// TODO: need to add or abstract to get a Serial coms version
// RequestCertsUsingSSH requests certs using SSH.
// The assumption is that if the certs are in b2d:/home/docker/.docker
// then the daemon is using TLS. We can't assume that because there are
// certs in the local host's user dir, that the server is using them, so
// for now, make sure things are updated from the server. (for `docker shellinit`)
func RequestCertsUsingSSH(m driver.Machine) (string, error) {
cmd := getSSHCommand(m, "tar c /home/docker/.docker/*.pem")
certDir := ""
b, err := cmd.Output()
if err == nil {
dir, err := cfgDir(".boot2docker")
if err != nil {
return "", err
}
certDir = filepath.Join(dir, "certs", m.GetName())
// Open the tar archive for reading.
r := bytes.NewReader(b)
tr := tar.NewReader(r)
// Iterate through the files in the archive.
for {
hdr, err := tr.Next()
if err == io.EOF {
// end of tar archive
break
}
if err != nil {
return "", err
}
filename := filepath.Base(hdr.Name)
if err := os.MkdirAll(certDir, 0755); err != nil {
return "", err
}
certFile := filepath.Join(certDir, filename)
fmt.Fprintf(os.Stderr, "Writing %s\n", certFile)
f, err := os.Create(certFile)
if err != nil {
return "", err
}
w := bufio.NewWriter(f)
if _, err := io.Copy(w, tr); err != nil {
return "", err
}
w.Flush()
}
}
return certDir, nil
}
func getSSHCommand(m driver.Machine, args ...string) *exec.Cmd {
DefaultSSHArgs := []string{
"-o", "IdentitiesOnly=yes",
"-o", "StrictHostKeyChecking=no",
"-o", "UserKnownHostsFile=/dev/null",
"-o", "LogLevel=quiet", // suppress "Warning: Permanently added '[localhost]:2022' (ECDSA) to the list of known hosts."
"-p", fmt.Sprintf("%d", m.GetSSHPort()),
"-i", B2D.SSHKey,
"docker@localhost",
}
sshArgs := append(DefaultSSHArgs, args...)
cmd := exec.Command(B2D.SSH, sshArgs...)
if B2D.Verbose {
cmd.Stderr = os.Stderr
log.Printf("executing: %v %v", cmd.Path, strings.Join(cmd.Args, " "))
}
return cmd
}