Add config option master.cn

fixes #14
masif-upgrader · Aug 28, 2020 · 7bed5a5 · 7bed5a5
1 parent 9f3147b
commit 7bed5a5
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -18,7 +18,8 @@ report=300
 retry=60
 
 [master]
-host=infra-mgmt.intern.example.com:8150
+host=192.0.2.1:8150
+cn=infra-mgmt.intern.example.com
 
 [tls]
 cert=/var/lib/puppet/ssl/certs/mail.example.com.pem
@@ -37,7 +38,12 @@ The *interval* section defines several intervals:
  report | Once any packages can be upgraded, report the set of required actions to upgrade all of them every x seconds to the master
  retry  | If any action fails, retry it after x seconds (0 or not set = don't retry anything)
 
-*master.host* is the master's address (HOST:PORT).
+The *master* section describes the master:
+
+ option | description
+ -------|------------------------------------
+ host   | Address (HOST:PORT)
+ cn     | X.509 certificate CN/SAN to require
 
 The *tls* section describes the X.509 PKI:
 

diff --git a/api.go b/api.go
@@ -24,7 +24,7 @@ type api struct {
 	client  *http.Client
 }
 
-func newApi(master string, tlsCfg struct{ cert, key, ca string }) (result *api, err error) {
+func newApi(master struct{ host, cn string }, tlsCfg struct{ cert, key, ca string }) (result *api, err error) {
 	log.WithFields(log.Fields{"cert": tlsCfg.cert, "key": tlsCfg.key}).Debug("Loading local TLS PKI")
 
 	clientCert, errLXKP := tls.LoadX509KeyPair(tlsCfg.cert, tlsCfg.key)
@@ -49,11 +49,12 @@ func newApi(master string, tlsCfg struct{ cert, key, ca string }) (result *api,
 				RootCAs:      rootCAs,
 				CipherSuites: common.ApiTlsCipherSuites,
 				MinVersion:   common.ApiTlsMinVersion,
+				ServerName:   master.cn,
 			},
 		},
 	}
 
-	return &api{baseUrl: "https://" + master + "/v1", client: client}, nil
+	return &api{baseUrl: "https://" + master.host + "/v1", client: client}, nil
 }
 
 func (self *api) reportTasks(tasks map[common.PkgMgrTask]struct{}) (approvedTasks map[common.PkgMgrTask]struct{}, err error) {

diff --git a/main.go b/main.go
@@ -25,7 +25,7 @@ type settings struct {
 		check, report, retry int64
 	}
 	master struct {
-		host string
+		host, cn string
 	}
 	tls struct {
 		cert, key, ca string
@@ -87,7 +87,7 @@ func runAgent() error {
 		os.Exit(0)
 	}, syscall.SIGTERM, syscall.SIGINT)
 
-	master, errNA := newApi(cfg.master.host, cfg.tls)
+	master, errNA := newApi(cfg.master, cfg.tls)
 	if errNA != nil {
 		return errNA
 	}
@@ -308,8 +308,9 @@ func loadCfg() (config *settings, err error) {
 			report: cfgInterval.Key("report").MustInt64(),
 			retry:  cfgInterval.Key("retry").MustInt64(),
 		},
-		master: struct{ host string }{
+		master: struct{ host, cn string }{
 			host: cfg.Section("master").Key("host").String(),
+			cn:   cfg.Section("master").Key("cn").String(),
 		},
 		tls: struct{ cert, key, ca string }{
 			cert: cfgTls.Key("cert").String(),