func getDockerStartOpt(dockerBinPath, keyFilePath, certFilePath, caFilePath string) []string {
	daemonOpt := "daemon"
	userlandProxyOpt := " --userland-proxy=false"

	debugOpt := ""
	if *FlagDebugMode {
		debugOpt = " -D"
	}

	bindOpt := fmt.Sprintf(" -H %s -H %s", DockerDefaultHost, Conf.DockerHost)

	var certOpt string
	if *FlagStandalone && !utils.FileExist(caFilePath) {
		certOpt = fmt.Sprintf(" --tlscert %s --tlskey %s --tls", certFilePath, keyFilePath)
		fmt.Fprintln(os.Stderr, "WARNING: standalone mode activated but no CA certificate found - client authentication disabled")
	} else {
		certOpt = fmt.Sprintf(" --tlscert %s --tlskey %s --tlscacert %s --tlsverify", certFilePath, keyFilePath, caFilePath)
	}

	extraOpt := ""
	if Conf.DockerOpts != "" {
		extraOpt = " " + Conf.DockerOpts
	}

	optStr := fmt.Sprintf("%s%s%s%s%s%s", daemonOpt, debugOpt, bindOpt, userlandProxyOpt, certOpt, extraOpt)

	optSlice, err := shlex.Split(optStr)
	if err != nil {
		optSlice = strings.Split(optStr, " ")
	}
	return optSlice
}
Beispiel #2
0
func NatTunnel(url, ngrokHome, ngrokLogPath, ngrokConfPath, uuid string) {
	ngrokPath := path.Join(ngrokHome, NgrokBinaryName)
	if isNodeReachable(url, uuid) {
		Logger.Printf("Node %s is publicly reachable", Conf.CertCommonName)
		return
	} else {
		Logger.Printf("Node %s is NOT publicly reachable", Conf.CertCommonName)
	}

	DownloadNgrok(NgrokTarURL, ngrokHome)

	updateNgrokHost(url)
	createNgrokConfFile(ngrokConfPath)

	var cmd *exec.Cmd

	if !utils.FileExist(ngrokConfPath) {
		SendError(errors.New("Cannot find ngrok conf"), "Cannot find ngrok conf file", nil)
		Logger.Println("Cannot find NAT tunnel configuration")
		return
	}
	cmd = exec.Command(ngrokPath,
		"-config", ngrokConfPath,
		"-log", "stdout",
		"-proto", "tcp",
		DockerHostPort)

	os.RemoveAll(ngrokLogPath)
	logFile, err := os.OpenFile(ngrokLogPath, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0666)
	if err != nil {
		SendError(err, "Failed to open ngrok log file", nil)
		Logger.Println(err)
	} else {
		defer logFile.Close()
		cmd.Stdout = logFile
	}

	go monitorTunnels(url, ngrokLogPath)
	Logger.Println("Starting NAT tunnel")

	runNgrok(cmd)

	for {
		if ScheduledShutdown {
			Logger.Println("Scheduling for shutting down, do not restart the tunnel")
			break
		} else {
			Logger.Println("Restarting NAT tunnel in 10 seconds")
			time.Sleep(10 * time.Second)
			runNgrok(cmd)
		}
	}
}
Beispiel #3
0
func PrepareFiles(configFilePath, dockerBinPath, keyFilePath, certFilePath string) {
	Logger.Println("Checking if config file exists")
	if !utils.FileExist(configFilePath) {
		LoadDefaultConf()
		if err := SaveConf(configFilePath, Conf); err != nil {
			SendError(err, "Failed to save config to the conf file", nil)
			Logger.Fatalln(err)
		}
	}

	Logger.Println("Loading Configuration file")
	conf, err := LoadConf(configFilePath)
	if err != nil {
		SendError(err, "Failed to load configuration file", nil)
		Logger.Fatalln("Failed to load configuration file:", err)
	} else {
		Conf = *conf
	}

	if *FlagDockerHost != "" {
		Logger.Printf("Override 'DockerHost' from command line flag: %s\n", *FlagDockerHost)
		Conf.DockerHost = *FlagDockerHost
	}
	if *FlagHost != "" {
		Logger.Printf("Override 'Host' from command line flag: %s\n", *FlagHost)
		Conf.Host = *FlagHost
	}
	if *FlagToken != "" {
		Logger.Printf("Override 'Token' from command line flag: %s\n", *FlagToken)
		Conf.Token = *FlagToken
	}
	if *FlagUUID != "" {
		Logger.Printf("Override 'UUID' from command line flag: %s\n", *FlagUUID)
		Conf.UUID = *FlagUUID
	}
	if *FlagDockerOpts != "" {
		Logger.Printf("Override 'DockerOpts' from command line flag: %s\n", *FlagDockerOpts)
		Conf.DockerOpts = *FlagDockerOpts
	}
}
func UpdateDocker(dockerHome, dockerTarPath, dockerTarSigPath, keyFilePath, certFilePath, caFilePath string) {
	dockerBinPath := path.Join(dockerHome, DockerBinaryName)
	defer func() {
		if err := recover(); err != nil {
			Logger.Println("Cannot uncomporess the tar file. The update is rejected")
			removeUpdateFiles(dockerTarPath, dockerTarSigPath)
			ScheduleToTerminateDocker = false
			StartDocker(dockerBinPath, keyFilePath, certFilePath, caFilePath)
		}
	}()
	if utils.FileExist(dockerTarPath) {
		Logger.Printf("New docker update (%s) found", dockerTarPath)
		Logger.Println("Updating docker...")
		if verifyDockerSig(dockerTarPath, dockerTarSigPath) {
			Logger.Println("Stopping docker daemon")
			ScheduleToTerminateDocker = true
			StopDocker()

			Logger.Println("Applying new docker update")
			tarfile, err := ioutil.ReadFile(dockerTarPath)
			if err != nil {
				SendError(err, "Failed to read the docker update file", nil)
				Logger.Println("Failed read the docker update file:", err)
			}
			uncompress(tarfile, dockerHome)
			removeUpdateFiles(dockerTarPath, dockerTarSigPath)
			ScheduleToTerminateDocker = false
			StartDocker(dockerBinPath, keyFilePath, certFilePath, caFilePath)
			Logger.Println("Docker binary updated successfully")
		} else {
			Logger.Println("Cannot verify signature. The update is rejected")
			removeUpdateFiles(dockerTarPath, dockerTarSigPath)
			Logger.Println("Failed to update docker binary")
		}
	}
}
func isCertificateExist(keyFilePath, certFilePath string) (isExist bool) {
	if utils.FileExist(keyFilePath) && utils.FileExist(certFilePath) {
		return true
	}
	return false
}
Beispiel #6
0
func DownloadNgrok(url, ngrokHome string) {
	if !utils.FileExist(path.Join(ngrokHome, NgrokBinaryName)) {
		Logger.Println("Downloading NAT tunnel binary ...")
		downloadFile(url, ngrokHome, "ngrok")
	}
}
func DownloadDocker(url, dockerHome string) {
	if !utils.FileExist(path.Join(dockerHome, DockerBinaryName)) {
		Logger.Println("Downloading docker binary...")
		downloadFile(url, dockerHome, "docker")
	}
}