Implement comments from @smashwilson:

* if tls_ca_cert is set then use tls to verify the server
* take tls_hostname from the environment variable DOCKER_TLS_HOSTNAME
  if it's not specified in the playbook

https://github.com/ansible/ansible-modules-core/pull/926#issuecomment-78542210
pull/18777/head
Toshio Kuratomi 10 years ago committed by Matt Clay
parent 3bfe9a7b50
commit 7c261b3954

@ -546,6 +546,7 @@ class DockerManager(object):
env_host = os.getenv('DOCKER_HOST') env_host = os.getenv('DOCKER_HOST')
env_cert_path = os.getenv('DOCKER_CERT_PATH') env_cert_path = os.getenv('DOCKER_CERT_PATH')
env_docker_hostname = os.getenv('DOCKER_TLS_HOSTNAME')
docker_url = module.params.get('docker_url') docker_url = module.params.get('docker_url')
if not docker_url: if not docker_url:
@ -573,11 +574,14 @@ class DockerManager(object):
if tls_ca_cert: if tls_ca_cert:
tls_hostname = module.params.get('tls_hostname') tls_hostname = module.params.get('tls_hostname')
if tls_hostname is None: if tls_hostname is None:
parsed_url = urlparse(docker_url) if env_docker_hostname:
if ':' in parsed_url.netloc: tls_hostname = env_docker_hostname
tls_hostname = parsed_url.netloc[:parsed_url.netloc.rindex(':')]
else: else:
tls_hostname = parsed_url parsed_url = urlparse(docker_url)
if ':' in parsed_url.netloc:
tls_hostname = parsed_url.netloc[:parsed_url.netloc.rindex(':')]
else:
tls_hostname = parsed_url
if not tls_hostname: if not tls_hostname:
tls_hostname = True tls_hostname = True
@ -585,8 +589,9 @@ class DockerManager(object):
# no: Do not use tls # no: Do not use tls
# encrypt: Use tls. We may do client auth. We will not verify the server # encrypt: Use tls. We may do client auth. We will not verify the server
# verify: Use tls. We may do client auth. We will verify the server # verify: Use tls. We may do client auth. We will verify the server
# None: Only use tls if client auth is specified. We may do client # None: Only use tls if the parameters for client auth were specified
# auth. We will not verify the server. # or tls_ca_cert (which requests verifying the server with
# a specific ca certificate)
use_tls = module.params.get('use_tls') use_tls = module.params.get('use_tls')
if use_tls == 'no': if use_tls == 'no':
tls_config = None tls_config = None
@ -601,7 +606,7 @@ class DockerManager(object):
params['client_cert'] = (tls_client_cert, tls_client_key) params['client_cert'] = (tls_client_cert, tls_client_key)
# We're allowed to verify the connection to the server # We're allowed to verify the connection to the server
if use_tls == 'verify': if use_tls == 'verify' or (use_tls is None and tls_ca_cert):
if tls_ca_cert: if tls_ca_cert:
params['ca_cert'] = tls_ca_cert params['ca_cert'] = tls_ca_cert
params['verify'] = True params['verify'] = True

Loading…
Cancel
Save