add docker.sh
This commit is contained in:
parent
cb6243c3e2
commit
7e4b6a018a
|
@ -28,12 +28,10 @@ services:
|
||||||
image: debian:buster
|
image: debian:buster
|
||||||
commands:
|
commands:
|
||||||
- .drone/auth1-setup.sh
|
- .drone/auth1-setup.sh
|
||||||
- sleep infinity
|
|
||||||
- name: coffee
|
- name: coffee
|
||||||
image: debian:buster
|
image: debian:buster
|
||||||
commands:
|
commands:
|
||||||
- .drone/coffee-setup.sh
|
- .drone/coffee-setup.sh
|
||||||
- sleep infinity
|
|
||||||
|
|
||||||
trigger:
|
trigger:
|
||||||
branch:
|
branch:
|
||||||
|
|
|
@ -18,6 +18,9 @@ export DEBIAN_FRONTEND=noninteractive
|
||||||
apt update
|
apt update
|
||||||
apt install -y psmisc
|
apt install -y psmisc
|
||||||
|
|
||||||
|
# If we don't do this then OpenLDAP uses a lot of RAM
|
||||||
|
ulimit -n 1024
|
||||||
|
|
||||||
# LDAP
|
# LDAP
|
||||||
apt install -y --no-install-recommends slapd ldap-utils libnss-ldapd sudo-ldap
|
apt install -y --no-install-recommends slapd ldap-utils libnss-ldapd sudo-ldap
|
||||||
# `service slapd stop` doesn't seem to work
|
# `service slapd stop` doesn't seem to work
|
||||||
|
@ -40,6 +43,9 @@ sed -E -i 's/^base .*$/base dc=csclub,dc=internal/' /etc/nslcd.conf
|
||||||
cp .drone/nsswitch.conf /etc/nsswitch.conf
|
cp .drone/nsswitch.conf /etc/nsswitch.conf
|
||||||
service nslcd start
|
service nslcd start
|
||||||
ldapadd -c -f .drone/data.ldif -Y EXTERNAL -H ldapi:///
|
ldapadd -c -f .drone/data.ldif -Y EXTERNAL -H ldapi:///
|
||||||
|
if [ -z "$CI" ]; then
|
||||||
|
ldapadd -c -f .drone/uwldap_data.ldif -Y EXTERNAL -H ldapi:///
|
||||||
|
fi
|
||||||
|
|
||||||
# KERBEROS
|
# KERBEROS
|
||||||
apt install -y krb5-admin-server krb5-user libpam-krb5 libsasl2-modules-gssapi-mit sasl2-bin
|
apt install -y krb5-admin-server krb5-user libpam-krb5 libsasl2-modules-gssapi-mit sasl2-bin
|
||||||
|
@ -81,3 +87,5 @@ killall slapd && sleep 0.5 && service slapd start
|
||||||
# sync with phosphoric-acid
|
# sync with phosphoric-acid
|
||||||
apt install -y netcat-openbsd
|
apt install -y netcat-openbsd
|
||||||
nc -l 0.0.0.0 9000
|
nc -l 0.0.0.0 9000
|
||||||
|
|
||||||
|
sleep infinity
|
||||||
|
|
|
@ -46,3 +46,5 @@ EOF" postgres
|
||||||
# sync with phosphoric-acid
|
# sync with phosphoric-acid
|
||||||
apt install -y netcat-openbsd
|
apt install -y netcat-openbsd
|
||||||
nc -l 0.0.0.0 9000
|
nc -l 0.0.0.0 9000
|
||||||
|
|
||||||
|
sleep infinity
|
||||||
|
|
|
@ -123,3 +123,34 @@ objectClass: group
|
||||||
objectClass: posixGroup
|
objectClass: posixGroup
|
||||||
cn: regular1
|
cn: regular1
|
||||||
gidNumber: 20002
|
gidNumber: 20002
|
||||||
|
|
||||||
|
dn: uid=exec1,ou=People,dc=csclub,dc=internal
|
||||||
|
cn: Regular One
|
||||||
|
userPassword: {SASL}exec1@CSCLUB.INTERNAL
|
||||||
|
loginShell: /bin/bash
|
||||||
|
homeDirectory: /users/exec1
|
||||||
|
uid: exec1
|
||||||
|
uidNumber: 20003
|
||||||
|
gidNumber: 20003
|
||||||
|
objectClass: top
|
||||||
|
objectClass: account
|
||||||
|
objectClass: posixAccount
|
||||||
|
objectClass: shadowAccount
|
||||||
|
objectClass: member
|
||||||
|
program: MAT/Mathematics Computer Science
|
||||||
|
term: s2021
|
||||||
|
|
||||||
|
dn: cn=exec1,ou=Group,dc=csclub,dc=internal
|
||||||
|
objectClass: top
|
||||||
|
objectClass: group
|
||||||
|
objectClass: posixGroup
|
||||||
|
cn: exec1
|
||||||
|
gidNumber: 20003
|
||||||
|
|
||||||
|
dn: cn=exec,ou=Group,dc=csclub,dc=internal
|
||||||
|
objectClass: top
|
||||||
|
objectClass: group
|
||||||
|
objectClass: posixGroup
|
||||||
|
cn: syscom
|
||||||
|
gidNumber: 10013
|
||||||
|
uniqueMember: uid=exec1,ou=People,dc=csclub,dc=internal
|
||||||
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -ex
|
||||||
|
|
||||||
|
. .drone/common.sh
|
||||||
|
|
||||||
|
# set FQDN in /etc/hosts
|
||||||
|
add_fqdn_to_hosts $(get_ip_addr $(hostname)) mail
|
||||||
|
|
||||||
|
. venv/bin/activate
|
||||||
|
python tests/MockMailmanServer.py &
|
||||||
|
python tests/MockSMTPServer.py &
|
||||||
|
|
||||||
|
sleep infinity
|
|
@ -22,6 +22,10 @@ sync_with() {
|
||||||
add_fqdn_to_hosts $(get_ip_addr $(hostname)) phosphoric-acid
|
add_fqdn_to_hosts $(get_ip_addr $(hostname)) phosphoric-acid
|
||||||
add_fqdn_to_hosts $(get_ip_addr auth1) auth1
|
add_fqdn_to_hosts $(get_ip_addr auth1) auth1
|
||||||
add_fqdn_to_hosts $(get_ip_addr coffee) coffee
|
add_fqdn_to_hosts $(get_ip_addr coffee) coffee
|
||||||
|
# mail container doesn't run in CI
|
||||||
|
if [ -z "$CI" ]; then
|
||||||
|
add_fqdn_to_hosts $(get_ip_addr mail) mail
|
||||||
|
fi
|
||||||
|
|
||||||
export DEBIAN_FRONTEND=noninteractive
|
export DEBIAN_FRONTEND=noninteractive
|
||||||
apt update
|
apt update
|
||||||
|
@ -62,3 +66,13 @@ sync_with coffee
|
||||||
shopt -s dotglob
|
shopt -s dotglob
|
||||||
mkdir -p /users/skel
|
mkdir -p /users/skel
|
||||||
cp /etc/skel/* /users/skel/
|
cp /etc/skel/* /users/skel/
|
||||||
|
|
||||||
|
# create directories for users
|
||||||
|
for user in ctdalek regular1 exec1; do
|
||||||
|
mkdir /users/$user
|
||||||
|
chown $user:$user /users/$user
|
||||||
|
done
|
||||||
|
|
||||||
|
if [ -z "$CI" ]; then
|
||||||
|
sleep infinity
|
||||||
|
fi
|
||||||
|
|
|
@ -0,0 +1,78 @@
|
||||||
|
dn: ou=People,dc=uwaterloo,dc=internal
|
||||||
|
objectClass: organizationalUnit
|
||||||
|
ou: People
|
||||||
|
|
||||||
|
dn: uid=ctdalek,ou=People,dc=uwaterloo,dc=internal
|
||||||
|
displayName: Calum Dalek
|
||||||
|
givenName: Calum
|
||||||
|
sn: Dalek
|
||||||
|
cn: Calum Dalek
|
||||||
|
ou: MAT/Mathematics Computer Science
|
||||||
|
mailLocalAddress: ctdalek@uwaterloo.internal
|
||||||
|
objectClass: inetLocalMailRecipient
|
||||||
|
objectClass: inetOrgPerson
|
||||||
|
objectClass: organizationalPerson
|
||||||
|
objectClass: person
|
||||||
|
objectClass: top
|
||||||
|
uid: ctdalek
|
||||||
|
mail: ctdalek@uwaterloo.internal
|
||||||
|
|
||||||
|
dn: uid=regular1,ou=People,dc=uwaterloo,dc=internal
|
||||||
|
displayName: Regular One
|
||||||
|
givenName: Regular
|
||||||
|
sn: One
|
||||||
|
cn: Regular One
|
||||||
|
ou: MAT/Mathematics Computer Science
|
||||||
|
mailLocalAddress: regular1@uwaterloo.internal
|
||||||
|
objectClass: inetLocalMailRecipient
|
||||||
|
objectClass: inetOrgPerson
|
||||||
|
objectClass: organizationalPerson
|
||||||
|
objectClass: person
|
||||||
|
objectClass: top
|
||||||
|
uid: regular1
|
||||||
|
mail: regular1@uwaterloo.internal
|
||||||
|
|
||||||
|
dn: uid=regular2,ou=People,dc=uwaterloo,dc=internal
|
||||||
|
displayName: Regular Two
|
||||||
|
givenName: Regular
|
||||||
|
sn: Two
|
||||||
|
cn: Regular Two
|
||||||
|
ou: MAT/Mathematics Computer Science
|
||||||
|
mailLocalAddress: regular2@uwaterloo.internal
|
||||||
|
objectClass: inetLocalMailRecipient
|
||||||
|
objectClass: inetOrgPerson
|
||||||
|
objectClass: organizationalPerson
|
||||||
|
objectClass: person
|
||||||
|
objectClass: top
|
||||||
|
uid: regular2
|
||||||
|
mail: regular2@uwaterloo.internal
|
||||||
|
|
||||||
|
dn: uid=exec1,ou=People,dc=uwaterloo,dc=internal
|
||||||
|
displayName: Exec One
|
||||||
|
givenName: Exec
|
||||||
|
sn: One
|
||||||
|
cn: Exec One
|
||||||
|
ou: MAT/Mathematics Computer Science
|
||||||
|
mailLocalAddress: exec1@uwaterloo.internal
|
||||||
|
objectClass: inetLocalMailRecipient
|
||||||
|
objectClass: inetOrgPerson
|
||||||
|
objectClass: organizationalPerson
|
||||||
|
objectClass: person
|
||||||
|
objectClass: top
|
||||||
|
uid: exec1
|
||||||
|
mail: exec1@uwaterloo.internal
|
||||||
|
|
||||||
|
dn: uid=exec2,ou=People,dc=uwaterloo,dc=internal
|
||||||
|
displayName: Exec Two
|
||||||
|
givenName: Exec
|
||||||
|
sn: One
|
||||||
|
cn: Exec Two
|
||||||
|
ou: MAT/Mathematics Computer Science
|
||||||
|
mailLocalAddress: exec2@uwaterloo.internal
|
||||||
|
objectClass: inetLocalMailRecipient
|
||||||
|
objectClass: inetOrgPerson
|
||||||
|
objectClass: organizationalPerson
|
||||||
|
objectClass: person
|
||||||
|
objectClass: top
|
||||||
|
uid: exec2
|
||||||
|
mail: exec2@uwaterloo.internal
|
|
@ -0,0 +1,40 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -x
|
||||||
|
|
||||||
|
if ! [ -d venv ]; then
|
||||||
|
docker run --rm -v "$PWD:$PWD" -w "$PWD" python:3.7-buster \
|
||||||
|
sh -c "python -m venv && . venv/bin/activate && pip install -r dev-requirements.txt && pip install -r requirements.txt"
|
||||||
|
fi
|
||||||
|
|
||||||
|
case $1 in
|
||||||
|
up)
|
||||||
|
docker network create ceod
|
||||||
|
for host in auth1 coffee mail phosphoric-acid; do
|
||||||
|
if [ $host = auth1 -o $host = coffee ]; then
|
||||||
|
image=debian:buster
|
||||||
|
else
|
||||||
|
image=python:3.7-buster
|
||||||
|
fi
|
||||||
|
docker run \
|
||||||
|
--detach \
|
||||||
|
--name $host \
|
||||||
|
--hostname $host \
|
||||||
|
--network ceod \
|
||||||
|
--volume "$PWD:$PWD" \
|
||||||
|
--workdir "$PWD" \
|
||||||
|
$image .drone/$host-setup.sh
|
||||||
|
done
|
||||||
|
;;
|
||||||
|
down)
|
||||||
|
for host in auth1 coffee mail phosphoric-acid; do
|
||||||
|
docker kill $host
|
||||||
|
docker rm $host
|
||||||
|
done
|
||||||
|
docker network rm ceod
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo 'Usage: docker.sh <up|down>' >&2
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
|
@ -4,7 +4,8 @@ from aiohttp import web
|
||||||
|
|
||||||
|
|
||||||
class MockMailmanServer:
|
class MockMailmanServer:
|
||||||
def __init__(self):
|
def __init__(self, port=8002):
|
||||||
|
self.port = port
|
||||||
self.app = web.Application()
|
self.app = web.Application()
|
||||||
self.app.add_routes([
|
self.app.add_routes([
|
||||||
web.post('/members', self.subscribe),
|
web.post('/members', self.subscribe),
|
||||||
|
@ -24,7 +25,7 @@ class MockMailmanServer:
|
||||||
def _start_loop(self):
|
def _start_loop(self):
|
||||||
asyncio.set_event_loop(self.loop)
|
asyncio.set_event_loop(self.loop)
|
||||||
self.loop.run_until_complete(self.runner.setup())
|
self.loop.run_until_complete(self.runner.setup())
|
||||||
site = web.TCPSite(self.runner, '127.0.0.1', 8002)
|
site = web.TCPSite(self.runner, '127.0.0.1', self.port)
|
||||||
self.loop.run_until_complete(site.start())
|
self.loop.run_until_complete(site.start())
|
||||||
self.loop.run_forever()
|
self.loop.run_forever()
|
||||||
|
|
||||||
|
@ -67,3 +68,8 @@ class MockMailmanServer:
|
||||||
}, status=404)
|
}, status=404)
|
||||||
subscribers.remove(subscriber)
|
subscribers.remove(subscriber)
|
||||||
return web.json_response({'status': 'OK'})
|
return web.json_response({'status': 'OK'})
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
server = MockMailmanServer(8001)
|
||||||
|
server.start()
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
|
import os
|
||||||
|
|
||||||
from aiosmtpd.controller import Controller
|
from aiosmtpd.controller import Controller
|
||||||
|
|
||||||
|
|
||||||
|
@ -25,3 +27,9 @@ class MockHandler:
|
||||||
}
|
}
|
||||||
self.mock_server.messages.append(msg)
|
self.mock_server.messages.append(msg)
|
||||||
return '250 Message accepted for delivery'
|
return '250 Message accepted for delivery'
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
assert os.geteuid() == 0
|
||||||
|
server = MockSMTPServer('0.0.0.0', 25)
|
||||||
|
server.start()
|
||||||
|
|
|
@ -13,15 +13,15 @@ port = 9987
|
||||||
|
|
||||||
[ldap]
|
[ldap]
|
||||||
admin_principal = ceod/admin
|
admin_principal = ceod/admin
|
||||||
server_url = ldap://ldap-master.csclub.internal
|
server_url = ldap://auth1.csclub.internal
|
||||||
sasl_realm = CSCLUB.INTERNAL
|
sasl_realm = CSCLUB.INTERNAL
|
||||||
users_base = ou=People,dc=csclub,dc=internal
|
users_base = ou=People,dc=csclub,dc=internal
|
||||||
groups_base = ou=Group,dc=csclub,dc=internal
|
groups_base = ou=Group,dc=csclub,dc=internal
|
||||||
sudo_base = ou=SUDOers,dc=csclub,dc=internal
|
sudo_base = ou=SUDOers,dc=csclub,dc=internal
|
||||||
|
|
||||||
[uwldap]
|
[uwldap]
|
||||||
server_url = ldap://uwldap.uwaterloo.ca
|
server_url = ldap://auth1.csclub.internal
|
||||||
base = dc=uwaterloo,dc=ca
|
base = dc=uwaterloo,dc=internal
|
||||||
|
|
||||||
[members]
|
[members]
|
||||||
min_id = 20001
|
min_id = 20001
|
||||||
|
|
Loading…
Reference in New Issue