From 59eb1768a1fbd8618d48e4748317f637104f62d2 Mon Sep 17 00:00:00 2001 From: eleonore12345 Date: Thu, 15 Aug 2024 13:54:53 +0200 Subject: [PATCH] =?UTF-8?q?bugs=20avec=20deploy=20user=20bash=20et=20nginx?= =?UTF-8?q?=20prepare=20r=C3=A9gl=C3=A9s?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/BashModule.cpp | 4 +- src/EncryptionModule.cpp | 2 +- src/NginxModule.cpp | 31 +++++++--- src/Services.cpp | 2 +- src/WireguardModule.cpp | 2 +- src/main.cpp | 64 +++++++++++--------- testenv/services/_proxy/nginx.conf | 5 +- testenv/services/test.sh8s.sh/deploy_user.sh | 4 +- 8 files changed, 69 insertions(+), 45 deletions(-) diff --git a/src/BashModule.cpp b/src/BashModule.cpp index 00929bb..f2c1103 100644 --- a/src/BashModule.cpp +++ b/src/BashModule.cpp @@ -81,6 +81,7 @@ int BashModule::executeScriptAs(string serviceUsername, string script) } //getting the connection information for the user struct passwd * p=getpwnam(serviceUsername.c_str()); + cout << "script " << script.c_str() << endl; if (p==NULL){ cerr << "Error. The user dedicated to the service is not found when trying to execute the bash script." << endl; return -1; @@ -92,7 +93,6 @@ int BashModule::executeScriptAs(string serviceUsername, string script) return -1; } else if (pid > 0) { //parent process - cout << "in parent process" << endl; int status; waitpid(-1,&status,0); if(status==-1){ @@ -104,7 +104,7 @@ int BashModule::executeScriptAs(string serviceUsername, string script) //executing as the user corresponding to the service setgid(p->pw_gid); setuid(p->pw_uid); - execl("/bin/bash", "/bin/bash", "--noediting", "--noprofile", "--norc", "--",script.c_str(), serviceUsername, (char *)0); + execl("/bin/bash", "/bin/bash", "--noediting", "--noprofile", "--norc", "--", script.c_str(), " ", serviceUsername, (char *)0); } } } diff --git a/src/EncryptionModule.cpp b/src/EncryptionModule.cpp index 540457e..23a16e6 100644 --- a/src/EncryptionModule.cpp +++ b/src/EncryptionModule.cpp @@ -7,7 +7,7 @@ using namespace std; //constructor EncryptionModule::EncryptionModule(){ - name="Let's Encrypt"; + name="Encryption"; } //destructor inline diff --git a/src/NginxModule.cpp b/src/NginxModule.cpp index 5c40193..6b71cc9 100644 --- a/src/NginxModule.cpp +++ b/src/NginxModule.cpp @@ -20,18 +20,18 @@ int NginxModule::Prepare () { cout << "nginx preparation" << endl; //create proxy_dir - string proxy_dir=getenv("proxy_dir"); + string proxy_dir=getenv("PROXY_DIR"); fs::create_directories(proxy_dir); //delete current new_conf directory (to start from scratch) - string new_nginx_conf_path=getenv("new_nginx_conf_path"); + string new_nginx_conf_path=getenv("NEW_NGINX_CONF_PATH"); fs::remove_all(new_nginx_conf_path); //create new new_conf directory fs::create_directories(new_nginx_conf_path); //create new conf file (for tests purposes) - string nginx_conf_path=getenv("nginx_conf_path"); + string nginx_conf_path=getenv("NGINX_CONF_PATH"); //open the old conf file ifstream input("./services/_proxy/nginx.conf"); if (!input) { @@ -43,9 +43,10 @@ int NginxModule::Prepare () string content = buffer.str(); input.close(); //replace nginx_conf_path with the new nginx_conf_path in the conf - size_t pos=string::npos; - while (content.find(nginx_conf_path)!=string::npos){ - content.replace(content.find(nginx_conf_path),nginx_conf_path.length(),new_nginx_conf_path); + size_t pos=content.find(nginx_conf_path); + while (pos!=string::npos){ + content.replace(pos,nginx_conf_path.length(),new_nginx_conf_path); + pos=content.find(nginx_conf_path); } //fill the new conf file ofstream output (proxy_dir+"/new_nginx.conf"); @@ -58,7 +59,23 @@ int NginxModule::Prepare () int NginxModule::Deploy (string serviceUsername) { //write the new conf - + //copy the conf from the service directory to the nginx directory + string conf="./services/"+serviceUsername+"/nginx_server.conf"; + string new_nginx_conf_path=getenv("NEW_NGINX_CONF_PATH"); + //replace the environment variables with their values + //string cmd="set -a && envsubst "+conf; + + /* + +if [ -f "/docker/$service/nginx_server.conf" ] ; then + section "Copy nginx conf" + run cp "/docker/$service/nginx_server.conf" "$new_nginx_conf_path/$service" + + section "Template nginx conf with vars from '.env' file" + run template.sh "/docker/$service/.env" < "/docker/$service/nginx_server.conf" > "$new_nginx_conf_path/ + (template : bash -c 'set -a && . '"$1"' && envsubst "$(cat '"$1"' | grep -o ^.*= | sed "s/=//" | sed "s/^/$/")"') + $service" +fi*/ return 0; } diff --git a/src/Services.cpp b/src/Services.cpp index 9eb73c8..1c21659 100644 --- a/src/Services.cpp +++ b/src/Services.cpp @@ -65,7 +65,7 @@ vector Services::readServicesFromCSV () const { //this method extracts the list of uid|username|servers from the services.csv file vector result; - char * CSV = getenv("servicefile"); //service file is an environment variable + char * CSV = getenv("SERVICEFILE"); //service file is an environment variable // Check if the environment variable is set if (CSV==nullptr) { cerr << "Error when trying to read services.csv. Environment variable servicefiles is not set." << endl; diff --git a/src/WireguardModule.cpp b/src/WireguardModule.cpp index 7f24944..43e768a 100644 --- a/src/WireguardModule.cpp +++ b/src/WireguardModule.cpp @@ -7,7 +7,7 @@ using namespace std; //constructor WireguardModule::WireguardModule(){ - name="Let's Encrypt"; + name="Wireguard"; } //destructor inline diff --git a/src/main.cpp b/src/main.cpp index 5229a61..cf26883 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -40,7 +40,7 @@ int createUser(string serviceUsername) { //this method creates a Unix user dedicated to the service //get the User ID from servers.csv - int uidStart=stoi(getenv("services_uid_start")); //so that the uids do not overlap with existing uids + int uidStart=stoi(getenv("SERVICES_UID_START")); //so that the uids do not overlap with existing uids Services services = Services(); const Service * service = services.FindByUsername(serviceUsername); int uid = (*service).GetUserID()+uidStart; @@ -52,7 +52,8 @@ int createUser(string serviceUsername) return 0; } //create user - string cmd2 ="useradd -u " + to_string(uid) + " " + serviceUsername + "&& usermod -s /sbin/nologin "+ serviceUsername; //no direct login + string cmd2 ="useradd -u " + to_string(uid) + " " + serviceUsername + " && usermod -s /sbin/nologin "+ serviceUsername; //no direct login + string res2 = BashManager::ExecuteAndReadResult(cmd2); if (res2 != ""){ cerr << "Error when executing the bash command to create a user specific to the service." << endl; @@ -66,7 +67,7 @@ int deleteUser(string serviceUsername) { //this method deletes the Unix user dedicated to the service //get the User ID from servers.csv - int uidStart=stoi(getenv("services_uid_start")); + int uidStart=stoi(getenv("SERVICES_UID_START")); Services services = Services(); const Service * service = services.FindByUsername(serviceUsername); int uid = (*service).GetUserID()+uidStart; @@ -96,7 +97,7 @@ string findCertificate(string serviceUsername) //if none is found, it returns the dummy certificate //searching is dns_certs_path - string dns_certs_path=getenv("dns_certs_path"); //dns_certs_path is an environment variable + string dns_certs_path=getenv("DNS_CERTS_PATH"); //dns_certs_path is an environment variable //finding the serviceUsername* directory string cmd="ls $dns_certs_path/"+serviceUsername+" | grep '^"+serviceUsername+"\\(-[0-9]\\{4\\}\\)\\?$'"; string name = BashManager::ExecuteAndReadResult(cmd); @@ -111,7 +112,7 @@ string findCertificate(string serviceUsername) } } //searching in http_certs_path - string http_certs_path=getenv(("http_certs_path")); //http_certs_path is an environment variable + string http_certs_path=getenv(("HTTP_CERTS_PATH")); //http_certs_path is an environment variable //finding the serviceUsername* directory cmd="ls $http_certs_path/"+serviceUsername+" | grep '^"+serviceUsername+"\\(-[0-9]\\{4\\}\\)\\?$'"; name = BashManager::ExecuteAndReadResult(cmd); @@ -126,7 +127,7 @@ string findCertificate(string serviceUsername) } } cout << "Using dummy certificate" << endl; - return getenv("dummy_cert_path"); + return getenv("DUMMY_CERT_PATH"); } int createEnvService(string serviceUsername) @@ -140,10 +141,11 @@ int createEnvService(string serviceUsername) string docker_dir="/services/"+serviceUsername; string jc_service=serviceUsername; string home="/data/"+serviceUsername; - string jc_id=to_string(services.FindByUsername(serviceUsername)->GetUserID()+stoi(getenv("services_uid_start"))); + string jc_id=to_string(services.FindByUsername(serviceUsername)->GetUserID()+stoi(getenv("SERVICES_UID_START"))); string net="172.29."+jc_id; string jc_cert=findCertificate(serviceUsername); + //create a .env file accessible outside the C++ program string file = "./services/"+serviceUsername+"/.env"; ofstream outfile(file); @@ -159,15 +161,15 @@ int createEnvService(string serviceUsername) outfile.close(); //setting the environment variables for all the shell commands called in this C++ programm - setenv("http_dir",http_dir.c_str(),1); - setenv("data_dir",data_dir.c_str(),1); - setenv("secret_dir",secret_dir.c_str(),1); - setenv("docker_dir",docker_dir.c_str(),1); - setenv("jc_service",jc_service.c_str(),1); - setenv("home",home.c_str(),1); - setenv("jc_id",jc_id.c_str(),1); - setenv("net",net.c_str(),1); - setenv("jc_cert",jc_cert.c_str(),1); + setenv("HTTP_DIR",http_dir.c_str(),1); + setenv("DATA_DIR",data_dir.c_str(),1); + setenv("SECRET_DIR",secret_dir.c_str(),1); + setenv("DOCKER_DIR",docker_dir.c_str(),1); + setenv("JC_SERVICE",jc_service.c_str(),1); + setenv("HOME",home.c_str(),1); + setenv("JC_ID",jc_id.c_str(),1); + setenv("NET",net.c_str(),1); + setenv("JC_CERT",jc_cert.c_str(),1); //create the directories //data_dir @@ -192,7 +194,7 @@ int createEnvService(string serviceUsername) int removeEnvService() { - string http_dir=getenv("http_dir"); + string http_dir=getenv("HTTP_DIR"); if(fs::exists(http_dir)){ fs::remove_all(http_dir); } @@ -203,9 +205,9 @@ int removeEnvService() int createEnv() { //this method writes environment variables in a file and sets them for every bash call - string proxyDir="etc/nginx"; - string nginx_conf_path=proxyDir+"/sites-enabled"; - string new_nginx_conf_path=proxyDir+"/new-sites-enabled"; + string proxy_dir="/etc/nginx"; + string nginx_conf_path=proxy_dir+"/sites-enabled"; + string new_nginx_conf_path=proxy_dir+"/new-sites-enabled"; string dns_certs_path="/data/dnscerts.jean-cloud.org/certs/live"; string http_certs_path="/etc/letsencrypt/live"; string dummy_cert_path=http_certs_path+"/dummy"; @@ -214,7 +216,7 @@ int createEnv() //create a file accessible outside the C++ program ofstream outfile ("/etc/jeancloud.env"); - outfile << "proxy_dir=" << proxyDir << endl; + outfile << "proxy_dir=" << proxy_dir << endl; outfile << "nginx_conf_path=" << nginx_conf_path << endl; outfile << "new_nginx_conf_path=" << new_nginx_conf_path << endl; outfile << "dns_certs_path=" << dns_certs_path << endl; @@ -225,14 +227,14 @@ int createEnv() outfile.close(); //setting the environment variables for all the shell commands called in this C++ programm - setenv("proxy_dir",proxyDir.c_str(),1); - setenv("nginx_conf_path",nginx_conf_path.c_str(),1); - setenv("new_nginx_conf_path",new_nginx_conf_path.c_str(),1); - setenv("dns_certs_path",dns_certs_path.c_str(),1); - setenv("http_certs_path",http_certs_path.c_str(),1); - setenv("dummy_cert_path",dummy_cert_path.c_str(),1); - setenv("servicefile",servicefile.c_str(),1); - setenv("services_uid_start",services_uid_start.c_str(),1); + setenv("PROXY_DIR",proxy_dir.c_str(),1); + setenv("NGINX_CONF_PATH",nginx_conf_path.c_str(),1); + setenv("NEW_NGINX_CONF_PATH",new_nginx_conf_path.c_str(),1); + setenv("DNS_CERTS_PATH",dns_certs_path.c_str(),1); + setenv("HTTP_CERTS_PATH",http_certs_path.c_str(),1); + setenv("DUMMY_CERT_PATH",dummy_cert_path.c_str(),1); + setenv("SERVICEFILE",servicefile.c_str(),1); + setenv("SERVICES_UID_START",services_uid_start.c_str(),1); cout << "global environment created" << endl; return 0; } @@ -250,10 +252,12 @@ int deployService(string serviceUsername){ } //call to the deploy functionality of all modules //the modules themselves determine their course of action depending on the service + for(Module * mod_ptr : modules){ int modResult = (*mod_ptr).Deploy(serviceUsername); if (modResult!=0){ - cerr << "Error in " << (*mod_ptr) << " when deploying " << serviceUsername << endl; + //cerr << "Error in " << (*mod_ptr) << " when deploying " << serviceUsername << endl; + cerr << "Error in module " << endl; } } return 0; diff --git a/testenv/services/_proxy/nginx.conf b/testenv/services/_proxy/nginx.conf index 33a9488..f507c42 100644 --- a/testenv/services/_proxy/nginx.conf +++ b/testenv/services/_proxy/nginx.conf @@ -1 +1,4 @@ -example +test +/etc/nginx/sites-enabled +youhou +/etc/nginx/sites-enabled diff --git a/testenv/services/test.sh8s.sh/deploy_user.sh b/testenv/services/test.sh8s.sh/deploy_user.sh index 0fe3a44..5afda59 100755 --- a/testenv/services/test.sh8s.sh/deploy_user.sh +++ b/testenv/services/test.sh8s.sh/deploy_user.sh @@ -1,5 +1,5 @@ #!/bin/bash -touch $data_dir/deployAsResult -echo $(whoami) >> $data_dir/deployAsResult +touch $DATA_DIR/deployAsResult +echo $(whoami) >> $DATA_DIR/deployAsResult