func main() { if _, err := os.Stat(caCertPath); os.IsNotExist(err) { log.Printf("Creating CA: %s", caCertPath) // check if the key path exists; if so, error if _, err := os.Stat(caKeyPath); err == nil { log.Fatalf("The CA key already exists. Please remove it or specify a different key/cert.") } if err := cert.GenerateCACertificate(caCertPath, caKeyPath, org, bits); err != nil { log.Printf("Error generating CA certificate: %s", err) } } if _, err := os.Stat(clientCertPath); os.IsNotExist(err) { log.Printf("Creating client certificate: %s", clientCertPath) // check if the key path exists; if so, error if _, err := os.Stat(clientKeyPath); err == nil { log.Fatalf("The client key already exists. Please remove it or specify a different key/cert.") } err = cert.GenerateCert( []string{""}, clientCertPath, clientKeyPath, caCertPath, caKeyPath, org, bits, ) if err != nil { log.Fatalf("Error generating client certificate: %s", err) } } if len(os.Args) <= 1 { return } for _, ip := range os.Args[1:] { serverKeyPath := fmt.Sprintf("%s-key.pem", ip) serverCertPath := fmt.Sprintf("%s.pem", ip) if _, err := os.Stat(serverCertPath); os.IsNotExist(err) { log.Printf("Creating server certificate: %s", serverCertPath) err = cert.GenerateCert( []string{ip}, serverCertPath, serverKeyPath, caCertPath, caKeyPath, org, bits, ) if err != nil { log.Fatalf("error generating server cert: %s", err) } } } }
func ConfigureAuth(p Provisioner) error { var ( err error ) driver := p.GetDriver() machineName := driver.GetMachineName() authOptions := p.GetAuthOptions() org := mcnutils.GetUsername() + "." + machineName bits := 2048 ip, err := driver.GetIP() if err != nil { return err } log.Info("Copying certs to the local machine directory...") if err := mcnutils.CopyFile(authOptions.CaCertPath, filepath.Join(authOptions.StorePath, "ca.pem")); err != nil { return fmt.Errorf("Copying ca.pem to machine dir failed: %s", err) } if err := mcnutils.CopyFile(authOptions.ClientCertPath, filepath.Join(authOptions.StorePath, "cert.pem")); err != nil { return fmt.Errorf("Copying cert.pem to machine dir failed: %s", err) } if err := mcnutils.CopyFile(authOptions.ClientKeyPath, filepath.Join(authOptions.StorePath, "key.pem")); err != nil { return fmt.Errorf("Copying key.pem to machine dir failed: %s", err) } // The Host IP is always added to the certificate's SANs list hosts := append(authOptions.ServerCertSANs, ip, "localhost") log.Debugf("generating server cert: %s ca-key=%s private-key=%s org=%s san=%s", authOptions.ServerCertPath, authOptions.CaCertPath, authOptions.CaPrivateKeyPath, org, hosts, ) // TODO: Switch to passing just authOptions to this func // instead of all these individual fields err = cert.GenerateCert( hosts, authOptions.ServerCertPath, authOptions.ServerKeyPath, authOptions.CaCertPath, authOptions.CaPrivateKeyPath, org, bits, ) if err != nil { return fmt.Errorf("error generating server cert: %s", err) } if err := p.Service("docker", serviceaction.Stop); err != nil { return err } if _, err := p.SSHCommand("sudo ip link delete docker0"); err != nil { return err } // upload certs and configure TLS auth caCert, err := ioutil.ReadFile(authOptions.CaCertPath) if err != nil { return err } serverCert, err := ioutil.ReadFile(authOptions.ServerCertPath) if err != nil { return err } serverKey, err := ioutil.ReadFile(authOptions.ServerKeyPath) if err != nil { return err } log.Info("Copying certs to the remote machine...") // printf will choke if we don't pass a format string because of the // dashes, so that's the reason for the '%%s' certTransferCmdFmt := "printf '%%s' '%s' | sudo tee %s" // These ones are for Jessie and Mike <3 <3 <3 if _, err := p.SSHCommand(fmt.Sprintf(certTransferCmdFmt, string(caCert), authOptions.CaCertRemotePath)); err != nil { return err } if _, err := p.SSHCommand(fmt.Sprintf(certTransferCmdFmt, string(serverCert), authOptions.ServerCertRemotePath)); err != nil { return err } if _, err := p.SSHCommand(fmt.Sprintf(certTransferCmdFmt, string(serverKey), authOptions.ServerKeyRemotePath)); err != nil { return err } dockerURL, err := driver.GetURL() if err != nil { return err } u, err := url.Parse(dockerURL) if err != nil { return err } dockerPort := 2376 parts := strings.Split(u.Host, ":") if len(parts) == 2 { dPort, err := strconv.Atoi(parts[1]) if err != nil { return err } dockerPort = dPort } dkrcfg, err := p.GenerateDockerOptions(dockerPort) if err != nil { return err } log.Info("Setting Docker configuration on the remote daemon...") if _, err = p.SSHCommand(fmt.Sprintf("printf %%s \"%s\" | sudo tee %s", dkrcfg.EngineOptions, dkrcfg.EngineOptionsPath)); err != nil { return err } if err := p.Service("docker", serviceaction.Start); err != nil { return err } return waitForDocker(p, dockerPort) }
func ConfigureAuth(p Provisioner) error { var ( err error ) driver := p.GetDriver() machineName := driver.GetMachineName() authOptions := p.GetAuthOptions() org := mcnutils.GetUsername() + "." + machineName bits := 2048 ip, err := driver.GetIP() if err != nil { return err } log.Info("Copying certs to the local machine directory...") if err := mcnutils.CopyFile(authOptions.CaCertPath, filepath.Join(authOptions.StorePath, "ca.pem")); err != nil { return fmt.Errorf("Copying ca.pem to machine dir failed: %s", err) } if err := mcnutils.CopyFile(authOptions.ClientCertPath, filepath.Join(authOptions.StorePath, "cert.pem")); err != nil { return fmt.Errorf("Copying cert.pem to machine dir failed: %s", err) } if err := mcnutils.CopyFile(authOptions.ClientKeyPath, filepath.Join(authOptions.StorePath, "key.pem")); err != nil { return fmt.Errorf("Copying key.pem to machine dir failed: %s", err) } log.Debugf("generating server cert: %s ca-key=%s private-key=%s org=%s", authOptions.ServerCertPath, authOptions.CaCertPath, authOptions.CaPrivateKeyPath, org, ) // TODO: Switch to passing just authOptions to this func // instead of all these individual fields err = cert.GenerateCert( []string{ip, "localhost"}, authOptions.ServerCertPath, authOptions.ServerKeyPath, authOptions.CaCertPath, authOptions.CaPrivateKeyPath, org, bits, ) if err != nil { return fmt.Errorf("error generating server cert: %s", err) } if err := p.Service("docker", serviceaction.Stop); err != nil { return err } // upload certs and configure TLS auth caCert, err := ioutil.ReadFile(authOptions.CaCertPath) if err != nil { return err } serverCert, err := ioutil.ReadFile(authOptions.ServerCertPath) if err != nil { return err } serverKey, err := ioutil.ReadFile(authOptions.ServerKeyPath) if err != nil { return err } log.Info("Copying certs to the remote machine...") // Create the file with echo then move it to its proper location certTransferCmdFmt := fmt.Sprintf( "%s && %s", "echo -e %q > /tmp/docker_cert", p.GetDriver().SSHSudo("mv /tmp/docker_cert %s"), ) // These ones are for Jessie and Mike <3 <3 <3 if _, err := p.SSHCommand(fmt.Sprintf(certTransferCmdFmt, string(caCert), authOptions.CaCertRemotePath)); err != nil { return err } if _, err := p.SSHCommand(fmt.Sprintf(certTransferCmdFmt, string(serverCert), authOptions.ServerCertRemotePath)); err != nil { return err } if _, err := p.SSHCommand(fmt.Sprintf(certTransferCmdFmt, string(serverKey), authOptions.ServerKeyRemotePath)); err != nil { return err } dockerUrl, err := driver.GetURL() if err != nil { return err } u, err := url.Parse(dockerUrl) if err != nil { return err } dockerPort := 2376 parts := strings.Split(u.Host, ":") if len(parts) == 2 { dPort, err := strconv.Atoi(parts[1]) if err != nil { return err } dockerPort = dPort } dkrcfg, err := p.GenerateDockerOptions(dockerPort) if err != nil { return err } log.Info("Setting Docker configuration on the remote daemon...") // Create the file with echo then move it to its proper location move_config_command := fmt.Sprintf( "echo -e %q > /tmp/docker_defaults && %s", dkrcfg.EngineOptions, p.GetDriver().SSHSudo("mv /tmp/docker_defaults %s"), ) if _, err = p.SSHCommand(fmt.Sprintf( move_config_command, dkrcfg.EngineOptionsPath, )); err != nil { return err } if err := p.Service("docker", serviceaction.Start); err != nil { return err } return waitForDocker(p, dockerPort) }