From 0c90456a104f332f83623ad3b5a5d78b9c7d6466 Mon Sep 17 00:00:00 2001 From: Steven Jack Date: Sun, 26 Oct 2014 08:44:32 +0000 Subject: [PATCH 1/2] Allows server to pick up DOCKER_CERT_PATH variable --- bin/spurious-server | 1 + lib/spurious/server/options.rb | 21 ++++++++++++++++++++- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/bin/spurious-server b/bin/spurious-server index 26ee477..955ee60 100755 --- a/bin/spurious-server +++ b/bin/spurious-server @@ -9,6 +9,7 @@ require 'eventmachine' require 'spurious/server/options' options = Spurious::Server::Options.new(ENV) +ENV['DOCKER_HOST'] = options.ssl_docker_host Excon.defaults[:write_timeout] = options.write_timeout Excon.defaults[:read_timeout] = options.read_timeout diff --git a/lib/spurious/server/options.rb b/lib/spurious/server/options.rb index 2a00e1d..6933a29 100644 --- a/lib/spurious/server/options.rb +++ b/lib/spurious/server/options.rb @@ -1,7 +1,7 @@ module Spurious module Server class Options - attr_reader :docker_full_path, :docker_host, :docker_port, :docker_api, :server_port, :server_ip, :write_timeout, :read_timeout + attr_reader :docker_full_path, :docker_host, :docker_port, :docker_api, :server_port, :server_ip, :write_timeout, :read_timeout, :cert_path def initialize(env) @docker_host = env['DOCKER_HOST'].nil? ? 'localhost' : env['DOCKER_HOST'][/\/\/([0-9a-z\.]+):/,1] @@ -11,8 +11,27 @@ def initialize(env) @server_ip = env.fetch('SPURIOUS_SERVER_IP', '0.0.0.0') @write_timeout = env.fetch('EXCON_WRITE_TIMEOUT', 30000) @read_timeout = env.fetch('EXCON_READ_TIMEOUT', 30000) + @cert_path = env.fetch('DOCKER_CERT_PATH', nil) + setup_ssl if @cert_path end + def ssl_docker_host + "https://#{docker_host}:#{docker_port}" + end + + protected + + def setup_ssl + Docker.options = { + :client_cert => File.join(absolute_cert_path, 'cert.pem'), + :client_key => File.join(absolute_cert_path, 'key.pem'), + :ssl_ca_file => File.join(absolute_cert_path, 'ca.pem') + } + end + + def absolute_cert_path + @absolute_cert_path ||= File.expand_path cert_path + end end end end From ef3d31e1e5bf8962b35ccb69114e1e8cf9b436a8 Mon Sep 17 00:00:00 2001 From: Steven Jack Date: Sun, 26 Oct 2014 09:00:20 +0000 Subject: [PATCH 2/2] Adds some exception handling around cert paths --- lib/spurious/server/options.rb | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/lib/spurious/server/options.rb b/lib/spurious/server/options.rb index 6933a29..89dc580 100644 --- a/lib/spurious/server/options.rb +++ b/lib/spurious/server/options.rb @@ -23,12 +23,18 @@ def ssl_docker_host def setup_ssl Docker.options = { - :client_cert => File.join(absolute_cert_path, 'cert.pem'), - :client_key => File.join(absolute_cert_path, 'key.pem'), - :ssl_ca_file => File.join(absolute_cert_path, 'ca.pem') + :client_cert => valid_cert_path?('cert.pem'), + :client_key => valid_cert_path?('key.pem'), + :ssl_ca_file => valid_cert_path?('ca.pem') } end + def valid_cert_path?(cert) + File.join(absolute_cert_path, cert).tap do |path| + raise "Could not find: #{path}, please check it exists in your DOCKER_CERTS_PATH folder" unless File.exists? path + end + end + def absolute_cert_path @absolute_cert_path ||= File.expand_path cert_path end