func setupCertificates(caCertPath, caKeyPath, clientCertPath, clientKeyPath string) error {
org := utils.GetUsername()
bits := 2048
if _, err := os.Stat(utils.GetMachineCertDir()); err != nil {
if os.IsNotExist(err) {
if err := os.MkdirAll(utils.GetMachineCertDir(), 0700); err != nil {
log.Fatalf("Error creating machine config dir: %s", err)
}
} else {
log.Fatal(err)
}
}
if _, err := os.Stat(caCertPath); os.IsNotExist(err) {
log.Infof("Creating CA: %s", caCertPath)
// check if the key path exists; if so, error
if _, err := os.Stat(caKeyPath); err == nil {
log.Fatalf("The CA key already exists. Please remove it or specify a different key/cert.")
}
if err := utils.GenerateCACertificate(caCertPath, caKeyPath, org, bits); err != nil {
log.Infof("Error generating CA certificate: %s", err)
}
}
if _, err := os.Stat(clientCertPath); os.IsNotExist(err) {
log.Infof("Creating client certificate: %s", clientCertPath)
if _, err := os.Stat(utils.GetMachineCertDir()); err != nil {
if os.IsNotExist(err) {
if err := os.Mkdir(utils.GetMachineCertDir(), 0700); err != nil {
log.Fatalf("Error creating machine client cert dir: %s", err)
}
} else {
log.Fatal(err)
}
}
// check if the key path exists; if so, error
if _, err := os.Stat(clientKeyPath); err == nil {
log.Fatalf("The client key already exists. Please remove it or specify a different key/cert.")
}
if err := utils.GenerateCert([]string{""}, clientCertPath, clientKeyPath, caCertPath, caKeyPath, org, bits); err != nil {
log.Fatalf("Error generating client certificate: %s", err)
}
}
return nil
}
func cmdActive(c *cli.Context) {
if len(c.Args()) > 0 {
log.Fatal("Error: Too many arguments given.")
}
certInfo := getCertPathInfo(c)
defaultStore, err := getDefaultStore(
c.GlobalString("storage-path"),
certInfo.CaCertPath,
certInfo.CaKeyPath,
)
if err != nil {
log.Fatal(err)
}
mcn, err := newMcn(defaultStore)
if err != nil {
log.Fatal(err)
}
host, err := mcn.GetActive()
if err != nil {
log.Fatalf("Error getting active host: %s", err)
}
if host != nil {
fmt.Println(host.Name)
}
}
func cmdInspect(c *cli.Context) {
tmplString := c.String("format")
if tmplString != "" {
var tmpl *template.Template
var err error
if tmpl, err = template.New("").Funcs(funcMap).Parse(tmplString); err != nil {
log.Fatalf("Template parsing error: %v\n", err)
}
jsonHost, err := json.Marshal(getHost(c))
if err != nil {
log.Fatal(err)
}
obj := make(map[string]interface{})
if err := json.Unmarshal(jsonHost, &obj); err != nil {
log.Fatal(err)
}
if err := tmpl.Execute(os.Stderr, obj); err != nil {
log.Fatal(err)
}
os.Stderr.Write([]byte{'\n'})
} else {
prettyJSON, err := json.MarshalIndent(getHost(c), "", " ")
if err != nil {
log.Fatal(err)
}
fmt.Println(string(prettyJSON))
}
}
func removeFileIfExists(name string) error {
if _, err := os.Stat(name); err == nil {
if err := os.Remove(name); err != nil {
log.Fatalf("Error removing temporary download file: %s", err)
}
}
return nil
}
func cmdNotFound(c *cli.Context, command string) {
log.Fatalf(
"%s: '%s' is not a %s command. See '%s --help'.",
c.App.Name,
command,
c.App.Name,
c.App.Name,
)
}
// Download boot2docker ISO image for the given tag and save it at dest.
func (b *B2dUtils) DownloadISO(dir, file, isoUrl string) error {
u, err := url.Parse(isoUrl)
var src io.ReadCloser
if u.Scheme == "file" || u.Scheme == "" {
s, err := os.Open(u.Path)
if err != nil {
return err
}
src = s
} else {
client := getClient()
s, err := client.Get(isoUrl)
if err != nil {
return err
}
src = s.Body
}
defer src.Close()
// Download to a temp file first then rename it to avoid partial download.
f, err := ioutil.TempFile(dir, file+".tmp")
if err != nil {
return err
}
defer func() {
if err := removeFileIfExists(f.Name()); err != nil {
log.Fatalf("Error removing file: %s", err)
}
}()
if _, err := io.Copy(f, src); err != nil {
// TODO: display download progress?
