Commit 1d57188a authored by Thomas Gambier's avatar Thomas Gambier 🚴🏼

software/turnserver: add insecure configuration

parent b8feb1de
Pipeline #12608 passed with stage
in 0 seconds
......@@ -15,8 +15,12 @@
[instance-cfg]
filename = instance.cfg.in
md5sum = d027a2dccaf15ae6e7d3a28cc02d70c3
md5sum = 776c7de2054f78ba79382c22d85018be
[template-turnserver]
filename = instance-turnserver.cfg.jinja2.in
md5sum = 539417d669c15b853ac8525f8d5cbc44
md5sum = df8768f165036dbe0435bd1678b9deb3
[template-insecure-turnserver]
filename = instance-insecure-turnserver.cfg.jinja2.in
md5sum = 0e0807eef75a1ee6f9aef3a6a566a729
{% set part_list = [] -%}
{% set server_name = slapparameter_dict.get('server-name', 'turn.example.com') -%}
[directory]
recipe = slapos.cookbook:mkdirectory
etc = ${buildout:directory}/etc
bin = ${buildout:directory}/bin
srv = ${buildout:directory}/srv
var = ${buildout:directory}/var
run = ${:var}/run
log = ${:var}/log
scripts = ${:etc}/run
services = ${:etc}/service
plugins = ${:etc}/plugin
[turnserver-password]
recipe = slapos.cookbook:generate.password
bytes = 8
{% set turn_port = slapparameter_dict.get('port', 3478) -%}
{% set turn_tls_port = slapparameter_dict.get('tls-port', 5349) -%}
{% set listining_ip = slapparameter_dict.get('listening-ip', (ipv4 | list)[0]) -%}
[turnserver-config]
recipe = collective.recipe.template
user = nxdturn
input = inline:
listening-port={{ turn_port }}
lt-cred-mech
realm={{ server_name }}
{% if slapparameter_dict.get('external-ip', '') %}
external-ip={{ slapparameter_dict['external-ip'] }}
{% endif %}
fingerprint
listening-ip={{ listining_ip }}
server-name={{ server_name }}
no-stdout-log
simple-log
log-file=${directory:log}/turnserver.log
pidfile=${directory:run}/turnserver.pid
verbose
user=${:user}:${turnserver-password:passwd}
output = ${directory:etc}/turnserver.conf
mode = 644
[turnserver-wrapper]
recipe = slapos.cookbook:wrapper
# XXX on first invocation of read-secret, the secret file is not yet generated
# so on first buildout run turnserver-config has an empty secret.
# We don't want to start the server when config file is not complete.
command-line =
{{ parameter_dict['turnserver-location'] }}/bin/turnserver -c ${turnserver-config:output}
wrapper-path = ${directory:services}/turnserver
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
[promise-check-turnserver-port]
<= monitor-promise-base
module = check_port_listening
name = turnserver-port-listening.py
config-hostname = {{ listining_ip }}
config-port = {{ turn_port }}
[promise-check-turnserver-tls-port]
<= monitor-promise-base
module = check_port_listening
name = turnserver-tls-port-listening.py
config-hostname = {{ listining_ip }}
config-port = {{ turn_tls_port }}
[publish-connection-information]
<= monitor-publish
recipe = slapos.cookbook:publish
turn-url = {{ server_name ~ ':' ~ turn_port }}
user = ${turnserver-config:user}
password = ${turnserver-password:passwd}
[buildout]
extends = {{ template_monitor }}
parts =
publish-connection-information
# Complete parts with sections
{{ part_list | join('\n ') }}
# turn server
turnserver-wrapper
promise-check-turnserver-tls-port
promise-check-turnserver-port
eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}
offline = true
......@@ -99,6 +99,7 @@ input = inline:
no-tlsv1
no-tlsv1_1
no-stdout-log
simple-log
  • turnserver test started to fail in 6145ffce...be655d15 I think it's a consequence of this line changed here. @tomo is this change intentional ? should we update the expected_config from the failing tests ?

  • Yes, I'm trying to fix this in tomo/slapos@6269fdb1 I will push on master if it fixes the test.

    Sorry for pushing in master without test, it was an urgent need.

  • Thanks and good luck with the test :)

  • Pushed in d2a9bf5c

  • Thanks !

Please register or sign in to reply
log-file=${directory:log}/turnserver.log
userdb=${directory:srv}/turndb
pidfile=${directory:run}/turnserver.pid
......
......@@ -10,6 +10,7 @@ offline = true
[switch-softwaretype]
recipe = slapos.cookbook:softwaretype
default = $${dynamic-template-turnserver:rendered}
insecure = $${dynamic-template-insecure-turnserver:rendered}
RootSoftwareInstance = $${:default}
[slap-configuration]
......@@ -50,3 +51,10 @@ template = ${template-turnserver:location}/${template-turnserver:filename}
filename = instance-turnserver.cfg
extra-context =
section parameter_dict dynamic-template-turnserver-parameters
[dynamic-template-insecure-turnserver]
<= jinja2-template-base
template = ${template-insecure-turnserver:location}/${template-insecure-turnserver:filename}
filename = instance-insecure-turnserver.cfg
extra-context =
section parameter_dict dynamic-template-turnserver-parameters
......@@ -28,5 +28,8 @@ output = ${buildout:directory}/instance.cfg
[template-turnserver]
<= download-base
[template-insecure-turnserver]
<= download-base
[versions]
slapos.recipe.template = 4.4
......@@ -188,3 +188,61 @@ verbose""" % {'instance_path': self.partition_path,
current_config = f.read().strip()
self.assertEqual(current_config.splitlines(), expected_config.splitlines())
class TestInsecureServices(TurnServerTestCase):
@classmethod
def getInstanceSoftwareType(cls):
return 'insecure'
def test_process_list(self):
hash_list = [
'software_release/buildout.cfg',
]
expected_process_names = [
'bootstrap-monitor',
'turnserver-{hash}-on-watch',
'certificate_authority-{hash}-on-watch',
'crond-{hash}-on-watch',
'monitor-httpd-{hash}-on-watch',
'monitor-httpd-graceful',
]
with self.slap.instance_supervisor_rpc as supervisor:
process_name_list = [process['name']
for process in supervisor.getAllProcessInfo()]
hash_file_list = [os.path.join(self.computer_partition_root_path, path)
for path in hash_list]
for name in expected_process_names:
h = generateHashFromFiles(hash_file_list)
expected_process_name = name.format(hash=h)
self.assertIn(expected_process_name, process_name_list)
def test_default_deployment(self):
self.assertTrue(os.path.exists(self.partition_path))
connection_parameter_dict = self.computer_partition\
.getConnectionParameterDict()
password = connection_parameter_dict['password']
expected_config = """listening-port=3478
lt-cred-mech
realm=turn.example.com
fingerprint
listening-ip=%(ipv4)s
server-name=turn.example.com
no-stdout-log
simple-log
log-file=%(instance_path)s/var/log/turnserver.log
pidfile=%(instance_path)s/var/run/turnserver.pid
verbose
user=nxdturn:%(password)""" % {'instance_path': self.partition_path, 'password': password, 'ipv4': self._ipv4_address}
with open(os.path.join(self.partition_path, 'etc/turnserver.conf')) as f:
current_config = f.read().strip()
self.assertEqual(current_config.splitlines(), expected_config.splitlines())
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment