diff options
| author | valerijf <valerijf@yahoo-inc.com> | 2016-09-06 12:43:29 +0200 |
|---|---|---|
| committer | valerijf <valerijf@yahoo-inc.com> | 2016-09-07 11:25:32 +0200 |
| commit | 47285f00ce3a2106c5197b2c8970fd178ab7a0a0 (patch) | |
| tree | 2aa7f8c735fcf97745f7052ee1207ae33b726e52 /docker-api | |
| parent | 8444f7f7f2bd7dac013c55fe9bc9708a78025ebe (diff) | |
Added function to read DockerConfig and enable TLS if needed
Diffstat (limited to 'docker-api')
| -rw-r--r-- | docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerImpl.java | 23 | ||||
| -rw-r--r-- | docker-api/src/main/resources/configdefinitions/docker.def | 8 |
2 files changed, 24 insertions, 7 deletions
diff --git a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerImpl.java b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerImpl.java index 52dce13238b..b2384fbca7e 100644 --- a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerImpl.java +++ b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerImpl.java @@ -21,6 +21,7 @@ import com.yahoo.vespa.applicationmodel.HostName; import javax.annotation.concurrent.GuardedBy; import java.io.ByteArrayOutputStream; +import java.net.URI; import java.util.Arrays; import java.util.Collections; import java.util.HashMap; @@ -72,7 +73,8 @@ public class DockerImpl implements Docker { RemoteApiVersion remoteApiVersion; try { - remoteApiVersion = RemoteApiVersion.parseConfig(DockerClientImpl.getInstance() + remoteApiVersion = RemoteApiVersion.parseConfig(DockerClientImpl.getInstance( + buildDockerClientConfig(config).build()) .withDockerCmdExecFactory(dockerFactory).versionCmd().exec().getApiVersion()); logger.info("Found version of remote docker API: "+ remoteApiVersion); // From version 1.24 a field was removed which causes trouble with the current docker java code. @@ -86,13 +88,28 @@ public class DockerImpl implements Docker { remoteApiVersion = RemoteApiVersion.VERSION_1_23; } - this.dockerClient = DockerClientImpl.getInstance(new DefaultDockerClientConfig.Builder() - .withDockerHost(config.uri()) + this.dockerClient = DockerClientImpl.getInstance( + buildDockerClientConfig(config) .withApiVersion(remoteApiVersion) .build()) .withDockerCmdExecFactory(dockerFactory); } + static DefaultDockerClientConfig.Builder buildDockerClientConfig(DockerConfig config) { + DefaultDockerClientConfig.Builder dockerConfigBuilder = new DefaultDockerClientConfig.Builder() + .withDockerHost(config.uri()); + + if (URI.create(config.uri()).getScheme().equals("tcp") && !config.caCertPath().isEmpty()) { + // In current version of docker-java (3.0.2), withDockerTlsVerify() only effect is when using it together + // with withDockerCertPath(), where setting withDockerTlsVerify() must be set to true, otherwise the + // cert path parameter will be ignored. + // withDockerTlsVerify() has no effect when used with withCustomSslConfig() + dockerConfigBuilder.withCustomSslConfig(new VespaSSLConfig(config)); + } + + return dockerConfigBuilder; + } + @Override public CompletableFuture<DockerImage> pullImageAsync(final DockerImage image) { final CompletableFuture<DockerImage> completionListener; diff --git a/docker-api/src/main/resources/configdefinitions/docker.def b/docker-api/src/main/resources/configdefinitions/docker.def index c0173d1530b..85914f1a9d8 100644 --- a/docker-api/src/main/resources/configdefinitions/docker.def +++ b/docker-api/src/main/resources/configdefinitions/docker.def @@ -1,7 +1,7 @@ # Copyright 2016 Yahoo Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. namespace=vespa.hosted.dockerapi -caCertPath string -clientCertPath string -clientKeyPath string -uri string default = "tcp://127.0.0.1:2376" +caCertPath string default = "" +clientCertPath string default = "" +clientKeyPath string default = "" +uri string default = "unix:///host/var/run/docker.sock" |