public
/
dotege
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Docker template generator
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
29 Commits
1 Branch
Tree: b8b1d93a08
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b8b1d93a08'
${ noResults }
dotege/dotege.go

dotege.go 6.3KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218 
  1. package main

  2. 

  3. import (

  4. 	"fmt"

  5. 	"github.com/csmith/dotege/model"

  6. 	"github.com/docker/docker/client"

  7. 	"github.com/xenolf/lego/certcrypto"

  8. 	"github.com/xenolf/lego/lego"

  9. 	"go.uber.org/zap"

  10. 	"go.uber.org/zap/zapcore"

  11. 	"os"

  12. 	"os/signal"

  13. 	"strings"

  14. 	"syscall"

  15. 	"time"

  16. )

  17. 

  18. const (

  19. 	envCertDestinationKey         = "DOTEGE_CERT_DESTINATION"

  20. 	envCertDestinationDefault     = "/data/certs/"

  21. 	envDnsProviderKey             = "DOTEGE_DNS_PROVIDER"

  22. 	envAcmeEmailKey               = "DOTEGE_ACME_EMAIL"

  23. 	envAcmeEndpointKey            = "DOTEGE_ACME_ENDPOINT"

  24. 	envAcmeKeyTypeKey             = "DOTEGE_ACME_KEY_TYPE"

  25. 	envAcmeKeyTypeDefault         = "P384"

  26. 	envAcmeCacheLocationKey       = "DOTEGE_ACME_CACHE_FILE"

  27. 	envAcmeCacheLocationDefault   = "/data/config/certs.json"

  28. 	envTemplateDestinationKey     = "DOTEGE_TEMPLATE_DESTINATION"

  29. 	envTemplateDestinationDefault = "/data/output/haproxy.cfg"

  30. 	envTemplateSourceKey          = "DOTEGE_TEMPLATE_SOURCE"

  31. 	envTemplateSourceDefault      = "./templates/haproxy.cfg.tpl"

  32. )

  33. 

  34. func requiredVar(key string) (value string) {

  35. 	value, ok := os.LookupEnv(key)

  36. 	if !ok {

  37. 		panic(fmt.Errorf("required environmental variable not defined: %s", key))

  38. 	}

  39. 	return

  40. }

  41. 

  42. func optionalVar(key string, fallback string) (value string) {

  43. 	value, ok := os.LookupEnv(key)

  44. 	if !ok {

  45. 		value = fallback

  46. 	}

  47. 	return

  48. }

  49. 

  50. func monitorSignals() <-chan bool {

  51. 	signals := make(chan os.Signal, 1)

  52. 	done := make(chan bool, 1)

  53. 

  54. 	signal.Notify(signals, syscall.SIGINT, syscall.SIGTERM)

  55. 

  56. 	go func() {

  57. 		sig := <-signals

  58. 		fmt.Printf("Received %s signal\n", sig)

  59. 		done <- true

  60. 	}()

  61. 

  62. 	return done

  63. }

  64. 

  65. func createLogger() *zap.SugaredLogger {

  66. 	zapConfig := zap.NewDevelopmentConfig()

  67. 	zapConfig.DisableCaller = true

  68. 	zapConfig.DisableStacktrace = true

  69. 	zapConfig.EncoderConfig.EncodeLevel = zapcore.CapitalColorLevelEncoder

  70. 	zapConfig.OutputPaths = []string{"stdout"}

  71. 	zapConfig.ErrorOutputPaths = []string{"stdout"}

  72. 	logger, _ := zapConfig.Build()

  73. 	return logger.Sugar()

  74. }

  75. 

  76. func createConfig() *model.Config {

  77. 	return &model.Config{

  78. 		Templates: []model.TemplateConfig{

  79. 			{

  80. 				Source:      optionalVar(envTemplateSourceKey, envTemplateSourceDefault),

  81. 				Destination: optionalVar(envTemplateDestinationKey, envTemplateDestinationDefault),

  82. 			},

  83. 		},

  84. 		Labels: model.LabelConfig{

  85. 			Hostnames:   "com.chameth.vhost",

  86. 			RequireAuth: "com.chameth.auth",

  87. 		},

  88. 		Acme: model.AcmeConfig{

  89. 			DnsProvider:   requiredVar(envDnsProviderKey),

  90. 			Email:         requiredVar(envAcmeEmailKey),

  91. 			Endpoint:      optionalVar(envAcmeEndpointKey, lego.LEDirectoryProduction),

  92. 			KeyType:       certcrypto.KeyType(optionalVar(envAcmeKeyTypeKey, envAcmeKeyTypeDefault)),

  93. 			CacheLocation: optionalVar(envAcmeCacheLocationKey, envAcmeCacheLocationDefault),

  94. 		},

  95. 		DefaultCertActions:     model.COMBINE | model.FLATTEN,

  96. 		DefaultCertDestination: optionalVar(envCertDestinationKey, envCertDestinationDefault),

  97. 	}

  98. }

  99. 

  100. func createTemplateGenerator(logger *zap.SugaredLogger, templates []model.TemplateConfig) *TemplateGenerator {

  101. 	templateGenerator := NewTemplateGenerator(logger)

  102. 	for _, template := range templates {

  103. 		templateGenerator.AddTemplate(template)

  104. 	}

  105. 	return templateGenerator

  106. }

  107. 

  108. func createCertificateManager(logger *zap.SugaredLogger, config model.AcmeConfig) *CertificateManager {

  109. 	certificateManager := NewCertificateManager(logger, config.Endpoint, config.KeyType, config.DnsProvider, config.CacheLocation)

  110. 	err := certificateManager.Init(config.Email)

  111. 	if err != nil {

  112. 		panic(err)

  113. 	}

  114. 	return certificateManager

  115. }

  116. 

  117. func main() {

  118. 	logger := createLogger()

  119. 	logger.Info("Dotege is starting")

  120. 

  121. 	doneChan := monitorSignals()

  122. 	config := createConfig()

  123. 

  124. 	dockerStopChan := make(chan struct{})

  125. 	dockerClient, err := client.NewEnvClient()

  126. 	if err != nil {

  127. 		panic(err)

  128. 	}

  129. 

  130. 	templateGenerator := createTemplateGenerator(logger, config.Templates)

  131. 	certificateManager := createCertificateManager(logger, config.Acme)

  132. 

  133. 	jitterTimer := time.NewTimer(time.Minute)

  134. 	redeployTimer := time.NewTicker(time.Hour * 24)

  135. 	containers := make(map[string]model.Container)

  136. 

  137. 	go func() {

  138. 		err := monitorContainers(dockerClient, dockerStopChan, func(container model.Container) {

  139. 			containers[container.Name] = container

  140. 			jitterTimer.Reset(100 * time.Millisecond)

  141. 			err, _ = certificateManager.GetCertificate(getHostnamesForContainer(container, *config))

  142. 		}, func(name string) {

  143. 			delete(containers, name)

  144. 			jitterTimer.Reset(100 * time.Millisecond)

  145. 		})

  146. 

  147. 		if err != nil {

  148. 			logger.Fatal("Error monitoring containers: ", err.Error())

  149. 		}

  150. 	}()

  151. 

  152. 	go func() {

  153. 		for {

  154. 			select {

  155. 			case <-jitterTimer.C:

  156. 				hostnames := getHostnames(containers, *config)

  157. 				templateGenerator.Generate(Context{

  158. 					Containers: containers,

  159. 					Hostnames:  hostnames,

  160. 				})

  161. 			case <-redeployTimer.C:

  162. 				logger.Info("Performing periodic certificate refresh")

  163. 				for _, container := range containers {

  164. 					err, _ = certificateManager.GetCertificate(getHostnamesForContainer(container, *config))

  165. 				}

  166. 			}

  167. 		}

  168. 	}()

  169. 

  170. 	<-doneChan

  171. 

  172. 	dockerStopChan <- struct{}{}

  173. 	err = dockerClient.Close()

  174. 	if err != nil {

  175. 		panic(err)

  176. 	}

  177. }

  178. 

  179. func getHostnamesForContainer(container model.Container, config model.Config) []string {

  180. 	if label, ok := container.Labels[config.Labels.Hostnames]; ok {

  181. 		return strings.Split(strings.Replace(label, ",", " ", -1), " ")

  182. 	} else {

  183. 		return []string{}

  184. 	}

  185. }

  186. 

  187. func getHostnames(containers map[string]model.Container, config model.Config) (hostnames map[string]*model.Hostname) {

  188. 	hostnames = make(map[string]*model.Hostname)

  189. 	for _, container := range containers {

  190. 		if label, ok := container.Labels[config.Labels.Hostnames]; ok {

  191. 			names := strings.Split(strings.Replace(label, ",", " ", -1), " ")

  192. 			if hostname, ok := hostnames[names[0]]; ok {

  193. 				hostname.Containers = append(hostname.Containers, container)

  194. 			} else {

  195. 				hostnames[names[0]] = &model.Hostname{

  196. 					Name:            names[0],

  197. 					Alternatives:    make(map[string]bool),

  198. 					Containers:      []model.Container{container},

  199. 					CertActions:     config.DefaultCertActions,

  200. 					CertDestination: config.DefaultCertDestination,

  201. 				}

  202. 			}

  203. 			addAlternatives(hostnames[names[0]], names[1:])

  204. 

  205. 			if label, ok = container.Labels[config.Labels.RequireAuth]; ok {

  206. 				hostnames[names[0]].RequiresAuth = true

  207. 				hostnames[names[0]].AuthGroup = label

  208. 			}

  209. 		}

  210. 	}

  211. 	return

  212. }

  213. 

  214. func addAlternatives(hostname *model.Hostname, alternatives []string) {

  215. 	for _, alternative := range alternatives {

  216. 		hostname.Alternatives[alternative] = true

  217. 	}

  218. }