zishuo/netmaker
1
0
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-10-06 01:07:41 +08:00
Code Issues Packages Projects Releases Wiki Activity

token configs and secure grpc working

Browse Source
This commit is contained in:
afeiszli
2021-07-11 10:18:31 -04:00
parent 977da6b129
commit 9860082b7c
11 changed files with 98 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
compose/docker-compose.localserver.yml
View File

@@ -21,6 +21,6 @@ services:
ports: ports:
- "80:80" - "80:80"
environment: environment:
BACKEND_URL: "http://HOST_IP:8081" BACKEND_URL: "http://localhost:8081"
volumes: volumes:
mongovol: {} mongovol: {}

57
controllers/networkHttpController.go
View File

@@ -9,7 +9,6 @@ import (
"net/http" "net/http"
"strings" "strings"
"time" "time"
"github.com/jinzhu/copier"
"github.com/go-playground/validator/v10" "github.com/go-playground/validator/v10"
"github.com/gorilla/mux" "github.com/gorilla/mux"
"github.com/gravitl/netmaker/functions" "github.com/gravitl/netmaker/functions"
@@ -679,15 +678,27 @@ func CreateAccessKey(accesskey models.AccessKey, network models.Network) (models
netID := network.NetID netID := network.NetID
var accessToken models.AccessToken var accessToken models.AccessToken
var tokensrvcfg models.ServerConfig s := servercfg.GetServerConfig()
var tokenwgcfg models.WG w := servercfg.GetWGConfig()
srvcfg := servercfg.GetServerConfig() servervals := models.ServerConfig{
wgcfg := servercfg.GetWGConfig() APIConnString: s.APIConnString,
copier.Copy(tokensrvcfg, srvcfg) APIHost: s.APIHost,
copier.Copy(tokenwgcfg, wgcfg) APIPort: s.APIPort,
GRPCConnString: s.GRPCConnString,
GRPCHost: s.GRPCHost,
GRPCPort: s.GRPCPort,
GRPCSSL: s.GRPCSSL,
}
wgvals := models.WG{
GRPCWireGuard: w.GRPCWireGuard,
GRPCWGAddress: w.GRPCWGAddress,
GRPCWGPort: w.GRPCWGPort,
GRPCWGPubKey: w.GRPCWGPubKey,
GRPCWGEndpoint: s.APIHost,
}
accessToken.ServerConfig = tokensrvcfg accessToken.ServerConfig = servervals
accessToken.WG = tokenwgcfg accessToken.WG = wgvals
accessToken.ClientConfig.Network = netID accessToken.ClientConfig.Network = netID
accessToken.ClientConfig.Key = accesskey.Value accessToken.ClientConfig.Key = accesskey.Value
accessToken.ClientConfig.LocalRange = privAddr accessToken.ClientConfig.LocalRange = privAddr
@@ -733,15 +744,27 @@ func GetSignupToken(netID string) (models.AccessKey, error) {
var accesskey models.AccessKey var accesskey models.AccessKey
var accessToken models.AccessToken var accessToken models.AccessToken
var tokensrvcfg models.ServerConfig s := servercfg.GetServerConfig()
var tokenwgcfg models.WG w := servercfg.GetWGConfig()
srvcfg := servercfg.GetServerConfig() servervals := models.ServerConfig{
wgcfg := servercfg.GetWGConfig() APIConnString: s.APIConnString,
copier.Copy(tokensrvcfg, srvcfg) APIHost: s.APIHost,
copier.Copy(tokenwgcfg, wgcfg) APIPort: s.APIPort,
GRPCConnString: s.GRPCConnString,
GRPCHost: s.GRPCHost,
GRPCPort: s.GRPCPort,
GRPCSSL: s.GRPCSSL,
}
wgvals := models.WG{
GRPCWireGuard: w.GRPCWireGuard,
GRPCWGAddress: w.GRPCWGAddress,
GRPCWGPort: w.GRPCWGPort,
GRPCWGPubKey: w.GRPCWGPubKey,
GRPCWGEndpoint: s.APIHost,
}
accessToken.ServerConfig = tokensrvcfg accessToken.ServerConfig = servervals
accessToken.WG = tokenwgcfg accessToken.WG = wgvals
tokenjson, err := json.Marshal(accessToken) tokenjson, err := json.Marshal(accessToken)
if err != nil { if err != nil {

8
models/accessToken.go
View File

@@ -24,8 +24,8 @@ type ServerConfig struct {
type WG struct { type WG struct {
GRPCWireGuard string `json:"grpcwg"` GRPCWireGuard string `json:"grpcwg"`
GRPCWGAddress string `json:"grpcaddr"` GRPCWGAddress string `json:"grpcwgaddr"`
GRPCWGPort string `json:"grpcport"` GRPCWGPort string `json:"grpcwgport"`
GRPCWGPubKey string `json:"pubkey"` GRPCWGPubKey string `json:"grpcwgpubkey"`
GRPCWGEndpoint string `json:"endpoint"` GRPCWGEndpoint string `json:"grpcwgendpoint"`
} }

BIN
netclient/config/.config.go.swp Normal file
View File

Binary file not shown.

2
netclient/config/config.go
View File

@@ -14,6 +14,7 @@ import (
"github.com/gravitl/netmaker/models" "github.com/gravitl/netmaker/models"
) )
type GlobalConfig struct { type GlobalConfig struct {
GRPCWireGuard string `yaml:"grpcwg"`
Client models.IntClient Client models.IntClient
} }
@@ -478,6 +479,7 @@ func GetCLIConfigRegister(c *cli.Context) (GlobalConfig, error){
log.Println("error converting token json to object", tokenbytes ) log.Println("error converting token json to object", tokenbytes )
return cfg, err return cfg, err
} }
cfg.GRPCWireGuard = accesstoken.WG.GRPCWireGuard
cfg.Client.ServerPrivateAddress = accesstoken.WG.GRPCWGAddress cfg.Client.ServerPrivateAddress = accesstoken.WG.GRPCWGAddress
cfg.Client.ServerGRPCPort = accesstoken.WG.GRPCWGPort cfg.Client.ServerGRPCPort = accesstoken.WG.GRPCWGPort
if err != nil { if err != nil {

15
netclient/functions/checkin.go
View File

@@ -1,6 +1,8 @@
package functions package functions
import ( import (
"google.golang.org/grpc/credentials"
"crypto/tls"
"fmt" "fmt"
"context" "context"
"strings" "strings"
@@ -120,10 +122,13 @@ func CheckIn(network string) error {
nodecfg = cfg.Node nodecfg = cfg.Node
} }
var wcclient nodepb.NodeServiceClient var wcclient nodepb.NodeServiceClient
var requestOpts grpc.DialOption var requestOpts grpc.DialOption
requestOpts = grpc.WithInsecure() requestOpts = grpc.WithInsecure()
if cfg.Server.GRPCSSL == "on" {
h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}})
requestOpts = grpc.WithTransportCredentials(h2creds)
}
conn, err := grpc.Dial(servercfg.GRPCAddress, requestOpts) conn, err := grpc.Dial(servercfg.GRPCAddress, requestOpts)
if err != nil { if err != nil {
fmt.Printf("Cant dial GRPC server: %v", err) fmt.Printf("Cant dial GRPC server: %v", err)
@@ -296,6 +301,10 @@ func Pull (network string) error{
var wcclient nodepb.NodeServiceClient var wcclient nodepb.NodeServiceClient
var requestOpts grpc.DialOption var requestOpts grpc.DialOption
requestOpts = grpc.WithInsecure() requestOpts = grpc.WithInsecure()
if cfg.Server.GRPCSSL == "on" {
h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}})
requestOpts = grpc.WithTransportCredentials(h2creds)
}
conn, err := grpc.Dial(servercfg.GRPCAddress, requestOpts) conn, err := grpc.Dial(servercfg.GRPCAddress, requestOpts)
if err != nil { if err != nil {
fmt.Printf("Cant dial GRPC server: %v", err) fmt.Printf("Cant dial GRPC server: %v", err)
@@ -342,6 +351,10 @@ func Push (network string) error{
var wcclient nodepb.NodeServiceClient var wcclient nodepb.NodeServiceClient
var requestOpts grpc.DialOption var requestOpts grpc.DialOption
requestOpts = grpc.WithInsecure() requestOpts = grpc.WithInsecure()
if cfg.Server.GRPCSSL == "on" {
h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}})
requestOpts = grpc.WithTransportCredentials(h2creds)
}
conn, err := grpc.Dial(servercfg.GRPCAddress, requestOpts) conn, err := grpc.Dial(servercfg.GRPCAddress, requestOpts)
if err != nil { if err != nil {
fmt.Printf("Cant dial GRPC server: %v", err) fmt.Printf("Cant dial GRPC server: %v", err)

6
netclient/functions/common.go
View File

@@ -1,6 +1,8 @@
package functions package functions
import ( import (
"google.golang.org/grpc/credentials"
"crypto/tls"
"fmt" "fmt"
"encoding/json" "encoding/json"
"errors" "errors"
@@ -287,6 +289,10 @@ func LeaveNetwork(network string) error {
var wcclient nodepb.NodeServiceClient var wcclient nodepb.NodeServiceClient
var requestOpts grpc.DialOption var requestOpts grpc.DialOption
requestOpts = grpc.WithInsecure() requestOpts = grpc.WithInsecure()
if cfg.Server.GRPCSSL == "on" {
h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}})
requestOpts = grpc.WithTransportCredentials(h2creds)
}
conn, err := grpc.Dial(servercfg.GRPCAddress, requestOpts) conn, err := grpc.Dial(servercfg.GRPCAddress, requestOpts)
if err != nil { if err != nil {
log.Printf("Unable to establish client connection to " + servercfg.GRPCAddress + ": %v", err) log.Printf("Unable to establish client connection to " + servercfg.GRPCAddress + ": %v", err)

17
netclient/functions/join.go
View File

@@ -28,7 +28,7 @@ func JoinNetwork(cfg config.ClientConfig) error {
err := errors.New("ALREADY_INSTALLED. Netclient appears to already be installed for " + cfg.Network + ". To re-install, please remove by executing 'sudo netclient leave -n " + cfg.Network + "'. Then re-run the install command.") err := errors.New("ALREADY_INSTALLED. Netclient appears to already be installed for " + cfg.Network + ". To re-install, please remove by executing 'sudo netclient leave -n " + cfg.Network + "'. Then re-run the install command.")
return err return err
} }
log.Println("attempting to joining " + cfg.Network + " at " + cfg.Server.GRPCAddress) log.Println("attempting to join " + cfg.Network + " at " + cfg.Server.GRPCAddress)
err := config.Write(&cfg, cfg.Network) err := config.Write(&cfg, cfg.Network)
if err != nil { if err != nil {
return err return err
@@ -141,17 +141,16 @@ func JoinNetwork(cfg config.ClientConfig) error {
} }
var wcclient nodepb.NodeServiceClient var wcclient nodepb.NodeServiceClient
var requestOpts grpc.DialOption var requestOpts grpc.DialOption
log.Println("cant believe we made it") requestOpts = grpc.WithInsecure()
//requestOpts = grpc.WithInsecure() if cfg.Server.GRPCSSL == "on" {
h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}}) h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}})
requestOpts = grpc.WithTransportCredentials(h2creds) requestOpts = grpc.WithTransportCredentials(h2creds)
}
conn, err := grpc.Dial(cfg.Server.GRPCAddress, requestOpts) conn, err := grpc.Dial(cfg.Server.GRPCAddress, requestOpts)
if err != nil { if err != nil {
log.Fatalf("Unable to establish client connection to localhost:50051: %v", err) log.Fatalf("Unable to establish client connection to " + cfg.Server.GRPCAddress + ": %v", err)
} }
log.Println("cant believe we made it 2")
wcclient = nodepb.NewNodeServiceClient(conn) wcclient = nodepb.NewNodeServiceClient(conn)
@@ -174,7 +173,6 @@ func JoinNetwork(cfg config.ClientConfig) error {
if err != nil { if err != nil {
return err return err
} }
log.Println("cant believe we made it 3")
res, err := wcclient.CreateNode( res, err := wcclient.CreateNode(
context.TODO(), context.TODO(),
@@ -182,8 +180,6 @@ func JoinNetwork(cfg config.ClientConfig) error {
Node: postnode, Node: postnode,
}, },
) )
log.Println(res)
log.Println("cant believe we made it 3.5")
if err != nil { if err != nil {
return err return err
} }
@@ -192,7 +188,6 @@ func JoinNetwork(cfg config.ClientConfig) error {
return err return err
} }
log.Println("cant believe we made it 3.75")
if node.Dnsoff==true { if node.Dnsoff==true {
cfg.Node.DNS = "yes" cfg.Node.DNS = "yes"
} }
@@ -203,8 +198,6 @@ func JoinNetwork(cfg config.ClientConfig) error {
} }
node.Endpoint = node.Localaddress node.Endpoint = node.Localaddress
} }
log.Println("cant believe we made it 4")
err = config.ModConfig(node) err = config.ModConfig(node)
if err != nil { if err != nil {
return err return err

4
netclient/main.go
View File

@@ -203,6 +203,10 @@ func main() {
if err != nil { if err != nil {
return err return err
} }
if cfg.GRPCWireGuard == "off" {
log.Println("Server is not using WireGuard to secure GRPC. Skipping.")
return err
}
if cfg.Client.ServerPrivateAddress == "" { if cfg.Client.ServerPrivateAddress == "" {
err = errors.New("No server address provided.") err = errors.New("No server address provided.")
return err return err

7
netclient/server/grpc.go
View File

@@ -1,6 +1,8 @@
package server package server
import ( import (
"google.golang.org/grpc/credentials"
"crypto/tls"
"fmt" "fmt"
"context" "context"
"log" "log"
@@ -73,10 +75,13 @@ func RemoveNetwork(network string) error {
node := cfg.Node node := cfg.Node
fmt.Println("Deleting remote node with MAC: " + node.MacAddress) fmt.Println("Deleting remote node with MAC: " + node.MacAddress)
var wcclient nodepb.NodeServiceClient var wcclient nodepb.NodeServiceClient
var requestOpts grpc.DialOption var requestOpts grpc.DialOption
requestOpts = grpc.WithInsecure() requestOpts = grpc.WithInsecure()
if cfg.Server.GRPCSSL == "on" {
h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}})
requestOpts = grpc.WithTransportCredentials(h2creds)
}
conn, err := grpc.Dial(servercfg.GRPCAddress, requestOpts) conn, err := grpc.Dial(servercfg.GRPCAddress, requestOpts)
if err != nil { if err != nil {
log.Printf("Unable to establish client connection to " + servercfg.GRPCAddress + ": %v", err) log.Printf("Unable to establish client connection to " + servercfg.GRPCAddress + ": %v", err)

12
netclient/wireguard/kernel.go
View File

@@ -2,6 +2,8 @@ package wireguard
import ( import (
//"github.com/davecgh/go-spew/spew" //"github.com/davecgh/go-spew/spew"
"google.golang.org/grpc/credentials"
"crypto/tls"
"fmt" "fmt"
"strconv" "strconv"
"errors" "errors"
@@ -328,9 +330,19 @@ func SetWGKeyConfig(network string, serveraddr string) error {
ctx := context.Background() ctx := context.Background()
var header metadata.MD var header metadata.MD
cfg, err := config.ReadConfig(network)
if err != nil {
return err
}
var wcclient nodepb.NodeServiceClient var wcclient nodepb.NodeServiceClient
var requestOpts grpc.DialOption var requestOpts grpc.DialOption
requestOpts = grpc.WithInsecure() requestOpts = grpc.WithInsecure()
if cfg.Server.GRPCSSL == "on" {
h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}})
requestOpts = grpc.WithTransportCredentials(h2creds)
}
conn, err := grpc.Dial(serveraddr, requestOpts) conn, err := grpc.Dial(serveraddr, requestOpts)
if err != nil { if err != nil {
fmt.Printf("Cant dial GRPC server: %v", err) fmt.Printf("Cant dial GRPC server: %v", err)