Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Titouan Soulard
slapos
Commits
1d57188a
Commit
1d57188a
authored
Dec 02, 2020
by
Thomas Gambier
🚴🏼
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
software/turnserver: add insecure configuration
parent
b8feb1de
Changes
6
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
167 additions
and
2 deletions
+167
-2
software/turnserver/buildout.hash.cfg
software/turnserver/buildout.hash.cfg
+6
-2
software/turnserver/instance-insecure-turnserver.cfg.jinja2.in
...are/turnserver/instance-insecure-turnserver.cfg.jinja2.in
+91
-0
software/turnserver/instance-turnserver.cfg.jinja2.in
software/turnserver/instance-turnserver.cfg.jinja2.in
+1
-0
software/turnserver/instance.cfg.in
software/turnserver/instance.cfg.in
+8
-0
software/turnserver/software.cfg
software/turnserver/software.cfg
+3
-0
software/turnserver/test/test.py
software/turnserver/test/test.py
+58
-0
No files found.
software/turnserver/buildout.hash.cfg
View file @
1d57188a
...
...
@@ -15,8 +15,12 @@
[instance-cfg]
filename = instance.cfg.in
md5sum =
d027a2dccaf15ae6e7d3a28cc02d70c3
md5sum =
776c7de2054f78ba79382c22d85018be
[template-turnserver]
filename = instance-turnserver.cfg.jinja2.in
md5sum = 539417d669c15b853ac8525f8d5cbc44
md5sum = df8768f165036dbe0435bd1678b9deb3
[template-insecure-turnserver]
filename = instance-insecure-turnserver.cfg.jinja2.in
md5sum = 0e0807eef75a1ee6f9aef3a6a566a729
software/turnserver/instance-insecure-turnserver.cfg.jinja2.in
0 → 100644
View file @
1d57188a
{% set part_list = [] -%}
{% set server_name = slapparameter_dict.get('server-name', 'turn.example.com') -%}
[directory]
recipe = slapos.cookbook:mkdirectory
etc = ${buildout:directory}/etc
bin = ${buildout:directory}/bin
srv = ${buildout:directory}/srv
var = ${buildout:directory}/var
run = ${:var}/run
log = ${:var}/log
scripts = ${:etc}/run
services = ${:etc}/service
plugins = ${:etc}/plugin
[turnserver-password]
recipe = slapos.cookbook:generate.password
bytes = 8
{% set turn_port = slapparameter_dict.get('port', 3478) -%}
{% set turn_tls_port = slapparameter_dict.get('tls-port', 5349) -%}
{% set listining_ip = slapparameter_dict.get('listening-ip', (ipv4 | list)[0]) -%}
[turnserver-config]
recipe = collective.recipe.template
user = nxdturn
input = inline:
listening-port={{ turn_port }}
lt-cred-mech
realm={{ server_name }}
{% if slapparameter_dict.get('external-ip', '') %}
external-ip={{ slapparameter_dict['external-ip'] }}
{% endif %}
fingerprint
listening-ip={{ listining_ip }}
server-name={{ server_name }}
no-stdout-log
simple-log
log-file=${directory:log}/turnserver.log
pidfile=${directory:run}/turnserver.pid
verbose
user=${:user}:${turnserver-password:passwd}
output = ${directory:etc}/turnserver.conf
mode = 644
[turnserver-wrapper]
recipe = slapos.cookbook:wrapper
# XXX on first invocation of read-secret, the secret file is not yet generated
# so on first buildout run turnserver-config has an empty secret.
# We don't want to start the server when config file is not complete.
command-line =
{{ parameter_dict['turnserver-location'] }}/bin/turnserver -c ${turnserver-config:output}
wrapper-path = ${directory:services}/turnserver
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
[promise-check-turnserver-port]
<= monitor-promise-base
module = check_port_listening
name = turnserver-port-listening.py
config-hostname = {{ listining_ip }}
config-port = {{ turn_port }}
[promise-check-turnserver-tls-port]
<= monitor-promise-base
module = check_port_listening
name = turnserver-tls-port-listening.py
config-hostname = {{ listining_ip }}
config-port = {{ turn_tls_port }}
[publish-connection-information]
<= monitor-publish
recipe = slapos.cookbook:publish
turn-url = {{ server_name ~ ':' ~ turn_port }}
user = ${turnserver-config:user}
password = ${turnserver-password:passwd}
[buildout]
extends = {{ template_monitor }}
parts =
publish-connection-information
# Complete parts with sections
{{ part_list | join('\n ') }}
# turn server
turnserver-wrapper
promise-check-turnserver-tls-port
promise-check-turnserver-port
eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}
offline = true
software/turnserver/instance-turnserver.cfg.jinja2.in
View file @
1d57188a
...
