diff --git a/compose/docker-compose.localserver.yml b/compose/docker-compose.localserver.yml index e7f615b8..b0b3d66e 100644 --- a/compose/docker-compose.localserver.yml +++ b/compose/docker-compose.localserver.yml @@ -21,6 +21,6 @@ services: ports: - "80:80" environment: - BACKEND_URL: "http://HOST_IP:8081" + BACKEND_URL: "http://localhost:8081" volumes: mongovol: {} diff --git a/controllers/networkHttpController.go b/controllers/networkHttpController.go index 3516806d..e9e4b9c6 100644 --- a/controllers/networkHttpController.go +++ b/controllers/networkHttpController.go @@ -9,7 +9,6 @@ import ( "net/http" "strings" "time" - "github.com/jinzhu/copier" "github.com/go-playground/validator/v10" "github.com/gorilla/mux" "github.com/gravitl/netmaker/functions" @@ -679,15 +678,27 @@ func CreateAccessKey(accesskey models.AccessKey, network models.Network) (models netID := network.NetID var accessToken models.AccessToken - var tokensrvcfg models.ServerConfig - var tokenwgcfg models.WG - srvcfg := servercfg.GetServerConfig() - wgcfg := servercfg.GetWGConfig() - copier.Copy(tokensrvcfg, srvcfg) - copier.Copy(tokenwgcfg, wgcfg) + s := servercfg.GetServerConfig() + w := servercfg.GetWGConfig() + servervals := models.ServerConfig{ + APIConnString: s.APIConnString, + APIHost: s.APIHost, + APIPort: s.APIPort, + GRPCConnString: s.GRPCConnString, + GRPCHost: s.GRPCHost, + GRPCPort: s.GRPCPort, + GRPCSSL: s.GRPCSSL, + } + wgvals := models.WG{ + GRPCWireGuard: w.GRPCWireGuard, + GRPCWGAddress: w.GRPCWGAddress, + GRPCWGPort: w.GRPCWGPort, + GRPCWGPubKey: w.GRPCWGPubKey, + GRPCWGEndpoint: s.APIHost, + } - accessToken.ServerConfig = tokensrvcfg - accessToken.WG = tokenwgcfg + accessToken.ServerConfig = servervals + accessToken.WG = wgvals accessToken.ClientConfig.Network = netID accessToken.ClientConfig.Key = accesskey.Value accessToken.ClientConfig.LocalRange = privAddr @@ -733,15 +744,27 @@ func GetSignupToken(netID string) (models.AccessKey, error) { var accesskey models.AccessKey var accessToken models.AccessToken - var tokensrvcfg models.ServerConfig - var tokenwgcfg models.WG - srvcfg := servercfg.GetServerConfig() - wgcfg := servercfg.GetWGConfig() - copier.Copy(tokensrvcfg, srvcfg) - copier.Copy(tokenwgcfg, wgcfg) + s := servercfg.GetServerConfig() + w := servercfg.GetWGConfig() + servervals := models.ServerConfig{ + APIConnString: s.APIConnString, + APIHost: s.APIHost, + APIPort: s.APIPort, + GRPCConnString: s.GRPCConnString, + GRPCHost: s.GRPCHost, + GRPCPort: s.GRPCPort, + GRPCSSL: s.GRPCSSL, + } + wgvals := models.WG{ + GRPCWireGuard: w.GRPCWireGuard, + GRPCWGAddress: w.GRPCWGAddress, + GRPCWGPort: w.GRPCWGPort, + GRPCWGPubKey: w.GRPCWGPubKey, + GRPCWGEndpoint: s.APIHost, + } - accessToken.ServerConfig = tokensrvcfg - accessToken.WG = tokenwgcfg + accessToken.ServerConfig = servervals + accessToken.WG = wgvals tokenjson, err := json.Marshal(accessToken) if err != nil { diff --git a/models/accessToken.go b/models/accessToken.go index 04ca5baf..a09de8f5 100644 --- a/models/accessToken.go +++ b/models/accessToken.go @@ -24,8 +24,8 @@ type ServerConfig struct { type WG struct { GRPCWireGuard string `json:"grpcwg"` - GRPCWGAddress string `json:"grpcaddr"` - GRPCWGPort string `json:"grpcport"` - GRPCWGPubKey string `json:"pubkey"` - GRPCWGEndpoint string `json:"endpoint"` + GRPCWGAddress string `json:"grpcwgaddr"` + GRPCWGPort string `json:"grpcwgport"` + GRPCWGPubKey string `json:"grpcwgpubkey"` + GRPCWGEndpoint string `json:"grpcwgendpoint"` } diff --git a/netclient/config/.config.go.swp b/netclient/config/.config.go.swp new file mode 100644 index 00000000..012bdf96 Binary files /dev/null and b/netclient/config/.config.go.swp differ diff --git a/netclient/config/config.go b/netclient/config/config.go index 386565ca..38f87e1d 100644 --- a/netclient/config/config.go +++ b/netclient/config/config.go @@ -14,6 +14,7 @@ import ( "github.com/gravitl/netmaker/models" ) type GlobalConfig struct { + GRPCWireGuard string `yaml:"grpcwg"` Client models.IntClient } @@ -478,6 +479,7 @@ func GetCLIConfigRegister(c *cli.Context) (GlobalConfig, error){ log.Println("error converting token json to object", tokenbytes ) return cfg, err } + cfg.GRPCWireGuard = accesstoken.WG.GRPCWireGuard cfg.Client.ServerPrivateAddress = accesstoken.WG.GRPCWGAddress cfg.Client.ServerGRPCPort = accesstoken.WG.GRPCWGPort if err != nil { diff --git a/netclient/functions/checkin.go b/netclient/functions/checkin.go index 73c78b30..b9f62fa4 100644 --- a/netclient/functions/checkin.go +++ b/netclient/functions/checkin.go @@ -1,6 +1,8 @@ package functions import ( + "google.golang.org/grpc/credentials" + "crypto/tls" "fmt" "context" "strings" @@ -120,10 +122,13 @@ func CheckIn(network string) error { nodecfg = cfg.Node } - var wcclient nodepb.NodeServiceClient var requestOpts grpc.DialOption requestOpts = grpc.WithInsecure() + if cfg.Server.GRPCSSL == "on" { + h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}}) + requestOpts = grpc.WithTransportCredentials(h2creds) + } conn, err := grpc.Dial(servercfg.GRPCAddress, requestOpts) if err != nil { fmt.Printf("Cant dial GRPC server: %v", err) @@ -296,6 +301,10 @@ func Pull (network string) error{ var wcclient nodepb.NodeServiceClient var requestOpts grpc.DialOption requestOpts = grpc.WithInsecure() + if cfg.Server.GRPCSSL == "on" { + h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}}) + requestOpts = grpc.WithTransportCredentials(h2creds) + } conn, err := grpc.Dial(servercfg.GRPCAddress, requestOpts) if err != nil { fmt.Printf("Cant dial GRPC server: %v", err) @@ -342,6 +351,10 @@ func Push (network string) error{ var wcclient nodepb.NodeServiceClient var requestOpts grpc.DialOption requestOpts = grpc.WithInsecure() + if cfg.Server.GRPCSSL == "on" { + h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}}) + requestOpts = grpc.WithTransportCredentials(h2creds) + } conn, err := grpc.Dial(servercfg.GRPCAddress, requestOpts) if err != nil { fmt.Printf("Cant dial GRPC server: %v", err) diff --git a/netclient/functions/common.go b/netclient/functions/common.go index b82082ac..82c69782 100644 --- a/netclient/functions/common.go +++ b/netclient/functions/common.go @@ -1,6 +1,8 @@ package functions import ( + "google.golang.org/grpc/credentials" + "crypto/tls" "fmt" "encoding/json" "errors" @@ -287,6 +289,10 @@ func LeaveNetwork(network string) error { var wcclient nodepb.NodeServiceClient var requestOpts grpc.DialOption requestOpts = grpc.WithInsecure() + if cfg.Server.GRPCSSL == "on" { + h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}}) + requestOpts = grpc.WithTransportCredentials(h2creds) + } conn, err := grpc.Dial(servercfg.GRPCAddress, requestOpts) if err != nil { log.Printf("Unable to establish client connection to " + servercfg.GRPCAddress + ": %v", err) diff --git a/netclient/functions/join.go b/netclient/functions/join.go index 298e2371..58fd826e 100644 --- a/netclient/functions/join.go +++ b/netclient/functions/join.go @@ -28,7 +28,7 @@ func JoinNetwork(cfg config.ClientConfig) error { err := errors.New("ALREADY_INSTALLED. Netclient appears to already be installed for " + cfg.Network + ". To re-install, please remove by executing 'sudo netclient leave -n " + cfg.Network + "'. Then re-run the install command.") return err } - log.Println("attempting to joining " + cfg.Network + " at " + cfg.Server.GRPCAddress) + log.Println("attempting to join " + cfg.Network + " at " + cfg.Server.GRPCAddress) err := config.Write(&cfg, cfg.Network) if err != nil { return err @@ -141,17 +141,16 @@ func JoinNetwork(cfg config.ClientConfig) error { } var wcclient nodepb.NodeServiceClient var requestOpts grpc.DialOption - log.Println("cant believe we made it") - //requestOpts = grpc.WithInsecure() - h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}}) - requestOpts = grpc.WithTransportCredentials(h2creds) - + requestOpts = grpc.WithInsecure() + if cfg.Server.GRPCSSL == "on" { + h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}}) + requestOpts = grpc.WithTransportCredentials(h2creds) + } conn, err := grpc.Dial(cfg.Server.GRPCAddress, requestOpts) if err != nil { - log.Fatalf("Unable to establish client connection to localhost:50051: %v", err) + log.Fatalf("Unable to establish client connection to " + cfg.Server.GRPCAddress + ": %v", err) } - log.Println("cant believe we made it 2") wcclient = nodepb.NewNodeServiceClient(conn) @@ -174,7 +173,6 @@ func JoinNetwork(cfg config.ClientConfig) error { if err != nil { return err } - log.Println("cant believe we made it 3") res, err := wcclient.CreateNode( context.TODO(), @@ -182,8 +180,6 @@ func JoinNetwork(cfg config.ClientConfig) error { Node: postnode, }, ) - log.Println(res) - log.Println("cant believe we made it 3.5") if err != nil { return err } @@ -192,7 +188,6 @@ func JoinNetwork(cfg config.ClientConfig) error { return err } - log.Println("cant believe we made it 3.75") if node.Dnsoff==true { cfg.Node.DNS = "yes" } @@ -203,8 +198,6 @@ func JoinNetwork(cfg config.ClientConfig) error { } node.Endpoint = node.Localaddress } - log.Println("cant believe we made it 4") - err = config.ModConfig(node) if err != nil { return err diff --git a/netclient/main.go b/netclient/main.go index e895ead5..6abf9e64 100644 --- a/netclient/main.go +++ b/netclient/main.go @@ -200,7 +200,11 @@ func main() { Flags: cliFlags, Action: func(c *cli.Context) error { cfg, err := config.GetCLIConfigRegister(c) - if err != nil { + if err != nil { + return err + } + if cfg.GRPCWireGuard == "off" { + log.Println("Server is not using WireGuard to secure GRPC. Skipping.") return err } if cfg.Client.ServerPrivateAddress == "" { diff --git a/netclient/server/grpc.go b/netclient/server/grpc.go index de02781d..05fec703 100644 --- a/netclient/server/grpc.go +++ b/netclient/server/grpc.go @@ -1,6 +1,8 @@ package server import ( + "google.golang.org/grpc/credentials" + "crypto/tls" "fmt" "context" "log" @@ -73,10 +75,13 @@ func RemoveNetwork(network string) error { node := cfg.Node fmt.Println("Deleting remote node with MAC: " + node.MacAddress) - var wcclient nodepb.NodeServiceClient var requestOpts grpc.DialOption requestOpts = grpc.WithInsecure() + if cfg.Server.GRPCSSL == "on" { + h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}}) + requestOpts = grpc.WithTransportCredentials(h2creds) + } conn, err := grpc.Dial(servercfg.GRPCAddress, requestOpts) if err != nil { log.Printf("Unable to establish client connection to " + servercfg.GRPCAddress + ": %v", err) diff --git a/netclient/wireguard/kernel.go b/netclient/wireguard/kernel.go index a0a54da7..fdff8e99 100644 --- a/netclient/wireguard/kernel.go +++ b/netclient/wireguard/kernel.go @@ -2,6 +2,8 @@ package wireguard import ( //"github.com/davecgh/go-spew/spew" + "google.golang.org/grpc/credentials" + "crypto/tls" "fmt" "strconv" "errors" @@ -328,10 +330,20 @@ func SetWGKeyConfig(network string, serveraddr string) error { ctx := context.Background() var header metadata.MD + cfg, err := config.ReadConfig(network) + if err != nil { + return err + } + var wcclient nodepb.NodeServiceClient var requestOpts grpc.DialOption requestOpts = grpc.WithInsecure() - conn, err := grpc.Dial(serveraddr, requestOpts) + if cfg.Server.GRPCSSL == "on" { + h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}}) + requestOpts = grpc.WithTransportCredentials(h2creds) + } + + conn, err := grpc.Dial(serveraddr, requestOpts) if err != nil { fmt.Printf("Cant dial GRPC server: %v", err) return err