Skip to content
Snippets Groups Projects
Commit cd3315f5 authored by Kamil Trzcinski's avatar Kamil Trzcinski
Browse files

Allow to connect to TLS enabled Docker endpoint

parent d7221f22
No related branches found
No related tags found
No related merge requests found
v 0.2.1
- Added repo slug to build path
-
v 0.2.0
- Added delete and verify commands
- Limit build trace size (1MB currently)
......
......@@ -15,6 +15,7 @@ import (
type DockerConfig struct {
Host string `toml:"host" json:"host"`
CertPath *string `toml:"tls_cert_path" json:"tls_cert_path"`
Hostname string `toml:"hostname" json:"hostname"`
Image string `toml:"image" json:"image"`
Privileged bool `toml:"privileged" json:"privileged"`
......
......@@ -59,6 +59,7 @@ Configuration uses TOML format described here: https://github.com/toml-lang/toml
[runners.docker]
host = ""
hostname = ""
tls_cert_path = "/Users/ayufan/.boot2docker/certs"
image = "ruby:2.1"
privileged = false
disable_cache = false
......@@ -75,6 +76,7 @@ Configuration uses TOML format described here: https://github.com/toml-lang/toml
This defines the Docker Container parameters:
* `host` - specify custom Docker endpoint, by default *DOCKER_HOST* environment is used or *"unix:///var/run/docker.sock"*
* `hostname` - specify custom hostname for Docker container
* `tls_cert_path` - when set it will use ca.pem, cert.pem and key.pem from that folder to make secure TLS connection to Docker (useful in boot2docker)
* `image` - use this image to run builds
* `privileged` - make container run in Privileged mode (insecure)
* `disable_cache` - disable automatic
......
......@@ -6,6 +6,7 @@ import (
"fmt"
"os"
"path/filepath"
"strconv"
"strings"
"sync"
"time"
......@@ -268,19 +269,44 @@ func (s *DockerExecutor) createServices() ([]string, error) {
}
func (s *DockerExecutor) connect() (*docker.Client, error) {
endpoint := s.Config.Docker.Host
if len(endpoint) == 0 {
endpoint = os.Getenv("DOCKER_HOST")
}
if len(endpoint) == 0 {
endpoint = "unix:///var/run/docker.sock"
}
client, err := docker.NewClient(endpoint)
if err != nil {
return nil, err
}
endpoint := "unix:///var/run/docker.sock"
tlsVerify := false
tlsCertPath := ""
if s.Config.Docker.Host != "" {
// read docker config from config
endpoint = s.Config.Docker.Host
if s.Config.Docker.CertPath != nil {
tlsVerify = true
tlsCertPath = *s.Config.Docker.CertPath
}
} else if host := os.Getenv("DOCKER_HOST"); host != "" {
// read docker config from environment
endpoint = host
tlsVerify, _ = strconv.ParseBool(os.Getenv("DOCKER_TLS_VERIFY"))
tlsCertPath = os.Getenv("DOCKER_CERT_PATH")
}
if tlsVerify {
client, err := docker.NewTLSClient(
endpoint,
filepath.Join(tlsCertPath, "cert.pem"),
filepath.Join(tlsCertPath, "key.pem"),
filepath.Join(tlsCertPath, "ca.pem"),
)
if err != nil {
return nil, err
}
return client, nil
} else {
client, err := docker.NewClient(endpoint)
if err != nil {
return nil, err
}
return client, nil
return client, nil
}
}
func (s *DockerExecutor) createContainer(image *docker.Image, cmd []string) (*docker.Container, error) {
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment