Commit c5689bf4 authored by GARNIER Laurent's avatar GARNIER Laurent
Browse files

Merge branch 'qualif-fixes' into 'django'

fixes for the qualif deployment

Closes #356, #349, #345, #309, allgo.inria.fr#8, #347, #338, allgo.inria.fr#7, allgo.inria.fr#5, and #44

See merge request !205
parents 57df3228 ccf8ad31
Pipeline #136771 failed with stages
in 1 second
...@@ -41,6 +41,7 @@ import json ...@@ -41,6 +41,7 @@ import json
import logging import logging
import os import os
import re import re
import ssl
import sys import sys
import time import time
import weakref import weakref
...@@ -328,7 +329,7 @@ class AllgoAio: ...@@ -328,7 +329,7 @@ class AllgoAio:
return self.http_client.request(method, self.django_url+path, *k, **kw) return self.http_client.request(method, self.django_url+path, *k, **kw)
async def run(self, fork, pidfile): async def run(self, fork, pidfile, cafile):
"""main task (run the server)""" """main task (run the server)"""
assert self._shutdown_requested is None, "run() must not be called multiple times" assert self._shutdown_requested is None, "run() must not be called multiple times"
...@@ -339,6 +340,20 @@ class AllgoAio: ...@@ -339,6 +340,20 @@ class AllgoAio:
# create the aiohttp client # create the aiohttp client
self.http_client = aiohttp.ClientSession() self.http_client = aiohttp.ClientSession()
# load the CA certificate
try:
# ugly hack: store the ssl context directy in the connector (the aiohttp client v1.2
# does not support explicit ssl contextes)
assert aiohttp.__version__ == '1.2.0'
self.http_client.connector._ssl_context = ssl.create_default_context(cafile=cafile)
except OSError as e:
k = "unable to load CA file %r (%s)", cafile, e
if isinstance(e, FileNotFoundError) and cafile == "/vol/ro/certs/registry.crt":
log.warning(*k)
else:
log.error(*k)
sys.exit(1)
# create redis client # create redis client
self.redis_client = await self.create_redis(reconnecting=True) self.redis_client = await self.create_redis(reconnecting=True)
......
...@@ -63,6 +63,8 @@ parser.add_argument("--daemon", action="store_true", ...@@ -63,6 +63,8 @@ parser.add_argument("--daemon", action="store_true",
help="daemonise after startup") help="daemonise after startup")
parser.add_argument("--pidfile", metavar="PATH", default="/run/aio.pid", parser.add_argument("--pidfile", metavar="PATH", default="/run/aio.pid",
help="daemon pid file (default: /run/aio.pid)") help="daemon pid file (default: /run/aio.pid)")
parser.add_argument("--cafile", metavar="PEMFILE", default="/vol/ro/certs/registry.crt",
help="path to the registry CA certificate (default: /vol/ro/certs/registry.crt)")
args = parser.parse_args() args = parser.parse_args()
...@@ -83,7 +85,7 @@ try: ...@@ -83,7 +85,7 @@ try:
loop.add_signal_handler(signal.SIGTERM, app.shutdown) loop.add_signal_handler(signal.SIGTERM, app.shutdown)
#loop.add_signal_handler(signal.SIGHUP, app.reload) #loop.add_signal_handler(signal.SIGHUP, app.reload)
loop.run_until_complete(app.run(args.daemon, args.pidfile)) loop.run_until_complete(app.run(args.daemon, args.pidfile, args.cafile))
finally: finally:
loop.remove_signal_handler(signal.SIGINT) loop.remove_signal_handler(signal.SIGINT)
loop.remove_signal_handler(signal.SIGTERM) loop.remove_signal_handler(signal.SIGTERM)
......
...@@ -12,10 +12,10 @@ APPS_DIR = os.path.join(ROOT_DIR, 'allgo') ...@@ -12,10 +12,10 @@ APPS_DIR = os.path.join(ROOT_DIR, 'allgo')
#FIXME: we should rather do these type conversions in config/env.py because #FIXME: we should rather do these type conversions in config/env.py because
# this is very error prone # this is very error prone
def parse_bool(value): def parse_bool(value: str):
if value.lower() in (1, "true"): if value.lower() in ("1", "true"):
return True return True
if value.lower() in (0, "false"): if value.lower() in ("0", "false", ""):
return False return False
raise ValueError("invalid value %r (expected 'true' or 'false')" % value) raise ValueError("invalid value %r (expected 'true' or 'false')" % value)
......
...@@ -27,7 +27,6 @@ fi ...@@ -27,7 +27,6 @@ fi
echo "CREATE DATABASE allgo CHARACTER SET 'utf8';" | mysql_cmd echo "CREATE DATABASE allgo CHARACTER SET 'utf8';" | mysql_cmd
# generate the missing migrations (in qualif/dev only) # generate the missing migrations (in qualif/dev only)
# TODO: remove this when we deploy in production
if [ "$ENV" = dev ] || [ "$ENV" = qualif ] ; then if [ "$ENV" = dev ] || [ "$ENV" = qualif ] ; then
python3 manage.py makemigrations python3 manage.py makemigrations
fi fi
......
#!/bin/sh
set -e -x
# wait until the mysql server is ready
wait-mysql
mkdir -p /vol/cache/allgo
# generate the missing migrations (in qualif/dev only)
if [ "$ENV" = dev ] || [ "$ENV" = qualif ] ; then
python3 manage.py makemigrations
fi
# create the tables (apply the migrations)
python3 manage.py migrate
...@@ -119,6 +119,8 @@ server ...@@ -119,6 +119,8 @@ server
proxy_pass {ALLGO_REGISTRY_PRIVATE_URL}/v2/; proxy_pass {ALLGO_REGISTRY_PRIVATE_URL}/v2/;
proxy_redirect off; proxy_redirect off;
proxy_buffering off; proxy_buffering off;
proxy_ssl_verify on;
proxy_ssl_trusted_certificate /vol/ro/certs/registry.crt;
location ~ ^/v2/.*/manifests/[^/]*$ { location ~ ^/v2/.*/manifests/[^/]*$ {
proxy_pass http://aio; proxy_pass http://aio;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment