Compare commits
57 Commits
0c5fb7566c
...
6dbd39b76c
Author | SHA1 | Date | |
---|---|---|---|
6dbd39b76c | |||
21f49a2fb5 | |||
757bae849c | |||
e1259838db | |||
5bb8f17679 | |||
de17b0f1b5 | |||
0ab5969d3a | |||
059a51fe74 | |||
bf858b38f4 | |||
f60f08d543 | |||
b2e6fab294 | |||
b09bb091a5 | |||
651af4cc82 | |||
70f7d3f483 | |||
1e4070a1ba | |||
d69d833923 | |||
7ef071f92b | |||
3c19fc9d5b | |||
742fa07ed4 | |||
a758d93970 | |||
a65687a082 | |||
3e445c80aa | |||
20cc984799 | |||
3495cc3af5 | |||
ed13577e82 | |||
ca8a9df54c | |||
5425eec545 | |||
2f3c7d5433 | |||
b551b0e7f9 | |||
50dea9ac4e | |||
4699c1770d | |||
549a48a10b | |||
1f3bc8b4af | |||
5fc8d4091b | |||
851ec1a5c6 | |||
9180222169 | |||
e71d4c4f4e | |||
aecad82914 | |||
02fccb3605 | |||
24dba89dbe | |||
f5557a5ccd | |||
e8736c94ec | |||
4325560ec4 | |||
05979490ce | |||
c894537ff9 | |||
dc6b6bff69 | |||
0b7bedde66 | |||
3d5203dae0 | |||
d187167129 | |||
79c8d19b00 | |||
8a7f5d9cbe | |||
5e6c014b2b | |||
1173964643 | |||
a4c2ec6895 | |||
68aeeb785d | |||
a91ff4cd9b | |||
a6cf5e0ac1 |
@ -3,7 +3,7 @@
|
||||
WORKING_DIR=/usr/share/fastapi-dls
|
||||
CONFIG_DIR=/etc/fastapi-dls
|
||||
|
||||
if [[ ! -f $CONFIG_DIR/instance.private.pem ]]; then
|
||||
if [ ! -f $CONFIG_DIR/instance.private.pem ]; then
|
||||
echo "> Create dls-instance keypair ..."
|
||||
openssl genrsa -out $CONFIG_DIR/instance.private.pem 2048
|
||||
openssl rsa -in $CONFIG_DIR/instance.private.pem -outform PEM -pubout -out $CONFIG_DIR/instance.public.pem
|
||||
@ -12,8 +12,8 @@ else
|
||||
fi
|
||||
|
||||
while true; do
|
||||
[[ -f $CONFIG_DIR/webserver.key ]] && default_answer="N" || default_answer="Y"
|
||||
[[ $default_answer == "Y" ]] && V="Y/n" || V="y/N"
|
||||
[ -f $CONFIG_DIR/webserver.key ] && default_answer="N" || default_answer="Y"
|
||||
[ $default_answer == "Y" ] && V="Y/n" || V="y/N"
|
||||
read -p "> Do you wish to create self-signed webserver certificate? [${V}]" yn
|
||||
yn=${yn:-$default_answer} # ${parameter:-word} If parameter is unset or null, the expansion of word is substituted. Otherwise, the value of parameter is substituted.
|
||||
case $yn in
|
||||
@ -27,7 +27,7 @@ while true; do
|
||||
esac
|
||||
done
|
||||
|
||||
if [[ -f $CONFIG_DIR/webserver.key ]]; then
|
||||
if [ -f $CONFIG_DIR/webserver.key ]; then
|
||||
echo "> Starting service ..."
|
||||
systemctl start fastapi-dls.service
|
||||
|
||||
|
@ -1,8 +1,9 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [[ -f /etc/systemd/system/fastapi-dls.service ]]; then
|
||||
echo "> Removing service file."
|
||||
rm /etc/systemd/system/fastapi-dls.service
|
||||
fi
|
||||
# is removed automatically
|
||||
#if [ "$1" = purge ] && [ -d /usr/share/fastapi-dls ]; then
|
||||
# echo "> Removing app."
|
||||
# rm -r /usr/share/fastapi-dls
|
||||
#fi
|
||||
|
||||
# todo
|
||||
echo -e "> Done."
|
||||
|
@ -1,5 +1,3 @@
|
||||
#!/bin/bash
|
||||
|
||||
echo -e "> Starting uninstallation of 'fastapi-dls'!"
