def get_client():
tls_config = tls.TLSConfig(
client_cert=('/etc/docker/server-cert.pem',
'/etc/docker/server-key.pem'),
verify='/etc/docker/ca.pem'
)
return docker.Client(base_url=DOCKER_HOST, tls=tls_config)
def __init__(self, spec, name_generator=None, atomic_inst=None):
super(Docker, self).__init__(None,
name_generator=name_generator,
atomic_inst=atomic_inst)
self._spec = spec
cert_path = self._spec.get("cert_path")
tls_verify = self._spec.get("tls_verify", False)
enable_tls = cert_path or tls_verify
if enable_tls:
from docker import tls as docker_tls
tls = docker_tls.TLSConfig(
client_cert=(os.path.join(cert_path, "cert.pem"),
os.path.join(cert_path, "key.pem")),
ca_cert=os.path.join(cert_path, "ca.pem"),
verify=tls_verify,
ssl_version=self._spec.get("ssl_version"),
assert_hostname=False)
else:
tls = False
import docker
self._client = docker.DockerClient(
base_url=self._spec.get("host"),
version=self._spec.get("version", "auto"),
timeout=self._spec.get("timeout",
docker.constants.DEFAULT_TIMEOUT_SECONDS),
tls=tls)
def test_connect_docker():
global c
global DOCKER_IP
# initialize Docker Object
if _platform == "linux" or _platform == "linux2":
# linux
c = Client(base_url='unix://var/run/docker.sock', version='1.20')
elif _platform == "darwin":
# MAC OS X
dockerout = subprocess.check_output(
['/usr/local/bin/docker-machine ip default'],
shell=True,
stderr=subprocess.STDOUT)
DOCKER_IP = dockerout.splitlines()[0]
CERTS = path.join(path.expanduser('~'), '.docker', 'machine',
'machines', 'default')
tls_config = tls.TLSConfig(client_cert=(path.join(CERTS, 'cert.pem'),
path.join(CERTS, 'key.pem')),
ca_cert=path.join(CERTS, 'ca.pem'),
assert_hostname=False,
verify=True)
url = "https://" + DOCKER_IP + ":2376"
c = Client(base_url=url, tls=tls_config, version='1.20')
elif _platform == "win32":
exit
# Check if connection to Docker work by listing all images
list_images = c.images()
assert len(list_images) >= 1
def docker_client():
"""
Returns a docker-py client configured using environment variables
according to the same logic as the official Docker client.
"""
cert_path = os.environ.get('DOCKER_CERT_PATH', '')
if cert_path == '':
cert_path = os.path.join(os.environ.get('HOME', ''), '.docker')
base_url = os.environ.get('DOCKER_HOST')
tls_config = None
if os.environ.get('DOCKER_TLS_VERIFY', '') != '':
parts = base_url.split('://', 1)
base_url = '%s://%s' % ('https', parts[1])
client_cert = (os.path.join(cert_path, 'cert.pem'), os.path.join(cert_path, 'key.pem'))
ca_cert = os.path.join(cert_path, 'ca.pem')
tls_config = tls.TLSConfig(
ssl_version=ssl.PROTOCOL_TLSv1,
verify=True,
assert_hostname=False,
client_cert=client_cert,
ca_cert=ca_cert,
)
timeout = int(os.environ.get('DOCKER_CLIENT_TIMEOUT', 60))
return APIClient(base_url=base_url, tls=tls_config, version='1.21', timeout=timeout)
def execute(self, context):
logging.info('Starting docker container from image ' + self.image)
tls_config = None
if self.tls_ca_cert and self.tls_client_cert and self.tls_client_key:
tls_config = tls.TLSConfig(ca_cert=self.tls_ca_cert,
client_cert=(self.tls_client_cert,
self.tls_client_key),
verify=True,
ssl_version=self.tls_ssl_version,
assert_hostname=self.tls_hostname)
