forked from oscar.krause/fastapi-dls
Compare commits
312 Commits
archlinux-
...
main
Author | SHA1 | Date | |
---|---|---|---|
6a54c05fbb | |||
1d0631417d | |||
847d3589c5 | |||
ca53a4e084 | |||
006d3a1833 | |||
ad3b622c23 | |||
e51d6bd391 | |||
78c1978dd5 | |||
4ebb4d790e | |||
11f1456538 | |||
be6797efc7 | |||
42fe066e1a | |||
9eb91cbe1a | |||
395884f643 | |||
ef542ec821 | |||
254e4ee08c | |||
07273c3ebd | |||
e04723d128 | |||
8f498f4960 | |||
dd69f60fd0 | |||
a5d599a52c | |||
66d203e72a | |||
7800bf73a8 | |||
5b39598487 | |||
ed59260a10 | |||
7c70d121be | |||
213e768708 | |||
0696900d67 | |||
4fb90a22e3 | |||
6aa197dcae | |||
46f6c9fe99 | |||
2baaeb561b | |||
867cd7018a | |||
9c686913dd | |||
d3c4dc3fb7 | |||
af8b1c2387 | |||
d37d96dc34 | |||
21d052523f | |||
22110df791 | |||
c7f354d50c | |||
3bdfc94527 | |||
9473f10653 | |||
e9ad1d7791 | |||
f97ee9c8fc | |||
236948e483 | |||
948934ad0e | |||
3ef14e5522 | |||
ee50ede2ea | |||
b11579de98 | |||
dc33c29158 | |||
6f9107087b | |||
01fd954252 | |||
995dbdac80 | |||
65de4d0534 | |||
51b28dcdc3 | |||
9512e29ed9 | |||
713e33eed1 | |||
4b16b02a7d | |||
3e9d7c0061 | |||
7480cb4cf7 | |||
58ffa752f3 | |||
2d7909546d | |||
fec099ae81 | |||
fd4fa84dc5 | |||
5ff3295658 | |||
ca38ebe3fd | |||
df5cb3c9c3 | |||
eca64fb1d5 | |||
7ae1201c8f | |||
a4e98dae46 | |||
d4267f3ee6 | |||
c02ca762ea | |||
10caf2310c | |||
7380e4328e | |||
c1eaa33d9e | |||
45545953ed | |||
4c8c2ed3d6 | |||
6483af4ba9 | |||
e6595c05d5 | |||
fb1dbea1ee | |||
f576ded038 | |||
54eaf55ee8 | |||
3119d2c7ea | |||
e40f4ce41f | |||
576f22333e | |||
0f53436700 | |||
c79636b1c2 | |||
8de9a89e56 | |||
801d1786ef | |||
7e5f8b6c8a | |||
98da86fc2e | |||
14cf6a953f | |||
6a5d3cb2f7 | |||
774a1c21a1 | |||
d1a77df0e1 | |||
c9c73f6cf2 | |||
b216dcb3dd | |||
d2e4042932 | |||
04a1ee0948 | |||
c1b5f83f44 | |||
9d1422cbdf | |||
7b7f14bd82 | |||
f72c0f7db3 | |||
76d8753f28 | |||
593db0e789 | |||
3d9e3cb88f | |||
995b944135 | |||
e200c84345 | |||
04ff36c94d | |||
89704bc2a1 | |||
6395214fa0 | |||
c8e000eb3e | |||
c8e5676c01 | |||
6f11bc414c | |||
1fc5ac8378 | |||
87334fbfad | |||
0fac033657 | |||
7cd4e6fde0 | |||
a22b56edbe | |||
e42dc6aa86 | |||
86f703a36c | |||
71795cc7a2 | |||
4ef041bb54 | |||
88c8fb98da | |||
a7b4a4b631 | |||
7ccb254cbf | |||
1d5d3b31fb | |||
7af2e02627 | |||
938fc6bd60 | |||
1b9ebb48b1 | |||
4972f00822 | |||
210a36c07f | |||
e1bbd42b50 | |||
c1d541f7c6 | |||
4b58fe6e20 | |||
b36b49df11 | |||
a42b1c8cfb | |||
59152f95e6 | |||
62d347510d | |||
f540c4b25b | |||
70212e0edd | |||
616e8fba5e | |||
b905ab9dd9 | |||
9edc93653e | |||
f30e9237a5 | |||
f12dc28c42 | |||
02276d5440 | |||
9ebff8d6ca | |||
48eb6d6c64 | |||
f7ef8d76b6 | |||
bed24b56ce | |||
95427d430e | |||
c3ea0aa48c | |||
91be7b226c | |||
7045692958 | |||
38177fa259 | |||
9411759f6d | |||
48c37987b2 | |||
e3745d7fa8 | |||
5bb8f17679 | |||
de17b0f1b5 | |||
0ab5969d3a | |||
059a51fe74 | |||
bf858b38f4 | |||
f60f08d543 | |||
b2e6fab294 | |||
b09bb091a5 | |||
651af4cc82 | |||
70f7d3f483 | |||
1e4070a1ba | |||
d69d833923 | |||
7ef071f92b | |||
3c19fc9d5b | |||
164b5ebc44 | |||
742fa07ed4 | |||
a758d93970 | |||
70250f1fca | |||
a65687a082 | |||
3e445c80aa | |||
20cc984799 | |||
3495cc3af5 | |||
ed13577e82 | |||
ca8a9df54c | |||
5425eec545 | |||
2f3c7d5433 | |||
b551b0e7f9 | |||
50dea9ac4e | |||
549a48a10b | |||
1f3bc8b4af | |||
5fc8d4091b | |||
851ec1a5c6 | |||
9180222169 | |||
e71d4c4f4e | |||
aecad82914 | |||
02fccb3605 | |||
24dba89dbe | |||
f5557a5ccd | |||
e8736c94ec | |||
4325560ec4 | |||
05979490ce | |||
52ffedffc7 | |||
5f5569a0c7 | |||
32b05808c4 | |||
6c9ea63dc1 | |||
b839e6c2b3 | |||
8bd37c0ead | |||
27f47b93b8 | |||
5bb8437b1d | |||
7e3f2d0345 | |||
4198021212 | |||
7e6e523799 | |||
7b2428ea38 | |||
ac811d5df7 | |||
5575fee382 | |||
f1369d5e25 | |||
d6cc6dcbee | |||
01fe142850 | |||
18e9ab2ebf | |||
b64c531898 | |||
ef1730f4fe | |||
146ae8b824 | |||
5a5ad0e654 | |||
0e3e7cbd3a | |||
bd5625af42 | |||
8f9d95056f | |||
2b8c468270 | |||
50e0dc8d1f | |||
8b934dfeef | |||
4fb6243330 | |||
2e950ca6f4 | |||
34662e6612 | |||
a3e089a3d5 | |||
ab996bb030 | |||
0853dd64cb | |||
838956bdb7 | |||
8c515b7f2e | |||
de5f07273b | |||
c894537ff9 | |||
98d7492534 | |||
2368cc2578 | |||
5e40d7944a | |||
5fc9fc8e0a | |||
b0e10004f1 | |||
478ca0ab63 | |||
3d83e533da | |||
1f56d31351 | |||
400c983025 | |||
fa3a06a360 | |||
c0ab3a589f | |||
a8504f3017 | |||
9a5cf9ff81 | |||
17978c2e2e | |||
569ca8b3ea | |||
e0843ca1d4 | |||
3fad49b18a | |||
82876bf6b1 | |||
dc6b6bff69 | |||
e91436b236 | |||
6a0c35a7a8 | |||
0b7bedde66 | |||
00f7c50e4e | |||
13ec45e762 | |||
0983426f30 | |||
0c3a38b84e | |||
51183f6845 | |||
5f87e65034 | |||
26d6d1feeb | |||
ca6942becc | |||
ff02c77afe | |||
85e2ef6930 | |||
47312f65d9 | |||
a59b720f3f | |||
1b2da802cb | |||
8b9c7d688b | |||
a09fc5f2ad | |||
ed1b55f5f1 | |||
2b7fed3381 | |||
922dc9f5a7 | |||
1a50e28202 | |||
a7cb6a7756 | |||
001b70b89c | |||
e6790588ef | |||
d57b494779 | |||
07de2401d7 | |||
d86948aee2 | |||
6b2e6bf392 | |||
913da290f1 | |||
5c1d291fac | |||
76f732adb6 | |||
d73221afb7 | |||
a6ac58d12c | |||
aa76ba5650 | |||
7abfb96841 | |||
6978ba4873 | |||
21e61796ff | |||
3c4fb35498 | |||
b5ed098093 | |||
478dc04787 | |||
eddf9217e5 | |||
903ef73280 | |||
a02d1ab9df | |||
34283555a1 | |||
3d5203dae0 | |||
d187167129 | |||
79c8d19b00 | |||
8a7f5d9cbe | |||
5e6c014b2b | |||
1173964643 | |||
a4c2ec6895 | |||
68aeeb785d | |||
a91ff4cd9b | |||
a6cf5e0ac1 |
@ -1,5 +1,5 @@
|
|||||||
Package: fastapi-dls
|
Package: fastapi-dls
|
||||||
Version: 1.0.0
|
Version: 0.0
|
||||||
Architecture: all
|
Architecture: all
|
||||||
Maintainer: Oscar Krause oscar.krause@collinwebdesigns.de
|
Maintainer: Oscar Krause oscar.krause@collinwebdesigns.de
|
||||||
Depends: python3, python3-fastapi, python3-uvicorn, python3-dotenv, python3-dateutil, python3-jose, python3-sqlalchemy, python3-pycryptodome, python3-markdown, uvicorn, openssl
|
Depends: python3, python3-fastapi, python3-uvicorn, python3-dotenv, python3-dateutil, python3-jose, python3-sqlalchemy, python3-pycryptodome, python3-markdown, uvicorn, openssl
|
27
.DEBIAN/env.default
Normal file
27
.DEBIAN/env.default
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
# Toggle debug mode
|
||||||
|
#DEBUG=false
|
||||||
|
|
||||||
|
# Where the client can find the DLS server
|
||||||
|
DLS_URL=127.0.0.1
|
||||||
|
DLS_PORT=443
|
||||||
|
|
||||||
|
# CORS configuration
|
||||||
|
## comma separated list without spaces
|
||||||
|
#CORS_ORIGINS="https://$DLS_URL:$DLS_PORT"
|
||||||
|
|
||||||
|
# Lease expiration in days
|
||||||
|
LEASE_EXPIRE_DAYS=90
|
||||||
|
LEASE_RENEWAL_PERIOD=0.2
|
||||||
|
|
||||||
|
# Database location
|
||||||
|
## https://docs.sqlalchemy.org/en/14/core/engines.html
|
||||||
|
DATABASE=sqlite:////etc/fastapi-dls/db.sqlite
|
||||||
|
|
||||||
|
# UUIDs for identifying the instance
|
||||||
|
#SITE_KEY_XID="00000000-0000-0000-0000-000000000000"
|
||||||
|
#INSTANCE_REF="10000000-0000-0000-0000-000000000001"
|
||||||
|
#ALLOTMENT_REF="20000000-0000-0000-0000-000000000001"
|
||||||
|
|
||||||
|
# Site-wide signing keys
|
||||||
|
INSTANCE_KEY_RSA=/etc/fastapi-dls/instance.private.pem
|
||||||
|
INSTANCE_KEY_PUB=/etc/fastapi-dls/instance.public.pem
|
25
.DEBIAN/fastapi-dls.service
Normal file
25
.DEBIAN/fastapi-dls.service
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Service for fastapi-dls
|
||||||
|
Documentation=https://git.collinwebdesigns.de/oscar.krause/fastapi-dls
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
User=www-data
|
||||||
|
Group=www-data
|
||||||
|
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||||
|
WorkingDirectory=/usr/share/fastapi-dls/app
|
||||||
|
EnvironmentFile=/etc/fastapi-dls/env
|
||||||
|
ExecStart=uvicorn main:app \
|
||||||
|
--env-file /etc/fastapi-dls/env \
|
||||||
|
--host $DLS_URL --port $DLS_PORT \
|
||||||
|
--app-dir /usr/share/fastapi-dls/app \
|
||||||
|
--ssl-keyfile /etc/fastapi-dls/webserver.key \
|
||||||
|
--ssl-certfile /etc/fastapi-dls/webserver.crt \
|
||||||
|
--proxy-headers
|
||||||
|
Restart=always
|
||||||
|
KillSignal=SIGQUIT
|
||||||
|
Type=simple
|
||||||
|
NotifyAccess=all
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
60
.DEBIAN/postinst
Normal file
60
.DEBIAN/postinst
Normal file
@ -0,0 +1,60 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
WORKING_DIR=/usr/share/fastapi-dls
|
||||||
|
CONFIG_DIR=/etc/fastapi-dls
|
||||||
|
|
||||||
|
if [ ! -f $CONFIG_DIR/instance.private.pem ]; then
|
||||||
|
echo "> Create dls-instance keypair ..."
|
||||||
|
openssl genrsa -out $CONFIG_DIR/instance.private.pem 2048
|
||||||
|
openssl rsa -in $CONFIG_DIR/instance.private.pem -outform PEM -pubout -out $CONFIG_DIR/instance.public.pem
|
||||||
|
else
|
||||||
|
echo "> Create dls-instance keypair skipped! (exists)"
|
||||||
|
fi
|
||||||
|
|
||||||
|
while true; do
|
||||||
|
[ -f $CONFIG_DIR/webserver.key ] && default_answer="N" || default_answer="Y"
|
||||||
|
[ $default_answer == "Y" ] && V="Y/n" || V="y/N"
|
||||||
|
read -p "> Do you wish to create self-signed webserver certificate? [${V}]" yn
|
||||||
|
yn=${yn:-$default_answer} # ${parameter:-word} If parameter is unset or null, the expansion of word is substituted. Otherwise, the value of parameter is substituted.
|
||||||
|
case $yn in
|
||||||
|
[Yy]*)
|
||||||
|
echo "> Generating keypair ..."
|
||||||
|
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout $CONFIG_DIR/webserver.key -out $CONFIG_DIR/webserver.crt
|
||||||
|
break
|
||||||
|
;;
|
||||||
|
[Nn]*) echo "> Generating keypair skipped! (exists)"; break ;;
|
||||||
|
*) echo "Please answer [y] or [n]." ;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
if [ -f $CONFIG_DIR/webserver.key ]; then
|
||||||
|
echo "> Starting service ..."
|
||||||
|
systemctl start fastapi-dls.service
|
||||||
|
|
||||||
|
if [ -x "$(command -v curl)" ]; then
|
||||||
|
echo "> Testing API ..."
|
||||||
|
source $CONFIG_DIR/env
|
||||||
|
curl --insecure -X GET https://$DLS_URL:$DLS_PORT/-/health
|
||||||
|
else
|
||||||
|
echo "> Testing API failed, curl not available. Please test manually!"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
chown -R www-data:www-data $CONFIG_DIR
|
||||||
|
chown -R www-data:www-data $WORKING_DIR
|
||||||
|
|
||||||
|
cat <<EOF
|
||||||
|
|
||||||
|
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
|
||||||
|
# #
|
||||||
|
# fastapi-dls is now installed. #
|
||||||
|
# #
|
||||||
|
# Service should be up and running. #
|
||||||
|
# Webservice is listen to https://localhost #
|
||||||
|
# #
|
||||||
|
# Configuration is stored in /etc/fastapi-dls/env. #
|
||||||
|
# #
|
||||||
|
# #
|
||||||
|
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
|
||||||
|
|
||||||
|
EOF
|
9
.DEBIAN/postrm
Executable file
9
.DEBIAN/postrm
Executable file
@ -0,0 +1,9 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# is removed automatically
|
||||||
|
#if [ "$1" = purge ] && [ -d /usr/share/fastapi-dls ]; then
|
||||||
|
# echo "> Removing app."
|
||||||
|
# rm -r /usr/share/fastapi-dls
|
||||||
|
#fi
|
||||||
|
|
||||||
|
echo -e "> Done."
|
@ -1,5 +1,3 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
echo -e "> Starting uninstallation of 'fastapi-dls'!"
|
echo -e "> Starting uninstallation of 'fastapi-dls'!"
|
||||||
|
|
||||||
# todo
|
|
11
.DEBIAN/requirements-bookworm-12.txt
Normal file
11
.DEBIAN/requirements-bookworm-12.txt
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
# https://packages.debian.org/hu/
|
||||||
|
fastapi==0.92.0
|
||||||
|
uvicorn[standard]==0.17.6
|
||||||
|
python-jose[pycryptodome]==3.3.0
|
||||||
|
pycryptodome==3.11.0
|
||||||
|
python-dateutil==2.8.2
|
||||||
|
sqlalchemy==1.4.46
|
||||||
|
markdown==3.4.1
|
||||||
|
python-dotenv==0.21.0
|
||||||
|
jinja2==3.1.2
|
||||||
|
httpx==0.23.3
|
10
.DEBIAN/requirements-ubuntu-23.04.txt
Normal file
10
.DEBIAN/requirements-ubuntu-23.04.txt
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# https://packages.ubuntu.com
|
||||||
|
fastapi==0.91.0
|
||||||
|
uvicorn[standard]==0.15.0
|
||||||
|
python-jose[pycryptodome]==3.3.0
|
||||||
|
pycryptodome==3.11.0
|
||||||
|
python-dateutil==2.8.2
|
||||||
|
sqlalchemy==1.4.46
|
||||||
|
markdown==3.4.3
|
||||||
|
python-dotenv==0.21.0
|
||||||
|
jinja2==3.1.2
|
10
.DEBIAN/requirements-ubuntu-23.10.txt
Normal file
10
.DEBIAN/requirements-ubuntu-23.10.txt
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# https://packages.ubuntu.com
|
||||||
|
fastapi==0.101.0
|
||||||
|
uvicorn[standard]==0.23.2
|
||||||
|
python-jose[pycryptodome]==3.3.0
|
||||||
|
pycryptodome==3.11.0
|
||||||
|
python-dateutil==2.8.2
|
||||||
|
sqlalchemy==1.4.47
|
||||||
|
markdown==3.4.4
|
||||||
|
python-dotenv==1.0.0
|
||||||
|
jinja2==3.1.2
|
10
.DEBIAN/requirements-ubuntu-24.04.txt
Normal file
10
.DEBIAN/requirements-ubuntu-24.04.txt
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# https://packages.ubuntu.com
|
||||||
|
fastapi==0.101.0
|
||||||
|
uvicorn[standard]==0.27.1
|
||||||
|
python-jose[pycryptodome]==3.3.0
|
||||||
|
pycryptodome==3.20.0
|
||||||
|
python-dateutil==2.8.2
|
||||||
|
sqlalchemy==1.4.50
|
||||||
|
markdown==3.5.2
|
||||||
|
python-dotenv==1.0.1
|
||||||
|
jinja2==3.1.2
|
@ -1,8 +1,8 @@
|
|||||||
# Maintainer: samicrusader <hi@samicrusader.me>
|
|
||||||
# Maintainer: Oscar Krause <oscar.krause@collinwebdesigns.de>
|
# Maintainer: Oscar Krause <oscar.krause@collinwebdesigns.de>
|
||||||
|
# Contributor: samicrusader <hi@samicrusader.me>
|
||||||
|
|
||||||
pkgname=fastapi-dls
|
pkgname=fastapi-dls
|
||||||
pkgver=1.0
|
pkgver=1.1
|
||||||
pkgrel=1
|
pkgrel=1
|
||||||
pkgdesc='NVIDIA DLS server implementation with FastAPI'
|
pkgdesc='NVIDIA DLS server implementation with FastAPI'
|
||||||
arch=('any')
|
arch=('any')
|
||||||
@ -11,12 +11,21 @@ license=('MIT')
|
|||||||
depends=('python' 'python-jose' 'python-starlette' 'python-httpx' 'python-fastapi' 'python-dotenv' 'python-dateutil' 'python-sqlalchemy' 'python-pycryptodome' 'uvicorn' 'python-markdown' 'openssl')
|
depends=('python' 'python-jose' 'python-starlette' 'python-httpx' 'python-fastapi' 'python-dotenv' 'python-dateutil' 'python-sqlalchemy' 'python-pycryptodome' 'uvicorn' 'python-markdown' 'openssl')
|
||||||
provider=("$pkgname")
|
provider=("$pkgname")
|
||||||
install="$pkgname.install"
|
install="$pkgname.install"
|
||||||
source=('git+file:///builds/oscar.krause/fastapi-dls' # https://gitea.publichub.eu/oscar.krause/fastapi-dls.git
|
backup=('etc/default/fastapi-dls')
|
||||||
|
source=("git+file://${CI_PROJECT_DIR}"
|
||||||
"$pkgname.default"
|
"$pkgname.default"
|
||||||
"$pkgname.service")
|
"$pkgname.service"
|
||||||
|
"$pkgname.tmpfiles")
|
||||||
sha256sums=('SKIP'
|
sha256sums=('SKIP'
|
||||||
'd8b2216b67a2f8f35ad6f07c825839794f7c34456a72caadd9fc110810348d90'
|
'fbd015449a30c0ae82733289a56eb98151dcfab66c91b37fe8e202e39f7a5edb'
|
||||||
'10cb98d64f8bf37b11a60510793c187cc664e63c895d1205781c21fa2e703f32')
|
'2719338541104c537453a65261c012dda58e1dbee99154cf4f33b526ee6ca22e'
|
||||||
|
'3dc60140c08122a8ec0e7fa7f0937eb8c1288058890ba09478420fc30ce9e30c')
|
||||||
|
|
||||||
|
pkgver() {
|
||||||
|
echo -e "VERSION=$VERSION\nCOMMIT=$CI_COMMIT_SHA" > $srcdir/$pkgname/version.env
|
||||||
|
source $srcdir/$pkgname/version.env
|
||||||
|
echo $VERSION
|
||||||
|
}
|
||||||
|
|
||||||
check() {
|
check() {
|
||||||
cd "$srcdir/$pkgname/test"
|
cd "$srcdir/$pkgname/test"
|
||||||
@ -32,11 +41,14 @@ package() {
|
|||||||
install -d "$pkgdir/var/lib/$pkgname/cert"
|
install -d "$pkgdir/var/lib/$pkgname/cert"
|
||||||
cp -r "$srcdir/$pkgname/doc"/* "$pkgdir/usr/share/doc/$pkgname/"
|
cp -r "$srcdir/$pkgname/doc"/* "$pkgdir/usr/share/doc/$pkgname/"
|
||||||
install -Dm644 "$srcdir/$pkgname/README.md" "$pkgdir/usr/share/doc/$pkgname/README.md"
|
install -Dm644 "$srcdir/$pkgname/README.md" "$pkgdir/usr/share/doc/$pkgname/README.md"
|
||||||
|
install -Dm644 "$srcdir/$pkgname/version.env" "$pkgdir/usr/share/doc/$pkgname/version.env"
|
||||||
|
|
||||||
sed -i "s/README.md/\/usr\/share\/doc\/$pkgname\/README.md/g" "$srcdir/$pkgname/app/main.py"
|
sed -i "s/README.md/\/usr\/share\/doc\/$pkgname\/README.md/g" "$srcdir/$pkgname/app/main.py"
|
||||||
sed -i "s/join(dirname(__file__), 'cert\//join('\/var\/lib\/$pkgname', 'cert\//g" "$srcdir/$pkgname/app/main.py"
|
sed -i "s/join(dirname(__file__), 'cert\//join('\/var\/lib\/$pkgname', 'cert\//g" "$srcdir/$pkgname/app/main.py"
|
||||||
install -Dm755 "$srcdir/$pkgname/app/main.py" "$pkgdir/opt/$pkgname/main.py"
|
install -Dm755 "$srcdir/$pkgname/app/main.py" "$pkgdir/opt/$pkgname/main.py"
|
||||||
install -Dm755 "$srcdir/$pkgname/app/orm.py" "$pkgdir/opt/$pkgname/orm.py"
|
install -Dm755 "$srcdir/$pkgname/app/orm.py" "$pkgdir/opt/$pkgname/orm.py"
|
||||||
|
install -Dm755 "$srcdir/$pkgname/app/util.py" "$pkgdir/opt/$pkgname/util.py"
|
||||||
install -Dm644 "$srcdir/$pkgname.default" "$pkgdir/etc/default/$pkgname"
|
install -Dm644 "$srcdir/$pkgname.default" "$pkgdir/etc/default/$pkgname"
|
||||||
install -Dm644 "$srcdir/$pkgname.service" "$pkgdir/usr/lib/systemd/system/$pkgname.service"
|
install -Dm644 "$srcdir/$pkgname.service" "$pkgdir/usr/lib/systemd/system/$pkgname.service"
|
||||||
|
install -Dm644 "$srcdir/$pkgname.tmpfiles" "$pkgdir/usr/lib/tmpfiles.d/$pkgname.conf"
|
||||||
}
|
}
|
||||||
|
@ -3,6 +3,7 @@ DEBUG=false
|
|||||||
|
|
||||||
# Where the client can find the DLS server
|
# Where the client can find the DLS server
|
||||||
## DLS_URL should be a hostname
|
## DLS_URL should be a hostname
|
||||||
|
LISTEN_IP="0.0.0.0"
|
||||||
DLS_URL="localhost.localdomain"
|
DLS_URL="localhost.localdomain"
|
||||||
DLS_PORT=8443
|
DLS_PORT=8443
|
||||||
CORS_ORIGINS="https://$DLS_URL:$DLS_PORT"
|
CORS_ORIGINS="https://$DLS_URL:$DLS_PORT"
|
||||||
@ -11,7 +12,7 @@ CORS_ORIGINS="https://$DLS_URL:$DLS_PORT"
|
|||||||
LEASE_EXPIRE_DAYS=90
|
LEASE_EXPIRE_DAYS=90
|
||||||
|
|
||||||
# Database location
|
# Database location
|
||||||
## See https://dataset.readthedocs.io/en/latest/quickstart.html for details
|
## https://docs.sqlalchemy.org/en/14/core/engines.html
|
||||||
DATABASE="sqlite:////var/lib/fastapi-dls/db.sqlite"
|
DATABASE="sqlite:////var/lib/fastapi-dls/db.sqlite"
|
||||||
|
|
||||||
# UUIDs for identifying the instance
|
# UUIDs for identifying the instance
|
||||||
@ -21,3 +22,7 @@ INSTANCE_REF="<<instanceref>>"
|
|||||||
# Site-wide signing keys
|
# Site-wide signing keys
|
||||||
INSTANCE_KEY_RSA="/var/lib/fastapi-dls/instance.private.pem"
|
INSTANCE_KEY_RSA="/var/lib/fastapi-dls/instance.private.pem"
|
||||||
INSTANCE_KEY_PUB="/var/lib/fastapi-dls/instance.public.pem"
|
INSTANCE_KEY_PUB="/var/lib/fastapi-dls/instance.public.pem"
|
||||||
|
|
||||||
|
# TLS certificate
|
||||||
|
INSTANCE_SSL_CERT="/var/lib/fastapi-dls/cert/webserver.crt"
|
||||||
|
INSTANCE_SSL_KEY="/var/lib/fastapi-dls/cert/webserver.key"
|
||||||
|
@ -4,12 +4,13 @@ Documentation=https://git.collinwebdesigns.de/oscar.krause/fastapi-dls
|
|||||||
After=network.target
|
After=network.target
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=forking
|
Type=simple
|
||||||
|
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||||
EnvironmentFile=/etc/default/fastapi-dls
|
EnvironmentFile=/etc/default/fastapi-dls
|
||||||
ExecStart=/usr/bin/python /opt/fastapi-dls/main.py
|
ExecStart=/usr/bin/uvicorn main:app --proxy-headers --env-file=/etc/default/fastapi-dls --host=${LISTEN_IP} --port=${DLS_PORT} --app-dir=/opt/fastapi-dls --ssl-keyfile=${INSTANCE_SSL_KEY} --ssl-certfile=${INSTANCE_SSL_CERT}
|
||||||
WorkingDir=/opt/fastapi-dls
|
|
||||||
Restart=on-abort
|
Restart=on-abort
|
||||||
User=root
|
User=http
|
||||||
|
Group=http
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
2
.PKGBUILD/fastapi-dls.tmpfiles
Normal file
2
.PKGBUILD/fastapi-dls.tmpfiles
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
d /var/lib/fastapi-dls 0755 http http
|
||||||
|
d /var/lib/fastapi-dls/cert 0755 http http
|
48
.UNRAID/FastAPI-DLS.xml
Normal file
48
.UNRAID/FastAPI-DLS.xml
Normal file
@ -0,0 +1,48 @@
|
|||||||
|
<?xml version="1.0"?>
|
||||||
|
<Container version="2">
|
||||||
|
<Name>FastAPI-DLS</Name>
|
||||||
|
<Repository>collinwebdesigns/fastapi-dls:latest</Repository>
|
||||||
|
<Registry>https://hub.docker.com/r/collinwebdesigns/fastapi-dls</Registry>
|
||||||
|
<Network>br0</Network>
|
||||||
|
<MyIP></MyIP>
|
||||||
|
<Shell>sh</Shell>
|
||||||
|
<Privileged>false</Privileged>
|
||||||
|
<Support/>
|
||||||
|
<Project/>
|
||||||
|
<Overview>Source:
|
||||||
|
https://git.collinwebdesigns.de/oscar.krause/fastapi-dls#docker
|
||||||
|

|
||||||
|
Make sure you create these certificates before starting the container for the first time:
|
||||||
|
```
|
||||||
|
# Check https://git.collinwebdesigns.de/oscar.krause/fastapi-dls/-/tree/main/#docker for more information:
|
||||||
|
WORKING_DIR=/mnt/user/appdata/fastapi-dls/cert
|
||||||
|
mkdir -p $WORKING_DIR
|
||||||
|
cd $WORKING_DIR
|
||||||
|
# create instance private and public key for singing JWT's
|
||||||
|
openssl genrsa -out $WORKING_DIR/instance.private.pem 2048 
|
||||||
|
openssl rsa -in $WORKING_DIR/instance.private.pem -outform PEM -pubout -out $WORKING_DIR/instance.public.pem
|
||||||
|
# create ssl certificate for integrated webserver (uvicorn) - because clients rely on ssl
|
||||||
|
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout $WORKING_DIR/webserver.key -out $WORKING_DIR/webserver.crt
|
||||||
|
```
|
||||||
|
</Overview>
|
||||||
|
<Category/>
|
||||||
|
<WebUI>https://[IP]:[PORT:443]</WebUI>
|
||||||
|
<TemplateURL/>
|
||||||
|
<Icon>https://git.collinwebdesigns.de/uploads/-/system/project/avatar/106/png-transparent-nvidia-grid-logo-business-nvidia-electronics-text-trademark.png?width=64</Icon>
|
||||||
|
<ExtraParams>--restart always</ExtraParams>
|
||||||
|
<PostArgs/>
|
||||||
|
<CPUset/>
|
||||||
|
<DateInstalled>1679161568</DateInstalled>
|
||||||
|
<DonateText/>
|
||||||
|
<DonateLink/>
|
||||||
|
<Requires/>
|
||||||
|
<Config Name="HTTPS Port" Target="" Default="443" Mode="tcp" Description="Same as DLS Port below." Type="Port" Display="always-hide" Required="true" Mask="false">443</Config>
|
||||||
|
<Config Name="App Cert" Target="/app/cert" Default="/mnt/user/appdata/fastapi-dls/cert" Mode="rw" Description="[REQUIRED] Read the description above to make this folder. You do not need to change the path." Type="Path" Display="always-hide" Required="true" Mask="false">/mnt/user/appdata/fastapi-dls/cert</Config>
|
||||||
|
<Config Name="DLS Port" Target="DSL_PORT" Default="443" Mode="" Description="Choose port you want to use. Make sure to change the HTTPS port above to match it." Type="Variable" Display="always-hide" Required="true" Mask="false">443</Config>
|
||||||
|
<Config Name="App database" Target="/app/database" Default="/mnt/user/appdata/fastapi-dls/data" Mode="rw" Description="[REQUIRED] Read the description above to make this folder. You do not need to change the path." Type="Path" Display="always-hide" Required="true" Mask="false">/mnt/user/appdata/fastapi-dls/data</Config>
|
||||||
|
<Config Name="DSL IP" Target="DLS_URL" Default="localhost" Mode="" Description="Put your container's IP (or your host's IP if it's shared)." Type="Variable" Display="always-hide" Required="true" Mask="false"></Config>
|
||||||
|
<Config Name="Time Zone" Target="TZ" Default="" Mode="" Description="Format example: America/New_York. MUST MATCH YOUR CURRENT TIMEZONE AND THE GUEST VMS TIMEZONE! Otherwise you'll get into issues, read the guide above." Type="Variable" Display="always-hide" Required="true" Mask="false"></Config>
|
||||||
|
<Config Name="Database" Target="DATABASE" Default="sqlite:////app/database/db.sqlite" Mode="" Description="Set to sqlite:////app/database/db.sqlite" Type="Variable" Display="advanced-hide" Required="true" Mask="false">sqlite:////app/database/db.sqlite</Config>
|
||||||
|
<Config Name="Debug" Target="DEBUG" Default="true" Mode="" Description="true to enable debugging, false to disable them." Type="Variable" Display="advanced-hide" Required="false" Mask="false">true</Config>
|
||||||
|
<Config Name="Lease" Target="LEASE_EXPIRE_DAYS" Default="90" Mode="" Description="90 days is the maximum value." Type="Variable" Display="advanced" Required="false" Mask="false">90</Config>
|
||||||
|
</Container>
|
197
.UNRAID/setup_vgpu_license.sh
Normal file
197
.UNRAID/setup_vgpu_license.sh
Normal file
@ -0,0 +1,197 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# This script automates the licensing of the vGPU guest driver
|
||||||
|
# on Unraid boot. Set the Schedule to: "At Startup of Array".
|
||||||
|
#
|
||||||
|
# Relies on FastAPI-DLS for the licensing.
|
||||||
|
# It assumes FeatureType=1 (vGPU), change it as you see fit in line <114>
|
||||||
|
#
|
||||||
|
# Requires `eflutils` to be installed in the system for `nvidia-gridd` to run
|
||||||
|
# To Install it:
|
||||||
|
# 1) You might find it here: https://packages.slackware.com/ (choose the 64bit version of Slackware)
|
||||||
|
# 2) Download the package and put it in /boot/extra to be installed on boot
|
||||||
|
# 3) a. Reboot to install it, OR
|
||||||
|
# b. Run `upgradepkg --install-new /boot/extra/elfutils*`
|
||||||
|
# [i]: Make sure to have only one version of elfutils, otherwise you might run into issues
|
||||||
|
|
||||||
|
# Sources and docs:
|
||||||
|
# https://docs.nvidia.com/grid/15.0/grid-vgpu-user-guide/index.html#configuring-nls-licensed-client-on-linux
|
||||||
|
#
|
||||||
|
|
||||||
|
################################################
|
||||||
|
# MAKE SURE YOU CHANGE THESE VARIABLES #
|
||||||
|
################################################
|
||||||
|
|
||||||
|
###### CHANGE ME!
|
||||||
|
# IP and PORT of FastAPI-DLS
|
||||||
|
DLS_IP=192.168.0.123
|
||||||
|
DLS_PORT=443
|
||||||
|
# Token folder, must be on a filesystem that supports
|
||||||
|
# linux filesystem permissions (eg: ext4,xfs,btrfs...)
|
||||||
|
TOKEN_PATH=/mnt/user/system/nvidia
|
||||||
|
PING=$(which ping)
|
||||||
|
|
||||||
|
# Check if the License is applied
|
||||||
|
if [[ "$(nvidia-smi -q | grep "Expiry")" == *Expiry* ]]; then
|
||||||
|
echo " [i] Your vGPU Guest drivers are already licensed."
|
||||||
|
echo " [i] $(nvidia-smi -q | grep "Expiry")"
|
||||||
|
echo " [<] Exiting..."
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check if the FastAPI-DLS server is reachable
|
||||||
|
# Check if the License is applied
|
||||||
|
MAX_RETRIES=30
|
||||||
|
for i in $(seq 1 $MAX_RETRIES); do
|
||||||
|
echo -ne "\r [>] Attempt $i to connect to $DLS_IP."
|
||||||
|
if ping -c 1 $DLS_IP >/dev/null 2>&1; then
|
||||||
|
echo -e "\n [*] Connection successful."
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
if [ $i -eq $MAX_RETRIES ]; then
|
||||||
|
echo -e "\n [!] Connection failed after $MAX_RETRIES attempts."
|
||||||
|
echo -e "\n [<] Exiting..."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
sleep 1
|
||||||
|
done
|
||||||
|
|
||||||
|
# Check if the token folder exists
|
||||||
|
if [ -d "${TOKEN_PATH}" ]; then
|
||||||
|
echo " [*] Token Folder exists. Proceeding..."
|
||||||
|
else
|
||||||
|
echo " [!] Token Folder does not exists or not ready yet. Exiting."
|
||||||
|
echo " [!] Token Folder Specified: ${TOKEN_PATH}"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check if elfutils are installed, otherwise nvidia-gridd service
|
||||||
|
# wont start
|
||||||
|
if [ "$(grep -R "elfutils" /var/log/packages/* | wc -l)" != 0 ]; then
|
||||||
|
echo " [*] Elfutils is installed, proceeding..."
|
||||||
|
else
|
||||||
|
echo " [!] Elfutils is not installed, downloading and installing..."
|
||||||
|
echo " [!] Downloading elfutils to /boot/extra"
|
||||||
|
echo " [i] This script will download elfutils from slackware64-15.0 repository."
|
||||||
|
echo " [i] If you have a different version of Unraid (6.11.5), you might want to"
|
||||||
|
echo " [i] download and install a suitable version manually from the slackware"
|
||||||
|
echo " [i] repository, and put it in /boot/extra to be install on boot."
|
||||||
|
echo " [i] You may also install it by running: "
|
||||||
|
echo " [i] upgradepkg --install-new /path/to/elfutils-*.txz"
|
||||||
|
echo ""
|
||||||
|
echo " [>] Downloading elfutils from slackware64-15.0 repository:"
|
||||||
|
wget -q -nc --show-progress --progress=bar:force:noscroll -P /boot/extra https://slackware.uk/slackware/slackware64-15.0/slackware64/l/elfutils-0.186-x86_64-1.txz 2>/dev/null \
|
||||||
|
|| { echo " [!] Error while downloading elfutils, please download it and install it manually."; exit 1; }
|
||||||
|
echo ""
|
||||||
|
if upgradepkg --install-new /boot/extra/elfutils-0.186-x86_64-1.txz
|
||||||
|
then
|
||||||
|
echo " [*] Elfutils installed and will be installed automatically on boot"
|
||||||
|
else
|
||||||
|
echo " [!] Error while installing, check logs..."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo " [~] Sleeping for 60 seconds before continuing..."
|
||||||
|
echo " [i] The script is waiting until the boot process settles down."
|
||||||
|
|
||||||
|
for i in {60..1}; do
|
||||||
|
printf "\r [~] %d seconds remaining" "$i"
|
||||||
|
sleep 1
|
||||||
|
done
|
||||||
|
|
||||||
|
printf "\n"
|
||||||
|
|
||||||
|
create_token () {
|
||||||
|
echo " [>] Creating new token..."
|
||||||
|
if ${PING} -c1 ${DLS_IP} > /dev/null 2>&1
|
||||||
|
then
|
||||||
|
# curl --insecure -L -X GET https://${DLS_IP}:${DLS_PORT}/-/client-token -o ${TOKEN_PATH}/client_configuration_token_"$(date '+%d-%m-%Y-%H-%M-%S')".tok || { echo " [!] Could not get the token, please check the server."; exit 1;}
|
||||||
|
wget -q -nc -4c --no-check-certificate --show-progress --progress=bar:force:noscroll -O "${TOKEN_PATH}"/client_configuration_token_"$(date '+%d-%m-%Y-%H-%M-%S')".tok https://${DLS_IP}:${DLS_PORT}/-/client-token \
|
||||||
|
|| { echo " [!] Could not get the token, please check the server."; exit 1;}
|
||||||
|
chmod 744 "${TOKEN_PATH}"/*.tok || { echo " [!] Could not chmod the tokens."; exit 1; }
|
||||||
|
echo ""
|
||||||
|
echo " [*] Token downloaded and stored in ${TOKEN_PATH}."
|
||||||
|
else
|
||||||
|
echo " [!] Could not get token, DLS server unavailable ."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
setup_run () {
|
||||||
|
echo " [>] Setting up gridd.conf"
|
||||||
|
cp /etc/nvidia/gridd.conf.template /etc/nvidia/gridd.conf || { echo " [!] Error configuring gridd.conf, did you install the drivers correctly?"; exit 1; }
|
||||||
|
sed -i 's/FeatureType=0/FeatureType=1/g' /etc/nvidia/gridd.conf
|
||||||
|
echo "ClientConfigTokenPath=${TOKEN_PATH}" >> /etc/nvidia/gridd.conf
|
||||||
|
echo " [>] Creating /var/lib/nvidia folder structure"
|
||||||
|
mkdir -p /var/lib/nvidia/GridLicensing
|
||||||
|
echo " [>] Starting nvidia-gridd"
|
||||||
|
if pgrep nvidia-gridd >/dev/null 2>&1; then
|
||||||
|
echo " [!] nvidia-gridd service is running. Closing."
|
||||||
|
sh /usr/lib/nvidia/sysv/nvidia-gridd stop
|
||||||
|
stop_exit_code=$?
|
||||||
|
if [ $stop_exit_code -eq 0 ]; then
|
||||||
|
echo " [*] nvidia-gridd service stopped successfully."
|
||||||
|
else
|
||||||
|
echo " [!] Error while stopping nvidia-gridd service."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Kill the service if it does not close
|
||||||
|
if pgrep nvidia-gridd >/dev/null 2>&1; then
|
||||||
|
kill -9 "$(pgrep nvidia-gridd)" || {
|
||||||
|
echo " [!] Error while closing nvidia-gridd service"
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo " [*] Restarting nvidia-gridd service."
|
||||||
|
sh /usr/lib/nvidia/sysv/nvidia-gridd start
|
||||||
|
|
||||||
|
if pgrep nvidia-gridd >/dev/null 2>&1; then
|
||||||
|
echo " [*] Service started, PID: $(pgrep nvidia-gridd)"
|
||||||
|
else
|
||||||
|
echo -e " [!] Error while starting nvidia-gridd service. Use strace -f nvidia-gridd to debug.\n [i] Check if elfutils is installed.\n [i] strace is not installed by default."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
sh /usr/lib/nvidia/sysv/nvidia-gridd start
|
||||||
|
|
||||||
|
if pgrep nvidia-gridd >/dev/null 2>&1; then
|
||||||
|
echo " [*] Service started, PID: $(pgrep nvidia-gridd)"
|
||||||
|
else
|
||||||
|
echo -e " [!] Error while starting nvidia-gridd service. Use strace -f nvidia-gridd to debug.\n [i] Check if elfutils is installed.\n [i] strace is not installed by default."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
for token in "${TOKEN_PATH}"/*; do
|
||||||
|
if [ "${token: -4}" == ".tok" ]
|
||||||
|
then
|
||||||
|
echo " [*] Tokens found..."
|
||||||
|
setup_run
|
||||||
|
else
|
||||||
|
echo " [!] No Tokens found..."
|
||||||
|
create_token
|
||||||
|
setup_run
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
while true; do
|
||||||
|
if nvidia-smi -q | grep "Expiry" >/dev/null 2>&1; then
|
||||||
|
echo " [>] vGPU licensed!"
|
||||||
|
echo " [i] $(nvidia-smi -q | grep "Expiry")"
|
||||||
|
break
|
||||||
|
else
|
||||||
|
echo -ne " [>] vGPU not licensed yet... Checking again in 5 seconds\c"
|
||||||
|
for i in {1..5}; do
|
||||||
|
sleep 1
|
||||||
|
echo -ne ".\c"
|
||||||
|
done
|
||||||
|
echo -ne "\r\c"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
echo " [>] Done..."
|
||||||
|
exit 0
|
@ -1,7 +1,9 @@
|
|||||||
|
version: "2"
|
||||||
plugins:
|
plugins:
|
||||||
bandit:
|
bandit:
|
||||||
enabled: true
|
enabled: true
|
||||||
sonar-python:
|
sonar-python:
|
||||||
enabled: true
|
enabled: true
|
||||||
pylint:
|
config:
|
||||||
enabled: true
|
tests_patterns:
|
||||||
|
- test/**
|
||||||
|
296
.gitlab-ci.yml
296
.gitlab-ci.yml
@ -1,53 +1,113 @@
|
|||||||
|
include:
|
||||||
|
- template: Jobs/Code-Quality.gitlab-ci.yml
|
||||||
|
- template: Jobs/Secret-Detection.gitlab-ci.yml
|
||||||
|
- template: Jobs/SAST.gitlab-ci.yml
|
||||||
|
- template: Jobs/Container-Scanning.gitlab-ci.yml
|
||||||
|
- template: Jobs/Dependency-Scanning.gitlab-ci.yml
|
||||||
|
|
||||||
cache:
|
cache:
|
||||||
key: one-key-to-rule-them-all
|
key: one-key-to-rule-them-all
|
||||||
|
|
||||||
|
variables:
|
||||||
|
DOCKER_BUILDX_PLATFORM: "linux/amd64,linux/arm64"
|
||||||
|
|
||||||
build:docker:
|
build:docker:
|
||||||
image: docker:dind
|
image: docker:dind
|
||||||
interruptible: true
|
interruptible: true
|
||||||
stage: build
|
stage: build
|
||||||
rules:
|
rules:
|
||||||
- if: $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH
|
- if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH
|
||||||
|
changes:
|
||||||
|
- app/**/*
|
||||||
|
- Dockerfile
|
||||||
|
- if: $CI_PIPELINE_SOURCE == 'merge_request_event'
|
||||||
tags: [ docker ]
|
tags: [ docker ]
|
||||||
before_script:
|
before_script:
|
||||||
- echo "COMMIT=${CI_COMMIT_SHA}" >> version.env # COMMIT=`git rev-parse HEAD`
|
- docker buildx inspect
|
||||||
|
- docker buildx create --use
|
||||||
script:
|
script:
|
||||||
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
|
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
|
||||||
- docker build . --tag ${CI_REGISTRY}/${CI_PROJECT_PATH}/${CI_BUILD_REF_NAME}:${CI_BUILD_REF}
|
- IMAGE=$CI_REGISTRY/$CI_PROJECT_PATH/$CI_COMMIT_REF_NAME:$CI_COMMIT_SHA
|
||||||
- docker push ${CI_REGISTRY}/${CI_PROJECT_PATH}/${CI_BUILD_REF_NAME}:${CI_BUILD_REF}
|
- docker buildx build --progress=plain --platform $DOCKER_BUILDX_PLATFORM --build-arg VERSION=$CI_COMMIT_REF_NAME --build-arg COMMIT=$CI_COMMIT_SHA --tag $IMAGE --push .
|
||||||
|
- docker buildx imagetools inspect $IMAGE
|
||||||
|
- echo "CS_IMAGE=$IMAGE" > container_scanning.env
|
||||||
|
artifacts:
|
||||||
|
reports:
|
||||||
|
dotenv: container_scanning.env
|
||||||
|
|
||||||
build:apt:
|
build:apt:
|
||||||
image: debian:bookworm-slim # just to get "python3-jose" working
|
image: debian:bookworm-slim
|
||||||
|
interruptible: true
|
||||||
stage: build
|
stage: build
|
||||||
|
rules:
|
||||||
|
- if: $CI_COMMIT_TAG
|
||||||
|
variables:
|
||||||
|
VERSION: $CI_COMMIT_REF_NAME
|
||||||
|
- if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH
|
||||||
|
changes:
|
||||||
|
- app/**/*
|
||||||
|
- .DEBIAN/**/*
|
||||||
|
- .gitlab-ci.yml
|
||||||
|
variables:
|
||||||
|
VERSION: "0.0.1"
|
||||||
|
- if: $CI_PIPELINE_SOURCE == 'merge_request_event'
|
||||||
|
variables:
|
||||||
|
VERSION: "0.0.1"
|
||||||
before_script:
|
before_script:
|
||||||
|
- echo -e "VERSION=$VERSION\nCOMMIT=$CI_COMMIT_SHA" > version.env
|
||||||
|
# install build dependencies
|
||||||
- apt-get update -qq && apt-get install -qq -y build-essential
|
- apt-get update -qq && apt-get install -qq -y build-essential
|
||||||
# create build directory for .deb sources
|
# create build directory for .deb sources
|
||||||
- mkdir build
|
- mkdir build
|
||||||
# copy install instructions
|
# copy install instructions
|
||||||
- cp -r DEBIAN build/
|
- cp -r .DEBIAN build/DEBIAN
|
||||||
|
- chmod -R 0775 build/DEBIAN
|
||||||
# copy app into "/usr/share/fastapi-dls" as "/usr/share/fastapi-dls/app" & copy README.md and version.env
|
# copy app into "/usr/share/fastapi-dls" as "/usr/share/fastapi-dls/app" & copy README.md and version.env
|
||||||
- mkdir -p build/usr/share/fastapi-dls
|
- mkdir -p build/usr/share/fastapi-dls
|
||||||
- cp -r app build/usr/share/fastapi-dls
|
- cp -r app build/usr/share/fastapi-dls
|
||||||
- cp README.md version.env build/usr/share/fastapi-dls
|
- cp README.md version.env build/usr/share/fastapi-dls
|
||||||
# create conf file
|
# create conf file
|
||||||
- mkdir -p build/etc/fastapi-dls
|
- mkdir -p build/etc/fastapi-dls
|
||||||
- touch build/etc/fastapi-dls/env
|
- cp .DEBIAN/env.default build/etc/fastapi-dls/env
|
||||||
|
# create service file
|
||||||
|
- mkdir -p build/etc/systemd/system
|
||||||
|
- cp .DEBIAN/fastapi-dls.service build/etc/systemd/system/fastapi-dls.service
|
||||||
# cd into "build/"
|
# cd into "build/"
|
||||||
- cd build/
|
- cd build/
|
||||||
script:
|
script:
|
||||||
|
# set version based on value in "$CI_COMMIT_REF_NAME"
|
||||||
|
- sed -i -E 's/(Version\:\s)0.0/\1'"$VERSION"'/g' DEBIAN/control
|
||||||
|
# build
|
||||||
- dpkg -b . build.deb
|
- dpkg -b . build.deb
|
||||||
|
- dpkg -I build.deb
|
||||||
artifacts:
|
artifacts:
|
||||||
expire_in: 1 week
|
expire_in: 1 week
|
||||||
paths:
|
paths:
|
||||||
- build/build.deb
|
- build/build.deb
|
||||||
|
|
||||||
build:pamac:
|
build:pacman:
|
||||||
image: archlinux:base-devel
|
image: archlinux:base-devel
|
||||||
|
interruptible: true
|
||||||
stage: build
|
stage: build
|
||||||
rules:
|
rules:
|
||||||
- if: $CI_COMMIT_BRANCH == "archlinux-makepkg"
|
- if: $CI_COMMIT_TAG
|
||||||
|
variables:
|
||||||
|
VERSION: $CI_COMMIT_REF_NAME
|
||||||
|
- if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH
|
||||||
|
changes:
|
||||||
|
- app/**/*
|
||||||
|
- .PKGBUILD/**/*
|
||||||
|
- .gitlab-ci.yml
|
||||||
|
variables:
|
||||||
|
VERSION: "0.0.1"
|
||||||
|
- if: $CI_PIPELINE_SOURCE == 'merge_request_event'
|
||||||
|
variables:
|
||||||
|
VERSION: "0.0.1"
|
||||||
before_script:
|
before_script:
|
||||||
|
#- echo -e "VERSION=$VERSION\nCOMMIT=$CI_COMMIT_SHA" > version.env
|
||||||
|
# install build dependencies
|
||||||
- pacman -Syu --noconfirm git
|
- pacman -Syu --noconfirm git
|
||||||
# "makepkg" don't likes root user
|
# create a build-user because "makepkg" don't like root user
|
||||||
- useradd --no-create-home --shell=/bin/false build && usermod -L build
|
- useradd --no-create-home --shell=/bin/false build && usermod -L build
|
||||||
- 'echo "build ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers'
|
- 'echo "build ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers'
|
||||||
- 'echo "root ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers'
|
- 'echo "root ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers'
|
||||||
@ -59,51 +119,83 @@ build:pamac:
|
|||||||
# download dependencies
|
# download dependencies
|
||||||
- source PKGBUILD && pacman -Syu --noconfirm --needed --asdeps "${makedepends[@]}" "${depends[@]}"
|
- source PKGBUILD && pacman -Syu --noconfirm --needed --asdeps "${makedepends[@]}" "${depends[@]}"
|
||||||
# build
|
# build
|
||||||
- sudo -u build makepkg -s
|
- sudo --preserve-env -u build makepkg -s
|
||||||
artifacts:
|
artifacts:
|
||||||
expire_in: 1 week
|
expire_in: 1 week
|
||||||
paths:
|
paths:
|
||||||
- "*.pkg.tar.zst"
|
- "*.pkg.tar.zst"
|
||||||
|
|
||||||
test:
|
test:
|
||||||
image: python:3.10-slim-bullseye
|
image: $IMAGE
|
||||||
stage: test
|
stage: test
|
||||||
|
interruptible: true
|
||||||
|
rules:
|
||||||
|
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
|
||||||
|
- if: $CI_COMMIT_TAG
|
||||||
|
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
|
||||||
|
- if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH
|
||||||
|
changes:
|
||||||
|
- app/**/*
|
||||||
|
- test/**/*
|
||||||
variables:
|
variables:
|
||||||
DATABASE: sqlite:///../app/db.sqlite
|
DATABASE: sqlite:///../app/db.sqlite
|
||||||
|
parallel:
|
||||||
|
matrix:
|
||||||
|
- IMAGE: [ 'python:3.11-slim-bookworm', 'python:3.12-slim-bullseye' ]
|
||||||
|
REQUIREMENTS:
|
||||||
|
- requirements.txt
|
||||||
|
- .DEBIAN/requirements-bookworm-12.txt
|
||||||
|
- .DEBIAN/requirements-ubuntu-23.10.txt
|
||||||
|
- .DEBIAN/requirements-ubuntu-24.04.txt
|
||||||
before_script:
|
before_script:
|
||||||
- pip install -r requirements.txt
|
- apt-get update && apt-get install -y python3-dev gcc
|
||||||
|
- pip install -r $REQUIREMENTS
|
||||||
- pip install pytest httpx
|
- pip install pytest httpx
|
||||||
- mkdir -p app/cert
|
- mkdir -p app/cert
|
||||||
- openssl genrsa -out app/cert/instance.private.pem 2048
|
- openssl genrsa -out app/cert/instance.private.pem 2048
|
||||||
- openssl rsa -in app/cert/instance.private.pem -outform PEM -pubout -out app/cert/instance.public.pem
|
- openssl rsa -in app/cert/instance.private.pem -outform PEM -pubout -out app/cert/instance.public.pem
|
||||||
- cd test
|
- cd test
|
||||||
script:
|
script:
|
||||||
- pytest main.py
|
- python -m pytest main.py --junitxml=report.xml
|
||||||
|
artifacts:
|
||||||
|
reports:
|
||||||
|
dotenv: version.env
|
||||||
|
junit: ['**/report.xml']
|
||||||
|
|
||||||
.test:linux:
|
.test:linux:
|
||||||
stage: test
|
stage: test
|
||||||
|
rules:
|
||||||
|
- if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH
|
||||||
|
changes:
|
||||||
|
- app/**/*
|
||||||
|
- .DEBIAN/**/*
|
||||||
|
- if: $CI_PIPELINE_SOURCE == 'merge_request_event'
|
||||||
needs:
|
needs:
|
||||||
- job: build:apt
|
- job: build:apt
|
||||||
artifacts: true
|
artifacts: true
|
||||||
variables:
|
variables:
|
||||||
DEBIAN_FRONTEND: noninteractive
|
DEBIAN_FRONTEND: noninteractive
|
||||||
before_script:
|
before_script:
|
||||||
- apt-get update -qq && apt-get install -qq -y jq
|
- apt-get update -qq && apt-get install -qq -y jq curl
|
||||||
script:
|
script:
|
||||||
# test installation
|
# test installation
|
||||||
- apt-get install -q -y ./build/build.deb --fix-missing
|
- apt-get install -q -y ./build/build.deb --fix-missing
|
||||||
|
- openssl req -x509 -newkey rsa:2048 -nodes -out /etc/fastapi-dls/webserver.crt -keyout /etc/fastapi-dls/webserver.key -days 7 -subj "/C=DE/O=GitLab-CI/OU=Test/CN=localhost"
|
||||||
# copy example config from GitLab-CI-Variables
|
# copy example config from GitLab-CI-Variables
|
||||||
#- cat ${EXAMPLE_CONFIG} > /etc/fastapi-dls/env
|
#- cat ${EXAMPLE_CONFIG} > /etc/fastapi-dls/env
|
||||||
# start service in background
|
# start service in background
|
||||||
- uvicorn --host 127.0.0.1 --port 443
|
- cd /usr/share/fastapi-dls/app
|
||||||
|
- uvicorn main:app
|
||||||
|
--host 127.0.0.1 --port 443
|
||||||
--app-dir /usr/share/fastapi-dls/app
|
--app-dir /usr/share/fastapi-dls/app
|
||||||
--ssl-keyfile /etc/fastapi-dls/webserver.key
|
--ssl-keyfile /etc/fastapi-dls/webserver.key
|
||||||
--ssl-certfile /opt/fastapi-dls/webserver.crt
|
--ssl-certfile /etc/fastapi-dls/webserver.crt
|
||||||
--proxy-headers &
|
--proxy-headers &
|
||||||
- FASTAPI_DLS_PID=$!
|
- FASTAPI_DLS_PID=$!
|
||||||
- echo "Started service with pid $FASTAPI_DLS_PID"
|
- echo "Started service with pid $FASTAPI_DLS_PID"
|
||||||
|
- cat /etc/fastapi-dls/env
|
||||||
# testing service
|
# testing service
|
||||||
- if [ "`curl --insecure -s https://127.0.0.1/status | jq .status`" != "up" ]; then echo "Success"; else "Error"; fi
|
- if [ "`curl --insecure -s https://127.0.0.1/-/health | jq .status`" != "up" ]; then echo "Success"; else "Error"; fi
|
||||||
# cleanup
|
# cleanup
|
||||||
- kill $FASTAPI_DLS_PID
|
- kill $FASTAPI_DLS_PID
|
||||||
- apt-get purge -qq -y fastapi-dls
|
- apt-get purge -qq -y fastapi-dls
|
||||||
@ -115,43 +207,120 @@ test:debian:
|
|||||||
|
|
||||||
test:ubuntu:
|
test:ubuntu:
|
||||||
extends: .test:linux
|
extends: .test:linux
|
||||||
image: ubuntu:22.10
|
image: ubuntu:24.04
|
||||||
|
|
||||||
|
test:archlinux:
|
||||||
|
image: archlinux:base
|
||||||
|
rules:
|
||||||
|
- if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH
|
||||||
|
changes:
|
||||||
|
- app/**/*
|
||||||
|
- .PKGBUILD/**/*
|
||||||
|
- if: $CI_PIPELINE_SOURCE == 'merge_request_event'
|
||||||
|
needs:
|
||||||
|
- job: build:pacman
|
||||||
|
artifacts: true
|
||||||
|
script:
|
||||||
|
- pacman -Sy
|
||||||
|
- pacman -U --noconfirm *.pkg.tar.zst
|
||||||
|
|
||||||
|
code_quality:
|
||||||
|
variables:
|
||||||
|
SOURCE_CODE: app
|
||||||
|
rules:
|
||||||
|
- if: $CODE_QUALITY_DISABLED
|
||||||
|
when: never
|
||||||
|
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
|
||||||
|
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
|
||||||
|
|
||||||
|
secret_detection:
|
||||||
|
rules:
|
||||||
|
- if: $SECRET_DETECTION_DISABLED
|
||||||
|
when: never
|
||||||
|
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
|
||||||
|
before_script:
|
||||||
|
- git config --global --add safe.directory $CI_PROJECT_DIR
|
||||||
|
|
||||||
|
semgrep-sast:
|
||||||
|
rules:
|
||||||
|
- if: $SAST_DISABLED
|
||||||
|
when: never
|
||||||
|
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
|
||||||
|
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
|
||||||
|
|
||||||
|
test_coverage:
|
||||||
|
# extends: test
|
||||||
|
image: python:3.11-slim-bookworm
|
||||||
|
allow_failure: true
|
||||||
|
stage: test
|
||||||
|
rules:
|
||||||
|
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
|
||||||
|
variables:
|
||||||
|
DATABASE: sqlite:///../app/db.sqlite
|
||||||
|
before_script:
|
||||||
|
- apt-get update && apt-get install -y python3-dev gcc
|
||||||
|
- pip install -r requirements.txt
|
||||||
|
- pip install pytest httpx
|
||||||
|
- mkdir -p app/cert
|
||||||
|
- openssl genrsa -out app/cert/instance.private.pem 2048
|
||||||
|
- openssl rsa -in app/cert/instance.private.pem -outform PEM -pubout -out app/cert/instance.public.pem
|
||||||
|
- cd test
|
||||||
|
script:
|
||||||
|
- pip install pytest pytest-cov
|
||||||
|
- coverage run -m pytest main.py
|
||||||
|
- coverage report
|
||||||
|
- coverage xml
|
||||||
|
coverage: '/(?i)total.*? (100(?:\.0+)?\%|[1-9]?\d(?:\.\d+)?\%)$/'
|
||||||
|
artifacts:
|
||||||
|
reports:
|
||||||
|
coverage_report:
|
||||||
|
coverage_format: cobertura
|
||||||
|
path: '**/coverage.xml'
|
||||||
|
|
||||||
|
container_scanning:
|
||||||
|
dependencies: [ build:docker ]
|
||||||
|
rules:
|
||||||
|
- if: $CONTAINER_SCANNING_DISABLED
|
||||||
|
when: never
|
||||||
|
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
|
||||||
|
|
||||||
|
gemnasium-python-dependency_scanning:
|
||||||
|
rules:
|
||||||
|
- if: $DEPENDENCY_SCANNING_DISABLED
|
||||||
|
when: never
|
||||||
|
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
|
||||||
|
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
|
||||||
|
|
||||||
|
.deploy:
|
||||||
|
rules:
|
||||||
|
- if: $CI_COMMIT_TAG
|
||||||
|
|
||||||
deploy:docker:
|
deploy:docker:
|
||||||
|
extends: .deploy
|
||||||
|
image: docker:dind
|
||||||
stage: deploy
|
stage: deploy
|
||||||
rules:
|
tags: [ docker ]
|
||||||
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
|
|
||||||
- changes:
|
|
||||||
- Dockerfile
|
|
||||||
- requirements.txt
|
|
||||||
- app/**/*
|
|
||||||
before_script:
|
before_script:
|
||||||
- echo "COMMIT=${CI_COMMIT_SHA}" >> version.env
|
- echo "Building docker image for commit $CI_COMMIT_SHA with version $CI_COMMIT_REF_NAME"
|
||||||
- source version.env
|
- docker buildx inspect
|
||||||
- echo "Building docker image for commit ${COMMIT} with version ${VERSION}"
|
- docker buildx create --use
|
||||||
script:
|
script:
|
||||||
- echo "GitLab-Registry"
|
- echo "========== GitLab-Registry =========="
|
||||||
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
|
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
|
||||||
- docker build . --tag ${CI_REGISTRY}/${CI_PROJECT_PATH}/${CI_BUILD_REF_NAME}:${VERSION}
|
- IMAGE=$CI_REGISTRY/$CI_PROJECT_PATH
|
||||||
- docker build . --tag ${CI_REGISTRY}/${CI_PROJECT_PATH}/${CI_BUILD_REF_NAME}:latest
|
- docker buildx build --progress=plain --platform $DOCKER_BUILDX_PLATFORM --build-arg VERSION=$CI_COMMIT_REF_NAME --build-arg COMMIT=$CI_COMMIT_SHA --tag $IMAGE:$CI_COMMIT_REF_NAME --push .
|
||||||
- docker push ${CI_REGISTRY}/${CI_PROJECT_PATH}/${CI_BUILD_REF_NAME}:${VERSION}
|
- docker buildx build --progress=plain --platform $DOCKER_BUILDX_PLATFORM --build-arg VERSION=$CI_COMMIT_REF_NAME --build-arg COMMIT=$CI_COMMIT_SHA --tag $IMAGE:latest --push .
|
||||||
- docker push ${CI_REGISTRY}/${CI_PROJECT_PATH}/${CI_BUILD_REF_NAME}:latest
|
- echo "========== Docker-Hub =========="
|
||||||
- echo "Docker-Hub"
|
|
||||||
- docker login -u $PUBLIC_REGISTRY_USER -p $PUBLIC_REGISTRY_TOKEN
|
- docker login -u $PUBLIC_REGISTRY_USER -p $PUBLIC_REGISTRY_TOKEN
|
||||||
- docker build . --tag $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:${VERSION}
|
- IMAGE=$PUBLIC_REGISTRY_USER/$CI_PROJECT_NAME
|
||||||
- docker build . --tag $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:latest
|
- docker buildx build --progress=plain --platform $DOCKER_BUILDX_PLATFORM --build-arg VERSION=$CI_COMMIT_REF_NAME --build-arg COMMIT=$CI_COMMIT_SHA --tag $IMAGE:$CI_COMMIT_REF_NAME --push .
|
||||||
- docker push $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:${VERSION}
|
- docker buildx build --progress=plain --platform $DOCKER_BUILDX_PLATFORM --build-arg VERSION=$CI_COMMIT_REF_NAME --build-arg COMMIT=$CI_COMMIT_SHA --tag $IMAGE:latest --push .
|
||||||
- docker push $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:latest
|
|
||||||
|
|
||||||
deploy:apt:
|
deploy:apt:
|
||||||
# doc: https://git.collinwebdesigns.de/help/user/packages/debian_repository/index.md#install-a-package
|
# doc: https://git.collinwebdesigns.de/help/user/packages/debian_repository/index.md#install-a-package
|
||||||
|
extends: .deploy
|
||||||
image: debian:bookworm-slim
|
image: debian:bookworm-slim
|
||||||
stage: deploy
|
stage: deploy
|
||||||
rules:
|
|
||||||
#- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
|
|
||||||
- changes:
|
|
||||||
- DEBIAN/**/*
|
|
||||||
- app/**/*
|
|
||||||
needs:
|
needs:
|
||||||
- job: build:apt
|
- job: build:apt
|
||||||
artifacts: true
|
artifacts: true
|
||||||
@ -186,3 +355,44 @@ deploy:apt:
|
|||||||
# using generic-package-registry until debian-registry is GA
|
# using generic-package-registry until debian-registry is GA
|
||||||
# https://docs.gitlab.com/ee/user/packages/generic_packages/index.html#publish-a-generic-package-by-using-cicd
|
# https://docs.gitlab.com/ee/user/packages/generic_packages/index.html#publish-a-generic-package-by-using-cicd
|
||||||
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file ${EXPORT_NAME} "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${PACKAGE_NAME}/${PACKAGE_VERSION}/${EXPORT_NAME}"'
|
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file ${EXPORT_NAME} "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${PACKAGE_NAME}/${PACKAGE_VERSION}/${EXPORT_NAME}"'
|
||||||
|
|
||||||
|
deploy:pacman:
|
||||||
|
extends: .deploy
|
||||||
|
image: archlinux:base-devel
|
||||||
|
stage: deploy
|
||||||
|
needs:
|
||||||
|
- job: build:pacman
|
||||||
|
artifacts: true
|
||||||
|
script:
|
||||||
|
- source .PKGBUILD/PKGBUILD
|
||||||
|
# fastapi-dls-1.0-1-any.pkg.tar.zst
|
||||||
|
- BUILD_NAME=${pkgname}-${CI_COMMIT_REF_NAME}-${pkgrel}-any.pkg.tar.zst
|
||||||
|
- PACKAGE_NAME=${pkgname}
|
||||||
|
- PACKAGE_VERSION=${CI_COMMIT_REF_NAME}
|
||||||
|
- PACKAGE_ARCH=any
|
||||||
|
- EXPORT_NAME=${BUILD_NAME}
|
||||||
|
- 'echo "PACKAGE_NAME: ${PACKAGE_NAME}"'
|
||||||
|
- 'echo "PACKAGE_VERSION: ${PACKAGE_VERSION}"'
|
||||||
|
- 'echo "PACKAGE_ARCH: ${PACKAGE_ARCH}"'
|
||||||
|
- 'echo "EXPORT_NAME: ${EXPORT_NAME}"'
|
||||||
|
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file ${EXPORT_NAME} "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${PACKAGE_NAME}/${PACKAGE_VERSION}/${EXPORT_NAME}"'
|
||||||
|
|
||||||
|
release:
|
||||||
|
image: registry.gitlab.com/gitlab-org/release-cli:latest
|
||||||
|
stage: .post
|
||||||
|
needs: [ test ]
|
||||||
|
rules:
|
||||||
|
- if: $CI_COMMIT_TAG
|
||||||
|
script:
|
||||||
|
- echo "Running release-job for $CI_COMMIT_TAG"
|
||||||
|
release:
|
||||||
|
name: $CI_PROJECT_TITLE $CI_COMMIT_TAG
|
||||||
|
description: Release of $CI_PROJECT_TITLE version $CI_COMMIT_TAG
|
||||||
|
tag_name: $CI_COMMIT_TAG
|
||||||
|
ref: $CI_COMMIT_SHA
|
||||||
|
assets:
|
||||||
|
links:
|
||||||
|
- name: 'Package Registry'
|
||||||
|
url: 'https://git.collinwebdesigns.de/oscar.krause/fastapi-dls/-/packages'
|
||||||
|
- name: 'Container Registry'
|
||||||
|
url: 'https://git.collinwebdesigns.de/oscar.krause/fastapi-dls/container_registry/40'
|
||||||
|
2
CODEOWNERS
Executable file
2
CODEOWNERS
Executable file
@ -0,0 +1,2 @@
|
|||||||
|
* @oscar.krause
|
||||||
|
.PKGBUILD/ @samicrusader
|
101
DEBIAN/postinst
101
DEBIAN/postinst
@ -1,101 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
WORKING_DIR=/usr/share/fastapi-dls
|
|
||||||
CONFIG_DIR=/etc/fastapi-dls
|
|
||||||
|
|
||||||
echo "> Create config directory ..."
|
|
||||||
mkdir -p $CONFIG_DIR
|
|
||||||
|
|
||||||
echo "> Install service ..."
|
|
||||||
cat <<EOF >/etc/systemd/system/fastapi-dls.service
|
|
||||||
[Unit]
|
|
||||||
Description=Service for fastapi-dls
|
|
||||||
After=network.target
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
User=www-data
|
|
||||||
Group=www-data
|
|
||||||
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
|
||||||
WorkingDirectory=$WORKING_DIR/app
|
|
||||||
EnvironmentFile=$CONFIG_DIR/env
|
|
||||||
ExecStart=uvicorn main:app \\
|
|
||||||
--env-file /etc/fastapi-dls/env \\
|
|
||||||
--host \$DLS_URL --port \$DLS_PORT \\
|
|
||||||
--app-dir $WORKING_DIR/app \\
|
|
||||||
--ssl-keyfile /etc/fastapi-dls/webserver.key \\
|
|
||||||
--ssl-certfile /etc/fastapi-dls/webserver.crt \\
|
|
||||||
--proxy-headers
|
|
||||||
Restart=always
|
|
||||||
KillSignal=SIGQUIT
|
|
||||||
Type=simple
|
|
||||||
NotifyAccess=all
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
||||||
|
|
||||||
EOF
|
|
||||||
|
|
||||||
systemctl daemon-reload
|
|
||||||
|
|
||||||
if [[ ! -f $CONFIG_DIR/env ]]; then
|
|
||||||
echo "> Writing initial config ..."
|
|
||||||
touch $CONFIG_DIR/env
|
|
||||||
cat <<EOF >$CONFIG_DIR/env
|
|
||||||
DLS_URL=127.0.0.1
|
|
||||||
DLS_PORT=443
|
|
||||||
LEASE_EXPIRE_DAYS=90
|
|
||||||
DATABASE=sqlite:///$CONFIG_DIR/db.sqlite
|
|
||||||
INSTANCE_KEY_RSA=$CONFIG_DIR/instance.private.pem
|
|
||||||
INSTANCE_KEY_PUB=$CONFIG_DIR/instance.public.pem
|
|
||||||
|
|
||||||
EOF
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "> Create dls-instance keypair ..."
|
|
||||||
openssl genrsa -out $CONFIG_DIR/instance.private.pem 2048
|
|
||||||
openssl rsa -in $CONFIG_DIR/instance.private.pem -outform PEM -pubout -out $CONFIG_DIR/instance.public.pem
|
|
||||||
|
|
||||||
while true; do
|
|
||||||
read -p "> Do you wish to create self-signed webserver certificate? [Y/n]" yn
|
|
||||||
yn=${yn:-y} # ${parameter:-word} If parameter is unset or null, the expansion of word is substituted. Otherwise, the value of parameter is substituted.
|
|
||||||
case $yn in
|
|
||||||
[Yy]*)
|
|
||||||
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout $CONFIG_DIR/webserver.key -out $CONFIG_DIR/webserver.crt
|
|
||||||
break
|
|
||||||
;;
|
|
||||||
[Nn]*) break ;;
|
|
||||||
*) echo "Please answer [y] or [n]." ;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
|
|
||||||
if [[ -f $CONFIG_DIR/webserver.key ]]; then
|
|
||||||
echo "> Starting service ..."
|
|
||||||
systemctl start fastapi-dls.service
|
|
||||||
|
|
||||||
if [ -x "$(command -v curl)" ]; then
|
|
||||||
echo "> Testing API ..."
|
|
||||||
source $CONFIG_DIR/env
|
|
||||||
curl --insecure -X GET https://$DLS_URL:$DLS_PORT/status
|
|
||||||
else
|
|
||||||
echo "> Testing API failed, curl not available. Please test manually!"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
chown -R www-data:www-data $CONFIG_DIR
|
|
||||||
chown -R www-data:www-data $WORKING_DIR
|
|
||||||
|
|
||||||
cat <<EOF
|
|
||||||
|
|
||||||
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
|
|
||||||
# #
|
|
||||||
# fastapi-dls is now installed. #
|
|
||||||
# #
|
|
||||||
# Service should be up and running. #
|
|
||||||
# Webservice is listen to https://localhost #
|
|
||||||
# #
|
|
||||||
# Configuration is stored in ${CONFIG_DIR}/env #
|
|
||||||
# #
|
|
||||||
# #
|
|
||||||
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
|
|
||||||
|
|
||||||
EOF
|
|
@ -1,8 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
if [[ -f /etc/systemd/system/fastapi-dls.service ]]; then
|
|
||||||
echo "> Removing service file."
|
|
||||||
rm /etc/systemd/system/fastapi-dls.service
|
|
||||||
fi
|
|
||||||
|
|
||||||
# todo
|
|
15
Dockerfile
15
Dockerfile
@ -1,18 +1,21 @@
|
|||||||
FROM python:3.10-alpine
|
FROM python:3.11-alpine
|
||||||
|
|
||||||
|
ARG VERSION
|
||||||
|
ARG COMMIT=""
|
||||||
|
RUN echo -e "VERSION=$VERSION\nCOMMIT=$COMMIT" > /version.env
|
||||||
|
|
||||||
COPY requirements.txt /tmp/requirements.txt
|
COPY requirements.txt /tmp/requirements.txt
|
||||||
|
|
||||||
RUN apk update \
|
RUN apk update \
|
||||||
&& apk add --no-cache --virtual build-deps gcc g++ python3-dev musl-dev \
|
&& apk add --no-cache --virtual build-deps gcc g++ python3-dev musl-dev pkgconfig \
|
||||||
&& apk add --no-cache curl postgresql postgresql-dev mariadb-connector-c-dev sqlite-dev \
|
&& apk add --no-cache curl postgresql postgresql-dev mariadb-dev sqlite-dev \
|
||||||
&& pip install --no-cache-dir --upgrade uvicorn \
|
&& pip install --no-cache-dir --upgrade uvicorn \
|
||||||
&& pip install --no-cache-dir psycopg2==2.9.5 mysqlclient==2.1.1 pysqlite3==0.5.0 \
|
&& pip install --no-cache-dir psycopg2==2.9.9 mysqlclient==2.2.4 pysqlite3==0.5.2 \
|
||||||
&& pip install --no-cache-dir -r /tmp/requirements.txt \
|
&& pip install --no-cache-dir -r /tmp/requirements.txt \
|
||||||
&& apk del build-deps
|
&& apk del build-deps
|
||||||
|
|
||||||
COPY app /app
|
COPY app /app
|
||||||
COPY version.env /version.env
|
|
||||||
COPY README.md /README.md
|
COPY README.md /README.md
|
||||||
|
|
||||||
HEALTHCHECK --start-period=30s --interval=10s --timeout=5s --retries=3 CMD curl --insecure --fail https://localhost/status || exit 1
|
HEALTHCHECK --start-period=30s --interval=10s --timeout=5s --retries=3 CMD curl --insecure --fail https://localhost/-/health || exit 1
|
||||||
CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "443", "--app-dir", "/app", "--proxy-headers", "--ssl-keyfile", "/app/cert/webserver.key", "--ssl-certfile", "/app/cert/webserver.crt"]
|
CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "443", "--app-dir", "/app", "--proxy-headers", "--ssl-keyfile", "/app/cert/webserver.key", "--ssl-certfile", "/app/cert/webserver.crt"]
|
||||||
|
17
FAQ.md
Normal file
17
FAQ.md
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
# FAQ
|
||||||
|
|
||||||
|
## `Failed to acquire license from <ip> (Info: <license> - Error: The allowed time to process response has expired)`
|
||||||
|
|
||||||
|
- Did your timezone settings are correct on fastapi-dls **and your guest**?
|
||||||
|
|
||||||
|
- Did you download the client-token more than an hour ago?
|
||||||
|
|
||||||
|
Please download a new client-token. The guest have to register within an hour after client-token was created.
|
||||||
|
|
||||||
|
|
||||||
|
## `jose.exceptions.JWTError: Signature verification failed.`
|
||||||
|
|
||||||
|
- Did you recreated `instance.public.pem` / `instance.private.pem`?
|
||||||
|
|
||||||
|
Then you have to download a **new** client-token on each of your guests.
|
||||||
|
|
514
README.md
514
README.md
@ -2,53 +2,54 @@
|
|||||||
|
|
||||||
Minimal Delegated License Service (DLS).
|
Minimal Delegated License Service (DLS).
|
||||||
|
|
||||||
|
Compatibility tested with official NLS 2.0.1, 2.1.0, 3.1.0. For Driver compatibility see [here](#setup-client).
|
||||||
|
|
||||||
This service can be used without internet connection.
|
This service can be used without internet connection.
|
||||||
Only the clients need a connection to this service on configured port.
|
Only the clients need a connection to this service on configured port.
|
||||||
|
|
||||||
|
**Official Links**
|
||||||
|
|
||||||
|
* https://git.collinwebdesigns.de/oscar.krause/fastapi-dls (Private Git)
|
||||||
|
* https://gitea.publichub.eu/oscar.krause/fastapi-dls (Public Git)
|
||||||
|
* https://hub.docker.com/r/collinwebdesigns/fastapi-dls (Docker-Hub `collinwebdesigns/fastapi-dls:latest`)
|
||||||
|
|
||||||
|
*All other repositories are forks! (which is no bad - just for information and bug reports)*
|
||||||
|
|
||||||
|
[Releases & Release Notes](https://git.collinwebdesigns.de/oscar.krause/fastapi-dls/-/releases)
|
||||||
|
|
||||||
|
**Further Reading**
|
||||||
|
|
||||||
|
* [NVIDIA vGPU Guide](https://gitlab.com/polloloco/vgpu-proxmox) - This document serves as a guide to install NVIDIA vGPU host drivers on the latest Proxmox VE version
|
||||||
|
* [vgpu_unlock](https://github.com/DualCoder/vgpu_unlock) - Unlock vGPU functionality for consumer-grade Nvidia GPUs.
|
||||||
|
* [vGPU_Unlock Wiki](https://docs.google.com/document/d/1pzrWJ9h-zANCtyqRgS7Vzla0Y8Ea2-5z2HEi4X75d2Q) - Guide for `vgpu_unlock`
|
||||||
|
* [Proxmox All-In-One Installer Script](https://wvthoog.nl/proxmox-vgpu-v3/) - Also known as `proxmox-installer.sh`
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
[[_TOC_]]
|
[[_TOC_]]
|
||||||
|
|
||||||
## ToDo's
|
|
||||||
|
|
||||||
- Support http mode for using external https proxy (disable uvicorn ssl for using behind proxy)
|
|
||||||
|
|
||||||
## Endpoints
|
|
||||||
|
|
||||||
### `GET /`
|
|
||||||
|
|
||||||
HTML rendered README.md.
|
|
||||||
|
|
||||||
### `GET /status`
|
|
||||||
|
|
||||||
Status endpoint, used for *healthcheck*. Shows also current version and commit hash.
|
|
||||||
|
|
||||||
### `GET /docs`
|
|
||||||
|
|
||||||
OpenAPI specifications rendered from `GET /openapi.json`.
|
|
||||||
|
|
||||||
### `GET /-/origins`
|
|
||||||
|
|
||||||
List registered origins.
|
|
||||||
|
|
||||||
### `GET /-/leases`
|
|
||||||
|
|
||||||
List current leases.
|
|
||||||
|
|
||||||
### `GET /client-token`
|
|
||||||
|
|
||||||
Generate client token, (see [installation](#installation)).
|
|
||||||
|
|
||||||
### Others
|
|
||||||
|
|
||||||
There are some more internal api endpoints for handling authentication and lease process.
|
|
||||||
|
|
||||||
# Setup (Service)
|
# Setup (Service)
|
||||||
|
|
||||||
|
**System requirements**
|
||||||
|
|
||||||
|
- 256mb ram
|
||||||
|
- 4gb hdd
|
||||||
|
- *maybe IPv6 must be disabled*
|
||||||
|
|
||||||
|
Tested with Ubuntu 22.10 (EOL!) (from Proxmox templates), actually its consuming 100mb ram and 750mb hdd.
|
||||||
|
|
||||||
|
**Prepare your system**
|
||||||
|
|
||||||
|
- Make sure your timezone is set correct on you fastapi-dls server and your client
|
||||||
|
|
||||||
## Docker
|
## Docker
|
||||||
|
|
||||||
Docker-Images are available here:
|
Docker-Images are available here for Intel (x86), AMD (amd64) and ARM (arm64):
|
||||||
|
|
||||||
- [Docker-Hub](https://hub.docker.com/repository/docker/collinwebdesigns/fastapi-dls): `collinwebdesigns/fastapi-dls:latest`
|
- [Docker-Hub](https://hub.docker.com/repository/docker/collinwebdesigns/fastapi-dls): `collinwebdesigns/fastapi-dls:latest`
|
||||||
- [GitLab-Registry](https://git.collinwebdesigns.de/oscar.krause/fastapi-dls/container_registry): `registry.git.collinwebdesigns.de/oscar.krause/fastapi-dls/main:latest`
|
- [GitLab-Registry](https://git.collinwebdesigns.de/oscar.krause/fastapi-dls/container_registry): `registry.git.collinwebdesigns.de/oscar.krause/fastapi-dls:latest`
|
||||||
|
|
||||||
|
The images include database drivers for `postgres`, `mariadb` and `sqlite`.
|
||||||
|
|
||||||
**Run this on the Docker-Host**
|
**Run this on the Docker-Host**
|
||||||
|
|
||||||
@ -65,6 +66,8 @@ openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout $WORKING_DIR/webse
|
|||||||
|
|
||||||
**Start container**
|
**Start container**
|
||||||
|
|
||||||
|
To test if everything is set up properly you can start container as following:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
docker volume create dls-db
|
docker volume create dls-db
|
||||||
docker run -e DLS_URL=`hostname -i` -e DLS_PORT=443 -p 443:443 -v $WORKING_DIR:/app/cert -v dls-db:/app/database collinwebdesigns/fastapi-dls:latest
|
docker run -e DLS_URL=`hostname -i` -e DLS_PORT=443 -p 443:443 -v $WORKING_DIR:/app/cert -v dls-db:/app/database collinwebdesigns/fastapi-dls:latest
|
||||||
@ -72,14 +75,20 @@ docker run -e DLS_URL=`hostname -i` -e DLS_PORT=443 -p 443:443 -v $WORKING_DIR:/
|
|||||||
|
|
||||||
**Docker-Compose / Deploy stack**
|
**Docker-Compose / Deploy stack**
|
||||||
|
|
||||||
|
See [`examples`](examples) directory for more advanced examples (with reverse proxy usage).
|
||||||
|
|
||||||
|
> Adjust *REQUIRED* variables as needed
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
version: '3.9'
|
version: '3.9'
|
||||||
|
|
||||||
x-dls-variables: &dls-variables
|
x-dls-variables: &dls-variables
|
||||||
DLS_URL: localhost # REQUIRED
|
TZ: Europe/Berlin # REQUIRED, set your timezone correctly on fastapi-dls AND YOUR CLIENTS !!!
|
||||||
|
DLS_URL: localhost # REQUIRED, change to your ip or hostname
|
||||||
DLS_PORT: 443
|
DLS_PORT: 443
|
||||||
LEASE_EXPIRE_DAYS: 90
|
LEASE_EXPIRE_DAYS: 90 # 90 days is maximum
|
||||||
DATABASE: sqlite:////app/database/db.sqlite
|
DATABASE: sqlite:////app/database/db.sqlite
|
||||||
|
DEBUG: false
|
||||||
|
|
||||||
services:
|
services:
|
||||||
dls:
|
dls:
|
||||||
@ -92,14 +101,22 @@ services:
|
|||||||
volumes:
|
volumes:
|
||||||
- /opt/docker/fastapi-dls/cert:/app/cert
|
- /opt/docker/fastapi-dls/cert:/app/cert
|
||||||
- dls-db:/app/database
|
- dls-db:/app/database
|
||||||
|
logging: # optional, for those who do not need logs
|
||||||
|
driver: "json-file"
|
||||||
|
options:
|
||||||
|
max-file: 5
|
||||||
|
max-size: 10m
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
dls-db:
|
dls-db:
|
||||||
```
|
```
|
||||||
|
|
||||||
## Debian/Ubuntu (manual method using `git clone`)
|
## Debian / Ubuntu / macOS (manual method using `git clone` and python virtual environment)
|
||||||
|
|
||||||
Tested on `Debian 11 (bullseye)`, Ubuntu may also work.
|
Tested on `Debian 11 (bullseye)`, `Debian 12 (bookworm)` and `macOS Ventura (13.6)`, Ubuntu may also work.
|
||||||
|
**Please note that setup on macOS differs from Debian based systems.**
|
||||||
|
|
||||||
|
**Make sure you are logged in as root.**
|
||||||
|
|
||||||
**Install requirements**
|
**Install requirements**
|
||||||
|
|
||||||
@ -125,7 +142,7 @@ chown -R www-data:www-data $WORKING_DIR
|
|||||||
|
|
||||||
```shell
|
```shell
|
||||||
WORKING_DIR=/opt/fastapi-dls/app/cert
|
WORKING_DIR=/opt/fastapi-dls/app/cert
|
||||||
mkdir $WORKING_DIR
|
mkdir -p $WORKING_DIR
|
||||||
cd $WORKING_DIR
|
cd $WORKING_DIR
|
||||||
# create instance private and public key for singing JWT's
|
# create instance private and public key for singing JWT's
|
||||||
openssl genrsa -out $WORKING_DIR/instance.private.pem 2048
|
openssl genrsa -out $WORKING_DIR/instance.private.pem 2048
|
||||||
@ -141,12 +158,17 @@ This is only to test whether the service starts successfully.
|
|||||||
|
|
||||||
```shell
|
```shell
|
||||||
cd /opt/fastapi-dls/app
|
cd /opt/fastapi-dls/app
|
||||||
|
sudo -u www-data /opt/fastapi-dls/venv/bin/uvicorn main:app --app-dir=/opt/fastapi-dls/app
|
||||||
|
# or
|
||||||
su - www-data -c "/opt/fastapi-dls/venv/bin/uvicorn main:app --app-dir=/opt/fastapi-dls/app"
|
su - www-data -c "/opt/fastapi-dls/venv/bin/uvicorn main:app --app-dir=/opt/fastapi-dls/app"
|
||||||
```
|
```
|
||||||
|
|
||||||
**Create config file**
|
**Create config file**
|
||||||
|
|
||||||
|
> Adjust `DLS_URL` as needed (accessing from LAN won't work with 127.0.0.1)
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
|
mkdir /etc/fastapi-dls
|
||||||
cat <<EOF >/etc/fastapi-dls/env
|
cat <<EOF >/etc/fastapi-dls/env
|
||||||
DLS_URL=127.0.0.1
|
DLS_URL=127.0.0.1
|
||||||
DLS_PORT=443
|
DLS_PORT=443
|
||||||
@ -191,7 +213,112 @@ EOF
|
|||||||
Now you have to run `systemctl daemon-reload`. After that you can start service
|
Now you have to run `systemctl daemon-reload`. After that you can start service
|
||||||
with `systemctl start fastapi-dls.service` and enable autostart with `systemctl enable fastapi-dls.service`.
|
with `systemctl start fastapi-dls.service` and enable autostart with `systemctl enable fastapi-dls.service`.
|
||||||
|
|
||||||
## Debian/Ubuntu (using `dpkg`)
|
## openSUSE Leap (manual method using `git clone` and python virtual environment)
|
||||||
|
|
||||||
|
Tested on `openSUSE Leap 15.4`, openSUSE Tumbleweed may also work.
|
||||||
|
|
||||||
|
**Install requirements**
|
||||||
|
|
||||||
|
```shell
|
||||||
|
zypper in -y python310 python3-virtualenv python3-pip
|
||||||
|
```
|
||||||
|
|
||||||
|
**Install FastAPI-DLS**
|
||||||
|
|
||||||
|
```shell
|
||||||
|
BASE_DIR=/opt/fastapi-dls
|
||||||
|
SERVICE_USER=dls
|
||||||
|
mkdir -p ${BASE_DIR}
|
||||||
|
cd ${BASE_DIR}
|
||||||
|
git clone https://git.collinwebdesigns.de/oscar.krause/fastapi-dls .
|
||||||
|
python3.10 -m venv venv
|
||||||
|
source venv/bin/activate
|
||||||
|
pip install -r requirements.txt
|
||||||
|
deactivate
|
||||||
|
useradd -r ${SERVICE_USER} -M -d /opt/fastapi-dls
|
||||||
|
chown -R ${SERVICE_USER} ${BASE_DIR}
|
||||||
|
```
|
||||||
|
|
||||||
|
**Create keypair and webserver certificate**
|
||||||
|
|
||||||
|
```shell
|
||||||
|
CERT_DIR=${BASE_DIR}/app/cert
|
||||||
|
SERVICE_USER=dls
|
||||||
|
mkdir ${CERT_DIR}
|
||||||
|
cd ${CERT_DIR}
|
||||||
|
# create instance private and public key for singing JWT's
|
||||||
|
openssl genrsa -out ${CERT_DIR}/instance.private.pem 2048
|
||||||
|
openssl rsa -in ${CERT_DIR}/instance.private.pem -outform PEM -pubout -out ${CERT_DIR}/instance.public.pem
|
||||||
|
# create ssl certificate for integrated webserver (uvicorn) - because clients rely on ssl
|
||||||
|
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout ${CERT_DIR}/webserver.key -out ${CERT_DIR}/webserver.crt
|
||||||
|
chown -R ${SERVICE_USER} ${CERT_DIR}
|
||||||
|
```
|
||||||
|
|
||||||
|
**Test Service**
|
||||||
|
|
||||||
|
This is only to test whether the service starts successfully.
|
||||||
|
|
||||||
|
```shell
|
||||||
|
BASE_DIR=/opt/fastapi-dls
|
||||||
|
SERVICE_USER=dls
|
||||||
|
cd ${BASE_DIR}
|
||||||
|
sudo -u ${SERVICE_USER} ${BASE_DIR}/venv/bin/uvicorn main:app --app-dir=${BASE_DIR}/app
|
||||||
|
# or
|
||||||
|
su - ${SERVICE_USER} -c "${BASE_DIR}/venv/bin/uvicorn main:app --app-dir=${BASE_DIR}/app"
|
||||||
|
```
|
||||||
|
|
||||||
|
**Create config file**
|
||||||
|
|
||||||
|
> Adjust `DLS_URL` as needed (accessing from LAN won't work with 127.0.0.1)
|
||||||
|
|
||||||
|
```shell
|
||||||
|
BASE_DIR=/opt/fastapi-dls
|
||||||
|
cat <<EOF >/etc/fastapi-dls/env
|
||||||
|
DLS_URL=127.0.0.1
|
||||||
|
DLS_PORT=443
|
||||||
|
LEASE_EXPIRE_DAYS=90
|
||||||
|
DATABASE=sqlite:///${BASE_DIR}/app/db.sqlite
|
||||||
|
|
||||||
|
EOF
|
||||||
|
```
|
||||||
|
|
||||||
|
**Create service**
|
||||||
|
|
||||||
|
```shell
|
||||||
|
BASE_DIR=/opt/fastapi-dls
|
||||||
|
SERVICE_USER=dls
|
||||||
|
cat <<EOF >/etc/systemd/system/fastapi-dls.service
|
||||||
|
[Unit]
|
||||||
|
Description=Service for fastapi-dls vGPU licensing service
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
User=${SERVICE_USER}
|
||||||
|
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||||
|
WorkingDirectory=${BASE_DIR}/app
|
||||||
|
EnvironmentFile=/etc/fastapi-dls/env
|
||||||
|
ExecStart=${BASE_DIR}/venv/bin/uvicorn main:app \\
|
||||||
|
--env-file /etc/fastapi-dls/env \\
|
||||||
|
--host \$DLS_URL --port \$DLS_PORT \\
|
||||||
|
--app-dir ${BASE_DIR}/app \\
|
||||||
|
--ssl-keyfile ${BASE_DIR}/app/cert/webserver.key \\
|
||||||
|
--ssl-certfile ${BASE_DIR}/app/cert/webserver.crt \\
|
||||||
|
--proxy-headers
|
||||||
|
Restart=always
|
||||||
|
KillSignal=SIGQUIT
|
||||||
|
Type=simple
|
||||||
|
NotifyAccess=all
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
|
||||||
|
EOF
|
||||||
|
```
|
||||||
|
|
||||||
|
Now you have to run `systemctl daemon-reload`. After that you can start service
|
||||||
|
with `systemctl start fastapi-dls.service` and enable autostart with `systemctl enable fastapi-dls.service`.
|
||||||
|
|
||||||
|
## Debian / Ubuntu (using `dpkg` / `apt`)
|
||||||
|
|
||||||
Packages are available here:
|
Packages are available here:
|
||||||
|
|
||||||
@ -199,8 +326,16 @@ Packages are available here:
|
|||||||
|
|
||||||
Successful tested with:
|
Successful tested with:
|
||||||
|
|
||||||
- Debian 12 (Bookworm) (works but not recommended because it is currently in *testing* state)
|
- Debian 12 (Bookworm) (EOL: tba.)
|
||||||
- Ubuntu 22.10 (Kinetic Kudu)
|
- Ubuntu 22.10 (Kinetic Kudu) (EOL: July 20, 2023)
|
||||||
|
- Ubuntu 23.04 (Lunar Lobster) (EOL: January 2024)
|
||||||
|
- Ubuntu 23.10 (Mantic Minotaur) (EOL: July 2024)
|
||||||
|
- Ubuntu 24.04 (Noble Numbat) (EOL: April 2036)
|
||||||
|
|
||||||
|
Not working with:
|
||||||
|
|
||||||
|
- Debian 11 (Bullseye) and lower (missing `python-jose` dependency)
|
||||||
|
- Ubuntu 22.04 (Jammy Jellyfish) (not supported as for 15.01.2023 due to [fastapi - uvicorn version missmatch](https://bugs.launchpad.net/ubuntu/+source/fastapi/+bug/1970557))
|
||||||
|
|
||||||
**Run this on your server instance**
|
**Run this on your server instance**
|
||||||
|
|
||||||
@ -216,8 +351,44 @@ apt-get install -f --fix-missing
|
|||||||
```
|
```
|
||||||
|
|
||||||
Start with `systemctl start fastapi-dls.service` and enable autostart with `systemctl enable fastapi-dls.service`.
|
Start with `systemctl start fastapi-dls.service` and enable autostart with `systemctl enable fastapi-dls.service`.
|
||||||
|
Now you have to edit `/etc/fastapi-dls/env` as needed.
|
||||||
|
|
||||||
## Let's Encrypt Certificate
|
## ArchLinux (using `pacman`)
|
||||||
|
|
||||||
|
**Shout out to `samicrusader` who created build file for ArchLinux!**
|
||||||
|
|
||||||
|
Packages are available here:
|
||||||
|
|
||||||
|
- [GitLab-Registry](https://git.collinwebdesigns.de/oscar.krause/fastapi-dls/-/packages)
|
||||||
|
|
||||||
|
```shell
|
||||||
|
pacman -Sy
|
||||||
|
FILENAME=/opt/fastapi-dls.pkg.tar.zst
|
||||||
|
|
||||||
|
curl -o $FILENAME <download-url>
|
||||||
|
# or
|
||||||
|
wget -O $FILENAME <download-url>
|
||||||
|
|
||||||
|
pacman -U --noconfirm fastapi-dls.pkg.tar.zst
|
||||||
|
```
|
||||||
|
|
||||||
|
Start with `systemctl start fastapi-dls.service` and enable autostart with `systemctl enable fastapi-dls.service`.
|
||||||
|
Now you have to edit `/etc/default/fastapi-dls` as needed.
|
||||||
|
|
||||||
|
## unRAID
|
||||||
|
|
||||||
|
1. Download [this xml file](.UNRAID/FastAPI-DLS.xml)
|
||||||
|
2. Put it in /boot/config/plugins/dockerMan/templates-user/
|
||||||
|
3. Go to Docker page, scroll down to `Add Container`, click on Template list and choose `FastAPI-DLS`
|
||||||
|
4. Open terminal/ssh, follow the instructions in overview description
|
||||||
|
5. Setup your container `IP`, `Port`, `DLS_URL` and `DLS_PORT`
|
||||||
|
6. Apply and let it boot up
|
||||||
|
|
||||||
|
*Unraid users must also make sure they have Host access to custom networks enabled if unraid is the vgpu guest*.
|
||||||
|
|
||||||
|
Continue [here](#unraid-guest) for docker guest setup.
|
||||||
|
|
||||||
|
## Let's Encrypt Certificate (optional)
|
||||||
|
|
||||||
If you're using installation via docker, you can use `traefik`. Please refer to their documentation.
|
If you're using installation via docker, you can use `traefik`. Please refer to their documentation.
|
||||||
|
|
||||||
@ -235,18 +406,29 @@ After first success you have to replace `--issue` with `--renew`.
