Commit 7316ad33 authored by Jérome Perrin's avatar Jérome Perrin

software/theia: request a frontend

So that we can access over IPv4 with a valid certificate

This required to generate a certificate, otherwise accessing from
frontend cause 404 site not served on this interface
parent e877a3d9
Pipeline #8767 failed with stage
in 0 seconds
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
[instance] [instance]
filename = instance.cfg.in filename = instance.cfg.in
md5sum = 7c9444fbe8dc8faea67ede2b77e188ed md5sum = 21735765808aac82fb91d53341a3c0d6
[yarn.lock] [yarn.lock]
filename = yarn.lock filename = yarn.lock
......
...@@ -17,13 +17,31 @@ recipe = slapos.cookbook:generate.password ...@@ -17,13 +17,31 @@ recipe = slapos.cookbook:generate.password
username = node username = node
bytes = 12 bytes = 12
[frontend-instance-certificate]
recipe = plone.recipe.command
command =
if [ ! -e $${:key-file} ]
then
${openssl-output:openssl} req -x509 -nodes -days 3650 \
-subj "/C=AA/ST=X/L=X/O=Dis/CN=$${:common-name}" \
-newkey rsa:1024 -keyout $${:key-file} \
-out $${:cert-file}
fi
update-command = $${:command}
key-file = $${directory:etc}/$${:_buildout_section_name_}.key
cert-file = $${directory:etc}/$${:_buildout_section_name_}.crt
common-name = $${frontend-instance-config:ip}
location =
$${:key-file}
$${:cert-file}
[frontend-instance-config] [frontend-instance-config]
recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
rendered = $${directory:etc}/$${:_buildout_section_name_} rendered = $${directory:etc}/$${:_buildout_section_name_}
template = inline: template = inline:
https://$${:hostname}:$${:port} { :$${:port} {
bind $${:ip} bind $${:ip}
tls self_signed # TODO tls $${frontend-instance-certificate:cert-file} $${frontend-instance-certificate:key-file}
log stdout log stdout
errors stderr errors stderr
gzip gzip
...@@ -57,7 +75,7 @@ ip = $${frontend-instance-config:ip} ...@@ -57,7 +75,7 @@ ip = $${frontend-instance-config:ip}
hostname = $${frontend-instance-config:hostname} hostname = $${frontend-instance-config:hostname}
port = $${frontend-instance-config:port} port = $${frontend-instance-config:port}
pidfile = $${directory:pidfiles}/$${:_buildout_section_name_}.pid pidfile = $${directory:pidfiles}/$${:_buildout_section_name_}.pid
url = https://$${frontend-instance-password:username}:$${frontend-instance-password:passwd}@$${:hostname}:$${:port}/ url = https://$${:hostname}:$${:port}/
[frontend-reload] [frontend-reload]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
...@@ -108,10 +126,24 @@ name = $${:_buildout_section_name_}.py ...@@ -108,10 +126,24 @@ name = $${:_buildout_section_name_}.py
config-hostname = $${frontend-instance:ip} config-hostname = $${frontend-instance:ip}
config-port = $${frontend-instance:port} config-port = $${frontend-instance:port}
[apache-frontend]
<= slap-connection
recipe = slapos.cookbook:requestoptional
name = Theia Frontend
# XXX We have hardcoded SR URL here.
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
slave = true
config-url = $${frontend-instance:url}
config-https-only = true
config-type = websocket
config-websocket-path-list = /services
return = domain secure_access
[publish-connection-parameter] [publish-connection-parameter]
recipe = slapos.cookbook:publish recipe = slapos.cookbook:publish
url = $${frontend-instance:url} url = $${apache-frontend:connection-secure_access}
username = $${frontend-instance-password:username}
password = $${frontend-instance-password:passwd}
[instance-parameter] [instance-parameter]
recipe = slapos.cookbook:slapconfiguration recipe = slapos.cookbook:slapconfiguration
......
...@@ -44,19 +44,20 @@ setUpModule, SlapOSInstanceTestCase = makeModuleSetUpAndTestCaseClass( ...@@ -44,19 +44,20 @@ setUpModule, SlapOSInstanceTestCase = makeModuleSetUpAndTestCaseClass(
class TestTheia(SlapOSInstanceTestCase): class TestTheia(SlapOSInstanceTestCase):
def setUp(self): def setUp(self):
self.theia_url = self.computer_partition.getConnectionParameterDict( self.connection_parameters = self.computer_partition.getConnectionParameterDict()
)['url']
def test_http_get(self): def test_http_get(self):
resp = requests.get(self.theia_url, verify=False) resp = requests.get(self.connection_parameters['url'], verify=False)
self.assertEqual(requests.codes.ok, resp.status_code) self.assertEqual(requests.codes.unauthorized, resp.status_code)
# without login/password, this is unauthorized # with login/password, this is allowed
parsed_url = urlparse(self.theia_url) parsed_url = urlparse(self.connection_parameters['url'])
resp = requests.get( resp = requests.get(
parsed_url._replace( parsed_url._replace(
netloc='[{}]:{}'.format( netloc='{}:{}@[{}]:{}'.format(
self.connection_parameters['username'],
self.connection_parameters['password'],
parsed_url.hostname, parsed_url.hostname,
parsed_url.port)).geturl(), parsed_url.port)).geturl(),
verify=False) verify=False)
self.assertEqual(requests.codes.unauthorized, resp.status_code) self.assertEqual(requests.codes.ok, resp.status_code)
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment