From aa102f28faae0856d01ff39c2db95129dfde13aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9rome=20Perrin?= <jerome@nexedi.com> Date: Fri, 21 Sep 2018 02:50:20 +0200 Subject: [PATCH] erp5testnode: use newer shellinabox, with a caddy frontend also use a real bash and not busybox --- software/erp5testnode/buildout.hash.cfg | 2 +- software/erp5testnode/instance-default.cfg | 110 +++++++++++++++------ software/erp5testnode/software.cfg | 5 +- 3 files changed, 85 insertions(+), 32 deletions(-) diff --git a/software/erp5testnode/buildout.hash.cfg b/software/erp5testnode/buildout.hash.cfg index e63dd94c7..fedee7de8 100644 --- a/software/erp5testnode/buildout.hash.cfg +++ b/software/erp5testnode/buildout.hash.cfg @@ -18,4 +18,4 @@ md5sum = 307663d73ef3ef94b02567ecd322252e [template-default] filename = instance-default.cfg -md5sum = 555700e5d216ff32a981f4066791bdab +md5sum = 6e263ceafff581031d9d7aa2e001c43e diff --git a/software/erp5testnode/instance-default.cfg b/software/erp5testnode/instance-default.cfg index 56d7ca89a..df7b47feb 100644 --- a/software/erp5testnode/instance-default.cfg +++ b/software/erp5testnode/instance-default.cfg @@ -9,8 +9,6 @@ extends = ${monitor2-template:rendered} parts = testnode - shell - shellinabox certificate-authority ca-shellinabox ca-httpd-testnode @@ -18,11 +16,12 @@ parts = monitor-publish testnode-frontend resiliency-exclude-file + shellinabox-frontend-reload + promises [monitor-publish] recipe = slapos.cookbook:publish -url = https://[$${shellinabox:ipv6}]:$${shellinabox:port}/ -password = $${pwgen:passwd} +url = $${shellinabox-frontend:url} frontend-url = $${testnode-frontend:connection-secure_access} [pwgen] @@ -73,34 +72,70 @@ apache-modules-dir = ${apache:location}/modules apache-mime-file = ${apache:location}/conf/mime.types apache-htpasswd = ${apache:location}/bin/htpasswd -[shell] -recipe = slapos.cookbook:shell -wrapper = $${rootdirectory:bin}/sh -shell = ${busybox:location}/bin/sh -home = $${buildout:directory} -ps1 = "\\w> " -path = - ${busybox:location}/bin/ - ${busybox:location}/usr/bin/ - ${git:location}/bin/ - ${python2.7:location}/bin/ - ${buildout:bin-directory}/ - ${busybox:location}/sbin/ - ${busybox:location}/usr/sbin/ + +[shell-environment] +shell = ${bash:location}/bin/bash [shellinabox] -recipe = slapos.cookbook:shellinabox +recipe = slapos.recipe.template:jinja2 +# We cannot use slapos.cookbook:wrapper here because this recipe escapes too much +socket = $${directory:run}/siab.sock +mode = 0700 +rendered = $${basedirectory:services}/shellinaboxd +template = inline: + #!/bin/sh + exec ${shellinabox-github:location}/bin/shellinaboxd \ + --disable-ssl \ + --disable-ssl-menu \ + --unixdomain-only=$${:socket}:$(id -u):$(id -g):0600 \ + --service "/:$(id -u):$(id -g):HOME:$${shell-environment:shell} -l" + +[shellinabox-frontend-config] +recipe = slapos.recipe.template:jinja2 +rendered = $${directory:etc}/$${:_buildout_section_name_} +template = inline: + https://$${:hostname}:$${:port} { + bind $${:ipv6} + tls $${:cert-file} $${:key-file} + gzip + log stdout + errors stderr + proxy / unix:$${shellinabox:socket} + basicauth $${:username} $${:passwd} { + realm "Test Node $${testnode:test-node-title}" + / + } + } ipv6 = $${slap-network-information:global-ipv6} +hostname = [$${:ipv6}] port = 8080 -shell = $${shell:wrapper} -wrapper = $${rootdirectory:bin}/shellinaboxd -shellinabox-binary = ${shellinabox:location}/bin/shellinaboxd -password-file = $${pwgen:storage-path} -directory = $${buildout:directory}/ -login-shell = $${rootdirectory:bin}/login -certificate-directory = $${directory:shellinabox} +username = testnode +passwd = $${pwgen:passwd} cert-file = $${directory:shellinabox}/public.crt key-file = $${directory:shellinabox}/private.key +url = https://$${:username}:$${:passwd}@$${:hostname}:$${:port} + + +[shellinabox-frontend] +recipe = slapos.cookbook:wrapper +wrapper-path = $${rootdirectory:bin}/$${:_buildout_section_name_} +command-line = + ${caddy:output} -conf $${shellinabox-frontend-config:rendered} -pidfile $${:pidfile} +url = $${shellinabox-frontend-config:url} +hostname = $${shellinabox-frontend-config:ipv6} +port = $${shellinabox-frontend-config:port} +pidfile = $${basedirectory:run}/$${:_buildout_section_name_}.pid + +[shellinabox-frontend-reload] +recipe = slapos.cookbook:wrapper +wrapper-path = $${basedirectory:services}/$${:_buildout_section_name_} +command-line = + ${bash:location}/bin/bash -c + "kill -s USR1 $$(${coreutils:location}/bin/cat $${shellinabox-frontend:pidfile}) \ + && ${coreutils:location}/bin/sleep infinity" +hash-files = + $${shellinabox-frontend-config:rendered} + $${shellinabox-frontend:wrapper-path} [certificate-authority] recipe = slapos.cookbook:certificate_authority @@ -124,10 +159,10 @@ crl = $${directory:ca-dir}/crl/ [ca-shellinabox] <= certificate-authority recipe = slapos.cookbook:certificate_authority.request -executable = $${shellinabox:wrapper} -wrapper = $${basedirectory:services}/shellinaboxd -key-file = $${shellinabox:key-file} -cert-file = $${shellinabox:cert-file} +executable = $${shellinabox-frontend:wrapper-path} +wrapper = $${basedirectory:services}/shellinabox-frontend +key-file = $${shellinabox-frontend-config:key-file} +cert-file = $${shellinabox-frontend-config:cert-file} [ca-httpd-testnode] <= certificate-authority @@ -181,6 +216,21 @@ config-https-only = true #software-type = custom-personal return = domain secure_access +[promises] +recipe = +instance-promises = + $${shellinabox-frontend-listen-promise:path} + +[check-port-listening-promise] +recipe = slapos.cookbook:check_port_listening +path = $${directory:promises}/$${:_buildout_section_name_} + +[shellinabox-frontend-listen-promise] +<= check-port-listening-promise +hostname= $${shellinabox-frontend:hostname} +port = $${shellinabox-frontend:port} + + [slap-parameter] node-quantity = 1 test-suite-master-url = diff --git a/software/erp5testnode/software.cfg b/software/erp5testnode/software.cfg index 5951243fc..d48b475cd 100644 --- a/software/erp5testnode/software.cfg +++ b/software/erp5testnode/software.cfg @@ -5,7 +5,9 @@ extends = ../../component/git/buildout.cfg ../../component/lxml-python/buildout.cfg ../../component/zip/buildout.cfg - ../../component/busybox/buildout.cfg + ../../component/bash/buildout.cfg + ../../component/caddy/buildout.cfg + ../../component/coreutils/buildout.cfg ../../component/shellinabox/buildout.cfg ../../component/pwgen/buildout.cfg ../../component/apache/buildout.cfg @@ -27,6 +29,7 @@ eggs = zc.buildout slapos.libnetworkcache slapos.core + slapos.recipe.template supervisor jsonschema hexagonit.recipe.download -- 2.30.9