diff options
| -rw-r--r-- | provider_base/services/hidden_service.rb | 4 | ||||
| -rw-r--r-- | provider_base/services/tor_exit.rb | 4 | ||||
| -rw-r--r-- | provider_base/services/tor_hidden_service.json (renamed from provider_base/services/hidden_service.json) | 0 | ||||
| -rw-r--r-- | provider_base/services/tor_hidden_service.rb | 4 | ||||
| -rw-r--r-- | provider_base/services/tor_relay.rb | 4 | ||||
| -rw-r--r-- | puppet/manifests/site.pp | 2 | ||||
| -rw-r--r-- | puppet/modules/site_static/manifests/hidden_service.pp | 6 | ||||
| -rw-r--r-- | puppet/modules/site_static/manifests/init.pp | 13 | ||||
| -rw-r--r-- | puppet/modules/site_tor/manifests/hidden_service.pp | 13 | ||||
| -rw-r--r-- | puppet/modules/site_webapp/manifests/hidden_service.pp | 3 | ||||
| -rw-r--r-- | puppet/modules/site_webapp/manifests/init.pp | 3 | ||||
| -rwxr-xr-x | tests/platform-ci/ci-build.sh | 17 | ||||
| -rw-r--r-- | tests/platform-ci/provider/nodes/catalogtest.json | 2 |
13 files changed, 51 insertions, 24 deletions
diff --git a/provider_base/services/hidden_service.rb b/provider_base/services/hidden_service.rb deleted file mode 100644 index 50701681..00000000 --- a/provider_base/services/hidden_service.rb +++ /dev/null @@ -1,4 +0,0 @@ -if self.services.include?("tor_exit") || self.services.include?("tor_relay") - LeapCli.log :error, "service `hidden_service` is not compatible with tor_exit or tor_relay (node #{self.name})." -end -self.tor['type'] = "hidden_service"
\ No newline at end of file diff --git a/provider_base/services/tor_exit.rb b/provider_base/services/tor_exit.rb index 05c67438..bd801a3d 100644 --- a/provider_base/services/tor_exit.rb +++ b/provider_base/services/tor_exit.rb @@ -1,5 +1,5 @@ -if self.services.include?("hidden_service") || self.services.include?("tor_relay") - LeapCli.log :error, "service `tor_exit` is not compatible with tor_relay or hidden_service (node #{self.name})." +if self.services.include?("tor_hidden_service") || self.services.include?("tor_relay") + LeapCli.log :error, "service `tor_exit` is not compatible with tor_relay or tor_hidden_service (node #{self.name})." exit(1) end apply_partial("_tor_common") diff --git a/provider_base/services/hidden_service.json b/provider_base/services/tor_hidden_service.json index 137932fa..137932fa 100644 --- a/provider_base/services/hidden_service.json +++ b/provider_base/services/tor_hidden_service.json diff --git a/provider_base/services/tor_hidden_service.rb b/provider_base/services/tor_hidden_service.rb new file mode 100644 index 00000000..8b8eb24d --- /dev/null +++ b/provider_base/services/tor_hidden_service.rb @@ -0,0 +1,4 @@ +if self.services.include?("tor_exit") || self.services.include?("tor_relay") + LeapCli.log :error, "service `tor_hidden_service` is not compatible with tor_exit or tor_relay (node #{self.name})." +end +self.tor['type'] = "hidden_service" diff --git a/provider_base/services/tor_relay.rb b/provider_base/services/tor_relay.rb index 42bafb94..7fce6ae4 100644 --- a/provider_base/services/tor_relay.rb +++ b/provider_base/services/tor_relay.rb @@ -1,6 +1,6 @@ -if self.services.include?("tor_exit") || self.services.include?("hidden_service") - LeapCli.log :error, "service `tor_relay` is not compatible with tor_exit or hidden_service (node #{self.name})." +if self.services.include?("tor_exit") || self.services.include?("tor_hidden_service") + LeapCli.log :error, "service `tor_relay` is not compatible with tor_exit or tor_hidden_service (node #{self.name})." end apply_partial("_tor_common") self.tor['type'] = "relay" diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index f3e752cc..1f80c47c 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -52,7 +52,7 @@ node default { include site_tor::relay } - if member($services, 'hidden_service') { + if member($services, 'tor_hidden_service') { include site_tor::hidden_service } diff --git a/puppet/modules/site_static/manifests/hidden_service.pp b/puppet/modules/site_static/manifests/hidden_service.pp index dcf3785e..f23727f7 100644 --- a/puppet/modules/site_static/manifests/hidden_service.pp +++ b/puppet/modules/site_static/manifests/hidden_service.pp @@ -1,13 +1,15 @@ # create hidden service for static sites class site_static::hidden_service ( $single_hop = false ) { + Class['site_tor::hidden_service'] -> Class['site_static::hidden_service'] + include site_tor::hidden_service - include site_tor tor::daemon::hidden_service { 'static': ports => [ '80 127.0.0.1:80'], single_hop => $single_hop } + file { - '/var/lib/tor/webapp/': + '/var/lib/tor/static/': ensure => directory, owner => 'debian-tor', group => 'debian-tor', diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp index 4ddce5ed..40c6a28b 100644 --- a/puppet/modules/site_static/manifests/init.pp +++ b/puppet/modules/site_static/manifests/init.pp @@ -7,12 +7,13 @@ class site_static { include site_config::x509::key include site_config::x509::ca_bundle - $static = hiera('static') - $domains = $static['domains'] - $formats = $static['formats'] - $bootstrap = $static['bootstrap_files'] - $tor = hiera('tor', false) - if $tor and member($services, 'hidden_service') { + $services = hiera('services', []) + $static = hiera('static') + $domains = $static['domains'] + $formats = $static['formats'] + $bootstrap = $static['bootstrap_files'] + $tor = hiera('tor', false) + if $tor and member($services, 'tor_hidden_service') { $onion_active = true } else { $onion_active = false diff --git a/puppet/modules/site_tor/manifests/hidden_service.pp b/puppet/modules/site_tor/manifests/hidden_service.pp new file mode 100644 index 00000000..87a7b696 --- /dev/null +++ b/puppet/modules/site_tor/manifests/hidden_service.pp @@ -0,0 +1,13 @@ +# This class simply makes sure a base tor is installed and configured +# It doesn't configure any specific hidden service functionality, +# instead that is configured in site_webapp::hidden_service and +# site_static::hidden_service. +# +# Those could be factored out to make them more generic. +class site_tor::hidden_service { + tag 'leap_service' + Class['site_config::default'] -> Class['site_tor::hidden_service'] + + include site_config::default + include site_tor +} diff --git a/puppet/modules/site_webapp/manifests/hidden_service.pp b/puppet/modules/site_webapp/manifests/hidden_service.pp index 658d62f9..1f87da6b 100644 --- a/puppet/modules/site_webapp/manifests/hidden_service.pp +++ b/puppet/modules/site_webapp/manifests/hidden_service.pp @@ -1,5 +1,7 @@ # Configure tor hidden service for webapp class site_webapp::hidden_service { + Class['site_tor::hidden_service'] -> Class['site_webapp::hidden_service'] + include site_tor::hidden_service $tor = hiera('tor') $hidden_service = $tor['hidden_service'] $onion_domain = "${hidden_service['address']}.onion" @@ -10,7 +12,6 @@ class site_webapp::hidden_service { include apache::module::expires include apache::module::removeip - include site_tor tor::daemon::hidden_service { 'webapp': ports => [ '80 127.0.0.1:80'], single_hop => $hidden_service['single_hop'] diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 968859bf..605d71b3 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -1,6 +1,7 @@ # configure webapp service class site_webapp { tag 'leap_service' + $services = hiera('services', []) $definition_files = hiera('definition_files') $provider = $definition_files['provider'] $eip_service = $definition_files['eip_service'] @@ -177,7 +178,7 @@ class site_webapp { notify => Service['apache']; } - if $tor and member($services, 'hidden_service') { + if $tor and member($services, 'tor_hidden_service') { $hidden_service = $tor['hidden_service'] include ::site_webapp::hidden_service } diff --git a/tests/platform-ci/ci-build.sh b/tests/platform-ci/ci-build.sh index 4710bc88..06af59ca 100755 --- a/tests/platform-ci/ci-build.sh +++ b/tests/platform-ci/ci-build.sh @@ -71,6 +71,13 @@ test() { } build_from_scratch() { + # allow passing into the function the services, use a default set if empty + SERVICES=$1 + if [ -z "$SERVICES" ] + then + SERVICES='couchdb,soledad,mx,webapp,tor_relay,monitor' + fi + # when using gitlab-runner locally, CI_JOB_ID is always 1 which # will conflict with running/terminating AWS instances in subsequent runs # therefore we pick a random number in this case @@ -78,10 +85,7 @@ build_from_scratch() { # create node(s) with unique id so we can run tests in parallel NAME="citest${CI_JOB_ID:-0}" - - TAG='single' - SERVICES='couchdb,soledad,mx,webapp,tor,monitor' # leap_platform/tests/platform-ci/provider PROVIDERDIR="${ROOTDIR}/provider" @@ -184,7 +188,7 @@ upgrade_test() { cd "$PROVIDERDIR" - build_from_scratch + build_from_scratch 'couchdb,soledad,mx,webapp,tor,monitor' deploy test @@ -200,6 +204,11 @@ upgrade_test() { /usr/local/bin/bundle install cd "$PROVIDERDIR" + + # due to the 'tor' service no longer being valid in 0.10, we need to change + # that service to 'tor_relay'. This is done by changing the services array + # with jq to be set to the full correct list of services + jq '.services = ["couchdb","soledad","mx","webapp","tor_relay","monitor"]' < nodes/${NAME}.json deploy test diff --git a/tests/platform-ci/provider/nodes/catalogtest.json b/tests/platform-ci/provider/nodes/catalogtest.json index 05703666..bbf79d9e 100644 --- a/tests/platform-ci/provider/nodes/catalogtest.json +++ b/tests/platform-ci/provider/nodes/catalogtest.json @@ -10,7 +10,7 @@ "webapp", "monitor", "openvpn", - "tor", + "tor_relay", "obfsproxy", "static" ], |