summaryrefslogtreecommitdiffstats
path: root/lavalab-gen.py
diff options
context:
space:
mode:
authorCorentin LABBE <clabbe@baylibre.com>2018-07-04 14:45:58 +0200
committerCorentin LABBE <clabbe@baylibre.com>2018-07-23 16:20:48 +0200
commitd42030d39800b930634dba1efafcf43959c40205 (patch)
treedd9bc68db2a8e763fc1032503a85ec9342568185 /lavalab-gen.py
parent0f09e5c9b89cee21a6ee39db9daf8e17525dd493 (diff)
Handle ZMQ auth
This patch add support for using ZMQ auth. Basicly adding "zmq_auth: True" to a master is sufficient to enable it. Since "ZMQ certificates" are using a custom format (vs X509 classic), we need to use the custom generator. For helping with that a temporary docker is generated which handle generating thoses files.
Diffstat (limited to 'lavalab-gen.py')
-rwxr-xr-xlavalab-gen.py33
1 files changed, 30 insertions, 3 deletions
diff --git a/lavalab-gen.py b/lavalab-gen.py
index e0c1c16..a642400 100755
--- a/lavalab-gen.py
+++ b/lavalab-gen.py
@@ -12,7 +12,7 @@ import shutil
boards_yaml = "boards.yaml"
tokens_yaml = "tokens.yaml"
baud_default = 115200
-
+
template_conmux = string.Template("""#
# auto-generated by lavalab-gen.py for ${board}
#
@@ -74,18 +74,20 @@ template_settings_conf = string.Template("""
""")
def main():
+ need_zmq_auth_gen = False
fp = open(boards_yaml, "r")
workers = yaml.load(fp)
fp.close()
os.mkdir("output")
+ zmq_auth_genlist = open("zmqauth/zmq_auth_gen/zmq_genlist", 'w')
if "masters" not in workers:
print("Missing masters entry in boards.yaml")
sys.exit(1)
masters = workers["masters"]
for master in masters:
- keywords_master = [ "name", "type", "host", "users", "tokens", "webadmin_https", "persistent_db" ]
+ keywords_master = [ "name", "type", "host", "users", "tokens", "webadmin_https", "persistent_db", "zmq_auth", "zmq_auth_key", "zmq_auth_key_secret" ]
for keyword in master:
if not keyword in keywords_master:
print("WARNING: unknown keyword %s" % keyword)
@@ -139,6 +141,16 @@ def main():
fsettings = open("%s/settings.conf" % workerdir, 'w')
fsettings.write(template_settings_conf.substitute(cookie_secure=cookie_secure, session_cookie_secure=session_cookie_secure))
fsettings.close()
+ master_use_zmq_auth = False
+ if "zmq_auth" in worker:
+ master_use_zmq_auth = True
+ if master_use_zmq_auth:
+ if "zmq_auth_key" in worker:
+ shutil.copy(worker["zmq_auth_key"], "%s/zmq_auth/" % workerdir)
+ shutil.copy(worker["zmq_auth_key_secret"], "%s/zmq_auth/" % workerdir)
+ else:
+ zmq_auth_genlist.write("%s/%s\n" % (host, name))
+ need_zmq_auth_gen = True
if "users" in worker:
for user in worker["users"]:
keywords_users = [ "name", "staff", "superuser", "password", "token" ]
@@ -195,7 +207,7 @@ def main():
sys.exit(1)
slaves = workers["slaves"]
for slave in slaves:
- keywords_slaves = [ "name", "host", "dispatcher_ip", "remote_user", "remote_master", "remote_address", "remote_rpc_port", "remote_proto", "extra_actions" ]
+ keywords_slaves = [ "name", "host", "dispatcher_ip", "remote_user", "remote_master", "remote_address", "remote_rpc_port", "remote_proto", "extra_actions", "zmq_auth_key", "zmq_auth_key_secret" ]
for keyword in slave:
if not keyword in keywords_slaves:
print("WARNING: unknown keyword %s" % keyword)
@@ -264,6 +276,17 @@ def main():
for fuser in fm["users"]:
if fuser["name"] == remote_user:
remote_token = fuser["token"]
+ if "zmq_auth" in fm:
+ if "zmq_auth_key" in fm:
+ shutil.copy(fm["zmq_auth_key"], "%s/zmq_auth/" % workerdir)
+ if "zmq_auth_key" in worker:
+ shutil.copy(worker["zmq_auth_key"], "%s/zmq_auth/" % workerdir)
+ shutil.copy(worker["zmq_auth_key_secret"], "%s/zmq_auth/" % workerdir)
+ if "zmq_auth_key" in fm:
+ shutil.copy(worker["zmq_auth_key"], "output/%s/%s/zmq_auth/" % (fm["host"], fm["name"]))
+ else:
+ zmq_auth_genlist.write("%s/%s %s/%s\n" % (host, name, fm["host"], fm["name"]))
+ need_zmq_auth_gen = True
if remote_token is "BAD":
print("Cannot find %s on %s" % (remote_user, remote_master))
sys.exit(1)
@@ -416,6 +439,10 @@ def main():
fp.close()
with open(dockcomposeymlpath, 'w') as f:
yaml.dump(dockcomp, f)
+ zmq_auth_genlist.close()
+ if need_zmq_auth_gen:
+ print("Gen ZMQ auth files")
+ subprocess.check_call(["./zmqauth/zmq_auth_fill.sh"], stdin=None)
if __name__ == "__main__":