mirror of
https://github.com/davidallendj/magellan.git
synced 2025-12-20 03:27:03 -07:00
Changed cert flags and added cert for gofish
This commit is contained in:
David J. Allen
parent
b58167a322
commit
b5c0d9ce2a
4 changed files with 74 additions and 49 deletions
|
|
@ -49,7 +49,7 @@ var collectCmd = &cobra.Command{
|
||||||
Timeout: timeout,
|
Timeout: timeout,
|
||||||
Threads: threads,
|
Threads: threads,
|
||||||
Verbose: verbose,
|
Verbose: verbose,
|
||||||
WithSecureTLS: withSecureTLS,
|
CaCertPath: cacertPath,
|
||||||
OutputPath: outputPath,
|
OutputPath: outputPath,
|
||||||
ForceUpdate: forceUpdate,
|
ForceUpdate: forceUpdate,
|
||||||
}
|
}
|
||||||
|
|
@ -74,7 +74,6 @@ func init() {
|
||||||
collectCmd.PersistentFlags().BoolVar(&forceUpdate, "force-update", false, "set flag to force update data sent to SMD ")
|
collectCmd.PersistentFlags().BoolVar(&forceUpdate, "force-update", false, "set flag to force update data sent to SMD ")
|
||||||
collectCmd.PersistentFlags().StringVar(&preferredDriver, "preferred-driver", "ipmi", "set the preferred driver to use")
|
collectCmd.PersistentFlags().StringVar(&preferredDriver, "preferred-driver", "ipmi", "set the preferred driver to use")
|
||||||
collectCmd.PersistentFlags().StringVar(&ipmitoolPath, "ipmitool.path", "/usr/bin/ipmitool", "set the path for ipmitool")
|
collectCmd.PersistentFlags().StringVar(&ipmitoolPath, "ipmitool.path", "/usr/bin/ipmitool", "set the path for ipmitool")
|
||||||
collectCmd.PersistentFlags().BoolVar(&withSecureTLS, "secure-tls", false, "enable secure TLS")
|
collectCmd.PersistentFlags().StringVar(&cacertPath, "ca-cert", "", "path to CA cert. (defaults to system CAs; used with --secure-tls=true)")
|
||||||
collectCmd.PersistentFlags().StringVar(&certPoolFile, "cert-pool", "", "path to CA cert. (defaults to system CAs; used with --secure-tls=true)")
|
|
||||||
rootCmd.AddCommand(collectCmd)
|
rootCmd.AddCommand(collectCmd)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -14,8 +14,7 @@ var (
|
||||||
ports []int
|
ports []int
|
||||||
hosts []string
|
hosts []string
|
||||||
protocol string
|
protocol string
|
||||||
withSecureTLS bool
|
cacertPath string
|
||||||
certPoolFile string
|
|
||||||
user string
|
user string
|
||||||
pass string
|
pass string
|
||||||
dbpath string
|
dbpath string
|
||||||
|
|
|
||||||
|
|
@ -36,7 +36,6 @@ var updateCmd = &cobra.Command{
|
||||||
Pass: pass,
|
Pass: pass,
|
||||||
Timeout: timeout,
|
Timeout: timeout,
|
||||||
Port: port,
|
Port: port,
|
||||||
WithSecureTLS: withSecureTLS,
|
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -76,7 +75,6 @@ func init() {
|
||||||
updateCmd.Flags().StringVar(&firmwareUrl, "firmware-url", "", "set the path to the firmware")
|
updateCmd.Flags().StringVar(&firmwareUrl, "firmware-url", "", "set the path to the firmware")
|
||||||
updateCmd.Flags().StringVar(&firmwareVersion, "firmware-version", "", "set the version of firmware to be installed")
|
updateCmd.Flags().StringVar(&firmwareVersion, "firmware-version", "", "set the version of firmware to be installed")
|
||||||
updateCmd.Flags().StringVar(&component, "component", "", "set the component to upgrade")
|
updateCmd.Flags().StringVar(&component, "component", "", "set the component to upgrade")
|
||||||
updateCmd.Flags().BoolVar(&withSecureTLS, "secure-tls", false, "enable secure TLS")
|
|
||||||
updateCmd.Flags().BoolVar(&status, "status", false, "get the status of the update")
|
updateCmd.Flags().BoolVar(&status, "status", false, "get the status of the update")
|
||||||
rootCmd.AddCommand(updateCmd)
|
rootCmd.AddCommand(updateCmd)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -44,8 +44,7 @@ type QueryParams struct {
|
||||||
Threads int
|
Threads int
|
||||||
Preferred string
|
Preferred string
|
||||||
Timeout int
|
Timeout int
|
||||||
WithSecureTLS bool
|
CaCertPath string
|
||||||
CertPoolFile string
|
|
||||||
Verbose bool
|
Verbose bool
|
||||||
IpmitoolPath string
|
IpmitoolPath string
|
||||||
OutputPath string
|
OutputPath string
|
||||||
|
|
@ -54,6 +53,7 @@ type QueryParams struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewClient(l *log.Logger, q *QueryParams) (*bmclib.Client, error) {
|
func NewClient(l *log.Logger, q *QueryParams) (*bmclib.Client, error) {
|
||||||
|
|
||||||
tr := &http.Transport{
|
tr := &http.Transport{
|
||||||
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
|
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
|
||||||
}
|
}
|
||||||
|
|
@ -75,9 +75,9 @@ func NewClient(l *log.Logger, q *QueryParams) (*bmclib.Client, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// only work if valid cert is provided
|
// only work if valid cert is provided
|
||||||
if q.WithSecureTLS && q.CertPoolFile != "" {
|
if q.CaCertPath != "" {
|
||||||
pool := x509.NewCertPool()
|
pool := x509.NewCertPool()
|
||||||
data, err := os.ReadFile(q.CertPoolFile)
|
data, err := os.ReadFile(q.CaCertPath)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("could not read cert pool file: %v", err)
|
return nil, fmt.Errorf("could not read cert pool file: %v", err)
|
||||||
}
|
}
|
||||||
|
|
@ -557,10 +557,12 @@ func CollectProcessors(q *QueryParams) ([]byte, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func connectGofish(q *QueryParams) (*gofish.APIClient, error) {
|
func connectGofish(q *QueryParams) (*gofish.APIClient, error) {
|
||||||
config := makeGofishConfig(q)
|
config, err := makeGofishConfig(q)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("failed to make gofish config: %v", err)
|
||||||
|
}
|
||||||
c, err := gofish.Connect(config)
|
c, err := gofish.Connect(config)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
||||||
return nil, fmt.Errorf("could not connect to redfish endpoint: %v", err)
|
return nil, fmt.Errorf("could not connect to redfish endpoint: %v", err)
|
||||||
}
|
}
|
||||||
if c != nil {
|
if c != nil {
|
||||||
|
|
@ -574,15 +576,42 @@ func connectGofish(q *QueryParams) (*gofish.APIClient, error) {
|
||||||
return c, err
|
return c, err
|
||||||
}
|
}
|
||||||
|
|
||||||
func makeGofishConfig(q *QueryParams) gofish.ClientConfig {
|
func makeGofishConfig(q *QueryParams) (gofish.ClientConfig, error) {
|
||||||
url := baseRedfishUrl(q)
|
var (
|
||||||
|
client = &http.Client{}
|
||||||
|
url = baseRedfishUrl(q)
|
||||||
|
config = gofish.ClientConfig{
|
||||||
|
Endpoint: url,
|
||||||
|
Username: q.User,
|
||||||
|
Password: q.Pass,
|
||||||
|
Insecure: q.CaCertPath == "",
|
||||||
|
TLSHandshakeTimeout: q.Timeout,
|
||||||
|
HTTPClient: client,
|
||||||
|
// MaxConcurrentRequests: int64(q.Threads), // NOTE: this was added in latest gofish
|
||||||
|
}
|
||||||
|
)
|
||||||
|
if q.CaCertPath != "" {
|
||||||
|
cacert, err := os.ReadFile(q.CaCertPath)
|
||||||
|
if err != nil {
|
||||||
|
return config, fmt.Errorf("failed to read CA cert file: %v", err)
|
||||||
|
}
|
||||||
|
certPool := x509.NewCertPool()
|
||||||
|
certPool.AppendCertsFromPEM(cacert)
|
||||||
|
client.Transport = &http.Transport{
|
||||||
|
TLSClientConfig: &tls.Config{
|
||||||
|
RootCAs: certPool,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
return gofish.ClientConfig{
|
return gofish.ClientConfig{
|
||||||
Endpoint: url,
|
Endpoint: url,
|
||||||
Username: q.User,
|
Username: q.User,
|
||||||
Password: q.Pass,
|
Password: q.Pass,
|
||||||
Insecure: !q.WithSecureTLS,
|
Insecure: q.CaCertPath == "",
|
||||||
TLSHandshakeTimeout: q.Timeout,
|
TLSHandshakeTimeout: q.Timeout,
|
||||||
}
|
HTTPClient: client,
|
||||||
|
// MaxConcurrentRequests: int64(q.Threads), // NOTE: this was added in latest gofish
|
||||||
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func makeRequest[T any](client *bmclib.Client, fn func(context.Context) (T, error), timeout int) ([]byte, error) {
|
func makeRequest[T any](client *bmclib.Client, fn func(context.Context) (T, error), timeout int) ([]byte, error) {
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue