kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Make default tls host work

Browse source 
Signed-off-by: Lei Jitang <leijitang@huawei.com>
This commit is contained in:
Lei Jitang 2015-10-19 21:17:37 +08:00
parent bab701c143
commit fbb01b8162
8 changed files with 152 additions and 66 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
api/client/cli.go
View file

@ -112,8 +112,13 @@ func NewDockerCli(in io.ReadCloser, out, err io.Writer, clientFlags *cli.ClientF
return errors.New("Please specify only one -H") return errors.New("Please specify only one -H")
} }
defaultHost := opts.DefaultTCPHost
if clientFlags.Common.TLSOptions != nil {
defaultHost = opts.DefaultTLSHost
}
var e error var e error
if hosts[0], e = opts.ParseHost(hosts[0]); e != nil { if hosts[0], e = opts.ParseHost(defaultHost, hosts[0]); e != nil {
return e return e
} }

4
docker/daemon.go
View file

@ -210,6 +210,7 @@ func (cli *DaemonCli) CmdDaemon(args ...string) error {
} }
serverConfig = setPlatformServerConfig(serverConfig, cli.Config) serverConfig = setPlatformServerConfig(serverConfig, cli.Config)
defaultHost := opts.DefaultHost
if commonFlags.TLSOptions != nil { if commonFlags.TLSOptions != nil {
if !commonFlags.TLSOptions.InsecureSkipVerify { if !commonFlags.TLSOptions.InsecureSkipVerify {
// server requires and verifies client's certificate // server requires and verifies client's certificate
@ -220,6 +221,7 @@ func (cli *DaemonCli) CmdDaemon(args ...string) error {
logrus.Fatal(err) logrus.Fatal(err)
} }
serverConfig.TLSConfig = tlsConfig serverConfig.TLSConfig = tlsConfig
defaultHost = opts.DefaultTLSHost
} }
if len(commonFlags.Hosts) == 0 { if len(commonFlags.Hosts) == 0 {
@ -227,7 +229,7 @@ func (cli *DaemonCli) CmdDaemon(args ...string) error {
} }
for i := 0; i < len(commonFlags.Hosts); i++ { for i := 0; i < len(commonFlags.Hosts); i++ {
var err error var err error
if commonFlags.Hosts[i], err = opts.ParseHost(commonFlags.Hosts[i]); err != nil { if commonFlags.Hosts[i], err = opts.ParseHost(defaultHost, commonFlags.Hosts[i]); err != nil {
logrus.Fatalf("error parsing -H %s : %v", commonFlags.Hosts[i], err) logrus.Fatalf("error parsing -H %s : %v", commonFlags.Hosts[i], err)
} }
} }

34
integration-cli/docker_cli_daemon_test.go
View file

@ -1723,3 +1723,37 @@ func (s *DockerDaemonSuite) TestDaemonStartWithoutHost(c *check.C) {
}() }()
c.Assert(s.d.Start(), check.IsNil) c.Assert(s.d.Start(), check.IsNil)
} }
func (s *DockerDaemonSuite) TestDaemonStartWithDefalutTlsHost(c *check.C) {
s.d.useDefaultTLSHost = true
defer func() {
s.d.useDefaultTLSHost = false
}()
if err := s.d.Start(
"--tlsverify",
"--tlscacert", "fixtures/https/ca.pem",
"--tlscert", "fixtures/https/server-cert.pem",
"--tlskey", "fixtures/https/server-key.pem"); err != nil {
c.Fatalf("Could not start daemon: %v", err)
}
// The client with --tlsverify should also use default host localhost:2376
tmpHost := os.Getenv("DOCKER_HOST")
defer func() {
os.Setenv("DOCKER_HOST", tmpHost)
}()
os.Setenv("DOCKER_HOST", "")
out, _ := dockerCmd(
c,
"--tlsverify",
"--tlscacert", "fixtures/https/ca.pem",
"--tlscert", "fixtures/https/client-cert.pem",
"--tlskey", "fixtures/https/client-key.pem",
"version",
)
if !strings.Contains(out, "Server") {
c.Fatalf("docker version should return information of server side")
}
}

121
integration-cli/docker_utils.go
View file

@ -26,7 +26,9 @@ import (
"github.com/docker/docker/pkg/httputils" "github.com/docker/docker/pkg/httputils"
"github.com/docker/docker/pkg/integration" "github.com/docker/docker/pkg/integration"
"github.com/docker/docker/pkg/ioutils" "github.com/docker/docker/pkg/ioutils"
"github.com/docker/docker/pkg/sockets"
"github.com/docker/docker/pkg/stringutils" "github.com/docker/docker/pkg/stringutils"
"github.com/docker/docker/pkg/tlsconfig"
"github.com/go-check/check" "github.com/go-check/check"
) )
@ -37,19 +39,26 @@ type Daemon struct {
Command string Command string
GlobalFlags []string GlobalFlags []string
id string id string
c *check.C c *check.C
logFile *os.File logFile *os.File
folder string folder string
root string root string
stdin io.WriteCloser stdin io.WriteCloser
stdout, stderr io.ReadCloser stdout, stderr io.ReadCloser
cmd *exec.Cmd cmd *exec.Cmd
storageDriver string storageDriver string
execDriver string execDriver string
wait chan error wait chan error
userlandProxy bool userlandProxy bool
useDefaultHost bool useDefaultHost bool
useDefaultTLSHost bool
}
type clientConfig struct {
transport *http.Transport
scheme string
addr string
} }
// NewDaemon returns a Daemon instance to be used for testing. // NewDaemon returns a Daemon instance to be used for testing.
@ -86,6 +95,50 @@ func NewDaemon(c *check.C) *Daemon {
} }
} }
func (d *Daemon) getClientConfig() (*clientConfig, error) {
var (
transport *http.Transport
scheme string
addr string
proto string
)
if d.useDefaultTLSHost {
option := &tlsconfig.Options{
CAFile: "fixtures/https/ca.pem",
CertFile: "fixtures/https/client-cert.pem",
KeyFile: "fixtures/https/client-key.pem",
}
tlsConfig, err := tlsconfig.Client(*option)
if err != nil {
return nil, err
}
transport = &http.Transport{
TLSClientConfig: tlsConfig,
}
addr = fmt.Sprintf("%s:%d", opts.DefaultHTTPHost, opts.DefaultTLSHTTPPort)
scheme = "https"
proto = "tcp"
} else if d.useDefaultHost {
addr = opts.DefaultUnixSocket
proto = "unix"
scheme = "http"
transport = &http.Transport{}
} else {
addr = filepath.Join(d.folder, "docker.sock")
proto = "unix"
scheme = "http"
transport = &http.Transport{}
}
sockets.ConfigureTCPTransport(transport, proto, addr)
return &clientConfig{
transport: transport,
scheme: scheme,
addr: addr,
}, nil
}
// Start will start the daemon and return once it is ready to receive requests. // Start will start the daemon and return once it is ready to receive requests.
// You can specify additional daemon flags. // You can specify additional daemon flags.
func (d *Daemon) Start(arg ...string) error { func (d *Daemon) Start(arg ...string) error {
@ -98,7 +151,7 @@ func (d *Daemon) Start(arg ...string) error {
"--pidfile", fmt.Sprintf("%s/docker.pid", d.folder), "--pidfile", fmt.Sprintf("%s/docker.pid", d.folder),
fmt.Sprintf("--userland-proxy=%t", d.userlandProxy), fmt.Sprintf("--userland-proxy=%t", d.userlandProxy),
) )
if !d.useDefaultHost { if !(d.useDefaultHost || d.useDefaultTLSHost) {
args = append(args, []string{"--host", d.sock()}...) args = append(args, []string{"--host", d.sock()}...)
} }
if root := os.Getenv("DOCKER_REMAP_ROOT"); root != "" { if root := os.Getenv("DOCKER_REMAP_ROOT"); root != "" {
@ -160,25 +213,19 @@ func (d *Daemon) Start(arg ...string) error {
case <-time.After(2 * time.Second): case <-time.After(2 * time.Second):
return fmt.Errorf("[%s] timeout: daemon does not respond", d.id) return fmt.Errorf("[%s] timeout: daemon does not respond", d.id)
case <-tick: case <-tick:
var ( clientConfig, err := d.getClientConfig()
c net.Conn
err error
)
if d.useDefaultHost {
c, err = net.Dial("unix", "/var/run/docker.sock")
} else {
c, err = net.Dial("unix", filepath.Join(d.folder, "docker.sock"))
}
if err != nil { if err != nil {
continue return err
} }
client := httputil.NewClientConn(c, nil) client := &http.Client{
defer client.Close() Transport: clientConfig.transport,
}
req, err := http.NewRequest("GET", "/_ping", nil) req, err := http.NewRequest("GET", "/_ping", nil)
d.c.Assert(err, check.IsNil, check.Commentf("[%s] could not create new request", d.id)) d.c.Assert(err, check.IsNil, check.Commentf("[%s] could not create new request", d.id))
req.URL.Host = clientConfig.addr
req.URL.Scheme = clientConfig.scheme
resp, err := client.Do(req) resp, err := client.Do(req)
if err != nil { if err != nil {
continue continue
@ -289,34 +336,28 @@ func (d *Daemon) Restart(arg ...string) error {
func (d *Daemon) queryRootDir() (string, error) { func (d *Daemon) queryRootDir() (string, error) {
// update daemon root by asking /info endpoint (to support user // update daemon root by asking /info endpoint (to support user
// namespaced daemon with root remapped uid.gid directory) // namespaced daemon with root remapped uid.gid directory)
var ( clientConfig, err := d.getClientConfig()
conn net.Conn
err error
)
if d.useDefaultHost {
conn, err = net.Dial("unix", "/var/run/docker.sock")
} else {
conn, err = net.Dial("unix", filepath.Join(d.folder, "docker.sock"))
}
if err != nil { if err != nil {
return "", err return "", err
} }
client := httputil.NewClientConn(conn, nil)
client := &http.Client{
Transport: clientConfig.transport,
}
req, err := http.NewRequest("GET", "/info", nil) req, err := http.NewRequest("GET", "/info", nil)
if err != nil { if err != nil {
client.Close()
return "", err return "", err
} }
req.Header.Set("Content-Type", "application/json") req.Header.Set("Content-Type", "application/json")
req.URL.Host = clientConfig.addr
req.URL.Scheme = clientConfig.scheme
resp, err := client.Do(req) resp, err := client.Do(req)
if err != nil { if err != nil {
client.Close()
return "", err return "", err
} }
body := ioutils.NewReadCloserWrapper(resp.Body, func() error { body := ioutils.NewReadCloserWrapper(resp.Body, func() error {
defer client.Close()
return resp.Body.Close() return resp.Body.Close()
}) })