self.docker_url = self.docker_url.replace('tcp://', 'https://')
self.cli = DockerAPIClient(base_url=self.docker_url,
version=self.api_version,
tls=tls_config)
if ':' not in self.image:
image = self.image + ':latest'
else:
image = self.image
if self.force_pull or len(self.cli.images(name=image)) == 0:
logging.info('Pulling docker image ' + image)
for l in self.cli.pull(image, stream=True):
output = json.loads(l.decode('utf-8'))
logging.info("{}".format(output['status']))
cpu_shares = int(round(self.cpus * 1024))
with TemporaryDirectory(prefix='airflowtmp') as host_tmp_dir:
self.environment['AIRFLOW_TMP_DIR'] = self.tmp_dir
self.volumes.append('{0}:{1}'.format(host_tmp_dir, self.tmp_dir))
self.container = self.cli.create_container(
command=self.get_command(),
cpu_shares=cpu_shares,
environment=self.environment,
host_config=self.cli.create_host_config(
binds=self.volumes, network_mode=self.network_mode),
image=image,
mem_limit=self.mem_limit,
user=self.user)
self.cli.start(self.container['Id'])
line = ''
for line in self.cli.logs(container=self.container['Id'],
stream=True):
line = line.strip()
if hasattr(line, 'decode'):
line = line.decode('utf-8')
logging.info(line)
exit_code = self.cli.wait(self.container['Id'])
if exit_code != 0:
raise AirflowException('docker container failed')
if self.xcom_push_flag:
return self.cli.logs(container=self.container['Id']
) if self.xcom_all else str(line)
def createClient():
myclient = None
# Find docker-machine environment variables
docker_host = os.getenv("DOCKER_HOST")
docker_cert_path = os.getenv("DOCKER_CERT_PATH")
docker_machine_name = os.getenv("DOCKER_MACHINE_NAME")
# Look for linux docker socket file
path = "/var/run/docker.sock"
isSocket = False
if os.path.exists(path):
mode = os.stat(path).st_mode
isSocket = stat.S_ISSOCK(mode)
if isSocket:
docker_socket_file = "unix://" + path
myclient = client.scClient(base_url=docker_socket_file, version="auto")
return myclient
elif (docker_host and docker_cert_path and docker_machine_name):
tls_config = tls.TLSConfig(
client_cert=(os.path.join(docker_cert_path, 'cert.pem'),
os.path.join(docker_cert_path, 'key.pem')),
ca_cert=os.path.join(docker_cert_path, 'ca.pem'),
verify=True,
assert_hostname=False)
docker_host_https = docker_host.replace("tcp", "https")
myclient = client.scClient(base_url=docker_host_https,
tls=tls_config,
version="auto")
return myclient
# If we fall through, myclient is set to none and we should fail.
return myclient
def __call__(self,
pl,
base_url='unix://var/run/docker.sock',
timeout=2,
use_tls=False,
ca_cert=None,
client_cert=None,
client_key=None,
ignore_statuses=[]):
pl.debug('Running powerline-docker')
self.pl = pl
self.ignore_statuses = ignore_statuses
tls_config = None
if use_tls:
tls_config = tls.TLSConfig(client_cert=(client_cert, client_key),
verify=ca_cert)
self.cli = Client(base_url=base_url, timeout=timeout, tls=tls_config)
try:
statuses = self.get_statuses_count()
except ConnectionError:
pl.error('Cannot connect to Docker server on \'%s\'' %
(base_url, ))
return
except Exception as e:
pl.error(e)
return
return self.build_segments(statuses)
def docker_config(self):
"""Extracts the docker configuration as a dictionary suitable
to be passed as keywords to the docker client.
"""
