mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
split function out of command description scope
Signed-off-by: allencloud <allen.sun@daocloud.io>
This commit is contained in:
parent
fb03b56b9b
commit
0b243acbfc
3 changed files with 163 additions and 132 deletions
|
@ -12,92 +12,107 @@ import (
|
||||||
"golang.org/x/net/context"
|
"golang.org/x/net/context"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
type joinTokenOptions struct {
|
||||||
|
role string
|
||||||
|
rotate bool
|
||||||
|
quiet bool
|
||||||
|
}
|
||||||
|
|
||||||
func newJoinTokenCommand(dockerCli *command.DockerCli) *cobra.Command {
|
func newJoinTokenCommand(dockerCli *command.DockerCli) *cobra.Command {
|
||||||
var rotate, quiet bool
|
opts := joinTokenOptions{}
|
||||||
|
|
||||||
cmd := &cobra.Command{
|
cmd := &cobra.Command{
|
||||||
Use: "join-token [OPTIONS] (worker|manager)",
|
Use: "join-token [OPTIONS] (worker|manager)",
|
||||||
Short: "Manage join tokens",
|
Short: "Manage join tokens",
|
||||||
Args: cli.ExactArgs(1),
|
Args: cli.ExactArgs(1),
|
||||||
RunE: func(cmd *cobra.Command, args []string) error {
|
RunE: func(cmd *cobra.Command, args []string) error {
|
||||||
worker := args[0] == "worker"
|
opts.role = args[0]
|
||||||
manager := args[0] == "manager"
|
return runJoinToken(dockerCli, opts)
|
||||||
|
|
||||||
if !worker && !manager {
|
|
||||||
return errors.New("unknown role " + args[0])
|
|
||||||
}
|
|
||||||
|
|
||||||
client := dockerCli.Client()
|
|
||||||
ctx := context.Background()
|
|
||||||
|
|
||||||
if rotate {
|
|
||||||
var flags swarm.UpdateFlags
|
|
||||||
|
|
||||||
swarm, err := client.SwarmInspect(ctx)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
flags.RotateWorkerToken = worker
|
|
||||||
flags.RotateManagerToken = manager
|
|
||||||
|
|
||||||
err = client.SwarmUpdate(ctx, swarm.Version, swarm.Spec, flags)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if !quiet {
|
|
||||||
fmt.Fprintf(dockerCli.Out(), "Successfully rotated %s join token.\n\n", args[0])
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
swarm, err := client.SwarmInspect(ctx)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
if quiet {
|
|
||||||
if worker {
|
|
||||||
fmt.Fprintln(dockerCli.Out(), swarm.JoinTokens.Worker)
|
|
||||||
} else {
|
|
||||||
fmt.Fprintln(dockerCli.Out(), swarm.JoinTokens.Manager)
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
info, err := client.Info(ctx)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
return printJoinCommand(ctx, dockerCli, info.Swarm.NodeID, worker, manager)
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
flags := cmd.Flags()
|
flags := cmd.Flags()
|
||||||
flags.BoolVar(&rotate, flagRotate, false, "Rotate join token")
|
flags.BoolVar(&opts.rotate, flagRotate, false, "Rotate join token")
|
||||||
flags.BoolVarP(&quiet, flagQuiet, "q", false, "Only display token")
|
flags.BoolVarP(&opts.quiet, flagQuiet, "q", false, "Only display token")
|
||||||
|
|
||||||
return cmd
|
return cmd
|
||||||
}
|
}
|
||||||
|
|
||||||
func printJoinCommand(ctx context.Context, dockerCli *command.DockerCli, nodeID string, worker bool, manager bool) error {
|
func runJoinToken(dockerCli *command.DockerCli, opts joinTokenOptions) error {
|
||||||
client := dockerCli.Client()
|
worker := opts.role == "worker"
|
||||||
|
manager := opts.role == "manager"
|
||||||
|
|
||||||
swarm, err := client.SwarmInspect(ctx)
|
if !worker && !manager {
|
||||||
|
return errors.New("unknown role " + opts.role)
|
||||||
|
}
|
||||||
|
|
||||||
|
client := dockerCli.Client()
|
||||||
|
ctx := context.Background()
