moby/daemon/id.go

62 lines
2 KiB
Go
Raw Normal View History

package daemon // import "github.com/docker/docker/daemon"
import (
"os"
"github.com/docker/docker/pkg/ioutils"
"github.com/docker/libtrust"
"github.com/google/uuid"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
)
// loadOrCreateID loads the engine's ID from idPath, or generates a new ID
// if it doesn't exist. It returns the ID, and any error that occurred when
// saving the file.
//
// Note that this function expects the daemon's root directory to already have
// been created with the right permissions and ownership (usually this would
// be done by daemon.CreateDaemonRoot().
func loadOrCreateID(idPath string) (string, error) {
var id string
idb, err := os.ReadFile(idPath)
if os.IsNotExist(err) {
id = uuid.New().String()
if err := ioutils.AtomicWriteFile(idPath, []byte(id), os.FileMode(0600)); err != nil {
return "", errors.Wrap(err, "error saving ID file")
}
} else if err != nil {
return "", errors.Wrapf(err, "error loading ID file %s", idPath)
} else {
id = string(idb)
}
return id, nil
}
// migrateTrustKeyID migrates the daemon ID of existing installations. It returns
// an error when a trust-key was found, but we failed to read it, or failed to
// complete the migration.
//
// We migrate the ID so that engines don't get a new ID generated on upgrades,
// which may be unexpected (and users may be using the ID for various purposes).
func migrateTrustKeyID(deprecatedTrustKeyPath, idPath string) error {
if _, err := os.Stat(idPath); err == nil {
// engine ID file already exists; no migration needed
return nil
}
trustKey, err := libtrust.LoadKeyFile(deprecatedTrustKeyPath)
if err != nil {
if err == libtrust.ErrKeyFileDoesNotExist {
// no existing trust-key found; no migration needed
return nil
}
return err
}
id := trustKey.PublicKey().KeyID()
if err := ioutils.AtomicWriteFile(idPath, []byte(id), os.FileMode(0600)); err != nil {
return errors.Wrap(err, "error saving ID file")
}
logrus.Info("successfully migrated engine ID")
return nil
}