rancher/os
1
0
Fork 1
mirror of https://github.com/rancher/os.git synced 2025-08-12 12:02:22 +00:00
Code Issues Releases Wiki Activity

Refactor tlsconf

Browse Source
This commit is contained in:
Darren Shepherd 2015-02-19 13:48:10 -07:00
parent 900b4512c9
commit 7fd1091b6e
4 changed files with 101 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
cmd/tlsconf/tlsconf.go Normal file
View File

@ -0,0 +1,98 @@
package tlsconf
import (
"fmt"
"os"
"path/filepath"
machineUtil "github.com/docker/machine/utils"
)
func Main() {
name := "rancher"
bits := 2048
vargs := os.Args
caCertPath := "ca.pem"
caKeyPath := "ca-key.pem"
outDir := "/etc/docker/tls/"
generateCaCerts := true
inputCaKey := ""
inputCaCert := ""
for index := range vargs {
arg := vargs[index]
if arg == "--help" || arg == "-h" {
fmt.Println("run tlsconfig with no args to generate ca, cakey, server-key and server-cert in /var/run \n")
fmt.Println("--help or -h\t print this help text")
fmt.Println("--cakey\t\t path to existing certificate authority key (only use with -g)")
fmt.Println("--ca\t\t path to existing certificate authority (only use with -g)")
fmt.Println("--g \t\t generates server key and server cert from existing ca and caKey")
fmt.Println("--outdir \t the output directory to save the generate certs or keys")
return
} else if arg == "--outdir" {
if len(vargs) > index+1 {
outDir = vargs[index+1]
} else {
fmt.Println("please specify a output directory")
}
} else if arg == "-g" {
generateCaCerts = false
} else if arg == "--cakey" {
if len(vargs) > index+1 {
inputCaKey = vargs[index+1]
} else {
fmt.Println("please specify a input ca-key file path")
}
} else if arg == "--ca" {
if len(vargs) > index+1 {
inputCaCert = vargs[index+1]
} else {
fmt.Println("please specify a input ca file path")
}
}
}
caCertPath = filepath.Join(outDir, caCertPath)
caKeyPath = filepath.Join(outDir, caKeyPath)
if generateCaCerts {
if err := machineUtil.GenerateCACertificate(caCertPath, caKeyPath, name, bits); err != nil {
fmt.Println(err.Error())
return
}
} else {
if inputCaKey == "" || inputCaCert == "" {
fmt.Println("Please specify caKey and CaCert along with -g")
return
}
if _, err := os.Stat(inputCaKey); err != nil {
fmt.Printf("ERROR: %s does not exist\n", inputCaKey)
return
} else {
caKeyPath = inputCaKey
}
if _, err := os.Stat(inputCaCert); err != nil {
fmt.Printf("ERROR: %s does not exist\n", inputCaCert)
return
} else {
caCertPath = inputCaCert
}
}
serverCertPath := "server-cert.pem"
serverCertPath = filepath.Join(outDir, serverCertPath)
serverKeyPath := "server-key.pem"
serverKeyPath = filepath.Join(outDir, serverKeyPath)
if err := machineUtil.GenerateCert([]string{""}, serverCertPath, serverKeyPath, caCertPath, caKeyPath, name, bits); err != nil {
fmt.Println(err.Error())
return
}
}

1
config/default.go
View File

@ -89,6 +89,7 @@ func NewConfig() *Config {
"--volumes-from=system-volumes " + "--volumes-from=system-volumes " +
"-v=/usr/bin/docker:/usr/bin/docker:ro " + "-v=/usr/bin/docker:/usr/bin/docker:ro " +
"-v=/init:/usr/bin/tlsconf:ro " + "-v=/init:/usr/bin/tlsconf:ro " +
"-v=/init:/usr/sbin/rancherctl:ro " +
"-v=/var/lib/rancher/state/docker:/var/lib/docker " + "-v=/var/lib/rancher/state/docker:/var/lib/docker " +
"userdocker", "userdocker",
}, },

