1package main 2 3import ( 4 "fmt" 5 "os" 6 "path/filepath" 7 8 cliconfig "github.com/docker/docker/cli/config" 9 "github.com/docker/docker/daemon/config" 10 "github.com/docker/docker/opts" 11 "github.com/docker/go-connections/tlsconfig" 12 "github.com/sirupsen/logrus" 13 "github.com/spf13/pflag" 14) 15 16const ( 17 // DefaultCaFile is the default filename for the CA pem file 18 DefaultCaFile = "ca.pem" 19 // DefaultKeyFile is the default filename for the key pem file 20 DefaultKeyFile = "key.pem" 21 // DefaultCertFile is the default filename for the cert pem file 22 DefaultCertFile = "cert.pem" 23 // FlagTLSVerify is the flag name for the TLS verification option 24 FlagTLSVerify = "tlsverify" 25) 26 27var ( 28 dockerCertPath = os.Getenv("DOCKER_CERT_PATH") 29 dockerTLSVerify = os.Getenv("DOCKER_TLS_VERIFY") != "" 30) 31 32type daemonOptions struct { 33 configFile string 34 daemonConfig *config.Config 35 flags *pflag.FlagSet 36 Debug bool 37 Hosts []string 38 LogLevel string 39 TLS bool 40 TLSVerify bool 41 TLSOptions *tlsconfig.Options 42} 43 44// newDaemonOptions returns a new daemonFlags 45func newDaemonOptions(config *config.Config) *daemonOptions { 46 return &daemonOptions{ 47 daemonConfig: config, 48 } 49} 50 51// InstallFlags adds flags for the common options on the FlagSet 52func (o *daemonOptions) InstallFlags(flags *pflag.FlagSet) { 53 if dockerCertPath == "" { 54 dockerCertPath = cliconfig.Dir() 55 } 56 57 flags.BoolVarP(&o.Debug, "debug", "D", false, "Enable debug mode") 58 flags.StringVarP(&o.LogLevel, "log-level", "l", "info", `Set the logging level ("debug"|"info"|"warn"|"error"|"fatal")`) 59 flags.BoolVar(&o.TLS, "tls", false, "Use TLS; implied by --tlsverify") 60 flags.BoolVar(&o.TLSVerify, FlagTLSVerify, dockerTLSVerify, "Use TLS and verify the remote") 61 62 // TODO use flag flags.String("identity"}, "i", "", "Path to libtrust key file") 63 64 o.TLSOptions = &tlsconfig.Options{ 65 CAFile: filepath.Join(dockerCertPath, DefaultCaFile), 66 CertFile: filepath.Join(dockerCertPath, DefaultCertFile), 67 KeyFile: filepath.Join(dockerCertPath, DefaultKeyFile), 68 } 69 tlsOptions := o.TLSOptions 70 flags.Var(opts.NewQuotedString(&tlsOptions.CAFile), "tlscacert", "Trust certs signed only by this CA") 71 flags.Var(opts.NewQuotedString(&tlsOptions.CertFile), "tlscert", "Path to TLS certificate file") 72 flags.Var(opts.NewQuotedString(&tlsOptions.KeyFile), "tlskey", "Path to TLS key file") 73 74 hostOpt := opts.NewNamedListOptsRef("hosts", &o.Hosts, opts.ValidateHost) 75 flags.VarP(hostOpt, "host", "H", "Daemon socket(s) to connect to") 76} 77 78// SetDefaultOptions sets default values for options after flag parsing is 79// complete 80func (o *daemonOptions) SetDefaultOptions(flags *pflag.FlagSet) { 81 // Regardless of whether the user sets it to true or false, if they 82 // specify --tlsverify at all then we need to turn on TLS 83 // TLSVerify can be true even if not set due to DOCKER_TLS_VERIFY env var, so we need 84 // to check that here as well 85 if flags.Changed(FlagTLSVerify) || o.TLSVerify { 86 o.TLS = true 87 } 88 89 if !o.TLS { 90 o.TLSOptions = nil 91 } else { 92 tlsOptions := o.TLSOptions 93 tlsOptions.InsecureSkipVerify = !o.TLSVerify 94 95 // Reset CertFile and KeyFile to empty string if the user did not specify 96 // the respective flags and the respective default files were not found. 97 if !flags.Changed("tlscert") { 98 if _, err := os.Stat(tlsOptions.CertFile); os.IsNotExist(err) { 99 tlsOptions.CertFile = "" 100 } 101 } 102 if !flags.Changed("tlskey") { 103 if _, err := os.Stat(tlsOptions.KeyFile); os.IsNotExist(err) { 104 tlsOptions.KeyFile = "" 105 } 106 } 107 } 108} 109 110// setLogLevel sets the logrus logging level 111func setLogLevel(logLevel string) { 112 if logLevel != "" { 113 lvl, err := logrus.ParseLevel(logLevel) 114 if err != nil { 115 fmt.Fprintf(os.Stderr, "Unable to parse logging level: %s\n", logLevel) 116 os.Exit(1) 117 } 118 logrus.SetLevel(lvl) 119 } else { 120 logrus.SetLevel(logrus.InfoLevel) 121 } 122} 123