2013-01-19 19:07:19 -05:00
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
2014-02-27 07:47:59 -05:00
|
|
|
"crypto/tls"
|
|
|
|
"crypto/x509"
|
2013-04-10 06:24:15 -04:00
|
|
|
"fmt"
|
2014-02-27 07:47:59 -05:00
|
|
|
"io/ioutil"
|
2014-02-01 06:38:39 -05:00
|
|
|
"log"
|
|
|
|
"os"
|
2014-09-26 17:24:04 -04:00
|
|
|
"path"
|
2014-02-01 06:38:39 -05:00
|
|
|
"strings"
|
|
|
|
|
2014-07-24 18:19:50 -04:00
|
|
|
"github.com/docker/docker/api"
|
|
|
|
"github.com/docker/docker/api/client"
|
|
|
|
"github.com/docker/docker/dockerversion"
|
|
|
|
flag "github.com/docker/docker/pkg/mflag"
|
2014-08-08 16:18:18 -04:00
|
|
|
"github.com/docker/docker/reexec"
|
2014-07-24 18:19:50 -04:00
|
|
|
"github.com/docker/docker/utils"
|
2014-09-26 17:24:04 -04:00
|
|
|
"github.com/docker/libtrust"
|
2013-01-24 02:14:46 -05:00
|
|
|
)
|
|
|
|
|
2014-02-27 07:47:59 -05:00
|
|
|
const (
|
2014-09-26 17:24:04 -04:00
|
|
|
defaultTrustKeyFile = "key.json"
|
|
|
|
defaultCaFile = "ca.pem"
|
|
|
|
defaultKeyFile = "key.pem"
|
|
|
|
defaultCertFile = "cert.pem"
|
2014-02-27 07:47:59 -05:00
|
|
|
)
|
|
|
|
|
2013-01-19 19:07:19 -05:00
|
|
|
func main() {
|
2014-08-08 16:18:18 -04:00
|
|
|
if reexec.Init() {
|
2013-03-13 03:29:40 -04:00
|
|
|
return
|
2013-01-25 14:26:18 -05:00
|
|
|
}
|
2013-03-13 03:29:40 -04:00
|
|
|
flag.Parse()
|
2014-08-09 21:18:32 -04:00
|
|
|
// FIXME: validate daemon flags here
|
2013-10-04 22:25:15 -04:00
|
|
|
|
2013-08-06 23:51:12 -04:00
|
|
|
if *flVersion {
|
|
|
|
showVersion()
|
|
|
|
return
|
|
|
|
}
|
2014-08-01 13:34:06 -04:00
|
|
|
if *flDebug {
|
|
|
|
os.Setenv("DEBUG", "1")
|
|
|
|
}
|
|
|
|
|
2014-08-11 18:30:01 -04:00
|
|
|
if len(flHosts) == 0 {
|
2013-12-20 19:30:41 -05:00
|
|
|
defaultHost := os.Getenv("DOCKER_HOST")
|
|
|
|
if defaultHost == "" || *flDaemon {
|
|
|
|
// If we do not have a host, default to unix socket
|
2014-01-29 14:26:54 -05:00
|
|
|
defaultHost = fmt.Sprintf("unix://%s", api.DEFAULTUNIXSOCKET)
|
2013-12-20 19:30:41 -05:00
|
|
|
}
|
2014-08-26 12:32:10 -04:00
|
|
|
defaultHost, err := api.ValidateHost(defaultHost)
|
|
|
|
if err != nil {
|
2014-02-17 14:35:26 -05:00
|
|
|
log.Fatal(err)
|
|
|
|
}
|
2014-08-11 18:30:01 -04:00
|
|
|
flHosts = append(flHosts, defaultHost)
|
2013-06-19 08:31:54 -04:00
|
|
|
}
|
|
|
|
|
2014-08-01 13:34:06 -04:00
|
|
|
if *flDaemon {
|
|
|
|
mainDaemon()
|
|
|
|
return
|
2014-06-27 09:55:20 -04:00
|
|
|
}
|
|
|
|
|
2014-08-11 18:30:01 -04:00
|
|
|
if len(flHosts) > 1 {
|
2014-08-01 13:34:06 -04:00
|
|
|
log.Fatal("Please specify only one -H")
|
2013-04-02 13:58:16 -04:00
|
|
|
}
|
2014-08-11 18:30:01 -04:00
|
|
|
protoAddrParts := strings.SplitN(flHosts[0], "://", 2)
|
2014-02-27 07:47:59 -05:00
|
|
|
|
2014-09-26 17:24:04 -04:00
|
|
|
err := os.MkdirAll(path.Dir(*flTrustKey), 0700)
|
|
|
|
if err != nil {
|
|
|
|
log.Fatal(err)
|
|
|
|
}
|
|
|
|
trustKey, keyErr := libtrust.LoadKeyFile(*flTrustKey)
|
|
|
|
if keyErr == libtrust.ErrKeyFileDoesNotExist {
|
|
|
|
trustKey, keyErr = libtrust.GenerateECP256PrivateKey()
|
|
|
|
if keyErr == nil {
|
|
|
|
keyErr = libtrust.SaveKey(*flTrustKey, trustKey)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if keyErr != nil {
|
|
|
|
log.Fatal(keyErr)
|
|
|
|
}
|
2014-08-01 13:34:06 -04:00
|
|
|
var (
|
|
|
|
cli *client.DockerCli
|
|
|
|
tlsConfig tls.Config
|
|
|
|
)
|
|
|
|
tlsConfig.InsecureSkipVerify = true
|
|
|
|
|
|
|
|
// If we should verify the server, we need to load a trusted ca
|
|
|
|
if *flTlsVerify {
|
|
|
|
*flTls = true
|
|
|
|
certPool := x509.NewCertPool()
|
|
|
|
file, err := ioutil.ReadFile(*flCa)
|
|
|
|
if err != nil {
|
|
|
|
log.Fatalf("Couldn't read ca cert %s: %s", *flCa, err)
|
2013-06-19 08:31:54 -04:00
|
|
|
}
|
2014-08-01 13:34:06 -04:00
|
|
|
certPool.AppendCertsFromPEM(file)
|
|
|
|
tlsConfig.RootCAs = certPool
|
|
|
|
tlsConfig.InsecureSkipVerify = false
|
|
|
|
}
|
2014-02-27 07:47:59 -05:00
|
|
|
|
2014-08-01 13:34:06 -04:00
|
|
|
// If tls is enabled, try to load and send client certificates
|
|
|
|
if *flTls || *flTlsVerify {
|
|
|
|
_, errCert := os.Stat(*flCert)
|
|
|
|
_, errKey := os.Stat(*flKey)
|
|
|
|
if errCert == nil && errKey == nil {
|
2014-02-27 07:47:59 -05:00
|
|
|
*flTls = true
|
2014-08-01 13:34:06 -04:00
|
|
|
cert, err := tls.LoadX509KeyPair(*flCert, *flKey)
|
2014-02-27 07:47:59 -05:00
|
|
|
if err != nil {
|
2014-08-01 13:34:06 -04:00
|
|
|
log.Fatalf("Couldn't load X509 key pair: %s. Key encrypted?", err)
|
2014-02-27 07:47:59 -05:00
|
|
|
}
|
2014-08-01 13:34:06 -04:00
|
|
|
tlsConfig.Certificates = []tls.Certificate{cert}
|
2014-02-27 07:47:59 -05:00
|
|
|
}
|
2014-08-01 13:34:06 -04:00
|
|
|
}
|
2014-02-27 07:47:59 -05:00
|
|
|
|
2014-08-01 13:34:06 -04:00
|
|
|
if *flTls || *flTlsVerify {
|
2014-09-26 17:24:04 -04:00
|
|
|
cli = client.NewDockerCli(os.Stdin, os.Stdout, os.Stderr, trustKey, protoAddrParts[0], protoAddrParts[1], &tlsConfig)
|
2014-08-01 13:34:06 -04:00
|
|
|
} else {
|
2014-09-26 17:24:04 -04:00
|
|
|
cli = client.NewDockerCli(os.Stdin, os.Stdout, os.Stderr, trustKey, protoAddrParts[0], protoAddrParts[1], nil)
|
2014-08-01 13:34:06 -04:00
|
|
|
}
|
2014-03-19 18:03:11 -04:00
|
|
|
|
2014-08-10 00:33:19 -04:00
|
|
|
if err := cli.Cmd(flag.Args()...); err != nil {
|
2014-08-01 13:34:06 -04:00
|
|
|
if sterr, ok := err.(*utils.StatusError); ok {
|
|
|
|
if sterr.Status != "" {
|
|
|
|
log.Println(sterr.Status)
|
2013-09-09 17:26:35 -04:00
|
|
|
}
|
2014-08-01 13:34:06 -04:00
|
|
|
os.Exit(sterr.StatusCode)
|
2013-03-13 03:29:40 -04:00
|
|
|
}
|
2014-08-01 13:34:06 -04:00
|
|
|
log.Fatal(err)
|
2013-03-13 03:29:40 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-08-06 23:51:12 -04:00
|
|
|
func showVersion() {
|
2014-02-11 19:05:45 -05:00
|
|
|
fmt.Printf("Docker version %s, build %s\n", dockerversion.VERSION, dockerversion.GITCOMMIT)
|
2013-08-06 23:51:12 -04:00
|
|
|
}
|