From 1343e481f35e8ff01e516f6049d5f198efbf55b5 Mon Sep 17 00:00:00 2001 From: Diptanu Choudhury Date: Sat, 6 Feb 2016 05:43:30 -0800 Subject: [PATCH 1/3] Reading dockercfg files for authenticating with private registries --- client/driver/docker.go | 12 ++++++++++++ website/source/docs/drivers/docker.html.md | 3 +++ 2 files changed, 15 insertions(+) diff --git a/client/driver/docker.go b/client/driver/docker.go index ba2d494074e..a68b2dff6d1 100644 --- a/client/driver/docker.go +++ b/client/driver/docker.go @@ -5,6 +5,7 @@ import ( "fmt" "log" "net" + "os" "path/filepath" "strconv" "strings" @@ -441,6 +442,17 @@ func (d *DockerDriver) Start(ctx *ExecContext, task *structs.Task) (DriverHandle } } + if authConfig := d.config.Read("docker.auth_config"); authConfig != "" { + if f, err := os.Open(authConfig); err == nil { + defer f.Close() + if authConfigurations, err := docker.NewAuthConfigurations(f); err == nil { + if authConfiguration, ok := authConfigurations.Configs[repo]; ok { + authOptions = authConfiguration + } + } + } + } + err = client.PullImage(pullOptions, authOptions) if err != nil { d.logger.Printf("[ERR] driver.docker: failed pulling container %s:%s: %s", repo, tag, err) diff --git a/website/source/docs/drivers/docker.html.md b/website/source/docs/drivers/docker.html.md index 140522b1560..dc475e31100 100644 --- a/website/source/docs/drivers/docker.html.md +++ b/website/source/docs/drivers/docker.html.md @@ -247,6 +247,9 @@ The `docker` driver has the following host-level configuration options: to customize this if you use a non-standard socket (http or another location). +* `docker.auth_config` - Allows an operator to specify a json file which is in + the dockercfg format containing authentication information for private registry. + * `docker.tls.cert` - Path to the server's certificate file (`.pem`). Specify this along with `docker.tls.key` and `docker.tls.ca` to use a TLS client to connect to the docker daemon. `docker.endpoint` must also be specified or From c4fd2360261fd6199af97e0fbcd83d2eb0ba6a67 Mon Sep 17 00:00:00 2001 From: Diptanu Choudhury Date: Sat, 6 Feb 2016 05:47:56 -0800 Subject: [PATCH 2/3] Updated the docker auth config --- client/driver/docker.go | 2 +- website/source/docs/drivers/docker.html.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/client/driver/docker.go b/client/driver/docker.go index a68b2dff6d1..c50c2b3d8b9 100644 --- a/client/driver/docker.go +++ b/client/driver/docker.go @@ -442,7 +442,7 @@ func (d *DockerDriver) Start(ctx *ExecContext, task *structs.Task) (DriverHandle } } - if authConfig := d.config.Read("docker.auth_config"); authConfig != "" { + if authConfig := d.config.Read("docker.auth.config"); authConfig != "" { if f, err := os.Open(authConfig); err == nil { defer f.Close() if authConfigurations, err := docker.NewAuthConfigurations(f); err == nil { diff --git a/website/source/docs/drivers/docker.html.md b/website/source/docs/drivers/docker.html.md index dc475e31100..d964a78df23 100644 --- a/website/source/docs/drivers/docker.html.md +++ b/website/source/docs/drivers/docker.html.md @@ -247,7 +247,7 @@ The `docker` driver has the following host-level configuration options: to customize this if you use a non-standard socket (http or another location). -* `docker.auth_config` - Allows an operator to specify a json file which is in +* `docker.auth.config` - Allows an operator to specify a json file which is in the dockercfg format containing authentication information for private registry. * `docker.tls.cert` - Path to the server's certificate file (`.pem`). Specify From 5200c107fd31989d6f1c70f6b6a3764e3d3507cc Mon Sep 17 00:00:00 2001 From: Diptanu Choudhury Date: Sat, 6 Feb 2016 18:03:28 -0800 Subject: [PATCH 3/3] Updated the changelog --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 75b6cc33cb6..9de6b75920a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -34,6 +34,8 @@ IMPROVEMENTS: * drivers: Interpret Nomad variables in environment variables/args [GH-653] * driver/rkt: Add support for CPU/Memory isolation [GH-610] * driver/rkt: Add support for mounting alloc/task directory [GH-645] + * driver/docker: Support for .dockercfg based auth for private registries + [GH-773] BUG FIXES: * core: Node drain could only be partially applied [GH-750]