|
||||||
|
|
||||||
|
if opts.rotate {
|
||||||
|
flags := swarm.UpdateFlags{
|
||||||
|
RotateWorkerToken: worker,
|
||||||
|
RotateManagerToken: manager,
|
||||||
|
}
|
||||||
|
|
||||||
|
sw, err := client.SwarmInspect(ctx)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := client.SwarmUpdate(ctx, sw.Version, sw.Spec, flags); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
if !opts.quiet {
|
||||||
|
fmt.Fprintf(dockerCli.Out(), "Successfully rotated %s join token.\n\n", opts.role)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// second SwarmInspect in this function,
|
||||||
|
// this is necessary since SwarmUpdate after first changes the join tokens
|
||||||
|
sw, err := client.SwarmInspect(ctx)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if opts.quiet && worker {
|
||||||
|
fmt.Fprintln(dockerCli.Out(), sw.JoinTokens.Worker)
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
if opts.quiet && manager {
|
||||||
|
fmt.Fprintln(dockerCli.Out(), sw.JoinTokens.Manager)
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
info, err := client.Info(ctx)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
return printJoinCommand(ctx, dockerCli, info.Swarm.NodeID, worker, manager)
|
||||||
|
}
|
||||||
|
|
||||||
|
func printJoinCommand(ctx context.Context, dockerCli *command.DockerCli, nodeID string, worker bool, manager bool) error {
|
||||||
|
client := dockerCli.Client()
|
||||||
|
|
||||||
node, _, err := client.NodeInspectWithRaw(ctx, nodeID)
|
node, _, err := client.NodeInspectWithRaw(ctx, nodeID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sw, err := client.SwarmInspect(ctx)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
if node.ManagerStatus != nil {
|
if node.ManagerStatus != nil {
|
||||||
if worker {
|
if worker {
|
||||||
fmt.Fprintf(dockerCli.Out(), "To add a worker to this swarm, run the following command:\n\n docker swarm join \\\n --token %s \\\n %s\n\n", swarm.JoinTokens.Worker, node.ManagerStatus.Addr)
|
fmt.Fprintf(dockerCli.Out(), "To add a worker to this swarm, run the following command:\n\n docker swarm join \\\n --token %s \\\n %s\n\n", sw.JoinTokens.Worker, node.ManagerStatus.Addr)
|
||||||
}
|
}
|
||||||
if manager {
|
if manager {
|
||||||
fmt.Fprintf(dockerCli.Out(), "To add a manager to this swarm, run the following command:\n\n docker swarm join \\\n --token %s \\\n %s\n\n", swarm.JoinTokens.Manager, node.ManagerStatus.Addr)
|
fmt.Fprintf(dockerCli.Out(), "To add a manager to this swarm, run the following command:\n\n docker swarm join \\\n --token %s \\\n %s\n\n", sw.JoinTokens.Manager, node.ManagerStatus.Addr)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -16,46 +16,54 @@ import (
|
||||||
"golang.org/x/net/context"
|
"golang.org/x/net/context"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
type unlockOptions struct{}
|
||||||
|
|
||||||
func newUnlockCommand(dockerCli *command.DockerCli) *cobra.Command {
|
func newUnlockCommand(dockerCli *command.DockerCli) *cobra.Command {
|
||||||
|
opts := unlockOptions{}
|
||||||
|
|
||||||
cmd := &cobra.Command{
|
cmd := &cobra.Command{
|
||||||
Use: "unlock",
|
Use: "unlock",
|
||||||
Short: "Unlock swarm",
|
Short: "Unlock swarm",
|
||||||
Args: cli.ExactArgs(0),
|
Args: cli.NoArgs,
|
||||||
RunE: func(cmd *cobra.Command, args []string) error {
|
RunE: func(cmd *cobra.Command, args []string) error {
|
||||||
client := dockerCli.Client()
|
return runUnlock(dockerCli, opts)
|
||||||
ctx := context.Background()
|
|
||||||
|
|
||||||
// First see if the node is actually part of a swarm, and if it's is actually locked first.
