func getDockerStartOpt(dockerBinPath, keyFilePath, certFilePath, caFilePath string) []string {
daemonOpt := "daemon"
userlandProxyOpt := " --userland-proxy=false"
debugOpt := ""
if *FlagDebugMode {
debugOpt = " -D"
}
bindOpt := fmt.Sprintf(" -H %s -H %s", DockerDefaultHost, Conf.DockerHost)
var certOpt string
if *FlagStandalone && !utils.FileExist(caFilePath) {
certOpt = fmt.Sprintf(" --tlscert %s --tlskey %s --tls", certFilePath, keyFilePath)
fmt.Fprintln(os.Stderr, "WARNING: standalone mode activated but no CA certificate found - client authentication disabled")
} else {
certOpt = fmt.Sprintf(" --tlscert %s --tlskey %s --tlscacert %s --tlsverify", certFilePath, keyFilePath, caFilePath)
}
extraOpt := ""
if Conf.DockerOpts != "" {
extraOpt = " " + Conf.DockerOpts
}
optStr := fmt.Sprintf("%s%s%s%s%s%s", daemonOpt, debugOpt, bindOpt, userlandProxyOpt, certOpt, extraOpt)
optSlice, err := shlex.Split(optStr)
if err != nil {
optSlice = strings.Split(optStr, " ")
}
return optSlice
}
func NatTunnel(url, ngrokHome, ngrokLogPath, ngrokConfPath, uuid string) {
ngrokPath := path.Join(ngrokHome, NgrokBinaryName)
if isNodeReachable(url, uuid) {
Logger.Printf("Node %s is publicly reachable", Conf.CertCommonName)
return
} else {
Logger.Printf("Node %s is NOT publicly reachable", Conf.CertCommonName)
}
DownloadNgrok(NgrokTarURL, ngrokHome)
updateNgrokHost(url)
createNgrokConfFile(ngrokConfPath)
var cmd *exec.Cmd
if !utils.FileExist(ngrokConfPath) {
SendError(errors.New("Cannot find ngrok conf"), "Cannot find ngrok conf file", nil)
Logger.Println("Cannot find NAT tunnel configuration")
return
}
cmd = exec.Command(ngrokPath,
"-config", ngrokConfPath,
"-log", "stdout",
"-proto", "tcp",
DockerHostPort)
os.RemoveAll(ngrokLogPath)
logFile, err := os.OpenFile(ngrokLogPath, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0666)
if err != nil {
SendError(err, "Failed to open ngrok log file", nil)
Logger.Println(err)
} else {
defer logFile.Close()
cmd.Stdout = logFile
}
go monitorTunnels(url, ngrokLogPath)
Logger.Println("Starting NAT tunnel")
runNgrok(cmd)
for {
if ScheduledShutdown {
Logger.Println("Scheduling for shutting down, do not restart the tunnel")
break
} else {
Logger.Println("Restarting NAT tunnel in 10 seconds")
time.Sleep(10 * time.Second)
runNgrok(cmd)
}
}
}
func PrepareFiles(configFilePath, dockerBinPath, keyFilePath, certFilePath string) {
Logger.Println("Checking if config file exists")
if !utils.FileExist(configFilePath) {
LoadDefaultConf()
if err := SaveConf(configFilePath, Conf); err != nil {
SendError(err, "Failed to save config to the conf file", nil)
Logger.Fatalln(err)
}
}
Logger.Println("Loading Configuration file")
conf, err := LoadConf(configFilePath)
if err != nil {
SendError(err, "Failed to load configuration file", nil)
Logger.Fatalln("Failed to load configuration file:", err)
} else {
Conf = *conf
}
if *FlagDockerHost != "" {
Logger.Printf("Override 'DockerHost' from command line flag: %s\n", *FlagDockerHost)
Conf.DockerHost = *FlagDockerHost
}
if *FlagHost != "" {
Logger.Printf("Override 'Host' from command line flag: %s\n", *FlagHost)
Conf.Host = *FlagHost
}
if *FlagToken != "" {
Logger.Printf("Override 'Token' from command line flag: %s\n", *FlagToken)
Conf.Token = *FlagToken
}
if *FlagUUID != "" {
Logger.Printf("Override 'UUID' from command line flag: %s\n", *FlagUUID)
Conf.UUID = *FlagUUID
}
if *FlagDockerOpts != "" {
Logger.Printf("Override 'DockerOpts' from command line flag: %s\n", *FlagDockerOpts)
Conf.DockerOpts = *FlagDockerOpts
}
}
func UpdateDocker(dockerHome, dockerTarPath, dockerTarSigPath, keyFilePath, certFilePath, caFilePath string) {
dockerBinPath := path.Join(dockerHome, DockerBinaryName)
defer func() {
if err := recover(); err != nil {
Logger.Println("Cannot uncomporess the tar file. The update is rejected")
removeUpdateFiles(dockerTarPath, dockerTarSigPath)
ScheduleToTerminateDocker = false
StartDocker(dockerBinPath, keyFilePath, certFilePath, caFilePath)
}
}()
if utils.FileExist(dockerTarPath) {
Logger.Printf("New docker update (%s) found", dockerTarPath)
Logger.Println("Updating docker...")
if verifyDockerSig(dockerTarPath, dockerTarSigPath) {
Logger.Println("Stopping docker daemon")
ScheduleToTerminateDocker = true
StopDocker()
Logger.Println("Applying new docker update")
tarfile, err := ioutil.ReadFile(dockerTarPath)
if err != nil {
SendError(err, "Failed to read the docker update file", nil)
Logger.Println("Failed read the docker update file:", err)
}
uncompress(tarfile, dockerHome)
removeUpdateFiles(dockerTarPath, dockerTarSigPath)
ScheduleToTerminateDocker = false
StartDocker(dockerBinPath, keyFilePath, certFilePath, caFilePath)
Logger.Println("Docker binary updated successfully")
} else {
Logger.Println("Cannot verify signature. The update is rejected")
removeUpdateFiles(dockerTarPath, dockerTarSigPath)
Logger.Println("Failed to update docker binary")
}
}
}
func isCertificateExist(keyFilePath, certFilePath string) (isExist bool) {
if utils.FileExist(keyFilePath) && utils.FileExist(certFilePath) {
return true
}
return false
}
func DownloadNgrok(url, ngrokHome string) {
if !utils.FileExist(path.Join(ngrokHome, NgrokBinaryName)) {
Logger.Println("Downloading NAT tunnel binary ...")
downloadFile(url, ngrokHome, "ngrok")
}
}
func DownloadDocker(url, dockerHome string) {
if !utils.FileExist(path.Join(dockerHome, DockerBinaryName)) {
Logger.Println("Downloading docker binary...")
downloadFile(url, dockerHome, "docker")
}
}