road to swarm support - needs a lot of testing

autoconf/AutoConf.py

@@ -2,11 +2,11 @@ from Config import Config
 
 class AutoConf :
 
-	def __init__(self, swarm) :
+	def __init__(self, swarm, api) :
 		self.__swarm = swarm
 		self.__instances = {}
 		self.__sites = {}
-		self.__config = Config(self.__swarm)
+		self.__config = Config(self.__swarm, api)
 
 	def pre_process(self, objs) :
 		for instance in objs :
@@ -52,6 +52,12 @@ class AutoConf :
 	def __process_instance(self, instance, event, id, name, labels) :
 		if event == "create" :
 			self.__instances[id] = obj
+			if self.__swarm :
+				if self.__config.global(self.__instances) :
+					utils.log("[*] global config generated")
+					self.__config.reload(self.__instances)
+				else :
+					utils.log("[!] can't generate global config")
 			utils.log("[*] bunkerized-nginx instance created : " + name + " / " + id)
 		elif event == "start" :
 			self.__instances[id].reload()

autoconf/Config.py

@@ -5,8 +5,26 @@ import subprocess, shutil, os, traceback
 
 class Config :
 
-	def __init__(self, swarm) :
+	def __init__(self, swarm, api) :
 		self.__swarm = swarm
+		self.__api = api
+
+	def global(self, instances) :
+		try :
+			for instance_id, instance in instances.items() :
+				env = instance.attrs["Spec"]["TaskTemplate"]["ContainerSpec"]["Env"]
+				break
+			vars
+			for var_value in env :
+				var = var_value.split("=")[0]
+				value = var_value.replace(var + "=", "", 1)
+				vars[var] = value
+			proc = subprocess.run(["/opt/entrypoint/global-config"], vars["SERVER_NAME"]], env=vars, capture_output=True)
+			return proc.returncode == 0
+		except Exception as e :
+			traceback.print_exc()
+			utils.log("[!] Error while generating config : " + str(e))
+		return False
 
 	def generate(self, instances, vars) :
 		try :
@@ -27,7 +45,8 @@ class Config :
 			# Call site-config.sh to generate the config
 			proc = subprocess.run(["/opt/entrypoint/site-config.sh", vars["SERVER_NAME"]], env=vars_defaults, capture_output=True)
 			if proc.returncode == 0 :
-				return True
+				proc = subprocess.run(["/opt/entrypoint/multisite-config.sh"], capture_output=True)
+				return proc.returncode == 0
 		except Exception as e :
 			traceback.print_exc()
 			utils.log("[!] Error while generating config : " + str(e))
@@ -43,7 +62,7 @@ class Config :
 			# Include the server conf
 			utils.replace_in_file("/etc/nginx/nginx.conf", "}", "include /etc/nginx/" + vars["SERVER_NAME"] + "/server.conf;\n}")
 
-			return self.__reload(instances)
+			return self.reload(instances)
 		except Exception as e :
 			utils.log("[!] Error while activating config : " + str(e))
 		return False
@@ -58,7 +77,7 @@ class Config :
 			# Remove the include
 			utils.replace_in_file("/etc/nginx/nginx.conf", "include /etc/nginx/" + vars["SERVER_NAME"] + "/server.conf;\n", "")
 
-			return self.__reload(instances)
+			return self.reload(instances)
 
 		except Exception as e :
 			utils.log("[!] Error while deactivating config : " + str(e))
@@ -78,7 +97,7 @@ class Config :
 			utils.log("[!] Error while deactivating config : " + str(e))
 		return False
 
-	def __reload(self, instances) :
+	def reload(self, instances) :
 		ret = True
 		for instance_id, instance in instances.items() :
 			# Reload the instance object just in case
@@ -91,11 +110,12 @@ class Config :
 					nodeID = task["NodeID"]
 					taskID = task["ID"]
 					fqdn = name + "." + nodeID + "." + taskID
-					req = requests.post("http://" + fqdn + ":8000/reload")
+					req = requests.post("http://" + fqdn + ":8080" + api + "/reload")
 					if req and req.status_code == 200 :
 						utils.log("[*] Sent reload order to instance " + fqdn + " (service.node.task)")
 					else :
 						utils.log("[!] Can't reload : API error for instance " + fqdn + " (service.node.task)")
+						ret = False
 			# Send SIGHUP to running instance
 			elif instance.status == "running" :
 				try :

autoconf/Dockerfile

@@ -1,18 +1,17 @@
 FROM alpine
 
-RUN apk add py3-pip apache2-utils bash && \
+RUN apk add py3-pip apache2-utils bash certbot curl logrotate && \
     pip3 install docker && \
     mkdir /opt/entrypoint && \
-    mkdir -p /opt/confs/site
+    mkdir -p /opt/confs/site && \
+    mkdir -p /opt/confs/global
 
 COPY confs/site/ /opt/confs/site
+COPY confs/global/ /opt/confs/global
 COPY entrypoint/* /opt/entrypoint/
 COPY autoconf/* /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
 
-# Fix CVE-2020-1971
-RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
+VOLUME /etc/nginx /etc/letsencrypt
 
-VOLUME /etc/nginx
-
-ENTRYPOINT ["/opt/entrypoint/entrypoint.py"]
+ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"]

autoconf/app.py

@@ -18,11 +18,11 @@ except Exception as e :
 # Check if we are in Swarm mode
 swarm = os.getenv("SWARM_MODE") == "yes"
 
-# Setup cron tasks if we are in Swarm mode
-# TODO
-
 # Our object to process events
-autoconf = AutoConf(swarm)
+api = ""
+if swarm :
+	api = os.getenv("API_URI")
+autoconf = AutoConf(swarm, api)
 
 # Get all bunkerized-nginx instances and web services created before
 try :

autoconf/entrypoint.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+
+echo "[*] Starting autoconf ..."
+
+# trap SIGTERM and SIGINT
+function trap_exit() {
+	echo "[*] Catched stop operation"
+	echo "[*] Stopping crond ..."
+	pkill -TERM crond
+	echo "[*] Stopping python3 ..."
+	pkill -TERM python3
+	pkill -TERM tail
+}
+trap "trap_exit" TERM INT QUIT
+
+# remove old crontabs
+echo "" > /etc/crontabs/root
+
+# setup logrotate
+touch /var/log/jobs.log
+echo "0 0 * * * /usr/sbin/logrotate -f /etc/logrotate.conf > /dev/null 2>&1" >> /etc/crontabs/root
+
+# run autoconf app
+/opt/entrypoint/app.py &
+
+# display logs
+tail -F /var/log/jobs.log &
+pid="$!"
+wait "$pid"
+
+# stop
+echo "[*] autoconf stopped"
+exit 0