options.go 3.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123
  1. package main
  2. import (
  3. "fmt"
  4. "os"
  5. "path/filepath"
  6. "github.com/Sirupsen/logrus"
  7. cliconfig "github.com/docker/docker/cli/config"
  8. "github.com/docker/docker/daemon/config"
  9. "github.com/docker/docker/opts"
  10. "github.com/docker/go-connections/tlsconfig"
  11. "github.com/spf13/pflag"
  12. )
  13. const (
  14. // DefaultCaFile is the default filename for the CA pem file
  15. DefaultCaFile = "ca.pem"
  16. // DefaultKeyFile is the default filename for the key pem file
  17. DefaultKeyFile = "key.pem"
  18. // DefaultCertFile is the default filename for the cert pem file
  19. DefaultCertFile = "cert.pem"
  20. // FlagTLSVerify is the flag name for the TLS verification option
  21. FlagTLSVerify = "tlsverify"
  22. )
  23. var (
  24. dockerCertPath = os.Getenv("DOCKER_CERT_PATH")
  25. dockerTLSVerify = os.Getenv("DOCKER_TLS_VERIFY") != ""
  26. )
  27. type daemonOptions struct {
  28. version bool
  29. configFile string
  30. daemonConfig *config.Config
  31. flags *pflag.FlagSet
  32. Debug bool
  33. Hosts []string
  34. LogLevel string
  35. TLS bool
  36. TLSVerify bool
  37. TLSOptions *tlsconfig.Options
  38. }
  39. // newDaemonOptions returns a new daemonFlags
  40. func newDaemonOptions(config *config.Config) *daemonOptions {
  41. return &daemonOptions{
  42. daemonConfig: config,
  43. }
  44. }
  45. // InstallFlags adds flags for the common options on the FlagSet
  46. func (o *daemonOptions) InstallFlags(flags *pflag.FlagSet) {
  47. if dockerCertPath == "" {
  48. dockerCertPath = cliconfig.Dir()
  49. }
  50. flags.BoolVarP(&o.Debug, "debug", "D", false, "Enable debug mode")
  51. flags.StringVarP(&o.LogLevel, "log-level", "l", "info", `Set the logging level ("debug"|"info"|"warn"|"error"|"fatal")`)
  52. flags.BoolVar(&o.TLS, "tls", false, "Use TLS; implied by --tlsverify")
  53. flags.BoolVar(&o.TLSVerify, FlagTLSVerify, dockerTLSVerify, "Use TLS and verify the remote")
  54. // TODO use flag flags.String("identity"}, "i", "", "Path to libtrust key file")
  55. o.TLSOptions = &tlsconfig.Options{
  56. CAFile: filepath.Join(dockerCertPath, DefaultCaFile),
  57. CertFile: filepath.Join(dockerCertPath, DefaultCertFile),
  58. KeyFile: filepath.Join(dockerCertPath, DefaultKeyFile),
  59. }
  60. tlsOptions := o.TLSOptions
  61. flags.Var(opts.NewQuotedString(&tlsOptions.CAFile), "tlscacert", "Trust certs signed only by this CA")
  62. flags.Var(opts.NewQuotedString(&tlsOptions.CertFile), "tlscert", "Path to TLS certificate file")
  63. flags.Var(opts.NewQuotedString(&tlsOptions.KeyFile), "tlskey", "Path to TLS key file")
  64. hostOpt := opts.NewNamedListOptsRef("hosts", &o.Hosts, opts.ValidateHost)
  65. flags.VarP(hostOpt, "host", "H", "Daemon socket(s) to connect to")
  66. }
  67. // SetDefaultOptions sets default values for options after flag parsing is
  68. // complete
  69. func (o *daemonOptions) SetDefaultOptions(flags *pflag.FlagSet) {
  70. // Regardless of whether the user sets it to true or false, if they
  71. // specify --tlsverify at all then we need to turn on TLS
  72. // TLSVerify can be true even if not set due to DOCKER_TLS_VERIFY env var, so we need
  73. // to check that here as well
  74. if flags.Changed(FlagTLSVerify) || o.TLSVerify {
  75. o.TLS = true
  76. }
  77. if !o.TLS {
  78. o.TLSOptions = nil
  79. } else {
  80. tlsOptions := o.TLSOptions
  81. tlsOptions.InsecureSkipVerify = !o.TLSVerify
  82. // Reset CertFile and KeyFile to empty string if the user did not specify
  83. // the respective flags and the respective default files were not found.
  84. if !flags.Changed("tlscert") {
  85. if _, err := os.Stat(tlsOptions.CertFile); os.IsNotExist(err) {
  86. tlsOptions.CertFile = ""
  87. }
  88. }
  89. if !flags.Changed("tlskey") {
  90. if _, err := os.Stat(tlsOptions.KeyFile); os.IsNotExist(err) {
  91. tlsOptions.KeyFile = ""
  92. }
  93. }
  94. }
  95. }
  96. // setLogLevel sets the logrus logging level
  97. func setLogLevel(logLevel string) {
  98. if logLevel != "" {
  99. lvl, err := logrus.ParseLevel(logLevel)
  100. if err != nil {
  101. fmt.Fprintf(os.Stderr, "Unable to parse logging level: %s\n", logLevel)
  102. os.Exit(1)
  103. }
  104. logrus.SetLevel(lvl)
  105. } else {
  106. logrus.SetLevel(logrus.InfoLevel)
  107. }
  108. }