Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

road to swarm - automatic reload after jobs

Browse Source
This commit is contained in:
bunkerity 2021-03-17 12:16:56 +01:00
parent 93ad3c0b51
commit c40fb33175
15 changed files with 59 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
autoconf/AutoConf.py
View File

@ -12,7 +12,7 @@ class AutoConf :
self.__config = Config(self.__swarm, api) self.__config = Config(self.__swarm, api)
def reload(self) : def reload(self) :
return self.__config.reload(self.instances) return self.__config.reload(self.__instances)
def pre_process(self, objs) : def pre_process(self, objs) :
for instance in objs : for instance in objs :

2
autoconf/Config.py
View File

@ -23,7 +23,7 @@ class Config :
if self.globalconf(instances) : if self.globalconf(instances) :
i = 0 i = 0
started = False started = False
while i < 5 : while i < 10 :
if self.__ping(instances) : if self.__ping(instances) :
started = True started = True
break break

8
autoconf/Dockerfile
View File

@ -17,7 +17,13 @@ RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \
chmod 770 /var/log/letsencrypt && \ chmod 770 /var/log/letsencrypt && \
mkdir /var/lib/letsencrypt && \ mkdir /var/lib/letsencrypt && \
chown root:nginx /var/lib/letsencrypt && \ chown root:nginx /var/lib/letsencrypt && \
chmod 770 /var/lib/letsencrypt chmod 770 /var/lib/letsencrypt && \
mkdir /cache && \
chown root:nginx /cache && \
chmod 770 /cache && \
touch /var/log/jobs.log && \
chown root:nginx /var/log/jobs.log && \
chmod 770 /var/log/jobs.log
COPY scripts/* /opt/scripts/ COPY scripts/* /opt/scripts/
COPY confs/site/ /opt/confs/site COPY confs/site/ /opt/confs/site

8
autoconf/Dockerfile-amd64
View File

@ -1,5 +1,9 @@
FROM nginx:stable-alpine AS builder
FROM amd64/alpine FROM amd64/alpine
COPY --from=builder /etc/nginx/ /opt/confs/nginx
RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \ RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \
pip3 install docker requests && \ pip3 install docker requests && \
mkdir /opt/entrypoint && \ mkdir /opt/entrypoint && \
@ -14,10 +18,12 @@ RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \
chown root:nginx /var/lib/letsencrypt && \ chown root:nginx /var/lib/letsencrypt && \
chmod 770 /var/lib/letsencrypt chmod 770 /var/lib/letsencrypt
COPY scripts/* /opt/scripts/
COPY confs/global/ /opt/confs/global
COPY confs/site/ /opt/confs/site COPY confs/site/ /opt/confs/site
COPY entrypoint/* /opt/entrypoint/ COPY entrypoint/* /opt/entrypoint/
COPY autoconf/* /opt/entrypoint/ COPY autoconf/* /opt/entrypoint/
RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh /opt/scripts/*.sh
VOLUME /etc/nginx VOLUME /etc/nginx

7
autoconf/Dockerfile-arm32v7
View File

@ -3,9 +3,12 @@ FROM alpine AS builder
ENV QEMU_URL https://github.com/balena-io/qemu/releases/download/v4.0.0%2Bbalena2/qemu-4.0.0.balena2-arm.tar.gz ENV QEMU_URL https://github.com/balena-io/qemu/releases/download/v4.0.0%2Bbalena2/qemu-4.0.0.balena2-arm.tar.gz
RUN apk add curl && curl -L ${QEMU_URL} | tar zxvf - -C . --strip-components 1 RUN apk add curl && curl -L ${QEMU_URL} | tar zxvf - -C . --strip-components 1
FROM nginx:stable-alpine AS builder2
FROM arm32v7/alpine FROM arm32v7/alpine
COPY --from=builder qemu-arm-static /usr/bin COPY --from=builder qemu-arm-static /usr/bin
COPY --from=builder2 /etc/nginx/ /opt/confs/nginx
RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \ RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \
pip3 install docker requests && \ pip3 install docker requests && \
@ -21,10 +24,12 @@ RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \
chown root:nginx /var/lib/letsencrypt && \ chown root:nginx /var/lib/letsencrypt && \
chmod 770 /var/lib/letsencrypt chmod 770 /var/lib/letsencrypt
COPY scripts/* /opt/scripts/
COPY confs/global/ /opt/confs/global
COPY confs/site/ /opt/confs/site COPY confs/site/ /opt/confs/site
COPY entrypoint/* /opt/entrypoint/ COPY entrypoint/* /opt/entrypoint/
COPY autoconf/* /opt/entrypoint/ COPY autoconf/* /opt/entrypoint/
RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh /opt/scripts/*.sh
VOLUME /etc/nginx VOLUME /etc/nginx

