From 0b608e23ea47275f91d2929fa2db1bfb6181d32b Mon Sep 17 00:00:00 2001 From: Diptanu Choudhury Date: Tue, 21 Jun 2016 16:41:14 -0700 Subject: [PATCH 1/2] Making SSL default --- client/driver/docker.go | 44 +++++++++++++++++++++-------------------- 1 file changed, 23 insertions(+), 21 deletions(-) diff --git a/client/driver/docker.go b/client/driver/docker.go index c0ef89ca6a9..f18614084df 100644 --- a/client/driver/docker.go +++ b/client/driver/docker.go @@ -98,15 +98,7 @@ type DockerDriverConfig struct { ShmSize int64 `mapstructure:"shm_size"` // Size of /dev/shm of the container in bytes } -func (c *DockerDriverConfig) Init() error { - if strings.Contains(c.ImageName, "https://") { - c.SSL = true - c.ImageName = strings.Replace(c.ImageName, "https://", "", 1) - } - - return nil -} - +// Validate validates a docker driver config func (c *DockerDriverConfig) Validate() error { if c.ImageName == "" { return fmt.Errorf("Docker Driver needs an image name") @@ -118,6 +110,24 @@ func (c *DockerDriverConfig) Validate() error { return nil } +// NewDockerDriverConfig returns a docker driver config by parsing the HCL +// config +func NewDockerDriverConfig(task *structs.Task) (*DockerDriverConfig, error) { + var driverConfig DockerDriverConfig + driverConfig.SSL = true + if err := mapstructure.WeakDecode(task.Config, &driverConfig); err != nil { + return nil, err + } + if strings.Contains(driverConfig.ImageName, "https://") { + driverConfig.ImageName = strings.Replace(driverConfig.ImageName, "https://", "", 1) + } + + if err := driverConfig.Validate(); err != nil { + return nil, err + } + return &driverConfig, nil +} + type dockerPID struct { Version string ImageID string @@ -657,16 +667,8 @@ func (d *DockerDriver) loadImage(driverConfig *DockerDriverConfig, client *docke } func (d *DockerDriver) Start(ctx *ExecContext, task *structs.Task) (DriverHandle, error) { - var driverConfig DockerDriverConfig - if err := mapstructure.WeakDecode(task.Config, &driverConfig); err != nil { - return nil, err - } - - if err := driverConfig.Init(); err != nil { - return nil, err - } - - if err := driverConfig.Validate(); err != nil { + driverConfig, err := NewDockerDriverConfig(task) + if err != nil { return nil, err } @@ -683,7 +685,7 @@ func (d *DockerDriver) Start(ctx *ExecContext, task *structs.Task) (DriverHandle return nil, fmt.Errorf("Failed to connect to docker daemon: %s", err) } - if err := d.createImage(&driverConfig, client, taskDir); err != nil { + if err := d.createImage(driverConfig, client, taskDir); err != nil { return nil, fmt.Errorf("failed to create image: %v", err) } @@ -723,7 +725,7 @@ func (d *DockerDriver) Start(ctx *ExecContext, task *structs.Task) (DriverHandle return nil, fmt.Errorf("failed to start syslog collector: %v", err) } - config, err := d.createContainer(ctx, task, &driverConfig, ss.Addr) + config, err := d.createContainer(ctx, task, driverConfig, ss.Addr) if err != nil { d.logger.Printf("[ERR] driver.docker: failed to create container configuration for image %s: %s", image, err) pluginClient.Kill() From c655ba140db088f1c8e226aa27da60a18825c912 Mon Sep 17 00:00:00 2001 From: Diptanu Choudhury Date: Tue, 21 Jun 2016 16:55:23 -0700 Subject: [PATCH 2/2] Updated docs --- CHANGELOG.md | 4 ++++ website/source/docs/drivers/docker.html.md | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b156026e69a..5ce7209bdb1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,8 @@ __BACKWARDS INCOMPATIBILITIES:__ eval-status -monitor`. * config: Consul configuration has been moved from client options map to consul block under client configuration + * driver/docker: Enabled SSL by default for pulling images from docker + registries. [GH-1336] IMPROVEMENTS: * core: Scheduler reuses blocked evaluations to avoid unbounded creation of @@ -34,6 +36,8 @@ IMPROVEMENTS: if the artifact exists inside a chrooted directory [GH-1262] * driver/docker: Added a client options to set SELinux labels for container bind mounts. [GH-788] + * driver/docker: Enabled SSL by default for pulling images from docker + registries. [GH-1336] * server: If Consul is available, automatically bootstrap Nomad Servers using the `_nomad` service in Consul. [GH-1276] diff --git a/website/source/docs/drivers/docker.html.md b/website/source/docs/drivers/docker.html.md index abff315552b..5c2789a4391 100644 --- a/website/source/docs/drivers/docker.html.md +++ b/website/source/docs/drivers/docker.html.md @@ -94,7 +94,7 @@ The following options are available for use in the job specification. to use. * `SSL` - (Optional) If this is set to true, Nomad uses SSL to talk to the - repository. The default value is `false`. + repository. The default value is `true`. * `port_map` - (Optional) A key/value map of port labels (see below).