mirror of
https://github.com/bingohuang/docker-labs.git
synced 2025-10-04 09:23:21 +08:00
Add TLS certificates for machine drivers (#73)
This commit is contained in:
Marcos Nils
GitHub
@@ -180,7 +180,6 @@ func ResizeConnection(name string, cols, rows uint) error {
|
||||
}
|
||||
|
||||
func CreateInstance(session *Session, dindImage string) (*Instance, error) {
|
||||
|
||||
h := &container.HostConfig{NetworkMode: container.NetworkMode(session.Id), Privileged: true}
|
||||
h.Resources.PidsLimit = int64(500)
|
||||
h.Resources.Memory = 4092 * Megabyte
|
||||
|
||||
@@ -2,6 +2,7 @@ package services
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"io"
|
||||
"log"
|
||||
"os"
|
||||
@@ -29,6 +30,9 @@ type Instance struct {
|
||||
Cpu string `json:"cpu"`
|
||||
Ports []uint16 `json:"ports"`
|
||||
tempPorts []uint16 `json:"-"`
|
||||
ServerCert []byte `json:"server_cert"`
|
||||
ServerKey []byte `json:"server_key"`
|
||||
cert *tls.Certificate `json:"-"`
|
||||
}
|
||||
|
||||
func (i *Instance) setUsedPort(port uint16) {
|
||||
@@ -43,6 +47,25 @@ func (i *Instance) setUsedPort(port uint16) {
|
||||
i.tempPorts = append(i.tempPorts, port)
|
||||
}
|
||||
|
||||
func (i *Instance) SetCertificate(cert, key []byte) (*tls.Certificate, error) {
|
||||
i.ServerCert = cert
|
||||
i.ServerKey = key
|
||||
c, e := tls.X509KeyPair(i.ServerCert, i.ServerKey)
|
||||
if e != nil {
|
||||
return nil, e
|
||||
}
|
||||
i.cert = &c
|
||||
|
||||
// We store sessions as soon as we set instance keys
|
||||
if err := saveSessionsToDisk(); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return i.cert, nil
|
||||
}
|
||||
func (i *Instance) GetCertificate() *tls.Certificate {
|
||||
return i.cert
|
||||
}
|
||||
|
||||
func (i *Instance) IsConnected() bool {
|
||||
return i.conn != nil
|
||||
|
||||
@@ -131,6 +154,18 @@ func (i *Instance) Attach() {
|
||||
func GetInstance(session *Session, name string) *Instance {
|
||||
return session.Instances[name]
|
||||
}
|
||||
|
||||
func FindInstanceByIP(ip string) *Instance {
|
||||
for _, s := range sessions {
|
||||
for _, i := range s.Instances {
|
||||
if i.IP == ip {
|
||||
return i
|
||||
}
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func DeleteInstance(session *Session, instance *Instance) error {
|
||||
if instance.conn != nil {
|
||||
instance.conn.Close()
|
||||
|
||||
@@ -304,6 +304,14 @@ func LoadSessionsFromDisk() error {
|
||||
for _, i := range s.Instances {
|
||||
// wire the session back to the instance
|
||||
i.session = s
|
||||
|
||||
if i.ServerCert != nil && i.ServerKey != nil {
|
||||
_, err := i.SetCertificate(i.ServerCert, i.ServerKey)
|
||||
if err != nil {
|
||||
log.Println(err)
|
||||
return err
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Connect PWD daemon to the new network
|
||||
|
||||
Reference in New Issue
Block a user