4
main.go
View File

@ -8,11 +8,11 @@ import (
"github.com/docker/docker/pkg/reexec" "github.com/docker/docker/pkg/reexec"
"github.com/rancherio/os/cmd/control" "github.com/rancherio/os/cmd/control"
"github.com/rancherio/os/cmd/systemdocker" "github.com/rancherio/os/cmd/systemdocker"
"github.com/rancherio/os/cmd/tlsconf"
osInit "github.com/rancherio/os/init" osInit "github.com/rancherio/os/init"
"github.com/rancherio/os/power" "github.com/rancherio/os/power"
"github.com/rancherio/os/respawn" "github.com/rancherio/os/respawn"
"github.com/rancherio/os/sysinit" "github.com/rancherio/os/sysinit"
"github.com/rancherio/os/util"
) )
func registerCmd(cmd string, mainFunc func()) { func registerCmd(cmd string, mainFunc func()) {
@ -42,7 +42,7 @@ func main() {
registerCmd("/sbin/halt", power.Halt) registerCmd("/sbin/halt", power.Halt)
registerCmd("/usr/bin/respawn", respawn.Main) registerCmd("/usr/bin/respawn", respawn.Main)
registerCmd("/usr/sbin/rancherctl", control.Main) registerCmd("/usr/sbin/rancherctl", control.Main)
registerCmd("/usr/bin/tlsconf", util.TLSConf) registerCmd("/usr/bin/tlsconf", tlsconf.Main)
registerCmd("/usr/bin/cloudinit", control.CloudInit) registerCmd("/usr/bin/cloudinit", control.CloudInit)
if !reexec.Init() { if !reexec.Init() {

92
util/util.go
View File

@ -7,107 +7,15 @@ import (
"math/rand" "math/rand"
"os" "os"
"path" "path"
"path/filepath"
"syscall" "syscall"
"github.com/docker/docker/pkg/mount" "github.com/docker/docker/pkg/mount"
machine_utils "github.com/docker/machine/utils"
) )
var ( var (
letters = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ") letters = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
) )
func TLSConf() {
name := "rancher"
bits := 2048
vargs := os.Args
caCertPath := "ca.pem"
caKeyPath := "ca-key.pem"
outDir := "/etc/docker/tls/"
generateCaCerts := true
inputCaKey := ""
inputCaCert := ""
for index := range vargs {
arg := vargs[index]
if arg == "--help" || arg == "-h" {
fmt.Println("run tlsconfig with no args to generate ca, cakey, server-key and server-cert in /var/run \n")
fmt.Println("--help or -h\t print this help text")
fmt.Println("--cakey\t\t path to existing certificate authority key (only use with -g)")
fmt.Println("--ca\t\t path to existing certificate authority (only use with -g)")
fmt.Println("--g \t\t generates server key and server cert from existing ca and caKey")
fmt.Println("--outdir \t the output directory to save the generate certs or keys")
return
} else if arg == "--outdir" {
if len(vargs) > index+1 {
outDir = vargs[index+1]
} else {
fmt.Println("please specify a output directory")
}
} else if arg == "-g" {
generateCaCerts = false
} else if arg == "--cakey" {
if len(vargs) > index+1 {
inputCaKey = vargs[index+1]
} else {
fmt.Println("please specify a input ca-key file path")
}
} else if arg == "--ca" {
if len(vargs) > index+1 {
inputCaCert = vargs[index+1]
} else {
fmt.Println("please specify a input ca file path")
}
}
}
caCertPath = filepath.Join(outDir, caCertPath)
caKeyPath = filepath.Join(outDir, caKeyPath)
if generateCaCerts {
if err := machine_utils.GenerateCACertificate(caCertPath, caKeyPath, name, bits); err != nil {
fmt.Println(err.Error())
return
}
} else {
if inputCaKey == "" || inputCaCert == "" {
fmt.Println("Please specify caKey and CaCert along with -g")
return
}
if _, err := os.Stat(inputCaKey); err != nil {
//throw error if input ca key not found
fmt.Printf("ERROR: %s does not exist\n", inputCaKey)
return
} else {
caKeyPath = inputCaKey
}
if _, err := os.Stat(inputCaCert); err != nil {
fmt.Printf("ERROR: %s does not exist\n", inputCaCert)
return
} else {
caCertPath = inputCaCert
}
}
serverCertPath := "server-cert.pem"
serverCertPath = filepath.Join(outDir, serverCertPath)
serverKeyPath := "server-key.pem"
serverKeyPath = filepath.Join(outDir, serverKeyPath)
if err := machine_utils.GenerateCert([]string{""}, serverCertPath, serverKeyPath, caCertPath, caKeyPath, name, bits); err != nil {
fmt.Println(err.Error())
return
}
}
func mountProc() error { func mountProc() error {
if _, err := os.Stat("/proc/self/mountinfo"); os.IsNotExist(err) { if _, err := os.Stat("/proc/self/mountinfo"); os.IsNotExist(err) {
if _, err := os.Stat("/proc"); os.IsNotExist(err) { if _, err := os.Stat("/proc"); os.IsNotExist(err) {