Support for openstack meta_data.json, connect timeout, other fixes.

2018-01-10 14:13:49 +01:00 · 2018-01-10 14:13:49 +01:00 · ac66f160e0
commit ac66f160e0
parent eb9d5b440c
7 changed files with 279 additions and 55 deletions
--- a/agent/Makefile
+++ b/agent/Makefile
@ -1,5 +1,5 @@
 PROG=		cloud-agent
-SRCS=		main.c xml.c azure.c cloudinit.c http.c log.c
+SRCS=		azure.c cloudinit.c http.c json.c jsmn.c log.c openstack.c main.c xml.c
 BINDIR=		/usr/local/libexec
 MANDIR=		/usr/local/man/man

--- a/agent/azure.c
+++ b/agent/azure.c
@ -64,6 +64,7 @@ azure(struct system_config *sc)
 	int	 ret = -1;

 	/* Apply defaults */
+	free(sc->sc_username);
 	if ((sc->sc_username = strdup("azure-user")) == NULL) {
 		log_warnx("failed to set default user");
 		goto done;
--- a/agent/cloudinit.c
+++ b/agent/cloudinit.c
@ -30,12 +30,11 @@
 #include "xml.h"

 static int	 cloudinit_fetch(struct system_config *);
-static char	*cloudinit_get(struct system_config *, const char *,
-		    enum strtype);

 int
 ec2(struct system_config *sc)
 {
+	free(sc->sc_username);
 	if ((sc->sc_username = strdup("ec2-user")) == NULL ||
 	    (sc->sc_endpoint = strdup("169.254.169.254")) == NULL) {
 		log_warnx("failed to set defaults");
@ -49,8 +48,7 @@ int
 cloudinit(struct system_config *sc)
 {
 	/* XXX get endpoint from DHCP lease file */
-	if ((sc->sc_username = strdup("puffy")) == NULL ||
-	    (sc->sc_endpoint = strdup("169.254.169.254")) == NULL) {
+	if ((sc->sc_endpoint = strdup("169.254.169.254")) == NULL) {
 		log_warnx("failed to set defaults");
 		return (-1);
 	}
@ -58,35 +56,6 @@ cloudinit(struct system_config *sc)
 	return (cloudinit_fetch(sc));
 }

-static char *
-cloudinit_get(struct system_config *sc, const char *path, enum strtype type)
-{
-	struct httpget	*g = NULL;
-	char		*str = NULL;
-
-	log_debug("%s: %s", __func__, path);
-
-	g = http_get(&sc->sc_addr, 1,
-	    sc->sc_endpoint, 80, path, NULL, 0, NULL);
-	if (g != NULL && g->code == 200 && g->bodypartsz > 0) {
-		switch (type) {
-		case TEXT:
-			/* multi-line string, always printable */
-			str = get_string(g->bodypart, g->bodypartsz);
-			break;
-		case LINE:
-			str = get_line(g->bodypart, g->bodypartsz);
-			break;
-		case WORD:
-			str = get_word(g->bodypart, g->bodypartsz);
-			break;
-		}
-	}
-	http_get_free(g);
-
-	return (str);
-}
-
 static int
 cloudinit_fetch(struct system_config *sc)
 {
@ -96,37 +65,32 @@ cloudinit_fetch(struct system_config *sc)
 	sc->sc_addr.ip = sc->sc_endpoint;
 	sc->sc_addr.family = 4;

-	if (sc->sc_dryrun)
-		return (0);
-
 	/* instance-id */
-	if ((sc->sc_instance = cloudinit_get(sc,
+	if ((sc->sc_instance = metadata(sc,
 	    "/latest/meta-data/instance-id", WORD)) == NULL)
 		goto fail;

 	/* hostname */
-	if ((sc->sc_hostname = cloudinit_get(sc,
+	if ((sc->sc_hostname = metadata(sc,
 	    "/latest/meta-data/local-hostname", WORD)) == NULL)
 		goto fail;

 	/* pubkey */
-	if ((str = cloudinit_get(sc,
+	if ((str = metadata(sc,
 	    "/latest/meta-data/public-keys/0/openssh-key", LINE)) == NULL)
 		goto fail;
 	if (agent_addpubkey(sc, str, NULL) != 0)
 		goto fail;

