mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
ea6a480128
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
133 lines
3 KiB
Go
133 lines
3 KiB
Go
package main
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"crypto/x509"
|
|
"fmt"
|
|
"io/ioutil"
|
|
"log"
|
|
"os"
|
|
"path"
|
|
"strings"
|
|
|
|
"github.com/docker/docker/api"
|
|
"github.com/docker/docker/api/client"
|
|
"github.com/docker/docker/dockerversion"
|
|
flag "github.com/docker/docker/pkg/mflag"
|
|
"github.com/docker/docker/reexec"
|
|
"github.com/docker/docker/utils"
|
|
"github.com/docker/libtrust"
|
|
)
|
|
|
|
const (
|
|
defaultTrustKeyFile = "key.json"
|
|
defaultCaFile = "ca.pem"
|
|
defaultKeyFile = "key.pem"
|
|
defaultCertFile = "cert.pem"
|
|
)
|
|
|
|
func main() {
|
|
if reexec.Init() {
|
|
return
|
|
}
|
|
flag.Parse()
|
|
// FIXME: validate daemon flags here
|
|
|
|
if *flVersion {
|
|
showVersion()
|
|
return
|
|
}
|
|
if *flDebug {
|
|
os.Setenv("DEBUG", "1")
|
|
}
|
|
|
|
if len(flHosts) == 0 {
|
|
defaultHost := os.Getenv("DOCKER_HOST")
|
|
if defaultHost == "" || *flDaemon {
|
|
// If we do not have a host, default to unix socket
|
|
defaultHost = fmt.Sprintf("unix://%s", api.DEFAULTUNIXSOCKET)
|
|
}
|
|
defaultHost, err := api.ValidateHost(defaultHost)
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
flHosts = append(flHosts, defaultHost)
|
|
}
|
|
|
|
if *flDaemon {
|
|
mainDaemon()
|
|
return
|
|
}
|
|
|
|
if len(flHosts) > 1 {
|
|
log.Fatal("Please specify only one -H")
|
|
}
|
|
protoAddrParts := strings.SplitN(flHosts[0], "://", 2)
|
|
|
|
err := os.MkdirAll(path.Dir(*flTrustKey), 0700)
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
trustKey, keyErr := libtrust.LoadKeyFile(*flTrustKey)
|
|
if keyErr == libtrust.ErrKeyFileDoesNotExist {
|
|
trustKey, keyErr = libtrust.GenerateECP256PrivateKey()
|
|
if keyErr == nil {
|
|
keyErr = libtrust.SaveKey(*flTrustKey, trustKey)
|
|
}
|
|
}
|
|
if keyErr != nil {
|
|
log.Fatal(keyErr)
|
|
}
|
|
var (
|
|
cli *client.DockerCli
|
|
tlsConfig tls.Config
|
|
)
|
|
tlsConfig.InsecureSkipVerify = true
|
|
|
|
// If we should verify the server, we need to load a trusted ca
|
|
if *flTlsVerify {
|
|
*flTls = true
|
|
certPool := x509.NewCertPool()
|
|
file, err := ioutil.ReadFile(*flCa)
|
|
if err != nil {
|
|
log.Fatalf("Couldn't read ca cert %s: %s", *flCa, err)
|
|
}
|
|
certPool.AppendCertsFromPEM(file)
|
|
tlsConfig.RootCAs = certPool
|
|
tlsConfig.InsecureSkipVerify = false
|
|
}
|
|
|
|
// If tls is enabled, try to load and send client certificates
|
|
if *flTls || *flTlsVerify {
|
|
_, errCert := os.Stat(*flCert)
|
|
_, errKey := os.Stat(*flKey)
|
|
if errCert == nil && errKey == nil {
|
|
*flTls = true
|
|
cert, err := tls.LoadX509KeyPair(*flCert, *flKey)
|
|
if err != nil {
|
|
log.Fatalf("Couldn't load X509 key pair: %s. Key encrypted?", err)
|
|
}
|
|
tlsConfig.Certificates = []tls.Certificate{cert}
|
|
}
|
|
}
|
|
|
|
if *flTls || *flTlsVerify {
|
|
cli = client.NewDockerCli(os.Stdin, os.Stdout, os.Stderr, trustKey, protoAddrParts[0], protoAddrParts[1], &tlsConfig)
|
|
} else {
|
|
cli = client.NewDockerCli(os.Stdin, os.Stdout, os.Stderr, trustKey, protoAddrParts[0], protoAddrParts[1], nil)
|
|
}
|
|
|
|
if err := cli.Cmd(flag.Args()...); err != nil {
|
|
if sterr, ok := err.(*utils.StatusError); ok {
|
|
if sterr.Status != "" {
|
|
log.Println(sterr.Status)
|
|
}
|
|
os.Exit(sterr.StatusCode)
|
|
}
|
|
log.Fatal(err)
|
|
}
|
|
}
|
|
|
|
func showVersion() {
|
|
fmt.Printf("Docker version %s, build %s\n", dockerversion.VERSION, dockerversion.GITCOMMIT)
|
|
}
|