Skip to content

Commit

Permalink
FIX: Load cert
Browse files Browse the repository at this point in the history
  • Loading branch information
Fred78290 committed Oct 6, 2024
1 parent d31fdec commit 197e738
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 5 deletions.
38 changes: 33 additions & 5 deletions providers/lxd/configuration.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"bytes"
"errors"
"fmt"
"os"
"path"
"strings"
"time"
Expand Down Expand Up @@ -226,6 +227,18 @@ func (wrapper *lxdWrapper) findImage(name string) (fingerprint string, err error
return
}

func (wrapper *lxdWrapper) readLxdPEM(pem string) (content string, err error) {
if pem != "" {
var b []byte

if b, err = os.ReadFile(path.Join(wrapper.LxdConfigLocation, pem)); err == nil {
content = string(b)
}
}

return
}

func (wrapper *lxdWrapper) ConfigurationDidLoad() (err error) {
if wrapper.Configuration.UseBind9 {
if wrapper.bind9Provider, err = rfc2136.NewDNSRFC2136ProviderCredentials(wrapper.Configuration.Bind9Host, wrapper.Configuration.RndcKeyFile); err != nil {
Expand All @@ -239,15 +252,30 @@ func (wrapper *lxdWrapper) ConfigurationDidLoad() (err error) {
}
} else {
var ca string
var serverCert string
var clientCert string
var clientKey string

if wrapper.TLSCA != "" {
ca = path.Join(wrapper.LxdConfigLocation, wrapper.TLSCA)
if ca, err = wrapper.readLxdPEM(wrapper.TLSCA); err != nil {
return err
}

if serverCert, err = wrapper.readLxdPEM(wrapper.TLSServerCert); err != nil {
return err
}

if clientCert, err = wrapper.readLxdPEM(wrapper.TLSClientCert); err != nil {
return err
}

if clientKey, err = wrapper.readLxdPEM(wrapper.TLSClientKey); err != nil {
return err
}

args := golxd.ConnectionArgs{
TLSServerCert: path.Join(wrapper.LxdConfigLocation, wrapper.TLSServerCert),
TLSClientCert: path.Join(wrapper.LxdConfigLocation, wrapper.TLSClientCert),
TLSClientKey: path.Join(wrapper.LxdConfigLocation, wrapper.TLSClientKey),
TLSServerCert: serverCert,
TLSClientCert: clientCert,
TLSClientKey: clientKey,
TLSCA: ca,
}

Expand Down
9 changes: 9 additions & 0 deletions scripts/prepare.sh
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,15 @@ if [ -n "${NODEGROUP}" ]; then
| sed -e "s/\/etc\/ssl\/certs\/autoscaler-utility/${AUTOSCALER_DESKTOP_UTILITY_TLS}/g" \
| jq --arg BIND9_RNDCKEY "${BIND9_RNDCKEY}" '.|."rndc-key-file" = $BIND9_RNDCKEY | ."lxd-server-url" = "unix:"' > ${CONFIG_DIR}/provider.json

#cat ${AUTOSCALER_HOME}/config/${NODEGROUP}/config/provider.json \
# | sed -e "s/\/etc\/ssl\/certs\/autoscaler-utility/${AUTOSCALER_DESKTOP_UTILITY_TLS}/g" \
# | jq --arg BIND9_RNDCKEY "${BIND9_RNDCKEY}" '.|."rndc-key-file" = $BIND9_RNDCKEY
# | ."lxd-config-location" = "/home/stack/snap/lxd/common/config"
# | ."tls-server-cert" = "servercerts/stack.crt"
# | ."tls-client-cert" = "client.crt"
# | ."tls-client-key" = "client.key"
# | ."lxd-server-url" = "https://10.0.0.21:8443"' > ${CONFIG_DIR}/provider.json

cat ${AUTOSCALER_HOME}/config/${NODEGROUP}/config/autoscaler.json | jq \
--arg ETCD_SSL_DIR "${AUTOSCALER_HOME}/config/${NODEGROUP}/cluster/etcd" \
--arg PKI_DIR "${AUTOSCALER_HOME}/config/${NODEGROUP}/cluster/kubernetes/pki" \
Expand Down

0 comments on commit 197e738

Please sign in to comment.