diff options
author | Quentin <quentin@dufour.io> | 2021-01-18 08:18:21 +0100 |
---|---|---|
committer | Quentin <quentin@dufour.io> | 2021-01-18 08:18:21 +0100 |
commit | ad6017eea058f7cb6fdf078783f992a4f45a3e15 (patch) | |
tree | 6620bcc9e1ea61a5689b763b9ad8280275e35e76 /app/web_static | |
parent | 79b7273ff2a487d6721d393682c8ad3927467a75 (diff) | |
parent | c642370def01f09d966b3b9c643cfe416ea115cf (diff) | |
download | infrastructure-ad6017eea058f7cb6fdf078783f992a4f45a3e15.tar.gz infrastructure-ad6017eea058f7cb6fdf078783f992a4f45a3e15.zip |
Merge pull request 'Reorganize app/ and add script for secret management' (#29) from test_reorganize into master
Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/infrastructure/pulls/29
Diffstat (limited to 'app/web_static')
-rw-r--r-- | app/web_static/build/webpull/.gitignore | 1 | ||||
-rw-r--r-- | app/web_static/build/webpull/Dockerfile.nodejs | 9 | ||||
-rw-r--r-- | app/web_static/build/webpull/Dockerfile.ruby | 12 | ||||
-rw-r--r-- | app/web_static/build/webpull/README.md | 23 | ||||
-rw-r--r-- | app/web_static/build/webpull/main.go | 100 | ||||
-rw-r--r-- | app/web_static/deploy/web_static.hcl | 62 | ||||
-rw-r--r-- | app/web_static/secrets/web/home_token | 1 | ||||
-rw-r--r-- | app/web_static/secrets/web/quentin.dufour.io_token | 1 |
8 files changed, 209 insertions, 0 deletions
diff --git a/app/web_static/build/webpull/.gitignore b/app/web_static/build/webpull/.gitignore new file mode 100644 index 0000000..ba2906d --- /dev/null +++ b/app/web_static/build/webpull/.gitignore @@ -0,0 +1 @@ +main diff --git a/app/web_static/build/webpull/Dockerfile.nodejs b/app/web_static/build/webpull/Dockerfile.nodejs new file mode 100644 index 0000000..acc7e74 --- /dev/null +++ b/app/web_static/build/webpull/Dockerfile.nodejs @@ -0,0 +1,9 @@ +FROM node:13.8-buster + +RUN apt-get update && \ + apt-get install -y git + +COPY ./main /srv/httpd +WORKDIR /srv +CMD ["/srv/httpd"] + diff --git a/app/web_static/build/webpull/Dockerfile.ruby b/app/web_static/build/webpull/Dockerfile.ruby new file mode 100644 index 0000000..7578cca --- /dev/null +++ b/app/web_static/build/webpull/Dockerfile.ruby @@ -0,0 +1,12 @@ +FROM fedora:32 + +ENV LC_ALL=C.UTF-8 +ENV LANG=C.UTF-8 +ENV LANGUAGE=en_US.UTF-8 +ENV RUBYOPT --disable-did_you_mean + +RUN dnf install -y git ruby ruby-devel rubygems rubygem-bundler @development-tools redhat-rpm-config gcc-c++ zlib-devel + +COPY ./main /srv/httpd +WORKDIR /srv +CMD ["/srv/httpd"] diff --git a/app/web_static/build/webpull/README.md b/app/web_static/build/webpull/README.md new file mode 100644 index 0000000..5d17d17 --- /dev/null +++ b/app/web_static/build/webpull/README.md @@ -0,0 +1,23 @@ +# webpull + +Webpull allows you to update your live website without deploying a new docker container but by simply calling an URL + +You need to specify a secret token at boot: + +``` +WEBPULL_TOKEN=s3cr3et ./webpull +``` + +## Node.js version + +``` +go build ./main.go +sudo docker build -f ./Dockerfile.nodejs -t superboum/amd64_webpull_pug:v1 . +``` + +## Ruby version + +``` +go build ./main.go +sudo docker build -f ./Dockerfile.ruby -t superboum/amd64_webpull_ruby:v1 . +``` diff --git a/app/web_static/build/webpull/main.go b/app/web_static/build/webpull/main.go new file mode 100644 index 0000000..46c90b9 --- /dev/null +++ b/app/web_static/build/webpull/main.go @@ -0,0 +1,100 @@ +package main + +import ( + "fmt" + "errors" + "io" + "os/exec" + "os" + "log" + "net/http" + "strings" +) + +func myexec(w io.Writer, main string, params ...string) error { + cmd := exec.Command(main, params...) + cmd.Stdout = w + cmd.Stderr = w + err := cmd.Run() + if err != nil { + fmt.Fprintf(w, "Failed to run: %s %s\n", main, strings.Join(params, " ")) + } + return err +} + +func update(w io.Writer) error { + fmt.Fprintf(w, "Start update...\n") + _, err := os.Stat("./.git") + if err != nil { + fmt.Fprintf(w, ".git folder does not exist, creating it...\n") + err := myexec(w, "git", "init") + if err != nil { + return err + } + } + + err = myexec(w, "git", "remote", "get-url", "origin") + if err != nil { + repo, exists := os.LookupEnv("WEBPULL_REPO") + if !exists { + fmt.Fprintf(w, "You must define WEBPULL_REPO env variable...\n") + return errors.New("Missing environment variable WEBPULL_REPO") + } + fmt.Fprintf(w, "git remote is not yet set...\n") + err := myexec(w, "git", "remote", "add", "origin", repo) + if err != nil { + return err + } + } + + err = myexec(w, "git", "pull", "origin", "master") + if err != nil { + fmt.Fprintf(w, "Failed to pull...\n") + return err + } + + _, err = os.Stat("./.webpull") + if err != nil { + fmt.Fprintf(w, "You must create an executable file named '.webpull' at the root of your repository.\nIf you have nothing to run, just create an empty bash script...\n") + return err + } + + err = myexec(w, "./.webpull") + if err != nil { + fmt.Fprintf(w, "An error occured during script execution\n") + return err + } + + fmt.Fprintf(w, "Success.\n") + return nil +} + +func main() { + token, exists := os.LookupEnv("WEBPULL_TOKEN") + if !exists { + log.Fatal("Environment variable 'WEBPULL_TOKEN' must be defined") + } + + if update(os.Stdout) != nil { + log.Fatal("Initial 'update' failed") + } + + fs := http.FileServer(http.Dir("./static")) + http.HandleFunc("/update", func(w http.ResponseWriter, r *http.Request) { + keys, ok := r.URL.Query()["token"] + if !ok || len(keys[0]) < 1 { + http.Error(w, "Missing 'token' query parameter", 401) + return + } + + if keys[0] != token { + http.Error(w, "Wrong token", 401) + return + } + + update(w) + }) + http.Handle("/", fs) + + log.Fatal(http.ListenAndServe(":8080", nil)) +} diff --git a/app/web_static/deploy/web_static.hcl b/app/web_static/deploy/web_static.hcl new file mode 100644 index 0000000..16c8b35 --- /dev/null +++ b/app/web_static/deploy/web_static.hcl @@ -0,0 +1,62 @@ +job "web_static" { + datacenters = ["dc1"] + type = "service" + + constraint { + attribute = "${attr.cpu.arch}" + value = "amd64" + } + + group "landing" { + network { + port "deuxfleurs_port" { to = 8080 } + } + + task "server" { + driver = "docker" + config { + image = "superboum/amd64_webpull_pug:v4" + ports = [ "deuxfleurs_port" ] + } + + template { + data = <<EOH +WEBPULL_REPO="https://git.deuxfleurs.fr/Deuxfleurs/site.git" +WEBPULL_TOKEN="{{ key "secrets/web/home_token" | trimSpace }}" +EOH + destination = "secrets/env" + env = true + } + + resources { + memory = 200 + } + + service { + tags = [ + "webstatic", + "traefik.enable=true", + "traefik.frontend.entryPoints=https,http", + "traefik.frontend.rule=Host:deuxfleurs.fr,www.deuxfleurs.fr,deuxfleurs.org,www.deuxfleurs.org;PathPrefix:/", + # ideally we would have a rewrite regex: ^https?://(www\.deuxfleurs\.fr|deuxfleurs\.org|www\.deuxfleurs\.fr)(.*)$ + "traefik.frontend.priority=10" + ] + port = "deuxfleurs_port" + address_mode = "host" + name = "landing" + check { + type = "tcp" + port = "deuxfleurs_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + } + } +} + diff --git a/app/web_static/secrets/web/home_token b/app/web_static/secrets/web/home_token new file mode 100644 index 0000000..d0cf281 --- /dev/null +++ b/app/web_static/secrets/web/home_token @@ -0,0 +1 @@ +USER web home_token (what is this?) diff --git a/app/web_static/secrets/web/quentin.dufour.io_token b/app/web_static/secrets/web/quentin.dufour.io_token new file mode 100644 index 0000000..c47c82c --- /dev/null +++ b/app/web_static/secrets/web/quentin.dufour.io_token @@ -0,0 +1 @@ +USER web quentin.dufour.io token (what is this?) |