github.com/lmars/docker@v1.6.0-rc2/docker/docker.go (about) 1 package main 2 3 import ( 4 "crypto/tls" 5 "crypto/x509" 6 "fmt" 7 "io/ioutil" 8 "os" 9 "strings" 10 11 log "github.com/Sirupsen/logrus" 12 "github.com/docker/docker/api" 13 "github.com/docker/docker/api/client" 14 "github.com/docker/docker/autogen/dockerversion" 15 flag "github.com/docker/docker/pkg/mflag" 16 "github.com/docker/docker/pkg/reexec" 17 "github.com/docker/docker/pkg/term" 18 "github.com/docker/docker/utils" 19 ) 20 21 const ( 22 defaultTrustKeyFile = "key.json" 23 defaultCaFile = "ca.pem" 24 defaultKeyFile = "key.pem" 25 defaultCertFile = "cert.pem" 26 ) 27 28 func main() { 29 if reexec.Init() { 30 return 31 } 32 33 // Set terminal emulation based on platform as required. 34 stdin, stdout, stderr := term.StdStreams() 35 36 initLogging(stderr) 37 38 flag.Parse() 39 // FIXME: validate daemon flags here 40 41 if *flVersion { 42 showVersion() 43 return 44 } 45 46 if *flLogLevel != "" { 47 lvl, err := log.ParseLevel(*flLogLevel) 48 if err != nil { 49 log.Fatalf("Unable to parse logging level: %s", *flLogLevel) 50 } 51 setLogLevel(lvl) 52 } else { 53 setLogLevel(log.InfoLevel) 54 } 55 56 // -D, --debug, -l/--log-level=debug processing 57 // When/if -D is removed this block can be deleted 58 if *flDebug { 59 os.Setenv("DEBUG", "1") 60 setLogLevel(log.DebugLevel) 61 } 62 63 if len(flHosts) == 0 { 64 defaultHost := os.Getenv("DOCKER_HOST") 65 if defaultHost == "" || *flDaemon { 66 // If we do not have a host, default to unix socket 67 defaultHost = fmt.Sprintf("unix://%s", api.DEFAULTUNIXSOCKET) 68 } 69 defaultHost, err := api.ValidateHost(defaultHost) 70 if err != nil { 71 log.Fatal(err) 72 } 73 flHosts = append(flHosts, defaultHost) 74 } 75 76 setDefaultConfFlag(flTrustKey, defaultTrustKeyFile) 77 78 if *flDaemon { 79 if *flHelp { 80 flag.Usage() 81 return 82 } 83 mainDaemon() 84 return 85 } 86 87 if len(flHosts) > 1 { 88 log.Fatal("Please specify only one -H") 89 } 90 protoAddrParts := strings.SplitN(flHosts[0], "://", 2) 91 92 var ( 93 cli *client.DockerCli 94 tlsConfig tls.Config 95 ) 96 tlsConfig.InsecureSkipVerify = true 97 98 // Regardless of whether the user sets it to true or false, if they 99 // specify --tlsverify at all then we need to turn on tls 100 if flag.IsSet("-tlsverify") { 101 *flTls = true 102 } 103 104 // If we should verify the server, we need to load a trusted ca 105 if *flTlsVerify { 106 certPool := x509.NewCertPool() 107 file, err := ioutil.ReadFile(*flCa) 108 if err != nil { 109 log.Fatalf("Couldn't read ca cert %s: %s", *flCa, err) 110 } 111 certPool.AppendCertsFromPEM(file) 112 tlsConfig.RootCAs = certPool 113 tlsConfig.InsecureSkipVerify = false 114 } 115 116 // If tls is enabled, try to load and send client certificates 117 if *flTls || *flTlsVerify { 118 _, errCert := os.Stat(*flCert) 119 _, errKey := os.Stat(*flKey) 120 if errCert == nil && errKey == nil { 121 *flTls = true 122 cert, err := tls.LoadX509KeyPair(*flCert, *flKey) 123 if err != nil { 124 log.Fatalf("Couldn't load X509 key pair: %q. Make sure the key is encrypted", err) 125 } 126 tlsConfig.Certificates = []tls.Certificate{cert} 127 } 128 // Avoid fallback to SSL protocols < TLS1.0 129 tlsConfig.MinVersion = tls.VersionTLS10 130 } 131 132 if *flTls || *flTlsVerify { 133 cli = client.NewDockerCli(stdin, stdout, stderr, *flTrustKey, protoAddrParts[0], protoAddrParts[1], &tlsConfig) 134 } else { 135 cli = client.NewDockerCli(stdin, stdout, stderr, *flTrustKey, protoAddrParts[0], protoAddrParts[1], nil) 136 } 137 138 if err := cli.Cmd(flag.Args()...); err != nil { 139 if sterr, ok := err.(*utils.StatusError); ok { 140 if sterr.Status != "" { 141 log.Println(sterr.Status) 142 } 143 os.Exit(sterr.StatusCode) 144 } 145 log.Fatal(err) 146 } 147 } 148 149 func showVersion() { 150 fmt.Printf("Docker version %s, build %s\n", dockerversion.VERSION, dockerversion.GITCOMMIT) 151 }