Browse Source

changes to facilitate easier testing of greenhouse

comment out threshold binary integrity verification
Allow Greenhouse to re-configure the embedded greenhouse daemon if the
daemon is currently configured with an expired API token.
master
forest 1 month ago
parent
commit
a0dbd69e3e
4 changed files with 37 additions and 22 deletions
  1. +13
    -10
      db_model.go
  2. +13
    -2
      ingress_service.go
  3. +1
    -1
      main.go
  4. +10
    -9
      threshold_provisioning_service.go

+ 13
- 10
db_model.go View File

@ -72,10 +72,11 @@ type TenantVPSInstance struct {
}
type APIToken struct {
Name string
Active bool
Created time.Time
LastUsed time.Time
Name string
Active bool
HashedToken string
Created time.Time
LastUsed time.Time
}
const DomainVerificationPollingInterval = time.Hour
@ -628,7 +629,7 @@ func (model *DBModel) GetTenant(tenantId int) (*TenantInfo, error) {
}
rows, err = model.DB.Query(
`SELECT key_name, active, created, last_used FROM api_tokens WHERE tenant_id = $1`,
`SELECT key_name, hashed_token, active, created, last_used FROM api_tokens WHERE tenant_id = $1`,
tenantId,
)
if err != nil {
@ -637,19 +638,21 @@ func (model *DBModel) GetTenant(tenantId int) (*TenantInfo, error) {
apiTokens := []APIToken{}
for rows.Next() {
var keyName string
var hashedToken string
var active bool
var created time.Time
var lastUsed time.Time
err := rows.Scan(&keyName, &active, &created, &lastUsed)
err := rows.Scan(&keyName, &hashedToken, &active, &created, &lastUsed)
if err != nil {
return nil, errors.Wrapf(err, "GetTenant(%d): ", tenantId)
}
apiTokens = append(apiTokens, APIToken{
Name: keyName,
Active: active,
Created: created,
LastUsed: lastUsed,
Name: keyName,
HashedToken: hashedToken,
Active: active,
Created: created,
LastUsed: lastUsed,
})
}


+ 13
- 2
ingress_service.go View File

@ -36,7 +36,8 @@ type GUITunnel struct {
}
type GreenhouseDaemonStatus struct {
NeedsAPIToken bool `json:"needs_api_token"`
NeedsAPIToken bool `json:"needs_api_token"`
HashedToken string `json:"hashed_api_token"`
}
const adminThresholdNodeId = "greenhouse_internal_node"
@ -155,8 +156,18 @@ func (service *IngressService) ConfigureGreenhouseDaemon() error {
return err
}
if responseStatus.NeedsAPIToken {
hasMatchingAPIToken := false
for _, token := range tenant.APITokens {
if responseStatus.HashedToken == token.HashedToken {
hasMatchingAPIToken = true
}
}
if responseStatus.NeedsAPIToken || !hasMatchingAPIToken {
log.Printf(
"responseStatus.NeedsAPIToken (%t) || !hasMatchingAPIToken (%t): now reconfiguring the greenhouse daemon's API token...\n",
responseStatus.NeedsAPIToken, !hasMatchingAPIToken,
)
i := 0
newTokenName := "greenhouse_builtin_ingress"
for i < 100 {


+ 1
- 1
main.go View File

@ -171,7 +171,7 @@ func getConfig(workingDirectory string) *Config {
"$1******$2",
)
log.Printf("greenhouse is starting up using config:\n%s\n", configToLogString)
log.Printf("🌱🏠 greenhouse is starting up using config:\n%s\n", configToLogString)
return &config
}


+ 10
- 9
threshold_provisioning_service.go View File

@ -154,14 +154,15 @@ func (service *ThresholdProvisioningService) GetServerInstallScript(tlsCertifica
echo "downloading threshold tar file"
curl -sS {{ARTIFACTS_BASE_URL}}/threshold-{{ARCH}}.tar.gz > /tmp/threshold-{{ARCH}}.tar.gz
echo "verifying checksum"
CORRECT_CHECKSUM="$(sha256sum /tmp/threshold-{{ARCH}}.tar.gz | grep '{{TAR_SHA256}}' | wc -l)"
if [ $CORRECT_CHECKSUM -ne 1 ]; then
echo "bad checksum on /tmp/threshold-{{ARCH}}.tar.gz:"
sha256sum /tmp/threshold-{{ARCH}}.tar.gz
echo "expected {{TAR_SHA256}}."
exit 1
fi
# TODO actually verify the checksum here.
#echo "verifying checksum"
#CORRECT_CHECKSUM="$(sha256sum /tmp/threshold-{{ARCH}}.tar.gz | grep '{{TAR_SHA256}}' | wc -l)"
#if [ $CORRECT_CHECKSUM -ne 1 ]; then
# echo "bad checksum on /tmp/threshold-{{ARCH}}.tar.gz:"
# sha256sum /tmp/threshold-{{ARCH}}.tar.gz
# echo "expected {{TAR_SHA256}}."
# exit 1
#fi
echo "unarchiving threshold binary"
tar -x -f /tmp/threshold-{{ARCH}}.tar.gz --directory /opt/threshold
@ -300,7 +301,7 @@ WantedBy=multi-user.target
substitutions := map[string]string{
"ARTIFACTS_BASE_URL": "https://f000.backblazeb2.com/file/server-garden-artifacts",
"ARCH": "amd64",
"TAR_SHA256": "4ce0ab86fec54c86493bf2d852a7782bdb92913fa798e706625017dff7676a76",
"TAR_SHA256": "1207c89f5269220f56e93c96d6c4b06ee3c317ea463b23c3a9210343893c426b",
"THRESHOLD_DOMAIN": "greenhouse.server.garden",
"GREENHOUSE_MANAGEMENT_API_AUTH_CA": string(managementAPIAuthCABytes),
"GREENHOUSE_CA": string(mainCABytes),


Loading…
Cancel
Save