Browse Source

mongoexpress

master
zeus 3 years ago
parent
commit
52241a795f
  1. 222
      install/usr/share/swarmlab.io/sec/config.default.js
  2. 105
      install/usr/share/swarmlab.io/sec/package.json
  3. 953
      install/usr/share/swarmlab.io/sec/swarmlab-sec

222
install/usr/share/swarmlab.io/sec/config.default.js

@ -0,0 +1,222 @@
'use strict';
let mongo = {
// Setting the connection string will only give access to that database
// to see more databases you need to set mongodb.admin to true or add databases to the mongodb.auth list
// It is RECOMMENDED to use connectionString instead of individual params, other options will be removed later.
// More info here: https://docs.mongodb.com/manual/reference/connection-string/
connectionString: process.env.ME_CONFIG_MONGODB_SERVER ? '' : process.env.ME_CONFIG_MONGODB_URL,
host: '127.0.0.1',
port: '27017',
dbName: '',
};
// Accessing Bluemix variable to get MongoDB info
if (process.env.VCAP_SERVICES) {
const dbLabel = 'mongodb-2.4';
const env = JSON.parse(process.env.VCAP_SERVICES);
if (env[dbLabel]) {
mongo = env[dbLabel][0].credentials;
}
}
const basicAuthUsername = 'ME_CONFIG_BASICAUTH_USERNAME';
const basicAuthPassword = 'ME_CONFIG_BASICAUTH_PASSWORD';
const adminUsername = 'ME_CONFIG_MONGODB_ADMINUSERNAME';
const adminPassword = 'ME_CONFIG_MONGODB_ADMINPASSWORD';
const dbAuthUsername = 'ME_CONFIG_MONGODB_AUTH_USERNAME';
const dbAuthPassword = 'ME_CONFIG_MONGODB_AUTH_PASSWORD';
function getFile(filePath) {
if (typeof filePath !== 'undefined' && filePath) {
const fs = require('fs');
try {
if (fs.existsSync(filePath)) {
return fs.readFileSync(filePath);
}
} catch (err) {
console.error('Failed to read file', filePath, err);
}
}
return null;
}
function getFileEnv(envVariable) {
const origVar = process.env[envVariable];
const fileVar = process.env[envVariable + '_FILE'];
if (fileVar) {
const file = getFile(fileVar);
if (file) {
return file.toString().split(/\r?\n/)[0].trim();
}
}
return origVar;
}
function getBinaryFileEnv(envVariable) {
const fileVar = process.env[envVariable];
return getFile(fileVar);
}
const meConfigMongodbServer = process.env.ME_CONFIG_MONGODB_SERVER
? process.env.ME_CONFIG_MONGODB_SERVER.split(',')
: false;
function getConnectionStringFromEnvVariables() {
const infos = {
// server: mongodb hostname or IP address
// for replica set, use array of string instead
server: (
meConfigMongodbServer.length > 1 ? meConfigMongodbServer : meConfigMongodbServer[0]
) || mongo.host,
port: process.env.ME_CONFIG_MONGODB_PORT || mongo.port,
dbName: process.env.ME_CONFIG_MONGODB_AUTH_DATABASE || mongo.dbName,
// >>>> If you are using an admin mongodb account, or no admin account exists, fill out section below
// >>>> Using an admin account allows you to view and edit all databases, and view stats
// leave username and password empty if no admin account exists
username: getFileEnv(adminUsername) || getFileEnv(dbAuthUsername) || mongo.username,
password: getFileEnv(adminPassword) || getFileEnv(dbAuthPassword) || mongo.password,
};
const login = infos.username ? `${infos.username}:${infos.password}@` : '';
return `mongodb://${login}${infos.server}:${infos.port}/${infos.dbName}`;
}
const sslCA = 'ME_CONFIG_MONGODB_CA_FILE';
const sslCAFromEnv = getBinaryFileEnv(sslCA);
module.exports = {
mongodb: {
// if a connection string options such as server/port/etc are ignored
connectionString: mongo.connectionString || getConnectionStringFromEnvVariables(),
connectionOptions: {
// ssl: connect to the server using secure SSL
ssl: process.env.ME_CONFIG_MONGODB_SSL || mongo.ssl,
// sslValidate: validate mongod server certificate against CA
sslValidate: process.env.ME_CONFIG_MONGODB_SSLVALIDATE || true,
// sslCA: array of valid CA certificates
sslCA: sslCAFromEnv ? [sslCAFromEnv] : [],
// autoReconnect: automatically reconnect if connection is lost
autoReconnect: true,
// poolSize: size of connection pool (number of connections to use)
poolSize: 4,
},
// set admin to true if you want to turn on admin features
// if admin is true, the auth list below will be ignored
// if admin is true, you will need to enter an admin username/password below (if it is needed)
admin: process.env.ME_CONFIG_MONGODB_ENABLE_ADMIN
? process.env.ME_CONFIG_MONGODB_ENABLE_ADMIN.toLowerCase() === 'true'
: false,
// whitelist: hide all databases except the ones in this list (empty list for no whitelist)
whitelist: [],
// blacklist: hide databases listed in the blacklist (empty list for no blacklist)
blacklist: [],
},
site: {
// baseUrl: the URL that mongo express will be located at - Remember to add the forward slash at the start and end!