...
@@ -99,6 +99,7 @@ input = inline:
no-tlsv1
no-tlsv1_1
no-stdout-log
simple-log
log-file=${directory:log}/turnserver.log
userdb=${directory:srv}/turndb
pidfile=${directory:run}/turnserver.pid
...
...
software/turnserver/instance.cfg.in
View file @
1d57188a
...
...
@@ -10,6 +10,7 @@ offline = true
[switch-softwaretype]
recipe = slapos.cookbook:softwaretype
default = $${dynamic-template-turnserver:rendered}
insecure = $${dynamic-template-insecure-turnserver:rendered}
RootSoftwareInstance = $${:default}
[slap-configuration]
...
...
@@ -50,3 +51,10 @@ template = ${template-turnserver:location}/${template-turnserver:filename}
filename = instance-turnserver.cfg
extra-context =
section parameter_dict dynamic-template-turnserver-parameters
[dynamic-template-insecure-turnserver]
<= jinja2-template-base
template = ${template-insecure-turnserver:location}/${template-insecure-turnserver:filename}
filename = instance-insecure-turnserver.cfg
extra-context =
section parameter_dict dynamic-template-turnserver-parameters
software/turnserver/software.cfg
View file @
1d57188a
...
...
@@ -28,5 +28,8 @@ output = ${buildout:directory}/instance.cfg
[template-turnserver]
<= download-base
[template-insecure-turnserver]
<= download-base
[versions]
slapos.recipe.template = 4.4
software/turnserver/test/test.py
View file @
1d57188a
...
...
@@ -188,3 +188,61 @@ verbose""" % {'instance_path': self.partition_path,
current_config
=
f
.
read
().
strip
()
self
.
assertEqual
(
current_config
.
splitlines
(),
expected_config
.
splitlines
())
class
TestInsecureServices
(
TurnServerTestCase
):
@
classmethod
def
getInstanceSoftwareType
(
cls
):
return
'insecure'
def
test_process_list
(
self
):
hash_list
=
[
'software_release/buildout.cfg'
,
]
expected_process_names
=
[
'bootstrap-monitor'
,
'turnserver-{hash}-on-watch'
,
'certificate_authority-{hash}-on-watch'
,
'crond-{hash}-on-watch'
,
'monitor-httpd-{hash}-on-watch'
,
'monitor-httpd-graceful'
,
]
with
self
.
slap
.
instance_supervisor_rpc
as
supervisor
:
process_name_list
=
[
process
[
'name'
]
for
process
in
supervisor
.
getAllProcessInfo
()]
hash_file_list
=
[
os
.
path
.
join
(
self
.
computer_partition_root_path
,
path
)
for
path
in
hash_list
]
for
name
in
expected_process_names
:
h
=
generateHashFromFiles
(
hash_file_list
)
expected_process_name
=
name
.
format
(
hash
=
h
)
self
.
assertIn
(
expected_process_name
,
process_name_list
)
def
test_default_deployment
(
self
):
self
.
assertTrue
(
os
.
path
.
exists
(
self
.
partition_path
))
connection_parameter_dict
=
self
.
computer_partition
\
.
getConnectionParameterDict
()
password
=
connection_parameter_dict
[
'password'
]
expected_config
=
"""listening-port=3478
lt-cred-mech
realm=turn.example.com
fingerprint
listening-ip=%(ipv4)s
server-name=turn.example.com
no-stdout-log
simple-log
log-file=%(instance_path)s/var/log/turnserver.log
pidfile=%(instance_path)s/var/run/turnserver.pid
verbose
user=nxdturn:%(password)"""
%
{
'instance_path'
:
self
.
partition_path
,
'password'
:
password
,
'ipv4'
:
self
.
_ipv4_address
}
with
open
(
os
.
path
.
join
(
self
.
partition_path
,
'etc/turnserver.conf'
))
as
f
:
current_config
=
f
.
read
().
strip
()
self
.
assertEqual
(
current_config
.
splitlines
(),
expected_config
.
splitlines
())
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment