changeset 1593:83412a0a2389 dockerise

Handle API keys etc, + tidying handling of generated files
author Chris Cannam
date Fri, 18 Aug 2017 15:02:20 +0100
parents 72d9219f2f19
children 69aee698921b
files .hgignore deploy/any/prepare.sh deploy/config/code.conf.in deploy/config/database.yml.in deploy/config/run-external.sh.in deploy/config/run-reposman.sh.in deploy/docker/start.sh deploy/provision.d/050-webapp-db.sh deploy/provision.d/100-apache-config.sh deploy/provision.d/120-docgen.sh deploy/provision.d/130-reposman.sh deploy/vagrant/start.sh deploy/vagrant/vagrant-provision.sh extra/soundsoftware/extract-docs.sh
diffstat 14 files changed, 118 insertions(+), 132 deletions(-) [+]
line wrap: on
line diff
--- a/.hgignore	Fri Aug 18 14:46:06 2017 +0100
+++ b/.hgignore	Fri Aug 18 15:02:20 2017 +0100
@@ -42,6 +42,4 @@
 *.pyc
 *-console.log
 postgres-dumpall
-deploy/config/code.conf
-deploy/config/database.yml
-deploy/docker/Dockerfile
+*.gen
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/any/prepare.sh	Fri Aug 18 15:02:20 2017 +0100
@@ -0,0 +1,75 @@
+#!/bin/bash
+
+# To be sourced into a container-specific start.sh file, not run
+# standalone
+
+usage() {
+    echo "Usage: $0 <database-password> <api-key> <api-httpauth-password>" 1>&2
+    exit 2
+}
+
+dbpass="$1"
+if [ -z "$dbpass" ]; then
+    usage
+fi
+
+apikey="$2"
+if [ -z "$apikey" ]; then
+    usage
+fi
+
+apipass="$3"
+if [ -z "$apipass" ]; then
+    usage
+fi
+
+set -eu -o pipefail
+
+rootdir="$mydir/../.."
+
+deploydir="$rootdir"/deploy
+if [ ! -d "$deploydir" ]; then
+    echo "ERROR: Unexpected repository layout - expected directory at $deploydir"
+    exit 2
+fi
+
+managerdir="$deploydir/vagrant"
+if [ ! -d "$managerdir" ]; then
+    echo "ERROR: Required directory $managerdir not found"
+    exit 2
+fi
+
+configdir="$deploydir/config"
+if [ ! -d "$configdir" ]; then
+    echo "ERROR: Required directory $configdir not found"
+    exit 2
+fi
+
+if [ ! -f "$rootdir/postgres-dumpall" ]; then
+    echo "ERROR: I expect to find a Postgres SQL multi-db dump file in $rootdir/postgres-dumpall"
+    exit 2
+fi
+
+fontdir="$rootdir"/public/themes/soundsoftware/stylesheets/fonts
+if [ ! -f "$fontdir/24BC0E_0_0.woff" ]; then
+    echo "ERROR: I expect to find necessary webfonts in $fontdir"
+    exit 2
+fi
+
+apischeme=http
+apihost=localhost
+
+#apischeme=https
+#apihost=code.soundsoftware.ac.uk
+
+for f in "$configdir"/*.in "$rootdir"/extra/soundsoftware/extract-docs.sh ; do
+    out="$configdir"/$(basename "$f" .in).gen
+    cat "$f" | sed \
+                   -e 's/INSERT_DATABASE_PASSWORD_HERE/'"$dbpass"'/g' \
+                   -e 's/INSERT_API_KEY_HERE/'"$apikey"'/g' \
+                   -e 's/INSERT_API_SCHEME_HERE/'"$apischeme"'/g' \
+                   -e 's/INSERT_API_HOST_HERE/'"$apihost"'/g' \
+                   -e 's/INSERT_API_USER_HERE/user/g' \
+                   -e 's/INSERT_API_PASSWORD_HERE/'"$apipass"'/g' \
+                   > "$out"
+done
--- a/deploy/config/code.conf.in	Fri Aug 18 14:46:06 2017 +0100
+++ b/deploy/config/code.conf.in	Fri Aug 18 15:02:20 2017 +0100
@@ -2,6 +2,9 @@
 # A test Apache config. Lacks SSL, lacks a desirable extra layer of
 # authentication for admin interface paths. Do not deploy this.
 
+# Note this has been updated for Apache 2.4, which introduced a number
+# of (welcome) changes to access control directives.
+
 PerlLoadModule Apache::Authn::SoundSoftware
 
 <VirtualHost *:80>
@@ -33,21 +36,15 @@
 #	</Location>
 
         <DirectoryMatch "^/.*/\.svn/">
-                Order allow,deny
-                Deny from all
-                Satisfy All
+                Require all denied
         </DirectoryMatch>
 
         <DirectoryMatch "^/.*/\.hg/">
-                Order allow,deny
-                Deny from all
-                Satisfy All
+                Require all denied
         </DirectoryMatch>
 
         <DirectoryMatch "^/.*/\.git/">
-                Order allow,deny
-                Deny from all
-                Satisfy All
+                Require all denied
         </DirectoryMatch>
 
         <Directory /var/www/code/public>
@@ -73,7 +70,7 @@
 		PerlSetVar HTTPS "on"
 		SoundSoftwareDSN "dbi:Pg:database=code;host=localhost"
     		SoundSoftwareDbUser "code"
-     		SoundSoftwareDbPass "INSERT_POSTGRES_PASSWORD_HERE"
+     		SoundSoftwareDbPass "INSERT_DATABASE_PASSWORD_HERE"
 		SoundSoftwareRepoPrefix "/var/hg/"
                 #!!! "on" in production please!:
                 SoundSoftwareSslRequired "off"
@@ -86,16 +83,13 @@
 
 	<Directory "/var/files/git-mirror">
 		Options -Indexes +FollowSymLinks
-                Order allow,deny
-                Allow from all
+                Require all granted
 	</Directory>
 	<Directory ~ "/var/files/git-mirror/.*\.workdir">
-		Order allow,deny
-		Deny from all
+                Require all denied
 	</Directory>
 	<Directory ~ "/var/files/git-mirror/__.*">
-                Order allow,deny
-                Deny from all
+                Require all denied
 	</Directory>
 
 	ErrorLog /var/log/apache2/code-error.log
--- a/deploy/config/database.yml.in	Fri Aug 18 14:46:06 2017 +0100
+++ b/deploy/config/database.yml.in	Fri Aug 18 15:02:20 2017 +0100
@@ -3,5 +3,5 @@
   database: code
   host: localhost
   username: code
-  password: "INSERT_POSTGRES_PASSWORD_HERE"
+  password: "INSERT_DATABASE_PASSWORD_HERE"
 
--- a/deploy/config/run-external.sh.in	Fri Aug 18 14:46:06 2017 +0100
+++ b/deploy/config/run-external.sh.in	Fri Aug 18 15:02:20 2017 +0100
@@ -6,11 +6,11 @@
 date >> $logfile
 /var/www/code/reposman/convert-external-repos.rb \
 	-s /var/hg \
-	-r https://code.soundsoftware.ac.uk/ \
+	-r INSERT_API_SCHEME_HERE://INSERT_API_HOST_HERE/ \
 	-k INSERT_API_KEY_HERE \
 	-v \
-	--http-user=user \
-	--http-pass=password \
+	--http-user=INSERT_API_USER_HERE \
+	--http-pass=INSERT_API_PASSWORD_HERE \
         -c "/var/www/code/reposman/update-external-repo.sh" \
 	>> $logfile 2>&1
 date >> $logfile
--- a/deploy/config/run-reposman.sh.in	Fri Aug 18 14:46:06 2017 +0100
+++ b/deploy/config/run-reposman.sh.in	Fri Aug 18 15:02:20 2017 +0100
@@ -5,10 +5,10 @@
 echo >> $logfile
 /var/www/code/reposman/reposman-soundsoftware.rb \
 	-s /var/hg \
-	-r https://code.soundsoftware.ac.uk/ \
+	-r INSERT_API_SCHEME_HERE://INSERT_API_HOST_HERE/ \
 	-k INSERT_API_KEY_HERE \
-	--http-user=user \
-	--http-pass=password \
+	--http-user=INSERT_API_USER_HERE \
+	--http-pass=INSERT_API_PASSWORD_HERE \
 	-o www-data \
 	-g code \
 	-c "/var/www/code/reposman/run-hginit.sh" \
--- a/deploy/docker/start.sh	Fri Aug 18 14:46:06 2017 +0100
+++ b/deploy/docker/start.sh	Fri Aug 18 15:02:20 2017 +0100
@@ -1,51 +1,7 @@
 #!/bin/bash
 
 mydir=$(dirname "$0")
-
-dbpwd="$1"
-if [ -z "$dbpwd" ]; then
-    echo "Usage: $0 <database-password>" 1>&2
-    exit 2
-fi
-
-set -eu -o pipefail
-
-rootdir="$mydir/../.."
-
-deploydir="$rootdir"/deploy
-if [ ! -d "$deploydir" ]; then
-    echo "ERROR: Unexpected repository layout - expected directory at $deploydir"
-    exit 2
-fi
-
-managerdir="$deploydir/docker"
-if [ ! -d "$managerdir" ]; then
-    echo "ERROR: Required directory $managerdir not found"
-    exit 2
-fi
-
-configdir="$deploydir/config"
-if [ ! -d "$configdir" ]; then
-    echo "ERROR: Required directory $configdir not found"
-    exit 2
-fi
-
-if [ ! -f "$rootdir/postgres-dumpall" ]; then
-    echo "ERROR: I expect to find a Postgres SQL multi-db dump file in $rootdir/postgres-dumpall"
-    exit 2
-fi
-
-fontdir="$rootdir"/public/themes/soundsoftware/stylesheets/fonts
-if [ ! -f "$fontdir/24BC0E_0_0.woff" ]; then
-    echo "ERROR: I expect to find necessary webfonts in $fontdir"
-    exit 2
-fi
-
-for f in database.yml code.conf ; do
-    cat "$configdir/$f.in" |
-        sed 's/INSERT_POSTGRES_PASSWORD_HERE/'"$dbpwd"'/g' > \
-            "$configdir/$f"
-done
+. "$mydir"/../any/prepare.sh
 
 provisioning_commands=$(
     for x in "$deploydir"/provision.d/[0-9]*.sh; do
@@ -59,12 +15,12 @@
 
 cat "$managerdir/Dockerfile.in" |
     sed 's,INSERT_PROVISIONING_HERE,'"$provisioning_commands"',' >> \
-        "$managerdir/Dockerfile"
+        "$managerdir/Dockerfile.gen"
 
 cd "$rootdir"
 
 dockertag="cannam/soundsoftware-site"
 
-sudo docker build -t "$dockertag" -f "deploy/docker/Dockerfile" .
+sudo docker build -t "$dockertag" -f "deploy/docker/Dockerfile.gen" .
 sudo docker run -p 8080:80 -d "$dockertag"
 
--- a/deploy/provision.d/050-webapp-db.sh	Fri Aug 18 14:46:06 2017 +0100
+++ b/deploy/provision.d/050-webapp-db.sh	Fri Aug 18 15:02:20 2017 +0100
@@ -5,7 +5,7 @@
 # Copy across the database config file (the source file has presumably
 # been generated from a skeleton, earlier in provisioning)
 
-infile=/var/www/code/deploy/config/database.yml
+infile=/var/www/code/deploy/config/database.yml.gen
 outfile=/var/www/code/config/database.yml
 
 if [ ! -f "$outfile" ]; then
--- a/deploy/provision.d/100-apache-config.sh	Fri Aug 18 14:46:06 2017 +0100
+++ b/deploy/provision.d/100-apache-config.sh	Fri Aug 18 15:02:20 2017 +0100
@@ -6,10 +6,10 @@
 
 cd /var/www/code
 
-codeconffile=/var/www/code/deploy/config/code.conf
+codeconffile=/var/www/code/deploy/config/code.conf.gen
 
 if [ ! -f "$codeconffile" ]; then
-    echo "ERROR: Apache config file $codeconffile not found - has the database secret been interpolated from $codeconffile.in correctly?"
+    echo "ERROR: Apache config file $codeconffile not found - has the database secret been interpolated from its input file correctly?"
     exit 2
 fi
 
--- a/deploy/provision.d/120-docgen.sh	Fri Aug 18 14:46:06 2017 +0100
+++ b/deploy/provision.d/120-docgen.sh	Fri Aug 18 15:02:20 2017 +0100
@@ -12,7 +12,6 @@
 
 for file in \
     doxysafe.pl \
-    extract-docs.sh \
     extract-doxygen.sh \
     extract-javadoc.sh \
     extract-matlabdocs.sh \
@@ -24,6 +23,13 @@
     fi
 done
 
