public
/
dotege
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Docker template generator
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
30 Commits
1 Branch
Tree: 93f6cdc494
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '93f6cdc494'
${ noResults }
dotege/dotege.go

dotege.go 6.9KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245 
  1. package main

  2. 

  3. import (

  4. 	"fmt"

  5. 	"github.com/csmith/dotege/model"

  6. 	"github.com/docker/docker/client"

  7. 	"github.com/xenolf/lego/certcrypto"

  8. 	"github.com/xenolf/lego/lego"

  9. 	"go.uber.org/zap"

  10. 	"go.uber.org/zap/zapcore"

  11. 	"io/ioutil"

  12. 	"os"

  13. 	"os/signal"

  14. 	"path"

  15. 	"strings"

  16. 	"syscall"

  17. 	"time"

  18. )

  19. 

  20. const (

  21. 	envCertDestinationKey         = "DOTEGE_CERT_DESTINATION"

  22. 	envCertDestinationDefault     = "/data/certs/"

  23. 	envDnsProviderKey             = "DOTEGE_DNS_PROVIDER"

  24. 	envAcmeEmailKey               = "DOTEGE_ACME_EMAIL"

  25. 	envAcmeEndpointKey            = "DOTEGE_ACME_ENDPOINT"

  26. 	envAcmeKeyTypeKey             = "DOTEGE_ACME_KEY_TYPE"

  27. 	envAcmeKeyTypeDefault         = "P384"

  28. 	envAcmeCacheLocationKey       = "DOTEGE_ACME_CACHE_FILE"

  29. 	envAcmeCacheLocationDefault   = "/data/config/certs.json"

  30. 	envTemplateDestinationKey     = "DOTEGE_TEMPLATE_DESTINATION"

  31. 	envTemplateDestinationDefault = "/data/output/haproxy.cfg"

  32. 	envTemplateSourceKey          = "DOTEGE_TEMPLATE_SOURCE"

  33. 	envTemplateSourceDefault      = "./templates/haproxy.cfg.tpl"

  34. )

  35. 

  36. var (

  37. 	logger             *zap.SugaredLogger

  38. 	certificateManager *CertificateManager

  39. 	config             *model.Config

  40. )

  41. 

  42. func requiredVar(key string) (value string) {

  43. 	value, ok := os.LookupEnv(key)

  44. 	if !ok {

  45. 		panic(fmt.Errorf("required environmental variable not defined: %s", key))

  46. 	}

  47. 	return

  48. }

  49. 

  50. func optionalVar(key string, fallback string) (value string) {

  51. 	value, ok := os.LookupEnv(key)

  52. 	if !ok {

  53. 		value = fallback

  54. 	}

  55. 	return

  56. }

  57. 

  58. func monitorSignals() <-chan bool {

  59. 	signals := make(chan os.Signal, 1)

  60. 	done := make(chan bool, 1)

  61. 

  62. 	signal.Notify(signals, syscall.SIGINT, syscall.SIGTERM)

  63. 

  64. 	go func() {

  65. 		sig := <-signals

  66. 		fmt.Printf("Received %s signal\n", sig)

  67. 		done <- true

  68. 	}()

  69. 

  70. 	return done

  71. }

  72. 

  73. func createLogger() *zap.SugaredLogger {

  74. 	zapConfig := zap.NewDevelopmentConfig()

  75. 	zapConfig.DisableCaller = true

  76. 	zapConfig.DisableStacktrace = true

  77. 	zapConfig.EncoderConfig.EncodeLevel = zapcore.CapitalColorLevelEncoder

  78. 	zapConfig.OutputPaths = []string{"stdout"}

  79. 	zapConfig.ErrorOutputPaths = []string{"stdout"}

  80. 	logger, _ := zapConfig.Build()

  81. 	return logger.Sugar()

  82. }

  83. 

  84. func createConfig() {

  85. 	config = &model.Config{

  86. 		Templates: []model.TemplateConfig{

  87. 			{

  88. 				Source:      optionalVar(envTemplateSourceKey, envTemplateSourceDefault),

  89. 				Destination: optionalVar(envTemplateDestinationKey, envTemplateDestinationDefault),

  90. 			},

  91. 		},

  92. 		Labels: model.LabelConfig{

  93. 			Hostnames:   "com.chameth.vhost",

  94. 			RequireAuth: "com.chameth.auth",

  95. 		},

  96. 		Acme: model.AcmeConfig{

  97. 			DnsProvider:   requiredVar(envDnsProviderKey),

  98. 			Email:         requiredVar(envAcmeEmailKey),

  99. 			Endpoint:      optionalVar(envAcmeEndpointKey, lego.LEDirectoryProduction),

  100. 			KeyType:       certcrypto.KeyType(optionalVar(envAcmeKeyTypeKey, envAcmeKeyTypeDefault)),

  101. 			CacheLocation: optionalVar(envAcmeCacheLocationKey, envAcmeCacheLocationDefault),

  102. 		},

  103. 		DefaultCertActions:     model.COMBINE | model.FLATTEN,

  104. 		DefaultCertDestination: optionalVar(envCertDestinationKey, envCertDestinationDefault),

  105. 	}

  106. }

  107. 

  108. func createTemplateGenerator(templates []model.TemplateConfig) *TemplateGenerator {

  109. 	templateGenerator := NewTemplateGenerator(logger)

  110. 	for _, template := range templates {

  111. 		templateGenerator.AddTemplate(template)

  112. 	}

  113. 	return templateGenerator

  114. }

  115. 

  116. func createCertificateManager(config model.AcmeConfig) {

  117. 	certificateManager = NewCertificateManager(logger, config.Endpoint, config.KeyType, config.DnsProvider, config.CacheLocation)

  118. 	err := certificateManager.Init(config.Email)

  119. 	if err != nil {

  120. 		panic(err)

  121. 	}

  122. }

  123. 

  124. func main() {

  125. 	logger = createLogger()

  126. 	logger.Info("Dotege is starting")

  127. 

  128. 	doneChan := monitorSignals()

  129. 	createConfig()

  130. 

  131. 	dockerStopChan := make(chan struct{})

  132. 	dockerClient, err := client.NewEnvClient()

  133. 	if err != nil {

  134. 		panic(err)

  135. 	}

  136. 

  137. 	templateGenerator := createTemplateGenerator(config.Templates)

  138. 	createCertificateManager(config.Acme)

  139. 

  140. 	jitterTimer := time.NewTimer(time.Minute)

  141. 	redeployTimer := time.NewTicker(time.Hour * 24)

  142. 	containers := make(map[string]*model.Container)

  143. 

  144. 	go func() {

  145. 		err := monitorContainers(dockerClient, dockerStopChan, func(container *model.Container) {

  146. 			containers[container.Name] = container

  147. 			jitterTimer.Reset(100 * time.Millisecond)

  148. 			deployCertForContainer(container)

  149. 		}, func(name string) {

  150. 			delete(containers, name)

  151. 			jitterTimer.Reset(100 * time.Millisecond)

  152. 		})

  153. 

  154. 		if err != nil {

  155. 			logger.Fatal("Error monitoring containers: ", err.Error())

  156. 		}

  157. 	}()

  158. 

  159. 	go func() {

  160. 		for {

  161. 			select {

  162. 			case <-jitterTimer.C:

  163. 				hostnames := getHostnames(containers, *config)

  164. 				templateGenerator.Generate(Context{

  165. 					Containers: containers,

  166. 					Hostnames:  hostnames,

  167. 				})

  168. 			case <-redeployTimer.C:

  169. 				logger.Info("Performing periodic certificate refresh")

  170. 				for _, container := range containers {

  171. 					deployCertForContainer(container)

  172. 				}

  173. 			}

  174. 		}

  175. 	}()

  176. 

  177. 	<-doneChan

  178. 

  179. 	dockerStopChan <- struct{}{}

  180. 	err = dockerClient.Close()

  181. 	if err != nil {

  182. 		panic(err)

  183. 	}

  184. }

  185. 

  186. func getHostnamesForContainer(container *model.Container) []string {

  187. 	if label, ok := container.Labels[config.Labels.Hostnames]; ok {

  188. 		return strings.Split(strings.Replace(label, ",", " ", -1), " ")

  189. 	} else {

  190. 		return []string{}

  191. 	}

  192. }

  193. 

  194. func getHostnames(containers map[string]*model.Container, config model.Config) (hostnames map[string]*model.Hostname) {

  195. 	hostnames = make(map[string]*model.Hostname)

  196. 	for _, container := range containers {

  197. 		if label, ok := container.Labels[config.Labels.Hostnames]; ok {

  198. 			names := strings.Split(strings.Replace(label, ",", " ", -1), " ")

  199. 			if hostname, ok := hostnames[names[0]]; ok {

  200. 				hostname.Containers = append(hostname.Containers, container)

  201. 			} else {

  202. 				hostnames[names[0]] = &model.Hostname{

  203. 					Name:            names[0],

  204. 					Alternatives:    make(map[string]bool),

  205. 					Containers:      []*model.Container{container},

  206. 					CertActions:     config.DefaultCertActions,

  207. 					CertDestination: config.DefaultCertDestination,

  208. 				}

  209. 			}

  210. 			addAlternatives(hostnames[names[0]], names[1:])

  211. 

  212. 			if label, ok = container.Labels[config.Labels.RequireAuth]; ok {

  213. 				hostnames[names[0]].RequiresAuth = true

  214. 				hostnames[names[0]].AuthGroup = label

  215. 			}

  216. 		}

  217. 	}

  218. 	return

  219. }

  220. 

  221. func addAlternatives(hostname *model.Hostname, alternatives []string) {

  222. 	for _, alternative := range alternatives {

  223. 		hostname.Alternatives[alternative] = true

  224. 	}

  225. }

  226. 

  227. func deployCertForContainer(container *model.Container) {

  228. 	err, cert := certificateManager.GetCertificate(getHostnamesForContainer(container))

  229. 	if err != nil {

  230. 		logger.Warnf("Unable to generate certificate for %s: %s", container.Name, err.Error())

  231. 	} else {

  232. 		deployCert(cert)

  233. 	}

  234. }

  235. 

  236. func deployCert(certificate *SavedCertificate) {

  237. 	target := path.Join(config.DefaultCertDestination, fmt.Sprintf("%s.pem", certificate.Domains[0]))

  238. 

  239. 	err := ioutil.WriteFile(target, append(certificate.Certificate, certificate.PrivateKey...), 0700)

  240. 	if err != nil {

  241. 		logger.Warnf("Unable to write certificate %s - %s", target, err.Error())

  242. 	} else {

  243. 		logger.Infof("Updated certificate file %s", target)

  244. 	}

  245. }