fixup! trestic rest-server

dcde22f1 · Jérome Perrin · acf628d1 · dcde22f1 · dcde22f1 · dcde22f1
Commit dcde22f1 authored Mar 13, 2021 by Jérome Perrin
3 changed files
--- a/software/restic-rest-server/buildout.hash.cfg
+++ b/software/restic-rest-server/buildout.hash.cfg
@@ -15,4 +15,4 @@
 [instance.cfg.in]
 filename = instance.cfg.in
-md5sum = 3d9204a7b4a46ee0e3003d110678e89a
+md5sum = ed07f590c8edfbe74a2bb5f6b1f80ee6
--- a/software/restic-rest-server/instance.cfg.in
+++ b/software/restic-rest-server/instance.cfg.in
@@ -41,40 +41,39 @@ promise = ${:etc}/promise
 rest-server-data-dir = ${:srv}/restic
 backup-caucased = ${:srv}/backup/caucased/
-# macros
+# Macros
+[check-port-listening-promise]
+recipe = slapos.cookbook:check_port_listening
+path = ${directory:promise}/${:_buildout_section_name_}
+[check-url-available-promise]
+recipe = slapos.cookbook:check_url_available
+path = ${directory:promise}/${:_buildout_section_name_}
+dash_path = {{ dash_bin }}
+curl_path = {{ curl_bin }}
+# Caucase
 [rest-server-certificate]
-# TODO: caucase
-;recipe = plone.recipe.command
-# command =
-#   if [ ! -e ${:key-file} ]
-#   then
-#     {{ openssl_bin }} req -x509 -nodes -days 3650 \
-#       -subj "/C=AA/ST=X/L=X/O=Dis/CN=${:common-name}" \
-#       -newkey rsa:1024 -keyout ${:key-file} \
-#       -out ${:cert-file}
-#  fi
-;update-command = ${:command}
 key-file = ${directory:etc}/${:_buildout_section_name_}.key
 cert-file = ${directory:etc}/${:_buildout_section_name_}.crt
 common-name = ${:_buildout_section_name_}
 ca-file = ${directory:etc}/${:_buildout_section_name_}.ca.crt
 crl-file = ${directory:etc}/${:_buildout_section_name_}.crl
-{{ caucase.updater(
+{{
-     prefix='rest-server-certificate',
+caucase.updater(
-     buildout_bin_directory=buildout['bin-directory'],
+    prefix='rest-server-certificate',
-     updater_path='${directory:service}/rest-server-certificate-updater',
+    buildout_bin_directory=buildout['bin-directory'],
-     url='${caucased:url}',
+    updater_path='${directory:service}/rest-server-certificate-updater',
-     data_dir='${directory:srv}/caucase-updater',
+    url='${caucased:url}',
-     crt_path='${rest-server-certificate:cert-file}',
+    data_dir='${directory:srv}/caucase-updater',
-     ca_path='${rest-server-certificate:ca-file}',
+    crt_path='${rest-server-certificate:cert-file}',
-     crl_path='${rest-server-certificate:crl-file}',
+    ca_path='${rest-server-certificate:ca-file}',
-     key_path='${rest-server-certificate:key-file}',
+    crl_path='${rest-server-certificate:crl-file}',
-     template_csr='${rest-server-certificate-csr-XXX:csr}',
+    key_path='${rest-server-certificate:key-file}',
-     openssl=openssl_bin,
+    template_csr='${rest-server-certificate-prepare-csr:csr}',
+    openssl=openssl_bin,
 )}}
-#template_csr_pem='',
 [rest-server-certificate-csr-config]
 recipe = slapos.recipe.template:jinja2
@@ -85,15 +84,16 @@ template = inline:
  req_extensions = req_ext
  distinguished_name = dn
  [ dn ]
-  CN = restic-rest-server
+  #CN = restic-rest-server
-  [ req_ext ]
+  CN = ${instance-parameter:ipv6-random}
-  subjectAltName = @alt_names
+  #[ req_ext ]
+  #subjectAltName = @alt_names
  [ alt_names ]
  IP.1 = ${instance-parameter:ipv4-random}
  IP.2 = ${instance-parameter:ipv6-random}
 rendered = ${buildout:parts-directory}/${:_buildout_section_name_}/${:_buildout_section_name_}.txt
-[rest-server-certificate-csr-XXX]
+[rest-server-certificate-prepare-csr]
 recipe = plone.recipe.command
 command =
  if [ ! -f '${:csr}' ] ; then
@@ -109,33 +109,23 @@ command =
 stop-on-error = true
 csr = ${directory:srv}/${:_buildout_section_name_}.csr.pem
-# XXX this is macro
-[check-port-listening-promise]
-recipe = slapos.cookbook:check_port_listening
-path = ${directory:promise}/${:_buildout_section_name_}
-[check-url-available-promise]
-recipe = slapos.cookbook:check_url_available
-path = ${directory:promise}/${:_buildout_section_name_}
-dash_path = {{ dash_bin }}
-curl_path = {{ curl_bin }}
 [caucased]
 port = 8080
 ip = ${instance-parameter:ipv6-random}
 netloc = [${:ip}]:${:port}
 url = http://${:netloc}/
-{{   caucase.caucased(
+{{
-       prefix='caucased',
+caucase.caucased(
-       buildout_bin_directory=buildout['bin-directory'],
+    prefix='caucased',
-       caucased_path='${directory:service}/caucased',
+    buildout_bin_directory=buildout['bin-directory'],
-       backup_dir='${directory:backup-caucased}',
+    caucased_path='${directory:service}/caucased',
-       data_dir='${directory:srv}/caucased',
+    backup_dir='${directory:backup-caucased}',
-       netloc='${caucased:netloc}',
+    data_dir='${directory:srv}/caucased',
-       service_auto_approve_count=1,
+    netloc='${caucased:netloc}',
-       user_auto_approve_count=0,
+    service_auto_approve_count=1,
-       key_len=2048,
+    user_auto_approve_count=0,
+    key_len=2048,
 )}}
 [rest-server-password]
@@ -145,26 +135,27 @@ user = backup
 [rest-server-htpassword]
 recipe = plone.recipe.command
 command = 
-  # TODO: depend on apache
+  if [ ! -f '${:htpassword}' ] ; then
-  # TODO: test -f
+    {{ htpasswd_bin }} \
-  htpasswd \
+      -b \
-    -b \
+      -B \
-    -B \
+      -c ${:htpassword} \
-    -c ${directory:rest-server-data-dir}/.htpasswd \
+      ${rest-server-password:user} \
-    ${rest-server-password:user} \
+      ${rest-server-password:passwd}
-    ${rest-server-password:passwd}
+  fi
+htpassword = ${directory:rest-server-data-dir}/.htpasswd
 stop-on-error = true
 [rest-server]
 recipe = slapos.cookbook:wrapper
 command-line =
-    {{ gowork_bin }}/rest-server \
+  {{ gowork_bin }}/rest-server \
-      --listen [${instance-parameter:ipv6-random}]:${:port}
+    --listen [${instance-parameter:ipv6-random}]:${:port}
-      --log ${directory:var-log}/${:_buildout_section_name_}-access.log
+    --log ${directory:var-log}/${:_buildout_section_name_}-access.log
-      --path ${directory:rest-server-data-dir}
+    --path ${directory:rest-server-data-dir}
-      --tls
+    --tls
-      --tls-cert ${rest-server-certificate:cert-file}
+    --tls-cert ${rest-server-certificate:cert-file}
-      --tls-key ${rest-server-certificate:key-file}
+    --tls-key ${rest-server-certificate:key-file}
 wrapper-path = ${directory:service}/rest-server
 port = 19080
@@ -178,7 +169,6 @@ depends =
 hostname= ${rest-server:ip}
 port = ${rest-server:port}
 [frontend]
 <= slap-connection
 recipe = slapos.cookbook:requestoptional
@@ -194,7 +184,6 @@ return = domain secure_access
 url = ${frontend:connection-secure_access}
 check-secure = 1
-# XXX golang uses environ SSL_CERT_FILE
 [promises]
 recipe =

--- a/software/restic-rest-server/software.cfg
+++ b/software/restic-rest-server/software.cfg
@@ -6,7 +6,6 @@ extends =
  ../../component/dash/buildout.cfg
  ../../component/golang/buildout.cfg
  ../../component/restic/buildout.cfg
-  ../../component/defaults.cfg
  ../../stack/caucase/buildout.cfg
  ../../stack/slapos.cfg
  buildout.hash.cfg
@@ -24,12 +23,6 @@ part = python3
 [gowork]
 install +=
  ${git.github.com_restic_rest-server:location}:./cmd/...
-# package https://github.com/restic/rest-server@v0.10.0: can only use path@version syntax with 'go get'
-#install += 
-#  github.com/restic/rest-server@v0.10.0
-golang = ${golang1.16:location}
 [git.github.com_restic_rest-server]
 <= go-git-package
@@ -43,15 +36,12 @@ rendered = ${buildout:directory}/instance.cfg
 template = ${:_profile_base_location_}/${:filename}
 mode = 0644
 context =
-    section buildout buildout
+  section buildout buildout
-    key gowork_bin gowork:bin
+  key gowork_bin gowork:bin
-    raw openssl_bin ${openssl:location}/bin/openssl
+  raw openssl_bin ${openssl:location}/bin/openssl
-    raw dash_bin ${dash:location}/bin/dash
+  raw htpasswd_bin ${apache:location}/bin/htpasswd
-    raw curl_bin ${curl:location}/bin/curl
+  raw dash_bin ${dash:location}/bin/dash
-    key template_monitor monitor2-template:rendered
+  raw curl_bin ${curl:location}/bin/curl
+  key template_monitor monitor2-template:rendered
 import-list =
-    file caucase caucase-jinja2-library:target
+  file caucase caucase-jinja2-library:target
-[gcc]
-# XXX for development
-max_version = 0