github.com/lxpollitt/docker@v1.5.0/docker/docker.go (about) 1 package main 2 3 import ( 4 "crypto/tls" 5 "crypto/x509" 6 "fmt" 7 "io/ioutil" 8 "os" 9 "strings" 10 11 log "github.com/Sirupsen/logrus" 12 "github.com/docker/docker/api" 13 "github.com/docker/docker/api/client" 14 "github.com/docker/docker/dockerversion" 15 flag "github.com/docker/docker/pkg/mflag" 16 "github.com/docker/docker/pkg/reexec" 17 "github.com/docker/docker/utils" 18 ) 19 20 const ( 21 defaultTrustKeyFile = "key.json" 22 defaultCaFile = "ca.pem" 23 defaultKeyFile = "key.pem" 24 defaultCertFile = "cert.pem" 25 ) 26 27 func main() { 28 if reexec.Init() { 29 return 30 } 31 32 flag.Parse() 33 // FIXME: validate daemon flags here 34 35 if *flVersion { 36 showVersion() 37 return 38 } 39 40 if *flLogLevel != "" { 41 lvl, err := log.ParseLevel(*flLogLevel) 42 if err != nil { 43 log.Fatalf("Unable to parse logging level: %s", *flLogLevel) 44 } 45 initLogging(lvl) 46 } else { 47 initLogging(log.InfoLevel) 48 } 49 50 // -D, --debug, -l/--log-level=debug processing 51 // When/if -D is removed this block can be deleted 52 if *flDebug { 53 os.Setenv("DEBUG", "1") 54 initLogging(log.DebugLevel) 55 } 56 57 if len(flHosts) == 0 { 58 defaultHost := os.Getenv("DOCKER_HOST") 59 if defaultHost == "" || *flDaemon { 60 // If we do not have a host, default to unix socket 61 defaultHost = fmt.Sprintf("unix://%s", api.DEFAULTUNIXSOCKET) 62 } 63 defaultHost, err := api.ValidateHost(defaultHost) 64 if err != nil { 65 log.Fatal(err) 66 } 67 flHosts = append(flHosts, defaultHost) 68 } 69 70 setDefaultConfFlag(flTrustKey, defaultTrustKeyFile) 71 72 if *flDaemon { 73 mainDaemon() 74 return 75 } 76 77 if len(flHosts) > 1 { 78 log.Fatal("Please specify only one -H") 79 } 80 protoAddrParts := strings.SplitN(flHosts[0], "://", 2) 81 82 var ( 83 cli *client.DockerCli 84 tlsConfig tls.Config 85 ) 86 tlsConfig.InsecureSkipVerify = true 87 88 // Regardless of whether the user sets it to true or false, if they 89 // specify --tlsverify at all then we need to turn on tls 90 if flag.IsSet("-tlsverify") { 91 *flTls = true 92 } 93 94 // If we should verify the server, we need to load a trusted ca 95 if *flTlsVerify { 96 certPool := x509.NewCertPool() 97 file, err := ioutil.ReadFile(*flCa) 98 if err != nil { 99 log.Fatalf("Couldn't read ca cert %s: %s", *flCa, err) 100 } 101 certPool.AppendCertsFromPEM(file) 102 tlsConfig.RootCAs = certPool 103 tlsConfig.InsecureSkipVerify = false 104 } 105 106 // If tls is enabled, try to load and send client certificates 107 if *flTls || *flTlsVerify { 108 _, errCert := os.Stat(*flCert) 109 _, errKey := os.Stat(*flKey) 110 if errCert == nil && errKey == nil { 111 *flTls = true 112 cert, err := tls.LoadX509KeyPair(*flCert, *flKey) 113 if err != nil { 114 log.Fatalf("Couldn't load X509 key pair: %s. Key encrypted?", err) 115 } 116 tlsConfig.Certificates = []tls.Certificate{cert} 117 } 118 // Avoid fallback to SSL protocols < TLS1.0 119 tlsConfig.MinVersion = tls.VersionTLS10 120 } 121 122 if *flTls || *flTlsVerify { 123 cli = client.NewDockerCli(os.Stdin, os.Stdout, os.Stderr, *flTrustKey, protoAddrParts[0], protoAddrParts[1], &tlsConfig) 124 } else { 125 cli = client.NewDockerCli(os.Stdin, os.Stdout, os.Stderr, *flTrustKey, protoAddrParts[0], protoAddrParts[1], nil) 126 } 127 128 if err := cli.Cmd(flag.Args()...); err != nil { 129 if sterr, ok := err.(*utils.StatusError); ok { 130 if sterr.Status != "" { 131 log.Println(sterr.Status) 132 } 133 os.Exit(sterr.StatusCode) 134 } 135 log.Fatal(err) 136 } 137 } 138 139 func showVersion() { 140 fmt.Printf("Docker version %s, build %s\n", dockerversion.VERSION, dockerversion.GITCOMMIT) 141 }