/
main.go
171 lines (152 loc) · 5.04 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
package main
import (
"flag"
"fmt"
"net"
"net/http"
"net/url"
"os"
"github.com/Sirupsen/logrus"
"github.com/coreos/pkg/flagutil"
web "github.com/coreos/matchbox/matchbox/http"
"github.com/coreos/matchbox/matchbox/rpc"
"github.com/coreos/matchbox/matchbox/server"
"github.com/coreos/matchbox/matchbox/sign"
"github.com/coreos/matchbox/matchbox/storage"
"github.com/coreos/matchbox/matchbox/tlsutil"
"github.com/coreos/matchbox/matchbox/version"
)
var (
// Defaults to info logging
log = logrus.New()
)
func main() {
flags := struct {
address string
rpcAddress string
dataPath string
assetsPath string
logLevel string
certFile string
keyFile string
caFile string
keyRingPath string
version bool
help bool
}{}
flag.StringVar(&flags.address, "address", "127.0.0.1:8080", "HTTP listen address")
flag.StringVar(&flags.rpcAddress, "rpc-address", "", "RPC listen address")
flag.StringVar(&flags.dataPath, "data-path", "/var/lib/matchbox", "Path to data directory")
flag.StringVar(&flags.assetsPath, "assets-path", "/var/lib/matchbox/assets", "Path to static assets")
// Log levels https://github.com/Sirupsen/logrus/blob/master/logrus.go#L36
flag.StringVar(&flags.logLevel, "log-level", "info", "Set the logging level")
// gRPC Server TLS
flag.StringVar(&flags.certFile, "cert-file", "/etc/matchbox/server.crt", "Path to the server TLS certificate file")
flag.StringVar(&flags.keyFile, "key-file", "/etc/matchbox/server.key", "Path to the server TLS key file")
// TLS Client Authentication
flag.StringVar(&flags.caFile, "ca-file", "/etc/matchbox/ca.crt", "Path to the CA verify and authenticate client certificates")
// Signing
flag.StringVar(&flags.keyRingPath, "key-ring-path", "", "Path to a private keyring file")
// subcommands
flag.BoolVar(&flags.version, "version", false, "print version and exit")
flag.BoolVar(&flags.help, "help", false, "print usage and exit")
// parse command-line and environment variable arguments
flag.Parse()
if err := flagutil.SetFlagsFromEnv(flag.CommandLine, "MATCHBOX"); err != nil {
log.Fatal(err.Error())
}
// restrict OpenPGP passphrase to pass via environment variable only
passphrase := os.Getenv("MATCHBOX_PASSPHRASE")
if flags.version {
fmt.Println(version.Version)
return
}
if flags.help {
flag.Usage()
return
}
// validate arguments
if url, err := url.Parse(flags.address); err != nil || url.String() == "" {
log.Fatal("A valid HTTP listen address is required")
}
if finfo, err := os.Stat(flags.dataPath); err != nil || !finfo.IsDir() {
log.Fatal("A valid -data-path is required")
}
if flags.assetsPath != "" {
if finfo, err := os.Stat(flags.assetsPath); err != nil || !finfo.IsDir() {
log.Fatalf("Provide a valid -assets-path or '' to disable asset serving: %s", flags.assetsPath)
}
}
if flags.rpcAddress != "" {
if _, err := os.Stat(flags.certFile); err != nil {
log.Fatalf("Provide a valid TLS server certificate with -cert-file: %v", err)
}
if _, err := os.Stat(flags.keyFile); err != nil {
log.Fatalf("Provide a valid TLS server key with -key-file: %v", err)
}
if _, err := os.Stat(flags.caFile); err != nil {
log.Fatalf("Provide a valid TLS certificate authority for authorizing client certificates: %v", err)
}
}
// logging setup
lvl, err := logrus.ParseLevel(flags.logLevel)
if err != nil {
log.Fatalf("invalid log-level: %v", err)
}
log.Level = lvl
// (optional) signing
var signer, armoredSigner sign.Signer
if flags.keyRingPath != "" {
entity, err := sign.LoadGPGEntity(flags.keyRingPath, passphrase)
if err != nil {
log.Fatal(err)
}
signer = sign.NewGPGSigner(entity)
armoredSigner = sign.NewArmoredGPGSigner(entity)
}
// storage
store := storage.NewFileStore(&storage.Config{
Root: flags.dataPath,
})
// core logic
server := server.NewServer(&server.Config{
Store: store,
})
// gRPC Server (feature disabled by default)
if flags.rpcAddress != "" {
log.Infof("Starting matchbox gRPC server on %s", flags.rpcAddress)
log.Infof("Using TLS server certificate: %s", flags.certFile)
log.Infof("Using TLS server key: %s", flags.keyFile)
log.Infof("Using CA certificate: %s to authenticate client certificates", flags.caFile)
lis, err := net.Listen("tcp", flags.rpcAddress)
if err != nil {
log.Fatalf("failed to start listening: %v", err)
}
tlsinfo := tlsutil.TLSInfo{
CertFile: flags.certFile,
KeyFile: flags.keyFile,
CAFile: flags.caFile,
}
tlscfg, err := tlsinfo.ServerConfig()
if err != nil {
log.Fatalf("Invalid TLS credentials: %v", err)
}
grpcServer := rpc.NewServer(server, tlscfg)
go grpcServer.Serve(lis)
defer grpcServer.Stop()
}
// HTTP Server
config := &web.Config{
Core: server,
Logger: log,
AssetsPath: flags.assetsPath,
Signer: signer,
ArmoredSigner: armoredSigner,
}
httpServer := web.NewServer(config)
log.Infof("Starting matchbox HTTP server on %s", flags.address)
err = http.ListenAndServe(flags.address, httpServer.HTTPHandler())
if err != nil {
log.Fatalf("failed to start listening: %v", err)
}
}