Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
slapos
Commits
2a733418
Commit
2a733418
authored
Aug 22, 2016
by
Nicolas Wavrant
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
slaprunner: replaces dropbear by openssh
parent
ee019ae4
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
68 additions
and
63 deletions
+68
-63
software/slaprunner/common.cfg
software/slaprunner/common.cfg
+5
-5
software/slaprunner/instance-resilient.cfg.jinja2
software/slaprunner/instance-resilient.cfg.jinja2
+0
-1
software/slaprunner/instance-runner-export.cfg.in
software/slaprunner/instance-runner-export.cfg.in
+4
-3
software/slaprunner/instance-runner-import.cfg.in
software/slaprunner/instance-runner-import.cfg.in
+7
-5
software/slaprunner/instance-runner.cfg
software/slaprunner/instance-runner.cfg
+52
-49
No files found.
software/slaprunner/common.cfg
View file @
2a733418
...
@@ -5,13 +5,13 @@ extends =
...
@@ -5,13 +5,13 @@ extends =
../../component/curl/buildout.cfg
../../component/curl/buildout.cfg
../../component/dash/buildout.cfg
../../component/dash/buildout.cfg
../../component/dcron/buildout.cfg
../../component/dcron/buildout.cfg
../../component/dropbear/buildout.cfg
../../component/git/buildout.cfg
../../component/git/buildout.cfg
../../component/tig/buildout.cfg
../../component/tig/buildout.cfg
../../component/logrotate/buildout.cfg
../../component/logrotate/buildout.cfg
../../component/lxml-python/buildout.cfg
../../component/lxml-python/buildout.cfg
../../component/nano/buildout.cfg
../../component/nano/buildout.cfg
../../component/nginx/buildout.cfg
../../component/nginx/buildout.cfg
../../component/openssh/buildout.cfg
../../component/rsync/buildout.cfg
../../component/rsync/buildout.cfg
../../component/python-2.7/buildout.cfg
../../component/python-2.7/buildout.cfg
../../component/screen/buildout.cfg
../../component/screen/buildout.cfg
...
@@ -54,7 +54,7 @@ mode = 0644
...
@@ -54,7 +54,7 @@ mode = 0644
recipe = slapos.recipe.template
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-runner.cfg
url = ${:_profile_base_location_}/instance-runner.cfg
output = ${buildout:directory}/template-runner.cfg.in
output = ${buildout:directory}/template-runner.cfg.in
md5sum = c98c81336cb8c91376737e20bad6636a
#md5sum = dcf366fb8a16fa380bb58634b3b0e0cc
mode = 0644
mode = 0644
[template-runner-import-script]
[template-runner-import-script]
...
@@ -70,7 +70,7 @@ mode = 0644
...
@@ -70,7 +70,7 @@ mode = 0644
recipe = slapos.recipe.template
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-runner-import.cfg.in
url = ${:_profile_base_location_}/instance-runner-import.cfg.in
output = ${buildout:directory}/instance-runner-import.cfg
output = ${buildout:directory}/instance-runner-import.cfg
md5sum =
8dc4898bd7c3071b8969e6305da8d643
md5sum =
22d958bd271a378b84f04e36010ee689
mode = 0644
mode = 0644
[template-runner-export-script]
[template-runner-export-script]
...
@@ -86,13 +86,13 @@ mode = 0644
...
@@ -86,13 +86,13 @@ mode = 0644
recipe = slapos.recipe.template
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-runner-export.cfg.in
url = ${:_profile_base_location_}/instance-runner-export.cfg.in
output = ${buildout:directory}/instance-runner-export.cfg
output = ${buildout:directory}/instance-runner-export.cfg
md5sum =
b01ad6fef55fab5405d5cf212832e52f
md5sum =
38a2b6e9ebb65457c1f477455b205328
mode = 0644
mode = 0644
[template-resilient]
[template-resilient]
recipe = slapos.recipe.build:download
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/instance-resilient.cfg.jinja2
url = ${:_profile_base_location_}/instance-resilient.cfg.jinja2
md5sum =
56ea5ab49eca534acd22b2028529b7d9
md5sum =
a902b84ac7d1e29a7fdb06cbc7dec150
filename = instance-resilient.cfg.jinja2
filename = instance-resilient.cfg.jinja2
mode = 0644
mode = 0644
...
...
software/slaprunner/instance-resilient.cfg.jinja2
View file @
2a733418
...
@@ -15,7 +15,6 @@
...
