slaprunner: use shellinabox from github

Since shellinabox listen on AF_UNIX, we don't need another password for shellinabox

slaprunner: use shellinabox from github
Since shellinabox listen on AF_UNIX, we don't need another password for shellinabox
610f0865 · Jérome Perrin · e386c652 · 610f0865 · 610f0865 · 610f0865
Commit 610f0865 authored May 01, 2015 by Jérome Perrin
5 changed files
--- a/software/slaprunner/README.txt
+++ b/software/slaprunner/README.txt
@@ -147,7 +147,6 @@ As you can see in instance-runner-*.cfg, the buildout section extends a hard-cod
 List of ports used by the webrunner:
 ------------------------------------
 8602 : slapproxy, while running tests
-8949 : shellinabox
 9684 : apache (monitoring of slaprunner, git access)
 22222 : dropbear
 39986 : supervisord
@@ -156,4 +155,4 @@ List of ports used by the webrunner:

 Tips:
 -----
-You can use shellinabox in fullscreen, by accessing : https://[IPV6]:8949
+You can use shellinabox in fullscreen, by accessing : https://[IPV6]:50005/shellinabox/
--- a/software/slaprunner/TODO.txt
+++ b/software/slaprunner/TODO.txt
 - resilient sr: Cloned instances should not launch slapgrid-sr if it was not launched on export instance
- shellinabox password should be the same in all the resilient instances
 - add test for parameter auto-deploy-instance
 - Add download facility in file browser
--- a/software/slaprunner/common.cfg
+++ b/software/slaprunner/common.cfg
@@ -34,6 +34,10 @@ parts =
  rdiff-backup
  collective.recipe.template-egg

+# Use shellinabox from github with AF_UNIX support
+[shellinabox]
+<= shellinabox-github
+
 [template]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance.cfg
@@ -45,7 +49,7 @@ mode = 0644
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance-runner.cfg
 output = ${buildout:directory}/template-runner.cfg.in
-md5sum = 41c0f9e23f7ea085faa59a2f7bfb0bab
+md5sum = d67efe18c8d2295a9cc1274151bd63ce
 mode = 0644

 [template-runner-import-script]
@@ -97,7 +101,7 @@ mode = 0644
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/nginx_conf.in
 download-only = true
-md5sum = 7c0608eafb5c6998846851744a70b3de
+md5sum = 00b902364c32ef21a28461716700fb2b
 filename = nginx_conf.in
 mode = 0644


--- a/software/slaprunner/instance-runner.cfg
+++ b/software/slaprunner/instance-runner.cfg
@@ -4,7 +4,6 @@ parts =
  nginx-launcher
  certificate-authority
  ca-nginx
-  ca-shellinabox
  gunicorn-launcher
  gunicorn-graceful
  sshkeys-dropbear-runner
@@ -16,7 +15,6 @@ parts =
  slaprunner-supervisord-wrapper
  dropbear-promise
  runtestsuite
-  shellinabox-promise
  symlinks
  shellinabox
  slapos-cfg
@@ -269,7 +267,7 @@ scgi_temp_path = $${directory:tmp}/scgi_temp_path

 [nginx-frontend]
 # Options
-nb_workers = 2
+nb_workers = 5
 # Network
 local-ip = $${slap-network-information:local-ipv4}
 global-ip = $${slap-network-information:global-ipv6}
@@ -303,7 +301,7 @@ recipe = slapos.recipe.template:jinja2
 template = ${template_nginx_conf:location}/${template_nginx_conf:filename}
 rendered = $${nginx-frontend:path_nginx_conf}
 context =
-    key shellinabox_port shellinabox:port
+    key shellinabox_socket shellinabox:socket
    key socket gunicorn:socket
    section param_nginx_frontend nginx-frontend
    section param_tempdir tempdirectory
@@ -409,13 +407,6 @@ wrapper = $${directory:services}/nginx-frontend
 # Put domain name
 name = example.com

