sysadmin/openfreemap
1
0
Fork 0
mirror of https://github.com/hyperknot/openfreemap.git synced 2026-05-21 14:02:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

work

Browse Source
This commit is contained in:
Zsolt Ero
2025-10-09 23:38:15 +02:00
parent b3e8bff774
commit c579698906
3 changed files with 42 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
init-server.py
View File

@@ -1,4 +1,5 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
import os
import click import click
from fabric import Config, Connection from fabric import Config, Connection
@@ -13,20 +14,19 @@ from ssh_lib.utils import (
def get_connection(hostname, user, port): def get_connection(hostname, user, port):
# ssh_passwd = dotenv_val('SSH_PASSWD') ssh_passwd = os.getenv('SSH_PASSWD')
# if ssh_passwd: if ssh_passwd:
# print('Using SSH password') print('Using SSH password')
#
# c = Connection(
# host=hostname,
# user=user,
# port=port,
# connect_kwargs={'password': ssh_passwd},
# config=Config(overrides={'sudo': {'password': ssh_passwd}}),
# )
# else:
c = Connection(
host=hostname,
user=user,
port=port,
connect_kwargs={'password': ssh_passwd},
config=Config(overrides={'sudo': {'password': ssh_passwd}}),
)
else:
c = Connection( c = Connection(
host=hostname, host=hostname,
user=user, user=user,

13
modules/http_host/http_host_lib/nginx_config_gen.py
View File

@@ -12,13 +12,10 @@ def write_nginx_config():
if not config.mnt_dir.exists(): if not config.mnt_dir.exists():
sys.exit(' mount needs to be run first') sys.exit(' mount needs to be run first')
# remove old configs and certs # remove old configs
for file in config.nginx_sites_dir.glob('ofm-*.conf'): for file in config.nginx_sites_dir.glob('ofm-*.conf'):
file.unlink() file.unlink()
for file in config.nginx_certs_dir.glob('ofm-*'):
file.unlink()
conf = config.json_config conf = config.json_config
curl_help_text = '' curl_help_text = ''
@@ -38,10 +35,10 @@ def write_nginx_config():
def process_domain(domain_data) -> str: def process_domain(domain_data) -> str:
if domain_data['cert']['type'] == 'upload': if domain_data['cert']['type'] == 'upload':
domain_data['cert_file'] = config.nginx_certs_dir / f'{domain_data["slug"]}.cert' if (
domain_data['key_file'] = config.nginx_certs_dir / f'{domain_data["slug"]}.key' not Path(domain_data['cert_file']).is_file()
or not Path(domain_data['key_file']).is_file()
if not domain_data['cert_file'].is_file() or not domain_data['key_file'].is_file(): ):
sys.exit( sys.exit(
f' cert or key file does not exist: {domain_data["cert_file"]} {domain_data["key_file"]}' f' cert or key file does not exist: {domain_data["cert_file"]} {domain_data["key_file"]}'
) )

38
ssh_lib/tasks_http_host.py
View File

@@ -1,5 +1,4 @@
import json import json
import sys
from pathlib import Path from pathlib import Path
import json5 import json5
@@ -8,7 +7,7 @@ from jsonschema import ValidationError, validate
from ssh_lib.benchmark import c1000k, wrk from ssh_lib.benchmark import c1000k, wrk
from ssh_lib.config import config from ssh_lib.config import config
from ssh_lib.kernel import kernel_limits1m, kernel_somaxconn65k from ssh_lib.kernel import kernel_limits1m, kernel_somaxconn65k
from ssh_lib.nginx import certbot, nginx from ssh_lib.nginx import nginx
from ssh_lib.slugify import slugify from ssh_lib.slugify import slugify
from ssh_lib.utils import put, put_dir, put_str, sudo_cmd from ssh_lib.utils import put, put_dir, put_str, sudo_cmd
@@ -29,50 +28,49 @@ def prepare_http_host(c):
c.sudo(f'chown nginx:nginx {config.http_host_dir}/logs_nginx') c.sudo(f'chown nginx:nginx {config.http_host_dir}/logs_nginx')
upload_http_host_files(c) upload_http_host_files(c)
c.sudo(f'{config.venv_bin}/pip install -e {config.http_host_bin} --use-pep517') c.sudo(f'{config.venv_bin}/pip install -e {config.http_host_bin} --use-pep517', echo=True)
upload_config_and_certs(c) upload_config_and_certs(c)
def upload_config_and_certs(c): def upload_config_and_certs(c):
if not config.local_config_jsonc.is_file(): if not config.local_config_jsonc.is_file():
print(f'{config.local_config_jsonc} not found. Make sure it exists in the /config dir') raise FileNotFoundError(
return f'{config.local_config_jsonc} not found. Make sure it exists in the /config dir'
)
# Load and parse the JSONC/JSON5 config file # Load and parse the JSONC/JSON5 config file
try: try:
config_data = json5.loads(config.local_config_jsonc.read_text()) config_data = json5.loads(config.local_config_jsonc.read_text())
except Exception as e: except Exception as e:
print(f'Error parsing config file: {e}') raise RuntimeError(f'Error parsing config file: {e}') from e
return
# Load the JSON schema # Load the JSON schema
try: try:
schema = json.loads(config.config_schema_json.read_text()) schema = json.loads(config.config_schema_json.read_text())
except Exception as e: except Exception as e:
print(f'Error loading schema file: {e}') raise RuntimeError(f'Error loading schema file: {e}') from e
return
# Validate the config against the schema # Validate the config against the schema
try: try:
validate(instance=config_data, schema=schema) validate(instance=config_data, schema=schema)
print('✓ Configuration is valid') print('✓ Configuration is valid')
except ValidationError as e: except ValidationError as e:
print('Configuration validation failed:') error_msg = f'Configuration validation failed: {e.message}'
print(f' Error: {e.message}')
if e.path: if e.path:
print(f' Path: {".".join(str(p) for p in e.path)}') error_msg += f'\nPath: {".".join(str(p) for p in e.path)}'
return raise RuntimeError(error_msg) from e
except Exception as e: except Exception as e:
print(f'Validation error: {e}') raise RuntimeError(f'Validation error: {e}') from e
return
# clean old certs
c.sudo('rm -rf /data/nginx/certs/ofm-*')
# pre-generate all the slugs # pre-generate all the slugs
for domain_data in config_data['domains']: for domain_data in config_data['domains']:
domain_data['slug'] = slugify(domain_data['domain'], separator='_') domain_data['slug'] = slugify(domain_data['domain'], separator='_')
if domain_data['cert']['type'] == 'upload': if domain_data['cert']['type'] == 'upload':
print(domain_data)
local_cert_path = Path(domain_data['cert']['cert_path']) local_cert_path = Path(domain_data['cert']['cert_path'])
# handle relative paths - make them relative to config.local_config_dir # handle relative paths - make them relative to config.local_config_dir
@@ -83,8 +81,9 @@ def upload_config_and_certs(c):
local_key_path = local_cert_path.parent / f'{cert_basename}.key' local_key_path = local_cert_path.parent / f'{cert_basename}.key'
if not local_cert_path.is_file() or not local_key_path.is_file(): if not local_cert_path.is_file() or not local_key_path.is_file():
print( raise FileNotFoundError(
f'cert or key file for {domain_data["domain"]} is not found.\nMake sure these files exists:\n{local_cert_path}\n{local_key_path}\n------' f'cert or key file for {domain_data["domain"]} is not found.\n'
f'Make sure these files exists:\n{local_cert_path}\n{local_key_path}'
) )
remote_cert_path = f'/data/nginx/certs/ofm-{domain_data["slug"]}.cert' remote_cert_path = f'/data/nginx/certs/ofm-{domain_data["slug"]}.cert'
@@ -93,6 +92,9 @@ def upload_config_and_certs(c):
put(c, local_cert_path, remote_cert_path) put(c, local_cert_path, remote_cert_path)
put(c, local_key_path, remote_key_path) put(c, local_key_path, remote_key_path)
domain_data['cert_file'] = remote_cert_path
domain_data['key_file'] = remote_key_path
# generate a normal JSON and upload it # generate a normal JSON and upload it
config_str = json.dumps(config_data, indent=2, ensure_ascii=False) config_str = json.dumps(config_data, indent=2, ensure_ascii=False)
put_str(c, f'{config.remote_config}/config.json', config_str) put_str(c, f'{config.remote_config}/config.json', config_str)