Skip to content
This repository was archived by the owner on Sep 12, 2024. It is now read-only.

TLS support for docker endpoint #42

Open
kasra73 wants to merge 7 commits into
base: master
Choose a base branch
from
Open

TLS support for docker endpoint #42

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
53b22fc
WIP: first step for TLS support
kasra73 Mar 5, 2020
135099f
check existance of docker cert files & enable tls
kasra73 Mar 5, 2020
3944910
remove unused import
kasra73 Mar 5, 2020
7cc992d
fix tests to match new docker config style
kasra73 Mar 7, 2020
647481d
fix two other tests for docker new client config style
kasra73 Mar 7, 2020
461e974
fix file format
kasra73 Mar 7, 2020
68129be
Merge branch 'master' of https://github.com/tsuru/bs
kasra73 Jan 4, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 38 additions & 2 deletions config/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,17 @@ const (
DefaultDockerEndpoint = "unix:///var/run/docker.sock"
)

// DockerConfig is container for Endpoint and tls config
type DockerConfig struct {
Endpoint string
UseTLS bool
CertFile string
KeyFile string
CaFile string
}

var Config struct {
DockerEndpoint string
DockerClientInfo *DockerConfig
TsuruEndpoint string
TsuruToken string
MetricsInterval time.Duration
Expand All @@ -42,7 +51,8 @@ func init() {

func LoadConfig() {
bslog.Debug, _ = strconv.ParseBool(os.Getenv("BS_DEBUG"))
Config.DockerEndpoint = StringEnvOrDefault(DefaultDockerEndpoint, "DOCKER_ENDPOINT")
var dockerEndpoint = StringEnvOrDefault(DefaultDockerEndpoint, "DOCKER_ENDPOINT")
Config.DockerClientInfo = loadDockerConfig(dockerEndpoint)
Config.TsuruEndpoint = os.Getenv("TSURU_ENDPOINT")
Config.TsuruToken = os.Getenv("TSURU_TOKEN")
Config.SyslogListenAddress = os.Getenv("SYSLOG_LISTEN_ADDRESS")
Expand All @@ -56,6 +66,25 @@ func LoadConfig() {
Config.MetricsEnableHost = BoolEnvOrDefault(true, "METRICS_ENABLE_HOST")
}

func loadDockerConfig(dockerEndpoint string) *DockerConfig {
var config = &DockerConfig{
Endpoint: dockerEndpoint,
UseTLS: false,
CertFile: "/docker-certs/cert.pem",
KeyFile: "/docker-certs/key.pem",
CaFile: "/docker-certs/ca.pem",
}
if strings.HasPrefix(dockerEndpoint, "https:") {
if fileAvailable(config.CertFile) && fileAvailable(config.KeyFile) && fileAvailable(config.CaFile) {
bslog.Debugf("Docker cert files found. Configuring TLS support.")
config.UseTLS = true
} else {
bslog.Warnf("A valid certificate is required for using https schema without cert files.")
}
}
return config
}

func envOrDefault(convert func(string) interface{}, defaultValue interface{}, envs ...string) interface{} {
for i, env := range envs {
val := os.Getenv(env)
Expand Down Expand Up @@ -128,3 +157,10 @@ func SecondsEnvOrDefault(defaultValue float64, envs ...string) time.Duration {
return val
}, defaultValue, envs...).(float64) * float64(time.Second))
}

func fileAvailable(name string) bool {
if _, err := os.Stat(name); err == nil {
return true
}
return false
}
16 changes: 14 additions & 2 deletions config/config_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,13 @@ func (S) TestLoadConfig(c *check.C) {
os.Setenv("SYSLOG_LISTEN_ADDRESS", "udp://0.0.0.0:1514")
os.Setenv("LOG_BACKENDS", "b1, b2 ")
LoadConfig()
c.Check(Config.DockerEndpoint, check.Equals, "http://192.168.50.4:2375")
c.Check(Config.DockerClientInfo, check.DeepEquals, &DockerConfig{
Endpoint: "http://192.168.50.4:2375",
UseTLS: false,
CertFile: "/docker-certs/cert.pem",
KeyFile: "/docker-certs/key.pem",
CaFile: "/docker-certs/ca.pem",
})
c.Check(Config.TsuruEndpoint, check.Equals, "http://192.168.50.4:8080")
c.Check(Config.TsuruToken, check.Equals, "sometoken")
c.Check(Config.StatusInterval, check.Equals, time.Duration(45e9))
Expand All @@ -49,7 +55,13 @@ func (S) TestLoadConfigInvalidDuration(c *check.C) {
os.Setenv("STATUS_INTERVAL", "four")
os.Setenv("HOST_PROC", "/prochost")
LoadConfig()
c.Check(Config.DockerEndpoint, check.Equals, "http://192.168.50.4:2375")
c.Check(Config.DockerClientInfo, check.DeepEquals, &DockerConfig{
Endpoint: "http://192.168.50.4:2375",
UseTLS: false,
CertFile: "/docker-certs/cert.pem",
KeyFile: "/docker-certs/key.pem",
CaFile: "/docker-certs/ca.pem",
})
c.Check(Config.TsuruEndpoint, check.Equals, "http://192.168.50.4:8080")
c.Check(Config.TsuruToken, check.Equals, "sometoken")
c.Check(Config.StatusInterval, check.Equals, time.Duration(60e9))
Expand Down
15 changes: 11 additions & 4 deletions container/container.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ import (
"strings"
"time"

"github.com/tsuru/bs/config"

docker "github.com/fsouza/go-dockerclient"
lru "github.com/hashicorp/golang-lru"
"github.com/tsuru/bs/bslog"
Expand All @@ -31,7 +33,7 @@ var (
const containerIDTrimSize = 12

type InfoClient struct {
endpoint string
dockerInfo *config.DockerConfig
client *docker.Client
containerCache *lru.Cache

Expand All @@ -55,14 +57,19 @@ const (
fullTimeout = 1 * time.Minute
)

func NewClient(endpoint string) (*InfoClient, error) {
c := InfoClient{endpoint: endpoint}
func NewClient(dockerInfo *config.DockerConfig) (*InfoClient, error) {
c := InfoClient{dockerInfo: dockerInfo}
var err error
c.containerCache, err = lru.New(100)
if err != nil {
return nil, err
}
c.client, err = docker.NewClient(endpoint)
if dockerInfo.UseTLS {
c.client, err = docker.NewTLSClient(dockerInfo.Endpoint, dockerInfo.CertFile,
dockerInfo.KeyFile, dockerInfo.CaFile)
} else {
c.client, err = docker.NewClient(dockerInfo.Endpoint)
}
if err != nil {
return nil, err
}
Expand Down
32 changes: 25 additions & 7 deletions container/container_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import (

docker "github.com/fsouza/go-dockerclient"
dTesting "github.com/fsouza/go-dockerclient/testing"
"github.com/tsuru/bs/config"
"gopkg.in/check.v1"
)

Expand All @@ -22,6 +23,16 @@ func Test(t *testing.T) {

type S struct{}

func createDockerConfig(url string) *config.DockerConfig {
return &config.DockerConfig{
Endpoint: url,
UseTLS: false,
CertFile: "/docker-certs/cert.pem",
KeyFile: "/docker-certs/key.pem",
CaFile: "/docker-certs/ca.pem",
}
}

func createContainer(c *check.C, url string, envs []string, labels map[string]string, name string) string {
dockerClient, err := docker.NewClient(url)
c.Assert(err, check.IsNil)
Expand All @@ -48,7 +59,8 @@ func (S) TestInfoClientGetContainer(c *check.C) {
})
c.Assert(err, check.IsNil)
id := createContainer(c, dockerServer.URL(), []string{"TSURU_PROCESSNAME=procx", "TSURU_APPNAME=coolappname"}, nil, "myContName")
client, err := NewClient(dockerServer.URL())
dockerConfig := createDockerConfig(dockerServer.URL())
client, err := NewClient(dockerConfig)
c.Assert(err, check.IsNil)
cont, err := client.GetContainer(id, true, []string{})
c.Assert(err, check.IsNil)
Expand Down Expand Up @@ -81,7 +93,8 @@ func (S) TestInfoClientGetContainerNonApp(c *check.C) {
})
c.Assert(err, check.IsNil)
id := createContainer(c, dockerServer.URL(), nil, nil, "myContName")
client, err := NewClient(dockerServer.URL())
dockerConfig := createDockerConfig(dockerServer.URL())
client, err := NewClient(dockerConfig)
c.Assert(err, check.IsNil)
cont, err := client.GetContainer(id, true, []string{})
c.Assert(err, check.IsNil)
Expand All @@ -100,7 +113,8 @@ func (S) TestInfoClientGetAppContainer(c *check.C) {
})
c.Assert(err, check.IsNil)
id := createContainer(c, dockerServer.URL(), []string{"TSURU_APPNAME=coolappname"}, nil, "myContName")
client, err := NewClient(dockerServer.URL())
dockerConfig := createDockerConfig(dockerServer.URL())
client, err := NewClient(dockerConfig)
c.Assert(err, check.IsNil)
cont, err := client.GetAppContainer(id, true)
c.Assert(err, check.IsNil)
Expand Down Expand Up @@ -161,7 +175,8 @@ func (S) TestInfoClientGetContainerRequiredEnv(c *check.C) {
dockerServer, err := dTesting.NewServer("127.0.0.1:0", nil, nil)
c.Assert(err, check.IsNil)
id := createContainer(c, dockerServer.URL(), []string{"MONITORED=1"}, nil, "myContName")
client, err := NewClient(dockerServer.URL())
dockerConfig := createDockerConfig(dockerServer.URL())
client, err := NewClient(dockerConfig)
c.Assert(err, check.IsNil)
_, err = client.GetContainer(id, true, []string{"NOTMONITORED"})
c.Assert(err, check.Equals, ErrTsuruVariablesNotFound)
Expand All @@ -173,7 +188,8 @@ func (S) TestInfoClientGetContainerRequiredEnv(c *check.C) {
func (S) TestInfoClientGetContainerNotFound(c *check.C) {
dockerServer, err := dTesting.NewServer("127.0.0.1:0", nil, nil)
c.Assert(err, check.IsNil)
client, err := NewClient(dockerServer.URL())
dockerConfig := createDockerConfig(dockerServer.URL())
client, err := NewClient(dockerConfig)
c.Assert(err, check.IsNil)
_, err = client.GetContainer("xxxxxx", true, []string{"TSURU_APPNAME"})
c.Assert(err, check.ErrorMatches, "No such container: xxxxxx")
Expand All @@ -183,7 +199,8 @@ func (S) TestContainerHasEnvs(c *check.C) {
dockerServer, err := dTesting.NewServer("127.0.0.1:0", nil, nil)
id := createContainer(c, dockerServer.URL(), []string{"TSURU_APPNAME=coolappname"}, nil, "myContName")
c.Assert(err, check.IsNil)
client, err := NewClient(dockerServer.URL())
dockerConfig := createDockerConfig(dockerServer.URL())
client, err := NewClient(dockerConfig)
c.Assert(err, check.IsNil)
cont, err := client.GetAppContainer(id, false)
c.Assert(err, check.IsNil)
Expand All @@ -199,7 +216,8 @@ func (S) TestContainerIsIsolated(c *check.C) {
id3 := createContainer(c, dockerServer.URL(), []string{"TSURU_APPNAME=coolappname"}, map[string]string{"tsuru.io/is-isolated-run": "true"}, "withTsuruIOLabel")
id4 := createContainer(c, dockerServer.URL(), []string{"TSURU_APPNAME=coolappname"}, nil, "withoutLabel")
c.Assert(err, check.IsNil)
client, err := NewClient(dockerServer.URL())
dockerConfig := createDockerConfig(dockerServer.URL())
client, err := NewClient(dockerConfig)
c.Assert(err, check.IsNil)
cont1, err := client.GetAppContainer(id1, false)
c.Assert(err, check.IsNil)
Expand Down
20 changes: 10 additions & 10 deletions log/log.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,14 +36,14 @@ var (
type LogMessage interface{}

type LogForwarder struct {
BindAddress string
DockerEndpoint string
EnabledBackends []string
infoClient *container.InfoClient
server *syslog.Server
backends []logBackend
formatter *LenientFormat
kubeStreamer *kubernetesLogStreamer
BindAddress string
DockerClientInfo *config.DockerConfig
EnabledBackends []string
infoClient *container.InfoClient
server *syslog.Server
backends []logBackend
formatter *LenientFormat
kubeStreamer *kubernetesLogStreamer
}

type forwarderBackend interface {
Expand Down Expand Up @@ -142,9 +142,9 @@ func (l *LogForwarder) Start() (err error) {
if len(l.backends) == 0 {
bslog.Warnf("no log backend enabled, discarding all received log messages.")
}
l.infoClient, err = container.NewClient(l.DockerEndpoint)
l.infoClient, err = container.NewClient(l.DockerClientInfo)
if err != nil {
err = fmt.Errorf("unable to initialize docker client %s: %s", l.DockerEndpoint, err)
err = fmt.Errorf("unable to initialize docker client %s: %s", l.DockerClientInfo.Endpoint, err)
return
}
l.formatter = &LenientFormat{}
Expand Down
Loading