[lxc-devel] [lxd/master] Always set the user-agent string

stgraber on Github lxc-bot at linuxcontainers.org
Wed Jan 1 18:31:10 UTC 2020


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 314 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200101/f821d50e/attachment.bin>
-------------- next part --------------
From 88cf1042c6465ddee9f532adf4e1b4d1de719345 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Wed, 1 Jan 2020 13:27:09 -0500
Subject: [PATCH 1/4] lxc-to-lxd: Set useragent
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 lxc-to-lxd/utils.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lxc-to-lxd/utils.go b/lxc-to-lxd/utils.go
index dae0247023..5915137dfc 100644
--- a/lxc-to-lxd/utils.go
+++ b/lxc-to-lxd/utils.go
@@ -13,6 +13,7 @@ import (
 	"github.com/lxc/lxd/lxd/migration"
 	"github.com/lxc/lxd/shared"
 	"github.com/lxc/lxd/shared/api"
+	"github.com/lxc/lxd/shared/version"
 )
 
 func transferRootfs(dst lxd.ContainerServer, op lxd.Operation, rootfs string, rsyncArgs string) error {
@@ -91,7 +92,7 @@ func connectTarget(url string) (lxd.ContainerServer, error) {
 	args := lxd.ConnectionArgs{}
 	args.TLSClientCert = string(clientCrt)
 	args.TLSClientKey = string(clientKey)
-	args.UserAgent = "LXC-TO-LXD"
+	args.UserAgent = fmt.Sprintf("LXC-TO-LXD %s", version.Version)
 	c, err := lxd.ConnectLXD(url, &args)
 
 	var certificate *x509.Certificate

From edb02d9f5c3833a1ed014eb44e148dc17abeb3a9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Wed, 1 Jan 2020 13:27:18 -0500
Subject: [PATCH 2/4] lxd-p2c: Set useragent
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 lxd-p2c/utils.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lxd-p2c/utils.go b/lxd-p2c/utils.go
index 45cd95f8d7..6f08884979 100644
--- a/lxd-p2c/utils.go
+++ b/lxd-p2c/utils.go
@@ -14,6 +14,7 @@ import (
 	"github.com/lxc/lxd/lxd/migration"
 	"github.com/lxc/lxd/shared"
 	"github.com/lxc/lxd/shared/api"
+	"github.com/lxc/lxd/shared/version"
 )
 
 func transferRootfs(dst lxd.ContainerServer, op lxd.Operation, rootfs string, rsyncArgs string) error {
@@ -92,7 +93,7 @@ func connectTarget(url string) (lxd.ContainerServer, error) {
 	args := lxd.ConnectionArgs{}
 	args.TLSClientCert = string(clientCrt)
 	args.TLSClientKey = string(clientKey)
-	args.UserAgent = "LXD-P2C"
+	args.UserAgent = fmt.Sprintf("LXC-P2C %s", version.Version)
 	c, err := lxd.ConnectLXD(url, &args)
 
 	var certificate *x509.Certificate

From 9775d9145b8463ad10b5f4fcc1b063396076e420 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Wed, 1 Jan 2020 13:27:50 -0500
Subject: [PATCH 3/4] lxd: Always set user agent
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 lxd/api_cluster.go           |  1 +
 lxd/cluster/connect.go       | 13 ++++++++++++-
 lxd/main_init_interactive.go |  2 ++
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/lxd/api_cluster.go b/lxd/api_cluster.go
index df19253417..bf96d39774 100644
--- a/lxd/api_cluster.go
+++ b/lxd/api_cluster.go
@@ -352,6 +352,7 @@ func clusterPutJoin(d *Daemon, req api.ClusterPut) response.Response {
 		TLSClientCert: string(cert.PublicKey()),
 		TLSClientKey:  string(cert.PrivateKey()),
 		TLSServerCert: string(req.ClusterCertificate),
+		UserAgent:     version.UserAgent,
 	}
 	fingerprint := cert.Fingerprint()
 
diff --git a/lxd/cluster/connect.go b/lxd/cluster/connect.go
index bd9c3881cb..0c1611fe54 100644
--- a/lxd/cluster/connect.go
+++ b/lxd/cluster/connect.go
@@ -6,12 +6,14 @@ import (
 	"fmt"
 	"time"
 
+	"github.com/pkg/errors"
+
 	lxd "github.com/lxc/lxd/client"
 	"github.com/lxc/lxd/lxd/db"
 	"github.com/lxc/lxd/lxd/instance/instancetype"
 	"github.com/lxc/lxd/shared"
 	"github.com/lxc/lxd/shared/api"
-	"github.com/pkg/errors"
+	"github.com/lxc/lxd/shared/version"
 )
 
 // Connect is a convenience around lxd.ConnectLXD that configures the client
@@ -47,6 +49,7 @@ func Connect(address string, cert *shared.CertInfo, notify bool) (lxd.InstanceSe
 		TLSClientCert: string(cert.PublicKey()),
 		TLSClientKey:  string(cert.PrivateKey()),
 		SkipGetServer: true,
+		UserAgent:     version.UserAgent,
 	}
 	if notify {
 		args.UserAgent = "lxd-cluster-notifier"
@@ -128,29 +131,37 @@ func SetupTrust(cert, targetAddress, targetCert, targetPassword string) error {
 	// Connect to the target cluster node.
 	args := &lxd.ConnectionArgs{
 		TLSServerCert: targetCert,
+		UserAgent:     version.UserAgent,
 	}
+
 	target, err := lxd.ConnectLXD(fmt.Sprintf("https://%s", targetAddress), args)
 	if err != nil {
 		return errors.Wrap(err, "failed to connect to target cluster node")
 	}
+
 	block, _ := pem.Decode([]byte(cert))
 	if block == nil {
 		return errors.Wrap(err, "failed to decode certificate")
 	}
+
 	certificate := base64.StdEncoding.EncodeToString(block.Bytes)
 	post := api.CertificatesPost{
 		Password:    targetPassword,
 		Certificate: certificate,
 	}
+
 	fingerprint, err := shared.CertFingerprintStr(cert)
 	if err != nil {
 		return errors.Wrap(err, "failed to calculate fingerprint")
 	}
+
 	post.Name = fmt.Sprintf("lxd.cluster.%s", fingerprint)
 	post.Type = "client"
+
 	err = target.CreateCertificate(post)
 	if err != nil && err.Error() != "Certificate already in trust store" {
 		return errors.Wrap(err, "Failed to add client cert to cluster")
 	}
+
 	return nil
 }
diff --git a/lxd/main_init_interactive.go b/lxd/main_init_interactive.go
index f3947ed526..7eaca13cd9 100644
--- a/lxd/main_init_interactive.go
+++ b/lxd/main_init_interactive.go
@@ -22,6 +22,7 @@ import (
 	"github.com/lxc/lxd/shared/api"
 	cli "github.com/lxc/lxd/shared/cmd"
 	"github.com/lxc/lxd/shared/idmap"
+	"github.com/lxc/lxd/shared/version"
 )
 
 func (c *cmdInit) RunInteractive(cmd *cobra.Command, args []string, d lxd.InstanceServer) (*cmdInitData, error) {
@@ -178,6 +179,7 @@ func (c *cmdInit) askClustering(config *cmdInitData, d lxd.InstanceServer) error
 				TLSClientCert: string(cert.PublicKey()),
 				TLSClientKey:  string(cert.PrivateKey()),
 				TLSServerCert: string(config.Cluster.ClusterCertificate),
+				UserAgent:     version.UserAgent,
 			}
 
 			client, err := lxd.ConnectLXD(fmt.Sprintf("https://%s", config.Cluster.ClusterAddress), args)

From 60c8333a730b465e8c6bada8767bfde53caa8392 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Wed, 1 Jan 2020 13:30:23 -0500
Subject: [PATCH 4/4] shared: Set user-agent in GetRemoteCertificate
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 lxc-to-lxd/utils.go          |  2 +-
 lxc/remote.go                |  2 +-
 lxd-p2c/utils.go             |  2 +-
 lxd/main_init_interactive.go |  2 +-
 shared/cert.go               | 13 +++++++++++--
 5 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/lxc-to-lxd/utils.go b/lxc-to-lxd/utils.go
index 5915137dfc..395459f59f 100644
--- a/lxc-to-lxd/utils.go
+++ b/lxc-to-lxd/utils.go
@@ -98,7 +98,7 @@ func connectTarget(url string) (lxd.ContainerServer, error) {
 	var certificate *x509.Certificate
 	if err != nil {
 		// Failed to connect using the system CA, so retrieve the remote certificate
-		certificate, err = shared.GetRemoteCertificate(url)
+		certificate, err = shared.GetRemoteCertificate(url, args.UserAgent)
 		if err != nil {
 			return nil, err
 		}
diff --git a/lxc/remote.go b/lxc/remote.go
index e663a8635c..7cda0be464 100644
--- a/lxc/remote.go
+++ b/lxc/remote.go
@@ -245,7 +245,7 @@ func (c *cmdRemoteAdd) Run(cmd *cobra.Command, args []string) error {
 	var certificate *x509.Certificate
 	if err != nil {
 		// Failed to connect using the system CA, so retrieve the remote certificate
-		certificate, err = shared.GetRemoteCertificate(addr)
+		certificate, err = shared.GetRemoteCertificate(addr, c.global.conf.UserAgent)
 		if err != nil {
 			return err
 		}
diff --git a/lxd-p2c/utils.go b/lxd-p2c/utils.go
index 6f08884979..45e34c6568 100644
--- a/lxd-p2c/utils.go
+++ b/lxd-p2c/utils.go
@@ -99,7 +99,7 @@ func connectTarget(url string) (lxd.ContainerServer, error) {
 	var certificate *x509.Certificate
 	if err != nil {
 		// Failed to connect using the system CA, so retrieve the remote certificate
-		certificate, err = shared.GetRemoteCertificate(url)
+		certificate, err = shared.GetRemoteCertificate(url, args.UserAgent)
 		if err != nil {
 			return nil, err
 		}
diff --git a/lxd/main_init_interactive.go b/lxd/main_init_interactive.go
index 7eaca13cd9..e93b575c5d 100644
--- a/lxd/main_init_interactive.go
+++ b/lxd/main_init_interactive.go
@@ -132,7 +132,7 @@ func (c *cmdInit) askClustering(config *cmdInitData, d lxd.InstanceServer) error
 				config.Cluster.ClusterAddress = clusterAddress
 
 				// Cluster certificate
-				cert, err := shared.GetRemoteCertificate(fmt.Sprintf("https://%s", config.Cluster.ClusterAddress))
+				cert, err := shared.GetRemoteCertificate(fmt.Sprintf("https://%s", config.Cluster.ClusterAddress), version.UserAgent)
 				if err != nil {
 					fmt.Printf("Error connecting to existing cluster node: %v\n", err)
 					continue
diff --git a/shared/cert.go b/shared/cert.go
index 5388628ea3..47fd232ae7 100644
--- a/shared/cert.go
+++ b/shared/cert.go
@@ -381,7 +381,7 @@ func CertFingerprintStr(c string) (string, error) {
 	return CertFingerprint(cert), nil
 }
 
-func GetRemoteCertificate(address string) (*x509.Certificate, error) {
+func GetRemoteCertificate(address string, useragent string) (*x509.Certificate, error) {
 	// Setup a permissive TLS config
 	tlsConfig, err := GetTLSConfig("", "", "", nil)
 	if err != nil {
@@ -402,8 +402,17 @@ func GetRemoteCertificate(address string) (*x509.Certificate, error) {
 	}
 
 	// Connect
+	req, err := http.NewRequest("GET", address, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	if useragent != "" {
+		req.Header.Set("User-Agent", useragent)
+	}
+
 	client := &http.Client{Transport: tr}
-	resp, err := client.Get(address)
+	resp, err := client.Do(req)
 	if err != nil {
 		return nil, err
 	}


More information about the lxc-devel mailing list