Handle ZMQ auth

This patch add support for using ZMQ auth. Basicly adding "zmq_auth: True" to a master is sufficient to enable it. Since "ZMQ certificates" are using a custom format (vs X509 classic), we need to use the custom generator. For helping with that a temporary docker is generated which handle generating thoses files.
author: Corentin LABBE <clabbe@baylibre.com> 2018-07-04 14:45:58 +0200
committer: Corentin LABBE <clabbe@baylibre.com> 2018-07-23 16:20:48 +0200
commit: d42030d39800b930634dba1efafcf43959c40205 (patch)
tree: dd9bc68db2a8e763fc1032503a85ec9342568185 /lavalab-gen.py
parent: 0f09e5c9b89cee21a6ee39db9daf8e17525dd493 (diff)
1 files changed, 30 insertions, 3 deletions
diff --git a/lavalab-gen.py b/lavalab-gen.py
index e0c1c16..a642400 100755
--- a/lavalab-gen.py
+++ b/lavalab-gen.py
@@ -12,7 +12,7 @@ import shutil
 boards_yaml = "boards.yaml"
 tokens_yaml = "tokens.yaml"
 baud_default = 115200
-    
+
 template_conmux = string.Template("""#
 # auto-generated by lavalab-gen.py for ${board}
 #
@@ -74,18 +74,20 @@ template_settings_conf = string.Template("""
 """)
 
 def main():
+    need_zmq_auth_gen = False
     fp = open(boards_yaml, "r")
     workers = yaml.load(fp)
     fp.close()
 
     os.mkdir("output")
+    zmq_auth_genlist = open("zmqauth/zmq_auth_gen/zmq_genlist", 'w')
 
     if "masters" not in workers:
         print("Missing masters entry in boards.yaml")
         sys.exit(1)
     masters = workers["masters"]
     for master in masters:
-        keywords_master = [ "name", "type", "host", "users", "tokens", "webadmin_https", "persistent_db" ]
+        keywords_master = [ "name", "type", "host", "users", "tokens", "webadmin_https", "persistent_db", "zmq_auth", "zmq_auth_key", "zmq_auth_key_secret" ]
         for keyword in master:
             if not keyword in keywords_master:
                 print("WARNING: unknown keyword %s" % keyword)
@@ -139,6 +141,16 @@ def main():
         fsettings = open("%s/settings.conf" % workerdir, 'w')
         fsettings.write(template_settings_conf.substitute(cookie_secure=cookie_secure, session_cookie_secure=session_cookie_secure))
         fsettings.close()
+        master_use_zmq_auth = False
+        if "zmq_auth" in worker:
+            master_use_zmq_auth = True
+        if master_use_zmq_auth:
+            if "zmq_auth_key" in worker:
+                shutil.copy(worker["zmq_auth_key"], "%s/zmq_auth/" % workerdir)
+                shutil.copy(worker["zmq_auth_key_secret"], "%s/zmq_auth/" % workerdir)
+            else:
+                zmq_auth_genlist.write("%s/%s\n" % (host, name))
+                need_zmq_auth_gen = True
         if "users" in worker:
             for user in worker["users"]:
                 keywords_users = [ "name", "staff", "superuser", "password", "token" ]
@@ -195,7 +207,7 @@ def main():
         sys.exit(1)
     slaves = workers["slaves"]
     for slave in slaves:
-        keywords_slaves = [ "name", "host", "dispatcher_ip", "remote_user", "remote_master", "remote_address", "remote_rpc_port", "remote_proto", "extra_actions" ]
+        keywords_slaves = [ "name", "host", "dispatcher_ip", "remote_user", "remote_master", "remote_address", "remote_rpc_port", "remote_proto", "extra_actions", "zmq_auth_key", "zmq_auth_key_secret" ]
         for keyword in slave:
             if not keyword in keywords_slaves:
                 print("WARNING: unknown keyword %s" % keyword)
@@ -264,6 +276,17 @@ def main():
                 for fuser in fm["users"]:
                     if fuser["name"] == remote_user:
                         remote_token = fuser["token"]
+                if "zmq_auth" in fm:
+                    if "zmq_auth_key" in fm:
+                        shutil.copy(fm["zmq_auth_key"], "%s/zmq_auth/" % workerdir)
+                    if "zmq_auth_key" in worker:
+                        shutil.copy(worker["zmq_auth_key"], "%s/zmq_auth/" % workerdir)
+                        shutil.copy(worker["zmq_auth_key_secret"], "%s/zmq_auth/" % workerdir)
+                        if "zmq_auth_key" in fm:
+                            shutil.copy(worker["zmq_auth_key"], "output/%s/%s/zmq_auth/" % (fm["host"], fm["name"]))
+                    else:
+                        zmq_auth_genlist.write("%s/%s %s/%s\n" % (host, name, fm["host"], fm["name"]))
+                        need_zmq_auth_gen = True
         if remote_token is "BAD":
             print("Cannot find %s on %s" % (remote_user, remote_master))
             sys.exit(1)
@@ -416,6 +439,10 @@ def main():
         fp.close()
         with open(dockcomposeymlpath, 'w') as f:
             yaml.dump(dockcomp, f)
+    zmq_auth_genlist.close()
+    if need_zmq_auth_gen:
+        print("Gen ZMQ auth files")
+        subprocess.check_call(["./zmqauth/zmq_auth_fill.sh"], stdin=None)
 
 
 if __name__ == "__main__":
author	Corentin LABBE <clabbe@baylibre.com>	2018-07-04 14:45:58 +0200
committer	Corentin LABBE <clabbe@baylibre.com>	2018-07-23 16:20:48 +0200
commit	d42030d39800b930634dba1efafcf43959c40205 (patch)
tree	dd9bc68db2a8e763fc1032503a85ec9342568185 /lavalab-gen.py
parent	0f09e5c9b89cee21a6ee39db9daf8e17525dd493 (diff)