Docker Beginner's introduction to the eight: Docker API detailed

Reproduced in the process, the picture is missing, the code shows confusion.

For better learning content, please visit the original version:

https://www.missshi.cn/api/view/blog/5a63285f0a745f6335000008

Ps: Initial access due to the large JS file, please wait patiently (5s or so)

The Docker itself provides powerful API functionality. We can manage the Docker service by accessing the Docker API. In this chapter, we'll learn how to use the Docker API and how to use the Docker API more efficiently in Python. Docker API

In Docker ecosystems, there are three Api:reistry APIs: functions related to the registry of storing Docker mirrors. Docker Hub API: Features associated with the Docker hub Docker Remote API: Functions related to the Docker daemon.

Among them, the Docker Remote API is the most frequently used API type, and later we will also explain to this kind of API. Start remote API

Remote APIs are primarily used to remotely access the Docker daemon to release instructions.
Therefore, when we start the Docker daemon, we need to add the-h parameter and specify the open access port.
Typically, we can do this by editing the daemon's configuration file.
However, for different operating systems, the daemon boot configuration file is not the same: Ubuntu system:/etc/default/docker file CentOS system:/etc/sysconfig/docker file

At the end of the configuration file, add the following:

options= '-h=tcp://0.0.0.0:2375-h unix:///var/run/docker.sock '

After the modifications are completed, execute the following command to restart the Docker daemon:

Systemctl stop Docker Systemctl start Docker

At this point, we can perform the following command on the other machine to test:

Docker-h example.com:2375 Info

Testing Remote APIs

In the previous experiment, we have identified connectivity with the Docker daemon.
Next, we'll use some remote APIs.

Curl Http://example.com:2375/info

From the return result, we can get similar data in JSON format when Docker info. managing Docker mirroring through APIs

Call the/images/json interface to get a mirrored list:

Curl Http://example.com:2375/images/json | Python-mjson.tool

Ps: The JSON data can be formatted and displayed through Python-mjson.tool. managing Docker containers through APIs

Call the/containers/json interface to get a list of the containers that are running:

Curl Http://example.com:2375/containers/json | Python-mjson.tool

If you want to query all containers (including containers that are not running), you can call the following interfaces:

Curl Http://example.com:2375/containers/json?all=1 | Python-mjson.tool

In addition, we can use/containers/create and/containers/start to create and launch containers to achieve the function of Docker run.
But here, we do not expand the description of it. This is a much more convenient and powerful way to use Python to invoke the remote API, as it is later in this article. authenticate the Docker Remote API

We have learned that we can control Docker services through the Docker Remote API.
However, the careful classmate should have found that in the process of connecting and there is no certification mechanism.
That is to say, anyone who knows the address and port of the Docker API can be used to control the Docker service, which greatly increases the risk of the service.
Next, we'll learn how to add authentication mechanisms to the Docker Remote API. to create the required CA certificate

Cd/etc/docker OpenSSL genrsa-aes256-out ca-key.pem 4096 # Set Certificate password

After completing this step, we created a Ca-key.pem file. This file is our CA key.
Below, we need to continue to create our CA certificate.

OpenSSL req-new-x509-days 3650-key ca-key.pem-sha256-out CA.PEM # Input A series of related information, can omit the partial direct input. # Country: CN # Province:. # City:. # Company:. # Organization:. # Common Name: Website address # Email adress:. Create a service-side certificate, signature request, and key

# Create certificate OpenSSL genrsa-out server-key.pem 4096 # Set Certificate Password # Create a signature OpenSSL req-sha256-new-key server-key.pem-out Server.cs R