summaryrefslogtreecommitdiffstats
path: root/lava-slave
diff options
context:
space:
mode:
authorCorentin LABBE <clabbe@baylibre.com>2021-02-05 08:39:52 +0000
committerCorentin LABBE <clabbe@baylibre.com>2021-02-05 11:48:15 +0000
commit5d49e030896a59ec83250d93352f3d37ae8ff364 (patch)
treeae4031161b6975fa55bc3c90166637f50eeadc16 /lava-slave
parent40fc2f87e4c38264d2070a2056657c0cbad217e1 (diff)
Permit to set worker token in boards.yaml
LAVA 2020.09 dropped ZMQ and use now a token to authenticate worker against master. lava-docker already handle this by getting token via lavacli. But we need to support to set token in boards.yaml, this patch permits this. Furthermore, the token was given to worker via --token, but this is bad since token can be found by anyone running ps. A better secure way is to use --token-file.
Diffstat (limited to 'lava-slave')
-rwxr-xr-xlava-slave/scripts/setup.sh29
1 files changed, 23 insertions, 6 deletions
diff --git a/lava-slave/scripts/setup.sh b/lava-slave/scripts/setup.sh
index 9873a91..7c31441 100755
--- a/lava-slave/scripts/setup.sh
+++ b/lava-slave/scripts/setup.sh
@@ -72,15 +72,32 @@ do
fi
grep -q "TOKEN" /root/entrypoint.sh
if [ $? -eq 0 ];then
+ # This is 2020.09+
echo "DEBUG: Worker need a TOKEN"
- # TODO use token from env
- WTOKEN=$(getworkertoken.py $LAVA_MASTER_URI $worker)
- if [ $? -eq 0 ];then
- sed -i "s,.*TOKEN.*,TOKEN=\"--token $WTOKEN\"," /etc/lava-dispatcher/lava-worker || exit $?
+ if [ -z "$LAVA_WORKER_TOKEN" ];then
+ echo "DEBUG: get token dynamicly"
+ # Does not work on 2020.09, since token was not added yet in RPC2
+ WTOKEN=$(getworkertoken.py $LAVA_MASTER_URI $worker)
+ if [ $? -ne 0 ];then
+ echo "ERROR: cannot get WORKER TOKEN"
+ exit 1
+ fi
+ if [ -z "$WTOKEN" ];then
+ echo "ERROR: got an empty token"
+ exit 1
+ fi
else
- echo "ERROR: cannot get WORKER TOKEN"
- exit 1
+ echo "DEBUG: got token from env"
+ WTOKEN=$LAVA_WORKER_TOKEN
fi
+ echo "DEBUG: write token in /var/lib/lava/dispatcher/worker/"
+ mkdir -p /var/lib/lava/dispatcher/worker/
+ echo "$WTOKEN" > /var/lib/lava/dispatcher/worker/token
+ # lava worker ran under root
+ chown root:root /var/lib/lava/dispatcher/worker/token
+ chmod 640 /var/lib/lava/dispatcher/worker/token
+ sed -i "s,.*TOKEN.*,TOKEN=\"--token-file /var/lib/lava/dispatcher/worker/token\"," /etc/lava-dispatcher/lava-worker || exit $?
+
echo "DEBUG: set master URL to $LAVA_MASTER_URL"
sed -i "s,^# URL.*,URL=\"$LAVA_MASTER_URL\"," /etc/lava-dispatcher/lava-worker || exit $?
cat /etc/lava-dispatcher/lava-worker