Enable the garage admin interface

2022-10-16 21:22:58 +02:00 · 2022-10-16 21:22:58 +02:00 · f720d7accd
commit f720d7accd
parent 51e21c3e46
7 changed files with 32 additions and 7 deletions
--- a/AppDir/etc/daemon.yml
+++ b/AppDir/etc/daemon.yml
@ -73,3 +73,4 @@ storage:
    #  capacity: 1200
    #  api_port: 3900
    #  rpc_port: 3901
+    #  admin_port: 3902
--- a/go-workspace/src/bootstrap/bootstrap.go
+++ b/go-workspace/src/bootstrap/bootstrap.go
@ -32,6 +32,7 @@ type Bootstrap struct {
 	NebulaHostCert nebula.HostCert

 	GarageRPCSecret                    string
+	GarageAdminToken                   string
 	GarageGlobalBucketS3APICredentials garage.S3APICredentials
 }

@ -65,6 +66,7 @@ func FromFS(bootstrapFS fs.FS) (Bootstrap, error) {
 		{&b.NebulaHostCert.HostCert, nebulaCertsHostCertPath},
 		{&b.NebulaHostCert.HostKey, nebulaCertsHostKeyPath},
 		{&b.GarageRPCSecret, garageRPCSecretPath},
+		{&b.GarageAdminToken, garageAdminTokenPath},
 	}

 	for _, f := range filesToLoadAsString {
@ -115,6 +117,7 @@ func (b Bootstrap) WriteTo(into io.Writer) error {
 		{b.NebulaHostCert.HostCert, nebulaCertsHostCertPath},
 		{b.NebulaHostCert.HostKey, nebulaCertsHostKeyPath},
 		{b.GarageRPCSecret, garageRPCSecretPath},
+		{b.GarageAdminToken, garageAdminTokenPath},
 	}

 	for _, f := range filesToWriteAsString {
--- a/go-workspace/src/bootstrap/garage.go
+++ b/go-workspace/src/bootstrap/garage.go
@ -7,8 +7,9 @@ import (

 // Paths within the bootstrap FS related to garage.
 const (
-	garageGlobalBucketKeyYmlPath = "garage/cryptic-net-global-bucket-key.yml"
 	garageRPCSecretPath          = "garage/rpc-secret.txt"
+	garageAdminTokenPath         = "garage/admin-token.txt"
+	garageGlobalBucketKeyYmlPath = "garage/cryptic-net-global-bucket-key.yml"
 )

 // GaragePeers returns a Peer for each known garage instance in the network.
--- a/go-workspace/src/cmd/entrypoint/admin.go
+++ b/go-workspace/src/cmd/entrypoint/admin.go
@ -4,11 +4,21 @@ import (
 	"cryptic-net/admin"
 	"cryptic-net/bootstrap"
 	"cryptic-net/nebula"
+	"crypto/rand"
+	"encoding/hex"
 	"errors"
 	"fmt"
 	"os"
 )

+func randStr(l int) string {
+	b := make([]byte, l)
+	if _, err := rand.Read(b); err != nil {
+		panic(err)
+	}
+	return hex.EncodeToString(b)
+}
+
 func readAdmin(path string) (admin.Admin, error) {

 	if path == "-" {
@ -94,6 +104,7 @@ var subCmdAdminMakeBootstrap = subCmd{
 			NebulaHostCert: nebulaHostCert,

 			GarageRPCSecret:                    adm.GarageRPCSecret,
+			GarageAdminToken:                   randStr(32),
 			GarageGlobalBucketS3APICredentials: adm.GarageGlobalBucketS3APICredentials,
 		}

--- a/go-workspace/src/cmd/entrypoint/daemon_util.go
+++ b/go-workspace/src/cmd/entrypoint/daemon_util.go
@ -156,9 +156,11 @@ func garageWriteChildConf(
 		DataPath: alloc.DataPath,

 		RPCSecret:  env.Bootstrap.GarageRPCSecret,
+		AdminToken: env.Bootstrap.GarageAdminToken,

 		RPCAddr:   net.JoinHostPort(thisHost.Nebula.IP, strconv.Itoa(alloc.RPCPort)),
 		APIAddr:   net.JoinHostPort(thisHost.Nebula.IP, strconv.Itoa(alloc.S3APIPort)),
+		AdminAddr: net.JoinHostPort(thisHost.Nebula.IP, strconv.Itoa(alloc.AdminPort)),

 		BootstrapPeers: env.Bootstrap.GarageRPCPeerAddrs(),
 	})
--- a/go-workspace/src/daemon_yml.go
+++ b/go-workspace/src/daemon_yml.go
@ -33,6 +33,7 @@ type DaemonYmlStorageAllocation struct {
 	Capacity  int    `yaml:"capacity"`
 	S3APIPort int    `yaml:"s3_api_port"`
 	RPCPort   int    `yaml:"rpc_port"`
+	AdminPort int    `yaml:"admin_port"`
 }

 // DaemonYml describes the structure of the daemon.yml file.
--- a/go-workspace/src/garage/tpl.go
+++ b/go-workspace/src/garage/tpl.go
@ -14,9 +14,11 @@ type GarageTomlData struct {
 	DataPath string

 	RPCSecret  string
+	AdminToken string

 	RPCAddr   string
 	APIAddr   string
+	AdminAddr string

 	BootstrapPeers []string
 }
@ -40,6 +42,10 @@ bootstrap_peers = [{{- range .BootstrapPeers }}
 api_bind_addr = "{{ .APIAddr }}"
 s3_region = "garage"

+[admin]
+api_bind_addr = "{{ .AdminAddr }}"
+admin_token = "{{ .AdminToken }}"
+
 `))

 // RenderGarageToml renders a garage.toml using the given data into the writer.