params = {}
params["base_url"] = self.docker_host
# Note that this will throw if the certificates are not
# present at the specified paths.
# Note that the tls flag takes precedence against tls verify.
# This is docker behavior.
params["version"] = "auto"
if not self.tls:
return params
tls_kwargs = {}
tls_kwargs["client_cert"] = (self.tls_cert, self.tls_key)
tls_kwargs["verify"] = self.tls_verify
if self.tls_verify and self.tls_ca:
tls_kwargs["ca_cert"] = self.tls_ca
params["tls"] = tls.TLSConfig(**tls_kwargs)
return params
def connect(proto, host, port, usetls=False, cert=None, key=None, ca=None):
uri = "%s://%s:%s" % (proto, host, port)
if options.usetls:
tls_config = tls.TLSConfig(client_cert=(cert, key), verify=ca)
else:
tls_config = None
return Client(base_url=uri, tls=tls_config)
def __init__(self,url='unix://var/run/docker.sock', cert=None, key=None):
super(HostConfAudit, self).__init__()
if cert and key:
tls_config = tls.TLSConfig(verify=False, assert_hostname = False,\
client_cert = (cert, key))
self.cli = Client(base_url = url, tls = tls_config)
else:
self.cli = Client(base_url = url)
def __init__(self, url='unix://var/run/docker.sock', cert=None, key=None):
super(ContainerRuntimeAudit, self).__init__()
if cert and key:
print "contrun %s %s" % (cert, key)
tls_config = tls.TLSConfig(verify = False,assert_hostname = False,\
client_cert = (cert, key))
self.cli = Client(base_url=url, tls=tls_config)
else:
self.cli = Client(base_url=url)
self.running = self.running_containers()
def leave_swarm(self, machine_name, ip_address):
path = '/home/ubuntu/.docker/machine/machines/'
url = 'tcp://' + ip_address + ':2376'
tls_config = tls.TLSConfig(
client_cert=(path + machine_name + '/cert.pem',
path + machine_name + '/key.pem'),
ca_cert=path + machine_name + '/ca.pem',
verify=True)
cli = Client(base_url=url, tls=tls_config)
response = cli.leave_swarm(force=True)
return response
def __get_tls_config(self):
tls_config = None
if self.tls_ca_cert and self.tls_client_cert and self.tls_client_key:
tls_config = tls.TLSConfig(ca_cert=self.tls_ca_cert,
client_cert=(self.tls_client_cert,
self.tls_client_key),
verify=True,
ssl_version=self.tls_ssl_version,
assert_hostname=self.tls_hostname)
self.docker_url = self.docker_url.replace('tcp://', 'https://')
return tls_config
def _get_docker_client(host):
cluster_connection = None
tls_config = None
try:
cluster_connection = host['clusterConnection']
if cluster_connection.startswith('https'):
try:
account_id = host['accountId']
ca_crt = host['caCrt']
client_crt = host['clientCrt']
client_key = host['clientKey']
client_certs_dir = Config.client_certs_dir()
acct_client_cert_dir = \
path.join(client_certs_dir, str(account_id))
if not path.exists(acct_client_cert_dir):
log.debug('Creating client cert directory: %s',
acct_client_cert_dir)
makedirs(acct_client_cert_dir)
if ca_crt:
log.debug('Writing cert auth')
with open(path.join(acct_client_cert_dir, 'ca.crt'),
'w') as f:
f.write(ca_crt)
if client_crt:
log.debug('Writing client cert')
with open(
path.join(acct_client_cert_dir, 'client.crt'),
'w') as f:
f.write(client_crt)
if client_key:
log.debug('Writing client key')
with open(
path.join(acct_client_cert_dir, 'client.key'),
'w') as f:
f.write(client_key)
if ca_crt and client_crt and client_key:
tls_config = tls.TLSConfig(
client_cert=(path.join(acct_client_cert_dir,
'client.crt'),
path.join(acct_client_cert_dir,
'client.key')),
verify=path.join(acct_client_cert_dir, 'ca.crt'),
assert_hostname=False)
except (KeyError, AttributeError) as e:
raise Exception('Unable to process cert/keys for cluster',
cluster_connection, e)
except (KeyError, AttributeError):
pass
return docker_client(base_url_override=cluster_connection,
tls_config=tls_config)