|
||||
|
||||
# todo
|
||||
|
@ -50,7 +50,7 @@ build:apt:
|
||||
- cp .DEBIAN/env.default build/etc/fastapi-dls/env
|
||||
# create service file
|
||||
- mkdir -p build/etc/systemd/system
|
||||
- cp .DEBIAN/fastapi-dls.service build/etc/systemd/system
|
||||
- cp .DEBIAN/fastapi-dls.service build/etc/systemd/system/fastapi-dls.service
|
||||
# cd into "build/"
|
||||
- cd build/
|
||||
script:
|
||||
@ -98,7 +98,7 @@ build:pacman:
|
||||
- "*.pkg.tar.zst"
|
||||
|
||||
test:
|
||||
image: python:3.10-slim-bullseye
|
||||
image: python:3.11-slim-bullseye
|
||||
stage: test
|
||||
rules:
|
||||
- if: $CI_COMMIT_BRANCH
|
||||
@ -114,6 +114,9 @@ test:
|
||||
- cd test
|
||||
script:
|
||||
- pytest main.py
|
||||
artifacts:
|
||||
reports:
|
||||
dotenv: version.env
|
||||
|
||||
.test:linux:
|
||||
stage: test
|
||||
@ -272,24 +275,11 @@ deploy:pacman:
|
||||
- 'echo "EXPORT_NAME: ${EXPORT_NAME}"'
|
||||
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file ${EXPORT_NAME} "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${PACKAGE_NAME}/${PACKAGE_VERSION}/${EXPORT_NAME}"'
|
||||
|
||||
release:prepare:
|
||||
stage: .pre
|
||||
rules:
|
||||
- if: $CI_COMMIT_TAG
|
||||
when: never
|
||||
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
|
||||
script:
|
||||
- source version.env
|
||||
- echo &VERSION
|
||||
artifacts:
|
||||
reports:
|
||||
dotenv: version.env
|
||||
|
||||
release:
|
||||
image: registry.gitlab.com/gitlab-org/release-cli:latest
|
||||
stage: .post
|
||||
needs:
|
||||
- job: release:prepare
|
||||
- job: test
|
||||
artifacts: true
|
||||
rules:
|
||||
- if: $CI_COMMIT_TAG
|
||||
@ -298,7 +288,7 @@ release:
|
||||
script:
|
||||
- echo "Running release-job for $VERSION"
|
||||
release:
|
||||
name: $CI_PROJECT_TITLE $version
|
||||
name: $CI_PROJECT_TITLE $VERSION
|
||||
description: Release of $CI_PROJECT_TITLE version $VERSION
|
||||
tag_name: $VERSION
|
||||
ref: $CI_COMMIT_SHA
|
||||
|
@ -1,4 +1,4 @@
|
||||
FROM python:3.10-alpine
|
||||
FROM python:3.11-alpine
|
||||
|
||||
COPY requirements.txt /tmp/requirements.txt
|
||||
|
||||
|
17
FAQ.md
Normal file
17
FAQ.md
Normal file
@ -0,0 +1,17 @@
|
||||
# FAQ
|
||||
|
||||
## `Failed to acquire license from <ip> (Info: <license> - Error: The allowed time to process response has expired)`
|
||||
|
||||
- Did your timezone settings are correct on fastapi-dls **and your guest**?
|
||||
|
||||
- Did you download the client-token more than an hour ago?
|
||||
|
||||
Please download a new client-token. The guest have to register within an hour after client-token was created.
|
||||
|
||||
|
||||
## `jose.exceptions.JWTError: Signature verification failed.`
|
||||
|
||||
- Did you recreated `instance.public.pem` / `instance.private.pem`?
|
||||
|
||||
Then you have to download a **new** client-token on each of your guests.
|
||||
|
230
README.md
230
README.md
@ -9,68 +9,6 @@ Only the clients need a connection to this service on configured port.
|
||||
|
||||
[[_TOC_]]
|
||||
|
||||
## ToDo's
|
||||
|
||||
- check why windows guests display "can't acquire license" although in log there is no message displayed and license is
|
||||
also acquired successfully
|
||||
|
||||
## Endpoints
|
||||
|
||||
### `GET /`
|
||||
|
||||
Redirect to `/-/readme`.
|
||||
|
||||
### `GET /-/health`
|
||||
|
||||
Status endpoint, used for *healthcheck*.
|
||||
|
||||
### `GET /-/config`
|
||||
|
||||
Shows current runtime environment variables and their values.
|
||||
|
||||
### `GET /-/readme`
|
||||
|
||||
HTML rendered README.md.
|
||||
|
||||
### `GET /-/docs`, `GET /-/redoc`
|
||||
|
||||
OpenAPI specifications rendered from `GET /-/openapi.json`.
|
||||
|
||||
### `GET /-/manage`
|
||||
|
||||
Shows a very basic UI to delete origins or leases.
|
||||
|
||||
### `GET /-/origins?leases=false`
|
||||
|
||||
List registered origins.
