Mac OSX系統 Docker啟用Docker遠程API功能_docker

在Mac OSX系統的Docker機上啟用Docker遠程API功能

Docker守護進程提供了一套遠程REST API，具體可以參考文檔：

https://docs.docker.com/engine/reference/api/docker_remote_api/

這套API是提供給用戶端與Docker引擎通訊時使用，這套API也可以由其他工具調用，比如curl或Chrome瀏覽器的Postman REST用戶端工具。

如果是在Mac OSX Mavericks系統上使用Docker機建立Docker守護進程，那麼要啟用Docker遠程API功能需要一定的技巧。下面一一道來。

可以使用curl工具串連到安全的Docker連接埠，命令如下：

$ curl https://$HOST:2376/images/json  --cert ~/.docker/cert.pem  --key ~/.docker/key.pem  --cacert ~/.docker/ca.pem

此命令存在一定的問題。主要有：

1）命令可能不工作，因為每一個Docker機的憑證存放區在.docker/machine/machines/目錄。
2）即使命令根據路徑做了修改，比如：

curl https://192.168.99.100:2376/images/json --cert $DOCKER_CERT_PATH/cert.pem --key $DOCKER_CERT_PATH/key.pem --cacert $DOCKER_CERT_PATH/ca.pem

執行命令仍然會得到錯誤資訊：

curl: (58) SSL: Can't load the certificate "/Users/arungupta/.docker/machine/machines/couchbase/cert.pem" and its private key: OSStatus -25299

解決方案是需要更新curl工具。總的來說，最新版的curl工具使用了Apple的安全傳輸層API（Secure Transport API），取代了原先的OpenSSL API。這意味著認證必須是p12格式。

下面可以這樣修複命令：

1）進入Docker機存放認證的目錄，比如.docker/machine/machines/couchbase目錄
2）產生*.p12格式的認證

openssl pkcs12 -export -inkey key.pem -in cert.pem -CAfile ca.pem -chain -name client-side -out cert.p12 -password pass:mypass

現在可以調用REST API了：

curl https://192.168.99.100:2376/images/json --cert $DOCKER_CERT_PATH/cert.p12 --pass mypass --key $DOCKER_CERT_PATH/key.pem --cacert $DOCKER_CERT_PATH/ca.pem

注意，–cert參數現在指向了產生的p12認證，認證的密碼使用–pass參數進行指定。

然後會得到如下結果：

[{"Id":"sha256:d38beda529d3274636d6cb1c9000afe4f00fbdcfa544140d6cc0f5d7f5b8434a","ParentId":"","RepoTags":["arungupta/couchbase:latest"],"RepoDigests":null,"Created":1450330075,"Size":374824677,"VirtualSize":374824677,"Labels":{}}]

現在可以嘗試啟動CouchBase伺服器：

~ > docker run -d -p 8091-8093:8091-8093 -p 11210:11210 arungupta/couchbase42d1414883affd0fbb272cb1378c2f6b5118acf3ed5cb60cbecdc42f95602e3e

再調用另一個REST API來查看容器的細節內容：

~ > curl https://192.168.99.100:2376/containers/json --cert $DOCKER_CERT_PATH/cert2.p12 --pass mypass --key $DOCKER_CERT_PATH/key.pem --cacert $DOCKER_CERT_PATH/ca.pem[{"Id":"42d1414883affd0fbb272cb1378c2f6b5118acf3ed5cb60cbecdc42f95602e3e","Names":["/admiring_pike"],"Image":"arungupta/couchbase","ImageID":"sha256:d38beda529d3274636d6cb1c9000afe4f00fbdcfa544140d6cc0f5d7f5b8434a","Command":"/entrypoint.sh /opt/couchbase/configure-cluster.sh","Created":1454850194,"Ports":[{"IP":"0.0.0.0","PrivatePort":8092,"PublicPort":8092,"Type":"tcp"},{"PrivatePort":11207,"Type":"tcp"},{"IP":"0.0.0.0","PrivatePort":11210,"PublicPort":11210,"Type":"tcp"},{"PrivatePort":18092,"Type":"tcp"},{"PrivatePort":18091,"Type":"tcp"},{"IP":"0.0.0.0","PrivatePort":8093,"PublicPort":8093,"Type":"tcp"},{"IP":"0.0.0.0","PrivatePort":8091,"PublicPort":8091,"Type":"tcp"},{"PrivatePort":11211,"Type":"tcp"}],"Labels":{},"Status":"Up 2 seconds","HostConfig":{"NetworkMode":"default"},"NetworkSettings":{"Networks":{"bridge":{"IPAMConfig":null,"Links":null,"Aliases":null,"NetworkID":"","EndpointID":"6feaf4c1c70feaf0ba240ce55fb58ce83ebb84c8098bef9171998e84f607fa0b","Gateway":"172.17.0.1","IPAddress":"172.17.0.2","IPPrefixLen":16,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"02:42:ac:11:00:02"}}}}]

感謝閱讀，希望能協助到大家，謝謝大家對本站的 支援！