def __get_tls_config(self) -> Optional[tls.TLSConfig]:
tls_config = None
if self.tls_ca_cert and self.tls_client_cert and self.tls_client_key:
# Ignore type error on SSL version here - it is deprecated and type annotation is wrong
# it should be string
tls_config = tls.TLSConfig(
ca_cert=self.tls_ca_cert,
client_cert=(self.tls_client_cert, self.tls_client_key),
verify=True,
ssl_version=self.tls_ssl_version, # noqa
assert_hostname=self.tls_hostname)
self.docker_url = self.docker_url.replace('tcp://', 'https://')
return tls_config
def create_client(self):
"""
Create docker client
:return: None
"""
tls_config = None
if environ["DOCKER_TLS_VERIFY"] == "1":
cert_path = environ["DOCKER_CERT_PATH"]
tls_config = tls.TLSConfig(client_cert=(path.join(
cert_path, 'cert.pem'), path.join(cert_path, 'key.pem')),
ca_cert=path.join(cert_path, 'ca.pem'),
verify=True)
return Client(base_url=environ["DOCKER_HOST"], tls=tls_config)
def __init__(self, swarm_url, swarm_tls_ca_cert, swarm_tls_cert,
swarm_tls_key, swarm_allow_insecure, app_info, netscaler):
tls_config = False
if not swarm_allow_insecure:
if swarm_url.startswith("tcp"):
swarm_url = swarm_url.replace("tcp", "https")
logger.info("Using swarm url %s" % swarm_url)
tls_config = tls.TLSConfig(client_cert=(swarm_tls_cert,
swarm_tls_key),
verify=swarm_tls_ca_cert,
assert_hostname=False)
self.client = Client(base_url=swarm_url, tls=tls_config)
self.app_info = app_info
self.netskaler = netscaler
self.lock = threading.Lock()
def test_assert_hostname(tmpdir):
path = str(tmpdir.join('no-manifest'))
create_repo(path)
args = get_defaults()
args['--x-assert-hostname'] = True
tls_config = tls.TLSConfig()
_, _, _, _, _, client = cli.process_arguments(
path, args,
client_cfg={
'base_url': 'https://example.com:443/api/v1/',
'tls': tls_config,
},
environ={'SW_NAMESPACE': 'eg'},
)
assert not client.adapters['https://'].assert_hostname
def __init__(self, url='unix://var/run/docker.sock'):
if (CONF.docker2.cert_file or CONF.docker2.key_file):
client_cert = (CONF.docker2.cert_file, CONF.docker2.key_file)
else:
client_cert = None
if (CONF.docker2.ca_file or CONF.docker2.api_insecure or client_cert):
ssl_config = tls.TLSConfig(client_cert=client_cert,
ca_cert=CONF.docker2.ca_file,
verify=CONF.docker2.api_insecure)
else:
ssl_config = False
super(DockerHTTPClient, self).__init__(base_url=url,
version='1.13',
timeout=10,
tls=ssl_config)
self._setup_decorators()
def __init__(self, url='http://127.0.0.1:4243'):
if (CONF.docker.cert_file or CONF.docker.key_file):
client_cert = (CONF.docker.cert_file, CONF.docker.key_file)
else:
client_cert = None
if (CONF.docker.ca_file or CONF.docker.api_insecure or client_cert):
ssl_config = tls.TLSConfig(client_cert=client_cert,
ca_cert=CONF.docker.ca_file,
verify=CONF.docker.api_insecure)
else:
ssl_config = False
super(DockerHTTPClient,
self).__init__(base_url=url,
version=DEFAULT_DOCKER_API_VERSION,
timeout=DEFAULT_TIMEOUT_SECONDS,
tls=ssl_config)
self._setup_decorators()
def get_docker_client(dsn):
tls_config = None
url = furl.furl(dsn)
cert_path = url.args.get('cert_path')
if url.scheme in ['tcp', 'https']:
host = 'https://{}'.format(url.netloc)
if cert_path:
cert = os.path.join(cert_path, 'cert.pem')
key = os.path.join(cert_path, 'key.pem')
ca = os.path.join(cert_path, 'ca.pem')
tls_config = tls.TLSConfig(
client_cert=(cert, key),
verify=ca,
assert_hostname=False,
)
else:
host = dsn
return Client(host, tls=tls_config, version='auto')
def __init__(self,
url='unix://var/run/docker.sock',
ver=DEFAULT_DOCKER_REMOTE_API_VERSION,
timeout=DEFAULT_DOCKER_TIMEOUT):
if (CONF.docker.cert_file or CONF.docker.key_file):
client_cert = (CONF.docker.cert_file, CONF.docker.key_file)
else:
client_cert = None
if (CONF.docker.ca_file or CONF.docker.api_insecure or client_cert):
ssl_config = tls.TLSConfig(client_cert=client_cert,
ca_cert=CONF.docker.ca_file,
verify=CONF.docker.api_insecure)
else:
ssl_config = False
super(DockerHTTPClient, self).__init__(base_url=url,
version=ver,
timeout=timeout,
tls=ssl_config)
def join_swarm(self, machine_name, ip_address, master_ip, token):
cli = Client(base_url='unix://var/run/docker.sock')
path = '/home/ubuntu/.docker/machine/machines/'
machine_url = 'tcp://' + ip_address + ':2376'
listen_address = ip_address + ':5000'
remote_address = master_ip + ':2377'
tls_config = tls.TLSConfig(
client_cert=(path + machine_name + '/cert.pem',
path + machine_name + '/key.pem'),
ca_cert=path + machine_name + '/ca.pem',
verify=True)
cli = Client(base_url=machine_url, tls=tls_config)
response = cli.join_swarm(remote_addrs=[remote_address],
join_token=token,
listen_addr=listen_address,
advertise_addr=listen_address)
#response='response=\'{u\'ID\': u\'02fn2qq2tbe07bmnxboop2iik\', u\'Version\': {u\'Index\': 11}, u\'UpdatedAt\': u\'2016-10-29T03:11:23.578188221Z\', u\'JoinTokens\': {u\'Manager\': u\'SWMTKN-1-2s3ypk9js8vmzp87p47k94ygx4ovgx0r1x0yrwwzgt9ftun6ug-3cz256ilhxpz1q5066rtzsvmy\', u\'Worker\': u\'SWMTKN-1-2s3ypk9js8vmzp87p47k94ygx4ovgx0r1x0yrwwzgt9ftun6ug-f07d83dxo6o3mcwzblloisljq\'}, u\'Spec\': {u\'Name\': u\'default\', u\'TaskDefaults\': {}, u\'Orchestration\': {u\'TaskHistoryRetentionLimit\': 10}, u\'Raft\': {u\'HeartbeatTick\': 1, u\'LogEntriesForSlowFollowers\': 1200, u\'ElectionTick\': 3, u\'SnapshotInterval\': 5000}, u\'CAConfig\': {u\'NodeCertExpiry\': 7776000000000000}, u\'Dispatcher\': {u\'HeartbeatPeriod\': 5000000000}}, u\'CreatedAt\': u\'2016-10-29T03:11:23.558303312Z\'}\''
return response
def init_manager(self, machine_name, ip_address):
#cli = Client(base_url='unix://var/run/docker.sock')
path = '/home/ubuntu/.docker/machine/machines/'
print path
url = 'tcp://' + ip_address + ':2376'
listen_address = '127.0.0.0:5000'
tls_config = tls.TLSConfig(
client_cert=(path + machine_name + '/cert.pem',
path + machine_name + '/key.pem'),
ca_cert=path + machine_name + '/ca.pem',
verify=True)
cli = Client(base_url=url, tls=tls_config)
spec = cli.create_swarm_spec(snapshot_interval=5000,
log_entries_for_slow_followers=1200)
response = cli.init_swarm(force_new_cluster=False, swarm_spec=spec)
#response='\'{u\'ID\': u\'02fn2qq2tbe07bmnxboop2iik\', u\'Version\': {u\'Index\': 11}, u\'UpdatedAt\': u\'2016-10-29T03:11:23.578188221Z\', u\'JoinTokens\': {u\'Manager\': u\'SWMTKN-1-2s3ypk9js8vmzp87p47k94ygx4ovgx0r1x0yrwwzgt9ftun6ug-3cz256ilhxpz1q5066rtzsvmy\', u\'Worker\': u\'SWMTKN-1-2s3ypk9js8vmzp87p47k94ygx4ovgx0r1x0yrwwzgt9ftun6ug-f07d83dxo6o3mcwzblloisljq\'}, u\'Spec\': {u\'Name\': u\'default\', u\'TaskDefaults\': {}, u\'Orchestration\': {u\'TaskHistoryRetentionLimit\': 10}, u\'Raft\': {u\'HeartbeatTick\': 1, u\'LogEntriesForSlowFollowers\': 1200, u\'ElectionTick\': 3, u\'SnapshotInterval\': 5000}, u\'CAConfig\': {u\'NodeCertExpiry\': 7776000000000000}, u\'Dispatcher\': {u\'HeartbeatPeriod\': 5000000000}}, u\'CreatedAt\': u\'2016-10-29T03:11:23.558303312Z\'}\''
print response
#return response
swarm_info = cli.inspect_swarm()
return swarm_info
def connect(self):
if self.config.docker_tls:
try:
cert_paths = {
'cert_top_dir': '/etc/docker/certs.d/',
'clean_socket': self.socket.split('//')[1]
}
cert_paths['cert_dir'] = join(cert_paths['cert_top_dir'],
cert_paths['clean_socket'])
cert_paths['cert_files'] = {
'client_cert': join(cert_paths['cert_dir'], 'client.cert'),
'client_key': join(cert_paths['cert_dir'], 'client.key'),
'ca_crt': join(cert_paths['cert_dir'], 'ca.crt')
}
if not isdir(cert_paths['cert_dir']):
self.logger.error('%s is not a valid cert folder',
cert_paths['cert_dir'])