|
|
||||||
// If it's in any other state than locked, don't ask for the key.
|
|
||||||
info, err := client.Info(ctx)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
switch info.Swarm.LocalNodeState {
|
|
||||||
case swarm.LocalNodeStateInactive:
|
|
||||||
return errors.New("Error: This node is not part of a swarm")
|
|
||||||
case swarm.LocalNodeStateLocked:
|
|
||||||
break
|
|
||||||
default:
|
|
||||||
return errors.New("Error: swarm is not locked")
|
|
||||||
}
|
|
||||||
|
|
||||||
key, err := readKey(dockerCli.In(), "Please enter unlock key: ")
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
req := swarm.UnlockRequest{
|
|
||||||
UnlockKey: key,
|
|
||||||
}
|
|
||||||
|
|
||||||
return client.SwarmUnlock(ctx, req)
|
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
return cmd
|
return cmd
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func runUnlock(dockerCli *command.DockerCli, opts unlockOptions) error {
|
||||||
|
client := dockerCli.Client()
|
||||||
|
ctx := context.Background()
|
||||||
|
|
||||||
|
// First see if the node is actually part of a swarm, and if it's is actually locked first.
|
||||||
|
// If it's in any other state than locked, don't ask for the key.
|
||||||
|
info, err := client.Info(ctx)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
switch info.Swarm.LocalNodeState {
|
||||||
|
case swarm.LocalNodeStateInactive:
|
||||||
|
return errors.New("Error: This node is not part of a swarm")
|
||||||
|
case swarm.LocalNodeStateLocked:
|
||||||
|
break
|
||||||
|
default:
|
||||||
|
return errors.New("Error: swarm is not locked")
|
||||||
|
}
|
||||||
|
|
||||||
|
key, err := readKey(dockerCli.In(), "Please enter unlock key: ")
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
req := swarm.UnlockRequest{
|
||||||
|
UnlockKey: key,
|
||||||
|
}
|
||||||
|
|
||||||
|
return client.SwarmUnlock(ctx, req)
|
||||||
|
}
|
||||||
|
|
||||||
func readKey(in *command.InStream, prompt string) (string, error) {
|
func readKey(in *command.InStream, prompt string) (string, error) {
|
||||||
if in.IsTerminal() {
|
if in.IsTerminal() {
|
||||||
fmt.Print(prompt)
|
fmt.Print(prompt)
|
||||||
|
|
|
@ -12,68 +12,76 @@ import (
|
||||||
"golang.org/x/net/context"
|
"golang.org/x/net/context"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
type unlockKeyOptions struct {
|
||||||
|
rotate bool
|
||||||
|
quiet bool
|
||||||
|
}
|
||||||
|
|
||||||
func newUnlockKeyCommand(dockerCli *command.DockerCli) *cobra.Command {
|
func newUnlockKeyCommand(dockerCli *command.DockerCli) *cobra.Command {
|
||||||
var rotate, quiet bool
|
opts := unlockKeyOptions{}
|
||||||
|
|
||||||
cmd := &cobra.Command{
|
cmd := &cobra.Command{
|
||||||
Use: "unlock-key [OPTIONS]",
|
Use: "unlock-key [OPTIONS]",
|
||||||
Short: "Manage the unlock key",
|
Short: "Manage the unlock key",
|
||||||
Args: cli.NoArgs,
|
Args: cli.NoArgs,
|
||||||
RunE: func(cmd *cobra.Command, args []string) error {
|
RunE: func(cmd *cobra.Command, args []string) error {
|
||||||
client := dockerCli.Client()
|
return runUnlockKey(dockerCli, opts)
|
||||||
ctx := context.Background()
|
|
||||||
|
|
||||||
if rotate {
|
|
||||||
flags := swarm.UpdateFlags{RotateManagerUnlockKey: true}
|
|
||||||
|
|
||||||
swarm, err := client.SwarmInspect(ctx)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
if !swarm.Spec.EncryptionConfig.AutoLockManagers {
|
|
||||||
return errors.New("cannot rotate because autolock is not turned on")
|
|
||||||
}
|
|
||||||
|
|
||||||