return err
}
if err := f.Close(); err != nil {
return err
}
// Dest is the final path of the boot2docker.iso file.
dest := filepath.Join(dir, file)
// Windows can't rename in place, so remove the old file before
// renaming the temporary downloaded file.
if err := removeFileIfExists(dest); err != nil {
return err
}
if err := os.Rename(f.Name(), dest); err != nil {
return err
}
return nil
}
func generateId() string {
rb := make([]byte, 10)
_, err := rand.Read(rb)
if err != nil {
log.Fatalf("unable to generate id: %s", err)
}
h := md5.New()
io.WriteString(h, string(rb))
return fmt.Sprintf("%x", h.Sum(nil))
}
func cmdSsh(c *cli.Context) {
args := c.Args()
name := args.First()
if name == "" {
log.Fatal("Error: Please specify a machine name.")
}
certInfo := getCertPathInfo(c)
defaultStore, err := getDefaultStore(
c.GlobalString("storage-path"),
certInfo.CaCertPath,
certInfo.CaKeyPath,
)
if err != nil {
log.Fatal(err)
}
provider, err := newProvider(defaultStore)
if err != nil {
log.Fatal(err)
}
host, err := provider.Get(name)
if err != nil {
log.Fatal(err)
}
currentState, err := host.Driver.GetState()
if err != nil {
log.Fatal(err)
}
if currentState != state.Running {
log.Fatalf("Error: Cannot run SSH command: Host %q is not running", host.Name)
}
if len(c.Args()) == 1 {
err := host.CreateSSHShell()
if err != nil {
log.Fatal(err)
}
} else {
output, err := host.RunSSHCommand(strings.Join(c.Args().Tail(), " "))
if err != nil {
log.Fatal(err)
}
fmt.Print(output)
}
}
func RunSSHCommandFromDriver(d Driver, command string) (string, error) {
client, err := GetSSHClientFromDriver(d)
if err != nil {
return "", err
}
log.Debugf("About to run SSH command:\n%s", command)
output, err := client.Output(command)
log.Debugf("SSH cmd err, output: %v: %s", err, output)
if err != nil && !isErr255Exit(err) {
log.Error("SSH cmd error!")
log.Errorf("command: %s", command)
log.Errorf("err : %v", err)
log.Fatalf("output : %s", output)
}
return output, err
}
func getHost(c *cli.Context) *libmachine.Host {
name := c.Args().First()
defaultStore, err := getDefaultStore(
c.GlobalString("storage-path"),
c.GlobalString("tls-ca-cert"),
c.GlobalString("tls-ca-key"),
)
if err != nil {
log.Fatal(err)
}
provider, err := newProvider(defaultStore)
if err != nil {
log.Fatal(err)
}
host, err := provider.Get(name)
if err != nil {
log.Fatalf("unable to load host: %v", err)
}
return host
}
func tokenFromWeb(config *oauth.Config) *oauth.Token {
randState := fmt.Sprintf("st%d", time.Now().UnixNano())
config.RedirectURL = RedirectURI
authURL := config.AuthCodeURL(randState)
log.Info("Opening auth URL in browser.")
log.Info(authURL)
log.Info("If the URL doesn't open please open it manually and copy the code here.")
openURL(authURL)
code := getCodeFromStdin()
log.Infof("Got code: %s", code)
t := &oauth.Transport{
Config: config,
Transport: http.DefaultTransport,
}
_, err := t.Exchange(code)
if err != nil {
log.Fatalf("Token exchange error: %v", err)
}
return t.Token
}
func ConfigureAuth(p Provisioner) error {
var (
err error
)
machineName := p.GetDriver().GetMachineName()
authOptions := p.GetAuthOptions()
org := machineName
bits := 2048
ip, err := p.GetDriver().GetIP()
if err != nil {
return err
}
// copy certs to client dir for docker client
machineDir := filepath.Join(utils.GetMachineDir(), machineName)
if err := utils.CopyFile(authOptions.CaCertPath, filepath.Join(machineDir, "ca.pem")); err != nil {
log.Fatalf("Error copying ca.pem to machine dir: %s", err)
}
if err := utils.CopyFile(authOptions.ClientCertPath, filepath.Join(machineDir, "cert.pem")); err != nil {
log.Fatalf("Error copying cert.pem to machine dir: %s", err)
}
if err := utils.CopyFile(authOptions.ClientKeyPath, filepath.Join(machineDir, "key.pem")); err != nil {
log.Fatalf("Error copying key.pem to machine dir: %s", err)
}
log.Debugf("generating server cert: %s ca-key=%s private-key=%s org=%s",
authOptions.ServerCertPath,
authOptions.CaCertPath,
authOptions.PrivateKeyPath,
org,
)
// TODO: Switch to passing just authOptions to this func
// instead of all these individual fields
err = utils.GenerateCert(
[]string{ip},
authOptions.ServerCertPath,
authOptions.ServerKeyPath,
authOptions.CaCertPath,
authOptions.PrivateKeyPath,
org,
bits,
)
if err != nil {
return fmt.Errorf("error generating server cert: %s", err)
}
if err := p.Service("docker", pkgaction.Stop); err != nil {
return err
}
// upload certs and configure TLS auth
caCert, err := ioutil.ReadFile(authOptions.CaCertPath)
if err != nil {
return err
}
serverCert, err := ioutil.ReadFile(authOptions.ServerCertPath)
if err != nil {
return err
}
serverKey, err := ioutil.ReadFile(authOptions.ServerKeyPath)
if err != nil {
return err
}
// printf will choke if we don't pass a format string because of the
// dashes, so that's the reason for the '%%s'
certTransferCmdFmt := "printf '%%s' '%s' | sudo tee %s"
// These ones are for Jessie and Mike <3 <3 <3
if _, err := p.SSHCommand(fmt.Sprintf(certTransferCmdFmt, string(caCert), authOptions.CaCertRemotePath)); err != nil {
return err
}
if _, err := p.SSHCommand(fmt.Sprintf(certTransferCmdFmt, string(serverCert), authOptions.ServerCertRemotePath)); err != nil {
return err
}
if _, err := p.SSHCommand(fmt.Sprintf(certTransferCmdFmt, string(serverKey), authOptions.ServerKeyRemotePath)); err != nil {
return err
}
dockerUrl, err := p.GetDriver().GetURL()
if err != nil {
return err
}
u, err := url.Parse(dockerUrl)
if err != nil {
return err
}
dockerPort := 2376
parts := strings.Split(u.Host, ":")
if len(parts) == 2 {
dPort, err := strconv.Atoi(parts[1])
if err != nil {
return err
}
dockerPort = dPort
}
dkrcfg, err := p.GenerateDockerOptions(dockerPort)
if err != nil {
return err
}
if _, err = p.SSHCommand(fmt.Sprintf("printf \"%s\" | sudo tee %s", dkrcfg.EngineOptions, dkrcfg.EngineOptionsPath)); err != nil {
return err
}
if err := p.Service("docker", pkgaction.Start); err != nil {
return err
}
// TODO: Do not hardcode daemon port, ask the driver
if err := utils.WaitForDocker(ip, dockerPort); err != nil {
return err
}
return nil
}
func intro() {
runtime.Gosched()
fmt.Println("another test foo")
log.Fatalf("test foo")
}
func cmdCreate(c *cli.Context) {
var (
err error
)
driver := c.String("driver")
name := c.Args().First()
// TODO: Not really a fan of "none" as the default driver...
if driver != "none" {
c.App.Commands, err = trimDriverFlags(driver, c.App.Commands)
if err != nil {
log.Fatal(err)
}
}
if name == "" {
cli.ShowCommandHelp(c, "create")
log.Fatal("You must specify a machine name")
}
if err := validateSwarmDiscovery(c.String("swarm-discovery")); err != nil {
log.Fatalf("Error parsing swarm discovery: %s", err)
}
certInfo := getCertPathInfo(c)
if err := setupCertificates(
certInfo.CaCertPath,
certInfo.CaKeyPath,
certInfo.ClientCertPath,
certInfo.ClientKeyPath); err != nil {
log.Fatalf("Error generating certificates: %s", err)
}
defaultStore, err := getDefaultStore(
c.GlobalString("storage-path"),
certInfo.CaCertPath,
certInfo.CaKeyPath,
)
if err != nil {
log.Fatal(err)
}
provider, err := newProvider(defaultStore)
if err != nil {
log.Fatal(err)
}
hostOptions := &libmachine.HostOptions{
AuthOptions: &auth.AuthOptions{
CaCertPath: certInfo.CaCertPath,
PrivateKeyPath: certInfo.CaKeyPath,
ClientCertPath: certInfo.ClientCertPath,
ClientKeyPath: certInfo.ClientKeyPath,
ServerCertPath: filepath.Join(utils.GetMachineDir(), name, "server.pem"),
ServerKeyPath: filepath.Join(utils.GetMachineDir(), name, "server-key.pem"),
},
EngineOptions: &engine.EngineOptions{
ArbitraryFlags: c.StringSlice("engine-opt"),
Env: c.StringSlice("engine-env"),
InsecureRegistry: c.StringSlice("engine-insecure-registry"),
Labels: c.StringSlice("engine-label"),
RegistryMirror: c.StringSlice("engine-registry-mirror"),
StorageDriver: c.String("engine-storage-driver"),
TlsVerify: true,
InstallURL: c.String("engine-install-url"),
},
SwarmOptions: &swarm.SwarmOptions{
IsSwarm: c.Bool("swarm"),
Image: c.String("swarm-image"),
Master: c.Bool("swarm-master"),
Discovery: c.String("swarm-discovery"),
Address: c.String("swarm-addr"),
Host: c.String("swarm-host"),
Strategy: c.String("swarm-strategy"),
ArbitraryFlags: c.StringSlice("swarm-opt"),
},
}
_, err = provider.Create(name, driver, hostOptions, c)
if err != nil {
log.Errorf("Error creating machine: %s", err)
log.Fatal("You will want to check the provider to make sure the machine and associated resources were properly removed.")
