mirror of
https://github.com/gravitl/netmaker.git
synced 2025-10-06 01:07:41 +08:00
cleanup and comments
This commit is contained in:
Matthew R. Kasun
@@ -131,7 +131,7 @@ func PingServer(cfg *config.ClientConfig) error {
|
||||
// == Private ==
|
||||
|
||||
// sets MQ client subscriptions for a specific node config
|
||||
// should be called for each node belonging to a given comms network
|
||||
// should be called for each node belonging to a given server
|
||||
func setSubscriptions(client mqtt.Client, nodeCfg *config.ClientConfig) {
|
||||
if nodeCfg.DebugOn {
|
||||
if token := client.Subscribe("#", 0, nil); token.Wait() && token.Error() != nil {
|
||||
@@ -140,7 +140,6 @@ func setSubscriptions(client mqtt.Client, nodeCfg *config.ClientConfig) {
|
||||
}
|
||||
logger.Log(0, "subscribed to all topics for debugging purposes")
|
||||
}
|
||||
|
||||
if token := client.Subscribe(fmt.Sprintf("update/%s/%s", nodeCfg.Node.Network, nodeCfg.Node.ID), 0, mqtt.MessageHandler(NodeUpdate)); token.Wait() && token.Error() != nil {
|
||||
logger.Log(0, token.Error().Error())
|
||||
return
|
||||
@@ -271,7 +270,7 @@ func setupMQTTSub(server string) mqtt.Client {
|
||||
return client
|
||||
}
|
||||
|
||||
// NewTLSConf sets up tls to connect to broker
|
||||
// NewTLSConf sets up tls configuration to connect to broker securely
|
||||
func NewTLSConfig(cfg *config.ClientConfig, server string) *tls.Config {
|
||||
var file string
|
||||
if cfg != nil {
|
||||
@@ -287,18 +286,14 @@ func NewTLSConfig(cfg *config.ClientConfig, server string) *tls.Config {
|
||||
if !ok {
|
||||
logger.Log(0, "failed to append cert")
|
||||
}
|
||||
//mycert, err := ssl.ReadCert("/etc/netclient/" + server + "/client.pem")
|
||||
clientKeyPair, err := tls.LoadX509KeyPair("/etc/netclient/"+server+"/client.pem", "/etc/netclient/client.key")
|
||||
//clientKeyPair, err := tls.LoadX509KeyPair("/home/mkasun/tmp/client.pem", "/home/mkasun/tmp/client.key")
|
||||
if err != nil {
|
||||
log.Fatalf("could not read client cert/key %v \n", err)
|
||||
}
|
||||
certs := []tls.Certificate{clientKeyPair}
|
||||
//certs = append(certs, tls.Certificate(&mycert))
|
||||
return &tls.Config{
|
||||
RootCAs: certpool,
|
||||
ClientAuth: tls.NoClientCert,
|
||||
//ClientAuth: tls.VerifyClientCertIfGiven,
|
||||
RootCAs: certpool,
|
||||
ClientAuth: tls.NoClientCert,
|
||||
ClientCAs: nil,
|
||||
Certificates: certs,
|
||||
//InsecureSkipVerify: false fails ---- so need to use VerifyConnection
|
||||
@@ -327,7 +322,7 @@ func NewTLSConfig(cfg *config.ClientConfig, server string) *tls.Config {
|
||||
}
|
||||
|
||||
// setupMQTT creates a connection to broker and return client
|
||||
// utilizes comms client configs to setup connections
|
||||
// this function is primarily used to create a connection to publish to the broker
|
||||
func setupMQTT(cfg *config.ClientConfig, publish bool) mqtt.Client {
|
||||
opts := mqtt.NewClientOptions()
|
||||
server := cfg.Server.Server
|
||||
@@ -493,5 +488,3 @@ func read(network, which string) string {
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
||||
// == End Message Caches ==
|
||||
|
||||
@@ -24,17 +24,19 @@ func Register(cfg *config.ClientConfig) error {
|
||||
if cfg.Server.AccessKey == "" {
|
||||
return errors.New("no access key provided")
|
||||
}
|
||||
//create certificate request
|
||||
_, private, err := ed25519.GenerateKey(rand.Reader)
|
||||
//generate new key if one doesn' exist
|
||||
private, err := tls.ReadKey("/etc/netclient/client.key")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
//csr, err := tls.NewCSR(private, name)
|
||||
if err != nil {
|
||||
return err
|
||||
_, *private, err = ed25519.GenerateKey(rand.Reader)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if err := tls.SaveKey(ncutils.GetNetclientPath(), "client.key", *private); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
data := config.RegisterRequest{
|
||||
Key: private,
|
||||
Key: *private,
|
||||
CommonName: tls.NewCName(os.Getenv("HOSTNAME")),
|
||||
}
|
||||
payload, err := json.Marshal(data)
|
||||
@@ -43,7 +45,6 @@ func Register(cfg *config.ClientConfig) error {
|
||||
}
|
||||
url := "https://" + cfg.Server.API + "/api/server/register"
|
||||
log.Println("register at ", url)
|
||||
|
||||
request, err := http.NewRequest(http.MethodPost, url, bytes.NewBuffer(payload))
|
||||
if err != nil {
|
||||
return err
|
||||
@@ -62,19 +63,17 @@ func Register(cfg *config.ClientConfig) error {
|
||||
if err := json.NewDecoder(response.Body).Decode(&resp); err != nil {
|
||||
return errors.New("unmarshal cert error " + err.Error())
|
||||
}
|
||||
|
||||
//x509.Certificate.PublicKey is an interface so json encoding/decoding results in a string rather that []byte
|
||||
//the pubkeys are included in the response so the values in the certificate can be updated appropriately
|
||||
resp.CA.PublicKey = resp.CAPubKey
|
||||
resp.Cert.PublicKey = resp.CertPubKey
|
||||
|
||||
if err := tls.SaveCert(ncutils.GetNetclientPath()+cfg.Server.Server+"/", "root.pem", &resp.CA); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := tls.SaveCert(ncutils.GetNetclientPath()+cfg.Server.Server+"/", "client.pem", &resp.Cert); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := tls.SaveKey(ncutils.GetNetclientPath(), "client.key", private); err != nil {
|
||||
return err
|
||||
}
|
||||
logger.Log(0, "certificates/key saved ")
|
||||
//join the network defined in the token
|
||||
return JoinNetwork(cfg, "", false)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user