Merge pull request #8 from srl-wim/cert

cert generation
srl-labs · Sep 1, 2020 · 21c875a · 21c875a
2 parents b4dd1c5 + e27f16a
commit 21c875a
Show file tree

Hide file tree

Showing 12 changed files with 293 additions and 87 deletions.
diff --git a/.gitignore b/.gitignore
@@ -22,4 +22,5 @@ graph/*
 lab_wan
 lab_wan/*
 srl_config/license.key
-
+lab-wan
+lab-wan/*
diff --git a/README.md b/README.md
@@ -7,6 +7,10 @@ Currently supporting standard linux containers as clients and networking contain
 
 ## installation
 
+## Prerequisites for installing CA
+
+go get -u github.com/cloudflare/cfssl/cmd/...
+
 ### cloning the repo
 
 git clone https://github.com/srl-wim/container-lab

diff --git a/bin/containerlab b/bin/containerlab
diff --git a/ca_config/templates/csr-root-ca.json b/ca_config/templates/csr-root-ca.json
@@ -0,0 +1,16 @@
+{
+    "CN": "{{.Prefix}} Root CA",
+    "key": {
+       "algo": "rsa",
+       "size": 2048
+    },
+    "names": [{
+       "C": "BE",
+       "L": "Antwerp",
+       "O": "Nokia",
+       "OU": "Container lab"
+    }],
+    "ca": {
+       "expiry": "262800h"
+    }
+}
diff --git a/ca_config/templates/csr.json b/ca_config/templates/csr.json
@@ -0,0 +1,16 @@
+{
+    "CN": "{{.Name}}.{{.Prefix}}.io",
+    "key": {
+      "algo": "rsa",
+      "size": 2048
+    },
+    "names": [{
+      "C": "BE",
+      "L": "Antwerp",
+      "O": "Nokia",
+      "OU": "Container lab"
+    }],
+    "hosts": [
+      "{{.Name}}.{{.Prefix}}.io"
+    ]
+  }
diff --git a/src/cert.go b/src/cert.go
@@ -0,0 +1,154 @@
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+	"os/exec"
+	"strings"
+	"text/template"
+
+	log "github.com/sirupsen/logrus"
+)
+
+func parsecfsslInput(i *[]byte) (out string) {
+	in := strings.Split(string(*i), "{")
+	for i, s := range in {
+		if i != 0 {
+			out += s
+		}
+	}
+	return "{" + out
+}
+
+func cfssljson(i *[]byte, file string) {
+	var input = map[string]interface{}{}
+	var err error
+	var cert string
+	var key string
+	var csr string
+
+	err = json.Unmarshal([]byte(parsecfsslInput(i)), &input)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Failed to parse input: %v\n", err)
+		os.Exit(1)
+	}
+	if contents, ok := input["cert"]; ok {
+		cert = contents.(string)
+	} else if contents, ok = input["certificate"]; ok {
+		cert = contents.(string)
+	}
+	createFile(file+".pem", cert)
+
+	if contents, ok := input["key"]; ok {
+		key = contents.(string)
+	} else if contents, ok = input["private_key"]; ok {
+		key = contents.(string)
+	}
+	createFile(file+"-key.pem", key)
+
+	if contents, ok := input["csr"]; ok {
+		csr = contents.(string)
+	} else if contents, ok = input["certificate_request"]; ok {
+		csr = contents.(string)
+	}
+	createFile(file+".csr", csr)
+
+}
+
+func (c *cLab) createRootCA() (err error) {
+	//create root CA diretcory
+	createDirectory(c.Dir.LabCA, 0755)
+
+	//create root CA root diretcory
+	createDirectory(c.Dir.LabCARoot, 0755)
+
+	var src string
+	var dst string
+
+	// copy topology to node specific directory in lab
+	src = "ca_config/templates/csr-root-ca.json"
+	dst = c.Dir.LabCARoot + "/" + "csr-root-ca.json"
+	tpl, err := template.ParseFiles(src)
+	if err != nil {
+		log.Fatalln(err)
+	}
+	type Prefix struct {
+		Prefix string
+	}
+	prefix := Prefix{
+		Prefix: "lab" + "-" + c.Conf.Prefix,
+	}
+	f, err := os.Create(dst)
+	if err != nil {
+		log.Error("create file: ", err)
+		return err
+	}
+	defer f.Close()
+
+	if err = tpl.Execute(f, prefix); err != nil {
+		panic(err)
+	}
+	log.Debug(fmt.Sprintf("CopyFile GoTemplate src %s -> dat %s succeeded\n", src, dst))
+
+	var cmd *exec.Cmd
+	cmd = exec.Command("/home/henderiw/work/bin/cfssl", "gencert", "-initca", dst)
+	o, err := cmd.CombinedOutput()
+	//fmt.Println(string(o))
+	if err != nil {
+		log.Errorf("cmd.Run() failed with %s\n", err)
+	}
+
+	cfssljson(&o, c.Dir.LabCARoot+"/"+"root-ca")
+
+	return nil
+}
+
+func (c *cLab) createCERT(shortdutName string) (err error) {
+	//create dut cert diretcory
+	createDirectory(c.Nodes[shortdutName].CertDir, 0755)
+
+	var src string
+	var dst string
+
+	// copy topology to node specific directory in lab
+	src = "ca_config/templates/csr.json"
+	dst = c.Nodes[shortdutName].CertDir + "/" + "csr" + "-" + shortdutName + ".json"
+	tpl, err := template.ParseFiles(src)
+	if err != nil {
+		log.Fatalln(err)
+	}
+	type CERT struct {
+		Name   string
+		Prefix string
+	}
+	cert := CERT{
+		Name:   shortdutName,
+		Prefix: c.Conf.Prefix,
+	}
+	f, err := os.Create(dst)
+	if err != nil {
+		log.Error("create file: ", err)
+		return err
+	}
+	defer f.Close()
+
+	if err = tpl.Execute(f, cert); err != nil {
+		panic(err)
+	}
+	log.Debug(fmt.Sprintf("CopyFile GoTemplate src %s -> dat %s succeeded\n", src, dst))
+
+	var cmd *exec.Cmd
+	rootCert := c.Dir.LabCARoot + "/" + "root-ca.pem"
+	rootKey := c.Dir.LabCARoot + "/" + "root-ca-key.pem"
+	cmd = exec.Command("/home/henderiw/work/bin/cfssl", "gencert", "-ca", rootCert, "-ca-key", rootKey, dst)
+	o, err := cmd.CombinedOutput()
+	//fmt.Println(string(o))
+	if err != nil {
+		log.Errorf("cmd.Run() failed with %s\n", err)
+	}
+
+	cfssljson(&o, c.Nodes[shortdutName].CertDir+"/"+shortdutName)
+
+	return nil
+}
diff --git a/src/config.go b/src/config.go
@@ -50,7 +50,11 @@ type volume struct {
 
 // Node is a struct that contains the information of a container element
 type Node struct {
-	Name       string
+	ShortName  string
+	LongName   string
+	Fqdn       string
+	LabDir     string
+	CertDir    string
 	Index      int
 	Group      string
 	OS         string
@@ -133,6 +137,13 @@ func (c *cLab) parseTopology() error {
 	if c.Conf.ConfigPath == "" {
 		c.Conf.ConfigPath, _ = filepath.Abs(os.Getenv("PWD"))
 	}
+
+	c.Dir = new(cLabDirectory)
+	c.Dir.Lab = c.Conf.ConfigPath + "/" + "lab" + "-" + c.Conf.Prefix
+	c.Dir.LabCA = c.Dir.Lab + "/" + "ca" + "/"
+	c.Dir.LabCARoot = c.Dir.LabCA + "/" + "root" + "/"
+	c.Dir.LabGraph = c.Dir.Lab + "/" + "graph" + "/"
+
 	// initialize Nodes and Links variable
 	c.Nodes = make(map[string]*Node)
 	c.Links = make(map[int]*Link)
@@ -198,7 +209,11 @@ func (c *cLab) licenseInitialization(dut *dutInfo, kind string) string {
 func (c *cLab) NewNode(dutName string, dut dutInfo, idx int) *Node {
 	// initialize a new node
 	node := new(Node)
-	node.Name = dutName
+	node.ShortName = dutName
+	node.LongName = "lab" + "-" + c.Conf.Prefix + "-" + dutName
+	node.Fqdn = dutName + "." + c.Conf.Prefix + ".io"
+	node.LabDir = c.Dir.Lab + "/" + dutName
+	node.CertDir = c.Dir.LabCA + "/" + dutName
 	node.Index = idx
 
 	// initialize the node with global parameters
@@ -274,39 +289,25 @@ func (c *cLab) NewNode(dutName string, dut dutInfo, idx int) *Node {
 
 		node.Mounts = make(map[string]volume)
 		var v volume
-		labPath := c.Conf.ConfigPath + "/" + "lab" + "-" + c.Conf.Prefix + "/"
-		labDutPath := labPath + dutName + "/"
-		v.Source = labPath + "license.key"
+		v.Source = c.Dir.Lab + "/" + "license.key"
 		v.Destination = "/opt/srlinux/etc/license.key"
 		v.ReadOnly = true
 		log.Debug("License key: ", v.Source)
 		node.Mounts["license"] = v
 
-		v.Source = labDutPath + "config/"
+		v.Source = node.LabDir + "/" + "config/"
 		v.Destination = "/etc/opt/srlinux/"
 		v.ReadOnly = false
 		log.Debug("Config: ", v.Source)
 		node.Mounts["config"] = v
 
-		v.Source = labDutPath + "srlinux.conf"
+		v.Source = node.LabDir + "/" + "srlinux.conf"
 		v.Destination = "/home/admin/.srlinux.conf"
 		v.ReadOnly = false
 		log.Debug("Env Config: ", v.Source)
 		node.Mounts["envConf"] = v
 
-		// v.Source = labDutPath + "tls/"
-		// v.Destination = "/etc/opt/srlinux/tls/"
-		// v.ReadOnly = false
-		// log.Debug("TLS Dir: ", v.Source)
-		// node.Mounts["tls"] = v
-
-		// v.Source = labDutPath + "checkpoint/"
-		// v.Destination = "/etc/opt/srlinux/checkpoint/"
-		// v.ReadOnly = false
-		// log.Debug("checkPoint Dir: ", v.Source)
-		// node.Mounts["checkPoint"] = v
-
-		v.Source = labDutPath + "topology.yml"
+		v.Source = node.LabDir + "/" + "topology.yml"
 		v.Destination = "/tmp/topology.yml"
 		v.ReadOnly = true
 		log.Debug("Topology File: ", v.Source)

diff --git a/src/docker.go b/src/docker.go
@@ -153,12 +153,12 @@ func (c *cLab) createContainer(ctx context.Context, name string, node *Node) (er
 
 	node.Cid = cont.ID
 
-	err = c.startContainer(ctx, name, node)
+	err = c.startContainer(ctx, "lab"+"-"+c.Conf.Prefix+"-"+name, node)
 	if err != nil {
 		return err
 	}
 
-	return c.inspectContainer(ctx, name, node)
+	return c.inspectContainer(ctx, "lab"+"-"+c.Conf.Prefix+"-"+name, node)
 }
 
 func (c *cLab) startContainer(ctx context.Context, name string, node *Node) (err error) {
@@ -214,10 +214,12 @@ func (c *cLab) inspectContainer(ctx context.Context, id string, node *Node) (err
 		return err
 	}
 	node.Pid = s.State.Pid
-	node.MgmtIPv4 = s.NetworkSettings.Networks["srlinux_bridge"].IPAddress
-	node.MgmtIPv6 = s.NetworkSettings.Networks["srlinux_bridge"].GlobalIPv6Address
-	node.MgmtMac = s.NetworkSettings.Networks["srlinux_bridge"].MacAddress
-
+	if _, ok := s.NetworkSettings.Networks[c.Conf.DockerInfo.Bridge]; ok {
+		node.MgmtIPv4 = s.NetworkSettings.Networks[c.Conf.DockerInfo.Bridge].IPAddress
+		node.MgmtIPv6 = s.NetworkSettings.Networks[c.Conf.DockerInfo.Bridge].GlobalIPv6Address
+		node.MgmtMac = s.NetworkSettings.Networks[c.Conf.DockerInfo.Bridge].MacAddress
+	}
+
 	log.Debug("Container pid: ", node.Pid)
 	log.Debug("Container mgmt IPv4: ", node.MgmtIPv4)
 	log.Debug("Container mgmt IPv6: ", node.MgmtIPv6)

diff --git a/src/file.go b/src/file.go
@@ -172,30 +172,25 @@ func createDirectory(path string, perm os.FileMode) {
 }
 
 func (c *cLab) createNodeDirStructure(node *Node, dut string) (err error) {
-	// create lab directory
-	path := c.Conf.ConfigPath + "/" + "lab" + "-" + c.Conf.Prefix
-
 	switch node.OS {
 	case "srl":
 		var src string
 		var dst string
 		// copy license file to node specific directory in lab
 		src = node.License
-		dst = path + "/" + "license.key"
+		dst = c.Dir.Lab + "/" + "license.key"
 		if err = copyFile(src, dst); err != nil {
 			log.Error(fmt.Sprintf("CopyFile src %s -> dat %s failed %q\n", src, dst, err))
 			return err
 		}
 		log.Debug(fmt.Sprintf("CopyFile src %s -> dat %s succeeded\n", src, dst))
 
 		// create dut directory in lab
-		path += "/" + dut
-		createDirectory(path, 0777)
-		node.Path = path
+		createDirectory(node.LabDir, 0777)
 
 		// copy topology to node specific directory in lab
 		src = node.Topology
-		dst = path + "/" + "topology.yml"
+		dst = node.LabDir + "/" + "topology.yml"
 		tpl, err := template.ParseFiles(src)
 		if err != nil {
 			log.Fatalln(err)
@@ -224,9 +219,9 @@ func (c *cLab) createNodeDirStructure(node *Node, dut string) (err error) {
 
 		// copy config file to node specific directory in lab
 
-		createDirectory(path+"/"+"config", 0777)
+		createDirectory(node.LabDir+"/"+"config", 0777)
 		src = node.Config
-		dst = path + "/" + "config" + "/" + "config.json"
+		dst = node.LabDir + "/" + "config" + "/" + "config.json"
 		if !fileExists(dst) {
 			err = copyFile(src, dst)
 			if err != nil {
@@ -242,7 +237,7 @@ func (c *cLab) createNodeDirStructure(node *Node, dut string) (err error) {
 		// copy env config to node specific directory in lab
 
 		src = "srl_config/srl_env.conf"
-		dst = path + "/" + "srlinux.conf"
+		dst = node.LabDir + "/" + "srlinux.conf"
 		err = copyFile(src, dst)
 		if err != nil {
 			log.Error(fmt.Sprintf("CopyFile src %s -> dat %s failed %q\n", src, dst, err))
@@ -252,6 +247,8 @@ func (c *cLab) createNodeDirStructure(node *Node, dut string) (err error) {
 		node.EnvConf = dst
 
 	case "alpine":
+	case "ceos":
+	default:
 	}
 
 	return nil