Commit cd3315f5 authored by Kamil Trzciński's avatar Kamil Trzciński 💬

Allow to connect to TLS enabled Docker endpoint

parent d7221f22
Pipeline #20167 passed with stage
v 0.2.1
- Added repo slug to build path
-
v 0.2.0
- Added delete and verify commands
- Limit build trace size (1MB currently)
......
......@@ -15,6 +15,7 @@ import (
type DockerConfig struct {
Host string `toml:"host" json:"host"`
CertPath *string `toml:"tls_cert_path" json:"tls_cert_path"`
Hostname string `toml:"hostname" json:"hostname"`
Image string `toml:"image" json:"image"`
Privileged bool `toml:"privileged" json:"privileged"`
......
......@@ -59,6 +59,7 @@ Configuration uses TOML format described here: https://github.com/toml-lang/toml
[runners.docker]
host = ""
hostname = ""
tls_cert_path = "/Users/ayufan/.boot2docker/certs"
image = "ruby:2.1"
privileged = false
disable_cache = false
......@@ -75,6 +76,7 @@ Configuration uses TOML format described here: https://github.com/toml-lang/toml
This defines the Docker Container parameters:
* `host` - specify custom Docker endpoint, by default *DOCKER_HOST* environment is used or *"unix:///var/run/docker.sock"*
* `hostname` - specify custom hostname for Docker container
* `tls_cert_path` - when set it will use ca.pem, cert.pem and key.pem from that folder to make secure TLS connection to Docker (useful in boot2docker)
* `image` - use this image to run builds
* `privileged` - make container run in Privileged mode (insecure)
* `disable_cache` - disable automatic
......
......@@ -6,6 +6,7 @@ import (
"fmt"
"os"
"path/filepath"
"strconv"
"strings"
"sync"
"time"
......@@ -268,19 +269,44 @@ func (s *DockerExecutor) createServices() ([]string, error) {
}
func (s *DockerExecutor) connect() (*docker.Client, error) {
endpoint := s.Config.Docker.Host
if len(endpoint) == 0 {
endpoint = os.Getenv("DOCKER_HOST")
}
if len(endpoint) == 0 {
endpoint = "unix:///var/run/docker.sock"
}
client, err := docker.NewClient(endpoint)
if err != nil {
return nil, err
}
endpoint := "unix:///var/run/docker.sock"
tlsVerify := false
tlsCertPath := ""
if s.Config.Docker.Host != "" {
// read docker config from config
endpoint = s.Config.Docker.Host
if s.Config.Docker.CertPath != nil {
tlsVerify = true
tlsCertPath = *s.Config.Docker.CertPath
}
} else if host := os.Getenv("DOCKER_HOST"); host != "" {
// read docker config from environment
endpoint = host
tlsVerify, _ = strconv.ParseBool(os.Getenv("DOCKER_TLS_VERIFY"))
tlsCertPath = os.Getenv("DOCKER_CERT_PATH")
}
if tlsVerify {
client, err := docker.NewTLSClient(
endpoint,
filepath.Join(tlsCertPath, "cert.pem"),
filepath.Join(tlsCertPath, "key.pem"),
filepath.Join(tlsCertPath, "ca.pem"),
)
if err != nil {
return nil, err
}
return client, nil
} else {
client, err := docker.NewClient(endpoint)
if err != nil {
return nil, err
}
return client, nil
return client, nil
}
}
func (s *DockerExecutor) createContainer(image *docker.Image, cmd []string) (*docker.Container, error) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment