diff options
author | Corentin LABBE <clabbe@baylibre.com> | 2021-02-05 08:39:52 +0000 |
---|---|---|
committer | Corentin LABBE <clabbe@baylibre.com> | 2021-02-05 11:48:15 +0000 |
commit | 5d49e030896a59ec83250d93352f3d37ae8ff364 (patch) | |
tree | ae4031161b6975fa55bc3c90166637f50eeadc16 /lava-slave | |
parent | 40fc2f87e4c38264d2070a2056657c0cbad217e1 (diff) |
Permit to set worker token in boards.yaml
LAVA 2020.09 dropped ZMQ and use now a token to authenticate worker
against master.
lava-docker already handle this by getting token via lavacli.
But we need to support to set token in boards.yaml, this patch permits
this.
Furthermore, the token was given to worker via --token, but this is bad
since token can be found by anyone running ps.
A better secure way is to use --token-file.
Diffstat (limited to 'lava-slave')
-rwxr-xr-x | lava-slave/scripts/setup.sh | 29 |
1 files changed, 23 insertions, 6 deletions
diff --git a/lava-slave/scripts/setup.sh b/lava-slave/scripts/setup.sh index 9873a91..7c31441 100755 --- a/lava-slave/scripts/setup.sh +++ b/lava-slave/scripts/setup.sh @@ -72,15 +72,32 @@ do fi grep -q "TOKEN" /root/entrypoint.sh if [ $? -eq 0 ];then + # This is 2020.09+ echo "DEBUG: Worker need a TOKEN" - # TODO use token from env - WTOKEN=$(getworkertoken.py $LAVA_MASTER_URI $worker) - if [ $? -eq 0 ];then - sed -i "s,.*TOKEN.*,TOKEN=\"--token $WTOKEN\"," /etc/lava-dispatcher/lava-worker || exit $? + if [ -z "$LAVA_WORKER_TOKEN" ];then + echo "DEBUG: get token dynamicly" + # Does not work on 2020.09, since token was not added yet in RPC2 + WTOKEN=$(getworkertoken.py $LAVA_MASTER_URI $worker) + if [ $? -ne 0 ];then + echo "ERROR: cannot get WORKER TOKEN" + exit 1 + fi + if [ -z "$WTOKEN" ];then + echo "ERROR: got an empty token" + exit 1 + fi else - echo "ERROR: cannot get WORKER TOKEN" - exit 1 + echo "DEBUG: got token from env" + WTOKEN=$LAVA_WORKER_TOKEN fi + echo "DEBUG: write token in /var/lib/lava/dispatcher/worker/" + mkdir -p /var/lib/lava/dispatcher/worker/ + echo "$WTOKEN" > /var/lib/lava/dispatcher/worker/token + # lava worker ran under root + chown root:root /var/lib/lava/dispatcher/worker/token + chmod 640 /var/lib/lava/dispatcher/worker/token + sed -i "s,.*TOKEN.*,TOKEN=\"--token-file /var/lib/lava/dispatcher/worker/token\"," /etc/lava-dispatcher/lava-worker || exit $? + echo "DEBUG: set master URL to $LAVA_MASTER_URL" sed -i "s,^# URL.*,URL=\"$LAVA_MASTER_URL\"," /etc/lava-dispatcher/lava-worker || exit $? cat /etc/lava-dispatcher/lava-worker |