func main() { rHost := os.Getenv("RETHINKDB_PORT_28015_TCP_ADDR") rPort := os.Getenv("RETHINKDB_PORT_28015_TCP_PORT") rDb := os.Getenv("RETHINKDB_DATABASE") rAuthKey := os.Getenv("RETHINKDB_AUTH_KEY") if rHost != "" && rPort != "" { rethinkdbAddr = fmt.Sprintf("%s:%s", rHost, rPort) } if rDb != "" { rethinkdbDatabase = rDb } if rAuthKey != "" { rethinkdbAuthKey = rAuthKey } flag.Parse() if showVersion { fmt.Println(VERSION) os.Exit(0) } var ( mErr error globalMux = http.NewServeMux() ) logger.Infof("shipyard version %s", VERSION) controllerManager, mErr = manager.NewManager(rethinkdbAddr, rethinkdbDatabase, rethinkdbAuthKey, VERSION, disableUsageInfo) if mErr != nil { logger.Fatal(mErr) } apiRouter := mux.NewRouter() apiRouter.HandleFunc("/api/accounts", accounts).Methods("GET") apiRouter.HandleFunc("/api/accounts", addAccount).Methods("POST") apiRouter.HandleFunc("/api/accounts", deleteAccount).Methods("DELETE") apiRouter.HandleFunc("/api/roles", roles).Methods("GET") apiRouter.HandleFunc("/api/roles/{name}", role).Methods("GET") apiRouter.HandleFunc("/api/roles", addRole).Methods("POST") apiRouter.HandleFunc("/api/roles", deleteRole).Methods("DELETE") apiRouter.HandleFunc("/api/cluster/info", clusterInfo).Methods("GET") apiRouter.HandleFunc("/api/containers", containers).Methods("GET") apiRouter.HandleFunc("/api/containers", run).Methods("POST") apiRouter.HandleFunc("/api/containers/{id}", inspectContainer).Methods("GET") apiRouter.HandleFunc("/api/containers/{id}", destroy).Methods("DELETE") apiRouter.HandleFunc("/api/containers/{id}/stop", stopContainer).Methods("GET") apiRouter.HandleFunc("/api/containers/{id}/restart", restartContainer).Methods("GET") apiRouter.HandleFunc("/api/containers/{id}/scale", scaleContainer).Methods("GET") apiRouter.HandleFunc("/api/containers/{id}/logs", containerLogs).Methods("GET") apiRouter.HandleFunc("/api/events", events).Methods("GET") apiRouter.HandleFunc("/api/events", purgeEvents).Methods("DELETE") apiRouter.HandleFunc("/api/engines", engines).Methods("GET") apiRouter.HandleFunc("/api/engines", addEngine).Methods("POST") apiRouter.HandleFunc("/api/engines/{id}", inspectEngine).Methods("GET") apiRouter.HandleFunc("/api/engines/{id}", removeEngine).Methods("DELETE") apiRouter.HandleFunc("/api/extensions", extensions).Methods("GET") apiRouter.HandleFunc("/api/extensions/{id}", extension).Methods("GET") apiRouter.HandleFunc("/api/extensions", addExtension).Methods("POST") apiRouter.HandleFunc("/api/extensions/{id}", deleteExtension).Methods("DELETE") apiRouter.HandleFunc("/api/servicekeys", serviceKeys).Methods("GET") apiRouter.HandleFunc("/api/servicekeys", addServiceKey).Methods("POST") apiRouter.HandleFunc("/api/servicekeys", removeServiceKey).Methods("DELETE") apiRouter.HandleFunc("/api/webhookkeys", webhookKeys).Methods("GET") apiRouter.HandleFunc("/api/webhookkeys/{id}", webhookKey).Methods("GET") apiRouter.HandleFunc("/api/webhookkeys", addWebhookKey).Methods("POST") apiRouter.HandleFunc("/api/webhookkeys/{id}", deleteWebhookKey).Methods("DELETE") // global handler globalMux.Handle("/", http.FileServer(http.Dir("static"))) // api router; protected by auth apiAuthRouter := negroni.New() apiAuthRequired := auth.NewAuthRequired(controllerManager) apiAccessRequired := access.NewAccessRequired(controllerManager) apiAuthRouter.Use(negroni.HandlerFunc(apiAuthRequired.HandlerFuncWithNext)) apiAuthRouter.Use(negroni.HandlerFunc(apiAccessRequired.HandlerFuncWithNext)) apiAuthRouter.UseHandler(apiRouter) globalMux.Handle("/api/", apiAuthRouter) // account router ; protected by auth accountRouter := mux.NewRouter() accountRouter.HandleFunc("/account/changepassword", changePassword).Methods("POST") accountAuthRouter := negroni.New() accountAuthRequired := auth.NewAuthRequired(controllerManager) accountAuthRouter.Use(negroni.HandlerFunc(accountAuthRequired.HandlerFuncWithNext)) accountAuthRouter.UseHandler(accountRouter) globalMux.Handle("/account/", accountAuthRouter) // login handler; public loginRouter := mux.NewRouter() loginRouter.HandleFunc("/auth/login", login).Methods("POST") globalMux.Handle("/auth/", loginRouter) // hub handler; public hubRouter := mux.NewRouter() hubRouter.HandleFunc("/hub/webhook/{id}", hubWebhook).Methods("POST") globalMux.Handle("/hub/", hubRouter) // check for admin user if _, err := controllerManager.Account("admin"); err == manager.ErrAccountDoesNotExist { // create roles r := &shipyard.Role{ Name: "admin", } ru := &shipyard.Role{ Name: "user", } if err := controllerManager.SaveRole(r); err != nil { logger.Fatal(err) } if err := controllerManager.SaveRole(ru); err != nil { logger.Fatal(err) } role, err := controllerManager.Role(r.Name) if err != nil { logger.Fatal(err) } acct := &shipyard.Account{ Username: "******", Password: "******", Role: role, } if err := controllerManager.SaveAccount(acct); err != nil { logger.Fatal(err) } logger.Infof("created admin user: username: admin password: shipyard") } logger.Infof("controller listening on %s", listenAddr) if err := http.ListenAndServe(listenAddr, context.ClearHandler(globalMux)); err != nil { logger.Fatal(err) } }
func CmdServer(c *cli.Context) { rethinkdbAddr := c.String("rethinkdb-addr") rethinkdbDatabase := c.String("rethinkdb-database") rethinkdbAuthKey := c.String("rethinkdb-auth-key") disableUsageInfo := c.Bool("disable-usage-info") listenAddr := c.String("listen") authWhitelist := c.StringSlice("auth-whitelist-cidr") enableCors := c.Bool("enable-cors") ldapServer := c.String("ldap-server") ldapPort := c.Int("ldap-port") ldapBaseDn := c.String("ldap-base-dn") ldapAutocreateUsers := c.Bool("ldap-autocreate-users") ldapDefaultAccessLevel := c.String("ldap-default-access-level") log.Infof("shipyard 中文版本 %s", version.Version) if len(authWhitelist) > 0 { log.Infof("认证白名单: %v", authWhitelist) } dockerUrl := c.String("docker") tlsCaCert := c.String("tls-ca-cert") tlsCert := c.String("tls-cert") tlsKey := c.String("tls-key") allowInsecure := c.Bool("allow-insecure") client, err := utils.GetClient(dockerUrl, tlsCaCert, tlsCert, tlsKey, allowInsecure) if err != nil { log.Fatal(err) } // default to builtin auth authenticator := builtin.NewAuthenticator("defaultshipyard") // use ldap auth if specified if ldapServer != "" { authenticator = ldap.NewAuthenticator(ldapServer, ldapPort, ldapBaseDn, ldapAutocreateUsers, ldapDefaultAccessLevel) } controllerManager, err := manager.NewManager(rethinkdbAddr, rethinkdbDatabase, rethinkdbAuthKey, client, disableUsageInfo, authenticator) if err != nil { log.Fatal(err) } log.Debugf("连接到Docker容器: url=%s", dockerUrl) shipyardTlsCert := c.String("shipyard-tls-cert") shipyardTlsKey := c.String("shipyard-tls-key") shipyardTlsCACert := c.String("shipyard-tls-ca-cert") apiConfig := api.ApiConfig{ ListenAddr: listenAddr, Manager: controllerManager, AuthWhiteListCIDRs: authWhitelist, EnableCORS: enableCors, AllowInsecure: allowInsecure, TLSCACertPath: shipyardTlsCACert, TLSCertPath: shipyardTlsCert, TLSKeyPath: shipyardTlsKey, } shipyardApi, err := api.NewApi(apiConfig) if err != nil { log.Fatal(err) } if err := shipyardApi.Run(); err != nil { log.Fatal(err) } }