bb1208639b
This change is in preparation of deprecating support for old manifests. Currently the daemon's ID is based on the trust-key ID, which will be removed once we fully deprecate support for old manifests (the trust key is currently only used in tests). This patch: - looks if a trust-key is present; if so, it migrates the trust-key ID to the new "engine-id" file within the daemon's root. - if no trust-key is present (so in case it's a "fresh" install), we generate a UUID instead and use that as ID. The migration is to prevent engines from getting a new ID on upgrades; while we don't provide any guarantees on the engine's ID, users may expect the ID to be "stable" (not change) between upgrades. A test has been added, which can be ran with; make DOCKER_GRAPHDRIVER=vfs TEST_FILTER='TestConfigDaemonID' test-integration Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
61 lines
2 KiB
Go
61 lines
2 KiB
Go
package daemon // import "github.com/docker/docker/daemon"
|
|
|
|
import (
|
|
"os"
|
|
|
|
"github.com/docker/docker/pkg/ioutils"
|
|
"github.com/docker/libtrust"
|
|
"github.com/google/uuid"
|
|
"github.com/pkg/errors"
|
|
"github.com/sirupsen/logrus"
|
|
)
|
|
|
|
// loadOrCreateID loads the engine's ID from idPath, or generates a new ID
|
|
// if it doesn't exist. It returns the ID, and any error that occurred when
|
|
// saving the file.
|
|
//
|
|
// Note that this function expects the daemon's root directory to already have
|
|
// been created with the right permissions and ownership (usually this would
|
|
// be done by daemon.CreateDaemonRoot().
|
|
func loadOrCreateID(idPath string) (string, error) {
|
|
var id string
|
|
idb, err := os.ReadFile(idPath)
|
|
if os.IsNotExist(err) {
|
|
id = uuid.New().String()
|
|
if err := ioutils.AtomicWriteFile(idPath, []byte(id), os.FileMode(0600)); err != nil {
|
|
return "", errors.Wrap(err, "error saving ID file")
|
|
}
|
|
} else if err != nil {
|
|
return "", errors.Wrapf(err, "error loading ID file %s", idPath)
|
|
} else {
|
|
id = string(idb)
|
|
}
|
|
return id, nil
|
|
}
|
|
|
|
// migrateTrustKeyID migrates the daemon ID of existing installations. It returns
|
|
// an error when a trust-key was found, but we failed to read it, or failed to
|
|
// complete the migration.
|
|
//
|
|
// We migrate the ID so that engines don't get a new ID generated on upgrades,
|
|
// which may be unexpected (and users may be using the ID for various purposes).
|
|
func migrateTrustKeyID(deprecatedTrustKeyPath, idPath string) error {
|
|
if _, err := os.Stat(idPath); err == nil {
|
|
// engine ID file already exists; no migration needed
|
|
return nil
|
|
}
|
|
trustKey, err := libtrust.LoadKeyFile(deprecatedTrustKeyPath)
|
|
if err != nil {
|
|
if err == libtrust.ErrKeyFileDoesNotExist {
|
|
// no existing trust-key found; no migration needed
|
|
return nil
|
|
}
|
|
return err
|
|
}
|
|
id := trustKey.PublicKey().KeyID()
|
|
if err := ioutils.AtomicWriteFile(idPath, []byte(id), os.FileMode(0600)); err != nil {
|
|
return errors.Wrap(err, "error saving ID file")
|
|
}
|
|
logrus.Info("successfully migrated engine ID")
|
|
return nil
|
|
}
|