github.com/45cali/docker@v1.11.1/docker/common.go (about) 1 package main 2 3 import ( 4 "fmt" 5 "os" 6 "path/filepath" 7 8 "github.com/Sirupsen/logrus" 9 "github.com/docker/docker/cli" 10 "github.com/docker/docker/cliconfig" 11 "github.com/docker/docker/opts" 12 flag "github.com/docker/docker/pkg/mflag" 13 "github.com/docker/go-connections/tlsconfig" 14 ) 15 16 const ( 17 defaultTrustKeyFile = "key.json" 18 defaultCaFile = "ca.pem" 19 defaultKeyFile = "key.pem" 20 defaultCertFile = "cert.pem" 21 tlsVerifyKey = "tlsverify" 22 ) 23 24 var ( 25 commonFlags = &cli.CommonFlags{FlagSet: new(flag.FlagSet)} 26 27 dockerCertPath = os.Getenv("DOCKER_CERT_PATH") 28 dockerTLSVerify = os.Getenv("DOCKER_TLS_VERIFY") != "" 29 ) 30 31 func init() { 32 if dockerCertPath == "" { 33 dockerCertPath = cliconfig.ConfigDir() 34 } 35 36 commonFlags.PostParse = postParseCommon 37 38 cmd := commonFlags.FlagSet 39 40 cmd.BoolVar(&commonFlags.Debug, []string{"D", "-debug"}, false, "Enable debug mode") 41 cmd.StringVar(&commonFlags.LogLevel, []string{"l", "-log-level"}, "info", "Set the logging level") 42 cmd.BoolVar(&commonFlags.TLS, []string{"-tls"}, false, "Use TLS; implied by --tlsverify") 43 cmd.BoolVar(&commonFlags.TLSVerify, []string{"-tlsverify"}, dockerTLSVerify, "Use TLS and verify the remote") 44 45 // TODO use flag flag.String([]string{"i", "-identity"}, "", "Path to libtrust key file") 46 47 var tlsOptions tlsconfig.Options 48 commonFlags.TLSOptions = &tlsOptions 49 cmd.StringVar(&tlsOptions.CAFile, []string{"-tlscacert"}, filepath.Join(dockerCertPath, defaultCaFile), "Trust certs signed only by this CA") 50 cmd.StringVar(&tlsOptions.CertFile, []string{"-tlscert"}, filepath.Join(dockerCertPath, defaultCertFile), "Path to TLS certificate file") 51 cmd.StringVar(&tlsOptions.KeyFile, []string{"-tlskey"}, filepath.Join(dockerCertPath, defaultKeyFile), "Path to TLS key file") 52 53 cmd.Var(opts.NewNamedListOptsRef("hosts", &commonFlags.Hosts, opts.ValidateHost), []string{"H", "-host"}, "Daemon socket(s) to connect to") 54 } 55 56 func postParseCommon() { 57 cmd := commonFlags.FlagSet 58 59 setDaemonLogLevel(commonFlags.LogLevel) 60 61 // Regardless of whether the user sets it to true or false, if they 62 // specify --tlsverify at all then we need to turn on tls 63 // TLSVerify can be true even if not set due to DOCKER_TLS_VERIFY env var, so we need to check that here as well 64 if cmd.IsSet("-"+tlsVerifyKey) || commonFlags.TLSVerify { 65 commonFlags.TLS = true 66 } 67 68 if !commonFlags.TLS { 69 commonFlags.TLSOptions = nil 70 } else { 71 tlsOptions := commonFlags.TLSOptions 72 tlsOptions.InsecureSkipVerify = !commonFlags.TLSVerify 73 74 // Reset CertFile and KeyFile to empty string if the user did not specify 75 // the respective flags and the respective default files were not found. 76 if !cmd.IsSet("-tlscert") { 77 if _, err := os.Stat(tlsOptions.CertFile); os.IsNotExist(err) { 78 tlsOptions.CertFile = "" 79 } 80 } 81 if !cmd.IsSet("-tlskey") { 82 if _, err := os.Stat(tlsOptions.KeyFile); os.IsNotExist(err) { 83 tlsOptions.KeyFile = "" 84 } 85 } 86 } 87 } 88 89 func setDaemonLogLevel(logLevel string) { 90 if logLevel != "" { 91 lvl, err := logrus.ParseLevel(logLevel) 92 if err != nil { 93 fmt.Fprintf(os.Stderr, "Unable to parse logging level: %s\n", logLevel) 94 os.Exit(1) 95 } 96 logrus.SetLevel(lvl) 97 } else { 98 logrus.SetLevel(logrus.InfoLevel) 99 } 100 }