| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115 |
- package main
- import (
- "crypto/tls"
- "crypto/x509"
- "fmt"
- "io/ioutil"
- "log"
- "os"
- "strings"
- "github.com/docker/docker/api"
- "github.com/docker/docker/api/client"
- "github.com/docker/docker/dockerversion"
- flag "github.com/docker/docker/pkg/mflag"
- "github.com/docker/docker/reexec"
- "github.com/docker/docker/utils"
- )
- const (
- defaultCaFile = "ca.pem"
- defaultKeyFile = "key.pem"
- defaultCertFile = "cert.pem"
- )
- func main() {
- if reexec.Init() {
- return
- }
- flag.Parse()
- // FIXME: validate daemon flags here
- if *flVersion {
- showVersion()
- return
- }
- if *flDebug {
- os.Setenv("DEBUG", "1")
- }
- if len(flHosts) == 0 {
- defaultHost := os.Getenv("DOCKER_HOST")
- if defaultHost == "" || *flDaemon {
- // If we do not have a host, default to unix socket
- defaultHost = fmt.Sprintf("unix://%s", api.DEFAULTUNIXSOCKET)
- }
- if _, err := api.ValidateHost(defaultHost); err != nil {
- log.Fatal(err)
- }
- flHosts = append(flHosts, defaultHost)
- }
- if *flDaemon {
- mainDaemon()
- return
- }
- if len(flHosts) > 1 {
- log.Fatal("Please specify only one -H")
- }
- protoAddrParts := strings.SplitN(flHosts[0], "://", 2)
- var (
- cli *client.DockerCli
- tlsConfig tls.Config
- )
- tlsConfig.InsecureSkipVerify = true
- // If we should verify the server, we need to load a trusted ca
- if *flTlsVerify {
- *flTls = true
- certPool := x509.NewCertPool()
- file, err := ioutil.ReadFile(*flCa)
- if err != nil {
- log.Fatalf("Couldn't read ca cert %s: %s", *flCa, err)
- }
- certPool.AppendCertsFromPEM(file)
- tlsConfig.RootCAs = certPool
- tlsConfig.InsecureSkipVerify = false
- }
- // If tls is enabled, try to load and send client certificates
- if *flTls || *flTlsVerify {
- _, errCert := os.Stat(*flCert)
- _, errKey := os.Stat(*flKey)
- if errCert == nil && errKey == nil {
- *flTls = true
- cert, err := tls.LoadX509KeyPair(*flCert, *flKey)
- if err != nil {
- log.Fatalf("Couldn't load X509 key pair: %s. Key encrypted?", err)
- }
- tlsConfig.Certificates = []tls.Certificate{cert}
- }
- }
- if *flTls || *flTlsVerify {
- cli = client.NewDockerCli(os.Stdin, os.Stdout, os.Stderr, protoAddrParts[0], protoAddrParts[1], &tlsConfig)
- } else {
- cli = client.NewDockerCli(os.Stdin, os.Stdout, os.Stderr, protoAddrParts[0], protoAddrParts[1], nil)
- }
- if err := cli.Cmd(flag.Args()...); err != nil {
- if sterr, ok := err.(*utils.StatusError); ok {
- if sterr.Status != "" {
- log.Println(sterr.Status)
- }
- os.Exit(sterr.StatusCode)
- }
- log.Fatal(err)
- }
- }
- func showVersion() {
- fmt.Printf("Docker version %s, build %s\n", dockerversion.VERSION, dockerversion.GITCOMMIT)
- }
|
