Add config file handling

2025-01-31 10:31:58 +01:00 · 2024-07-17 17:10:33 +02:00 · 2024-07-17 17:10:33 +02:00 · e75fbd34a7
commit e75fbd34a7
parent 7162e0a2ac
1 changed files with 88 additions and 38 deletions
--- a/relay/cmd/main.go
+++ b/relay/cmd/main.go
@ -17,18 +17,40 @@ import (
 	"github.com/netbirdio/netbird/util"
 )

-var (
-	listenAddress string
+type Config struct {
+	ListenAddress string
 	// in HA every peer connect to a common domain, the instance domain has been distributed during the p2p connection
 	// it is a domain:port or ip:port
-	exposedAddress     string
-	letsencryptDataDir string
-	letsencryptDomains []string
-	tlsCertFile        string
-	tlsKeyFile         string
-	authSecret         string
+	ExposedAddress     string
+	LetsencryptDataDir string
+	LetsencryptDomains []string
+	TlsCertFile        string
+	TlsKeyFile         string
+	AuthSecret         string
+}

-	rootCmd = &cobra.Command{
+func (c Config) Validate() error {
+	if c.ExposedAddress == "" {
+		return fmt.Errorf("exposed address is required")
+	}
+	if c.AuthSecret == "" {
+		return fmt.Errorf("auth secret is required")
+	}
+	return nil
+}
+
+func (c Config) HasCertConfig() bool {
+	return c.TlsCertFile != "" && c.TlsKeyFile != ""
+}
+
+func (c Config) HasLetsEncrypt() bool {
+	return c.LetsencryptDataDir != "" && c.LetsencryptDomains != nil && len(c.LetsencryptDomains) > 0
+}
+
+var (
+	cobraConfig *Config
+	cfgFile     string
+	rootCmd     = &cobra.Command{
 		Use:   "relay",
 		Short: "Relay service",
 		Long:  "Relay service for Netbird agents",
@ -38,13 +60,15 @@ var (

 func init() {
 	_ = util.InitLog("trace", "console")
-	rootCmd.PersistentFlags().StringVarP(&listenAddress, "listen-address", "l", ":443", "listen address")
-	rootCmd.PersistentFlags().StringVarP(&exposedAddress, "exposed-address", "e", "", "instance domain address (or ip) and port, it will be distributes between peers")
-	rootCmd.PersistentFlags().StringVarP(&letsencryptDataDir, "letsencrypt-data-dir", "d", "", "a directory to store Let's Encrypt data. Required if Let's Encrypt is enabled.")
-	rootCmd.PersistentFlags().StringArrayVarP(&letsencryptDomains, "letsencrypt-domains", "a", nil, "list of domains to issue Let's Encrypt certificate for. Enables TLS using Let's Encrypt. Will fetch and renew certificate, and run the server with TLS")
-	rootCmd.PersistentFlags().StringVarP(&tlsCertFile, "tls-cert-file", "c", "", "")
-	rootCmd.PersistentFlags().StringVarP(&tlsKeyFile, "tls-key-file", "k", "", "")
-	rootCmd.PersistentFlags().StringVarP(&authSecret, "auth-secret", "s", "", "log level")
+	cobraConfig = &Config{}
+	rootCmd.PersistentFlags().StringVarP(&cfgFile, "config-file", "f", "/etc/netbird/relay.json", "Relay server config file location")
+	rootCmd.PersistentFlags().StringVarP(&cobraConfig.ListenAddress, "listen-address", "l", ":443", "listen address")
+	rootCmd.PersistentFlags().StringVarP(&cobraConfig.ExposedAddress, "exposed-address", "e", "", "instance domain address (or ip) and port, it will be distributes between peers")
+	rootCmd.PersistentFlags().StringVarP(&cobraConfig.LetsencryptDataDir, "letsencrypt-data-dir", "d", "", "a directory to store Let's Encrypt data. Required if Let's Encrypt is enabled.")
+	rootCmd.PersistentFlags().StringArrayVarP(&cobraConfig.LetsencryptDomains, "letsencrypt-domains", "a", nil, "list of domains to issue Let's Encrypt certificate for. Enables TLS using Let's Encrypt. Will fetch and renew certificate, and run the server with TLS")
+	rootCmd.PersistentFlags().StringVarP(&cobraConfig.TlsCertFile, "tls-cert-file", "c", "", "")
+	rootCmd.PersistentFlags().StringVarP(&cobraConfig.TlsKeyFile, "tls-key-file", "k", "", "")
+	rootCmd.PersistentFlags().StringVarP(&cobraConfig.AuthSecret, "auth-secret", "s", "", "log level")
 }

 func waitForExitSignal() {
@ -53,29 +77,64 @@ func waitForExitSignal() {
 	<-osSigs
 }

+func loadConfig(configFile string) (*Config, error) {
+	log.Infof("loading config from: %s", configFile)
+	loadedConfig := &Config{}
+	_, err := util.ReadJson(configFile, loadedConfig)
+	if err != nil {
+		return nil, err
+	}
+	if cobraConfig.ListenAddress != "" {
+		loadedConfig.ListenAddress = cobraConfig.ListenAddress
+	}
+
+	if cobraConfig.ExposedAddress != "" {
+		loadedConfig.ExposedAddress = cobraConfig.ExposedAddress
+	}
+	if cobraConfig.LetsencryptDataDir != "" {
+		loadedConfig.LetsencryptDataDir = cobraConfig.LetsencryptDataDir
+	}
+	if len(cobraConfig.LetsencryptDomains) > 0 {
+		loadedConfig.LetsencryptDomains = cobraConfig.LetsencryptDomains
+	}
+	if cobraConfig.TlsCertFile != "" {
+		loadedConfig.TlsCertFile = cobraConfig.TlsCertFile
+	}
+	if cobraConfig.TlsKeyFile != "" {
+		loadedConfig.TlsKeyFile = cobraConfig.TlsKeyFile
+	}
+	if cobraConfig.AuthSecret != "" {
+		loadedConfig.AuthSecret = cobraConfig.AuthSecret
+	}
+
+	return loadedConfig, err
+}
+
 func execute(cmd *cobra.Command, args []string) {
-	if exposedAddress == "" {
-		log.Errorf("exposed address is required")
+	cfg, err := loadConfig(cfgFile)
+	if err != nil {
+		log.Errorf("failed to load config: %s", err)
 		os.Exit(1)
 	}

-	if authSecret == "" {
-		log.Errorf("auth secret is required")
+	err = cfg.Validate()
+	if err != nil {
+		log.Errorf("invalid config: %s", err)
 		os.Exit(1)
 	}

 	srvListenerCfg := server.ListenerConfig{
-		Address: listenAddress,
+		Address: cfg.ListenAddress,
 	}
-	if hasLetsEncrypt() {
-		tlsCfg, err := setupTLSCertManager()
+	if cfg.HasLetsEncrypt() {
+		tlsCfg, err := setupTLSCertManager(cfg.LetsencryptDataDir, cfg.LetsencryptDomains...)
 		if err != nil {
 			log.Errorf("%s", err)
 			os.Exit(1)
 		}
 		srvListenerCfg.TLSConfig = tlsCfg
-	} else if hasCertConfig() {
-		tlsCfg, err := encryption.LoadTLSConfig(tlsCertFile, tlsKeyFile)
+	} else if cfg.HasCertConfig() {
+		tlsCfg, err := encryption.LoadTLSConfig(cfg.TlsCertFile, cfg.TlsKeyFile)
 		if err != nil {
 			log.Errorf("%s", err)
 			os.Exit(1)
@ -85,10 +144,10 @@ func execute(cmd *cobra.Command, args []string) {

 	tlsSupport := srvListenerCfg.TLSConfig != nil

-	authenticator := auth.NewTimedHMACValidator(authSecret, 24*time.Hour)
-	srv := server.NewServer(exposedAddress, tlsSupport, authenticator)
+	authenticator := auth.NewTimedHMACValidator(cfg.AuthSecret, 24*time.Hour)
+	srv := server.NewServer(cfg.ExposedAddress, tlsSupport, authenticator)
 	log.Infof("server will be available on: %s", srv.InstanceURL())
-	err := srv.Listen(srvListenerCfg)
+	err = srv.Listen(srvListenerCfg)
 	if err != nil {
 		log.Errorf("failed to bind server: %s", err)
 		os.Exit(1)
@ -103,16 +162,7 @@ func execute(cmd *cobra.Command, args []string) {
 	}
 }

-func hasCertConfig() bool {
-	return tlsCertFile != "" && tlsKeyFile != ""
-
-}
-
-func hasLetsEncrypt() bool {
-	return letsencryptDataDir != "" && letsencryptDomains != nil && len(letsencryptDomains) > 0
-}
-
-func setupTLSCertManager() (*tls.Config, error) {
+func setupTLSCertManager(letsencryptDataDir string, letsencryptDomains ...string) (*tls.Config, error) {
 	certManager, err := encryption.CreateCertManager(letsencryptDataDir, letsencryptDomains...)
 	if err != nil {
 		return nil, fmt.Errorf("failed creating LetsEncrypt cert manager: %v", err)