欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  网络运营

Mac OSX系统 Docker启用Docker远程API功能

程序员文章站 2022-10-14 12:19:18
在mac osx系统的docker机上启用docker远程api功能 docker守护进程提供了一套远程rest api,具体可以参考文档: https://docs....

在mac osx系统的docker机上启用docker远程api功能

docker守护进程提供了一套远程rest api,具体可以参考文档:

https://docs.docker.com/engine/reference/api/docker_remote_api/

这套api是提供给客户端与docker引擎通信时使用,这套api也可以由其他工具调用,比如curl或chrome浏览器的postman rest客户端工具。

如果是在mac osx mavericks系统上使用docker机创建docker守护进程,那么要启用docker远程api功能需要一定的技巧。下面一一道来。

可以使用curl工具连接到安全的docker端口,命令如下:

$ curl https://$host:2376/images/json 
 --cert ~/.docker/cert.pem 
 --key ~/.docker/key.pem 
 --cacert ~/.docker/ca.pem

此命令存在一定的问题。主要有:

1)命令可能不工作,因为每一个docker机的证书存储在.docker/machine/machines/目录。
2)即使命令根据路径做了修改,比如:

curl https://192.168.99.100:2376/images/json --cert $docker_cert_path/cert.pem --key $docker_cert_path/key.pem --cacert $docker_cert_path/ca.pem

执行命令仍然会得到错误信息:

curl: (58) ssl: can't load the certificate "/users/arungupta/.docker/machine/machines/couchbase/cert.pem" and its private key: osstatus -25299

解决方法是需要更新curl工具。总的来说,最新版的curl工具使用了apple的安全传输层api(secure transport api),取代了原先的openssl api。这意味着证书必须是p12格式。

下面可以这样修复命令:

1)进入docker机存放证书的目录,比如.docker/machine/machines/couchbase目录
2)生成*.p12格式的证书

openssl pkcs12 -export 
-inkey key.pem 
-in cert.pem 
-cafile ca.pem 
-chain 
-name client-side 
-out cert.p12 
-password pass:mypass

现在可以调用rest api了:

curl https://192.168.99.100:2376/images/json --cert $docker_cert_path/cert.p12 --pass mypass --key $docker_cert_path/key.pem --cacert $docker_cert_path/ca.pem

注意,–cert参数现在指向了生成的p12证书,证书的密码使用–pass参数进行指定。

然后会得到如下结果:

[{"id":"sha256:d38beda529d3274636d6cb1c9000afe4f00fbdcfa544140d6cc0f5d7f5b8434a","parentid":"",
"repotags":["arungupta/couchbase:latest"],"repodigests":null,"created":1450330075,"size":374824677,
"virtualsize":374824677,"labels":{}}]

现在可以尝试启动couchbase服务器:

~ > docker run -d -p 8091-8093:8091-8093 -p 11210:11210 arungupta/couchbase
42d1414883affd0fbb272cb1378c2f6b5118acf3ed5cb60cbecdc42f95602e3e

再调用另一个rest api来查看容器的细节内容:

~ > curl https://192.168.99.100:2376/containers/json --cert $docker_cert_path/cert2.p12 --pass mypass --key $docker_cert_path/key.pem --cacert $docker_cert_path/ca.pem
[{"id":"42d1414883affd0fbb272cb1378c2f6b5118acf3ed5cb60cbecdc42f95602e3e","names":["/admiring_pike"],"image":"arungupta/couchbase","imageid":"sha256:d38beda529d3274636d6cb1c9000afe4f00fbdcfa544140d6cc0f5d7f5b8434a","command":"/entrypoint.sh /opt/couchbase/configure-cluster.sh","created":1454850194,"ports":[{"ip":"0.0.0.0","privateport":8092,"publicport":8092,"type":"tcp"},{"privateport":11207,"type":"tcp"},{"ip":"0.0.0.0","privateport":11210,"publicport":11210,"type":"tcp"},{"privateport":18092,"type":"tcp"},{"privateport":18091,"type":"tcp"},{"ip":"0.0.0.0","privateport":8093,"publicport":8093,"type":"tcp"},{"ip":"0.0.0.0","privateport":8091,"publicport":8091,"type":"tcp"},{"privateport":11211,"type":"tcp"}],"labels":{},"status":"up 2 seconds","hostconfig":{"networkmode":"default"},"networksettings":{"networks":{"bridge":{"ipamconfig":null,"links":null,"aliases":null,"networkid":"","endpointid":"6feaf4c1c70feaf0ba240ce55fb58ce83ebb84c8098bef9171998e84f607fa0b","gateway":"172.17.0.1","ipaddress":"172.17.0.2","ipprefixlen":16,"ipv6gateway":"","globalipv6address":"","globalipv6prefixlen":0,"macaddress":"02:42:ac:11:00:02"}}}}]




感谢阅读,希望能帮助到大家,谢谢大家对本站的 支持!