kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Start daemon if certificates have been expired

Browse source 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
This commit is contained in:
Tonis Tiigi 2016-11-08 18:03:47 -08:00
parent c13bf5ba51
commit 439de7694d
1 changed files with 23 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
daemon/cluster/cluster.go
View file

@ -1,6 +1,7 @@
package cluster package cluster
import ( import (
"crypto/x509"
"encoding/base64" "encoding/base64"
"encoding/json" "encoding/json"
"fmt" "fmt"
@ -62,6 +63,9 @@ var ErrSwarmJoinTimeoutReached = fmt.Errorf("Timeout was reached before node was
// ErrSwarmLocked is returned if the swarm is encrypted and needs a key to unlock it. // ErrSwarmLocked is returned if the swarm is encrypted and needs a key to unlock it.
var ErrSwarmLocked = fmt.Errorf("Swarm is encrypted and needs to be unlocked before it can be used. Please use \"docker swarm unlock\" to unlock it.") var ErrSwarmLocked = fmt.Errorf("Swarm is encrypted and needs to be unlocked before it can be used. Please use \"docker swarm unlock\" to unlock it.")
// ErrSwarmCertificatesExipred is returned if docker was not started for the whole validity period and they had no chance to renew automatically.
var ErrSwarmCertificatesExpired = errors.New("Swarm certificates have expired. To replace them, leave the swarm and join again.")
// NetworkSubnetsProvider exposes functions for retrieving the subnets // NetworkSubnetsProvider exposes functions for retrieving the subnets
// of networks managed by Docker, so they can be filtered. // of networks managed by Docker, so they can be filtered.
type NetworkSubnetsProvider interface { type NetworkSubnetsProvider interface {
@ -186,7 +190,10 @@ func New(config Config) (*Cluster, error) {
if errors.Cause(c.err) == ErrSwarmLocked { if errors.Cause(c.err) == ErrSwarmLocked {
return c, nil return c, nil
} }
if err, ok := errors.Cause(c.err).(x509.CertificateInvalidError); ok && err.Reason == x509.Expired {
c.err = ErrSwarmCertificatesExpired
return c, nil
}
return nil, fmt.Errorf("swarm component could not be started: %v", c.err) return nil, fmt.Errorf("swarm component could not be started: %v", c.err)
} }
go c.reconnectOnFailure(n) go c.reconnectOnFailure(n)
@ -387,7 +394,7 @@ func (c *Cluster) startNewNode(conf nodeStartConfig) (*node, error) {
// Init initializes new cluster from user provided request. // Init initializes new cluster from user provided request.
func (c *Cluster) Init(req types.InitRequest) (string, error) { func (c *Cluster) Init(req types.InitRequest) (string, error) {
c.Lock() c.Lock()
if node := c.node; node != nil || c.locked { if c.swarmExists() {
if !req.ForceNewCluster { if !req.ForceNewCluster {
c.Unlock() c.Unlock()
return "", ErrSwarmExists return "", ErrSwarmExists
@ -480,7 +487,7 @@ func (c *Cluster) Init(req types.InitRequest) (string, error) {
// Join makes current Cluster part of an existing swarm cluster. // Join makes current Cluster part of an existing swarm cluster.
func (c *Cluster) Join(req types.JoinRequest) error { func (c *Cluster) Join(req types.JoinRequest) error {
c.Lock() c.Lock()
if node := c.node; node != nil || c.locked { if c.swarmExists() {
c.Unlock() c.Unlock()
return ErrSwarmExists return ErrSwarmExists
} }
@ -642,6 +649,9 @@ func (c *Cluster) Leave(force bool) error {
c.locked = false c.locked = false
c.lastNodeConfig = nil c.lastNodeConfig = nil
c.Unlock() c.Unlock()
} else if c.err == ErrSwarmCertificatesExpired {
c.err = nil
c.Unlock()
} else { } else {
c.Unlock() c.Unlock()
return ErrNoSwarm return ErrNoSwarm
@ -878,6 +888,8 @@ func (c *Cluster) Info() types.Info {
} }
if c.locked { if c.locked {
info.LocalNodeState = types.LocalNodeStateLocked info.LocalNodeState = types.LocalNodeStateLocked
} else if c.err == ErrSwarmCertificatesExpired {
info.LocalNodeState = types.LocalNodeStateError
} }
} else { } else {
info.LocalNodeState = types.LocalNodeStatePending info.LocalNodeState = types.LocalNodeStatePending
@ -929,6 +941,11 @@ func (c *Cluster) isActiveManager() bool {
return c.node != nil && c.conn != nil return c.node != nil && c.conn != nil
} }
// swarmExists should not be called without a read lock
func (c *Cluster) swarmExists() bool {
return c.node != nil || c.locked || c.err == ErrSwarmCertificatesExpired
}
// errNoManager returns error describing why manager commands can't be used. // errNoManager returns error describing why manager commands can't be used.
// Call with read lock. // Call with read lock.
func (c *Cluster) errNoManager() error { func (c *Cluster) errNoManager() error {
@ -936,6 +953,9 @@ func (c *Cluster) errNoManager() error {
if c.locked { if c.locked {
return ErrSwarmLocked return ErrSwarmLocked
} }
if c.err == ErrSwarmCertificatesExpired {
return ErrSwarmCertificatesExpired
}
return fmt.Errorf("This node is not a swarm manager. Use \"docker swarm init\" or \"docker swarm join\" to connect this node to swarm and try again.") return fmt.Errorf("This node is not a swarm manager. Use \"docker swarm init\" or \"docker swarm join\" to connect this node to swarm and try again.")
} }
if c.node.Manager() != nil { if c.node.Manager() != nil {