Commit 20ab9c22 authored by Cédric Le Ninivin's avatar Cédric Le Ninivin

Handle slaprunner parameters (ssh keys too)

parent be6031a9
...@@ -66,12 +66,12 @@ class ExportRecipe(GenericBaseRecipe): ...@@ -66,12 +66,12 @@ class ExportRecipe(GenericBaseRecipe):
do do
cd $path; cd $path;
if [ -f $element ] || [ -d $element ]; then if [ -f $element ] || [ -d $element ]; then
%(rsync-binary)s -avz --safe-links $element $backup_path; %(rsync-binary)s -avz --safe-links --delete $element $backup_path;
fi fi
done done
} }
sync_element %(srv-directory)s/runner %(backup-directory)s/runner/ instance project proxy.db softwareLink sync_element %(srv-directory)s/runner %(backup-directory)s/runner/ instance project proxy.db softwareLink
sync_element %(etc-directory)s %(backup-directory)s/etc/ .rcode .project .users sync_element %(etc-directory)s %(backup-directory)s/etc/ .rcode .project .users ssh
if [ -d %(backup-directory)s/runner/software ]; then if [ -d %(backup-directory)s/runner/software ]; then
rm %(backup-directory)s/runner/software/* rm %(backup-directory)s/runner/software/*
fi fi
...@@ -106,9 +106,21 @@ class ImportRecipe(GenericBaseRecipe): ...@@ -106,9 +106,21 @@ class ImportRecipe(GenericBaseRecipe):
content = textwrap.dedent("""\ content = textwrap.dedent("""\
#!%(shell-binary)s #!%(shell-binary)s
umask 077 umask 077
cd %(backup-directory)s; restore_element () {
%(rsync-binary)s -avz runner/ %(srv-directory)s/runner; backup_path=$1
%(rsync-binary)s -avz etc/ %(etc-directory)s; restore_path=$2
shift 2
element_list=$*
for element in $element_list
do
cd $backup_path;
if [ -f $element ] || [ -d $element ]; then
%(rsync-binary)s -avz --delete $backup_path/$element $restore_path;
fi
done
}
restore_element %(backup-directory)s/runner/ %(srv-directory)s/runner instance project proxy.db softwareLink
restore_element %(backup-directory)s/etc/ %(etc-directory)s .rcode .project .users ssh
ifs=$IFS IFS=';' ifs=$IFS IFS=';'
read user pass remaining < %(etc-directory)s/.users read user pass remaining < %(etc-directory)s/.users
IFS=$ifs IFS=$ifs
......
[buildout] [buildout]
extends = extends =
../../component/bash/buildout.cfg
../../component/cloud9/buildout.cfg ../../component/cloud9/buildout.cfg
../../component/curl/buildout.cfg ../../component/curl/buildout.cfg
../../component/dash/buildout.cfg ../../component/dash/buildout.cfg
......
