How to Get Docker Token

Owned by Antoine Hage (Unlicensed)
Last updated: Jul 12, 2018

Objective

SOAJS uses Docker Swarm as one of the container technologies to deploy from source code or to deploy resources in containers.

Docker Swarm by default requires certificates to be provided in the headers of every call made to its API using socket communication.

The following page explains the steps and which tools are needed that allows you to replace providing certificates with unique authentication tokens when making calls to the docker API.




Scenario

  1. Concept
  2. Download & Run Docker Script
  3. Provide SOAJS Console With Docker Token
  4. Get Docker Token at any later stage




1- Concept

SOAJS provides a shell script that you can run on any machines using Mac OSX or Linux Ubuntu.

This script will generate an authentication token and deploy a proxy container in your docker swarm cloud and associate the token with it.

The container is configured to bind itself to port 443 which redirects traffic to the native docker port 2376. This approach enables SOAJS to invoke the Docker API using https on port 443 and supply a token in the headers instead of native certificates.

From there on, all communication to docker will be trapped by this container, the token gets validated, and if the request is authentic, the container redirects the call to the native docker API.




2- Download & Run Docker Script

The script is available in the SOAJS Installer, once you download the installer as an NPM package, you can then run the script via your terminal.

Download and Run docker script
# download the SOAJS installer
> npm install soajs.installer

# locate and run the script
> cd soajs.installer/scripts/pre
> ./docker-api.sh

Once you run the script, the docker container will be created, the token will be generated and printed as part of the output so you can use it.

Sample Script Output
cleaning up old manager container
Error: No such container: manager-docker-api

Deploying new manager container...
88fc27c1e5ba8d4d6c87b1f3d5a6b7985f7f074680ed74f715e0d1730e962190

manager container deployed

***************************************************************
* Use the following Token to connect to your docker deployment:
***************************************************************
Token:
c570afc977f719e7edfd74530ed771d000269c67921cd978745f7411960be11140329b72aba06557ac9cfd4f35dd71fec6b818b80f5bfd23f6f80b527e1b3c457232e329a83b532948f190951ecbbf46b1c4a3d170fc781088e7fb52ed0c
a37f347c8ec5a7cb29f7c30acfe8ba4432c30a4ef16df06a47feb7ad477ba8a6e18336bd6533d78bf2e9ed45d9efde8b31de17644f61eb29eb56d62fa3753d729df824992302711e88f98a7fc3fdae188c1e1684aa9d8b6bedc7b13913eb
37778bb27b92c8d0d51e53b010ec81477510f09bc759cadba20024a2552ee4bc86ac68a2f57f62dcaa63f8a2c79f6f7745daa7f43690c8fa4aae5052a9f6106ed682a35ca9b44738a6306784033a77abe75f70409898fa10661d2700bb9e
0af5f38aa6dee28b62fe1862e83a57d39d8de37333afe2efce6c0a2d40e5b7af20ac7009884db076b286dbef4e4172a40d272e64ee5d1680debfd88b59ce964bf0f7f72f6e7bbabbfff3b334ebcdb3ddc42f26194d8aadb9fa5f0b61442b
a36ef64cfe43ccf35f2f60df6092a1057f372ea26e7a50eedaeb2409eb9612529769a76612234aea07c2b97ac40fd3915f738503b28e166cdff736322160ddc12459dcf8868b5e0787af5565ff7ac7fba7e4d04875fbd150f466b002ddc4
0f3bf73922a2d0da2782876ac97be53c29296e1a214bc2bd79100d02094a8862bc6c490b725a1bffc6e8




3- Provide SOAJS Console With Docker Token

Copy the token from the output of the docker script and simply provided in the form when integrating the cloud provider where the docker swarm is running. You can also use the same approach if docker swarm is running on your local machine.

Head to Develop / Infra Cloud Providers, click on Connect New Infra Provider choose Docker Machine then fill the token in the form input.

Once you click submit, SOAJS Console will take your inputs and attempt to establish a communication link with the Docker Swarm by using the token you provided it with.

If the call is successful then the infra is accepted and you can use it to deploy source code and resources.




4- Get Docker Token at any later stage

At any later stage, in case you lost or forgot the token, you can simply inspect the container and retrieve the token again.

Retrieve Docker Swarm API Token
# find the container
> docker ps 

CONTAINER ID        IMAGE                 COMMAND                 CREATED             STATUS              PORTS                                          NAMES
88fc27c1e5ba        soajsorg/docker-api   "node . -T dockerapi"   8 minutes ago       Up 9 minutes        0.0.0.0:443->2376/tcp, 0.0.0.0:444->2377/tcp   manager-docker-api

# inspect the container and grab the token value
> docker inspect manager-docker-api

# sample output where you can locate the token
...
"Env": [
     "NODE_TYPE=manager",
     "NODE_ENV=production",
     "DOCKER_API_MAINTENANCE_MANAGER_PORT=443",
     "DOCKER_API_MAINTENANCE_WORKER_PORT=443",
     "DOCKER_API_TOKEN=c570afc977f719e7edfd74530ed771d000269c67921cd978745f7411960be11140329b72aba06557ac9cfd4f35dd71fec6b818b80f5bfd23f6f80b527e1b3c457232e329a83b532948f190951
ecbbf46b1c4a3d170fc781088e7fb52ed0ca37f347c8ec5a7cb29f7c30acfe8ba4432c30a4ef16df06a47feb7ad477ba8a6e18336bd6533d78bf2e9ed45d9efde8b31de17644f61eb29eb56d62fa3753d729df8249923027
11e88f98a7fc3fdae188c1e1684aa9d8b6bedc7b13913eb37778bb27b92c8d0d51e53b010ec81477510f09bc759cadba20024a2552ee4bc86ac68a2f57f62dcaa63f8a2c79f6f7745daa7f43690c8fa4aae5052a9f6106ed
682a35ca9b44738a6306784033a77abe75f70409898fa10661d2700bb9e0af5f38aa6dee28b62fe1862e83a57d39d8de37333afe2efce6c0a2d40e5b7af20ac7009884db076b286dbef4e4172a40d272e64ee5d1680debfd
88b59ce964bf0f7f72f6e7bbabbfff3b334ebcdb3ddc42f26194d8aadb9fa5f0b61442ba36ef64cfe43ccf35f2f60df6092a1057f372ea26e7a50eedaeb2409eb9612529769a76612234aea07c2b97ac40fd3915f738503b
28e166cdff736322160ddc12459dcf8868b5e0787af5565ff7ac7fba7e4d04875fbd150f466b002ddc40f3bf73922a2d0da2782876ac97be53c29296e1a214bc2bd79100d02094a8862bc6c490b725a1bffc6e8",
     "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
     "DEBIAN_FRONTEND=noninteractive"
],
...