github.com/pritambaral/docker@v1.4.2-0.20150120174542-b2fe1b3dd952/docker/docker.go (about) 1 package main 2 3 import ( 4 "crypto/tls" 5 "crypto/x509" 6 "fmt" 7 "io/ioutil" 8 "os" 9 "strings" 10 11 log "github.com/Sirupsen/logrus" 12 "github.com/docker/docker/api" 13 "github.com/docker/docker/api/client" 14 "github.com/docker/docker/dockerversion" 15 flag "github.com/docker/docker/pkg/mflag" 16 "github.com/docker/docker/pkg/reexec" 17 "github.com/docker/docker/utils" 18 ) 19 20 const ( 21 defaultTrustKeyFile = "key.json" 22 defaultCaFile = "ca.pem" 23 defaultKeyFile = "key.pem" 24 defaultCertFile = "cert.pem" 25 ) 26 27 func main() { 28 if reexec.Init() { 29 return 30 } 31 32 flag.Parse() 33 // FIXME: validate daemon flags here 34 35 if *flVersion { 36 showVersion() 37 return 38 } 39 40 if *flLogLevel != "" { 41 lvl, err := log.ParseLevel(*flLogLevel) 42 if err != nil { 43 log.Fatalf("Unable to parse logging level: %s", *flLogLevel) 44 } 45 initLogging(lvl) 46 } else { 47 initLogging(log.InfoLevel) 48 } 49 50 // -D, --debug, -l/--log-level=debug processing 51 // When/if -D is removed this block can be deleted 52 if *flDebug { 53 os.Setenv("DEBUG", "1") 54 initLogging(log.DebugLevel) 55 } 56 57 if len(flHosts) == 0 { 58 defaultHost := os.Getenv("DOCKER_HOST") 59 if defaultHost == "" || *flDaemon { 60 // If we do not have a host, default to unix socket 61 defaultHost = fmt.Sprintf("unix://%s", api.DEFAULTUNIXSOCKET) 62 } 63 defaultHost, err := api.ValidateHost(defaultHost) 64 if err != nil { 65 log.Fatal(err) 66 } 67 flHosts = append(flHosts, defaultHost) 68 } 69 70 if *flDaemon { 71 mainDaemon() 72 return 73 } 74 75 if len(flHosts) > 1 { 76 log.Fatal("Please specify only one -H") 77 } 78 protoAddrParts := strings.SplitN(flHosts[0], "://", 2) 79 80 trustKey, err := api.LoadOrCreateTrustKey(*flTrustKey) 81 if err != nil { 82 log.Fatal(err) 83 } 84 85 var ( 86 cli *client.DockerCli 87 tlsConfig tls.Config 88 ) 89 tlsConfig.InsecureSkipVerify = true 90 91 // Regardless of whether the user sets it to true or false, if they 92 // specify --tlsverify at all then we need to turn on tls 93 if flag.IsSet("-tlsverify") { 94 *flTls = true 95 } 96 97 // If we should verify the server, we need to load a trusted ca 98 if *flTlsVerify { 99 certPool := x509.NewCertPool() 100 file, err := ioutil.ReadFile(*flCa) 101 if err != nil { 102 log.Fatalf("Couldn't read ca cert %s: %s", *flCa, err) 103 } 104 certPool.AppendCertsFromPEM(file) 105 tlsConfig.RootCAs = certPool 106 tlsConfig.InsecureSkipVerify = false 107 } 108 109 // If tls is enabled, try to load and send client certificates 110 if *flTls || *flTlsVerify { 111 _, errCert := os.Stat(*flCert) 112 _, errKey := os.Stat(*flKey) 113 if errCert == nil && errKey == nil { 114 *flTls = true 115 cert, err := tls.LoadX509KeyPair(*flCert, *flKey) 116 if err != nil { 117 log.Fatalf("Couldn't load X509 key pair: %s. Key encrypted?", err) 118 } 119 tlsConfig.Certificates = []tls.Certificate{cert} 120 } 121 // Avoid fallback to SSL protocols < TLS1.0 122 tlsConfig.MinVersion = tls.VersionTLS10 123 } 124 125 if *flTls || *flTlsVerify { 126 cli = client.NewDockerCli(os.Stdin, os.Stdout, os.Stderr, trustKey, protoAddrParts[0], protoAddrParts[1], &tlsConfig) 127 } else { 128 cli = client.NewDockerCli(os.Stdin, os.Stdout, os.Stderr, trustKey, protoAddrParts[0], protoAddrParts[1], nil) 129 } 130 131 if err := cli.Cmd(flag.Args()...); err != nil { 132 if sterr, ok := err.(*utils.StatusError); ok { 133 if sterr.Status != "" { 134 log.Println(sterr.Status) 135 } 136 os.Exit(sterr.StatusCode) 137 } 138 log.Fatal(err) 139 } 140 } 141 142 func showVersion() { 143 fmt.Printf("Docker version %s, build %s\n", dockerversion.VERSION, dockerversion.GITCOMMIT) 144 }