baseUrl: process.env.ME_CONFIG_SITE_BASEURL || '/',
cookieKeyName: 'mongo-express',
cookieSecret: process.env.ME_CONFIG_SITE_COOKIESECRET || 'cookiesecret',
host: process.env.VCAP_APP_HOST || 'localhost',
port: process.env.VCAP_APP_PORT || 8081,
requestSizeLimit: process.env.ME_CONFIG_REQUEST_SIZE || '50mb',
sessionSecret: process.env.ME_CONFIG_SITE_SESSIONSECRET || 'sessionsecret',
sslCert: process.env.ME_CONFIG_SITE_SSL_CRT_PATH || '',
sslEnabled: process.env.ME_CONFIG_SITE_SSL_ENABLED || false,
sslKey: process.env.ME_CONFIG_SITE_SSL_KEY_PATH || '',
},
// set useBasicAuth to true if you want to authenticate mongo-express logins
// if admin is false, the basicAuthInfo list below will be ignored
// this will be true unless ME_CONFIG_BASICAUTH_USERNAME is set and is the empty string
useBasicAuth: getFileEnv(basicAuthUsername) !== '',
basicAuth: {
username: getFileEnv(basicAuthUsername) || 'admin',
password: getFileEnv(basicAuthPassword) || 'pass',
},
options: {
// Display startup text on console
console: true,
// documentsPerPage: how many documents you want to see at once in collection view
documentsPerPage: 10,
// editorTheme: Name of the theme you want to use for displaying documents
// See http://codemirror.net/demo/theme.html for all examples
editorTheme: process.env.ME_CONFIG_OPTIONS_EDITORTHEME || 'rubyblue',
// Maximum size of a single property & single row
// Reduces the risk of sending a huge amount of data when viewing collections
maxPropSize: (100 * 1000), // default 100KB
maxRowSize: (1000 * 1000), // default 1MB
// The options below aren't being used yet
// cmdType: the type of command line you want mongo express to run
// values: eval, subprocess
// eval - uses db.eval. commands block, so only use this if you have to
// subprocess - spawns a mongo command line as a subprocess and pipes output to mongo express
cmdType: 'eval',
// subprocessTimeout: number of seconds of non-interaction before a subprocess is shut down
subprocessTimeout: 300,
// readOnly: if readOnly is true, components of writing are not visible.
readOnly: process.env.ME_CONFIG_OPTIONS_READONLY
? process.env.ME_CONFIG_OPTIONS_READONLY.toLowerCase() === 'true'
: false,
// collapsibleJSON: if set to true, jsons will be displayed collapsible
collapsibleJSON: true,
// collapsibleJSONDefaultUnfold: if collapsibleJSON is set to `true`, this defines default level
// to which JSONs are displayed unfolded; use number or "all" to unfold all levels
collapsibleJSONDefaultUnfold: 1,
// gridFSEnabled: if gridFSEnabled is set to 'true', you will be able to manage uploaded files
// ( ak. grids, gridFS )
gridFSEnabled: process.env.ME_CONFIG_SITE_GRIDFS_ENABLED
? process.env.ME_CONFIG_SITE_GRIDFS_ENABLED.toLowerCase() === 'true'
: false,
// logger: this object will be used to initialize router logger (morgan)
logger: {},
// confirmDelete: if confirmDelete is set to 'true', a modal for confirming deletion is
// displayed before deleting a document/collection
confirmDelete: false,
// noExport: if noExport is set to true, we won't show export buttons
noExport: false,
// noDelete: if noDelete is set to true, we won't show delete buttons
noDelete: process.env.ME_CONFIG_OPTIONS_NO_DELETE || false,
},
// Specify the default keyname that should be picked from a document to display in collections list.
// Keynames can be specified for every database and collection.
// If no keyname is specified, it defaults to '_id', which is a mandatory field.
// For Example :
// defaultKeyNames{
// "world_db":{ //Database Name
// "continent":"cont_name", // collection:field
// "country":"country_name",
// "city":"name"
// }
// }
defaultKeyNames: {
},
};

105
install/usr/share/swarmlab.io/sec/package.json

@ -0,0 +1,105 @@
{
"version": "1.0.0-alpha.4",
"author": "https://github.com/mongo-express",
"name": "mongo-express",
"description": "Web-based admin interface for MongoDB",
"keywords": [
"admin",
"administration",
"collection",
"database",
"GUI",
"interface",
"manage",
"manage-mongo",
"mongo",
"mongodb",
"phpmyadmin",
"UI",
"web-based"
],
"bin": {
"mongo-express": "./app.js"
},
"repository": {
"type": "git",
"url": "git://github.com/mongo-express/mongo-express.git"
},
"dependencies": {
"basic-auth-connect": "^1.0.0",
"bluebird": "^3.7.2",
"body-parser": "^1.18.3",
"bson": "^4.2.0",
"busboy": "^0.2.13",
"cli-color": "^2.0.0",
"commander": "^2.9.0",
"cookie-parser": "1.4.4",
"cross-env": "^7.0.3",
"csurf": "1.10.0",
"errorhandler": "1.5.1",
"express": "4.17.1",
"express-fileupload": "^0.4.0",
"express-session": "^1.15.6",
"flat": "^2.0.1",
"gridfs-stream": "^1.1.1",
"json2csv": "^3.7.1",
"lodash": "~4.17.4",
"method-override": "^2.3.10",
"mongodb": "^3.6.2",
"mongodb-query-parser": "^2.1.2",
"morgan": "^1.9.0",
"patch-package": "^6.4.7",
"serve-favicon": "^2.5.0",
"swig-templates": "2.0.3",
"update-notifier": "5.1.0"
},
"devDependencies": {
"@babel/core": "^7.16.0",
"@babel/preset-env": "^7.16.0",
"assets-webpack-plugin": "^7.1.1",
"babel-loader": "^8.2.3",
"bootstrap": "^3.3.7",
"chai": "^4.3.4",
"clean-webpack-plugin": "^4.0.0",
"codemirror": "^5.23.0",
"concurrently": "^6.3.0",
"copy-webpack-plugin": "^9.0.1",
"eslint": "^7.11.0",
"eslint-config-airbnb-base": "^14.0.0",
"eslint-plugin-import": "^2.22.0",
"eslint-plugin-lodash": "^7.1.0",
"jquery": "^3.5.1",
"mocha": "^9.1.3",
"nodemon": "^2.0.14",
"pre-commit": "1.2.2",
"renderjson": "dozoisch/renderjson#cd0ef870c1298d53f09555da54e4bf57a0d21414",
"supertest": "^6.1.6",
"webpack": "^5.61.0",
"webpack-cli": "^4.9.1"
},
"resolutions": {
"**/event-stream": "^4.0.1"
},
"engines": {
"node": "^12.22.0 || ^14.17.0 || >=16.0.0",
"npm": ">=3.0.0"
},
"license": "MIT",
"scripts": {
"postinstall": "patch-package",
"lint": "eslint .",
"start": "cross-env NODE_ENV=production node app",
"start-dev": "concurrently --kill-others \"nodemon app --watch lib\" \"npm run build-dev\"",
"build-dev": "webpack --watch",
"build": "cross-env NODE_ENV=production webpack",
"test": "npm run mocha && npm run lint",
"mocha": "cross-env NODE_ENV=test mocha",
"test-watch": "cross-env NODE_ENV=test mocha --watch --reporter spec",
"prepublish": "npm run build"
},
"pre-commit": [
"test"
],
"main": "./middleware",
"browserslist": "defaults"
}

953
install/usr/share/swarmlab.io/sec/swarmlab-sec

@ -1,222 +1,731 @@
'use strict'; #!/bin/bash
let mongo = { # The MIT License (MIT)
// Setting the connection string will only give access to that database #
// to see more databases you need to set mongodb.admin to true or add databases to the mongodb.auth list # rootApostolos@swarmlab.io
// It is RECOMMENDED to use connectionString instead of individual params, other options will be removed later. #
// More info here: https://docs.mongodb.com/manual/reference/connection-string/ # Permission is hereby granted, free of charge, to any person obtaining a copy
connectionString: process.env.ME_CONFIG_MONGODB_SERVER ? '' : process.env.ME_CONFIG_MONGODB_URL, # of this software and associated documentation files (the "Software"), to deal
host: '127.0.0.1', # in the Software without restriction, including without limitation the rights
port: '27017', # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
dbName: '', # copies of the Software, and to permit persons to whom the Software is
}; # furnished to do so, subject to the following conditions:
#
// Accessing Bluemix variable to get MongoDB info # The above copyright notice and this permission notice shall be included in all
if (process.env.VCAP_SERVICES) { # copies or substantial portions of the Software.
const dbLabel = 'mongodb-2.4'; #
const env = JSON.parse(process.env.VCAP_SERVICES); # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
if (env[dbLabel]) { # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
mongo = env[dbLabel][0].credentials; # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
} # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
} # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
const basicAuthUsername = 'ME_CONFIG_BASICAUTH_USERNAME'; # SOFTWARE.
const basicAuthPassword = 'ME_CONFIG_BASICAUTH_PASSWORD';
const adminUsername = 'ME_CONFIG_MONGODB_ADMINUSERNAME'; # Origin: https://github.com/NLKNguyen/alpine-mpich
const adminPassword = 'ME_CONFIG_MONGODB_ADMINPASSWORD';
const dbAuthUsername = 'ME_CONFIG_MONGODB_AUTH_USERNAME'; set -e
const dbAuthPassword = 'ME_CONFIG_MONGODB_AUTH_PASSWORD';
DOCKERuser="docker"
function getFile(filePath) { PACKAGES=$(cat <<EOF
if (typeof filePath !== 'undefined' && filePath) { net-tools \
const fs = require('fs'); tcpdump \
sudo \
try { vim
if (fs.existsSync(filePath)) { EOF
return fs.readFileSync(filePath); )
} # PACKAGES enabled ths with apt-get update && apt-get $APTPARAM install -y openssh-server $PACKAGES in in RUN export DEBIAN_FRONTEND=noninteractive
} catch (err) { APTPARAM=" --no-install-recommends "
console.error('Failed to read file', filePath, err); IMAGE_local="microservice-mongoexpress"
} HYBRID_NETWORK="microservice-mongoexpress"
} # dont edit
return null; #IMAGE_origin="hub.swarmlab.io:5480/hybrid-numpy"
} IMAGE_origin="hub.swarmlab.io:5480/hybrid-mongoexpress"
bootstrap="sec_bootstrap"
function getFileEnv(envVariable) { hostnames="auto_update_hosts"
const origVar = process.env[envVariable]; hostnames_get="get_hosts"
const fileVar = process.env[envVariable + '_FILE']; #NODENAME=${HYBRID_NETWORK}_masterservice_1.${HYBRID_NETWORK}_${HYBRID_NETWORK}
if (fileVar) { NODENAME=${IMAGE_local}_masterservice_1.${IMAGE_local}_${HYBRID_NETWORK}
const file = getFile(fileVar); NODENETWORK=${HYBRID_NETWORK}
if (file) { # shellcheck disable=SC1091
return file.toString().split(/\r?\n/)[0].trim(); #. ./.env
}
}
return origVar; # -----------------------------------------------
} #
# Find Source path of swarmlab.io script
function getBinaryFileEnv(envVariable) { #
const fileVar = process.env[envVariable]; # ----------------------------------------------
return getFile(fileVar);
}
SOURCE="${BASH_SOURCE[0]}"
const meConfigMongodbServer = process.env.ME_CONFIG_MONGODB_SERVER while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
? process.env.ME_CONFIG_MONGODB_SERVER.split(',') DIR="$( cd -P "$( dirname "$SOURCE" )" >/dev/null 2>&1 && pwd )"
: false; SOURCE="$(readlink "$SOURCE")"
[[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
function getConnectionStringFromEnvVariables() { done
const infos = { DIR="$( cd -P "$( dirname "$SOURCE" )" >/dev/null 2>&1 && pwd )"
// server: mongodb hostname or IP address
// for replica set, use array of string instead
server: ( # -----------------------------------------------
meConfigMongodbServer.length > 1 ? meConfigMongodbServer : meConfigMongodbServer[0] #
) || mongo.host, # Load Default config swarmlab.io
port: process.env.ME_CONFIG_MONGODB_PORT || mongo.port, #
dbName: process.env.ME_CONFIG_MONGODB_AUTH_DATABASE || mongo.dbName, # ----------------------------------------------
// >>>> If you are using an admin mongodb account, or no admin account exists, fill out section below
// >>>> Using an admin account allows you to view and edit all databases, and view stats #. $DIR/.env
// leave username and password empty if no admin account exists
username: getFileEnv(adminUsername) || getFileEnv(dbAuthUsername) || mongo.username,
password: getFileEnv(adminPassword) || getFileEnv(dbAuthPassword) || mongo.password, # -----------------------------------------------
}; #
const login = infos.username ? `${infos.username}:${infos.password}@` : ''; # Find Working dir
return `mongodb://${login}${infos.server}:${infos.port}/${infos.dbName}`; #
} # ----------------------------------------------
const sslCA = 'ME_CONFIG_MONGODB_CA_FILE'; function EPHEMERAL_PORT() {
const sslCAFromEnv = getBinaryFileEnv(sslCA); LOW_BOUND=49152
RANGE=16384
module.exports = { while true; do
mongodb: { CANDIDATE=$[$LOW_BOUND + ($RANDOM % $RANGE)]
// if a connection string options such as server/port/etc are ignored (echo "" >/dev/tcp/127.0.0.1/${CANDIDATE}) >/dev/null 2>&1
connectionString: mongo.connectionString || getConnectionStringFromEnvVariables(), if [ $? -ne 0 ]; then
echo $CANDIDATE
connectionOptions: { break
// ssl: connect to the server using secure SSL fi
ssl: process.env.ME_CONFIG_MONGODB_SSL || mongo.ssl, done
}
// sslValidate: validate mongod server certificate against CA
sslValidate: process.env.ME_CONFIG_MONGODB_SSLVALIDATE || true, servicesshport=$(EPHEMERAL_PORT)
// sslCA: array of valid CA certificates Wdir=$(pwd)
sslCA: sslCAFromEnv ? [sslCAFromEnv] : [],
if [ ! -f $Wdir/.env ]; then
// autoReconnect: automatically reconnect if connection is lost cat << EOF > $Wdir/.env
autoReconnect: true, REGISTRY_ADDR=localhost
REGISTRY_PORT=5000
// poolSize: size of connection pool (number of connections to use) IMAGE_NAME=$HYBRID_NETWORK
poolSize: 4, SSH_PORT=$servicesshport
}, WEB_PORT=$(EPHEMERAL_PORT)
WEB_PORT1=$(EPHEMERAL_PORT)
// set admin to true if you want to turn on admin features WEB_PORT2=$(EPHEMERAL_PORT)
// if admin is true, the auth list below will be ignored EOF
// if admin is true, you will need to enter an admin username/password below (if it is needed) fi
admin: process.env.ME_CONFIG_MONGODB_ENABLE_ADMIN
? process.env.ME_CONFIG_MONGODB_ENABLE_ADMIN.toLowerCase() === 'true' . $Wdir/.env
: false,
create_dockerfile ()
// whitelist: hide all databases except the ones in this list (empty list for no whitelist) {
whitelist: [], docker pull $IMAGE_origin << ANSWERS
yes
// blacklist: hide databases listed in the blacklist (empty list for no blacklist) yes
blacklist: [], yes
}, ANSWERS
site: { . $Wdir/ROOT_PASSWORD
// baseUrl: the URL that mongo express will be located at - Remember to add the forward slash at the start and end! if [ -d "$Wdir/project" ]; then
