mirrors/talos
1
0
Fork 0
mirror of https://github.com/siderolabs/talos.git synced 2025-08-21 14:41:12 +02:00
Code Issues Packages Projects Releases Wiki Activity
talos/internal/app/osd/main.go
Brad Beam e6bf92ce31 feat(osd): Enable hitting multiple OSD endpoints 
This enables the ability to specify additional <talos> endpoints to connect to
to pull back data.

Signed-off-by: Brad Beam <brad.beam@talos-systems.com>
2019-10-16 15:30:25 -05:00

136 lines
3.3 KiB
Go
Raw Blame History

/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package main
import (
"flag"
"log"
stdlibnet "net"
"os"
"strings"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"
osapi "github.com/talos-systems/talos/api/os"
"github.com/talos-systems/talos/internal/app/osd/internal/reg"
"github.com/talos-systems/talos/pkg/config"
"github.com/talos-systems/talos/pkg/constants"
"github.com/talos-systems/talos/pkg/grpc/factory"
"github.com/talos-systems/talos/pkg/grpc/tls"
"github.com/talos-systems/talos/pkg/net"
"github.com/talos-systems/talos/pkg/startup"
)
var (
configPath *string
endpoints *string
)
func init() {
log.SetFlags(log.Lshortfile | log.Ldate | log.Lmicroseconds | log.Ltime)
configPath = flag.String("config", "", "the path to the config")
endpoints = flag.String("endpoints", "", "the IPs of the control plane nodes")
flag.Parse()
}
// nolint: gocyclo
func main() {
if err := startup.RandSeed(); err != nil {
log.Fatalf("failed to seed RNG: %v", err)
}
provider, err := createProvider()
if err != nil {
log.Fatalf("failed to create remote certificate provider: %+v", err)
}
ca, err := provider.GetCA()
if err != nil {
log.Fatalf("failed to get root CA: %+v", err)
}
tlsConfig, err := tls.New(
tls.WithClientAuthType(tls.Mutual),
tls.WithCACertPEM(ca),
tls.WithCertificateProvider(provider),
)
if err != nil {
log.Fatalf("failed to create OS-level TLS configuration: %v", err)
}
machineClient, err := reg.NewMachineClient()
if err != nil {
log.Fatalf("init client: %v", err)
}
timeClient, err := reg.NewTimeClient()
if err != nil {
log.Fatalf("ntp client: %v", err)
}
networkClient, err := reg.NewNetworkClient()
if err != nil {
log.Fatalf("networkd client: %v", err)
}
interceptorProvider, err := createProvider()
if err != nil {
log.Fatalf("failed to create remote certificate provider for interceptor: %+v", err)
}
protoProxy := osapi.NewOSProxy(interceptorProvider)
err = factory.ListenAndServe(
&reg.Registrator{
MachineClient: machineClient,
TimeClient: timeClient,
NetworkClient: networkClient,
},
factory.Port(constants.OsdPort),
factory.ServerOptions(
grpc.Creds(
credentials.NewTLS(tlsConfig),
),
grpc.UnaryInterceptor(protoProxy.UnaryInterceptor()),
),
)
if err != nil {
log.Fatalf("listen: %v", err)
}
}
func createProvider() (tls.CertificateProvider, error) {
content, err := config.FromFile(*configPath)
if err != nil {
log.Fatalf("open config: %v", err)
}
config, err := config.New(content)
if err != nil {
log.Fatalf("open config: %v", err)
}
ips, err := net.IPAddrs()
if err != nil {
log.Fatalf("failed to discover IP addresses: %+v", err)
}
// TODO(andrewrynhard): Allow for DNS names.
for _, san := range config.Machine().Security().CertSANs() {
if ip := stdlibnet.ParseIP(san); ip != nil {
ips = append(ips, ip)
}
}
hostname, err := os.Hostname()
if err != nil {
log.Fatalf("failed to discover hostname: %+v", err)
}
return tls.NewRemoteRenewingFileCertificateProvider(config.Machine().Security().Token(), strings.Split(*endpoints, ","), constants.TrustdPort, hostname, ips)
}
Reference in New Issue View Git Blame Copy Permalink