err = client.SwarmUpdate(ctx, swarm.Version, swarm.Spec, flags)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if !quiet {
|
|
||||||
fmt.Fprintf(dockerCli.Out(), "Successfully rotated manager unlock key.\n\n")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
unlockKeyResp, err := client.SwarmGetUnlockKey(ctx)
|
|
||||||
if err != nil {
|
|
||||||
return errors.Wrap(err, "could not fetch unlock key")
|
|
||||||
}
|
|
||||||
|
|
||||||
if unlockKeyResp.UnlockKey == "" {
|
|
||||||
return errors.New("no unlock key is set")
|
|
||||||
}
|
|
||||||
|
|
||||||
if quiet {
|
|
||||||
fmt.Fprintln(dockerCli.Out(), unlockKeyResp.UnlockKey)
|
|
||||||
} else {
|
|
||||||
printUnlockCommand(ctx, dockerCli, unlockKeyResp.UnlockKey)
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
flags := cmd.Flags()
|
flags := cmd.Flags()
|
||||||
flags.BoolVar(&rotate, flagRotate, false, "Rotate unlock key")
|
flags.BoolVar(&opts.rotate, flagRotate, false, "Rotate unlock key")
|
||||||
flags.BoolVarP(&quiet, flagQuiet, "q", false, "Only display token")
|
flags.BoolVarP(&opts.quiet, flagQuiet, "q", false, "Only display token")
|
||||||
|
|
||||||
return cmd
|
return cmd
|
||||||
}
|
}
|
||||||
|
|
||||||
func printUnlockCommand(ctx context.Context, dockerCli *command.DockerCli, unlockKey string) {
|
func runUnlockKey(dockerCli *command.DockerCli, opts unlockKeyOptions) error {
|
||||||
if len(unlockKey) == 0 {
|
client := dockerCli.Client()
|
||||||
return
|
ctx := context.Background()
|
||||||
|
|
||||||
|
if opts.rotate {
|
||||||
|
flags := swarm.UpdateFlags{RotateManagerUnlockKey: true}
|
||||||
|
|
||||||
|
sw, err := client.SwarmInspect(ctx)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
if !sw.Spec.EncryptionConfig.AutoLockManagers {
|
||||||
|
return errors.New("cannot rotate because autolock is not turned on")
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := client.SwarmUpdate(ctx, sw.Version, sw.Spec, flags); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
if !opts.quiet {
|
||||||
|
fmt.Fprintf(dockerCli.Out(), "Successfully rotated manager unlock key.\n\n")
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
fmt.Fprintf(dockerCli.Out(), "To unlock a swarm manager after it restarts, run the `docker swarm unlock`\ncommand and provide the following key:\n\n %s\n\nPlease remember to store this key in a password manager, since without it you\nwill not be able to restart the manager.\n", unlockKey)
|
unlockKeyResp, err := client.SwarmGetUnlockKey(ctx)
|
||||||
|
if err != nil {
|
||||||
|
return errors.Wrap(err, "could not fetch unlock key")
|
||||||
|
}
|
||||||
|
|
||||||
|
if unlockKeyResp.UnlockKey == "" {
|
||||||
|
return errors.New("no unlock key is set")
|
||||||
|
}
|
||||||
|
|
||||||
|
if opts.quiet {
|
||||||
|
fmt.Fprintln(dockerCli.Out(), unlockKeyResp.UnlockKey)
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
printUnlockCommand(ctx, dockerCli, unlockKeyResp.UnlockKey)
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func printUnlockCommand(ctx context.Context, dockerCli *command.DockerCli, unlockKey string) {
|
||||||
|
if len(unlockKey) > 0 {
|
||||||
|
fmt.Fprintf(dockerCli.Out(), "To unlock a swarm manager after it restarts, run the `docker swarm unlock`\ncommand and provide the following key:\n\n %s\n\nPlease remember to store this key in a password manager, since without it you\nwill not be able to restart the manager.\n", unlockKey)
|
||||||
|
}
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue