func writeCaCerts(cfg *config.Config, caCertPath, caKeyPath string) error { if cfg.UserDocker.CACert == "" { if err := machineUtil.GenerateCACertificate(caCertPath, caKeyPath, NAME, BITS); err != nil { return err } caCert, err := ioutil.ReadFile(caCertPath) if err != nil { return err } caKey, err := ioutil.ReadFile(caKeyPath) if err != nil { return err } err = cfg.SetConfig(&config.Config{ UserDocker: config.DockerConfig{ CAKey: string(caKey), CACert: string(caCert), }, }) if err != nil { return err } return nil } if err := ioutil.WriteFile(caCertPath, []byte(cfg.UserDocker.CACert), 0400); err != nil { return err } return ioutil.WriteFile(caKeyPath, []byte(cfg.UserDocker.CAKey), 0400) }
func main() { if _, err := os.Stat(caCertPath); os.IsNotExist(err) { log.Printf("Creating CA: %s", caCertPath) // check if the key path exists; if so, error if _, err := os.Stat(caKeyPath); err == nil { log.Fatalf("The CA key already exists. Please remove it or specify a different key/cert.") } if err := utils.GenerateCACertificate(caCertPath, caKeyPath, org, bits); err != nil { log.Printf("Error generating CA certificate: %s", err) } } if _, err := os.Stat(clientCertPath); os.IsNotExist(err) { log.Printf("Creating client certificate: %s", clientCertPath) // check if the key path exists; if so, error if _, err := os.Stat(clientKeyPath); err == nil { log.Fatalf("The client key already exists. Please remove it or specify a different key/cert.") } err = utils.GenerateCert( []string{""}, clientCertPath, clientKeyPath, caCertPath, caKeyPath, org, bits, ) if err != nil { log.Fatalf("Error generating client certificate: %s", err) } } if len(os.Args) <= 1 { return } for _, ip := range os.Args[1:] { serverKeyPath := fmt.Sprintf("%s-key.pem", ip) serverCertPath := fmt.Sprintf("%s.pem", ip) if _, err := os.Stat(serverCertPath); os.IsNotExist(err) { log.Printf("Creating server certificate: %s", serverCertPath) err = utils.GenerateCert( []string{ip}, serverCertPath, serverKeyPath, caCertPath, caKeyPath, org, bits, ) if err != nil { log.Fatalf("error generating server cert: %s", err) } } } }
func setupCertificates(caCertPath, caKeyPath, clientCertPath, clientKeyPath string) error { org := utils.GetUsername() bits := 2048 if _, err := os.Stat(utils.GetMachineCertDir()); err != nil { if os.IsNotExist(err) { if err := os.MkdirAll(utils.GetMachineCertDir(), 0700); err != nil { log.Fatalf("Error creating machine config dir: %s", err) } } else { log.Fatal(err) } } if _, err := os.Stat(caCertPath); os.IsNotExist(err) { log.Infof("Creating CA: %s", caCertPath) // check if the key path exists; if so, error if _, err := os.Stat(caKeyPath); err == nil { log.Fatalf("The CA key already exists. Please remove it or specify a different key/cert.") } if err := utils.GenerateCACertificate(caCertPath, caKeyPath, org, bits); err != nil { log.Infof("Error generating CA certificate: %s", err) } } if _, err := os.Stat(clientCertPath); os.IsNotExist(err) { log.Infof("Creating client certificate: %s", clientCertPath) if _, err := os.Stat(utils.GetMachineCertDir()); err != nil { if os.IsNotExist(err) { if err := os.Mkdir(utils.GetMachineCertDir(), 0700); err != nil { log.Fatalf("Error creating machine client cert dir: %s", err) } } else { log.Fatal(err) } } // check if the key path exists; if so, error if _, err := os.Stat(clientKeyPath); err == nil { log.Fatalf("The client key already exists. Please remove it or specify a different key/cert.") } if err := utils.GenerateCert([]string{""}, clientCertPath, clientKeyPath, caCertPath, caKeyPath, org, bits); err != nil { log.Fatalf("Error generating client certificate: %s", err) } } return nil }
func writeCaCerts(cfg *config.CloudConfig, caCertPath, caKeyPath string) (*config.CloudConfig, error) { if cfg.Rancher.Docker.CACert == "" { if err := machineUtil.GenerateCACertificate(caCertPath, caKeyPath, NAME, BITS); err != nil { return nil, err } caCert, err := ioutil.ReadFile(caCertPath) if err != nil { return nil, err } caKey, err := ioutil.ReadFile(caKeyPath) if err != nil { return nil, err } cfg, err = cfg.Merge(map[interface{}]interface{}{ "rancher": map[interface{}]interface{}{ "docker": map[interface{}]interface{}{ "ca_key": string(caKey), "ca_cert": string(caCert), }, }, }) if err != nil { return nil, err } if err = cfg.Save(); err != nil { return nil, err } return cfg, nil // caCertPath, caKeyPath are already written to by machineUtil.GenerateCACertificate() } if err := ioutil.WriteFile(caCertPath, []byte(cfg.Rancher.Docker.CACert), 0400); err != nil { return nil, err } if err := ioutil.WriteFile(caKeyPath, []byte(cfg.Rancher.Docker.CAKey), 0400); err != nil { return nil, err } return cfg, nil }