Of Stack

Mac OSX system Docker enables Docker remote API

  • 2020-05-17 07:13:29
  • OfStack

Enable Docker remote API on the Docker machine of the Mac OSX system

The Docker daemon provides a set of remote REST API. For details, please refer to the following documents:

https://docs.docker.com/engine/reference/api/docker_remote_api/

This set of API is provided for clients to use when communicating with the Docker engine. This set of API can also be called by other tools, such as curl or Postman REST client tools of Chrome browser.

If you are creating an Docker daemon using an Docker machine on an Mac OSX Mavericks system, then enabling the Docker remote API capability requires a number of skills. Let's go down 11.

You can use the curl tool to connect to a secure Docker port, as follows: 


$ curl https://$HOST:2376/images/json 
 --cert ~/.docker/cert.pem 
 --key ~/.docker/key.pem 
 --cacert ~/.docker/ca.pem

There is a definite problem with this command. Mainly include:

1) the command may not work because the certificate for each Docker machine is stored in the.docker/machine/machines/ directory.
2) even if the command is modified according to the path, such as:

curl https://192.168.99.100:2376/images/json --cert $DOCKER_CERT_PATH/cert.pem --key $DOCKER_CERT_PATH/key.pem --cacert $DOCKER_CERT_PATH/ca.pem

Executing the command will still get an error message:

curl: (58) SSL: Can't load the certificate "/Users/arungupta/.docker/machine/machines/couchbase/cert.pem" and its private key: OSStatus -25299

The solution is to update the curl tool. Overall, the latest version of the curl tool USES Apple's secure transport layer, API (Secure Transport API), instead of the original OpenSSL API. This means that the certificate must be in p12 format.

Here's how to fix the command:

1) deposit into Docker machine directory of certificates, such as. docker/machine/machines/couchbase directory
2) generate *.p 12 certificate 


openssl pkcs12 -export 
-inkey key.pem 
-in cert.pem 
-CAfile ca.pem 
-chain 
-name client-side 
-out cert.p12 
-password pass:mypass

Now you can call REST API:

curl https://192.168.99.100:2376/images/json --cert $DOCKER_CERT_PATH/cert.p12 --pass mypass --key $DOCKER_CERT_PATH/key.pem --cacert $DOCKER_CERT_PATH/ca.pem

Notice that the WSD parameter now points to the generated p12 certificate, and the password for the certificate is specified using the WSD parameter.

Then you get the following results: 


[{"Id":"sha256:d38beda529d3274636d6cb1c9000afe4f00fbdcfa544140d6cc0f5d7f5b8434a","ParentId":"",
"RepoTags":["arungupta/couchbase:latest"],"RepoDigests":null,"Created":1450330075,"Size":374824677,
"VirtualSize":374824677,"Labels":{}}]

Now you can try starting the CouchBase server: 


~ > docker run -d -p 8091-8093:8091-8093 -p 11210:11210 arungupta/couchbase
42d1414883affd0fbb272cb1378c2f6b5118acf3ed5cb60cbecdc42f95602e3e

Call another REST API to see the container details: 


~ > curl https://192.168.99.100:2376/containers/json --cert $DOCKER_CERT_PATH/cert2.p12 --pass mypass --key $DOCKER_CERT_PATH/key.pem --cacert $DOCKER_CERT_PATH/ca.pem
[{"Id":"42d1414883affd0fbb272cb1378c2f6b5118acf3ed5cb60cbecdc42f95602e3e","Names":["/admiring_pike"],"Image":"arungupta/couchbase","ImageID":"sha256:d38beda529d3274636d6cb1c9000afe4f00fbdcfa544140d6cc0f5d7f5b8434a","Command":"/entrypoint.sh /opt/couchbase/configure-cluster.sh","Created":1454850194,"Ports":[{"IP":"0.0.0.0","PrivatePort":8092,"PublicPort":8092,"Type":"tcp"},{"PrivatePort":11207,"Type":"tcp"},{"IP":"0.0.0.0","PrivatePort":11210,"PublicPort":11210,"Type":"tcp"},{"PrivatePort":18092,"Type":"tcp"},{"PrivatePort":18091,"Type":"tcp"},{"IP":"0.0.0.0","PrivatePort":8093,"PublicPort":8093,"Type":"tcp"},{"IP":"0.0.0.0","PrivatePort":8091,"PublicPort":8091,"Type":"tcp"},{"PrivatePort":11211,"Type":"tcp"}],"Labels":{},"Status":"Up 2 seconds","HostConfig":{"NetworkMode":"default"},"NetworkSettings":{"Networks":{"bridge":{"IPAMConfig":null,"Links":null,"Aliases":null,"NetworkID":"","EndpointID":"6feaf4c1c70feaf0ba240ce55fb58ce83ebb84c8098bef9171998e84f607fa0b","Gateway":"172.17.0.1","IPAddress":"172.17.0.2","IPPrefixLen":16,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"02:42:ac:11:00:02"}}}}]

Thank you for reading, I hope to help you, thank you for your support of this site!

Related articles: