Enable Docker remote API feature on Docker machine on Mac OSX system
The Docker daemon provides a set of remote REST APIs, please refer to the documentation for details:
/engine/reference/api/docker_remote_api/
This set of APIs is provided to clients when communicating with the Docker engine. This set of APIs can also be called by other tools, such as the Postman REST client tool of curl or Chrome browser.
If you are using a Docker machine to create a Docker daemon on a Mac OSX Mavericks system, then it takes some skills to enable the Docker remote API function. Let’s come one by one below.
You can use the curl tool to connect to a secure Docker port, with the following commands:
$ curl https://$HOST:2376/images/json --cert ~/.docker/ --key ~/.docker/ --cacert ~/.docker/
There are certain problems with this command. Mainly:
1) The command may not work because the certificate of each Docker machine is stored in the .docker/machine/machines/ directory.
2) Even if the command is modified according to the path, for example:
curl https://192.168.99.100:2376/images/json --cert $DOCKER_CERT_PATH/ --key $DOCKER_CERT_PATH/ --cacert $DOCKER_CERT_PATH/
Execute the command and still get the error message:
curl: (58) SSL: Can't load the certificate "/Users/arungupta/.docker/machine/machines/couchbase/" and its private key: OSStatus -25299
The solution is to update the curl tool. In general, the latest version of the curl tool uses Apple's Secure Transport API (Secure Transport API), replacing the original OpenSSL API. This means that the certificate must be in p12 format.
The following can be fixed as follows:
1) Enter the directory where the Docker machine stores the certificate, such as the .docker/machine/machines/couchbase directory
2) Generate a certificate in *.p12 format
openssl pkcs12 -export -inkey -in -CAfile -chain -name client-side -out cert.p12 -password pass:mypass
Now you can call the REST API:
curl https://192.168.99.100:2376/images/json --cert $DOCKER_CERT_PATH/cert.p12 --pass mypass --key $DOCKER_CERT_PATH/ --cacert $DOCKER_CERT_PATH/
Note that the –cert parameter now points to the generated p12 certificate, and the password of the certificate is specified using the –pass parameter.
Then you will get the following results:
[{"Id":"sha256:d38beda529d3274636d6cb1c9000afe4f00fbdcfa544140d6cc0f5d7f5b8434a","ParentId":"",
"RepoTags":["arungupta/couchbase:latest"],"RepoDigests":null,"Created":1450330075,"Size":374824677,
"VirtualSize":374824677,"Labels":{}}]
Now you can try to start the CouchBase server:
~ > docker run -d -p 8091-8093:8091-8093 -p 11210:11210 arungupta/couchbase 42d1414883affd0fbb272cb1378c2f6b5118acf3ed5cb60cbecdc42f95602e3e
Then call another REST API to view the details of the container:
~ > curl https://192.168.99.100:2376/containers/json --cert $DOCKER_CERT_PATH/cert2.p12 --pass mypass --key $DOCKER_CERT_PATH/ --cacert $DOCKER_CERT_PATH/
[{"Id":"42d1414883affd0fbb272cb1378c2f6b5118acf3ed5cb60cbecdc42f95602e3e","Names":["/admiring_pike"],"Image":"arungupta/couchbase","ImageID":"sha256:d38beda529d3274636d6cb1c9000afe4f00fbdcfa544140d6cc0f5d7f5b8434a","Command":"/ /opt/couchbase/","Created":1454850194,"Ports":[{"IP":"0.0.0.0","PrivatePort":8092,"PublicPort":8092,"Type":"tcp"},{"PrivatePort":11207,"Type":"tcp"},{"IP":"0.0.0.0","PrivatePort":11210,"PublicPort":11210,"Type":"tcp"},{"PrivatePort":18092,"Type":"tcp"},{"PrivatePort":18091,"Type":"tcp"},{"IP":"0.0.0.0","PrivatePort":8093,"PublicPort":8093,"Type":"tcp"},{"IP":"0.0.0.0","PrivatePort":8091,"PublicPort":8091,"Type":"tcp"},{"PrivatePort":11211,"Type":"tcp"}],"Labels":{},"Status":"Up 2 seconds","HostConfig":{"NetworkMode":"default"},"NetworkSettings":{"Networks":{"bridge":{"IPAMConfig":null,"Links":null,"Aliases":null,"NetworkID":"","EndpointID":"6feaf4c1c70feaf0ba240ce55fb58ce83ebb84c8098bef9171998e84f607fa0b","Gateway":"172.17.0.1","IPAddress":"172.17.0.2","IPPrefixLen":16,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"02:42:ac:11:00:02"}}}}]
Thank you for reading, I hope it can help you. Thank you for your support for this site!