From 8e622836ac24319c826094dc5d99a41a586271e5 Mon Sep 17 00:00:00 2001 From: Florian Dold Date: Thu, 16 Mar 2017 16:27:19 +0100 Subject: auditor --- bin/taler-deployment-auditor | 23 +++++++++++++++++++++++ bootstrap-bluegreen | 4 ++-- bootstrap-standalone | 4 ++-- etc/nginx/sites-enabled/env.site | 8 ++++++++ etc/nginx/sites-enabled/test.site | 34 ++++++++++++++++++++++++++++++++++ taler-arm/taler-auditor.conf | 3 +++ taler-build/Makefile | 6 +++++- taler-build/update_auditor.sh | 14 ++++++++++++++ 8 files changed, 91 insertions(+), 5 deletions(-) create mode 100755 bin/taler-deployment-auditor create mode 100644 taler-arm/taler-auditor.conf create mode 100755 taler-build/update_auditor.sh diff --git a/bin/taler-deployment-auditor b/bin/taler-deployment-auditor new file mode 100755 index 0000000..f90c7fb --- /dev/null +++ b/bin/taler-deployment-auditor @@ -0,0 +1,23 @@ +#!/bin/bash + +# serve landing page via uwsgi + +base=$HOME + +export PATH="$base/deployment":$PATH + +ulimit -c $((100 * 1024)) + +mkdir -p $HOME/sockets + + +# redirect / to index.html, +# serve static files from $HOME/auditor +exec uwsgi \ + --mimefile /etc/mime.types \ + --socket $HOME/sockets/auditor.uwsgi \ + --chmod-socket=660 \ + --route "^/?$ redirect:index.html" \ + --route "^/(.+) addvar:FILE=$HOME/auditor/\$1" \ + --route-if "exists:\${FILE} static:\${FILE}" \ + --route "^/(.+) break:404 not found" diff --git a/bootstrap-bluegreen b/bootstrap-bluegreen index d687f46..d57b2b0 100755 --- a/bootstrap-bluegreen +++ b/bootstrap-bluegreen @@ -56,13 +56,13 @@ if ! test -d $HOME/libmicrohttpd; then git -C ~/libmicrohttpd checkout -q tags/v0.9.52 fi -for component in bank merchant gnurl landing exchange merchant-frontends deployment; do +for component in bank merchant gnurl landing exchange merchant-frontends deployment auditor; do if ! test -d $HOME/$component; then git clone /var/git/$component.git fi done -for component in bank merchant landing exchange merchant-frontends; do +for component in bank merchant landing exchange merchant-frontends auditor; do echo "Checking out $component to $BRANCH" git -C $HOME/$component checkout $BRANCH done diff --git a/bootstrap-standalone b/bootstrap-standalone index 8754c43..9e83669 100755 --- a/bootstrap-standalone +++ b/bootstrap-standalone @@ -24,13 +24,13 @@ if ! test -d $HOME/libmicrohttpd; then git -C ~/libmicrohttpd checkout -q tags/v0.9.52 fi -for component in bank merchant gnurl landing exchange merchant-frontends deployment; do +for component in bank merchant gnurl landing exchange merchant-frontends deployment auditor; do if ! test -d $HOME/$component; then git clone /var/git/$component.git fi done -for component in bank merchant landing exchange merchant-frontends; do +for component in bank merchant landing exchange merchant-frontends auditor; do echo "Checking out $component to $BRANCH" git -C $HOME/$component checkout $BRANCH done diff --git a/etc/nginx/sites-enabled/env.site b/etc/nginx/sites-enabled/env.site index 9461e5e..b3577b3 100644 --- a/etc/nginx/sites-enabled/env.site +++ b/etc/nginx/sites-enabled/env.site @@ -74,5 +74,13 @@ server { uwsgi_param PATH_INFO "$req"; } + location ~ ^/(?[a-zA-Z0-9-_]+)/auditor(?/.*|)$ { + ssi on; + uwsgi_pass unix:/home/$user/sockets/auditor.uwsgi; + include /etc/nginx/uwsgi_params; + uwsgi_param SCRIPT_NAME "/$user/"; + uwsgi_param PATH_INFO "$req"; + } + include conf.d/favicon_robots; } diff --git a/etc/nginx/sites-enabled/test.site b/etc/nginx/sites-enabled/test.site index fe488c9..9971847 100644 --- a/etc/nginx/sites-enabled/test.site +++ b/etc/nginx/sites-enabled/test.site @@ -44,6 +44,40 @@ server { } +server { + server_name auditor.test.taler.net; + listen 443 ssl; + listen [::]:443 ssl; + root /dev/null; + include conf.d/test.redirects; + include conf.d/talerssl; + location @green { + add_header X-Taler-Deployment-Color green; + uwsgi_pass unix:/home/test-green/sockets/auditor.uwsgi; + include /etc/nginx/uwsgi_params; + } + location @blue { + add_header X-Taler-Deployment-Color blue; + uwsgi_pass unix:/home/test-blue/sockets/auditor.uwsgi; + include /etc/nginx/uwsgi_params; + } + location / { + # Redirection technique explainted at + # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ + error_page 418 = @blue; + error_page 419 = @green; + rewrite ^/$ /en/ redirect; + rewrite ^/(..)/$ /$1/index.html break; + recursive_error_pages on; + if ($http_x_taler_deployment_color ~ "blue") { return 418; } + if ($http_x_taler_deployment_color ~ "green") { return 419; } + uwsgi_pass unix:/home/test/sockets/auditor.uwsgi; + include /etc/nginx/uwsgi_params; + } + include conf.d/favicon_robots; +} + + server { server_name exchange.test.taler.net; listen 443 ssl; diff --git a/taler-arm/taler-auditor.conf b/taler-arm/taler-auditor.conf new file mode 100644 index 0000000..a3a0b6f --- /dev/null +++ b/taler-arm/taler-auditor.conf @@ -0,0 +1,3 @@ +[taler-auditor] +TYPE = simple +BINARY = taler-deployment-auditor diff --git a/taler-build/Makefile b/taler-build/Makefile index 0179d7d..8210cbe 100644 --- a/taler-build/Makefile +++ b/taler-build/Makefile @@ -1,4 +1,4 @@ -all: exchange-stamp bank-stamp merchant-stamp gnunet-stamp merchant-frontends-stamp landing-stamp deployment-stamp +all: exchange-stamp bank-stamp merchant-stamp gnunet-stamp merchant-frontends-stamp landing-stamp deployment-stamp auditor-stamp deployment-stamp: ./update_deployment.sh @@ -8,6 +8,10 @@ exchange-stamp: gnunet-stamp deployment-stamp ./update_exchange.sh touch $@ +auditor-stamp: deployment-stamp + ./update_auditor.sh + touch $@ + landing-stamp: deployment-stamp ./update_landing.sh touch $@ diff --git a/taler-build/update_auditor.sh b/taler-build/update_auditor.sh new file mode 100755 index 0000000..f792ce1 --- /dev/null +++ b/taler-build/update_auditor.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +set -eu + +cd $HOME/auditor +git clean -fxd + +git fetch +# reset to updated upstream branch, but only if we're tracking a branch +branch=$(git rev-parse --abbrev-ref --symbolic-full-name @{u} 2>/dev/null || echo HEAD) +git reset --hard "$branch" + +git submodule update --force --init +./template -- cgit v1.2.3