Creates a docker machine with associated private registry credentials

docker-machine

#!/usr/bin/env bash
#
# author: dataday
# created: 23/02/2016
#
# Description:
# Creates docker machine with associated registry credentials
# For input variables see $SCRIPT_ROOT/environment
#
# fail on error (turned off to remain running)
# set -e

# debug (on:-x, off:+x) - display commands before execution
# set -x

REGISTRY_ROOT=/etc/docker/certs.d/$APP_REGISTRY
CA=$CERT_ROOT/$APP_REGISTRY.crt
CERT=$CERT_ROOT/client.cert
KEY=$CERT_ROOT/client.key
P12=$CERT_ROOT/client.p12
PEM=$CERT_ROOT/client.pem

# set +x

IP=""
MACHINE=""
ADDRESS=""

REBUILD=false

#
# display usage information
function usage () {
  printf "Usage: $SCRIPT_NAME --name=sandbox --address={name}.sandbox.bbc.co.uk [--rebuild --debug]

  Creates docker machine with associated registry credentials
  For input variables see $SCRIPT_ROOT/environment

  requires both options
  \t--name=sandbox - Docker machine name
  \t--address={name}.sandbox.bbc.co.uk - Docker machine address

  optional options
  \t--rebuild - Rebuilds docker machine
  \t--debug
  \n" 1>&2
  exit $?
}

#
# check for options
if (($# == 0)); then
  usage
fi

#
# provide log feedback to console
function log () {
  local message="$1"
  local stop=${2:-false}

  if [ $? -ne 0 -o "$stop" = true ]; then
    echo "${CMD_PROMPT/$SCRIPT_NAME/failed} $message" >&2
    [ "$stop" != true ] || { exit $?; }
    exit 1
  else
    echo "$CMD_PROMPT $message" >&2
  fi
}

#
# provide operational feedback
function debug () {

  # describe registry
  log "debug: $MACHINE (registry)"
  docker-machine ssh $MACHINE sudo ls -la $REGISTRY_ROOT/

  # describe profile
  log "debug: $MACHINE (profile)"
  docker-machine ssh $MACHINE sudo cat /var/lib/boot2docker/profile

  log "debug: $MACHINE (credentials)"
  # describe credentials
  echo $APP_CLIENT_PWD | openssl x509 -in $CERT -inform PEM -noout -subject -dates -purpose

  # connect to registry using credentials
  echo GET / | openssl s_client -CAfile $CA -cert $CERT -key $KEY -connect $APP_REGISTRY:443 -showcerts

  # evaluate md5 checksum for cert and key
  # log "debug: $MACHINE (identity)"
  # openssl x509 -noout -modulus -in $CERT | openssl md5
  # openssl rsa -noout -modulus -in $KEY | openssl md5
}

#
# provide environment information
function environment () {
  log "environment: $APP_ID ($APP_ENV)"
  # environment
  eval $(docker-machine env $MACHINE)
  # ip address
  IP=$(docker-machine ip $MACHINE)
}

#
# provide machine address
function address () {
  environment

  log "address: $IP $ADDRESS"

  # overwrite address if detected
  sudo sh -c "sed -i '' -e /$ADDRESS/d /etc/hosts; echo \"$IP $ADDRESS\" >> /etc/hosts; cat /etc/hosts"
}

#
# provide machine with registry credentials
function registry () {
  log "registry: create $REGISTRY_ROOT"

  rm -rf $CERT_ROOT
  mkdir -p $CERT_ROOT

  # provide CA credentials
  if printf "$APP_CA" | sed -n 's|\(https?://[^/]*\)/.*|\1|p'; then
    log "registry: CA $APP_CA (URL)"
    curl -v -L $APP_CA 2>/dev/null 1>$CA
  else
    log "registry: CA $APP_CA (file)"
    sudo sh -c "cp $APP_CA $CA"
  fi

  log "registry: identity ($P12)"

  # provide client credentials
  sudo sh -c "cp $APP_CLIENT_P12 $P12"

  # provide credentials
  openssl pkcs12 -in $P12 -nodes -out $CERT -nokeys -passin pass:$APP_CLIENT_PWD -clcerts
  openssl pkcs12 -in $P12 -nodes -out $KEY -nocerts -passin pass:$APP_CLIENT_PWD -clcerts
  openssl pkcs12 -in $P12 -nodes -out $PEM -passin pass:$APP_CLIENT_PWD -clcerts

  # add credentials
  docker-machine scp -r $CERT_ROOT/ $MACHINE:/tmp/$APP_REGISTRY
  docker-machine ssh $MACHINE sudo mkdir -p $REGISTRY_ROOT
  docker-machine ssh $MACHINE sudo cp /tmp/$APP_REGISTRY/*.{cert,key,crt} $REGISTRY_ROOT/
  docker-machine ssh $MACHINE sudo rm -rf /tmp/$APP_REGISTRY
  docker-machine ssh $MACHINE sudo /etc/init.d/docker restart

  if $DEBUG; then
    debug
  fi
}

#
# build machine
function machine () {
  local opts="--engine-env GITHUB_TOKEN=$GITHUB_TOKEN"

  # machine exists?, is removed for rebuilds
  if echo $(docker-machine ls --format "{{.Name}}") | grep "^$MACHINE$"; then
    if [ ! "$REBUILD" = true -a "$APP_SAVE_MACHINE" = false ]; then
      echo "y" | docker-machine rm $MACHINE
    fi
  fi

  # add proxy variables (@note)
  # allow for $HTTP_PROXY variation
  # https://github.com/docker/toolbox/issues/102 (@note)
  proxy_url=${http_proxy:-$HTTP_PROXY}
  if [ ! -z "$proxy_url" ]; then
    opts="$opts --engine-env http_proxy=$proxy_url"
    opts="$opts --engine-env https_proxy=$proxy_url"
    opts="$opts --engine-env no_proxy=localhost,192.168.99.1/16"
  fi

  log "machine: create $opts -d virtualbox $MACHINE"

  # create virtual machine (@note)
  docker-machine --github-api-token=$GITHUB_TOKEN create $opts -d virtualbox $MACHINE
}

#
# assign options
while getopts ":-:" opt; do
  case $opt in
    -)
    case $OPTARG in
      debug) DEBUG=true;;
      rebuild) REBUILD=true;;
      name=*) MACHINE="${OPTARG#*=}";;
      address=*) ADDRESS="${OPTARG#*=}";;
    esac
    ;;
  \?) log "invalid: -$OPTARG" && usage;;
  *) usage;;
  esac
done

#
# init
function init () {
  machine
  registry
  address
}

init

exit 0