tls key generation

config/default.go

@@ -62,20 +62,19 @@ func NewConfig() *Config {
 					"-v=/init:/sbin/poweroff:ro " +
 					"-v=/init:/sbin/reboot:ro " +
 					"-v=/init:/sbin/halt:ro " +
+					"-v=/init:/sbin/tlsconf:ro " +
 					"-v=/init:/usr/bin/rancherctl:ro " +
 					"--volumes-from=system-state " +
 					"--net=host " +
 					"--pid=host " +
 					"console",
 			},
 			{
-				Cmd: []string{
-					"--name", "ntp",
-					"-d",
-					"--privileged",
-					"--net", "host",
+				Cmd: "--name=ntp " +
+					"-d " +
+					"--privileged " +
+					"--net=host " +
 					"ntp",
-				},
 			},
 		},
 		RescueContainer: &ContainerConfig{

main.go

@@ -12,6 +12,7 @@ import (
 	"github.com/rancherio/os/power"
 	"github.com/rancherio/os/respawn"
 	"github.com/rancherio/os/sysinit"
+	"github.com/rancherio/os/util"
 )
 
 func registerCmd(cmd string, mainFunc func()) {
@@ -41,7 +42,8 @@ func main() {
 	registerCmd("/sbin/halt", power.Halt)
 	registerCmd("/usr/bin/respawn", respawn.Main)
 	registerCmd("/usr/sbin/rancherctl", control.Main)
-
+        registerCmd("/sbin/tlsconf", util.TLSConf)
+
 	if !reexec.Init() {
 		log.Fatalf("Failed to find an entry point for %s", os.Args[0])
 	}

util/util.go

@@ -7,15 +7,109 @@ import (
 	"math/rand"
 	"os"
 	"path"
+	"path/filepath"
 	"syscall"
 
 	"github.com/docker/docker/pkg/mount"
+	machine_utils "github.com/docker/machine/utils"
 )
 
 var (
 	letters = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
 )
 
+
+func TLSConf() {
+	name := "rancher"
+	bits := 2048
+
+	vargs := os.Args
+
+	caCertPath := "ca.pem"
+	caKeyPath := "ca-key.pem"
+	outDir := "/var/run/"
+	generateCaCerts := true
+
+	inputCaKey := ""
+	inputCaCert := ""
+
+	for index := range vargs {
+		arg := vargs[index]
+		if arg == "--help" || arg == "-h" {
+			fmt.Println("run tlsconfig with no args to generate ca, cakey, server-key and server-cert in /var/run \n")
+			fmt.Println("--help or -h\t print this help text")
+			fmt.Println("--cakey\t\t path to existing certificate authority key (only use with -g)")
+			fmt.Println("--ca\t\t path to existing certificate authority (only use with -g)")
+			fmt.Println("--g \t\t generates server key and server cert from existing ca and caKey")
+			fmt.Println("--outdir \t the output directory to save the generate certs or keys")
+			return
+		} else if arg == "--outdir" {
+			if len(vargs) > index + 1 {
+				outDir = vargs[index+1]
+			} else {
+				fmt.Println("please specify a output directory")
+			}
+		} else if arg == "-g" {
+			generateCaCerts = false
+		} else if arg == "--cakey" {
+			if len(vargs) > index + 1 {
+				inputCaKey = vargs[index+1]
+			} else {
+				fmt.Println("please specify a input ca-key file path")
+			}
+		} else if arg == "--ca" {
+			if len(vargs) > index + 1 {
+				inputCaCert = vargs[index+1]
+			} else {
+				fmt.Println("please specify a input ca file path")
+			}
+		}
+	}
+
+	caCertPath = filepath.Join(outDir, caCertPath)
+	caKeyPath = filepath.Join(outDir, caKeyPath)
+
+	if generateCaCerts {
+		if err := machine_utils.GenerateCACertificate(caCertPath, caKeyPath, name, bits); err != nil {
+			fmt.Println(err.Error())
+			return
+		}
+	} else {
+		if inputCaKey == "" || inputCaCert == "" {
+			fmt.Println("Please specify caKey and CaCert along with -g")
+			return
+		}
+
+		if _, err := os.Stat(inputCaKey); err != nil {
+			//throw error if input ca key not found
+			fmt.Printf("ERROR: %s does not exist\n", inputCaKey)
+			return
+		} else {
+			caKeyPath = inputCaKey
+		}
+
+		if _, err := os.Stat(inputCaCert); err != nil {
+			fmt.Printf("ERROR: %s does not exist\n", inputCaCert)
+			return
+		} else {
+			caCertPath = inputCaCert
+		}
+	}
+
+	serverCertPath := "server-cert.pem"
+	serverCertPath = filepath.Join(outDir, serverCertPath)
+
+	serverKeyPath := "server-key.pem"
+	serverKeyPath = filepath.Join(outDir, serverKeyPath)
+
+	if err := machine_utils.GenerateCert([]string{""}, serverCertPath, serverKeyPath, caCertPath, caKeyPath, name, bits); err != nil {
+		fmt.Println(err.Error())
+		return
+	}
+
+}
+
+
 func mountProc() error {
 	if _, err := os.Stat("/proc/self/mountinfo"); os.IsNotExist(err) {
 		if _, err := os.Stat("/proc"); os.IsNotExist(err) {