 	/* optional username - this is an extension by meta-data(8) */
-	if ((str = cloudinit_get(sc,
-	    "/latest/meta-data/username", WORD)) != NULL) {
+	if ((str = metadata(sc, "/latest/meta-data/username", WORD)) != NULL) {
 		free(sc->sc_username);
 		sc->sc_username = str;
 		str = NULL;
 	}

 	/* userdata */
-	if ((sc->sc_userdata = cloudinit_get(sc,
-	    "/latest/user-data", TEXT)) == NULL)
+	if ((sc->sc_userdata = metadata(sc, "/latest/user-data", TEXT)) == NULL)
 		goto fail;

 	ret = 0;
--- a/agent/http.c
+++ b/agent/http.c
@ -277,8 +277,8 @@ again:
 	if (fd == -1) {
 		warn("%s: socket", addrs[cur].ip);
 		goto again;
-	} else if (connect(fd, (struct sockaddr *)&ss, len) == -1) {
-		warn("%s: connect", addrs[cur].ip);
+	} else if (connect_wait(fd, (struct sockaddr *)&ss, len) == -1) {
+		warn("http://%s%s", addrs[cur].ip, path);
 		close(fd);
 		goto again;
 	}
--- a/agent/main.c
+++ b/agent/main.c
@ -26,16 +26,20 @@
 #include <ctype.h>
 #include <fcntl.h>
 #include <errno.h>
+#include <poll.h>
+#include <err.h>

 #include "main.h"
 #include "xml.h"

 __dead void			 usage(void);
-static struct system_config	*agent_init(const char *, int);
+static struct system_config	*agent_init(const char *, int, int);
 static int			 agent_configure(struct system_config *);
 static void			 agent_free(struct system_config *);
 static int			 agent_pf(struct system_config *, int);
 static void			 agent_unconfigure(void);
+static char			*metadata_parse(char *, size_t, enum strtype);
+static int			 agent_timeout;

 int
 shell(const char *arg, ...)
@ -289,7 +293,7 @@ get_word(u_int8_t *ptr, size_t len)
 }

 static struct system_config *
-agent_init(const char *ifname, int dryrun)
+agent_init(const char *ifname, int dryrun, int timeout)
 {
 	struct system_config	*sc;

@ -298,12 +302,18 @@ agent_init(const char *ifname, int dryrun)

 	sc->sc_interface = ifname;
 	sc->sc_dryrun = dryrun ? 1 : 0;
+	sc->sc_timeout = agent_timeout = timeout < 1 ? -1 : timeout * 1000;
 	TAILQ_INIT(&sc->sc_pubkeys);

 	if ((sc->sc_nullfd = open("/dev/null", O_RDWR)) == -1) {
 		free(sc);
 		return (NULL);
 	}
+	if ((sc->sc_username = strdup("puffy")) == NULL) {
+		free(sc);
+		close(sc->sc_nullfd);
+		return (NULL);
+	}

 	if (sc->sc_dryrun)
 		return (sc);
@ -599,12 +609,125 @@ agent_unconfigure(void)
 	    "permit keepenv nopass root\n", "w", "/etc/doas.conf");
 }