raise ValueError
for cert_file in cert_paths['cert_files'].values():
if not isfile(cert_file):
self.logger.error('%s does not exist', cert_file)
raise ValueError
tls_config = tls.TLSConfig(
ca_cert=cert_paths['cert_files']['ca_crt'],
verify=cert_paths['cert_files']['ca_crt']
if self.config.docker_tls_verify else False,
client_cert=(cert_paths['cert_files']['client_cert'],
cert_paths['cert_files']['client_key']))
client = DockerClient(base_url=self.socket, tls=tls_config)
except ValueError:
self.logger.error(
'Invalid Docker TLS config for %s, reverting to unsecured',
self.socket)
client = DockerClient(base_url=self.socket)
else:
client = DockerClient(base_url=self.socket)
return client
def __init__(self,
url='unix://var/run/docker.sock',
ver=DEFAULT_DOCKER_REMOTE_API_VERSION,
timeout=DEFAULT_DOCKER_TIMEOUT,
ca_cert=None,
client_key=None,
client_cert=None):
if ca_cert and client_key and client_cert:
ssl_config = tls.TLSConfig(
client_cert=(client_cert, client_key),
verify=ca_cert,
assert_hostname=False,
)
else:
ssl_config = False
super(DockerHTTPClient, self).__init__(base_url=url,
version=ver,
timeout=timeout,
tls=ssl_config)
def __init__(self,
url='unix://var/run/docker.sock',
ver=CONF.docker.docker_remote_api_version,
timeout=CONF.docker.default_timeout,
ca_cert=None,
client_key=None,
client_cert=None):
if ca_cert and client_key and client_cert:
ssl_config = tls.TLSConfig(
client_cert=(client_cert, client_key),
verify=ca_cert,
assert_hostname=False,
)
else:
ssl_config = False
super(DockerHTTPClient, self).__init__(base_url=url,
version=ver,
timeout=timeout,
tls=ssl_config)
def set_docker_settings(init_config, instance):
global _docker_client_settings
_docker_client_settings = {
"version": init_config.get('api_version', DEFAULT_VERSION),
"base_url": instance.get("url"),
"timeout": int(init_config.get('timeout', DEFAULT_TIMEOUT)),
}
if init_config.get('tls', False):
client_cert_path = init_config.get('tls_client_cert')
client_key_path = init_config.get('tls_client_key')
cacert = init_config.get('tls_cacert')
verify = init_config.get('tls_verify')
client_cert = None
if client_cert_path is not None and client_key_path is not None:
client_cert = (client_cert_path, client_key_path)
verify = verify if verify is not None else cacert
tls_config = tls.TLSConfig(client_cert=client_cert, verify=verify)
_docker_client_settings["tls"] = tls_config
def set_docker_settings(self, init_config, instance):
"""Update docker settings"""
self._docker_root = init_config.get('docker_root', '/')
self.settings = {
"version": init_config.get('api_version', DEFAULT_VERSION),
"base_url": instance.get("url", ''),
"timeout": int(init_config.get('timeout', DEFAULT_TIMEOUT)),
}
if init_config.get('tls', False):
client_cert_path = init_config.get('tls_client_cert')
client_key_path = init_config.get('tls_client_key')
cacert = init_config.get('tls_cacert')
verify = init_config.get('tls_verify', False)
client_cert = None
if client_cert_path is not None and client_key_path is not None:
client_cert = (client_cert_path, client_key_path)
verify = cacert if cacert is not None else verify
tls_config = tls.TLSConfig(client_cert=client_cert, verify=verify)
self.settings["tls"] = tls_config
def __init__(self, parent, url):
self._parent = parent
if (CONF.docker.cert_file or
CONF.docker.key_file):
client_cert = (CONF.docker.cert_file, CONF.docker.key_file)
else:
client_cert = None
if (CONF.docker.ca_file or
CONF.docker.api_insecure or
client_cert):
ssl_config = tls.TLSConfig(
client_cert=client_cert,
ca_cert=CONF.docker.ca_cert,
verify=CONF.docker.api_insecure)
else:
ssl_config = False
super(DockerHTTPClient, self).__init__(
base_url=url,
version=DEFAULT_DOCKER_API_VERSION,
timeout=DEFAULT_TIMEOUT_SECONDS,
tls=ssl_config
)