-[ca-shellinabox]
-<= certificate-authority
-recipe = slapos.cookbook:certificate_authority.request
-executable = $${shellinabox:wrapper}
-wrapper = $${directory:services}/shellinaboxd
-key-file = $${cadirectory:certs}/shellinabox.key
-cert-file = $${cadirectory:certs}/shellinabox.crt
 #--------------------
 #--
 #-- Request frontend
@@ -485,12 +476,6 @@ path = $${directory:promises}/dropbear
 hostname = $${dropbear-runner-server:host}
 port = $${dropbear-runner-server:port}

-[shellinabox-promise]
-recipe = slapos.cookbook:check_port_listening
-path = $${directory:promises}/shellinabox
-hostname = $${shellinabox:ipv6}
-port = $${shellinabox:port}
-
 [symlinks]
 recipe = cns.recipe.symlink
 symlink_target = $${directory:bin}
@@ -532,23 +517,18 @@ context =
  section slaprunner test-runner

 [shellinabox]
-recipe = slapos.cookbook:shellinabox
-ipv6 = $${slap-network-information:global-ipv6}
-port = 8949
-shell = $${shell:wrapper}
-wrapper = $${directory:bin}/shellinaboxd
-shellinabox-binary = ${shellinabox:location}/bin/shellinaboxd
-password = $${zero-parameters:shell-password}
-directory = $${runnerdirectory:home}
-login-shell = $${directory:bin}/login
-certificate-directory = $${cadirectory:certs}
-cert-file = $${ca-shellinabox:cert-file}
-key-file = $${ca-shellinabox:key-file}
-
-[shellinabox-code]
-recipe = slapos.cookbook:generate.password
-storage-path = $${directory:etc}/.scode
-bytes = 8
+recipe = slapos.recipe.template:jinja2
+# We cannot use slapos.cookbook:wrapper here because this recipe escapes too much
+socket = $${directory:run}/siab.sock
+mode = 0700
+rendered = $${directory:services}/shellinaboxd
+template = inline:
+  #!/bin/sh
+  exec ${shellinabox:location}/bin/shellinaboxd \
+    --disable-ssl \
+    --disable-ssl-menu \
+    --unixdomain-only=$${:socket}:$(id -u):$(id -g):0600 \
+    --service "/:$(id -u):$(id -g):HOME:$${shell:wrapper}"

 [shell]
 recipe = slapos.cookbook:shell
@@ -617,7 +597,6 @@ key = $${slap-connection:key-file}
 cert = $${slap-connection:cert-file}

 [public]
-shell-password = $${shellinabox-code:passwd}
 recovery-code = $${recovery-code:passwd}

 [zero-parameters]

--- a/software/slaprunner/nginx_conf.in
+++ b/software/slaprunner/nginx_conf.in
@@ -52,18 +52,18 @@ http {

            proxy_pass http://unix:{{ socket }};
        }
-	location /shellinabox {
-            proxy_pass  http://[{{ param_nginx_frontend['global-ip'] }}]:{{ shellinabox_port }}/;
+
+        location /shellinabox {
+            proxy_pass http://unix:{{ shellinabox_socket }}:/;
            proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
            auth_basic "Restricted";
            auth_basic_user_file {{ param_nginx_frontend['etc_dir'] }}/.htpasswd;
            proxy_redirect off;
            proxy_buffering off;
-            proxy_set_header        Host              $host;
            proxy_set_header        X-Real-IP         $remote_addr;
-	    proxy_set_header        X-Forwarded-Proto $scheme;
+            proxy_set_header        X-Forwarded-Proto $scheme;
            proxy_set_header        X-Forwarded-For   $proxy_add_x_forwarded_for;
-	    proxy_set_header        X-Forwarded-Host  $http_host;
-	}
+            proxy_set_header        X-Forwarded-Host  $http_host;
+      }
    }
 }