diff options
author | Ivan Dolgov <ivan@qvarnlabs.com> | 2018-02-05 15:09:14 +0200 |
---|---|---|
committer | Ivan Dolgov <ivan@qvarnlabs.com> | 2018-02-05 15:09:14 +0200 |
commit | 3b208da0461f5a129fcbc527fbfdd9ed8309d077 (patch) | |
tree | fb7bbff96740dcd1b6309c7064537b2bb90ffcca | |
parent | e7cf984b49c35c8e5a4ec9a451ebe4bc783ef2bb (diff) | |
parent | 3bb8941c3bcf640e1d1b0a68bfb26154520f5544 (diff) | |
download | qvisqve-3b208da0461f5a129fcbc527fbfdd9ed8309d077.tar.gz |
Add deployment-related changes
Signed-off-by: Ivan Dolgov <ivan@qvarnlabs.com>
-rw-r--r-- | NEWS | 8 | ||||
-rw-r--r-- | debian/changelog | 11 | ||||
-rw-r--r-- | debian/control | 10 | ||||
-rwxr-xr-x | debian/rules | 2 | ||||
-rw-r--r-- | debian/salami.install | 1 | ||||
-rw-r--r-- | debian/salami.postinst | 38 | ||||
-rwxr-xr-x | salami-get-token | 2 | ||||
-rw-r--r-- | salami.service | 14 | ||||
-rw-r--r-- | salami/__init__.py | 2 | ||||
-rw-r--r-- | salami/app.py | 76 | ||||
-rw-r--r-- | salami/backend.py | 61 | ||||
-rw-r--r-- | salami/version.py | 4 | ||||
-rw-r--r-- | setup.py | 4 | ||||
-rwxr-xr-x | start_salami | 49 | ||||
-rw-r--r-- | without-tests | 1 | ||||
-rw-r--r-- | yarns/lib.py | 2 |
16 files changed, 189 insertions, 96 deletions
@@ -3,7 +3,11 @@ NEWS for Salami This file has release notes for Salami -Version 0.7+git, not yet released +Version 0.8+git, not yet released +--------------------------------- + + +Version 0.8, released 2018-02-03 --------------------------------- * Salami now expects client secrets to be stored hashed in the config @@ -20,6 +24,8 @@ Version 0.7+git, not yet released * A new script `salami-hash` is included to generate the hashed client secrets for the Salami config file. +* This release is made only to facilitate internal testing. + Version 0.7, released 2018-02-01 --------------------------------- diff --git a/debian/changelog b/debian/changelog index ad62f64..59d07c1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,8 +1,15 @@ -salami (0.7+git-1) UNRELEASED; urgency=medium +salami (0.8+git-1) UNRELEASED; urgency=medium * New upstream version. - -- Lars Wirzenius <liw@liw.fi> Thu, 01 Feb 2018 11:05:56 +0200 + -- Lars Wirzenius <liw@liw.fi> Sat, 03 Feb 2018 15:28:54 +0200 + +salami (0.8-1) unstable; urgency=medium + + * New upstream version. + * Add missing dependencies. + + -- Lars Wirzenius <liw@liw.fi> Sat, 03 Feb 2018 15:28:52 +0200 salami (0.7-1) unstable; urgency=medium diff --git a/debian/control b/debian/control index 98a74d6..15e2baa 100644 --- a/debian/control +++ b/debian/control @@ -28,6 +28,14 @@ X-Python3-Version: >= 3.5 Package: salami Architecture: all Depends: ${python3:Depends}, ${misc:Depends}, - python3 (>= 3.5) + python3 (>= 3.5), + python3-apifw, + python3-slog, + python3-yaml, + python3-crypto, + python3-cryptography, + python3-pycryptodome, + python3-jwt, + python3-requests Description: a thing This is a thing. diff --git a/debian/rules b/debian/rules index 827d016..72f6370 100755 --- a/debian/rules +++ b/debian/rules @@ -4,4 +4,6 @@ dh $@ --with python3 --buildsystem=pybuild override_dh_auto_test: +ifeq (,$(findstring nocheck,$(DEB_BUILD_OPTIONS))) ./check +endif diff --git a/debian/salami.install b/debian/salami.install new file mode 100644 index 0000000..a7c6c98 --- /dev/null +++ b/debian/salami.install @@ -0,0 +1 @@ +salami.service lib/systemd/system diff --git a/debian/salami.postinst b/debian/salami.postinst new file mode 100644 index 0000000..f905b78 --- /dev/null +++ b/debian/salami.postinst @@ -0,0 +1,38 @@ +#!/bin/sh +# Copyright 2018 Lars Wirzenius +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +set -eu + + +create_user() +{ + local name="$1" + local logdir="$2" + + addgroup --force "$name" || true + adduser --disabled-login --disabled-password \ + --gecos "Ick CI" \ + --shell /bin/true --force \ + --ingroup "$name" \ + "$name" || true + install -d -m 0755 -o "$name" -g "$name" "$logdir" +} + + +# Create a group and user for Salami +create_user _salami /var/log/salami + +#DEBHELPER# diff --git a/salami-get-token b/salami-get-token index 5c984b6..8068585 100755 --- a/salami-get-token +++ b/salami-get-token @@ -18,7 +18,7 @@ data = { 'scope': ' '.join(scopes), } -r = requests.post(url, auth=auth, data=data) +r = requests.post(url, auth=auth, data=data, verify=False) if r.ok: obj = r.json() print(obj['access_token']) diff --git a/salami.service b/salami.service new file mode 100644 index 0000000..f02e8bb --- /dev/null +++ b/salami.service @@ -0,0 +1,14 @@ +[Unit] +Description=Salami OpenID Connect provider +Requires=network.target +After=network.target +ConditionPathExists=/etc/salami/salami.yaml + +[Service] +Type=simple +User=_salami +Group=_salami +ExecStart=/usr/bin/start_salami /etc/salami/salami.yaml + +[Install] +WantedBy=multi-user.target diff --git a/salami/__init__.py b/salami/__init__.py index 14b0f73..bc00c79 100644 --- a/salami/__init__.py +++ b/salami/__init__.py @@ -28,4 +28,4 @@ from .version_router import VersionRouter from .token_router import TokenRouter from .api import SalamiAPI -from .backend import create_app +from .app import create_app diff --git a/salami/app.py b/salami/app.py new file mode 100644 index 0000000..1a01c07 --- /dev/null +++ b/salami/app.py @@ -0,0 +1,76 @@ +# Copyright (C) 2017-2018 Lars Wirzenius +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + + +import os + + +import apifw +import slog +import yaml + + +import salami + + +DEFAULT_CONFIG_FILE = '/dev/null' + + +def dict_logger(log, stack_info=None): + salami.log.log(exc_info=stack_info, **log) + + +def read_config(filename): + with open(filename) as f: + return yaml.safe_load(f) + + +def check_config(cfg): + for key in cfg: + if cfg[key] is None: + raise Exception('Configration %s should not be None' % key) + + +_counter = slog.Counter() + + +def counter(): + new_context = 'HTTP transaction {}'.format(_counter.increment()) + salami.log.set_context(new_context) + + +default_config = { + 'log': [], + 'token-issuer': None, + 'token-public-key': None, + 'token-private-key': None, + 'token-lifetime': None, + 'clients': None, +} + + +def create_app(): + config_filename = os.environ.get('SALAMI_CONFIG', DEFAULT_CONFIG_FILE) + actual_config = read_config(config_filename) + config = dict(default_config) + config.update(actual_config or {}) + if 'token-audience' not in config: + config['token-audience'] = config.get('token-issuer') + check_config(config) + salami.setup_logging(config) + salami.log.log('info', msg_text='Salami starting') + + api = salami.SalamiAPI(config) + return apifw.create_bottle_application(api, counter, dict_logger, config) diff --git a/salami/backend.py b/salami/backend.py index 18b27dc..3befdaf 100644 --- a/salami/backend.py +++ b/salami/backend.py @@ -14,66 +14,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. -import os - - -import apifw -import slog -import yaml - - import salami -DEFAULT_CONFIG_FILE = '/dev/null' - - -def dict_logger(log, stack_info=None): - salami.log.log(exc_info=stack_info, **log) - - -def read_config(filename): - with open(filename) as f: - return yaml.safe_load(f) - - -def check_config(cfg): - for key in cfg: - if cfg[key] is None: - raise Exception('Configration %s should not be None' % key) - - -_counter = slog.Counter() - - -def counter(): - new_context = 'HTTP transaction {}'.format(_counter.increment()) - salami.log.set_context(new_context) - - -default_config = { - 'log': [], - 'token-issuer': None, - 'token-public-key': None, - 'token-private-key': None, - 'token-lifetime': None, - 'clients': None, -} - - -def create_app(): - config_filename = os.environ.get('SALAMI_CONFIG', DEFAULT_CONFIG_FILE) - actual_config = read_config(config_filename) - config = dict(default_config) - config.update(actual_config or {}) - if 'token-audience' not in config: - config['token-audience'] = config.get('token-issuer') - check_config(config) - salami.setup_logging(config) - salami.log.log('info', msg_text='Salami starting') - - api = salami.SalamiAPI(config) - return apifw.create_bottle_application(api, counter, dict_logger, config) - - -app = create_app() +app = salami.create_app() diff --git a/salami/version.py b/salami/version.py index 6ab0781..456773e 100644 --- a/salami/version.py +++ b/salami/version.py @@ -1,2 +1,2 @@ -__version__ = "0.7+git" -__version_info__ = (0, 7, '+git') +__version__ = "0.8+git" +__version_info__ = (0, 8, '+git') @@ -24,9 +24,9 @@ import salami setup( name='salami', version=salami.__version__, - description='thing', + description='OpenID Connect provider', author='Lars Wirzenius', author_email='liw@qvarnlabs.com', packages=['salami', 'salami_secrets'], - scripts=['start_salami', 'salami-hash'], + scripts=['start_salami', 'salami-hash', 'salami-get-token'], ) diff --git a/start_salami b/start_salami index 16a09f5..83a5a60 100755 --- a/start_salami +++ b/start_salami @@ -30,23 +30,12 @@ print(config.get(varname, "")) } -gunicorn_wanted() -{ - set -eu - case "$(get "$1" gunicorn)" in - yes|True) - return 0 - ;; - esac - return 1 -} - - run_bottle() { set -eu + local port="$(get "$config" gunicorn-port)" export SALAMI_CONFIG="$1" - python3 -c 'import salami; salami.create_app().run(host="127.0.0.1", port=12765)' + python3 -c "import salami; salami.create_app().run(host='127.0.0.1', port=$port)" } @@ -55,6 +44,7 @@ run_gunicorn() { set -eu local config="$1" + local gunicorn="$(get "$config" gunicorn)" local log_file="$(get "$config" gunicorn-log)" local pid_file="$(get "$config" gunicorn-pid-file)" local port="$(get "$config" gunicorn-port)" @@ -66,22 +56,31 @@ run_gunicorn() pid_opt="-p $pid_file" fi - export SALAMI_CONFIG="$config" - gunicorn3 \ - --bind 127.0.0.1:"$port" \ + opts=" + --bind 127.0.0.1:$port \ -w1 \ - --log-file "$log_file" \ - "$pid_opt" \ + --log-file $log_file \ + $pid_opt \ --log-level debug \ - --daemon \ - salami.backend:app + " + + if [ "$gunicorn" = background ] + then + opts="$opts --daemon" + fi + + export SALAMI_CONFIG="$config" + gunicorn3 $opts salami.backend:app } config="$1" -if gunicorn_wanted "$config" -then - run_gunicorn "$config" -else +gunicorn="$(get "$config" gunicorn)" +case "$gunicorn" in + no) run_bottle "$config" -fi + ;; + yes|True|background) + run_gunicorn "$config" + ;; +esac diff --git a/without-tests b/without-tests index a95a008..e093520 100644 --- a/without-tests +++ b/without-tests @@ -2,6 +2,7 @@ setup.py doc/build.py salami/__init__.py salami/api.py +salami/app.py salami/backend.py salami/log_setup.py salami/responses.py diff --git a/yarns/lib.py b/yarns/lib.py index b36869d..8379b16 100644 --- a/yarns/lib.py +++ b/yarns/lib.py @@ -185,7 +185,7 @@ def start_salami(): } config = { - 'gunicorn': True, + 'gunicorn': 'background', 'gunicorn-log': 'gunicorn.log', 'gunicorn-pid-file': V['pid-file'], 'gunicorn-port': V['port'], |