New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HTTPS API connection to Docker server not working #51

Closed
delfuego opened this Issue Jan 13, 2015 · 8 comments

Comments

Projects
None yet
6 participants
@delfuego

delfuego commented Jan 13, 2015

My Docker server only allows HTTPS access to the API; in this configuration, using the docker-maven-plugin doesn't appear to work. I'm using version 0.1.1 of the plugin, and my DOCKER_HOST environment variable is set as follows:

DOCKER_HOST="tcp://my.docker.hostname:2376"

Running mvn docker:build results in:

[INFO] ------------------------------------------------------------------------
[INFO] Building iRIS REST API client 1.0.13
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] --- docker-maven-plugin:0.1.1:build (default-cli) @ irisrestapi-client ---
[INFO] Copying /Volumes/JEL Eclipse/workspace/irisrestapi-client/target/irisrestapi-client-1.0.13-jar-with-dependencies.jar -> /Volumes/JEL Eclipse/workspace/irisrestapi-client/target/docker/irisrestapi-client-1.0.13-jar-with-dependencies.jar
[INFO] Building image nciccroit/irisapiclient:1.0.13
Jan 12, 2015 9:00:31 PM org.apache.http.impl.execchain.RetryExec execute
INFO: I/O exception (java.net.SocketException) caught when processing request to {}->http://my.docker.hostname:2376: Broken pipe
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.459 s
[INFO] Finished at: 2015-01-12T21:00:31-05:00
[INFO] Final Memory: 20M/310M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal com.spotify:docker-maven-plugin:0.1.1:build (default-cli) on project irisrestapi-client: Exception caught: java.util.concurrent.ExecutionException: com.spotify.docker.client.shaded.javax.ws.rs.ProcessingException: org.apache.http.client.ClientProtocolException: Cannot retry request with a non-repeatable request entity: Broken pipe -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException

From issues #31 and #34, I thought that the current version of the plugin (0.1.1) would contain the fixes referenced in #31... am I mistaken? Or is this another error entirely?

Of note, I've verified that my client and server both are on the same Docker version (1.4.1):

$ docker version
Client version: 1.4.1
Client API version: 1.16
Go version (client): go1.3.3
Git commit (client): 5bc2ff8
OS/Arch (client): darwin/amd64
Server version: 1.4.1
Server API version: 1.16
Go version (server): go1.3.3
Git commit (server): 5bc2ff8

(I've seen reference online that that broken pipe error could be related to different client & server versions, but that's not the case here.)

Thanks in advance...

@delfuego

This comment has been minimized.

delfuego commented Jan 13, 2015

Aaaaand, just after I typed taht up, I think I figured this one out — the plugin (or more likely the docker-client dependency) requires that DOCKER_CERT_PATH be set, rather than relying on defaults if it's not.

Is this a bug, or expected? Should I submit an issue over at docker-client?

@davidxia

This comment has been minimized.

Member

davidxia commented Feb 17, 2015

@delfuego What OS are you using? I use Mac OS X with boot2docker v 1.3.2. This version and later versions have SSL enabled by default. I have to set these environment variables before I can interact with docker in the boot2docker vm:

DOCKER_CERT_PATH=/Users/dxia/.boot2docker/certs/boot2docker-vm
DOCKER_HOST=tcp://192.168.59.103:2376
DOCKER_TLS_VERIFY=1

A good rule of thumb is to check whether docker ps works. If it does, then executing docker-maven-plugin in that shell environment should also work.

@rohansingh

This comment has been minimized.

Collaborator

rohansingh commented Feb 17, 2015

Aaaaand, just after I typed taht up, I think I figured this one out — the plugin (or more likely the docker-client dependency) requires that DOCKER_CERT_PATH be set, rather than relying on defaults if it's not.

Since Docker with TLS uses client certificate validation, there is no "default" we can just guess. Just like the docker CLI, we need to know where your certs are. Hence the DOCKER_CERT_PATH.

@chris-snider

This comment has been minimized.

chris-snider commented Feb 17, 2015

Another option you might explore is setting up the target docker daemon to listen on the HTTP port at 4243 as well and use that in your calls.

This is the option we use at my company since the majority of our developers use Windows as primary desktop.

@davidxia davidxia added the question label Feb 17, 2015

@dronamk

This comment has been minimized.

dronamk commented Jun 11, 2015

I'm trying to work with docker-maven-plugin in getting the example spring-boot-docker to install and build a docker image and am faced with the error as above

Error
[ERROR] Failed to execute goal com.spotify:docker-maven-plugin:0.2.3:build (default-cli) on project gs-spring-boot-docker: Exception caught: java.util.concurrent.ExecutionException: com.spotify.docker.client.shaded.javax.ws.rs.ProcessingException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target -> [Help 1]

Env: Windows desktop, boot2docker VM

Code - spring-boot-docker sample code in Eclipse pulled from Git
Maven goal (package docker:build)

https://192.168.59.103:2376

$ docker version
Client version: 1.6.2
Client API version: 1.18
Go version (client): go1.4.2
Git commit (client): 7c8fca2
OS/Arch (client): windows/amd64
Server version: 1.6.2
Server API version: 1.18
Go version (server): go1.4.2
Git commit (server): 7c8fca2
OS/Arch (server): linux/amd64

Do I need to follow instructions at https://docs.docker.com/articles/https/
If so how do I transfer files (*.pem files) from my windows host to the boot2docker VM

It appears I cannot disable TLS with new version of Docker.
will you please suggest, Thanks.

@dronamk

This comment has been minimized.

dronamk commented Jun 11, 2015

following up my query, I followed instructions from above link for "docker daemon with HTTPS". generated all CSRs and signed them locally at prompt of boot2docker. Copied all the files over to ~/home/docker/.docker. Did a boot2docker restart. shutdown and then "docker ps" worked. From there the maven plugin also worked. Not sure how it did but that solved the problem for me. Thanks.

@davidxia

This comment has been minimized.

Member

davidxia commented Aug 7, 2015

Closing as this seems resolved.

@davidxia davidxia closed this Aug 7, 2015

@kamaljeetrathi

This comment has been minimized.

kamaljeetrathi commented Oct 26, 2015

How to do http client request to docker deamon in java code with pem file certification.
I have secure docker deamon running on my local machine and want to connect to deamon also running on my machine.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment