From d42030d39800b930634dba1efafcf43959c40205 Mon Sep 17 00:00:00 2001
From: Corentin LABBE <clabbe@baylibre.com>
Date: Wed, 4 Jul 2018 14:45:58 +0200
Subject: Handle ZMQ auth

This patch add support for using ZMQ auth.
Basicly adding "zmq_auth: True" to a master is sufficient to enable it.
Since "ZMQ certificates" are using a custom format (vs X509 classic), we need to use the custom generator.
For helping with that a temporary docker is generated which handle generating thoses files.
---
 lava-master/Dockerfile       | 2 ++
 lava-master/scripts/setup.sh | 9 +++++++++
 lava-master/zmq_auth/.empty  | 0
 3 files changed, 11 insertions(+)
 create mode 100644 lava-master/zmq_auth/.empty

(limited to 'lava-master')

diff --git a/lava-master/Dockerfile b/lava-master/Dockerfile
index a074570..3299922 100644
--- a/lava-master/Dockerfile
+++ b/lava-master/Dockerfile
@@ -93,6 +93,8 @@ RUN cd /etc/lava-server/dispatcher-config/device-types/ && for patch in $(ls /ro
 COPY lava-patch/ /root/lava-patch
 RUN cd /usr/lib/python3/dist-packages && for patch in $(ls /root/lava-patch/*patch) ; do patch -p1 < $patch || exit $?;done
 
+COPY zmq_auth/ /etc/lava-dispatcher/certificates.d/
+
 EXPOSE 69/udp 80 3079 5555 5556
 
 CMD /start.sh && while [ true ];do sleep 365d; done
diff --git a/lava-master/scripts/setup.sh b/lava-master/scripts/setup.sh
index 6ab0663..c7807dc 100755
--- a/lava-master/scripts/setup.sh
+++ b/lava-master/scripts/setup.sh
@@ -118,3 +118,12 @@ do
 		lava-server manage devices add --device-type $devicetype --worker $worker $devicename || exit $?
 	done
 done
+
+if [ -e /etc/lava-dispatcher/certificates.d/$(hostname).key ];then
+	echo "INFO: Enabling encryption"
+	sed -i 's,.*ENCRYPT=.*,ENCRYPT="--encrypt",' /etc/lava-server/lava-master || exit $?
+	sed -i 's,.*MASTER_CERT=.*,MASTER_CERT="--master-cert /etc/lava-dispatcher/certificates.d/$(hostname).key_secret",' /etc/lava-server/lava-master || exit $?
+	sed -i 's,.*ENCRYPT=.*,ENCRYPT="--encrypt",' /etc/lava-server/lava-logs || exit $?
+	sed -i 's,.*MASTER_CERT=.*,MASTER_CERT="--master-cert /etc/lava-dispatcher/certificates.d/$(hostname).key_secret",' /etc/lava-server/lava-logs || exit $?
+fi
+exit 0
diff --git a/lava-master/zmq_auth/.empty b/lava-master/zmq_auth/.empty
new file mode 100644
index 0000000..e69de29
-- 
cgit 1.2.3-korg