[VOL-3386] Add support for secure gRPC in openolt-agent
The init script of the openolt service may start with '--enable-tls <TLS_OPTION>' argument for the gRPC server.
Default is insecure with no '--enable-tls' argument.
The TLS capability depends upon the certificates stored at the keystore/ directory: 1. root.crt (CA public key), 2. server.crt (public key), 3.server.key (private key).
Four unit tests are added for the secure gRPC server which work with the keystore-test/ directory.
The certificates stored at the keystore-test/ directory are self-signed certificates, valid until Apr 11 23:16:58 2031 GMT.
Change-Id: I4d18a98a0193f501f922360c79f54b0fcedf14a5
diff --git a/agent/common/main.cc b/agent/common/main.cc
index b00b9b5..549bd59 100644
--- a/agent/common/main.cc
+++ b/agent/common/main.cc
@@ -88,7 +88,7 @@
return 1;
}
- // Wait for successful activation before allowing VOLTHA to connect.
+ // Wait for successful activation before allowing VOLTHA to connect.
// This is necessary to allow the device topology to be dynamically
// queried from driver after initialization and activation is complete.
int maxTrials = 300;
@@ -107,7 +107,7 @@
}
sleep(2);
- // Enable all PON interfaces.
+ // Enable all PON interfaces.
for (int i = 0; i < NumPonIf_(); i++) {
status = EnablePonIf_(i);
if (!status.ok()) {
@@ -145,7 +145,11 @@
break;
}
}
- RunServer(argc, argv);
+
+ if (!RunServer(argc, argv)) {
+ std::cerr << "FATAL: gRPC server creation failed\n";
+ return 2;
+ }
return 0;
}