|
|||||||
|
|
||||||
# Configuration
|
# Configuration
|
||||||
|
|
||||||
| Variable | Default | Usage |
|
| Variable | Default | Usage |
|
||||||
|---------------------|----------------------------------------|---------------------------------------------------------------------------------------|
|
|------------------------|----------------------------------------|------------------------------------------------------------------------------------------------------|
|
||||||
| `DEBUG` | `false` | Toggles `fastapi` debug mode |
|
| `DEBUG` | `false` | Toggles `fastapi` debug mode |
|
||||||
| `DLS_URL` | `localhost` | Used in client-token to tell guest driver where dls instance is reachable |
|
| `DLS_URL` | `localhost` | Used in client-token to tell guest driver where dls instance is reachable |
|
||||||
| `DLS_PORT` | `443` | Used in client-token to tell guest driver where dls instance is reachable |
|
| `DLS_PORT` | `443` | Used in client-token to tell guest driver where dls instance is reachable |
|
||||||
| `LEASE_EXPIRE_DAYS` | `90` | Lease time in days |
|
| `TOKEN_EXPIRE_DAYS` | `1` | Client auth-token validity (used for authenticate client against api, **not `.tok` file!**) |
|
||||||
| `DATABASE` | `sqlite:///db.sqlite` | See [official dataset docs](https://dataset.readthedocs.io/en/latest/quickstart.html) |
|
| `LEASE_EXPIRE_DAYS` | `90` | Lease time in days |
|
||||||
| `CORS_ORIGINS` | `https://{DLS_URL}` | Sets `Access-Control-Allow-Origin` header (comma separated string) |
|
| `LEASE_RENEWAL_PERIOD` | `0.15` | The percentage of the lease period that must elapse before a licensed client can renew a license \*1 |
|
||||||
| `SITE_KEY_XID` | `00000000-0000-0000-0000-000000000000` | Site identification uuid |
|
| `DATABASE` | `sqlite:///db.sqlite` | See [official SQLAlchemy docs](https://docs.sqlalchemy.org/en/14/core/engines.html) |
|
||||||
| `INSTANCE_REF` | `00000000-0000-0000-0000-000000000000` | Instance identification uuid |
|
| `CORS_ORIGINS` | `https://{DLS_URL}` | Sets `Access-Control-Allow-Origin` header (comma separated string) \*2 |
|
||||||
| `INSTANCE_KEY_RSA` | `<app-dir>/cert/instance.private.pem` | Site-wide private RSA key for singing JWTs |
|
| `SITE_KEY_XID` | `00000000-0000-0000-0000-000000000000` | Site identification uuid |
|
||||||
| `INSTANCE_KEY_PUB` | `<app-dir>/cert/instance.public.pem` | Site-wide public key |
|
| `INSTANCE_REF` | `10000000-0000-0000-0000-000000000001` | Instance identification uuid |
|
||||||
|
| `ALLOTMENT_REF` | `20000000-0000-0000-0000-000000000001` | Allotment identification uuid |
|
||||||
|
| `INSTANCE_KEY_RSA` | `<app-dir>/cert/instance.private.pem` | Site-wide private RSA key for singing JWTs \*3 |
|
||||||
|
| `INSTANCE_KEY_PUB` | `<app-dir>/cert/instance.public.pem` | Site-wide public key \*3 |
|
||||||
|
|
||||||
|
\*1 For example, if the lease period is one day and the renewal period is 20%, the client attempts to renew its license
|
||||||
|
every 4.8 hours. If network connectivity is lost, the loss of connectivity is detected during license renewal and the
|
||||||
|
client has 19.2 hours in which to re-establish connectivity before its license expires.
|
||||||
|
|
||||||
|
\*2 Always use `https`, since guest-drivers only support secure connections!
|
||||||
|
|
||||||
|
\*3 If you recreate your instance keys you need to **recreate client-token for each guest**!
|
||||||
|
|
||||||
# Setup (Client)
|
# Setup (Client)
|
||||||
|
|
||||||
@ -254,24 +436,173 @@ After first success you have to replace `--issue` with `--renew`.
|
|||||||
|
|
||||||
Successfully tested with this package versions:
|
Successfully tested with this package versions:
|
||||||
|
|
||||||
- `14.3` (Linux-Host: `510.108.03`, Linux-Guest: `510.108.03`, Windows-Guest: `513.91`)
|
| vGPU Suftware | Driver Branch | Linux vGPU Manager | Linux Driver | Windows Driver | Release Date | EOL Date |
|
||||||
- `14.4` (Linux-Host: `510.108.03`, Linux-Guest: `510.108.03`, Windows-Guest: `514.08`)
|
|:-------------:|:-------------:|--------------------|--------------|----------------|--------------:|--------------:|
|
||||||
- `15.0` (Linux-Host: `525.60.12`, Linux-Guest: `525.60.13`, Windows-Guest: `527.41`)
|
| `17.2` | R550 | `550.90.05` | `550.90.07` | `552.55` | June 2024 | February 2025 |
|
||||||
|
| `17.1` | R550 | `550.54.16` | `550.54.15` | `551.78` | March 2024 | |
|
||||||
|
| `17.0` | R550 | `550.54.10` | `550.54.14` | `551.61` | February 2024 | |
|
||||||
|
| `16.6` | R535 | `535.183.04` | `535.183.01` | `538.67` | June 2024 | July 2026 |
|
||||||
|
| `16.5` | R535 | `535.161.05` | `535.161.08` | `538.46` | February 2024 | |
|
||||||
|
| `16.4` | R535 | `535.161.05` | `535.161.07` | `538.33` | February 2024 | |
|
||||||
|
| `16.3` | R535 | `535.154.02` | `535.154.05` | `538.15` | January 2024 | |
|
||||||
|
| `16.2` | R535 | `535.129.03` | `535.129.03` | `537.70` | October 2023 | |
|
||||||
|
| `16.1` | R535 | `535.104.06` | `535.104.05` | `537.13` | August 2023 | |
|
||||||
|
| `16.0` | R535 | `535.54.06` | `535.54.03` | `536.22` | July 2023 | |
|
||||||
|
| `15.4` | R525 | `525.147.01` | `525.147.05` | `529.19` | June 2023 | October 2023 |
|
||||||
|
| `15.3` | R525 | `525.125.03` | `525.125.06` | `529.11` | June 2023 | |
|
||||||
|
| `15.2` | R525 | `525.105.14` | `525.105.17` | `528.89` | March 2023 | |
|
||||||
|
| `15.1` | R525 | `525.85.07` | `525.85.05` | `528.24` | January 2023 | |
|
||||||
|
| `15.0` | R525 | `525.60.12` | `525.60.13` | `527.41` | December 2022 | |
|
||||||
|
| `14.4` | R510 | `510.108.03` | `510.108.03` | `514.08` | December 2022 | February 2023 |
|
||||||
|
| `14.3` | R510 | `510.108.03` | `510.108.03` | `513.91` | November 2022 | |
|
||||||
|
|
||||||
|
- https://docs.nvidia.com/grid/index.html
|
||||||
|
- https://docs.nvidia.com/grid/gpus-supported-by-vgpu.html
|
||||||
|
|
||||||
|
*To get the latest drivers, visit Nvidia or search in Discord-Channel `GPU Unlocking` (Server-ID: `829786927829745685`) on channel `licensing` `biggerthanshit`
|
||||||
|
|
||||||
## Linux
|
## Linux
|
||||||
|
|
||||||
|
Download *client-token* and place it into `/etc/nvidia/ClientConfigToken`:
|
||||||
|
|
||||||
|
```shell
|
||||||
|
curl --insecure -L -X GET https://<dls-hostname-or-ip>/-/client-token -o /etc/nvidia/ClientConfigToken/client_configuration_token_$(date '+%d-%m-%Y-%H-%M-%S').tok
|
||||||
|
# or
|
||||||
|
wget --no-check-certificate -O /etc/nvidia/ClientConfigToken/client_configuration_token_$(date '+%d-%m-%Y-%H-%M-%S').tok https://<dls-hostname-or-ip>/-/client-token
|
||||||
|
```
|
||||||
|
|
||||||
|
Restart `nvidia-gridd` service:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
curl --insecure -X GET https://<dls-hostname-or-ip>/client-token -o /etc/nvidia/ClientConfigToken/client_configuration_token.tok
|
|
||||||
service nvidia-gridd restart
|
service nvidia-gridd restart
|
||||||
|
```
|
||||||
|
|
||||||
|
Check licensing status:
|
||||||
|
|
||||||
|
```shell
|
||||||
nvidia-smi -q | grep "License"
|
nvidia-smi -q | grep "License"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Output should be something like:
|
||||||
|
|
||||||
|
```text
|
||||||
|
vGPU Software Licensed Product
|
||||||
|
License Status : Licensed (Expiry: YYYY-M-DD hh:mm:ss GMT)
|
||||||
|
```
|
||||||
|
|
||||||
|
Done. For more information check [troubleshoot section](#troubleshoot).
|
||||||
|
|
||||||
## Windows
|
## Windows
|
||||||
|
|
||||||
Download file and place it into `C:\Program Files\NVIDIA Corporation\vGPU Licensing\ClientConfigToken`.
|
**Power-Shell** (run as administrator!)
|
||||||
Now restart `NvContainerLocalSystem` service.
|
|
||||||
|
|
||||||
# Troubleshoot
|
Download *client-token* and place it into `C:\Program Files\NVIDIA Corporation\vGPU Licensing\ClientConfigToken`:
|
||||||
|
|
||||||
|
```shell
|
||||||
|
curl.exe --insecure -L -X GET https://<dls-hostname-or-ip>/-/client-token -o "C:\Program Files\NVIDIA Corporation\vGPU Licensing\ClientConfigToken\client_configuration_token_$($(Get-Date).tostring('dd-MM-yy-hh-mm-ss')).tok"
|
||||||
|
```
|
||||||
|
|
||||||
|
Restart `NvContainerLocalSystem` service:
|
||||||
|
|
||||||
|
```Shell
|
||||||
|
Restart-Service NVDisplay.ContainerLocalSystem
|
||||||
|
```
|
||||||
|
|
||||||
|
Check licensing status:
|
||||||
|
|
||||||
|
```shell
|
||||||
|
& 'nvidia-smi' -q | Select-String "License"
|
||||||
|
```
|
||||||
|
|
||||||
|
Output should be something like:
|
||||||
|
|
||||||
|
```text
|
||||||
|
vGPU Software Licensed Product
|
||||||
|
License Status : Licensed (Expiry: YYYY-M-DD hh:mm:ss GMT)
|
||||||
|
```
|
||||||
|
|
||||||
|
Done. For more information check [troubleshoot section](#troubleshoot).
|
||||||
|
|
||||||
|
## unRAID Guest
|
||||||
|
|
||||||
|
1. Make sure you create a folder in a linux filesystem (BTRFS/XFS/EXT4...), I recommend `/mnt/user/system/nvidia` (this is where docker and libvirt preferences are saved, so it's a good place to have that)
|
||||||
|
2. Edit the script to put your `DLS_IP`, `DLS_PORT` and `TOKEN_PATH`, properly
|
||||||
|
3. Install `User Scripts` plugin from *Community Apps* (the Apps page, or google User Scripts Unraid if you're not using CA)
|
||||||
|
4. Go to `Settings > Users Scripts > Add New Script`
|
||||||
|
5. Give it a name (the name must not contain spaces preferably)
|
||||||
|
6. Click on the *gear icon* to the left of the script name then edit script
|
||||||
|
7. Paste the script and save
|
||||||
|
8. Set schedule to `At First Array Start Only`
|
||||||
|
9. Click on Apply
|
||||||
|
|
||||||
|
|
||||||
|
# Endpoints
|
||||||
|
|
||||||
|
<details>
|
||||||
|
<summary>show</summary>
|
||||||
|
|
||||||
|
### `GET /`
|
||||||
|
|
||||||
|
Redirect to `/-/readme`.
|
||||||
|
|
||||||
|
### `GET /-/health`
|
||||||
|
|
||||||
|
Status endpoint, used for *healthcheck*.
|
||||||
|
|
||||||
|
### `GET /-/config`
|
||||||
|
|
||||||
|
Shows current runtime environment variables and their values.
|
||||||
|
|
||||||
|
### `GET /-/readme`
|
||||||
|
|
||||||
|
HTML rendered README.md.
|
||||||
|
|
||||||
|
### `GET /-/manage`
|
||||||
|
|
||||||
|
Shows a very basic UI to delete origins or leases.
|
||||||
|
|
||||||
|
### `GET /-/origins?leases=false`
|
||||||
|
|
||||||
|
List registered origins.
|
||||||
|
|
||||||
|
| Query Parameter | Default | Usage |
|
||||||
|
|-----------------|---------|--------------------------------------|
|
||||||
|
| `leases` | `false` | Include referenced leases per origin |
|
||||||
|
|
||||||
|
### `DELETE /-/origins`
|
||||||
|
|
||||||
|
Deletes all origins and their leases.
|
||||||
|
|
||||||
|
### `GET /-/leases?origin=false`
|
||||||
|
|
||||||
|
List current leases.
|
||||||
|
|
||||||
|
| Query Parameter | Default | Usage |
|
||||||
|
|-----------------|---------|-------------------------------------|
|
||||||
|
| `origin` | `false` | Include referenced origin per lease |
|
||||||
|
|
||||||
|
### `DELETE /-/lease/{lease_ref}`
|
||||||
|
|
||||||
|
Deletes an lease.
|
||||||
|
|
||||||
|
### `GET /-/client-token`
|
||||||
|
|
||||||
|
Generate client token, (see [installation](#installation)).
|
||||||
|
|
||||||
|
### Others
|
||||||
|
|
||||||
|
There are many other internal api endpoints for handling authentication and lease process.
|
||||||
|
</details>
|
||||||
|
|
||||||
|
# Troubleshoot / Debug
|
||||||
|
|
||||||
|
**Please make sure that fastapi-dls and your guests are on the same timezone!**
|
||||||
|
|
||||||
|
Maybe you have to disable IPv6 on the machine you are running FastAPI-DLS.
|
||||||
|
|
||||||
|
## Docker
|
||||||
|
|
||||||
|
Logs are available with `docker logs <container>`. To get the correct container-id use `docker container ls` or `docker ps`.
|
||||||
|
|
||||||
## Linux
|
## Linux
|
||||||
|
|
||||||
@ -291,6 +622,9 @@ This message can be ignored.
|
|||||||
|
|
||||||
- Ref. https://github.com/encode/uvicorn/issues/441
|
- Ref. https://github.com/encode/uvicorn/issues/441
|
||||||
|
|
||||||
|
<details>
|
||||||
|
<summary>Log example</summary>
|
||||||
|
|
||||||
```
|
```
|
||||||
WARNING:uvicorn.error:Invalid HTTP request received.
|
WARNING:uvicorn.error:Invalid HTTP request received.
|
||||||
Traceback (most recent call last):
|
Traceback (most recent call last):
|
||||||
@ -309,6 +643,8 @@ Traceback (most recent call last):
|
|||||||
h11._util.RemoteProtocolError: no request line received
|
h11._util.RemoteProtocolError: no request line received
|
||||||
```
|
```
|
||||||
|
|
||||||
|
</details>
|
||||||
|
|
||||||
## Windows
|
## Windows
|
||||||
|
|
||||||
### Required cipher on Windows Guests (e.g. managed by domain controller with GPO)
|
### Required cipher on Windows Guests (e.g. managed by domain controller with GPO)
|
||||||
@ -325,7 +661,7 @@ only
|
|||||||
gets a valid local license.
|
gets a valid local license.
|
||||||
|
|
||||||
<details>
|
<details>
|
||||||
<summary>Log</summary>
|
<summary>Log example</summary>
|
||||||
|
|
||||||
**Display-Container-LS**
|
**Display-Container-LS**
|
||||||
|
|
||||||
@ -375,3 +711,51 @@ Dec 20 17:53:34 ubuntu-grid-server nvidia-gridd[10354]: License acquired success
|
|||||||
```
|
```
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
|
### Error on releasing leases on shutdown (can be ignored and/or fixed with reverse proxy)
|
||||||
|
|
||||||
|
The driver wants to release current leases on shutting down windows. This endpoint needs to be a http endpoint.
|
||||||
|
The error message can safely be ignored (since we have no license limitation :P) and looks like this:
|
||||||
|
|
||||||
|
<details>
|
||||||
|
<summary>Log example</summary>
|
||||||
|
|
||||||
|
```
|
||||||
|
<1>:NLS initialized
|
||||||
|
<1>:License acquired successfully. (Info: 192.168.178.110, NVIDIA RTX Virtual Workstation; Expiry: 2023-3-30 23:0:22 GMT)
|
||||||
|
<0>:Failed to return license to 192.168.178.110 (Error: Generic network communication failure)
|
||||||
|
<0>:End Logging
|
||||||
|
```
|
||||||
|
|
||||||
|
#### log with nginx as reverse proxy (see [docker-compose-http-and-https.yml](examples/docker-compose-http-and-https.yml))
|
||||||
|
|
||||||
|
```
|
||||||
|
<1>:NLS initialized
|
||||||
|
<2>:NLS initialized
|
||||||
|
<1>:Valid GRID license not found. GPU features and performance will be fully degraded. To enable full functionality please configure licensing details.
|
||||||
|
<1>:License acquired successfully. (Info: 192.168.178.33, NVIDIA RTX Virtual Workstation; Expiry: 2023-1-4 16:48:20 GMT)
|
||||||
|
<2>:Valid GRID license not found. GPU features and performance will be fully degraded. To enable full functionality please configure licensing details.
|
||||||
|
<2>:License acquired successfully from local trusted store. (Info: 192.168.178.33, NVIDIA RTX Virtual Workstation; Expiry: 2023-1-4 16:48:20 GMT)
|
||||||
|
<2>:End Logging
|
||||||
|
<1>:End Logging
|
||||||
|
<0>:License returned successfully. (Info: 192.168.178.33)
|
||||||
|
<0>:End Logging
|
||||||
|
```
|
||||||
|
|
||||||
|
</details>
|
||||||
|
|
||||||
|
# Credits
|
||||||
|
|
||||||
|
Thanks to vGPU community and all who uses this project and report bugs.
|
||||||
|
|
||||||
|
Special thanks to
|
||||||
|
|
||||||
|
- @samicrusader who created build file for **ArchLinux**
|
||||||
|
- @cyrus who wrote the section for **openSUSE**
|
||||||
|
- @midi who wrote the section for **unRAID**
|
||||||
|
- @polloloco who wrote the *[NVIDIA vGPU Guide](https://gitlab.com/polloloco/vgpu-proxmox)*
|
||||||
|
- @DualCoder who creates the `vgpu_unlock` functionality [vgpu_unlock](https://github.com/DualCoder/vgpu_unlock)
|
||||||
|
- Krutav Shah who wrote the [vGPU_Unlock Wiki](https://docs.google.com/document/d/1pzrWJ9h-zANCtyqRgS7Vzla0Y8Ea2-5z2HEi4X75d2Q/)
|
||||||
|
- Wim van 't Hoog for the [Proxmox All-In-One Installer Script](https://wvthoog.nl/proxmox-vgpu-v3/)
|
||||||
|
|
||||||
|
And thanks to all people who contributed to all these libraries!
|
||||||
|
27
ROADMAP.md
Normal file
27
ROADMAP.md
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
# Roadmap
|
||||||
|
|
||||||
|
I am planning to implement the following features in the future.
|
||||||
|
|
||||||
|
|
||||||
|
## HA - High Availability
|
||||||
|
|
||||||
|
Support Failover-Mode (secondary ip address) as in official DLS.
|
||||||
|
|
||||||
|
**Note**: There is no Load-Balancing / Round-Robin HA Mode supported! If you want to use that, consider to use
|
||||||
|
Docker-Swarm with shared/cluster database (e.g. postgres).
|
||||||
|
|
||||||
|
*See [ha branch](https://git.collinwebdesigns.de/oscar.krause/fastapi-dls/-/tree/ha) for current status.*
|
||||||
|
|
||||||
|
|
||||||
|
## UI - User Interface
|
||||||
|
|
||||||
|
Add a user interface to manage origins and leases.
|
||||||
|
|
||||||
|
*See [ui branch](https://git.collinwebdesigns.de/oscar.krause/fastapi-dls/-/tree/ui) for current status.*
|
||||||
|
|
||||||
|
|
||||||
|
## Config Database
|
||||||
|
|
||||||
|
Instead of using environment variables, configuration files and manually create certificates, store configs and
|
||||||
|
certificates in database (like origins and leases). Also, there should be provided a startup assistant to prefill
|
||||||
|
required attributes and create instance-certificates. This is more user-friendly and should improve fist setup.
|
368
app/main.py
368
app/main.py
@ -6,42 +6,47 @@ from os.path import join, dirname
|
|||||||
from os import getenv as env
|
from os import getenv as env
|
||||||
|
|
||||||
from dotenv import load_dotenv
|
from dotenv import load_dotenv
|
||||||
from fastapi import FastAPI, HTTPException
|
from fastapi import FastAPI
|
||||||
from fastapi.requests import Request
|
from fastapi.requests import Request
|
||||||
from fastapi.encoders import jsonable_encoder
|
from json import loads as json_loads
|
||||||
import json
|
from datetime import datetime, timedelta
|
||||||
from datetime import datetime
|
|
||||||
from dateutil.relativedelta import relativedelta
|
from dateutil.relativedelta import relativedelta
|
||||||
from calendar import timegm
|
from calendar import timegm
|
||||||
from jose import jws, jwk, jwt
|
from jose import jws, jwk, jwt, JWTError
|
||||||
from jose.constants import ALGORITHMS
|
from jose.constants import ALGORITHMS
|
||||||
from starlette.middleware.cors import CORSMiddleware
|
from starlette.middleware.cors import CORSMiddleware
|
||||||
from starlette.responses import StreamingResponse, JSONResponse, HTMLResponse
|
from starlette.responses import StreamingResponse, JSONResponse as JSONr, HTMLResponse as HTMLr, Response, RedirectResponse
|
||||||
from sqlalchemy import create_engine
|
from sqlalchemy import create_engine
|
||||||
from sqlalchemy.orm import sessionmaker
|
from sqlalchemy.orm import sessionmaker
|
||||||
|
|
||||||
from app.util import load_key, load_file
|
from util import load_key, load_file
|
||||||
from orm import Origin, Lease, init as db_init
|
from orm import Origin, Lease, init as db_init, migrate
|
||||||
|
|
||||||
logger = logging.getLogger()
|
|
||||||
load_dotenv('../version.env')
|
load_dotenv('../version.env')
|
||||||
|
|
||||||
|
TZ = datetime.now().astimezone().tzinfo
|
||||||
|
|
||||||
VERSION, COMMIT, DEBUG = env('VERSION', 'unknown'), env('COMMIT', 'unknown'), bool(env('DEBUG', False))
|
VERSION, COMMIT, DEBUG = env('VERSION', 'unknown'), env('COMMIT', 'unknown'), bool(env('DEBUG', False))
|
||||||
|
|
||||||
app = FastAPI(title='FastAPI-DLS', description='Minimal Delegated License Service (DLS).', version=VERSION)
|
config = dict(openapi_url=None, docs_url=None, redoc_url=None) # dict(openapi_url='/-/openapi.json', docs_url='/-/docs', redoc_url='/-/redoc')
|
||||||
|
app = FastAPI(title='FastAPI-DLS', description='Minimal Delegated License Service (DLS).', version=VERSION, **config)
|
||||||
db = create_engine(str(env('DATABASE', 'sqlite:///db.sqlite')))
|
db = create_engine(str(env('DATABASE', 'sqlite:///db.sqlite')))
|
||||||
db_init(db)
|
db_init(db), migrate(db)
|
||||||
|
|
||||||
|
# everything prefixed with "INSTANCE_*" is used as "SERVICE_INSTANCE_*" or "SI_*" in official dls service
|
||||||
DLS_URL = str(env('DLS_URL', 'localhost'))
|
DLS_URL = str(env('DLS_URL', 'localhost'))
|
||||||
DLS_PORT = int(env('DLS_PORT', '443'))
|
DLS_PORT = int(env('DLS_PORT', '443'))
|
||||||
SITE_KEY_XID = str(env('SITE_KEY_XID', '00000000-0000-0000-0000-000000000000'))
|
SITE_KEY_XID = str(env('SITE_KEY_XID', '00000000-0000-0000-0000-000000000000'))
|
||||||
INSTANCE_REF = str(env('INSTANCE_REF', '00000000-0000-0000-0000-000000000000'))
|
INSTANCE_REF = str(env('INSTANCE_REF', '10000000-0000-0000-0000-000000000001'))
|
||||||
|
ALLOTMENT_REF = str(env('ALLOTMENT_REF', '20000000-0000-0000-0000-000000000001'))
|
||||||
INSTANCE_KEY_RSA = load_key(str(env('INSTANCE_KEY_RSA', join(dirname(__file__), 'cert/instance.private.pem'))))
|
INSTANCE_KEY_RSA = load_key(str(env('INSTANCE_KEY_RSA', join(dirname(__file__), 'cert/instance.private.pem'))))
|
||||||
INSTANCE_KEY_PUB = load_key(str(env('INSTANCE_KEY_PUB', join(dirname(__file__), 'cert/instance.public.pem'))))
|
INSTANCE_KEY_PUB = load_key(str(env('INSTANCE_KEY_PUB', join(dirname(__file__), 'cert/instance.public.pem'))))
|
||||||
TOKEN_EXPIRE_DELTA = relativedelta(hours=1) # days=1
|
TOKEN_EXPIRE_DELTA = relativedelta(days=int(env('TOKEN_EXPIRE_DAYS', 1)), hours=int(env('TOKEN_EXPIRE_HOURS', 0)))
|
||||||
LEASE_EXPIRE_DELTA = relativedelta(days=int(env('LEASE_EXPIRE_DAYS', 90)))
|
LEASE_EXPIRE_DELTA = relativedelta(days=int(env('LEASE_EXPIRE_DAYS', 90)), hours=int(env('LEASE_EXPIRE_HOURS', 0)))
|
||||||
|
LEASE_RENEWAL_PERIOD = float(env('LEASE_RENEWAL_PERIOD', 0.15))
|
||||||
CORS_ORIGINS = env('CORS_ORIGINS').split(',') if (env('CORS_ORIGINS')) else f'https://{DLS_URL}' # todo: prevent static https
|
LEASE_RENEWAL_DELTA = timedelta(days=int(env('LEASE_EXPIRE_DAYS', 90)), hours=int(env('LEASE_EXPIRE_HOURS', 0)))
|
||||||
|
CLIENT_TOKEN_EXPIRE_DELTA = relativedelta(years=12)
|
||||||
|
CORS_ORIGINS = str(env('CORS_ORIGINS', '')).split(',') if (env('CORS_ORIGINS')) else [f'https://{DLS_URL}']
|
||||||
|
|
||||||
jwt_encode_key = jwk.construct(INSTANCE_KEY_RSA.export_key().decode('utf-8'), algorithm=ALGORITHMS.RS256)
|
jwt_encode_key = jwk.construct(INSTANCE_KEY_RSA.export_key().decode('utf-8'), algorithm=ALGORITHMS.RS256)
|
||||||
jwt_decode_key = jwk.construct(INSTANCE_KEY_PUB.export_key().decode('utf-8'), algorithm=ALGORITHMS.RS256)
|
jwt_decode_key = jwk.construct(INSTANCE_KEY_PUB.export_key().decode('utf-8'), algorithm=ALGORITHMS.RS256)
|
||||||
@ -51,52 +56,154 @@ app.add_middleware(
|
|||||||
CORSMiddleware,
|
CORSMiddleware,
|
||||||
allow_origins=CORS_ORIGINS,
|
allow_origins=CORS_ORIGINS,
|
||||||
allow_credentials=True,
|
allow_credentials=True,
|
||||||
allow_methods=["*"],
|
allow_methods=['*'],
|
||||||
allow_headers=["*"],
|
allow_headers=['*'],
|
||||||
)
|
)
|
||||||
|
|
||||||
|
logging.basicConfig()
|
||||||
|
logger = logging.getLogger(__name__)
|
||||||
logger.setLevel(logging.DEBUG if DEBUG else logging.INFO)
|
logger.setLevel(logging.DEBUG if DEBUG else logging.INFO)
|
||||||
|
|
||||||
|
|
||||||
def get_token(request: Request) -> dict:
|
def __get_token(request: Request) -> dict:
|
||||||
authorization_header = request.headers['authorization']
|
authorization_header = request.headers.get('authorization')
|
||||||
token = authorization_header.split(' ')[1]
|
token = authorization_header.split(' ')[1]
|
||||||
return jwt.decode(token=token, key=jwt_decode_key, algorithms=ALGORITHMS.RS256, options={'verify_aud': False})
|
return jwt.decode(token=token, key=jwt_decode_key, algorithms=ALGORITHMS.RS256, options={'verify_aud': False})
|
||||||
|
|
||||||
|
|
||||||
@app.get('/')
|
@app.get('/', summary='Index')
|
||||||
async def index():
|
async def index():
|
||||||
|
return RedirectResponse('/-/readme')
|
||||||
|
|
||||||
|
|
||||||
|
@app.get('/-/', summary='* Index')
|
||||||
|
async def _index():
|
||||||
|
return RedirectResponse('/-/readme')
|
||||||
|
|
||||||
|
|
||||||
|
@app.get('/-/health', summary='* Health')
|
||||||
|
async def _health():
|
||||||
|
return JSONr({'status': 'up'})
|
||||||
|
|
||||||
|
|
||||||
|
@app.get('/-/config', summary='* Config', description='returns environment variables.')
