func getDockerStartOpt(dockerBinPath, keyFilePath, certFilePath, caFilePath string) []string { daemonOpt := "daemon" userlandProxyOpt := " --userland-proxy=false" debugOpt := "" if *FlagDebugMode { debugOpt = " -D" } bindOpt := fmt.Sprintf(" -H %s -H %s", DockerDefaultHost, Conf.DockerHost) var certOpt string if *FlagStandalone && !utils.FileExist(caFilePath) { certOpt = fmt.Sprintf(" --tlscert %s --tlskey %s --tls", certFilePath, keyFilePath) fmt.Fprintln(os.Stderr, "WARNING: standalone mode activated but no CA certificate found - client authentication disabled") } else { certOpt = fmt.Sprintf(" --tlscert %s --tlskey %s --tlscacert %s --tlsverify", certFilePath, keyFilePath, caFilePath) } extraOpt := "" if Conf.DockerOpts != "" { extraOpt = " " + Conf.DockerOpts } optStr := fmt.Sprintf("%s%s%s%s%s%s", daemonOpt, debugOpt, bindOpt, userlandProxyOpt, certOpt, extraOpt) optSlice, err := shlex.Split(optStr) if err != nil { optSlice = strings.Split(optStr, " ") } return optSlice }
func NatTunnel(url, ngrokHome, ngrokLogPath, ngrokConfPath, uuid string) { ngrokPath := path.Join(ngrokHome, NgrokBinaryName) if isNodeReachable(url, uuid) { Logger.Printf("Node %s is publicly reachable", Conf.CertCommonName) return } else { Logger.Printf("Node %s is NOT publicly reachable", Conf.CertCommonName) } DownloadNgrok(NgrokTarURL, ngrokHome) updateNgrokHost(url) createNgrokConfFile(ngrokConfPath) var cmd *exec.Cmd if !utils.FileExist(ngrokConfPath) { SendError(errors.New("Cannot find ngrok conf"), "Cannot find ngrok conf file", nil) Logger.Println("Cannot find NAT tunnel configuration") return } cmd = exec.Command(ngrokPath, "-config", ngrokConfPath, "-log", "stdout", "-proto", "tcp", DockerHostPort) os.RemoveAll(ngrokLogPath) logFile, err := os.OpenFile(ngrokLogPath, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0666) if err != nil { SendError(err, "Failed to open ngrok log file", nil) Logger.Println(err) } else { defer logFile.Close() cmd.Stdout = logFile } go monitorTunnels(url, ngrokLogPath) Logger.Println("Starting NAT tunnel") runNgrok(cmd) for { if ScheduledShutdown { Logger.Println("Scheduling for shutting down, do not restart the tunnel") break } else { Logger.Println("Restarting NAT tunnel in 10 seconds") time.Sleep(10 * time.Second) runNgrok(cmd) } } }
func PrepareFiles(configFilePath, dockerBinPath, keyFilePath, certFilePath string) { Logger.Println("Checking if config file exists") if !utils.FileExist(configFilePath) { LoadDefaultConf() if err := SaveConf(configFilePath, Conf); err != nil { SendError(err, "Failed to save config to the conf file", nil) Logger.Fatalln(err) } } Logger.Println("Loading Configuration file") conf, err := LoadConf(configFilePath) if err != nil { SendError(err, "Failed to load configuration file", nil) Logger.Fatalln("Failed to load configuration file:", err) } else { Conf = *conf } if *FlagDockerHost != "" { Logger.Printf("Override 'DockerHost' from command line flag: %s\n", *FlagDockerHost) Conf.DockerHost = *FlagDockerHost } if *FlagHost != "" { Logger.Printf("Override 'Host' from command line flag: %s\n", *FlagHost) Conf.Host = *FlagHost } if *FlagToken != "" { Logger.Printf("Override 'Token' from command line flag: %s\n", *FlagToken) Conf.Token = *FlagToken } if *FlagUUID != "" { Logger.Printf("Override 'UUID' from command line flag: %s\n", *FlagUUID) Conf.UUID = *FlagUUID } if *FlagDockerOpts != "" { Logger.Printf("Override 'DockerOpts' from command line flag: %s\n", *FlagDockerOpts) Conf.DockerOpts = *FlagDockerOpts } }
func UpdateDocker(dockerHome, dockerTarPath, dockerTarSigPath, keyFilePath, certFilePath, caFilePath string) { dockerBinPath := path.Join(dockerHome, DockerBinaryName) defer func() { if err := recover(); err != nil { Logger.Println("Cannot uncomporess the tar file. The update is rejected") removeUpdateFiles(dockerTarPath, dockerTarSigPath) ScheduleToTerminateDocker = false StartDocker(dockerBinPath, keyFilePath, certFilePath, caFilePath) } }() if utils.FileExist(dockerTarPath) { Logger.Printf("New docker update (%s) found", dockerTarPath) Logger.Println("Updating docker...") if verifyDockerSig(dockerTarPath, dockerTarSigPath) { Logger.Println("Stopping docker daemon") ScheduleToTerminateDocker = true StopDocker() Logger.Println("Applying new docker update") tarfile, err := ioutil.ReadFile(dockerTarPath) if err != nil { SendError(err, "Failed to read the docker update file", nil) Logger.Println("Failed read the docker update file:", err) } uncompress(tarfile, dockerHome) removeUpdateFiles(dockerTarPath, dockerTarSigPath) ScheduleToTerminateDocker = false StartDocker(dockerBinPath, keyFilePath, certFilePath, caFilePath) Logger.Println("Docker binary updated successfully") } else { Logger.Println("Cannot verify signature. The update is rejected") removeUpdateFiles(dockerTarPath, dockerTarSigPath) Logger.Println("Failed to update docker binary") } } }
func isCertificateExist(keyFilePath, certFilePath string) (isExist bool) { if utils.FileExist(keyFilePath) && utils.FileExist(certFilePath) { return true } return false }
func DownloadNgrok(url, ngrokHome string) { if !utils.FileExist(path.Join(ngrokHome, NgrokBinaryName)) { Logger.Println("Downloading NAT tunnel binary ...") downloadFile(url, ngrokHome, "ngrok") } }
func DownloadDocker(url, dockerHome string) { if !utils.FileExist(path.Join(dockerHome, DockerBinaryName)) { Logger.Println("Downloading docker binary...") downloadFile(url, dockerHome, "docker") } }