move tlsconf to rancherctl

2025-09-03 15:54:24 +00:00 · 2015-02-21 13:31:10 -08:00
parent 33d636930b
commit 0b31dc7e3b
4 changed files with 57 additions and 41 deletions
--- a/cmd/control/cli.go
+++ b/cmd/control/cli.go
@@ -47,6 +47,11 @@ func Main() {
 			Usage: "operating system upgrade/downgrade",
 			Subcommands: osSubcommands(),
 		},
+		{
+			Name: "tlsconf",
+			Usage: "setup tls configuration",
+			Subcommands: tlsConfCommands(),
+		},
 	}

 	app.Run(os.Args)
--- a/cmd/control/tlsconf.go
+++ b/cmd/control/tlsconf.go
@@ -1,19 +1,46 @@
-package tlsconf
+package control 

 import (
 	"fmt"
 	"os"
 	"path/filepath"

+	"github.com/codegangsta/cli"
 	machineUtil "github.com/docker/machine/utils"
 )

-func Main() {
+func tlsConfCommands() []cli.Command {
+	return []cli.Command {
+		{
+			Name: "create",
+			Usage: "use it to create a new set of tls configuration certs and keys or upload existing ones",
+			Action: tlsConfCreate,
+			Flags: []cli.Flag {
+				cli.StringFlag {
+					Name: "cakey",
+					Usage: "path to existing certificate authority key (only use with --generate)",
+				},
+				cli.StringFlag {
+					Name: "ca",
+					Usage: "path to existing certificate authority (only use with --genreate)",
+				},
+				cli.BoolFlag {
+					Name: "generate, g",
+					Usage: "generate the client key and client cert from existing ca and cakey",
+				},
+				cli.StringFlag {
+					Name: "outDir, o",
+					Usage: "the output directory to save the generated certs or keys",
+				},
+			},
+		},
+	}
+} 
+
+func tlsConfCreate(c *cli.Context) {
 	name := "rancher"
 	bits := 2048

-	vargs := os.Args
-
 	caCertPath := "ca.pem"
 	caKeyPath := "ca-key.pem"
 	outDir := "/etc/docker/tls/"
@@ -22,42 +49,28 @@ func Main() {
 	inputCaKey := ""
 	inputCaCert := ""

-	for index := range vargs {
-		arg := vargs[index]
-		if arg == "--help" || arg == "-h" {
-			fmt.Println("run tlsconfig with no args to generate ca, cakey, server-key and server-cert in /var/run \n")
-			fmt.Println("--help or -h\t print this help text")
-			fmt.Println("--cakey\t\t path to existing certificate authority key (only use with -g)")
-			fmt.Println("--ca\t\t path to existing certificate authority (only use with -g)")
-			fmt.Println("--g \t\t generates server key and server cert from existing ca and caKey")
-			fmt.Println("--outdir \t the output directory to save the generate certs or keys")
-			return
-		} else if arg == "--outdir" {
-			if len(vargs) > index+1 {
-				outDir = vargs[index+1]
-			} else {
-				fmt.Println("please specify a output directory")
+	if val := c.String("outDir"); val != "" {
+		outDir = val
 	}
-		} else if arg == "-g" {
+	
+	if c.Bool("generate") {
 		generateCaCerts = false
-		} else if arg == "--cakey" {
-			if len(vargs) > index+1 {
-				inputCaKey = vargs[index+1]
-			} else {
-				fmt.Println("please specify a input ca-key file path")
-			}
-		} else if arg == "--ca" {
-			if len(vargs) > index+1 {
-				inputCaCert = vargs[index+1]
-			} else {
-				fmt.Println("please specify a input ca file path")
 	}
+	
+	if val := c.String("cakey"); val != "" {
+		inputCaKey = val
 	}
+
+	if val := c.String("ca"); val != "" {
+		inputCaCert = val
 	}	

 	caCertPath = filepath.Join(outDir, caCertPath)
 	caKeyPath = filepath.Join(outDir, caKeyPath)

+	serverCertPath := "server-cert.pem"
+	serverKeyPath := "server-key.pem"
+
 	if generateCaCerts {
 		if err := machineUtil.GenerateCACertificate(caCertPath, caKeyPath, name, bits); err != nil {
 			fmt.Println(err.Error())
@@ -83,12 +96,12 @@ func Main() {
 		} else {
 			caCertPath = inputCaCert
 		}
+		serverCertPath = "client-cert.pem"
+		serverKeyPath = "client-key.pem"
 	}

-	serverCertPath := "server-cert.pem"
-	serverCertPath = filepath.Join(outDir, serverCertPath)

-	serverKeyPath := "server-key.pem"
+	serverCertPath = filepath.Join(outDir, serverCertPath)
 	serverKeyPath = filepath.Join(outDir, serverKeyPath)

 	if err := machineUtil.GenerateCert([]string{""}, serverCertPath, serverKeyPath, caCertPath, caKeyPath, name, bits); err != nil {
--- a/main.go
+++ b/main.go
@@ -12,7 +12,6 @@ import (
 	"github.com/rancherio/os/cmd/respawn"
 	"github.com/rancherio/os/cmd/sysinit"
 	"github.com/rancherio/os/cmd/systemdocker"
-	"github.com/rancherio/os/cmd/tlsconf"
 	osInit "github.com/rancherio/os/init"
 )

@@ -43,7 +42,6 @@ func main() {
 	registerCmd("/sbin/halt", power.Halt)
 	registerCmd("/usr/bin/respawn", respawn.Main)
 	registerCmd("/usr/sbin/rancherctl", control.Main)
-	registerCmd("/usr/bin/tlsconf", tlsconf.Main)
 	registerCmd("/usr/bin/cloud-init", cloudinit.Main)

 	if !reexec.Init() {
--- a/scripts/dockerimages/scripts/docker.sh
+++ b/scripts/dockerimages/scripts/docker.sh
@@ -32,7 +32,7 @@ if [ "$USE_TLS" == "true" ]; then
 	echo "$TLS_SERVER_CERT" > $TLS_PATH/server-cert.pem
 	echo "$TLS_SERVER_KEY" > $TLS_PATH/server-key.pem
    else
-        tlsconf
+        rancherctl tlsconf create
    	TLS_CA_CERT="$(cat $TLS_PATH/ca.pem)"
    	TLS_SERVER_CERT="$(cat $TLS_PATH/server-cert.pem)"
    	TLS_SERVER_KEY="$(cat $TLS_PATH/server-key.pem)"