os/cmd/control/tlsconf.go

package control

import (
	"fmt"
	"io/ioutil"
	"os"
	"path/filepath"

	log "github.com/Sirupsen/logrus"

	"github.com/codegangsta/cli"
	machineUtil "github.com/docker/machine/utils"
	"github.com/rancherio/os/config"
)

const (
	NAME string = "rancher"
	BITS int    = 2048
)

func tlsConfCommands() []cli.Command {
	return []cli.Command{
		{
			Name:   "generate",
			Usage:  "generates new set of TLS configuration certs",
			Action: tlsConfCreate,
			Flags: []cli.Flag{
				cli.StringSliceFlag{
					Name:  "hostname",
					Usage: "the hostname for which you want to generate the certificate",
					Value: &cli.StringSlice{"localhost"},
				},
				cli.BoolFlag{
					Name:  "server, s",
					Usage: "generate the server keys instead of client keys",
				},
				cli.StringFlag{
					Name:  "dir, d",
					Usage: "the directory to save/read the certs to/from",
					Value: "",
				},
			},
		},
	}
}

func writeCerts(generateServer bool, hostname []string, cfg *config.CloudConfig, certPath, keyPath, caCertPath, caKeyPath string) error {
	if !generateServer {
		return machineUtil.GenerateCert([]string{""}, certPath, keyPath, caCertPath, caKeyPath, NAME, BITS)
	}

	if cfg.Rancher.Docker.ServerKey == "" || cfg.Rancher.Docker.ServerCert == "" {
		err := machineUtil.GenerateCert(hostname, certPath, keyPath, caCertPath, caKeyPath, NAME, BITS)
		if err != nil {
			return err
		}

		cert, err := ioutil.ReadFile(certPath)
		if err != nil {
			return err
		}

		key, err := ioutil.ReadFile(keyPath)
		if err != nil {
			return err
		}

		cfg, err = cfg.Merge(map[interface{}]interface{}{
			"rancher": map[interface{}]interface{}{
				"docker": map[interface{}]interface{}{
					"ca_key":      cfg.Rancher.Docker.CAKey,
					"ca_cert":     cfg.Rancher.Docker.CACert,
					"server_cert": string(cert),
					"server_key":  string(key),
				},
			},
		})
		if err != nil {
			return err
		}

		return cfg.Save()
	}

	if err := ioutil.WriteFile(certPath, []byte(cfg.Rancher.Docker.ServerCert), 0400); err != nil {
		return err
	}

	return ioutil.WriteFile(keyPath, []byte(cfg.Rancher.Docker.ServerKey), 0400)

}

func writeCaCerts(cfg *config.CloudConfig, caCertPath, caKeyPath string) error {
	if cfg.Rancher.Docker.CACert == "" {
		if err := machineUtil.GenerateCACertificate(caCertPath, caKeyPath, NAME, BITS); err != nil {
			return err
		}

		caCert, err := ioutil.ReadFile(caCertPath)
		if err != nil {
			return err
		}

		caKey, err := ioutil.ReadFile(caKeyPath)
		if err != nil {
			return err
		}

		cfg, err = cfg.Merge(map[interface{}]interface{}{
			"rancher": map[interface{}]interface{}{
				"docker": map[interface{}]interface{}{
					"ca_key":  string(caKey),
					"ca_cert": string(caCert),
				},
			},
		})
		if err != nil {
			return err
		}

		return cfg.Save()
	}

	if err := ioutil.WriteFile(caCertPath, []byte(cfg.Rancher.Docker.CACert), 0400); err != nil {
		return err
	}

	return ioutil.WriteFile(caKeyPath, []byte(cfg.Rancher.Docker.CAKey), 0400)
}

func tlsConfCreate(c *cli.Context) {
	err := generate(c)
	if err != nil {
		log.Fatal(err)
	}
}

func generate(c *cli.Context) error {
	generateServer := c.Bool("server")
	outDir := c.String("dir")
	hostnames := c.StringSlice("hostname")

	return Generate(generateServer, outDir, hostnames)
}

func Generate(generateServer bool, outDir string, hostnames []string) error {
	cfg, err := config.LoadConfig()
	if err != nil {
		return err
	}

	if outDir == "" {
		return fmt.Errorf("out directory (-d, --dir) not specified")
	}
	caCertPath := filepath.Join(outDir, "ca.pem")
	caKeyPath := filepath.Join(outDir, "ca-key.pem")
	certPath := filepath.Join(outDir, "cert.pem")
	keyPath := filepath.Join(outDir, "key.pem")

	if generateServer {
		certPath = filepath.Join(outDir, "server-cert.pem")
		keyPath = filepath.Join(outDir, "server-key.pem")
	}

	if _, err := os.Stat(outDir); os.IsNotExist(err) {
		if err := os.MkdirAll(outDir, 0700); err != nil {
			return err
		}
	}

	if err := writeCaCerts(cfg, caCertPath, caKeyPath); err != nil {
		return err
	}

	return writeCerts(generateServer, hostnames, cfg, certPath, keyPath, caCertPath, caKeyPath)
}
gofmt 2015-02-23 19:00:33 +00:00			`package control`
Refactor tlsconf 2015-02-19 20:48:10 +00:00
			`import (`
remove default directory from tls generate cmd 2015-04-29 11:38:43 +00:00			`"fmt"`
Refactor tls command 2015-03-16 20:50:30 +00:00			`"io/ioutil"`
Refactor tlsconf 2015-02-19 20:48:10 +00:00			`"os"`
			`"path/filepath"`

Refactor tls command 2015-03-16 20:50:30 +00:00			`log "github.com/Sirupsen/logrus"`

move tlsconf to rancherctl 2015-02-21 21:31:10 +00:00			`"github.com/codegangsta/cli"`
Refactor tlsconf 2015-02-19 20:48:10 +00:00			`machineUtil "github.com/docker/machine/utils"`
Refactor tls command 2015-03-16 20:50:30 +00:00			`"github.com/rancherio/os/config"`
			`)`

			`const (`
			`NAME string = "rancher"`
			`BITS int = 2048`
Refactor tlsconf 2015-02-19 20:48:10 +00:00			`)`

move tlsconf to rancherctl 2015-02-21 21:31:10 +00:00			`func tlsConfCommands() []cli.Command {`
gofmt 2015-02-23 19:00:33 +00:00			`return []cli.Command{`
move tlsconf to rancherctl 2015-02-21 21:31:10 +00:00			`{`
Refactor tls command 2015-03-16 20:50:30 +00:00			`Name: "generate",`
			`Usage: "generates new set of TLS configuration certs",`
move tlsconf to rancherctl 2015-02-21 21:31:10 +00:00			`Action: tlsConfCreate,`
gofmt 2015-02-23 19:00:33 +00:00			`Flags: []cli.Flag{`
Refactor tls command 2015-03-16 20:50:30 +00:00			`cli.StringSliceFlag{`
			`Name: "hostname",`
			`Usage: "the hostname for which you want to generate the certificate",`
			`Value: &cli.StringSlice{"localhost"},`
move tlsconf to rancherctl 2015-02-21 21:31:10 +00:00			`},`
gofmt 2015-02-23 19:00:33 +00:00			`cli.BoolFlag{`
Refactor tls command 2015-03-16 20:50:30 +00:00			`Name: "server, s",`
			`Usage: "generate the server keys instead of client keys",`
move tlsconf to rancherctl 2015-02-21 21:31:10 +00:00			`},`
gofmt 2015-02-23 19:00:33 +00:00			`cli.StringFlag{`
Refactor tls command 2015-03-16 20:50:30 +00:00			`Name: "dir, d",`
			`Usage: "the directory to save/read the certs to/from",`
remove default directory from tls generate cmd 2015-04-29 11:38:43 +00:00			`Value: "",`
move tlsconf to rancherctl 2015-02-21 21:31:10 +00:00			`},`
			`},`
			`},`
			`}`
gofmt 2015-02-23 19:00:33 +00:00			`}`
move tlsconf to rancherctl 2015-02-21 21:31:10 +00:00
make cloud-config the configuration mechanism for RancherOS 2015-07-29 06:52:15 +00:00			`func writeCerts(generateServer bool, hostname []string, cfg *config.CloudConfig, certPath, keyPath, caCertPath, caKeyPath string) error {`
Refactor tls command 2015-03-16 20:50:30 +00:00			`if !generateServer {`
			`return machineUtil.GenerateCert([]string{""}, certPath, keyPath, caCertPath, caKeyPath, NAME, BITS)`
			`}`
Refactor tlsconf 2015-02-19 20:48:10 +00:00
rename rancher.user_docker to rancher.docker in cloud-config 2015-09-11 09:10:50 +00:00			`if cfg.Rancher.Docker.ServerKey == "" \|\| cfg.Rancher.Docker.ServerCert == "" {`
Refactor tls command 2015-03-16 20:50:30 +00:00			`err := machineUtil.GenerateCert(hostname, certPath, keyPath, caCertPath, caKeyPath, NAME, BITS)`
			`if err != nil {`
			`return err`
			`}`
Refactor tlsconf 2015-02-19 20:48:10 +00:00
Refactor tls command 2015-03-16 20:50:30 +00:00			`cert, err := ioutil.ReadFile(certPath)`
			`if err != nil {`
			`return err`
			`}`
gofmt 2015-02-23 19:00:33 +00:00
Refactor tls command 2015-03-16 20:50:30 +00:00			`key, err := ioutil.ReadFile(keyPath)`
			`if err != nil {`
			`return err`
			`}`
gofmt 2015-02-23 19:00:33 +00:00
Reshuffle cloud-config Read files cloud-config.d in alphanumeric order, then cloud-config.yml `ros config` writes to cloud-config.yml (and cloud-config.d/private.yml - only private keys) Add (c *CloudConfig) Save() method, use it to save the changed config Read and apply metadata as part of LoadConfig() Simplify ros config export logic 2015-09-23 11:36:28 +00:00			`cfg, err = cfg.Merge(map[interface{}]interface{}{`
			`"rancher": map[interface{}]interface{}{`
			`"docker": map[interface{}]interface{}{`
			`"ca_key": cfg.Rancher.Docker.CAKey,`
			`"ca_cert": cfg.Rancher.Docker.CACert,`
			`"server_cert": string(cert),`
			`"server_key": string(key),`
make cloud-config the configuration mechanism for RancherOS 2015-07-29 06:52:15 +00:00			`},`
Refactor tls command 2015-03-16 20:50:30 +00:00			`},`
			`})`
Reshuffle cloud-config Read files cloud-config.d in alphanumeric order, then cloud-config.yml `ros config` writes to cloud-config.yml (and cloud-config.d/private.yml - only private keys) Add (c *CloudConfig) Save() method, use it to save the changed config Read and apply metadata as part of LoadConfig() Simplify ros config export logic 2015-09-23 11:36:28 +00:00			`if err != nil {`
			`return err`
			`}`

			`return cfg.Save()`
move tlsconf to rancherctl 2015-02-21 21:31:10 +00:00			`}`

rename rancher.user_docker to rancher.docker in cloud-config 2015-09-11 09:10:50 +00:00			`if err := ioutil.WriteFile(certPath, []byte(cfg.Rancher.Docker.ServerCert), 0400); err != nil {`
Refactor tls command 2015-03-16 20:50:30 +00:00			`return err`
gofmt 2015-02-23 19:00:33 +00:00			`}`
Refactor tlsconf 2015-02-19 20:48:10 +00:00
rename rancher.user_docker to rancher.docker in cloud-config 2015-09-11 09:10:50 +00:00			`return ioutil.WriteFile(keyPath, []byte(cfg.Rancher.Docker.ServerKey), 0400)`
Refactor tlsconf 2015-02-19 20:48:10 +00:00
Refactor tls command 2015-03-16 20:50:30 +00:00			`}`
move tlsconf to rancherctl 2015-02-21 21:31:10 +00:00
make cloud-config the configuration mechanism for RancherOS 2015-07-29 06:52:15 +00:00			`func writeCaCerts(cfg *config.CloudConfig, caCertPath, caKeyPath string) error {`
rename rancher.user_docker to rancher.docker in cloud-config 2015-09-11 09:10:50 +00:00			`if cfg.Rancher.Docker.CACert == "" {`
Refactor tls command 2015-03-16 20:50:30 +00:00			`if err := machineUtil.GenerateCACertificate(caCertPath, caKeyPath, NAME, BITS); err != nil {`
			`return err`
Refactor tlsconf 2015-02-19 20:48:10 +00:00			`}`

Refactor tls command 2015-03-16 20:50:30 +00:00			`caCert, err := ioutil.ReadFile(caCertPath)`
			`if err != nil {`
			`return err`
			`}`
Refactor tlsconf 2015-02-19 20:48:10 +00:00
Refactor tls command 2015-03-16 20:50:30 +00:00			`caKey, err := ioutil.ReadFile(caKeyPath)`
			`if err != nil {`
			`return err`
Refactor tlsconf 2015-02-19 20:48:10 +00:00			`}`

Reshuffle cloud-config Read files cloud-config.d in alphanumeric order, then cloud-config.yml `ros config` writes to cloud-config.yml (and cloud-config.d/private.yml - only private keys) Add (c *CloudConfig) Save() method, use it to save the changed config Read and apply metadata as part of LoadConfig() Simplify ros config export logic 2015-09-23 11:36:28 +00:00			`cfg, err = cfg.Merge(map[interface{}]interface{}{`
			`"rancher": map[interface{}]interface{}{`
			`"docker": map[interface{}]interface{}{`
			`"ca_key": string(caKey),`
			`"ca_cert": string(caCert),`
make cloud-config the configuration mechanism for RancherOS 2015-07-29 06:52:15 +00:00			`},`
Refactor tls command 2015-03-16 20:50:30 +00:00			`},`
			`})`
			`if err != nil {`
			`return err`
Refactor tlsconf 2015-02-19 20:48:10 +00:00			`}`
Refactor tls command 2015-03-16 20:50:30 +00:00
Reshuffle cloud-config Read files cloud-config.d in alphanumeric order, then cloud-config.yml `ros config` writes to cloud-config.yml (and cloud-config.d/private.yml - only private keys) Add (c *CloudConfig) Save() method, use it to save the changed config Read and apply metadata as part of LoadConfig() Simplify ros config export logic 2015-09-23 11:36:28 +00:00			`return cfg.Save()`
Refactor tls command 2015-03-16 20:50:30 +00:00			`}`

rename rancher.user_docker to rancher.docker in cloud-config 2015-09-11 09:10:50 +00:00			`if err := ioutil.WriteFile(caCertPath, []byte(cfg.Rancher.Docker.CACert), 0400); err != nil {`
Refactor tls command 2015-03-16 20:50:30 +00:00			`return err`
			`}`

rename rancher.user_docker to rancher.docker in cloud-config 2015-09-11 09:10:50 +00:00			`return ioutil.WriteFile(caKeyPath, []byte(cfg.Rancher.Docker.CAKey), 0400)`
Refactor tls command 2015-03-16 20:50:30 +00:00			`}`

			`func tlsConfCreate(c *cli.Context) {`
			`err := generate(c)`
			`if err != nil {`
			`log.Fatal(err)`
			`}`
			`}`

			`func generate(c *cli.Context) error {`
Revert "Revert "Storage"" This reverts commit 7b2bf9327106e3c25341a2f901f2e5c3367116c7. 2015-08-27 19:24:26 +00:00			`generateServer := c.Bool("server")`
			`outDir := c.String("dir")`
			`hostnames := c.StringSlice("hostname")`

			`return Generate(generateServer, outDir, hostnames)`
			`}`

			`func Generate(generateServer bool, outDir string, hostnames []string) error {`
Refactor tls command 2015-03-16 20:50:30 +00:00			`cfg, err := config.LoadConfig()`
			`if err != nil {`
			`return err`
Refactor tlsconf 2015-02-19 20:48:10 +00:00			`}`

remove default directory from tls generate cmd 2015-04-29 11:38:43 +00:00			`if outDir == "" {`
			`return fmt.Errorf("out directory (-d, --dir) not specified")`
			`}`
Refactor tls command 2015-03-16 20:50:30 +00:00			`caCertPath := filepath.Join(outDir, "ca.pem")`
			`caKeyPath := filepath.Join(outDir, "ca-key.pem")`
			`certPath := filepath.Join(outDir, "cert.pem")`
			`keyPath := filepath.Join(outDir, "key.pem")`
Refactor tlsconf 2015-02-19 20:48:10 +00:00
Refactor tls command 2015-03-16 20:50:30 +00:00			`if generateServer {`
			`certPath = filepath.Join(outDir, "server-cert.pem")`
			`keyPath = filepath.Join(outDir, "server-key.pem")`
Refactor tlsconf 2015-02-19 20:48:10 +00:00			`}`
Refactor tls command 2015-03-16 20:50:30 +00:00
			`if _, err := os.Stat(outDir); os.IsNotExist(err) {`
			`if err := os.MkdirAll(outDir, 0700); err != nil {`
			`return err`
			`}`
			`}`

			`if err := writeCaCerts(cfg, caCertPath, caKeyPath); err != nil {`
			`return err`
			`}`

			`return writeCerts(generateServer, hostnames, cfg, certPath, keyPath, caCertPath, caKeyPath)`
Refactor tlsconf 2015-02-19 20:48:10 +00:00			`}`