From aa102f28faae0856d01ff39c2db95129dfde13aa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9rome=20Perrin?= <jerome@nexedi.com>
Date: Fri, 21 Sep 2018 02:50:20 +0200
Subject: [PATCH] erp5testnode: use newer shellinabox, with a caddy frontend

also use a real bash and not busybox
---
 software/erp5testnode/buildout.hash.cfg    |   2 +-
 software/erp5testnode/instance-default.cfg | 110 +++++++++++++++------
 software/erp5testnode/software.cfg         |   5 +-
 3 files changed, 85 insertions(+), 32 deletions(-)

diff --git a/software/erp5testnode/buildout.hash.cfg b/software/erp5testnode/buildout.hash.cfg
index e63dd94c7..fedee7de8 100644
--- a/software/erp5testnode/buildout.hash.cfg
+++ b/software/erp5testnode/buildout.hash.cfg
@@ -18,4 +18,4 @@ md5sum = 307663d73ef3ef94b02567ecd322252e
 
 [template-default]
 filename = instance-default.cfg
-md5sum = 555700e5d216ff32a981f4066791bdab
+md5sum = 6e263ceafff581031d9d7aa2e001c43e
diff --git a/software/erp5testnode/instance-default.cfg b/software/erp5testnode/instance-default.cfg
index 56d7ca89a..df7b47feb 100644
--- a/software/erp5testnode/instance-default.cfg
+++ b/software/erp5testnode/instance-default.cfg
@@ -9,8 +9,6 @@ extends = ${monitor2-template:rendered}
 
 parts =
   testnode
-  shell
-  shellinabox
   certificate-authority
   ca-shellinabox
   ca-httpd-testnode
@@ -18,11 +16,12 @@ parts =
   monitor-publish
   testnode-frontend
   resiliency-exclude-file
+  shellinabox-frontend-reload
+  promises
   
 [monitor-publish]
 recipe = slapos.cookbook:publish
-url = https://[$${shellinabox:ipv6}]:$${shellinabox:port}/
-password = $${pwgen:passwd}
+url = $${shellinabox-frontend:url}
 frontend-url = $${testnode-frontend:connection-secure_access}
 
 [pwgen]
@@ -73,34 +72,70 @@ apache-modules-dir = ${apache:location}/modules
 apache-mime-file = ${apache:location}/conf/mime.types
 apache-htpasswd = ${apache:location}/bin/htpasswd
 
-[shell]
-recipe = slapos.cookbook:shell
-wrapper = $${rootdirectory:bin}/sh
-shell = ${busybox:location}/bin/sh
-home = $${buildout:directory}
-ps1 = "\\w> "
-path =
-    ${busybox:location}/bin/
-    ${busybox:location}/usr/bin/
-    ${git:location}/bin/
-    ${python2.7:location}/bin/
-    ${buildout:bin-directory}/
-    ${busybox:location}/sbin/
-    ${busybox:location}/usr/sbin/
+
+[shell-environment]
+shell = ${bash:location}/bin/bash
 
 [shellinabox]
-recipe = slapos.cookbook:shellinabox
+recipe = slapos.recipe.template:jinja2
+# We cannot use slapos.cookbook:wrapper here because this recipe escapes too much
+socket = $${directory:run}/siab.sock
+mode = 0700
+rendered = $${basedirectory:services}/shellinaboxd
+template = inline:
+  #!/bin/sh
+  exec ${shellinabox-github:location}/bin/shellinaboxd \
+    --disable-ssl \
+    --disable-ssl-menu \
+    --unixdomain-only=$${:socket}:$(id -u):$(id -g):0600 \
+    --service "/:$(id -u):$(id -g):HOME:$${shell-environment:shell} -l"
+
+[shellinabox-frontend-config]
+recipe = slapos.recipe.template:jinja2
+rendered = $${directory:etc}/$${:_buildout_section_name_}
+template = inline:
+  https://$${:hostname}:$${:port} {
+    bind $${:ipv6}
+    tls $${:cert-file} $${:key-file}
+    gzip
+    log stdout
+    errors stderr
+    proxy / unix:$${shellinabox:socket}
+    basicauth $${:username} $${:passwd} {
+      realm "Test Node $${testnode:test-node-title}"
+      /
+    }
+  }
 ipv6 = $${slap-network-information:global-ipv6}
+hostname = [$${:ipv6}]
 port = 8080
-shell = $${shell:wrapper}
-wrapper = $${rootdirectory:bin}/shellinaboxd
-shellinabox-binary = ${shellinabox:location}/bin/shellinaboxd
-password-file = $${pwgen:storage-path}
-directory = $${buildout:directory}/
-login-shell = $${rootdirectory:bin}/login
-certificate-directory = $${directory:shellinabox}
+username = testnode
+passwd = $${pwgen:passwd}
 cert-file = $${directory:shellinabox}/public.crt
 key-file = $${directory:shellinabox}/private.key
+url = https://$${:username}:$${:passwd}@$${:hostname}:$${:port}
+
+
+[shellinabox-frontend]
+recipe = slapos.cookbook:wrapper
+wrapper-path = $${rootdirectory:bin}/$${:_buildout_section_name_}
+command-line =
+  ${caddy:output} -conf $${shellinabox-frontend-config:rendered} -pidfile $${:pidfile}
+url =  $${shellinabox-frontend-config:url}
+hostname = $${shellinabox-frontend-config:ipv6}
+port = $${shellinabox-frontend-config:port}
+pidfile = $${basedirectory:run}/$${:_buildout_section_name_}.pid
+
+[shellinabox-frontend-reload]
+recipe = slapos.cookbook:wrapper
+wrapper-path = $${basedirectory:services}/$${:_buildout_section_name_}
+command-line =
+  ${bash:location}/bin/bash -c 
+  "kill -s USR1 $$(${coreutils:location}/bin/cat $${shellinabox-frontend:pidfile}) \
+    && ${coreutils:location}/bin/sleep infinity"
+hash-files =
+  $${shellinabox-frontend-config:rendered}
+  $${shellinabox-frontend:wrapper-path}
 
 [certificate-authority]
 recipe = slapos.cookbook:certificate_authority
@@ -124,10 +159,10 @@ crl = $${directory:ca-dir}/crl/
 [ca-shellinabox]
 <= certificate-authority
 recipe = slapos.cookbook:certificate_authority.request
-executable = $${shellinabox:wrapper}
-wrapper = $${basedirectory:services}/shellinaboxd
-key-file = $${shellinabox:key-file}
-cert-file = $${shellinabox:cert-file}
+executable = $${shellinabox-frontend:wrapper-path}
+wrapper = $${basedirectory:services}/shellinabox-frontend
+key-file = $${shellinabox-frontend-config:key-file}
+cert-file = $${shellinabox-frontend-config:cert-file}
 
 [ca-httpd-testnode]
 <= certificate-authority
@@ -181,6 +216,21 @@ config-https-only = true
 #software-type = custom-personal
 return = domain secure_access
 
+[promises]
+recipe =
+instance-promises =
+  $${shellinabox-frontend-listen-promise:path}
+
+[check-port-listening-promise]
+recipe = slapos.cookbook:check_port_listening
+path = $${directory:promises}/$${:_buildout_section_name_}
+
+[shellinabox-frontend-listen-promise]
+<= check-port-listening-promise
+hostname= $${shellinabox-frontend:hostname}
+port = $${shellinabox-frontend:port}
+
+
 [slap-parameter]
 node-quantity = 1
 test-suite-master-url =
diff --git a/software/erp5testnode/software.cfg b/software/erp5testnode/software.cfg
index 5951243fc..d48b475cd 100644
--- a/software/erp5testnode/software.cfg
+++ b/software/erp5testnode/software.cfg
@@ -5,7 +5,9 @@ extends =
   ../../component/git/buildout.cfg
   ../../component/lxml-python/buildout.cfg
   ../../component/zip/buildout.cfg
-  ../../component/busybox/buildout.cfg
+  ../../component/bash/buildout.cfg
+  ../../component/caddy/buildout.cfg
+  ../../component/coreutils/buildout.cfg
   ../../component/shellinabox/buildout.cfg
   ../../component/pwgen/buildout.cfg
   ../../component/apache/buildout.cfg
@@ -27,6 +29,7 @@ eggs =
   zc.buildout
   slapos.libnetworkcache
   slapos.core
+  slapos.recipe.template
   supervisor
   jsonschema
   hexagonit.recipe.download
-- 
2.30.9