Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
slapos
Commits
6f2caaa2
Commit
6f2caaa2
authored
Apr 07, 2021
by
Julien Muchembled
Browse files
Options
Browse Files
Download
Plain Diff
re6stnet: clean-up & backup
See merge request
nexedi/slapos!940
parents
b4823d48
aad7050a
Changes
10
Hide whitespace changes
Inline
Side-by-side
Showing
10 changed files
with
101 additions
and
180 deletions
+101
-180
software/re6stnet/apache.conf.in
software/re6stnet/apache.conf.in
+0
-17
software/re6stnet/buildout.hash.cfg
software/re6stnet/buildout.hash.cfg
+4
-12
software/re6stnet/instance-re6stnet-input-schema.json
software/re6stnet/instance-re6stnet-input-schema.json
+5
-0
software/re6stnet/instance-re6stnet.cfg.in
software/re6stnet/instance-re6stnet.cfg.in
+42
-81
software/re6stnet/instance.cfg.in
software/re6stnet/instance.cfg.in
+5
-9
software/re6stnet/re6st-registry.conf.in
software/re6stnet/re6st-registry.conf.in
+1
-1
software/re6stnet/registry-run.in
software/re6stnet/registry-run.in
+0
-4
software/re6stnet/software.cfg
software/re6stnet/software.cfg
+44
-20
software/re6stnet/test/test.py
software/re6stnet/test/test.py
+0
-33
software/re6stnet/wrapper.in
software/re6stnet/wrapper.in
+0
-3
No files found.
software/re6stnet/apache.conf.in
View file @
6f2caaa2
...
...
@@ -8,7 +8,6 @@ LoadModule version_module modules/mod_version.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule mime_module modules/mod_mime.so
#LoadModule dav_module modules/mod_dav.so
#LoadModule dav_fs_module modules/mod_dav_fs.so
...
...
@@ -31,17 +30,6 @@ ErrorLog "{{ error_log }}"
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
CustomLog "{{ access_log }}" combined
{% if uri_scheme == 'https' -%}
# SSL Configuration
SSLCertificateFile {{ certificate }}
SSLCertificateKeyFile {{ key }}
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
SSLHonorCipherOrder on
{% endif -%}
<Directory />
Options FollowSymLinks
AllowOverride None
...
...
@@ -50,10 +38,5 @@ SSLHonorCipherOrder on
Listen {{ ipv6 }}:{{ apache_port }}
<VirtualHost *:{{ apache_port }}>
{% if uri_scheme == 'https' -%}
SSLEngine On
SSLProxyEngine On
{% endif -%}
ProxyPass / http://{{ re6st_ipv4 }}:{{ re6st_port }}/
</VirtualHost>
software/re6stnet/buildout.hash.cfg
View file @
6f2caaa2
...
...
@@ -14,24 +14,16 @@
# not need these here).
[template]
filename = instance.cfg.in
md5sum =
610fc6fd0444d3bab3fca4478572749
a
md5sum =
01938aa1683b7994f814fff6d964b9b
a
[template-re6stnet]
filename = instance-re6stnet.cfg.in
md5sum =
002f7405f565c82219b0d4b92790ff8c
md5sum =
4e4475c8ef80a3a53aa63a2ae444586d
[template-apache-conf]
filename = apache.conf.in
md5sum =
2ed3c4e9b9d58d2e57cda227bdd454d2
md5sum =
3d55f7c9c4fc7279f06bfe6313a78a4b
[template-re6st-registry-conf]
filename = re6st-registry.conf.in
md5sum = b0f0facfea82a4481f4fb5b0b263e09a
[template-wrapper]
filename = wrapper.in
md5sum = 7633bdfc0e638ff9979f963fbbca8f13
[template-registry-run]
filename = registry-run.in
md5sum = 0bf4f2c03e06b55c6c6cc55fa33e65d6
md5sum = feb4b3318f37414d1bf3d16a03aec93d
software/re6stnet/instance-re6stnet-input-schema.json
View file @
6f2caaa2
...
...
@@ -78,6 +78,11 @@
"description"
:
"Prevent tunnelling accross borders of listed countries"
,
"type"
:
"string"
,
"default"
:
""
},
"backup-repository"
:
{
"title"
:
"Git backup repository"
,
"description"
:
"URL of Git repository where backups are pushed. Nothing is pushed if empty."
,
"type"
:
"string"
}
}
}
software/re6stnet/instance-re6stnet.cfg.in
View file @
6f2caaa2
{% set bin_directory = parameter_dict['bin-directory'] -%}
{% set python_bin = parameter_dict['python-executable'] -%}
{% set re6st_registry = parameter_dict['re6st-registry'] -%}
{% set re6stnet = parameter_dict['re6stnet'] -%}
{% set publish_dict = {} -%}
{% set part_list = [] -%}
{% set ipv6 = (ipv6_set | list)[0] -%}
{% set ipv4 = (ipv4_set | list)[0] -%}
{% set uri_scheme = slapparameter_dict.get('uri-scheme', 'http') -%}
{% macro section(name) %}{% do part_list.append(name) %}{{ name }}{% endmacro -%}
[directory]
recipe = slapos.cookbook:mkdirectory
...
...
@@ -19,35 +14,16 @@ log = ${:var}/log
services = ${:etc}/service
script = ${:etc}/run
run = ${:var}/run
ca-dir = ${:etc}/ssl
requests = ${:ca-dir}/requests
private = ${:ca-dir}/private
certs = ${:ca-dir}/certs
newcerts = ${:ca-dir}/newcerts
crl = ${:ca-dir}/crl
re6st = ${:srv}/res6stnet
[re6stnet-dirs]
recipe = slapos.cookbook:mkdirectory
registry = ${directory:re6st}/registry
data = ${directory:srv}/re6stnet
log = ${directory:log}/re6stnet
conf = ${directory:etc}/re6stnet
ssl = ${:conf}/ssl
token = ${:conf}/token
run = ${directory:run}/re6stnet
[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = {{ openssl_bin }}/openssl
ca-dir = ${directory:ca-dir}
requests-directory = ${directory:requests}
wrapper = ${directory:services}/certificate_authority
ca-private = ${directory:private}
ca-certs = ${directory:certs}
ca-newcerts = ${directory:newcerts}
ca-crl = ${directory:crl}
[apache-conf]
recipe = slapos.recipe.template:jinja2
template = {{ parameter_dict['template-apache-conf'] }}
...
...
@@ -64,56 +40,33 @@ context =
key access_log :access-log
key error_log :error-log
key pid_file :pid-file
raw certificate ${directory:certs}/apache.crt
raw key ${directory:private}/apache.key
raw ipv6 {{ ipv6 }}
raw uri_scheme {{ uri_scheme }}
{% set apache_wrapper = '${directory:services}/httpd' -%}
{% if uri_scheme == 'https' -%}
{% set apache_wrapper = '${directory:bin}/httpd_raw' -%}
{% endif -%}
[apache-httpd]
recipe = slapos.cookbook:wrapper
wrapper-path = {{ apache_wrapper }}
command-line = "{{ parameter_dict['apache-location'] }}/bin/httpd" -f "${apache-conf:rendered}" -DFOREGROUND
{% if uri_scheme == 'https' %}
[apache-ca]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
executable = ${apache-httpd:wrapper-path}
wrapper = ${directory:bin}/httpd
key-file = ${certificate-authority:ca-private}/apache.key
cert-file = ${certificate-authority:ca-certs}/apache.crt
[{{ section('apache-ca-service') }}]
recipe = slapos.cookbook:wrapper
command-line = ${apache-ca:wrapper}
wrapper-path = ${directory:services}/httpd
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
{% endif %}
command-line = "{{ parameter_dict['apache-location'] }}/bin/httpd" -f "${apache-conf:rendered}" -DFOREGROUND
[apache-httpd-graceful]
recipe = slapos.recipe.template:jinja2
template = {{ parameter_dict['template-wrapper'] }}
rendered = ${directory:script}/httpd-graceful
mode = 0700
context =
raw content {{ parameter_dict['apache-location'] }}/bin/httpd -Sf ${apache-conf:rendered}; if [ $? -eq 0 ]; then kill -USR1 $(cat ${apache-conf:pid-file}); fi
raw dash {{ dash_binary }}
template = inline:{{'{{content}}'}}
context = key content :script
script =
#!/bin/sh -e
{{ parameter_dict['apache-location'] }}/bin/httpd -Sf ${apache-conf:rendered}
{{ bin_directory }}/slapos-kill --pidfile ${apache-conf:pid-file} -s USR1
[logrotate-apache]
< = logrotate-entry-base
name = apache
log = ${apache-conf:error-log} ${apache-conf:access-log}
post = test ! -s ${apache-conf:pid-file} || {{
parameter_dict['bin-directory']
}}/slapos-kill --pidfile ${apache-conf:pid-file} -s USR1
post = test ! -s ${apache-conf:pid-file} || {{
bin_directory
}}/slapos-kill --pidfile ${apache-conf:pid-file} -s USR1
[re6st-registry-conf-dict]
port = 9201
ipv4 = {{ ipv4 }}
ipv6 = {{ ipv6 }}
db = ${re6stnet-dirs:registry}/registry.db
db = ${re6stnet-dirs:data}/registry.db
ca = ${re6stnet-dirs:ssl}/re6stnet.crt
key = ${re6stnet-dirs:ssl}/re6stnet.key
dh = ${re6stnet-dirs:ssl}/dh.pem
...
...
@@ -135,18 +88,35 @@ same-country = {{ slapparameter_dict.get('same-country', '') }}
[re6st-registry-conf]
recipe = slapos.recipe.template:jinja2
template = {{ parameter_dict['template-re6st-registry-conf'] }}
rendered = ${
directory:etc}/re6st-
registry.conf
rendered = ${
re6stnet-dirs:conf}/
registry.conf
context = section parameter_dict re6st-registry-conf-dict
depends = ${re6st-compat:recipe}
[re6st-compat]
recipe = slapos.recipe.build
update =
import errno, os
res6stnet = self.buildout['directory']['srv'] + '/res6stnet'
try:
os.rename(res6stnet + '/registry', self.buildout['re6stnet-dirs']['data'])
except OSError as e:
if e.errno != errno.ENOENT:
raise
else:
os.rmdir(res6stnet)
[re6st-registry-wrapper]
recipe = slapos.recipe.template:jinja2
template = {{ parameter_dict['template-registry-run'] }}
rendered = ${directory:services}/re6st-registry
pid-file = ${directory:run}/registry.pid
context =
key pid_file :pid-file
raw re6st_command {{ re6st_registry }}
key re6st_conf re6st-registry-conf:rendered
recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:services}/re6st-registry
pidfile = ${directory:run}/registry.pid
command-line = {{ bin_directory }}/re6st-registry @${re6st-registry-conf:rendered}
[cron-entry-re6st-backup]
recipe = slapos.cookbook:cron.d
cron-entries = ${cron:cron-entries}
name = re6stnet-backup
time = hourly
command = {{ parameter_dict['re6stnet-backup'] }} ${logrotate-directory:backup}/re6stnet ${re6st-registry-conf-dict:db} {{ slapparameter_dict.get('backup-repository', '') }}
[re6st-registry]
recipe = slapos.cookbook:re6stnet.registry
...
...
@@ -167,7 +137,7 @@ key-file = ${re6st-registry-conf-dict:key}
cert-file = ${re6st-registry-conf-dict:ca}
dh-file = ${re6st-registry-conf-dict:dh}
slave-instance-list =
${slap-parameter:slave_instance_list
}
slave-instance-list =
{{ slapparameter_dict.get('slave_instance_list', '{}') }
}
environment =
PATH={{ openssl_bin }}
...
...
@@ -181,14 +151,14 @@ command-line = "{{ python_bin }}" ${re6st-registry:manager-wrapper}
recipe = slapos.cookbook:cron.d
cron-entries = ${cron:cron-entries}
name = re6stnet-check-token
frequency = */5 * * * *
time = *:0/5
command = {{ python_bin }} ${re6st-registry:manager-wrapper}
[logrotate-entry-re6stnet]
< = logrotate-entry-base
name = re6stnet
log = ${re6st-registry-conf-dict:logfile}
post =
test ! -s ${re6st-registry-wrapper:pid-file} || {{ parameter_dict['bin-directory'] }}/slapos-kill --pidfile ${re6st-registry-wrapper:pid-
file} -s USR1
post =
[ ! -s ${re6st-registry-wrapper:pidfile} ] || {{ bin_directory }}/slapos-kill --pidfile ${re6st-registry-wrapper:pid
file} -s USR1
[port-redirection]
recipe = slapos.recipe.template:jinja2
...
...
@@ -214,7 +184,7 @@ name = apache-re6st-registry.py
config-hostname = ${apache-conf:ipv6}
config-port = ${apache-conf:port}
{% do publish_dict.__setitem__('re6stry-url',
uri_scheme ~ '
://[${apache-conf:ipv6}]:${apache-conf:port}') -%}
{% do publish_dict.__setitem__('re6stry-url',
'http
://[${apache-conf:ipv6}]:${apache-conf:port}') -%}
{% do publish_dict.__setitem__('re6stry-local-url', 'http://${re6st-registry:ipv4}:${re6st-registry:port}/') -%}
{% do publish_dict.__setitem__('slave-amount', '${re6st-registry:slave-amount}') -%}
[publish]
...
...
@@ -230,12 +200,12 @@ extends =
{{ logrotate_cfg }}
parts =
certificate-authority
logrotate-apache
logrotate-entry-re6stnet
re6stnet-manage
cron-entry-logrotate
cron-entry-re6st-manage
cron-entry-re6st-backup
apache-httpd
apache-httpd-graceful
publish
...
...
@@ -244,12 +214,3 @@ parts =
re6st-registry-promise
apache-registry-promise
monitor-base
# Complete parts with sections
{{ part_list | join('\n ') }}
eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}
offline = true
[slap-parameter]
slave_instance_list = {}
software/re6stnet/instance.cfg.in
View file @
6f2caaa2
...
...
@@ -16,27 +16,21 @@ recipe = slapos.recipe.template:jinja2
rendered = ${buildout:parts-directory}/${:_buildout_section_name_}/${:filename}
extra-context =
context =
key develop_eggs_directory buildout:develop-eggs-directory
key eggs_directory buildout:eggs-directory
key ipv6_set slap-configuration:ipv6
key ipv4_set slap-configuration:ipv4
key slapparameter_dict slap-configuration:configuration
key computer_id slap-configuration:computer
raw logrotate_cfg {{ template_logrotate_base }}
raw dash_binary {{ dash_location }}/bin/dash
raw openssl_bin {{ openssl_location}}/bin
${:extra-context}
[dynamic-template-re6stnet-parameters]
bin-directory = {{ bin_directory }}
python-executable = {{ python_with_eggs }}
re6st-registry = {{ bin_directory }}/re6st-registry
re6stnet = {{ bin_directory }}/re6stnet
template-apache-conf = {{ template_apache_conf }}
template-wrapper = {{ template_wrapper }}
apache-location = {{ apache_location }}
re6stnet-backup = {{ re6stnet_backup }}
template-re6st-registry-conf = {{ template_re6st_registry_conf }}
template-registry-run = {{ template_registry_run }}
[dynamic-template-re6stnet]
< = jinja2-template-base
...
...
@@ -48,7 +42,9 @@ extra-context =
raw monitor2_template_rendered {{ monitor2_template_rendered }}
[switch-softwaretype]
recipe = slapos.cookbook:softwaretype
recipe = slapos.cookbook:s
witch-s
oftwaretype
default =
${dynamic-template-re6stnet:rendered}
default =
dynamic-template-re6stnet:rendered
registry = ${:default}
# BBB
RootSoftwareInstance = ${:default}
software/re6stnet/re6st-registry.conf.in
View file @
6f2caaa2
port {{ parameter_dict['port'] }}
4 {{ parameter_dict['ipv4'] }}
authorized-origin {{ parameter_dict['ipv4'] }}
# 6 {{ parameter_dict['ipv6'] }}
6 ''
db {{ parameter_dict['db'] }}
ca {{ parameter_dict['ca'] }}
key {{ parameter_dict['key'] }}
...
...
software/re6stnet/registry-run.in
deleted
100644 → 0
View file @
b4823d48
#!/bin/bash
echo
$$
>
{{
pid_file
}}
exec
{{
re6st_command
}}
@
{{
re6st_conf
}}
software/re6stnet/software.cfg
View file @
6f2caaa2
...
...
@@ -2,13 +2,10 @@
extends =
buildout.hash.cfg
../../component/dash/buildout.cfg
../../component/dcron/buildout.cfg
../../component/gzip/buildout.cfg
../../component/openssl/buildout.cfg
../../component/logrotate/buildout.cfg
../../component/apache/buildout.cfg
../../component/
pycurl
/buildout.cfg
../../component/
git
/buildout.cfg
../../component/python-cryptography/buildout.cfg
../../stack/slapos.cfg
...
...
@@ -17,10 +14,22 @@ extends =
parts +=
slapos-cookbook
dash
template
[re6st-eggs]
[re6stnet-repository]
recipe = slapos.recipe.build:gitclone
repository = https://lab.nexedi.com/nexedi/re6stnet.git
git-executable = ${git:location}/bin/git
[re6stnet-setup-env]
PATH = ${git:location}/bin:%(PATH)s
[re6stnet-develop]
recipe = zc.recipe.egg:develop
setup = ${re6stnet-repository:location}
environment = re6stnet-setup-env
[re6stnet]
recipe = zc.recipe.egg
interpreter = python-${:_buildout_section_name_}
eggs =
...
...
@@ -28,6 +37,33 @@ eggs =
${python-cryptography:egg}
pyOpenSSL
re6stnet
initialization =
import os
path = os.environ.get('PATH', '')
os.environ['PATH'] = '${git:location}/bin' + (path and ':' + path)
depends = ${re6stnet-develop:recipe}
[re6stnet-backup]
recipe = slapos.recipe.template:jinja2
rendered = ${buildout:bin-directory}/re6st-backup
template =
inline:#!/bin/sh -e
PATH={{git_location}}/bin:{{sqlite3_location}}/bin:$PATH
cd "$1" || {
rm -rf "$1.new"
git init --bare "$1.new"
rm "$1.new"/description "$1.new"/hooks/*
mv "$1.new" "$1"
cd "$1"
}
h=`sqlite3 "$2" .dump |git hash-object --stdin -w`
git update-index --add --cacheinfo 0644 "$h" registry.sql
git diff --cached --quiet || GIT_WORK_TREE=$PWD GIT_DIR=$PWD git \
-c gc.auto=100 -c gc.autoDetach=false commit --allow-empty-message -qm ''
[ ! "$3" ] || git push --mirror "$3"
context =
key git_location git:location
key sqlite3_location sqlite3:location
[download-base]
recipe = slapos.recipe.build:download
...
...
@@ -43,17 +79,15 @@ context =
key develop_eggs_directory buildout:develop-eggs-directory
key eggs_directory buildout:eggs-directory
key apache_location apache:location
key dash_location dash:location
key logrotate_location logrotate:location
key openssl_location openssl:location
key re6stnet_backup re6stnet-backup:rendered
key template_apache_conf template-apache-conf:target
key template_re6stnet template-re6stnet:target
key template_re6st_registry_conf template-re6st-registry-conf:target
key template_logrotate_base template-logrotate-base:rendered
key template_wrapper template-wrapper:target
key template_registry_run template-registry-run:target
key monitor2_template_rendered monitor2-template:rendered
raw python_with_eggs ${buildout:bin-directory}/${re6st
-eggs
:interpreter}
raw python_with_eggs ${buildout:bin-directory}/${re6st
net
:interpreter}
[template-re6stnet]
< = download-base
...
...
@@ -64,15 +98,5 @@ context =
[template-re6st-registry-conf]
< = download-base
[template-wrapper]
< = download-base
[template-registry-run]
< = download-base
[versions]
re6stnet = 0.551
# Required by:
# re6stnet==0.533
miniupnpc = 1.9
software/re6stnet/test/test.py
View file @
6f2caaa2
...
...
@@ -29,7 +29,6 @@ import os
import
requests
import
json
from
slapos.recipe.librecipe
import
generateHashFromFiles
from
slapos.testing.testcase
import
makeModuleSetUpAndTestCaseClass
setUpModule
,
Re6stnetTestCase
=
makeModuleSetUpAndTestCaseClass
(
...
...
@@ -57,35 +56,3 @@ class TestPortRedirection(Re6stnetTestCase):
'srcPort'
:
9201
,
'destPort'
:
9201
,
},
portredir_config
[
0
])
class
ServicesTestCase
(
Re6stnetTestCase
):
@
classmethod
def
getInstanceParameterDict
(
cls
):
return
{
'uri-scheme'
:
'https'
}
def
test_hashes
(
self
):
hash_files
=
[
'software_release/buildout.cfg'
,
]
expected_process_names
=
[
'httpd-{hash}-on-watch'
,
]
with
self
.
slap
.
instance_supervisor_rpc
as
supervisor
:
process_names
=
[
process
[
'name'
]
for
process
in
supervisor
.
getAllProcessInfo
()
]
hash_files
=
[
os
.
path
.
join
(
self
.
computer_partition_root_path
,
path
)
for
path
in
hash_files
]
for
name
in
expected_process_names
:
h
=
generateHashFromFiles
(
hash_files
)
expected_process_name
=
name
.
format
(
hash
=
h
)
self
.
assertIn
(
expected_process_name
,
process_names
)
software/re6stnet/wrapper.in
deleted
100644 → 0
View file @
b4823d48
#!{{ dash }}
{{ content }}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment