Skip to content
Snippets Groups Projects
Commit cd3315f5 authored by Kamil Trzcinski's avatar Kamil Trzcinski
Browse files

Allow to connect to TLS enabled Docker endpoint

parent d7221f22
No related branches found
No related tags found
No related merge requests found
v 0.2.1
- Added repo slug to build path
-
v 0.2.0 v 0.2.0
- Added delete and verify commands - Added delete and verify commands
- Limit build trace size (1MB currently) - Limit build trace size (1MB currently)
......
...@@ -15,6 +15,7 @@ import ( ...@@ -15,6 +15,7 @@ import (
type DockerConfig struct { type DockerConfig struct {
Host string `toml:"host" json:"host"` Host string `toml:"host" json:"host"`
CertPath *string `toml:"tls_cert_path" json:"tls_cert_path"`
Hostname string `toml:"hostname" json:"hostname"` Hostname string `toml:"hostname" json:"hostname"`
Image string `toml:"image" json:"image"` Image string `toml:"image" json:"image"`
Privileged bool `toml:"privileged" json:"privileged"` Privileged bool `toml:"privileged" json:"privileged"`
......
...@@ -59,6 +59,7 @@ Configuration uses TOML format described here: https://github.com/toml-lang/toml ...@@ -59,6 +59,7 @@ Configuration uses TOML format described here: https://github.com/toml-lang/toml
[runners.docker] [runners.docker]
host = "" host = ""
hostname = "" hostname = ""
tls_cert_path = "/Users/ayufan/.boot2docker/certs"
image = "ruby:2.1" image = "ruby:2.1"
privileged = false privileged = false
disable_cache = false disable_cache = false
...@@ -75,6 +76,7 @@ Configuration uses TOML format described here: https://github.com/toml-lang/toml ...@@ -75,6 +76,7 @@ Configuration uses TOML format described here: https://github.com/toml-lang/toml
This defines the Docker Container parameters: This defines the Docker Container parameters:
* `host` - specify custom Docker endpoint, by default *DOCKER_HOST* environment is used or *"unix:///var/run/docker.sock"* * `host` - specify custom Docker endpoint, by default *DOCKER_HOST* environment is used or *"unix:///var/run/docker.sock"*
* `hostname` - specify custom hostname for Docker container * `hostname` - specify custom hostname for Docker container
* `tls_cert_path` - when set it will use ca.pem, cert.pem and key.pem from that folder to make secure TLS connection to Docker (useful in boot2docker)
* `image` - use this image to run builds * `image` - use this image to run builds
* `privileged` - make container run in Privileged mode (insecure) * `privileged` - make container run in Privileged mode (insecure)
* `disable_cache` - disable automatic * `disable_cache` - disable automatic
......
...@@ -6,6 +6,7 @@ import ( ...@@ -6,6 +6,7 @@ import (
"fmt" "fmt"
"os" "os"
"path/filepath" "path/filepath"
"strconv"
"strings" "strings"
"sync" "sync"
"time" "time"
...@@ -268,19 +269,44 @@ func (s *DockerExecutor) createServices() ([]string, error) { ...@@ -268,19 +269,44 @@ func (s *DockerExecutor) createServices() ([]string, error) {
} }
func (s *DockerExecutor) connect() (*docker.Client, error) { func (s *DockerExecutor) connect() (*docker.Client, error) {
endpoint := s.Config.Docker.Host endpoint := "unix:///var/run/docker.sock"
if len(endpoint) == 0 { tlsVerify := false
endpoint = os.Getenv("DOCKER_HOST") tlsCertPath := ""
}
if len(endpoint) == 0 { if s.Config.Docker.Host != "" {
endpoint = "unix:///var/run/docker.sock" // read docker config from config
} endpoint = s.Config.Docker.Host
client, err := docker.NewClient(endpoint) if s.Config.Docker.CertPath != nil {
if err != nil { tlsVerify = true
return nil, err tlsCertPath = *s.Config.Docker.CertPath
} }
} else if host := os.Getenv("DOCKER_HOST"); host != "" {
// read docker config from environment
endpoint = host
tlsVerify, _ = strconv.ParseBool(os.Getenv("DOCKER_TLS_VERIFY"))
tlsCertPath = os.Getenv("DOCKER_CERT_PATH")
}
if tlsVerify {
client, err := docker.NewTLSClient(
endpoint,
filepath.Join(tlsCertPath, "cert.pem"),
filepath.Join(tlsCertPath, "key.pem"),
filepath.Join(tlsCertPath, "ca.pem"),
)
if err != nil {
return nil, err
}
return client, nil
} else {
client, err := docker.NewClient(endpoint)
if err != nil {
return nil, err
}
return client, nil return client, nil
}
} }
func (s *DockerExecutor) createContainer(image *docker.Image, cmd []string) (*docker.Container, error) { func (s *DockerExecutor) createContainer(image *docker.Image, cmd []string) (*docker.Container, error) {
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment