summaryrefslogtreecommitdiffstats
path: root/lava-slave
diff options
context:
space:
mode:
authorCorentin LABBE <clabbe@baylibre.com>2018-07-04 14:45:58 +0200
committerCorentin LABBE <clabbe@baylibre.com>2018-07-23 16:20:48 +0200
commitd42030d39800b930634dba1efafcf43959c40205 (patch)
treedd9bc68db2a8e763fc1032503a85ec9342568185 /lava-slave
parent0f09e5c9b89cee21a6ee39db9daf8e17525dd493 (diff)
Handle ZMQ auth
This patch add support for using ZMQ auth. Basicly adding "zmq_auth: True" to a master is sufficient to enable it. Since "ZMQ certificates" are using a custom format (vs X509 classic), we need to use the custom generator. For helping with that a temporary docker is generated which handle generating thoses files.
Diffstat (limited to 'lava-slave')
-rw-r--r--lava-slave/Dockerfile2
-rwxr-xr-xlava-slave/scripts/setup.sh8
-rw-r--r--lava-slave/zmq_auth/.empty0
3 files changed, 10 insertions, 0 deletions
diff --git a/lava-slave/Dockerfile b/lava-slave/Dockerfile
index a5b0148..4bd14b4 100644
--- a/lava-slave/Dockerfile
+++ b/lava-slave/Dockerfile
@@ -86,6 +86,8 @@ RUN ssh-keygen -q -f /root/.ssh/id_rsa
RUN cat /root/.ssh/id_rsa.pub > /root/.ssh/authorized_keys
COPY lava-screen.conf /root/
+COPY zmq_auth/ /etc/lava-dispatcher/certificates.d/
+
EXPOSE 69/udp 80
CMD /start.sh
diff --git a/lava-slave/scripts/setup.sh b/lava-slave/scripts/setup.sh
index bf91c7a..e696e57 100755
--- a/lava-slave/scripts/setup.sh
+++ b/lava-slave/scripts/setup.sh
@@ -91,3 +91,11 @@ do
fi
done
done
+
+if [ -e /etc/lava-dispatcher/certificates.d/$(hostname).key ];then
+ echo "INFO: Enabling encryption"
+ sed -i 's,.*ENCRYPT=.*,ENCRYPT="--encrypt",' /etc/lava-dispatcher/lava-slave
+ sed -i "s,.*SLAVE_CERT=.*,SLAVE_CERT=\"--slave-cert /etc/lava-dispatcher/certificates.d/$(hostname).key_secret\"," /etc/lava-dispatcher/lava-slave
+ sed -i "s,.*MASTER_CERT=.*,MASTER_CERT=\"--master-cert /etc/lava-dispatcher/certificates.d/$LAVA_MASTER.key\"," /etc/lava-dispatcher/lava-slave
+fi
+exit 0
diff --git a/lava-slave/zmq_auth/.empty b/lava-slave/zmq_auth/.empty
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/lava-slave/zmq_auth/.empty