proview: fix and add shelinabox

1dfca59d · Alain Takoudjou · b04330c7 · 1dfca59d · 1dfca59d · 1dfca59d
Commit 1dfca59d authored Dec 19, 2019 by Alain Takoudjou
5 changed files
--- a/software/proviewR/instance-proview-r.cfg.jinja2.in
+++ b/software/proviewR/instance-proview-r.cfg.jinja2.in
@@ -123,6 +123,16 @@ pwr-flag = ${directory:pwrp}/flag
 command = 
  cp -r {{ proview_directory }}/local/adm/db/ ${:pwr-db}  
  echo PORT=5901 > ${:pwr-flag}
+  cat <<EOF > ${buildout:directory}/.rtt_start
+    #!/bin/bash
+    source ${pwrp-profile:rendered}
+    $pwr_exe/rt_rtt
+  EOF
+  cat <<EOF > ${buildout:directory}/.xtt_start
+    #!/bin/bash
+    source ${pwrp-profile:rendered}
+    $pwr_exe/rt_xtt &
+  EOF
 update-command =
 stop-on-error = true
@@ -163,7 +173,7 @@ input = inline:#!/bin/bash
      source ~/.bashrc
  fi
-output = ${buildout:directory}/.bashrc
+output = ${buildout:directory}/.bash_profile
 mode = 600
 [pwrp-profile]
@@ -189,6 +199,7 @@ template = {{ template_pwrrt }}
 context =
  key tmp_directory directory:tmp
  key pwrp_profile pwrp-profile:rendered
+  raw ld_library_path {{ ld_library_path }}
 [pwrrt-service]
 recipe = slapos.cookbook:wrapper
@@ -198,6 +209,71 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
 environment = 
  LD_LIBRARY_PATH={{ ld_library_path }}
+[shellinabox]
+recipe = slapos.recipe.template:jinja2
+socket = ${directory:run}/siab.sock
+mode = 0700
+rendered = ${directory:bin}/shellinaboxd
+template = inline:
+  #!/bin/sh
+  exec {{ shellinabox_bin }}/shellinaboxd \
+    --unixdomain-only=$${:socket}:$(id -u):$(id -g):0600 \
+    --service "/:$(id -u):$(id -g):HOME:${shell-environment:shell} -l"
+[shellinabox-service]
+recipe = slapos.cookbook:wrapper
+command-line = ${directory:bin}/shellinaboxd
+wrapper-path = ${directory:services}/shellinaboxd
+hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
+[shell-environment]
+shell = /bin/bash
+[ca-nginx]
+<= certificate-authority
+recipe = slapos.cookbook:certificate_authority.request
+key-file = ${cadirectory:certs}/nginx.key
+cert-file = ${cadirectory:certs}/nginx.crt
+executable = ${nginx-launcher:rendered}
+wrapper = ${directory:services}/nginx
+# Put domain name
+name = example.com
+[nginx-parameter-conf]
+local-ip = ${slap-network-information:local-ipv4}
+global-ip = ${slap-network-information:global-ipv6}
+global-port = ${slaprunner:runner_port}
+ssl-certificate = ${ca-nginx:cert-file}
+ssl-key = ${ca-nginx:key-file}
+pid-file = ${directory:run}/nginx.pid
+access-log = ${directory:log}/nginx.access.log
+error-log = ${directory:log}/nginx.error.log
+etc-dir = ${directory:etc}
+client-body-temp-path = ${directory:tmp}/client_body_temp_path
+proxy-temp-path = ${directory:tmp}/proxy_temp_path
+fastcgi-temp-path = ${directory:tmp}/fastcgi_temp_path
+uwsgi-temp-path = ${directory:tmp}/uwsgi_temp_path
+scgi-temp-path = ${directory:tmp}/scgi_temp_path
+[nginx_conf]
+recipe = slapos.recipe.template:jinja2
+template = {{ template_nginx }}
+rendered = ${directory:etc}/nginx.conf
+context =
+    key shellinabox_socket shellinabox:socket
+    section parameter_dict nginx-parameter-conf
+[nginx-launcher]
+recipe = slapos.cookbook:wrapper
+wrapper-path = ${directory:bin}/nginx-launcher
+command-line = {{ nginx_bin }} -p ${buildout:directory} -c ${nginx_conf:rendered}
+[logrotate-entry-nginx]
+<= logrotate-entry-base
+name = nginx
+log = ${nginx-parameter-conf:access-log} ${nginx-parameter-conf:error-log}
+post = kill -USR1 $(cat ${nginx-parameter-conf:pid-file})
 [request-slave-frontend]
 recipe = slapos.cookbook:requestoptional
 server-url = ${slap-connection:server-url}
@@ -240,6 +316,8 @@ parts =
  proview-environment
  bash-profile
  pwrrt-service
+  shellinabox
+  shellinabox-service
 # Complete parts with sections
  {{ part_list | join('\n  ') }}

--- a/software/proviewR/nginx_conf.in
+++ b/software/proviewR/nginx_conf.in
+worker_processes 5;
+pid {{ parameter_dict['pid-file'] }};
+error_log {{ parameter_dict['error-log'] }};
+daemon off;
+events {
+  worker_connections 1024;
+  accept_mutex off;
+}
+http {
+     default_type application/octet-stream;
+     access_log {{ parameter_dict['access-log'] }} combined;
+     client_max_body_size 10M;
+     server {
+        listen [{{ parameter_dict['global-ip'] }}]:{{ parameter_dict['global-port'] }} ssl;
+        server_name _;
+        ssl_certificate     {{ parameter_dict['ssl-certificate'] }};
+        ssl_certificate_key {{ parameter_dict['ssl-key'] }};
+        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
+        ssl_ciphers         ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5;
+        ssl_prefer_server_ciphers on;
+        keepalive_timeout 90s;
+        client_body_temp_path {{ parameter_dict['client-body-temp-path'] }};
+        proxy_temp_path {{ parameter_dict['proxy-temp-path'] }};
+        fastcgi_temp_path {{ parameter_dict['fastcgi-temp-path'] }};
+        uwsgi_temp_path {{ parameter_dict['uwsgi-temp-path'] }};
+        scgi_temp_path {{ parameter_dict['scgi-temp-path'] }};
+        location / {
+            proxy_pass http://unix:{{ shellinabox_socket }}:/;
+            proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
+            auth_basic "Restricted";
+            auth_basic_user_file {{ parameter_dict['etc-dir'] }}/.htpasswd;
+            proxy_redirect off;
+            proxy_buffering off;
+            proxy_set_header        X-Real-IP         $remote_addr;
+            proxy_set_header        X-Forwarded-Proto $scheme;
+            proxy_set_header        X-Forwarded-For   $proxy_add_x_forwarded_for;
+            proxy_set_header        X-Forwarded-Host  $http_host;
+      }
+    }
+}
--- a/software/proviewR/pwrp_profile.in
+++ b/software/proviewR/pwrp_profile.in
@@ -39,10 +39,10 @@ export jdk_home={{ java_location }}/bin
 PATH=$PATH:$pwr_exe:$pwrp_exe:$jdk_home
 #symbols to define start/stop commands for PWR
-alias pwr_stop='{{ base_directory }}/bin/pwr stop'
+alias pwr_stop='{{ base_directory }}/bin/pwrrt stop'
-alias pwr_stop.sh="{{ base_directory }}/bin/pwr stop"
+alias pwr_stop.sh="{{ base_directory }}/bin/pwrrt stop"
-alias pwr_start="{{ base_directory }}/bin/pwr start"
+alias pwr_start="{{ base_directory }}/bin/pwrrt start"
-alias pwr="{{ base_directory }}/bin/pwr"
+alias pwr="{{ base_directory }}/bin/pwrrt"
 if [ -e $pwrp_exe/profile ]; then
  source $pwrp_exe/profile

--- a/software/proviewR/pwrrt.in
+++ b/software/proviewR/pwrrt.in
@@ -2,7 +2,8 @@
 # Start script for Proview runtime
 #
-TMPDIR={{ tmp_directory }}
+TMPDIR="{{ tmp_directory }}"
+LD_LIBRARY_PATH={{ ld_library_path }}
 wrapper="{{ tmp_directory }}/rt_ini_wrapper"
 killer="{{ tmp_directory }}/pwr_killer"

--- a/software/proviewR/software.cfg
+++ b/software/proviewR/software.cfg
@@ -5,7 +5,9 @@ extends =
  ../../component/proviewR/buildout.cfg
  ../../component/open62541/buildout.cfg
  ../../component/noVNC/buildout.cfg
-    ../../component/shellinabox/buildout.cfg
+  ../../component/shellinabox/buildout.cfg
+  ../../component/nginx/buildout.cfg
+  ../../component/shellinabox/buildout.cfg
  ../../stack/monitor/buildout.cfg
  ../../stack/slapos.cfg
@@ -44,7 +46,7 @@ mode = 0644
 [template-proview-r]
 <= download-base
-md5sum = a104dfc928552d2fdb4af52108230b47
+md5sum = 8f518b869a46025b6e687c69c5589670
 filename = instance-proview-r.cfg.jinja2.in
 [template-pwrp-profile]
@@ -54,7 +56,7 @@ filename = pwrp_profile.in
 [template-pwrrt]
 <= download-base
-md5sum = d53e00e3e2e249dd16fdba00e881ce01
+md5sum = b68d8efa0a5ae756da237d7ba5b02c41
 filename = pwrrt.in
 [versions]