diff --git a/software/kvm/common.cfg b/software/kvm/common.cfg index a433527a871c640fddbdf2cc0aaafbf65e630143..875c96213670ac210cb0cb8155c29e438ad4bedb 100644 --- a/software/kvm/common.cfg +++ b/software/kvm/common.cfg @@ -21,6 +21,7 @@ parts = # XXX: we have to manually add this for resilience rdiff-backup + collective.recipe.template-egg #XXX-Cedric : Currently, one can only access to KVM using noVNC. # Ideally one should be able to access KVM by using either NoVNC or VNC. diff --git a/software/slaprunner/common.cfg b/software/slaprunner/common.cfg index b93650fac56c32a6f4b26588b335c4dabfc78fc0..30b7ffb04978aaf4515c0e45caa8ac4e932355a3 100644 --- a/software/slaprunner/common.cfg +++ b/software/slaprunner/common.cfg @@ -15,7 +15,6 @@ extends = ../../stack/slapos.cfg parts = - rdiff-backup template eggs nginx @@ -27,6 +26,10 @@ parts = instance-runner-export slapos-cookbook +# XXX: we have to manually add this for resilience + rdiff-backup + collective.recipe.template-egg + #################### ## Node JS proxy #################### diff --git a/stack/resilient/buildout.cfg b/stack/resilient/buildout.cfg index 8bbb7d45ed46d1f3964d8b4ab1c69888dc117f86..25694bde5b4e463ffcafdaf54be8602523fced0a 100644 --- a/stack/resilient/buildout.cfg +++ b/stack/resilient/buildout.cfg @@ -1,12 +1,13 @@ [buildout] extends = + ../../component/dash/buildout.cfg ../../component/dropbear/buildout.cfg ../../component/gzip/buildout.cfg ../../component/rdiff-backup/buildout.cfg ../../component/rsync/buildout.cfg parts = - rdiff-backup + collective.recipe.template-egg pbsready pbsready-import pbsready-export @@ -16,7 +17,12 @@ parts = # needed tools for resiliency gzip + rdiff-backup + dash +[collective.recipe.template-egg] +recipe = zc.recipe.egg +eggs = collective.recipe.template #---------------- #-- @@ -30,7 +36,7 @@ parts = recipe = slapos.recipe.template url = ${:_profile_base_location_}/pbsready.cfg.in output = ${buildout:directory}/pbsready.cfg -md5sum = 570e0b54c97d510befa2ea981c1e90e0 +#md5sum = 46f9d33e642467a72c599c8dc767e6c3 mode = 0644 [pbsready-import] @@ -39,7 +45,7 @@ mode = 0644 recipe = slapos.recipe.template url = ${:_profile_base_location_}/pbsready-import.cfg.in output = ${buildout:directory}/pbsready-import.cfg -md5sum = cc9c776500ccd07cb51969beb68ffcda +md5sum = cb562bd954b9e809c8748d0f96de4116 mode = 0644 [pbsready-export] @@ -48,7 +54,7 @@ mode = 0644 recipe = slapos.recipe.template url = ${:_profile_base_location_}/pbsready-export.cfg.in output = ${buildout:directory}/pbsready-export.cfg -md5sum = 25d05b3929fb4c6cf275866bad678d6a +md5sum = 8fb619622a08aff2321497895e04df16 mode = 0644 [template-pull-backup] @@ -61,14 +67,14 @@ mode = 0644 [template-replicated] recipe = slapos.recipe.download url = ${:_profile_base_location_}/template-replicated.cfg.in -md5sum = c762a625f65193bc8a570b4d56a0d08c +md5sum = e8cf325c87c9b4416a47c14bc68e1bdf mode = 0644 destination = ${buildout:directory}/template-replicated.cfg.in [template-parts] recipe = slapos.recipe.download url = ${:_profile_base_location_}/template-parts.cfg.in -md5sum = c942f82552fcb42fc74a5f896e0cd5f3 +md5sum = dcce0e74292eddffde7f9e366d356080 mode = 0644 destination = ${buildout:directory}/template-parts.cfg.in diff --git a/stack/resilient/pbsready-export.cfg.in b/stack/resilient/pbsready-export.cfg.in index 