|
||||||
|
async def _config():
|
||||||
|
return JSONr({
|
||||||
|
'VERSION': str(VERSION),
|
||||||
|
'COMMIT': str(COMMIT),
|
||||||
|
'DEBUG': str(DEBUG),
|
||||||
|
'DLS_URL': str(DLS_URL),
|
||||||
|
'DLS_PORT': str(DLS_PORT),
|
||||||
|
'SITE_KEY_XID': str(SITE_KEY_XID),
|
||||||
|
'INSTANCE_REF': str(INSTANCE_REF),
|
||||||
|
'ALLOTMENT_REF': [str(ALLOTMENT_REF)],
|
||||||
|
'TOKEN_EXPIRE_DELTA': str(TOKEN_EXPIRE_DELTA),
|
||||||
|
'LEASE_EXPIRE_DELTA': str(LEASE_EXPIRE_DELTA),
|
||||||
|
'LEASE_RENEWAL_PERIOD': str(LEASE_RENEWAL_PERIOD),
|
||||||
|
'CORS_ORIGINS': str(CORS_ORIGINS),
|
||||||
|
'TZ': str(TZ),
|
||||||
|
})
|
||||||
|
|
||||||
|
|
||||||
|
@app.get('/-/readme', summary='* Readme')
|
||||||
|
async def _readme():
|
||||||
from markdown import markdown
|
from markdown import markdown
|
||||||
content = load_file('../README.md').decode('utf-8')
|
content = load_file('../README.md').decode('utf-8')
|
||||||
return HTMLResponse(markdown(text=content, extensions=['tables', 'fenced_code', 'md_in_html', 'nl2br', 'toc']))
|
return HTMLr(markdown(text=content, extensions=['tables', 'fenced_code', 'md_in_html', 'nl2br', 'toc']))
|
||||||
|
|
||||||
|
|
||||||
@app.get('/status')
|
@app.get('/-/manage', summary='* Management UI')
|
||||||
async def status(request: Request):
|
async def _manage(request: Request):
|
||||||
return JSONResponse({'status': 'up', 'version': VERSION, 'commit': COMMIT, 'debug': DEBUG})
|
response = '''
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>FastAPI-DLS Management</title>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<button onclick="deleteOrigins()">delete ALL origins and their leases</button>
|
||||||
|
<button onclick="deleteLease()">delete specific lease</button>
|
||||||
|
|
||||||
|
<script>
|
||||||
|
function deleteOrigins() {
|
||||||
|
const response = confirm('Are you sure you want to delete all origins and their leases?');
|
||||||
|
|
||||||
|
if (response) {
|
||||||
|
var xhr = new XMLHttpRequest();
|
||||||
|
xhr.open("DELETE", '/-/origins', true);
|
||||||
|
xhr.send();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
function deleteLease(lease_ref) {
|
||||||
|
if(lease_ref === undefined)
|
||||||
|
lease_ref = window.prompt("Please enter 'lease_ref' which should be deleted");
|
||||||
|
if(lease_ref === null || lease_ref === "")
|
||||||
|
return
|
||||||
|
var xhr = new XMLHttpRequest();
|
||||||
|
xhr.open("DELETE", `/-/lease/${lease_ref}`, true);
|
||||||
|
xhr.send();
|
||||||
|
}
|
||||||
|
</script>
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
|
'''
|
||||||
|
return HTMLr(response)
|
||||||
|
|
||||||
|
|
||||||
@app.get('/-/origins')
|
@app.get('/-/origins', summary='* Origins')
|
||||||
async def _origins(request: Request):
|
async def _origins(request: Request, leases: bool = False):
|
||||||
session = sessionmaker(bind=db)()
|
session = sessionmaker(bind=db)()
|
||||||
response = list(map(lambda x: jsonable_encoder(x), session.query(Origin).all()))
|
response = []
|
||||||
|
for origin in session.query(Origin).all():
|
||||||
|
x = origin.serialize()
|
||||||
|
if leases:
|
||||||
|
serialize = dict(renewal_period=LEASE_RENEWAL_PERIOD, renewal_delta=LEASE_RENEWAL_DELTA)
|
||||||
|
x['leases'] = list(map(lambda _: _.serialize(**serialize), Lease.find_by_origin_ref(db, origin.origin_ref)))
|
||||||
|
response.append(x)
|
||||||
session.close()
|
session.close()
|
||||||
return JSONResponse(response)
|
return JSONr(response)
|
||||||
|
|
||||||
|
|
||||||
@app.get('/-/leases')
|
@app.delete('/-/origins', summary='* Origins')
|
||||||
async def _leases(request: Request):
|
async def _origins_delete(request: Request):
|
||||||
|
Origin.delete(db)
|
||||||
|
return Response(status_code=201)
|
||||||
|
|
||||||
|
|
||||||
|
@app.get('/-/leases', summary='* Leases')
|
||||||
|
async def _leases(request: Request, origin: bool = False):
|
||||||
session = sessionmaker(bind=db)()
|
session = sessionmaker(bind=db)()
|
||||||
response = list(map(lambda x: jsonable_encoder(x), session.query(Lease).all()))
|
response = []
|
||||||
|
for lease in session.query(Lease).all():
|
||||||
|
serialize = dict(renewal_period=LEASE_RENEWAL_PERIOD, renewal_delta=LEASE_RENEWAL_DELTA)
|
||||||
|
x = lease.serialize(**serialize)
|
||||||
|
if origin:
|
||||||
|
lease_origin = session.query(Origin).filter(Origin.origin_ref == lease.origin_ref).first()
|
||||||
|
if lease_origin is not None:
|
||||||
|
x['origin'] = lease_origin.serialize()
|
||||||
|
response.append(x)
|
||||||
session.close()
|
session.close()
|
||||||
return JSONResponse(response)
|
return JSONr(response)
|
||||||
|
|
||||||
|
|
||||||
|
@app.delete('/-/leases/expired', summary='* Leases')
|
||||||
|
async def _lease_delete_expired(request: Request):
|
||||||
|
Lease.delete_expired(db)
|
||||||
|
return Response(status_code=201)
|
||||||
|
|
||||||
|
|
||||||
|
@app.delete('/-/lease/{lease_ref}', summary='* Lease')
|
||||||
|
async def _lease_delete(request: Request, lease_ref: str):
|
||||||
|
if Lease.delete(db, lease_ref) == 1:
|
||||||
|
return Response(status_code=201)
|
||||||
|
return JSONr(status_code=404, content={'status': 404, 'detail': 'lease not found'})
|
||||||
|
|
||||||
|
|
||||||
# venv/lib/python3.9/site-packages/nls_core_service_instance/service_instance_token_manager.py
|
# venv/lib/python3.9/site-packages/nls_core_service_instance/service_instance_token_manager.py
|
||||||
@app.get('/client-token')
|
@app.get('/-/client-token', summary='* Client-Token', description='creates a new messenger token for this service instance')
|
||||||
async def client_token():
|
async def _client_token():
|
||||||
cur_time = datetime.utcnow()
|
cur_time = datetime.utcnow()
|
||||||
exp_time = cur_time + relativedelta(years=12)
|
exp_time = cur_time + CLIENT_TOKEN_EXPIRE_DELTA
|
||||||
|
|
||||||
payload = {
|
payload = {
|
||||||
"jti": str(uuid4()),
|
"jti": str(uuid4()),
|
||||||
@ -106,7 +213,7 @@ async def client_token():
|
|||||||
"nbf": timegm(cur_time.timetuple()),
|
"nbf": timegm(cur_time.timetuple()),
|
||||||
"exp": timegm(exp_time.timetuple()),
|
"exp": timegm(exp_time.timetuple()),
|
||||||
"update_mode": "ABSOLUTE",
|
"update_mode": "ABSOLUTE",
|
||||||
"scope_ref_list": [str(uuid4())],
|
"scope_ref_list": [ALLOTMENT_REF],
|
||||||
"fulfillment_class_ref_list": [],
|
"fulfillment_class_ref_list": [],
|
||||||
"service_instance_configuration": {
|
"service_instance_configuration": {
|
||||||
"nls_service_instance_ref": INSTANCE_REF,
|
"nls_service_instance_ref": INSTANCE_REF,
|
||||||
@ -132,33 +239,32 @@ async def client_token():
|
|||||||
content = jws.sign(payload, key=jwt_encode_key, headers=None, algorithm=ALGORITHMS.RS256)
|
content = jws.sign(payload, key=jwt_encode_key, headers=None, algorithm=ALGORITHMS.RS256)
|
||||||
|
|
||||||
response = StreamingResponse(iter([content]), media_type="text/plain")
|
response = StreamingResponse(iter([content]), media_type="text/plain")
|
||||||
filename = f'client_configuration_token_{datetime.now().strftime("%d-%m-%y-%H-%M-%S")}'
|
filename = f'client_configuration_token_{datetime.now().strftime("%d-%m-%y-%H-%M-%S")}.tok'
|
||||||
response.headers["Content-Disposition"] = f'attachment; filename={filename}'
|
response.headers["Content-Disposition"] = f'attachment; filename={filename}'
|
||||||
|
|
||||||
return response
|
return response
|
||||||
|
|
||||||
|
|
||||||
# venv/lib/python3.9/site-packages/nls_services_auth/test/test_origins_controller.py
|
# venv/lib/python3.9/site-packages/nls_services_auth/test/test_origins_controller.py
|
||||||
# {"candidate_origin_ref":"00112233-4455-6677-8899-aabbccddeeff","environment":{"fingerprint":{"mac_address_list":["ff:ff:ff:ff:ff:ff"]},"hostname":"my-hostname","ip_address_list":["192.168.178.123","fe80::","fe80::1%enp6s18"],"guest_driver_version":"510.85.02","os_platform":"Debian GNU/Linux 11 (bullseye) 11","os_version":"11 (bullseye)"},"registration_pending":false,"update_pending":false}
|
@app.post('/auth/v1/origin', description='find or create an origin')
|
||||||
@app.post('/auth/v1/origin')
|
|
||||||
async def auth_v1_origin(request: Request):
|
async def auth_v1_origin(request: Request):
|
||||||
j, cur_time = json.loads((await request.body()).decode('utf-8')), datetime.utcnow()
|
j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.utcnow()
|
||||||
|
|
||||||
origin_ref = j['candidate_origin_ref']
|
origin_ref = j.get('candidate_origin_ref')
|
||||||
logging.info(f'> [ origin ]: {origin_ref}: {j}')
|
logging.info(f'> [ origin ]: {origin_ref}: {j}')
|
||||||
|
|
||||||
data = Origin(
|
data = Origin(
|
||||||
origin_ref=origin_ref,
|
origin_ref=origin_ref,
|
||||||
hostname=j['environment']['hostname'],
|
hostname=j.get('environment').get('hostname'),
|
||||||
guest_driver_version=j['environment']['guest_driver_version'],
|
guest_driver_version=j.get('environment').get('guest_driver_version'),
|
||||||
os_platform=j['environment']['os_platform'], os_version=j['environment']['os_version'],
|
os_platform=j.get('environment').get('os_platform'), os_version=j.get('environment').get('os_version'),
|
||||||
)
|
)
|
||||||
|
|
||||||
Origin.create_or_update(db, data)
|
Origin.create_or_update(db, data)
|
||||||
|
|
||||||
response = {
|
response = {
|
||||||
"origin_ref": origin_ref,
|
"origin_ref": origin_ref,
|
||||||
"environment": j['environment'],
|
"environment": j.get('environment'),
|
||||||
"svc_port_set_list": None,
|
"svc_port_set_list": None,
|
||||||
"node_url_list": None,
|
"node_url_list": None,
|
||||||
"node_query_order": None,
|
"node_query_order": None,
|
||||||
@ -166,44 +272,42 @@ async def auth_v1_origin(request: Request):
|
|||||||
"sync_timestamp": cur_time.isoformat()
|
"sync_timestamp": cur_time.isoformat()
|
||||||
}
|
}
|
||||||
|
|
||||||
return JSONResponse(response)
|
return JSONr(response)
|
||||||
|
|
||||||
|
|
||||||
# venv/lib/python3.9/site-packages/nls_services_auth/test/test_origins_controller.py
|
# venv/lib/python3.9/site-packages/nls_services_auth/test/test_origins_controller.py
|
||||||
# { "environment" : { "guest_driver_version" : "guest_driver_version", "hostname" : "myhost", "ip_address_list" : [ "192.168.1.129" ], "os_version" : "os_version", "os_platform" : "os_platform", "fingerprint" : { "mac_address_list" : [ "e4:b9:7a:e5:7b:ff" ] }, "host_driver_version" : "host_driver_version" }, "origin_ref" : "00112233-4455-6677-8899-aabbccddeeff" }
|
@app.post('/auth/v1/origin/update', description='update an origin evidence')
|
||||||
@app.post('/auth/v1/origin/update')
|
|
||||||
async def auth_v1_origin_update(request: Request):
|
async def auth_v1_origin_update(request: Request):
|
||||||
j, cur_time = json.loads((await request.body()).decode('utf-8')), datetime.utcnow()
|
j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.utcnow()
|
||||||
|
|
||||||
origin_ref = j['origin_ref']
|
origin_ref = j.get('origin_ref')
|
||||||
logging.info(f'> [ update ]: {origin_ref}: {j}')
|
logging.info(f'> [ update ]: {origin_ref}: {j}')
|
||||||
|
|
||||||
data = Origin(
|
data = Origin(
|
||||||
origin_ref=origin_ref,
|
origin_ref=origin_ref,
|
||||||
hostname=j['environment']['hostname'],
|
hostname=j.get('environment').get('hostname'),
|
||||||
guest_driver_version=j['environment']['guest_driver_version'],
|
guest_driver_version=j.get('environment').get('guest_driver_version'),
|
||||||
os_platform=j['environment']['os_platform'], os_version=j['environment']['os_version'],
|
os_platform=j.get('environment').get('os_platform'), os_version=j.get('environment').get('os_version'),
|
||||||
)
|
)
|
||||||
|
|
||||||
Origin.create_or_update(db, data)
|
Origin.create_or_update(db, data)
|
||||||
|
|
||||||
response = {
|
response = {
|
||||||
"environment": j['environment'],
|
"environment": j.get('environment'),
|
||||||
"prompts": None,
|
"prompts": None,
|
||||||
"sync_timestamp": cur_time.isoformat()
|
"sync_timestamp": cur_time.isoformat()
|
||||||
}
|
}
|
||||||
|
|
||||||
return JSONResponse(response)
|
return JSONr(response)
|
||||||
|
|
||||||
|
|
||||||
# venv/lib/python3.9/site-packages/nls_services_auth/test/test_auth_controller.py
|
# venv/lib/python3.9/site-packages/nls_services_auth/test/test_auth_controller.py
|
||||||
# venv/lib/python3.9/site-packages/nls_core_auth/auth.py - CodeResponse
|
# venv/lib/python3.9/site-packages/nls_core_auth/auth.py - CodeResponse
|
||||||
# {"code_challenge":"...","origin_ref":"00112233-4455-6677-8899-aabbccddeeff"}
|
@app.post('/auth/v1/code', description='get an authorization code')
|
||||||
@app.post('/auth/v1/code')
|
|
||||||
async def auth_v1_code(request: Request):
|
async def auth_v1_code(request: Request):
|
||||||
j, cur_time = json.loads((await request.body()).decode('utf-8')), datetime.utcnow()
|
j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.utcnow()
|
||||||
|
|
||||||
origin_ref = j['origin_ref']
|
origin_ref = j.get('origin_ref')
|
||||||
logging.info(f'> [ code ]: {origin_ref}: {j}')
|
logging.info(f'> [ code ]: {origin_ref}: {j}')
|
||||||
|
|
||||||
delta = relativedelta(minutes=15)
|
delta = relativedelta(minutes=15)
|
||||||
@ -212,8 +316,8 @@ async def auth_v1_code(request: Request):
|
|||||||
payload = {
|
payload = {
|
||||||
'iat': timegm(cur_time.timetuple()),
|
'iat': timegm(cur_time.timetuple()),
|
||||||
'exp': timegm(expires.timetuple()),
|
'exp': timegm(expires.timetuple()),
|
||||||
'challenge': j['code_challenge'],
|
'challenge': j.get('code_challenge'),
|
||||||
'origin_ref': j['origin_ref'],
|
'origin_ref': j.get('origin_ref'),
|
||||||
'key_ref': SITE_KEY_XID,
|
'key_ref': SITE_KEY_XID,
|
||||||
'kid': SITE_KEY_XID
|
'kid': SITE_KEY_XID
|
||||||
}
|
}
|
||||||
@ -226,23 +330,27 @@ async def auth_v1_code(request: Request):
|
|||||||
"prompts": None
|
"prompts": None
|
||||||
}
|
}
|
||||||
|
|
||||||
return JSONResponse(response)
|
return JSONr(response)
|
||||||
|
|
||||||
|
|
||||||
# venv/lib/python3.9/site-packages/nls_services_auth/test/test_auth_controller.py
|
# venv/lib/python3.9/site-packages/nls_services_auth/test/test_auth_controller.py
|
||||||
# venv/lib/python3.9/site-packages/nls_core_auth/auth.py - TokenResponse
|
# venv/lib/python3.9/site-packages/nls_core_auth/auth.py - TokenResponse
|
||||||
# {"auth_code":"...","code_verifier":"..."}
|
@app.post('/auth/v1/token', description='exchange auth code and verifier for token')
|
||||||
@app.post('/auth/v1/token')
|
|
||||||
async def auth_v1_token(request: Request):
|
async def auth_v1_token(request: Request):
|
||||||
j, cur_time = json.loads((await request.body()).decode('utf-8')), datetime.utcnow()
|
j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.utcnow()
|
||||||
payload = jwt.decode(token=j['auth_code'], key=jwt_decode_key)
|
|
||||||
|
|
||||||
origin_ref = payload['origin_ref']
|
try:
|
||||||
|
payload = jwt.decode(token=j.get('auth_code'), key=jwt_decode_key)
|
||||||
|
except JWTError as e:
|
||||||
|
return JSONr(status_code=400, content={'status': 400, 'title': 'invalid token', 'detail': str(e)})
|
||||||
|
|
||||||
|
origin_ref = payload.get('origin_ref')
|
||||||
logging.info(f'> [ auth ]: {origin_ref}: {j}')
|
logging.info(f'> [ auth ]: {origin_ref}: {j}')
|
||||||
|
|
||||||
# validate the code challenge
|
# validate the code challenge
|
||||||
if payload['challenge'] != b64enc(sha256(j['code_verifier'].encode('utf-8')).digest()).rstrip(b'=').decode('utf-8'):
|
challenge = b64enc(sha256(j.get('code_verifier').encode('utf-8')).digest()).rstrip(b'=').decode('utf-8')
|
||||||
raise HTTPException(status_code=401, detail='expected challenge did not match verifier')
|
if payload.get('challenge') != challenge:
|
||||||
|
return JSONr(status_code=401, content={'status': 401, 'detail': 'expected challenge did not match verifier'})
|
||||||
|
|
||||||
access_expires_on = cur_time + TOKEN_EXPIRE_DELTA
|
access_expires_on = cur_time + TOKEN_EXPIRE_DELTA
|
||||||
|
|
||||||
@ -265,36 +373,44 @@ async def auth_v1_token(request: Request):
|
|||||||
"sync_timestamp": cur_time.isoformat(),
|
"sync_timestamp": cur_time.isoformat(),
|
||||||
}
|
}
|
||||||
|
|
||||||
return JSONResponse(response)
|
return JSONr(response)
|
||||||
|
|
||||||
|
|
||||||
# {'fulfillment_context': {'fulfillment_class_ref_list': []}, 'lease_proposal_list': [{'license_type_qualifiers': {'count': 1}, 'product': {'name': 'NVIDIA RTX Virtual Workstation'}}], 'proposal_evaluation_mode': 'ALL_OF', 'scope_ref_list': ['00112233-4455-6677-8899-aabbccddeeff']}
|
# venv/lib/python3.9/site-packages/nls_services_lease/test/test_lease_multi_controller.py
|
||||||
@app.post('/leasing/v1/lessor')
|
@app.post('/leasing/v1/lessor', description='request multiple leases (borrow) for current origin')
|
||||||
async def leasing_v1_lessor(request: Request):
|
async def leasing_v1_lessor(request: Request):
|
||||||
j, token, cur_time = json.loads((await request.body()).decode('utf-8')), get_token(request), datetime.utcnow()
|
j, token, cur_time = json_loads((await request.body()).decode('utf-8')), __get_token(request), datetime.utcnow()
|
||||||
|
|
||||||
origin_ref = token['origin_ref']
|
try:
|
||||||
scope_ref_list = j['scope_ref_list']
|
token = __get_token(request)
|
||||||
|
except JWTError:
|
||||||
|
return JSONr(status_code=401, content={'status': 401, 'detail': 'token is not valid'})
|
||||||
|
|
||||||
|
origin_ref = token.get('origin_ref')
|
||||||
|
scope_ref_list = j.get('scope_ref_list')
|
||||||
logging.info(f'> [ create ]: {origin_ref}: create leases for scope_ref_list {scope_ref_list}')
|
logging.info(f'> [ create ]: {origin_ref}: create leases for scope_ref_list {scope_ref_list}')
|
||||||
|
|
||||||
lease_result_list = []
|
lease_result_list = []
|
||||||
for scope_ref in scope_ref_list:
|
for scope_ref in scope_ref_list:
|
||||||
|
# if scope_ref not in [ALLOTMENT_REF]:
|
||||||
|
# return JSONr(status_code=500, detail=f'no service instances found for scopes: ["{scope_ref}"]')
|
||||||
|
|
||||||
|
lease_ref = str(uuid4())
|
||||||
expires = cur_time + LEASE_EXPIRE_DELTA
|
expires = cur_time + LEASE_EXPIRE_DELTA
|
||||||
lease_result_list.append({
|
lease_result_list.append({
|
||||||
"ordinal": 0,
|
"ordinal": 0,
|
||||||
# https://docs.nvidia.com/license-system/latest/nvidia-license-system-user-guide/index.html
|
# https://docs.nvidia.com/license-system/latest/nvidia-license-system-user-guide/index.html
|
||||||
"lease": {
|
"lease": {
|
||||||
"ref": scope_ref,
|
"ref": lease_ref,
|
||||||
"created": cur_time.isoformat(),
|
"created": cur_time.isoformat(),
|
||||||
"expires": expires.isoformat(),
|
"expires": expires.isoformat(),
|
||||||
# The percentage of the lease period that must elapse before a licensed client can renew a license
|
"recommended_lease_renewal": LEASE_RENEWAL_PERIOD,
|
||||||
"recommended_lease_renewal": 0.15,
|
|
||||||
"offline_lease": "true",
|
"offline_lease": "true",
|
||||||
"license_type": "CONCURRENT_COUNTED_SINGLE"
|
"license_type": "CONCURRENT_COUNTED_SINGLE"
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
data = Lease(origin_ref=origin_ref, lease_ref=scope_ref, lease_created=cur_time, lease_expires=expires)
|
data = Lease(origin_ref=origin_ref, lease_ref=lease_ref, lease_created=cur_time, lease_expires=expires)
|
||||||
Lease.create_or_update(db, data)
|
Lease.create_or_update(db, data)
|
||||||
|
|
||||||
response = {
|
response = {
|
||||||
@ -304,16 +420,16 @@ async def leasing_v1_lessor(request: Request):
|
|||||||
"prompts": None
|
"prompts": None
|
||||||
}
|
}
|
||||||
|
|
||||||
return JSONResponse(response)
|
return JSONr(response)
|
||||||
|
|
||||||
|
|
||||||
# venv/lib/python3.9/site-packages/nls_services_lease/test/test_lease_multi_controller.py
|
# venv/lib/python3.9/site-packages/nls_services_lease/test/test_lease_multi_controller.py
|
||||||
# venv/lib/python3.9/site-packages/nls_dal_service_instance_dls/schema/service_instance/V1_0_21__product_mapping.sql
|
# venv/lib/python3.9/site-packages/nls_dal_service_instance_dls/schema/service_instance/V1_0_21__product_mapping.sql
|
||||||
@app.get('/leasing/v1/lessor/leases')
|
@app.get('/leasing/v1/lessor/leases', description='get active leases for current origin')
|
||||||
async def leasing_v1_lessor_lease(request: Request):
|
async def leasing_v1_lessor_lease(request: Request):
|
||||||
token, cur_time = get_token(request), datetime.utcnow()
|
token, cur_time = __get_token(request), datetime.utcnow()
|
||||||
|
|
||||||
origin_ref = token['origin_ref']
|
origin_ref = token.get('origin_ref')
|
||||||
|
|
||||||
active_lease_list = list(map(lambda x: x.lease_ref, Lease.find_by_origin_ref(db, origin_ref)))
|
active_lease_list = list(map(lambda x: x.lease_ref, Lease.find_by_origin_ref(db, origin_ref)))
|
||||||
logging.info(f'> [ leases ]: {origin_ref}: found {len(active_lease_list)} active leases')
|
logging.info(f'> [ leases ]: {origin_ref}: found {len(active_lease_list)} active leases')
|
||||||
@ -324,26 +440,27 @@ async def leasing_v1_lessor_lease(request: Request):
|
|||||||
"prompts": None
|
"prompts": None
|
||||||
}
|
}
|
||||||
|
|
||||||
return JSONResponse(response)
|
return JSONr(response)
|
||||||
|
|
||||||
|
|
||||||
|
# venv/lib/python3.9/site-packages/nls_services_lease/test/test_lease_single_controller.py
|
||||||
# venv/lib/python3.9/site-packages/nls_core_lease/lease_single.py
|
# venv/lib/python3.9/site-packages/nls_core_lease/lease_single.py
|
||||||
@app.put('/leasing/v1/lease/{lease_ref}')
|
@app.put('/leasing/v1/lease/{lease_ref}', description='renew a lease')
|
||||||
async def leasing_v1_lease_renew(request: Request, lease_ref: str):
|
async def leasing_v1_lease_renew(request: Request, lease_ref: str):
|
||||||
token, cur_time = get_token(request), datetime.utcnow()
|
token, cur_time = __get_token(request), datetime.utcnow()
|
||||||
|
|
||||||
origin_ref = token['origin_ref']
|
origin_ref = token.get('origin_ref')
|
||||||
logging.info(f'> [ renew ]: {origin_ref}: renew {lease_ref}')
|
logging.info(f'> [ renew ]: {origin_ref}: renew {lease_ref}')
|
||||||
|
|
||||||
entity = Lease.find_by_origin_ref_and_lease_ref(db, origin_ref, lease_ref)
|
entity = Lease.find_by_origin_ref_and_lease_ref(db, origin_ref, lease_ref)
|
||||||
if entity is None:
|
if entity is None:
|
||||||
raise HTTPException(status_code=404, detail='requested lease not available')
|
return JSONr(status_code=404, content={'status': 404, 'detail': 'requested lease not available'})
|
||||||
|
|
||||||
expires = cur_time + LEASE_EXPIRE_DELTA
|
expires = cur_time + LEASE_EXPIRE_DELTA
|
||||||
response = {
|
response = {
|
||||||
"lease_ref": lease_ref,
|
"lease_ref": lease_ref,
|
||||||
"expires": expires.isoformat(),
|
"expires": expires.isoformat(),
|
||||||
"recommended_lease_renewal": 0.16,
|
"recommended_lease_renewal": LEASE_RENEWAL_PERIOD,
|
||||||
"offline_lease": True,
|
"offline_lease": True,
|
||||||
"prompts": None,
|
"prompts": None,
|
||||||
"sync_timestamp": cur_time.isoformat(),
|
"sync_timestamp": cur_time.isoformat(),
|
||||||
@ -351,14 +468,41 @@ async def leasing_v1_lease_renew(request: Request, lease_ref: str):
|
|||||||
|
|
||||||
Lease.renew(db, entity, expires, cur_time)
|
Lease.renew(db, entity, expires, cur_time)
|
||||||
|
|
||||||
return JSONResponse(response)
|
return JSONr(response)
|
||||||
|
|
||||||
|
|
||||||
@app.delete('/leasing/v1/lessor/leases')
|
# venv/lib/python3.9/site-packages/nls_services_lease/test/test_lease_single_controller.py
|
||||||
|
@app.delete('/leasing/v1/lease/{lease_ref}', description='release (return) a lease')
|
||||||
|
async def leasing_v1_lease_delete(request: Request, lease_ref: str):
|
||||||
|
token, cur_time = __get_token(request), datetime.utcnow()
|
||||||
|
|
||||||
|
origin_ref = token.get('origin_ref')
|
||||||
|
logging.info(f'> [ return ]: {origin_ref}: return {lease_ref}')
|
||||||
|
|
||||||
|
entity = Lease.find_by_lease_ref(db, lease_ref)
|
||||||
|
if entity.origin_ref != origin_ref:
|
||||||
|
return JSONr(status_code=403, content={'status': 403, 'detail': 'access or operation forbidden'})
|
||||||
|
if entity is None:
|
||||||
|
return JSONr(status_code=404, content={'status': 404, 'detail': 'requested lease not available'})
|
||||||
|
|
||||||
|
if Lease.delete(db, lease_ref) == 0:
|
||||||
|
return JSONr(status_code=404, content={'status': 404, 'detail': 'lease not found'})
|
||||||
|
|
||||||
|
response = {
|
||||||
|
"lease_ref": lease_ref,
|
||||||
|
"prompts": None,
|
||||||
|
"sync_timestamp": cur_time.isoformat(),
|
||||||
|
}
|
||||||
|
|
||||||
|
return JSONr(response)
|
||||||
|
|
||||||
|
|
||||||
|
# venv/lib/python3.9/site-packages/nls_services_lease/test/test_lease_multi_controller.py
|
||||||
|
@app.delete('/leasing/v1/lessor/leases', description='release all leases')
|
||||||
async def leasing_v1_lessor_lease_remove(request: Request):
|
async def leasing_v1_lessor_lease_remove(request: Request):
|
||||||
token, cur_time = get_token(request), datetime.utcnow()
|
token, cur_time = __get_token(request), datetime.utcnow()
|
||||||
|
|
||||||
origin_ref = token['origin_ref']
|
origin_ref = token.get('origin_ref')
|
||||||
|
|
||||||
released_lease_list = list(map(lambda x: x.lease_ref, Lease.find_by_origin_ref(db, origin_ref)))
|
released_lease_list = list(map(lambda x: x.lease_ref, Lease.find_by_origin_ref(db, origin_ref)))
|
||||||
deletions = Lease.cleanup(db, origin_ref)
|
deletions = Lease.cleanup(db, origin_ref)
|
||||||
@ -371,7 +515,41 @@ async def leasing_v1_lessor_lease_remove(request: Request):
|
|||||||
"prompts": None
|
"prompts": None
|
||||||
}
|
}
|
||||||
|
|
||||||
return JSONResponse(response)
|
return JSONr(response)
|
||||||
|
|
||||||
|
|
||||||
|
@app.post('/leasing/v1/lessor/shutdown', description='shutdown all leases')
|
||||||
|
async def leasing_v1_lessor_shutdown(request: Request):
|
||||||
|
j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.utcnow()
|
||||||
|
|
||||||
|
token = j.get('token')
|
||||||
|
token = jwt.decode(token=token, key=jwt_decode_key, algorithms=ALGORITHMS.RS256, options={'verify_aud': False})
|
||||||
|
origin_ref = token.get('origin_ref')
|
||||||
|
|
||||||
|
released_lease_list = list(map(lambda x: x.lease_ref, Lease.find_by_origin_ref(db, origin_ref)))
|
||||||
|
deletions = Lease.cleanup(db, origin_ref)
|
||||||
|
logging.info(f'> [ shutdown ]: {origin_ref}: removed {deletions} leases')
|
||||||
|
|
||||||
|
response = {
|
||||||
|
"released_lease_list": released_lease_list,
|
||||||
|
"release_failure_list": None,
|
||||||
|
"sync_timestamp": cur_time.isoformat(),
|
||||||
|
"prompts": None
|
||||||
|
}
|
||||||
|
|
||||||
|
return JSONr(response)
|
||||||
|
|
||||||
|
|
||||||
|
@app.on_event('startup')
|
||||||
|
async def app_on_startup():
|
||||||
|
logger.info(f'''
|
||||||
|
Using timezone: {str(TZ)}. Make sure this is correct and match your clients!
|
||||||
|
|
||||||
|
Your clients renew their license every {str(Lease.calculate_renewal(LEASE_RENEWAL_PERIOD, LEASE_RENEWAL_DELTA))}.
|
||||||
|
If the renewal fails, the license is {str(LEASE_RENEWAL_DELTA)} valid.
|
||||||
|
|
||||||
|
Your client-token file (.tok) is valid for {str(CLIENT_TOKEN_EXPIRE_DELTA)}.
|
||||||
|
''')
|
||||||
|
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
|
156
app/orm.py
156
app/orm.py
@ -1,9 +1,9 @@
|
|||||||
import datetime
|
from datetime import datetime, timedelta
|
||||||
|
from dateutil.relativedelta import relativedelta
|
||||||
|
|
||||||
from sqlalchemy import Column, VARCHAR, CHAR, ForeignKey, DATETIME, UniqueConstraint, update, and_, delete, inspect
|
from sqlalchemy import Column, VARCHAR, CHAR, ForeignKey, DATETIME, update, and_, inspect, text
|
||||||
from sqlalchemy.ext.declarative import declarative_base
|
|
||||||
from sqlalchemy.engine import Engine
|
from sqlalchemy.engine import Engine
|
||||||
from sqlalchemy.orm import sessionmaker
|
from sqlalchemy.orm import sessionmaker, declarative_base
|
||||||
|
|
||||||
Base = declarative_base()
|
Base = declarative_base()
|
||||||
|
|
||||||
@ -13,6 +13,7 @@ class Origin(Base):
|
|||||||
|
|
||||||
origin_ref = Column(CHAR(length=36), primary_key=True, unique=True, index=True) # uuid4
|
origin_ref = Column(CHAR(length=36), primary_key=True, unique=True, index=True) # uuid4
|
||||||
|
|
||||||
|
# service_instance_xid = Column(CHAR(length=36), nullable=False, index=True) # uuid4 # not necessary, we only support one service_instance_xid ('INSTANCE_REF')
|
||||||
hostname = Column(VARCHAR(length=256), nullable=True)
|
hostname = Column(VARCHAR(length=256), nullable=True)
|
||||||
guest_driver_version = Column(VARCHAR(length=10), nullable=True)
|
guest_driver_version = Column(VARCHAR(length=10), nullable=True)
|
||||||
os_platform = Column(VARCHAR(length=256), nullable=True)
|
os_platform = Column(VARCHAR(length=256), nullable=True)
|
||||||
@ -21,6 +22,16 @@ class Origin(Base):
|
|||||||
def __repr__(self):
|
def __repr__(self):
|
||||||
return f'Origin(origin_ref={self.origin_ref}, hostname={self.hostname})'
|
return f'Origin(origin_ref={self.origin_ref}, hostname={self.hostname})'
|
||||||
|
|
||||||
|
def serialize(self) -> dict:
|
||||||
|
return {
|
||||||
|
'origin_ref': self.origin_ref,
|
||||||
|
# 'service_instance_xid': self.service_instance_xid,
|
||||||
|
'hostname': self.hostname,
|
||||||
|
'guest_driver_version': self.guest_driver_version,
|
||||||
|
'os_platform': self.os_platform,
|
||||||
|
'os_version': self.os_version,
|
||||||
|
}
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def create_statement(engine: Engine):
|
def create_statement(engine: Engine):
|
||||||
from sqlalchemy.schema import CreateTable
|
from sqlalchemy.schema import CreateTable
|
||||||
@ -28,29 +39,41 @@ class Origin(Base):
|
|||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def create_or_update(engine: Engine, origin: "Origin"):
|
def create_or_update(engine: Engine, origin: "Origin"):
|
||||||
session = sessionmaker(autocommit=True, autoflush=True, bind=engine)()
|
session = sessionmaker(bind=engine)()
|
||||||
entity = session.query(Origin).filter(Origin.origin_ref == origin.origin_ref).first()
|
entity = session.query(Origin).filter(Origin.origin_ref == origin.origin_ref).first()
|
||||||
print(entity)
|
|
||||||
if entity is None:
|
if entity is None:
|
||||||
session.add(origin)
|
session.add(origin)
|
||||||
else:
|
else:
|
||||||
values = dict(
|
x = dict(
|
||||||
hostname=origin.hostname,
|
hostname=origin.hostname,
|
||||||
guest_driver_version=origin.guest_driver_version,
|
guest_driver_version=origin.guest_driver_version,
|
||||||
os_platform=origin.os_platform,
|
os_platform=origin.os_platform,
|
||||||
os_version=origin.os_version,
|
os_version=origin.os_version
|
||||||
)
|
)
|
||||||
session.execute(update(Origin).where(Origin.origin_ref == origin.origin_ref).values(**values))
|
session.execute(update(Origin).where(Origin.origin_ref == origin.origin_ref).values(**x))
|
||||||
|
session.commit()
|
||||||
session.flush()
|
session.flush()
|
||||||
session.close()
|
session.close()
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def delete(engine: Engine, origin_refs: [str] = None) -> int:
|
||||||
|
session = sessionmaker(bind=engine)()
|
||||||
|
if origin_refs is None:
|
||||||
|
deletions = session.query(Origin).delete()
|
||||||
|
else:
|
||||||
|
deletions = session.query(Origin).filter(Origin.origin_ref in origin_refs).delete()
|
||||||
|
session.commit()
|
||||||
|
session.close()
|
||||||
|
return deletions
|
||||||
|
|
||||||
|
|
||||||
class Lease(Base):
|
class Lease(Base):
|
||||||
__tablename__ = "lease"
|
__tablename__ = "lease"
|
||||||
|
|
||||||
origin_ref = Column(CHAR(length=36), ForeignKey(Origin.origin_ref), primary_key=True, nullable=False, index=True) # uuid4
|
|
||||||
lease_ref = Column(CHAR(length=36), primary_key=True, nullable=False, index=True) # uuid4
|
lease_ref = Column(CHAR(length=36), primary_key=True, nullable=False, index=True) # uuid4
|
||||||
|
|
||||||
|
origin_ref = Column(CHAR(length=36), ForeignKey(Origin.origin_ref, ondelete='CASCADE'), nullable=False, index=True) # uuid4
|
||||||
|
# scope_ref = Column(CHAR(length=36), nullable=False, index=True) # uuid4 # not necessary, we only support one scope_ref ('ALLOTMENT_REF')
|
||||||
lease_created = Column(DATETIME(), nullable=False)
|
lease_created = Column(DATETIME(), nullable=False)
|
||||||
lease_expires = Column(DATETIME(), nullable=False)
|
lease_expires = Column(DATETIME(), nullable=False)
|
||||||
lease_updated = Column(DATETIME(), nullable=False)
|
lease_updated = Column(DATETIME(), nullable=False)
|
||||||
@ -58,6 +81,20 @@ class Lease(Base):
|
|||||||
def __repr__(self):
|
def __repr__(self):
|
||||||
return f'Lease(origin_ref={self.origin_ref}, lease_ref={self.lease_ref}, expires={self.lease_expires})'
|
return f'Lease(origin_ref={self.origin_ref}, lease_ref={self.lease_ref}, expires={self.lease_expires})'
|
||||||
|
|
||||||
|
def serialize(self, renewal_period: float, renewal_delta: timedelta) -> dict:
|
||||||
|
lease_renewal = int(Lease.calculate_renewal(renewal_period, renewal_delta).total_seconds())
|
||||||
|
lease_renewal = self.lease_updated + relativedelta(seconds=lease_renewal)
|
||||||
|
|
||||||
|
return {
|
||||||
|
'lease_ref': self.lease_ref,
|
||||||
|
'origin_ref': self.origin_ref,
|
||||||
|
# 'scope_ref': self.scope_ref,
|
||||||
|
'lease_created': self.lease_created.isoformat(),
|
||||||
|
'lease_expires': self.lease_expires.isoformat(),
|
||||||
|
'lease_updated': self.lease_updated.isoformat(),
|
||||||
|
'lease_renewal': lease_renewal.isoformat(),
|
||||||
|
}
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def create_statement(engine: Engine):
|
def create_statement(engine: Engine):
|
||||||
from sqlalchemy.schema import CreateTable
|
from sqlalchemy.schema import CreateTable
|
||||||
@ -65,46 +102,94 @@ class Lease(Base):
|
|||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def create_or_update(engine: Engine, lease: "Lease"):
|
def create_or_update(engine: Engine, lease: "Lease"):
|
||||||
session = sessionmaker(autocommit=True, autoflush=True, bind=engine)()
|
session = sessionmaker(bind=engine)()
|
||||||
entity = session.query(Lease).filter(and_(Lease.origin_ref == lease.origin_ref, Lease.lease_ref == lease.lease_ref)).first()
|
entity = session.query(Lease).filter(Lease.lease_ref == lease.lease_ref).first()
|
||||||
if entity is None:
|
if entity is None:
|
||||||
if lease.lease_updated is None:
|
if lease.lease_updated is None:
|
||||||
lease.lease_updated = lease.lease_created
|
lease.lease_updated = lease.lease_created
|
||||||
session.add(lease)
|
session.add(lease)
|
||||||
else:
|
else:
|
||||||
values = dict(lease_expires=lease.lease_expires, lease_updated=lease.lease_updated)
|
x = dict(origin_ref=lease.origin_ref, lease_expires=lease.lease_expires, lease_updated=lease.lease_updated)
|
||||||
session.execute(update(Lease).where(and_(Lease.origin_ref == lease.origin_ref, Lease.lease_ref == lease.lease_ref)).values(**values))
|
session.execute(update(Lease).where(Lease.lease_ref == lease.lease_ref).values(**x))
|
||||||
|
session.commit()
|
||||||
session.flush()
|
session.flush()
|
||||||
session.close()
|
session.close()
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def find_by_origin_ref(engine: Engine, origin_ref: str) -> ["Lease"]:
|
def find_by_origin_ref(engine: Engine, origin_ref: str) -> ["Lease"]:
|
||||||
session = sessionmaker(autocommit=True, autoflush=True, bind=engine)()
|
session = sessionmaker(bind=engine)()
|
||||||
entities = session.query(Lease).filter(Lease.origin_ref == origin_ref).all()
|
entities = session.query(Lease).filter(Lease.origin_ref == origin_ref).all()
|
||||||
session.close()
|
session.close()
|
||||||
return entities
|
return entities
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def find_by_lease_ref(engine: Engine, lease_ref: str) -> "Lease":
|
||||||
|
session = sessionmaker(bind=engine)()
|
||||||
|
entity = session.query(Lease).filter(Lease.lease_ref == lease_ref).first()
|
||||||
|
session.close()
|
||||||
|
return entity
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def find_by_origin_ref_and_lease_ref(engine: Engine, origin_ref: str, lease_ref: str) -> "Lease":
|
def find_by_origin_ref_and_lease_ref(engine: Engine, origin_ref: str, lease_ref: str) -> "Lease":
|
||||||
session = sessionmaker(autocommit=True, autoflush=True, bind=engine)()
|
session = sessionmaker(bind=engine)()
|
||||||
entity = session.query(Lease).filter(and_(Lease.origin_ref == origin_ref, Lease.lease_ref == lease_ref)).first()
|
entity = session.query(Lease).filter(and_(Lease.origin_ref == origin_ref, Lease.lease_ref == lease_ref)).first()
|
||||||
session.close()
|
session.close()
|
||||||
return entity
|
return entity
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def renew(engine: Engine, lease: "Lease", lease_expires: datetime.datetime, lease_updated: datetime.datetime):
|
def renew(engine: Engine, lease: "Lease", lease_expires: datetime, lease_updated: datetime):
|
||||||
session = sessionmaker(autocommit=True, autoflush=True, bind=engine)()
|
session = sessionmaker(bind=engine)()
|
||||||
values = dict(lease_expires=lease.lease_expires, lease_updated=lease.lease_updated)
|
x = dict(lease_expires=lease_expires, lease_updated=lease_updated)
|
||||||
session.execute(update(Lease).where(and_(Lease.origin_ref == lease.origin_ref, Lease.lease_ref == lease.lease_ref)).values(**values))
|
session.execute(update(Lease).where(and_(Lease.origin_ref == lease.origin_ref, Lease.lease_ref == lease.lease_ref)).values(**x))
|
||||||
|
session.commit()
|
||||||
session.close()
|
session.close()
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def cleanup(engine: Engine, origin_ref: str) -> int:
|
def cleanup(engine: Engine, origin_ref: str) -> int:
|
||||||
session = sessionmaker(autocommit=True, autoflush=True, bind=engine)()
|
session = sessionmaker(bind=engine)()
|
||||||
deletions = session.query(Lease).filter(Lease.origin_ref == origin_ref).delete()
|
deletions = session.query(Lease).filter(Lease.origin_ref == origin_ref).delete()
|
||||||
|
session.commit()
|
||||||
session.close()
|
session.close()
|
||||||
return deletions
|
return deletions
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def delete(engine: Engine, lease_ref: str) -> int:
|
||||||
|
session = sessionmaker(bind=engine)()
|
||||||
|
deletions = session.query(Lease).filter(Lease.lease_ref == lease_ref).delete()
|
||||||
|
session.commit()
|
||||||
|
session.close()
|
||||||
|
return deletions
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def delete_expired(engine: Engine) -> int:
|
||||||
|
session = sessionmaker(bind=engine)()
|
||||||
|
deletions = session.query(Lease).filter(Lease.lease_expires <= datetime.utcnow()).delete()
|
||||||
|
session.commit()
|
||||||
|
session.close()
|
||||||
|
return deletions
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def calculate_renewal(renewal_period: float, delta: timedelta) -> timedelta:
|
||||||
|
"""
|
||||||
|
import datetime
|
||||||
|
LEASE_RENEWAL_PERIOD=0.2 # 20%
|
||||||
|
delta = datetime.timedelta(days=1)
|
||||||
|
renew = delta.total_seconds() * LEASE_RENEWAL_PERIOD
|
||||||
|
renew = datetime.timedelta(seconds=renew)
|
||||||
|
expires = delta - renew # 19.2
|
||||||
|
|
||||||
|
import datetime
|
||||||
|
LEASE_RENEWAL_PERIOD=0.15 # 15%
|
||||||
|
delta = datetime.timedelta(days=90)
|
||||||
|
renew = delta.total_seconds() * LEASE_RENEWAL_PERIOD
|
||||||
|
renew = datetime.timedelta(seconds=renew)
|
||||||
|
expires = delta - renew # 76 days, 12:00:00 hours
|
||||||
|
|
||||||
|
"""
|
||||||
|
renew = delta.total_seconds() * renewal_period
|
||||||
|
renew = timedelta(seconds=renew)
|
||||||
|
return renew
|
||||||
|
|
||||||
|
|
||||||
def init(engine: Engine):
|
def init(engine: Engine):
|
||||||
tables = [Origin, Lease]
|
tables = [Origin, Lease]
|
||||||
@ -112,5 +197,32 @@ def init(engine: Engine):
|
|||||||
session = sessionmaker(bind=engine)()
|
session = sessionmaker(bind=engine)()
|
||||||
for table in tables:
|
for table in tables:
|
||||||
if not db.dialect.has_table(engine.connect(), table.__tablename__):
|
if not db.dialect.has_table(engine.connect(), table.__tablename__):
|
||||||
session.execute(str(table.create_statement(engine)))
|
session.execute(text(str(table.create_statement(engine))))
|
||||||
|
session.commit()
|
||||||
session.close()
|
session.close()
|
||||||
|
|
||||||
|
|
||||||
|
def migrate(engine: Engine):
|
||||||
|
db = inspect(engine)
|
||||||
|
|
||||||
|
def upgrade_1_0_to_1_1():
|
||||||
|
x = db.dialect.get_columns(engine.connect(), Lease.__tablename__)
|
||||||
|
x = next(_ for _ in x if _['name'] == 'origin_ref')
|
||||||
|
if x['primary_key'] > 0:
|
||||||
|
print('Found old database schema with "origin_ref" as primary-key in "lease" table. Dropping table!')
