darkkirb/harness-drone
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

updated Docker Client to accept TLS

Browse source
This commit is contained in:
Brad Rydzewski 2014-10-20 02:29:59 -07:00
parent dfb0210cf5
commit f4aa84a057
2 changed files with 86 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
shared/build/build.go
View file

@ -262,7 +262,7 @@ func (b *Builder) setup() error {
if err != nil { if err != nil {
// if we have problems with the image make sure // if we have problems with the image make sure
// we remove it before we exit // we remove it before we exit
b.dockerClient.Images.Remove(id) log.Errf("failed to verify build image %s", id)
return err return err
} }

104
shared/build/docker/client.go
View file

@ -2,6 +2,7 @@ package docker
import ( import (
"bytes" "bytes"
"crypto/tls"
"encoding/json" "encoding/json"
"errors" "errors"
"fmt" "fmt"
@ -12,6 +13,7 @@ import (
"net/http/httputil" "net/http/httputil"
"os" "os"
"strings" "strings"
"time"
"github.com/docker/docker/pkg/stdcopy" "github.com/docker/docker/pkg/stdcopy"
"github.com/docker/docker/pkg/term" "github.com/docker/docker/pkg/term"
@ -58,7 +60,45 @@ func NewHost(address string) *Client {
return c return c
} }
func NewClient(addr, cert, key string) (*Client, error) {
// generate a new Client
var cli = NewHost(addr)
cli.tls = new(tls.Config)
// this is required in order for Docker to connect
// to a certificate generated for an IP address and
// not a Domain name
cli.tls.InsecureSkipVerify = true
// loads the keyvalue pair and stores the
// cert (pem) in a certificate store (array)
pem, err := tls.LoadX509KeyPair(cert, key)
if err != nil {
return nil, err
}
cli.tls.Certificates = []tls.Certificate{pem}
// creates a transport that uses the custom tls
// configuration to securely connect to remote
// Docker clients.
cli.trans = &http.Transport{
TLSClientConfig: cli.tls,
Dial: func(dial_network, dial_addr string) (net.Conn, error) {
return net.DialTimeout(cli.proto, cli.addr, 32*time.Second)
},
}
if cli.proto == "unix" {
// no need in compressing for local communications
cli.trans.DisableCompression = true
}
return cli, nil
}
type Client struct { type Client struct {
tls *tls.Config
trans *http.Transport
proto string proto string
addr string addr string
@ -133,16 +173,10 @@ func (c *Client) do(method, path string, in, out interface{}) error {
req.Header.Set("Content-Type", "application/json") req.Header.Set("Content-Type", "application/json")
// dial the host server // dial the host server
req.Host = c.addr req.URL.Host = c.addr
dial, err := net.Dial(c.proto, c.addr) req.URL.Scheme = "http"
if err != nil {
return err
}
// make the request resp, err := c.HTTPClient().Do(req)
conn := httputil.NewClientConn(dial, nil)
resp, err := conn.Do(req)
defer conn.Close()
if err != nil { if err != nil {
return err return err
} }
@ -184,7 +218,7 @@ func (c *Client) hijack(method, path string, setRawTerminal bool, out io.Writer)
req.Header.Set("Content-Type", "plain/text") req.Header.Set("Content-Type", "plain/text")
req.Host = c.addr req.Host = c.addr
dial, err := net.Dial(c.proto, c.addr) dial, err := c.Dial()
if err != nil { if err != nil {
if strings.Contains(err.Error(), "connection refused") { if strings.Contains(err.Error(), "connection refused") {
return fmt.Errorf("Can't connect to docker daemon. Is 'docker -d' running on this host?") return fmt.Errorf("Can't connect to docker daemon. Is 'docker -d' running on this host?")
@ -239,16 +273,27 @@ func (c *Client) stream(method, path string, in io.Reader, out io.Writer, header
req.Header.Set("Content-Type", "plain/text") req.Header.Set("Content-Type", "plain/text")
// dial the host server // dial the host server
req.Host = c.addr /*
dial, err := net.Dial(c.proto, c.addr) req.Host = c.addr
if err != nil { dial, err := net.Dial(c.proto, c.addr)
return err if err != nil {
} return err
}
// make the request // make the request
conn := httputil.NewClientConn(dial, nil) conn := httputil.NewClientConn(dial, nil)
resp, err := conn.Do(req) resp, err := conn.Do(req)
defer conn.Close() defer conn.Close()
if err != nil {
return err
}
*/
// dial the host server
req.URL.Host = c.addr
req.URL.Scheme = "http"
resp, err := c.HTTPClient().Do(req)
if err != nil { if err != nil {
return err return err
} }
@ -270,6 +315,7 @@ func (c *Client) stream(method, path string, in io.Reader, out io.Writer, header
// If no output we exit now with no errors // If no output we exit now with no errors
if out == nil { if out == nil {
io.Copy(ioutil.Discard, resp.Body)
return nil return nil
} }
@ -289,3 +335,23 @@ func (c *Client) stream(method, path string, in io.Reader, out io.Writer, header
return nil return nil
} }
func (c *Client) HTTPClient() *http.Client {
if c.trans != nil {
return &http.Client{Transport: c.trans}
}
return &http.Client{
Transport: &http.Transport{
Dial: func(dial_network, dial_addr string) (net.Conn, error) {
return net.DialTimeout(c.proto, c.addr, 32*time.Second)
},
},
}
}
func (c *Client) Dial() (net.Conn, error) {
if c.tls != nil && c.proto != "unix" {
return tls.Dial(c.proto, c.addr, c.tls)
}
return net.Dial(c.proto, c.addr)
}