This repository has been archived by the owner on Aug 3, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 16
/
main.go
85 lines (73 loc) · 2.28 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
package main
import (
"flag"
"fmt"
"log"
"os"
"path/filepath"
"time"
"github.com/docker/go-plugins-helpers/volume"
klog "github.com/square/keywhiz-fs/log"
"golang.org/x/sys/unix"
)
const (
keywhizId = "_keywhiz"
socketAddress = "/run/docker/plugins/keywhiz.sock"
)
var (
defaultPath = filepath.Join(volume.DefaultDockerRootDirectory, keywhizId)
root = flag.String("root", defaultPath, "Docker volumes root directory")
certFile = flag.String("cert", "", "PEM-encoded certificate file")
keyFile = flag.String("key", "client.key", "PEM-encoded private key file")
caFile = flag.String("ca", "cacert.crt", "PEM-encoded CA certificates file")
user = flag.String("asuser", "keywhiz", "Default user to own files")
group = flag.String("group", "keywhiz", "Default group to own files")
ping = flag.Bool("ping", false, "Enable startup ping to server")
debug = flag.Bool("debug", false, "Enable debugging output")
timeoutSeconds = flag.Uint("timeout", 20, "Timeout for communication with server")
)
func main() {
var Usage = func() {
fmt.Fprintf(os.Stderr, "Usage: %s [options] url\n", os.Args[0])
flag.PrintDefaults()
}
flag.Parse()
if flag.NArg() != 1 {
Usage()
os.Exit(1)
}
config := keywhizConfig{
ServerURL: flag.Args()[0],
CertFile: *certFile,
KeyFile: *keyFile,
CaFile: *caFile,
User: *user,
Group: *group,
Ping: *ping,
Debug: *debug,
TimeoutSeconds: time.Duration(*timeoutSeconds) * time.Second,
}
lockMemory(config.Debug)
d := newKeywhizDriver(*root, config)
h := volume.NewHandler(d)
fmt.Printf("Listening on %s\n", socketAddress)
fmt.Println(h.ServeUnix("root", socketAddress))
}
// Locks memory, preventing memory from being written to disk as swap
func lockMemory(debug bool) {
logConfig := klog.Config{
Debug: debug,
Mountpoint: "",
}
logger := klog.New("kwfs_main", logConfig)
err := unix.Mlockall(unix.MCL_FUTURE | unix.MCL_CURRENT)
switch err {
case nil:
case unix.ENOSYS:
logger.Warnf("mlockall() not implemented on this system")
case unix.ENOMEM:
logger.Warnf("mlockall() failed with ENOMEM")
default:
log.Fatalf("Could not perform mlockall and prevent swapping memory: %v", err)
}
}