...@@ -18,6 +18,19 @@ parts += ...@@ -18,6 +18,19 @@ parts +=
# Bubble up the parameters # Bubble up the parameters
[request-runner] [request-runner]
return = url ssh-public-key ssh-url notification-id ip backend_url url cloud9_url ssh_command password_recovery_code return = url ssh-public-key ssh-url notification-id ip backend_url url cloud9_url ssh_command password_recovery_code
config = instance-amount debug domain number authorized-key notify ip-list namebase runner1-computer-guid pbs-runner1-computer-guid runner2-computer-guid pbs-runner2-computer-guid runner3-computer-guid pbs-runner3-computer-guid
# XXX Cedric LN Ugly hack, resilient stack and slaprunner stack sharing too much ssh sections
config-authorized-key = ${request-pbs-runner-1:connection-ssh-key} ${request-pbs-runner-2:connection-ssh-key} ${slap-parameter:authorized-key}
config-instance-amount = ${slap-parameter:instance-amount}
config-debug = ${slap-parameter:debug}
config-runner1-computer-guid = ${slap-parameter:runner1-computer-guid}
config-pbs-runner1-computer-guid = ${slap-parameter:pbs-runner1-computer-guid}
config-runner2-computer-guid = ${slap-parameter:runner2-computer-guid}
config-pbs-runner2-computer-guid = ${slap-parameter:pbs-runner2-computer-guid}
config-runner3-computer-guid = ${slap-parameter:runner3-computer-guid}
config-pbs-runner3-computer-guid = ${slap-parameter:pbs-runner3-computer-guid}
config-domain = ${slap-parameter:domain}
[publish-connection-informations] [publish-connection-informations]
recipe = slapos.cookbook:publish recipe = slapos.cookbook:publish
...@@ -26,3 +39,19 @@ url = ${request-runner:connection-url} ...@@ -26,3 +39,19 @@ url = ${request-runner:connection-url}
cloud9_url = ${request-runner:connection-cloud9_url} cloud9_url = ${request-runner:connection-cloud9_url}
ssh_command = ${request-runner:connection-ssh_command} ssh_command = ${request-runner:connection-ssh_command}
password_recovery_code = ${request-runner:connection-password_recovery_code} password_recovery_code = ${request-runner:connection-password_recovery_code}
[slap-parameter]
# Default parameters for distributed deployment
# I.e state "backup1 of maria should go there, ..."
# XXX-Cedric: Hardcoded number of backups. Should be dynamically generated.
runner1-computer-guid =
pbs-runner1-computer-guid =
runner2-computer-guid =
pbs-runner2-computer-guid =
runner3-computer-guid =
pbs-runner3-computer-guid =
# XXX-Cedric: Hardcoded parameters. Should be dynamically generated.
domain =
authorized-key =
instance-amount = 10
debug = false
...@@ -23,5 +23,5 @@ rsync-binary = ${rsync:location}/bin/rsync ...@@ -23,5 +23,5 @@ rsync-binary = ${rsync:location}/bin/rsync
backend_url = $${slaprunner:access-url} backend_url = $${slaprunner:access-url}
url = $${request-frontend:connection-site_url} url = $${request-frontend:connection-site_url}
cloud9_url = $${cloud9:access-url} cloud9_url = $${cloud9:access-url}
ssh_command = ssh $${dropbear-server:host} -p $${dropbear-server:port} ssh_command = ssh $${dropbear-runner-server:host} -p $${dropbear-runner-server:port}
password_recovery_code = $${recovery-code:passwd} password_recovery_code = $${recovery-code:passwd}
...@@ -3,7 +3,7 @@ parts = ...@@ -3,7 +3,7 @@ parts =
cloud9 cloud9
slaprunner slaprunner
test-runner test-runner
sshkeys-dropbear sshkeys-dropbear-runner
dropbear-server-add-authorized-key dropbear-server-add-authorized-key
sshkeys-authority sshkeys-authority
publish-connection-informations publish-connection-informations
...@@ -13,7 +13,6 @@ parts = ...@@ -13,7 +13,6 @@ parts =
dropbear-promise dropbear-promise
symlinks symlinks
eggs-directory = ${buildout:eggs-directory} eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory} develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true offline = true
...@@ -82,9 +81,9 @@ instance-directory = $${runnerdirectory:instance-root} ...@@ -82,9 +81,9 @@ instance-directory = $${runnerdirectory:instance-root}
etc_dir = $${directory:etc} etc_dir = $${directory:etc}
log_dir = $${directory:log} log_dir = $${directory:log}
run_dir = $${directory:run} run_dir = $${directory:run}
ssh_client = $${sshkeys-dropbear:wrapper} ssh_client = $${sshkeys-dropbear-runner:wrapper}
public_key = $${sshkeys-dropbear:public-key} public_key = $${sshkeys-dropbear-runner:public-key}
private_key = $${sshkeys-dropbear:private-key} private_key = $${sshkeys-dropbear-runner:private-key}
ipv4 = $${slap-network-information:local-ipv4} ipv4 = $${slap-network-information:local-ipv4}
ipv6 = $${slap-network-information:global-ipv6} ipv6 = $${slap-network-information:global-ipv6}
proxy_port = 50000 proxy_port = 50000
...@@ -121,28 +120,28 @@ keys-directory = $${sshkeys-directory:keys} ...@@ -121,28 +120,28 @@ keys-directory = $${sshkeys-directory:keys}
wrapper = $${directory:services}/sshkeys_authority wrapper = $${directory:services}/sshkeys_authority
keygen-binary = ${dropbear:location}/bin/dropbearkey keygen-binary = ${dropbear:location}/bin/dropbearkey
[dropbear-server] [dropbear-runner-server]
recipe = slapos.cookbook:dropbear recipe = slapos.cookbook:dropbear
host = $${slap-network-information:global-ipv6} host = $${slap-network-information:global-ipv6}
port = 2222 port = 22222
home = $${directory:ssh} home = $${directory:ssh}
wrapper = $${directory:bin}/raw_sshd wrapper = $${directory:bin}/runner_sshd
shell = /bin/bash shell = ${bash:location}/bin/bash
rsa-keyfile = $${directory:ssh}/server_key.rsa rsa-keyfile = $${directory:ssh}/server_key.rsa
dropbear-binary = ${dropbear:location}/sbin/dropbear dropbear-binary = ${dropbear:location}/sbin/dropbear
[sshkeys-dropbear] [sshkeys-dropbear-runner]
<= sshkeys-authority <= sshkeys-authority
recipe = slapos.cookbook:sshkeys_authority.request recipe = slapos.cookbook:sshkeys_authority.request
name = dropbear name = dropbear
type = rsa type = rsa
executable = $${dropbear-server:wrapper} executable = $${dropbear-runner-server:wrapper}
public-key = $${dropbear-server:rsa-keyfile}.pub public-key = $${dropbear-runner-server:rsa-keyfile}.pub
private-key = $${dropbear-server:rsa-keyfile} private-key = $${dropbear-runner-server:rsa-keyfile}
wrapper = $${directory:services}/sshd wrapper = $${directory:services}/runner_sshd
[dropbear-server-add-authorized-key] [dropbear-server-add-authorized-key]
<= dropbear-server <= dropbear-runner-server
recipe = slapos.cookbook:dropbear.add_authorized_key recipe = slapos.cookbook:dropbear.add_authorized_key
key = $${slap-parameter:authorized-key} key = $${slap-parameter:authorized-key}
...@@ -166,7 +165,7 @@ recipe = slapos.cookbook:publish ...@@ -166,7 +165,7 @@ recipe = slapos.cookbook:publish
backend_url = $${slaprunner:access-url} backend_url = $${slaprunner:access-url}
url = $${request-frontend:connection-site_url} url = $${request-frontend:connection-site_url}
cloud9_url = $${cloud9:access-url} cloud9_url = $${cloud9:access-url}
ssh_command = ssh $${dropbear-server:host} -p $${dropbear-server:port} ssh_command = ssh $${dropbear-runner-server:host} -p $${dropbear-runner-server:port}
password_recovery_code = $${recovery-code:passwd} password_recovery_code = $${recovery-code:passwd}
...@@ -194,8 +193,8 @@ curl_path = ${curl:location}/bin/curl ...@@ -194,8 +193,8 @@ curl_path = ${curl:location}/bin/curl
[dropbear-promise] [dropbear-promise]
recipe = slapos.cookbook:check_port_listening recipe = slapos.cookbook:check_port_listening
path = $${directory:promises}/dropbear path = $${directory:promises}/dropbear
hostname = $${dropbear-server:host} hostname = $${dropbear-runner-server:host}
port = $${dropbear-server:port} port = $${dropbear-runner-server:port}
[symlinks] [symlinks]
recipe = cns.recipe.symlink recipe = cns.recipe.symlink
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment