Skip to content

Commit

Permalink
[telemetry]: move default certs location from device metadata to tele…
Browse files Browse the repository at this point in the history
…metry (#4307)

maintains backward compatibility to search original x509 location
when telemetry table does not have certs

Signed-off-by: Guohan Lu <lguohan@gmail.com>
  • Loading branch information
lguohan authored Mar 24, 2020
1 parent 8a6aeac commit a0d213c
Show file tree
Hide file tree
Showing 2 changed files with 37 additions and 25 deletions.
52 changes: 32 additions & 20 deletions dockers/docker-sonic-telemetry/telemetry.sh
Original file line number Diff line number Diff line change
@@ -1,34 +1,46 @@
#!/usr/bin/env bash

# Try to read telemetry and x509 config from ConfigDB.
# Try to read telemetry and certs config from ConfigDB.
# Use default value if no valid config exists
X509=`sonic-cfggen -d -v "DEVICE_METADATA['x509']"`
TELEMETRY=`sonic-cfggen -d -v 'TELEMETRY.keys() | join(" ") if TELEMETRY'`
gnmi=`sonic-cfggen -d -v "TELEMETRY['gnmi']"`
certs=`sonic-cfggen -d -v "TELEMETRY['certs']"`

TELEMETRY_ARGS=" -logtostderr"
export CVL_SCHEMA_PATH=/usr/sbin/schema

if [ -n "$X509" ]; then
SERVER_CRT=`sonic-cfggen -d -v "DEVICE_METADATA['x509']['server_crt']"`
SERVER_KEY=`sonic-cfggen -d -v "DEVICE_METADATA['x509']['server_key']"`
if [ -z $SERVER_CRT ] || [ -z $SERVER_KEY ]; then
TELEMETRY_ARGS+=" --insecure"
else
if [ -n "$certs" ]; then
SERVER_CRT=`sonic-cfggen -d -v "TELEMETRY['certs']['server_crt']"`
SERVER_KEY=`sonic-cfggen -d -v "TELEMETRY['certs']['server_key']"`
if [ -z $SERVER_CRT ] || [ -z $SERVER_KEY ]; then
TELEMETRY_ARGS+=" --insecure"
else
TELEMETRY_ARGS+=" --server_crt $SERVER_CRT --server_key $SERVER_KEY "
fi

CA_CRT=`sonic-cfggen -d -v "TELEMETRY['certs']['ca_crt']"`
if [ ! -z $CA_CRT ]; then
TELEMETRY_ARGS+=" --ca_crt $CA_CRT"
fi
elif [ -n "$X509" ]; then
SERVER_CRT=`sonic-cfggen -d -v "DEVICE_METADATA['x509']['server_crt']"`
SERVER_KEY=`sonic-cfggen -d -v "DEVICE_METADATA['x509']['server_key']"`
if [ -z $SERVER_CRT ] || [ -z $SERVER_KEY ]; then
TELEMETRY_ARGS+=" --insecure"
else
TELEMETRY_ARGS+=" --server_crt $SERVER_CRT --server_key $SERVER_KEY "
fi
else
TELEMETRY_ARGS+=" --insecure"
fi

if [ -n "$X509" ]; then
CA_CRT=`sonic-cfggen -d -v "DEVICE_METADATA['x509']['ca_crt']"`
if [ ! -z $CA_CRT ]; then
TELEMETRY_ARGS+=" --ca_crt $CA_CRT"
fi
CA_CRT=`sonic-cfggen -d -v "DEVICE_METADATA['x509']['ca_crt']"`
if [ ! -z $CA_CRT ]; then
TELEMETRY_ARGS+=" --ca_crt $CA_CRT"
fi
else
TELEMETRY_ARGS+=" --insecure"
fi

# If no configuration entry exists for TELEMETRY, create one default port
if [ -z $TELEMETRY ]; then
if [ -z "$gnmi" ]; then
sonic-db-cli CONFIG_DB hset "TELEMETRY|gnmi" port 8080
fi

Expand All @@ -37,14 +49,14 @@ TELEMETRY_ARGS+=" --port $PORT"

CLIENT_AUTH=`sonic-cfggen -d -v "TELEMETRY['gnmi']['client_auth']"`
if [ -z $CLIENT_AUTH ] || [ $CLIENT_AUTH == "false" ]; then
TELEMETRY_ARGS+=" --allow_no_client_auth"
TELEMETRY_ARGS+=" --allow_no_client_auth"
fi

LOG_LEVEL=`sonic-cfggen -d -v "TELEMETRY['gnmi']['log_level']"`
if [ ! -z $LOG_LEVEL ]; then
TELEMETRY_ARGS+=" -v=$LOG_LEVEL"
TELEMETRY_ARGS+=" -v=$LOG_LEVEL"
else
TELEMETRY_ARGS+=" -v=2"
TELEMETRY_ARGS+=" -v=2"
fi

exec /usr/sbin/telemetry ${TELEMETRY_ARGS}
10 changes: 5 additions & 5 deletions src/sonic-config-engine/minigraph.py
Original file line number Diff line number Diff line change
Expand Up @@ -636,11 +636,6 @@ def parse_xml(filename, platform=None, port_config_file=None):
'hostname': hostname,
'hwsku': hwsku,
'type': current_device['type']
},
'x509': {
'server_crt': '/etc/sonic/telemetry/streamingtelemetryserver.cer',
'server_key': '/etc/sonic/telemetry/streamingtelemetryserver.key',
'ca_crt': '/etc/sonic/telemetry/dsmsroot.cer'
}
}
results['BGP_NEIGHBOR'] = bgp_sessions
Expand Down Expand Up @@ -829,6 +824,11 @@ def parse_xml(filename, platform=None, port_config_file=None):
'client_auth': 'true',
'port': '50051',
'log_level': '2'
},
'certs': {
'server_crt': '/etc/sonic/telemetry/streamingtelemetryserver.cer',
'server_key': '/etc/sonic/telemetry/streamingtelemetryserver.key',
'ca_crt': '/etc/sonic/telemetry/dsmsroot.cer'
}
}

Expand Down

0 comments on commit a0d213c

Please sign in to comment.