Add support for TLS

* New parameters: -tlscert, -tlskey, -tlscacert, -tlsverify

Author: md5

GLOCKFILE

@@ -1,2 +1,4 @@
 github.com/BurntSushi/toml f87ce853111478914f0bcffa34d43a93643e6eda
-github.com/fsouza/go-dockerclient 194816684825a3abf28d60e5243ec5240608414d
+github.com/Sirupsen/logrus 6ebb4e7b3c24b9fef150d7693e728cb1ebadf1f5
+github.com/docker/docker 9d65017069ff12fbf0a6f078ccf91bce42fc8ffb
+github.com/fsouza/go-dockerclient e23bddf4d999bdcb20dfc54b8266ce1159494798

docker-gen.go

@@ -26,6 +26,10 @@ var (
 	configs                 ConfigFile
 	interval                int
 	endpoint                string
+	tlsCert                 string
+	tlsKey                  string
+	tlsCaCert               string
+	tlsVerify               bool
 	wg                      sync.WaitGroup
 )
 
@@ -123,7 +127,7 @@ func (r *RuntimeContainer) PublishedAddresses() []Address {
 }
 
 func usage() {
-	println("Usage: docker-gen [-config file] [-watch=false] [-notify=\"restart xyz\"] [-notify-sighup=\"container-ID\"] [-interval=0] [-endpoint tcp|unix://..] <template> [<dest>]")
+	println("Usage: docker-gen [-config file] [-watch=false] [-notify=\"restart xyz\"] [-notify-sighup=\"container-ID\"] [-interval=0] [-endpoint tcp|unix://..] [-tlscert file] [-tlskey file] [-tlscacert file] [-tlsverify] <template> [<dest>]")
 }
 
 func generateFromContainers(client *docker.Client) {
@@ -225,8 +229,17 @@ func generateFromEvents(client *docker.Client, configs ConfigFile) {
 
 	wg.Add(1)
 	defer wg.Done()
+
+	eventChan := make(chan *docker.APIEvents, 100)
+	defer close(eventChan)
+
+	err := client.AddEventListener((chan<- *docker.APIEvents)(eventChan))
+	if err != nil {
+		log.Fatalf("Unable to add docker event listener: %s", err)
+	}
+	defer client.RemoveEventListener(eventChan)
+
 	log.Println("Watching docker events")
-	eventChan := getEvents()
 	for {
 		event := <-eventChan
 
@@ -235,7 +248,7 @@ func generateFromEvents(client *docker.Client, configs ConfigFile) {
 		}
 
 		if event.Status == "start" || event.Status == "stop" || event.Status == "die" {
-			log.Printf("Received event %s for container %s", event.Status, event.ContainerID[:12])
+			log.Printf("Received event %s for container %s", event.Status, event.ID[:12])
 			generateFromContainers(client)
 		}
 	}
@@ -251,6 +264,10 @@ func initFlags() {
 	flag.StringVar(&configFile, "config", "", "config file with template directives")
 	flag.IntVar(&interval, "interval", 0, "notify command interval (s)")
 	flag.StringVar(&endpoint, "endpoint", "", "docker api endpoint")
+	flag.StringVar(&tlsCert, "tlscert", "", "path to TLS client certificate file")
+	flag.StringVar(&tlsKey, "tlskey", "", "path to TLS client key file")
+	flag.StringVar(&tlsCaCert, "tlscacert", "", "path to TLS CA certificate file")
+	flag.BoolVar(&tlsVerify, "tlsverify", false, "verify docker daemon's TLS certicate")
 	flag.Parse()
 }
 
@@ -270,8 +287,7 @@ func main() {
 	if configFile != "" {
 		err := loadConfig(configFile)
 		if err != nil {
-			log.Printf("error loading config %s: %s\n", configFile, err)
-			os.Exit(1)
+			log.Fatalf("error loading config %s: %s\n", configFile, err)
 		}
 	} else {
 		config := Config{
@@ -296,9 +312,22 @@ func main() {
 		log.Fatalf("Bad endpoint: %s", err)
 	}
 
