|
7 | 7 | "log"
|
8 | 8 | "os"
|
9 | 9 | "os/exec"
|
| 10 | + "path/filepath" |
10 | 11 | "strings"
|
11 | 12 | "sync"
|
12 | 13 | "time"
|
|
33 | 34 | tlsKey string
|
34 | 35 | tlsCaCert string
|
35 | 36 | tlsVerify bool
|
| 37 | + tlsCertPath string |
36 | 38 | wg sync.WaitGroup
|
37 | 39 | )
|
38 | 40 |
|
@@ -152,16 +154,42 @@ func (r *RuntimeContainer) PublishedAddresses() []Address {
|
152 | 154 | }
|
153 | 155 |
|
154 | 156 | func usage() {
|
155 |
| - println("Usage: docker-gen [-config file] [-watch=false] [-notify=\"restart xyz\"] [-notify-sighup=\"container-ID\"] [-interval=0] [-endpoint tcp|unix://..] [-tlscert file] [-tlskey file] [-tlscacert file] [-tlsverify] <template> [<dest>]") |
| 157 | + println(`Usage: docker-gen [options] template [dest] |
| 158 | +
|
| 159 | +Generate files from docker container meta-data |
| 160 | +
|
| 161 | +Options:`) |
| 162 | + flag.PrintDefaults() |
| 163 | + |
| 164 | + println(` |
| 165 | +Arguments: |
| 166 | + template - path to a template to generate |
| 167 | + dest - path to a write the template. If not specfied, STDOUT is used`) |
| 168 | + |
| 169 | + println(` |
| 170 | +Environment Variables: |
| 171 | + DOCKER_HOST - default value for -endpoint |
| 172 | + DOCKER_CERT_PATH - directory path containing key.pem, cert.pm and ca.pem |
| 173 | + DOCKER_TLS_VERIFY - enable client TLS verification |
| 174 | +`) |
| 175 | +} |
| 176 | + |
| 177 | +func tlsEnabled() bool { |
| 178 | + for _, v := range []string{tlsCert, tlsCaCert, tlsKey} { |
| 179 | + if e, err := pathExists(v); e && err == nil { |
| 180 | + return true |
| 181 | + } |
| 182 | + } |
| 183 | + return false |
156 | 184 | }
|
157 | 185 |
|
158 | 186 | func NewDockerClient(endpoint string) (*docker.Client, error) {
|
159 | 187 | if strings.HasPrefix(endpoint, "unix:") {
|
160 | 188 | return docker.NewClient(endpoint)
|
161 |
| - } else if tlsVerify || tlsCert != "" || tlsKey != "" || tlsCaCert != "" { |
| 189 | + } else if tlsVerify || tlsEnabled() { |
162 | 190 | if tlsVerify {
|
163 |
| - if tlsCaCert == "" { |
164 |
| - return nil, errors.New("TLS verification was requested, but no -tlscacert was provided") |
| 191 | + if e, err := pathExists(tlsCaCert); !e || err != nil { |
| 192 | + return nil, errors.New("TLS verification was requested, but CA cert does not exist") |
165 | 193 | }
|
166 | 194 | }
|
167 | 195 |
|
@@ -347,19 +375,29 @@ func generateFromEvents(client *docker.Client, configs ConfigFile) {
|
347 | 375 | }
|
348 | 376 |
|
349 | 377 | func initFlags() {
|
| 378 | + |
| 379 | + certPath := filepath.Join(os.Getenv("DOCKER_CERT_PATH")) |
| 380 | + if certPath == "" { |
| 381 | + certPath = filepath.Join(os.Getenv("HOME"), ".docker") |
| 382 | + } |
350 | 383 | flag.BoolVar(&version, "version", false, "show version")
|
351 | 384 | flag.BoolVar(&watch, "watch", false, "watch for container changes")
|
352 | 385 | flag.BoolVar(&onlyExposed, "only-exposed", false, "only include containers with exposed ports")
|
353 |
| - flag.BoolVar(&onlyPublished, "only-published", false, "only include containers with published ports (implies -only-exposed)") |
354 |
| - flag.StringVar(¬ifyCmd, "notify", "", "run command after template is regenerated") |
355 |
| - flag.StringVar(¬ifySigHUPContainerID, "notify-sighup", "", "send HUP signal to container. Equivalent to `docker kill -s HUP container-ID`") |
| 386 | + |
| 387 | + flag.BoolVar(&onlyPublished, "only-published", false, |
| 388 | + "only include containers with published ports (implies -only-exposed)") |
| 389 | + flag.StringVar(¬ifyCmd, "notify", "", "run command after template is regenerated (e.g `restart xyz`)") |
| 390 | + flag.StringVar(¬ifySigHUPContainerID, "notify-sighup", "", |
| 391 | + "send HUP signal to container. Equivalent to `docker kill -s HUP container-ID`") |
356 | 392 | flag.Var(&configFiles, "config", "config files with template directives. Config files will be merged if this option is specified multiple times.")
|
357 |
| - flag.IntVar(&interval, "interval", 0, "notify command interval (s)") |
358 |
| - flag.StringVar(&endpoint, "endpoint", "", "docker api endpoint") |
359 |
| - flag.StringVar(&tlsCert, "tlscert", "", "path to TLS client certificate file") |
360 |
| - flag.StringVar(&tlsKey, "tlskey", "", "path to TLS client key file") |
361 |
| - flag.StringVar(&tlsCaCert, "tlscacert", "", "path to TLS CA certificate file") |
362 |
| - flag.BoolVar(&tlsVerify, "tlsverify", false, "verify docker daemon's TLS certicate") |
| 393 | + flag.IntVar(&interval, "interval", 0, "notify command interval (secs)") |
| 394 | + flag.StringVar(&endpoint, "endpoint", "", "docker api endpoint (tcp|unix://..). Default unix:///var/run/docker.sock") |
| 395 | + flag.StringVar(&tlsCert, "tlscert", filepath.Join(certPath, "cert.pem"), "path to TLS client certificate file") |
| 396 | + flag.StringVar(&tlsKey, "tlskey", filepath.Join(certPath, "key.pem"), "path to TLS client key file") |
| 397 | + flag.StringVar(&tlsCaCert, "tlscacert", filepath.Join(certPath, "ca.pem"), "path to TLS CA certificate file") |
| 398 | + flag.BoolVar(&tlsVerify, "tlsverify", os.Getenv("DOCKER_TLS_VERIFY") != "", "verify docker daemon's TLS certicate") |
| 399 | + |
| 400 | + flag.Usage = usage |
363 | 401 | flag.Parse()
|
364 | 402 | }
|
365 | 403 |
|
|
0 commit comments