From 0d0a92065fdb192f7d2d2548de4ed8423dbd909a Mon Sep 17 00:00:00 2001
From: Jan Mach <jan.mach@cesnet.cz>
Date: Fri, 29 Oct 2021 11:50:27 +0200
Subject: [PATCH] Added installation of Warden client library to Vagrant box
 provisioning.

(Redmine issue: #7041)
---
 Vagrantfile                                   |  2 +-
 doc/sphinx/_doclib/development.rst            | 34 ++++++++++++-------
 vagrantenv/apt.list                           |  1 -
 vagrantenv/provision.sh                       | 22 +++++++++++-
 vagrantenv/warden/warden_filer                |  2 ++
 vagrantenv/warden/warden_filer.cfg            | 26 ++++++++++++++
 .../warden/warden_filer_receiver.service      | 15 ++++++++
 7 files changed, 86 insertions(+), 16 deletions(-)
 delete mode 100644 vagrantenv/apt.list
 create mode 100644 vagrantenv/warden/warden_filer
 create mode 100644 vagrantenv/warden/warden_filer.cfg
 create mode 100644 vagrantenv/warden/warden_filer_receiver.service

diff --git a/Vagrantfile b/Vagrantfile
index a94fb324..9c8e1667 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -26,7 +26,7 @@ Vagrant.configure('2') do |config|
   # your network.
   # config.vm.network "public_network"
 
-  config.vm.provision 'shell', inline: <<-SHELL
+  config.vm.provision 'bootstrap', type: 'shell', inline: <<-SHELL
     bash /vagrant/vagrantenv/provision.sh
   SHELL
 
diff --git a/doc/sphinx/_doclib/development.rst b/doc/sphinx/_doclib/development.rst
index 94bc7549..b2242bd2 100644
--- a/doc/sphinx/_doclib/development.rst
+++ b/doc/sphinx/_doclib/development.rst
@@ -674,23 +674,22 @@ initial tips:
 
 .. code-block:: shell
 
-	# Alias to quickly switch to mentat user with sudo su:
-	sm # Stands for 'SuMentat'
 	# Alias to quickly enter work directory:
 	wd # Stands for 'WorkDirectory'
 	# Alias to enable Python virtual environment:
 	ve # Stands for 'VirtualEnvironment'
 
-Basically you should execute all these aliases in succesion to end up with a prompt like this
-and ready to work:
+Basically you should execute both of these aliases in succesion to end up with a prompt like this
+and be ready to work:
 
 .. code-block:: shell
 
 	(venv) !DEV! mentat@mentat-devel /vagrant $
 
-At this point your development machine is ready, however the database is completely empty.
-For normal development workflow you will need a snapshot of production database. First fetch
-the snapshot to your host machine:
+At this point your development machine is ready, however the database is completely empty. There are
+no user accounts, no abuse groups, nothing. You may run Mentat`s backend services, the user interface
+will however not be usable. For normal development workflow you will need a snapshot of production
+database. First fetch the snapshot from ``mentat-alt.cesnet.cz`` server to your host machine:
 
 .. code-block:: shell
 
@@ -702,25 +701,34 @@ When that is done execute following command from within the development box:
 
 	(venv) !DEV! mentat@mentat-devel /vagrant $ make data-fetch-dbsnapshot
 
-Another option is to load basic data fixtures:
+Another option is instead of importing the snapshot to load basic data fixtures:
 
 .. code-block:: shell
 
 	(venv) !DEV! mentat@mentat-devel /vagrant $ mentat-dbmngr.py --command fixtures-add
 
-Keep in mind following:
+When working in Vagrat box please note and keep in mind following:
 
-* You will be connected as user ``mentat`` with passwordless sudo privileges.
-* Default built-in user ``vagrant`` is also with passwordless sudo privileges.
-* Users ``mentat``, ``vagrant`` and ``root`` are all superusers for local development PostgreSQL database. To enter database just run ``psql [dbname]``.
-* Intended workflow is editing code in your favorite editor from outside of the box and running Mentat inside.
+* By default you will be connected as user ``mentat`` with passwordless sudo privileges.
+* Default built-in user ``vagrant`` comes also with passwordless sudo privileges.
+* Users ``mentat``, ``vagrant`` and ``root`` are all superusers for local PostgreSQL database. SpTo enter database just run ``psql [dbname]``.
+* Intended workflow is to edit the source code in your favorite editor from outside of the box and running Mentat inside.
 * To access web interface from your host machine navigate to `https://localhost:4443 <https://localhost:4443>`__.
 * To access Flask`s development web interface from your host machine you must first launch it inside the guest box with ``make run-webui-dev`` and then navigate to `http://localhost:5000 <http://localhost:5000>`__.
 * For your convenience during development you may use awesome `Sendria <https://github.com/msztolcman/sendria>`__ service to view emails being send. It can be controlled via Systemd and running on startup. Just navigate from your host machine to `http://localhost:1080 <http://localhost:1080>`__.
+* To access real world data there is Warden filer preinstalled on the Vagrant box. Currently you must however perform the Warden registration process.
 
 At this point you are all set to develop Mentat locally without cluttering your personal
 workstation.
 
+.. code-block:: shell
+
+	warden-apply.sh ...
+
+	# Warden filer is not running by default.
+	(venv) !DEV! mentat@mentat-devel /vagrant $ sudo systemctl status warden_filer.service
+
+
 To refresh the development box use following Vagrant commands:
 
 .. code-block:: shell
diff --git a/vagrantenv/apt.list b/vagrantenv/apt.list
deleted file mode 100644
index f027e0d4..00000000
--- a/vagrantenv/apt.list
+++ /dev/null
@@ -1 +0,0 @@
-vim
diff --git a/vagrantenv/provision.sh b/vagrantenv/provision.sh
index 6f25ddf7..7a2422a0 100644
--- a/vagrantenv/provision.sh
+++ b/vagrantenv/provision.sh
@@ -144,7 +144,7 @@ ensure_link /vagrant/vagrantenv/postfix.main.cf /etc/postfix/main.cf
 systemctl restart postfix.service
 
 ensure_link /vagrant/etc/systemd/system/sendria.service /etc/systemd/system/sendria.service
-mkdir /var/sendria
+mkdir -p /var/sendria
 chown mentat:mentat /var/sendria
 touch /var/log/sendria.log
 chown -R mentat:mentat /var/log/sendria.log
@@ -189,5 +189,25 @@ if [ ! -L /etc/apache2/sites-enabled/site_mentat_vagrant.conf ] ; then
   systemctl restart apache2.service
 fi
 
+echo "==========> Installing Warden client library"
+if [ ! -d /opt/warden3 ] ; then
+  git clone https://homeproj.cesnet.cz/git/warden.git/ /opt/warden3
+fi
+mkdir -p /etc/warden_client/warden_filer
+mkdir -p /run/warden_filer
+mkdir -p /var/lib/warden_filer
+chown -R mentat:mentat /run/warden_filer
+chown -R mentat:mentat /var/lib/warden_filer
+ensure_link /opt/warden3/warden_client/warden_client.py /usr/local/bin/warden_client.py
+ensure_link /opt/warden3/warden_filer/warden_filer.py /usr/local/bin/warden_filer.py
+ensure_link /opt/warden3/warden_ra/warden_apply.sh /usr/local/bin/warden_apply.sh
+chmod a+x /usr/local/bin/warden_client.py
+chmod a+x /usr/local/bin/bin/warden_filer.py
+chmod a+x /usr/local/bin/warden_apply.sh
+ensure_link /vagrant/vagrantenv/warden/warden_filer /etc/default/warden_filer
+ensure_link /vagrant/vagrantenv/warden/warden_filer.cfg /etc/warden_client/warden_filer.cfg
+ensure_link /vagrant/vagrantenv/warden/warden_filer_receiver.service /etc/systemd/system/warden_filer_receiver.service
+systemctl daemon-reload
+
 echo "==========> <DONE> provision.sh"
 date
diff --git a/vagrantenv/warden/warden_filer b/vagrantenv/warden/warden_filer
new file mode 100644
index 00000000..d4633a2d
--- /dev/null
+++ b/vagrantenv/warden/warden_filer
@@ -0,0 +1,2 @@
+#!/bin/bash
+PYTHONPATH="/usr/local/bin"
diff --git a/vagrantenv/warden/warden_filer.cfg b/vagrantenv/warden/warden_filer.cfg
new file mode 100644
index 00000000..54d076bd
--- /dev/null
+++ b/vagrantenv/warden/warden_filer.cfg
@@ -0,0 +1,26 @@
+// For all options see documentation
+{
+    // Warden config can be also referenced as:
+    // "warden": "/path/to/warden_client.cfg"
+    "warden": {
+        "url": "https://warden-hub.cesnet.cz/warden3",
+        "cafile": "/etc/ssl/certs/ca-certificates.crt",
+        "keyfile": "/etc/warden/warden_client/warden_filer/key.pem",
+        "certfile": "/etc/warden/warden_client/warden_filer/cert.pem",
+        "timeout": 30,
+        "send_events_limit": 2000,
+        "get_events_limit": 2000,
+        "errlog": {"level": "debug"},
+        "filelog": {"level": "debug", "file": "/var/log/warden_filer.log"},
+        "idstore": "/var/lib/warden_filer/warden_filer.id",
+        "name": "cz.cesnet.vagrant"
+    },
+    "receiver": {
+        "dir": "/var/mentat/spool/mentat-inspector.py",
+        "pid_file": "/run/warden_filer/receiver.pid",
+        "uid": 1001,
+        "gid": 1001,
+        "file_limit": 5000,
+        "limit_wait_time": 20
+    }
+}
diff --git a/vagrantenv/warden/warden_filer_receiver.service b/vagrantenv/warden/warden_filer_receiver.service
new file mode 100644
index 00000000..42054c5e
--- /dev/null
+++ b/vagrantenv/warden/warden_filer_receiver.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Warden Filer - receiver
+After=syslog.target network.target remote-fs.target nss-lookup.target
+
+[Service]
+Type=forking
+EnvironmentFile=/etc/default/warden_filer
+PIDFile=/run/warden_filer/receiver.pid
+ExecStart=/usr/local/bin/warden_filer.py -c "/etc/warden_client/warden_filer.cfg" --pid_file "/run/warden_filer/receiver.pid" --daemon receiver
+ExecStartPre=/bin/mkdir -p /run/warden_filer/
+ExecStartPre=/bin/chown -R mentat:mentat /run/warden_filer/
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
-- 
GitLab