8
opts/opts.go
View file

@ -16,7 +16,7 @@ var (
alphaRegexp = regexp.MustCompile(`[a-zA-Z]`) alphaRegexp = regexp.MustCompile(`[a-zA-Z]`)
domainRegexp = regexp.MustCompile(`^(:?(:?[a-zA-Z0-9]|(:?[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9]))(:?\.(:?[a-zA-Z0-9]|(:?[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])))*)\.?\s*$`) domainRegexp = regexp.MustCompile(`^(:?(:?[a-zA-Z0-9]|(:?[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9]))(:?\.(:?[a-zA-Z0-9]|(:?[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])))*)\.?\s*$`)
// DefaultHTTPHost Default HTTP Host used if only port is provided to -H flag e.g. docker daemon -H tcp://:8080 // DefaultHTTPHost Default HTTP Host used if only port is provided to -H flag e.g. docker daemon -H tcp://:8080
DefaultHTTPHost = "127.0.0.1" DefaultHTTPHost = "localhost"
// DefaultHTTPPort Default HTTP Port used if only the protocol is provided to -H flag e.g. docker daemon -H tcp:// // DefaultHTTPPort Default HTTP Port used if only the protocol is provided to -H flag e.g. docker daemon -H tcp://
// TODO Windows. DefaultHTTPPort is only used on Windows if a -H parameter // TODO Windows. DefaultHTTPPort is only used on Windows if a -H parameter
@ -342,7 +342,7 @@ func ValidateLabel(val string) (string, error) {
// ValidateHost validates that the specified string is a valid host and returns it. // ValidateHost validates that the specified string is a valid host and returns it.
func ValidateHost(val string) (string, error) { func ValidateHost(val string) (string, error) {
_, err := parsers.ParseDockerDaemonHost(DefaultTCPHost, DefaultUnixSocket, val) _, err := parsers.ParseDockerDaemonHost(DefaultTCPHost, DefaultTLSHost, DefaultUnixSocket, "", val)
if err != nil { if err != nil {
return val, err return val, err
} }
@ -352,8 +352,8 @@ func ValidateHost(val string) (string, error) {
} }
// ParseHost and set defaults for a Daemon host string // ParseHost and set defaults for a Daemon host string
func ParseHost(val string) (string, error) { func ParseHost(defaultHost, val string) (string, error) {
host, err := parsers.ParseDockerDaemonHost(DefaultTCPHost, DefaultUnixSocket, val) host, err := parsers.ParseDockerDaemonHost(DefaultTCPHost, DefaultTLSHost, DefaultUnixSocket, defaultHost, val)
if err != nil { if err != nil {
return val, err return val, err
} }

10
opts/opts_test.go
View file

@ -445,9 +445,9 @@ func TestParseHost(t *testing.T) {
"fd://": "fd://", "fd://": "fd://",
"fd://something": "fd://something", "fd://something": "fd://something",
"tcp://host:": "tcp://host:2375", "tcp://host:": "tcp://host:2375",
"tcp://": "tcp://127.0.0.1:2375", "tcp://": "tcp://localhost:2375",
"tcp://:2375": "tcp://127.0.0.1:2375", // default ip address "tcp://:2375": "tcp://localhost:2375", // default ip address
"tcp://:2376": "tcp://127.0.0.1:2376", // default ip address "tcp://:2376": "tcp://localhost:2376", // default ip address
"tcp://0.0.0.0:8080": "tcp://0.0.0.0:8080", "tcp://0.0.0.0:8080": "tcp://0.0.0.0:8080",
"tcp://192.168.0.0:12000": "tcp://192.168.0.0:12000", "tcp://192.168.0.0:12000": "tcp://192.168.0.0:12000",
"tcp://192.168:8080": "tcp://192.168:8080", "tcp://192.168:8080": "tcp://192.168:8080",
@ -458,12 +458,12 @@ func TestParseHost(t *testing.T) {
} }
for value, errorMessage := range invalid { for value, errorMessage := range invalid {
if _, err := ParseHost(value); err == nil || err.Error() != errorMessage { if _, err := ParseHost(defaultHTTPHost, value); err == nil || err.Error() != errorMessage {
t.Fatalf("Expected an error for %v with [%v], got [%v]", value, errorMessage, err) t.Fatalf("Expected an error for %v with [%v], got [%v]", value, errorMessage, err)
} }
} }
for value, expected := range valid { for value, expected := range valid {
if actual, err := ParseHost(value); err != nil || actual != expected { if actual, err := ParseHost(defaultHTTPHost, value); err != nil || actual != expected {
t.Fatalf("Expected for %v [%v], got [%v, %v]", value, expected, actual, err) t.Fatalf("Expected for %v [%v], got [%v, %v]", value, expected, actual, err)
} }
} }

5
pkg/parsers/parsers.go
View file

@ -17,9 +17,12 @@ import (
// Depending of the address specified, will use the defaultTCPAddr or defaultUnixAddr // Depending of the address specified, will use the defaultTCPAddr or defaultUnixAddr
// defaultUnixAddr must be a absolute file path (no `unix://` prefix) // defaultUnixAddr must be a absolute file path (no `unix://` prefix)
// defaultTCPAddr must be the full `tcp://host:port` form // defaultTCPAddr must be the full `tcp://host:port` form
func ParseDockerDaemonHost(defaultTCPAddr, defaultUnixAddr, addr string) (string, error) { func ParseDockerDaemonHost(defaultTCPAddr, defaultTLSHost, defaultUnixAddr, defaultAddr, addr string) (string, error) {
addr = strings.TrimSpace(addr) addr = strings.TrimSpace(addr)
if addr == "" { if addr == "" {
if defaultAddr == defaultTLSHost {
return defaultTLSHost, nil
}
if runtime.GOOS != "windows" { if runtime.GOOS != "windows" {
return fmt.Sprintf("unix://%s", defaultUnixAddr), nil return fmt.Sprintf("unix://%s", defaultUnixAddr), nil
} }

