From 40fc2f87e4c38264d2070a2056657c0cbad217e1 Mon Sep 17 00:00:00 2001 From: Corentin LABBE Date: Thu, 4 Feb 2021 10:27:25 +0000 Subject: wanted ser2net and cu are in buster The version of cu/ser2net we want are already in buster now, so no need to play with testing/sid. Furthermore, sid give a new ser2net with incompatible config file. --- lava-slave/Dockerfile | 13 ------------- 1 file changed, 13 deletions(-) (limited to 'lava-slave') diff --git a/lava-slave/Dockerfile b/lava-slave/Dockerfile index bb59174..8412fcf 100644 --- a/lava-slave/Dockerfile +++ b/lava-slave/Dockerfile @@ -19,22 +19,9 @@ COPY conmux/ /etc/conmux/ RUN find /usr/lib/python3/dist-packages/ -iname constants.py | xargs sed -i 's,XNBD_PORT_RANGE_MIN.*,XNBD_PORT_RANGE_MIN=61950,' RUN find /usr/lib/python3/dist-packages/ -iname constants.py | xargs sed -i 's,XNBD_PORT_RANGE_MAX.*,XNBD_PORT_RANGE_MAX=62000,' -#conmux need cu >= 1.07-24 See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=336996 -RUN echo "deb http://deb.debian.org/debian/ testing main" >> /etc/apt/sources.list.d/testing.list -RUN apt-get update -RUN DEBIAN_FRONTEND=noninteractive apt-get -y install cu -RUN rm /etc/apt/sources.list.d/testing.list - RUN apt-get -y install ser2net COPY ser2net.conf /etc -# ser2net > 3.2 is only availlable from sid -RUN echo "deb http://deb.debian.org/debian/ sid main" >> /etc/apt/sources.list.d/sid.list -RUN apt-get update -RUN DEBIAN_FRONTEND=noninteractive apt-get -y install ser2net -RUN rm /etc/apt/sources.list.d/sid.list -RUN apt-get update - RUN apt-get -y install lavacli # PXE stuff -- cgit 1.2.3-korg From 5d49e030896a59ec83250d93352f3d37ae8ff364 Mon Sep 17 00:00:00 2001 From: Corentin LABBE Date: Fri, 5 Feb 2021 08:39:52 +0000 Subject: Permit to set worker token in boards.yaml LAVA 2020.09 dropped ZMQ and use now a token to authenticate worker against master. lava-docker already handle this by getting token via lavacli. But we need to support to set token in boards.yaml, this patch permits this. Furthermore, the token was given to worker via --token, but this is bad since token can be found by anyone running ps. A better secure way is to use --token-file. --- README.md | 1 + lava-slave/scripts/setup.sh | 29 +++++++++++++++++++++++------ lavalab-gen.py | 4 +++- 3 files changed, 27 insertions(+), 7 deletions(-) (limited to 'lava-slave') diff --git a/README.md b/README.md index bbc8c15..61c2ce7 100644 --- a/README.md +++ b/README.md @@ -279,6 +279,7 @@ slaves: remote_user: the user used for connecting to the master remote_user_token: The remote_user's token. This option is necessary only if no master node exists in boards.yaml. Otherwise lavalab-gen.py will get from it. remote_proto: http(default) or https + lava_worker_token: token to authenticate worker to master/scheduler (LAVA 2020.09+) default_slave: Does this slave is the default slave where to add boards (default: lab-slave-0) bind_dev: Bind /dev from host to slave. This is needed when using some HID PDU use_tftp: Does LAVA need a TFTP server (default True) diff --git a/lava-slave/scripts/setup.sh b/lava-slave/scripts/setup.sh index 9873a91..7c31441 100755 --- a/lava-slave/scripts/setup.sh +++ b/lava-slave/scripts/setup.sh @@ -72,15 +72,32 @@ do fi grep -q "TOKEN" /root/entrypoint.sh if [ $? -eq 0 ];then + # This is 2020.09+ echo "DEBUG: Worker need a TOKEN" - # TODO use token from env - WTOKEN=$(getworkertoken.py $LAVA_MASTER_URI $worker) - if [ $? -eq 0 ];then - sed -i "s,.*TOKEN.*,TOKEN=\"--token $WTOKEN\"," /etc/lava-dispatcher/lava-worker || exit $? + if [ -z "$LAVA_WORKER_TOKEN" ];then + echo "DEBUG: get token dynamicly" + # Does not work on 2020.09, since token was not added yet in RPC2 + WTOKEN=$(getworkertoken.py $LAVA_MASTER_URI $worker) + if [ $? -ne 0 ];then + echo "ERROR: cannot get WORKER TOKEN" + exit 1 + fi + if [ -z "$WTOKEN" ];then + echo "ERROR: got an empty token" + exit 1 + fi else - echo "ERROR: cannot get WORKER TOKEN" - exit 1 + echo "DEBUG: got token from env" + WTOKEN=$LAVA_WORKER_TOKEN fi + echo "DEBUG: write token in /var/lib/lava/dispatcher/worker/" + mkdir -p /var/lib/lava/dispatcher/worker/ + echo "$WTOKEN" > /var/lib/lava/dispatcher/worker/token + # lava worker ran under root + chown root:root /var/lib/lava/dispatcher/worker/token + chmod 640 /var/lib/lava/dispatcher/worker/token + sed -i "s,.*TOKEN.*,TOKEN=\"--token-file /var/lib/lava/dispatcher/worker/token\"," /etc/lava-dispatcher/lava-worker || exit $? + echo "DEBUG: set master URL to $LAVA_MASTER_URL" sed -i "s,^# URL.*,URL=\"$LAVA_MASTER_URL\"," /etc/lava-dispatcher/lava-worker || exit $? cat /etc/lava-dispatcher/lava-worker diff --git a/lavalab-gen.py b/lavalab-gen.py index e4b3487..e901eb7 100755 --- a/lavalab-gen.py +++ b/lavalab-gen.py @@ -407,7 +407,7 @@ def main(): "devices", "dispatcher_ip", "default_slave", "extra_actions", "export_ser2net", "expose_ser2net", "expose_ports", "env", "host", "host_healthcheck", - "loglevel", "lava-coordinator", + "loglevel", "lava-coordinator", "lava_worker_token", "name", "remote_user", "remote_master", "remote_address", "remote_rpc_port", "remote_proto", "remote_user_token", "tags", @@ -493,6 +493,8 @@ def main(): else: remote_rpc_port = worker["remote_rpc_port"] dockcomp["services"][worker_name]["environment"]["LAVA_MASTER"] = remote_address + if "lava_worker_token" in worker: + dockcomp["services"][worker_name]["environment"]["LAVA_WORKER_TOKEN"] = worker["lava_worker_token"] remote_user = worker["remote_user"] # find master remote_token = "BAD" -- cgit 1.2.3-korg