def _build_sciond_conf(self, topo_id, ia, base): name = sciond_name(topo_id) config_dir = '/share/conf' if self.args.docker else os.path.join( base, COMMON_DIR) raw_entry = { 'general': { 'ID': name, 'ConfigDir': config_dir, 'ReconnectToDispatcher': True, }, 'logging': self._log_entry(name), 'trustDB': trust_db_conf_entry(self.args, name), 'discovery': self._discovery_entry(), 'sd': { 'Reliable': os.path.join(SCIOND_API_SOCKDIR, "%s.sock" % name), 'Unix': os.path.join(SCIOND_API_SOCKDIR, "%s.unix" % name), 'Public': '%s,[127.0.0.1]:0' % ia, 'pathDB': { 'Connection': os.path.join(self.db_dir, '%s.path.db' % name), }, }, 'metrics': { 'Prometheus': prom_addr_sciond(self.args.docker, topo_id, self.args.networks, SCIOND_PROM_PORT) }, 'EnableQUICTest': self.args.qtest, } return raw_entry
def _cust_db_conf_entry(self, cs_name): conf_entry = trust_db_conf_entry(self.args, cs_name) # If we build the dockerized topology the directory is setup to be reachable # from docker, but the tool runs on the host, so we resolve the bind mount here. conf_entry['Connection'] = conf_entry['Connection'].replace( '/share/cache', 'gen-cache') return conf_entry
def _build_cs_conf(self, topo_id, ia, base, name, infra_elem): config_dir = '/share/conf' if self.args.docker else os.path.join(base, name) raw_entry = { 'general': { 'ID': name, 'ConfigDir': config_dir, }, 'sd_client': { 'Path': get_default_sciond_path(topo_id), }, 'logging': self._log_entry(name), 'TrustDB': trust_db_conf_entry(self.args, name), 'infra': { 'Type': "CS" }, 'discovery': self._discovery_entry(), 'cs': { 'LeafReissueLeadTime': "6h", 'IssuerReissueLeadTime': "3d", 'ReissueRate': "10s", 'ReissueTimeout': "5s", }, 'metrics': self._metrics_entry(name, infra_elem, CS_PROM_PORT), } return raw_entry
def _build_ps_conf(self, topo_id, ia, base, name, infra_elem): config_dir = '/share/conf' if self.args.docker else os.path.join( base, name) raw_entry = { 'general': { 'ID': name, 'ConfigDir': config_dir, 'ReconnectToDispatcher': True, }, 'logging': self._log_entry(name), 'trustDB': trust_db_conf_entry(self.args, name), 'discovery': self._discovery_entry(), 'ps': { 'pathDB': { 'Backend': 'sqlite', 'Connection': os.path.join(self.db_dir, '%s.path.db' % name), }, 'SegSync': True, }, 'tracing': self._tracing_entry(), 'metrics': self._metrics_entry(name, infra_elem, PS_PROM_PORT), 'quic': self._quic_conf_entry(PS_QUIC_PORT, self.args.svcfrac, infra_elem), } return raw_entry
def _build_bs_conf(self, topo_id, ia, base, name, infra_elem): config_dir = '/share/conf' if self.args.docker else os.path.join( base, name) raw_entry = { 'general': { 'ID': name, 'ConfigDir': config_dir, 'ReconnectToDispatcher': True, }, 'logging': self._log_entry(name), 'trustDB': trust_db_conf_entry(self.args, name), 'beaconDB': beacon_db_conf_entry(self.args, name), 'discovery': self._discovery_entry(), 'tracing': self._tracing_entry(), 'metrics': self._metrics_entry(name, infra_elem, BS_PROM_PORT), 'quic': self._quic_conf_entry(BS_QUIC_PORT, self.args.svcfrac, infra_elem), } return raw_entry
def _build_sciond_conf(self, topo_id, ia, base): name = sciond_name(topo_id) config_dir = '/share/conf' if self.args.docker else os.path.join(base, COMMON_DIR) ip = sciond_ip(self.args.docker, topo_id, self.args.networks) raw_entry = { 'general': { 'ID': name, 'ConfigDir': config_dir, 'ReconnectToDispatcher': True, }, 'logging': self._log_entry(name), 'trustDB': trust_db_conf_entry(self.args, name), 'discovery': self._discovery_entry(), 'sd': { 'Reliable': os.path.join(SCIOND_API_SOCKDIR, "%s.sock" % name), 'Unix': os.path.join(SCIOND_API_SOCKDIR, "%s.unix" % name), 'Public': '[%s]:0' % ip, 'pathDB': { 'Connection': os.path.join(self.db_dir, '%s.path.db' % name), }, }, 'tracing': self._tracing_entry(), 'metrics': { 'Prometheus': '[%s]:%d' % (ip, SCIOND_PROM_PORT) }, 'quic': self._quic_conf_entry(SD_QUIC_PORT, self.args.svcfrac), } raw_entry['quic']['Address'] = '[%s]:%d' % (ip, SD_QUIC_PORT) return raw_entry
def _build_control_service_conf(self, topo_id, ia, base, name, infra_elem): config_dir = '/share/conf' if self.args.docker else os.path.join( base, name) raw_entry = { 'general': { 'ID': name, 'ConfigDir': config_dir, 'ReconnectToDispatcher': True, }, 'logging': self._log_entry(name), 'trustDB': trust_db_conf_entry(self.args, name), 'beaconDB': beacon_db_conf_entry(self.args, name), 'discovery': self._discovery_entry(), 'tracing': self._tracing_entry(), 'metrics': self._metrics_entry(name, infra_elem, BS_PROM_PORT), 'quic': self._quic_conf_entry(BS_QUIC_PORT, self.args.svcfrac, infra_elem), 'sd_client': { 'Path': get_default_sciond_path(topo_id), }, 'cs': { 'LeafReissueLeadTime': "6h", 'IssuerReissueLeadTime': "3d", 'ReissueRate': "10s", 'ReissueTimeout': "5s", }, 'ps': { 'pathDB': { 'Backend': 'sqlite', 'Connection': os.path.join(self.db_dir, '%s.path.db' % name), }, 'SegSync': True, }, } return raw_entry
def _write_cust_files(self, topo_dicts, cust_files): cust_pk = {} for topo_id, as_topo in topo_dicts.items(): base = topo_id.base_dir(self.args.output_dir) for elem in as_topo["CertificateService"]: for path, value in cust_files[topo_id].items(): write_file(os.path.join(base, elem, path), value) if self.args.cert_server == 'go': cust_dir_name = os.path.dirname(path) cust_dir = os.path.join(base, elem, cust_dir_name) cust_pk[cust_dir] = elem if cust_pk: script_name = 'gen/load_custs.sh' with open(script_name, 'w') as script: script.write('#!/bin/bash\n\n') for cust_dir, cs_name in cust_pk.items(): conf_entry = trust_db_conf_entry(self.args, cs_name) # If we build the dockerized topology the directory is setup to be reachable # from docker, but the tool runs on the host, so we resolve the bind mount here. conf_entry['Connection'] = conf_entry[ 'Connection'].replace('/share/cache', 'gen-cache') script.write('cat > cfg.toml << EOL\n%sEOL\n\n' % toml.dumps({'TrustDB': conf_entry})) script.write( 'bin/scion-custpk-load -customers %s -config %s\n' % (cust_dir, 'cfg.toml')) script.write('rm cfg.toml\n') st = os.stat(script_name) os.chmod(script_name, st.st_mode | stat.S_IEXEC)