29
pkg/parsers/parsers_test.go
View file

@ -9,9 +9,10 @@ import (
func TestParseDockerDaemonHost(t *testing.T) { func TestParseDockerDaemonHost(t *testing.T) {
var ( var (
defaultHTTPHost = "tcp://127.0.0.1:2376" defaultHTTPHost = "tcp://localhost:2375"
defaultUnix = "/var/run/docker.sock" defaultHTTPSHost = "tcp://localhost:2376"
defaultHOST = "unix:///var/run/docker.sock" defaultUnix = "/var/run/docker.sock"
defaultHOST = "unix:///var/run/docker.sock"
) )
if runtime.GOOS == "windows" { if runtime.GOOS == "windows" {
defaultHOST = defaultHTTPHost defaultHOST = defaultHTTPHost
@ -28,37 +29,37 @@ func TestParseDockerDaemonHost(t *testing.T) {
"fd": "Invalid bind address format: fd", "fd": "Invalid bind address format: fd",
} }
valids := map[string]string{ valids := map[string]string{
"0.0.0.1:": "tcp://0.0.0.1:2376", "0.0.0.1:": "tcp://0.0.0.1:2375",
"0.0.0.1:5555": "tcp://0.0.0.1:5555", "0.0.0.1:5555": "tcp://0.0.0.1:5555",
"0.0.0.1:5555/path": "tcp://0.0.0.1:5555/path", "0.0.0.1:5555/path": "tcp://0.0.0.1:5555/path",
"[::1]:": "tcp://[::1]:2376", "[::1]:": "tcp://[::1]:2375",
"[::1]:5555/path": "tcp://[::1]:5555/path", "[::1]:5555/path": "tcp://[::1]:5555/path",
"[0:0:0:0:0:0:0:1]:": "tcp://[0:0:0:0:0:0:0:1]:2376", "[0:0:0:0:0:0:0:1]:": "tcp://[0:0:0:0:0:0:0:1]:2375",
"[0:0:0:0:0:0:0:1]:5555/path": "tcp://[0:0:0:0:0:0:0:1]:5555/path", "[0:0:0:0:0:0:0:1]:5555/path": "tcp://[0:0:0:0:0:0:0:1]:5555/path",
":6666": "tcp://127.0.0.1:6666", ":6666": "tcp://localhost:6666",
":6666/path": "tcp://127.0.0.1:6666/path", ":6666/path": "tcp://localhost:6666/path",
"": defaultHOST, "": defaultHOST,
" ": defaultHOST, " ": defaultHOST,
" ": defaultHOST, " ": defaultHOST,
"tcp://": defaultHTTPHost, "tcp://": defaultHTTPHost,
"tcp://:7777": "tcp://127.0.0.1:7777", "tcp://:7777": "tcp://localhost:7777",
"tcp://:7777/path": "tcp://127.0.0.1:7777/path", "tcp://:7777/path": "tcp://localhost:7777/path",
" tcp://:7777/path ": "tcp://127.0.0.1:7777/path", " tcp://:7777/path ": "tcp://localhost:7777/path",
"unix:///run/docker.sock": "unix:///run/docker.sock", "unix:///run/docker.sock": "unix:///run/docker.sock",
"unix://": "unix:///var/run/docker.sock", "unix://": "unix:///var/run/docker.sock",
"fd://": "fd://", "fd://": "fd://",
"fd://something": "fd://something", "fd://something": "fd://something",
"localhost:": "tcp://localhost:2376", "localhost:": "tcp://localhost:2375",
"localhost:5555": "tcp://localhost:5555", "localhost:5555": "tcp://localhost:5555",
"localhost:5555/path": "tcp://localhost:5555/path", "localhost:5555/path": "tcp://localhost:5555/path",
} }
for invalidAddr, expectedError := range invalids { for invalidAddr, expectedError := range invalids {
if addr, err := ParseDockerDaemonHost(defaultHTTPHost, defaultUnix, invalidAddr); err == nil || err.Error() != expectedError { if addr, err := ParseDockerDaemonHost(defaultHTTPHost, defaultHTTPSHost, defaultUnix, "", invalidAddr); err == nil || err.Error() != expectedError {
t.Errorf("tcp %v address expected error %v return, got %s and addr %v", invalidAddr, expectedError, err, addr) t.Errorf("tcp %v address expected error %v return, got %s and addr %v", invalidAddr, expectedError, err, addr)
} }
} }
for validAddr, expectedAddr := range valids { for validAddr, expectedAddr := range valids {
if addr, err := ParseDockerDaemonHost(defaultHTTPHost, defaultUnix, validAddr); err != nil || addr != expectedAddr { if addr, err := ParseDockerDaemonHost(defaultHTTPHost, defaultHTTPSHost, defaultUnix, "", validAddr); err != nil || addr != expectedAddr {
t.Errorf("%v -> expected %v, got (%v) addr (%v)", validAddr, expectedAddr, err, addr) t.Errorf("%v -> expected %v, got (%v) addr (%v)", validAddr, expectedAddr, err, addr)
} }
} }