diff options
author | Corentin LABBE <clabbe@baylibre.com> | 2018-07-04 14:45:58 +0200 |
---|---|---|
committer | Corentin LABBE <clabbe@baylibre.com> | 2018-07-23 16:20:48 +0200 |
commit | d42030d39800b930634dba1efafcf43959c40205 (patch) | |
tree | dd9bc68db2a8e763fc1032503a85ec9342568185 /lava-slave | |
parent | 0f09e5c9b89cee21a6ee39db9daf8e17525dd493 (diff) |
Handle ZMQ auth
This patch add support for using ZMQ auth.
Basicly adding "zmq_auth: True" to a master is sufficient to enable it.
Since "ZMQ certificates" are using a custom format (vs X509 classic), we need to use the custom generator.
For helping with that a temporary docker is generated which handle generating thoses files.
Diffstat (limited to 'lava-slave')
-rw-r--r-- | lava-slave/Dockerfile | 2 | ||||
-rwxr-xr-x | lava-slave/scripts/setup.sh | 8 | ||||
-rw-r--r-- | lava-slave/zmq_auth/.empty | 0 |
3 files changed, 10 insertions, 0 deletions
diff --git a/lava-slave/Dockerfile b/lava-slave/Dockerfile index a5b0148..4bd14b4 100644 --- a/lava-slave/Dockerfile +++ b/lava-slave/Dockerfile @@ -86,6 +86,8 @@ RUN ssh-keygen -q -f /root/.ssh/id_rsa RUN cat /root/.ssh/id_rsa.pub > /root/.ssh/authorized_keys COPY lava-screen.conf /root/ +COPY zmq_auth/ /etc/lava-dispatcher/certificates.d/ + EXPOSE 69/udp 80 CMD /start.sh diff --git a/lava-slave/scripts/setup.sh b/lava-slave/scripts/setup.sh index bf91c7a..e696e57 100755 --- a/lava-slave/scripts/setup.sh +++ b/lava-slave/scripts/setup.sh @@ -91,3 +91,11 @@ do fi done done + +if [ -e /etc/lava-dispatcher/certificates.d/$(hostname).key ];then + echo "INFO: Enabling encryption" + sed -i 's,.*ENCRYPT=.*,ENCRYPT="--encrypt",' /etc/lava-dispatcher/lava-slave + sed -i "s,.*SLAVE_CERT=.*,SLAVE_CERT=\"--slave-cert /etc/lava-dispatcher/certificates.d/$(hostname).key_secret\"," /etc/lava-dispatcher/lava-slave + sed -i "s,.*MASTER_CERT=.*,MASTER_CERT=\"--master-cert /etc/lava-dispatcher/certificates.d/$LAVA_MASTER.key\"," /etc/lava-dispatcher/lava-slave +fi +exit 0 diff --git a/lava-slave/zmq_auth/.empty b/lava-slave/zmq_auth/.empty new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/lava-slave/zmq_auth/.empty |