Last active
September 23, 2019 22:09
-
-
Save cmilanf/fa51845fb5b30795608fbf6e356d1607 to your computer and use it in GitHub Desktop.
Scripts for setting up a remote Windows Server Docker build machine and connect with any Docker client
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"storage-opts": [ | |
"size=127GB" | |
], | |
"tls": true, | |
"tlsverify": true, | |
"tlscacert": "C:\\ProgramData\\docker\\config\\ca.pem", | |
"tlscert": "C:\\ProgramData\\docker\\config\\server-cert.pem", | |
"tlskey": "C:\\ProgramData\\docker\\config\\server-key.pem", | |
"hosts": ["tcp://0.0.0.0:2376", "npipe://"] | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
param ( | |
[Parameter(Mandatory=$true)] | |
[string]$DnsName, | |
[string]$OpenSslDownloadUri="https://slproweb.com/download/Win64OpenSSL_Light-1_1_1d.exe" | |
) | |
$ErrorActionPreference = 'Stop' | |
$ip=(Resolve-DnsName -Name $DnsName -Type A).IPAddress | |
Invoke-WebRequest -Uri $OpenSslDownloadUri -UseBasicParsing -OutFile "$($env:temp)\openssl_setup.exe" | |
Start-Process -FilePath "$($env:temp)\openssl_setup.exe" -ArgumentList '/VERYSILENT','/NORESTART','/LOG' -NoNewWindow -Wait | |
[Environment]::SetEnvironmentVariable('PATH', $env:Path + ';C:\Program Files\OpenSSL-Win64\bin\', [EnvironmentVariableTarget]::User) | |
[Environment]::SetEnvironmentVariable('PATH', $env:Path + ';C:\Program Files\OpenSSL-Win64\bin\', [EnvironmentVariableTarget]::Process) | |
openssl.exe genrsa -aes256 -out ca-key.pem 4096 | |
openssl.exe req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem | |
openssl.exe genrsa -out server-key.pem 4096 | |
openssl.exe req -subj "/CN=$DnsName" -sha256 -new -key server-key.pem -out server.csr | |
"subjectAltName = DNS:$DnsName},IP:$ip,IP:10.10.10.20,IP:127.0.0.1`nextendedKeyUsage = serverAuth`n" ` | |
| Out-File -FilePath 'extfile.cnf' -Encoding ASCII -NoNewline | |
openssl.exe x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem ` | |
-CAcreateserial -out server-cert.pem -extfile extfile.cnf | |
openssl.exe genrsa -out key.pem 4096 | |
openssl.exe req -subj '/CN=client' -new -key key.pem -out client.csr | |
"extendedKeyUsage = clientAuth`n" | Out-File -FilePath 'extfile-client.cnf' -Encoding ASCII -NoNewline | |
openssl.exe x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem ` | |
-CAcreateserial -out cert.pem -extfile extfile-client.cnf | |
Remove-Item -Path client.csr | |
Remove-Item -Path server.csr | |
Remove-Item -Path extfile.cnf | |
Remove-Item -Path extfile-client.cnf | |
Remove-Item "$($env:temp)\openssl_setup.exe" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
set -e | |
while [ $# -gt 0 ]; do | |
case "$1" in | |
--dns-name ) | |
HOST="$2"; shift 2 | |
;; | |
* ) | |
echo "Argument $1 is not known, please use --dns-name" | |
exit 1 | |
;; | |
esac | |
done | |
if [ -z $HOST ]; then | |
echo "Use --dns-name parameter to specify the Docker build machine hostname" | |
exit 1 | |
fi | |
IP=$(dig +short $HOST A) | |
openssl genrsa -aes256 -out ca-key.pem 4096 | |
openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem | |
openssl genrsa -out server-key.pem 4096 | |
openssl req -subj "/CN=$HOST" -sha256 -new -key server-key.pem -out server.csr | |
echo "subjectAltName = DNS:${HOST},IP:${IP},IP:10.10.10.20,IP:127.0.0.1" >> extfile.cnf | |
echo "extendedKeyUsage = serverAuth" >> extfile.cnf | |
openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem \ | |
-CAcreateserial -out server-cert.pem -extfile extfile.cnf | |
openssl genrsa -out key.pem 4096 | |
openssl req -subj '/CN=client' -new -key key.pem -out client.csr | |
echo "extendedKeyUsage = clientAuth" > extfile-client.cnf | |
openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem \ | |
-CAcreateserial -out cert.pem -extfile extfile-client.cnf | |
rm -v client.csr server.csr extfile.cnf extfile-client.cnf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Server-side: https://docs.docker.com/engine/security/https/ | |
DOCKER_HOSTNAME='mydockerbuildmachine.westeurope.cloudapp.azure.com' | |
DOCKER_PORT='2376' | |
DOCKER_CONTEXTNAME='remotedocker' | |
DOCKER_CONTEXTDESC='Remote Docker build machine' | |
UNINSTALL='' | |
while [ $# -gt 0 ]; do | |
case "$1" in | |
--docker-hostname ) | |
DOCKER_HOSTNAME="$2"; shift 2 | |
;; | |
--docker-port ) | |
DOCKER_PORT="$2"; shift 2 | |
;; | |
--docker-contextname ) | |
DOCKER_CONTEXTNAME="$2"; shift 2 | |
;; | |
--docker-contextdescription ) | |
DOCKER_CONTEXTDESC="$2"; shift 2 | |
;; | |
--uninstall ) | |
UNINSTALL='yes'; shift | |
;; | |
--legacy ) | |
LEGACY='yes'; shift | |
;; | |
esac | |
done | |
if [ $uninstall ]; then | |
if [ $legacy ]; then | |
sed -i 's/^export DOCKER_HOST/ d' ~/.bashrc | |
sed -i 's/^export DOCKER_TLS_VERIFY/ d' ~/.bashrc | |
unset DOCKER_HOST | |
unset DOCKER_TLS_VERIFY | |
else | |
docker context rm ${DOCKER_CONTEXTNAME} | |
fi | |
else | |
DOCKER_HOME=~/.docker | |
if [ -d "${DOCKER_HOME}" ]; then | |
FILES=( 'ca.pem' 'cert.pem' 'key.pem' ) | |
for f in "${FILES[@]}" | |
do | |
cp -f ${f} ${DOCKER_HOME} | |
done | |
if [ $legacy ]; then | |
echo "export DOCKER_HOST='tcp://${DOCKER_HOSTNAME}:${DOCKER_PORT}'" >> ~/.bashrc | |
echo "export DOCKER_TLS_VERIFY=1" >> ~/.bashrc | |
export DOCKER_HOST='tcp://${DOCKER_HOSTNAME}:${DOCKER_PORT}' | |
export DOCKER_TLS_VERIFY=1 | |
else | |
docker context create ${DOCKER_CONTEXTNAME} --description "${DOCKER_CONTEXTDESC}" --docker "host=tcp://${DOCKER_HOSTNAME}:${DOCKER_PORT},ca=${DOCKER_HOME}/${FILES[0]},cert=${DOCKER_HOME}/${FILES[1]},key=${DOCKER_HOME}/${FILES[2]}" | |
fi | |
else | |
echo "The directory ${DOCKER_HOME} has not been found" | |
fi | |
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Server-side: https://docs.docker.com/engine/security/https/ | |
param( | |
[string]$DockerHostname='mydockerbuildmachine.westeurope.cloudapp.azure.com', | |
[string]$DockerPort='2376', | |
[string]$DockerContextName='remotedocker', | |
[string]$DockerContextDescription='Remote Docker build machine', | |
[switch]$Uninstall, | |
[switch]$Legacy | |
) | |
if($Uninstall) | |
{ | |
if($Legacy) { | |
[Environment]::SetEnvironmentVariable('DOCKER_HOST', $null, [EnvironmentVariableTarget]::User) | |
[Environment]::SetEnvironmentVariable('DOCKER_TLS_VERIFY', $null, [EnvironmentVariableTarget]::User) | |
} else { | |
docker context rm ${DockerContextName} | |
} | |
} else { | |
$DOCKER_HOME="${env:USERPROFILE}\.docker" | |
if(-Not (Test-Path -Path $DOCKER_HOME)) { New-Item -Path $DOCKER_HOME -ItemType Directory } | |
$files = @("ca.pem","cert.pem","key.pem") | |
foreach($f in $files) { | |
Copy-Item $f -Destination $DOCKER_HOME | |
} | |
if($Legacy) { | |
[Environment]::SetEnvironmentVariable('DOCKER_HOST', "tcp://${DockerHostname}:${DockerPort}", [EnvironmentVariableTarget]::User) | |
[Environment]::SetEnvironmentVariable('DOCKER_TLS_VERIFY', '1', [EnvironmentVariableTarget]::User) | |
} else { | |
docker context create ${DockerContextName} --description ${DockerContextDescription} --docker "host=tcp://${DockerHostname}:${DockerPort},ca=${DOCKER_HOME}\$($files[0]),cert=${DOCKER_HOME}\$($files[1]),key=${DOCKER_HOME}\$($files[2])" | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment