Generate Nebula CA via RPC calls

77c29048 · Roman Shishkin · d2201c70 · 77c29048 · 77c29048 · 77c29048
Commit 77c29048 authored 11 months ago by Roman Shishkin
--- a/addr_agent/agent_feature/mapping.py
+++ b/addr_agent/agent_feature/mapping.py
@@ -2,6 +2,7 @@ from enum import Enum

 from addr_agent.agent_feature.methods.addr_v1_agent_update import RPCAddrV1AgentUpdateMethod
 from addr_agent.agent_feature.methods.addr_v1_hwreport import RPCAddrV1HWReportMethod
+from addr_agent.agent_feature.methods.addr_v1_nebula_create_ca import RPCAddrV1NebulaCreateCaMethod
 from addr_agent.agent_feature.methods.addr_v1_ping import RPCAddrV1PingMethod


@@ -17,4 +18,6 @@ RPC_METHOD_MAPPING = {
    RPCMethod.ADDR_V1_PING: RPCAddrV1PingMethod,
    RPCMethod.ADDR_V1_HWREPORT: RPCAddrV1HWReportMethod,
    RPCMethod.ADDR_VI_AGENT_UPDATE: RPCAddrV1AgentUpdateMethod,
+
+    RPCMethod.ADDR_V1_NEBULA_CREATE_CA: RPCAddrV1NebulaCreateCaMethod,
 }
--- a/addr_agent/agent_feature/methods/addr_v1_agent_update.py
+++ b/addr_agent/agent_feature/methods/addr_v1_agent_update.py
@@ -8,12 +8,17 @@ class RPCAddrV1AgentUpdateMethod(RPCMethodImpl):
    async def run(self) -> Generator[RPCTaskResult, None, None]:
        docker = aiodocker.Docker()
        yield RPCTaskResult(status=RPCTaskStatus.PROGRESS, response="Pulling new addr-runner container")
-        await docker.images.pull("registry.uwtech.org/uwtech/cdn/addr-agent:latest")
+        response = await docker.images.pull("registry.uwtech.org/uwtech/cdn/addr-agent:latest")
+        for resp in response:
+            yield RPCTaskResult(status=RPCTaskStatus.PROGRESS, response=resp["status"])

        yield RPCTaskResult(status=RPCTaskStatus.PROGRESS, response="Pulling intermediate updater container")
-        await docker.images.pull("docker:latest")
+        response = await docker.images.pull("docker:latest")
+        for resp in response:
+            yield RPCTaskResult(status=RPCTaskStatus.PROGRESS, response=resp["status"])

-        yield RPCTaskResult(status=RPCTaskStatus.COMPLETED, response="Start updater container")
+        yield RPCTaskResult(status=RPCTaskStatus.PROGRESS, response="Start updater container")
+        yield RPCTaskResult(status=RPCTaskStatus.COMPLETED)
        await docker.containers.run(
            config={
                "Image": "docker:latest",

--- a/addr_agent/agent_feature/methods/addr_v1_nebula_create_ca.py
+++ b/addr_agent/agent_feature/methods/addr_v1_nebula_create_ca.py
+import asyncio
+import json
+import pathlib
+from typing import Generator
+
+from addr_agent.agent_feature.models import RPCMethodImpl, RPCTaskResult, RPCTaskStatus
+
+
+class RPCAddrV1NebulaCreateCaMethod(RPCMethodImpl):
+    async def run(self) -> Generator[RPCTaskResult, None, None]:
+        request = json.loads(self.request)
+        ca_name = request["ca_name"]
+        duration = request["duration"]
+
+        proc = await asyncio.create_subprocess_shell(
+            f"nebula-cert ca -name '{ca_name}' -duration {duration}",
+            stdout=asyncio.subprocess.PIPE,
+            stderr=asyncio.subprocess.PIPE)
+
+        exit_code = await proc.wait()
+        if exit_code == 0:
+            public_key_file = pathlib.Path("ca.crt")
+            private_key_file = pathlib.Path("ca.key")
+            response = {
+                "ca_public_key": public_key_file.read_text(),
+                "ca_private_key": private_key_file.read_text(),
+            }
+            public_key_file.unlink()
+            private_key_file.unlink()
+            yield RPCTaskResult(status=RPCTaskStatus.COMPLETED, response=json.dumps(response))
+        else:
+            yield RPCTaskResult(status=RPCTaskStatus.ERROR, response=f"Process exited with code {exit_code}")