2017-06-01 16:34:31 -04:00
|
|
|
package main
|
2015-05-05 00:18:28 -04:00
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"os"
|
|
|
|
"path/filepath"
|
|
|
|
|
2017-06-01 16:34:31 -04:00
|
|
|
cliconfig "github.com/docker/docker/cli/config"
|
|
|
|
"github.com/docker/docker/daemon/config"
|
2015-05-05 00:18:28 -04:00
|
|
|
"github.com/docker/docker/opts"
|
2015-12-29 19:27:12 -05:00
|
|
|
"github.com/docker/go-connections/tlsconfig"
|
2017-07-26 17:42:13 -04:00
|
|
|
"github.com/sirupsen/logrus"
|
2016-06-21 16:42:47 -04:00
|
|
|
"github.com/spf13/pflag"
|
2015-05-05 00:18:28 -04:00
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
2016-02-19 17:42:51 -05:00
|
|
|
// DefaultCaFile is the default filename for the CA pem file
|
|
|
|
DefaultCaFile = "ca.pem"
|
|
|
|
// DefaultKeyFile is the default filename for the key pem file
|
|
|
|
DefaultKeyFile = "key.pem"
|
|
|
|
// DefaultCertFile is the default filename for the cert pem file
|
|
|
|
DefaultCertFile = "cert.pem"
|
2016-12-20 06:14:41 -05:00
|
|
|
// FlagTLSVerify is the flag name for the TLS verification option
|
2016-06-21 16:42:47 -04:00
|
|
|
FlagTLSVerify = "tlsverify"
|
2015-05-05 00:18:28 -04:00
|
|
|
)
|
|
|
|
|
|
|
|
var (
|
|
|
|
dockerCertPath = os.Getenv("DOCKER_CERT_PATH")
|
|
|
|
dockerTLSVerify = os.Getenv("DOCKER_TLS_VERIFY") != ""
|
|
|
|
)
|
|
|
|
|
2017-06-01 16:34:31 -04:00
|
|
|
type daemonOptions struct {
|
|
|
|
configFile string
|
|
|
|
daemonConfig *config.Config
|
|
|
|
flags *pflag.FlagSet
|
|
|
|
Debug bool
|
|
|
|
Hosts []string
|
|
|
|
LogLevel string
|
|
|
|
TLS bool
|
|
|
|
TLSVerify bool
|
|
|
|
TLSOptions *tlsconfig.Options
|
2016-04-21 17:51:28 -04:00
|
|
|
}
|
|
|
|
|
2017-06-01 16:34:31 -04:00
|
|
|
// newDaemonOptions returns a new daemonFlags
|
|
|
|
func newDaemonOptions(config *config.Config) *daemonOptions {
|
|
|
|
return &daemonOptions{
|
|
|
|
daemonConfig: config,
|
|
|
|
}
|
2016-06-21 16:42:47 -04:00
|
|
|
}
|
2016-02-19 17:42:51 -05:00
|
|
|
|
2016-06-21 16:42:47 -04:00
|
|
|
// InstallFlags adds flags for the common options on the FlagSet
|
2017-06-01 16:34:31 -04:00
|
|
|
func (o *daemonOptions) InstallFlags(flags *pflag.FlagSet) {
|
2015-05-05 00:18:28 -04:00
|
|
|
if dockerCertPath == "" {
|
2017-06-01 16:34:31 -04:00
|
|
|
dockerCertPath = cliconfig.Dir()
|
2015-05-05 00:18:28 -04:00
|
|
|
}
|
|
|
|
|
2017-06-01 16:34:31 -04:00
|
|
|
flags.BoolVarP(&o.Debug, "debug", "D", false, "Enable debug mode")
|
|
|
|
flags.StringVarP(&o.LogLevel, "log-level", "l", "info", `Set the logging level ("debug"|"info"|"warn"|"error"|"fatal")`)
|
|
|
|
flags.BoolVar(&o.TLS, "tls", false, "Use TLS; implied by --tlsverify")
|
|
|
|
flags.BoolVar(&o.TLSVerify, FlagTLSVerify, dockerTLSVerify, "Use TLS and verify the remote")
|
2015-05-05 00:18:28 -04:00
|
|
|
|
2016-06-21 16:42:47 -04:00
|
|
|
// TODO use flag flags.String("identity"}, "i", "", "Path to libtrust key file")
|
2015-05-05 00:18:28 -04:00
|
|
|
|
2017-06-01 16:34:31 -04:00
|
|
|
o.TLSOptions = &tlsconfig.Options{
|
2017-01-03 15:58:41 -05:00
|
|
|
CAFile: filepath.Join(dockerCertPath, DefaultCaFile),
|
|
|
|
CertFile: filepath.Join(dockerCertPath, DefaultCertFile),
|
|
|
|
KeyFile: filepath.Join(dockerCertPath, DefaultKeyFile),
|
|
|
|
}
|
2017-06-01 16:34:31 -04:00
|
|
|
tlsOptions := o.TLSOptions
|
2017-01-03 15:58:41 -05:00
|
|
|
flags.Var(opts.NewQuotedString(&tlsOptions.CAFile), "tlscacert", "Trust certs signed only by this CA")
|
|
|
|
flags.Var(opts.NewQuotedString(&tlsOptions.CertFile), "tlscert", "Path to TLS certificate file")
|
|
|
|
flags.Var(opts.NewQuotedString(&tlsOptions.KeyFile), "tlskey", "Path to TLS key file")
|
2015-05-05 00:18:28 -04:00
|
|
|
|
2017-06-01 16:34:31 -04:00
|
|
|
hostOpt := opts.NewNamedListOptsRef("hosts", &o.Hosts, opts.ValidateHost)
|
2016-06-22 18:36:51 -04:00
|
|
|
flags.VarP(hostOpt, "host", "H", "Daemon socket(s) to connect to")
|
2015-05-05 00:18:28 -04:00
|
|
|
}
|
|
|
|
|
2016-06-21 16:42:47 -04:00
|
|
|
// SetDefaultOptions sets default values for options after flag parsing is
|
|
|
|
// complete
|
2017-06-01 16:34:31 -04:00
|
|
|
func (o *daemonOptions) SetDefaultOptions(flags *pflag.FlagSet) {
|
2015-05-05 00:18:28 -04:00
|
|
|
// Regardless of whether the user sets it to true or false, if they
|
2016-12-20 06:14:41 -05:00
|
|
|
// specify --tlsverify at all then we need to turn on TLS
|
2016-02-19 17:42:51 -05:00
|
|
|
// TLSVerify can be true even if not set due to DOCKER_TLS_VERIFY env var, so we need
|
|
|
|
// to check that here as well
|
2017-06-01 16:34:31 -04:00
|
|
|
if flags.Changed(FlagTLSVerify) || o.TLSVerify {
|
|
|
|
o.TLS = true
|
2015-05-05 00:18:28 -04:00
|
|
|
}
|
|
|
|
|
2017-06-01 16:34:31 -04:00
|
|
|
if !o.TLS {
|
|
|
|
o.TLSOptions = nil
|
2015-05-05 00:18:28 -04:00
|
|
|
} else {
|
2017-06-01 16:34:31 -04:00
|
|
|
tlsOptions := o.TLSOptions
|
|
|
|
tlsOptions.InsecureSkipVerify = !o.TLSVerify
|
2015-05-05 00:18:28 -04:00
|
|
|
|
|
|
|
// Reset CertFile and KeyFile to empty string if the user did not specify
|
|
|
|
// the respective flags and the respective default files were not found.
|
2016-06-21 16:42:47 -04:00
|
|
|
if !flags.Changed("tlscert") {
|
2015-05-05 00:18:28 -04:00
|
|
|
if _, err := os.Stat(tlsOptions.CertFile); os.IsNotExist(err) {
|
|
|
|
tlsOptions.CertFile = ""
|
|
|
|
}
|
|
|
|
}
|
2016-06-21 16:42:47 -04:00
|
|
|
if !flags.Changed("tlskey") {
|
2015-05-05 00:18:28 -04:00
|
|
|
if _, err := os.Stat(tlsOptions.KeyFile); os.IsNotExist(err) {
|
|
|
|
tlsOptions.KeyFile = ""
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2016-01-19 14:16:07 -05:00
|
|
|
|
2017-06-01 16:34:31 -04:00
|
|
|
// setLogLevel sets the logrus logging level
|
|
|
|
func setLogLevel(logLevel string) {
|
2016-01-19 14:16:07 -05:00
|
|
|
if logLevel != "" {
|
|
|
|
lvl, err := logrus.ParseLevel(logLevel)
|
|
|
|
if err != nil {
|
|
|
|
fmt.Fprintf(os.Stderr, "Unable to parse logging level: %s\n", logLevel)
|
|
|
|
os.Exit(1)
|
|
|
|
}
|
|
|
|
logrus.SetLevel(lvl)
|
|
|
|
} else {
|
|
|
|
logrus.SetLevel(logrus.InfoLevel)
|
|
|
|
}
|
|
|
|
}
|