kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-06 18:35:44 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #480 from hashicorp/f-docker-tls-config

Browse Source 
Added docker.tls config file options and docs
This commit is contained in:
Chris Bednarski
2015-11-20 16:31:41 -08:00
parent b0fe212a01 2970006488
commit 5f719161de
2 changed files with 34 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
client/driver/docker.go
View File

@@ -90,9 +90,20 @@ func (d *DockerDriver) dockerClient() (*docker.Client, error) {
// but also accept the standard ENV configs for dev and test.
dockerEndpoint := d.config.Read("docker.endpoint")
if dockerEndpoint != "" {
return docker.NewClient(dockerEndpoint)
cert := d.config.Read("docker.tls.cert")
key := d.config.Read("docker.tls.key")
ca := d.config.Read("docker.tls.ca")
if cert+key+ca != "" {
d.logger.Printf("[DEBUG] driver.docker: using TLS client connection to %s", dockerEndpoint)
return docker.NewTLSClient(dockerEndpoint, cert, key, ca)
} else {
d.logger.Printf("[DEBUG] driver.docker: using standard client connection to %s", dockerEndpoint)
return docker.NewClient(dockerEndpoint)
}
}
d.logger.Println("[DEBUG] driver.docker: using client connection initialized from environment")
return docker.NewClientFromEnv()
}

24
website/source/docs/drivers/docker.html.md
View File

@@ -225,6 +225,21 @@ The `docker` driver has the following host-level configuration options:
to customize this if you use a non-standard socket (http or another
location).
* `docker.tls.cert` - Path to the server's certificate file (`.pem`). Specify
this along with `docker.tls.key` and `docker.tls.ca` to use a TLS client to
connect to the docker daemon. `docker.endpoint` must also be specified or
this setting will be ignored.
* `docker.tls.key` - Path to the client's private key (`.pem`). Specify this
along with `docker.tls.cert` and `docker.tls.ca` to use a TLS client to
connect to the docker daemon. `docker.endpoint` must also be specified or
this setting will be ignored.
* `docker.tls.ca` - Path to the server's CA file (`.pem`). Specify this along
with `docker.tls.cert` and `docker.tls.key` to use a TLS client to connect to
the docker daemon. `docker.endpoint` must also be specified or this setting
will be ignored.
* `docker.cleanup.container` Defaults to `true`. Changing this to `false` will
prevent Nomad from removing containers from stopped tasks.
@@ -236,9 +251,14 @@ The `docker` driver has the following host-level configuration options:
access to the host's devices. Note that you must set a similar setting on the
Docker daemon for this to work.
cert := d.config.Read("docker.tls.cert")
key := d.config.Read("docker.tls.key")
ca := d.config.Read("docker.tls.ca")
Note: When testing or using the `-dev` flag you can use `DOCKER_HOST`,
`DOCKER_TLS_VERIFY`, and `DOCKER_CERT_PATH` to customize Nomad's behavior. In
production Nomad will always read `docker.endpoint`.
`DOCKER_TLS_VERIFY`, and `DOCKER_CERT_PATH` to customize Nomad's behavior. If
`docker.endpoint` is set Nomad will **only** read client configuration from the
config filie.
## Agent Attributes