public
/
dotege
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Docker template generator
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
42 Commits
1 Branch
Tree: a0ee5f3f04
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a0ee5f3f04'
${ noResults }
dotege/dotege.go

dotege.go 6.3KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250 
  1. package main

  2. 

  3. import (

  4. 	"bytes"

  5. 	"context"

  6. 	"fmt"

  7. 	"github.com/docker/docker/client"

  8. 	"go.uber.org/zap"

  9. 	"go.uber.org/zap/zapcore"

  10. 	"io/ioutil"

  11. 	"os"

  12. 	"os/signal"

  13. 	"path"

  14. 	"strings"

  15. 	"syscall"

  16. 	"time"

  17. )

  18. 

  19. // Container models a docker container that is running on the system.

  20. type Container struct {

  21. 	Id     string

  22. 	Name   string

  23. 	Labels map[string]string

  24. }

  25. 

  26. // Hostname describes a DNS name used for proxying, retrieving certificates, etc.

  27. type Hostname struct {

  28. 	Name            string

  29. 	Alternatives    map[string]bool

  30. 	Containers      []*Container

  31. 	CertDestination string

  32. 	RequiresAuth    bool

  33. 	AuthGroup       string

  34. }

  35. 

  36. var (

  37. 	logger             *zap.SugaredLogger

  38. 	certificateManager *CertificateManager

  39. 	config             *Config

  40. 	dockerClient       *client.Client

  41. 	containers         = make(map[string]*Container)

  42. )

  43. 

  44. func monitorSignals() <-chan bool {

  45. 	signals := make(chan os.Signal, 1)

  46. 	done := make(chan bool, 1)

  47. 

  48. 	signal.Notify(signals, syscall.SIGINT, syscall.SIGTERM)

  49. 

  50. 	go func() {

  51. 		sig := <-signals

  52. 		fmt.Printf("Received %s signal\n", sig)

  53. 		done <- true

  54. 	}()

  55. 

  56. 	return done

  57. }

  58. 

  59. func createLogger() *zap.SugaredLogger {

  60. 	zapConfig := zap.NewDevelopmentConfig()

  61. 	zapConfig.DisableCaller = true

  62. 	zapConfig.DisableStacktrace = true

  63. 	zapConfig.EncoderConfig.EncodeLevel = zapcore.CapitalColorLevelEncoder

  64. 	zapConfig.OutputPaths = []string{"stdout"}

  65. 	zapConfig.ErrorOutputPaths = []string{"stdout"}

  66. 	logger, _ := zapConfig.Build()

  67. 	return logger.Sugar()

  68. }

  69. 

  70. func createTemplateGenerator(templates []TemplateConfig) *TemplateGenerator {

  71. 	templateGenerator := NewTemplateGenerator()

  72. 	for _, template := range templates {

  73. 		templateGenerator.AddTemplate(template)

  74. 	}

  75. 	return templateGenerator

  76. }

  77. 

  78. func createCertificateManager(config AcmeConfig) {

  79. 	certificateManager = NewCertificateManager(logger, config.Endpoint, config.KeyType, config.DnsProvider, config.CacheLocation)

  80. 	err := certificateManager.Init(config.Email)

  81. 	if err != nil {

  82. 		panic(err)

  83. 	}

  84. }

  85. 

  86. func main() {

  87. 	logger = createLogger()

  88. 	logger.Info("Dotege is starting")

  89. 

  90. 	doneChan := monitorSignals()

  91. 	createConfig()

  92. 

  93. 	var err error

  94. 	dockerStopChan := make(chan struct{})

  95. 	dockerClient, err = client.NewEnvClient()

  96. 	if err != nil {

  97. 		panic(err)

  98. 	}

  99. 

  100. 	templateGenerator := createTemplateGenerator(config.Templates)

  101. 	createCertificateManager(config.Acme)

  102. 

  103. 	jitterTimer := time.NewTimer(time.Minute)

  104. 	redeployTimer := time.NewTicker(time.Hour * 24)

  105. 	updatedContainers := make(map[string]*Container)

  106. 

  107. 	go func() {

  108. 		err := monitorContainers(dockerClient, dockerStopChan, func(container *Container) {

  109. 			containers[container.Name] = container

  110. 			updatedContainers[container.Name] = container

  111. 			jitterTimer.Reset(100 * time.Millisecond)

  112. 		}, func(name string) {

  113. 			delete(updatedContainers, name)

  114. 			delete(containers, name)

  115. 			jitterTimer.Reset(100 * time.Millisecond)

  116. 		})

  117. 

  118. 		if err != nil {

  119. 			logger.Fatal("Error monitoring containers: ", err.Error())

  120. 		}

  121. 	}()

  122. 

  123. 	go func() {

  124. 		for {

  125. 			select {

  126. 			case <-jitterTimer.C:

  127. 				hostnames := getHostnames(containers)

  128. 				updated := templateGenerator.Generate(Context{

  129. 					Containers: containers,

  130. 					Hostnames:  hostnames,

  131. 				})

  132. 

  133. 				for name, container := range updatedContainers {

  134. 					certDeployed := deployCertForContainer(container)

  135. 					updated = updated || certDeployed

  136. 					delete(updatedContainers, name)

  137. 				}

  138. 

  139. 				if updated {

  140. 					signalContainer()

  141. 				}

  142. 			case <-redeployTimer.C:

  143. 				logger.Info("Performing periodic certificate refresh")

  144. 				for _, container := range containers {

  145. 					deployCertForContainer(container)

  146. 					signalContainer()

  147. 				}

  148. 			}

  149. 		}

  150. 	}()

  151. 

  152. 	<-doneChan

  153. 

  154. 	dockerStopChan <- struct{}{}

  155. 	err = dockerClient.Close()

  156. 	if err != nil {

  157. 		panic(err)

  158. 	}

  159. }

  160. 

  161. func signalContainer() {

  162. 	for _, s := range config.Signals {

  163. 		container, ok := containers[s.Name]

  164. 		if ok {

  165. 			logger.Debugf("Killing container %s with signal %s", s.Name, s.Signal)

  166. 			err := dockerClient.ContainerKill(context.Background(), container.Id, s.Signal)

  167. 			if err != nil {

  168. 				logger.Errorf("Unable to send signal %s to container %s: %s", s.Signal, s.Name, err.Error())

  169. 			}

  170. 		} else {

  171. 			logger.Warnf("Couldn't signal container %s as it is not running", s.Name)

  172. 		}

  173. 	}

  174. }

  175. 

  176. func getHostnamesForContainer(container *Container) []string {

  177. 	if label, ok := container.Labels[config.Labels.Hostnames]; ok {

  178. 		return strings.Split(strings.Replace(label, ",", " ", -1), " ")

  179. 	} else {

  180. 		return []string{}

  181. 	}

  182. }

  183. 

  184. func getHostnames(containers map[string]*Container) (hostnames map[string]*Hostname) {

  185. 	hostnames = make(map[string]*Hostname)

  186. 	for _, container := range containers {

  187. 		if label, ok := container.Labels[config.Labels.Hostnames]; ok {

  188. 			names := strings.Split(strings.Replace(label, ",", " ", -1), " ")

  189. 			if hostname, ok := hostnames[names[0]]; ok {

  190. 				hostname.Containers = append(hostname.Containers, container)

  191. 			} else {

  192. 				hostnames[names[0]] = &Hostname{

  193. 					Name:            names[0],

  194. 					Alternatives:    make(map[string]bool),

  195. 					Containers:      []*Container{container},

  196. 					CertDestination: config.DefaultCertDestination,

  197. 				}

  198. 			}

  199. 			addAlternatives(hostnames[names[0]], names[1:])

  200. 

  201. 			if label, ok = container.Labels[config.Labels.RequireAuth]; ok {

  202. 				hostnames[names[0]].RequiresAuth = true

  203. 				hostnames[names[0]].AuthGroup = label

  204. 			}

  205. 		}

  206. 	}

  207. 	return

  208. }

  209. 

  210. func addAlternatives(hostname *Hostname, alternatives []string) {

  211. 	for _, alternative := range alternatives {

  212. 		hostname.Alternatives[alternative] = true

  213. 	}

  214. }

  215. 

  216. func deployCertForContainer(container *Container) bool {

  217. 	hostnames := getHostnamesForContainer(container)

  218. 	if len(hostnames) == 0 {

  219. 		logger.Debugf("No labels found for container %s", container.Name)

  220. 		return false

  221. 	}

  222. 

  223. 	err, cert := certificateManager.GetCertificate(hostnames)

  224. 	if err != nil {

  225. 		logger.Warnf("Unable to generate certificate for %s: %s", container.Name, err.Error())

  226. 		return false

  227. 	} else {

  228. 		return deployCert(cert)

  229. 	}

  230. }

  231. 

  232. func deployCert(certificate *SavedCertificate) bool {

  233. 	target := path.Join(config.DefaultCertDestination, fmt.Sprintf("%s.pem", certificate.Domains[0]))

  234. 	content := append(certificate.Certificate, certificate.PrivateKey...)

  235. 

  236. 	buf, _ := ioutil.ReadFile(target)

  237. 	if bytes.Equal(buf, content) {

  238. 		logger.Debugf("Certificate was up to date: %s", target)

  239. 		return false

  240. 	}

  241. 

  242. 	err := ioutil.WriteFile(target, content, 0700)

  243. 	if err != nil {

  244. 		logger.Warnf("Unable to write certificate %s - %s", target, err.Error())

  245. 		return false

  246. 	} else {

  247. 		logger.Infof("Updated certificate file %s", target)

  248. 		return true

  249. 	}

  250. }