summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorCorentin LABBE <clabbe@baylibre.com>2019-03-19 10:02:29 +0100
committerCorentin LABBE <clabbe@baylibre.com>2019-04-01 14:42:03 +0200
commitff4536c2f51e8b376d7b2d7b78d391cbccc726a5 (patch)
tree05d4c3c9a0761036d663d93e5add31a74262f014
parentf18959ec2357e7b1c54bca47d3a2d0f0a7c53579 (diff)
lavalab-gen.py: add ALLOWED_HOSTS
Since 2019.03 , ALLOWED_HOSTS is mandatory in settings.conf. Without it all requests are denied with code 500.
-rw-r--r--README.md3
-rwxr-xr-xlavalab-gen.py14
2 files changed, 14 insertions, 3 deletions
diff --git a/README.md b/README.md
index 177667a..7002c57 100644
--- a/README.md
+++ b/README.md
@@ -221,6 +221,9 @@ masters:
slave_keys: optional path to a directory with slaves public key. Usefull when you want to create a master without slaves nodes in boards.yaml.
persistent_db: True/False (default False) Is the postgres DB is persistent over reboot
http_fqdn: The FQDN used to access the LAVA web interface. This is necessary if you use https otherwise you will issue CSRF errors.
+ allowed_hosts: A list of FQDN used to access the LAVA master
+ - "fqdn1"
+ - "fqdn2"
loglevel:
lava-logs: DEBUG/INFO/WARN/ERROR (optional) select the loglevel of lava-logs (default to DEBUG)
lava-slave: DEBUG/INFO/WARN/ERROR (optional) select the loglevel of lava-slave (default to DEBUG)
diff --git a/lavalab-gen.py b/lavalab-gen.py
index b0b58b4..d1a78e2 100755
--- a/lavalab-gen.py
+++ b/lavalab-gen.py
@@ -14,6 +14,7 @@ tokens_yaml = "tokens.yaml"
baud_default = 115200
ser2net_port_start = 63001
ser2net_ports = {}
+allowed_hosts_list = [ '"127.0.0.1"' ]
template_conmux = string.Template("""#
# auto-generated by lavalab-gen.py for ${board}
@@ -60,6 +61,7 @@ template_settings_conf = string.Template("""
"HTTPS_XML_RPC": false,
"LOGIN_URL": "/accounts/login/",
"LOGIN_REDIRECT_URL": "/",
+ "ALLOWED_HOSTS": [ $allowed_hosts ],
"CSRF_TRUSTED_ORIGINS": ["$lava_http_fqdn"],
"CSRF_COOKIE_SECURE": $cookie_secure,
"SESSION_COOKIE_SECURE": $session_cookie_secure
@@ -94,7 +96,7 @@ def main():
else:
masters = workers["masters"]
for master in masters:
- keywords_master = [ "name", "type", "host", "users", "groups", "tokens", "webadmin_https", "persistent_db", "zmq_auth", "zmq_auth_key", "zmq_auth_key_secret", "http_fqdn", "slave_keys", "slaveenv", "loglevel" ]
+ keywords_master = [ "name", "type", "host", "users", "groups", "tokens", "webadmin_https", "persistent_db", "zmq_auth", "zmq_auth_key", "zmq_auth_key_secret", "http_fqdn", "slave_keys", "slaveenv", "loglevel", "allowed_hosts" ]
for keyword in master:
if not keyword in keywords_master:
print("WARNING: unknown keyword %s" % keyword)
@@ -149,13 +151,19 @@ def main():
session_cookie_secure = "false"
if "http_fqdn" in worker:
lava_http_fqdn = worker["http_fqdn"]
+ allowed_hosts_list.append('"%s"' % lava_http_fqdn)
else:
- lava_http_fqdn = "example.com"
+ lava_http_fqdn = "127.0.0.1"
+ allowed_hosts_list.append('"%s"' % name)
+ if "allowed_hosts" in worker:
+ for allow_host in worker["allowed_hosts"]:
+ allowed_hosts_list.append('"%s"' % allow_host)
+ allowed_hosts = ','.join(allowed_hosts_list)
f_fqdn = open("%s/lava_http_fqdn" % workerdir, 'w')
f_fqdn.write(lava_http_fqdn)
f_fqdn.close()
fsettings = open("%s/settings.conf" % workerdir, 'w')
- fsettings.write(template_settings_conf.substitute(cookie_secure=cookie_secure, session_cookie_secure=session_cookie_secure, lava_http_fqdn=lava_http_fqdn))
+ fsettings.write(template_settings_conf.substitute(cookie_secure=cookie_secure, session_cookie_secure=session_cookie_secure, lava_http_fqdn=lava_http_fqdn, allowed_hosts=allowed_hosts))
fsettings.close()
master_use_zmq_auth = False
if "zmq_auth" in worker: