adding the config file to spawn-agent, refactoring for common usage + typo

Author: telliere

.github/workflows/build-job-prep-image.yml

@@ -1,4 +1,4 @@
-name: Build and publish HPCS jon preparation image
+name: Build and publish HPCS job preparation image
 on: [push]
 
 env:

.github/workflows/build-server-image.yml

@@ -1,4 +1,4 @@
-name: Publish server docker image
+name: Build and publish HPCS server image
 on: [push]
 
 env:

client/container_preparation/entrypoint.sh

@@ -67,11 +67,14 @@ echo -e "${YELLOW}[LUMI-SD]${NC}${BLUE}[Container preparation]${NC} Entering ent
 if [ -n "$encrypted" ]; then
     echo -e "${YELLOW}[LUMI-SD]${NC}${BLUE}[Container preparation]${NC} Encryption mode is on. Registering and running SPIRE Agent"
 
-    python3 ./utils/spawn_agent.py > /dev/null 2> /dev/null || exit 1 &
+    python3 ./utils/spawn_agent.py --config $config > /dev/null 2> /dev/null &
     spire_agent_pid=$!
 
 fi
 
+
+ps -p $spire_agent_pid > /dev/null || ( echo "spire agent died, aborting" ; end_entrypoint "$spire_agent_pid" 1)
+
 #
 ## [END] Perform node attestation
 #

client/data_preparation/entrypoint.sh

@@ -58,15 +58,20 @@ echo -e "${YELLOW}[LUMI-SD]${NC}${BLUE}[Data preparation]${NC} Entering entrypoi
 
 echo -e "${YELLOW}[LUMI-SD]${NC}${BLUE}[Data preparation]${NC} Registering and running SPIRE Agent"
 
-python3 ./utils/spawn_agent.py > /dev/null 2> /dev/null || exit 1  &
+python3 ./utils/spawn_agent.py --config $config > /dev/null 2> /dev/null &
 spire_agent_pid=$!
 
 until [ -e /tmp/agent.sock ]
 do
     echo -e "${RED}[LUMI-SD][Data preparation] Spire workload api socket doesn't exist, waiting 10 seconds ${NC}"
     sleep 10
+    if ! ps -p $spire_agent_pid > /dev/null ; then
+        echo "spire agent died, aborting"
+        end_entrypoint "$spire_agent_pid" 1
+    fi
 done
 
+
 #
 ## [END] Perform node attestation
 #

utils/conf/client/conf.py

@@ -0,0 +1,26 @@
+# Parse configuration file
+from configparser import ConfigParser, NoSectionError, NoOptionError
+
+def parse_configuration(path : str):
+    config = ConfigParser()
+    config.read(path)
+    
+    if not 'spire-server' in config:
+        raise NoSectionError("hpcs-server section missing in configuration file, aborting")
+    
+    if not 'hpcs-server' in config:
+        raise NoSectionError("hpcs-server section missing in configuration file, aborting")
+    
+    if not 'vault' in config:
+        raise NoSectionError("vault section missing in configuration file, aborting")
+    
+    if not 'address' in config['spire-server'] or not 'port' in config['spire-server'] or not 'trust-domain' in config['spire-server']:
+        raise NoOptionError("'spire-server' section is incomplete in configuration file, aborting")
+    
+    if not 'url' in config['hpcs-server']:
+        raise NoOptionError("'hpcs-server' section is incomplete in configuration file, aborting")
+    
+    if not 'url' in config['vault']:
+        raise NoOptionError("'vault' section is incomplete in configuration file, aborting")
+        
+    return config

utils/ship_a_key.py

@@ -10,8 +10,7 @@
 import yaml
 from hashlib import sha512
 from ssh_utils import ssh_connect, ssh_copy_file
-
-from configparser import ConfigParser, NoSectionError, NoOptionError
+from conf.client.conf import parse_configuration
 
 # Provide client_id from cli$
 # Same for trust domain
@@ -97,25 +96,6 @@ def parse_arguments() -> argparse.ArgumentParser:
 
     return parser.parse_args()
 
-# Parse configuration file
-def parse_configuration(path : str):
-    config = ConfigParser()
-    config.read(path)
-    
-    if not 'hpcs-server' in config:
-        raise NoSectionError("hpcs-server section missing in configuration file, aborting")
-    
-    if not 'vault' in config:
-        raise NoSectionError("vault section missing in configuration file, aborting")
-    
-    if not 'url' in config['hpcs-server']:
-        raise NoOptionError("'hpcs-server' section is incomplete in configuration file, aborting")
-    
-    if not 'url' in config['vault']:
-        raise NoOptionError("'vault' section is incomplete in configuration file, aborting")
-        
-    return config
-
 
 def validate_options(options: argparse.ArgumentParser):
     """Check for the cli-provided options
@@ -262,6 +242,7 @@ def create_authorized_workloads(
 if __name__ == "__main__":
     # Parse arguments from CLI
     options = parse_arguments()    
+    
     # Parse configuration file
     configuration = parse_configuration(options.config)
 

utils/spawn_agent.py

@@ -1,4 +1,5 @@
 import platform, argparse, subprocess, requests
+from conf.client.conf import parse_configuration
 
 
 # Parse arguments from the cli
@@ -11,31 +12,9 @@ def parse_arguments():
     parser = argparse.ArgumentParser(description="CLI Optinons")
 
     parser.add_argument(
-        "--spire-trust-domain",
-        "-t",
-        type=str,
-        default="lumi-sd-dev",
-        help="Server address (default: lumi-sd-dev)",
-    )
-    parser.add_argument(
-        "--sd-server-address",
-        "-a",
-        type=str,
-        help="Server address",
-    )
-    parser.add_argument(
-        "--spire-server-port",
-        "-sp",
-        type=int,
-        default=10081,
-        help="Spire server port (default: 10081)",
-    )
-    parser.add_argument(
-        "--sd-server-port",
-        "-ap",
-        type=int,
-        default=10080,
-        help="SD API server port (default: 10080)",
+        "--config",
+        required=True,
+        help="Path to the client configuration file",
     )
     parser.add_argument(
         "--socketpath",
@@ -54,8 +33,7 @@ def parse_arguments():
 
     return parser.parse_args()
 
-
-def get_token(server, port, compute_node_token: bool):
+def get_token(url, compute_node_token: bool):
     """Get joinToken to perform node registration from server
 
     Args:
@@ -73,9 +51,9 @@ def get_token(server, port, compute_node_token: bool):
     # Check wether we are performing compute node attestation or client attestation, create url
     if compute_node_token:
         hostname = platform.node()
-        url = f"http://{server}:{port}/api/agents/token?hostname={hostname}"
+        url = f"{url}/api/agents/token?hostname={hostname}"
     else:
-        url = f"http://{server}:{port}/api/client/register"
+        url = f"{url}/api/client/register"
 
     # Perform POST request to SD server
     response = requests.post(url)
@@ -89,22 +67,25 @@ def get_token(server, port, compute_node_token: bool):
 if __name__ == "__main__":
     # Get arguments
     options = parse_arguments()
+    
+    # Parse configuration file
+    configuration = parse_configuration(options.config)
 
     # Get token from API
     token = get_token(
-        options.sd_server_address, options.sd_server_port, options.compute_node
+        configuration['hpcs-server']['url'], options.compute_node
     )
 
     # Overwrite configuration template
     agent_configuration_template = open("./utils/agent-on-the-fly.conf").read()
     agent_configuration_template = agent_configuration_template.replace(
-        "SPIRE_TRUST_DOMAIN", options.spire_trust_domain
+        "SPIRE_TRUST_DOMAIN", configuration['spire-server']['trust-domain']
     )
     agent_configuration_template = agent_configuration_template.replace(
-        "SPIRE_SERVER_ADDRESS", options.sd_server_address
+        "SPIRE_SERVER_ADDRESS", configuration['spire-server']['address']
     )
     agent_configuration_template = agent_configuration_template.replace(
-        "SPIRE_SERVER_PORT", str(options.spire_server_port)
+        "SPIRE_SERVER_PORT", configuration['spire-server']['port']
     )
     agent_configuration_template = agent_configuration_template.replace(
         "SOCKETPATH", options.socketpath