在Mac OSX系统的Docker机上启用Docker远程API功能

在Mac OSX系统的Docker机上启用Docker远程API功能

作者：chszs，未经博主同意不得转载。经许可的转载需注明作者和博客主页：http://blog.csdn.net/chszs

Docker守护进程提供了一套远程REST API。详细能够參考文档：https://docs.docker.com/engine/reference/api/docker_remote_api/

这套API是提供给client与Docker引擎通信时使用，这套API也能够由其它工具调用，比方curl或Chrome浏览器的Postman RESTclient工具。

假设是在Mac OSX Mavericks系统上使用Docker机创建Docker守护进程，那么要启用Docker远程API功能须要一定的技巧。以下一一道来。

能够使用curl工具连接到安全的Docker端口，命令例如以下：

$ curl https://$HOST:2376/images/json
  --cert ~/.docker/cert.pem
  --key ~/.docker/key.pem
  --cacert ~/.docker/ca.pem

此命令存在一定的问题。主要有：

1）命令可能不工作，由于每个Docker机的证书存储在.docker/machine/machines/文件夹。

2）即使命令依据路径做了改动，比方：

curl https://192.168.99.100:2376/images/json --cert $DOCKER_CERT_PATH/cert.pem --key $DOCKER_CERT_PATH/key.pem --cacert $DOCKER_CERT_PATH/ca.pem

运行命令仍然会得到错误信息：

curl: (58) SSL: Can't load the certificate "/Users/arungupta/.docker/machine/machines/couchbase/cert.pem" and its private key: OSStatus -25299

解决方法是须要更新curl工具。总的来说，最新版的curl工具使用了Apple的安全传输层API（Secure Transport API）。代替了原先的OpenSSL API。

这意味着证书必须是p12格式。

以下能够这样修复命令：

1）进入Docker机存放证书的文件夹。比方.docker/machine/machines/couchbase文件夹

2）生成*.p12格式的证书

openssl pkcs12 -export
-inkey key.pem
-in cert.pem
-CAfile ca.pem
-chain
-name client-side
-out cert.p12
-password pass:mypass

如今能够调用REST API了：

curl https://192.168.99.100:2376/images/json --cert $DOCKER_CERT_PATH/cert.p12 --pass mypass --key $DOCKER_CERT_PATH/key.pem --cacert $DOCKER_CERT_PATH/ca.pem

注意。–cert參数如今指向了生成的p12证书，证书的密码使用–pass參数进行指定。

然后会得到例如以下结果：

[{"Id":"sha256:d38beda529d3274636d6cb1c9000afe4f00fbdcfa544140d6cc0f5d7f5b8434a","ParentId":"","RepoTags":["arungupta/couchbase:latest"],"RepoDigests":null,"Created":1450330075,"Size":374824677,"VirtualSize":374824677,"Labels":{}}]

如今能够尝试启动CouchBaseserver：

~ > docker run -d -p 8091-8093:8091-8093 -p 11210:11210 arungupta/couchbase
42d1414883affd0fbb272cb1378c2f6b5118acf3ed5cb60cbecdc42f95602e3e

再调用还有一个REST API来查看容器的细节内容：

~ > curl https://192.168.99.100:2376/containers/json --cert $DOCKER_CERT_PATH/cert2.p12 --pass mypass --key $DOCKER_CERT_PATH/key.pem --cacert $DOCKER_CERT_PATH/ca.pem
[{"Id":"42d1414883affd0fbb272cb1378c2f6b5118acf3ed5cb60cbecdc42f95602e3e","Names":["/admiring_pike"],"Image":"arungupta/couchbase","ImageID":"sha256:d38beda529d3274636d6cb1c9000afe4f00fbdcfa544140d6cc0f5d7f5b8434a","Command":"/entrypoint.sh /opt/couchbase/configure-cluster.sh","Created":1454850194,"Ports":[{"IP":"0.0.0.0","PrivatePort":8092,"PublicPort":8092,"Type":"tcp"},{"PrivatePort":11207,"Type":"tcp"},{"IP":"0.0.0.0","PrivatePort":11210,"PublicPort":11210,"Type":"tcp"},{"PrivatePort":18092,"Type":"tcp"},{"PrivatePort":18091,"Type":"tcp"},{"IP":"0.0.0.0","PrivatePort":8093,"PublicPort":8093,"Type":"tcp"},{"IP":"0.0.0.0","PrivatePort":8091,"PublicPort":8091,"Type":"tcp"},{"PrivatePort":11211,"Type":"tcp"}],"Labels":{},"Status":"Up 2 seconds","HostConfig":{"NetworkMode":"default"},"NetworkSettings":{"Networks":{"bridge":{"IPAMConfig":null,"Links":null,"Aliases":null,"NetworkID":"","EndpointID":"6feaf4c1c70feaf0ba240ce55fb58ce83ebb84c8098bef9171998e84f607fa0b","Gateway":"172.17.0.1","IPAddress":"172.17.0.2","IPPrefixLen":16,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"02:42:ac:11:00:02"}}}}]