Merge remote-tracking branch 'origin/dev' into dev

README.md - added installation method with debian and git on bare metal
.gitlab-ci.yml fixes
2022-12-22 07:58:04 +01:00 · 2022-12-22 07:57:56 +01:00 · 2022-12-21 11:11:55 +01:00 · 2022-12-21 11:06:25 +01:00 · 2022-12-21 11:06:09 +01:00 · 2022-12-21 10:53:51 +01:00
4 changed files with 108 additions and 6 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -9,7 +9,7 @@ build:
    - if: $CI_COMMIT_BRANCH
  tags: [ docker ]
  before_script:
-    - echo "COMMIT=`git rev-parse HEAD`" >> version.env
+    - echo "COMMIT=${CI_COMMIT_SHA}" >> version.env  # COMMIT=`git rev-parse HEAD`
  script:
    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
    - docker build . --tag ${CI_REGISTRY}/${CI_PROJECT_PATH}/${CI_BUILD_REF_NAME}:${CI_BUILD_REF}
@ -24,9 +24,13 @@ deploy:
  stage: deploy
  rules:
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+  before_script:
+    - echo "COMMIT=${CI_COMMIT_SHA}" >> version.env
+    - source version.env
+    - echo "Building docker image for commit ${COMMIT} with version ${VERSION}"
  script:
    - docker login -u $PUBLIC_REGISTRY_USER -p $PUBLIC_REGISTRY_TOKEN
-    - docker build . --tag $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:${CI_BUILD_REF}
+    - docker build . --tag $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:${VERSION}
    - docker build . --tag $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:latest
-    - docker push $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:${CI_BUILD_REF}
+    - docker push $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:${VERSION}
    - docker push $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:latest
--- a/1
+++ b/1
@ -11,6 +11,7 @@ RUN apk update \
 && apk del build-deps

 COPY app /app
+COPY version.env /version.env
 COPY README.md /README.md

 HEALTHCHECK --start-period=30s --interval=10s --timeout=5s --retries=3 CMD curl --insecure --fail https://localhost/status || exit 1
--- a/README.md
+++ b/README.md
@ -12,6 +12,10 @@ HTML rendered README.md.

 Status endpoint, used for *healthcheck*. Shows also current version and commit hash.

+### `GET /docs`
+
+OpenAPI specifications rendered from `GET /openapi.json`.
+
 ### `GET /-/origins`

 List registered origins.
@ -28,7 +32,9 @@ Generate client token, (see [installation](#installation)).

 There are some more internal api endpoints for handling authentication and lease process.

-# Setup (Docker)
+# Setup
+
+## Docker

 **Run this on the Docker-Host**

@ -77,6 +83,97 @@ volumes:
  dls-db:
 ```

+## Debian
+
+Tested on `Debian 11 (bullseye)`, Ubuntu may also work.
+
+**Install requirements**
+
+```shell
+apt-get update && apt-get install git python3-venv python3-pip
+```
+
+**Install FastAPI-DLS**
+
+```shell
+WORKING_DIR=/opt/fastapi-dls
+mkdir -p $WORKING_DIR
+cd $WORKING_DIR
+git clone https://git.collinwebdesigns.de/oscar.krause/fastapi-dls .
+python3 -m venv venv
+source venv/bin/activate
+pip install -r requirements.txt
+deactivate
+```
+
+**Create keypair and webserver certificate**
+
+```shell
+WORKING_DIR=/opt/fastapi-dls/app/cert
+mkdir $WORKING_DIR
+cd $WORKING_DIR
+# create instance private and public key for singing JWT's
+openssl genrsa -out $WORKING_DIR/instance.private.pem 2048 
+openssl rsa -in $WORKING_DIR/instance.private.pem -outform PEM -pubout -out $WORKING_DIR/instance.public.pem
+# create ssl certificate for integrated webserver (uvicorn) - because clients rely on ssl
+openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout  $WORKING_DIR/webserver.key -out $WORKING_DIR/webserver.crt
+```
+
+**Test Service**
+
+```shell
+cd /opt/fastapi-dls/app
+/opt/fastapi-dls/venv/bin/uvicorn main:app \
+  --host 127.0.0.1 --port 443 \
+  --app-dir /opt/fastapi-dls/app \
+  --ssl-keyfile /opt/fastapi-dls/app/cert/webserver.key \
+  --ssl-certfile /opt/fastapi-dls/app/cert/webserver.crt \
+  --proxy-headers
+```
+
+**Create config file**
+
+```shell
+cat <<EOF > /etc/fastapi-dls.env
+DLS_URL=127.0.0.1
+DLS_PORT=443
+LEASE_EXPIRE_DAYS=90
+DATABASE=sqlite:////opt/fastapi-dls/app/db.sqlite
+EOF 
+```
+
+**Create service**
+
+```shell
+cat <<EOF >/etc/systemd/system/fastapi-dls.service
+[Unit]
+Description=Service for fastapi-dls
+After=network.target
+
+[Service]
+User=www-data
+Group=www-data
+WorkingDirectory=/opt/fastapi-dls/app
+ExecStart=/opt/fastapi-dls/venv/bin/uvicorn \
+  --host $DLS_URL --port $DLS_PORT \
+  --app-dir /opt/fastapi-dls/app \
+  --ssl-keyfile /opt/fastapi-dls/app/cert/webserver.key \
+  --ssl-certfile /opt/fastapi-dls/app/cert/webserver.crt \
+  --proxy-headers
+EnvironmentFile=/etc/fastapi-dls.env
+Restart=always
+KillSignal=SIGQUIT
+Type=notify
+StandardError=syslog
+NotifyAccess=all
+
+[Install]
+WantedBy=multi-user.target
+EOF
+```
+
+Now you have to run `systemctl daemon-reload`. After that you can start service with `systemctl start fastapi-dls.service`.
+
 # Configuration

 | Variable            | Default               | Usage                                                                                 |
--- a/app/main.py
+++ b/app/main.py
@ -5,7 +5,7 @@ from uuid import uuid4
 from os.path import join, dirname
 from os import getenv

-from dotenv import dotenv_values
+from dotenv import load_dotenv
 from fastapi import FastAPI, HTTPException
 from fastapi.requests import Request
 from fastapi.encoders import jsonable_encoder
@ -22,7 +22,7 @@ from Crypto.PublicKey import RSA
 from Crypto.PublicKey.RSA import RsaKey

 logger = logging.getLogger()
-dotenv_values('version.env')
+load_dotenv('../version.env')

 VERSION, COMMIT, DEBUG = getenv('VERSION', 'unknown'), getenv('COMMIT', 'unknown'), bool(getenv('DEBUG', False))
Author	SHA1	Message	Date
Oscar Krause	1131f31c27	Merge remote-tracking branch 'origin/dev' into dev	2022-12-22 07:58:04 +01:00
Oscar Krause	e84a7b3e8d	README.md - added installation method with debian and git on bare metal	2022-12-22 07:57:56 +01:00
Oscar Krause	00f6590a9f	.gitlab-ci.yml fixes	2022-12-21 11:11:55 +01:00
Oscar Krause	6afb121533	README.md - added docs section	2022-12-21 11:06:25 +01:00
Oscar Krause	c5b6c79d1c	fixes	2022-12-21 11:06:09 +01:00
Oscar Krause	4184731571	dotenv fixes	2022-12-21 10:53:51 +01:00
Oscar Krause	7eddb17862	Dockerfile - include version.env to image	2022-12-21 10:48:36 +01:00