[lxc-devel] [lxd/master] Always set the user-agent string
stgraber on Github
lxc-bot at linuxcontainers.org
Wed Jan 1 18:31:10 UTC 2020
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 314 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200101/f821d50e/attachment.bin>
-------------- next part --------------
From 88cf1042c6465ddee9f532adf4e1b4d1de719345 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Wed, 1 Jan 2020 13:27:09 -0500
Subject: [PATCH 1/4] lxc-to-lxd: Set useragent
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxc-to-lxd/utils.go | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lxc-to-lxd/utils.go b/lxc-to-lxd/utils.go
index dae0247023..5915137dfc 100644
--- a/lxc-to-lxd/utils.go
+++ b/lxc-to-lxd/utils.go
@@ -13,6 +13,7 @@ import (
"github.com/lxc/lxd/lxd/migration"
"github.com/lxc/lxd/shared"
"github.com/lxc/lxd/shared/api"
+ "github.com/lxc/lxd/shared/version"
)
func transferRootfs(dst lxd.ContainerServer, op lxd.Operation, rootfs string, rsyncArgs string) error {
@@ -91,7 +92,7 @@ func connectTarget(url string) (lxd.ContainerServer, error) {
args := lxd.ConnectionArgs{}
args.TLSClientCert = string(clientCrt)
args.TLSClientKey = string(clientKey)
- args.UserAgent = "LXC-TO-LXD"
+ args.UserAgent = fmt.Sprintf("LXC-TO-LXD %s", version.Version)
c, err := lxd.ConnectLXD(url, &args)
var certificate *x509.Certificate
From edb02d9f5c3833a1ed014eb44e148dc17abeb3a9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Wed, 1 Jan 2020 13:27:18 -0500
Subject: [PATCH 2/4] lxd-p2c: Set useragent
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxd-p2c/utils.go | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lxd-p2c/utils.go b/lxd-p2c/utils.go
index 45cd95f8d7..6f08884979 100644
--- a/lxd-p2c/utils.go
+++ b/lxd-p2c/utils.go
@@ -14,6 +14,7 @@ import (
"github.com/lxc/lxd/lxd/migration"
"github.com/lxc/lxd/shared"
"github.com/lxc/lxd/shared/api"
+ "github.com/lxc/lxd/shared/version"
)
func transferRootfs(dst lxd.ContainerServer, op lxd.Operation, rootfs string, rsyncArgs string) error {
@@ -92,7 +93,7 @@ func connectTarget(url string) (lxd.ContainerServer, error) {
args := lxd.ConnectionArgs{}
args.TLSClientCert = string(clientCrt)
args.TLSClientKey = string(clientKey)
- args.UserAgent = "LXD-P2C"
+ args.UserAgent = fmt.Sprintf("LXC-P2C %s", version.Version)
c, err := lxd.ConnectLXD(url, &args)
var certificate *x509.Certificate
From 9775d9145b8463ad10b5f4fcc1b063396076e420 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Wed, 1 Jan 2020 13:27:50 -0500
Subject: [PATCH 3/4] lxd: Always set user agent
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxd/api_cluster.go | 1 +
lxd/cluster/connect.go | 13 ++++++++++++-
lxd/main_init_interactive.go | 2 ++
3 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/lxd/api_cluster.go b/lxd/api_cluster.go
index df19253417..bf96d39774 100644
--- a/lxd/api_cluster.go
+++ b/lxd/api_cluster.go
@@ -352,6 +352,7 @@ func clusterPutJoin(d *Daemon, req api.ClusterPut) response.Response {
TLSClientCert: string(cert.PublicKey()),
TLSClientKey: string(cert.PrivateKey()),
TLSServerCert: string(req.ClusterCertificate),
+ UserAgent: version.UserAgent,
}
fingerprint := cert.Fingerprint()
diff --git a/lxd/cluster/connect.go b/lxd/cluster/connect.go
index bd9c3881cb..0c1611fe54 100644
--- a/lxd/cluster/connect.go
+++ b/lxd/cluster/connect.go
@@ -6,12 +6,14 @@ import (
"fmt"
"time"
+ "github.com/pkg/errors"
+
lxd "github.com/lxc/lxd/client"
"github.com/lxc/lxd/lxd/db"
"github.com/lxc/lxd/lxd/instance/instancetype"
"github.com/lxc/lxd/shared"
"github.com/lxc/lxd/shared/api"
- "github.com/pkg/errors"
+ "github.com/lxc/lxd/shared/version"
)
// Connect is a convenience around lxd.ConnectLXD that configures the client
@@ -47,6 +49,7 @@ func Connect(address string, cert *shared.CertInfo, notify bool) (lxd.InstanceSe
TLSClientCert: string(cert.PublicKey()),
TLSClientKey: string(cert.PrivateKey()),
SkipGetServer: true,
+ UserAgent: version.UserAgent,
}
if notify {
args.UserAgent = "lxd-cluster-notifier"
@@ -128,29 +131,37 @@ func SetupTrust(cert, targetAddress, targetCert, targetPassword string) error {
// Connect to the target cluster node.
args := &lxd.ConnectionArgs{
TLSServerCert: targetCert,
+ UserAgent: version.UserAgent,
}
+
target, err := lxd.ConnectLXD(fmt.Sprintf("https://%s", targetAddress), args)
if err != nil {
return errors.Wrap(err, "failed to connect to target cluster node")
}
+
block, _ := pem.Decode([]byte(cert))
if block == nil {
return errors.Wrap(err, "failed to decode certificate")
}
+
certificate := base64.StdEncoding.EncodeToString(block.Bytes)
post := api.CertificatesPost{
Password: targetPassword,
Certificate: certificate,
}
+
fingerprint, err := shared.CertFingerprintStr(cert)
if err != nil {
return errors.Wrap(err, "failed to calculate fingerprint")
}
+
post.Name = fmt.Sprintf("lxd.cluster.%s", fingerprint)
post.Type = "client"
+
err = target.CreateCertificate(post)
if err != nil && err.Error() != "Certificate already in trust store" {
return errors.Wrap(err, "Failed to add client cert to cluster")
}
+
return nil
}
diff --git a/lxd/main_init_interactive.go b/lxd/main_init_interactive.go
index f3947ed526..7eaca13cd9 100644
--- a/lxd/main_init_interactive.go
+++ b/lxd/main_init_interactive.go
@@ -22,6 +22,7 @@ import (
"github.com/lxc/lxd/shared/api"
cli "github.com/lxc/lxd/shared/cmd"
"github.com/lxc/lxd/shared/idmap"
+ "github.com/lxc/lxd/shared/version"
)
func (c *cmdInit) RunInteractive(cmd *cobra.Command, args []string, d lxd.InstanceServer) (*cmdInitData, error) {
@@ -178,6 +179,7 @@ func (c *cmdInit) askClustering(config *cmdInitData, d lxd.InstanceServer) error
TLSClientCert: string(cert.PublicKey()),
TLSClientKey: string(cert.PrivateKey()),
TLSServerCert: string(config.Cluster.ClusterCertificate),
+ UserAgent: version.UserAgent,
}
client, err := lxd.ConnectLXD(fmt.Sprintf("https://%s", config.Cluster.ClusterAddress), args)
From 60c8333a730b465e8c6bada8767bfde53caa8392 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Wed, 1 Jan 2020 13:30:23 -0500
Subject: [PATCH 4/4] shared: Set user-agent in GetRemoteCertificate
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxc-to-lxd/utils.go | 2 +-
lxc/remote.go | 2 +-
lxd-p2c/utils.go | 2 +-
lxd/main_init_interactive.go | 2 +-
shared/cert.go | 13 +++++++++++--
5 files changed, 15 insertions(+), 6 deletions(-)
diff --git a/lxc-to-lxd/utils.go b/lxc-to-lxd/utils.go
index 5915137dfc..395459f59f 100644
--- a/lxc-to-lxd/utils.go
+++ b/lxc-to-lxd/utils.go
@@ -98,7 +98,7 @@ func connectTarget(url string) (lxd.ContainerServer, error) {
var certificate *x509.Certificate
if err != nil {
// Failed to connect using the system CA, so retrieve the remote certificate
- certificate, err = shared.GetRemoteCertificate(url)
+ certificate, err = shared.GetRemoteCertificate(url, args.UserAgent)
if err != nil {
return nil, err
}
diff --git a/lxc/remote.go b/lxc/remote.go
index e663a8635c..7cda0be464 100644
--- a/lxc/remote.go
+++ b/lxc/remote.go
@@ -245,7 +245,7 @@ func (c *cmdRemoteAdd) Run(cmd *cobra.Command, args []string) error {
var certificate *x509.Certificate
if err != nil {
// Failed to connect using the system CA, so retrieve the remote certificate
- certificate, err = shared.GetRemoteCertificate(addr)
+ certificate, err = shared.GetRemoteCertificate(addr, c.global.conf.UserAgent)
if err != nil {
return err
}
diff --git a/lxd-p2c/utils.go b/lxd-p2c/utils.go
index 6f08884979..45e34c6568 100644
--- a/lxd-p2c/utils.go
+++ b/lxd-p2c/utils.go
@@ -99,7 +99,7 @@ func connectTarget(url string) (lxd.ContainerServer, error) {
var certificate *x509.Certificate
if err != nil {
// Failed to connect using the system CA, so retrieve the remote certificate
- certificate, err = shared.GetRemoteCertificate(url)
+ certificate, err = shared.GetRemoteCertificate(url, args.UserAgent)
if err != nil {
return nil, err
}
diff --git a/lxd/main_init_interactive.go b/lxd/main_init_interactive.go
index 7eaca13cd9..e93b575c5d 100644
--- a/lxd/main_init_interactive.go
+++ b/lxd/main_init_interactive.go
@@ -132,7 +132,7 @@ func (c *cmdInit) askClustering(config *cmdInitData, d lxd.InstanceServer) error
config.Cluster.ClusterAddress = clusterAddress
// Cluster certificate
- cert, err := shared.GetRemoteCertificate(fmt.Sprintf("https://%s", config.Cluster.ClusterAddress))
+ cert, err := shared.GetRemoteCertificate(fmt.Sprintf("https://%s", config.Cluster.ClusterAddress), version.UserAgent)
if err != nil {
fmt.Printf("Error connecting to existing cluster node: %v\n", err)
continue
diff --git a/shared/cert.go b/shared/cert.go
index 5388628ea3..47fd232ae7 100644
--- a/shared/cert.go
+++ b/shared/cert.go
@@ -381,7 +381,7 @@ func CertFingerprintStr(c string) (string, error) {
return CertFingerprint(cert), nil
}
-func GetRemoteCertificate(address string) (*x509.Certificate, error) {
+func GetRemoteCertificate(address string, useragent string) (*x509.Certificate, error) {
// Setup a permissive TLS config
tlsConfig, err := GetTLSConfig("", "", "", nil)
if err != nil {
@@ -402,8 +402,17 @@ func GetRemoteCertificate(address string) (*x509.Certificate, error) {
}
// Connect
+ req, err := http.NewRequest("GET", address, nil)
+ if err != nil {
+ return nil, err
+ }
+
+ if useragent != "" {
+ req.Header.Set("User-Agent", useragent)
+ }
+
client := &http.Client{Transport: tr}
- resp, err := client.Get(address)
+ resp, err := client.Do(req)
if err != nil {
return nil, err
}
More information about the lxc-devel
mailing list