Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Ivan Tyagov
slapos
Commits
2a733418
Commit
2a733418
authored
Aug 22, 2016
by
Nicolas Wavrant
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
slaprunner: replaces dropbear by openssh
parent
ee019ae4
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
68 additions
and
63 deletions
+68
-63
software/slaprunner/common.cfg
software/slaprunner/common.cfg
+5
-5
software/slaprunner/instance-resilient.cfg.jinja2
software/slaprunner/instance-resilient.cfg.jinja2
+0
-1
software/slaprunner/instance-runner-export.cfg.in
software/slaprunner/instance-runner-export.cfg.in
+4
-3
software/slaprunner/instance-runner-import.cfg.in
software/slaprunner/instance-runner-import.cfg.in
+7
-5
software/slaprunner/instance-runner.cfg
software/slaprunner/instance-runner.cfg
+52
-49
No files found.
software/slaprunner/common.cfg
View file @
2a733418
...
@@ -5,13 +5,13 @@ extends =
...
@@ -5,13 +5,13 @@ extends =
../../component/curl/buildout.cfg
../../component/curl/buildout.cfg
../../component/dash/buildout.cfg
../../component/dash/buildout.cfg
../../component/dcron/buildout.cfg
../../component/dcron/buildout.cfg
../../component/dropbear/buildout.cfg
../../component/git/buildout.cfg
../../component/git/buildout.cfg
../../component/tig/buildout.cfg
../../component/tig/buildout.cfg
../../component/logrotate/buildout.cfg
../../component/logrotate/buildout.cfg
../../component/lxml-python/buildout.cfg
../../component/lxml-python/buildout.cfg
../../component/nano/buildout.cfg
../../component/nano/buildout.cfg
../../component/nginx/buildout.cfg
../../component/nginx/buildout.cfg
../../component/openssh/buildout.cfg
../../component/rsync/buildout.cfg
../../component/rsync/buildout.cfg
../../component/python-2.7/buildout.cfg
../../component/python-2.7/buildout.cfg
../../component/screen/buildout.cfg
../../component/screen/buildout.cfg
...
@@ -54,7 +54,7 @@ mode = 0644
...
@@ -54,7 +54,7 @@ mode = 0644
recipe = slapos.recipe.template
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-runner.cfg
url = ${:_profile_base_location_}/instance-runner.cfg
output = ${buildout:directory}/template-runner.cfg.in
output = ${buildout:directory}/template-runner.cfg.in
md5sum = c98c81336cb8c91376737e20bad6636a
#md5sum = dcf366fb8a16fa380bb58634b3b0e0cc
mode = 0644
mode = 0644
[template-runner-import-script]
[template-runner-import-script]
...
@@ -70,7 +70,7 @@ mode = 0644
...
@@ -70,7 +70,7 @@ mode = 0644
recipe = slapos.recipe.template
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-runner-import.cfg.in
url = ${:_profile_base_location_}/instance-runner-import.cfg.in
output = ${buildout:directory}/instance-runner-import.cfg
output = ${buildout:directory}/instance-runner-import.cfg
md5sum =
8dc4898bd7c3071b8969e6305da8d643
md5sum =
22d958bd271a378b84f04e36010ee689
mode = 0644
mode = 0644
[template-runner-export-script]
[template-runner-export-script]
...
@@ -86,13 +86,13 @@ mode = 0644
...
@@ -86,13 +86,13 @@ mode = 0644
recipe = slapos.recipe.template
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-runner-export.cfg.in
url = ${:_profile_base_location_}/instance-runner-export.cfg.in
output = ${buildout:directory}/instance-runner-export.cfg
output = ${buildout:directory}/instance-runner-export.cfg
md5sum =
b01ad6fef55fab5405d5cf212832e52f
md5sum =
38a2b6e9ebb65457c1f477455b205328
mode = 0644
mode = 0644
[template-resilient]
[template-resilient]
recipe = slapos.recipe.build:download
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/instance-resilient.cfg.jinja2
url = ${:_profile_base_location_}/instance-resilient.cfg.jinja2
md5sum =
56ea5ab49eca534acd22b2028529b7d9
md5sum =
a902b84ac7d1e29a7fdb06cbc7dec150
filename = instance-resilient.cfg.jinja2
filename = instance-resilient.cfg.jinja2
mode = 0644
mode = 0644
...
...
software/slaprunner/instance-resilient.cfg.jinja2
View file @
2a733418
...
@@ -15,7 +15,6 @@
...
@@ -15,7 +15,6 @@
{% set slaprunner_return = ['init-user', 'init-password', 'url', 'ssh-public-key', 'ssh-url', 'notification-id', 'ip', 'backend-url', 'url', 'ssh-command', 'webdav-url', 'public-url', 'git-public-url', 'git-private-url'] -%}
{% set slaprunner_return = ['init-user', 'init-password', 'url', 'ssh-public-key', 'ssh-url', 'notification-id', 'ip', 'backend-url', 'url', 'ssh-command', 'webdav-url', 'public-url', 'git-public-url', 'git-private-url'] -%}
{% set monitor_return = ['monitor-base-url', 'monitor-url', 'monitor-user', 'monitor-password'] -%}
{% set monitor_return = ['monitor-base-url', 'monitor-url', 'monitor-user', 'monitor-password'] -%}
{% set monitor_parameter = {'monitor-cors-domains': slapparameter_dict.pop('monitor-cors-domains', "monitor.app.officejs.com")} -%}
{% set monitor_parameter = {'monitor-cors-domains': slapparameter_dict.pop('monitor-cors-domains', "monitor.app.officejs.com")} -%}
{% do monitor_parameter.update({'runner-importer-sshd-port': slapparameter_dict.pop('runner-importer-sshd-port')}) -%}
{% set monitor_dict = {'parameter': monitor_parameter, 'return': monitor_return, 'set-monitor-url': True} -%}
{% set monitor_dict = {'parameter': monitor_parameter, 'return': monitor_return, 'set-monitor-url': True} -%}
{% set monitor_interface_url = slapparameter_dict.pop('monitor-interface-url', 'https://monitor.app.officejs.com') -%}
{% set monitor_interface_url = slapparameter_dict.pop('monitor-interface-url', 'https://monitor.app.officejs.com') -%}
...
...
software/slaprunner/instance-runner-export.cfg.in
View file @
2a733418
...
@@ -9,14 +9,14 @@ parts +=
...
@@ -9,14 +9,14 @@ parts +=
ca-nginx
ca-nginx
gunicorn-launcher
gunicorn-launcher
gunicorn-graceful
gunicorn-graceful
sshkeys-dropbear-runner
dropbear-server-add-authorized-key
sshkeys-authority
sshkeys-authority
publish-connection-information
publish-connection-information
slaprunner-promise
slaprunner-promise
apache-httpd-promise
apache-httpd-promise
slaprunner-supervisord-wrapper
slaprunner-supervisord-wrapper
dropbear-promise
runner-sshd-add-authorized-key
runner-sshd-graceful
runner-sshd-promise
runtestsuite
runtestsuite
symlinks
symlinks
shellinabox
shellinabox
...
@@ -30,6 +30,7 @@ parts +=
...
@@ -30,6 +30,7 @@ parts +=
supervisord-wrapper
supervisord-wrapper
supervisord-promise
supervisord-promise
httpd-graceful-wrapper
httpd-graceful-wrapper
runner-sshd
## Monitoring part
## Monitoring part
## Monitor for runner
## Monitor for runner
monitor-base
monitor-base
...
...
software/slaprunner/instance-runner-import.cfg.in
View file @
2a733418
...
@@ -9,12 +9,13 @@ parts +=
...
@@ -9,12 +9,13 @@ parts +=
ca-nginx
ca-nginx
gunicorn-launcher
gunicorn-launcher
gunicorn-graceful
gunicorn-graceful
sshkeys-dropbear-runner
dropbear-server-add-authorized-key
sshkeys-authority
sshkeys-authority
slaprunner-promise
slaprunner-promise
slaprunner-supervisord-wrapper
slaprunner-supervisord-wrapper
dropbear-promise
runner-sshd
runner-sshd-add-authorized-key
runner-sshd-graceful
runner-sshd-promise
runtestsuite
runtestsuite
shellinabox
shellinabox
symlinks
symlinks
...
@@ -39,8 +40,9 @@ proxy_port = 50000
...
@@ -39,8 +40,9 @@ proxy_port = 50000
runner_port = 50005
runner_port = 50005
# Idem for some other services
# Idem for some other services
[dropbear-runner-server]
[runner-sshd-port]
port = $${slap-parameter:runner-importer-sshd-port}
minimum = 22232
maximum = 22241
[importer]
[importer]
recipe = slapos.recipe.template:jinja2
recipe = slapos.recipe.template:jinja2
...
...
software/slaprunner/instance-runner.cfg
View file @
2a733418
...
@@ -6,14 +6,15 @@ parts =
...
@@ -6,14 +6,15 @@ parts =
ca-nginx
ca-nginx
gunicorn-launcher
gunicorn-launcher
gunicorn-graceful
gunicorn-graceful
sshkeys-dropbear-runner
dropbear-server-add-authorized-key
sshkeys-authority
sshkeys-authority
publish-connection-information
publish-connection-information
slaprunner-promise
slaprunner-promise
apache-httpd-promise
apache-httpd-promise
slaprunner-supervisord-wrapper
slaprunner-supervisord-wrapper
dropbear-promise
runner-sshd
runner-sshd-add-authorized-key
runner-sshd-graceful
runner-sshd-promise
runtestsuite
runtestsuite
symlinks
symlinks
shellinabox
shellinabox
...
@@ -133,13 +134,13 @@ working-directory = $${runnerdirectory:home}
...
@@ -133,13 +134,13 @@ working-directory = $${runnerdirectory:home}
project-directory = $${runnerdirectory:project}
project-directory = $${runnerdirectory:project}
instance_root = $${runnerdirectory:instance-root}
instance_root = $${runnerdirectory:instance-root}
software_root = $${runnerdirectory:software-root}
software_root = $${runnerdirectory:software-root}
ssh_client = ${openssh:location}/bin/ssh
public_key = $${runner-sshd-key-authority:location}.pub
private_key = $${runner-sshd-key-authority:location}
instance-monitor-url = https://[$${:ipv6}]:$${monitor-parameters:port}
instance-monitor-url = https://[$${:ipv6}]:$${monitor-parameters:port}
etc_dir = $${directory:etc}
etc_dir = $${directory:etc}
log_dir = $${directory:log}
log_dir = $${directory:log}
run_dir = $${directory:run}
run_dir = $${directory:run}
ssh_client = $${sshkeys-dropbear-runner:wrapper}
public_key = $${sshkeys-dropbear-runner:public-key}
private_key = $${sshkeys-dropbear-runner:private-key}
ipv4 = $${slap-network-information:local-ipv4}
ipv4 = $${slap-network-information:local-ipv4}
ipv6 = $${slap-network-information:global-ipv6}
ipv6 = $${slap-network-information:global-ipv6}
instance_root = $${runnerdirectory:instance-root}
instance_root = $${runnerdirectory:instance-root}
...
@@ -198,43 +199,47 @@ command-line = ${buildout:directory}/bin/slaprunnertest
...
@@ -198,43 +199,47 @@ command-line = ${buildout:directory}/bin/slaprunnertest
wrapper-path = $${directory:bin}/runTestSuite
wrapper-path = $${directory:bin}/runTestSuite
environment = RUNNER_CONFIG=$${slapos-cfg:rendered}
environment = RUNNER_CONFIG=$${slapos-cfg:rendered}
# Deploy dropbear (minimalist SSH server)
# Deploy openssh-server
[sshkeys-directory]
[runner-sshd-key-authority]
recipe = slapos.cookbook:mkdirectory
recipe = plone.recipe.command
requests = $${directory:sshkeys}/requests/
location = $${directory:sshkeys}/ssh_host_rsa_key
keys = $${directory:sshkeys}/keys/
command = if [ ! -f "$${:location}" ]; then ${openssh:location}/bin/ssh-keygen -t rsa -b 4096 -f "$${:location}" -N '' -C ''; fi
[sshkeys-authority]
[runner-sshd-port]
recipe = slapos.cookbook:sshkeys_authority
recipe = slapos.cookbook:free_port
request-directory = $${sshkeys-directory:requests}
minimum = 22222
keys-directory = $${sshkeys-directory:keys}
maximum = 22231
wrapper = $${directory:services}/sshkeys_authority
ip = $${slap-network-information:global-ipv6}
keygen-binary = ${dropbear:location}/bin/dropbearkey
[runner-sshd-config]
[dropbear-runner-server]
recipe = slapos.recipe.template:jinja2
recipe = slapos.cookbook:dropbear
rendered = $${directory:etc}/runner-sshd.conf
host = $${slap-network-information:global-ipv6}
path_pid = $${directory:run}/runner-sshd.pid
port = $${slap-parameter:runner-sshd-port}
template = inline:
home = $${buildout:directory}
PidFile $${:path_pid}
wrapper = $${directory:bin}/runner_sshd
Port $${runner-sshd-port:port}
shell = ${bash:location}/bin/bash
ListenAddress $${slap-network-information:global-ipv6}
rsa-keyfile = $${directory:ssh}/server_key.rsa
Protocol 2
allow-port-forwarding = true
UsePrivilegeSeparation no
dropbear-binary = ${dropbear:location}/sbin/dropbear
HostKey $${runner-sshd-key-authority:location}
PasswordAuthentication no
[sshkeys-dropbear-runner]
PubkeyAuthentication yes
<= sshkeys-authority
AuthorizedKeysFile $${buildout:directory}/.ssh/authorized_keys
recipe = slapos.cookbook:sshkeys_authority.request
ForceCommand if [ -z "$SSH_ORIGINAL_COMMAND" ]; then ${bash:location}/bin/bash -l; else $SSH_ORIGINAL_COMMAND; fi
name = dropbear
type = rsa
[runner-sshd]
executable = $${dropbear-runner-server:wrapper}
recipe = slapos.cookbook:wrapper
public-key = $${dropbear-runner-server:rsa-keyfile}.pub
command-line = ${openssh:location}/sbin/sshd -D -e -f $${runner-sshd-config:rendered}
private-key = $${dropbear-runner-server:rsa-keyfile}
wrapper-path = $${directory:services}/runner-sshd
wrapper = $${directory:services}/runner_sshd
[runner-sshd-graceful]
[dropbear-server-add-authorized-key]
recipe = slapos.cookbook:wrapper
<= dropbear-runner-server
command-line = $${directory:bin}/killpidfromfile $${runner-sshd-config:path_pid} SIGHUP
wrapper-path = $${directory:scripts}/runner-sshd-graceful
[runner-sshd-add-authorized-key]
recipe = slapos.cookbook:dropbear.add_authorized_key
recipe = slapos.cookbook:dropbear.add_authorized_key
home = $${buildout:directory}
key = $${slap-parameter:user-authorized-key}
key = $${slap-parameter:user-authorized-key}
#---------------------------
#---------------------------
...
@@ -494,7 +499,7 @@ recipe = slapos.cookbook:publish
...
@@ -494,7 +499,7 @@ recipe = slapos.cookbook:publish
backend-url = $${slaprunner:access-url}
backend-url = $${slaprunner:access-url}
init-user = $${runner-htpasswd:user}
init-user = $${runner-htpasswd:user}
init-password = $${runner-htpasswd:password}
init-password = $${runner-htpasswd:password}
ssh-command = ssh $${
dropbear-runner-server:host} -p $${dropbear-runner-server
:port}
ssh-command = ssh $${
environ:USER}@$${slap-network-information:global-ipv6} -p $${runner-sshd-port
:port}
git-public-url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global_port}/git-public/
git-public-url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global_port}/git-public/
git-private-url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global_port}/git/
git-private-url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global_port}/git/
monitor-base-url = $${publish:monitor-base-url}
monitor-base-url = $${publish:monitor-base-url}
...
@@ -526,11 +531,11 @@ path = $${directory:promises}/slaprunner
...
@@ -526,11 +531,11 @@ path = $${directory:promises}/slaprunner
hostname = $${slaprunner:ipv6}
hostname = $${slaprunner:ipv6}
port = $${slaprunner:runner_port}
port = $${slaprunner:runner_port}
[
dropbear
-promise]
[
runner-sshd
-promise]
recipe = slapos.cookbook:check_port_listening
recipe = slapos.cookbook:check_port_listening
path = $${directory:promises}/
dropbear
path = $${directory:promises}/
runner-sshd
hostname = $${
dropbear-runner-server:host
}
hostname = $${
slap-network-information:global-ipv6
}
port = $${
dropbear-runner-server
:port}
port = $${
runner-sshd-port
:port}
[symlinks]
[symlinks]
recipe = cns.recipe.symlink
recipe = cns.recipe.symlink
...
@@ -559,8 +564,6 @@ monitor-cors-domains =
...
@@ -559,8 +564,6 @@ monitor-cors-domains =
monitor-interface-url =
monitor-interface-url =
# XXX - define a new port for monitor here and use monitor-port for backward compatibility
# XXX - define a new port for monitor here and use monitor-port for backward compatibility
monitor-httpd-port = 8386
monitor-httpd-port = 8386
runner-sshd-port = 22222
runner-importer-sshd-port = $${:runner-sshd-port}
[monitor-parameters]
[monitor-parameters]
port = $${slap-parameter:monitor-port}
port = $${slap-parameter:monitor-port}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment