Commit 610f0865 authored by Jérome Perrin's avatar Jérome Perrin

slaprunner: use shellinabox from github

Since shellinabox listen on AF_UNIX, we don't need another password for
shellinabox
parent e386c652
......@@ -147,7 +147,6 @@ As you can see in instance-runner-*.cfg, the buildout section extends a hard-cod
List of ports used by the webrunner:
------------------------------------
8602 : slapproxy, while running tests
8949 : shellinabox
9684 : apache (monitoring of slaprunner, git access)
22222 : dropbear
39986 : supervisord
......@@ -156,4 +155,4 @@ List of ports used by the webrunner:
Tips:
-----
You can use shellinabox in fullscreen, by accessing : https://[IPV6]:8949
You can use shellinabox in fullscreen, by accessing : https://[IPV6]:50005/shellinabox/
- resilient sr: Cloned instances should not launch slapgrid-sr if it was not launched on export instance
- shellinabox password should be the same in all the resilient instances
- add test for parameter auto-deploy-instance
- Add download facility in file browser
......@@ -34,6 +34,10 @@ parts =
rdiff-backup
collective.recipe.template-egg
# Use shellinabox from github with AF_UNIX support
[shellinabox]
<= shellinabox-github
[template]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance.cfg
......@@ -45,7 +49,7 @@ mode = 0644
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-runner.cfg
output = ${buildout:directory}/template-runner.cfg.in
md5sum = 41c0f9e23f7ea085faa59a2f7bfb0bab
md5sum = d67efe18c8d2295a9cc1274151bd63ce
mode = 0644
[template-runner-import-script]
......@@ -97,7 +101,7 @@ mode = 0644
recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/nginx_conf.in
download-only = true
md5sum = 7c0608eafb5c6998846851744a70b3de
md5sum = 00b902364c32ef21a28461716700fb2b
filename = nginx_conf.in
mode = 0644
......
......@@ -4,7 +4,6 @@ parts =
nginx-launcher
certificate-authority
ca-nginx
ca-shellinabox
gunicorn-launcher
gunicorn-graceful
sshkeys-dropbear-runner
......@@ -16,7 +15,6 @@ parts =
slaprunner-supervisord-wrapper
dropbear-promise
runtestsuite
shellinabox-promise
symlinks
shellinabox
slapos-cfg
......@@ -269,7 +267,7 @@ scgi_temp_path = $${directory:tmp}/scgi_temp_path
[nginx-frontend]
# Options
nb_workers = 2
nb_workers = 5
# Network
local-ip = $${slap-network-information:local-ipv4}
global-ip = $${slap-network-information:global-ipv6}
......@@ -303,7 +301,7 @@ recipe = slapos.recipe.template:jinja2
template = ${template_nginx_conf:location}/${template_nginx_conf:filename}
rendered = $${nginx-frontend:path_nginx_conf}
context =
key shellinabox_port shellinabox:port
key shellinabox_socket shellinabox:socket
key socket gunicorn:socket
section param_nginx_frontend nginx-frontend
section param_tempdir tempdirectory
......@@ -409,13 +407,6 @@ wrapper = $${directory:services}/nginx-frontend
# Put domain name
name = example.com
[ca-shellinabox]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
executable = $${shellinabox:wrapper}
wrapper = $${directory:services}/shellinaboxd
key-file = $${cadirectory:certs}/shellinabox.key
cert-file = $${cadirectory:certs}/shellinabox.crt
#--------------------
#--
#-- Request frontend
......@@ -485,12 +476,6 @@ path = $${directory:promises}/dropbear
hostname = $${dropbear-runner-server:host}
port = $${dropbear-runner-server:port}
[shellinabox-promise]
recipe = slapos.cookbook:check_port_listening
path = $${directory:promises}/shellinabox
hostname = $${shellinabox:ipv6}
port = $${shellinabox:port}
[symlinks]
recipe = cns.recipe.symlink
symlink_target = $${directory:bin}
......@@ -532,23 +517,18 @@ context =
section slaprunner test-runner
[shellinabox]
recipe = slapos.cookbook:shellinabox
ipv6 = $${slap-network-information:global-ipv6}
port = 8949
shell = $${shell:wrapper}
wrapper = $${directory:bin}/shellinaboxd
shellinabox-binary = ${shellinabox:location}/bin/shellinaboxd
password = $${zero-parameters:shell-password}
directory = $${runnerdirectory:home}
login-shell = $${directory:bin}/login
certificate-directory = $${cadirectory:certs}
cert-file = $${ca-shellinabox:cert-file}
key-file = $${ca-shellinabox:key-file}
[shellinabox-code]
recipe = slapos.cookbook:generate.password
storage-path = $${directory:etc}/.scode
bytes = 8
recipe = slapos.recipe.template:jinja2
# We cannot use slapos.cookbook:wrapper here because this recipe escapes too much
socket = $${directory:run}/siab.sock
mode = 0700
rendered = $${directory:services}/shellinaboxd
template = inline:
#!/bin/sh
exec ${shellinabox:location}/bin/shellinaboxd \
--disable-ssl \
--disable-ssl-menu \
--unixdomain-only=$${:socket}:$(id -u):$(id -g):0600 \
--service "/:$(id -u):$(id -g):HOME:$${shell:wrapper}"
[shell]
recipe = slapos.cookbook:shell
......@@ -617,7 +597,6 @@ key = $${slap-connection:key-file}
cert = $${slap-connection:cert-file}
[public]
shell-password = $${shellinabox-code:passwd}
recovery-code = $${recovery-code:passwd}
[zero-parameters]
......
......@@ -52,18 +52,18 @@ http {
proxy_pass http://unix:{{ socket }};
}
location /shellinabox {
proxy_pass http://[{{ param_nginx_frontend['global-ip'] }}]:{{ shellinabox_port }}/;
location /shellinabox {
proxy_pass http://unix:{{ shellinabox_socket }}:/;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
auth_basic "Restricted";
auth_basic_user_file {{ param_nginx_frontend['etc_dir'] }}/.htpasswd;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $http_host;
}
proxy_set_header X-Forwarded-Host $http_host;
}
}
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment