moby--moby/docker/common.go

package main

import (
	"fmt"
	"os"
	"path/filepath"

	"github.com/Sirupsen/logrus"
	"github.com/docker/docker/cli"
	"github.com/docker/docker/cliconfig"
	"github.com/docker/docker/opts"
	flag "github.com/docker/docker/pkg/mflag"
	"github.com/docker/go-connections/tlsconfig"
)

const (
	defaultTrustKeyFile = "key.json"
	defaultCaFile       = "ca.pem"
	defaultKeyFile      = "key.pem"
	defaultCertFile     = "cert.pem"
	tlsVerifyKey        = "tlsverify"
)

var (
	commonFlags = &cli.CommonFlags{FlagSet: new(flag.FlagSet)}

	dockerCertPath  = os.Getenv("DOCKER_CERT_PATH")
	dockerTLSVerify = os.Getenv("DOCKER_TLS_VERIFY") != ""
)

func init() {
	if dockerCertPath == "" {
		dockerCertPath = cliconfig.ConfigDir()
	}

	commonFlags.PostParse = postParseCommon

	cmd := commonFlags.FlagSet

	cmd.BoolVar(&commonFlags.Debug, []string{"D", "-debug"}, false, "Enable debug mode")
	cmd.StringVar(&commonFlags.LogLevel, []string{"l", "-log-level"}, "info", "Set the logging level")
	cmd.BoolVar(&commonFlags.TLS, []string{"-tls"}, false, "Use TLS; implied by --tlsverify")
	cmd.BoolVar(&commonFlags.TLSVerify, []string{"-tlsverify"}, dockerTLSVerify, "Use TLS and verify the remote")

	// TODO use flag flag.String([]string{"i", "-identity"}, "", "Path to libtrust key file")

	var tlsOptions tlsconfig.Options
	commonFlags.TLSOptions = &tlsOptions
	cmd.StringVar(&tlsOptions.CAFile, []string{"-tlscacert"}, filepath.Join(dockerCertPath, defaultCaFile), "Trust certs signed only by this CA")
	cmd.StringVar(&tlsOptions.CertFile, []string{"-tlscert"}, filepath.Join(dockerCertPath, defaultCertFile), "Path to TLS certificate file")
	cmd.StringVar(&tlsOptions.KeyFile, []string{"-tlskey"}, filepath.Join(dockerCertPath, defaultKeyFile), "Path to TLS key file")

	cmd.Var(opts.NewNamedListOptsRef("hosts", &commonFlags.Hosts, opts.ValidateHost), []string{"H", "-host"}, "Daemon socket(s) to connect to")
}

func postParseCommon() {
	cmd := commonFlags.FlagSet

	setDaemonLogLevel(commonFlags.LogLevel)

	// Regardless of whether the user sets it to true or false, if they
	// specify --tlsverify at all then we need to turn on tls
	// TLSVerify can be true even if not set due to DOCKER_TLS_VERIFY env var, so we need to check that here as well
	if cmd.IsSet("-"+tlsVerifyKey) || commonFlags.TLSVerify {
		commonFlags.TLS = true
	}

	if !commonFlags.TLS {
		commonFlags.TLSOptions = nil
	} else {
		tlsOptions := commonFlags.TLSOptions
		tlsOptions.InsecureSkipVerify = !commonFlags.TLSVerify

		// Reset CertFile and KeyFile to empty string if the user did not specify
		// the respective flags and the respective default files were not found.
		if !cmd.IsSet("-tlscert") {
			if _, err := os.Stat(tlsOptions.CertFile); os.IsNotExist(err) {
				tlsOptions.CertFile = ""
			}
		}
		if !cmd.IsSet("-tlskey") {
			if _, err := os.Stat(tlsOptions.KeyFile); os.IsNotExist(err) {
				tlsOptions.KeyFile = ""
			}
		}
	}
}

func setDaemonLogLevel(logLevel string) {
	if logLevel != "" {
		lvl, err := logrus.ParseLevel(logLevel)
		if err != nil {
			fmt.Fprintf(os.Stderr, "Unable to parse logging level: %s\n", logLevel)
			os.Exit(1)
		}
		logrus.SetLevel(lvl)
	} else {
		logrus.SetLevel(logrus.InfoLevel)
	}
}
cli: new daemon command and new cli package This patch creates a new cli package that allows to combine both client and daemon commands (there is only one daemon command: docker daemon). The `-d` and `--daemon` top-level flags are deprecated and a special message is added to prompt the user to use `docker daemon`. Providing top-level daemon-specific flags for client commands result in an error message prompting the user to use `docker daemon`. This patch does not break any old but correct usages. This also makes `-d` and `--daemon` flags, as well as the `daemon` command illegal in client-only binaries. Signed-off-by: Tibor Vass <tibor@docker.com> 2015-05-05 00:18:28 -04:00			`package main`