|
||||||
|
print(' Your leases are recreated on next renewal!')
|
||||||
|
print(' If an error message appears on the client, you can ignore it.')
|
||||||
|
Lease.__table__.drop(bind=engine)
|
||||||
|
init(engine)
|
||||||
|
|
||||||
|
# def upgrade_1_2_to_1_3():
|
||||||
|
# x = db.dialect.get_columns(engine.connect(), Lease.__tablename__)
|
||||||
|
# x = next((_ for _ in x if _['name'] == 'scope_ref'), None)
|
||||||
|
# if x is None:
|
||||||
|
# Lease.scope_ref.compile()
|
||||||
|
# column_name = Lease.scope_ref.name
|
||||||
|
# column_type = Lease.scope_ref.type.compile(engine.dialect)
|
||||||
|
# engine.execute(f'ALTER TABLE "{Lease.__tablename__}" ADD COLUMN "{column_name}" {column_type}')
|
||||||
|
|
||||||
|
upgrade_1_0_to_1_1()
|
||||||
|
# upgrade_1_2_to_1_3()
|
||||||
|
29
app/util.py
29
app/util.py
@ -1,21 +1,28 @@
|
|||||||
try:
|
|
||||||
# Crypto | Cryptodome on Debian
|
|
||||||
from Crypto.PublicKey import RSA
|
|
||||||
from Crypto.PublicKey.RSA import RsaKey
|
|
||||||
except ModuleNotFoundError:
|
|
||||||
from Cryptodome.PublicKey import RSA
|
|
||||||
from Cryptodome.PublicKey.RSA import RsaKey
|
|
||||||
|
|
||||||
|
|
||||||
def load_file(filename) -> bytes:
|
def load_file(filename) -> bytes:
|
||||||
with open(filename, 'rb') as file:
|
with open(filename, 'rb') as file:
|
||||||
content = file.read()
|
content = file.read()
|
||||||
return content
|
return content
|
||||||
|
|
||||||
|
|
||||||
def load_key(filename) -> RsaKey:
|
def load_key(filename) -> "RsaKey":
|
||||||
|
try:
|
||||||
|
# Crypto | Cryptodome on Debian
|
||||||
|
from Crypto.PublicKey import RSA
|
||||||
|
from Crypto.PublicKey.RSA import RsaKey
|
||||||
|
except ModuleNotFoundError:
|
||||||
|
from Cryptodome.PublicKey import RSA
|
||||||
|
from Cryptodome.PublicKey.RSA import RsaKey
|
||||||
|
|
||||||
return RSA.import_key(extern_key=load_file(filename), passphrase=None)
|
return RSA.import_key(extern_key=load_file(filename), passphrase=None)
|
||||||
|
|
||||||
|
|
||||||
def generate_key() -> RsaKey:
|
def generate_key() -> "RsaKey":
|
||||||
|
try:
|
||||||
|
# Crypto | Cryptodome on Debian
|
||||||
|
from Crypto.PublicKey import RSA
|
||||||
|
from Crypto.PublicKey.RSA import RsaKey
|
||||||
|
except ModuleNotFoundError:
|
||||||
|
from Cryptodome.PublicKey import RSA
|
||||||
|
from Cryptodome.PublicKey.RSA import RsaKey
|
||||||
|
|
||||||
return RSA.generate(bits=2048)
|
return RSA.generate(bits=2048)
|
||||||
|
26
doc/Database.md
Normal file
26
doc/Database.md
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
# Database structure
|
||||||
|
|
||||||
|
## `request_routing.service_instance`
|
||||||
|
|
||||||
|
| xid | org_name |
|
||||||
|
|----------------------------------------|--------------------------|
|
||||||
|
| `10000000-0000-0000-0000-000000000000` | `lic-000000000000000000` |
|
||||||
|
|
||||||
|
- `xid` is used as `SERVICE_INSTANCE_XID`
|
||||||
|
|
||||||
|
## `request_routing.license_allotment_service_instance`
|
||||||
|
|
||||||
|
| xid | service_instance_xid | license_allotment_xid |
|
||||||
|
|----------------------------------------|----------------------------------------|----------------------------------------|
|
||||||
|
| `90000000-0000-0000-0000-000000000001` | `10000000-0000-0000-0000-000000000000` | `80000000-0000-0000-0000-000000000001` |
|
||||||
|
|
||||||
|
- `xid` is only a primary-key and never used as foreign-key or reference
|
||||||
|
- `license_allotment_xid` must be used to fetch `xid`'s from `request_routing.license_allotment_reference`
|
||||||
|
|
||||||
|
## `request_routing.license_allotment_reference`
|
||||||
|
|
||||||
|
| xid | license_allotment_xid |
|
||||||
|
|----------------------------------------|----------------------------------------|
|
||||||
|
| `20000000-0000-0000-0000-000000000001` | `80000000-0000-0000-0000-000000000001` |
|
||||||
|
|
||||||
|
- `xid` is used as `scope_ref_list` on token request
|
@ -33,6 +33,9 @@ nvidia-gridd[2986]: License acquired successfully. (Info: license.nvidia.space,
|
|||||||
|
|
||||||
Most variables and configs are stored in `/var/lib/docker/volumes/configurations/_data`.
|
Most variables and configs are stored in `/var/lib/docker/volumes/configurations/_data`.
|
||||||
|
|
||||||
|
Files can be modified with `docker cp <container-id>:/venv/... /opt/localfile/...` and back.
|
||||||
|
(May you need to fix permissions with `docker exec -u 0 <container-id> chown nonroot:nonroot /venv/...`)
|
||||||
|
|
||||||
## Dive / Docker image inspector
|
## Dive / Docker image inspector
|
||||||
|
|
||||||
- `dive dls:appliance`
|
- `dive dls:appliance`
|
||||||
|
29
docker-compose.yml
Normal file
29
docker-compose.yml
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
version: '3.9'
|
||||||
|
|
||||||
|
x-dls-variables: &dls-variables
|
||||||
|
TZ: Europe/Berlin # REQUIRED, set your timezone correctly on fastapi-dls AND YOUR CLIENTS !!!
|
||||||
|
DLS_URL: localhost # REQUIRED, change to your ip or hostname
|
||||||
|
DLS_PORT: 443
|
||||||
|
LEASE_EXPIRE_DAYS: 90 # 90 days is maximum
|
||||||
|
DATABASE: sqlite:////app/database/db.sqlite
|
||||||
|
DEBUG: false
|
||||||
|
|
||||||
|
services:
|
||||||
|
dls:
|
||||||
|
image: collinwebdesigns/fastapi-dls:latest
|
||||||
|
restart: always
|
||||||
|
environment:
|
||||||
|
<<: *dls-variables
|
||||||
|
ports:
|
||||||
|
- "443:443"
|
||||||
|
volumes:
|
||||||
|
- /opt/docker/fastapi-dls/cert:/app/cert
|
||||||
|
- dls-db:/app/database
|
||||||
|
logging: # optional, for those who do not need logs
|
||||||
|
driver: "json-file"
|
||||||
|
options:
|
||||||
|
max-file: 5
|
||||||
|
max-size: 10m
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
dls-db:
|
120
examples/docker-compose-http-and-https.yml
Normal file
120
examples/docker-compose-http-and-https.yml
Normal file
@ -0,0 +1,120 @@
|
|||||||
|
version: '3.9'
|
||||||
|
|
||||||
|
x-dls-variables: &dls-variables
|
||||||
|
DLS_URL: localhost # REQUIRED, change to your ip or hostname
|
||||||
|
DLS_PORT: 443 # must match nginx listen & exposed port
|
||||||
|
LEASE_EXPIRE_DAYS: 90
|
||||||
|
DATABASE: sqlite:////app/database/db.sqlite
|
||||||
|
DEBUG: false
|
||||||
|
|
||||||
|
services:
|
||||||
|
dls:
|
||||||
|
image: collinwebdesigns/fastapi-dls:latest
|
||||||
|
restart: always
|
||||||
|
environment:
|
||||||
|
<<: *dls-variables
|
||||||
|
volumes:
|
||||||
|
- /etc/timezone:/etc/timezone:ro
|
||||||
|
- /opt/docker/fastapi-dls/cert:/app/cert # instance.private.pem, instance.public.pem
|
||||||
|
- db:/app/database
|
||||||
|
entrypoint: ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000", "--app-dir", "/app", "--proxy-headers"]
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD", "curl", "--fail", "http://localhost:8000/-/health"]
|
||||||
|
interval: 10s
|
||||||
|
timeout: 5s
|
||||||
|
retries: 3
|
||||||
|
start_period: 30s
|
||||||
|
proxy:
|
||||||
|
image: nginx
|
||||||
|
ports:
|
||||||
|
# thees are ports where nginx (!) is listen to
|
||||||
|
- "80:80" # for "/leasing/v1/lessor/shutdown" used by windows guests, can't be changed!
|
||||||
|
- "443:443" # first part must match "DLS_PORT"
|
||||||
|
volumes:
|
||||||
|
- /etc/timezone:/etc/timezone:ro
|
||||||
|
- /opt/docker/fastapi-dls/cert:/opt/cert
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD", "curl", "--insecure", "--fail", "https://localhost/-/health"]
|
||||||
|
interval: 10s
|
||||||
|
timeout: 5s
|
||||||
|
retries: 3
|
||||||
|
start_period: 30s
|
||||||
|
command: |
|
||||||
|
bash -c "bash -s <<\"EOF\"
|
||||||
|
cat > /etc/nginx/nginx.conf <<\"EON\"
|
||||||
|
daemon off;
|
||||||
|
user root;
|
||||||
|
worker_processes auto;
|
||||||
|
|
||||||
|
events {
|
||||||
|
worker_connections 1024;
|
||||||
|
}
|
||||||
|
|
||||||
|
http {
|
||||||
|
gzip on;
|
||||||
|
gzip_disable "msie6";
|
||||||
|
include /etc/nginx/mime.types;
|
||||||
|
|
||||||
|
upstream dls-backend {
|
||||||
|
server dls:8000; # must match dls listen port
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443 ssl http2 default_server;
|
||||||
|
listen [::]:443 ssl http2 default_server;
|
||||||
|
|
||||||
|
root /var/www/html;
|
||||||
|
index index.html;
|
||||||
|
server_name _;
|
||||||
|
|
||||||
|
ssl_certificate "/opt/cert/webserver.crt";
|
||||||
|
ssl_certificate_key "/opt/cert/webserver.key";
|
||||||
|
ssl_session_cache shared:SSL:1m;
|
||||||
|
ssl_session_timeout 10m;
|
||||||
|
ssl_protocols TLSv1.3 TLSv1.2;
|
||||||
|
# ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305";
|
||||||
|
# ssl_ciphers PROFILE=SYSTEM;
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_set_header Host $$http_host;
|
||||||
|
proxy_set_header X-Real-IP $$remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $$scheme;
|
||||||
|
proxy_pass http://dls-backend$$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
location = /-/health {
|
||||||
|
access_log off;
|
||||||
|
add_header 'Content-Type' 'application/json';
|
||||||
|
return 200 '{\"status\":\"up\",\"service\":\"nginx\"}';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
listen [::]:80;
|
||||||
|
|
||||||
|
root /var/www/html;
|
||||||
|
index index.html;
|
||||||
|
server_name _;
|
||||||
|
|
||||||
|
location /leasing/v1/lessor/shutdown {
|
||||||
|
proxy_set_header Host $$http_host;
|
||||||
|
proxy_set_header X-Real-IP $$remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $$scheme;
|
||||||
|
proxy_pass http://dls-backend/leasing/v1/lessor/shutdown;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
return 301 https://$$host$$request_uri;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
EON
|
||||||
|
nginx
|
||||||
|
EOF"
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
db:
|
@ -1,8 +1,8 @@
|
|||||||
fastapi==0.88.0
|
fastapi==0.111.0
|
||||||
uvicorn[standard]==0.20.0
|
uvicorn[standard]==0.29.0
|
||||||
python-jose==3.3.0
|
python-jose==3.3.0
|
||||||
pycryptodome==3.16.0
|
pycryptodome==3.20.0
|
||||||
python-dateutil==2.8.2
|
python-dateutil==2.8.2
|
||||||
sqlalchemy==1.4.45
|
sqlalchemy==2.0.30
|
||||||
markdown==3.4.1
|
markdown==3.6
|
||||||
python-dotenv==0.21.0
|
python-dotenv==1.0.1
|
||||||
|
126
test/main.py
126
test/main.py
@ -3,7 +3,7 @@ from hashlib import sha256
|
|||||||
from calendar import timegm
|
from calendar import timegm
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
from os.path import dirname, join
|
from os.path import dirname, join
|
||||||
from uuid import uuid4
|
from uuid import uuid4, UUID
|
||||||
|
|
||||||
from dateutil.relativedelta import relativedelta
|
from dateutil.relativedelta import relativedelta
|
||||||
from jose import jwt, jwk
|
from jose import jwt, jwk
|
||||||
@ -16,12 +16,11 @@ sys.path.append('../')
|
|||||||
sys.path.append('../app')
|
sys.path.append('../app')
|
||||||
|
|
||||||
from app import main
|
from app import main
|
||||||
from app.util import generate_key, load_key
|
from app.util import load_key
|
||||||
|
|
||||||
client = TestClient(main.app)
|
client = TestClient(main.app)
|
||||||
|
|
||||||
ORIGIN_REF, LEASE_REF = str(uuid4()), str(uuid4())
|
ORIGIN_REF, ALLOTMENT_REF, SECRET = str(uuid4()), '20000000-0000-0000-0000-000000000001', 'HelloWorld'
|
||||||
SECRET = "HelloWorld"
|
|
||||||
|
|
||||||
# INSTANCE_KEY_RSA = generate_key()
|
# INSTANCE_KEY_RSA = generate_key()
|
||||||
# INSTANCE_KEY_PUB = INSTANCE_KEY_RSA.public_key()
|
# INSTANCE_KEY_PUB = INSTANCE_KEY_RSA.public_key()
|
||||||
@ -33,22 +32,59 @@ jwt_encode_key = jwk.construct(INSTANCE_KEY_RSA.export_key().decode('utf-8'), al
|
|||||||
jwt_decode_key = jwk.construct(INSTANCE_KEY_PUB.export_key().decode('utf-8'), algorithm=ALGORITHMS.RS256)
|
jwt_decode_key = jwk.construct(INSTANCE_KEY_PUB.export_key().decode('utf-8'), algorithm=ALGORITHMS.RS256)
|
||||||
|
|
||||||
|
|
||||||
|
def __bearer_token(origin_ref: str) -> str:
|
||||||
|
token = jwt.encode({"origin_ref": origin_ref}, key=jwt_encode_key, algorithm=ALGORITHMS.RS256)
|
||||||
|
token = f'Bearer {token}'
|
||||||
|
return token
|
||||||
|
|
||||||
|
|
||||||
def test_index():
|
def test_index():
|
||||||
response = client.get('/')
|
response = client.get('/')
|
||||||
assert response.status_code == 200
|
assert response.status_code == 200
|
||||||
|
|
||||||
|
|
||||||
def test_status():
|
def test_health():
|
||||||
response = client.get('/status')
|
response = client.get('/-/health')
|
||||||
|
assert response.status_code == 200
|
||||||
|
assert response.json().get('status') == 'up'
|
||||||
|
|
||||||
|
|
||||||
|
def test_config():
|
||||||
|
response = client.get('/-/config')
|
||||||
|
assert response.status_code == 200
|
||||||
|
|
||||||
|
|
||||||
|
def test_readme():
|
||||||
|
response = client.get('/-/readme')
|
||||||
|
assert response.status_code == 200
|
||||||
|
|
||||||
|
|
||||||
|
def test_manage():
|
||||||
|
response = client.get('/-/manage')
|
||||||
assert response.status_code == 200
|
assert response.status_code == 200
|
||||||
assert response.json()['status'] == 'up'
|
|
||||||
|
|
||||||
|
|
||||||
def test_client_token():
|
def test_client_token():
|
||||||
response = client.get('/client-token')
|
response = client.get('/-/client-token')
|
||||||
assert response.status_code == 200
|
assert response.status_code == 200
|
||||||
|
|
||||||
|
|
||||||
|
def test_origins():
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
def test_origins_delete():
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
def test_leases():
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
def test_lease_delete():
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
def test_auth_v1_origin():
|
def test_auth_v1_origin():
|
||||||
payload = {
|
payload = {
|
||||||
"registration_pending": False,
|
"registration_pending": False,
|
||||||
@ -67,7 +103,7 @@ def test_auth_v1_origin():
|
|||||||
|
|
||||||
response = client.post('/auth/v1/origin', json=payload)
|
response = client.post('/auth/v1/origin', json=payload)
|
||||||
assert response.status_code == 200
|
assert response.status_code == 200
|
||||||
assert response.json()['origin_ref'] == ORIGIN_REF
|
assert response.json().get('origin_ref') == ORIGIN_REF
|
||||||
|
|
||||||
|
|
||||||
def auth_v1_origin_update():
|
def auth_v1_origin_update():
|
||||||
@ -88,7 +124,7 @@ def auth_v1_origin_update():
|
|||||||
|
|
||||||
response = client.post('/auth/v1/origin/update', json=payload)
|
response = client.post('/auth/v1/origin/update', json=payload)
|
||||||
assert response.status_code == 200
|
assert response.status_code == 200
|
||||||
assert response.json()['origin_ref'] == ORIGIN_REF
|
assert response.json().get('origin_ref') == ORIGIN_REF
|
||||||
|
|
||||||
|
|
||||||
def test_auth_v1_code():
|
def test_auth_v1_code():
|
||||||
@ -100,8 +136,8 @@ def test_auth_v1_code():
|
|||||||
response = client.post('/auth/v1/code', json=payload)
|
response = client.post('/auth/v1/code', json=payload)
|
||||||
assert response.status_code == 200
|
assert response.status_code == 200
|
||||||
|
|
||||||
payload = jwt.get_unverified_claims(token=response.json()['auth_code'])
|
payload = jwt.get_unverified_claims(token=response.json().get('auth_code'))
|
||||||
assert payload['origin_ref'] == ORIGIN_REF
|
assert payload.get('origin_ref') == ORIGIN_REF
|
||||||
|
|
||||||
|
|
||||||
def test_auth_v1_token():
|
def test_auth_v1_token():
|
||||||
@ -125,9 +161,9 @@ def test_auth_v1_token():
|
|||||||
response = client.post('/auth/v1/token', json=payload)
|
response = client.post('/auth/v1/token', json=payload)
|
||||||
assert response.status_code == 200
|
assert response.status_code == 200
|
||||||
|
|
||||||
token = response.json()['auth_token']
|
token = response.json().get('auth_token')
|
||||||
payload = jwt.decode(token=token, key=jwt_decode_key, algorithms=ALGORITHMS.RS256, options={'verify_aud': False})
|
payload = jwt.decode(token=token, key=jwt_decode_key, algorithms=ALGORITHMS.RS256, options={'verify_aud': False})
|
||||||
assert payload['origin_ref'] == ORIGIN_REF
|
assert payload.get('origin_ref') == ORIGIN_REF
|
||||||
|
|
||||||
|
|
||||||
def test_leasing_v1_lessor():
|
def test_leasing_v1_lessor():
|
||||||
@ -140,45 +176,67 @@ def test_leasing_v1_lessor():
|
|||||||
'product': {'name': 'NVIDIA RTX Virtual Workstation'}
|
'product': {'name': 'NVIDIA RTX Virtual Workstation'}
|
||||||
}],
|
}],
|
||||||
'proposal_evaluation_mode': 'ALL_OF',
|
'proposal_evaluation_mode': 'ALL_OF',
|
||||||
'scope_ref_list': [LEASE_REF]
|
'scope_ref_list': [ALLOTMENT_REF]
|
||||||
}
|
}
|
||||||
|
|
||||||
bearer_token = jwt.encode({"origin_ref": ORIGIN_REF}, key=jwt_encode_key, algorithm=ALGORITHMS.RS256)
|
response = client.post('/leasing/v1/lessor', json=payload, headers={'authorization': __bearer_token(ORIGIN_REF)})
|
||||||
bearer_token = f'Bearer {bearer_token}'
|
|
||||||
response = client.post('/leasing/v1/lessor', json=payload, headers={'authorization': bearer_token})
|
|
||||||
assert response.status_code == 200
|
assert response.status_code == 200
|
||||||
|
|
||||||
lease_result_list = response.json()['lease_result_list']
|
lease_result_list = response.json().get('lease_result_list')
|
||||||
assert len(lease_result_list) == 1
|
assert len(lease_result_list) == 1
|
||||||
assert lease_result_list[0]['lease']['ref'] == LEASE_REF
|
assert len(lease_result_list[0]['lease']['ref']) == 36
|
||||||
|
assert str(UUID(lease_result_list[0]['lease']['ref'])) == lease_result_list[0]['lease']['ref']
|
||||||
|
|
||||||
|
return lease_result_list[0]['lease']['ref']
|
||||||
|
|
||||||
|
|
||||||
def test_leasing_v1_lessor_lease():
|
def test_leasing_v1_lessor_lease():
|
||||||
bearer_token = jwt.encode({"origin_ref": ORIGIN_REF}, key=jwt_encode_key, algorithm=ALGORITHMS.RS256)
|
response = client.get('/leasing/v1/lessor/leases', headers={'authorization': __bearer_token(ORIGIN_REF)})
|
||||||
bearer_token = f'Bearer {bearer_token}'
|
|
||||||
response = client.get('/leasing/v1/lessor/leases', headers={'authorization': bearer_token})
|
|
||||||
assert response.status_code == 200
|
assert response.status_code == 200
|
||||||
|
|
||||||
active_lease_list = response.json()['active_lease_list']
|
active_lease_list = response.json().get('active_lease_list')
|
||||||
assert len(active_lease_list) == 1
|
assert len(active_lease_list) == 1
|
||||||
assert active_lease_list[0] == LEASE_REF
|
assert len(active_lease_list[0]) == 36
|
||||||
|
assert str(UUID(active_lease_list[0])) == active_lease_list[0]
|
||||||
|
|
||||||
|
|
||||||
def test_leasing_v1_lease_renew():
|
def test_leasing_v1_lease_renew():
|
||||||
bearer_token = jwt.encode({"origin_ref": ORIGIN_REF}, key=jwt_encode_key, algorithm=ALGORITHMS.RS256)
|
response = client.get('/leasing/v1/lessor/leases', headers={'authorization': __bearer_token(ORIGIN_REF)})
|
||||||
bearer_token = f'Bearer {bearer_token}'
|
active_lease_list = response.json().get('active_lease_list')
|
||||||
response = client.put(f'/leasing/v1/lease/{LEASE_REF}', headers={'authorization': bearer_token})
|
active_lease_ref = active_lease_list[0]
|
||||||
|
|
||||||
|
###
|
||||||
|
|
||||||
|
response = client.put(f'/leasing/v1/lease/{active_lease_ref}', headers={'authorization': __bearer_token(ORIGIN_REF)})
|
||||||
assert response.status_code == 200
|
assert response.status_code == 200
|
||||||
|
|
||||||
assert response.json()['lease_ref'] == LEASE_REF
|
lease_ref = response.json().get('lease_ref')
|
||||||
|
assert len(lease_ref) == 36
|
||||||
|
assert lease_ref == active_lease_ref
|
||||||
|
|
||||||
|
|
||||||
|
def test_leasing_v1_lease_delete():
|
||||||
|
response = client.get('/leasing/v1/lessor/leases', headers={'authorization': __bearer_token(ORIGIN_REF)})
|
||||||
|
active_lease_list = response.json().get('active_lease_list')
|
||||||
|
active_lease_ref = active_lease_list[0]
|
||||||
|
|
||||||
|
###
|
||||||
|
|
||||||
|
response = client.delete(f'/leasing/v1/lease/{active_lease_ref}', headers={'authorization': __bearer_token(ORIGIN_REF)})
|
||||||
|
assert response.status_code == 200
|
||||||
|
|
||||||
|
lease_ref = response.json().get('lease_ref')
|
||||||
|
assert len(lease_ref) == 36
|
||||||
|
assert lease_ref == active_lease_ref
|
||||||
|
|
||||||
|
|
||||||
def test_leasing_v1_lessor_lease_remove():
|
def test_leasing_v1_lessor_lease_remove():
|
||||||
bearer_token = jwt.encode({"origin_ref": ORIGIN_REF}, key=jwt_encode_key, algorithm=ALGORITHMS.RS256)
|
lease_ref = test_leasing_v1_lessor()
|
||||||
bearer_token = f'Bearer {bearer_token}'
|
|
||||||
response = client.delete('/leasing/v1/lessor/leases', headers={'authorization': bearer_token})
|
response = client.delete('/leasing/v1/lessor/leases', headers={'authorization': __bearer_token(ORIGIN_REF)})
|
||||||
assert response.status_code == 200
|
assert response.status_code == 200
|
||||||
|
|
||||||
released_lease_list = response.json()['released_lease_list']
|
released_lease_list = response.json().get('released_lease_list')
|
||||||
assert len(released_lease_list) == 1
|
assert len(released_lease_list) == 1
|
||||||
assert released_lease_list[0] == LEASE_REF
|
assert len(released_lease_list[0]) == 36
|
||||||
|
assert released_lease_list[0] == lease_ref
|
||||||
|
@ -1 +0,0 @@
|
|||||||
VERSION=1.0.0
|
|
Loading…
Reference in New Issue
Block a user