com/drone/drone/pkg/docker" "github.com/drone/drone/pkg/docker"
@ -23,6 +25,11 @@ var (
// Docker host address from environment variable // Docker host address from environment variable
DockerHost = os.Getenv("DOCKER_HOST") DockerHost = os.Getenv("DOCKER_HOST")
// Docker TLS variables
DockerHostCa = os.Getenv("DOCKER_CA")
DockerHostKey = os.Getenv("DOCKER_KEY")
DockerHostCert = os.Getenv("DOCKER_CERT")
) )
func init() { func init() {
@ -40,6 +47,7 @@ type Runner struct {
func (r *Runner) Run(w *queue.Work) error { func (r *Runner) Run(w *queue.Work) error {
var workers []*worker var workers []*worker
var client dockerclient.Client var client dockerclient.Client
var tlc *tls.Config
defer func() { defer func() {
recover() recover()
@ -86,14 +94,34 @@ func (r *Runner) Run(w *queue.Work) error {
w.Build.Status = types.StateRunning w.Build.Status = types.StateRunning
err := r.SetBuild(w.User, w.Repo, w.Build) err := r.SetBuild(w.User, w.Repo, w.Build)
if err != nil { if err != nil {
log.Errorf("failure to set build. %s", err)
return err return err
} }
// create the Docket client TLS config
if len(DockerHostCert) > 0 && len(DockerHostKey) > 0 && len(DockerHostCa) > 0 {
cert, err := tls.LoadX509KeyPair(DockerHostCert, DockerHostKey)
if err != nil {
log.Errorf("failure to load SSL cert and key. %s", err)
}
caCert, err := ioutil.ReadFile(DockerHostCa)
if err != nil {
log.Errorf("failure to load SSL CA cert. %s", err)
}
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
tlc = &tls.Config{
Certificates: []tls.Certificate{cert},
RootCAs: caCertPool,
}
}
// create the Docker client. In this version of Drone (alpha) // create the Docker client. In this version of Drone (alpha)
// we do not spread builds across clients, but this can and // we do not spread builds across clients, but this can and
// (probably) will change in the future. // (probably) will change in the future.
client, err = dockerclient.NewDockerClient(DockerHost, nil) client, err = dockerclient.NewDockerClient(DockerHost, tlc)
if err != nil { if err != nil {
log.Errorf("failure to connect to docker. %s", err)
return err return err
} }
@ -106,6 +134,7 @@ func (r *Runner) Run(w *queue.Work) error {
job.Started = time.Now().UTC().Unix() job.Started = time.Now().UTC().Unix()
err = r.SetJob(w.Repo, w.Build, job) err = r.SetJob(w.Repo, w.Build, job)
if err != nil { if err != nil {
log.Errorf("failure to set job. %s", err)
return err return err
} }
@ -121,6 +150,7 @@ func (r *Runner) Run(w *queue.Work) error {
} }
in, err := json.Marshal(work) in, err := json.Marshal(work)
if err != nil { if err != nil {
log.Errorf("failure to marshalise work. %s", err)
return err return err
} }

View file

@ -91,7 +91,7 @@ func PostHook(c *gin.Context) {
build.Status = common.StatePending build.Status = common.StatePending
build.RepoID = repo.ID build.RepoID = repo.ID
// featch the .drone.yml file from the database // fetch the .drone.yml file from the database
raw, err := remote.Script(user, repo, build) raw, err := remote.Script(user, repo, build)
if err != nil { if err != nil {
log.Errorf("failure to get .drone.yml for %s. %s", repo.FullName, err) log.Errorf("failure to get .drone.yml for %s. %s", repo.FullName, err)