Added installation of Warden client library to Vagrant box provisioning.

(Redmine issue: #7041)

Added installation of Warden client library to Vagrant box provisioning.
0d0a9206 · Jan Mach · 2722206b · 0d0a9206 · 0d0a9206 · 2722206b
Commit 0d0a9206 authored 3 years ago by Jan Mach
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -26,7 +26,7 @@ Vagrant.configure('2') do |config|
  # your network.
  # config.vm.network "public_network"

-  config.vm.provision 'shell', inline: <<-SHELL
+  config.vm.provision 'bootstrap', type: 'shell', inline: <<-SHELL
    bash /vagrant/vagrantenv/provision.sh
  SHELL


--- a/doc/sphinx/_doclib/development.rst
+++ b/doc/sphinx/_doclib/development.rst
@@ -674,23 +674,22 @@ initial tips:

 .. code-block:: shell

-	# Alias to quickly switch to mentat user with sudo su:
-	sm # Stands for 'SuMentat'
 	# Alias to quickly enter work directory:
 	wd # Stands for 'WorkDirectory'
 	# Alias to enable Python virtual environment:
 	ve # Stands for 'VirtualEnvironment'

-Basically you should execute all these aliases in succesion to end up with a prompt like this
-and ready to work:
+Basically you should execute both of these aliases in succesion to end up with a prompt like this
+and be ready to work:

 .. code-block:: shell

 	(venv) !DEV! mentat@mentat-devel /vagrant $

-At this point your development machine is ready, however the database is completely empty.
-For normal development workflow you will need a snapshot of production database. First fetch
-the snapshot to your host machine:
+At this point your development machine is ready, however the database is completely empty. There are
+no user accounts, no abuse groups, nothing. You may run Mentat`s backend services, the user interface
+will however not be usable. For normal development workflow you will need a snapshot of production
+database. First fetch the snapshot from ``mentat-alt.cesnet.cz`` server to your host machine:

 .. code-block:: shell

@@ -702,25 +701,34 @@ When that is done execute following command from within the development box:

 	(venv) !DEV! mentat@mentat-devel /vagrant $ make data-fetch-dbsnapshot

-Another option is to load basic data fixtures:
+Another option is instead of importing the snapshot to load basic data fixtures:

 .. code-block:: shell

 	(venv) !DEV! mentat@mentat-devel /vagrant $ mentat-dbmngr.py --command fixtures-add

-Keep in mind following:
+When working in Vagrat box please note and keep in mind following:

-* You will be connected as user ``mentat`` with passwordless sudo privileges.
-* Default built-in user ``vagrant`` is also with passwordless sudo privileges.
-* Users ``mentat``, ``vagrant`` and ``root`` are all superusers for local development PostgreSQL database. To enter database just run ``psql [dbname]``.
-* Intended workflow is editing code in your favorite editor from outside of the box and running Mentat inside.
+* By default you will be connected as user ``mentat`` with passwordless sudo privileges.
+* Default built-in user ``vagrant`` comes also with passwordless sudo privileges.
+* Users ``mentat``, ``vagrant`` and ``root`` are all superusers for local PostgreSQL database. SpTo enter database just run ``psql [dbname]``.
+* Intended workflow is to edit the source code in your favorite editor from outside of the box and running Mentat inside.
 * To access web interface from your host machine navigate to `https://localhost:4443 <https://localhost:4443>`__.
 * To access Flask`s development web interface from your host machine you must first launch it inside the guest box with ``make run-webui-dev`` and then navigate to `http://localhost:5000 <http://localhost:5000>`__.
 * For your convenience during development you may use awesome `Sendria <https://github.com/msztolcman/sendria>`__ service to view emails being send. It can be controlled via Systemd and running on startup. Just navigate from your host machine to `http://localhost:1080 <http://localhost:1080>`__.
+* To access real world data there is Warden filer preinstalled on the Vagrant box. Currently you must however perform the Warden registration process.

 At this point you are all set to develop Mentat locally without cluttering your personal
 workstation.

+.. code-block:: shell
+
+	warden-apply.sh ...
+
+	# Warden filer is not running by default.
+	(venv) !DEV! mentat@mentat-devel /vagrant $ sudo systemctl status warden_filer.service
+
+
 To refresh the development box use following Vagrant commands:

 .. code-block:: shell

--- a/vagrantenv/apt.list
+++ b/vagrantenv/apt.list
-vim
--- a/vagrantenv/provision.sh
+++ b/vagrantenv/provision.sh
@@ -144,7 +144,7 @@ ensure_link /vagrant/vagrantenv/postfix.main.cf /etc/postfix/main.cf
 systemctl restart postfix.service

 ensure_link /vagrant/etc/systemd/system/sendria.service /etc/systemd/system/sendria.service
-mkdir /var/sendria
+mkdir -p /var/sendria
 chown mentat:mentat /var/sendria
 touch /var/log/sendria.log
 chown -R mentat:mentat /var/log/sendria.log
@@ -189,5 +189,25 @@ if [ ! -L /etc/apache2/sites-enabled/site_mentat_vagrant.conf ] ; then
  systemctl restart apache2.service
 fi

+echo "==========> Installing Warden client library"
+if [ ! -d /opt/warden3 ] ; then
+  git clone https://homeproj.cesnet.cz/git/warden.git/ /opt/warden3
+fi
+mkdir -p /etc/warden_client/warden_filer
+mkdir -p /run/warden_filer
+mkdir -p /var/lib/warden_filer
+chown -R mentat:mentat /run/warden_filer
+chown -R mentat:mentat /var/lib/warden_filer
+ensure_link /opt/warden3/warden_client/warden_client.py /usr/local/bin/warden_client.py
+ensure_link /opt/warden3/warden_filer/warden_filer.py /usr/local/bin/warden_filer.py
+ensure_link /opt/warden3/warden_ra/warden_apply.sh /usr/local/bin/warden_apply.sh
+chmod a+x /usr/local/bin/warden_client.py
+chmod a+x /usr/local/bin/bin/warden_filer.py
+chmod a+x /usr/local/bin/warden_apply.sh
+ensure_link /vagrant/vagrantenv/warden/warden_filer /etc/default/warden_filer
+ensure_link /vagrant/vagrantenv/warden/warden_filer.cfg /etc/warden_client/warden_filer.cfg
+ensure_link /vagrant/vagrantenv/warden/warden_filer_receiver.service /etc/systemd/system/warden_filer_receiver.service
+systemctl daemon-reload
+
 echo "==========> <DONE> provision.sh"
 date
--- a/vagrantenv/warden/warden_filer
+++ b/vagrantenv/warden/warden_filer
+#!/bin/bash
+PYTHONPATH="/usr/local/bin"
--- a/vagrantenv/warden/warden_filer.cfg
+++ b/vagrantenv/warden/warden_filer.cfg
+// For all options see documentation
+{
+    // Warden config can be also referenced as:
+    // "warden": "/path/to/warden_client.cfg"
+    "warden": {
+        "url": "https://warden-hub.cesnet.cz/warden3",
+        "cafile": "/etc/ssl/certs/ca-certificates.crt",
+        "keyfile": "/etc/warden/warden_client/warden_filer/key.pem",
+        "certfile": "/etc/warden/warden_client/warden_filer/cert.pem",
+        "timeout": 30,
+        "send_events_limit": 2000,
+        "get_events_limit": 2000,
+        "errlog": {"level": "debug"},
+        "filelog": {"level": "debug", "file": "/var/log/warden_filer.log"},
+        "idstore": "/var/lib/warden_filer/warden_filer.id",
+        "name": "cz.cesnet.vagrant"
+    },
+    "receiver": {
+        "dir": "/var/mentat/spool/mentat-inspector.py",
+        "pid_file": "/run/warden_filer/receiver.pid",
+        "uid": 1001,
+        "gid": 1001,
+        "file_limit": 5000,
+        "limit_wait_time": 20
+    }
+}
--- a/vagrantenv/warden/warden_filer_receiver.service
+++ b/vagrantenv/warden/warden_filer_receiver.service
+[Unit]
+Description=Warden Filer - receiver
+After=syslog.target network.target remote-fs.target nss-lookup.target
+
+[Service]
+Type=forking
+EnvironmentFile=/etc/default/warden_filer
+PIDFile=/run/warden_filer/receiver.pid
+ExecStart=/usr/local/bin/warden_filer.py -c "/etc/warden_client/warden_filer.cfg" --pid_file "/run/warden_filer/receiver.pid" --daemon receiver
+ExecStartPre=/bin/mkdir -p /run/warden_filer/
+ExecStartPre=/bin/chown -R mentat:mentat /run/warden_filer/
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target