summaryrefslogtreecommitdiffstats
path: root/lava-master
diff options
context:
space:
mode:
authorCorentin LABBE <clabbe@baylibre.com>2018-07-04 14:45:58 +0200
committerCorentin LABBE <clabbe@baylibre.com>2018-07-23 16:20:48 +0200
commitd42030d39800b930634dba1efafcf43959c40205 (patch)
treedd9bc68db2a8e763fc1032503a85ec9342568185 /lava-master
parent0f09e5c9b89cee21a6ee39db9daf8e17525dd493 (diff)
Handle ZMQ auth
This patch add support for using ZMQ auth. Basicly adding "zmq_auth: True" to a master is sufficient to enable it. Since "ZMQ certificates" are using a custom format (vs X509 classic), we need to use the custom generator. For helping with that a temporary docker is generated which handle generating thoses files.
Diffstat (limited to 'lava-master')
-rw-r--r--lava-master/Dockerfile2
-rwxr-xr-xlava-master/scripts/setup.sh9
-rw-r--r--lava-master/zmq_auth/.empty0
3 files changed, 11 insertions, 0 deletions
diff --git a/lava-master/Dockerfile b/lava-master/Dockerfile
index a074570..3299922 100644
--- a/lava-master/Dockerfile
+++ b/lava-master/Dockerfile
@@ -93,6 +93,8 @@ RUN cd /etc/lava-server/dispatcher-config/device-types/ && for patch in $(ls /ro
COPY lava-patch/ /root/lava-patch
RUN cd /usr/lib/python3/dist-packages && for patch in $(ls /root/lava-patch/*patch) ; do patch -p1 < $patch || exit $?;done
+COPY zmq_auth/ /etc/lava-dispatcher/certificates.d/
+
EXPOSE 69/udp 80 3079 5555 5556
CMD /start.sh && while [ true ];do sleep 365d; done
diff --git a/lava-master/scripts/setup.sh b/lava-master/scripts/setup.sh
index 6ab0663..c7807dc 100755
--- a/lava-master/scripts/setup.sh
+++ b/lava-master/scripts/setup.sh
@@ -118,3 +118,12 @@ do
lava-server manage devices add --device-type $devicetype --worker $worker $devicename || exit $?
done
done
+
+if [ -e /etc/lava-dispatcher/certificates.d/$(hostname).key ];then
+ echo "INFO: Enabling encryption"
+ sed -i 's,.*ENCRYPT=.*,ENCRYPT="--encrypt",' /etc/lava-server/lava-master || exit $?
+ sed -i 's,.*MASTER_CERT=.*,MASTER_CERT="--master-cert /etc/lava-dispatcher/certificates.d/$(hostname).key_secret",' /etc/lava-server/lava-master || exit $?
+ sed -i 's,.*ENCRYPT=.*,ENCRYPT="--encrypt",' /etc/lava-server/lava-logs || exit $?
+ sed -i 's,.*MASTER_CERT=.*,MASTER_CERT="--master-cert /etc/lava-dispatcher/certificates.d/$(hostname).key_secret",' /etc/lava-server/lava-logs || exit $?
+fi
+exit 0
diff --git a/lava-master/zmq_auth/.empty b/lava-master/zmq_auth/.empty
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/lava-master/zmq_auth/.empty