|
||||
|
||||
| Query Parameter | Default | Usage |
|
||||
|-----------------|---------|--------------------------------------|
|
||||
| `leases` | `false` | Include referenced leases per origin |
|
||||
|
||||
### `DELETE /-/origins`
|
||||
|
||||
Deletes all origins and their leases.
|
||||
|
||||
### `GET /-/leases?origin=false`
|
||||
|
||||
List current leases.
|
||||
|
||||
| Query Parameter | Default | Usage |
|
||||
|-----------------|---------|-------------------------------------|
|
||||
| `origin` | `false` | Include referenced origin per lease |
|
||||
|
||||
### `DELETE /-/lease/{lease_ref}`
|
||||
|
||||
Deletes an lease.
|
||||
|
||||
### `GET /-/client-token`
|
||||
|
||||
Generate client token, (see [installation](#installation)).
|
||||
|
||||
### Others
|
||||
|
||||
There are some more internal api endpoints for handling authentication and lease process.
|
||||
|
||||
# Setup (Service)
|
||||
|
||||
@ -96,6 +34,8 @@ openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout $WORKING_DIR/webse
|
||||
|
||||
**Start container**
|
||||
|
||||
To test if everything is set up properly you can start container as following:
|
||||
|
||||
```shell
|
||||
docker volume create dls-db
|
||||
docker run -e DLS_URL=`hostname -i` -e DLS_PORT=443 -p 443:443 -v $WORKING_DIR:/app/cert -v dls-db:/app/database collinwebdesigns/fastapi-dls:latest
|
||||
@ -103,7 +43,7 @@ docker run -e DLS_URL=`hostname -i` -e DLS_PORT=443 -p 443:443 -v $WORKING_DIR:/
|
||||
|
||||
**Docker-Compose / Deploy stack**
|
||||
|
||||
Goto [`docker-compose.yml`](docker-compose.yml) for more advanced example.
|
||||
Goto [`docker-compose.yml`](docker-compose.yml) for more advanced example (with reverse proxy usage).
|
||||
|
||||
```yaml
|
||||
version: '3.9'
|
||||
@ -130,7 +70,7 @@ volumes:
|
||||
dls-db:
|
||||
```
|
||||
|
||||
## Debian/Ubuntu (manual method using `git clone`)
|
||||
## Debian/Ubuntu (manual method using `git clone` and python virtual environment)
|
||||
|
||||
Tested on `Debian 11 (bullseye)`, Ubuntu may also work.
|
||||
|
||||
@ -235,6 +175,11 @@ Successful tested with:
|
||||
- Debian 12 (Bookworm) (works but not recommended because it is currently in *testing* state)
|
||||
- Ubuntu 22.10 (Kinetic Kudu)
|
||||
|
||||
Not working with:
|
||||
|
||||
- Debian 11 (Bullseye) and lower (missing `python-jose` dependency)
|
||||
- Ubuntu 22.04 (Jammy Jellyfish) (not supported as for 15.01.2023 due to [fastapi - uvicorn version missmatch](https://bugs.launchpad.net/ubuntu/+source/fastapi/+bug/1970557))
|
||||
|
||||
**Run this on your server instance**
|
||||
|
||||
First go to [GitLab-Registry](https://git.collinwebdesigns.de/oscar.krause/fastapi-dls/-/packages) and select your
|
||||
@ -261,13 +206,17 @@ Packages are available here:
|
||||
```shell
|
||||
pacman -Sy
|
||||
FILENAME=/opt/fastapi-dls.pkg.tar.zst
|
||||
url -o $FILENAME <download-url>
|
||||
|
||||
curl -o $FILENAME <download-url>
|
||||
# or
|
||||
wget -O $FILENAME <download-url>
|
||||
|
||||
pacman -U --noconfirm fastapi-dls.pkg.tar.zst
|
||||
```
|
||||
|
||||
Start with `systemctl start fastapi-dls.service` and enable autostart with `systemctl enable fastapi-dls.service`.
|
||||
|
||||
## Let's Encrypt Certificate
|
||||
## Let's Encrypt Certificate (optional)
|
||||
|
||||
If you're using installation via docker, you can use `traefik`. Please refer to their documentation.
|
||||
|
||||
@ -298,8 +247,8 @@ After first success you have to replace `--issue` with `--renew`.
|
||||
| `SITE_KEY_XID` | `00000000-0000-0000-0000-000000000000` | Site identification uuid |
|
||||
| `INSTANCE_REF` | `10000000-0000-0000-0000-000000000001` | Instance identification uuid |
|
||||
| `ALLOTMENT_REF` | `20000000-0000-0000-0000-000000000001` | Allotment identification uuid |
|
||||
| `INSTANCE_KEY_RSA` | `<app-dir>/cert/instance.private.pem` | Site-wide private RSA key for singing JWTs |
|
||||
| `INSTANCE_KEY_PUB` | `<app-dir>/cert/instance.public.pem` | Site-wide public key |
|
||||
| `INSTANCE_KEY_RSA` | `<app-dir>/cert/instance.private.pem` | Site-wide private RSA key for singing JWTs \*3 |
|
||||
| `INSTANCE_KEY_PUB` | `<app-dir>/cert/instance.public.pem` | Site-wide public key \*3 |
|
||||
|
||||
\*1 For example, if the lease period is one day and the renewal period is 20%, the client attempts to renew its license
|
||||
every 4.8 hours. If network connectivity is lost, the loss of connectivity is detected during license renewal and the
|
||||
@ -307,6 +256,8 @@ client has 19.2 hours in which to re-establish connectivity before its license e
|
||||
|
||||
\*2 Always use `https`, since guest-drivers only support secure connections!
|
||||
|
||||
\*3 If you recreate instance keys you need to **recreate client-token for each guest**!
|
||||
|
||||
# Setup (Client)
|
||||
|
||||
**The token file has to be copied! It's not enough to C&P file contents, because there can be special characters.**
|
||||
@ -319,27 +270,128 @@ Successfully tested with this package versions:
|
||||
|
||||
## Linux
|
||||
|
||||
Download *client-token* and place it into `/etc/nvidia/ClientConfigToken`:
|
||||
|
||||
```shell
|
||||
curl --insecure -L -X GET https://<dls-hostname-or-ip>/-/client-token -o /etc/nvidia/ClientConfigToken/client_configuration_token_$(date '+%d-%m-%Y-%H-%M-%S').tok
|
||||
# or
|
||||
wget --no-check-certificate -O /etc/nvidia/ClientConfigToken/client_configuration_token_$(date '+%d-%m-%Y-%H-%M-%S').tok https://<dls-hostname-or-ip>/-/client-token
|
||||
```
|
||||
|
||||
Restart `nvidia-gridd` service:
|
||||
|
||||
```shell
|
||||
curl --insecure -L -X GET https://<dls-hostname-or-ip>/client-token -o /etc/nvidia/ClientConfigToken/client_configuration_token_$(date '+%d-%m-%Y-%H-%M-%S').tok
|
||||
service nvidia-gridd restart
|
||||
```
|
||||
|
||||
Check licensing status:
|
||||
|
||||
```shell
|
||||
nvidia-smi -q | grep "License"
|
||||
```
|
||||
|
||||
## Windows
|
||||
Output should be something like:
|
||||
|
||||
Download file and place it into `C:\Program Files\NVIDIA Corporation\vGPU Licensing\ClientConfigToken`.
|
||||
Now restart `NvContainerLocalSystem` service.
|
||||
|
||||
**Power-Shell**
|
||||
|
||||
```Shell
|
||||
curl.exe --insecure -L -X GET https://<dls-hostname-or-ip>/client-token -o "C:\Program Files\NVIDIA Corporation\vGPU Licensing\ClientConfigToken\client_configuration_token_$($(Get-Date).tostring('dd-MM-yy-hh-mm-ss')).tok"
|
||||
Restart-Service NVDisplay.ContainerLocalSystem
|
||||
'C:\Program Files\NVIDIA Corporation\NVSMI\nvidia-smi.exe' -q | Select-String "License"
|
||||
```text
|
||||
vGPU Software Licensed Product
|
||||
License Status : Licensed (Expiry: YYYY-M-DD hh:mm:ss GMT)
|
||||
```
|
||||
|
||||
Done. For more information check [troubleshoot section](#troubleshoot).
|
||||
|
||||
## Windows
|
||||
|
||||
**Power-Shell** (run as administrator!)
|
||||
|
||||
Download *client-token* and place it into `C:\Program Files\NVIDIA Corporation\vGPU Licensing\ClientConfigToken`:
|
||||
|
||||
```shell
|
||||
curl.exe --insecure -L -X GET https://<dls-hostname-or-ip>/-/client-token -o "C:\Program Files\NVIDIA Corporation\vGPU Licensing\ClientConfigToken\client_configuration_token_$($(Get-Date).tostring('dd-MM-yy-hh-mm-ss')).tok"
|
||||
```
|
||||
|
||||
Restart `NvContainerLocalSystem` service:
|
||||
|
||||
```Shell
|
||||
Restart-Service NVDisplay.ContainerLocalSystem
|
||||
```
|
||||
|
||||
Check licensing status:
|
||||
|
||||
```shell
|
||||
& 'C:\Program Files\NVIDIA Corporation\NVSMI\nvidia-smi.exe' -q | Select-String "License"
|
||||
```
|
||||
|
||||
Output should be something like:
|
||||
|
||||
```text
|
||||
vGPU Software Licensed Product
|
||||
License Status : Licensed (Expiry: YYYY-M-DD hh:mm:ss GMT)
|
||||
```
|
||||
|
||||
Done. For more information check [troubleshoot section](#troubleshoot).
