From 0b31dc7e3b8aa54d12630a384a5fcba66747e066 Mon Sep 17 00:00:00 2001 From: sidharthamani Date: Sat, 21 Feb 2015 13:31:10 -0800 Subject: [PATCH] move tlsconf to rancherctl --- cmd/control/cli.go | 5 ++ cmd/{tlsconf => control}/tlsconf.go | 89 +++++++++++++++----------- main.go | 2 - scripts/dockerimages/scripts/docker.sh | 2 +- 4 files changed, 57 insertions(+), 41 deletions(-) rename cmd/{tlsconf => control}/tlsconf.go (52%) diff --git a/cmd/control/cli.go b/cmd/control/cli.go index ab3a09b7..9ce765ad 100644 --- a/cmd/control/cli.go +++ b/cmd/control/cli.go @@ -47,6 +47,11 @@ func Main() { Usage: "operating system upgrade/downgrade", Subcommands: osSubcommands(), }, + { + Name: "tlsconf", + Usage: "setup tls configuration", + Subcommands: tlsConfCommands(), + }, } app.Run(os.Args) diff --git a/cmd/tlsconf/tlsconf.go b/cmd/control/tlsconf.go similarity index 52% rename from cmd/tlsconf/tlsconf.go rename to cmd/control/tlsconf.go index ecfc0e7f..c74768cd 100644 --- a/cmd/tlsconf/tlsconf.go +++ b/cmd/control/tlsconf.go @@ -1,19 +1,46 @@ -package tlsconf +package control import ( "fmt" "os" "path/filepath" + "github.com/codegangsta/cli" machineUtil "github.com/docker/machine/utils" ) -func Main() { +func tlsConfCommands() []cli.Command { + return []cli.Command { + { + Name: "create", + Usage: "use it to create a new set of tls configuration certs and keys or upload existing ones", + Action: tlsConfCreate, + Flags: []cli.Flag { + cli.StringFlag { + Name: "cakey", + Usage: "path to existing certificate authority key (only use with --generate)", + }, + cli.StringFlag { + Name: "ca", + Usage: "path to existing certificate authority (only use with --genreate)", + }, + cli.BoolFlag { + Name: "generate, g", + Usage: "generate the client key and client cert from existing ca and cakey", + }, + cli.StringFlag { + Name: "outDir, o", + Usage: "the output directory to save the generated certs or keys", + }, + }, + }, + } +} + +func tlsConfCreate(c *cli.Context) { name := "rancher" bits := 2048 - vargs := os.Args - caCertPath := "ca.pem" caKeyPath := "ca-key.pem" outDir := "/etc/docker/tls/" @@ -22,42 +49,28 @@ func Main() { inputCaKey := "" inputCaCert := "" - for index := range vargs { - arg := vargs[index] - if arg == "--help" || arg == "-h" { - fmt.Println("run tlsconfig with no args to generate ca, cakey, server-key and server-cert in /var/run \n") - fmt.Println("--help or -h\t print this help text") - fmt.Println("--cakey\t\t path to existing certificate authority key (only use with -g)") - fmt.Println("--ca\t\t path to existing certificate authority (only use with -g)") - fmt.Println("--g \t\t generates server key and server cert from existing ca and caKey") - fmt.Println("--outdir \t the output directory to save the generate certs or keys") - return - } else if arg == "--outdir" { - if len(vargs) > index+1 { - outDir = vargs[index+1] - } else { - fmt.Println("please specify a output directory") - } - } else if arg == "-g" { - generateCaCerts = false - } else if arg == "--cakey" { - if len(vargs) > index+1 { - inputCaKey = vargs[index+1] - } else { - fmt.Println("please specify a input ca-key file path") - } - } else if arg == "--ca" { - if len(vargs) > index+1 { - inputCaCert = vargs[index+1] - } else { - fmt.Println("please specify a input ca file path") - } - } + if val := c.String("outDir"); val != "" { + outDir = val } + + if c.Bool("generate") { + generateCaCerts = false + } + + if val := c.String("cakey"); val != "" { + inputCaKey = val + } + + if val := c.String("ca"); val != "" { + inputCaCert = val + } caCertPath = filepath.Join(outDir, caCertPath) caKeyPath = filepath.Join(outDir, caKeyPath) + serverCertPath := "server-cert.pem" + serverKeyPath := "server-key.pem" + if generateCaCerts { if err := machineUtil.GenerateCACertificate(caCertPath, caKeyPath, name, bits); err != nil { fmt.Println(err.Error()) @@ -83,12 +96,12 @@ func Main() { } else { caCertPath = inputCaCert } + serverCertPath = "client-cert.pem" + serverKeyPath = "client-key.pem" } - serverCertPath := "server-cert.pem" - serverCertPath = filepath.Join(outDir, serverCertPath) - serverKeyPath := "server-key.pem" + serverCertPath = filepath.Join(outDir, serverCertPath) serverKeyPath = filepath.Join(outDir, serverKeyPath) if err := machineUtil.GenerateCert([]string{""}, serverCertPath, serverKeyPath, caCertPath, caKeyPath, name, bits); err != nil { diff --git a/main.go b/main.go index 24495a3a..db882353 100644 --- a/main.go +++ b/main.go @@ -12,7 +12,6 @@ import ( "github.com/rancherio/os/cmd/respawn" "github.com/rancherio/os/cmd/sysinit" "github.com/rancherio/os/cmd/systemdocker" - "github.com/rancherio/os/cmd/tlsconf" osInit "github.com/rancherio/os/init" ) @@ -43,7 +42,6 @@ func main() { registerCmd("/sbin/halt", power.Halt) registerCmd("/usr/bin/respawn", respawn.Main) registerCmd("/usr/sbin/rancherctl", control.Main) - registerCmd("/usr/bin/tlsconf", tlsconf.Main) registerCmd("/usr/bin/cloud-init", cloudinit.Main) if !reexec.Init() { diff --git a/scripts/dockerimages/scripts/docker.sh b/scripts/dockerimages/scripts/docker.sh index 21a149fa..4623e128 100755 --- a/scripts/dockerimages/scripts/docker.sh +++ b/scripts/dockerimages/scripts/docker.sh @@ -32,7 +32,7 @@ if [ "$USE_TLS" == "true" ]; then echo "$TLS_SERVER_CERT" > $TLS_PATH/server-cert.pem echo "$TLS_SERVER_KEY" > $TLS_PATH/server-key.pem else - tlsconf + rancherctl tlsconf create TLS_CA_CERT="$(cat $TLS_PATH/ca.pem)" TLS_SERVER_CERT="$(cat $TLS_PATH/server-cert.pem)" TLS_SERVER_KEY="$(cat $TLS_PATH/server-key.pem)"