From 90618f5ed0a3784c2e15cc28bd0278c08eef3652 Mon Sep 17 00:00:00 2001 From: Lucas Ritzdorf <42657792+LRitzdorf@users.noreply.github.com> Date: Thu, 27 Jun 2024 15:38:48 -0600 Subject: [PATCH 1/3] Routers: implement POST notification for bootscript requests This is to be used with the new TPM-manager OCHAMI component, specifically to inform the TPM manager when a new node is booting and will soon be ready to receive its TPM secret. --- cmd/boot-script-service/main.go | 6 ++++++ cmd/boot-script-service/routers.go | 13 +++++++++++++ 2 files changed, 19 insertions(+) diff --git a/cmd/boot-script-service/main.go b/cmd/boot-script-service/main.go index 6a49f6f..c31c594 100644 --- a/cmd/boot-script-service/main.go +++ b/cmd/boot-script-service/main.go @@ -104,6 +104,7 @@ var ( spireServiceURL = "https://spire-tokens.spire:54440" oauth2AdminBaseURL = "http://127.0.0.1:3333" oauth2PublicBaseURL = "http://127.0.0.1:3333" + bootscriptNotifyURL = "" ) func parseEnv(evar string, v interface{}) (ret error) { @@ -324,6 +325,10 @@ func parseEnvVars() error { if parseErr != nil { errList = append(errList, fmt.Errorf("BSS_OAUTH2_PUBLIC_BASE_URL: %q", parseErr)) } + parseErr = parseEnv("BSS_BOOTSCRIPT_NOTIFY_URL", &bootscriptNotifyURL) + if parseErr != nil { + errList = append(errList, fmt.Errorf("BSS_BOOTSCRIPT_NOTIFY_URL: %q", parseErr)) + } // // Etcd environment variables @@ -421,6 +426,7 @@ func parseCmdLine() { flag.StringVar(&jwksURL, "jwks-url", jwksURL, "(BSS_JWKS_URL) Set the JWKS URL to fetch the public key for authorization (enables authentication)") flag.StringVar(&oauth2AdminBaseURL, "oauth2-admin-base-url", oauth2AdminBaseURL, "(BSS_OAUTH2_ADMIN_BASE_URL) Base URL of the OAUTH2 server admin endpoints for client authorizations") flag.StringVar(&oauth2PublicBaseURL, "oauth2-public-base-url", oauth2PublicBaseURL, "(BSS_OAUTH2_PUBLIC_BASE_URL) Base URL of the OAUTH2 server public endpoints (e.g. for token grants)") + flag.StringVar(&bootscriptNotifyURL, "bootscript-notify-url", bootscriptNotifyURL, "(BSS_BOOTSCRIPT_NOTIFY_URL) Full URL to which newly-booted node IPs should be POSTed (e.g. TPM-manager server)") flag.BoolVar(&insecure, "insecure", insecure, "(BSS_INSECURE) Don't enforce https certificate security") flag.BoolVar(&debugFlag, "debug", debugFlag, "(BSS_DEBUG) Enable debug output") flag.BoolVar(&useSQL, "postgres", useSQL, "(BSS_USESQL) Use Postgres instead of ETCD") diff --git a/cmd/boot-script-service/routers.go b/cmd/boot-script-service/routers.go index 698defb..1899f22 100644 --- a/cmd/boot-script-service/routers.go +++ b/cmd/boot-script-service/routers.go @@ -38,6 +38,7 @@ package main import ( "fmt" "net/http" + net_url "net/url" "time" base "github.com/Cray-HPE/hms-base" @@ -130,6 +131,9 @@ func bootParameters(w http.ResponseWriter, r *http.Request) { } func bootScript(w http.ResponseWriter, r *http.Request) { + if bootscriptNotifyURL != "" { + go notifyTarget(bootscriptNotifyURL, r.RemoteAddr) + } switch r.Method { case http.MethodGet: BootscriptGet(w, r) @@ -211,3 +215,12 @@ func endpointHistoryGet(w http.ResponseWriter, r *http.Request) { sendAllowable(w, "GET") } } + +func notifyTarget(url string, data string) { + resp, err := http.PostForm(url, net_url.Values{"data": {data}}) + if err != nil { + fmt.Printf("Error POSTing to %s: %v\n", url, err) + return + } + defer resp.Body.Close() +} From 195e414afb9711a93ca26cd19028b12c91b7db64 Mon Sep 17 00:00:00 2001 From: Lucas Ritzdorf <42657792+LRitzdorf@users.noreply.github.com> Date: Fri, 28 Jun 2024 14:04:34 -0600 Subject: [PATCH 2/3] Routers(notifier): use retryablehttp libary, update error format --- cmd/boot-script-service/routers.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/cmd/boot-script-service/routers.go b/cmd/boot-script-service/routers.go index 1899f22..861059b 100644 --- a/cmd/boot-script-service/routers.go +++ b/cmd/boot-script-service/routers.go @@ -37,6 +37,7 @@ package main import ( "fmt" + "log" "net/http" net_url "net/url" "time" @@ -45,6 +46,7 @@ import ( "github.com/OpenCHAMI/jwtauth/v5" "github.com/go-chi/chi/middleware" "github.com/go-chi/chi/v5" + "github.com/hashicorp/go-retryablehttp" ) const ( @@ -217,9 +219,9 @@ func endpointHistoryGet(w http.ResponseWriter, r *http.Request) { } func notifyTarget(url string, data string) { - resp, err := http.PostForm(url, net_url.Values{"data": {data}}) + resp, err := retryablehttp.PostForm(url, net_url.Values{"data": {data}}) if err != nil { - fmt.Printf("Error POSTing to %s: %v\n", url, err) + log.Printf("WARNING: HTTP POST failed: %v\n", err) return } defer resp.Body.Close() From 2ada9d8912840c3b67d85e1627cc662b5a545281 Mon Sep 17 00:00:00 2001 From: Lucas Ritzdorf <42657792+LRitzdorf@users.noreply.github.com> Date: Fri, 28 Jun 2024 14:08:00 -0600 Subject: [PATCH 3/3] Routers(notifier): include POST data in error message In the current context, this data is a node's IP address, which we want to log. --- cmd/boot-script-service/routers.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/boot-script-service/routers.go b/cmd/boot-script-service/routers.go index 861059b..124a64b 100644 --- a/cmd/boot-script-service/routers.go +++ b/cmd/boot-script-service/routers.go @@ -221,7 +221,7 @@ func endpointHistoryGet(w http.ResponseWriter, r *http.Request) { func notifyTarget(url string, data string) { resp, err := retryablehttp.PostForm(url, net_url.Values{"data": {data}}) if err != nil { - log.Printf("WARNING: HTTP POST failed: %v\n", err) + log.Printf("WARNING: HTTP POST of \"%v\" failed: %v\n", data, err) return } defer resp.Body.Close()