|
||||
|
||||
# Endpoints
|
||||
|
||||
### `GET /`
|
||||
|
||||
Redirect to `/-/readme`.
|
||||
|
||||
### `GET /-/health`
|
||||
|
||||
Status endpoint, used for *healthcheck*.
|
||||
|
||||
### `GET /-/config`
|
||||
|
||||
Shows current runtime environment variables and their values.
|
||||
|
||||
### `GET /-/readme`
|
||||
|
||||
HTML rendered README.md.
|
||||
|
||||
### `GET /-/docs`, `GET /-/redoc`
|
||||
|
||||
OpenAPI specifications rendered from `GET /-/openapi.json`.
|
||||
|
||||
### `GET /-/manage`
|
||||
|
||||
Shows a very basic UI to delete origins or leases.
|
||||
|
||||
### `GET /-/origins?leases=false`
|
||||
|
||||
List registered origins.
|
||||
|
||||
| Query Parameter | Default | Usage |
|
||||
|-----------------|---------|--------------------------------------|
|
||||
| `leases` | `false` | Include referenced leases per origin |
|
||||
|
||||
### `DELETE /-/origins`
|
||||
|
||||
Deletes all origins and their leases.
|
||||
|
||||
### `GET /-/leases?origin=false`
|
||||
|
||||
List current leases.
|
||||
|
||||
| Query Parameter | Default | Usage |
|
||||
|-----------------|---------|-------------------------------------|
|
||||
| `origin` | `false` | Include referenced origin per lease |
|
||||
|
||||
### `DELETE /-/lease/{lease_ref}`
|
||||
|
||||
Deletes an lease.
|
||||
|
||||
### `GET /-/client-token`
|
||||
|
||||
Generate client token, (see [installation](#installation)).
|
||||
|
||||
### Others
|
||||
|
||||
There are many other internal api endpoints for handling authentication and lease process.
|
||||
|
||||
# Troubleshoot
|
||||
|
||||
**Please make sure that fastapi-dls and your guests are on the same timezone!**
|
||||
|
||||
## Linux
|
||||
|
||||
Logs are available with `journalctl -u nvidia-gridd -f`.
|
||||
@ -358,6 +410,9 @@ This message can be ignored.
|
||||
|
||||
- Ref. https://github.com/encode/uvicorn/issues/441
|
||||
|
||||
<details>
|
||||
<summary>Log example</summary>
|
||||
|
||||
```
|
||||
WARNING:uvicorn.error:Invalid HTTP request received.
|
||||
Traceback (most recent call last):
|
||||
@ -376,6 +431,8 @@ Traceback (most recent call last):
|
||||
h11._util.RemoteProtocolError: no request line received
|
||||
```
|
||||
|
||||
</details>
|
||||
|
||||
## Windows
|
||||
|
||||
### Required cipher on Windows Guests (e.g. managed by domain controller with GPO)
|
||||
@ -443,14 +500,13 @@ Dec 20 17:53:34 ubuntu-grid-server nvidia-gridd[10354]: License acquired success
|
||||
|
||||
</details>
|
||||
|
||||
### Error on releasing leases on shutdown (fixed in 1.3 by using reverse proxy)
|
||||
### Error on releasing leases on shutdown (can be ignored and/or fixed with reverse proxy)
|
||||
|
||||
**UPDATE for version `1.3`**: This issue can be fixed by using a reverse proxy (e.g. `nginx`). Please read section
|
||||
below.
|
||||
The driver wants to release current leases on shutting down windows. This endpoint needs to be a http endpoint.
|
||||
The error message can safely be ignored (since we have no license limitation :P) and looks like this:
|
||||
|
||||
The driver wants to release current leases on shutting down windows. This endpoint needs to be a http endpoint and
|
||||
is currently not implemented. The error message looks like and safely can be ignored (since we have no license
|
||||
limitation :P):
|
||||
<details>
|
||||
<summary>Log example</summary>
|
||||
|
||||
```
|
||||
<1>:NLS initialized
|
||||
@ -459,7 +515,7 @@ limitation :P):
|
||||
<0>:End Logging
|
||||
```
|
||||
|
||||
#### log with 1.3 and nginx as reverse proxy
|
||||
#### log with nginx as reverse proxy (see [docker-compose.yml](docker-compose.yml))
|
||||
|
||||
```
|
||||
<1>:NLS initialized
|
||||
@ -474,6 +530,8 @@ limitation :P):
|
||||
<0>:End Logging
|
||||
```
|
||||
|
||||
</details>
|
||||
|
||||
# Credits
|
||||
|
||||
Thanks to vGPU community and all who uses this project and report bugs.
