rancher/os
1
0
Fork 1
mirror of https://github.com/rancher/os.git synced 2025-08-31 14:23:11 +00:00
Code Issues Releases Wiki Activity

Disable docker server TLS cert auto-generation

Browse Source 
Because users should be explicit about their docker TLS certs.
Also, re-generate the key and cert files when `ros tls gen` is run (used to be cached).
This commit is contained in:
Ivan Mikushin
2016-06-02 12:16:30 -07:00
parent 43f90b8e61
commit 41f333d0ff
6 changed files with 208 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
cmd/userdocker/main.go
View File

@@ -18,6 +18,8 @@ import (
"github.com/rancher/os/compose"
"github.com/rancher/os/config"
rosDocker "github.com/rancher/os/docker"
"github.com/rancher/os/util"
"path/filepath"
)
const (
@@ -41,6 +43,36 @@ func Main() {
select {}
}
func writeCerts(cfg *config.CloudConfig) error {
outDir := control.ServerTlsPath
if err := os.MkdirAll(outDir, 0700); err != nil {
return err
}
caCertPath := filepath.Join(outDir, control.CaCert)
caKeyPath := filepath.Join(outDir, control.CaKey)
serverCertPath := filepath.Join(outDir, control.ServerCert)
serverKeyPath := filepath.Join(outDir, control.ServerKey)
if cfg.Rancher.Docker.CACert != "" {
if err := util.WriteFileAtomic(caCertPath, []byte(cfg.Rancher.Docker.CACert), 0400); err != nil {
return err
}
if err := util.WriteFileAtomic(caKeyPath, []byte(cfg.Rancher.Docker.CAKey), 0400); err != nil {
return err
}
}
if cfg.Rancher.Docker.ServerCert != "" {
if err := util.WriteFileAtomic(serverCertPath, []byte(cfg.Rancher.Docker.ServerCert), 0400); err != nil {
return err
}
if err := util.WriteFileAtomic(serverKeyPath, []byte(cfg.Rancher.Docker.ServerKey), 0400); err != nil {
return err
}
}
return nil
}
func startDocker(cfg *config.CloudConfig) error {
storageContext := cfg.Rancher.Docker.StorageContext
if storageContext == "" {
@@ -77,8 +109,7 @@ func startDocker(cfg *config.CloudConfig) error {
log.Debugf("User Docker args: %v", args)
if dockerCfg.TLS {
log.Debug("Generating TLS certs if needed")
if err := control.Generate(true, "/etc/docker/tls", []string{"127.0.0.1", "*", "*.*", "*.*.*", "*.*.*.*"}); err != nil {
if err := writeCerts(cfg); err != nil {
return err
}
}