extern/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2025-01-31 10:31:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add config file handling

Browse Source
This commit is contained in:
Zoltán Papp 2024-07-17 17:10:33 +02:00
parent 7162e0a2ac
commit e75fbd34a7
1 changed files with 88 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

126
relay/cmd/main.go
View File

@ -17,18 +17,40 @@ import (
"github.com/netbirdio/netbird/util" "github.com/netbirdio/netbird/util"
) )
var ( type Config struct {
listenAddress string ListenAddress string
// in HA every peer connect to a common domain, the instance domain has been distributed during the p2p connection // in HA every peer connect to a common domain, the instance domain has been distributed during the p2p connection
// it is a domain:port or ip:port // it is a domain:port or ip:port
exposedAddress string ExposedAddress string
letsencryptDataDir string LetsencryptDataDir string
letsencryptDomains []string LetsencryptDomains []string
tlsCertFile string TlsCertFile string
tlsKeyFile string TlsKeyFile string
authSecret string AuthSecret string
}
rootCmd = &cobra.Command{ func (c Config) Validate() error {
if c.ExposedAddress == "" {
return fmt.Errorf("exposed address is required")
}
if c.AuthSecret == "" {
return fmt.Errorf("auth secret is required")
}
return nil
}
func (c Config) HasCertConfig() bool {
return c.TlsCertFile != "" && c.TlsKeyFile != ""
}
func (c Config) HasLetsEncrypt() bool {
return c.LetsencryptDataDir != "" && c.LetsencryptDomains != nil && len(c.LetsencryptDomains) > 0
}
var (
cobraConfig *Config
cfgFile string
rootCmd = &cobra.Command{
Use: "relay", Use: "relay",
Short: "Relay service", Short: "Relay service",
Long: "Relay service for Netbird agents", Long: "Relay service for Netbird agents",
@ -38,13 +60,15 @@ var (
func init() { func init() {
_ = util.InitLog("trace", "console") _ = util.InitLog("trace", "console")
rootCmd.PersistentFlags().StringVarP(&listenAddress, "listen-address", "l", ":443", "listen address") cobraConfig = &Config{}
rootCmd.PersistentFlags().StringVarP(&exposedAddress, "exposed-address", "e", "", "instance domain address (or ip) and port, it will be distributes between peers") rootCmd.PersistentFlags().StringVarP(&cfgFile, "config-file", "f", "/etc/netbird/relay.json", "Relay server config file location")
rootCmd.PersistentFlags().StringVarP(&letsencryptDataDir, "letsencrypt-data-dir", "d", "", "a directory to store Let's Encrypt data. Required if Let's Encrypt is enabled.") rootCmd.PersistentFlags().StringVarP(&cobraConfig.ListenAddress, "listen-address", "l", ":443", "listen address")
rootCmd.PersistentFlags().StringArrayVarP(&letsencryptDomains, "letsencrypt-domains", "a", nil, "list of domains to issue Let's Encrypt certificate for. Enables TLS using Let's Encrypt. Will fetch and renew certificate, and run the server with TLS") rootCmd.PersistentFlags().StringVarP(&cobraConfig.ExposedAddress, "exposed-address", "e", "", "instance domain address (or ip) and port, it will be distributes between peers")
rootCmd.PersistentFlags().StringVarP(&tlsCertFile, "tls-cert-file", "c", "", "") rootCmd.PersistentFlags().StringVarP(&cobraConfig.LetsencryptDataDir, "letsencrypt-data-dir", "d", "", "a directory to store Let's Encrypt data. Required if Let's Encrypt is enabled.")
rootCmd.PersistentFlags().StringVarP(&tlsKeyFile, "tls-key-file", "k", "", "") rootCmd.PersistentFlags().StringArrayVarP(&cobraConfig.LetsencryptDomains, "letsencrypt-domains", "a", nil, "list of domains to issue Let's Encrypt certificate for. Enables TLS using Let's Encrypt. Will fetch and renew certificate, and run the server with TLS")
rootCmd.PersistentFlags().StringVarP(&authSecret, "auth-secret", "s", "", "log level") rootCmd.PersistentFlags().StringVarP(&cobraConfig.TlsCertFile, "tls-cert-file", "c", "", "")
rootCmd.PersistentFlags().StringVarP(&cobraConfig.TlsKeyFile, "tls-key-file", "k", "", "")
rootCmd.PersistentFlags().StringVarP(&cobraConfig.AuthSecret, "auth-secret", "s", "", "log level")
} }
func waitForExitSignal() { func waitForExitSignal() {
@ -53,29 +77,64 @@ func waitForExitSignal() {
<-osSigs <-osSigs
} }
func loadConfig(configFile string) (*Config, error) {
log.Infof("loading config from: %s", configFile)
loadedConfig := &Config{}
_, err := util.ReadJson(configFile, loadedConfig)
if err != nil {
return nil, err
}
if cobraConfig.ListenAddress != "" {
loadedConfig.ListenAddress = cobraConfig.ListenAddress
}
if cobraConfig.ExposedAddress != "" {
loadedConfig.ExposedAddress = cobraConfig.ExposedAddress
}
if cobraConfig.LetsencryptDataDir != "" {
loadedConfig.LetsencryptDataDir = cobraConfig.LetsencryptDataDir
}
if len(cobraConfig.LetsencryptDomains) > 0 {
loadedConfig.LetsencryptDomains = cobraConfig.LetsencryptDomains
}
if cobraConfig.TlsCertFile != "" {
loadedConfig.TlsCertFile = cobraConfig.TlsCertFile
}
if cobraConfig.TlsKeyFile != "" {
loadedConfig.TlsKeyFile = cobraConfig.TlsKeyFile
}
if cobraConfig.AuthSecret != "" {
loadedConfig.AuthSecret = cobraConfig.AuthSecret
}
return loadedConfig, err
}
func execute(cmd *cobra.Command, args []string) { func execute(cmd *cobra.Command, args []string) {
if exposedAddress == "" { cfg, err := loadConfig(cfgFile)
log.Errorf("exposed address is required") if err != nil {
log.Errorf("failed to load config: %s", err)
os.Exit(1) os.Exit(1)
} }
if authSecret == "" { err = cfg.Validate()
log.Errorf("auth secret is required") if err != nil {
log.Errorf("invalid config: %s", err)
os.Exit(1) os.Exit(1)
} }
srvListenerCfg := server.ListenerConfig{ srvListenerCfg := server.ListenerConfig{
Address: listenAddress, Address: cfg.ListenAddress,
} }
if hasLetsEncrypt() { if cfg.HasLetsEncrypt() {
tlsCfg, err := setupTLSCertManager() tlsCfg, err := setupTLSCertManager(cfg.LetsencryptDataDir, cfg.LetsencryptDomains...)
if err != nil { if err != nil {
log.Errorf("%s", err) log.Errorf("%s", err)
os.Exit(1) os.Exit(1)
} }
srvListenerCfg.TLSConfig = tlsCfg srvListenerCfg.TLSConfig = tlsCfg
} else if hasCertConfig() { } else if cfg.HasCertConfig() {
tlsCfg, err := encryption.LoadTLSConfig(tlsCertFile, tlsKeyFile) tlsCfg, err := encryption.LoadTLSConfig(cfg.TlsCertFile, cfg.TlsKeyFile)
if err != nil { if err != nil {
log.Errorf("%s", err) log.Errorf("%s", err)
os.Exit(1) os.Exit(1)
@ -85,10 +144,10 @@ func execute(cmd *cobra.Command, args []string) {
tlsSupport := srvListenerCfg.TLSConfig != nil tlsSupport := srvListenerCfg.TLSConfig != nil
authenticator := auth.NewTimedHMACValidator(authSecret, 24*time.Hour) authenticator := auth.NewTimedHMACValidator(cfg.AuthSecret, 24*time.Hour)
srv := server.NewServer(exposedAddress, tlsSupport, authenticator) srv := server.NewServer(cfg.ExposedAddress, tlsSupport, authenticator)
log.Infof("server will be available on: %s", srv.InstanceURL()) log.Infof("server will be available on: %s", srv.InstanceURL())
err := srv.Listen(srvListenerCfg) err = srv.Listen(srvListenerCfg)
if err != nil { if err != nil {
log.Errorf("failed to bind server: %s", err) log.Errorf("failed to bind server: %s", err)
os.Exit(1) os.Exit(1)
@ -103,16 +162,7 @@ func execute(cmd *cobra.Command, args []string) {
} }
} }
func hasCertConfig() bool { func setupTLSCertManager(letsencryptDataDir string, letsencryptDomains ...string) (*tls.Config, error) {
return tlsCertFile != "" && tlsKeyFile != ""
}
func hasLetsEncrypt() bool {
return letsencryptDataDir != "" && letsencryptDomains != nil && len(letsencryptDomains) > 0
}
func setupTLSCertManager() (*tls.Config, error) {
certManager, err := encryption.CreateCertManager(letsencryptDataDir, letsencryptDomains...) certManager, err := encryption.CreateCertManager(letsencryptDataDir, letsencryptDomains...)
if err != nil { if err != nil {
return nil, fmt.Errorf("failed creating LetsEncrypt cert manager: %v", err) return nil, fmt.Errorf("failed creating LetsEncrypt cert manager: %v", err)