road to swarm - fixing things

autoconf/AutoConf.py

@@ -1,4 +1,5 @@
 from Config import Config
+import utils
 
 class AutoConf :
 
@@ -40,9 +41,9 @@ class AutoConf :
 
 	def __get_infos(self, obj) :
 		if self.__swarm :
-        	        id = obj["Actor"]["ID"]
-			name = obj["Actor"]["Attributes"]["name"]
-	                labels = obj.attrs["Spec"]["Labels"]
+			id = obj.id
+			name = obj.name
+			labels = obj.attrs["Spec"]["Labels"]
 		else :
 			id = obj.id
 			name = obj.name
@@ -51,11 +52,10 @@ class AutoConf :
 
 	def __process_instance(self, instance, event, id, name, labels) :
 		if event == "create" :
-			self.__instances[id] = obj
+			self.__instances[id] = instance
 			if self.__swarm :
-				if self.__config.global(self.__instances) :
+				if self.__config.globalconf(self.__instances) :
 					utils.log("[*] global config generated")
-					self.__config.reload(self.__instances)
 				else :
 					utils.log("[!] can't generate global config")
 			utils.log("[*] bunkerized-nginx instance created : " + name + " / " + id)
@@ -102,7 +102,7 @@ class AutoConf :
 					if self.__config.deactivate(instances, vars) :
 						utils.log("[*] Deactivated config for " + vars["SERVER_NAME"])
 					else :
-						utils.log("[!] Can't deactivate config for " + vars["SERVER_NAME"])+
+						utils.log("[!] Can't deactivate config for " + vars["SERVER_NAME"])
 				del self.__servers[id]
 				if self.__config.remove(vars) :
 					utils.log("[*] Removed config for " + vars["SERVER_NAME"])

autoconf/Config.py

@@ -1,7 +1,7 @@
 #!/usr/bin/python3
 
 import utils
-import subprocess, shutil, os, traceback
+import subprocess, shutil, os, traceback, requests
 
 class Config :
 
@@ -9,21 +9,24 @@ class Config :
 		self.__swarm = swarm
 		self.__api = api
 
-	def global(self, instances) :
+	def globalconf(self, instances) :
 		try :
 			for instance_id, instance in instances.items() :
 				env = instance.attrs["Spec"]["TaskTemplate"]["ContainerSpec"]["Env"]
 				break
-			vars
+			vars = {}
 			for var_value in env :
 				var = var_value.split("=")[0]
 				value = var_value.replace(var + "=", "", 1)
 				vars[var] = value
-			proc = subprocess.run(["/opt/entrypoint/global-config"], vars["SERVER_NAME"]], env=vars, capture_output=True)
-			return proc.returncode == 0
+			proc = subprocess.run(["/opt/entrypoint/global-config.sh"], env=vars, capture_output=True)
+			if proc.returncode == 0 :
+				with open("/etc/nginx/autoconf", "w") as f :
+					f.write("ok")
+				return True
 		except Exception as e :
 			traceback.print_exc()
-			utils.log("[!] Error while generating config : " + str(e))
+			utils.log("[!] Error while generating global config : " + str(e))
 		return False
 
 	def generate(self, instances, vars) :
@@ -49,7 +52,7 @@ class Config :
 				return proc.returncode == 0
 		except Exception as e :
 			traceback.print_exc()
-			utils.log("[!] Error while generating config : " + str(e))
+			utils.log("[!] Error while generating site config : " + str(e))
 		return False
 
 	def activate(self, instances, vars) :
@@ -110,7 +113,7 @@ class Config :
 					nodeID = task["NodeID"]
 					taskID = task["ID"]
 					fqdn = name + "." + nodeID + "." + taskID
-					req = requests.post("http://" + fqdn + ":8080" + api + "/reload")
+					req = requests.post("http://" + fqdn + ":8080" + self.__api + "/reload")
 					if req and req.status_code == 200 :
 						utils.log("[*] Sent reload order to instance " + fqdn + " (service.node.task)")
 					else :

autoconf/Dockerfile

@@ -1,7 +1,11 @@
+FROM nginx:stable-alpine AS builder
+
 FROM alpine
 
+COPY --from=builder /etc/nginx/ /opt/confs/nginx
+
 RUN apk add py3-pip apache2-utils bash certbot curl logrotate && \
-    pip3 install docker && \
+    pip3 install docker requests && \
     mkdir /opt/entrypoint && \
     mkdir -p /opt/confs/site && \
     mkdir -p /opt/confs/global
@@ -12,6 +16,4 @@ COPY entrypoint/* /opt/entrypoint/
 COPY autoconf/* /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
 
-VOLUME /etc/nginx /etc/letsencrypt
-
 ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"]

autoconf/Dockerfile-amd64

@@ -1,18 +1,16 @@
 FROM amd64/alpine
 
-RUN apk add py3-pip apache2-utils bash && \
-    pip3 install docker && \
+RUN apk add py3-pip apache2-utils bash certbot curl logrotate && \
+    pip3 install docker requests && \
     mkdir /opt/entrypoint && \
-    mkdir -p /opt/confs/site
+    mkdir -p /opt/confs/site  && \
+    mkdir -p /opt/confs/global
 
 COPY confs/site/ /opt/confs/site
 COPY entrypoint/* /opt/entrypoint/
 COPY autoconf/* /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
 
-# Fix CVE-2020-1971
-RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
-
 VOLUME /etc/nginx
 
-ENTRYPOINT ["/opt/entrypoint/entrypoint.py"]
+ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"]

autoconf/Dockerfile-arm32v7

@@ -7,19 +7,17 @@ FROM arm32v7/alpine
 
 COPY --from=builder qemu-arm-static /usr/bin
 
-RUN apk add py3-pip apache2-utils bash && \
-    pip3 install docker && \
+RUN apk add py3-pip apache2-utils bash certbot curl logrotate && \
+    pip3 install docker requests && \
     mkdir /opt/entrypoint && \
-    mkdir -p /opt/confs/site
+    mkdir -p /opt/confs/site && \
+    mkdir -p /opt/confs/global
 
 COPY confs/site/ /opt/confs/site
 COPY entrypoint/* /opt/entrypoint/
 COPY autoconf/* /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
 
-# Fix CVE-2020-1971
-RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
-
 VOLUME /etc/nginx
 
-ENTRYPOINT ["/opt/entrypoint/entrypoint.py"]
+ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"]

autoconf/Dockerfile-arm64v8

@@ -7,19 +7,17 @@ FROM arm64v8/alpine
 
 COPY --from=builder qemu-aarch64-static /usr/bin
 
-RUN apk add py3-pip apache2-utils bash && \
-    pip3 install docker && \
+RUN apk add py3-pip apache2-utils bash certbot curl logrotate && \
+    pip3 install docker requests && \
     mkdir /opt/entrypoint && \
-    mkdir -p /opt/confs/site
+    mkdir -p /opt/confs/site && \
+    mkdir -p /opt/confs/global
 
 COPY confs/site/ /opt/confs/site
 COPY entrypoint/* /opt/entrypoint/
 COPY autoconf/* /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
 
-# Fix CVE-2020-1971
-RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
-
 VOLUME /etc/nginx
 
-ENTRYPOINT ["/opt/entrypoint/entrypoint.py"]
+ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"]

autoconf/Dockerfile-i386

@@ -1,18 +1,16 @@
 FROM i386/alpine
 
-RUN apk add py3-pip apache2-utils bash && \
-    pip3 install docker && \
+RUN apk add py3-pip apache2-utils bash certbot curl logrotate && \
+    pip3 install docker requests && \
     mkdir /opt/entrypoint && \
-    mkdir -p /opt/confs/site
+    mkdir -p /opt/confs/site && \
+    mkdir -p /opt/confs/global
 
 COPY confs/site/ /opt/confs/site
 COPY entrypoint/* /opt/entrypoint/
 COPY autoconf/* /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
 
-# Fix CVE-2020-1971
-RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
-
 VOLUME /etc/nginx
 
-ENTRYPOINT ["/opt/entrypoint/entrypoint.py"]
+ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"]

autoconf/app.py

@@ -1,7 +1,7 @@
 #!/usr/bin/python3
 
 from AutoConf import AutoConf
-import utils, config
+import utils
 import docker, os, stat, sys
 
 # Connect to the endpoint

autoconf/entrypoint.sh

@@ -2,6 +2,8 @@
 
 echo "[*] Starting autoconf ..."
 
+cp /opt/confs/nginx/* /etc/nginx
+
 # trap SIGTERM and SIGINT
 function trap_exit() {
 	echo "[*] Catched stop operation"