matthew/sonic-buildimage
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[telemetry]: move default certs location from device metadata to telemetry (#4307)

Browse Source 
maintains backward compatibility to search original x509 location
when telemetry table does not have certs

Signed-off-by: Guohan Lu <lguohan@gmail.com>
This commit is contained in:
lguohan 2020-03-24 00:04:36 -07:00 committed by Abhishek Dosi
parent 75437bd539
commit 8969b7c06f
2 changed files with 37 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
dockers/docker-sonic-telemetry/telemetry.sh
View File

@ -1,14 +1,28 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# Try to read telemetry and x509 config from ConfigDB. # Try to read telemetry and certs config from ConfigDB.
# Use default value if no valid config exists # Use default value if no valid config exists
X509=`sonic-cfggen -d -v "DEVICE_METADATA['x509']"` X509=`sonic-cfggen -d -v "DEVICE_METADATA['x509']"`
TELEMETRY=`sonic-cfggen -d -v 'TELEMETRY.keys() | join(" ") if TELEMETRY'` gnmi=`sonic-cfggen -d -v "TELEMETRY['gnmi']"`
certs=`sonic-cfggen -d -v "TELEMETRY['certs']"`
TELEMETRY_ARGS=" -logtostderr" TELEMETRY_ARGS=" -logtostderr"
export CVL_SCHEMA_PATH=/usr/sbin/schema export CVL_SCHEMA_PATH=/usr/sbin/schema
if [ -n "$X509" ]; then if [ -n "$certs" ]; then
SERVER_CRT=`sonic-cfggen -d -v "TELEMETRY['certs']['server_crt']"`
SERVER_KEY=`sonic-cfggen -d -v "TELEMETRY['certs']['server_key']"`
if [ -z $SERVER_CRT ] || [ -z $SERVER_KEY ]; then
TELEMETRY_ARGS+=" --insecure"
else
TELEMETRY_ARGS+=" --server_crt $SERVER_CRT --server_key $SERVER_KEY "
fi
CA_CRT=`sonic-cfggen -d -v "TELEMETRY['certs']['ca_crt']"`
if [ ! -z $CA_CRT ]; then
TELEMETRY_ARGS+=" --ca_crt $CA_CRT"
fi
elif [ -n "$X509" ]; then
SERVER_CRT=`sonic-cfggen -d -v "DEVICE_METADATA['x509']['server_crt']"` SERVER_CRT=`sonic-cfggen -d -v "DEVICE_METADATA['x509']['server_crt']"`
SERVER_KEY=`sonic-cfggen -d -v "DEVICE_METADATA['x509']['server_key']"` SERVER_KEY=`sonic-cfggen -d -v "DEVICE_METADATA['x509']['server_key']"`
if [ -z $SERVER_CRT ] || [ -z $SERVER_KEY ]; then if [ -z $SERVER_CRT ] || [ -z $SERVER_KEY ]; then
@ -16,19 +30,17 @@ if [ -n "$X509" ]; then
else else
TELEMETRY_ARGS+=" --server_crt $SERVER_CRT --server_key $SERVER_KEY " TELEMETRY_ARGS+=" --server_crt $SERVER_CRT --server_key $SERVER_KEY "
fi fi
else
TELEMETRY_ARGS+=" --insecure"
fi
if [ -n "$X509" ]; then
CA_CRT=`sonic-cfggen -d -v "DEVICE_METADATA['x509']['ca_crt']"` CA_CRT=`sonic-cfggen -d -v "DEVICE_METADATA['x509']['ca_crt']"`
if [ ! -z $CA_CRT ]; then if [ ! -z $CA_CRT ]; then
TELEMETRY_ARGS+=" --ca_crt $CA_CRT" TELEMETRY_ARGS+=" --ca_crt $CA_CRT"
fi fi
else
TELEMETRY_ARGS+=" --insecure"
fi fi
# If no configuration entry exists for TELEMETRY, create one default port # If no configuration entry exists for TELEMETRY, create one default port
if [ -z $TELEMETRY ]; then if [ -z "$gnmi" ]; then
sonic-db-cli CONFIG_DB hset "TELEMETRY|gnmi" port 8080 sonic-db-cli CONFIG_DB hset "TELEMETRY|gnmi" port 8080
fi fi

10
src/sonic-config-engine/minigraph.py
View File

@ -636,11 +636,6 @@ def parse_xml(filename, platform=None, port_config_file=None):
'hostname': hostname, 'hostname': hostname,
'hwsku': hwsku, 'hwsku': hwsku,
'type': current_device['type'] 'type': current_device['type']
},
'x509': {
'server_crt': '/etc/sonic/telemetry/streamingtelemetryserver.cer',
'server_key': '/etc/sonic/telemetry/streamingtelemetryserver.key',
'ca_crt': '/etc/sonic/telemetry/dsmsroot.cer'
} }
} }
results['BGP_NEIGHBOR'] = bgp_sessions results['BGP_NEIGHBOR'] = bgp_sessions
@ -829,6 +824,11 @@ def parse_xml(filename, platform=None, port_config_file=None):
'client_auth': 'true', 'client_auth': 'true',
'port': '50051', 'port': '50051',
'log_level': '2' 'log_level': '2'
},
'certs': {
'server_crt': '/etc/sonic/telemetry/streamingtelemetryserver.cer',
'server_key': '/etc/sonic/telemetry/streamingtelemetryserver.key',
'ca_crt': '/etc/sonic/telemetry/dsmsroot.cer'
} }
} }