-	client, err := docker.NewClient(endpoint)
+	var client *docker.Client
+	if strings.HasPrefix(endpoint, "unix:") {
+		client, err = docker.NewClient(endpoint)
+	} else if tlsVerify || tlsCert != "" || tlsKey != "" || tlsCaCert != "" {
+		if tlsVerify {
+			if tlsCaCert == "" {
+				log.Fatal("TLS verification was requested, but no -tlscacert was provided")
+			}
+		}
+
+		client, err = docker.NewTLSClient(endpoint, tlsCert, tlsKey, tlsCaCert)
+	} else {
+		client, err = docker.NewClient(endpoint)
+	}
 	if err != nil {
-		log.Fatalf("Unable to parse %s: %s", endpoint, err)
+		log.Fatalf("Unable to create docker client: %s", err)
 	}
 
 	generateFromContainers(client)

docker_client.go

@@ -1,19 +1,10 @@
 package main
 
 import (
-	"encoding/json"
 	"fmt"
-	"io"
 	"log"
-	"net"
-	"net/http"
-	"net/http/httputil"
-	"os"
-	"os/signal"
 	"strconv"
 	"strings"
-	"syscall"
-	"time"
 
 	docker "github.com/fsouza/go-dockerclient"
 )
@@ -103,90 +94,6 @@ func splitDockerImage(img string) (string, string, string) {
 	return registry, repository, tag
 }
 
-func newConn() (*httputil.ClientConn, error) {
-	endpoint, err := getEndpoint()
-	if err != nil {
-		return nil, err
-	}
-
-	proto, addr, err := parseHost(endpoint)
-	if err != nil {
-		return nil, err
-	}
-
-	conn, err := net.Dial(proto, addr)
-	if err != nil {
-		return nil, err
-	}
-
-	return httputil.NewClientConn(conn, nil), nil
-}
-
-func getEvents() chan *Event {
-	eventChan := make(chan *Event, 100)
-	go func() {
-		defer close(eventChan)
-
-		for {
-
-			c, err := newConn()
-			if err != nil {
-				log.Printf("cannot connect to docker: %s\n", err)
-				time.Sleep(10 * time.Second)
-				continue
-			}
-
-			req, err := http.NewRequest("GET", "/events", nil)
-			if err != nil {
-				log.Printf("bad request for events: %s\n", err)
-				c.Close()
-				time.Sleep(10 * time.Second)
-				continue
-			}
-
-			resp, err := c.Do(req)
-			if err != nil {
-				log.Printf("cannot connect to events endpoint: %s\n", err)
-				c.Close()
-				time.Sleep(10 * time.Second)
-				continue
-			}
-
-			// handle signals to stop the socket
-			sigChan := make(chan os.Signal, 1)
-			signal.Notify(sigChan, os.Interrupt, syscall.SIGTERM, syscall.SIGQUIT)
-			go func() {
-				for sig := range sigChan {
-					log.Printf("received signal '%v', exiting\n", sig)
-
-					c.Close()
-					resp.Body.Close()
-					close(eventChan)
-					os.Exit(0)
-				}
-			}()
-
-			dec := json.NewDecoder(resp.Body)
-			for {
-				var event *Event
-				if err := dec.Decode(&event); err != nil || event.Status == "" {
-					if err == io.EOF || (event != nil && event.Status == "") {
-						log.Printf("connection closed")
-						break
-					}
-					log.Printf("cannot decode json: %s\n", err)
-					c.Close()
-					resp.Body.Close()
-					break
-				}
-
-				eventChan <- event
-			}
-		}
-	}()
-	return eventChan
-}
-
 func getContainers(client *docker.Client) ([]*RuntimeContainer, error) {
 
 	apiContainers, err := client.ListContainers(docker.ListContainersOptions{

utils.go

@@ -27,7 +27,7 @@ func getEndpoint() (string, error) {
 		}
 
 		if !exist {
-			return "", errors.New(host + " does not exists.")
+			return "", errors.New(host + " does not exist")
 		}
 	}
 

utils_test.go

@@ -9,10 +9,10 @@ import (
 func TestDefaultEndpoint(t *testing.T) {
 	endpoint, err := getEndpoint()
 	if err != nil {
-		t.Fatal("%s", err)
+		t.Fatalf("%s", err)
 	}
 	if endpoint != "unix:///var/run/docker.sock" {
-		t.Fatal("Expected unix:///var/run/docker.sock")
+		t.Fatalf("Expected unix:///var/run/docker.sock, got %s", endpoint)
 	}
 }
 
@@ -28,7 +28,7 @@ func TestDockerHostEndpoint(t *testing.T) {
 	}
 
 	if endpoint != "tcp://127.0.0.1:4243" {
-		t.Fatal("Expected tcp://127.0.0.1:4243")
+		t.Fatalf("Expected tcp://127.0.0.1:4243, got %s", endpoint)
 	}
 }
 
@@ -51,7 +51,7 @@ func TestDockerFlagEndpoint(t *testing.T) {
 		t.Fatal("%s", err)
 	}
 	if endpoint != "tcp://127.0.0.1:5555" {
-		t.Fatal("Expected tcp://127.0.0.1:5555")
+		t.Fatalf("Expected tcp://127.0.0.1:5555, got %s", endpoint)
 	}
 }