Allow to connect to docker daemons without certificates but using tls
This commit is contained in:
Jonathan Leibiusky @xetorthio
@@ -83,14 +83,16 @@ func (f *localCachedFactory) GetForInstance(instance *types.Instance) (DockerApi
|
|||||||
// Need to create client to the DinD docker daemon
|
// Need to create client to the DinD docker daemon
|
||||||
// We check if the client needs to use TLS
|
// We check if the client needs to use TLS
|
||||||
var tlsConfig *tls.Config
|
var tlsConfig *tls.Config
|
||||||
if len(instance.Cert) > 0 && len(instance.Key) > 0 {
|
if (len(instance.Cert) > 0 && len(instance.Key) > 0) || instance.Tls {
|
||||||
tlsConfig = tlsconfig.ClientDefault()
|
tlsConfig = tlsconfig.ClientDefault()
|
||||||
tlsConfig.InsecureSkipVerify = true
|
tlsConfig.InsecureSkipVerify = true
|
||||||
tlsCert, err := tls.X509KeyPair(instance.Cert, instance.Key)
|
if len(instance.Cert) > 0 && len(instance.Key) > 0 {
|
||||||
if err != nil {
|
tlsCert, err := tls.X509KeyPair(instance.Cert, instance.Key)
|
||||||
return nil, fmt.Errorf("Could not load X509 key pair: %v. Make sure the key is not encrypted", err)
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("Could not load X509 key pair: %v. Make sure the key is not encrypted", err)
|
||||||
|
}
|
||||||
|
tlsConfig.Certificates = []tls.Certificate{tlsCert}
|
||||||
}
|
}
|
||||||
tlsConfig.Certificates = []tls.Certificate{tlsCert}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
proxyUrl, _ := url.Parse("http://l2:443")
|
proxyUrl, _ := url.Parse("http://l2:443")
|
||||||
|
|||||||
@@ -41,6 +41,7 @@ type SessionSetupInstanceConf struct {
|
|||||||
IsSwarmWorker bool `json:"is_swarm_worker"`
|
IsSwarmWorker bool `json:"is_swarm_worker"`
|
||||||
Type string `json:"type"`
|
Type string `json:"type"`
|
||||||
Run [][]string `json:"run"`
|
Run [][]string `json:"run"`
|
||||||
|
Tls bool `json:"tls"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func (p *pwd) SessionNew(duration time.Duration, stack, stackName, imageName string) (*types.Session, error) {
|
func (p *pwd) SessionNew(duration time.Duration, stack, stackName, imageName string) (*types.Session, error) {
|
||||||
@@ -241,6 +242,7 @@ func (p *pwd) SessionSetup(session *types.Session, sconf SessionSetupConf) error
|
|||||||
Hostname: conf.Hostname,
|
Hostname: conf.Hostname,
|
||||||
PlaygroundFQDN: sconf.PlaygroundFQDN,
|
PlaygroundFQDN: sconf.PlaygroundFQDN,
|
||||||
Type: conf.Type,
|
Type: conf.Type,
|
||||||
|
Tls: conf.Tls,
|
||||||
}
|
}
|
||||||
i, err := p.InstanceNew(session, instanceConf)
|
i, err := p.InstanceNew(session, instanceConf)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|||||||
@@ -13,6 +13,7 @@ type Instance struct {
|
|||||||
CACert []byte `json:"ca_cert" bson:"ca_cert"`
|
CACert []byte `json:"ca_cert" bson:"ca_cert"`
|
||||||
Cert []byte `json:"cert" bson:"cert"`
|
Cert []byte `json:"cert" bson:"cert"`
|
||||||
Key []byte `json:"key" bson:"key"`
|
Key []byte `json:"key" bson:"key"`
|
||||||
|
Tls bool `json:"tls" bson:"tls"`
|
||||||
SessionId string `json:"session_id" bson:"session_id"`
|
SessionId string `json:"session_id" bson:"session_id"`
|
||||||
ProxyHost string `json:"proxy_host" bson:"proxy_host"`
|
ProxyHost string `json:"proxy_host" bson:"proxy_host"`
|
||||||
SessionHost string `json:"session_host" bson:"session_host"`
|
SessionHost string `json:"session_host" bson:"session_host"`
|
||||||
@@ -34,6 +35,7 @@ type InstanceConfig struct {
|
|||||||
CACert []byte
|
CACert []byte
|
||||||
Cert []byte
|
Cert []byte
|
||||||
Key []byte
|
Key []byte
|
||||||
|
Tls bool
|
||||||
PlaygroundFQDN string
|
PlaygroundFQDN string
|
||||||
Type string
|
Type string
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user