+
+static char *
+metadata_parse(char *s, size_t sz, enum strtype type)
+{
+	char	*str;
+
+	switch (type) {
+	case TEXT:
+		/* multi-line string, always printable */
+		str = get_string(s, sz);
+		break;
+	case LINE:
+		str = get_line(s, sz);
+		break;
+	case WORD:
+		str = get_word(s, sz);
+		break;
+	}
+
+	return (str);
+}
+
+char *
+metadata(struct system_config *sc, const char *path, enum strtype type)
+{
+	struct httpget	*g = NULL;
+	char		*str = NULL;
+
+	log_debug("%s: %s", __func__, path);
+
+	g = http_get(&sc->sc_addr, 1,
+	    sc->sc_endpoint, 80, path, NULL, 0, NULL);
+	if (g != NULL && g->code == 200 && g->bodypartsz > 0)
+		str = metadata_parse(g->bodypart, g->bodypartsz, type);
+	http_get_free(g);
+
+	return (str);
+}
+
+char *
+metadata_file(struct system_config *sc, const char *name, enum strtype type)
+{
+	FILE		*fp, *mfp;
+	char		 buf[BUFSIZ], *mbuf, *str;
+	size_t		 sz, msz;
+
+	if ((fp = fopen(name, "r")) == NULL) {
+		log_warn("%s: could not open %s", __func__, name);
+		return (NULL);
+	}
+
+	if ((mfp = open_memstream(&mbuf, &msz)) == NULL) {
+		log_warn("%s: open_memstream", __func__);
+		fclose(fp);
+		return (NULL);
+	}
+
+	do {
+		if ((sz = fread(buf, 1, sizeof(buf), fp)) < 1)
+			break;
+		if (fwrite(buf, sz, 1, mfp) != 1)
+			break;
+	} while (sz == sizeof(buf));
+
+	fclose(mfp);
+	fclose(fp);
+
+	str = metadata_parse(mbuf, msz, type);
+	free(mbuf);
+
+	return (str);
+}
+
+int
+connect_wait(int s, const struct sockaddr *name, socklen_t namelen)
+{
+	struct pollfd	 pfd[1];
+	int		 error = 0, flag;
+	socklen_t	 errlen = sizeof(error);
+
+	if ((flag = fcntl(s, F_GETFL, 0)) == -1 ||
+	    (fcntl(s, F_SETFL, flag | O_NONBLOCK)) == -1)
+		return (-1);
+
+	error = connect(s, name, namelen);
+	do {
+		pfd[0].fd = s;
+		pfd[0].events = POLLOUT;
+
+		if ((error = poll(pfd, 1, agent_timeout)) == -1)
+			continue;
+		if (error == 0) {
+			error = ETIMEDOUT;
+			goto done;
+		}
+		if (getsockopt(s, SOL_SOCKET, SO_ERROR, &error, &errlen) == -1)
+			continue;
+	} while (error != 0 && error == EINTR);
+
+ done:
+	if (fcntl(s, F_SETFL, flag & ~O_NONBLOCK) == -1)
+		return (-1);
+
+	if (error != 0) {
+		errno = error;
+		return (-1);
+	}
+
+	log_debug("%s:%d error %d", __func__, __LINE__, error);
+
+	return (0);
+}
+
 __dead void
 usage(void)
 {
 	extern char	*__progname;

-	fprintf(stderr, "usage: %s [-nuv] interface\n",
+	fprintf(stderr, "usage: %s [-nuv] [-t 3] interface\n",
 	    __progname);
 	exit(1);
 }
@ -614,9 +737,10 @@ main(int argc, char *const *argv)
 {
 	struct system_config	*sc;
 	int			 verbose = 0, dryrun = 0, unconfigure = 0;
-	int			 ch, ret;
+	int			 ch, ret, timeout = CONNECT_TIMEOUT;
+	const char		*error = NULL;

-	while ((ch = getopt(argc, argv, "nvu")) != -1) {
+	while ((ch = getopt(argc, argv, "nvt:u")) != -1) {
 		switch (ch) {
 		case 'n':
 			dryrun = 1;
@ -624,6 +748,11 @@ main(int argc, char *const *argv)
 		case 'v':
 			verbose += 2;
 			break;
+		case 't':
+			timeout = strtonum(optarg, -1, 86400, &error);
+			if (error != NULL)
+				fatalx("invalid timeout: %s", error);
+			break;
 		case 'u':
 			unconfigure = 1;
 			break;
@ -650,7 +779,7 @@ main(int argc, char *const *argv)
 	if (pledge("stdio cpath rpath wpath exec proc dns inet", NULL) == -1)
 		fatal("pledge");

-	if ((sc = agent_init(argv[0], dryrun)) == NULL)
+	if ((sc = agent_init(argv[0], dryrun, timeout)) == NULL)
 		fatalx("agent");

 	/*
@ -661,10 +790,8 @@ main(int argc, char *const *argv)
 		ret = azure(sc);
 	else if (strcmp("xnf0", sc->sc_interface) == 0)
 		ret = ec2(sc);
-	else if (strcmp("vio0", sc->sc_interface) == 0)
-		ret = cloudinit(sc);
 	else
-		fatal("unsupported cloud interface %s", sc->sc_interface);
+		ret = openstack(sc);

 	if (sc->sc_dryrun) {
 		agent_free(sc);
--- a/agent/main.h
+++ b/agent/main.h
@ -19,10 +19,14 @@

 #include <sys/queue.h>
 #include <sys/cdefs.h>
+#include <sys/socket.h>
 #include <stdarg.h>
 #include <stddef.h>

 #include "http.h"
+#include "jsmn.h"
+
+#define CONNECT_TIMEOUT		10 /* in seconds */

 enum strtype {
 	WORD,
@ -46,6 +50,7 @@ struct system_config {
 	char			*sc_userdata;
 	char			*sc_endpoint;
 	char			*sc_instance;
+	int			 sc_timeout;

 	const char		*sc_ovfenv;
 	const char		*sc_interface;
@ -59,6 +64,26 @@ struct system_config {
 	void			*sc_priv;
 };

+struct	jsmnp;
+struct	jsmnn {
+	struct parse		*p;
+	union {
+		char		*str;
+		struct jsmnp	*obj;
+		struct jsmnn	**array;
+	} d;
+	size_t			 fields;
+	jsmntype_t		 type;
+};
+
+/* json.c */
+struct jsmnn	*json_parse(const char *, size_t);
+void		 json_free(struct jsmnn *);
+struct jsmnn	*json_getarrayobj(struct jsmnn *);
+struct jsmnn	*json_getarray(struct jsmnn *, const char *);
+struct jsmnn	*json_getobj(struct jsmnn *, const char *);
+char		*json_getstr(struct jsmnn *, const char *);
+
 /* azure.c */
 int	 azure(struct system_config *);

@ -66,6 +91,9 @@ int	 azure(struct system_config *);
 int	 ec2(struct system_config *);
 int	 cloudinit(struct system_config *);

+/* openstack.c */
+int	 openstack(struct system_config *);
+
 /* main.c */
 int	 shell(const char *, ...);
 int	 shellout(const char *, char **, const char *, ...);
@ -76,6 +104,9 @@ char	*get_line(u_int8_t *, size_t);
 char	*get_word(u_int8_t *, size_t);
 int	 agent_addpubkey(struct system_config *, const char *, const char *);
 int	 agent_setpubkey(struct system_config *, const char *, const char *);
+char	*metadata(struct system_config *, const char *, enum strtype);
+char	*metadata_file(struct system_config *, const char *, enum strtype);
+int	 connect_wait(int, const struct sockaddr *, socklen_t);

 /* log.c */
 void	log_init(int, int);
--- a/agent/openstack.c
+++ b/agent/openstack.c
@ -0,0 +1,101 @@
+/*
+ * Copyright (c) 2018 Reyk Floeter <reyk@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <sys/queue.h>
+#include <sys/stat.h>
+
+#include <limits.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <err.h>
+
+#include "main.h"
+#include "http.h"
+#include "xml.h"
+
+static int	 openstack_fetch(struct system_config *);
+
+int
+openstack(struct system_config *sc)
+{
+	if ((sc->sc_endpoint = strdup("169.254.169.254")) == NULL) {
+		log_warnx("failed to set defaults");
+		return (-1);
+	}
+
+	if (openstack_fetch(sc) != 0) {
+		free(sc->sc_endpoint);
+		return (cloudinit(sc));
+	}
+	return (0);
+}
+
+static int
+openstack_fetch(struct system_config *sc)
+{
+	int		 ret = -1;
+	char		*json = NULL, *str;
+	struct jsmnn	*j = NULL, *o, *f;
+	size_t		 i;
+
+	sc->sc_addr.ip = sc->sc_endpoint;
+	sc->sc_addr.family = 4;
+
+	/* meta_data, we don't handle vendor_data */
+	if ((json = metadata(sc,
+	    "/openstack/latest/meta_data.json", TEXT)) == NULL)
+		goto fail;
+
+	if ((j = json_parse(json, strlen(json))) == NULL)
+		goto fail;
+
+	/* instance-id */
+	if ((sc->sc_instance = json_getstr(j, "uuid")) == NULL)
+		goto fail;
+
+	/* hostname */
+	if ((sc->sc_hostname = json_getstr(j, "hostname")) == NULL)
+		goto fail;
+
+	/* public keys */
+	if ((o = json_getarray(j, "keys")) == NULL)
+		goto fail;
+	for (i = 0; i < o->fields; i++) {
+		if ((f = json_getarrayobj(o->d.array[i])) == NULL)
+			continue;
+		if ((str = json_getstr(f, "data")) == NULL)
+			continue;
+		if (agent_addpubkey(sc, str, NULL) != 0) {
+			free(str);
+			goto fail;
+		}
+		free(str);
+	}
+
+	/* userdata */
+	if ((sc->sc_userdata =
+	    metadata(sc, "/openstack/latest/user-data", TEXT)) == NULL)
+		goto fail;
+
+	ret = 0;
+ fail:
+	json_free(j);
+	free(json);
+	return (ret);
+}