From d4a9f4d38a4619bae0764eb10eb98381088e5485 Mon Sep 17 00:00:00 2001 From: braginini Date: Sat, 17 Jul 2021 14:51:16 +0200 Subject: [PATCH 1/5] feature: add letsencrypt support to the management service --- cmd/management.go | 95 +++++++++++++++++++++++++++-------- go.mod | 1 + go.sum | 15 ++++++ management/management_test.go | 6 +-- 4 files changed, 94 insertions(+), 23 deletions(-) diff --git a/cmd/management.go b/cmd/management.go index a4b46924c..14841bd17 100644 --- a/cmd/management.go +++ b/cmd/management.go @@ -1,19 +1,40 @@ package cmd import ( + "crypto/tls" "flag" "fmt" log "github.com/sirupsen/logrus" "github.com/spf13/cobra" mgmt "github.com/wiretrustee/wiretrustee/management" mgmtProto "github.com/wiretrustee/wiretrustee/management/proto" + "golang.org/x/crypto/acme/autocert" "google.golang.org/grpc" + "google.golang.org/grpc/credentials" + "google.golang.org/grpc/keepalive" "net" + "net/http" + "os" + "path/filepath" + "time" ) var ( - mgmtPort int - mgmtDataDir string + mgmtPort int + mgmtDataDir string + mgmtLetsencryptDomain string + + kaep = keepalive.EnforcementPolicy{ + MinTime: 5 * time.Second, + PermitWithoutStream: true, + } + + kasp = keepalive.ServerParameters{ + MaxConnectionIdle: 15 * time.Second, + MaxConnectionAgeGrace: 5 * time.Second, + Time: 5 * time.Second, + Timeout: 2 * time.Second, + } mgmtCmd = &cobra.Command{ Use: "management", @@ -21,29 +42,60 @@ var ( Run: func(cmd *cobra.Command, args []string) { flag.Parse() + if _, err := os.Stat(mgmtDataDir); os.IsNotExist(err) { + err = os.MkdirAll(mgmtDataDir, os.ModeDir) + log.Fatalf("failed creating datadir: %s: %v", mgmtDataDir, err) + } + + var opts []grpc.ServerOption + + if mgmtLetsencryptDomain != "" { + + certDir := filepath.Join(mgmtDataDir, "letsencrypt") + + if _, err := os.Stat(certDir); os.IsNotExist(err) { + err = os.MkdirAll(certDir, os.ModeDir) + log.Fatalf("failed creating Let's encrypt certdir: %s: %v", certDir, err) + } + + log.Infof("running with Let's encrypt with domain %s. Cert will be stored in %s", mgmtLetsencryptDomain, certDir) + + certManager := autocert.Manager{ + Prompt: autocert.AcceptTOS, + Cache: autocert.DirCache(certDir), + HostPolicy: autocert.HostWhitelist(mgmtLetsencryptDomain), + } + tls := &tls.Config{GetCertificate: certManager.GetCertificate} + + credentials := credentials.NewTLS(tls) + opts = append(opts, grpc.Creds(credentials)) + + // listener to handle Let's encrypt certificate challenge + go func() { + if err := http.Serve(certManager.Listener(), certManager.HTTPHandler(nil)); err != nil { + log.Fatalf("failed to serve letsencrypt handler: %v", err) + } + }() + } + + opts = append(opts, grpc.KeepaliveEnforcementPolicy(kaep), grpc.KeepaliveParams(kasp)) + grpcServer := grpc.NewServer(opts...) + + server, err := mgmt.NewServer(mgmtDataDir) + if err != nil { + log.Fatalf("failed creating new server: %v", err) + } + mgmtProto.RegisterManagementServiceServer(grpcServer, server) + log.Printf("started server: localhost:%v", mgmtPort) + lis, err := net.Listen("tcp", fmt.Sprintf(":%d", mgmtPort)) if err != nil { log.Fatalf("failed to listen: %v", err) } - if err != nil { - log.Fatalf("failed to listen: %v", err) - } - - var opts []grpc.ServerOption - grpcServer := grpc.NewServer(opts...) - defer grpcServer.Stop() - - server, err := mgmt.NewServer(mgmtDataDir) - if err != nil { - log.Fatalf("failed creating new server: %v", err) - panic(err) - } - mgmtProto.RegisterManagementServiceServer(grpcServer, server) - log.Printf("started server: localhost:%v", mgmtPort) go func() { if err = grpcServer.Serve(lis); err != nil { - log.Fatalf("failed to serve: %v", err) + log.Fatalf("failed to serve gRpc server: %v", err) } }() @@ -55,7 +107,10 @@ var ( ) func init() { - mgmtCmd.PersistentFlags().IntVar(&mgmtPort, "port", 33073, "Server port to listen on (e.g. 33073)") - mgmtCmd.PersistentFlags().StringVar(&mgmtDataDir, "datadir", "/data", "Server data directory location (e.g. /data") + mgmtCmd.Flags().IntVar(&mgmtPort, "port", 33073, "server port to listen on") + mgmtCmd.Flags().StringVar(&mgmtDataDir, "datadir", "/data", "server data directory location") + mgmtCmd.Flags().StringVar(&mgmtLetsencryptDomain, "letsencrypt-domain", "", "a domain to issue Let's Encrypt certificate for. Enables TLS using Let's Encrypt. Will fetch and renew certificate, and run the server with TLS") + mgmtCmd.MarkFlagRequired("port") + mgmtCmd.MarkFlagRequired("datadir") } diff --git a/go.mod b/go.mod index d1e55eb70..b43738991 100644 --- a/go.mod +++ b/go.mod @@ -11,6 +11,7 @@ require ( github.com/pion/ice/v2 v2.1.7 github.com/sirupsen/logrus v1.7.0 github.com/spf13/cobra v1.1.3 + github.com/spf13/viper v1.7.0 github.com/vishvananda/netlink v1.1.0 golang.org/x/crypto v0.0.0-20210506145944-38f3c27a63bf golang.org/x/sys v0.0.0-20210510120138-977fb7262007 diff --git a/go.sum b/go.sum index d5535ffb1..1cf8c35ba 100644 --- a/go.sum +++ b/go.sum @@ -11,6 +11,7 @@ cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqCl cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= +github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= @@ -92,6 +93,7 @@ github.com/google/uuid v1.2.0 h1:qJYtXnJRWmpe7m/3XlyhrsLrEURqHRM2kxzoxXqyUDs= github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= +github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= @@ -112,6 +114,7 @@ github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/b github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= @@ -133,6 +136,7 @@ github.com/jsimonetti/rtnetlink v0.0.0-20210212075122-66c871082f2b h1:c3NTyLNozI github.com/jsimonetti/rtnetlink v0.0.0-20210212075122-66c871082f2b/go.mod h1:8w9Rh8m+aHZIG69YPGGem1i5VzoyRC8nw2kA8B+ik5U= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= +github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/kardianos/service v1.2.0 h1:bGuZ/epo3vrt8IPC7mnKQolqFeYJb7Cs8Rk4PSOBB/g= @@ -148,6 +152,7 @@ github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/lxn/walk v0.0.0-20210112085537-c389da54e794/go.mod h1:E23UucZGqpuUANJooIbHWCufXvOcT6E7Stq81gU+CSQ= github.com/lxn/win v0.0.0-20210218163916-a377121e959e/go.mod h1:KxxjdtRkfNoYDCUP5ryK7XJJNTnpC8atvtmTheChOtk= +github.com/magiconair/properties v1.8.1 h1:ZC2Vc7/ZFkGmsVC9KvOjumD+G5lXy2RtTKyzRKO2BQ4= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= @@ -176,6 +181,7 @@ github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eI github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= +github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= @@ -194,6 +200,7 @@ github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1y github.com/onsi/gomega v1.13.0 h1:7lLHu94wT9Ij0o6EWWclhu0aOh32VxhkwEJvzuWPeak= github.com/onsi/gomega v1.13.0/go.mod h1:lRk9szgn8TxENtWd0Tp4c3wjlRfMTMH27I+3Je41yGY= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= +github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/pion/dtls/v2 v2.0.9 h1:7Ow+V++YSZQMYzggI0P9vLJz/hUFcffsfGMfT/Qy+u8= github.com/pion/dtls/v2 v2.0.9/go.mod h1:O0Wr7si/Zj5/EBFlDzDd6UtVxx25CE1r7XM7BQKYQho= @@ -239,18 +246,24 @@ github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeV github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.7.0 h1:ShrD1U9pZB12TX0cVy0DtePoCH97K8EtX+mg7ZARUtM= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= +github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= +github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= +github.com/spf13/afero v1.1.2 h1:m8/z1t7/fwjysjQRYbP0RD+bUIF/8tJwPdEZsI83ACI= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= +github.com/spf13/cast v1.3.0 h1:oget//CVOEoFewqQxwr0Ej5yjygnqGkvggSE/gB35Q8= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cobra v1.1.3 h1:xghbfqPkxzxP3C/f3n5DdpAbdKLj4ZE4BWQI362l53M= github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= +github.com/spf13/jwalterweatherman v1.0.0 h1:XHEdyB+EcvlqZamSM4ZOMGlc93t6AcsBEu9Gc1vn7yk= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/spf13/viper v1.7.0 h1:xVKxvI7ouOI5I+U9s2eeiUfMaWBVoXA3AWskkrqK0VM= github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -260,6 +273,7 @@ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJH8j0= @@ -476,6 +490,7 @@ gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogR gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= +gopkg.in/ini.v1 v1.51.0 h1:AQvPpx3LzTDM0AjnIRlVFwFFGC+npRopjZxLJj6gdno= gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= diff --git a/management/management_test.go b/management/management_test.go index 6227d3132..f0582fc56 100644 --- a/management/management_test.go +++ b/management/management_test.go @@ -38,7 +38,6 @@ var _ = Describe("Client", func() { var listener net.Listener server, listener = startServer(dataDir) addr = listener.Addr().String() - }) AfterEach(func() { @@ -129,11 +128,12 @@ var _ = Describe("Client", func() { }) func createRawClient(addr string) mgmtProto.ManagementServiceClient { - ctx := context.Background() + ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + defer cancel() conn, err := grpc.DialContext(ctx, addr, grpc.WithInsecure(), grpc.WithBlock(), grpc.WithKeepaliveParams(keepalive.ClientParameters{ - Time: 3 * time.Second, + Time: 10 * time.Second, Timeout: 2 * time.Second, })) if err != nil { From 84f4d51c6c836ff93480dfef416e65709e8e5845 Mon Sep 17 00:00:00 2001 From: braginini Date: Sat, 17 Jul 2021 15:46:25 +0200 Subject: [PATCH 2/5] fix: lint warnings --- cmd/management.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/management.go b/cmd/management.go index 14841bd17..04d7b4a88 100644 --- a/cmd/management.go +++ b/cmd/management.go @@ -111,6 +111,6 @@ func init() { mgmtCmd.Flags().StringVar(&mgmtDataDir, "datadir", "/data", "server data directory location") mgmtCmd.Flags().StringVar(&mgmtLetsencryptDomain, "letsencrypt-domain", "", "a domain to issue Let's Encrypt certificate for. Enables TLS using Let's Encrypt. Will fetch and renew certificate, and run the server with TLS") - mgmtCmd.MarkFlagRequired("port") - mgmtCmd.MarkFlagRequired("datadir") + _ = mgmtCmd.MarkFlagRequired("port") + _ = mgmtCmd.MarkFlagRequired("datadir") } From 07118d972de76882a822dc45bb791213becb6437 Mon Sep 17 00:00:00 2001 From: braginini Date: Sat, 17 Jul 2021 15:47:16 +0200 Subject: [PATCH 3/5] chore: change default datadir --- cmd/management.go | 2 +- management/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/management.go b/cmd/management.go index 04d7b4a88..c69ce9d83 100644 --- a/cmd/management.go +++ b/cmd/management.go @@ -108,7 +108,7 @@ var ( func init() { mgmtCmd.Flags().IntVar(&mgmtPort, "port", 33073, "server port to listen on") - mgmtCmd.Flags().StringVar(&mgmtDataDir, "datadir", "/data", "server data directory location") + mgmtCmd.Flags().StringVar(&mgmtDataDir, "datadir", "/var/lib/wiretrustee/", "server data directory location") mgmtCmd.Flags().StringVar(&mgmtLetsencryptDomain, "letsencrypt-domain", "", "a domain to issue Let's Encrypt certificate for. Enables TLS using Let's Encrypt. Will fetch and renew certificate, and run the server with TLS") _ = mgmtCmd.MarkFlagRequired("port") diff --git a/management/Dockerfile b/management/Dockerfile index aa36b6dac..ecb55d7a9 100644 --- a/management/Dockerfile +++ b/management/Dockerfile @@ -1,4 +1,4 @@ FROM gcr.io/distroless/base:debug ENTRYPOINT [ "/go/bin/wiretrustee","management"] -CMD ["--log-level","DEBUG", "--datadir", "/data"] +CMD ["--log-level","DEBUG", "--datadir", "/var/lib/wiretrustee/"] COPY wiretrustee /go/bin/wiretrustee \ No newline at end of file From 2d85fcfcc30d61ba1d2cbfb7a0102ea88702bf3a Mon Sep 17 00:00:00 2001 From: braginini Date: Sat, 17 Jul 2021 17:26:51 +0200 Subject: [PATCH 4/5] refactor: set default flags in code not Dockerfile --- cmd/management.go | 12 ++++++++---- management/Dockerfile | 1 - 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/cmd/management.go b/cmd/management.go index c69ce9d83..3360c809a 100644 --- a/cmd/management.go +++ b/cmd/management.go @@ -44,7 +44,9 @@ var ( if _, err := os.Stat(mgmtDataDir); os.IsNotExist(err) { err = os.MkdirAll(mgmtDataDir, os.ModeDir) - log.Fatalf("failed creating datadir: %s: %v", mgmtDataDir, err) + if err != nil { + log.Fatalf("failed creating datadir: %s: %v", mgmtDataDir, err) + } } var opts []grpc.ServerOption @@ -55,7 +57,9 @@ var ( if _, err := os.Stat(certDir); os.IsNotExist(err) { err = os.MkdirAll(certDir, os.ModeDir) - log.Fatalf("failed creating Let's encrypt certdir: %s: %v", certDir, err) + if err != nil { + log.Fatalf("failed creating Let's encrypt certdir: %s: %v", certDir, err) + } } log.Infof("running with Let's encrypt with domain %s. Cert will be stored in %s", mgmtLetsencryptDomain, certDir) @@ -111,6 +115,6 @@ func init() { mgmtCmd.Flags().StringVar(&mgmtDataDir, "datadir", "/var/lib/wiretrustee/", "server data directory location") mgmtCmd.Flags().StringVar(&mgmtLetsencryptDomain, "letsencrypt-domain", "", "a domain to issue Let's Encrypt certificate for. Enables TLS using Let's Encrypt. Will fetch and renew certificate, and run the server with TLS") - _ = mgmtCmd.MarkFlagRequired("port") - _ = mgmtCmd.MarkFlagRequired("datadir") + //_ = mgmtCmd.MarkFlagRequired("port") + //_ = mgmtCmd.MarkFlagRequired("datadir") } diff --git a/management/Dockerfile b/management/Dockerfile index ecb55d7a9..1c599dbfa 100644 --- a/management/Dockerfile +++ b/management/Dockerfile @@ -1,4 +1,3 @@ FROM gcr.io/distroless/base:debug ENTRYPOINT [ "/go/bin/wiretrustee","management"] -CMD ["--log-level","DEBUG", "--datadir", "/var/lib/wiretrustee/"] COPY wiretrustee /go/bin/wiretrustee \ No newline at end of file From ea524e2a53ad1e74a8ad2e27f432c62457853752 Mon Sep 17 00:00:00 2001 From: braginini Date: Sat, 17 Jul 2021 17:42:00 +0200 Subject: [PATCH 5/5] chore: remove unused code --- cmd/management.go | 3 --- 1 file changed, 3 deletions(-) diff --git a/cmd/management.go b/cmd/management.go index 3360c809a..a19863353 100644 --- a/cmd/management.go +++ b/cmd/management.go @@ -114,7 +114,4 @@ func init() { mgmtCmd.Flags().IntVar(&mgmtPort, "port", 33073, "server port to listen on") mgmtCmd.Flags().StringVar(&mgmtDataDir, "datadir", "/var/lib/wiretrustee/", "server data directory location") mgmtCmd.Flags().StringVar(&mgmtLetsencryptDomain, "letsencrypt-domain", "", "a domain to issue Let's Encrypt certificate for. Enables TLS using Let's Encrypt. Will fetch and renew certificate, and run the server with TLS") - - //_ = mgmtCmd.MarkFlagRequired("port") - //_ = mgmtCmd.MarkFlagRequired("datadir") }