From 3e44413aa9ddbdde7042484c56b31fbdc47c31bd Mon Sep 17 00:00:00 2001
From: Ivan Mikushin <i.mikushin@gmail.com>
Date: Thu, 10 Dec 2015 14:24:14 +0500
Subject: [PATCH] Default dirs for TLS cert generation

/etc/docker/tls - for server
/home/rancher/.docker - for client
---
 cmd/control/tlsconf.go | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/cmd/control/tlsconf.go b/cmd/control/tlsconf.go
index 095f2bec..33b2d779 100644
--- a/cmd/control/tlsconf.go
+++ b/cmd/control/tlsconf.go
@@ -1,7 +1,6 @@
 package control
 
 import (
-	"fmt"
 	"io/ioutil"
 	"os"
 	"path/filepath"
@@ -157,7 +156,12 @@ func Generate(generateServer bool, outDir string, hostnames []string) error {
 	}
 
 	if outDir == "" {
-		return fmt.Errorf("out directory (-d, --dir) not specified")
+		if generateServer {
+			outDir = "/etc/docker/tls"
+		} else {
+			outDir = "/home/rancher/.docker"
+		}
+		log.Infof("Out directory (-d, --dir) not specified, using default: %s", outDir)
 	}
 	caCertPath := filepath.Join(outDir, "ca.pem")
 	caKeyPath := filepath.Join(outDir, "ca-key.pem")
@@ -179,6 +183,17 @@ func Generate(generateServer bool, outDir string, hostnames []string) error {
 	if err != nil {
 		return err
 	}
+	if err := writeCerts(generateServer, hostnames, cfg, certPath, keyPath, caCertPath, caKeyPath); err != nil {
+		return err
+	}
 
-	return writeCerts(generateServer, hostnames, cfg, certPath, keyPath, caCertPath, caKeyPath)
+	if !generateServer {
+		if err := filepath.Walk(outDir, func(path string, info os.FileInfo, err error) error {
+			return os.Chown(path, 1100, 1100) // rancher:rancher
+		}); err != nil {
+			return err
+		}
+	}
+
+	return nil
 }