|
||||
|
16
app/main.py
16
app/main.py
@ -9,7 +9,7 @@ from dotenv import load_dotenv
|
||||
from fastapi import FastAPI
|
||||
from fastapi.requests import Request
|
||||
from json import loads as json_loads
|
||||
from datetime import datetime
|
||||
from datetime import datetime, timedelta
|
||||
from dateutil.relativedelta import relativedelta
|
||||
from calendar import timegm
|
||||
from jose import jws, jwk, jwt, JWTError
|
||||
@ -50,6 +50,7 @@ INSTANCE_KEY_PUB = load_key(str(env('INSTANCE_KEY_PUB', join(dirname(__file__),
|
||||
TOKEN_EXPIRE_DELTA = relativedelta(days=int(env('TOKEN_EXPIRE_DAYS', 1)), hours=int(env('TOKEN_EXPIRE_HOURS', 0)))
|
||||
LEASE_EXPIRE_DELTA = relativedelta(days=int(env('LEASE_EXPIRE_DAYS', 90)), hours=int(env('LEASE_EXPIRE_HOURS', 0)))
|
||||
LEASE_RENEWAL_PERIOD = float(env('LEASE_RENEWAL_PERIOD', 0.15))
|
||||
LEASE_RENEWAL_DELTA = timedelta(days=int(env('LEASE_EXPIRE_DAYS', 90)), hours=int(env('LEASE_EXPIRE_HOURS', 0)))
|
||||
CORS_ORIGINS = str(env('CORS_ORIGINS', '')).split(',') if (env('CORS_ORIGINS')) else [f'https://{DLS_URL}']
|
||||
|
||||
jwt_encode_key = jwk.construct(INSTANCE_KEY_RSA.export_key().decode('utf-8'), algorithm=ALGORITHMS.RS256)
|
||||
@ -143,7 +144,8 @@ async def _origins(request: Request, leases: bool = False):
|
||||
for origin in session.query(Origin).all():
|
||||
x = origin.serialize()
|
||||
if leases:
|
||||
x['leases'] = list(map(lambda _: _.serialize(), Lease.find_by_origin_ref(db, origin.origin_ref)))
|
||||
serialize = dict(renewal_period=LEASE_RENEWAL_PERIOD, renewal_delta=LEASE_RENEWAL_DELTA)
|
||||
x['leases'] = list(map(lambda _: _.serialize(**serialize), Lease.find_by_origin_ref(db, origin.origin_ref)))
|
||||
response.append(x)
|
||||
session.close()
|
||||
return JSONr(response)
|
||||
@ -159,7 +161,7 @@ async def _origins_delete(request: Request):
|
||||
async def _origins_delete_origin_ref(request: Request, origin_ref: str):
|
||||
if Origin.delete(db, origin_ref) == 1:
|
||||
return Response(status_code=201)
|
||||
raise JSONr(status_code=404, content={'status': 404, 'detail': 'lease not found'})
|
||||
return JSONr(status_code=404, content={'status': 404, 'detail': 'lease not found'})
|
||||
|
||||
|
||||
@app.get('/-/leases', summary='* Leases')
|
||||
@ -167,10 +169,12 @@ async def _leases(request: Request, origin: bool = False):
|
||||
session = sessionmaker(bind=db)()
|
||||
response = []
|
||||
for lease in session.query(Lease).all():
|
||||
x = lease.serialize()
|
||||
serialize = dict(renewal_period=LEASE_RENEWAL_PERIOD, renewal_delta=LEASE_RENEWAL_DELTA)
|
||||
x = lease.serialize(**serialize)
|
||||
if origin:
|
||||
# assume that each lease has a valid origin record
|
||||
x['origin'] = session.query(Origin).filter(Origin.origin_ref == lease.origin_ref).first().serialize()
|
||||
lease_origin = session.query(Origin).filter(Origin.origin_ref == lease.origin_ref).first()
|
||||
if lease_origin is not None:
|
||||
x['origin'] = lease_origin.serialize()
|
||||
response.append(x)
|
||||
session.close()
|
||||
return JSONr(response)
|
||||
|
29
app/orm.py
29
app/orm.py
@ -1,4 +1,5 @@
|
||||
from datetime import datetime, timezone
|
||||
from datetime import datetime, timedelta, timezone
|
||||
from dateutil.relativedelta import relativedelta
|
||||
|
||||
from sqlalchemy import Column, VARCHAR, CHAR, ForeignKey, DATETIME, update, and_, inspect
|
||||
