shlaguernetes/sh8s_deployer
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bugs avec deploy user bash et nginx prepare réglés

Browse Source
This commit is contained in:
eleonore12345 2024-08-15 13:54:53 +02:00
parent 6f1ec7f3d1
commit 59eb1768a1
8 changed files with 69 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/BashModule.cpp
View File

@ -81,6 +81,7 @@ int BashModule::executeScriptAs(string serviceUsername, string script)
}
//getting the connection information for the user
struct passwd * p=getpwnam(serviceUsername.c_str());
cout << "script " << script.c_str() << endl;
if (p==NULL){
cerr << "Error. The user dedicated to the service is not found when trying to execute the bash script." << endl;
return -1;
@ -92,7 +93,6 @@ int BashModule::executeScriptAs(string serviceUsername, string script)
return -1;
} else if (pid > 0) {
//parent process
cout << "in parent process" << endl;
int status;
waitpid(-1,&status,0);
if(status==-1){
@ -104,7 +104,7 @@ int BashModule::executeScriptAs(string serviceUsername, string script)
//executing as the user corresponding to the service
setgid(p->pw_gid);
setuid(p->pw_uid);
execl("/bin/bash", "/bin/bash", "--noediting", "--noprofile", "--norc", "--",script.c_str(), serviceUsername, (char *)0);
execl("/bin/bash", "/bin/bash", "--noediting", "--noprofile", "--norc", "--", script.c_str(), " ", serviceUsername, (char *)0);
}
}
}

2
src/EncryptionModule.cpp
View File

@ -7,7 +7,7 @@ using namespace std;
//constructor
EncryptionModule::EncryptionModule(){
name="Let's Encrypt";
name="Encryption";
}
//destructor inline

31
src/NginxModule.cpp
View File

@ -20,18 +20,18 @@ int NginxModule::Prepare ()
{
cout << "nginx preparation" << endl;
//create proxy_dir
string proxy_dir=getenv("proxy_dir");
string proxy_dir=getenv("PROXY_DIR");
fs::create_directories(proxy_dir);
//delete current new_conf directory (to start from scratch)
string new_nginx_conf_path=getenv("new_nginx_conf_path");
string new_nginx_conf_path=getenv("NEW_NGINX_CONF_PATH");
fs::remove_all(new_nginx_conf_path);
//create new new_conf directory
fs::create_directories(new_nginx_conf_path);
//create new conf file (for tests purposes)
string nginx_conf_path=getenv("nginx_conf_path");
string nginx_conf_path=getenv("NGINX_CONF_PATH");
//open the old conf file
ifstream input("./services/_proxy/nginx.conf");
if (!input) {
@ -43,9 +43,10 @@ int NginxModule::Prepare ()
string content = buffer.str();
input.close();
//replace nginx_conf_path with the new nginx_conf_path in the conf
size_t pos=string::npos;
while (content.find(nginx_conf_path)!=string::npos){
content.replace(content.find(nginx_conf_path),nginx_conf_path.length(),new_nginx_conf_path);
size_t pos=content.find(nginx_conf_path);
while (pos!=string::npos){
content.replace(pos,nginx_conf_path.length(),new_nginx_conf_path);
pos=content.find(nginx_conf_path);
}
//fill the new conf file
ofstream output (proxy_dir+"/new_nginx.conf");
@ -58,7 +59,23 @@ int NginxModule::Prepare ()
int NginxModule::Deploy (string serviceUsername)
{
//write the new conf
//copy the conf from the service directory to the nginx directory
string conf="./services/"+serviceUsername+"/nginx_server.conf";
string new_nginx_conf_path=getenv("NEW_NGINX_CONF_PATH");
//replace the environment variables with their values
//string cmd="set -a && envsubst "+conf;
/*
if [ -f "/docker/$service/nginx_server.conf" ] ; then
section "Copy nginx conf"
run cp "/docker/$service/nginx_server.conf" "$new_nginx_conf_path/$service"
section "Template nginx conf with vars from '.env' file"
run template.sh "/docker/$service/.env" < "/docker/$service/nginx_server.conf" > "$new_nginx_conf_path/
(template : bash -c 'set -a && . '"$1"' && envsubst "$(cat '"$1"' | grep -o ^.*= | sed "s/=//" | sed "s/^/$/")"')
$service"
fi*/
return 0;
}

2
src/Services.cpp
View File

@ -65,7 +65,7 @@ vector <Service> Services::readServicesFromCSV () const
{
//this method extracts the list of uid|username|servers from the services.csv file
vector <Service> result;
char * CSV = getenv("servicefile"); //service file is an environment variable
char * CSV = getenv("SERVICEFILE"); //service file is an environment variable
// Check if the environment variable is set
if (CSV==nullptr) {
cerr << "Error when trying to read services.csv. Environment variable servicefiles is not set." << endl;

