github.com/ld86/docker@v1.7.1-rc3/docker/docker.go (about)

     1  package main
     2  
     3  import (
     4  	"crypto/tls"
     5  	"crypto/x509"
     6  	"fmt"
     7  	"io/ioutil"
     8  	"os"
     9  	"runtime"
    10  	"strings"
    11  
    12  	"github.com/Sirupsen/logrus"
    13  	"github.com/docker/docker/api/client"
    14  	"github.com/docker/docker/autogen/dockerversion"
    15  	"github.com/docker/docker/opts"
    16  	flag "github.com/docker/docker/pkg/mflag"
    17  	"github.com/docker/docker/pkg/reexec"
    18  	"github.com/docker/docker/pkg/term"
    19  	"github.com/docker/docker/utils"
    20  )
    21  
    22  const (
    23  	defaultTrustKeyFile = "key.json"
    24  	defaultCaFile       = "ca.pem"
    25  	defaultKeyFile      = "key.pem"
    26  	defaultCertFile     = "cert.pem"
    27  )
    28  
    29  func main() {
    30  	if reexec.Init() {
    31  		return
    32  	}
    33  
    34  	// Set terminal emulation based on platform as required.
    35  	stdin, stdout, stderr := term.StdStreams()
    36  
    37  	initLogging(stderr)
    38  
    39  	flag.Parse()
    40  	// FIXME: validate daemon flags here
    41  
    42  	if *flVersion {
    43  		showVersion()
    44  		return
    45  	}
    46  
    47  	if *flLogLevel != "" {
    48  		lvl, err := logrus.ParseLevel(*flLogLevel)
    49  		if err != nil {
    50  			fmt.Fprintf(os.Stderr, "Unable to parse logging level: %s\n", *flLogLevel)
    51  			os.Exit(1)
    52  		}
    53  		setLogLevel(lvl)
    54  	} else {
    55  		setLogLevel(logrus.InfoLevel)
    56  	}
    57  
    58  	if *flDebug {
    59  		os.Setenv("DEBUG", "1")
    60  		setLogLevel(logrus.DebugLevel)
    61  	}
    62  
    63  	if len(flHosts) == 0 {
    64  		defaultHost := os.Getenv("DOCKER_HOST")
    65  		if defaultHost == "" || *flDaemon {
    66  			if runtime.GOOS != "windows" {
    67  				// If we do not have a host, default to unix socket
    68  				defaultHost = fmt.Sprintf("unix://%s", opts.DefaultUnixSocket)
    69  			} else {
    70  				// If we do not have a host, default to TCP socket on Windows
    71  				defaultHost = fmt.Sprintf("tcp://%s:%d", opts.DefaultHTTPHost, opts.DefaultHTTPPort)
    72  			}
    73  		}
    74  		defaultHost, err := opts.ValidateHost(defaultHost)
    75  		if err != nil {
    76  			if *flDaemon {
    77  				logrus.Fatal(err)
    78  			} else {
    79  				fmt.Fprint(os.Stderr, err)
    80  			}
    81  			os.Exit(1)
    82  		}
    83  		flHosts = append(flHosts, defaultHost)
    84  	}
    85  
    86  	setDefaultConfFlag(flTrustKey, defaultTrustKeyFile)
    87  
    88  	if *flDaemon {
    89  		if *flHelp {
    90  			flag.Usage()
    91  			return
    92  		}
    93  		mainDaemon()
    94  		return
    95  	}
    96  
    97  	if len(flHosts) > 1 {
    98  		fmt.Fprintf(os.Stderr, "Please specify only one -H")
    99  		os.Exit(0)
   100  	}
   101  	protoAddrParts := strings.SplitN(flHosts[0], "://", 2)
   102  
   103  	var (
   104  		cli       *client.DockerCli
   105  		tlsConfig tls.Config
   106  	)
   107  	tlsConfig.InsecureSkipVerify = true
   108  
   109  	// Regardless of whether the user sets it to true or false, if they
   110  	// specify --tlsverify at all then we need to turn on tls
   111  	if flag.IsSet("-tlsverify") {
   112  		*flTls = true
   113  	}
   114  
   115  	// If we should verify the server, we need to load a trusted ca
   116  	if *flTlsVerify {
   117  		certPool := x509.NewCertPool()
   118  		file, err := ioutil.ReadFile(*flCa)
   119  		if err != nil {
   120  			fmt.Fprintf(os.Stderr, "Couldn't read ca cert %s: %s\n", *flCa, err)
   121  			os.Exit(1)
   122  		}
   123  		certPool.AppendCertsFromPEM(file)
   124  		tlsConfig.RootCAs = certPool
   125  		tlsConfig.InsecureSkipVerify = false
   126  	}
   127  
   128  	// If tls is enabled, try to load and send client certificates
   129  	if *flTls || *flTlsVerify {
   130  		_, errCert := os.Stat(*flCert)
   131  		_, errKey := os.Stat(*flKey)
   132  		if errCert == nil && errKey == nil {
   133  			*flTls = true
   134  			cert, err := tls.LoadX509KeyPair(*flCert, *flKey)
   135  			if err != nil {
   136  				fmt.Fprintf(os.Stderr, "Couldn't load X509 key pair: %q. Make sure the key is encrypted\n", err)
   137  				os.Exit(1)
   138  			}
   139  			tlsConfig.Certificates = []tls.Certificate{cert}
   140  		}
   141  		// Avoid fallback to SSL protocols < TLS1.0
   142  		tlsConfig.MinVersion = tls.VersionTLS10
   143  	}
   144  
   145  	if *flTls || *flTlsVerify {
   146  		cli = client.NewDockerCli(stdin, stdout, stderr, *flTrustKey, protoAddrParts[0], protoAddrParts[1], &tlsConfig)
   147  	} else {
   148  		cli = client.NewDockerCli(stdin, stdout, stderr, *flTrustKey, protoAddrParts[0], protoAddrParts[1], nil)
   149  	}
   150  
   151  	if err := cli.Cmd(flag.Args()...); err != nil {
   152  		if sterr, ok := err.(client.StatusError); ok {
   153  			if sterr.Status != "" {
   154  				fmt.Fprintln(cli.Err(), sterr.Status)
   155  				os.Exit(1)
   156  			}
   157  			os.Exit(sterr.StatusCode)
   158  		}
   159  		fmt.Fprintln(cli.Err(), err)
   160  		os.Exit(1)
   161  	}
   162  }
   163  
   164  func showVersion() {
   165  	if utils.ExperimentalBuild() {
   166  		fmt.Printf("Docker version %s, build %s, experimental\n", dockerversion.VERSION, dockerversion.GITCOMMIT)
   167  	} else {
   168  		fmt.Printf("Docker version %s, build %s\n", dockerversion.VERSION, dockerversion.GITCOMMIT)
   169  	}
   170  }