github.com/vincentwoo/docker@v0.7.3-0.20160116130405-82401a4b13c0/docker/common.go (about) 1 package main 2 3 import ( 4 "fmt" 5 "os" 6 "path/filepath" 7 8 "github.com/Sirupsen/logrus" 9 "github.com/docker/docker/cli" 10 "github.com/docker/docker/cliconfig" 11 "github.com/docker/docker/opts" 12 flag "github.com/docker/docker/pkg/mflag" 13 "github.com/docker/go-connections/tlsconfig" 14 ) 15 16 const ( 17 defaultTrustKeyFile = "key.json" 18 defaultCaFile = "ca.pem" 19 defaultKeyFile = "key.pem" 20 defaultCertFile = "cert.pem" 21 ) 22 23 var ( 24 commonFlags = &cli.CommonFlags{FlagSet: new(flag.FlagSet)} 25 26 dockerCertPath = os.Getenv("DOCKER_CERT_PATH") 27 dockerTLSVerify = os.Getenv("DOCKER_TLS_VERIFY") != "" 28 ) 29 30 func init() { 31 if dockerCertPath == "" { 32 dockerCertPath = cliconfig.ConfigDir() 33 } 34 35 commonFlags.PostParse = postParseCommon 36 37 cmd := commonFlags.FlagSet 38 39 cmd.BoolVar(&commonFlags.Debug, []string{"D", "-debug"}, false, "Enable debug mode") 40 cmd.StringVar(&commonFlags.LogLevel, []string{"l", "-log-level"}, "info", "Set the logging level") 41 cmd.BoolVar(&commonFlags.TLS, []string{"-tls"}, false, "Use TLS; implied by --tlsverify") 42 cmd.BoolVar(&commonFlags.TLSVerify, []string{"-tlsverify"}, dockerTLSVerify, "Use TLS and verify the remote") 43 44 // TODO use flag flag.String([]string{"i", "-identity"}, "", "Path to libtrust key file") 45 46 var tlsOptions tlsconfig.Options 47 commonFlags.TLSOptions = &tlsOptions 48 cmd.StringVar(&tlsOptions.CAFile, []string{"-tlscacert"}, filepath.Join(dockerCertPath, defaultCaFile), "Trust certs signed only by this CA") 49 cmd.StringVar(&tlsOptions.CertFile, []string{"-tlscert"}, filepath.Join(dockerCertPath, defaultCertFile), "Path to TLS certificate file") 50 cmd.StringVar(&tlsOptions.KeyFile, []string{"-tlskey"}, filepath.Join(dockerCertPath, defaultKeyFile), "Path to TLS key file") 51 52 cmd.Var(opts.NewNamedListOptsRef("hosts", &commonFlags.Hosts, opts.ValidateHost), []string{"H", "-host"}, "Daemon socket(s) to connect to") 53 } 54 55 func postParseCommon() { 56 cmd := commonFlags.FlagSet 57 58 if commonFlags.LogLevel != "" { 59 lvl, err := logrus.ParseLevel(commonFlags.LogLevel) 60 if err != nil { 61 fmt.Fprintf(os.Stderr, "Unable to parse logging level: %s\n", commonFlags.LogLevel) 62 os.Exit(1) 63 } 64 logrus.SetLevel(lvl) 65 } else { 66 logrus.SetLevel(logrus.InfoLevel) 67 } 68 69 // Regardless of whether the user sets it to true or false, if they 70 // specify --tlsverify at all then we need to turn on tls 71 // TLSVerify can be true even if not set due to DOCKER_TLS_VERIFY env var, so we need to check that here as well 72 if cmd.IsSet("-tlsverify") || commonFlags.TLSVerify { 73 commonFlags.TLS = true 74 } 75 76 if !commonFlags.TLS { 77 commonFlags.TLSOptions = nil 78 } else { 79 tlsOptions := commonFlags.TLSOptions 80 tlsOptions.InsecureSkipVerify = !commonFlags.TLSVerify 81 82 // Reset CertFile and KeyFile to empty string if the user did not specify 83 // the respective flags and the respective default files were not found. 84 if !cmd.IsSet("-tlscert") { 85 if _, err := os.Stat(tlsOptions.CertFile); os.IsNotExist(err) { 86 tlsOptions.CertFile = "" 87 } 88 } 89 if !cmd.IsSet("-tlskey") { 90 if _, err := os.Stat(tlsOptions.KeyFile); os.IsNotExist(err) { 91 tlsOptions.KeyFile = "" 92 } 93 } 94 } 95 }