From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH proxmox-offline-mirror 1/2] setup wizard: add subscription keys
Date: Tue, 18 Apr 2023 10:58:56 +0200 [thread overview]
Message-ID: <20230418085857.2483865-1-f.gruenbichler@proxmox.com> (raw)
to make it a bit easier to configure access to the enterprise repositories.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
docs/offline-keys.rst | 3 +-
src/bin/proxmox-offline-mirror.rs | 102 ++++++++++++++++++
.../subscription.rs | 2 +-
3 files changed, 105 insertions(+), 2 deletions(-)
diff --git a/docs/offline-keys.rst b/docs/offline-keys.rst
index 2ce6e2c..91971e5 100644
--- a/docs/offline-keys.rst
+++ b/docs/offline-keys.rst
@@ -57,7 +57,8 @@ Register & Refresh Keys
Offline Mirror subscription is configured.
Register the hosts with their subscription keys and server IDs using
-``proxmox-offline-mirror key add``, for example:
+``proxmox-offline-mirror setup`` or ``proxmox-offline-mirror key add``, for
+example:
.. code-block:: console
diff --git a/src/bin/proxmox-offline-mirror.rs b/src/bin/proxmox-offline-mirror.rs
index bec366a..93e8dfa 100644
--- a/src/bin/proxmox-offline-mirror.rs
+++ b/src/bin/proxmox-offline-mirror.rs
@@ -2,6 +2,8 @@ use std::fmt::Display;
use std::path::Path;
use anyhow::{bail, Error};
+use proxmox_offline_mirror::config::SubscriptionKey;
+use proxmox_offline_mirror::subscription::{extract_mirror_key, refresh_mirror_key};
use serde_json::Value;
use proxmox_router::cli::{run_cli_command, CliCommand, CliCommandMap, CliEnvironment};
@@ -609,6 +611,94 @@ fn action_add_medium(config: &SectionConfigData) -> Result<MediaConfig, Error> {
})
}
+fn action_add_key(config: &SectionConfigData) -> Result<SubscriptionKey, Error> {
+ let (product, mirror_key) = if let Ok(mirror_key) =
+ extract_mirror_key(&config.convert_to_typed_array("subscription")?)
+ {
+ let subscription_products = &[
+ (ProductType::Pve, "Proxmox VE"),
+ (ProductType::Pbs, "Proxmox Backup Server"),
+ (ProductType::Pmg, "Proxmox Mail Gateway"),
+ ];
+
+ let product = read_selection_from_tty(
+ "Select Proxmox product for which subscription key should be added",
+ subscription_products,
+ None,
+ )?;
+
+ (product, Some(mirror_key))
+ } else {
+ println!("No mirror key configured yet, forcing mirror key setup first..");
+ (&ProductType::Pom, None)
+ };
+
+ let key = read_string_from_tty("Please enter subscription key", None)?;
+ if config.sections.get(&key).is_some() {
+ bail!("Key entry for '{key}' already exists - please use 'key refresh' or 'key update'!");
+ }
+
+ let server_id = if product == &ProductType::Pom {
+ let server_id = proxmox_subscription::get_hardware_address()?;
+ println!("Server ID of this system is '{server_id}'");
+ server_id
+ } else {
+ read_string_from_tty(
+ "Please enter server ID of offline system using this subscription",
+ None,
+ )?
+ };
+
+ let mut data = SubscriptionKey {
+ key,
+ server_id,
+ description: None,
+ info: None,
+ };
+
+ if data.product() != *product {
+ bail!(
+ "Selected product and product in subscription key don't match: {} != {}",
+ product,
+ data.product()
+ );
+ }
+
+ if read_bool_from_tty("Attempt to refresh key", Some(true))? {
+ let info = if let Some(mirror_key) = mirror_key {
+ if let Err(err) = refresh_mirror_key(mirror_key.clone()) {
+ eprintln!("Failed to refresh mirror_key '{}' - {err}", mirror_key.key);
+ }
+
+ let mut refreshed = proxmox_offline_mirror::subscription::refresh_offline_keys(
+ mirror_key,
+ vec![data.clone()],
+ public_key()?,
+ )?;
+
+ refreshed
+ .pop()
+ .ok_or_else(|| format_err!("Server did not return subscription info.."))?
+ } else {
+ proxmox_offline_mirror::subscription::refresh_mirror_key(data.clone())?
+ };
+
+ println!(
+ "Refreshed subscription info - status: {}, message: {}",
+ info.status,
+ info.message.as_ref().unwrap_or(&"-".to_string())
+ );
+
+ if info.key.as_ref() == Some(&data.key) {
+ data.info = Some(base64::encode(serde_json::to_vec(&info)?));
+ } else {
+ bail!("Server returned subscription info for wrong key.");
+ }
+ }
+
+ Ok(data)
+}
+
#[api(
input: {
properties: {
@@ -639,6 +729,7 @@ async fn setup(config: Option<String>, _param: Value) -> Result<(), Error> {
}
enum Action {
+ AddKey,
AddMirror,
AddMedium,
Quit,
@@ -662,11 +753,13 @@ async fn setup(config: Option<String>, _param: Value) -> Result<(), Error> {
vec![
(Action::AddMirror, "Add new mirror entry"),
(Action::AddMedium, "Add new medium entry"),
+ (Action::AddKey, "Add new subscription key"),
(Action::Quit, "Quit"),
]
} else {
vec![
(Action::AddMirror, "Add new mirror entry"),
+ (Action::AddKey, "Add new subscription key"),
(Action::Quit, "Quit"),
]
};
@@ -691,11 +784,20 @@ async fn setup(config: Option<String>, _param: Value) -> Result<(), Error> {
println!("Config entry '{id}' added");
println!("Run \"proxmox-offline-mirror medium sync --config '{config_file}' '{id}'\" to sync mirror snapshots to medium.");
}
+ Action::AddKey => {
+ let key = action_add_key(&config)?;
+ let id = key.key.clone();
+ config.set_data(&id, "subscription", &key)?;
+ save_config(&config_file, &config)?;
+ println!("Config entry '{id}' added");
+ println!("Run \"proxmox-offline-mirror key refresh\" to refresh subscription information");
+ }
}
}
Ok(())
}
+
fn main() {
let rpcenv = CliEnvironment::new();
diff --git a/src/bin/proxmox_offline_mirror_cmds/subscription.rs b/src/bin/proxmox_offline_mirror_cmds/subscription.rs
index 911b0af..e58b049 100644
--- a/src/bin/proxmox_offline_mirror_cmds/subscription.rs
+++ b/src/bin/proxmox_offline_mirror_cmds/subscription.rs
@@ -126,7 +126,7 @@ pub const SHOW_KEY_RETURN_TYPE: ReturnType = ReturnType {
optional: true,
};
-fn public_key() -> Result<openssl::pkey::PKey<openssl::pkey::Public>, Error> {
+pub(crate) fn public_key() -> Result<openssl::pkey::PKey<openssl::pkey::Public>, Error> {
openssl::pkey::PKey::public_key_from_pem(&file_get_contents(DEFAULT_SIGNING_KEY)?)
.map_err(Error::from)
}
--
2.30.2
next reply other threads:[~2023-04-18 8:59 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-18 8:58 Fabian Grünbichler [this message]
2023-04-18 8:58 ` [pve-devel] [PATCH proxmox-offline-mirror 2/2] fix #4614: add note about key requirements to mirror docs Fabian Grünbichler
2023-04-24 9:45 ` [pve-devel] applied: " Thomas Lamprecht
2023-04-24 9:45 ` [pve-devel] [PATCH proxmox-offline-mirror 1/2] setup wizard: add subscription keys Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230418085857.2483865-1-f.gruenbichler@proxmox.com \
--to=f.gruenbichler@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.