Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Nirina Malard
slapos
Commits
642bad45
Commit
642bad45
authored
Aug 17, 2023
by
Jérome Perrin
Browse files
Options
Browse Files
Download
Plain Diff
Merge remote-tracking branch 'upstream/master' into zope4py3
parents
24558646
568cdc71
Changes
7
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
60 additions
and
73 deletions
+60
-73
component/avahi/buildout.cfg
component/avahi/buildout.cfg
+3
-3
component/binutils/buildout.cfg
component/binutils/buildout.cfg
+2
-2
software/dufs/test/test.py
software/dufs/test/test.py
+2
-2
software/metabase/buildout.hash.cfg
software/metabase/buildout.hash.cfg
+1
-1
software/metabase/instance.cfg.in
software/metabase/instance.cfg.in
+47
-61
software/metabase/software.cfg
software/metabase/software.cfg
+3
-2
software/restic-rest-server/test/test.py
software/restic-rest-server/test/test.py
+2
-2
No files found.
component/avahi/buildout.cfg
View file @
642bad45
...
@@ -30,6 +30,6 @@ configure-options =
...
@@ -30,6 +30,6 @@ configure-options =
--with-systemdsystemunitdir=no
--with-systemdsystemunitdir=no
environment =
environment =
PATH=${pkgconfig:location}/bin:${glib:location}/bin:%(PATH)s
PATH=${pkgconfig:location}/bin:${glib:location}/bin:%(PATH)s
CFLAGS=-I${gdbm:location}/include
CFLAGS=-I${gdbm:location}/include
-I${libexpat:location}/include
LDFLAGS=-L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${glib:location}/lib -Wl,-rpath=${glib:location}/lib -L${gdbm:location}/lib -Wl,-rpath=${gdbm:location}/lib
LDFLAGS=-L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${glib:location}/lib -Wl,-rpath=${glib:location}/lib -L${gdbm:location}/lib -Wl,-rpath=${gdbm:location}/lib
-L${libexpat:location}/lib -Wl,-rpath=${libexpat:location}/lib
PKG_CONFIG_PATH=${glib:location}/lib/pkgconfig:${pcre:location}/lib/pkgconfig:${dbus:location}/lib/pkgconfig
PKG_CONFIG_PATH=${glib:location}/lib/pkgconfig:${pcre:location}/lib/pkgconfig:${dbus:location}/lib/pkgconfig
:${libexpat:location}/lib/pkgconfig
component/binutils/buildout.cfg
View file @
642bad45
...
@@ -42,8 +42,8 @@ environment =
...
@@ -42,8 +42,8 @@ environment =
[binutils]
[binutils]
recipe = slapos.recipe.cmmi
recipe = slapos.recipe.cmmi
shared = true
shared = true
url = http://ftp.gnu.org/gnu/binutils/binutils-2.
32
.tar.bz2
url = http://ftp.gnu.org/gnu/binutils/binutils-2.
41
.tar.bz2
md5sum =
64f8ea283e571200f8b2b7f66fe8a0d6
md5sum =
b572fd7ea427a8f5a3be58d50bd7ea7e
configure-options =
configure-options =
--disable-bootstrap
--disable-bootstrap
--with-mpc=${mpc:location}
--with-mpc=${mpc:location}
...
...
software/dufs/test/test.py
View file @
642bad45
...
@@ -131,14 +131,14 @@ class TestFileServer(SlapOSInstanceTestCase):
...
@@ -131,14 +131,14 @@ class TestFileServer(SlapOSInstanceTestCase):
return
cnx
.
sock
.
_sslobj
.
getpeercert
()
return
cnx
.
sock
.
_sslobj
.
getpeercert
()
cert_before
=
_getpeercert
()
cert_before
=
_getpeercert
()
# execute certificate updater
two month later,
when it's time to renew certificate.
# execute certificate updater when it's time to renew certificate.
# use a timeout, because this service runs forever
# use a timeout, because this service runs forever
subprocess
.
run
(
subprocess
.
run
(
(
(
'timeout'
,
'timeout'
,
'5'
,
'5'
,
'faketime'
,
'faketime'
,
'+
2 month
s'
,
'+
63 day
s'
,
os
.
path
.
join
(
os
.
path
.
join
(
self
.
computer_partition_root_path
,
self
.
computer_partition_root_path
,
'etc/service/dufs-certificate-updater'
),
'etc/service/dufs-certificate-updater'
),
...
...
software/metabase/buildout.hash.cfg
View file @
642bad45
[instance-profile]
[instance-profile]
filename = instance.cfg.in
filename = instance.cfg.in
md5sum =
685e7b371768f6977896d7214fd379f1
md5sum =
0d50ed911a41b76b952b63d37853c3a4
software/metabase/instance.cfg.in
View file @
642bad45
...
@@ -44,11 +44,7 @@ command-line = sh -c "cd $${directory:srv-metabase}; ${java:location}/bin/java $
...
@@ -44,11 +44,7 @@ command-line = sh -c "cd $${directory:srv-metabase}; ${java:location}/bin/java $
environment =
environment =
MB_EMOJI_IN_LOGS=false
MB_EMOJI_IN_LOGS=false
MB_JETTY_HOST=$${:ip}
MB_JETTY_HOST=$${:ip}
MB_JETTY_PORT=$${:-http-port}
MB_JETTY_PORT=$${:port}
MB_JETTY_SSL_PORT=$${:port}
MB_JETTY_SSL=true
MB_JETTY_SSL_KEYSTORE=$${metabase-keystore:file}
MB_JETTY_SSL_KEYSTORE_PASSWORD=$${metabase-keystore:password}
MB_DB_TYPE=postgres
MB_DB_TYPE=postgres
MB_DB_DBNAME=$${postgresql:dbname}
MB_DB_DBNAME=$${postgresql:dbname}
MB_DB_PORT=$${postgresql:port}
MB_DB_PORT=$${postgresql:port}
...
@@ -62,68 +58,57 @@ environment =
...
@@ -62,68 +58,57 @@ environment =
hash-existing-files =
hash-existing-files =
$${buildout:directory}/software_release/buildout.cfg
$${buildout:directory}/software_release/buildout.cfg
ip = $${instance-parameter:ipv6-random}
ip = $${instance-parameter:ipv4-random}
port = 8443
port = 18080
# XXX It does not seem we can prevent metabase to also listen on http, so we
# give it an http port, but don't use it.
-http-port = 18080
hostname = [$${:ip}]
scheme = https
url = $${:scheme}://$${:hostname}:$${:port}
promises =
promises =
$${metabase-promise:name}
$${metabase-promise:name}
[metabase-promise]
[metabase-frontend-certificate]
<= monitor-promise-base
promise = check_url_available
name = $${:_buildout_section_name_}.py
config-url= $${metabase-instance:url}/api/session/properties
[metabase-keystore-password]
recipe = slapos.cookbook:generate.password
[metabase-keystore]
recipe = plone.recipe.command
recipe = plone.recipe.command
stop-on-error = true
command =
command =
if [
-f $${:
file} ]
if [
! -e $${:cert-
file} ]
then
then
# XXX password used to be "insecure", but we changed to proper password.
${openssl-output:openssl} req -x509 -nodes -days 3650 \
# We try to list the store with the new password and if it fail we change
-subj "/C=AA/ST=X/L=X/O=Dis/CN=$${:common-name}" \
# the keystore password.
-newkey rsa -keyout $${:cert-file} \
if ! ${java:location}/bin/keytool \
-out $${:cert-file}
-list \
-keystore "$${:file}" \
-storepass "$${:password}"
then
echo "Migrating keystore password" && \
${java:location}/bin/keytool \
-storepasswd \
-keystore "$${:file}" \
-storepass insecure \
-new "$${:password}" && \
echo "Migrating certificate key password" && \
${java:location}/bin/keytool \
-keypasswd \
-alias "$${:alias}" \
-keypass insecure \
-new "$${:password}" \
-keystore "$${:file}" \
-storepass "$${:password}"
fi
else
${java:location}/bin/keytool \
-genkeypair \
-alias "$${:alias}" \
-keyalg RSA \
-keypass "$${:password}" \
-dname "CN=$${metabase-instance:ip},OU=Unit,O=Organization,L=City,S=State,C=Country" \
-keystore "$${:file}" \
-storepass "$${:password}"
fi
fi
file = $${directory:etc}/.metabase_keystore
update-command = $${:command}
password = $${metabase-keystore-password:passwd}
cert-file = $${directory:var}/$${:_buildout_section_name_}.pem
alias = metabase
common-name = $${metabase-frontend-config:ip}
location =
$${:cert-file}
[metabase-frontend-config]
recipe = slapos.recipe.template:jinja2
url = ${stack-haproxy-default-backend-config:target}
output = $${directory:etc}/$${:_buildout_section_name_}
context =
key pidfile :pidfile
key content :content
content =
listen app
log global
bind $${:ip}:$${:port} ssl crt $${metabase-frontend-certificate:cert-file} alpn h2,http/1.1
server app $${metabase-instance:ip}:$${metabase-instance:port}
pidfile = $${directory:run}/$${:_buildout_section_name_}.pid
ip = $${instance-parameter:ipv6-random}
port = 8443
[metabase-frontend]
recipe = slapos.cookbook:wrapper
wrapper-path = $${directory:services}/$${:_buildout_section_name_}
command-line =
${haproxy:location}/sbin/haproxy -f $${metabase-frontend-config:output}
url = https://[$${metabase-frontend-config:ip}]:$${metabase-frontend-config:port}
[metabase-promise]
<= monitor-promise-base
promise = check_url_available
name = $${:_buildout_section_name_}.py
config-url= $${metabase-frontend:url}/api/session/properties
[postgresql-password]
[postgresql-password]
recipe = slapos.cookbook:generate.password
recipe = slapos.cookbook:generate.password
...
@@ -247,6 +232,7 @@ var-cron-entries = $${:var}/cron-entries
...
@@ -247,6 +232,7 @@ var-cron-entries = $${:var}/cron-entries
srv = $${buildout:directory}/srv
srv = $${buildout:directory}/srv
bin = $${buildout:directory}/bin
bin = $${buildout:directory}/bin
tmp = $${buildout:directory}/tmp
tmp = $${buildout:directory}/tmp
run = $${buildout:directory}/run
service = $${:etc}/service
service = $${:etc}/service
srv-metabase = $${:srv}/metabase
srv-metabase = $${:srv}/metabase
srv-backup = $${:srv}/backup
srv-backup = $${:srv}/backup
...
@@ -254,6 +240,6 @@ fontconfig-cache = $${buildout:directory}/.fontconfig
...
@@ -254,6 +240,6 @@ fontconfig-cache = $${buildout:directory}/.fontconfig
[publish-connection-parameter]
[publish-connection-parameter]
recipe = slapos.cookbook:publish
recipe = slapos.cookbook:publish
url = $${metabase-
instance
:url}
url = $${metabase-
frontend
:url}
backup-crontab = $${postgresql-backup-crontab-entry:name}
backup-crontab = $${postgresql-backup-crontab-entry:name}
restore-backup-script = $${postgresql-restore-backup:wrapper-path}
restore-backup-script = $${postgresql-restore-backup:wrapper-path}
software/metabase/software.cfg
View file @
642bad45
...
@@ -6,6 +6,7 @@ extends =
...
@@ -6,6 +6,7 @@ extends =
../../component/java/buildout.cfg
../../component/java/buildout.cfg
../../component/postgresql/buildout.cfg
../../component/postgresql/buildout.cfg
../../component/dcron/buildout.cfg
../../component/dcron/buildout.cfg
../../stack/haproxy/default-backend.cfg
../../stack/slapos.cfg
../../stack/slapos.cfg
buildout.hash.cfg
buildout.hash.cfg
../../stack/monitor/buildout.cfg
../../stack/monitor/buildout.cfg
...
@@ -19,8 +20,8 @@ parts =
...
@@ -19,8 +20,8 @@ parts =
[metabase.jar]
[metabase.jar]
recipe = slapos.recipe.build:download
recipe = slapos.recipe.build:download
url = https://downloads.metabase.com/v0.4
5.2
/metabase.jar
url = https://downloads.metabase.com/v0.4
7.0
/metabase.jar
md5sum =
cca1f4d663ebfa60b3a6d93705b340a0
md5sum =
b81c71668a2177d89690730fabd85d9e
[instance-profile]
[instance-profile]
recipe = slapos.recipe.template
recipe = slapos.recipe.template
...
...
software/restic-rest-server/test/test.py
View file @
642bad45
...
@@ -158,14 +158,14 @@ class TestResticRestServer(SlapOSInstanceTestCase):
...
@@ -158,14 +158,14 @@ class TestResticRestServer(SlapOSInstanceTestCase):
return
cnx
.
sock
.
_sslobj
.
getpeercert
()
return
cnx
.
sock
.
_sslobj
.
getpeercert
()
cert_before
=
_getpeercert
()
cert_before
=
_getpeercert
()
# execute certificate updater
two month later,
when it's time to renew certificate.
# execute certificate updater when it's time to renew certificate.
# use a timeout, because this service runs forever
# use a timeout, because this service runs forever
subprocess
.
run
(
subprocess
.
run
(
(
(
'timeout'
,
'timeout'
,
'5'
,
'5'
,
'faketime'
,
'faketime'
,
'+
2 month
s'
,
'+
63 day
s'
,
os
.
path
.
join
(
os
.
path
.
join
(
self
.
computer_partition_root_path
,
self
.
computer_partition_root_path
,
'etc/service/rest-server-certificate-updater'
),
'etc/service/rest-server-certificate-updater'
),
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment