From 7e4b6a018a2638e8d867eead7bce0cc1edc01192 Mon Sep 17 00:00:00 2001 From: Max Erenberg <> Date: Thu, 9 Sep 2021 20:13:39 -0400 Subject: [PATCH] add docker.sh --- .drone.yml | 2 - .drone/auth1-setup.sh | 8 ++++ .drone/coffee-setup.sh | 2 + .drone/data.ldif | 31 +++++++++++++ .drone/mail-setup.sh | 14 ++++++ .drone/phosphoric-acid-setup.sh | 14 ++++++ .drone/uwldap_data.ldif | 78 +++++++++++++++++++++++++++++++++ docker.sh | 40 +++++++++++++++++ tests/MockMailmanServer.py | 10 ++++- tests/MockSMTPServer.py | 8 ++++ tests/ceod_dev.ini | 6 +-- 11 files changed, 206 insertions(+), 7 deletions(-) create mode 100755 .drone/mail-setup.sh create mode 100644 .drone/uwldap_data.ldif create mode 100755 docker.sh diff --git a/.drone.yml b/.drone.yml index 0dee1cc..1f6a0ab 100644 --- a/.drone.yml +++ b/.drone.yml @@ -28,12 +28,10 @@ services: image: debian:buster commands: - .drone/auth1-setup.sh - - sleep infinity - name: coffee image: debian:buster commands: - .drone/coffee-setup.sh - - sleep infinity trigger: branch: diff --git a/.drone/auth1-setup.sh b/.drone/auth1-setup.sh index 115d382..4ef21d1 100755 --- a/.drone/auth1-setup.sh +++ b/.drone/auth1-setup.sh @@ -18,6 +18,9 @@ export DEBIAN_FRONTEND=noninteractive apt update apt install -y psmisc +# If we don't do this then OpenLDAP uses a lot of RAM +ulimit -n 1024 + # LDAP apt install -y --no-install-recommends slapd ldap-utils libnss-ldapd sudo-ldap # `service slapd stop` doesn't seem to work @@ -40,6 +43,9 @@ sed -E -i 's/^base .*$/base dc=csclub,dc=internal/' /etc/nslcd.conf cp .drone/nsswitch.conf /etc/nsswitch.conf service nslcd start ldapadd -c -f .drone/data.ldif -Y EXTERNAL -H ldapi:/// +if [ -z "$CI" ]; then + ldapadd -c -f .drone/uwldap_data.ldif -Y EXTERNAL -H ldapi:/// +fi # KERBEROS apt install -y krb5-admin-server krb5-user libpam-krb5 libsasl2-modules-gssapi-mit sasl2-bin @@ -81,3 +87,5 @@ killall slapd && sleep 0.5 && service slapd start # sync with phosphoric-acid apt install -y netcat-openbsd nc -l 0.0.0.0 9000 + +sleep infinity diff --git a/.drone/coffee-setup.sh b/.drone/coffee-setup.sh index e84d137..53054f6 100755 --- a/.drone/coffee-setup.sh +++ b/.drone/coffee-setup.sh @@ -46,3 +46,5 @@ EOF" postgres # sync with phosphoric-acid apt install -y netcat-openbsd nc -l 0.0.0.0 9000 + +sleep infinity diff --git a/.drone/data.ldif b/.drone/data.ldif index 8b57ee7..6a50745 100644 --- a/.drone/data.ldif +++ b/.drone/data.ldif @@ -123,3 +123,34 @@ objectClass: group objectClass: posixGroup cn: regular1 gidNumber: 20002 + +dn: uid=exec1,ou=People,dc=csclub,dc=internal +cn: Regular One +userPassword: {SASL}exec1@CSCLUB.INTERNAL +loginShell: /bin/bash +homeDirectory: /users/exec1 +uid: exec1 +uidNumber: 20003 +gidNumber: 20003 +objectClass: top +objectClass: account +objectClass: posixAccount +objectClass: shadowAccount +objectClass: member +program: MAT/Mathematics Computer Science +term: s2021 + +dn: cn=exec1,ou=Group,dc=csclub,dc=internal +objectClass: top +objectClass: group +objectClass: posixGroup +cn: exec1 +gidNumber: 20003 + +dn: cn=exec,ou=Group,dc=csclub,dc=internal +objectClass: top +objectClass: group +objectClass: posixGroup +cn: syscom +gidNumber: 10013 +uniqueMember: uid=exec1,ou=People,dc=csclub,dc=internal diff --git a/.drone/mail-setup.sh b/.drone/mail-setup.sh new file mode 100755 index 0000000..527698a --- /dev/null +++ b/.drone/mail-setup.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +set -ex + +. .drone/common.sh + +# set FQDN in /etc/hosts +add_fqdn_to_hosts $(get_ip_addr $(hostname)) mail + +. venv/bin/activate +python tests/MockMailmanServer.py & +python tests/MockSMTPServer.py & + +sleep infinity diff --git a/.drone/phosphoric-acid-setup.sh b/.drone/phosphoric-acid-setup.sh index 1977dcd..e90d265 100755 --- a/.drone/phosphoric-acid-setup.sh +++ b/.drone/phosphoric-acid-setup.sh @@ -22,6 +22,10 @@ sync_with() { add_fqdn_to_hosts $(get_ip_addr $(hostname)) phosphoric-acid add_fqdn_to_hosts $(get_ip_addr auth1) auth1 add_fqdn_to_hosts $(get_ip_addr coffee) coffee +# mail container doesn't run in CI +if [ -z "$CI" ]; then + add_fqdn_to_hosts $(get_ip_addr mail) mail +fi export DEBIAN_FRONTEND=noninteractive apt update @@ -62,3 +66,13 @@ sync_with coffee shopt -s dotglob mkdir -p /users/skel cp /etc/skel/* /users/skel/ + +# create directories for users +for user in ctdalek regular1 exec1; do + mkdir /users/$user + chown $user:$user /users/$user +done + +if [ -z "$CI" ]; then + sleep infinity +fi diff --git a/.drone/uwldap_data.ldif b/.drone/uwldap_data.ldif new file mode 100644 index 0000000..4f9cf07 --- /dev/null +++ b/.drone/uwldap_data.ldif @@ -0,0 +1,78 @@ +dn: ou=People,dc=uwaterloo,dc=internal +objectClass: organizationalUnit +ou: People + +dn: uid=ctdalek,ou=People,dc=uwaterloo,dc=internal +displayName: Calum Dalek +givenName: Calum +sn: Dalek +cn: Calum Dalek +ou: MAT/Mathematics Computer Science +mailLocalAddress: ctdalek@uwaterloo.internal +objectClass: inetLocalMailRecipient +objectClass: inetOrgPerson +objectClass: organizationalPerson +objectClass: person +objectClass: top +uid: ctdalek +mail: ctdalek@uwaterloo.internal + +dn: uid=regular1,ou=People,dc=uwaterloo,dc=internal +displayName: Regular One +givenName: Regular +sn: One +cn: Regular One +ou: MAT/Mathematics Computer Science +mailLocalAddress: regular1@uwaterloo.internal +objectClass: inetLocalMailRecipient +objectClass: inetOrgPerson +objectClass: organizationalPerson +objectClass: person +objectClass: top +uid: regular1 +mail: regular1@uwaterloo.internal + +dn: uid=regular2,ou=People,dc=uwaterloo,dc=internal +displayName: Regular Two +givenName: Regular +sn: Two +cn: Regular Two +ou: MAT/Mathematics Computer Science +mailLocalAddress: regular2@uwaterloo.internal +objectClass: inetLocalMailRecipient +objectClass: inetOrgPerson +objectClass: organizationalPerson +objectClass: person +objectClass: top +uid: regular2 +mail: regular2@uwaterloo.internal + +dn: uid=exec1,ou=People,dc=uwaterloo,dc=internal +displayName: Exec One +givenName: Exec +sn: One +cn: Exec One +ou: MAT/Mathematics Computer Science +mailLocalAddress: exec1@uwaterloo.internal +objectClass: inetLocalMailRecipient +objectClass: inetOrgPerson +objectClass: organizationalPerson +objectClass: person +objectClass: top +uid: exec1 +mail: exec1@uwaterloo.internal + +dn: uid=exec2,ou=People,dc=uwaterloo,dc=internal +displayName: Exec Two +givenName: Exec +sn: One +cn: Exec Two +ou: MAT/Mathematics Computer Science +mailLocalAddress: exec2@uwaterloo.internal +objectClass: inetLocalMailRecipient +objectClass: inetOrgPerson +objectClass: organizationalPerson +objectClass: person +objectClass: top +uid: exec2 +mail: exec2@uwaterloo.internal diff --git a/docker.sh b/docker.sh new file mode 100755 index 0000000..96e5301 --- /dev/null +++ b/docker.sh @@ -0,0 +1,40 @@ +#!/bin/bash + +set -x + +if ! [ -d venv ]; then + docker run --rm -v "$PWD:$PWD" -w "$PWD" python:3.7-buster \ + sh -c "python -m venv && . venv/bin/activate && pip install -r dev-requirements.txt && pip install -r requirements.txt" +fi + +case $1 in + up) + docker network create ceod + for host in auth1 coffee mail phosphoric-acid; do + if [ $host = auth1 -o $host = coffee ]; then + image=debian:buster + else + image=python:3.7-buster + fi + docker run \ + --detach \ + --name $host \ + --hostname $host \ + --network ceod \ + --volume "$PWD:$PWD" \ + --workdir "$PWD" \ + $image .drone/$host-setup.sh + done + ;; + down) + for host in auth1 coffee mail phosphoric-acid; do + docker kill $host + docker rm $host + done + docker network rm ceod + ;; + *) + echo 'Usage: docker.sh ' >&2 + exit 1 + ;; +esac diff --git a/tests/MockMailmanServer.py b/tests/MockMailmanServer.py index 561d1ff..d2a3f02 100644 --- a/tests/MockMailmanServer.py +++ b/tests/MockMailmanServer.py @@ -4,7 +4,8 @@ from aiohttp import web class MockMailmanServer: - def __init__(self): + def __init__(self, port=8002): + self.port = port self.app = web.Application() self.app.add_routes([ web.post('/members', self.subscribe), @@ -24,7 +25,7 @@ class MockMailmanServer: def _start_loop(self): asyncio.set_event_loop(self.loop) self.loop.run_until_complete(self.runner.setup()) - site = web.TCPSite(self.runner, '127.0.0.1', 8002) + site = web.TCPSite(self.runner, '127.0.0.1', self.port) self.loop.run_until_complete(site.start()) self.loop.run_forever() @@ -67,3 +68,8 @@ class MockMailmanServer: }, status=404) subscribers.remove(subscriber) return web.json_response({'status': 'OK'}) + + +if __name__ == '__main__': + server = MockMailmanServer(8001) + server.start() diff --git a/tests/MockSMTPServer.py b/tests/MockSMTPServer.py index 0a70c1f..ebcc750 100644 --- a/tests/MockSMTPServer.py +++ b/tests/MockSMTPServer.py @@ -1,3 +1,5 @@ +import os + from aiosmtpd.controller import Controller @@ -25,3 +27,9 @@ class MockHandler: } self.mock_server.messages.append(msg) return '250 Message accepted for delivery' + + +if __name__ == '__main__': + assert os.geteuid() == 0 + server = MockSMTPServer('0.0.0.0', 25) + server.start() diff --git a/tests/ceod_dev.ini b/tests/ceod_dev.ini index f577120..d73955f 100644 --- a/tests/ceod_dev.ini +++ b/tests/ceod_dev.ini @@ -13,15 +13,15 @@ port = 9987 [ldap] admin_principal = ceod/admin -server_url = ldap://ldap-master.csclub.internal +server_url = ldap://auth1.csclub.internal sasl_realm = CSCLUB.INTERNAL users_base = ou=People,dc=csclub,dc=internal groups_base = ou=Group,dc=csclub,dc=internal sudo_base = ou=SUDOers,dc=csclub,dc=internal [uwldap] -server_url = ldap://uwldap.uwaterloo.ca -base = dc=uwaterloo,dc=ca +server_url = ldap://auth1.csclub.internal +base = dc=uwaterloo,dc=internal [members] min_id = 20001