From e75fbd34a7f603b8be9357c1f76768dc58398fe9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zolt=C3=A1n=20Papp?= Date: Wed, 17 Jul 2024 17:10:33 +0200 Subject: [PATCH] Add config file handling --- relay/cmd/main.go | 126 ++++++++++++++++++++++++++++++++-------------- 1 file changed, 88 insertions(+), 38 deletions(-) diff --git a/relay/cmd/main.go b/relay/cmd/main.go index 5e454b000..b96482ef8 100644 --- a/relay/cmd/main.go +++ b/relay/cmd/main.go @@ -17,18 +17,40 @@ import ( "github.com/netbirdio/netbird/util" ) -var ( - listenAddress string +type Config struct { + ListenAddress string // in HA every peer connect to a common domain, the instance domain has been distributed during the p2p connection // it is a domain:port or ip:port - exposedAddress string - letsencryptDataDir string - letsencryptDomains []string - tlsCertFile string - tlsKeyFile string - authSecret string + ExposedAddress string + LetsencryptDataDir string + LetsencryptDomains []string + TlsCertFile string + TlsKeyFile string + AuthSecret string +} - rootCmd = &cobra.Command{ +func (c Config) Validate() error { + if c.ExposedAddress == "" { + return fmt.Errorf("exposed address is required") + } + if c.AuthSecret == "" { + return fmt.Errorf("auth secret is required") + } + return nil +} + +func (c Config) HasCertConfig() bool { + return c.TlsCertFile != "" && c.TlsKeyFile != "" +} + +func (c Config) HasLetsEncrypt() bool { + return c.LetsencryptDataDir != "" && c.LetsencryptDomains != nil && len(c.LetsencryptDomains) > 0 +} + +var ( + cobraConfig *Config + cfgFile string + rootCmd = &cobra.Command{ Use: "relay", Short: "Relay service", Long: "Relay service for Netbird agents", @@ -38,13 +60,15 @@ var ( func init() { _ = util.InitLog("trace", "console") - rootCmd.PersistentFlags().StringVarP(&listenAddress, "listen-address", "l", ":443", "listen address") - rootCmd.PersistentFlags().StringVarP(&exposedAddress, "exposed-address", "e", "", "instance domain address (or ip) and port, it will be distributes between peers") - rootCmd.PersistentFlags().StringVarP(&letsencryptDataDir, "letsencrypt-data-dir", "d", "", "a directory to store Let's Encrypt data. Required if Let's Encrypt is enabled.") - rootCmd.PersistentFlags().StringArrayVarP(&letsencryptDomains, "letsencrypt-domains", "a", nil, "list of domains to issue Let's Encrypt certificate for. Enables TLS using Let's Encrypt. Will fetch and renew certificate, and run the server with TLS") - rootCmd.PersistentFlags().StringVarP(&tlsCertFile, "tls-cert-file", "c", "", "") - rootCmd.PersistentFlags().StringVarP(&tlsKeyFile, "tls-key-file", "k", "", "") - rootCmd.PersistentFlags().StringVarP(&authSecret, "auth-secret", "s", "", "log level") + cobraConfig = &Config{} + rootCmd.PersistentFlags().StringVarP(&cfgFile, "config-file", "f", "/etc/netbird/relay.json", "Relay server config file location") + rootCmd.PersistentFlags().StringVarP(&cobraConfig.ListenAddress, "listen-address", "l", ":443", "listen address") + rootCmd.PersistentFlags().StringVarP(&cobraConfig.ExposedAddress, "exposed-address", "e", "", "instance domain address (or ip) and port, it will be distributes between peers") + rootCmd.PersistentFlags().StringVarP(&cobraConfig.LetsencryptDataDir, "letsencrypt-data-dir", "d", "", "a directory to store Let's Encrypt data. Required if Let's Encrypt is enabled.") + rootCmd.PersistentFlags().StringArrayVarP(&cobraConfig.LetsencryptDomains, "letsencrypt-domains", "a", nil, "list of domains to issue Let's Encrypt certificate for. Enables TLS using Let's Encrypt. Will fetch and renew certificate, and run the server with TLS") + rootCmd.PersistentFlags().StringVarP(&cobraConfig.TlsCertFile, "tls-cert-file", "c", "", "") + rootCmd.PersistentFlags().StringVarP(&cobraConfig.TlsKeyFile, "tls-key-file", "k", "", "") + rootCmd.PersistentFlags().StringVarP(&cobraConfig.AuthSecret, "auth-secret", "s", "", "log level") } func waitForExitSignal() { @@ -53,29 +77,64 @@ func waitForExitSignal() { <-osSigs } +func loadConfig(configFile string) (*Config, error) { + log.Infof("loading config from: %s", configFile) + loadedConfig := &Config{} + _, err := util.ReadJson(configFile, loadedConfig) + if err != nil { + return nil, err + } + if cobraConfig.ListenAddress != "" { + loadedConfig.ListenAddress = cobraConfig.ListenAddress + } + + if cobraConfig.ExposedAddress != "" { + loadedConfig.ExposedAddress = cobraConfig.ExposedAddress + } + if cobraConfig.LetsencryptDataDir != "" { + loadedConfig.LetsencryptDataDir = cobraConfig.LetsencryptDataDir + } + if len(cobraConfig.LetsencryptDomains) > 0 { + loadedConfig.LetsencryptDomains = cobraConfig.LetsencryptDomains + } + if cobraConfig.TlsCertFile != "" { + loadedConfig.TlsCertFile = cobraConfig.TlsCertFile + } + if cobraConfig.TlsKeyFile != "" { + loadedConfig.TlsKeyFile = cobraConfig.TlsKeyFile + } + if cobraConfig.AuthSecret != "" { + loadedConfig.AuthSecret = cobraConfig.AuthSecret + } + + return loadedConfig, err +} + func execute(cmd *cobra.Command, args []string) { - if exposedAddress == "" { - log.Errorf("exposed address is required") + cfg, err := loadConfig(cfgFile) + if err != nil { + log.Errorf("failed to load config: %s", err) os.Exit(1) } - if authSecret == "" { - log.Errorf("auth secret is required") + err = cfg.Validate() + if err != nil { + log.Errorf("invalid config: %s", err) os.Exit(1) } srvListenerCfg := server.ListenerConfig{ - Address: listenAddress, + Address: cfg.ListenAddress, } - if hasLetsEncrypt() { - tlsCfg, err := setupTLSCertManager() + if cfg.HasLetsEncrypt() { + tlsCfg, err := setupTLSCertManager(cfg.LetsencryptDataDir, cfg.LetsencryptDomains...) if err != nil { log.Errorf("%s", err) os.Exit(1) } srvListenerCfg.TLSConfig = tlsCfg - } else if hasCertConfig() { - tlsCfg, err := encryption.LoadTLSConfig(tlsCertFile, tlsKeyFile) + } else if cfg.HasCertConfig() { + tlsCfg, err := encryption.LoadTLSConfig(cfg.TlsCertFile, cfg.TlsKeyFile) if err != nil { log.Errorf("%s", err) os.Exit(1) @@ -85,10 +144,10 @@ func execute(cmd *cobra.Command, args []string) { tlsSupport := srvListenerCfg.TLSConfig != nil - authenticator := auth.NewTimedHMACValidator(authSecret, 24*time.Hour) - srv := server.NewServer(exposedAddress, tlsSupport, authenticator) + authenticator := auth.NewTimedHMACValidator(cfg.AuthSecret, 24*time.Hour) + srv := server.NewServer(cfg.ExposedAddress, tlsSupport, authenticator) log.Infof("server will be available on: %s", srv.InstanceURL()) - err := srv.Listen(srvListenerCfg) + err = srv.Listen(srvListenerCfg) if err != nil { log.Errorf("failed to bind server: %s", err) os.Exit(1) @@ -103,16 +162,7 @@ func execute(cmd *cobra.Command, args []string) { } } -func hasCertConfig() bool { - return tlsCertFile != "" && tlsKeyFile != "" - -} - -func hasLetsEncrypt() bool { - return letsencryptDataDir != "" && letsencryptDomains != nil && len(letsencryptDomains) > 0 -} - -func setupTLSCertManager() (*tls.Config, error) { +func setupTLSCertManager(letsencryptDataDir string, letsencryptDomains ...string) (*tls.Config, error) { certManager, err := encryption.CreateCertManager(letsencryptDataDir, letsencryptDomains...) if err != nil { return nil, fmt.Errorf("failed creating LetsEncrypt cert manager: %v", err)