from sqlalchemy.ext.declarative import declarative_base
|
||||
@ -56,12 +57,12 @@ class Origin(Base):
|
||||
session.close()
|
||||
|
||||
@staticmethod
|
||||
def delete(engine: Engine, origin_ref: str = None) -> int:
|
||||
def delete(engine: Engine, origins: ["Origin"] = None) -> int:
|
||||
session = sessionmaker(bind=engine)()
|
||||
if origin_ref is None:
|
||||
if origins is None:
|
||||
deletions = session.query(Origin).delete()
|
||||
else:
|
||||
deletions = session.query(Origin).filter(Origin.origin_ref == origin_ref).delete()
|
||||
deletions = session.query(Origin).filter(Origin.origin_ref in origins).delete()
|
||||
session.commit()
|
||||
session.close()
|
||||
return deletions
|
||||
@ -81,7 +82,10 @@ class Lease(Base):
|
||||
def __repr__(self):
|
||||
return f'Lease(origin_ref={self.origin_ref}, lease_ref={self.lease_ref}, expires={self.lease_expires})'
|
||||
|
||||
def serialize(self) -> dict:
|
||||
def serialize(self, renewal_period: float, renewal_delta: timedelta) -> dict:
|
||||
lease_renewal = int(Lease.calculate_renewal(renewal_period, renewal_delta).total_seconds())
|
||||
lease_renewal = self.lease_updated + relativedelta(seconds=lease_renewal)
|
||||
|
||||
return {
|
||||
'lease_ref': self.lease_ref,
|
||||
'origin_ref': self.origin_ref,
|
||||
@ -89,6 +93,7 @@ class Lease(Base):
|
||||
'lease_created': self.lease_created.replace(tzinfo=timezone.utc).isoformat(),
|
||||
'lease_expires': self.lease_expires.replace(tzinfo=timezone.utc).isoformat(),
|
||||
'lease_updated': self.lease_updated.replace(tzinfo=timezone.utc).isoformat(),
|
||||
'lease_renewal': lease_renewal.replace(tzinfo=timezone.utc).isoformat(),
|
||||
}
|
||||
|
||||
@staticmethod
|
||||
@ -156,6 +161,20 @@ class Lease(Base):
|
||||
session.close()
|
||||
return deletions
|
||||
|
||||
@staticmethod
|
||||
def calculate_renewal(renewal_period: float, delta: timedelta) -> timedelta:
|
||||
"""
|
||||
import datetime
|
||||
LEASE_RENEWAL_PERIOD=0.2 # 20%
|
||||
delta = datetime.timedelta(days=1)
|
||||
renew = delta.total_seconds() * LEASE_RENEWAL_PERIOD
|
||||
renew = datetime.timedelta(seconds=renew)
|
||||
expires = delta - renew # 19.2
|
||||
"""
|
||||
renew = delta.total_seconds() * renewal_period
|
||||
renew = timedelta(seconds=renew)
|
||||
return renew
|
||||
|
||||
|
||||
def init(engine: Engine):
|
||||
tables = [Origin, Lease]
|
||||
|
@ -76,6 +76,7 @@ async function fetchLeases(element) {
|
||||
<th scope="col">lease</th>
|
||||
<th scope="col">created</th>
|
||||
<th scope="col">updated</th>
|
||||
<th scope="col">next renew</th>
|
||||
<th scope="col">expires</th>
|
||||
<th scope="col">origin</th>
|
||||
</tr>`
|
||||
@ -87,8 +88,9 @@ async function fetchLeases(element) {
|
||||
<td><code>${o.lease_ref}</code></td>
|
||||
<td>${new Date(o.lease_created).toLocaleDateString('system', dtc)}</td>
|
||||
<td>${new Date(o.lease_updated).toLocaleDateString('system', dtc)}</td>
|
||||
<td>${new Date(o.lease_renewal).toLocaleDateString('system', dtc)}</td>
|
||||
<td>${new Date(o.lease_expires).toLocaleDateString('system', dtc)}</td>
|
||||
<td><code title="hostname: ${o.origin.hostname}">${o.origin_ref}</code></td>`
|
||||
<td><code title="hostname: ${o.origin?.hostname}">${o.origin_ref}</code></td>`
|
||||
tbody.appendChild(row);
|
||||
})
|
||||
table.appendChild(tbody)
|
||||
|
@ -2,13 +2,28 @@ version: '3.9'
|
||||
|
||||
x-dls-variables: &dls-variables
|
||||
