-
Notifications
You must be signed in to change notification settings - Fork 1.9k
docker module can't autodetect use_tls=no from envrionment variables #946
Comments
CC: @smashwilson @dguerri I whipped this off to address the same traceback revealed in a different bug. It may address or half address this issue: #947 by making the default if use_tls is unspecified and no tls options are found in the playbook task or the environment be to not use tls. If you could give it a try and see if it solves this without breaking your other cases, I'd appreciate the testing. Trying to figure out if we want to do something with DOCKER_TLS_VERIFY as well. If my pull request above does what I hope it does then DOCKER_TLS_VERIFY would only serve as an additional way to turn tls_verify on. The default if no tls params or environment variables were set would be to be off. I suppose that since we're already utilizing the other DOCKER_* env variables, that this one might be okay as well.... What are the possible values that it can have? Either it is set or not set? So we can do something like: use_tls = module.get_param('use_tls')
if use_tls is None:
if os.environ.get('DOCKER_TLS_VERIFY', None) is not None:
use_tls = 'verify' One note about this -- I believe that docker independently toggles whether verification also checks the hostname vs just verifying the validity of the certificate. We take a different strategy: allowing you to specify the hostname that the certificate should have. If we start checking the value of DOCKER_TLS_VERIFY to enable tls you may also have to specify tls_hostname in the playbook tasks or set the new environment variable DOCKER_TLS_HOSTNAME. |
@abadger The docker command-line client just checks if DOCKER_TLS_VERIFY is set to a non-empty string: https://github.com/docker/docker/blob/ed435fb458d71757e561ee267e0954f17c06559c/docker/flags.go#L16 |
Okay, DOCKER_TLS_VERIFY should now be used to set use_tls to verify: 34c4e0d Closing This TicketHi! We believe recent commits (likely detailed above) should resolve this question or problem for you. This will also be included in the next major release. If you continue seeing any problems related to this issue, or if you have any further questions, please let us know by stopping by one of the two mailing lists, as appropriate:
Because this project is very active, we're unlikely to see comments made on closed tickets, but the mailing list is a great way to ask questions, or post if you don't think this particular Thank you! |
If boot2docker is configured with TLS disabled, with environment variables like this:
Then invoking the docker module, for example like this:
will cause Ansible will error out:
If use_tls is explicitly disabled, then it works:
It would be helpful if the Ansible module could detect whether TLS was enabled from the environment variables. When configure from environment variables, Docker checks if the
DOCKER_TLS_VERIFY
environment variable is set to determine whether to use TLS.The text was updated successfully, but these errors were encountered: