Docker daemon provides a Remote REST API. This API is used by the Client to communicate with the engine. This API can be also be invoked by by other tools, such as curl or Chrome Postman REST Client.
If you are creating Docker daemons using Docker Machine on OSX Mavericks, then getting this API to work is a bit tricky. This blog will explain how to enable Docker Remote API on Docker Machines created on Mac OS X.
Connecting to the secure Docker port using curl gives the command as:
|
1
2
3
4
5
6
|
$ curl https://$HOST:2376/images/json \
--cert ~/.docker/cert.pem \
--key ~/.docker/key.pem \
--cacert ~/.docker/ca.pem
|
Couple of issues with this command:
- This command does not even work for Docker Machine since the certificates for each Machine are stored in
.docker/machine/machines/<machine-name>directory. - Even if this command is modified to match that path:
It still gives the following error:123curl https://192.168.99.100:2376/images/json --cert $DOCKER_CERT_PATH/cert.pem --key $DOCKER_CERT_PATH/key.pem --cacert $DOCKER_CERT_PATH/ca.pem
The culprit for this is an updated curl utility for OSX Mavericks users. In summary, the new version of CURL uses Apple’s Secure Transport API instead of the OpenSSL API. This means the certificates need to be in P12 format.123curl: (58) SSL: Can't load the certificate "/Users/arungupta/.docker/machine/machines/couchbase/cert.pem" and its private key: OSStatus -25299
Lets fix this!
- Go to the directory where certificates for your Machine are stored. In my case, this is
.docker/machine/machines/couchbasedirectory. - Generate
*.p12format for the certificate:
More details here.12345678910openssl pkcs12 -export \-inkey key.pem \-in cert.pem \-CAfile ca.pem \-chain \-name client-side \-out cert.p12 \-password pass:mypass - Now invoke the REST API as:
Notice,123curl https://192.168.99.100:2376/images/json --cert $DOCKER_CERT_PATH/cert.p12 --pass mypass --key $DOCKER_CERT_PATH/key.pem --cacert $DOCKER_CERT_PATH/ca.pem--certnow points to the generated p12 certificate and certificate password is specified sing--pass.This will return the result as:
123[{"Id":"sha256:d38beda529d3274636d6cb1c9000afe4f00fbdcfa544140d6cc0f5d7f5b8434a","ParentId":"","RepoTags":["arungupta/couchbase:latest"],"RepoDigests":null,"Created":1450330075,"Size":374824677,"VirtualSize":374824677,"Labels":{}}]OK, now that makes sense!
- Lets try to start Couchbase server as:
1234~ > docker run -d -p 8091-8093:8091-8093 -p 11210:11210 arungupta/couchbase42d1414883affd0fbb272cb1378c2f6b5118acf3ed5cb60cbecdc42f95602e3e
And invoke another REST API to view more details about this container:
1234~ > curl https://192.168.99.100:2376/containers/json --cert $DOCKER_CERT_PATH/cert2.p12 --pass mypass --key $DOCKER_CERT_PATH/key.pem --cacert $DOCKER_CERT_PATH/ca.pem[{"Id":"42d1414883affd0fbb272cb1378c2f6b5118acf3ed5cb60cbecdc42f95602e3e","Names":["/admiring_pike"],"Image":"arungupta/couchbase","ImageID":"sha256:d38beda529d3274636d6cb1c9000afe4f00fbdcfa544140d6cc0f5d7f5b8434a","Command":"/entrypoint.sh /opt/couchbase/configure-cluster.sh","Created":1454850194,"Ports":[{"IP":"0.0.0.0","PrivatePort":8092,"PublicPort":8092,"Type":"tcp"},{"PrivatePort":11207,"Type":"tcp"},{"IP":"0.0.0.0","PrivatePort":11210,"PublicPort":11210,"Type":"tcp"},{"PrivatePort":18092,"Type":"tcp"},{"PrivatePort":18091,"Type":"tcp"},{"IP":"0.0.0.0","PrivatePort":8093,"PublicPort":8093,"Type":"tcp"},{"IP":"0.0.0.0","PrivatePort":8091,"PublicPort":8091,"Type":"tcp"},{"PrivatePort":11211,"Type":"tcp"}],"Labels":{},"Status":"Up 2 seconds","HostConfig":{"NetworkMode":"default"},"NetworkSettings":{"Networks":{"bridge":{"IPAMConfig":null,"Links":null,"Aliases":null,"NetworkID":"","EndpointID":"6feaf4c1c70feaf0ba240ce55fb58ce83ebb84c8098bef9171998e84f607fa0b","Gateway":"172.17.0.1","IPAddress":"172.17.0.2","IPPrefixLen":16,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"02:42:ac:11:00:02"}}}}]
Read through the complete API and go crazy now!
Originally posted at: blog.couchbase.com/2016/february/enabling-docker-remote-api-docker-machine-mac-osx
Machine working is great and it builds step by step. The nomnomtruck.com additionally take a shot at machine learning and the following time is likewise founded on machine learning.
I found your website perfect for my needs. It contains wonderful and helpful posts. Keep up the good work! run 3