software/turnserver: switch-softwaretype

listening-ip parameter is now mandatory

software/turnserver/buildout.hash.cfg

@@ -15,12 +15,12 @@
 
 [instance-cfg]
 filename = instance.cfg.in
-md5sum = 776c7de2054f78ba79382c22d85018be
+md5sum = b43d5e8d1fc2d0eeb54f91cefe6a5bae
 
 [template-turnserver]
 filename = instance-turnserver.cfg.jinja2.in
-md5sum = 480f69e2f21a24f52bb2eb80bfb3f8ea
+md5sum = 7af3318d7249e9afe22436d9fe200159
 
 [template-insecure-turnserver]
 filename = instance-insecure-turnserver.cfg.jinja2.in
-md5sum = 99c38cd20846eb3153d0392e6b81062c
+md5sum = 3db65c3a16eb76ab438ac3817d1a5fea

software/turnserver/instance-insecure-turnserver.cfg.jinja2.in

 {% set part_list = [] -%}
-{% set server_name = slapparameter_dict.get('server-name', 'turn.example.com') -%}
+{%- set parameter = dict(default_parameter_dict, **slapparameter_dict) %}
+{%- set server_name = parameter['server-name'] %}
 
 [directory]
 recipe = slapos.cookbook:mkdirectory
@@ -17,9 +18,11 @@ plugins = ${:etc}/plugin
 recipe = slapos.cookbook:generate.password
 bytes = 8
 
-{% set turn_port = slapparameter_dict.get('port', 3478) -%}
-{% set turn_tls_port = slapparameter_dict.get('tls-port', 5349) -%}
-{% set listining_ip = slapparameter_dict.get('listening-ip', (ipv4 | list)[0]) -%}
+{% set turn_port = parameter['port'] -%}
+{% set turn_tls_port = parameter['tls-port'] -%}
+# listening-ip parameter is mandatory
+{% set listening_ip = slapparameter_dict['listening-ip'] -%}
+
 [turnserver-config]
 recipe = collective.recipe.template
 user = nxdturn
@@ -27,11 +30,11 @@ input = inline:
   listening-port={{ turn_port }}
   lt-cred-mech
   realm={{ server_name }}
-{% if slapparameter_dict.get('external-ip', '') %}
-  external-ip={{ slapparameter_dict['external-ip'] }}
+{% if parameter['external-ip'] %}
+  external-ip={{ parameter['external-ip'] }}
 {% endif %}
   fingerprint
-  listening-ip={{ listining_ip }}
+  listening-ip={{ listening_ip }}
   server-name={{ server_name }}
   no-stdout-log
   simple-log
@@ -56,7 +59,7 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
 <= monitor-promise-base
 module = check_socket_listening
 name = turnserver-port-listening.py
-config-host = {{ listining_ip }}
+config-host = {{ listening_ip }}
 config-port = {{ turn_port }}
 
 [publish-connection-information]

software/turnserver/instance-turnserver.cfg.jinja2.in

-{% set part_list = [] -%}
-{% set server_name = slapparameter_dict.get('server-name', 'turn.example.com') -%}
+{%- set part_list = [] -%}
+{%- set parameter = dict(default_parameter_dict, **slapparameter_dict) %}
+{%- set server_name = parameter['server-name'] %}
 
 [directory]
 recipe = slapos.cookbook:mkdirectory
@@ -31,9 +32,9 @@ mode = {{ mode }}
 {% do part_list.append(section_name) -%}
 {%- endmacro %}
 
-{% if slapparameter_dict.get('ssl-key') and slapparameter_dict.get('ssl-crt') -%}
-{{ simplefile('ssl-certificate', '${turnserver-ssl:certificate}', slapparameter_dict.get('ssl-crt')) }}
-{{ simplefile('ssl-key', '${turnserver-ssl:key}', slapparameter_dict.get('ssl-key'), 600) }}
+{% if parameter['ssl-key'] and parameter['ssl-crt'] -%}
+{{ simplefile('ssl-certificate', '${turnserver-ssl:certificate}', parameter['ssl-crt']) }}
+{{ simplefile('ssl-key', '${turnserver-ssl:key}', parameter['ssl-key'], 600) }}
 {% else -%}
 {%  do part_list.append('gen-certificate') -%}
 [gen-certificate]
@@ -57,9 +58,9 @@ secret-file = ${directory:etc}/.turnsecret
 command =
   if [ ! -s "${:secret-file}" ]; then
     cat <<EOF > ${:secret-file}
-    [turnserver]
-    secret = $("{{ parameter_dict['openssl'] }}/bin/openssl" rand -hex 32)
-    EOF
+  [turnserver]
+  secret = $("{{ parameter_dict['openssl'] }}/bin/openssl" rand -hex 32)
+  EOF
   fi
   chmod 600 ${:secret-file}
 
@@ -68,9 +69,11 @@ recipe = slapos.cookbook:zero-knowledge.read
 file-path = ${gen-secret:secret-file}
 secret =
 
-{% set turn_port = slapparameter_dict.get('port', 3478) -%}
-{% set turn_tls_port = slapparameter_dict.get('tls-port', 5349) -%}
-{% set listining_ip = slapparameter_dict.get('listening-ip', (ipv4 | list)[0]) -%}
+{% set turn_port = parameter['port'] -%}
+{% set turn_tls_port = parameter['tls-port'] -%}
+# listening-ip parameter is mandatory
+{% set listening_ip = slapparameter_dict['listening-ip'] -%}
+
 [turnserver-config]
 recipe = collective.recipe.template
 input = inline:
@@ -80,9 +83,9 @@ input = inline:
   lt-cred-mech
   use-auth-secret
   static-auth-secret=${read-secret:secret}
-  listening-ip={{ listining_ip }}
-{% if slapparameter_dict.get('external-ip', '') %}
-  external-ip={{ slapparameter_dict['external-ip'] }}
+  listening-ip={{ listening_ip }}
+{% if parameter['external-ip'] %}
+  external-ip={{ parameter['external-ip'] }}
 {% endif %}
   server-name={{ server_name }}
   realm={{ server_name }}
@@ -122,14 +125,14 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
 <= monitor-promise-base
 module = check_socket_listening
 name = turnserver-port-listening.py
-config-host = {{ listining_ip }}
+config-host = {{ listening_ip }}
 config-port = {{ turn_port }}
 
 [promise-check-turnserver-tls-port]
 <= monitor-promise-base
 module = check_socket_listening
 name = turnserver-tls-port-listening.py
-config-host = {{ listining_ip }}
+config-host = {{ listening_ip }}
 config-port = {{ turn_tls_port }}
 
 [publish-connection-information]

software/turnserver/instance.cfg.in

@@ -6,12 +6,11 @@ eggs-directory = ${buildout:eggs-directory}
 develop-eggs-directory = ${buildout:develop-eggs-directory}
 offline = true
 
-
 [switch-softwaretype]
-recipe = slapos.cookbook:softwaretype
-default  = $${dynamic-template-turnserver:rendered}
-insecure  = $${dynamic-template-insecure-turnserver:rendered}
+recipe = slapos.cookbook:switch-softwaretype
 RootSoftwareInstance = $${:default}
+default  = dynamic-template-turnserver:rendered
+insecure  = dynamic-template-insecure-turnserver:rendered
 
 [slap-configuration]
 recipe = slapos.cookbook:slapconfiguration.serialised
@@ -38,13 +37,23 @@ context =
   raw template_monitor ${monitor2-template:rendered}
   raw logrotate_cfg ${template-logrotate-base:rendered}
   $${:extra-context}
-
+  jsonkey default_parameter_dict :default-parameters
+default-parameters =
+  {
+    "server-name" : "turn.example.com",
+    "ssl-key": "",
+    "ssl-crt": "",
+    "port": "3478",
+    "tls-port": "5349",
+    "external-ip": ""
+# listening-ip parameter is mandatory
+#"listening-ip": null,
+  }
 
 [dynamic-template-turnserver-parameters]
 openssl = ${openssl:location}
 turnserver-location = ${coturn:location}
 
-
 [dynamic-template-turnserver]
 <= jinja2-template-base
 template = ${template-turnserver:location}/${template-turnserver:filename}

software/turnserver/test/test.py

@@ -60,6 +60,12 @@ class TurnServerTestCase(InstanceTestCase):
 
 class TestServices(TurnServerTestCase):
 
+  @classmethod
+  def getInstanceParameterDict(cls):
+    return {
+      'listening-ip': cls._ipv4_address
+    }
+
   def test_process_list(self):
     hash_list = [
       'software_release/buildout.cfg',
@@ -138,7 +144,7 @@ class TestParameters(TurnServerTestCase):
       'port': 3488,
       'tls-port': 5369,
       'external-ip': '127.0.0.1',
-      'listening-ip': '127.0.0.1'
+      'listening-ip': cls._ipv4_address
     }
 
   def test_turnserver_with_parameters(self):
@@ -180,7 +186,7 @@ userdb=%(instance_path)s/srv/turndb
 pidfile=%(instance_path)s/var/run/turnserver.pid
 verbose""" % {'instance_path': self.partition_path,
               'secret': secret,
-              'ipv4': '127.0.0.1',
+              'ipv4': self._ipv4_address,
               'name': 'turn.site.com',
               'external_ip': '127.0.0.1',
               'port': 3488,
@@ -193,6 +199,12 @@ verbose""" % {'instance_path': self.partition_path,
 
 class TestInsecureServices(TurnServerTestCase):
 
+  @classmethod
+  def getInstanceParameterDict(cls):
+    return {
+      'listening-ip': cls._ipv4_address
+    }
+
   @classmethod
   def getInstanceSoftwareType(cls):
     return 'insecure'