			`import (`
			`"fmt"`
			`"os"`
			`"path/filepath"`

			`"github.com/Sirupsen/logrus"`
			`"github.com/docker/docker/cli"`
			`"github.com/docker/docker/cliconfig"`
			`"github.com/docker/docker/opts"`
			`flag "github.com/docker/docker/pkg/mflag"`
Remove usage of pkg sockets and tlsconfig. - Use the ones provided by docker/go-connections, they are a drop in replacement. - Remove pkg/sockets from docker. - Keep pkg/tlsconfig because libnetwork still needs it and there is a circular dependency issue. Signed-off-by: David Calavera <david.calavera@gmail.com> 2015-12-29 19:27:12 -05:00			`"github.com/docker/go-connections/tlsconfig"`
cli: new daemon command and new cli package This patch creates a new cli package that allows to combine both client and daemon commands (there is only one daemon command: docker daemon). The `-d` and `--daemon` top-level flags are deprecated and a special message is added to prompt the user to use `docker daemon`. Providing top-level daemon-specific flags for client commands result in an error message prompting the user to use `docker daemon`. This patch does not break any old but correct usages. This also makes `-d` and `--daemon` flags, as well as the `daemon` command illegal in client-only binaries. Signed-off-by: Tibor Vass <tibor@docker.com> 2015-05-05 00:18:28 -04:00			`)`

			`const (`
			`defaultTrustKeyFile = "key.json"`
			`defaultCaFile = "ca.pem"`
			`defaultKeyFile = "key.pem"`
			`defaultCertFile = "cert.pem"`
Verify that the configuration keys in the file are valid. - Return an error if any of the keys don't match valid flags. - Fix an issue ignoring merged values as named values. - Fix tlsverify configuration key. - Fix bug in mflag to avoid panics when one of the flag set doesn't have any flag. Signed-off-by: David Calavera <david.calavera@gmail.com> 2016-01-20 17:16:49 -05:00			`tlsVerifyKey = "tlsverify"`
cli: new daemon command and new cli package This patch creates a new cli package that allows to combine both client and daemon commands (there is only one daemon command: docker daemon). The `-d` and `--daemon` top-level flags are deprecated and a special message is added to prompt the user to use `docker daemon`. Providing top-level daemon-specific flags for client commands result in an error message prompting the user to use `docker daemon`. This patch does not break any old but correct usages. This also makes `-d` and `--daemon` flags, as well as the `daemon` command illegal in client-only binaries. Signed-off-by: Tibor Vass <tibor@docker.com> 2015-05-05 00:18:28 -04:00			`)`

			`var (`
			`commonFlags = &cli.CommonFlags{FlagSet: new(flag.FlagSet)}`

			`dockerCertPath = os.Getenv("DOCKER_CERT_PATH")`
			`dockerTLSVerify = os.Getenv("DOCKER_TLS_VERIFY") != ""`
			`)`

			`func init() {`
			`if dockerCertPath == "" {`
			`dockerCertPath = cliconfig.ConfigDir()`
			`}`

			`commonFlags.PostParse = postParseCommon`

			`cmd := commonFlags.FlagSet`

			`cmd.BoolVar(&commonFlags.Debug, []string{"D", "-debug"}, false, "Enable debug mode")`
			`cmd.StringVar(&commonFlags.LogLevel, []string{"l", "-log-level"}, "info", "Set the logging level")`
			`cmd.BoolVar(&commonFlags.TLS, []string{"-tls"}, false, "Use TLS; implied by --tlsverify")`
			`cmd.BoolVar(&commonFlags.TLSVerify, []string{"-tlsverify"}, dockerTLSVerify, "Use TLS and verify the remote")`

			`// TODO use flag flag.String([]string{"i", "-identity"}, "", "Path to libtrust key file")`

			`var tlsOptions tlsconfig.Options`
			`commonFlags.TLSOptions = &tlsOptions`
			`cmd.StringVar(&tlsOptions.CAFile, []string{"-tlscacert"}, filepath.Join(dockerCertPath, defaultCaFile), "Trust certs signed only by this CA")`
			`cmd.StringVar(&tlsOptions.CertFile, []string{"-tlscert"}, filepath.Join(dockerCertPath, defaultCertFile), "Path to TLS certificate file")`
			`cmd.StringVar(&tlsOptions.KeyFile, []string{"-tlskey"}, filepath.Join(dockerCertPath, defaultKeyFile), "Path to TLS key file")`

