diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 69d8ba9..eac63af 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -24,8 +24,8 @@ build:docker: - docker buildx create --use script: - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - - IMAGE=$CI_REGISTRY/$CI_PROJECT_PATH/$CI_BUILD_REF_NAME:$CI_BUILD_REF - - docker buildx build --progress=plain --platform linux/amd64,linux/arm64 --build-arg VERSION=$CI_BUILD_REF_NAME --build-arg COMMIT=$CI_COMMIT_SHA --tag $IMAGE --push . + - IMAGE=$CI_REGISTRY/$CI_PROJECT_PATH/$CI_COMMIT_REF_NAME:$CI_COMMIT_SHA + - docker buildx build --progress=plain --platform linux/amd64,linux/arm64 --build-arg VERSION=$CI_COMMIT_REF_NAME --build-arg COMMIT=$CI_COMMIT_SHA --tag $IMAGE --push . - docker buildx imagetools inspect $IMAGE - echo "CS_IMAGE=$IMAGE" > container_scanning.env artifacts: @@ -39,7 +39,7 @@ build:apt: rules: - if: $CI_COMMIT_TAG variables: - VERSION: $CI_BUILD_REF_NAME + VERSION: $CI_COMMIT_REF_NAME - if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH changes: - app/**/* @@ -72,7 +72,7 @@ build:apt: # cd into "build/" - cd build/ script: - # set version based on value in "$CI_BUILD_REF_NAME" + # set version based on value in "$CI_COMMIT_REF_NAME" - sed -i -E 's/(Version\:\s)0.0/\1'"$VERSION"'/g' DEBIAN/control # build - dpkg -b . build.deb @@ -89,7 +89,7 @@ build:pacman: rules: - if: $CI_COMMIT_TAG variables: - VERSION: $CI_BUILD_REF_NAME + VERSION: $CI_COMMIT_REF_NAME - if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH changes: - app/**/* @@ -265,21 +265,21 @@ deploy:docker: extends: .deploy stage: deploy before_script: - - echo "Building docker image for commit $CI_COMMIT_SHA with version $CI_BUILD_REF_NAME" + - echo "Building docker image for commit $CI_COMMIT_SHA with version $CI_COMMIT_REF_NAME" script: - echo "========== GitLab-Registry ==========" - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - - IMAGE=$CI_REGISTRY/$CI_PROJECT_PATH/$CI_BUILD_REF_NAME - - docker build . --build-arg VERSION=$CI_BUILD_REF_NAME --build-arg COMMIT=$CI_COMMIT_SHA --tag $IMAGE:$CI_BUILD_REF_NAME - - docker build . --build-arg VERSION=$CI_BUILD_REF_NAME --build-arg COMMIT=$CI_COMMIT_SHA --tag $IMAGE:latest - - docker push $IMAGE:$CI_BUILD_REF_NAME + - IMAGE=$CI_REGISTRY/$CI_PROJECT_PATH/$CI_COMMIT_REF_NAME + - docker build . --build-arg VERSION=$CI_COMMIT_REF_NAME --build-arg COMMIT=$CI_COMMIT_SHA --tag $IMAGE:$CI_COMMIT_REF_NAME + - docker build . --build-arg VERSION=$CI_COMMIT_REF_NAME --build-arg COMMIT=$CI_COMMIT_SHA --tag $IMAGE:latest + - docker push $IMAGE:$CI_COMMIT_REF_NAME - docker push $IMAGE:latest - echo "========== Docker-Hub ==========" - docker login -u $PUBLIC_REGISTRY_USER -p $PUBLIC_REGISTRY_TOKEN - IMAGE=$PUBLIC_REGISTRY_USER/$CI_PROJECT_NAME - - docker build . --build-arg VERSION=$CI_BUILD_REF_NAME --build-arg COMMIT=$CI_COMMIT_SHA --tag $IMAGE:$CI_BUILD_REF_NAME - - docker build . --build-arg VERSION=$CI_BUILD_REF_NAME --build-arg COMMIT=$CI_COMMIT_SHA --tag $IMAGE:latest - - docker push $IMAGE:$CI_BUILD_REF_NAME + - docker build . --build-arg VERSION=$CI_COMMIT_REF_NAME --build-arg COMMIT=$CI_COMMIT_SHA --tag $IMAGE:$CI_COMMIT_REF_NAME + - docker build . --build-arg VERSION=$CI_COMMIT_REF_NAME --build-arg COMMIT=$CI_COMMIT_SHA --tag $IMAGE:latest + - docker push $IMAGE:$CI_COMMIT_REF_NAME - docker push $IMAGE:latest deploy:apt: @@ -333,9 +333,9 @@ deploy:pacman: - source .PKGBUILD/PKGBUILD - source version.env # fastapi-dls-1.0-1-any.pkg.tar.zst - - BUILD_NAME=${pkgname}-${CI_BUILD_REF_NAME}-${pkgrel}-any.pkg.tar.zst + - BUILD_NAME=${pkgname}-${CI_COMMIT_REF_NAME}-${pkgrel}-any.pkg.tar.zst - PACKAGE_NAME=${pkgname} - - PACKAGE_VERSION=${CI_BUILD_REF_NAME} + - PACKAGE_VERSION=${CI_COMMIT_REF_NAME} - PACKAGE_ARCH=any - EXPORT_NAME=${BUILD_NAME} - 'echo "PACKAGE_NAME: ${PACKAGE_NAME}"' diff --git a/Dockerfile b/Dockerfile index 99c76bd..14d53b1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,10 +7,10 @@ RUN echo -e "VERSION=$VERSION\nCOMMIT=$COMMIT" > /version.env COPY requirements.txt /tmp/requirements.txt RUN apk update \ - && apk add --no-cache --virtual build-deps gcc g++ python3-dev musl-dev \ - && apk add --no-cache curl postgresql postgresql-dev mariadb-connector-c-dev sqlite-dev \ + && apk add --no-cache --virtual build-deps gcc g++ python3-dev musl-dev pkgconfig \ + && apk add --no-cache curl postgresql postgresql-dev mariadb-dev sqlite-dev \ && pip install --no-cache-dir --upgrade uvicorn \ - && pip install --no-cache-dir psycopg2==2.9.5 mysqlclient==2.1.1 pysqlite3==0.5.0 \ + && pip install --no-cache-dir psycopg2==2.9.6 mysqlclient==2.2.0 pysqlite3==0.5.1 \ && pip install --no-cache-dir -r /tmp/requirements.txt \ && apk del build-deps diff --git a/README.md b/README.md index 4d78b1e..698dae2 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Minimal Delegated License Service (DLS). -Compatibility tested with official DLS 2.0.1. +Compatibility tested with official NLS 2.0.1, 2.1.0, 3.1.0. This service can be used without internet connection. Only the clients need a connection to this service on configured port. @@ -65,7 +65,7 @@ docker run -e DLS_URL=`hostname -i` -e DLS_PORT=443 -p 443:443 -v $WORKING_DIR:/ **Docker-Compose / Deploy stack** -Goto [`docker-compose.yml`](docker-compose.yml) for more advanced example (with reverse proxy usage). +See [`examples`](examples) directory for more advanced examples (with reverse proxy usage). ```yaml version: '3.9' @@ -417,6 +417,7 @@ Successfully tested with this package versions: | vGPU Suftware | vGPU Manager | Linux Driver | Windows Driver | Release Date | |---------------|--------------|--------------|----------------|---------------| +| `15.3` | `525.125.03` | `525.125.06` | `529.11` | June 2023 | | `15.2` | `525.105.14` | `525.105.17` | `528.89` | March 2023 | | `15.1` | `525.85.07` | `525.85.05` | `528.24` | January 2023 | | `15.0` | `525.60.12` | `525.60.13` | `527.41` | December 2022 | @@ -681,7 +682,7 @@ The error message can safely be ignored (since we have no license limitation :P) <0>:End Logging ``` -#### log with nginx as reverse proxy (see [docker-compose.yml](docker-compose.yml)) +#### log with nginx as reverse proxy (see [docker-compose-http-and-https.yml](examples/docker-compose-http-and-https.yml)) ``` <1>:NLS initialized diff --git a/app/main.py b/app/main.py index f5388c8..45b53aa 100644 --- a/app/main.py +++ b/app/main.py @@ -186,6 +186,12 @@ async def _leases(request: Request, origin: bool = False): return JSONr(response) +@app.delete('/-/leases/expired', summary='* Leases') +async def _lease_delete_expired(request: Request): + Lease.delete_expired(db) + return Response(status_code=201) + + @app.delete('/-/lease/{lease_ref}', summary='* Lease') async def _lease_delete(request: Request, lease_ref: str): if Lease.delete(db, lease_ref) == 1: diff --git a/app/orm.py b/app/orm.py index c78ca95..0b19e92 100644 --- a/app/orm.py +++ b/app/orm.py @@ -160,6 +160,14 @@ class Lease(Base): session.close() return deletions + @staticmethod + def delete_expired(engine: Engine) -> int: + session = sessionmaker(bind=engine)() + deletions = session.query(Lease).filter(Lease.lease_expires <= datetime.utcnow()).delete() + session.commit() + session.close() + return deletions + @staticmethod def calculate_renewal(renewal_period: float, delta: timedelta) -> timedelta: """ diff --git a/docker-compose.yml b/docker-compose.yml index 3f02cdc..506a1a0 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,9 +1,10 @@ version: '3.9' x-dls-variables: &dls-variables - DLS_URL: localhost # REQUIRED, change to your ip or hostname - DLS_PORT: 443 # must match nginx listen & exposed port - LEASE_EXPIRE_DAYS: 90 + TZ: Europe/Berlin # REQUIRED, set your timezone correctly on fastapi-dls AND YOUR CLIENTS !!! + DLS_URL: localhost # REQUIRED, change to your ip or hostname + DLS_PORT: 443 + LEASE_EXPIRE_DAYS: 90 # 90 days is maximum DATABASE: sqlite:////app/database/db.sqlite DEBUG: false @@ -13,108 +14,16 @@ services: restart: always environment: <<: *dls-variables - volumes: - - /etc/timezone:/etc/timezone:ro - - /opt/docker/fastapi-dls/cert:/app/cert # instance.private.pem, instance.public.pem - - db:/app/database - entrypoint: ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000", "--app-dir", "/app", "--proxy-headers"] - healthcheck: - test: ["CMD", "curl", "--fail", "http://localhost:8000/-/health"] - interval: 10s - timeout: 5s - retries: 3 - start_period: 30s - proxy: - image: nginx ports: - # thees are ports where nginx (!) is listen to - - "80:80" # for "/leasing/v1/lessor/shutdown" used by windows guests, can't be changed! - - "443:443" # first part must match "DLS_PORT" + - "443:443" volumes: - - /etc/timezone:/etc/timezone:ro - - /opt/docker/fastapi-dls/cert:/opt/cert - healthcheck: - test: ["CMD", "curl", "--insecure", "--fail", "https://localhost/-/health"] - interval: 10s - timeout: 5s - retries: 3 - start_period: 30s - command: | - bash -c "bash -s <<\"EOF\" - cat > /etc/nginx/nginx.conf <<\"EON\" - daemon off; - user root; - worker_processes auto; - - events { - worker_connections 1024; - } - - http { - gzip on; - gzip_disable "msie6"; - include /etc/nginx/mime.types; - - upstream dls-backend { - server dls:8000; # must match dls listen port - } - - server { - listen 443 ssl http2 default_server; - listen [::]:443 ssl http2 default_server; - - root /var/www/html; - index index.html; - server_name _; - - ssl_certificate "/opt/cert/webserver.crt"; - ssl_certificate_key "/opt/cert/webserver.key"; - ssl_session_cache shared:SSL:1m; - ssl_session_timeout 10m; - ssl_protocols TLSv1.3 TLSv1.2; - # ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305"; - # ssl_ciphers PROFILE=SYSTEM; - ssl_prefer_server_ciphers on; - - location / { - proxy_set_header Host $$http_host; - proxy_set_header X-Real-IP $$remote_addr; - proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $$scheme; - proxy_pass http://dls-backend$$request_uri; - } - - location = /-/health { - access_log off; - add_header 'Content-Type' 'application/json'; - return 200 '{\"status\":\"up\",\"service\":\"nginx\"}'; - } - } - - server { - listen 80; - listen [::]:80; - - root /var/www/html; - index index.html; - server_name _; - - location /leasing/v1/lessor/shutdown { - proxy_set_header Host $$http_host; - proxy_set_header X-Real-IP $$remote_addr; - proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $$scheme; - proxy_pass http://dls-backend/leasing/v1/lessor/shutdown; - } - - location / { - return 301 https://$$host$$request_uri; - } - } - } - EON - nginx - EOF" + - /opt/docker/fastapi-dls/cert:/app/cert + - dls-db:/app/database + logging: # optional, for those who do not need logs + driver: "json-file" + options: + max-file: 5 + max-size: 10m volumes: - db: + dls-db: diff --git a/examples/docker-compose-http-and-https.yml b/examples/docker-compose-http-and-https.yml new file mode 100644 index 0000000..3f02cdc --- /dev/null +++ b/examples/docker-compose-http-and-https.yml @@ -0,0 +1,120 @@ +version: '3.9' + +x-dls-variables: &dls-variables + DLS_URL: localhost # REQUIRED, change to your ip or hostname + DLS_PORT: 443 # must match nginx listen & exposed port + LEASE_EXPIRE_DAYS: 90 + DATABASE: sqlite:////app/database/db.sqlite + DEBUG: false + +services: + dls: + image: collinwebdesigns/fastapi-dls:latest + restart: always + environment: + <<: *dls-variables + volumes: + - /etc/timezone:/etc/timezone:ro + - /opt/docker/fastapi-dls/cert:/app/cert # instance.private.pem, instance.public.pem + - db:/app/database + entrypoint: ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000", "--app-dir", "/app", "--proxy-headers"] + healthcheck: + test: ["CMD", "curl", "--fail", "http://localhost:8000/-/health"] + interval: 10s + timeout: 5s + retries: 3 + start_period: 30s + proxy: + image: nginx + ports: + # thees are ports where nginx (!) is listen to + - "80:80" # for "/leasing/v1/lessor/shutdown" used by windows guests, can't be changed! + - "443:443" # first part must match "DLS_PORT" + volumes: + - /etc/timezone:/etc/timezone:ro + - /opt/docker/fastapi-dls/cert:/opt/cert + healthcheck: + test: ["CMD", "curl", "--insecure", "--fail", "https://localhost/-/health"] + interval: 10s + timeout: 5s + retries: 3 + start_period: 30s + command: | + bash -c "bash -s <<\"EOF\" + cat > /etc/nginx/nginx.conf <<\"EON\" + daemon off; + user root; + worker_processes auto; + + events { + worker_connections 1024; + } + + http { + gzip on; + gzip_disable "msie6"; + include /etc/nginx/mime.types; + + upstream dls-backend { + server dls:8000; # must match dls listen port + } + + server { + listen 443 ssl http2 default_server; + listen [::]:443 ssl http2 default_server; + + root /var/www/html; + index index.html; + server_name _; + + ssl_certificate "/opt/cert/webserver.crt"; + ssl_certificate_key "/opt/cert/webserver.key"; + ssl_session_cache shared:SSL:1m; + ssl_session_timeout 10m; + ssl_protocols TLSv1.3 TLSv1.2; + # ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305"; + # ssl_ciphers PROFILE=SYSTEM; + ssl_prefer_server_ciphers on; + + location / { + proxy_set_header Host $$http_host; + proxy_set_header X-Real-IP $$remote_addr; + proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $$scheme; + proxy_pass http://dls-backend$$request_uri; + } + + location = /-/health { + access_log off; + add_header 'Content-Type' 'application/json'; + return 200 '{\"status\":\"up\",\"service\":\"nginx\"}'; + } + } + + server { + listen 80; + listen [::]:80; + + root /var/www/html; + index index.html; + server_name _; + + location /leasing/v1/lessor/shutdown { + proxy_set_header Host $$http_host; + proxy_set_header X-Real-IP $$remote_addr; + proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $$scheme; + proxy_pass http://dls-backend/leasing/v1/lessor/shutdown; + } + + location / { + return 301 https://$$host$$request_uri; + } + } + } + EON + nginx + EOF" + +volumes: + db: diff --git a/requirements.txt b/requirements.txt index 2aaec8d..de8c05b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,8 +1,8 @@ -fastapi==0.95.1 +fastapi==0.99.1 uvicorn[standard]==0.22.0 python-jose==3.3.0 -pycryptodome==3.17 +pycryptodome==3.18.0 python-dateutil==2.8.2 -sqlalchemy==2.0.12 +sqlalchemy==2.0.17 markdown==3.4.3 python-dotenv==1.0.0