+for file in \
+    extract-docs.sh ; do
+    if [ ! -f docgen/"$file" ]; then
+        cp deploy/config/"$file".gen docgen/"$file"
+    fi
+done
+
 chown code.www-data docgen/*
 chmod +x docgen/*.sh
 
--- a/deploy/provision.d/130-reposman.sh	Fri Aug 18 14:46:06 2017 +0100
+++ b/deploy/provision.d/130-reposman.sh	Fri Aug 18 15:02:20 2017 +0100
@@ -26,8 +26,7 @@
     run-external.sh \
     run-reposman.sh ; do
     if [ ! -f reposman/"$file" ]; then
-        ##!!! TODO: actually insert API key
-        cat deploy/config/"$file".in > reposman/"$file"
+        cp deploy/config/"$file".gen reposman/"$file"
     fi
 done
 
--- a/deploy/vagrant/start.sh	Fri Aug 18 14:46:06 2017 +0100
+++ b/deploy/vagrant/start.sh	Fri Aug 18 15:02:20 2017 +0100
@@ -1,53 +1,8 @@
 #!/bin/bash
 
 mydir=$(dirname "$0")
-
-dbpwd="$1"
-if [ -z "$dbpwd" ]; then
-    echo "Usage: $0 <database-password>" 1>&2
-    exit 2
-fi
-
-set -eu -o pipefail
-
-rootdir="$mydir/../.."
-
-deploydir="$rootdir"/deploy
-if [ ! -d "$deploydir" ]; then
-    echo "ERROR: Unexpected repository layout - expected directory at $deploydir"
-    exit 2
-fi
-
-managerdir="$deploydir/vagrant"
-if [ ! -d "$managerdir" ]; then
-    echo "ERROR: Required directory $managerdir not found"
-    exit 2
-fi
-
-configdir="$deploydir/config"
-if [ ! -d "$configdir" ]; then
-    echo "ERROR: Required directory $configdir not found"
-    exit 2
-fi
-
-if [ ! -f "$rootdir/postgres-dumpall" ]; then
-    echo "ERROR: I expect to find a Postgres SQL multi-db dump file in $rootdir/postgres-dumpall"
-    exit 2
-fi
-
-fontdir="$rootdir"/public/themes/soundsoftware/stylesheets/fonts
-if [ ! -f "$fontdir/24BC0E_0_0.woff" ]; then
-    echo "ERROR: I expect to find necessary webfonts in $fontdir"
-    exit 2
-fi
-
-for f in database.yml code.conf ; do
-    cat "$configdir/$f.in" |
-        sed 's/INSERT_POSTGRES_PASSWORD_HERE/'"$dbpwd"'/g' > \
-            "$configdir/$f"
-done
+. "$mydir"/../any/prepare.sh
 
 cd "$managerdir"
-
 vagrant up
 
--- a/deploy/vagrant/vagrant-provision.sh	Fri Aug 18 14:46:06 2017 +0100
+++ b/deploy/vagrant/vagrant-provision.sh	Fri Aug 18 15:02:20 2017 +0100
@@ -3,15 +3,16 @@
 #!!! still not covered:
 # * https
 # * http auth for API (/sys) and /admin interfaces
-# * API keys and http auth for reposman and docgen
+# * sending email
 
 set -e
 
 for f in /code-to-deploy/deploy/provision.d/[0-9]*.sh ; do
     case "$f" in
         *~) ;;
-        *) echo "Running provision script: $f"
+        *) echo "Running provisioning script: $f"
            /bin/bash "$f";;
     esac
 done
 
+echo "All provisioning scripts complete"
--- a/extra/soundsoftware/extract-docs.sh	Fri Aug 18 14:46:06 2017 +0100
+++ b/extra/soundsoftware/extract-docs.sh	Fri Aug 18 15:02:20 2017 +0100
@@ -11,11 +11,13 @@
 
 redgrp="code"
 
-apikey=""
-apischeme="https"
-apihost=""
-apiuser=""
-apipass=""
+apikey="INSERT_API_KEY_HERE"
+apischeme="INSERT_API_SCHEME_HERE"
+apihost="INSERT_API_HOST_HERE"
+
+# HTTP auth username/password for /sys api calls
+apiuser="INSERT_API_USER_HERE"
+apipass="INSERT_API_PASSWORD_HERE"
 
 progdir=$(dirname $0)
 case "$progdir" in