github.com/titanous/docker@v1.4.1/docker/docker.go (about) 1 package main 2 3 import ( 4 "crypto/tls" 5 "crypto/x509" 6 "fmt" 7 "io/ioutil" 8 "os" 9 "strings" 10 11 log "github.com/Sirupsen/logrus" 12 "github.com/docker/docker/api" 13 "github.com/docker/docker/api/client" 14 "github.com/docker/docker/dockerversion" 15 flag "github.com/docker/docker/pkg/mflag" 16 "github.com/docker/docker/pkg/reexec" 17 "github.com/docker/docker/utils" 18 ) 19 20 const ( 21 defaultTrustKeyFile = "key.json" 22 defaultCaFile = "ca.pem" 23 defaultKeyFile = "key.pem" 24 defaultCertFile = "cert.pem" 25 ) 26 27 func main() { 28 if reexec.Init() { 29 return 30 } 31 32 flag.Parse() 33 // FIXME: validate daemon flags here 34 35 if *flVersion { 36 showVersion() 37 return 38 } 39 40 if *flLogLevel != "" { 41 lvl, err := log.ParseLevel(*flLogLevel) 42 if err != nil { 43 log.Fatalf("Unable to parse logging level: %s", *flLogLevel) 44 } 45 initLogging(lvl) 46 } else { 47 initLogging(log.InfoLevel) 48 } 49 50 // -D, --debug, -l/--log-level=debug processing 51 // When/if -D is removed this block can be deleted 52 if *flDebug { 53 os.Setenv("DEBUG", "1") 54 initLogging(log.DebugLevel) 55 } 56 57 if len(flHosts) == 0 { 58 defaultHost := os.Getenv("DOCKER_HOST") 59 if defaultHost == "" || *flDaemon { 60 // If we do not have a host, default to unix socket 61 defaultHost = fmt.Sprintf("unix://%s", api.DEFAULTUNIXSOCKET) 62 } 63 defaultHost, err := api.ValidateHost(defaultHost) 64 if err != nil { 65 log.Fatal(err) 66 } 67 flHosts = append(flHosts, defaultHost) 68 } 69 70 if *flDaemon { 71 mainDaemon() 72 return 73 } 74 75 if len(flHosts) > 1 { 76 log.Fatal("Please specify only one -H") 77 } 78 protoAddrParts := strings.SplitN(flHosts[0], "://", 2) 79 80 var ( 81 cli *client.DockerCli 82 tlsConfig tls.Config 83 ) 84 tlsConfig.InsecureSkipVerify = true 85 86 // Regardless of whether the user sets it to true or false, if they 87 // specify --tlsverify at all then we need to turn on tls 88 if flag.IsSet("-tlsverify") { 89 *flTls = true 90 } 91 92 // If we should verify the server, we need to load a trusted ca 93 if *flTlsVerify { 94 certPool := x509.NewCertPool() 95 file, err := ioutil.ReadFile(*flCa) 96 if err != nil { 97 log.Fatalf("Couldn't read ca cert %s: %s", *flCa, err) 98 } 99 certPool.AppendCertsFromPEM(file) 100 tlsConfig.RootCAs = certPool 101 tlsConfig.InsecureSkipVerify = false 102 } 103 104 // If tls is enabled, try to load and send client certificates 105 if *flTls || *flTlsVerify { 106 _, errCert := os.Stat(*flCert) 107 _, errKey := os.Stat(*flKey) 108 if errCert == nil && errKey == nil { 109 *flTls = true 110 cert, err := tls.LoadX509KeyPair(*flCert, *flKey) 111 if err != nil { 112 log.Fatalf("Couldn't load X509 key pair: %s. Key encrypted?", err) 113 } 114 tlsConfig.Certificates = []tls.Certificate{cert} 115 } 116 // Avoid fallback to SSL protocols < TLS1.0 117 tlsConfig.MinVersion = tls.VersionTLS10 118 } 119 120 if *flTls || *flTlsVerify { 121 cli = client.NewDockerCli(os.Stdin, os.Stdout, os.Stderr, nil, protoAddrParts[0], protoAddrParts[1], &tlsConfig) 122 } else { 123 cli = client.NewDockerCli(os.Stdin, os.Stdout, os.Stderr, nil, protoAddrParts[0], protoAddrParts[1], nil) 124 } 125 126 if err := cli.Cmd(flag.Args()...); err != nil { 127 if sterr, ok := err.(*utils.StatusError); ok { 128 if sterr.Status != "" { 129 log.Println(sterr.Status) 130 } 131 os.Exit(sterr.StatusCode) 132 } 133 log.Fatal(err) 134 } 135 } 136 137 func showVersion() { 138 fmt.Printf("Docker version %s, build %s\n", dockerversion.VERSION, dockerversion.GITCOMMIT) 139 }