DLS_URL: localhost # REQUIRED, change to your ip or hostname
|
||||
DLS_PORT: 443 # must match nginx listen port
|
||||
DLS_PORT: 443 # must match nginx listen & exposed port
|
||||
LEASE_EXPIRE_DAYS: 90
|
||||
DATABASE: sqlite:////app/database/db.sqlite
|
||||
DEBUG: false
|
||||
|
||||
services:
|
||||
web:
|
||||
dls:
|
||||
image: collinwebdesigns/fastapi-dls:latest
|
||||
restart: always
|
||||
environment:
|
||||
<<: *dls-variables
|
||||
volumes:
|
||||
- /opt/docker/fastapi-dls/cert:/app/cert # instance.private.pem, instance.public.pem
|
||||
- db:/app/database
|
||||
entrypoint: ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000", "--app-dir", "/app", "--proxy-headers"]
|
||||
healthcheck:
|
||||
test: ["CMD", "curl", "--fail", "http://localhost:8000/-/health"]
|
||||
interval: 10s
|
||||
timeout: 5s
|
||||
retries: 3
|
||||
start_period: 30s
|
||||
proxy:
|
||||
image: nginx
|
||||
ports:
|
||||
# thees are ports where nginx (!) is listen to
|
||||
@ -23,8 +38,8 @@ services:
|
||||
retries: 3
|
||||
start_period: 30s
|
||||
command: |
|
||||
bash -c 'bash -s <<"EOF"
|
||||
cat > /etc/nginx/nginx.conf <<"EON"
|
||||
bash -c "bash -s <<\"EOF\"
|
||||
cat > /etc/nginx/nginx.conf <<\"EON\"
|
||||
daemon off;
|
||||
user root;
|
||||
worker_processes auto;
|
||||
@ -39,7 +54,7 @@ services:
|
||||
include /etc/nginx/mime.types;
|
||||
|
||||
upstream dls-backend {
|
||||
server dls:443;
|
||||
server dls:8000; # must match dls listen port
|
||||
}
|
||||
|
||||
server {
|
||||
@ -60,18 +75,17 @@ services:
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
location / {
|
||||
proxy_ssl_verify off;
|
||||
proxy_set_header Host $$http_host;
|
||||
proxy_set_header X-Real-IP $$remote_addr;
|
||||
proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $$scheme;
|
||||
proxy_pass https://dls-backend$$request_uri;
|
||||
proxy_pass http://dls-backend$$request_uri;
|
||||
}
|
||||
|
||||
location = /-/health {
|
||||
access_log off;
|
||||
add_header 'Content-Type' 'application/json';
|
||||
return 200; # '{\"status\":\"up\",\"service\":\"nginx\"}';
|
||||
return 200 '{\"status\":\"up\",\"service\":\"nginx\"}';
|
||||
}
|
||||
}
|
||||
|
||||
@ -84,12 +98,11 @@ services:
|
||||
server_name _;
|
||||
|
||||
location /leasing/v1/lessor/shutdown {
|
||||
proxy_ssl_verify off;
|
||||
proxy_set_header Host $$http_host;
|
||||
proxy_set_header X-Real-IP $$remote_addr;
|
||||
proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $$scheme;
|
||||
proxy_pass https://dls-backend/leasing/v1/lessor/shutdown;
|
||||
proxy_pass http://dls-backend/leasing/v1/lessor/shutdown;
|
||||
}
|
||||
|
||||
location / {
|
||||
@ -99,16 +112,7 @@ services:
|
||||
}
|
||||
EON
|
||||
nginx
|
||||
EOF'
|
||||
|
||||
dls:
|
||||
image: collinwebdesigns/fastapi-dls:latest
|
||||
restart: always
|
||||
environment:
|
||||
<<: *dls-variables
|
||||
volumes:
|
||||
- /opt/docker/fastapi-dls/cert:/app/cert
|
||||
- db:/app/database
|
||||
EOF"
|
||||
|
||||
volumes:
|
||||
db:
|
||||
|
@ -1,9 +1,9 @@
|
||||
fastapi==0.88.0
|
||||
fastapi==0.89.1
|
||||
uvicorn[standard]==0.20.0
|
||||
python-jose==3.3.0
|
||||
pycryptodome==3.16.0
|
||||
python-dateutil==2.8.2
|
||||
sqlalchemy==1.4.45
|
||||
sqlalchemy==1.4.46
|
||||
markdown==3.4.1
|
||||
python-dotenv==0.21.0
|
||||
jinja2==3.1.2
|
||||
|
@ -1 +1 @@
|
||||
VERSION=1.3
|
||||
VERSION=1.3.3
|
||||
|
Loading…
Reference in New Issue
Block a user