diff options
| author | Ola Aunrønning <olaa@yahooinc.com> | 2023-06-08 10:58:17 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-06-08 10:58:17 +0200 |
| commit | 79de2d78433c11932357d0c244704b16fc87da21 (patch) | |
| tree | 382a06ce4e1217e395fbba25c1ce74a1afaadbe5 /logforwarder | |
| parent | 96d3814b80a693ee46640ae89a88fdb2d78dcd40 (diff) | |
| parent | d7568f0d450df2287657ac18c37955a1867496f5 (diff) | |
Merge branch 'master' into olaa/dataplane-proxy-config
Diffstat (limited to 'logforwarder')
| -rw-r--r-- | logforwarder/src/apps/vespa-logforwarder-start/splunk-starter.cpp | 28 |
1 files changed, 26 insertions, 2 deletions
diff --git a/logforwarder/src/apps/vespa-logforwarder-start/splunk-starter.cpp b/logforwarder/src/apps/vespa-logforwarder-start/splunk-starter.cpp index 23c2565b0af..ca872266708 100644 --- a/logforwarder/src/apps/vespa-logforwarder-start/splunk-starter.cpp +++ b/logforwarder/src/apps/vespa-logforwarder-start/splunk-starter.cpp @@ -36,6 +36,15 @@ cfFilePath(const vespalib::string &parent, const vespalib::string &filename) { return path + "/" + filename; } +vespalib::string splunkCertPath(const vespalib::string &parent, const vespalib::string &filename) { + vespalib::string path = parent; + path = fixDir(path, "var"); + path = fixDir(path, "lib"); + path = fixDir(path, "sia"); + path = fixDir(path, "certs"); + return path + "/" + filename; + } + void appendFile(FILE *target, const vespalib::string &filename) { FILE *fp = fopen(filename.c_str(), "r"); if (fp != NULL) { @@ -95,12 +104,12 @@ void SplunkStarter::gotConfig(const LogforwarderConfig& config) { vespalib::string clientCert = clientCertFile(); vespalib::string clientKey = clientKeyFile(); if (!clientCert.empty() && !clientKey.empty()) { - vespalib::string certPath = cfFilePath(config.splunkHome, "clientcert.pem"); + vespalib::string certPath = splunkCertPath(config.splunkHome, "servercert.pem"); tmpPath = certPath + ".new"; fp = fopen(tmpPath.c_str(), "w"); appendFile(fp, clientCert); appendFile(fp, clientKey); - appendFile(fp, "/etc/ssl/certs/ca-bundle.crt"); + appendFile(fp, "/opt/yahoo/share/ssl/certs/athenz_certificate_bundle.pem"); fclose(fp); rename(tmpPath.c_str(), certPath.c_str()); @@ -113,6 +122,21 @@ void SplunkStarter::gotConfig(const LogforwarderConfig& config) { fclose(fp); rename(tmpPath.c_str(), path.c_str()); } + path = cfFilePath(config.splunkHome, "server.conf"); + tmpPath = path + ".new"; + fp = fopen(tmpPath.c_str(), "w"); + if (fp != NULL) { + fprintf(fp, "[sslConfig]\n"); + fprintf(fp, "enableSplunkdSSL = true\n"); + fprintf(fp, "requireClientCert = true\n"); + fprintf(fp, "sslRootCAPath = /opt/yahoo/share/ssl/certs/athenz_certificate_bundle.pem\n"); + fprintf(fp, "serverCert = %s\n", certPath.c_str()); + fprintf(fp, "\n"); + fprintf(fp, "[httpServer]\n"); + fprintf(fp, "disableDefaultPort = true\n"); + fclose(fp); + rename(tmpPath.c_str(), path.c_str()); + } } if (config.clientName.size() == 0 || config.deploymentServer.size() == 0) |