Mac OSX系统 Docker启用Docker远程API功能
在mac osx系统的docker机上启用docker远程api功能
docker守护进程提供了一套远程rest api,具体可以参考文档:
https://docs.docker.com/engine/reference/api/docker_remote_api/
这套api是提供给客户端与docker引擎通信时使用,这套api也可以由其他工具调用,比如curl或chrome浏览器的postman rest客户端工具。
如果是在mac osx mavericks系统上使用docker机创建docker守护进程,那么要启用docker远程api功能需要一定的技巧。下面一一道来。
可以使用curl工具连接到安全的docker端口,命令如下:
$ curl https://$host:2376/images/json --cert ~/.docker/cert.pem --key ~/.docker/key.pem --cacert ~/.docker/ca.pem
此命令存在一定的问题。主要有:
1)命令可能不工作,因为每一个docker机的证书存储在.docker/machine/machines/目录。
2)即使命令根据路径做了修改,比如:
curl https://192.168.99.100:2376/images/json --cert $docker_cert_path/cert.pem --key $docker_cert_path/key.pem --cacert $docker_cert_path/ca.pem
执行命令仍然会得到错误信息:
curl: (58) ssl: can't load the certificate "/users/arungupta/.docker/machine/machines/couchbase/cert.pem" and its private key: osstatus -25299
解决方法是需要更新curl工具。总的来说,最新版的curl工具使用了apple的安全传输层api(secure transport api),取代了原先的openssl api。这意味着证书必须是p12格式。
下面可以这样修复命令:
1)进入docker机存放证书的目录,比如.docker/machine/machines/couchbase目录
2)生成*.p12格式的证书
openssl pkcs12 -export -inkey key.pem -in cert.pem -cafile ca.pem -chain -name client-side -out cert.p12 -password pass:mypass
现在可以调用rest api了:
curl https://192.168.99.100:2376/images/json --cert $docker_cert_path/cert.p12 --pass mypass --key $docker_cert_path/key.pem --cacert $docker_cert_path/ca.pem
注意,–cert参数现在指向了生成的p12证书,证书的密码使用–pass参数进行指定。
然后会得到如下结果:
[{"id":"sha256:d38beda529d3274636d6cb1c9000afe4f00fbdcfa544140d6cc0f5d7f5b8434a","parentid":"",
"repotags":["arungupta/couchbase:latest"],"repodigests":null,"created":1450330075,"size":374824677,
"virtualsize":374824677,"labels":{}}]
现在可以尝试启动couchbase服务器:
~ > docker run -d -p 8091-8093:8091-8093 -p 11210:11210 arungupta/couchbase 42d1414883affd0fbb272cb1378c2f6b5118acf3ed5cb60cbecdc42f95602e3e
再调用另一个rest api来查看容器的细节内容:
~ > curl https://192.168.99.100:2376/containers/json --cert $docker_cert_path/cert2.p12 --pass mypass --key $docker_cert_path/key.pem --cacert $docker_cert_path/ca.pem
[{"id":"42d1414883affd0fbb272cb1378c2f6b5118acf3ed5cb60cbecdc42f95602e3e","names":["/admiring_pike"],"image":"arungupta/couchbase","imageid":"sha256:d38beda529d3274636d6cb1c9000afe4f00fbdcfa544140d6cc0f5d7f5b8434a","command":"/entrypoint.sh /opt/couchbase/configure-cluster.sh","created":1454850194,"ports":[{"ip":"0.0.0.0","privateport":8092,"publicport":8092,"type":"tcp"},{"privateport":11207,"type":"tcp"},{"ip":"0.0.0.0","privateport":11210,"publicport":11210,"type":"tcp"},{"privateport":18092,"type":"tcp"},{"privateport":18091,"type":"tcp"},{"ip":"0.0.0.0","privateport":8093,"publicport":8093,"type":"tcp"},{"ip":"0.0.0.0","privateport":8091,"publicport":8091,"type":"tcp"},{"privateport":11211,"type":"tcp"}],"labels":{},"status":"up 2 seconds","hostconfig":{"networkmode":"default"},"networksettings":{"networks":{"bridge":{"ipamconfig":null,"links":null,"aliases":null,"networkid":"","endpointid":"6feaf4c1c70feaf0ba240ce55fb58ce83ebb84c8098bef9171998e84f607fa0b","gateway":"172.17.0.1","ipaddress":"172.17.0.2","ipprefixlen":16,"ipv6gateway":"","globalipv6address":"","globalipv6prefixlen":0,"macaddress":"02:42:ac:11:00:02"}}}}]
感谢阅读,希望能帮助到大家,谢谢大家对本站的 支持!
下一篇: 威德尔海在哪里?威德尔海为什么那么可怕?