diff options
| author |   Corentin LABBE <clabbe@baylibre.com> | 2019-03-19 10:02:29 +0100 |
|---|---|---|
| committer | Corentin LABBE <clabbe@baylibre.com> | 2019-04-01 14:42:03 +0200 |
| commit | ff4536c2f51e8b376d7b2d7b78d391cbccc726a5 (patch) | |
| tree | 05d4c3c9a0761036d663d93e5add31a74262f014 | |
| parent | f18959ec2357e7b1c54bca47d3a2d0f0a7c53579 (diff) | |
lavalab-gen.py: add ALLOWED_HOSTS
Since 2019.03 , ALLOWED_HOSTS is mandatory in settings.conf.
Without it all requests are denied with code 500.
| -rw-r--r-- | README.md | 3 | ||||
| -rwxr-xr-x | lavalab-gen.py | 14 |
2 files changed, 14 insertions, 3 deletions
@@ -221,6 +221,9 @@ masters: slave_keys: optional path to a directory with slaves public key. Usefull when you want to create a master without slaves nodes in boards.yaml. persistent_db: True/False (default False) Is the postgres DB is persistent over reboot http_fqdn: The FQDN used to access the LAVA web interface. This is necessary if you use https otherwise you will issue CSRF errors. + allowed_hosts: A list of FQDN used to access the LAVA master + - "fqdn1" + - "fqdn2" loglevel: lava-logs: DEBUG/INFO/WARN/ERROR (optional) select the loglevel of lava-logs (default to DEBUG) lava-slave: DEBUG/INFO/WARN/ERROR (optional) select the loglevel of lava-slave (default to DEBUG) diff --git a/lavalab-gen.py b/lavalab-gen.py index b0b58b4..d1a78e2 100755 --- a/lavalab-gen.py +++ b/lavalab-gen.py @@ -14,6 +14,7 @@ tokens_yaml = "tokens.yaml" baud_default = 115200 ser2net_port_start = 63001 ser2net_ports = {} +allowed_hosts_list = [ '"127.0.0.1"' ] template_conmux = string.Template("""# # auto-generated by lavalab-gen.py for ${board} @@ -60,6 +61,7 @@ template_settings_conf = string.Template(""" "HTTPS_XML_RPC": false, "LOGIN_URL": "/accounts/login/", "LOGIN_REDIRECT_URL": "/", + "ALLOWED_HOSTS": [ $allowed_hosts ], "CSRF_TRUSTED_ORIGINS": ["$lava_http_fqdn"], "CSRF_COOKIE_SECURE": $cookie_secure, "SESSION_COOKIE_SECURE": $session_cookie_secure @@ -94,7 +96,7 @@ def main(): else: masters = workers["masters"] for master in masters: - keywords_master = [ "name", "type", "host", "users", "groups", "tokens", "webadmin_https", "persistent_db", "zmq_auth", "zmq_auth_key", "zmq_auth_key_secret", "http_fqdn", "slave_keys", "slaveenv", "loglevel" ] + keywords_master = [ "name", "type", "host", "users", "groups", "tokens", "webadmin_https", "persistent_db", "zmq_auth", "zmq_auth_key", "zmq_auth_key_secret", "http_fqdn", "slave_keys", "slaveenv", "loglevel", "allowed_hosts" ] for keyword in master: if not keyword in keywords_master: print("WARNING: unknown keyword %s" % keyword) @@ -149,13 +151,19 @@ def main(): session_cookie_secure = "false" if "http_fqdn" in worker: lava_http_fqdn = worker["http_fqdn"] + allowed_hosts_list.append('"%s"' % lava_http_fqdn) else: - lava_http_fqdn = "example.com" + lava_http_fqdn = "127.0.0.1" + allowed_hosts_list.append('"%s"' % name) + if "allowed_hosts" in worker: + for allow_host in worker["allowed_hosts"]: + allowed_hosts_list.append('"%s"' % allow_host) + allowed_hosts = ','.join(allowed_hosts_list) f_fqdn = open("%s/lava_http_fqdn" % workerdir, 'w') f_fqdn.write(lava_http_fqdn) f_fqdn.close() fsettings = open("%s/settings.conf" % workerdir, 'w') - fsettings.write(template_settings_conf.substitute(cookie_secure=cookie_secure, session_cookie_secure=session_cookie_secure, lava_http_fqdn=lava_http_fqdn)) + fsettings.write(template_settings_conf.substitute(cookie_secure=cookie_secure, session_cookie_secure=session_cookie_secure, lava_http_fqdn=lava_http_fqdn, allowed_hosts=allowed_hosts)) fsettings.close() master_use_zmq_auth = False if "zmq_auth" in worker: |