From 707894d5940b3e9013c772d2f9acd2b2828f55fe Mon Sep 17 00:00:00 2001 From: sidharthamani Date: Tue, 17 Feb 2015 15:27:13 -0800 Subject: [PATCH] tls key generation --- config/default.go | 11 +++--- main.go | 4 +- util/util.go | 94 +++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 102 insertions(+), 7 deletions(-) diff --git a/config/default.go b/config/default.go index 295fd85a8..0af5ca16f 100644 --- a/config/default.go +++ b/config/default.go @@ -62,6 +62,7 @@ func NewConfig() *Config { "-v=/init:/sbin/poweroff:ro " + "-v=/init:/sbin/reboot:ro " + "-v=/init:/sbin/halt:ro " + + "-v=/init:/sbin/tlsconf:ro " + "-v=/init:/usr/bin/rancherctl:ro " + "--volumes-from=system-state " + "--net=host " + @@ -69,13 +70,11 @@ func NewConfig() *Config { "console", }, { - Cmd: []string{ - "--name", "ntp", - "-d", - "--privileged", - "--net", "host", + Cmd: "--name=ntp " + + "-d " + + "--privileged " + + "--net=host " + "ntp", - }, }, }, RescueContainer: &ContainerConfig{ diff --git a/main.go b/main.go index 72f317d91..14d09492a 100644 --- a/main.go +++ b/main.go @@ -12,6 +12,7 @@ import ( "github.com/rancherio/os/power" "github.com/rancherio/os/respawn" "github.com/rancherio/os/sysinit" + "github.com/rancherio/os/util" ) func registerCmd(cmd string, mainFunc func()) { @@ -41,7 +42,8 @@ func main() { registerCmd("/sbin/halt", power.Halt) registerCmd("/usr/bin/respawn", respawn.Main) registerCmd("/usr/sbin/rancherctl", control.Main) - + registerCmd("/sbin/tlsconf", util.TLSConf) + if !reexec.Init() { log.Fatalf("Failed to find an entry point for %s", os.Args[0]) } diff --git a/util/util.go b/util/util.go index 7ff379bef..7d168b416 100644 --- a/util/util.go +++ b/util/util.go @@ -7,15 +7,109 @@ import ( "math/rand" "os" "path" + "path/filepath" "syscall" "github.com/docker/docker/pkg/mount" + machine_utils "github.com/docker/machine/utils" ) var ( letters = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ") ) + +func TLSConf() { + name := "rancher" + bits := 2048 + + vargs := os.Args + + caCertPath := "ca.pem" + caKeyPath := "ca-key.pem" + outDir := "/var/run/" + generateCaCerts := true + + inputCaKey := "" + inputCaCert := "" + + for index := range vargs { + arg := vargs[index] + if arg == "--help" || arg == "-h" { + fmt.Println("run tlsconfig with no args to generate ca, cakey, server-key and server-cert in /var/run \n") + fmt.Println("--help or -h\t print this help text") + fmt.Println("--cakey\t\t path to existing certificate authority key (only use with -g)") + fmt.Println("--ca\t\t path to existing certificate authority (only use with -g)") + fmt.Println("--g \t\t generates server key and server cert from existing ca and caKey") + fmt.Println("--outdir \t the output directory to save the generate certs or keys") + return + } else if arg == "--outdir" { + if len(vargs) > index + 1 { + outDir = vargs[index+1] + } else { + fmt.Println("please specify a output directory") + } + } else if arg == "-g" { + generateCaCerts = false + } else if arg == "--cakey" { + if len(vargs) > index + 1 { + inputCaKey = vargs[index+1] + } else { + fmt.Println("please specify a input ca-key file path") + } + } else if arg == "--ca" { + if len(vargs) > index + 1 { + inputCaCert = vargs[index+1] + } else { + fmt.Println("please specify a input ca file path") + } + } + } + + caCertPath = filepath.Join(outDir, caCertPath) + caKeyPath = filepath.Join(outDir, caKeyPath) + + if generateCaCerts { + if err := machine_utils.GenerateCACertificate(caCertPath, caKeyPath, name, bits); err != nil { + fmt.Println(err.Error()) + return + } + } else { + if inputCaKey == "" || inputCaCert == "" { + fmt.Println("Please specify caKey and CaCert along with -g") + return + } + + if _, err := os.Stat(inputCaKey); err != nil { + //throw error if input ca key not found + fmt.Printf("ERROR: %s does not exist\n", inputCaKey) + return + } else { + caKeyPath = inputCaKey + } + + if _, err := os.Stat(inputCaCert); err != nil { + fmt.Printf("ERROR: %s does not exist\n", inputCaCert) + return + } else { + caCertPath = inputCaCert + } + } + + serverCertPath := "server-cert.pem" + serverCertPath = filepath.Join(outDir, serverCertPath) + + serverKeyPath := "server-key.pem" + serverKeyPath = filepath.Join(outDir, serverKeyPath) + + if err := machine_utils.GenerateCert([]string{""}, serverCertPath, serverKeyPath, caCertPath, caKeyPath, name, bits); err != nil { + fmt.Println(err.Error()) + return + } + +} + + func mountProc() error { if _, err := os.Stat("/proc/self/mountinfo"); os.IsNotExist(err) { if _, err := os.Stat("/proc"); os.IsNotExist(err) {