Download as
Browse Code »

Commit 79ecf618efbdcb75344138cc26358ce7ae17f566

Authored by Antonio Terceiro
2 parents a5026550 4e457ee9
Exists in master and in 90 other branches 3.x, add_sisp_to_chef, add_super_archives_plugin, api_for_colab, automates_core_packing, backup, backup_not_prod, cdtc_configuration, changes_in_buttons_on_content_panel, colab_automated_login, colab_spb_plugin_recipe, colab_widgets_settings, design_validation, dev-lappis, dev_env_minimal, disable_email_dev, docs, fix_breadcrumbs_position, fix_categories_software_link, fix_edit_institution, fix_edit_software_with_another_license, fix_get_license_info, fix_gitlab_assets_permission, fix_list_style_inside_article, fix_list_style_on_folder_elements, fix_members_pagination, fix_merge_request_url, fix_models_translations, fix_no_license, fix_software_api, fix_software_block_migration, fix_software_communities_translations, fix_software_communities_unit_test, fix_style_create_institution_admin_panel, fix_superarchives_imports, fix_sym_links_noosfero, focus_search_field_theme, gov-user-refactoring, gov-user-refactoring-rails4, header_fix, institution_modal_on_rating, kalibro-conf-refactoring, kalibro-processor-package, lxc_settings, margin_fix, mezuro_cookbook, performance, prezento, r3, refactor_download_block, refactor_software_communities, refactor_software_for_sisp, register_page, release-process, release-process-v2, remove-unused-images, remove_backup_emails, remove_broken_theme, remove_secondary_email_from_user, remove_sisp_buttons, removing_super_archives_email, review_message, scope2method, signals_user_noosfero, sisp_catalog_header, sisp_colab_config, sisp_dev, sisp_dev_master, sisp_simple_version, software_as_organization, software_catalog_style_fix, software_communities_html_refactor, software_infos_api, spb_minimal_env, spb_to_rails4, spec_refactor, stable-4.1, stable-4.2, stable-4.x, stable-devel, support_docs, syslog, temp_soft_comm_refactoring, theme_header, theme_javascript_refactory, thread_dropdown, thread_page, update_search_by_categories, update_software_api, update_softwares_boxes

Merge branch 'reverseproxy-ssh'

Showing 6 changed files with 60 additions and 2 deletions   Show diff stats
@@ -34,6 +34,7 @@ First you have to bring up the development virtual machines: @@ -34,6 +34,7 @@ First you have to bring up the development virtual machines:
34 34
35 ```bash 35 ```bash
36 $ vagrant up 36 $ vagrant up
  37 +$ rake preconfig
37 $ rake bootstrap_common 38 $ rake bootstrap_common
38 ``` 39 ```
39 40
@@ -52,6 +53,17 @@ $ rake converge:$server # deploys only $server @@ -52,6 +53,17 @@ $ rake converge:$server # deploys only $server
52 * TODO: document creation of `prod.yaml`. 53 * TODO: document creation of `prod.yaml`.
53 * TODO: document SSH configuration 54 * TODO: document SSH configuration
54 55
  56 +The very first step is
  57 +
  58 +```
  59 +$ rake preconfig SPB_ENV=production
  60 +```
  61 +
  62 +This will perform some initial configuration to the system that is required
  63 +before doing the actual deployment.
  64 +
  65 +After that:
  66 +
55 ```bash 67 ```bash
56 $ rake SPB_ENV=production # deploys all servers 68 $ rake SPB_ENV=production # deploys all servers
57 $ rake nodes SPB_ENV=production # lists all servers 69 $ rake nodes SPB_ENV=production # lists all servers
@@ -35,7 +35,7 @@ task :test do @@ -35,7 +35,7 @@ task :test do
35 end 35 end
36 36
37 file 'ssh_config.erb' 37 file 'ssh_config.erb'
38 -file 'config/local/ssh_config' => ['nodes.yaml', 'config/local/ips.yaml', 'ssh_config.erb'] do |t| 38 +file 'config/local/ssh_config' => ['nodes.yaml', 'config/local/ips.yaml', 'ssh_config.erb', 'Rakefile'] do |t|
39 require 'erb' 39 require 'erb'
40 template = ERB.new(File.read('ssh_config.erb')) 40 template = ERB.new(File.read('ssh_config.erb'))
41 File.open(t.name, 'w') do |f| 41 File.open(t.name, 'w') do |f|
@@ -50,3 +50,22 @@ unless ENV['nodeps'] @@ -50,3 +50,22 @@ unless ENV['nodeps']
50 task 'converge:integration' => 'converge:database' 50 task 'converge:integration' => 'converge:database'
51 task 'converge:social' => 'converge:database' 51 task 'converge:social' => 'converge:database'
52 end 52 end
  53 +
  54 +$ALT_SSH_PORT = config.fetch('alt_ssh_port', 2222)
  55 +
  56 +$nodes.find { |n| n.hostname == 'reverseproxy' }.data['ssh_port'] = $ALT_SSH_PORT
  57 +desc 'Makes configurations needed before the bootstrap phase'
  58 +task :preconfig => ssh_config_file do
  59 + preconfig_file = "tmp/preconfig.#{$SPB_ENV}.stamp"
  60 + if File.exist?(preconfig_file)
  61 + puts "I: preconfig already done."
  62 + puts "I: delete #{preconfig_file} to force running again"
  63 + else
  64 + sh 'scp', '-F', ssh_config_file, 'utils/reverseproxy_ssh_setup', 'reverseproxy.unconfigured:/tmp'
  65 + sh 'ssh', '-F', ssh_config_file, 'reverseproxy.unconfigured', 'sudo', '/tmp/reverseproxy_ssh_setup', $ALT_SSH_PORT.to_s
  66 +
  67 + File.open(preconfig_file, 'w') do |f|
  68 + f.puts($ALT_SSH_PORT)
  69 + end
  70 + end
  71 +end
@@ -33,5 +33,9 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| @@ -33,5 +33,9 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
33 end 33 end
34 config.vm.define 'reverseproxy' do |reverseproxy| 34 config.vm.define 'reverseproxy' do |reverseproxy|
35 reverseproxy.vm.network 'private_network', ip: ips['reverseproxy'] 35 reverseproxy.vm.network 'private_network', ip: ips['reverseproxy']
  36 + if File.exist?('tmp/preconfig.local.stamp')
  37 + reverseproxy.ssh.port = File.read('tmp/preconfig.local.stamp').strip.to_i
  38 + reverseproxy.ssh.host = ips['reverseproxy']
  39 + end
36 end 40 end
37 end 41 end
config/local/config.yaml
  Diff comments   View file @79ecf61
@@ -10,4 +10,4 @@ email_subject_prefix: '[spb]' @@ -10,4 +10,4 @@ email_subject_prefix: '[spb]'
10 lists_hostname: listas.softwarepublico.dev 10 lists_hostname: listas.softwarepublico.dev
11 lists_admin: paulo@softwarelivre.org 11 lists_admin: paulo@softwarelivre.org
12 relay_hostname: relay.softwarepublico.dev 12 relay_hostname: relay.softwarepublico.dev
13 - 13 +alt_ssh_port: 5555
ssh_config.erb
  Diff comments   View file @79ecf61
@@ -9,7 +9,13 @@ Host * @@ -9,7 +9,13 @@ Host *
9 <% $nodes.each do |node| %> 9 <% $nodes.each do |node| %>
10 Host <%= node.hostname %> 10 Host <%= node.hostname %>
11 Hostname <%= node.data['peers'][node.hostname] %> 11 Hostname <%= node.data['peers'][node.hostname] %>
  12 + Port <%= node.data.fetch('ssh_port', 22) %>
12 IdentityFile <%= (Dir.glob(".vagrant/machines/#{node.hostname}/*/private_key") + [File.expand_path('~/.vagrant.d/insecure_private_key')]).find { |f| File.exists?(f) }.tap { |f| File.expand_path(f) } %> 13 IdentityFile <%= (Dir.glob(".vagrant/machines/#{node.hostname}/*/private_key") + [File.expand_path('~/.vagrant.d/insecure_private_key')]).find { |f| File.exists?(f) }.tap { |f| File.expand_path(f) } %>
13 <% end %> 14 <% end %>
14 15
  16 +Host reverseproxy.unconfigured
  17 + Hostname <%= $nodes.first.data['peers']['reverseproxy'] %>
  18 + Port 22
  19 + IdentityFile <%= (Dir.glob(".vagrant/machines/reverseproxy/*/private_key") + [File.expand_path('~/.vagrant.d/insecure_private_key')]).find { |f| File.exists?(f) }.tap { |f| File.expand_path(f) } %>
  20 +
15 # vim: ft=sshconfig 21 # vim: ft=sshconfig
utils/reverseproxy_ssh_setup 0 → 100755
  Diff comments   View file @79ecf61
@@ -0,0 +1,17 @@ @@ -0,0 +1,17 @@
  1 +#!/bin/sh
  2 +
  3 +set -e
  4 +
  5 +port="$1"
  6 +
  7 +# switch SSH to port $port
  8 +sed -i -e 's/^#\?\s*Port\s*[0-9]\+\s*$/Port '$port'/g' /etc/ssh/sshd_config
  9 +
  10 +# Install SELinux
  11 +yum install -y selinux-policy policycoreutils-python
  12 +
  13 +# Tell SELinux to allow the new port
  14 +semanage port -a -t ssh_port_t -p tcp "$port"
  15 +
  16 +# Restart SSH
  17 +systemctl restart sshd