MAC OS X System docker enable Docker remote API functionality _docker

Source: Internet
Author: User
Tags couchbase curl openssl openssl api docker run docker machine


Enable Docker Remote API feature on Mac OS X system's Docker machine



The Docker daemon provides a set of remote rest APIs that can be referenced in documentation:



https://docs.docker.com/engine/reference/api/docker_remote_api/



This API is provided to clients when communicating with the Docker engine, and this API can also be invoked by other tools, such as the Postman Rest Client tool for curl or chrome browsers.



If you are creating the Docker daemon on the Mac OS X Mavericks system using the Docker machine, it requires some skill to enable the Docker Remote API feature. Here are one by one ways to go.



You can use the Curl tool to connect to a secure Docker port with the following commands:


$ curl https://$HOST:2376/images/json 
 --cert ~/.docker/cert.pem 
 --key ~/.docker/key.pem 
 --cacert ~/.docker/ca.pem


There are some problems with this command. The main are:



1 The command may not work because each Docker machine's certificate is stored in the. docker/machine/machines/directory.
2) Even if the command is modified according to the path, for example:



Curl Https://192.168.99.100:2376/images/json--cert $DOCKER _cert_path/cert.pem--key $DOCKER _cert_path/key.pem-- CACert $DOCKER _cert_path/ca.pem



The execution command still gets an error message:



Curl: () Ssl:can ' t load the certificate "/USERS/ARUNGUPTA/.DOCKER/MACHINE/MACHINES/COUCHBASE/CERT.PEM" and its Private key:osstatus-25299



The workaround is to update the Curl tool. In general, the latest version of the Curl tool uses the Secure Transport Layer API (Secure transport API) of Apple to replace the original OpenSSL API. This means that the certificate must be in P12 format.



Here's how to fix the command:



1 Enter the directory where the Docker machine holds certificates, such as. docker/machine/machines/couchbase Directory
2 to generate a certificate in *.P12 format


openssl pkcs12 -export 
-inkey key.pem 
-in cert.pem 
-CAfile ca.pem 
-chain 
-name client-side 
-out cert.p12 
-password pass:mypass


You can now invoke the rest API:



Curl Https://192.168.99.100:2376/images/json--cert $DOCKER _cert_path/cert.p12--pass mypass--key $DOCKER _cert_path/ Key.pem--cacert $DOCKER _cert_path/ca.pem



Note that the –cert parameter now points to the generated P12 certificate, and the password for the certificate is specified using the –pass parameter.



You will then get the following results:


[{"Id": "sha256:d38beda529d3274636d6cb1c9000afe4f00fbdcfa544140d6cc0f5d7f5b8434a", "ParentID": "",
"RepoTags" : ["Arungupta/couchbase:latest"], "repodigests": null, "Created": 1450330075, "Size": 374824677,
"VirtualSize" : 374824677, "Labels": {}}]


You can now try to start the Couchbase server:


~ > Docker run-d-P 8091-8093:8091-8093-p 11210:11210 arungupta/couchbase
42d1414883affd0fbb272cb1378c2f6b5118acf3ed5cb60cbecdc42f95602e3e


Then call another rest API to see the details of the container:


~ > curl https://192.168.99.100:2376/containers/json --cert $DOCKER_CERT_PATH/cert2.p12 --pass mypass --key $DOCKER_CERT_PATH/key.pem --cacert $DOCKER_CERT_PATH/ca.pem
[{"Id":"42d1414883affd0fbb272cb1378c2f6b5118acf3ed5cb60cbecdc42f95602e3e","Names":["/admiring_pike"],"Image":"arungupta/couchbase","ImageID":"sha256:d38beda529d3274636d6cb1c9000afe4f00fbdcfa544140d6cc0f5d7f5b8434a","Command":"/entrypoint.sh /opt/couchbase/configure-cluster.sh","Created":1454850194,"Ports":[{"IP":"0.0.0.0","PrivatePort":8092,"PublicPort":8092,"Type":"tcp"},{"PrivatePort":11207,"Type":"tcp"},{"IP":"0.0.0.0","PrivatePort":11210,"PublicPort":11210,"Type":"tcp"},{"PrivatePort":18092,"Type":"tcp"},{"PrivatePort":18091,"Type":"tcp"},{"IP":"0.0.0.0","PrivatePort":8093,"PublicPort":8093,"Type":"tcp"},{"IP":"0.0.0.0","PrivatePort":8091,"PublicPort":8091,"Type":"tcp"},{"PrivatePort":11211,"Type":"tcp"}],"Labels":{},"Status":"Up 2 seconds","HostConfig":{"NetworkMode":"default"},"NetworkSettings":{"Networks":{"bridge":{"IPAMConfig":null,"Links":null,"Aliases":null,"NetworkID":"","EndpointID":"6feaf4c1c70feaf0ba240ce55fb58ce83ebb84c8098bef9171998e84f607fa0b","Gateway":"172.17.0.1","IPAddress":"172.17.0.2","IPPrefixLen":16,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"02:42:ac:11:00:02"}}}}]


Thank you for reading, I hope to help you, thank you for your   support to this site!


Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.