Implement rpc_secret_file
This commit is contained in:
parent
02e8eb167e
commit
f2106c2733
1
.gitignore
vendored
1
.gitignore
vendored
@ -3,3 +3,4 @@
|
||||
/pki
|
||||
**/*.rs.bk
|
||||
*.swp
|
||||
/.direnv
|
@ -39,7 +39,7 @@ Now you can enter our nix-shell, all the required packages will be downloaded bu
|
||||
nix-shell
|
||||
```
|
||||
|
||||
You can use the traditionnal Rust development workflow:
|
||||
You can use the traditional Rust development workflow:
|
||||
|
||||
```bash
|
||||
cargo build # compile the project
|
||||
|
@ -96,7 +96,7 @@ Performance characteristics of the different DB engines are as follows:
|
||||
|
||||
- Sled: the default database engine, which tends to produce
|
||||
large data files and also has performance issues, especially when the metadata folder
|
||||
is on a traditionnal HDD and not on SSD.
|
||||
is on a traditional HDD and not on SSD.
|
||||
- LMDB: the recommended alternative on 64-bit systems,
|
||||
much more space-efficiant and slightly faster. Note that the data format of LMDB is not portable
|
||||
between architectures, so for instance the Garage database of an x86-64
|
||||
@ -267,6 +267,10 @@ This key should be specified here in the form of a 32-byte hex-encoded
|
||||
random string. Such a string can be generated with a command
|
||||
such as `openssl rand -hex 32`.
|
||||
|
||||
### `rpc_secret_file`
|
||||
|
||||
Like `rpc_secret` above, just that this is the path to a file that Garage will try to read the secret from.
|
||||
|
||||
### `rpc_bind_addr`
|
||||
|
||||
The address and port on which to bind for inter-cluster communcations
|
||||
|
16
flake.lock
16
flake.lock
@ -55,6 +55,21 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_2": {
|
||||
"locked": {
|
||||
"lastModified": 1667395993,
|
||||
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1665657542,
|
||||
@ -74,6 +89,7 @@
|
||||
"root": {
|
||||
"inputs": {
|
||||
"cargo2nix": "cargo2nix",
|
||||
"flake-utils": "flake-utils_2",
|
||||
"nixpkgs": "nixpkgs"
|
||||
}
|
||||
},
|
||||
|
24
flake.nix
24
flake.nix
@ -7,22 +7,30 @@
|
||||
url = "github:Alexis211/cargo2nix/a7a61179b66054904ef6a195d8da736eaaa06c36";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
inputs.flake-utils.url = "github:numtide/flake-utils";
|
||||
|
||||
outputs = { self, nixpkgs, cargo2nix }: let
|
||||
outputs = { self, nixpkgs, cargo2nix, flake-utils }:
|
||||
let
|
||||
git_version = self.lastModifiedDate;
|
||||
compile = import ./nix/compile.nix;
|
||||
forAllSystems = nixpkgs.lib.genAttrs nixpkgs.lib.systems.flakeExposed;
|
||||
in
|
||||
{
|
||||
packages = forAllSystems (system: {
|
||||
in flake-utils.lib.eachDefaultSystem (system:
|
||||
let pkgs = nixpkgs.legacyPackages.${system};
|
||||
in {
|
||||
packages = {
|
||||
default = (compile {
|
||||
inherit system git_version;
|
||||
pkgsSrc = nixpkgs;
|
||||
cargo2nixOverlay = cargo2nix.overlays.default;
|
||||
release = true;
|
||||
}).workspace.garage {
|
||||
compileMode = "build";
|
||||
}).workspace.garage { compileMode = "build"; };
|
||||
};
|
||||
devShell = ((compile {
|
||||
inherit system git_version;
|
||||
pkgsSrc = nixpkgs;
|
||||
cargo2nixOverlay = cargo2nix.overlays.default;
|
||||
release = false;
|
||||
}).workspaceShell {
|
||||
packages = [ pkgs.rustfmt ];
|
||||
});
|
||||
});
|
||||
};
|
||||
}
|
||||
|
@ -173,7 +173,7 @@ async fn cli_command(opt: Opt) -> Result<(), Error> {
|
||||
let net_key_hex_str = opt
|
||||
.rpc_secret
|
||||
.as_ref()
|
||||
.or_else(|| config.as_ref().map(|c| &c.rpc_secret))
|
||||
.or_else(|| config.as_ref().and_then(|c| c.rpc_secret.as_ref()))
|
||||
.ok_or("No RPC secret provided")?;
|
||||
let network_key = NetworkKey::from_slice(
|
||||
&hex::decode(net_key_hex_str).err_context("Invalid RPC secret key (bad hex)")?[..],
|
||||
|
@ -159,7 +159,7 @@ impl Garage {
|
||||
};
|
||||
|
||||
let network_key = NetworkKey::from_slice(
|
||||
&hex::decode(&config.rpc_secret).expect("Invalid RPC secret key")[..],
|
||||
&hex::decode(&config.rpc_secret.as_ref().unwrap()).expect("Invalid RPC secret key")[..],
|
||||
)
|
||||
.expect("Invalid RPC secret key");
|
||||
|
||||
|
@ -34,7 +34,10 @@ pub struct Config {
|
||||
pub compression_level: Option<i32>,
|
||||
|
||||
/// RPC secret key: 32 bytes hex encoded
|
||||
pub rpc_secret: String,
|
||||
pub rpc_secret: Option<String>,
|
||||
|
||||
/// Optional file where RPC secret key is read from
|
||||
pub rpc_secret_file: Option<String>,
|
||||
|
||||
/// Address to bind for RPC
|
||||
pub rpc_bind_addr: SocketAddr,
|
||||
@ -177,7 +180,26 @@ pub fn read_config(config_file: PathBuf) -> Result<Config, Error> {
|
||||
let mut config = String::new();
|
||||
file.read_to_string(&mut config)?;
|
||||
|
||||
Ok(toml::from_str(&config)?)
|
||||
let mut parsed_config: Config = toml::from_str(&config)?;
|
||||
|
||||
match (&parsed_config.rpc_secret, &parsed_config.rpc_secret_file) {
|
||||
(Some(_), _) => {}
|
||||
(None, Some(rpc_secret_file_path_string)) => {
|
||||
let mut rpc_secret_file = std::fs::OpenOptions::new()
|
||||
.read(true)
|
||||
.open(rpc_secret_file_path_string)?;
|
||||
let mut rpc_secret_from_file = String::new();
|
||||
rpc_secret_file.read_to_string(&mut rpc_secret_from_file)?;
|
||||
// trim_end: allows for use case such as `echo "$(openssl rand -hex 32)" > somefile`.
|
||||
// also editors sometimes add a trailing newline
|
||||
parsed_config.rpc_secret = Some(String::from(rpc_secret_from_file.trim_end()));
|
||||
}
|
||||
(None, None) => {
|
||||
return Err("either `rpc_secret` or `rpc_secret_file` needs to be set".into())
|
||||
}
|
||||
};
|
||||
|
||||
Ok(parsed_config)
|
||||
}
|
||||
|
||||
fn default_compression() -> Option<i32> {
|
||||
|
Loading…
Reference in New Issue
Block a user