@@ -15,7 +15,6 @@
{% set slaprunner_return = ['init-user', 'init-password', 'url', 'ssh-public-key', 'ssh-url', 'notification-id', 'ip', 'backend-url', 'url', 'ssh-command', 'webdav-url', 'public-url', 'git-public-url', 'git-private-url'] -%}
{% set slaprunner_return = ['init-user', 'init-password', 'url', 'ssh-public-key', 'ssh-url', 'notification-id', 'ip', 'backend-url', 'url', 'ssh-command', 'webdav-url', 'public-url', 'git-public-url', 'git-private-url'] -%}
{% set monitor_return = ['monitor-base-url', 'monitor-url', 'monitor-user', 'monitor-password'] -%}
{% set monitor_return = ['monitor-base-url', 'monitor-url', 'monitor-user', 'monitor-password'] -%}
{% set monitor_parameter = {'monitor-cors-domains': slapparameter_dict.pop('monitor-cors-domains', "monitor.app.officejs.com")} -%}
{% set monitor_parameter = {'monitor-cors-domains': slapparameter_dict.pop('monitor-cors-domains', "monitor.app.officejs.com")} -%}
{% do monitor_parameter.update({'runner-importer-sshd-port': slapparameter_dict.pop('runner-importer-sshd-port')}) -%}
{% set monitor_dict = {'parameter': monitor_parameter, 'return': monitor_return, 'set-monitor-url': True} -%}
{% set monitor_dict = {'parameter': monitor_parameter, 'return': monitor_return, 'set-monitor-url': True} -%}
{% set monitor_interface_url = slapparameter_dict.pop('monitor-interface-url', 'https://monitor.app.officejs.com') -%}
{% set monitor_interface_url = slapparameter_dict.pop('monitor-interface-url', 'https://monitor.app.officejs.com') -%}
...
...
software/slaprunner/instance-runner-export.cfg.in
View file @
2a733418
...
@@ -9,14 +9,14 @@ parts +=
...
@@ -9,14 +9,14 @@ parts +=
ca-nginx
ca-nginx
gunicorn-launcher
gunicorn-launcher
gunicorn-graceful
gunicorn-graceful
sshkeys-dropbear-runner
dropbear-server-add-authorized-key
sshkeys-authority
sshkeys-authority
publish-connection-information
publish-connection-information
slaprunner-promise
slaprunner-promise
apache-httpd-promise
apache-httpd-promise
slaprunner-supervisord-wrapper
slaprunner-supervisord-wrapper
dropbear-promise
runner-sshd-add-authorized-key
runner-sshd-graceful
runner-sshd-promise
runtestsuite
runtestsuite
symlinks
symlinks
shellinabox
shellinabox
...
@@ -30,6 +30,7 @@ parts +=
...
@@ -30,6 +30,7 @@ parts +=
supervisord-wrapper
supervisord-wrapper
supervisord-promise
supervisord-promise
httpd-graceful-wrapper
httpd-graceful-wrapper
runner-sshd
## Monitoring part
## Monitoring part
## Monitor for runner
## Monitor for runner
monitor-base
monitor-base
...
...
software/slaprunner/instance-runner-import.cfg.in
View file @
2a733418
...
@@ -9,12 +9,13 @@ parts +=
...
@@ -9,12 +9,13 @@ parts +=
ca-nginx
ca-nginx
gunicorn-launcher
gunicorn-launcher
gunicorn-graceful
gunicorn-graceful
sshkeys-dropbear-runner
dropbear-server-add-authorized-key
sshkeys-authority
sshkeys-authority
slaprunner-promise
slaprunner-promise
slaprunner-supervisord-wrapper
slaprunner-supervisord-wrapper
dropbear-promise
runner-sshd
runner-sshd-add-authorized-key
runner-sshd-graceful
runner-sshd-promise
runtestsuite
runtestsuite
shellinabox
shellinabox
symlinks
symlinks
...
@@ -39,8 +40,9 @@ proxy_port = 50000
...
@@ -39,8 +40,9 @@ proxy_port = 50000
runner_port = 50005
runner_port = 50005
# Idem for some other services
# Idem for some other services
[dropbear-runner-server]
[runner-sshd-port]
port = $${slap-parameter:runner-importer-sshd-port}
minimum = 22232
maximum = 22241
[importer]
[importer]
recipe = slapos.recipe.template:jinja2
recipe = slapos.recipe.template:jinja2
...
...
software/slaprunner/instance-runner.cfg
View file @
2a733418
...
@@ -6,14 +6,15 @@ parts =
...
@@ -6,14 +6,15 @@ parts =
ca-nginx
ca-nginx
gunicorn-launcher
gunicorn-launcher
gunicorn-graceful
gunicorn-graceful
sshkeys-dropbear-runner
dropbear-server-add-authorized-key
sshkeys-authority
sshkeys-authority
publish-connection-information
publish-connection-information
slaprunner-promise
slaprunner-promise
apache-httpd-promise
apache-httpd-promise
slaprunner-supervisord-wrapper
slaprunner-supervisord-wrapper
dropbear-promise
runner-sshd
runner-sshd-add-authorized-key
runner-sshd-graceful
runner-sshd-promise
runtestsuite
runtestsuite
symlinks
symlinks
shellinabox
shellinabox
...
@@ -133,13 +134,13 @@ working-directory = $${runnerdirectory:home}
...
@@ -133,13 +134,13 @@ working-directory = $${runnerdirectory:home}
project-directory = $${runnerdirectory:project}
project-directory = $${runnerdirectory:project}
instance_root = $${runnerdirectory:instance-root}
instance_root = $${runnerdirectory:instance-root}
software_root = $${runnerdirectory:software-root}
software_root = $${runnerdirectory:software-root}
ssh_client = ${openssh:location}/bin/ssh
public_key = $${runner-sshd-key-authority:location}.pub
private_key = $${runner-sshd-key-authority:location}
instance-monitor-url = https://[$${:ipv6}]:$${monitor-parameters:port}
instance-monitor-url = https://[$${:ipv6}]:$${monitor-parameters:port}
etc_dir = $${directory:etc}
etc_dir = $${directory:etc}
log_dir = $${directory:log}
log_dir = $${directory:log}
run_dir = $${directory:run}
run_dir = $${directory:run}
ssh_client = $${sshkeys-dropbear-runner:wrapper}
public_key = $${sshkeys-dropbear-runner:public-key}
private_key = $${sshkeys-dropbear-runner:private-key}
ipv4 = $${slap-network-information:local-ipv4}
ipv4 = $${slap-network-information:local-ipv4}
ipv6 = $${slap-network-information:global-ipv6}
ipv6 = $${slap-network-information:global-ipv6}
instance_root = $${runnerdirectory:instance-root}
instance_root = $${runnerdirectory:instance-root}
...
@@ -198,43 +199,47 @@ command-line = ${buildout:directory}/bin/slaprunnertest
...
@@ -198,43 +199,47 @@ command-line = ${buildout:directory}/bin/slaprunnertest
wrapper-path = $${directory:bin}/runTestSuite
wrapper-path = $${directory:bin}/runTestSuite
environment = RUNNER_CONFIG=$${slapos-cfg:rendered}
environment = RUNNER_CONFIG=$${slapos-cfg:rendered}
# Deploy dropbear (minimalist SSH server)
# Deploy openssh-server
[sshkeys-directory]
[runner-sshd-key-authority]
recipe = slapos.cookbook:mkdirectory
recipe = plone.recipe.command
requests = $${directory:sshkeys}/requests/
location = $${directory:sshkeys}/ssh_host_rsa_key
keys = $${directory:sshkeys}/keys/
command = if [ ! -f "$${:location}" ]; then ${openssh:location}/bin/ssh-keygen -t rsa -b 4096 -f "$${:location}" -N '' -C ''; fi
[sshkeys-authority]
[runner-sshd-port]
recipe = slapos.cookbook:sshkeys_authority
recipe = slapos.cookbook:free_port
request-directory = $${sshkeys-directory:requests}
minimum = 22222
keys-directory = $${sshkeys-directory:keys}
maximum = 22231
wrapper = $${directory:services}/sshkeys_authority
ip = $${slap-network-information:global-ipv6}
keygen-binary = ${dropbear:location}/bin/dropbearkey
[runner-sshd-config]
[dropbear-runner-server]
recipe = slapos.recipe.template:jinja2
recipe = slapos.cookbook:dropbear
rendered = $${directory:etc}/runner-sshd.conf
host = $${slap-network-information:global-ipv6}
path_pid = $${directory:run}/runner-sshd.pid
port = $${slap-parameter:runner-sshd-port}
template = inline:
home = $${buildout:directory}
PidFile $${:path_pid}
wrapper = $${directory:bin}/runner_sshd
Port $${runner-sshd-port:port}
shell = ${bash:location}/bin/bash
ListenAddress $${slap-network-information:global-ipv6}
rsa-keyfile = $${directory:ssh}/server_key.rsa
Protocol 2
allow-port-forwarding = true
UsePrivilegeSeparation no
dropbear-binary = ${dropbear:location}/sbin/dropbear
HostKey $${runner-sshd-key-authority:location}
PasswordAuthentication no
[sshkeys-dropbear-runner]
PubkeyAuthentication yes
<= sshkeys-authority
AuthorizedKeysFile $${buildout:directory}/.ssh/authorized_keys
recipe = slapos.cookbook:sshkeys_authority.request
ForceCommand if [ -z "$SSH_ORIGINAL_COMMAND" ]; then ${bash:location}/bin/bash -l; else $SSH_ORIGINAL_COMMAND; fi
name = dropbear
type = rsa
[runner-sshd]
executable = $${dropbear-runner-server:wrapper}
recipe = slapos.cookbook:wrapper
public-key = $${dropbear-runner-server:rsa-keyfile}.pub
command-line = ${openssh:location}/sbin/sshd -D -e -f $${runner-sshd-config:rendered}
private-key = $${dropbear-runner-server:rsa-keyfile}
wrapper-path = $${directory:services}/runner-sshd
wrapper = $${directory:services}/runner_sshd
[runner-sshd-graceful]
[dropbear-server-add-authorized-key]
recipe = slapos.cookbook:wrapper
<= dropbear-runner-server
command-line = $${directory:bin}/killpidfromfile $${runner-sshd-config:path_pid} SIGHUP
wrapper-path = $${directory:scripts}/runner-sshd-graceful
[runner-sshd-add-authorized-key]
recipe = slapos.cookbook:dropbear.add_authorized_key
recipe = slapos.cookbook:dropbear.add_authorized_key
home = $${buildout:directory}
key = $${slap-parameter:user-authorized-key}
key = $${slap-parameter:user-authorized-key}
#---------------------------
#---------------------------
...
@@ -494,7 +499,7 @@ recipe = slapos.cookbook:publish
...
@@ -494,7 +499,7 @@ recipe = slapos.cookbook:publish
backend-url = $${slaprunner:access-url}
backend-url = $${slaprunner:access-url}
init-user = $${runner-htpasswd:user}
init-user = $${runner-htpasswd:user}
init-password = $${runner-htpasswd:password}
init-password = $${runner-htpasswd:password}
ssh-command = ssh $${
dropbear-runner-server:host} -p $${dropbear-runner-server
:port}
ssh-command = ssh $${
environ:USER}@$${slap-network-information:global-ipv6} -p $${runner-sshd-port
:port}
git-public-url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global_port}/git-public/
git-public-url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global_port}/git-public/
git-private-url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global_port}/git/
git-private-url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global_port}/git/
monitor-base-url = $${publish:monitor-base-url}
monitor-base-url = $${publish:monitor-base-url}
...
@@ -526,11 +531,11 @@ path = $${directory:promises}/slaprunner
...
@@ -526,11 +531,11 @@ path = $${directory:promises}/slaprunner
hostname = $${slaprunner:ipv6}
hostname = $${slaprunner:ipv6}
port = $${slaprunner:runner_port}
port = $${slaprunner:runner_port}
[
dropbear
-promise]
[
runner-sshd
-promise]
recipe = slapos.cookbook:check_port_listening
recipe = slapos.cookbook:check_port_listening
path = $${directory:promises}/
dropbear
path = $${directory:promises}/
runner-sshd
hostname = $${
dropbear-runner-server:host
}
hostname = $${
slap-network-information:global-ipv6
}
port = $${
dropbear-runner-server
:port}
port = $${
runner-sshd-port
:port}
[symlinks]
[symlinks]
recipe = cns.recipe.symlink
recipe = cns.recipe.symlink
...
@@ -559,8 +564,6 @@ monitor-cors-domains =
...
@@ -559,8 +564,6 @@ monitor-cors-domains =
monitor-interface-url =
monitor-interface-url =
# XXX - define a new port for monitor here and use monitor-port for backward compatibility
# XXX - define a new port for monitor here and use monitor-port for backward compatibility
monitor-httpd-port = 8386
monitor-httpd-port = 8386
runner-sshd-port = 22222
runner-importer-sshd-port = $${:runner-sshd-port}
[monitor-parameters]
[monitor-parameters]
port = $${slap-parameter:monitor-port}
port = $${slap-parameter:monitor-port}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment