trust.py

# Small script to trust a Docker Trusted Registry's certificate 
import os
import shutil
import logging
import sys

# Logging settings
logging.basicConfig(stream=sys.stdout,level=logging.DEBUG)

# Only env var requirement
dtr=os.environ.get('DTR_DOMAIN_NAME')
cert_count=0
if dtr:
	os.system('openssl s_client -connect $DTR_DOMAIN_NAME:443 -showcerts </dev/null 2>/dev/null > full.crt')
	with open('full.crt','r') as infile, open(dtr+'.crt', 'w') as outfile:
		copy = False
		for line in infile:
		    if line.strip() == "-----BEGIN CERTIFICATE-----":
		    	cert_count+=1
		    	copy = True
		    	outfile.write(line)
		    elif line.strip() == "-----END CERTIFICATE-----":
		    	copy = False
		    	outfile.write(line)
		    elif copy:
		    	outfile.write(line)
		if cert_count==0:
			logging.error('Cert file has no certs')
			raise SystemExit
	logging.info('Created cert file: '+dtr+'.crt')
	# Copying the cert to /etc/docker/certs.d/		
	dstdir='/etc/docker/certs.d/'+dtr
	try:
		os.makedirs(dstdir)
		logging.info('Created the directory: '+ dstdir)
	except OSError:
		logging.info('directory : '+dstdir+' already exists')
		pass
	shutil.copy(dtr+'.crt',dstdir)
	logging.info('Copied cert file: '+dtr+'.crt '+' to '+dstdir)
else:
	logging.error('DTR_DOMAIN_NAME environment variable not found')
	raise SystemExit