def _build_sciond_conf(self, topo_id, ia, base):
name = sciond_name(topo_id)
config_dir = '/share/conf' if self.args.docker else os.path.join(
base, COMMON_DIR)
raw_entry = {
'general': {
'ID': name,
'ConfigDir': config_dir,
'ReconnectToDispatcher': True,
},
'logging': self._log_entry(name),
'trustDB': trust_db_conf_entry(self.args, name),
'discovery': self._discovery_entry(),
'sd': {
'Reliable': os.path.join(SCIOND_API_SOCKDIR, "%s.sock" % name),
'Unix': os.path.join(SCIOND_API_SOCKDIR, "%s.unix" % name),
'Public': '%s,[127.0.0.1]:0' % ia,
'pathDB': {
'Connection': os.path.join(self.db_dir,
'%s.path.db' % name),
},
},
'metrics': {
'Prometheus':
prom_addr_sciond(self.args.docker, topo_id, self.args.networks,
SCIOND_PROM_PORT)
},
'EnableQUICTest': self.args.qtest,
}
return raw_entry
def _cust_db_conf_entry(self, cs_name):
conf_entry = trust_db_conf_entry(self.args, cs_name)
# If we build the dockerized topology the directory is setup to be reachable
# from docker, but the tool runs on the host, so we resolve the bind mount here.
conf_entry['Connection'] = conf_entry['Connection'].replace(
'/share/cache', 'gen-cache')
return conf_entry
def _build_cs_conf(self, topo_id, ia, base, name, infra_elem):
config_dir = '/share/conf' if self.args.docker else os.path.join(base, name)
raw_entry = {
'general': {
'ID': name,
'ConfigDir': config_dir,
},
'sd_client': {
'Path': get_default_sciond_path(topo_id),
},
'logging': self._log_entry(name),
'TrustDB': trust_db_conf_entry(self.args, name),
'infra': {
'Type': "CS"
},
'discovery': self._discovery_entry(),
'cs': {
'LeafReissueLeadTime': "6h",
'IssuerReissueLeadTime': "3d",
'ReissueRate': "10s",
'ReissueTimeout': "5s",
},
'metrics': self._metrics_entry(name, infra_elem, CS_PROM_PORT),
}
return raw_entry
def _build_ps_conf(self, topo_id, ia, base, name, infra_elem):
config_dir = '/share/conf' if self.args.docker else os.path.join(
base, name)
raw_entry = {
'general': {
'ID': name,
'ConfigDir': config_dir,
'ReconnectToDispatcher': True,
},
'logging':
self._log_entry(name),
'trustDB':
trust_db_conf_entry(self.args, name),
'discovery':
self._discovery_entry(),
'ps': {
'pathDB': {
'Backend': 'sqlite',
'Connection': os.path.join(self.db_dir,
'%s.path.db' % name),
},
'SegSync': True,
},
'tracing':
self._tracing_entry(),
'metrics':
self._metrics_entry(name, infra_elem, PS_PROM_PORT),
'quic':
self._quic_conf_entry(PS_QUIC_PORT, self.args.svcfrac, infra_elem),
}
return raw_entry
def _build_bs_conf(self, topo_id, ia, base, name, infra_elem):
config_dir = '/share/conf' if self.args.docker else os.path.join(
base, name)
raw_entry = {
'general': {
'ID': name,
'ConfigDir': config_dir,
'ReconnectToDispatcher': True,
},
'logging':
self._log_entry(name),
'trustDB':
trust_db_conf_entry(self.args, name),
'beaconDB':
beacon_db_conf_entry(self.args, name),
'discovery':
self._discovery_entry(),
'tracing':
self._tracing_entry(),
'metrics':
self._metrics_entry(name, infra_elem, BS_PROM_PORT),
'quic':
self._quic_conf_entry(BS_QUIC_PORT, self.args.svcfrac, infra_elem),
}
return raw_entry
def _build_sciond_conf(self, topo_id, ia, base):
name = sciond_name(topo_id)
config_dir = '/share/conf' if self.args.docker else os.path.join(base, COMMON_DIR)
ip = sciond_ip(self.args.docker, topo_id, self.args.networks)
raw_entry = {
'general': {
'ID': name,
'ConfigDir': config_dir,
'ReconnectToDispatcher': True,
},
'logging': self._log_entry(name),
'trustDB': trust_db_conf_entry(self.args, name),
'discovery': self._discovery_entry(),
'sd': {
'Reliable': os.path.join(SCIOND_API_SOCKDIR, "%s.sock" % name),
'Unix': os.path.join(SCIOND_API_SOCKDIR, "%s.unix" % name),
'Public': '[%s]:0' % ip,
'pathDB': {
'Connection': os.path.join(self.db_dir, '%s.path.db' % name),
},
},
'tracing': self._tracing_entry(),
'metrics': {
'Prometheus': '[%s]:%d' % (ip, SCIOND_PROM_PORT)
},
'quic': self._quic_conf_entry(SD_QUIC_PORT, self.args.svcfrac),
}
raw_entry['quic']['Address'] = '[%s]:%d' % (ip, SD_QUIC_PORT)
return raw_entry
def _build_control_service_conf(self, topo_id, ia, base, name, infra_elem):
config_dir = '/share/conf' if self.args.docker else os.path.join(
base, name)
raw_entry = {
'general': {
'ID': name,
'ConfigDir': config_dir,
'ReconnectToDispatcher': True,
},
'logging': self._log_entry(name),
'trustDB': trust_db_conf_entry(self.args, name),
'beaconDB': beacon_db_conf_entry(self.args, name),
'discovery': self._discovery_entry(),
'tracing': self._tracing_entry(),
'metrics': self._metrics_entry(name, infra_elem, BS_PROM_PORT),
'quic': self._quic_conf_entry(BS_QUIC_PORT, self.args.svcfrac, infra_elem),
'sd_client': {
'Path': get_default_sciond_path(topo_id),
},
'cs': {
'LeafReissueLeadTime': "6h",
'IssuerReissueLeadTime': "3d",
'ReissueRate': "10s",
'ReissueTimeout': "5s",
},
'ps': {
'pathDB': {
'Backend': 'sqlite',
'Connection': os.path.join(self.db_dir, '%s.path.db' % name),
},
'SegSync': True,
},
}
return raw_entry
def _write_cust_files(self, topo_dicts, cust_files):
cust_pk = {}
for topo_id, as_topo in topo_dicts.items():
base = topo_id.base_dir(self.args.output_dir)
for elem in as_topo["CertificateService"]:
for path, value in cust_files[topo_id].items():
write_file(os.path.join(base, elem, path), value)
if self.args.cert_server == 'go':
cust_dir_name = os.path.dirname(path)
cust_dir = os.path.join(base, elem, cust_dir_name)
cust_pk[cust_dir] = elem
if cust_pk:
script_name = 'gen/load_custs.sh'
with open(script_name, 'w') as script:
script.write('#!/bin/bash\n\n')
for cust_dir, cs_name in cust_pk.items():
conf_entry = trust_db_conf_entry(self.args, cs_name)
# If we build the dockerized topology the directory is setup to be reachable
# from docker, but the tool runs on the host, so we resolve the bind mount here.
conf_entry['Connection'] = conf_entry[
'Connection'].replace('/share/cache', 'gen-cache')
script.write('cat > cfg.toml << EOL\n%sEOL\n\n' %
toml.dumps({'TrustDB': conf_entry}))
script.write(
'bin/scion-custpk-load -customers %s -config %s\n' %
(cust_dir, 'cfg.toml'))
script.write('rm cfg.toml\n')
st = os.stat(script_name)
os.chmod(script_name, st.st_mode | stat.S_IEXEC)