7
autoconf/Dockerfile-arm64v8
View File

@ -3,9 +3,12 @@ FROM alpine AS builder
ENV QEMU_URL https://github.com/balena-io/qemu/releases/download/v4.0.0%2Bbalena2/qemu-4.0.0.balena2-aarch64.tar.gz ENV QEMU_URL https://github.com/balena-io/qemu/releases/download/v4.0.0%2Bbalena2/qemu-4.0.0.balena2-aarch64.tar.gz
RUN apk add curl && curl -L ${QEMU_URL} | tar zxvf - -C . --strip-components 1 RUN apk add curl && curl -L ${QEMU_URL} | tar zxvf - -C . --strip-components 1
FROM nginx:stable-alpine AS builder2
FROM arm64v8/alpine FROM arm64v8/alpine
COPY --from=builder qemu-aarch64-static /usr/bin COPY --from=builder qemu-aarch64-static /usr/bin
COPY --from=builder2 /etc/nginx/ /opt/confs/nginx
RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \ RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \
pip3 install docker requests && \ pip3 install docker requests && \
@ -21,10 +24,12 @@ RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \
chown root:nginx /var/lib/letsencrypt && \ chown root:nginx /var/lib/letsencrypt && \
chmod 770 /var/lib/letsencrypt chmod 770 /var/lib/letsencrypt
COPY scripts/* /opt/scripts/
COPY confs/global/ /opt/confs/global
COPY confs/site/ /opt/confs/site COPY confs/site/ /opt/confs/site
COPY entrypoint/* /opt/entrypoint/ COPY entrypoint/* /opt/entrypoint/
COPY autoconf/* /opt/entrypoint/ COPY autoconf/* /opt/entrypoint/
RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh /opt/scripts/*.sh
VOLUME /etc/nginx VOLUME /etc/nginx

8
autoconf/Dockerfile-i386
View File

@ -1,5 +1,9 @@
FROM nginx:stable-alpine AS builder
FROM i386/alpine FROM i386/alpine
COPY --from=builder /etc/nginx/ /opt/confs/nginx
RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \ RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \
pip3 install docker requests && \ pip3 install docker requests && \
mkdir /opt/entrypoint && \ mkdir /opt/entrypoint && \
@ -14,10 +18,12 @@ RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \
chown root:nginx /var/lib/letsencrypt && \ chown root:nginx /var/lib/letsencrypt && \
chmod 770 /var/lib/letsencrypt chmod 770 /var/lib/letsencrypt
COPY scripts/* /opt/scripts/
COPY confs/global/ /opt/confs/global
COPY confs/site/ /opt/confs/site COPY confs/site/ /opt/confs/site
COPY entrypoint/* /opt/entrypoint/ COPY entrypoint/* /opt/entrypoint/
COPY autoconf/* /opt/entrypoint/ COPY autoconf/* /opt/entrypoint/
RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh /opt/scripts/*.sh
VOLUME /etc/nginx VOLUME /etc/nginx

29
autoconf/ReloadServer.py
View File

@ -1,20 +1,25 @@
import socketserver, threading import socketserver, threading, utils, os, stat
class ReloadServerHandler(socketserver.BaseRequestHandler): class ReloadServerHandler(socketserver.StreamRequestHandler):
def handle(self) : def handle(self) :
data = self.request.recv(512) try :
if not data : data = self.request.recv(512)
return if not data :
with self.server.lock : return
ret = self.server.autoconf.reload() with self.server.lock :
if ret : ret = self.server.autoconf.reload()
self.request.sendall("ok") if ret :
else : self.request.sendall("ok".encode("utf-8"))
self.request.sendall("ko") else :
self.request.sendall("ko".encode("utf-8"))
except Exception as e :
utils.log("Exception " + str(e))
def run_reload_server(autoconf, lock) : def run_reload_server(autoconf, lock) :
server = socketserver.UnixStreamServer("/tmp/autoconf.pid", ReloadServerHandler) server = socketserver.UnixStreamServer("/tmp/autoconf.sock", ReloadServerHandler)
os.chown("/tmp/autoconf.sock", 0, 101)
os.chmod("/tmp/autoconf.sock", 0o770)
server.autoconf = autoconf server.autoconf = autoconf
server.lock = lock server.lock = lock
thread = threading.Thread(target=server.serve_forever) thread = threading.Thread(target=server.serve_forever)

2
scripts/abusers.sh
View File

@ -10,7 +10,7 @@ cp /etc/nginx/block-abusers.conf /cache
if [ -f /tmp/nginx.pid ] ; then if [ -f /tmp/nginx.pid ] ; then
RELOAD="/usr/sbin/nginx -s reload > /dev/null 2>&1" RELOAD="/usr/sbin/nginx -s reload > /dev/null 2>&1"
# if we are in autoconf # if we are in autoconf
elif [ -f /tmp/autoconf.sock ] ; then elif [ -S /tmp/autoconf.sock ] ; then
RELOAD="/opt/entrypoint/reload.py" RELOAD="/opt/entrypoint/reload.py"
fi fi

2
scripts/certbot-renew-hook.sh
View File

@ -9,7 +9,7 @@ job_log "[CERTBOT] certificates have been renewed"
if [ -f /tmp/nginx.pid ] ; then if [ -f /tmp/nginx.pid ] ; then
RELOAD="/usr/sbin/nginx -s reload > /dev/null 2>&1" RELOAD="/usr/sbin/nginx -s reload > /dev/null 2>&1"
# if we are in autoconf # if we are in autoconf
elif [ -f /tmp/autoconf.sock ] ; then elif [ -S /tmp/autoconf.sock ] ; then
RELOAD="echo reload > /tmp/autoconf.sock" RELOAD="echo reload > /tmp/autoconf.sock"
fi fi

2
scripts/exit-nodes.sh
View File

@ -10,7 +10,7 @@ cp /etc/nginx/block-tor-exit-node.conf /cache
if [ -f /tmp/nginx.pid ] ; then if [ -f /tmp/nginx.pid ] ; then
RELOAD="/usr/sbin/nginx -s reload > /dev/null 2>&1" RELOAD="/usr/sbin/nginx -s reload > /dev/null 2>&1"
# if we are in autoconf # if we are in autoconf
elif [ -f /tmp/autoconf.sock ] ; then elif [ -S /tmp/autoconf.sock ] ; then
RELOAD="/opt/entrypoint/reload.py" RELOAD="/opt/entrypoint/reload.py"
fi fi

2
scripts/geoip.sh
View File

@ -7,7 +7,7 @@
if [ -f /tmp/nginx.pid ] ; then if [ -f /tmp/nginx.pid ] ; then
RELOAD="/usr/sbin/nginx -s reload > /dev/null 2>&1" RELOAD="/usr/sbin/nginx -s reload > /dev/null 2>&1"
# if we are in autoconf # if we are in autoconf
elif [ -f /tmp/autoconf.sock ] ; then elif [ -S /tmp/autoconf.sock ] ; then
RELOAD="/opt/entrypoint/reload.py" RELOAD="/opt/entrypoint/reload.py"
fi fi

2
scripts/proxies.sh
View File

@ -10,7 +10,7 @@ cp /etc/nginx/block-proxies.conf /cache
if [ -f /tmp/nginx.pid ] ; then if [ -f /tmp/nginx.pid ] ; then
RELOAD="/usr/sbin/nginx -s reload > /dev/null 2>&1" RELOAD="/usr/sbin/nginx -s reload > /dev/null 2>&1"
# if we are in autoconf # if we are in autoconf
elif [ -f /tmp/autoconf.sock ] ; then elif [ -S /tmp/autoconf.sock ] ; then
RELOAD="/opt/entrypoint/reload.py" RELOAD="/opt/entrypoint/reload.py"
fi fi

2
scripts/referrers.sh
View File

@ -10,7 +10,7 @@ cp /etc/nginx/map-referrer.conf /cache
if [ -f /tmp/nginx.pid ] ; then if [ -f /tmp/nginx.pid ] ; then
RELOAD="/usr/sbin/nginx -s reload > /dev/null 2>&1" RELOAD="/usr/sbin/nginx -s reload > /dev/null 2>&1"
# if we are in autoconf # if we are in autoconf
elif [ -f /tmp/autoconf.sock ] ; then elif [ -S /tmp/autoconf.sock ] ; then
RELOAD="/opt/entrypoint/reload.py" RELOAD="/opt/entrypoint/reload.py"
fi fi

2
scripts/user-agents.sh
View File

@ -10,7 +10,7 @@ cp /etc/nginx/map-user-agent.conf /cache
if [ -f /tmp/nginx.pid ] ; then if [ -f /tmp/nginx.pid ] ; then
RELOAD="/usr/sbin/nginx -s reload > /dev/null 2>&1" RELOAD="/usr/sbin/nginx -s reload > /dev/null 2>&1"
# if we are in autoconf # if we are in autoconf
elif [ -f /tmp/autoconf.sock ] ; then elif [ -S /tmp/autoconf.sock ] ; then
RELOAD="/opt/entrypoint/reload.py" RELOAD="/opt/entrypoint/reload.py"
fi fi