From 27ba704ee62769f7ebf9bb827c34b201f59e5b3d Mon Sep 17 00:00:00 2001
From: Joachim Lusiardi <joachim@lusiardi.de>
Date: Thu, 7 Apr 2016 08:03:13 +0200
Subject: [PATCH] add code to extract all resolving domains from the containers

---
 Dockerfile      |  4 ++-
 NOTES           |  6 +++--
 list_domains.py | 71 +++++++++++++++++++++++++++++++++++++++++++++++++
 start.py        |  5 ++--
 4 files changed, 81 insertions(+), 5 deletions(-)
 create mode 100644 list_domains.py

diff --git a/Dockerfile b/Dockerfile
index 071d494..6210f10 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -9,13 +9,15 @@ RUN apt-get update; \
     git clone https://github.com/letsencrypt/letsencrypt ;\
     cd /letsencrypt ;\
     ./letsencrypt-auto --help
+RUN pip3 install docker-py
 
 ADD haproxy_ssl.conf /haproxy_ssl.conf
 ADD haproxy.conf /haproxy.conf
 ADD letencrypt.conf /letencrypt.conf
 
 ADD start.py /start.py
-RUN chmod +x /start.py
+ADD list_domains.py /list_domains.py
+RUN chmod +x /*.py
 
 VOLUME ["/data"]
 
diff --git a/NOTES b/NOTES
index 6bf4598..b1d925d 100644
--- a/NOTES
+++ b/NOTES
@@ -1,12 +1,14 @@
 
 # Nach start von haproxy ohne ssl:
 /letsencrypt/letsencrypt-auto --config letencrypt.conf certonly -d lusiardi.de
-cat /data/config/live/lusiardi.de/fullchain.pem /data/config/live/lusiardi.de/privkey.pem > /data/haproxy/cert.pem
+DIR=`ls -td /data/config/live/*/ | head -1`
+cat ${DIR}/fullchain.pem ${DIR}/privkey.pem > /data/haproxy/cert.pem
 
 
 # Nach start von haproxy mit ssl:
 /letsencrypt/letsencrypt-auto --config letencrypt.conf certonly  --standalone-supported-challenges http-01 --http-01-port 54321 --expand -d lusiardi.de -d ps.lusiardi.de
-cat /data/config/live/lusiardi.de/fullchain.pem /data/config/live/lusiardi.de/privkey.pem > /data/haproxy/cert.pem
+DIR=`ls -td /data/config/live/*/ | head -1`
+cat ${DIR}/fullchain.pem ${DIR}/privkey.pem > /data/haproxy/cert.pem
 
 # aufräumen
 rm -rf /data/*
diff --git a/list_domains.py b/list_domains.py
new file mode 100644
index 0000000..a7da683
--- /dev/null
+++ b/list_domains.py
@@ -0,0 +1,71 @@
+#!/usr/bin/python3.4
+
+from docker import Client
+from docker.errors import APIError
+from string import Template
+import json
+import signal
+import os
+from socket import getaddrinfo
+
+def get_if_available(dict, key, defValue):
+    if key in dict:
+        return dict[key]
+    else:
+        return defValue
+
+def analyse_proxy_data(data):
+    """Extracts the data for the proxy configuration (envrionment variable
+        'PROXY_DATA' and converts it to a dictionary."""
+    proxy_data = {}
+    for proxy_var in data['PROXY_DATA'].split(','):
+        t = proxy_var.split(":",1)
+        proxy_data[t[0]] = t[1]
+    return proxy_data
+
+def analyse_env_vars(inspect_data):
+    """Extracts the environment variables from the given result of an 'inspect
+        container' call."""
+    env_data = {}
+    if not 'Env' in inspect_data['Config'] or inspect_data['Config']['Env'] is None:
+        return env_data
+    for env_var in inspect_data['Config']['Env']:
+        t = env_var.split("=")
+        env_data[t[0]] = t[1]
+    return env_data
+
+def handle_container(id):
+    """This function take a container's id and collects all data required
+        to create a proper proxy configuration. The configuration is then
+        written to the directory of temporary nginx files"""
+    inspect_data = client.inspect_container(id)
+    env_vars = analyse_env_vars(inspect_data)
+    if 'PROXY_DATA' in env_vars:
+        proxy_data = analyse_proxy_data(env_vars)
+        names = get_if_available(proxy_data, 'server_names', '').split(';')
+        return names
+    return []
+
+def get_resolving_domains_from_containers(docker_client):
+    container_ids = client.containers(quiet=True)
+    domains = []
+    for container_id in container_ids:
+        domains.extend(handle_container(container_id['Id']))
+
+    resolved_domains = []
+    for domain in domains:
+        try:
+            getaddrinfo(domain, None)
+            resolved_domains.append(domain)
+        except Exception:
+            pass
+
+    return resolved_domains
+
+if __name__ == '__main__':
+
+    client = Client(base_url='unix://var/run/docker.sock', version='1.15')
+
+    resolved_domains = get_resolving_domains_from_containers(client)
+
+    print(str(resolved_domains))
diff --git a/start.py b/start.py
index 413c47b..28c9cb2 100644
--- a/start.py
+++ b/start.py
@@ -12,6 +12,9 @@ pid_file='/haproxy.pid'
 
 
 def hash_cert_file():
+    """Creates the sha256 hash of the certifcate file for haproxy. If the file
+    does not exist, an empty string is returned.
+    """
     if not os.path.isfile(cert_file):
         return ''
     aFile = open(cert_file, 'rb')
@@ -109,5 +112,3 @@ if __name__ == '__main__':
                 start_haproxy()
                 logging.info('SSL -> NON SSL')
                 SSL_RUNNING=False
-#        logging.info('haproxy is running: %s', str(is_haproxy_running()))
-#        logging.info('haproxy is running with SSL: %s', str(SSL_RUNNING))