Allow to set daemon and server configurations in a file. Read configuration after flags making this the priority: 1- Apply configuration from file. 2- Apply configuration from flags. Reload configuration when a signal is received, USR2 in Linux: - Reload router if the debug configuration changes. - Reload daemon labels. - Reload cluster discovery. Signed-off-by: David Calavera <david.calavera@gmail.com> 2015-12-10 18:35:10 -05:00			`cmd.Var(opts.NewNamedListOptsRef("hosts", &commonFlags.Hosts, opts.ValidateHost), []string{"H", "-host"}, "Daemon socket(s) to connect to")`
cli: new daemon command and new cli package This patch creates a new cli package that allows to combine both client and daemon commands (there is only one daemon command: docker daemon). The `-d` and `--daemon` top-level flags are deprecated and a special message is added to prompt the user to use `docker daemon`. Providing top-level daemon-specific flags for client commands result in an error message prompting the user to use `docker daemon`. This patch does not break any old but correct usages. This also makes `-d` and `--daemon` flags, as well as the `daemon` command illegal in client-only binaries. Signed-off-by: Tibor Vass <tibor@docker.com> 2015-05-05 00:18:28 -04:00			`}`

			`func postParseCommon() {`
			`cmd := commonFlags.FlagSet`

Fix post config verification without flags. - Set the daemon log level to what's set in the configuration. - Enable TLS when TLSVerify is enabled. Signed-off-by: David Calavera <david.calavera@gmail.com> 2016-01-19 14:16:07 -05:00			`setDaemonLogLevel(commonFlags.LogLevel)`
cli: new daemon command and new cli package This patch creates a new cli package that allows to combine both client and daemon commands (there is only one daemon command: docker daemon). The `-d` and `--daemon` top-level flags are deprecated and a special message is added to prompt the user to use `docker daemon`. Providing top-level daemon-specific flags for client commands result in an error message prompting the user to use `docker daemon`. This patch does not break any old but correct usages. This also makes `-d` and `--daemon` flags, as well as the `daemon` command illegal in client-only binaries. Signed-off-by: Tibor Vass <tibor@docker.com> 2015-05-05 00:18:28 -04:00
			`// Regardless of whether the user sets it to true or false, if they`
			`// specify --tlsverify at all then we need to turn on tls`
			`// TLSVerify can be true even if not set due to DOCKER_TLS_VERIFY env var, so we need to check that here as well`
Verify that the configuration keys in the file are valid. - Return an error if any of the keys don't match valid flags. - Fix an issue ignoring merged values as named values. - Fix tlsverify configuration key. - Fix bug in mflag to avoid panics when one of the flag set doesn't have any flag. Signed-off-by: David Calavera <david.calavera@gmail.com> 2016-01-20 17:16:49 -05:00			`if cmd.IsSet("-"+tlsVerifyKey) \|\| commonFlags.TLSVerify {`
cli: new daemon command and new cli package This patch creates a new cli package that allows to combine both client and daemon commands (there is only one daemon command: docker daemon). The `-d` and `--daemon` top-level flags are deprecated and a special message is added to prompt the user to use `docker daemon`. Providing top-level daemon-specific flags for client commands result in an error message prompting the user to use `docker daemon`. This patch does not break any old but correct usages. This also makes `-d` and `--daemon` flags, as well as the `daemon` command illegal in client-only binaries. Signed-off-by: Tibor Vass <tibor@docker.com> 2015-05-05 00:18:28 -04:00			`commonFlags.TLS = true`
			`}`

			`if !commonFlags.TLS {`
			`commonFlags.TLSOptions = nil`
			`} else {`
			`tlsOptions := commonFlags.TLSOptions`
			`tlsOptions.InsecureSkipVerify = !commonFlags.TLSVerify`

			`// Reset CertFile and KeyFile to empty string if the user did not specify`
			`// the respective flags and the respective default files were not found.`
			`if !cmd.IsSet("-tlscert") {`
			`if _, err := os.Stat(tlsOptions.CertFile); os.IsNotExist(err) {`
			`tlsOptions.CertFile = ""`
			`}`
			`}`
			`if !cmd.IsSet("-tlskey") {`
			`if _, err := os.Stat(tlsOptions.KeyFile); os.IsNotExist(err) {`
			`tlsOptions.KeyFile = ""`
			`}`
			`}`
			`}`
			`}`
Fix post config verification without flags. - Set the daemon log level to what's set in the configuration. - Enable TLS when TLSVerify is enabled. Signed-off-by: David Calavera <david.calavera@gmail.com> 2016-01-19 14:16:07 -05:00
			`func setDaemonLogLevel(logLevel string) {`
			`if logLevel != "" {`
			`lvl, err := logrus.ParseLevel(logLevel)`
			`if err != nil {`
			`fmt.Fprintf(os.Stderr, "Unable to parse logging level: %s\n", logLevel)`
			`os.Exit(1)`
			`}`
			`logrus.SetLevel(lvl)`
			`} else {`
			`logrus.SetLevel(logrus.InfoLevel)`
			`}`
			`}`