From 142d35d82360c952577870cdaf2ba7645f6b9d5f Mon Sep 17 00:00:00 2001 From: Guillaume Hervier <guillaume.hervier@nexedi.com> Date: Mon, 24 Sep 2018 16:36:10 +0200 Subject: [PATCH] software/slaprunner: auto-restart services on SR upgrade. --- software/slaprunner/buildout.hash.cfg | 2 +- software/slaprunner/instance-runner.cfg | 65 ++++++++++++++++++++----- 2 files changed, 53 insertions(+), 14 deletions(-) diff --git a/software/slaprunner/buildout.hash.cfg b/software/slaprunner/buildout.hash.cfg index 6349a1210..1675ff53f 100644 --- a/software/slaprunner/buildout.hash.cfg +++ b/software/slaprunner/buildout.hash.cfg @@ -18,7 +18,7 @@ md5sum = 713db528880282d568278f09458d2aab [template-runner] filename = instance-runner.cfg -md5sum = e12255a8c946b3eb8c6373fff481339f +md5sum = cd855670076979919c0fd00cc0f5938c [template-runner-import-script] filename = template/runner-import.sh.jinja2 diff --git a/software/slaprunner/instance-runner.cfg b/software/slaprunner/instance-runner.cfg index b73abed29..9ba6272d7 100644 --- a/software/slaprunner/instance-runner.cfg +++ b/software/slaprunner/instance-runner.cfg @@ -4,6 +4,8 @@ parts = nginx-launcher certificate-authority ca-nginx + certificate-authority-service + ca-nginx-service logrotate-entry-nginx gunicorn-launcher gunicorn-graceful @@ -16,10 +18,13 @@ parts = runner-sshd-graceful runner-sshd-promise runner-sshkeys-authority + runner-sshkeys-authority-service runner-sshkeys-sshd + runner-sshkeys-sshd-service runtestsuite symlinks shellinabox + shellinabox-service slapos-cfg cron-entry-prepare-software deploy-instance-parameters @@ -202,8 +207,9 @@ default_repository_branch = $${slap-parameter:slapos-reference} [slaprunner-supervisord-wrapper] recipe = slapos.cookbook:wrapper # XXX hardcoded locations -command-line = $${buildout:directory}/bin/slapos node supervisord --cfg $${directory:etc}/slapos.cfg -n +command-line = $${directory:bin}/slapos node supervisord --cfg $${directory:etc}/slapos.cfg -n wrapper-path = $${directory:services}/slaprunner-supervisord +hash-files = $${buildout:directory}/software_release/buildout.cfg [test-runner] @@ -224,7 +230,7 @@ arguments = --server_url=$${slap-connection:server-url} --key_file=$${slap-conne command-line = ${buildout:directory}/bin/slaprunnertest $${:arguments} wrapper-path = $${directory:bin}/runTestSuite environment = PATH=$${shell-environment:path} - RUNNER_CONFIG=$${slapos-cfg:rendered} + RUNNER_CONFIG=$${slapos-cfg:rendered} # Deploy openssh-server [runner-sshd-port] @@ -287,9 +293,15 @@ keys = $${directory:sshkeys}/runner-keys/ recipe = slapos.cookbook:sshkeys_authority request-directory = $${runner-sshkeys-directory:requests} keys-directory = $${runner-sshkeys-directory:keys} -wrapper = $${directory:services}/runner_sshkeys_authority +wrapper = $${directory:bin}/runner_sshkeys_authority keygen-binary = ${openssh:location}/bin/ssh-keygen +[runner-sshkeys-authority-service] +recipe = slapos.cookbook:wrapper +command-line = $${runner-sshkeys-authority:wrapper} +wrapper-path = $${directory:services}/runner-sshkeys-authority +hash-files = $${buildout:directory}/software_release/buildout.cfg + [runner-sshkeys-sshd] <= runner-sshkeys-authority recipe = slapos.cookbook:sshkeys_authority.request @@ -298,7 +310,13 @@ type = rsa executable = $${runner-sshd-server:output} public-key = $${runner-sshd-raw-server:rsa-keyfile}.pub private-key = $${runner-sshd-raw-server:rsa-keyfile} -wrapper = $${directory:services}/runner-sshd +wrapper = $${directory:bin}/runner-sshd + +[runner-sshkeys-sshd-service] +recipe = slapos.cookbook:wrapper +command-line = $${runner-sshkeys-sshd:wrapper} +wrapper-path = $${directory:services}/runner-sshd +hash-files = $${buildout:directory}/software_release/buildout.cfg [runner-sshd-add-authorized-key] recipe = slapos.cookbook:dropbear.add_authorized_key @@ -411,6 +429,7 @@ access-url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global wait-for-files = $${ca-nginx:cert-file} $${ca-nginx:key-file} +hash-files = $${buildout:directory}/software_release/buildout.cfg [logrotate-entry-apache-httpd] <= logrotate-entry-base @@ -461,6 +480,7 @@ wrapper-path = $${gunicorn:bin_launcher} environment = PATH=$${shell-environment:path} RUNNER_CONFIG=$${slaprunner:slapos.cfg} LANG=en_GB.UTF-8 +hash-files = $${buildout:directory}/software_release/buildout.cfg [gunicorn-graceful] recipe = slapos.cookbook:wrapper @@ -476,7 +496,7 @@ recipe = slapos.cookbook:certificate_authority openssl-binary = ${openssl:location}/bin/openssl ca-dir = $${directory:ca-dir} requests-directory = $${cadirectory:requests} -wrapper = $${directory:services}/certificate_authority +wrapper = $${directory:bin}/certificate_authority ca-private = $${cadirectory:private} ca-certs = $${cadirectory:certs} ca-newcerts = $${cadirectory:newcerts} @@ -496,10 +516,22 @@ recipe = slapos.cookbook:certificate_authority.request key-file = $${cadirectory:certs}/nginx_frontend.key cert-file = $${cadirectory:certs}/nginx_frontend.crt executable = $${nginx-launcher:rendered} -wrapper = $${directory:services}/nginx-frontend +wrapper = $${directory:bin}/nginx-frontend # Put domain name name = example.com +[ca-nginx-service] +recipe = slapos.cookbook:wrapper +command-line = $${directory:bin}/nginx-frontend +wrapper-path = $${directory:services}/nginx-frontend +hash-files = $${buildout:directory}/software_release/buildout.cfg + +[certificate-authority-service] +recipe = slapos.cookbook:wrapper +command-line = $${directory:bin}/certificate_authority +wrapper-path = $${directory:services}/certificate_authority +hash-files = $${buildout:directory}/software_release/buildout.cfg + #-------------------- #-- #-- Request frontend @@ -527,14 +559,14 @@ check-secure = 1 [request-httpd-frontend] <= slap-connection recipe = slapos.cookbook:requestoptional -# XXX - Unfortunately, we still call webrunner httpd frontend "Monitor Frontend" otherwise +# XXX - Unfortunately, we still call webrunner httpd frontend "Monitor Frontend" otherwise # buildout will ignore previous frontend that was created and create a new one (in case of upgrade) name = Monitor Frontend # XXX We have hardcoded SR URL here. software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg slave = true config-url = $${apache-httpd:access-url} -config-domain = +config-domain = return = secure_access domain [httpd-frontend-promise] @@ -638,8 +670,8 @@ slaprunner-httpd-port = $${:monitor-port} # XXX - for backward compatibility, monitor-port was for slaprunner httpd server monitor-port = 9686 instance-name = -monitor-cors-domains = -monitor-interface-url = +monitor-cors-domains = +monitor-interface-url = # XXX - define a new port for monitor here and use monitor-port for backward compatibility monitor-httpd-port = 8386 @@ -667,7 +699,7 @@ recipe = slapos.recipe.template:jinja2 # We cannot use slapos.cookbook:wrapper here because this recipe escapes too much socket = $${directory:run}/siab.sock mode = 0700 -rendered = $${directory:services}/shellinaboxd +rendered = $${directory:bin}/shellinaboxd template = inline: #!/bin/sh exec ${shellinabox:location}/bin/shellinaboxd \ @@ -676,6 +708,12 @@ template = inline: --unixdomain-only=$${:socket}:$(id -u):$(id -g):0600 \ --service "/:$(id -u):$(id -g):HOME:$${shell-environment:shell} -l" +[shellinabox-service] +recipe = slapos.cookbook:wrapper +command-line = $${directory:bin}/shellinaboxd +wrapper-path = $${directory:services}/shellinaboxd +hash-files = $${buildout:directory}/software_release/buildout.cfg + [shell-environment] shell = ${bash:location}/bin/bash path = ${nano:location}/bin:${vim:location}/bin:${screen:location}/bin:${git:location}/bin:${curl:location}/bin:${python2.7:location}/bin:${tig:location}/bin:${zip:location}/bin:${mosh:location}/bin:${bash:location}/bin:$${buildout:directory}/bin/:/usr/bin:/bin/ @@ -743,7 +781,7 @@ context = raw shell $${shell-environment:shell} key instance_name slap-parameter:instance-name key workdir runnerdirectory:home - + #--------------------------- #-- #-- supervisord managing slaprunner automation features @@ -808,6 +846,7 @@ context = recipe = slapos.cookbook:wrapper command-line = $${buildout:directory}/bin/supervisord -c $${supervisord-conf:rendered} --nodaemon wrapper-path = $${directory:services}/supervisord +hash-files = $${buildout:directory}/software_release/buildout.cfg [logrotate-entry-supervisord] <= logrotate-entry-base @@ -826,7 +865,7 @@ path = $${directory:promises}/supervisord hostname = $${slaprunner:ipv4} port = $${supervisord:port} -# XXX Monitor +# XXX Monitor [monitor-instance-parameter] monitor-httpd-port = $${slap-parameter:monitor-httpd-port} {% if slapparameter_dict.get('name', '') -%} -- 2.30.9