Merge pull request #17 from duedil-ltd/feature/insecure-registries

Support for insecure docker registries
duedil-ltd · Nov 1, 2014 · 6bb2276 · 6bb2276
2 parents a16d6c1 + c2b5a17
commit 6bb2276
Show file tree

Hide file tree

Showing 5 changed files with 98 additions and 32 deletions.
diff --git a/portainer/app/build.py b/portainer/app/build.py
@@ -37,6 +37,8 @@ def args(parser):
                        help="Multiple tags to apply to the image once built")
     group.add_argument("--container-image", default="jpetazzo/dind",
                        help="Docker image to run the portainer executor in")
+    group.add_argument("--insecure", default=False, action="store_true",
+                       help="Enable pulling/pushing of images with insecure registries")
 
     # Arguments for the staging filesystem
     group = parser.add_argument_group("fs")
@@ -75,7 +77,8 @@ def main(args):
         container_image=args.container_image,
         stream=args.stream,
         docker_host=args.docker_host,
-        verbose=args.verbose
+        verbose=args.verbose,
+        insecure_registries=args.insecure
     )
 
     driver = pesos.scheduler.PesosSchedulerDriver(

diff --git a/portainer/app/executor.py b/portainer/app/executor.py
@@ -70,10 +70,13 @@ def launch_docker_daemon():
             logger.info("Launching docker daemon subprocess")
 
             env = dict(os.environ)
-            env["DOCKER_DAEMON_ARGS"] = "-g %s" % (
+            env["DOCKER_DAEMON_ARGS"] = " -g %s" % (
                 os.path.join(env["MESOS_DIRECTORY"], "docker")
             )
 
+            for reg in build_task.daemon.insecure_registries:
+                env["DOCKER_DAEMON_ARGS"] += " --insecure-registry %s" % reg
+
             # Use the `wrapdocker` script included in our docker image
             proc = subprocess.Popen(["/usr/local/bin/wrapdocker"], env=env)
 
@@ -90,7 +93,7 @@ def launch_docker_daemon():
 
             proc.wait()
 
-        if not build_task.HasField("docker_host"):
+        if not build_task.daemon.HasField("docker_host"):
             daemon_thread = threading.Thread(target=launch_docker_daemon)
             daemon_thread.setDaemon(True)
             daemon_thread.start()

diff --git a/portainer/app/scheduler.py b/portainer/app/scheduler.py
@@ -38,7 +38,8 @@ class Scheduler(mesos.interface.Scheduler):
 
     def __init__(self, tasks, executor_uri, cpu_limit, mem_limit, push_registry,
                  staging_uri, stream=False, verbose=False, repository=None,
-                 pull_registry=None, docker_host=None, container_image=None):
+                 pull_registry=None, docker_host=None, container_image=None,
+                 insecure_registries=False):
 
         self.executor_uri = executor_uri
         self.cpu = float(cpu_limit)
@@ -51,6 +52,7 @@ def __init__(self, tasks, executor_uri, cpu_limit, mem_limit, push_registry,
         self.repository = repository
         self.docker_host = docker_host
         self.container_image = container_image
+        self.insecure_registries = insecure_registries
 
         self.queued_tasks = []
         for path, tags in tasks:
@@ -308,8 +310,13 @@ def handle_exception(e):
         else:
             build_task.dockerfile = dockerfile.build()
 
+        # Configure properties on the docker daemon
         if self.docker_host:
-            build_task.docker_host = self.docker_host
+            build_task.daemon.docker_host = self.docker_host
+        if self.insecure_registries:
+            for registry in [self.pull_registry, self.push_registry]:
+                if registry:
+                    build_task.daemon.insecure_registries.append(registry)
 
         # Pull out the repository from the dockerfile
         try:

diff --git a/portainer/proto/portainer_pb2.py b/portainer/proto/portainer_pb2.py
diff --git a/proto/portainer.proto b/proto/portainer.proto
@@ -8,13 +8,11 @@ package portainer;
  */
 message BuildTask {
     required DockerImage image = 1;
+    required DockerDaemon daemon = 7;
+
     optional string context = 2;
     optional string dockerfile = 6; // Optional string representation of the Dockerfile to build
     optional bool stream = 5; // Should we stream the build output?
-
-    // These are used when launching/connecting to the docker daemon
-    optional string docker_host = 3;
-    optional string docker_args = 4;
 }
 
 /**
@@ -33,3 +31,15 @@ message DockerRegistry {
   required string hostname = 1;
   optional uint32 port = 2 [default = 80];
 }
+
+/**
+ * Configuration for the docker daemon
+ */
+message DockerDaemon {
+  // These are used when launching/connecting to the docker daemon
+  optional string docker_host = 1;
+  optional string docker_args = 2;
+
+  // List of docker registries that can be used without SSL
+  repeated string insecure_registries = 3;
+}