fix(agent): take agent_secret into account EE-2128 (#6379)

* EE-2128 take agent_sceret into account * EE-2128 align output code * EE-2128 fix copy command error * EE-2128 align code * EE-2128 fix typo * Update endpoint.html remove glint auto changes * EE-2128 Format html with Prettier * EE-2128 Adjust UI for dark mode and adopt AGENT_SECRET on k8s automatically * EE-2128 fix bug created by merge * EE-2128 Move the initailization of AGENT_SECRET to main.go * EE-2128 read AGENT_SECRET when settings is initializing
2022-04-12 18:45:58 +08:00 · 2022-04-12 18:45:58 +08:00 · f707c90cd3
parent 3eea3e88bc
commit f707c90cd3
6 changed files with 93 additions and 24 deletions
--- a/api/cmd/portainer/main.go
+++ b/api/cmd/portainer/main.go
@ -278,6 +278,12 @@ func updateSettingsFromFlags(dataStore dataservices.DataStore, flags *portainer.
 		settings.BlackListedLabels = *flags.Labels
 	}

+	if agentKey, ok := os.LookupEnv("AGENT_SECRET"); ok {
+		settings.AgentSecret = agentKey
+	} else {
+		settings.AgentSecret = ""
+	}
+
 	err = dataStore.Settings().UpdateSettings(settings)
 	if err != nil {
 		return err
--- a/api/portainer.go
+++ b/api/portainer.go
@ -813,6 +813,8 @@ type (
 		DisableTrustOnFirstConnect bool `json:"DisableTrustOnFirstConnect" example:"false"`
 		// EnforceEdgeID makes Portainer store the Edge ID instead of accepting anyone
 		EnforceEdgeID bool `json:"EnforceEdgeID" example:"false"`
+		// Container environment parameter AGENT_SECRET
+		AgentSecret string `json:"AgentSecret"`

 		// Deprecated fields
 		DisplayDonationHeader       bool
--- a/app/portainer/models/settings.js
+++ b/app/portainer/models/settings.js
@ -17,6 +17,7 @@ export function SettingsViewModel(data) {
  this.HelmRepositoryURL = data.HelmRepositoryURL;
  this.DisableTrustOnFirstConnect = data.DisableTrustOnFirstConnect;
  this.EnforceEdgeID = data.EnforceEdgeID;
+  this.AgentSecret = data.AgentSecret;
 }

 export function PublicSettingsViewModel(settings) {
--- a/app/portainer/views/endpoints/create/createEndpointController.js
+++ b/app/portainer/views/endpoints/create/createEndpointController.js
@ -52,14 +52,14 @@ angular

      const agentVersion = StateManager.getState().application.version;
      const agentShortVersion = getAgentShortVersion(agentVersion);
+      $scope.agentSecret = '';

-      const deployCommands = {
+      $scope.deployCommands = {
        kubeLoadBalancer: `curl -L https://downloads.portainer.io/portainer-agent-ce${agentShortVersion}-k8s-lb.yaml -o portainer-agent-k8s.yaml; kubectl apply -f portainer-agent-k8s.yaml`,
        kubeNodePort: `curl -L https://downloads.portainer.io/portainer-agent-ce${agentShortVersion}-k8s-nodeport.yaml -o portainer-agent-k8s.yaml; kubectl apply -f portainer-agent-k8s.yaml`,
-        agentLinux: `curl -L https://downloads.portainer.io/agent-stack-ce${agentShortVersion}.yml -o agent-stack.yml && docker stack deploy --compose-file=agent-stack.yml portainer-agent`,
-        agentWindows: `curl -L https://downloads.portainer.io/agent-stack-ce${agentShortVersion}-windows.yml -o agent-stack-windows.yml && docker stack deploy --compose-file=agent-stack-windows.yml portainer-agent`,
+        agentLinux: agentLinuxSwarmCommand,
+        agentWindows: agentWindowsSwarmCommand,
      };
-      $scope.deployCommands = deployCommands;

      $scope.formValues = {
        Name: '',
@ -75,15 +75,17 @@ angular
      };

      $scope.copyAgentCommand = function () {
+        let command = '';
        if ($scope.state.deploymentTab === 2 && $scope.state.PlatformType === 'linux') {
-          clipboard.copyText(deployCommands.agentLinux);
+          command = $scope.deployCommands.agentLinux($scope.agentSecret);
        } else if ($scope.state.deploymentTab === 2 && $scope.state.PlatformType === 'windows') {
-          clipboard.copyText(deployCommands.agentWindows);
+          command = $scope.deployCommands.agentWindows($scope.agentSecret);
        } else if ($scope.state.deploymentTab === 1) {
-          clipboard.copyText(deployCommands.kubeNodePort);
+          command = $scope.deployCommands.kubeNodePort;
        } else {
-          clipboard.copyText(deployCommands.kubeLoadBalancer);
+          command = $scope.deployCommands.kubeLoadBalancer;
        }
+        clipboard.copyText(command.trim());
        $('#copyNotification').show().fadeOut(2500);
      };

@ -311,12 +313,50 @@ angular

            const settings = data.settings;
            $scope.state.availableEdgeAgentCheckinOptions[0].key += ` (${settings.EdgeAgentCheckinInterval} seconds)`;
+            $scope.agentSecret = settings.AgentSecret;
          })
          .catch(function error(err) {
            Notifications.error('Failure', err, 'Unable to load groups');
          });
      }

+      function agentLinuxSwarmCommand(agentSecret) {
+        let secret = agentSecret == '' ? '' : `\\\n  -e AGENT_SECRET=${agentSecret} `;
+        return `
+docker network create \\
+  --driver overlay \\
+  portainer_agent_network
+
+docker service create \\
+  --name portainer_agent \\
+  --network portainer_agent_network \\
+  -p 9001:9001/tcp ${secret}\\
+  --mode global \\
+  --constraint 'node.platform.os == linux' \\
+  --mount type=bind,src=//var/run/docker.sock,dst=/var/run/docker.sock \\
+  --mount type=bind,src=//var/lib/docker/volumes,dst=/var/lib/docker/volumes \\
+  portainer/agent:${agentVersion}
+  `;
+      }
+
+      function agentWindowsSwarmCommand(agentSecret) {
+        let secret = agentSecret == '' ? '' : `\\\n  -e AGENT_SECRET=${agentSecret} `;
+        return `
+docker network create \\
+  --driver overlay \\
+  portainer_agent_network && \\
+docker service create \\
+  --name portainer_agent \\
+  --network portainer_agent_network \\
+  -p 9001:9001/tcp  ${secret}\\
+  --mode global \\
+  --constraint 'node.platform.os == windows' \\
+  --mount type=npipe,src=\\\\.\\pipe\\docker_engine,dst=\\\\.\\pipe\\docker_engine \\
+  --mount type=bind,src=C:\\ProgramData\\docker\\volumes,dst=C:\\ProgramData\\docker\\volumes \\
+  portainer/agent:${agentVersion}
+  `;
+      }
+
      initView();
    }
  );
--- a/app/portainer/views/endpoints/create/createendpoint.html
+++ b/app/portainer/views/endpoints/create/createendpoint.html
@ -95,16 +95,30 @@
                <div style="margin-top: 10px">
                  <uib-tabset active="state.deploymentTab">
                    <uib-tab index="0" ng-if="state.PlatformType === 'linux'" heading="Kubernetes via load balancer">
-                      <code style="display: block; white-space: pre-wrap; padding: 16px 90px">{{ deployCommands.kubeLoadBalancer }}</code>
+                      <p ng-if="agentSecret != ''" style="margin-top: 16px; margin-bottom: 16px">
+                        <i class="fa fa-info-circle blue-icon" aria-hidden="true" style="margin-right: 2px"></i>
+                        Note that the environment variable AGENT_SECRET will need to be set to <code>{{ agentSecret }}</code
+                        >. Please update the manifest that will be downloaded from the following script.
+                      </p>
+                      <code style="display: block; padding: 16px 45px">{{ deployCommands.kubeLoadBalancer }}</code>
                    </uib-tab>

                    <uib-tab index="1" ng-if="state.PlatformType === 'linux'" heading="Kubernetes via node port">
-                      <code style="display: block; white-space: pre-wrap; padding: 16px 90px">{{ deployCommands.kubeNodePort }}</code>
+                      <p ng-if="agentSecret != ''" style="margin-top: 16px; margin-bottom: 16px">
+                        <i class="fa fa-info-circle blue-icon" aria-hidden="true" style="margin-right: 2px"></i>
+                        Note that the environment variable AGENT_SECRET will need to be set to <code>{{ agentSecret }}</code
+                        >. Please update the manifest that will be downloaded from the following script.
+                      </p>
+                      <code style="display: block; padding: 16px 45px">{{ deployCommands.kubeNodePort }}</code>
                    </uib-tab>

                    <uib-tab index="2" heading="Docker Swarm">
-                      <code ng-if="state.PlatformType === 'linux'" style="display: block; white-space: pre-wrap; padding: 16px 90px">{{ deployCommands.agentLinux }}</code>
-                      <code ng-if="state.PlatformType === 'windows'" style="display: block; white-space: pre-wrap; padding: 16px 90px">{{ deployCommands.agentWindows }}</code>
+                      <code ng-if="state.PlatformType === 'linux'" style="display: block; white-space: pre-wrap; padding: 16px 45px">{{
+                        deployCommands.agentLinux(agentSecret)
+                      }}</code>
+                      <code ng-if="state.PlatformType === 'windows'" style="display: block; white-space: pre-wrap; padding: 16px 45px">{{
+                        deployCommands.agentWindows(agentSecret)
+                      }}</code>
                    </uib-tab>
                  </uib-tabset>
                  <div style="margin-top: 10px">
--- a/app/portainer/views/endpoints/edit/endpointController.js
+++ b/app/portainer/views/endpoints/edit/endpointController.js
@ -12,7 +12,6 @@ angular.module('portainer.app').controller('EndpointController', EndpointControl
 /* @ngInject */
 function EndpointController(
  $async,
-  $q,
  $scope,
  $state,
  $transition$,
@ -73,6 +72,7 @@ function EndpointController(

  $scope.agentVersion = StateManager.getState().application.version;
  $scope.agentShortVersion = getAgentShortVersion($scope.agentVersion);
+  $scope.agentSecret = '';

  $scope.dockerCommands = {
    [DEPLOYMENT_TABS.STANDALONE]: {
@ -291,6 +291,7 @@ function EndpointController(
        $scope.endpoint = endpoint;
        $scope.groups = groups;
        $scope.availableTags = tags;
+        $scope.agentSecret = settings.AgentSecret;

        configureState();

@ -326,17 +327,20 @@ function EndpointController(
  }

  function buildEnvironmentSubCommand() {
-    if ($scope.formValues.EnvVarSource === '') {
-      return [];
+    let env = [];
+    if ($scope.formValues.EnvVarSource != '') {
+      env = $scope.formValues.EnvVarSource.split(',')
+        .map(function (s) {
+          if (s !== '') {
+            return `-e ${s} \\`;
+          }
+        })
+        .filter((s) => s !== undefined);
    }
-
-    return $scope.formValues.EnvVarSource.split(',')
-      .map(function (s) {
-        if (s !== '') {
-          return `-e ${s} \\`;
-        }
-      })
-      .filter((s) => s !== undefined);
+    if ($scope.agentSecret != '') {
+      env.push(`-e AGENT_SECRET=${$scope.agentSecret} \\`);
+    }
+    return env;
  }

  function buildLinuxStandaloneCommand(agentVersion, edgeId, edgeKey, allowSelfSignedCerts) {
@ -438,7 +442,9 @@ function EndpointController(
  }

  function buildKubernetesCommand(agentVersion, edgeId, edgeKey, allowSelfSignedCerts) {
-    return `curl https://downloads.portainer.io/portainer-ce${agentVersion}-edge-agent-setup.sh | bash -s -- ${edgeId} ${edgeKey} ${allowSelfSignedCerts ? '1' : '0'}`;
+    return `curl https://downloads.portainer.io/portainer-ce${agentVersion}-edge-agent-setup.sh | bash -s -- ${edgeId} ${edgeKey} ${allowSelfSignedCerts ? '1' : '0'} ${
+      $scope.agentSecret
+    }`;
  }

  initView();