2
src/WireguardModule.cpp
View File

@ -7,7 +7,7 @@ using namespace std;
//constructor
WireguardModule::WireguardModule(){
name="Let's Encrypt";
name="Wireguard";
}
//destructor inline

64
src/main.cpp
View File

@ -40,7 +40,7 @@ int createUser(string serviceUsername)
{
//this method creates a Unix user dedicated to the service
//get the User ID from servers.csv
int uidStart=stoi(getenv("services_uid_start")); //so that the uids do not overlap with existing uids
int uidStart=stoi(getenv("SERVICES_UID_START")); //so that the uids do not overlap with existing uids
Services services = Services();
const Service * service = services.FindByUsername(serviceUsername);
int uid = (*service).GetUserID()+uidStart;
@ -52,7 +52,8 @@ int createUser(string serviceUsername)
return 0;
}
//create user
string cmd2 ="useradd -u " + to_string(uid) + " " + serviceUsername + "&& usermod -s /sbin/nologin "+ serviceUsername; //no direct login
string cmd2 ="useradd -u " + to_string(uid) + " " + serviceUsername + " && usermod -s /sbin/nologin "+ serviceUsername; //no direct login
string res2 = BashManager::ExecuteAndReadResult(cmd2);
if (res2 != ""){
cerr << "Error when executing the bash command to create a user specific to the service." << endl;
@ -66,7 +67,7 @@ int deleteUser(string serviceUsername)
{
//this method deletes the Unix user dedicated to the service
//get the User ID from servers.csv
int uidStart=stoi(getenv("services_uid_start"));
int uidStart=stoi(getenv("SERVICES_UID_START"));
Services services = Services();
const Service * service = services.FindByUsername(serviceUsername);
int uid = (*service).GetUserID()+uidStart;
@ -96,7 +97,7 @@ string findCertificate(string serviceUsername)
//if none is found, it returns the dummy certificate
//searching is dns_certs_path
string dns_certs_path=getenv("dns_certs_path"); //dns_certs_path is an environment variable
string dns_certs_path=getenv("DNS_CERTS_PATH"); //dns_certs_path is an environment variable
//finding the serviceUsername* directory
string cmd="ls $dns_certs_path/"+serviceUsername+" | grep '^"+serviceUsername+"\\(-[0-9]\\{4\\}\\)\\?$'";
string name = BashManager::ExecuteAndReadResult(cmd);
@ -111,7 +112,7 @@ string findCertificate(string serviceUsername)
}
}
//searching in http_certs_path
string http_certs_path=getenv(("http_certs_path")); //http_certs_path is an environment variable
string http_certs_path=getenv(("HTTP_CERTS_PATH")); //http_certs_path is an environment variable
//finding the serviceUsername* directory
cmd="ls $http_certs_path/"+serviceUsername+" | grep '^"+serviceUsername+"\\(-[0-9]\\{4\\}\\)\\?$'";
name = BashManager::ExecuteAndReadResult(cmd);
@ -126,7 +127,7 @@ string findCertificate(string serviceUsername)
}
}
cout << "Using dummy certificate" << endl;
return getenv("dummy_cert_path");
return getenv("DUMMY_CERT_PATH");
}
int createEnvService(string serviceUsername)
@ -140,10 +141,11 @@ int createEnvService(string serviceUsername)
string docker_dir="/services/"+serviceUsername;
string jc_service=serviceUsername;
string home="/data/"+serviceUsername;
string jc_id=to_string(services.FindByUsername(serviceUsername)->GetUserID()+stoi(getenv("services_uid_start")));
string jc_id=to_string(services.FindByUsername(serviceUsername)->GetUserID()+stoi(getenv("SERVICES_UID_START")));
string net="172.29."+jc_id;
string jc_cert=findCertificate(serviceUsername);
//create a .env file accessible outside the C++ program
string file = "./services/"+serviceUsername+"/.env";
ofstream outfile(file);
@ -159,15 +161,15 @@ int createEnvService(string serviceUsername)
outfile.close();
//setting the environment variables for all the shell commands called in this C++ programm
setenv("http_dir",http_dir.c_str(),1);
setenv("data_dir",data_dir.c_str(),1);
setenv("secret_dir",secret_dir.c_str(),1);
setenv("docker_dir",docker_dir.c_str(),1);
setenv("jc_service",jc_service.c_str(),1);
setenv("home",home.c_str(),1);
setenv("jc_id",jc_id.c_str(),1);
setenv("net",net.c_str(),1);
setenv("jc_cert",jc_cert.c_str(),1);
setenv("HTTP_DIR",http_dir.c_str(),1);
setenv("DATA_DIR",data_dir.c_str(),1);
setenv("SECRET_DIR",secret_dir.c_str(),1);
setenv("DOCKER_DIR",docker_dir.c_str(),1);
setenv("JC_SERVICE",jc_service.c_str(),1);
setenv("HOME",home.c_str(),1);
setenv("JC_ID",jc_id.c_str(),1);
setenv("NET",net.c_str(),1);
setenv("JC_CERT",jc_cert.c_str(),1);
//create the directories
//data_dir
@ -192,7 +194,7 @@ int createEnvService(string serviceUsername)
int removeEnvService()
{
string http_dir=getenv("http_dir");
string http_dir=getenv("HTTP_DIR");
if(fs::exists(http_dir)){
fs::remove_all(http_dir);
}
@ -203,9 +205,9 @@ int removeEnvService()
int createEnv()
{
//this method writes environment variables in a file and sets them for every bash call
string proxyDir="etc/nginx";
string nginx_conf_path=proxyDir+"/sites-enabled";
string new_nginx_conf_path=proxyDir+"/new-sites-enabled";
string proxy_dir="/etc/nginx";
string nginx_conf_path=proxy_dir+"/sites-enabled";
string new_nginx_conf_path=proxy_dir+"/new-sites-enabled";
string dns_certs_path="/data/dnscerts.jean-cloud.org/certs/live";
string http_certs_path="/etc/letsencrypt/live";
string dummy_cert_path=http_certs_path+"/dummy";
@ -214,7 +216,7 @@ int createEnv()
//create a file accessible outside the C++ program
ofstream outfile ("/etc/jeancloud.env");
outfile << "proxy_dir=" << proxyDir << endl;
outfile << "proxy_dir=" << proxy_dir << endl;
outfile << "nginx_conf_path=" << nginx_conf_path << endl;
outfile << "new_nginx_conf_path=" << new_nginx_conf_path << endl;
outfile << "dns_certs_path=" << dns_certs_path << endl;
@ -225,14 +227,14 @@ int createEnv()
outfile.close();
//setting the environment variables for all the shell commands called in this C++ programm
setenv("proxy_dir",proxyDir.c_str(),1);
setenv("nginx_conf_path",nginx_conf_path.c_str(),1);
setenv("new_nginx_conf_path",new_nginx_conf_path.c_str(),1);
setenv("dns_certs_path",dns_certs_path.c_str(),1);
setenv("http_certs_path",http_certs_path.c_str(),1);
setenv("dummy_cert_path",dummy_cert_path.c_str(),1);
setenv("servicefile",servicefile.c_str(),1);
setenv("services_uid_start",services_uid_start.c_str(),1);
setenv("PROXY_DIR",proxy_dir.c_str(),1);
setenv("NGINX_CONF_PATH",nginx_conf_path.c_str(),1);
setenv("NEW_NGINX_CONF_PATH",new_nginx_conf_path.c_str(),1);
setenv("DNS_CERTS_PATH",dns_certs_path.c_str(),1);
setenv("HTTP_CERTS_PATH",http_certs_path.c_str(),1);
setenv("DUMMY_CERT_PATH",dummy_cert_path.c_str(),1);
setenv("SERVICEFILE",servicefile.c_str(),1);
setenv("SERVICES_UID_START",services_uid_start.c_str(),1);
cout << "global environment created" << endl;
return 0;
}
@ -250,10 +252,12 @@ int deployService(string serviceUsername){
}
//call to the deploy functionality of all modules
//the modules themselves determine their course of action depending on the service
for(Module * mod_ptr : modules){
int modResult = (*mod_ptr).Deploy(serviceUsername);
if (modResult!=0){
cerr << "Error in " << (*mod_ptr) << " when deploying " << serviceUsername << endl;
//cerr << "Error in " << (*mod_ptr) << " when deploying " << serviceUsername << endl;
cerr << "Error in module " << endl;
}
}
return 0;

5
testenv/services/_proxy/nginx.conf
View File

@ -1 +1,4 @@
example
test
/etc/nginx/sites-enabled
youhou
/etc/nginx/sites-enabled

4
testenv/services/test.sh8s.sh/deploy_user.sh
View File

@ -1,5 +1,5 @@
#!/bin/bash
touch $data_dir/deployAsResult
echo $(whoami) >> $data_dir/deployAsResult
touch $DATA_DIR/deployAsResult
echo $(whoami) >> $DATA_DIR/deployAsResult