From 474d52b4c526e107362e38ac1d3c4a47a4d10de0 Mon Sep 17 00:00:00 2001 From: Zsolt Ero Date: Fri, 8 Nov 2024 20:18:22 +0100 Subject: [PATCH] ledns -> roundrobin --- config/.env.sample | 4 +-- init-server.py | 6 ++-- modules/http_host/cron.d/ofm_ledns_reader | 2 -- .../http_host/cron.d/ofm_roundrobin_reader | 2 ++ modules/http_host/http_host_lib/nginx.py | 24 ++++++------- .../{ledns.conf => roundrobin.conf} | 10 +++--- .../loadbalancer/loadbalancer_lib/config.py | 4 +-- .../loadbalancer_lib/loadbalance.py | 8 ++--- modules/{ledns => roundrobin}/rclone_write.sh | 8 ++--- modules/tile_gen/tile_gen_lib/set_version.py | 2 +- ssh_lib/tasks.py | 36 +++++++++---------- 11 files changed, 53 insertions(+), 53 deletions(-) delete mode 100644 modules/http_host/cron.d/ofm_ledns_reader create mode 100644 modules/http_host/cron.d/ofm_roundrobin_reader rename modules/http_host/http_host_lib/nginx_confs/{ledns.conf => roundrobin.conf} (79%) rename modules/{ledns => roundrobin}/rclone_write.sh (52%) diff --git a/config/.env.sample b/config/.env.sample index 4f12b6f..6c62e49 100644 --- a/config/.env.sample +++ b/config/.env.sample @@ -21,10 +21,10 @@ SKIP_LETSENCRYPT=false ### --- Advanced setup below this line --- ### ### --- 99.9% you don't need any of this! --- ### -# LEDNS is a very special feature for getting certificates on one server, +# ROUNDROBIN is a very special feature for getting certificates on one server, # uploading them to a bucket, and then downloading them to multiple http-host servers. # For a single host, you don't need it! -DOMAIN_LEDNS= +DOMAIN_ROUNDROBIN= # Variables used by the load balancer script - you don't need these! HTTP_HOST_LIST= diff --git a/init-server.py b/init-server.py index b9c9514..34c5231 100755 --- a/init-server.py +++ b/init-server.py @@ -9,7 +9,7 @@ from ssh_lib.tasks import ( prepare_shared, prepare_tile_gen, run_http_host_sync, - setup_ledns_writer, + setup_roundrobin_writer, setup_loadbalancer, ) from ssh_lib.utils import ( @@ -104,13 +104,13 @@ def tile_gen(hostname, user, port, cron, noninteractive): @cli.command() @common_options -def ledns(hostname, user, port, noninteractive): +def roundrobin(hostname, user, port, noninteractive): if not noninteractive and not click.confirm(f'Run script on {hostname}?'): return c = get_connection(hostname, user, port) - setup_ledns_writer(c) + setup_roundrobin_writer(c) @cli.command() diff --git a/modules/http_host/cron.d/ofm_ledns_reader b/modules/http_host/cron.d/ofm_ledns_reader deleted file mode 100644 index e798f88..0000000 --- a/modules/http_host/cron.d/ofm_ledns_reader +++ /dev/null @@ -1,2 +0,0 @@ -# once per day -2 34 * * * ofm sudo /usr/bin/bash /data/ofm/http_host/bin/ledns_reader.sh >> /data/ofm/http_host/logs/ledns_reader.log 2>&1 diff --git a/modules/http_host/cron.d/ofm_roundrobin_reader b/modules/http_host/cron.d/ofm_roundrobin_reader new file mode 100644 index 0000000..74f0b57 --- /dev/null +++ b/modules/http_host/cron.d/ofm_roundrobin_reader @@ -0,0 +1,2 @@ +# once per day +2 34 * * * ofm sudo /usr/bin/bash /data/ofm/http_host/bin/roundrobin_reader.sh >> /data/ofm/http_host/logs/roundrobin_reader.log 2>&1 diff --git a/modules/http_host/http_host_lib/nginx.py b/modules/http_host/http_host_lib/nginx.py index cf27f1e..da0bd88 100644 --- a/modules/http_host/http_host_lib/nginx.py +++ b/modules/http_host/http_host_lib/nginx.py @@ -16,7 +16,7 @@ def write_nginx_config(): curl_text_mix = '' domain_le = config.ofm_config['domain_le'] - domain_ledns = config.ofm_config['domain_ledns'] + domain_roundrobin = config.ofm_config['domain_roundrobin'] skip_letsencrypt = config.ofm_config['skip_letsencrypt'] # remove old configs and certs @@ -27,18 +27,18 @@ def write_nginx_config(): file.unlink() # processing Round Robin DNS config - if domain_ledns: + if domain_roundrobin: if not config.rclone_config.is_file(): sys.exit('rclone.conf missing') - # download the ledns certificate from bucket using rclone - write_ledns_reader_script(domain_ledns) - subprocess.run(['bash', config.http_host_bin / 'ledns_reader.sh'], check=True) + # download the roundrobin certificate from bucket using rclone + write_roundrobin_reader_script(domain_roundrobin) + subprocess.run(['bash', config.http_host_bin / 'roundrobin_reader.sh'], check=True) curl_text_mix += create_nginx_conf( - template_path=config.nginx_confs / 'ledns.conf', - local='ofm_ledns', - domain=domain_ledns, + template_path=config.nginx_confs / 'roundrobin.conf', + local='ofm_roundrobin', + domain=domain_roundrobin, ) # processing Let's Encrypt config @@ -317,13 +317,13 @@ def create_latest_locations(*, local: str, domain: str) -> str: return location_str -def write_ledns_reader_script(domain_ledns): +def write_roundrobin_reader_script(domain_roundrobin): script = f""" #!/usr/bin/env bash export RCLONE_CONFIG=/data/ofm/config/rclone.conf -rclone copyto -v "remote:ofm-private/ledns/{domain_ledns}/ofm_ledns.cert" /data/nginx/certs/ofm_ledns.cert -rclone copyto -v "remote:ofm-private/ledns/{domain_ledns}/ofm_ledns.key" /data/nginx/certs/ofm_ledns.key +rclone copyto -v "remote:ofm-private/roundrobin/{domain_roundrobin}/ofm_roundrobin.cert" /data/nginx/certs/ofm_roundrobin.cert +rclone copyto -v "remote:ofm-private/roundrobin/{domain_roundrobin}/ofm_roundrobin.key" /data/nginx/certs/ofm_roundrobin.key """.strip() - with open(config.http_host_bin / 'ledns_reader.sh', 'w') as fp: + with open(config.http_host_bin / 'roundrobin_reader.sh', 'w') as fp: fp.write(script) diff --git a/modules/http_host/http_host_lib/nginx_confs/ledns.conf b/modules/http_host/http_host_lib/nginx_confs/roundrobin.conf similarity index 79% rename from modules/http_host/http_host_lib/nginx_confs/ledns.conf rename to modules/http_host/http_host_lib/nginx_confs/roundrobin.conf index 8d1597f..cf37400 100644 --- a/modules/http_host/http_host_lib/nginx_confs/ledns.conf +++ b/modules/http_host/http_host_lib/nginx_confs/roundrobin.conf @@ -8,8 +8,8 @@ server { listen [::]:443 ssl; http2 on; - ssl_certificate /data/nginx/certs/ofm_ledns.cert; - ssl_certificate_key /data/nginx/certs/ofm_ledns.key; + ssl_certificate /data/nginx/certs/ofm_roundrobin.cert; + ssl_certificate_key /data/nginx/certs/ofm_roundrobin.key; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; # about 40000 sessions @@ -24,9 +24,9 @@ server { # access log doesn't contain IP address #access_log off; - access_log /data/ofm/http_host/logs_nginx/ledns-access.jsonl access_json buffer=128k; + access_log /data/ofm/http_host/logs_nginx/roundrobin-access.jsonl access_json buffer=128k; - error_log /data/ofm/http_host/logs_nginx/ledns-error.log; + error_log /data/ofm/http_host/logs_nginx/roundrobin-error.log; __LOCATION_BLOCKS__ @@ -51,6 +51,6 @@ server { # catch-all block to deny all other requests location / { deny all; - error_log /data/ofm/http_host/logs_nginx/ledns-deny.log error; + error_log /data/ofm/http_host/logs_nginx/roundrobin-deny.log error; } } diff --git a/modules/loadbalancer/loadbalancer_lib/config.py b/modules/loadbalancer/loadbalancer_lib/config.py index 9e533e4..5bd1a22 100644 --- a/modules/loadbalancer/loadbalancer_lib/config.py +++ b/modules/loadbalancer/loadbalancer_lib/config.py @@ -19,8 +19,8 @@ class Configuration: telegram_token = ofm_config['telegram_token'] telegram_chat_id = ofm_config['telegram_chat_id'] - domain_ledns = ofm_config['domain_ledns'] - domain_root = '.'.join(domain_ledns.split('.')[-2:]) + domain_roundrobin = ofm_config['domain_roundrobin'] + domain_root = '.'.join(domain_roundrobin.split('.')[-2:]) cloudflare_ini = dotenv_values(ofm_config_dir / 'cloudflare.ini') cloudflare_api_token = cloudflare_ini['dns_cloudflare_api_token'] diff --git a/modules/loadbalancer/loadbalancer_lib/loadbalance.py b/modules/loadbalancer/loadbalancer_lib/loadbalance.py index 829afe9..2ce9ce4 100644 --- a/modules/loadbalancer/loadbalancer_lib/loadbalance.py +++ b/modules/loadbalancer/loadbalancer_lib/loadbalance.py @@ -72,9 +72,9 @@ def run_area(area): try: # don't check latest if relaxed_mode: - check_host_version(config.domain_ledns, host_ip, area, version) + check_host_version(config.domain_roundrobin, host_ip, area, version) else: - check_host_latest(config.domain_ledns, host_ip, area, version) + check_host_latest(config.domain_roundrobin, host_ip, area, version) results[host_ip] = True except Exception as e: @@ -91,11 +91,11 @@ def update_records(working_hosts) -> bool: updated |= set_records_round_robin( zone_id=zone_id, - name=config.domain_ledns, + name=config.domain_roundrobin, host_ip_set=working_hosts, proxied=False, ttl=300, - comment='domain_ledns', + comment='domain_roundrobin', cloudflare_api_token=config.cloudflare_api_token, ) diff --git a/modules/ledns/rclone_write.sh b/modules/roundrobin/rclone_write.sh similarity index 52% rename from modules/ledns/rclone_write.sh rename to modules/roundrobin/rclone_write.sh index 7be304a..c47d25b 100644 --- a/modules/ledns/rclone_write.sh +++ b/modules/roundrobin/rclone_write.sh @@ -1,11 +1,11 @@ #!/usr/bin/env bash -#env > /data/ofm/ledns/env.txt +#env > /data/ofm/roundrobin/env.txt #RENEWED_DOMAINS=direct.openfreemap.org -#RENEWED_LINEAGE=/etc/letsencrypt/live/ofm_ledns +#RENEWED_LINEAGE=/etc/letsencrypt/live/ofm_roundrobin export RCLONE_CONFIG=/data/ofm/config/rclone.conf -rclone copyto -v --copy-links "$RENEWED_LINEAGE/fullchain.pem" "remote:ofm-private/ledns/$RENEWED_DOMAINS/ofm_ledns.cert" -rclone copyto -v --copy-links "$RENEWED_LINEAGE/privkey.pem" "remote:ofm-private/ledns/$RENEWED_DOMAINS/ofm_ledns.key" +rclone copyto -v --copy-links "$RENEWED_LINEAGE/fullchain.pem" "remote:ofm-private/roundrobin/$RENEWED_DOMAINS/ofm_roundrobin.cert" +rclone copyto -v --copy-links "$RENEWED_LINEAGE/privkey.pem" "remote:ofm-private/roundrobin/$RENEWED_DOMAINS/ofm_roundrobin.key" diff --git a/modules/tile_gen/tile_gen_lib/set_version.py b/modules/tile_gen/tile_gen_lib/set_version.py index 8fa92f5..6603e16 100644 --- a/modules/tile_gen/tile_gen_lib/set_version.py +++ b/modules/tile_gen/tile_gen_lib/set_version.py @@ -43,7 +43,7 @@ def set_version(area, version): def check_all_hosts(area, version) -> bool: oc = config.ofm_config - domain = oc['domain_ledns'] or oc['domain_le'] + domain = oc['domain_roundrobin'] or oc['domain_le'] print(f'Using domain: {domain}') try: diff --git a/ssh_lib/tasks.py b/ssh_lib/tasks.py index 8101c2c..a7a8205 100644 --- a/ssh_lib/tasks.py +++ b/ssh_lib/tasks.py @@ -98,7 +98,7 @@ def prepare_http_host(c): upload_http_host_files(c) - if dotenv_val('DOMAIN_LEDNS'): + if dotenv_val('DOMAIN_ROUNDROBIN'): assert (CONFIG_DIR / 'rclone.conf').exists() put( c, @@ -106,7 +106,7 @@ def prepare_http_host(c): f'{REMOTE_CONFIG}/rclone.conf', permissions=400, ) - put(c, MODULES_DIR / 'http_host' / 'cron.d' / 'ofm_ledns_reader', '/etc/cron.d/') + put(c, MODULES_DIR / 'http_host' / 'cron.d' / 'ofm_roundrobin_reader', '/etc/cron.d/') c.sudo(f'{VENV_BIN}/pip install -e {HTTP_HOST_BIN} --use-pep517') @@ -142,11 +142,11 @@ def install_benchmark(c): wrk(c) -def setup_ledns_writer(c): +def setup_roundrobin_writer(c): le_email = dotenv_val('LE_EMAIL').lower() - domain_ledns = dotenv_val('DOMAIN_LEDNS').lower() + domain_roundrobin = dotenv_val('DOMAIN_ROUNDROBIN').lower() assert le_email - assert domain_ledns + assert domain_roundrobin assert (CONFIG_DIR / 'rclone.conf').exists() assert (CONFIG_DIR / 'cloudflare.ini').exists() @@ -169,18 +169,18 @@ def setup_ledns_writer(c): permissions=400, ) - c.sudo('rm -rf /data/ofm/ledns') + c.sudo('rm -rf /data/ofm/roundrobin') put( c, - MODULES_DIR / 'ledns' / 'rclone_write.sh', - '/data/ofm/ledns/rclone_write.sh', + MODULES_DIR / 'roundrobin' / 'rclone_write.sh', + '/data/ofm/roundrobin/rclone_write.sh', create_parent_dir=True, permissions=500, ) # only use with --staging - # c.sudo('certbot delete --noninteractive --cert-name ofm_ledns', warn=True) + # c.sudo('certbot delete --noninteractive --cert-name ofm_roundrobin', warn=True) sudo_cmd( c, @@ -191,23 +191,23 @@ def setup_ledns_writer(c): f'--noninteractive ' f'-m {le_email} ' f'--agree-tos ' - f'--cert-name=ofm_ledns ' - f'--deploy-hook /data/ofm/ledns/rclone_write.sh ' - f'-d {domain_ledns}', - # f'-d {domain2_ledns}', - # f'-d {domain2_ledns}', + f'--cert-name=ofm_roundrobin ' + f'--deploy-hook /data/ofm/roundrobin/rclone_write.sh ' + f'-d {domain_roundrobin}', + # f'-d {domain2_roundrobin}', + # f'-d {domain2_roundrobin}', ) def upload_config_json(c): domain_le = dotenv_val('DOMAIN_LE').lower() - domain_ledns = dotenv_val('DOMAIN_LEDNS').lower() + domain_roundrobin = dotenv_val('DOMAIN_ROUNDROBIN').lower() skip_planet = dotenv_val('SKIP_PLANET').lower() == 'true' skip_letsencrypt = dotenv_val('SKIP_LETSENCRYPT').lower() == 'true' le_email = dotenv_val('LE_EMAIL').lower() - if not (domain_le or domain_ledns): - sys.exit('Please specify DOMAIN_LE or DOMAIN_LEDNS in config/.env') + if not (domain_le or domain_roundrobin): + sys.exit('Please specify DOMAIN_LE or DOMAIN_ROUNDROBIN in config/.env') if domain_le and not le_email and not skip_letsencrypt: sys.exit('Please add your email to LE_EMAIL when using DOMAIN_LE') @@ -216,7 +216,7 @@ def upload_config_json(c): config = { 'domain_le': domain_le, - 'domain_ledns': domain_ledns, + 'domain_roundrobin': domain_roundrobin, 'le_email': le_email, 'skip_planet': skip_planet, 'skip_letsencrypt': skip_letsencrypt,