}
info := fmt.Sprintf("%s env %s", c.App.Name, name)
log.Infof("To see how to connect Docker to this machine, run: %s", info)
}
func cmdConfig(c *cli.Context) {
if len(c.Args()) != 1 {
log.Fatal(ErrExpectedOneMachine)
}
cfg, err := getMachineConfig(c)
if err != nil {
log.Fatal(err)
}
dockerHost, err := getHost(c).Driver.GetURL()
if err != nil {
log.Fatal(err)
}
if c.Bool("swarm") {
if !cfg.SwarmOptions.Master {
log.Fatalf("%s is not a swarm master", cfg.machineName)
}
u, err := url.Parse(cfg.SwarmOptions.Host)
if err != nil {
log.Fatal(err)
}
parts := strings.Split(u.Host, ":")
swarmPort := parts[1]
// get IP of machine to replace in case swarm host is 0.0.0.0
mUrl, err := url.Parse(dockerHost)
if err != nil {
log.Fatal(err)
}
mParts := strings.Split(mUrl.Host, ":")
machineIp := mParts[0]
dockerHost = fmt.Sprintf("tcp://%s:%s\n", machineIp, swarmPort)
}
log.Debug(dockerHost)
u, err := url.Parse(cfg.machineUrl)
if err != nil {
log.Fatal(err)
}
if u.Scheme != "unix" {
// validate cert and regenerate if needed
valid, err := utils.ValidateCertificate(
u.Host,
cfg.caCertPath,
cfg.serverCertPath,
cfg.serverKeyPath,
)
if err != nil {
log.Fatal(err)
}
if !valid {
log.Debugf("invalid certs detected; regenerating for %s", u.Host)
if err := runActionWithContext("configureAuth", c); err != nil {
log.Fatal(err)
}
}
}
fmt.Printf("--tlsverify --tlscacert=%q --tlscert=%q --tlskey=%q -H=%s\n",
cfg.caCertPath, cfg.clientCertPath, cfg.clientKeyPath, dockerHost)
}
func Ov1() error {
runtime.Gosched()
fmt.Println("in Ov1 another test foo")
log.Fatalf("the force is with you")
return nil
}
func cmdSsh(c *cli.Context) {
args := c.Args()
name := args.First()
cmd := ""
if name == "" {
log.Fatal("Error: Please specify a machine name.")
}
certInfo := getCertPathInfo(c)
defaultStore, err := getDefaultStore(
c.GlobalString("storage-path"),
certInfo.CaCertPath,
certInfo.CaKeyPath,
)
if err != nil {
log.Fatal(err)
}
mcn, err := newMcn(defaultStore)
if err != nil {
log.Fatal(err)
}
host, err := mcn.Get(name)
if err != nil {
log.Fatal(err)
}
currentState, err := host.Driver.GetState()
if err != nil {
log.Fatal(err)
}
if currentState != state.Running {
log.Fatalf("Error: Cannot run SSH command: Host %q is not running", host.Name)
}
// Loop through the arguments and parse out a command which relies on
// flags if it exists, for instance an invocation of the form
// `docker-machine ssh dev -- df -h` would mandate this, otherwise we
// will accidentally trigger the codegangsta/cli help text because it
// thinks we are trying to specify codegangsta flags.
//
// TODO: I thought codegangsta/cli supported the flag parsing
// terminator manually, which would mitigate the need for this kind of
// hack. We should investigate.
for i, arg := range args {
if arg == "--" {
cmd = strings.Join(args[i+1:], " ")
break
}
}
// It is possible that the user has specified an appended command which
// does not rely on the flag parsing terminator, such as
// `docker-machine ssh dev ls`, so this block accounts for that case.
if len(cmd) == 0 {
cmd = strings.Join(args[1:], " ")
}
if len(c.Args()) == 1 {
err := host.CreateSSHShell()
if err != nil {
log.Fatal(err)
}
} else {
output, err := host.RunSSHCommand(cmd)
if err != nil {
log.Fatal(err)
}
fmt.Print(output)
}
}
func cmdEnv(c *cli.Context) {
if len(c.Args()) != 1 && !c.Bool("unset") {
log.Fatal(improperEnvArgsError)
}
userShell := c.String("shell")
if userShell == "" {
shell, err := detectShell()
if err != nil {
log.Fatal(err)
}
userShell = shell
}
t := template.New("envConfig")
usageHint := generateUsageHint(c.App.Name, c.Args().First(), userShell)
shellCfg := ShellConfig{
DockerCertPath: "",
DockerHost: "",
DockerTLSVerify: "",
MachineName: "",
}
// unset vars
if c.Bool("unset") {
switch userShell {
case "fish":
shellCfg.Prefix = "set -e "
shellCfg.Delimiter = ""
shellCfg.Suffix = ";\n"
case "powershell":
shellCfg.Prefix = "Remove-Item Env:\\\\"
shellCfg.Delimiter = ""
shellCfg.Suffix = "\n"
case "cmd":
// since there is no way to unset vars in cmd just reset to empty
shellCfg.DockerCertPath = ""
shellCfg.DockerHost = ""
shellCfg.DockerTLSVerify = ""
shellCfg.Prefix = "set "
shellCfg.Delimiter = "="
shellCfg.Suffix = "\n"
default:
shellCfg.Prefix = "unset "
shellCfg.Delimiter = " "
shellCfg.Suffix = "\n"
}
tmpl, err := t.Parse(envTmpl)
if err != nil {
log.Fatal(err)
}
if err := tmpl.Execute(os.Stdout, shellCfg); err != nil {
log.Fatal(err)
}
return
}
cfg, err := getMachineConfig(c)
if err != nil {
log.Fatal(err)
}
if cfg.machineUrl == "" {
log.Fatalf("%s is not running. Please start this with %s start %s", cfg.machineName, c.App.Name, cfg.machineName)
}
dockerHost := cfg.machineUrl
if c.Bool("swarm") {
if !cfg.SwarmOptions.Master {
log.Fatalf("%s is not a swarm master", cfg.machineName)
}
u, err := url.Parse(cfg.SwarmOptions.Host)
if err != nil {
log.Fatal(err)
}
parts := strings.Split(u.Host, ":")
swarmPort := parts[1]
// get IP of machine to replace in case swarm host is 0.0.0.0
mUrl, err := url.Parse(cfg.machineUrl)
if err != nil {
log.Fatal(err)
}
mParts := strings.Split(mUrl.Host, ":")
machineIp := mParts[0]
dockerHost = fmt.Sprintf("tcp://%s:%s", machineIp, swarmPort)
}
u, err := url.Parse(cfg.machineUrl)
if err != nil {
log.Fatal(err)
}
if u.Scheme != "unix" {
// validate cert and regenerate if needed
valid, err := utils.ValidateCertificate(
u.Host,
cfg.caCertPath,
cfg.serverCertPath,
cfg.serverKeyPath,
)
if err != nil {
log.Fatal(err)
}
if !valid {
log.Debugf("invalid certs detected; regenerating for %s", u.Host)
if err := runActionWithContext("configureAuth", c); err != nil {
log.Fatal(err)
}
}
}
shellCfg = ShellConfig{
DockerCertPath: cfg.machineDir,
DockerHost: dockerHost,
DockerTLSVerify: "1",
UsageHint: usageHint,
MachineName: cfg.machineName,
}
switch userShell {
case "fish":
shellCfg.Prefix = "set -x "
shellCfg.Suffix = "\";\n"
shellCfg.Delimiter = " \""
case "powershell":
shellCfg.Prefix = "$Env:"
shellCfg.Suffix = "\"\n"
shellCfg.Delimiter = " = \""
case "cmd":
shellCfg.Prefix = "set "
shellCfg.Suffix = "\n"
shellCfg.Delimiter = "="
default:
shellCfg.Prefix = "export "
shellCfg.Suffix = "\"\n"
shellCfg.Delimiter = "=\""
}
tmpl, err := t.Parse(envTmpl)
if err != nil {
log.Fatal(err)
}
if err := tmpl.Execute(os.Stdout, shellCfg); err != nil {
log.Fatal(err)
}
}