func (provisioner *Boot2DockerProvisioner) Provision(swarmOptions swarm.SwarmOptions, authOptions auth.AuthOptions, engineOptions engine.EngineOptions) error {
	provisioner.SwarmOptions = swarmOptions
	provisioner.AuthOptions = authOptions
	provisioner.EngineOptions = engineOptions

	if provisioner.EngineOptions.StorageDriver == "" {
		provisioner.EngineOptions.StorageDriver = "aufs"

	if err := provisioner.SetHostname(provisioner.Driver.GetMachineName()); err != nil {
		return err

	ip, err := provisioner.GetDriver().GetIP()
	if err != nil {
		return err

	// b2d hosts need to wait for the daemon to be up
	// before continuing with provisioning
	if err := mcnutils.WaitForDocker(ip, 2376); err != nil {
		return err

	if err := makeDockerOptionsDir(provisioner); err != nil {
		return err

	provisioner.AuthOptions = setRemoteAuthOptions(provisioner)

	if err := ConfigureAuth(provisioner); err != nil {
		return err

	if err := configureSwarm(provisioner, swarmOptions, provisioner.AuthOptions); err != nil {
		return err

	return nil
func ConfigureAuth(p Provisioner) error {
	var (
		err error

	machineName := p.GetDriver().GetMachineName()
	authOptions := p.GetAuthOptions()
	org := machineName
	bits := 2048

	ip, err := p.GetDriver().GetIP()
	if err != nil {
		return err

	// copy certs to client dir for docker client
	machineDir := filepath.Join(p.GetDriver().LocalArtifactPath("."), machineName)

	if err := mcnutils.CopyFile(authOptions.CaCertPath, filepath.Join(machineDir, "ca.pem")); err != nil {
		log.Fatalf("Error copying ca.pem to machine dir: %s", err)

	if err := mcnutils.CopyFile(authOptions.ClientCertPath, filepath.Join(machineDir, "cert.pem")); err != nil {
		log.Fatalf("Error copying cert.pem to machine dir: %s", err)

	if err := mcnutils.CopyFile(authOptions.ClientKeyPath, filepath.Join(machineDir, "key.pem")); err != nil {
		log.Fatalf("Error copying key.pem to machine dir: %s", err)

	log.Debugf("generating server cert: %s ca-key=%s private-key=%s org=%s",

	// TODO: Switch to passing just authOptions to this func
	// instead of all these individual fields
	err = cert.GenerateCert(

	if err != nil {
		return fmt.Errorf("error generating server cert: %s", err)

	if err := p.Service("docker", pkgaction.Stop); err != nil {
		return err

	// upload certs and configure TLS auth
	caCert, err := ioutil.ReadFile(authOptions.CaCertPath)
	if err != nil {
		return err

	serverCert, err := ioutil.ReadFile(authOptions.ServerCertPath)
	if err != nil {
		return err
	serverKey, err := ioutil.ReadFile(authOptions.ServerKeyPath)
	if err != nil {
		return err

	// printf will choke if we don't pass a format string because of the
	// dashes, so that's the reason for the '%%s'
	certTransferCmdFmt := "printf '%%s' '%s' | sudo tee %s"

	// These ones are for Jessie and Mike <3 <3 <3
	if _, err := p.SSHCommand(fmt.Sprintf(certTransferCmdFmt, string(caCert), authOptions.CaCertRemotePath)); err != nil {
		return err

	if _, err := p.SSHCommand(fmt.Sprintf(certTransferCmdFmt, string(serverCert), authOptions.ServerCertRemotePath)); err != nil {
		return err

	if _, err := p.SSHCommand(fmt.Sprintf(certTransferCmdFmt, string(serverKey), authOptions.ServerKeyRemotePath)); err != nil {
		return err

	dockerUrl, err := p.GetDriver().GetURL()
	if err != nil {
		return err
	u, err := url.Parse(dockerUrl)
	if err != nil {
		return err
	dockerPort := 2376
	parts := strings.Split(u.Host, ":")
	if len(parts) == 2 {
		dPort, err := strconv.Atoi(parts[1])
		if err != nil {
			return err
		dockerPort = dPort

	dkrcfg, err := p.GenerateDockerOptions(dockerPort)
	if err != nil {
		return err

	if _, err = p.SSHCommand(fmt.Sprintf("printf %%s \"%s\" | sudo tee %s", dkrcfg.EngineOptions, dkrcfg.EngineOptionsPath)); err != nil {
		return err

	if err := p.Service("docker", pkgaction.Start); err != nil {
		return err

	// TODO: Do not hardcode daemon port, ask the driver
	if err := mcnutils.WaitForDocker(ip, dockerPort); err != nil {
		return err

	return nil