e5323e7c |
package main
import ( |
c000cb64 |
"crypto/tls"
"crypto/x509" |
fb0b375b |
"fmt" |
c000cb64 |
"io/ioutil" |
4d0a026c |
"os"
"strings"
|
2facc046 |
log "github.com/Sirupsen/logrus" |
b3ee9ac7 |
"github.com/docker/docker/api"
"github.com/docker/docker/api/client"
"github.com/docker/docker/dockerversion"
flag "github.com/docker/docker/pkg/mflag" |
acd64278 |
"github.com/docker/docker/pkg/reexec" |
b3ee9ac7 |
"github.com/docker/docker/utils" |
553ca56d |
)
|
c000cb64 |
const ( |
ea6a4801 |
defaultTrustKeyFile = "key.json"
defaultCaFile = "ca.pem"
defaultKeyFile = "key.pem"
defaultCertFile = "cert.pem" |
c000cb64 |
)
|
e5323e7c |
func main() { |
73210671 |
if reexec.Init() { |
745edc49 |
return |
75529a20 |
} |
7c62cee5 |
|
745edc49 |
flag.Parse() |
353b7c8e |
// FIXME: validate daemon flags here |
1cbdaeba |
|
9fce6f66 |
if *flVersion {
showVersion()
return
} |
2facc046 |
if *flLogLevel != "" {
lvl, err := log.ParseLevel(*flLogLevel)
if err != nil {
log.Fatalf("Unable to parse logging level: %s", *flLogLevel)
}
initLogging(lvl)
} else {
initLogging(log.InfoLevel)
}
// -D, --debug, -l/--log-level=debug processing
// When/if -D is removed this block can be deleted |
1b95590d |
if *flDebug {
os.Setenv("DEBUG", "1") |
2facc046 |
initLogging(log.DebugLevel) |
1b95590d |
}
|
1d10c55a |
if len(flHosts) == 0 { |
f50b8b08 |
defaultHost := os.Getenv("DOCKER_HOST")
if defaultHost == "" || *flDaemon {
// If we do not have a host, default to unix socket |
f556cd41 |
defaultHost = fmt.Sprintf("unix://%s", api.DEFAULTUNIXSOCKET) |
f50b8b08 |
} |
660cc4a2 |
defaultHost, err := api.ValidateHost(defaultHost)
if err != nil { |
513d8648 |
log.Fatal(err)
} |
1d10c55a |
flHosts = append(flHosts, defaultHost) |
dede1585 |
}
|
1b95590d |
if *flDaemon {
mainDaemon()
return |
2fcbfb5a |
}
|
1d10c55a |
if len(flHosts) > 1 { |
1b95590d |
log.Fatal("Please specify only one -H") |
76663079 |
} |
1d10c55a |
protoAddrParts := strings.SplitN(flHosts[0], "://", 2) |
c000cb64 |
|
1b95590d |
var (
cli *client.DockerCli
tlsConfig tls.Config
)
tlsConfig.InsecureSkipVerify = true
|
ae9bd580 |
// Regardless of whether the user sets it to true or false, if they
// specify --tlsverify at all then we need to turn on tls
if flag.IsSet("-tlsverify") {
*flTls = true
}
|
1b95590d |
// If we should verify the server, we need to load a trusted ca
if *flTlsVerify {
certPool := x509.NewCertPool()
file, err := ioutil.ReadFile(*flCa)
if err != nil {
log.Fatalf("Couldn't read ca cert %s: %s", *flCa, err) |
dede1585 |
} |
1b95590d |
certPool.AppendCertsFromPEM(file)
tlsConfig.RootCAs = certPool
tlsConfig.InsecureSkipVerify = false
} |
c000cb64 |
|
1b95590d |
// If tls is enabled, try to load and send client certificates
if *flTls || *flTlsVerify {
_, errCert := os.Stat(*flCert)
_, errKey := os.Stat(*flKey)
if errCert == nil && errKey == nil { |
c000cb64 |
*flTls = true |
1b95590d |
cert, err := tls.LoadX509KeyPair(*flCert, *flKey) |
c000cb64 |
if err != nil { |
1b95590d |
log.Fatalf("Couldn't load X509 key pair: %s. Key encrypted?", err) |
c000cb64 |
} |
1b95590d |
tlsConfig.Certificates = []tls.Certificate{cert} |
c000cb64 |
} |
7a062b2b |
// Avoid fallback to SSL protocols < TLS1.0
tlsConfig.MinVersion = tls.VersionTLS10 |
1b95590d |
} |
c000cb64 |
|
1b95590d |
if *flTls || *flTlsVerify { |
712e8da8 |
cli = client.NewDockerCli(os.Stdin, os.Stdout, os.Stderr, nil, protoAddrParts[0], protoAddrParts[1], &tlsConfig) |
1b95590d |
} else { |
712e8da8 |
cli = client.NewDockerCli(os.Stdin, os.Stdout, os.Stderr, nil, protoAddrParts[0], protoAddrParts[1], nil) |
1b95590d |
} |
12687b7c |
|
a110ce2f |
if err := cli.Cmd(flag.Args()...); err != nil { |
1b95590d |
if sterr, ok := err.(*utils.StatusError); ok {
if sterr.Status != "" { |
18d9f197 |
log.Println(sterr.Status) |
46a1cd69 |
} |
1b95590d |
os.Exit(sterr.StatusCode) |
745edc49 |
} |
1b95590d |
log.Fatal(err) |
745edc49 |
}
}
|
9fce6f66 |
func showVersion() { |
ae3c7dec |
fmt.Printf("Docker version %s, build %s\n", dockerversion.VERSION, dockerversion.GITCOMMIT) |
9fce6f66 |
} |