baseUrl: process.env.ME_CONFIG_SITE_BASEURL || '/', # -----------------------------------------------
cookieKeyName: 'mongo-express', #
cookieSecret: process.env.ME_CONFIG_SITE_COOKIESECRET || 'cookiesecret', # create Dockerfile
host: process.env.VCAP_APP_HOST || 'localhost', #
port: process.env.VCAP_APP_PORT || 8081, # ----------------------------------------------
requestSizeLimit: process.env.ME_CONFIG_REQUEST_SIZE || '50mb',
sessionSecret: process.env.ME_CONFIG_SITE_SESSIONSECRET || 'sessionsecret', search='ok'
sslCert: process.env.ME_CONFIG_SITE_SSL_CRT_PATH || '',
sslEnabled: process.env.ME_CONFIG_SITE_SSL_ENABLED || false, if [ $search == 'ok' ]
sslKey: process.env.ME_CONFIG_SITE_SSL_KEY_PATH || '', then
}, echo ""
echo ">>> Load Origin "
// set useBasicAuth to true if you want to authenticate mongo-express logins cat << EOF > $Wdir/Dockerfile
// if admin is false, the basicAuthInfo list below will be ignored FROM $IMAGE_origin
// this will be true unless ME_CONFIG_BASICAUTH_USERNAME is set and is the empty string #
useBasicAuth: getFileEnv(basicAuthUsername) !== '', USER root
basicAuth: { COPY $bootstrap /usr/bin
username: getFileEnv(basicAuthUsername) || 'admin', COPY $hostnames_get /usr/bin
password: getFileEnv(basicAuthPassword) || 'pass', COPY $hostnames /usr/bin
}, COPY install-vim-plugin.sh .
options: { ENV NOTVISIBLE "in users profile"
// Display startup text on console ENV USER1 docker
console: true, ENV USER_HOME /home/docker
ENV SSHDIR \${USER_HOME}/.ssh
// documentsPerPage: how many documents you want to see at once in collection view COPY ssh/ \${SSHDIR}/
documentsPerPage: 10,
RUN export DEBIAN_FRONTEND=noninteractive \
// editorTheme: Name of the theme you want to use for displaying documents && rm -rf /usr/share/doc \
// See http://codemirror.net/demo/theme.html for all examples && rm -rf /usr/share/man \
editorTheme: process.env.ME_CONFIG_OPTIONS_EDITORTHEME || 'rubyblue', && rm -rf /usr/share/locale \
&& mkdir -p /var/run/sshd \
// Maximum size of a single property & single row && echo 'root:pass' | chpasswd \
// Reduces the risk of sending a huge amount of data when viewing collections && echo "export VISIBLE=now" >> /etc/profile \
maxPropSize: (100 * 1000), // default 100KB && mkdir -p /home/docker/project \
maxRowSize: (1000 * 1000), // default 1MB && mkdir -p /etc/opt \
&& echo "docker:docker" | chpasswd \
// The options below aren't being used yet && echo "StrictHostKeyChecking no" > \${SSHDIR}/config \
&& cat \${SSHDIR}/*.pub >> \${SSHDIR}/authorized_keys \
// cmdType: the type of command line you want mongo express to run && chmod -R 600 \${SSHDIR}/* \
// values: eval, subprocess && chown -R \${USER1}:\${USER1} \${SSHDIR}
// eval - uses db.eval. commands block, so only use this if you have to
// subprocess - spawns a mongo command line as a subprocess and pipes output to mongo express COPY .vimrc /home/docker
cmdType: 'eval', EXPOSE 8081
USER docker
// subprocessTimeout: number of seconds of non-interaction before a subprocess is shut down EOF
subprocessTimeout: 300, fi
else
// readOnly: if readOnly is true, components of writing are not visible. echo ""
readOnly: process.env.ME_CONFIG_OPTIONS_READONLY echo "Not in Project Directory"
? process.env.ME_CONFIG_OPTIONS_READONLY.toLowerCase() === 'true' echo "A project directory should look like this"
: false, echo ""
// collapsibleJSON: if set to true, jsons will be displayed collapsible cat <<EOF
collapsibleJSON: true, ├── docker-compose.yml
├── Dockerfile
// collapsibleJSONDefaultUnfold: if collapsibleJSON is set to `true`, this defines default level ├── out.log
// to which JSONs are displayed unfolded; use number or "all" to unfold all levels ├── project
collapsibleJSONDefaultUnfold: 1, │   └── hello_world.sh
└── ssh
// gridFSEnabled: if gridFSEnabled is set to 'true', you will be able to manage uploaded files ├── id_rsa
// ( ak. grids, gridFS ) └── id_rsa.pub
gridFSEnabled: process.env.ME_CONFIG_SITE_GRIDFS_ENABLED EOF
? process.env.ME_CONFIG_SITE_GRIDFS_ENABLED.toLowerCase() === 'true' echo "Change to your Project Directory And Try Again"
: false, echo ""
exit 0
// logger: this object will be used to initialize router logger (morgan) fi
logger: {}, }
// confirmDelete: if confirmDelete is set to 'true', a modal for confirming deletion is create_project ()
// displayed before deleting a document/collection {
confirmDelete: false,
docker pull $IMAGE_origin << ANSWERS
// noExport: if noExport is set to true, we won't show export buttons yes
noExport: false, yes
yes
// noDelete: if noDelete is set to true, we won't show delete buttons ANSWERS
noDelete: process.env.ME_CONFIG_OPTIONS_NO_DELETE || false, if [ "$Wdir" == "$HOME" ]; then
}, echo""
echo "You are in Your Home directory"
// Specify the default keyname that should be picked from a document to display in collections list. echo "Please create a project directory"
// Keynames can be specified for every database and collection. echo "mkdir myproject; cd myproject; swarmlab-sec create"
// If no keyname is specified, it defaults to '_id', which is a mandatory field. echo""
// For Example : else
// defaultKeyNames{ echo "# -----------------------------------------------"
// "world_db":{ //Database Name echo "##### Create project #####"
// "continent":"cont_name", // collection:field echo "# -----------------------------------------------"
// "country":"country_name",
// "city":"name"
// } search='ok'
// } if [ $search == 'ok' ]
defaultKeyNames: { then
echo ">>> Load Origin "
}, cat << EOF > $Wdir/Dockerfile
}; FROM $IMAGE_origin
#
USER root
COPY $bootstrap /usr/bin
COPY $hostnames_get /usr/bin
COPY $hostnames /usr/bin
COPY install-vim-plugin.sh .
ENV NOTVISIBLE "in users profile"
ENV USER1 docker
ENV USER_HOME /home/docker
RUN export DEBIAN_FRONTEND=noninteractive \
&& rm -rf /usr/share/doc \
&& rm -rf /usr/share/man \
&& rm -rf /usr/share/locale \
&& mkdir -p /var/run/sshd \
&& echo 'root:pass' | chpasswd \
&& echo "export VISIBLE=now" >> /etc/profile \
&& mkdir -p /home/docker/project \
&& mkdir -p /etc/opt \
&& echo "docker:docker" | chpasswd \
&& echo "StrictHostKeyChecking no" > \${SSHDIR}/config \
&& cat \${SSHDIR}/*.pub >> \${SSHDIR}/authorized_keys \
&& chmod -R 600 \${SSHDIR}/* \
&& chown -R \${USER1}:\${USER1} \${SSHDIR}
COPY .vimrc /home/docker
EXPOSE 8081
USER docker
EOF
fi
/bin/mkdir -p $Wdir/project
/bin/mkdir -p $Wdir/logs
/bin/cp -rf $DIR/project/bin $Wdir/project
/bin/cp -rf $DIR/project/courses $Wdir/project
/bin/cp -rf $DIR/project/config $Wdir/project
/bin/cp -rf $DIR/project/data-www $Wdir/project
/bin/cp -f $DIR/project/hello_world.sh $Wdir/project
/bin/cp -f $DIR/project/config.default.js $Wdir/project/config.default.js
/bin/cp -f $DIR/project/package.json $Wdir/project/package.json
/bin/cp -f $DIR/$bootstrap $Wdir/$bootstrap
/bin/cp -f $DIR/$hostnames $Wdir/$hostnames
/bin/cp -f $DIR/$hostnames_get $Wdir/$hostnames_get
/bin/cp -f $DIR/ROOT_PASSWORD $Wdir/ROOT_PASSWORD
/bin/cp -rf $DIR/.vimrc $Wdir/.vimrc
/bin/cp -rf $DIR/install-vim-plugin.sh $Wdir/install-vim-plugin.sh
cat << EOF > $Wdir/docker-compose.yml
version: "3"
services:
masterservice:
image: $IMAGE_NAME
privileged: true
environment:
- NODENAME=${NODENAME}
- NODENETWORK=${NODENETWORK}
- DISPLAY=\${DISPLAY}
cap_add:
- NET_ADMIN
user: root
entrypoint: ["sec_bootstrap", "role=masterservice", "sec_master_service_name=masterservice", "sec_worker_service_name=workerservice"]
ports:
- "\${R_PORT1}:8081"
# - "\${R_PORT2}:3080"
networks:
- ${HYBRID_NETWORK}
volumes:
- $Wdir/project:/home/docker/project
- $Wdir/project/package.json:/home/docker/project/package.json
- $Wdir/project/config.default.js:/home/docker/project/config.js
- $Wdir/$bootstrap:/usr/bin/$bootstrap
# workerservice:
# image: $IMAGE_NAME
# privileged: true
# environment:
# - NODENAME=${NODENAME}
# - NODENETWORK=${NODENETWORK}
# - DISPLAY=\${DISPLAY}
# cap_add:
# - NET_ADMIN
# user: root
# entrypoint: ["sec_bootstrap", "role=workerservice", "sec_master_service_name=masterservice", "sec_worker_service_name=workerservice"]
# #ports:
# # - "\${SSH_PORT}:22"
# networks:
# - ${HYBRID_NETWORK}
# volumes:
# - $Wdir/project:/home/docker/project
# - $Wdir/project/data-www:/data-www
# - $Wdir/project/config/nginx.conf:/etc/nginx/nginx.conf
# - $Wdir/project/config/default.conf:/etc/nginx/conf.d/default.conf
# - $Wdir/project/config/supervisord.conf:/etc/supervisor/supervisord.conf
networks:
${HYBRID_NETWORK}:
EOF
#/bin/cp -rf $DIR/ssh $Wdir
cat << EOF > $Wdir/stop.sh
../install/usr/share/swarmlab.io/sec/swarmlab-sec down
EOF
cat << EOF > $Wdir/container-stop.sh
docker stop \$1
docker container rm \$1
EOF
cat <<EOF
Project is Ready
├── docker-compose.yml
├── Dockerfile
├── out.log
├── project
│   └── hello_world.sh
└── ssh
├── id_rsa
└── id_rsa.pub
Run: swarmlab-sec up size=5
or run swarmlab-sec help for USAGE
EOF
/bin/chmod -R 777 $Wdir
/bin/chown -R sec.sec $Wdir
fi
}
#######################
# TASK INDICATORS
COMMAND_UP=0
COMMAND_CREATE=0
COMMAND_DOWN=0
COMMAND_RELOAD=0
COMMAND_SCALE=0
COMMAND_LOGIN=0
COMMAND_EXEC=0
COMMAND_LIST=0
COMMAND_CLEAN=0
# Default values if providing empty
SIZE=4
#############################################
usage ()
{
echo ""
echo "--------------"
echo " SwarmLab.io "
echo "--------------"
echo ""
echo " USAGE: ./swarmlab-sec [COMMAND] [OPTIONS]"
echo ""
echo " Examples of [COMMAND] can be:"
echo " create: create swarmlab-sec "
echo " mkdir WORKdir; cd WORKdir; swarmlab-sec create"
echo ""
echo " up: start swarmlab-sec"
echo " swarmlab-sec up size=10"
echo ""
echo " scale: resize the swarmlab-sec"
echo " swarmlab-sec scale size=30"
echo ""
echo " reload: rebuild image and distribute to nodes"
echo " swarmlab-sec reload size=15"
echo ""
echo " login: login to Docker container of MPI master node for interactive usage"
echo " swarmlab-sec login"
echo ""
echo " exec: execute shell command at the MPI master node"
echo " swarmlab-sec exec [SHELL COMMAND]"
echo ""
echo " down: shutdown swarmlab-sec"
echo " swarmlab-sec down"
echo ""
echo " clean: remove images in the system"
echo " swarmlab-sec clean"
echo ""
echo " list: show running containers of swarmlab-sec"
echo " swarmlab-sec list"
echo ""
echo " help: show this message"
echo " swarmlab-sec help"
echo ""
echo " "
}
HEADER="
SwarmLab.io"
clear_all ()
{
$(docker stop $(docker ps -a | grep "${IMAGE_local}_masterservice_" | awk '{print $1}')) || true
$(docker stop $(docker ps -a | grep "${IMAGE_local}_workerservice_" | awk '{print $1}')) || true
#$(docker stop $(docker ps -a | grep "_registry_" | awk '{print $1}')) || true # remove for microservices
#docker ps -a | grep "_registry_" | awk '{print $1}' | xargs docker container rm || true # remove for microservices
docker ps -a | grep "${IMAGE_local}_workerservice_" | awk '{print $1}' | xargs docker container rm || true
docker ps -a | grep "${IMAGE_local}_masterservice_" | awk '{print $1}' | xargs docker container rm || true
docker rmi $IMAGE_local -f
}
down_all ()
{
printf "\\n\\n===> CLEAN UP SWARMLAB"
printf "\\n%s\\n" "$HEADER"
echo "$ docker-compose down"
printf "\\n"
docker-compose down
}
up_registry ()
{
printf "\\n\\n===> SPIN UP REGISTRY"
printf "\\n%s\\n" "$HEADER"
echo "$ docker-compose up -d registry"
printf "\\n"
#docker stop swarmlab-registry || true && docker rm swarmlab-registry || true # remove for microservices
docker container prune --force
docker-compose up --no-recreate -d registry
}
generate_ssh_keys ()
{
if [ -f ssh/id_rsa ] && [ -f ssh/id_rsa.pub ]; then
return 0
fi
printf "\\n\\n===> GENERATE SSH KEYS \\n\\n"
echo "$ mkdir -p ssh/ "
printf "\\n"
mkdir -p ssh/
echo "$ ssh-keygen -f ssh/id_rsa -t rsa -N ''"
printf "\\n"
ssh-keygen -f ssh/id_rsa -t rsa -N ''
}
build_and_push_image ()
{
printf "\\n\\n===> BUILD IMAGE"
printf "\\n%s\\n" "$HEADER"
echo "$ docker build -t \"$IMAGE_NAME\" ."
printf "\\n"
#docker build -t "$REGISTRY_ADDR:$REGISTRY_PORT/$IMAGE_NAME" .
docker build --force-rm --pull -t "$IMAGE_NAME" .
}
up_master ()
{
printf "\\n\\n===> SPIN UP MASTER NODE"
printf "\\n%s\\n" "$HEADER"
echo "$ docker-compose up -d masterservice"
printf "\\n"
echo "$ $IMAGE_local -d $IMAGE_origin"
printf "\\n"
docker-compose rm -f -s -v
docker-compose up --build --remove-orphans --force-recreate -d masterservice << ANSWERS
yes
yes
yes
ANSWERS
#docker-compose up --force-recreate -d masterservice
}
up_workers ()
{
printf "\\n\\n===> SPIN UP WORKER NODES"
printf "\\n%s\\n" "$HEADER"
echo "$ docker-compose up -d worker"
printf "\\n"
docker-compose rm -f -s -v
docker-compose up --build --force-recreate --renew-anon-volumes --remove-orphans -d workerservice
#docker-compose up --force-recreate -d workerservice
printf "\\n"
printf "\\n%s\\n" "$HEADER"
NUM_WORKER=$((SIZE - 1))
echo "$ docker-compose scale workerservice=$NUM_WORKER"
printf "\\n"
docker-compose scale workerservice=${NUM_WORKER}
}
down_master ()
{
printf "\\n\\n===> TORN DOWN MASTER NODE"
printf "\\n%s\\n" "$HEADER"
echo "$ docker-compose stop masterservice && docker-compose rm -f masterservice"
printf "\\n"
docker-compose stop masterservice && docker-compose rm -f masterservice
}
down_workers ()
{
printf "\\n\\n===> TORN DOWN WORKER NODES"
printf "\\n%s\\n" "$HEADER"
echo "$ docker-compose stop worker && docker-compose rm -f worker"
printf "\\n"
docker-compose stop workerservice && docker-compose rm -f workerservice
}
list ()
{
printf "\\n\\n===> LIST CONTAINERS"
printf "\\n%s\\n" "$HEADER"
echo "$ docker-compose ps"
printf "\\n"
docker-compose ps
}
exec_on_mpi_master_container ()
{
# shellcheck disable=SC2046
docker exec -it -u $DOCKERuser $(docker-compose ps | grep 'masterservice'| awk 'NR==1{print $1}') "$@"
}
prompt_ready ()
{
printf "\\n\\n===> SWARMLAB READY \\n\\n"
}
show_instruction ()
{
echo ' ## . '
echo ' ## ## ## == '
echo ' ## ## ## ## ## === '
echo ' /"""""""""""""""""\___/ === '
echo ' ~~~ {~~ ~~~~ ~~~ ~~~~ ~~~ ~ / ===- ~~~ '
echo ' \______ o __/ '
echo ' \ \ __/ '
echo ' \____\_______/ '
echo ' '
echo ' Swarmlab.io Hybrid '
echo ''
echo '=============================================================='
echo ''
echo "To run SEC programs in an interative shell:"
echo " 1. Login to masterservice node:"
echo " Using Container->connect Menou:"
echo " copy/paste and Run command"
echo ""
echo " Or using SSH with keys through exposed port:"
echo " $ ssh -o \"StrictHostKeyChecking no\" -i ssh/id_rsa -p $SSH_PORT docker@localhost"
echo ' where [localhost] could be changed to the host IP of masterservice node'
echo ""
echo " 2. Execute programs inside masterservice node, for example:"
echo " $ sudo su"
echo " # apk update"
echo " *----------------------------------------------------*"
echo " | Default hostfile of connected nodes in the swarmlab |"
echo " | To obtain hostfile manually: $ ./bin/swarmlab-nmap: > hosts |"
echo " * ---------------------------------------------------*"
echo ""
echo ""
}
#############################################
while [ "$1" != "" ];
do
PARAM=$(echo "$1" | awk -F= '{print $1}')
VALUE=$(echo "$1" | awk -F= '{print $2}')
case $PARAM in
help)
usage
exit
;;
-i)
show_instruction
exit
;;
login)
COMMAND_LOGIN=1
;;
exec)
COMMAND_EXEC=1
shift # the rest is the shell command to run in the node
SHELL_COMMAND="$*"
break # end while loop
;;
up)
COMMAND_UP=1
;;
create)
COMMAND_CREATE=1
;;
down)
COMMAND_DOWN=1
;;
reload)
COMMAND_RELOAD=1
;;
scale)
COMMAND_SCALE=1
;;
list)
COMMAND_LIST=1
;;
clean)
COMMAND_CLEAN=1
;;
size)
[ "$VALUE" ] && SIZE=$VALUE
;;
*)
echo "ERROR: unknown parameter \"$PARAM\""
usage
exit 1
;;
esac
shift
done
if [ $COMMAND_UP -eq 1 ]; then
create_dockerfile
down_all
clear_all
#up_registry # remove for microservices
generate_ssh_keys
build_and_push_image # remove for microservices
up_master
#up_workers
prompt_ready
show_instruction
elif [ $COMMAND_CREATE -eq 1 ]; then
create_project
elif [ $COMMAND_DOWN -eq 1 ]; then
down_all
clear_all
elif [ $COMMAND_CLEAN -eq 1 ]; then
clear_all
elif [ $COMMAND_SCALE -eq 1 ]; then
create_dockerfile
down_master
down_workers
up_master
#up_workers
prompt_ready
show_instruction
elif [ $COMMAND_RELOAD -eq 1 ]; then
create_dockerfile
down_master
down_workers
build_and_push_image
up_master
#up_workers
prompt_ready
show_instruction
elif [ $COMMAND_LOGIN -eq 1 ]; then
exec_on_mpi_master_container /bin/bash
elif [ $COMMAND_EXEC -eq 1 ]; then
create_dockerfile
exec_on_mpi_master_container ash -c "${SHELL_COMMAND}"
elif [ $COMMAND_LIST -eq 1 ]; then
list
else
usage
fi

Loading…
Cancel
Save