diff options
author | Ola Aunronning <olaa@yahooinc.com> | 2023-06-05 14:06:43 +0200 |
---|---|---|
committer | Ola Aunronning <olaa@yahooinc.com> | 2023-06-05 14:06:43 +0200 |
commit | 8b0eecf46f1e2a2120537d169b7c4406aa5acbf6 (patch) | |
tree | be79c6ec77176cb320211b2558c0c1d12aaa0741 /logforwarder | |
parent | c7051c409f9e5fe5d7e981aedb618fea5b6c73b2 (diff) |
Write server.conf. Use athenz CA. Fix certificate path
Diffstat (limited to 'logforwarder')
-rw-r--r-- | logforwarder/src/apps/vespa-logforwarder-start/splunk-starter.cpp | 28 |
1 files changed, 26 insertions, 2 deletions
diff --git a/logforwarder/src/apps/vespa-logforwarder-start/splunk-starter.cpp b/logforwarder/src/apps/vespa-logforwarder-start/splunk-starter.cpp index 23c2565b0af..ca872266708 100644 --- a/logforwarder/src/apps/vespa-logforwarder-start/splunk-starter.cpp +++ b/logforwarder/src/apps/vespa-logforwarder-start/splunk-starter.cpp @@ -36,6 +36,15 @@ cfFilePath(const vespalib::string &parent, const vespalib::string &filename) { return path + "/" + filename; } +vespalib::string splunkCertPath(const vespalib::string &parent, const vespalib::string &filename) { + vespalib::string path = parent; + path = fixDir(path, "var"); + path = fixDir(path, "lib"); + path = fixDir(path, "sia"); + path = fixDir(path, "certs"); + return path + "/" + filename; + } + void appendFile(FILE *target, const vespalib::string &filename) { FILE *fp = fopen(filename.c_str(), "r"); if (fp != NULL) { @@ -95,12 +104,12 @@ void SplunkStarter::gotConfig(const LogforwarderConfig& config) { vespalib::string clientCert = clientCertFile(); vespalib::string clientKey = clientKeyFile(); if (!clientCert.empty() && !clientKey.empty()) { - vespalib::string certPath = cfFilePath(config.splunkHome, "clientcert.pem"); + vespalib::string certPath = splunkCertPath(config.splunkHome, "servercert.pem"); tmpPath = certPath + ".new"; fp = fopen(tmpPath.c_str(), "w"); appendFile(fp, clientCert); appendFile(fp, clientKey); - appendFile(fp, "/etc/ssl/certs/ca-bundle.crt"); + appendFile(fp, "/opt/yahoo/share/ssl/certs/athenz_certificate_bundle.pem"); fclose(fp); rename(tmpPath.c_str(), certPath.c_str()); @@ -113,6 +122,21 @@ void SplunkStarter::gotConfig(const LogforwarderConfig& config) { fclose(fp); rename(tmpPath.c_str(), path.c_str()); } + path = cfFilePath(config.splunkHome, "server.conf"); + tmpPath = path + ".new"; + fp = fopen(tmpPath.c_str(), "w"); + if (fp != NULL) { + fprintf(fp, "[sslConfig]\n"); + fprintf(fp, "enableSplunkdSSL = true\n"); + fprintf(fp, "requireClientCert = true\n"); + fprintf(fp, "sslRootCAPath = /opt/yahoo/share/ssl/certs/athenz_certificate_bundle.pem\n"); + fprintf(fp, "serverCert = %s\n", certPath.c_str()); + fprintf(fp, "\n"); + fprintf(fp, "[httpServer]\n"); + fprintf(fp, "disableDefaultPort = true\n"); + fclose(fp); + rename(tmpPath.c_str(), path.c_str()); + } } if (config.clientName.size() == 0 || config.deploymentServer.size() == 0) |