85b9eb8aa281529b88decb6e41ba6c3452967f06..2bdc81f2d8caf236d0f9414b463f427d1ef80347 100644 --- a/stack/resilient/pbsready-export.cfg.in +++ b/stack/resilient/pbsready-export.cfg.in @@ -14,6 +14,7 @@ parts = sshkeys-authority dropbear-server sshkeys-dropbear + resilient-sshkeys-dropbear-promise dropbear-server-pbs-authorized-key notifier diff --git a/stack/resilient/pbsready-import.cfg.in b/stack/resilient/pbsready-import.cfg.in index 5028c05ae82890a8530ca8c9735f18bbc38a4331..e3e3de14a32e2aa684fd7e778aa6a5867ad67c99 100644 --- a/stack/resilient/pbsready-import.cfg.in +++ b/stack/resilient/pbsready-import.cfg.in @@ -14,6 +14,7 @@ parts = sshkeys-authority dropbear-server sshkeys-dropbear + resilient-sshkeys-dropbear-promise dropbear-server-pbs-authorized-key notifier diff --git a/stack/resilient/pbsready.cfg.in b/stack/resilient/pbsready.cfg.in index 59dc441363e8e9862f77127e408bad3bac95dfc1..1c38634b4526e6a91b1847582c5499b72c159ef8 100644 --- a/stack/resilient/pbsready.cfg.in +++ b/stack/resilient/pbsready.cfg.in @@ -10,6 +10,7 @@ parts = sshkeys-authority dropbear-server sshkeys-dropbear + resilient-sshkeys-dropbear-promise dropbear-server-pbs-authorized-key notifier @@ -179,6 +180,27 @@ server-binary = ${buildout:bin-directory}/pubsubserver notifier-binary = ${buildout:bin-directory}/pubsubnotifier +#---------------- +#-- +#-- Dropbear. + +[dropbear-server] +recipe = slapos.cookbook:dropbear +host = $${slap-network-information:global-ipv6} +# Explicitely excludes to define "port" argument. It will be defined in +# pbs-ready-import.cfg.in and pbs-ready-export.cfg.in +home = $${directory:ssh} +wrapper = $${rootdirectory:bin}/raw_sshd +shell = $${rdiff-backup-server:wrapper} +rsa-keyfile = $${directory:ssh}/server_key.rsa +dropbear-binary = ${dropbear:location}/sbin/dropbear + +[dropbear-server-pbs-authorized-key] +<= dropbear-server +recipe = slapos.cookbook:dropbear.add_authorized_key +key = $${slap-parameter:authorized-key} + + #---------------- #-- #-- sshkeys @@ -205,31 +227,21 @@ public-key = $${dropbear-server:rsa-keyfile}.pub private-key = $${dropbear-server:rsa-keyfile} wrapper = $${basedirectory:services}/sshd - -#---------------- -#-- -#-- Dropbear. - -[dropbear-server] -recipe = slapos.cookbook:dropbear -host = $${slap-network-information:global-ipv6} -# Explicitely excludes to define "port" argument. It will be defined in -# pbs-ready-import.cfg.in and pbs-ready-export.cfg.in -home = $${directory:ssh} -wrapper = $${rootdirectory:bin}/raw_sshd -shell = $${rdiff-backup-server:wrapper} -rsa-keyfile = $${directory:ssh}/server_key.rsa -dropbear-binary = ${dropbear:location}/sbin/dropbear - -[dropbear-server-pbs-authorized-key] -<= dropbear-server -recipe = slapos.cookbook:dropbear.add_authorized_key -key = $${slap-parameter:authorized-key} +[resilient-sshkeys-dropbear-promise] +# Check that public key file exists and is not empty +recipe = collective.recipe.template +input = inline:#!${dash:location}/bin/dash + PUBLIC_KEY_CONTENT="$${sshkeys-dropbear:public-key-value}" + if [ ! -n "$PUBLIC_KEY_CONTENT" ]; then + exit 1 + fi +output = $${basedirectory:promises}/public-key-existence +mode = 700 #---------------- #-- -#-- Conncetion informations to re-use. +#-- Connection informations to re-use. # XXX-Cedric: when "aggregation" system is done in libslap, directly publish. [resilient-publish-connection-parameter] recipe = slapos.cookbook:publish diff --git a/stack/resilient/template-parts.cfg.in b/stack/resilient/template-parts.cfg.in index 5f1837ee578dfcfd90b251bf80153af082e8171a..7998275bde08fe0f3bbc0834564c51090dfcafd6 100644 --- a/stack/resilient/template-parts.cfg.in +++ b/stack/resilient/template-parts.cfg.in @@ -4,10 +4,12 @@ request-{{namebase}} request-{{namebase}}-2 + resilient-request-{{namebase}}-public-key-promise {% for i in range(1,nbbackup|int) %} request-{{namebase}}-pseudo-replicating-{{i}} request-{{namebase}}-pseudo-replicating-{{i}}-2 + resilient-request-{{namebase}}-pseudo-replicating-{{i}}-public-key-promise {% endfor %} {% for i in range(1,nbbackup|int) %} diff --git a/stack/resilient/template-replicated.cfg.in b/stack/resilient/template-replicated.cfg.in index e977505c131a08dfb6b51ff11a3304478ad4c731..2bc5d58d4284a839b51b058f5b09621ba71442ad 100644 --- a/stack/resilient/template-replicated.cfg.in +++ b/stack/resilient/template-replicated.cfg.in @@ -11,6 +11,13 @@ {% endif -%} +[resilient-directory] +recipe = slapos.cookbook:mkdirectory +home = ${buildout:directory} +etc = ${:home}/etc +promise = ${:etc}/promise + + ## Tells the Backupable recipe that we want a backup [resilient] recipe = slapos.cookbook:request @@ -28,7 +35,6 @@ software-url = ${slap-connection:software-release-url} software-type = {{typeexport}} name = {{namebase}}0 return = ssh-public-key ssh-url notification-id ip - config = # Resilient related parameters number authorized-key notify ip-list namebase @@ -66,6 +72,7 @@ sla-{{ key }} = {{ value }} {% endif -%} {% endif -%} + {% for id in range(1,nbbackup|int) %} [request-{{namebase}}-pseudo-replicating-{{id}}] @@ -107,9 +114,9 @@ sla-{{ key }} = {{ value }} {% endif %} {% endif %} - {% endfor -%} + [iplist] config-ip-list = ${request-{{namebase}}:connection-ip}{% for j in range(1,nbbackup|int) %} ${request-{{namebase}}-pseudo-replicating-{{j}}:connection-ip}{% endfor %} @@ -117,11 +124,37 @@ config-ip-list = ${request-{{namebase}}:connection-ip}{% for j in range(1,nbback <= request-{{namebase}} iplist +[resilient-request-{{namebase}}-public-key-promise] +# Check that public-key-value parameter exists and is not empty +# XXX: maybe we should consider empty values to be non-nexistent. +recipe = collective.recipe.template +# XXX: don't use system executable +input = inline:#!/bin/sh + PUBLIC_KEY_CONTENT="${request-{{namebase}}-2:connection-ssh-public-key})" + if [ ! -n "$PUBLIC_KEY_CONTENT" ]; then + exit 1 + fi +output = ${resilient-directory:promise}/resilient-request-{{namebase}}-public-key +mode = 700 + {% for id in range(1,nbbackup|int) %} [request-{{namebase}}-pseudo-replicating-{{id}}-2] <= request-{{namebase}}-pseudo-replicating-{{id}} iplist +[resilient-request-{{namebase}}-pseudo-replicating-{{id}}-public-key-promise] +# Check that public-key-value parameter exists and is not empty +# XXX: maybe we should consider empty values to be non-nexistent. +recipe = collective.recipe.template +# XXX: don't use system executable +input = inline:#!/bin/sh + PUBLIC_KEY_CONTENT="${request-{{namebase}}-pseudo-replicating-{{id}}-2:connection-ssh-public-key})" + if [ ! -n "$PUBLIC_KEY_CONTENT" ]; then + exit 1 + fi +output = ${resilient-directory:promise}/resilient-request-{{namebase}}-pseudo-replicating-{{id}}-public-key +mode = 700 + {% endfor %}