Initial docker-compose config for rufus/vetinari integration

vrieni · Apr 28, 2015 · c043e6d · c043e6d
1 parent f86a6c5
commit c043e6d
Show file tree

Hide file tree

Showing 6 changed files with 45 additions and 13 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -2,7 +2,7 @@ FROM golang
 
 COPY . /go/src/github.com/docker/vetinari
 
-RUN go get github.com/docker/vetinari/cmd/vetinari-server
+RUN GOPATH=/go/:/go/src/github.com/docker/vetinari/Godeps/_workspace go install github.com/docker/vetinari/cmd/vetinari-server
 
 EXPOSE 4443
 

diff --git a/cmd/vetinari-server/config.json b/cmd/vetinari-server/config.json
@@ -3,9 +3,10 @@
 		"addr": ":4443",
 		"tls_cert_file": "../../fixtures/vetinari.pem",
 		"tls_key_file": "../../fixtures/vetinari.key"
-	}
+	},
 	"trust_service":{
-		"type": "local"
-		"hostname": ""
+		"type": "local",
+		"hostname": "",
 		"port": ""
+	}
 }
diff --git a/cmd/vetinari-server/dev-config.json b/cmd/vetinari-server/dev-config.json
@@ -0,0 +1,12 @@
+{
+	"server": {
+		"addr": ":4443",
+		"tls_cert_file": "../../fixtures/ca.pem",
+		"tls_key_file": "../../fixtures/ca-key.pem"
+	},
+	"trust_service": {
+		"type": "remote",
+		"hostname": "rufus",
+		"port": "7899"
+	}
+}
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -0,0 +1,11 @@
+vetinari:
+  build: .
+  links:
+   - rufus
+  ports:
+   - "8080:8080"
+rufus:
+  build: ../rufus
+  ports:
+   - "7899:7899"
+
diff --git a/server/rufus_trust.go b/server/rufus_trust.go
@@ -3,12 +3,14 @@ package server
 import (
 	"errors"
 	"log"
+	"net"
 
 	"github.com/endophage/go-tuf/data"
 	"github.com/endophage/go-tuf/keys"
 
 	"golang.org/x/net/context"
 	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials"
 
 	pb "github.com/docker/rufus/proto"
 )
@@ -19,8 +21,12 @@ type RufusSigner struct {
 	sClient  pb.SignerClient
 }
 
-func newRufusSigner(hostNameAndPort string) *RufusSigner {
-	conn, err := grpc.Dial(hostNameAndPort)
+func newRufusSigner(hostname string, port string) *RufusSigner {
+	var opts []grpc.DialOption
+	netAddr := net.JoinHostPort(hostname, port)
+	creds := credentials.NewClientTLSFromCert(nil, hostname)
+	opts = append(opts, grpc.WithTransportCredentials(creds))
+	conn, err := grpc.Dial(netAddr, opts...)
 	if err != nil {
 		log.Fatalf("fail to dial: %v", err)
 	}

diff --git a/server/server.go b/server/server.go
@@ -21,6 +21,15 @@ import (
 // use directly for the TLS server, and generate children off for requests
 func Run(ctx context.Context, conf *config.Configuration) error {
 
+	var trust signed.TrustService
+	if conf.TrustService.Type == "remote" {
+		log.Println("[Vetinari Server] : Using remote signing service")
+		trust = newRufusSigner(conf.TrustService.Hostname, conf.TrustService.Port)
+	} else {
+		log.Println("[Vetinari Server] : Using local signing service")
+		trust = signed.NewEd25519()
+	}
+
 	keypair, err := tls.LoadX509KeyPair(conf.Server.TLSCertFile, conf.Server.TLSKeyFile)
 	if err != nil {
 		return err
@@ -64,13 +73,6 @@ func Run(ctx context.Context, conf *config.Configuration) error {
 		tlsLsnr.Close()
 	}()
 
-	var trust signed.TrustService
-	if conf.TrustService.Type == "remote" {
-		netAddr := net.JoinHostPort(conf.TrustService.Hostname, conf.TrustService.Port)
-		trust = newRufusSigner(netAddr)
-	} else {
-		trust = signed.NewEd25519()
-	}
 
 	hand := utils.RootHandlerFactory(&utils.InsecureAuthorizer{}, utils.NewContext, trust)