Created
April 7, 2016 09:52
-
-
Save poliveira89/a32c5bcd61ab3d7d09ebc787c22e17d4 to your computer and use it in GitHub Desktop.
Libcloud client for Docker with TLS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import libcloud.security | |
from libcloud.container.types import Provider | |
from libcloud.container.providers import get_driver | |
import ssl | |
from time import sleep | |
# this code is to declare private CA Root - created specifically for docker TLS connection | |
libcloud.security.SSL_VERSION = ssl.PROTOCOL_TLSv1 | |
libcloud.security.CA_CERTS_PATH.append('/path/to/ca.pem') | |
url = 'https://my.wildcard.domain.example.com' | |
port = 2376 | |
key = '/path/to/key.pem' | |
cer = '/path/to/cert.pem' | |
# I even tried to bunde CA and CERT into one file and pass it to "cert_file" parameter | |
# like this: cat cert.pem ca.pe > bundle.pem | |
#cer = '/path/to/bundle.pem' | |
driver = cls(host=url, port=port, secure=True, key_file=key, cert_file=cer) | |
print('docker connected') # console checkpoint | |
img_list = driver.list_images() # fails here | |
print(len(img_list)) # console checkpoint |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ python libcloud_docker.py | |
docker connected | |
# ... | |
# stacktrace omitted may lead into error - several files were changed to debug | |
# ultimaly it ended on httplib_ssl.py with a "new" exception | |
# an "ELIF" for the following "IF" | |
# https://github.com/apache/libcloud/blob/trunk/libcloud/httplib_ssl.py#L326 | |
# ... | |
socket.error: [Errno 1] Failed to establish SSL / TLS connection ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)). It is possible that the server doesn't support requested SSL / TLS version (TLS v1.0). | |
For information on how to work around this issue, please see https://libcloud.readthedocs.org/en/latest/other/ssl-certificate-validation.html#changing-used-ssl-tls-version |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Could be related to OSX? Because cURL on Linux works like a charm (receives successful response from docker API), but failed to repeat the prowess on OSX.