towk/magellan
1
0
Fork 0
mirror of https://github.com/davidallendj/magellan.git synced 2025-12-20 03:27:03 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #23 from OpenCHAMI/add-cacerts

Browse source 
Changed cert flags and added cert for gofish
This commit is contained in:
David Allen 2024-05-06 14:02:49 -06:00 committed by GitHub
commit e1abff671d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 74 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

25
cmd/collect.go
View file

@ -41,17 +41,17 @@ var collectCmd = &cobra.Command{
threads = mathutil.Clamp(len(probeStates), 1, 255) threads = mathutil.Clamp(len(probeStates), 1, 255)
} }
q := &magellan.QueryParams{ q := &magellan.QueryParams{
User: user, User: user,
Pass: pass, Pass: pass,
Protocol: protocol, Protocol: protocol,
Drivers: drivers, Drivers: drivers,
Preferred: preferredDriver, Preferred: preferredDriver,
Timeout: timeout, Timeout: timeout,
Threads: threads, Threads: threads,
Verbose: verbose, Verbose: verbose,
WithSecureTLS: withSecureTLS, CaCertPath: cacertPath,
OutputPath: outputPath, OutputPath: outputPath,
ForceUpdate: forceUpdate, ForceUpdate: forceUpdate,
} }
magellan.CollectAll(&probeStates, l, q) magellan.CollectAll(&probeStates, l, q)
@ -74,7 +74,6 @@ func init() {
collectCmd.PersistentFlags().BoolVar(&forceUpdate, "force-update", false, "set flag to force update data sent to SMD ") collectCmd.PersistentFlags().BoolVar(&forceUpdate, "force-update", false, "set flag to force update data sent to SMD ")
collectCmd.PersistentFlags().StringVar(&preferredDriver, "preferred-driver", "ipmi", "set the preferred driver to use") collectCmd.PersistentFlags().StringVar(&preferredDriver, "preferred-driver", "ipmi", "set the preferred driver to use")
collectCmd.PersistentFlags().StringVar(&ipmitoolPath, "ipmitool.path", "/usr/bin/ipmitool", "set the path for ipmitool") collectCmd.PersistentFlags().StringVar(&ipmitoolPath, "ipmitool.path", "/usr/bin/ipmitool", "set the path for ipmitool")
collectCmd.PersistentFlags().BoolVar(&withSecureTLS, "secure-tls", false, "enable secure TLS") collectCmd.PersistentFlags().StringVar(&cacertPath, "ca-cert", "", "path to CA cert. (defaults to system CAs; used with --secure-tls=true)")
collectCmd.PersistentFlags().StringVar(&certPoolFile, "cert-pool", "", "path to CA cert. (defaults to system CAs; used with --secure-tls=true)")
rootCmd.AddCommand(collectCmd) rootCmd.AddCommand(collectCmd)
} }

3
cmd/root.go
View file

@ -14,8 +14,7 @@ var (
ports []int ports []int
hosts []string hosts []string
protocol string protocol string
withSecureTLS bool cacertPath string
certPoolFile string
user string user string
pass string pass string
dbpath string dbpath string

18
cmd/update.go
View file

@ -28,15 +28,14 @@ var updateCmd = &cobra.Command{
Component: component, Component: component,
TransferProtocol: transferProtocol, TransferProtocol: transferProtocol,
QueryParams: magellan.QueryParams{ QueryParams: magellan.QueryParams{
Drivers: []string{"redfish"}, Drivers: []string{"redfish"},
Preferred: "redfish", Preferred: "redfish",
Protocol: protocol, Protocol: protocol,
Host: host, Host: host,
User: user, User: user,
Pass: pass, Pass: pass,
Timeout: timeout, Timeout: timeout,
Port: port, Port: port,
WithSecureTLS: withSecureTLS,
}, },
} }
@ -76,7 +75,6 @@ func init() {
updateCmd.Flags().StringVar(&firmwareUrl, "firmware-url", "", "set the path to the firmware") updateCmd.Flags().StringVar(&firmwareUrl, "firmware-url", "", "set the path to the firmware")
updateCmd.Flags().StringVar(&firmwareVersion, "firmware-version", "", "set the version of firmware to be installed") updateCmd.Flags().StringVar(&firmwareVersion, "firmware-version", "", "set the version of firmware to be installed")
updateCmd.Flags().StringVar(&component, "component", "", "set the component to upgrade") updateCmd.Flags().StringVar(&component, "component", "", "set the component to upgrade")
updateCmd.Flags().BoolVar(&withSecureTLS, "secure-tls", false, "enable secure TLS")
updateCmd.Flags().BoolVar(&status, "status", false, "get the status of the update") updateCmd.Flags().BoolVar(&status, "status", false, "get the status of the update")
rootCmd.AddCommand(updateCmd) rootCmd.AddCommand(updateCmd)
} }

77
internal/collect.go
View file

@ -35,25 +35,25 @@ const (
// NOTE: ...params were getting too long... // NOTE: ...params were getting too long...
type QueryParams struct { type QueryParams struct {
Host string Host string
Port int Port int
Protocol string Protocol string
User string User string
Pass string Pass string
Drivers []string Drivers []string
Threads int Threads int
Preferred string Preferred string
Timeout int Timeout int
WithSecureTLS bool CaCertPath string
CertPoolFile string Verbose bool
Verbose bool IpmitoolPath string
IpmitoolPath string OutputPath string
OutputPath string ForceUpdate bool
ForceUpdate bool AccessToken string
AccessToken string
} }
func NewClient(l *log.Logger, q *QueryParams) (*bmclib.Client, error) { func NewClient(l *log.Logger, q *QueryParams) (*bmclib.Client, error) {
tr := &http.Transport{ tr := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
} }
@ -75,9 +75,9 @@ func NewClient(l *log.Logger, q *QueryParams) (*bmclib.Client, error) {
} }
// only work if valid cert is provided // only work if valid cert is provided
if q.WithSecureTLS && q.CertPoolFile != "" { if q.CaCertPath != "" {
pool := x509.NewCertPool() pool := x509.NewCertPool()
data, err := os.ReadFile(q.CertPoolFile) data, err := os.ReadFile(q.CaCertPath)
if err != nil { if err != nil {
return nil, fmt.Errorf("could not read cert pool file: %v", err) return nil, fmt.Errorf("could not read cert pool file: %v", err)
} }
@ -557,10 +557,12 @@ func CollectProcessors(q *QueryParams) ([]byte, error) {
} }
func connectGofish(q *QueryParams) (*gofish.APIClient, error) { func connectGofish(q *QueryParams) (*gofish.APIClient, error) {
config := makeGofishConfig(q) config, err := makeGofishConfig(q)
if err != nil {
return nil, fmt.Errorf("failed to make gofish config: %v", err)
}
c, err := gofish.Connect(config) c, err := gofish.Connect(config)
if err != nil { if err != nil {
return nil, fmt.Errorf("could not connect to redfish endpoint: %v", err) return nil, fmt.Errorf("could not connect to redfish endpoint: %v", err)
} }
if c != nil { if c != nil {
@ -574,15 +576,42 @@ func connectGofish(q *QueryParams) (*gofish.APIClient, error) {
return c, err return c, err
} }
func makeGofishConfig(q *QueryParams) gofish.ClientConfig { func makeGofishConfig(q *QueryParams) (gofish.ClientConfig, error) {
url := baseRedfishUrl(q) var (
client = &http.Client{}
url = baseRedfishUrl(q)
config = gofish.ClientConfig{
Endpoint: url,
Username: q.User,
Password: q.Pass,
Insecure: q.CaCertPath == "",
TLSHandshakeTimeout: q.Timeout,
HTTPClient: client,
// MaxConcurrentRequests: int64(q.Threads), // NOTE: this was added in latest gofish
}
)
if q.CaCertPath != "" {
cacert, err := os.ReadFile(q.CaCertPath)
if err != nil {
return config, fmt.Errorf("failed to read CA cert file: %v", err)
}
certPool := x509.NewCertPool()
certPool.AppendCertsFromPEM(cacert)
client.Transport = &http.Transport{
TLSClientConfig: &tls.Config{
RootCAs: certPool,
},
}
}
return gofish.ClientConfig{ return gofish.ClientConfig{
Endpoint: url, Endpoint: url,
Username: q.User, Username: q.User,
Password: q.Pass, Password: q.Pass,
Insecure: !q.WithSecureTLS, Insecure: q.CaCertPath == "",
TLSHandshakeTimeout: q.Timeout, TLSHandshakeTimeout: q.Timeout,
} HTTPClient: client,
// MaxConcurrentRequests: int64(q.Threads), // NOTE: this was added in latest gofish
}, nil
} }
func makeRequest[T any](client *bmclib.Client, fn func(context.Context) (T, error), timeout int) ([]byte, error) { func makeRequest[T any](client *bmclib.Client, fn func(context.Context) (T, error), timeout int) ([]byte, error) {