func main() {
rHost := os.Getenv("RETHINKDB_PORT_28015_TCP_ADDR")
rPort := os.Getenv("RETHINKDB_PORT_28015_TCP_PORT")
rDb := os.Getenv("RETHINKDB_DATABASE")
rAuthKey := os.Getenv("RETHINKDB_AUTH_KEY")
if rHost != "" && rPort != "" {
rethinkdbAddr = fmt.Sprintf("%s:%s", rHost, rPort)
}
if rDb != "" {
rethinkdbDatabase = rDb
}
if rAuthKey != "" {
rethinkdbAuthKey = rAuthKey
}
flag.Parse()
if showVersion {
fmt.Println(VERSION)
os.Exit(0)
}
var (
mErr error
globalMux = http.NewServeMux()
)
logger.Infof("shipyard version %s", VERSION)
controllerManager, mErr = manager.NewManager(rethinkdbAddr, rethinkdbDatabase, rethinkdbAuthKey, VERSION, disableUsageInfo)
if mErr != nil {
logger.Fatal(mErr)
}
apiRouter := mux.NewRouter()
apiRouter.HandleFunc("/api/accounts", accounts).Methods("GET")
apiRouter.HandleFunc("/api/accounts", addAccount).Methods("POST")
apiRouter.HandleFunc("/api/accounts", deleteAccount).Methods("DELETE")
apiRouter.HandleFunc("/api/roles", roles).Methods("GET")
apiRouter.HandleFunc("/api/roles/{name}", role).Methods("GET")
apiRouter.HandleFunc("/api/roles", addRole).Methods("POST")
apiRouter.HandleFunc("/api/roles", deleteRole).Methods("DELETE")
apiRouter.HandleFunc("/api/cluster/info", clusterInfo).Methods("GET")
apiRouter.HandleFunc("/api/containers", containers).Methods("GET")
apiRouter.HandleFunc("/api/containers", run).Methods("POST")
apiRouter.HandleFunc("/api/containers/{id}", inspectContainer).Methods("GET")
apiRouter.HandleFunc("/api/containers/{id}", destroy).Methods("DELETE")
apiRouter.HandleFunc("/api/containers/{id}/stop", stopContainer).Methods("GET")
apiRouter.HandleFunc("/api/containers/{id}/restart", restartContainer).Methods("GET")
apiRouter.HandleFunc("/api/containers/{id}/scale", scaleContainer).Methods("GET")
apiRouter.HandleFunc("/api/containers/{id}/logs", containerLogs).Methods("GET")
apiRouter.HandleFunc("/api/events", events).Methods("GET")
apiRouter.HandleFunc("/api/events", purgeEvents).Methods("DELETE")
apiRouter.HandleFunc("/api/engines", engines).Methods("GET")
apiRouter.HandleFunc("/api/engines", addEngine).Methods("POST")
apiRouter.HandleFunc("/api/engines/{id}", inspectEngine).Methods("GET")
apiRouter.HandleFunc("/api/engines/{id}", removeEngine).Methods("DELETE")
apiRouter.HandleFunc("/api/extensions", extensions).Methods("GET")
apiRouter.HandleFunc("/api/extensions/{id}", extension).Methods("GET")
apiRouter.HandleFunc("/api/extensions", addExtension).Methods("POST")
apiRouter.HandleFunc("/api/extensions/{id}", deleteExtension).Methods("DELETE")
apiRouter.HandleFunc("/api/servicekeys", serviceKeys).Methods("GET")
apiRouter.HandleFunc("/api/servicekeys", addServiceKey).Methods("POST")
apiRouter.HandleFunc("/api/servicekeys", removeServiceKey).Methods("DELETE")
apiRouter.HandleFunc("/api/webhookkeys", webhookKeys).Methods("GET")
apiRouter.HandleFunc("/api/webhookkeys/{id}", webhookKey).Methods("GET")
apiRouter.HandleFunc("/api/webhookkeys", addWebhookKey).Methods("POST")
apiRouter.HandleFunc("/api/webhookkeys/{id}", deleteWebhookKey).Methods("DELETE")
// global handler
globalMux.Handle("/", http.FileServer(http.Dir("static")))
// api router; protected by auth
apiAuthRouter := negroni.New()
apiAuthRequired := auth.NewAuthRequired(controllerManager)
apiAccessRequired := access.NewAccessRequired(controllerManager)
apiAuthRouter.Use(negroni.HandlerFunc(apiAuthRequired.HandlerFuncWithNext))
apiAuthRouter.Use(negroni.HandlerFunc(apiAccessRequired.HandlerFuncWithNext))
apiAuthRouter.UseHandler(apiRouter)
globalMux.Handle("/api/", apiAuthRouter)
// account router ; protected by auth
accountRouter := mux.NewRouter()
accountRouter.HandleFunc("/account/changepassword", changePassword).Methods("POST")
accountAuthRouter := negroni.New()
accountAuthRequired := auth.NewAuthRequired(controllerManager)
accountAuthRouter.Use(negroni.HandlerFunc(accountAuthRequired.HandlerFuncWithNext))
accountAuthRouter.UseHandler(accountRouter)
globalMux.Handle("/account/", accountAuthRouter)
// login handler; public
loginRouter := mux.NewRouter()
loginRouter.HandleFunc("/auth/login", login).Methods("POST")
globalMux.Handle("/auth/", loginRouter)
// hub handler; public
hubRouter := mux.NewRouter()
hubRouter.HandleFunc("/hub/webhook/{id}", hubWebhook).Methods("POST")
globalMux.Handle("/hub/", hubRouter)
// check for admin user
if _, err := controllerManager.Account("admin"); err == manager.ErrAccountDoesNotExist {
// create roles
r := &shipyard.Role{
Name: "admin",
}
ru := &shipyard.Role{
Name: "user",
}
if err := controllerManager.SaveRole(r); err != nil {
logger.Fatal(err)
}
if err := controllerManager.SaveRole(ru); err != nil {
logger.Fatal(err)
}
role, err := controllerManager.Role(r.Name)
if err != nil {
logger.Fatal(err)
}
acct := &shipyard.Account{
Username: "******",
Password: "******",
Role: role,
}
if err := controllerManager.SaveAccount(acct); err != nil {
logger.Fatal(err)
}
logger.Infof("created admin user: username: admin password: shipyard")
}
logger.Infof("controller listening on %s", listenAddr)
if err := http.ListenAndServe(listenAddr, context.ClearHandler(globalMux)); err != nil {
logger.Fatal(err)
}
}
func CmdServer(c *cli.Context) {
rethinkdbAddr := c.String("rethinkdb-addr")
rethinkdbDatabase := c.String("rethinkdb-database")
rethinkdbAuthKey := c.String("rethinkdb-auth-key")
disableUsageInfo := c.Bool("disable-usage-info")
listenAddr := c.String("listen")
authWhitelist := c.StringSlice("auth-whitelist-cidr")
enableCors := c.Bool("enable-cors")
ldapServer := c.String("ldap-server")
ldapPort := c.Int("ldap-port")
ldapBaseDn := c.String("ldap-base-dn")
ldapAutocreateUsers := c.Bool("ldap-autocreate-users")
ldapDefaultAccessLevel := c.String("ldap-default-access-level")
log.Infof("shipyard 中文版本 %s", version.Version)
if len(authWhitelist) > 0 {
log.Infof("认证白名单: %v", authWhitelist)
}
dockerUrl := c.String("docker")
tlsCaCert := c.String("tls-ca-cert")
tlsCert := c.String("tls-cert")
tlsKey := c.String("tls-key")
allowInsecure := c.Bool("allow-insecure")
client, err := utils.GetClient(dockerUrl, tlsCaCert, tlsCert, tlsKey, allowInsecure)
if err != nil {
log.Fatal(err)
}
// default to builtin auth
authenticator := builtin.NewAuthenticator("defaultshipyard")
// use ldap auth if specified
if ldapServer != "" {
authenticator = ldap.NewAuthenticator(ldapServer, ldapPort, ldapBaseDn, ldapAutocreateUsers, ldapDefaultAccessLevel)
}
controllerManager, err := manager.NewManager(rethinkdbAddr, rethinkdbDatabase, rethinkdbAuthKey, client, disableUsageInfo, authenticator)
if err != nil {
log.Fatal(err)
}
log.Debugf("连接到Docker容器: url=%s", dockerUrl)
shipyardTlsCert := c.String("shipyard-tls-cert")
shipyardTlsKey := c.String("shipyard-tls-key")
shipyardTlsCACert := c.String("shipyard-tls-ca-cert")
apiConfig := api.ApiConfig{
ListenAddr: listenAddr,
Manager: controllerManager,
AuthWhiteListCIDRs: authWhitelist,
EnableCORS: enableCors,
AllowInsecure: allowInsecure,
TLSCACertPath: shipyardTlsCACert,
TLSCertPath: shipyardTlsCert,
TLSKeyPath: shipyardTlsKey,
}
shipyardApi, err := api.NewApi(apiConfig)
if err != nil {
log.Fatal(err)
}
if err := shipyardApi.Run(); err != nil {
log.Fatal(err)
}
}
