mirror of
https://github.com/rancher/os.git
synced 2025-06-26 06:51:40 +00:00
tls key generation
This commit is contained in:
sidharthamani
parent
c3476d7b00
commit
707894d594
@ -62,6 +62,7 @@ func NewConfig() *Config {
|
||||
"-v=/init:/sbin/poweroff:ro " +
|
||||
"-v=/init:/sbin/reboot:ro " +
|
||||
"-v=/init:/sbin/halt:ro " +
|
||||
"-v=/init:/sbin/tlsconf:ro " +
|
||||
"-v=/init:/usr/bin/rancherctl:ro " +
|
||||
"--volumes-from=system-state " +
|
||||
"--net=host " +
|
||||
@ -69,13 +70,11 @@ func NewConfig() *Config {
|
||||
"console",
|
||||
},
|
||||
{
|
||||
Cmd: []string{
|
||||
"--name", "ntp",
|
||||
"-d",
|
||||
"--privileged",
|
||||
"--net", "host",
|
||||
Cmd: "--name=ntp " +
|
||||
"-d " +
|
||||
"--privileged " +
|
||||
"--net=host " +
|
||||
"ntp",
|
||||
},
|
||||
},
|
||||
},
|
||||
RescueContainer: &ContainerConfig{
|
||||
|
||||
2
main.go
2
main.go
@ -12,6 +12,7 @@ import (
|
||||
"github.com/rancherio/os/power"
|
||||
"github.com/rancherio/os/respawn"
|
||||
"github.com/rancherio/os/sysinit"
|
||||
"github.com/rancherio/os/util"
|
||||
)
|
||||
|
||||
func registerCmd(cmd string, mainFunc func()) {
|
||||
@ -41,6 +42,7 @@ func main() {
|
||||
registerCmd("/sbin/halt", power.Halt)
|
||||
registerCmd("/usr/bin/respawn", respawn.Main)
|
||||
registerCmd("/usr/sbin/rancherctl", control.Main)
|
||||
registerCmd("/sbin/tlsconf", util.TLSConf)
|
||||
|
||||
if !reexec.Init() {
|
||||
log.Fatalf("Failed to find an entry point for %s", os.Args[0])
|
||||
|
||||
94
util/util.go
94
util/util.go
@ -7,15 +7,109 @@ import (
|
||||
"math/rand"
|
||||
"os"
|
||||
"path"
|
||||
"path/filepath"
|
||||
"syscall"
|
||||
|
||||
"github.com/docker/docker/pkg/mount"
|
||||
machine_utils "github.com/docker/machine/utils"
|
||||
)
|
||||
|
||||
var (
|
||||
letters = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
|
||||
)
|
||||
|
||||
|
||||
func TLSConf() {
|
||||
name := "rancher"
|
||||
bits := 2048
|
||||
|
||||
vargs := os.Args
|
||||
|
||||
caCertPath := "ca.pem"
|
||||
caKeyPath := "ca-key.pem"
|
||||
outDir := "/var/run/"
|
||||
generateCaCerts := true
|
||||
|
||||
inputCaKey := ""
|
||||
inputCaCert := ""
|
||||
|
||||
for index := range vargs {
|
||||
arg := vargs[index]
|
||||
if arg == "--help" || arg == "-h" {
|
||||
fmt.Println("run tlsconfig with no args to generate ca, cakey, server-key and server-cert in /var/run \n")
|
||||
fmt.Println("--help or -h\t print this help text")
|
||||
fmt.Println("--cakey\t\t path to existing certificate authority key (only use with -g)")
|
||||
fmt.Println("--ca\t\t path to existing certificate authority (only use with -g)")
|
||||
fmt.Println("--g \t\t generates server key and server cert from existing ca and caKey")
|
||||
fmt.Println("--outdir \t the output directory to save the generate certs or keys")
|
||||
return
|
||||
} else if arg == "--outdir" {
|
||||
if len(vargs) > index + 1 {
|
||||
outDir = vargs[index+1]
|
||||
} else {
|
||||
fmt.Println("please specify a output directory")
|
||||
}
|
||||
} else if arg == "-g" {
|
||||
generateCaCerts = false
|
||||
} else if arg == "--cakey" {
|
||||
if len(vargs) > index + 1 {
|
||||
inputCaKey = vargs[index+1]
|
||||
} else {
|
||||
fmt.Println("please specify a input ca-key file path")
|
||||
}
|
||||
} else if arg == "--ca" {
|
||||
if len(vargs) > index + 1 {
|
||||
inputCaCert = vargs[index+1]
|
||||
} else {
|
||||
fmt.Println("please specify a input ca file path")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
caCertPath = filepath.Join(outDir, caCertPath)
|
||||
caKeyPath = filepath.Join(outDir, caKeyPath)
|
||||
|
||||
if generateCaCerts {
|
||||
if err := machine_utils.GenerateCACertificate(caCertPath, caKeyPath, name, bits); err != nil {
|
||||
fmt.Println(err.Error())
|
||||
return
|
||||
}
|
||||
} else {
|
||||
if inputCaKey == "" || inputCaCert == "" {
|
||||
fmt.Println("Please specify caKey and CaCert along with -g")
|
||||
return
|
||||
}
|
||||
|
||||
if _, err := os.Stat(inputCaKey); err != nil {
|
||||
//throw error if input ca key not found
|
||||
fmt.Printf("ERROR: %s does not exist\n", inputCaKey)
|
||||
return
|
||||
} else {
|
||||
caKeyPath = inputCaKey
|
||||
}
|
||||
|
||||
if _, err := os.Stat(inputCaCert); err != nil {
|
||||
fmt.Printf("ERROR: %s does not exist\n", inputCaCert)
|
||||
return
|
||||
} else {
|
||||
caCertPath = inputCaCert
|
||||
}
|
||||
}
|
||||
|
||||
serverCertPath := "server-cert.pem"
|
||||
serverCertPath = filepath.Join(outDir, serverCertPath)
|
||||
|
||||
serverKeyPath := "server-key.pem"
|
||||
serverKeyPath = filepath.Join(outDir, serverKeyPath)
|
||||
|
||||
if err := machine_utils.GenerateCert([]string{""}, serverCertPath, serverKeyPath, caCertPath, caKeyPath, name, bits); err != nil {
|
||||
fmt.Println(err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
func mountProc() error {
|
||||
if _, err := os.Stat("/proc/self/mountinfo"); os.IsNotExist(err) {
|
||||
if _, err := os.Stat("/proc"); os.IsNotExist(err) {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user