bugs avec deploy user bash et nginx prepare réglés
This commit is contained in:
parent
6f1ec7f3d1
commit
59eb1768a1
@ -81,6 +81,7 @@ int BashModule::executeScriptAs(string serviceUsername, string script)
|
||||
}
|
||||
//getting the connection information for the user
|
||||
struct passwd * p=getpwnam(serviceUsername.c_str());
|
||||
cout << "script " << script.c_str() << endl;
|
||||
if (p==NULL){
|
||||
cerr << "Error. The user dedicated to the service is not found when trying to execute the bash script." << endl;
|
||||
return -1;
|
||||
@ -92,7 +93,6 @@ int BashModule::executeScriptAs(string serviceUsername, string script)
|
||||
return -1;
|
||||
} else if (pid > 0) {
|
||||
//parent process
|
||||
cout << "in parent process" << endl;
|
||||
int status;
|
||||
waitpid(-1,&status,0);
|
||||
if(status==-1){
|
||||
@ -104,7 +104,7 @@ int BashModule::executeScriptAs(string serviceUsername, string script)
|
||||
//executing as the user corresponding to the service
|
||||
setgid(p->pw_gid);
|
||||
setuid(p->pw_uid);
|
||||
execl("/bin/bash", "/bin/bash", "--noediting", "--noprofile", "--norc", "--",script.c_str(), serviceUsername, (char *)0);
|
||||
execl("/bin/bash", "/bin/bash", "--noediting", "--noprofile", "--norc", "--", script.c_str(), " ", serviceUsername, (char *)0);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -7,7 +7,7 @@ using namespace std;
|
||||
|
||||
//constructor
|
||||
EncryptionModule::EncryptionModule(){
|
||||
name="Let's Encrypt";
|
||||
name="Encryption";
|
||||
}
|
||||
|
||||
//destructor inline
|
||||
|
@ -20,18 +20,18 @@ int NginxModule::Prepare ()
|
||||
{
|
||||
cout << "nginx preparation" << endl;
|
||||
//create proxy_dir
|
||||
string proxy_dir=getenv("proxy_dir");
|
||||
string proxy_dir=getenv("PROXY_DIR");
|
||||
fs::create_directories(proxy_dir);
|
||||
|
||||
//delete current new_conf directory (to start from scratch)
|
||||
string new_nginx_conf_path=getenv("new_nginx_conf_path");
|
||||
string new_nginx_conf_path=getenv("NEW_NGINX_CONF_PATH");
|
||||
fs::remove_all(new_nginx_conf_path);
|
||||
|
||||
//create new new_conf directory
|
||||
fs::create_directories(new_nginx_conf_path);
|
||||
|
||||
//create new conf file (for tests purposes)
|
||||
string nginx_conf_path=getenv("nginx_conf_path");
|
||||
string nginx_conf_path=getenv("NGINX_CONF_PATH");
|
||||
//open the old conf file
|
||||
ifstream input("./services/_proxy/nginx.conf");
|
||||
if (!input) {
|
||||
@ -43,9 +43,10 @@ int NginxModule::Prepare ()
|
||||
string content = buffer.str();
|
||||
input.close();
|
||||
//replace nginx_conf_path with the new nginx_conf_path in the conf
|
||||
size_t pos=string::npos;
|
||||
while (content.find(nginx_conf_path)!=string::npos){
|
||||
content.replace(content.find(nginx_conf_path),nginx_conf_path.length(),new_nginx_conf_path);
|
||||
size_t pos=content.find(nginx_conf_path);
|
||||
while (pos!=string::npos){
|
||||
content.replace(pos,nginx_conf_path.length(),new_nginx_conf_path);
|
||||
pos=content.find(nginx_conf_path);
|
||||
}
|
||||
//fill the new conf file
|
||||
ofstream output (proxy_dir+"/new_nginx.conf");
|
||||
@ -58,7 +59,23 @@ int NginxModule::Prepare ()
|
||||
int NginxModule::Deploy (string serviceUsername)
|
||||
{
|
||||
//write the new conf
|
||||
//copy the conf from the service directory to the nginx directory
|
||||
string conf="./services/"+serviceUsername+"/nginx_server.conf";
|
||||
string new_nginx_conf_path=getenv("NEW_NGINX_CONF_PATH");
|
||||
//replace the environment variables with their values
|
||||
//string cmd="set -a && envsubst "+conf;
|
||||
|
||||
/*
|
||||
|
||||
if [ -f "/docker/$service/nginx_server.conf" ] ; then
|
||||
section "Copy nginx conf"
|
||||
run cp "/docker/$service/nginx_server.conf" "$new_nginx_conf_path/$service"
|
||||
|
||||
section "Template nginx conf with vars from '.env' file"
|
||||
run template.sh "/docker/$service/.env" < "/docker/$service/nginx_server.conf" > "$new_nginx_conf_path/
|
||||
(template : bash -c 'set -a && . '"$1"' && envsubst "$(cat '"$1"' | grep -o ^.*= | sed "s/=//" | sed "s/^/$/")"')
|
||||
$service"
|
||||
fi*/
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
@ -65,7 +65,7 @@ vector <Service> Services::readServicesFromCSV () const
|
||||
{
|
||||
//this method extracts the list of uid|username|servers from the services.csv file
|
||||
vector <Service> result;
|
||||
char * CSV = getenv("servicefile"); //service file is an environment variable
|
||||
char * CSV = getenv("SERVICEFILE"); //service file is an environment variable
|
||||
// Check if the environment variable is set
|
||||
if (CSV==nullptr) {
|
||||
cerr << "Error when trying to read services.csv. Environment variable servicefiles is not set." << endl;
|
||||
|
@ -7,7 +7,7 @@ using namespace std;
|
||||
|
||||
//constructor
|
||||
WireguardModule::WireguardModule(){
|
||||
name="Let's Encrypt";
|
||||
name="Wireguard";
|
||||
}
|
||||
|
||||
//destructor inline
|
||||
|
64
src/main.cpp
64
src/main.cpp
@ -40,7 +40,7 @@ int createUser(string serviceUsername)
|
||||
{
|
||||
//this method creates a Unix user dedicated to the service
|
||||
//get the User ID from servers.csv
|
||||
int uidStart=stoi(getenv("services_uid_start")); //so that the uids do not overlap with existing uids
|
||||
int uidStart=stoi(getenv("SERVICES_UID_START")); //so that the uids do not overlap with existing uids
|
||||
Services services = Services();
|
||||
const Service * service = services.FindByUsername(serviceUsername);
|
||||
int uid = (*service).GetUserID()+uidStart;
|
||||
@ -52,7 +52,8 @@ int createUser(string serviceUsername)
|
||||
return 0;
|
||||
}
|
||||
//create user
|
||||
string cmd2 ="useradd -u " + to_string(uid) + " " + serviceUsername + "&& usermod -s /sbin/nologin "+ serviceUsername; //no direct login
|
||||
string cmd2 ="useradd -u " + to_string(uid) + " " + serviceUsername + " && usermod -s /sbin/nologin "+ serviceUsername; //no direct login
|
||||
|
||||
string res2 = BashManager::ExecuteAndReadResult(cmd2);
|
||||
if (res2 != ""){
|
||||
cerr << "Error when executing the bash command to create a user specific to the service." << endl;
|
||||
@ -66,7 +67,7 @@ int deleteUser(string serviceUsername)
|
||||
{
|
||||
//this method deletes the Unix user dedicated to the service
|
||||
//get the User ID from servers.csv
|
||||
int uidStart=stoi(getenv("services_uid_start"));
|
||||
int uidStart=stoi(getenv("SERVICES_UID_START"));
|
||||
Services services = Services();
|
||||
const Service * service = services.FindByUsername(serviceUsername);
|
||||
int uid = (*service).GetUserID()+uidStart;
|
||||
@ -96,7 +97,7 @@ string findCertificate(string serviceUsername)
|
||||
//if none is found, it returns the dummy certificate
|
||||
|
||||
//searching is dns_certs_path
|
||||
string dns_certs_path=getenv("dns_certs_path"); //dns_certs_path is an environment variable
|
||||
string dns_certs_path=getenv("DNS_CERTS_PATH"); //dns_certs_path is an environment variable
|
||||
//finding the serviceUsername* directory
|
||||
string cmd="ls $dns_certs_path/"+serviceUsername+" | grep '^"+serviceUsername+"\\(-[0-9]\\{4\\}\\)\\?$'";
|
||||
string name = BashManager::ExecuteAndReadResult(cmd);
|
||||
@ -111,7 +112,7 @@ string findCertificate(string serviceUsername)
|
||||
}
|
||||
}
|
||||
//searching in http_certs_path
|
||||
string http_certs_path=getenv(("http_certs_path")); //http_certs_path is an environment variable
|
||||
string http_certs_path=getenv(("HTTP_CERTS_PATH")); //http_certs_path is an environment variable
|
||||
//finding the serviceUsername* directory
|
||||
cmd="ls $http_certs_path/"+serviceUsername+" | grep '^"+serviceUsername+"\\(-[0-9]\\{4\\}\\)\\?$'";
|
||||
name = BashManager::ExecuteAndReadResult(cmd);
|
||||
@ -126,7 +127,7 @@ string findCertificate(string serviceUsername)
|
||||
}
|
||||
}
|
||||
cout << "Using dummy certificate" << endl;
|
||||
return getenv("dummy_cert_path");
|
||||
return getenv("DUMMY_CERT_PATH");
|
||||
}
|
||||
|
||||
int createEnvService(string serviceUsername)
|
||||
@ -140,10 +141,11 @@ int createEnvService(string serviceUsername)
|
||||
string docker_dir="/services/"+serviceUsername;
|
||||
string jc_service=serviceUsername;
|
||||
string home="/data/"+serviceUsername;
|
||||
string jc_id=to_string(services.FindByUsername(serviceUsername)->GetUserID()+stoi(getenv("services_uid_start")));
|
||||
string jc_id=to_string(services.FindByUsername(serviceUsername)->GetUserID()+stoi(getenv("SERVICES_UID_START")));
|
||||
string net="172.29."+jc_id;
|
||||
string jc_cert=findCertificate(serviceUsername);
|
||||
|
||||
|
||||
//create a .env file accessible outside the C++ program
|
||||
string file = "./services/"+serviceUsername+"/.env";
|
||||
ofstream outfile(file);
|
||||
@ -159,15 +161,15 @@ int createEnvService(string serviceUsername)
|
||||
outfile.close();
|
||||
|
||||
//setting the environment variables for all the shell commands called in this C++ programm
|
||||
setenv("http_dir",http_dir.c_str(),1);
|
||||
setenv("data_dir",data_dir.c_str(),1);
|
||||
setenv("secret_dir",secret_dir.c_str(),1);
|
||||
setenv("docker_dir",docker_dir.c_str(),1);
|
||||
setenv("jc_service",jc_service.c_str(),1);
|
||||
setenv("home",home.c_str(),1);
|
||||
setenv("jc_id",jc_id.c_str(),1);
|
||||
setenv("net",net.c_str(),1);
|
||||
setenv("jc_cert",jc_cert.c_str(),1);
|
||||
setenv("HTTP_DIR",http_dir.c_str(),1);
|
||||
setenv("DATA_DIR",data_dir.c_str(),1);
|
||||
setenv("SECRET_DIR",secret_dir.c_str(),1);
|
||||
setenv("DOCKER_DIR",docker_dir.c_str(),1);
|
||||
setenv("JC_SERVICE",jc_service.c_str(),1);
|
||||
setenv("HOME",home.c_str(),1);
|
||||
setenv("JC_ID",jc_id.c_str(),1);
|
||||
setenv("NET",net.c_str(),1);
|
||||
setenv("JC_CERT",jc_cert.c_str(),1);
|
||||
|
||||
//create the directories
|
||||
//data_dir
|
||||
@ -192,7 +194,7 @@ int createEnvService(string serviceUsername)
|
||||
|
||||
int removeEnvService()
|
||||
{
|
||||
string http_dir=getenv("http_dir");
|
||||
string http_dir=getenv("HTTP_DIR");
|
||||
if(fs::exists(http_dir)){
|
||||
fs::remove_all(http_dir);
|
||||
}
|
||||
@ -203,9 +205,9 @@ int removeEnvService()
|
||||
int createEnv()
|
||||
{
|
||||
//this method writes environment variables in a file and sets them for every bash call
|
||||
string proxyDir="etc/nginx";
|
||||
string nginx_conf_path=proxyDir+"/sites-enabled";
|
||||
string new_nginx_conf_path=proxyDir+"/new-sites-enabled";
|
||||
string proxy_dir="/etc/nginx";
|
||||
string nginx_conf_path=proxy_dir+"/sites-enabled";
|
||||
string new_nginx_conf_path=proxy_dir+"/new-sites-enabled";
|
||||
string dns_certs_path="/data/dnscerts.jean-cloud.org/certs/live";
|
||||
string http_certs_path="/etc/letsencrypt/live";
|
||||
string dummy_cert_path=http_certs_path+"/dummy";
|
||||
@ -214,7 +216,7 @@ int createEnv()
|
||||
|
||||
//create a file accessible outside the C++ program
|
||||
ofstream outfile ("/etc/jeancloud.env");
|
||||
outfile << "proxy_dir=" << proxyDir << endl;
|
||||
outfile << "proxy_dir=" << proxy_dir << endl;
|
||||
outfile << "nginx_conf_path=" << nginx_conf_path << endl;
|
||||
outfile << "new_nginx_conf_path=" << new_nginx_conf_path << endl;
|
||||
outfile << "dns_certs_path=" << dns_certs_path << endl;
|
||||
@ -225,14 +227,14 @@ int createEnv()
|
||||
outfile.close();
|
||||
|
||||
//setting the environment variables for all the shell commands called in this C++ programm
|
||||
setenv("proxy_dir",proxyDir.c_str(),1);
|
||||
setenv("nginx_conf_path",nginx_conf_path.c_str(),1);
|
||||
setenv("new_nginx_conf_path",new_nginx_conf_path.c_str(),1);
|
||||
setenv("dns_certs_path",dns_certs_path.c_str(),1);
|
||||
setenv("http_certs_path",http_certs_path.c_str(),1);
|
||||
setenv("dummy_cert_path",dummy_cert_path.c_str(),1);
|
||||
setenv("servicefile",servicefile.c_str(),1);
|
||||
setenv("services_uid_start",services_uid_start.c_str(),1);
|
||||
setenv("PROXY_DIR",proxy_dir.c_str(),1);
|
||||
setenv("NGINX_CONF_PATH",nginx_conf_path.c_str(),1);
|
||||
setenv("NEW_NGINX_CONF_PATH",new_nginx_conf_path.c_str(),1);
|
||||
setenv("DNS_CERTS_PATH",dns_certs_path.c_str(),1);
|
||||
setenv("HTTP_CERTS_PATH",http_certs_path.c_str(),1);
|
||||
setenv("DUMMY_CERT_PATH",dummy_cert_path.c_str(),1);
|
||||
setenv("SERVICEFILE",servicefile.c_str(),1);
|
||||
setenv("SERVICES_UID_START",services_uid_start.c_str(),1);
|
||||
cout << "global environment created" << endl;
|
||||
return 0;
|
||||
}
|
||||
@ -250,10 +252,12 @@ int deployService(string serviceUsername){
|
||||
}
|
||||
//call to the deploy functionality of all modules
|
||||
//the modules themselves determine their course of action depending on the service
|
||||
|
||||
for(Module * mod_ptr : modules){
|
||||
int modResult = (*mod_ptr).Deploy(serviceUsername);
|
||||
if (modResult!=0){
|
||||
cerr << "Error in " << (*mod_ptr) << " when deploying " << serviceUsername << endl;
|
||||
//cerr << "Error in " << (*mod_ptr) << " when deploying " << serviceUsername << endl;
|
||||
cerr << "Error in module " << endl;
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
|
@ -1 +1,4 @@
|
||||
example
|
||||
test
|
||||
/etc/nginx/sites-enabled
|
||||
youhou
|
||||
/etc/nginx/sites-enabled
|
||||
|
@ -1,5 +1,5 @@
|
||||
#!/bin/bash
|
||||
touch $data_dir/deployAsResult
|
||||
echo $(whoami) >> $data_dir/deployAsResult
|
||||
touch $DATA_DIR/deployAsResult
|
||||
echo $(whoami) >> $DATA_DIR/deployAsResult
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user