This commit is contained in:
Tilman Kamp 2018-10-19 18:23:37 +02:00
Родитель 48c92bbca6
Коммит 062619b63b
12 изменённых файлов: 152 добавлений и 23 удалений

Просмотреть файл

Просмотреть файл

@ -1,8 +0,0 @@
#!/usr/bin/env bash
apt update
apt install nfs-common openssh-server
adduser --disabled-password --gecos "" -u 1555 snakepit
adduser --disabled-password --gecos "" -u 2555 snake
echo 'snakepit ALL=(snake) NOPASSWD: /bin/bash' | sudo EDITOR='tee -a' visudo

Просмотреть файл

@ -0,0 +1,36 @@
#!/usr/bin/env bash
set -e
if [ $# -ne 1 ] && [ $# -ne 2 ] ; then
echo "Usage: prepare-service-container.sh <data-path> [code-path]"
exit 1
fi
uid=`ls -ldn "$1" | awk '{print $3}'`
if lxc network show snakebr0 > /dev/null 2>&1; then
address=`lxc network get snakebr0 ipv4.address`
else
if ! lxc network show lxdbr0 > /dev/null 2>&1; then
lxc network create lxdbr0
fi
address=`lxc network get lxdbr0 ipv4.address`
fi
address="`echo "$address" | cut -d/ -f 1`"
lxc init ubuntu:18.04 snakepit
lxc config set snakepit raw.idmap "both $uid 0"
lxc config device add snakepit data disk path=/data source="$1"
if [ $# -eq 2 ]; then
lxc config device add snakepit code disk path=/code source="$2"
fi
lxc start snakepit
exe="lxc exec snakepit -- "
$exe systemctl isolate multi-user.target
$exe apt update
$exe apt install -y curl jq nodejs npm git build-essential
if [ $# -ne 2 ]; then
$exe bash -c 'git clone https://github.com/mozilla/snakepit.git /code; cd /code; npm install'
fi
$exe /code/scripts/setup-service.sh "https://${address}:8443/1.0"

33
package-lock.json сгенерированный
Просмотреть файл

@ -388,6 +388,11 @@
}
}
},
"dset": {
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/dset/-/dset-2.0.1.tgz",
"integrity": "sha512-nI29OZMRYq36hOcifB6HTjajNAAiBKSXsyWZrq+VniusseuP2OpNlTiYgsaNRSGvpyq5Wjbc2gQLyBdTyWqhnQ=="
},
"ecc-jsbn": {
"version": "0.1.2",
"resolved": "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz",
@ -911,6 +916,31 @@
"resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz",
"integrity": "sha1-DdOXEhPHxW34gJd9UEyI+0cal6w="
},
"lxdn": {
"version": "0.1.6",
"resolved": "https://registry.npmjs.org/lxdn/-/lxdn-0.1.6.tgz",
"integrity": "sha512-KTDcsO//PHxAjrFL1jTzNqcEPy4bLeFG3w5+1yig7oGa/AfBvRBh074kVBlQzyz0DFTgoNq5dYkGJo52FfJF5w==",
"requires": {
"debug": "4.1.0",
"dset": "2.0.1",
"node-fetch": "github:mkg20001/node-fetch#6bea5c1fc1c22230c87202102518df4fbe980e1e"
},
"dependencies": {
"debug": {
"version": "4.1.0",
"resolved": "https://registry.npmjs.org/debug/-/debug-4.1.0.tgz",
"integrity": "sha512-heNPJUJIqC+xB6ayLAMHaIrmN9HKa7aQO8MGqKpvCA+uJYVcvR6l5kgdrhRuwPFHU7P5/A1w0BjByPHwpfTDKg==",
"requires": {
"ms": "2.1.1"
}
},
"ms": {
"version": "2.1.1",
"resolved": "https://registry.npmjs.org/ms/-/ms-2.1.1.tgz",
"integrity": "sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg=="
}
}
},
"media-typer": {
"version": "0.3.0",
"resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz",
@ -1054,6 +1084,9 @@
"minimatch": "3.0.4"
}
},
"node-fetch": {
"version": "github:mkg20001/node-fetch#6bea5c1fc1c22230c87202102518df4fbe980e1e"
},
"node-pre-gyp": {
"version": "0.9.1",
"resolved": "https://registry.npmjs.org/node-pre-gyp/-/node-pre-gyp-0.9.1.tgz",

Просмотреть файл

@ -43,6 +43,7 @@
"httpfslib": "https://github.com/mozilla/httpfslib.git",
"js-yaml": "^3.12.0",
"jsonwebtoken": "^8.2.2",
"lxdn": "^0.1.6",
"morgan": "^1.9.0",
"multer": "^1.3.0",
"multi-integer-range": "^4.0.4",

60
scripts/setup-service.sh Executable file
Просмотреть файл

@ -0,0 +1,60 @@
#!/usr/bin/env bash
set -e
lxd_endpoint=$1
command=$'\n "sudo lxc exec snakepit -- /code/scripts/setup-service.sh '$lxd_endpoint$'"\n'
if ! curl -k -s $lxd_endpoint > /dev/null 2>&1; then
echo "Problem accessing \"$lxd_endpoint\". Please call $command with the appropriate LXD REST service endpoint."
exit 1
fi
config_dir="/etc/snakepit"
mkdir -p "$config_dir"
openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 \
-subj "/C=US/ST=California/L=San Francisco/O=Mozilla/CN=mozilla.com" \
-keyout "$config_dir/lxd.key" \
-out "$config_dir/lxd.crt" \
> /dev/null 2>&1
echo -n "Local LXD trust password: "
read -s password
echo ""
json=$(curl \
-s \
-k \
--cert "$config_dir/lxd.crt" \
--key "$config_dir/lxd.key" \
$lxd_endpoint/certificates \
-X POST \
-d "{\"type\": \"client\", \"password\": \"$password\"}" \
)
if [[ "`echo $json | jq '.status_code'`" -ne "200" ]]; then
echo "Problem authenticating at \"$lxd_endpoint\". Please call $command again and provide the correct password."
exit 2
fi
token_secret_path="$config_dir/token-secret.txt"
touch "$token_secret_path"
chmod 600 "$token_secret_path"
openssl rand -base64 32 >"$token_secret_path"
conf="$config_dir/snakepit.conf"
touch "$conf"
chmod 644 "$conf"
cp "/code/scripts/snakepit.conf.template" "$conf"
echo -e "# Local interface the snakepit service should use (e.g. 192.168.1.1).\ninterface: 0.0.0.0\n" >>$conf
echo -e "# Local port of the snakepit service.\nport: 80\n" >>$conf
echo -e "# External URL.\nexternal: \"http://snakepit.lxd\"\n" >>$conf
echo -e "# LXD REST URL.\nlxd: \"$lxd_endpoint\"\n" >>$conf
echo -e "# LXD REST certificate.\nlxdcert: \"$config_dir/lxd.crt\"\n" >>$conf
echo -e "# LXD REST key.\nlxdkey: \"$config_dir/lxd.key\"\n" >>$conf
echo -e "# Path to data root.\ndataRoot: \"/data\"\n" >>$conf
echo -e "# Path to session token secret file.\ntokenSecretPath: \"$token_secret_path\"\n" >>$conf
if systemctl is-active --quiet snakepit; then
systemctl stop snakepit
fi
cp /code/scripts/snakepit.service /lib/systemd/system/
systemctl enable snakepit
systemctl start snakepit

Просмотреть файл

Просмотреть файл

@ -5,10 +5,9 @@ After=network.target
[Service]
Environment=NODE_ENV=production
WorkingDirectory=/home/snakepit
WorkingDirectory=/code
Type=simple
User=snakepit
ExecStart=/usr/local/bin/snakepit
ExecStart=/usr/bin/node /code/src/service.js
Restart=on-failure
[Install]

Просмотреть файл

@ -8,9 +8,13 @@ const oneMinute = 60 * oneSecond
const oneHour = 60 * oneMinute
const oneDay = 24 * oneHour
var filename = process.env.SNAKEPIT_CONF || '/etc/snakepit.conf'
var filename = process.env.SNAKEPIT_CONF || '/etc/snakepit/snakepit.conf'
if (!fs.existsSync(filename)) {
if (process.env.HOME) {
filename = path.join(process.env.HOME, '.snakepit', 'snakepit.conf')
} else {
filename = path.join('config', 'snakepit.conf')
}
}
function tryConfigFile(fun, verb) {

Просмотреть файл

@ -330,7 +330,9 @@ function _createJobDescription(dbjob) {
description: dbjob.description,
user: dbjob.user,
groups: dbjob.groups,
resources: dbjob.state >= jobStates.STARTING ? summarizeClusterReservation(dbjob.clusterReservation, true) : dbjob.clusterRequest,
resources: dbjob.state >= jobStates.STARTING ?
summarizeClusterReservation(dbjob.clusterReservation, true) :
dbjob.clusterRequest,
state: dbjob.state,
since: duration,
schedulePosition: db.schedule.indexOf(dbjob.id),

Просмотреть файл

@ -1,10 +1,12 @@
const cluster = require('cluster')
const cpus = require('os').cpus().length
const lxdn = require('lxdn')
const config = require('./config.js')
const modules = 'jobfs users groups nodes jobs aliases'
.split(' ').map(name => require('./' + name + '.js'))
if (cluster.isMaster) {
let mainClient = lxdn(config.lxd, { key: config.lxdkey, cert: config.lxdcert })
modules.forEach(module => (module.initDb || Function)())
modules.forEach(module => (module.tick || Function)())
for (let i = 0; i < cpus; i++) {

Просмотреть файл

@ -155,7 +155,7 @@ function _writeDb() {
storeLog = []
fs.writeFile(DB_PATH, JSON.stringify(rawRoot, null, '\t'), function(err) {
if(err)
return console.err(err);
return console.error(err);
//log('Wrote db!')
})
}