github.com/kaisenlinux/docker.io@v0.0.0-20230510090727-ea55db55fac7/swarmkit/cmd/external-ca-example/main.go (about) 1 package main 2 3 import ( 4 "io/ioutil" 5 "os" 6 "os/signal" 7 "path/filepath" 8 "syscall" 9 10 "github.com/docker/swarmkit/ca" 11 "github.com/docker/swarmkit/ca/testutils" 12 "github.com/docker/swarmkit/identity" 13 "github.com/sirupsen/logrus" 14 ) 15 16 func main() { 17 // Create root material within the current directory. 18 rootPaths := ca.CertPaths{ 19 Cert: filepath.Join("ca", "root.crt"), 20 Key: filepath.Join("ca", "root.key"), 21 } 22 23 // Initialize the Root CA. 24 rootCA, err := ca.CreateRootCA("external-ca-example") 25 if err != nil { 26 logrus.Fatalf("unable to initialize Root CA: %s", err.Error()) 27 } 28 if err := ca.SaveRootCA(rootCA, rootPaths); err != nil { 29 logrus.Fatalf("unable to save Root CA: %s", err.Error()) 30 } 31 32 // Create the initial manager node credentials. 33 nodeConfigPaths := ca.NewConfigPaths("certificates") 34 35 clusterID := identity.NewID() 36 nodeID := identity.NewID() 37 38 kw := ca.NewKeyReadWriter(nodeConfigPaths.Node, nil, nil) 39 if _, _, err := rootCA.IssueAndSaveNewCertificates(kw, nodeID, ca.ManagerRole, clusterID); err != nil { 40 logrus.Fatalf("unable to create initial manager node credentials: %s", err) 41 } 42 43 // And copy the Root CA certificate into the node config path for its 44 // CA. 45 ioutil.WriteFile(nodeConfigPaths.RootCA.Cert, rootCA.Certs, os.FileMode(0644)) 46 47 server, err := testutils.NewExternalSigningServer(rootCA, "ca") 48 if err != nil { 49 logrus.Fatalf("unable to start server: %s", err) 50 } 51 52 defer server.Stop() 53 54 logrus.Infof("Now run: swarmd -d . --listen-control-api ./swarmd.sock --external-ca protocol=cfssl,url=%s", server.URL) 55 56 sigC := make(chan os.Signal, 1) 57 signal.Notify(sigC, syscall.SIGTERM, syscall.SIGINT) 58 59 <-sigC 60 }