Example #1
0
func main() {
	rHost := os.Getenv("RETHINKDB_PORT_28015_TCP_ADDR")
	rPort := os.Getenv("RETHINKDB_PORT_28015_TCP_PORT")
	rDb := os.Getenv("RETHINKDB_DATABASE")
	rAuthKey := os.Getenv("RETHINKDB_AUTH_KEY")
	if rHost != "" && rPort != "" {
		rethinkdbAddr = fmt.Sprintf("%s:%s", rHost, rPort)
	}
	if rDb != "" {
		rethinkdbDatabase = rDb
	}
	if rAuthKey != "" {
		rethinkdbAuthKey = rAuthKey
	}
	flag.Parse()
	if showVersion {
		fmt.Println(VERSION)
		os.Exit(0)
	}
	var (
		mErr      error
		globalMux = http.NewServeMux()
	)

	logger.Infof("shipyard version %s", VERSION)

	controllerManager, mErr = manager.NewManager(rethinkdbAddr, rethinkdbDatabase, rethinkdbAuthKey, VERSION, disableUsageInfo)
	if mErr != nil {
		logger.Fatal(mErr)
	}

	apiRouter := mux.NewRouter()
	apiRouter.HandleFunc("/api/accounts", accounts).Methods("GET")
	apiRouter.HandleFunc("/api/accounts", addAccount).Methods("POST")
	apiRouter.HandleFunc("/api/accounts", deleteAccount).Methods("DELETE")
	apiRouter.HandleFunc("/api/roles", roles).Methods("GET")
	apiRouter.HandleFunc("/api/roles/{name}", role).Methods("GET")
	apiRouter.HandleFunc("/api/roles", addRole).Methods("POST")
	apiRouter.HandleFunc("/api/roles", deleteRole).Methods("DELETE")
	apiRouter.HandleFunc("/api/cluster/info", clusterInfo).Methods("GET")
	apiRouter.HandleFunc("/api/containers", containers).Methods("GET")
	apiRouter.HandleFunc("/api/containers", run).Methods("POST")
	apiRouter.HandleFunc("/api/containers/{id}", inspectContainer).Methods("GET")
	apiRouter.HandleFunc("/api/containers/{id}", destroy).Methods("DELETE")
	apiRouter.HandleFunc("/api/containers/{id}/stop", stopContainer).Methods("GET")
	apiRouter.HandleFunc("/api/containers/{id}/restart", restartContainer).Methods("GET")
	apiRouter.HandleFunc("/api/containers/{id}/scale", scaleContainer).Methods("GET")
	apiRouter.HandleFunc("/api/containers/{id}/logs", containerLogs).Methods("GET")
	apiRouter.HandleFunc("/api/events", events).Methods("GET")
	apiRouter.HandleFunc("/api/events", purgeEvents).Methods("DELETE")
	apiRouter.HandleFunc("/api/engines", engines).Methods("GET")
	apiRouter.HandleFunc("/api/engines", addEngine).Methods("POST")
	apiRouter.HandleFunc("/api/engines/{id}", inspectEngine).Methods("GET")
	apiRouter.HandleFunc("/api/engines/{id}", removeEngine).Methods("DELETE")
	apiRouter.HandleFunc("/api/extensions", extensions).Methods("GET")
	apiRouter.HandleFunc("/api/extensions/{id}", extension).Methods("GET")
	apiRouter.HandleFunc("/api/extensions", addExtension).Methods("POST")
	apiRouter.HandleFunc("/api/extensions/{id}", deleteExtension).Methods("DELETE")
	apiRouter.HandleFunc("/api/servicekeys", serviceKeys).Methods("GET")
	apiRouter.HandleFunc("/api/servicekeys", addServiceKey).Methods("POST")
	apiRouter.HandleFunc("/api/servicekeys", removeServiceKey).Methods("DELETE")
	apiRouter.HandleFunc("/api/webhookkeys", webhookKeys).Methods("GET")
	apiRouter.HandleFunc("/api/webhookkeys/{id}", webhookKey).Methods("GET")
	apiRouter.HandleFunc("/api/webhookkeys", addWebhookKey).Methods("POST")
	apiRouter.HandleFunc("/api/webhookkeys/{id}", deleteWebhookKey).Methods("DELETE")

	// global handler
	globalMux.Handle("/", http.FileServer(http.Dir("static")))

	// api router; protected by auth
	apiAuthRouter := negroni.New()
	apiAuthRequired := auth.NewAuthRequired(controllerManager)
	apiAccessRequired := access.NewAccessRequired(controllerManager)
	apiAuthRouter.Use(negroni.HandlerFunc(apiAuthRequired.HandlerFuncWithNext))
	apiAuthRouter.Use(negroni.HandlerFunc(apiAccessRequired.HandlerFuncWithNext))
	apiAuthRouter.UseHandler(apiRouter)
	globalMux.Handle("/api/", apiAuthRouter)

	// account router ; protected by auth
	accountRouter := mux.NewRouter()
	accountRouter.HandleFunc("/account/changepassword", changePassword).Methods("POST")
	accountAuthRouter := negroni.New()
	accountAuthRequired := auth.NewAuthRequired(controllerManager)
	accountAuthRouter.Use(negroni.HandlerFunc(accountAuthRequired.HandlerFuncWithNext))
	accountAuthRouter.UseHandler(accountRouter)
	globalMux.Handle("/account/", accountAuthRouter)

	// login handler; public
	loginRouter := mux.NewRouter()
	loginRouter.HandleFunc("/auth/login", login).Methods("POST")
	globalMux.Handle("/auth/", loginRouter)

	// hub handler; public
	hubRouter := mux.NewRouter()
	hubRouter.HandleFunc("/hub/webhook/{id}", hubWebhook).Methods("POST")
	globalMux.Handle("/hub/", hubRouter)

	// check for admin user
	if _, err := controllerManager.Account("admin"); err == manager.ErrAccountDoesNotExist {
		// create roles
		r := &shipyard.Role{
			Name: "admin",
		}
		ru := &shipyard.Role{
			Name: "user",
		}
		if err := controllerManager.SaveRole(r); err != nil {
			logger.Fatal(err)
		}
		if err := controllerManager.SaveRole(ru); err != nil {
			logger.Fatal(err)
		}
		role, err := controllerManager.Role(r.Name)
		if err != nil {
			logger.Fatal(err)
		}
		acct := &shipyard.Account{
			Username: "******",
			Password: "******",
			Role:     role,
		}
		if err := controllerManager.SaveAccount(acct); err != nil {
			logger.Fatal(err)
		}
		logger.Infof("created admin user: username: admin password: shipyard")
	}

	logger.Infof("controller listening on %s", listenAddr)

	if err := http.ListenAndServe(listenAddr, context.ClearHandler(globalMux)); err != nil {
		logger.Fatal(err)
	}
}
Example #2
0
func CmdServer(c *cli.Context) {
	rethinkdbAddr := c.String("rethinkdb-addr")
	rethinkdbDatabase := c.String("rethinkdb-database")
	rethinkdbAuthKey := c.String("rethinkdb-auth-key")
	disableUsageInfo := c.Bool("disable-usage-info")
	listenAddr := c.String("listen")
	authWhitelist := c.StringSlice("auth-whitelist-cidr")
	enableCors := c.Bool("enable-cors")
	ldapServer := c.String("ldap-server")
	ldapPort := c.Int("ldap-port")
	ldapBaseDn := c.String("ldap-base-dn")
	ldapAutocreateUsers := c.Bool("ldap-autocreate-users")
	ldapDefaultAccessLevel := c.String("ldap-default-access-level")

	log.Infof("shipyard 中文版本 %s", version.Version)

	if len(authWhitelist) > 0 {
		log.Infof("认证白名单: %v", authWhitelist)
	}

	dockerUrl := c.String("docker")
	tlsCaCert := c.String("tls-ca-cert")
	tlsCert := c.String("tls-cert")
	tlsKey := c.String("tls-key")
	allowInsecure := c.Bool("allow-insecure")

	client, err := utils.GetClient(dockerUrl, tlsCaCert, tlsCert, tlsKey, allowInsecure)
	if err != nil {
		log.Fatal(err)
	}

	// default to builtin auth
	authenticator := builtin.NewAuthenticator("defaultshipyard")

	// use ldap auth if specified
	if ldapServer != "" {
		authenticator = ldap.NewAuthenticator(ldapServer, ldapPort, ldapBaseDn, ldapAutocreateUsers, ldapDefaultAccessLevel)
	}

	controllerManager, err := manager.NewManager(rethinkdbAddr, rethinkdbDatabase, rethinkdbAuthKey, client, disableUsageInfo, authenticator)
	if err != nil {
		log.Fatal(err)
	}

	log.Debugf("连接到Docker容器: url=%s", dockerUrl)

	shipyardTlsCert := c.String("shipyard-tls-cert")
	shipyardTlsKey := c.String("shipyard-tls-key")
	shipyardTlsCACert := c.String("shipyard-tls-ca-cert")

	apiConfig := api.ApiConfig{
		ListenAddr:         listenAddr,
		Manager:            controllerManager,
		AuthWhiteListCIDRs: authWhitelist,
		EnableCORS:         enableCors,
		AllowInsecure:      allowInsecure,
		TLSCACertPath:      shipyardTlsCACert,
		TLSCertPath:        shipyardTlsCert,
		TLSKeyPath:         shipyardTlsKey,
	}

	shipyardApi, err := api.NewApi(apiConfig)
	if err != nil {
		log.Fatal(err)
	}

	if err := shipyardApi.Run(); err != nil {
		log.Fatal(err)
	}
}