ledns -> roundrobin

2026-05-21 14:02:15 +00:00 · 2024-11-08 20:18:22 +01:00
parent d8c41202dc
commit 474d52b4c5
11 changed files with 53 additions and 53 deletions
--- a/config/.env.sample
+++ b/config/.env.sample
@@ -21,10 +21,10 @@ SKIP_LETSENCRYPT=false
 ### --- Advanced setup below this line --- ###
 ### --- 99.9% you don't need any of this! --- ###

-# LEDNS is a very special feature for getting certificates on one server,
+# ROUNDROBIN is a very special feature for getting certificates on one server,
 # uploading them to a bucket, and then downloading them to multiple http-host servers.
 # For a single host, you don't need it!
-DOMAIN_LEDNS=
+DOMAIN_ROUNDROBIN=

 # Variables used by the load balancer script - you don't need these!
 HTTP_HOST_LIST=
--- a/init-server.py
+++ b/init-server.py
@@ -9,7 +9,7 @@ from ssh_lib.tasks import (
    prepare_shared,
    prepare_tile_gen,
    run_http_host_sync,
-    setup_ledns_writer,
+    setup_roundrobin_writer,
    setup_loadbalancer,
 )
 from ssh_lib.utils import (
@@ -104,13 +104,13 @@ def tile_gen(hostname, user, port, cron, noninteractive):

@cli.command()
@common_options
-def ledns(hostname, user, port, noninteractive):
+def roundrobin(hostname, user, port, noninteractive):
    if not noninteractive and not click.confirm(f'Run script on {hostname}?'):
        return

    c = get_connection(hostname, user, port)

-    setup_ledns_writer(c)
+    setup_roundrobin_writer(c)


@cli.command()
--- a/modules/http_host/cron.d/ofm_ledns_reader
+++ b/modules/http_host/cron.d/ofm_ledns_reader
@@ -1,2 +0,0 @@
-# once per day
-2 34 * * * ofm     sudo /usr/bin/bash /data/ofm/http_host/bin/ledns_reader.sh >> /data/ofm/http_host/logs/ledns_reader.log 2>&1
--- a/modules/http_host/cron.d/ofm_roundrobin_reader
+++ b/modules/http_host/cron.d/ofm_roundrobin_reader
@@ -0,0 +1,2 @@
+# once per day
+2 34 * * * ofm     sudo /usr/bin/bash /data/ofm/http_host/bin/roundrobin_reader.sh >> /data/ofm/http_host/logs/roundrobin_reader.log 2>&1
--- a/modules/http_host/http_host_lib/nginx.py
+++ b/modules/http_host/http_host_lib/nginx.py
@@ -16,7 +16,7 @@ def write_nginx_config():
    curl_text_mix = ''

    domain_le = config.ofm_config['domain_le']
-    domain_ledns = config.ofm_config['domain_ledns']
+    domain_roundrobin = config.ofm_config['domain_roundrobin']
    skip_letsencrypt = config.ofm_config['skip_letsencrypt']

    # remove old configs and certs
@@ -27,18 +27,18 @@ def write_nginx_config():
        file.unlink()

    # processing Round Robin DNS config
-    if domain_ledns:
+    if domain_roundrobin:
        if not config.rclone_config.is_file():
            sys.exit('rclone.conf missing')

-        # download the ledns certificate from bucket using rclone
-        write_ledns_reader_script(domain_ledns)
-        subprocess.run(['bash', config.http_host_bin / 'ledns_reader.sh'], check=True)
+        # download the roundrobin certificate from bucket using rclone
+        write_roundrobin_reader_script(domain_roundrobin)
+        subprocess.run(['bash', config.http_host_bin / 'roundrobin_reader.sh'], check=True)

        curl_text_mix += create_nginx_conf(
-            template_path=config.nginx_confs / 'ledns.conf',
-            local='ofm_ledns',
-            domain=domain_ledns,
+            template_path=config.nginx_confs / 'roundrobin.conf',
+            local='ofm_roundrobin',
+            domain=domain_roundrobin,
        )

    # processing Let's Encrypt config
@@ -317,13 +317,13 @@ def create_latest_locations(*, local: str, domain: str) -> str:
    return location_str


-def write_ledns_reader_script(domain_ledns):
+def write_roundrobin_reader_script(domain_roundrobin):
    script = f"""
 #!/usr/bin/env bash
 export RCLONE_CONFIG=/data/ofm/config/rclone.conf
-rclone copyto -v "remote:ofm-private/ledns/{domain_ledns}/ofm_ledns.cert" /data/nginx/certs/ofm_ledns.cert
-rclone copyto -v "remote:ofm-private/ledns/{domain_ledns}/ofm_ledns.key" /data/nginx/certs/ofm_ledns.key
+rclone copyto -v "remote:ofm-private/roundrobin/{domain_roundrobin}/ofm_roundrobin.cert" /data/nginx/certs/ofm_roundrobin.cert
+rclone copyto -v "remote:ofm-private/roundrobin/{domain_roundrobin}/ofm_roundrobin.key" /data/nginx/certs/ofm_roundrobin.key
    """.strip()

-    with open(config.http_host_bin / 'ledns_reader.sh', 'w') as fp:
+    with open(config.http_host_bin / 'roundrobin_reader.sh', 'w') as fp:
        fp.write(script)
--- a/modules/http_host/http_host_lib/nginx_confs/roundrobin.conf
+++ b/modules/http_host/http_host_lib/nginx_confs/roundrobin.conf
@@ -8,8 +8,8 @@ server {
    listen [::]:443 ssl;
    http2 on;

-    ssl_certificate /data/nginx/certs/ofm_ledns.cert;
-    ssl_certificate_key /data/nginx/certs/ofm_ledns.key;
+    ssl_certificate /data/nginx/certs/ofm_roundrobin.cert;
+    ssl_certificate_key /data/nginx/certs/ofm_roundrobin.key;

    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
@@ -24,9 +24,9 @@ server {

    # access log doesn't contain IP address
    #access_log off;
-    access_log /data/ofm/http_host/logs_nginx/ledns-access.jsonl access_json buffer=128k;
+    access_log /data/ofm/http_host/logs_nginx/roundrobin-access.jsonl access_json buffer=128k;

-    error_log /data/ofm/http_host/logs_nginx/ledns-error.log;
+    error_log /data/ofm/http_host/logs_nginx/roundrobin-error.log;

    __LOCATION_BLOCKS__

@@ -51,6 +51,6 @@ server {
    # catch-all block to deny all other requests
    location / {
        deny all;
-        error_log /data/ofm/http_host/logs_nginx/ledns-deny.log error;
+        error_log /data/ofm/http_host/logs_nginx/roundrobin-deny.log error;
    }
 }
--- a/modules/loadbalancer/loadbalancer_lib/config.py
+++ b/modules/loadbalancer/loadbalancer_lib/config.py
@@ -19,8 +19,8 @@ class Configuration:
    telegram_token = ofm_config['telegram_token']
    telegram_chat_id = ofm_config['telegram_chat_id']

-    domain_ledns = ofm_config['domain_ledns']
-    domain_root = '.'.join(domain_ledns.split('.')[-2:])
+    domain_roundrobin = ofm_config['domain_roundrobin']
+    domain_root = '.'.join(domain_roundrobin.split('.')[-2:])

    cloudflare_ini = dotenv_values(ofm_config_dir / 'cloudflare.ini')
    cloudflare_api_token = cloudflare_ini['dns_cloudflare_api_token']
--- a/modules/loadbalancer/loadbalancer_lib/loadbalance.py
+++ b/modules/loadbalancer/loadbalancer_lib/loadbalance.py
@@ -72,9 +72,9 @@ def run_area(area):
        try:
            # don't check latest
            if relaxed_mode:
-                check_host_version(config.domain_ledns, host_ip, area, version)
+                check_host_version(config.domain_roundrobin, host_ip, area, version)
            else:
-                check_host_latest(config.domain_ledns, host_ip, area, version)
+                check_host_latest(config.domain_roundrobin, host_ip, area, version)

            results[host_ip] = True
        except Exception as e:
@@ -91,11 +91,11 @@ def update_records(working_hosts) -> bool:

    updated |= set_records_round_robin(
        zone_id=zone_id,
-        name=config.domain_ledns,
+        name=config.domain_roundrobin,
        host_ip_set=working_hosts,
        proxied=False,
        ttl=300,
-        comment='domain_ledns',
+        comment='domain_roundrobin',
        cloudflare_api_token=config.cloudflare_api_token,
    )

--- a/modules/roundrobin/rclone_write.sh
+++ b/modules/roundrobin/rclone_write.sh
@@ -1,11 +1,11 @@
 #!/usr/bin/env bash

-#env > /data/ofm/ledns/env.txt
+#env > /data/ofm/roundrobin/env.txt
 #RENEWED_DOMAINS=direct.openfreemap.org
-#RENEWED_LINEAGE=/etc/letsencrypt/live/ofm_ledns
+#RENEWED_LINEAGE=/etc/letsencrypt/live/ofm_roundrobin

 export RCLONE_CONFIG=/data/ofm/config/rclone.conf

-rclone copyto -v --copy-links "$RENEWED_LINEAGE/fullchain.pem" "remote:ofm-private/ledns/$RENEWED_DOMAINS/ofm_ledns.cert"
-rclone copyto -v --copy-links "$RENEWED_LINEAGE/privkey.pem" "remote:ofm-private/ledns/$RENEWED_DOMAINS/ofm_ledns.key"
+rclone copyto -v --copy-links "$RENEWED_LINEAGE/fullchain.pem" "remote:ofm-private/roundrobin/$RENEWED_DOMAINS/ofm_roundrobin.cert"
+rclone copyto -v --copy-links "$RENEWED_LINEAGE/privkey.pem" "remote:ofm-private/roundrobin/$RENEWED_DOMAINS/ofm_roundrobin.key"

--- a/modules/tile_gen/tile_gen_lib/set_version.py
+++ b/modules/tile_gen/tile_gen_lib/set_version.py
@@ -43,7 +43,7 @@ def set_version(area, version):
 def check_all_hosts(area, version) -> bool:
    oc = config.ofm_config

-    domain = oc['domain_ledns'] or oc['domain_le']
+    domain = oc['domain_roundrobin'] or oc['domain_le']
    print(f'Using domain: {domain}')

    try:
--- a/ssh_lib/tasks.py
+++ b/ssh_lib/tasks.py
@@ -98,7 +98,7 @@ def prepare_http_host(c):

    upload_http_host_files(c)

-    if dotenv_val('DOMAIN_LEDNS'):
+    if dotenv_val('DOMAIN_ROUNDROBIN'):
        assert (CONFIG_DIR / 'rclone.conf').exists()
        put(
            c,
@@ -106,7 +106,7 @@ def prepare_http_host(c):
            f'{REMOTE_CONFIG}/rclone.conf',
            permissions=400,
        )
-        put(c, MODULES_DIR / 'http_host' / 'cron.d' / 'ofm_ledns_reader', '/etc/cron.d/')
+        put(c, MODULES_DIR / 'http_host' / 'cron.d' / 'ofm_roundrobin_reader', '/etc/cron.d/')

    c.sudo(f'{VENV_BIN}/pip install -e {HTTP_HOST_BIN} --use-pep517')

@@ -142,11 +142,11 @@ def install_benchmark(c):
    wrk(c)


-def setup_ledns_writer(c):
+def setup_roundrobin_writer(c):
    le_email = dotenv_val('LE_EMAIL').lower()
-    domain_ledns = dotenv_val('DOMAIN_LEDNS').lower()
+    domain_roundrobin = dotenv_val('DOMAIN_ROUNDROBIN').lower()
    assert le_email
-    assert domain_ledns
+    assert domain_roundrobin
    assert (CONFIG_DIR / 'rclone.conf').exists()
    assert (CONFIG_DIR / 'cloudflare.ini').exists()

@@ -169,18 +169,18 @@ def setup_ledns_writer(c):
        permissions=400,
    )

-    c.sudo('rm -rf /data/ofm/ledns')
+    c.sudo('rm -rf /data/ofm/roundrobin')

    put(
        c,
-        MODULES_DIR / 'ledns' / 'rclone_write.sh',
-        '/data/ofm/ledns/rclone_write.sh',
+        MODULES_DIR / 'roundrobin' / 'rclone_write.sh',
+        '/data/ofm/roundrobin/rclone_write.sh',
        create_parent_dir=True,
        permissions=500,
    )

    # only use with --staging
-    # c.sudo('certbot delete --noninteractive --cert-name ofm_ledns', warn=True)
+    # c.sudo('certbot delete --noninteractive --cert-name ofm_roundrobin', warn=True)

    sudo_cmd(
        c,
@@ -191,23 +191,23 @@ def setup_ledns_writer(c):
        f'--noninteractive '
        f'-m {le_email} '
        f'--agree-tos '
-        f'--cert-name=ofm_ledns '
-        f'--deploy-hook /data/ofm/ledns/rclone_write.sh '
-        f'-d {domain_ledns}',
-        # f'-d {domain2_ledns}',
-        # f'-d {domain2_ledns}',
+        f'--cert-name=ofm_roundrobin '
+        f'--deploy-hook /data/ofm/roundrobin/rclone_write.sh '
+        f'-d {domain_roundrobin}',
+        # f'-d {domain2_roundrobin}',
+        # f'-d {domain2_roundrobin}',
    )


 def upload_config_json(c):
    domain_le = dotenv_val('DOMAIN_LE').lower()
-    domain_ledns = dotenv_val('DOMAIN_LEDNS').lower()
+    domain_roundrobin = dotenv_val('DOMAIN_ROUNDROBIN').lower()
    skip_planet = dotenv_val('SKIP_PLANET').lower() == 'true'
    skip_letsencrypt = dotenv_val('SKIP_LETSENCRYPT').lower() == 'true'
    le_email = dotenv_val('LE_EMAIL').lower()

-    if not (domain_le or domain_ledns):
-        sys.exit('Please specify DOMAIN_LE or DOMAIN_LEDNS in config/.env')
+    if not (domain_le or domain_roundrobin):
+        sys.exit('Please specify DOMAIN_LE or DOMAIN_ROUNDROBIN in config/.env')

    if domain_le and not le_email and not skip_letsencrypt:
        sys.exit('Please add your email to LE_EMAIL when using DOMAIN_LE')
@@ -216,7 +216,7 @@ def upload_config_json(c):

    config = {
        'domain_le': domain_le,
-        'domain_ledns': domain_ledns,
+        'domain_roundrobin': domain_roundrobin,
        'le_email': le_email,
        'skip_planet': skip_planet,
        'skip_letsencrypt': skip_letsencrypt,