From 610f0865593fb5044781879d9d10460215428fcb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9rome=20Perrin?= <jerome@nexedi.com> Date: Fri, 1 May 2015 07:31:24 +0000 Subject: [PATCH] slaprunner: use shellinabox from github Since shellinabox listen on AF_UNIX, we don't need another password for shellinabox --- software/slaprunner/README.txt | 3 +- software/slaprunner/TODO.txt | 1 - software/slaprunner/common.cfg | 8 +++- software/slaprunner/instance-runner.cfg | 49 +++++++------------------ software/slaprunner/nginx_conf.in | 12 +++--- 5 files changed, 27 insertions(+), 46 deletions(-) diff --git a/software/slaprunner/README.txt b/software/slaprunner/README.txt index b25afb94b..8f615f791 100644 --- a/software/slaprunner/README.txt +++ b/software/slaprunner/README.txt @@ -147,7 +147,6 @@ As you can see in instance-runner-*.cfg, the buildout section extends a hard-cod List of ports used by the webrunner: ------------------------------------ 8602 : slapproxy, while running tests -8949 : shellinabox 9684 : apache (monitoring of slaprunner, git access) 22222 : dropbear 39986 : supervisord @@ -156,4 +155,4 @@ List of ports used by the webrunner: Tips: ----- -You can use shellinabox in fullscreen, by accessing : https://[IPV6]:8949 +You can use shellinabox in fullscreen, by accessing : https://[IPV6]:50005/shellinabox/ diff --git a/software/slaprunner/TODO.txt b/software/slaprunner/TODO.txt index 613819fda..3d6646101 100644 --- a/software/slaprunner/TODO.txt +++ b/software/slaprunner/TODO.txt @@ -1,4 +1,3 @@ - resilient sr: Cloned instances should not launch slapgrid-sr if it was not launched on export instance -- shellinabox password should be the same in all the resilient instances - add test for parameter auto-deploy-instance - Add download facility in file browser diff --git a/software/slaprunner/common.cfg b/software/slaprunner/common.cfg index b4b8a5ea6..8b229b54e 100644 --- a/software/slaprunner/common.cfg +++ b/software/slaprunner/common.cfg @@ -34,6 +34,10 @@ parts = rdiff-backup collective.recipe.template-egg +# Use shellinabox from github with AF_UNIX support +[shellinabox] +<= shellinabox-github + [template] recipe = slapos.recipe.template url = ${:_profile_base_location_}/instance.cfg @@ -45,7 +49,7 @@ mode = 0644 recipe = slapos.recipe.template url = ${:_profile_base_location_}/instance-runner.cfg output = ${buildout:directory}/template-runner.cfg.in -md5sum = 41c0f9e23f7ea085faa59a2f7bfb0bab +md5sum = d67efe18c8d2295a9cc1274151bd63ce mode = 0644 [template-runner-import-script] @@ -97,7 +101,7 @@ mode = 0644 recipe = hexagonit.recipe.download url = ${:_profile_base_location_}/nginx_conf.in download-only = true -md5sum = 7c0608eafb5c6998846851744a70b3de +md5sum = 00b902364c32ef21a28461716700fb2b filename = nginx_conf.in mode = 0644 diff --git a/software/slaprunner/instance-runner.cfg b/software/slaprunner/instance-runner.cfg index bceaf4f91..d971dd8a2 100644 --- a/software/slaprunner/instance-runner.cfg +++ b/software/slaprunner/instance-runner.cfg @@ -4,7 +4,6 @@ parts = nginx-launcher certificate-authority ca-nginx - ca-shellinabox gunicorn-launcher gunicorn-graceful sshkeys-dropbear-runner @@ -16,7 +15,6 @@ parts = slaprunner-supervisord-wrapper dropbear-promise runtestsuite - shellinabox-promise symlinks shellinabox slapos-cfg @@ -269,7 +267,7 @@ scgi_temp_path = $${directory:tmp}/scgi_temp_path [nginx-frontend] # Options -nb_workers = 2 +nb_workers = 5 # Network local-ip = $${slap-network-information:local-ipv4} global-ip = $${slap-network-information:global-ipv6} @@ -303,7 +301,7 @@ recipe = slapos.recipe.template:jinja2 template = ${template_nginx_conf:location}/${template_nginx_conf:filename} rendered = $${nginx-frontend:path_nginx_conf} context = - key shellinabox_port shellinabox:port + key shellinabox_socket shellinabox:socket key socket gunicorn:socket section param_nginx_frontend nginx-frontend section param_tempdir tempdirectory @@ -409,13 +407,6 @@ wrapper = $${directory:services}/nginx-frontend # Put domain name name = example.com -[ca-shellinabox] -<= certificate-authority -recipe = slapos.cookbook:certificate_authority.request -executable = $${shellinabox:wrapper} -wrapper = $${directory:services}/shellinaboxd -key-file = $${cadirectory:certs}/shellinabox.key -cert-file = $${cadirectory:certs}/shellinabox.crt #-------------------- #-- #-- Request frontend @@ -485,12 +476,6 @@ path = $${directory:promises}/dropbear hostname = $${dropbear-runner-server:host} port = $${dropbear-runner-server:port} -[shellinabox-promise] -recipe = slapos.cookbook:check_port_listening -path = $${directory:promises}/shellinabox -hostname = $${shellinabox:ipv6} -port = $${shellinabox:port} - [symlinks] recipe = cns.recipe.symlink symlink_target = $${directory:bin} @@ -532,23 +517,18 @@ context = section slaprunner test-runner [shellinabox] -recipe = slapos.cookbook:shellinabox -ipv6 = $${slap-network-information:global-ipv6} -port = 8949 -shell = $${shell:wrapper} -wrapper = $${directory:bin}/shellinaboxd -shellinabox-binary = ${shellinabox:location}/bin/shellinaboxd -password = $${zero-parameters:shell-password} -directory = $${runnerdirectory:home} -login-shell = $${directory:bin}/login -certificate-directory = $${cadirectory:certs} -cert-file = $${ca-shellinabox:cert-file} -key-file = $${ca-shellinabox:key-file} - -[shellinabox-code] -recipe = slapos.cookbook:generate.password -storage-path = $${directory:etc}/.scode -bytes = 8 +recipe = slapos.recipe.template:jinja2 +# We cannot use slapos.cookbook:wrapper here because this recipe escapes too much +socket = $${directory:run}/siab.sock +mode = 0700 +rendered = $${directory:services}/shellinaboxd +template = inline: + #!/bin/sh + exec ${shellinabox:location}/bin/shellinaboxd \ + --disable-ssl \ + --disable-ssl-menu \ + --unixdomain-only=$${:socket}:$(id -u):$(id -g):0600 \ + --service "/:$(id -u):$(id -g):HOME:$${shell:wrapper}" [shell] recipe = slapos.cookbook:shell @@ -617,7 +597,6 @@ key = $${slap-connection:key-file} cert = $${slap-connection:cert-file} [public] -shell-password = $${shellinabox-code:passwd} recovery-code = $${recovery-code:passwd} [zero-parameters] diff --git a/software/slaprunner/nginx_conf.in b/software/slaprunner/nginx_conf.in index e863c6c40..b2a078d37 100644 --- a/software/slaprunner/nginx_conf.in +++ b/software/slaprunner/nginx_conf.in @@ -52,18 +52,18 @@ http { proxy_pass http://unix:{{ socket }}; } - location /shellinabox { - proxy_pass http://[{{ param_nginx_frontend['global-ip'] }}]:{{ shellinabox_port }}/; + + location /shellinabox { + proxy_pass http://unix:{{ shellinabox_socket }}:/; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; auth_basic "Restricted"; auth_basic_user_file {{ param_nginx_frontend['etc_dir'] }}/.htpasswd; proxy_redirect off; proxy_buffering off; - proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Host $http_host; - } + proxy_set_header X-Forwarded-Host $http_host; + } } } -- 2.30.9