diff options
author | Silvino Silva <silvino@bk.ru> | 2017-02-04 00:46:40 +0000 |
---|---|---|
committer | Silvino Silva <silvino@bk.ru> | 2017-02-04 00:46:40 +0000 |
commit | 4208a8936840298b00e6930fb0501db27a5cde0f (patch) | |
tree | 662a5e7ce5569249b63c9f4925ba4f75b4c44575 /tools | |
parent | 5509a84e0d1a2732a429120e0bd26b83e119481f (diff) | |
parent | a671b0c01821d46d9f783393b887d7987ec10161 (diff) | |
download | doc-4208a8936840298b00e6930fb0501db27a5cde0f.tar.gz |
Merge branch 'r-0.3.0' into develop
Diffstat (limited to 'tools')
-rw-r--r-- | tools/conf/etc/gitweb.conf | 24 | ||||
-rw-r--r-- | tools/conf/etc/iptables/vlan.v4 | 170 | ||||
-rw-r--r-- | tools/conf/etc/nginx/sites-enabled/git.localhost.conf | 25 | ||||
-rwxr-xr-x | tools/conf/etc/rc.d/blan | 93 | ||||
-rw-r--r-- | tools/conf/srv/gitolite/.gitolite.rc | 2 | ||||
-rwxr-xr-x | tools/conf/srv/gitolite/deploy-web-doc | 42 | ||||
-rw-r--r-- | tools/conf/srv/gitolite/deploy-web.sh | 75 | ||||
-rwxr-xr-x | tools/conf/srv/gitolite/deploy.sh | 175 | ||||
-rwxr-xr-x | tools/conf/srv/gitolite/deployweb | 74 | ||||
-rw-r--r-- | tools/conf/srv/gitolite/gitolite.conf | 80 | ||||
-rwxr-xr-x | tools/conf/srv/gitolite/hook-deployweb | 22 | ||||
-rw-r--r-- | tools/conf/srv/gitolite/hook.sh | 95 | ||||
-rw-r--r-- | tools/gitolite.html | 353 | ||||
-rw-r--r-- | tools/network.html | 21 | ||||
-rw-r--r-- | tools/openssh.html | 2 | ||||
-rw-r--r-- | tools/qemu.html | 127 | ||||
-rw-r--r-- | tools/scripts/autoport.sh | 24 | ||||
-rw-r--r-- | tools/scripts/pkgmk-test.conf | 38 | ||||
-rw-r--r-- | tools/scripts/pkgmk-test.sh | 5 | ||||
-rwxr-xr-x[-rw-r--r--] | tools/scripts/replace.sh | 1 | ||||
-rw-r--r-- | tools/storage.html | 20 | ||||
-rw-r--r-- | tools/tcpdump.html | 4 | ||||
-rw-r--r-- | tools/vim.html | 14 |
23 files changed, 1147 insertions, 339 deletions
diff --git a/tools/conf/etc/gitweb.conf b/tools/conf/etc/gitweb.conf index b7bd004..26034fb 100644 --- a/tools/conf/etc/gitweb.conf +++ b/tools/conf/etc/gitweb.conf @@ -1,16 +1,22 @@ -our $git_temp = "/srv/www/gitweb_tmp"; - -our $projects_list = "/srv/gitolite/projects.list"; # The directories where your projects are. Must not end with a slash. our $projectroot = "/srv/gitolite/repositories"; # Base URLs for links displayed in the web interface. our @git_base_url_list = qw(git://core.privat-network.com http://git@core.private-network.com); +our $site_name = "gitweb"; +our $git_temp = "/srv/www/gitweb_tmp"; + +our $projects_list = "/srv/gitolite/projects.list"; + our $projects_list_group_categories = 1; -# By default, gitweb will happily let people browse any repository -# they guess the name of. This may or may not be what you want. -# I prefer to set these, to allow exactly the repositories in -# projects.list to be browsed. -$export_ok = ""; -$strict_export = "true"; + +our $home_link_str="GitWeb"; + +$feature{'highlight'}{'default'} = [1]; + +$feature{'pathinfo'}{'default'} = [1]; + +our @extra_breadcrumbs = ( + [ 'HomePage' => 'https://core.privat-network.net/' ], +); diff --git a/tools/conf/etc/iptables/vlan.v4 b/tools/conf/etc/iptables/vlan.v4 new file mode 100644 index 0000000..8c87389 --- /dev/null +++ b/tools/conf/etc/iptables/vlan.v4 @@ -0,0 +1,170 @@ +# Generated by iptables-save v1.6.0 on Sat Oct 15 17:20:41 2016 +*security +:INPUT ACCEPT [6:2056] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [6:2056] +COMMIT +# Completed on Sat Oct 15 17:20:41 2016 +# Generated by iptables-save v1.6.0 on Sat Oct 15 17:20:41 2016 +*raw +:PREROUTING ACCEPT [7:2092] +:OUTPUT ACCEPT [6:2056] +COMMIT +# Completed on Sat Oct 15 17:20:41 2016 +# Generated by iptables-save v1.6.0 on Sat Oct 15 17:20:41 2016 +*mangle +:PREROUTING ACCEPT [7:2092] +:INPUT ACCEPT [6:2056] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [6:2056] +:POSTROUTING ACCEPT [6:2056] +COMMIT +# Completed on Sat Oct 15 17:20:41 2016 +# Generated by iptables-save v1.6.0 on Sat Oct 15 17:20:41 2016 +*filter +:INPUT DROP [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT DROP [0:0] +-A INPUT -i lo -j ACCEPT +-A INPUT -i br0 -j ACCEPT +-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop sync: " --log-level 7 +-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP +-A INPUT -f -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop frag: " +-A INPUT -f -j DROP +-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP +-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP +-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop null: " +-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP +-A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop syn rst syn rs" +-A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP +-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop xmas: " +-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP +-A INPUT -p tcp -m tcp --tcp-flags FIN,ACK FIN -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop fin scan: " +-A INPUT -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP +-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP +################################################################################# +# INPUT +# Established connections and passive +# + +# Allow established from dns server +#-A INPUT -p udp -m udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +# INPUT accept passive +-A INPUT -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +-A INPUT -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state RELATED -j ACCEPT + + +# Allow irc +-A INPUT -p tcp -m tcp --sport 6667 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +# Allow xmmp +-A INPUT -p tcp -m tcp --sport 5222 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT +# Allow established from https server +-A INPUT -p tcp -m tcp --sport 443 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT +-A INPUT -p udp -m udp --sport 443 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT + +# Allow established from http server +-A INPUT -p tcp -m tcp --sport 80 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +# Allow established from rsync server +-A INPUT -p tcp -m tcp --sport 873 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +# Allow established from pop3s server +-A INPUT -p tcp -m tcp --sport 995 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +# Allow established from smtps server +-A INPUT -p tcp -m tcp --sport 465 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +# Allow established from ntp server +-A INPUT -p udp -m udp --sport 123 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +# Allow established from whois server +-A INPUT -p tcp -m tcp --sport 43 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +# Allow established from ftp server +-A INPUT -p tcp -m tcp --sport 20 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +-A INPUT -p tcp -m tcp --sport 21 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +-A INPUT -p tcp -m tcp --sport 22 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +################################################################################## +# INPUT +# New and established connections to local servers +# + +# allow ping +-A INPUT -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT +-A INPUT -p icmp --icmp-type 0 -m state --state ESTABLISHED,RELATED -j ACCEPT + +# INPUT accept from wlp7s0 to dns server +#-A INPUT -p udp -m udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT + +# INPUT accept from wlp7s0 to https server +-A INPUT -p tcp -m tcp --sport 1024:65535 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT +# INPUT accept from wlp7s0 to ssh server +-A INPUT -p tcp -m tcp --sport 1024:65535 --dport 2222 -m state --state ESTABLISHED -j ACCEPT +-A INPUT -p tcp -m tcp --sport 1024:65535 --dport 2222 -m state --state NEW -m limit --limit 6/min --limit-burst 3 -j ACCEPT + +-A FORWARD -i br0 -j ACCEPT + +-A INPUT -j LOG --log-prefix "iptables: INPUT: " --log-level 7 +-A FORWARD -j LOG --log-prefix "iptables: FORWARD: " --log-level 7 + +################################################################################## +# Output +# Connections to remote servers +# +-A OUTPUT -o lo -j ACCEPT +-A OUTPUT -o br0 -j ACCEPT + +# Allow ping +-A OUTPUT -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT +# Allow to ssh clients +-A OUTPUT -p tcp -m tcp --sport 2222 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT + +# Allow to dns +#-A OUTPUT -p udp -m udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT +# Allow from dns server +#-A OUTPUT -p udp -m udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT + +# Allow irc +-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 6667 -m state --state NEW,ESTABLISHED -j ACCEPT +# Allow xmmp +-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 5222 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT + + +# Allow to rsync server +-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 873 -m state --state NEW,ESTABLISHED -j ACCEPT +# Allow to pop3s server +-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 995 -m state --state NEW,ESTABLISHED -j ACCEPT +# Allow to smtps server +-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 465 -m state --state NEW,ESTABLISHED -j ACCEPT +# Allow to ntp server +-A OUTPUT -p udp -m udp --sport 1024:65535 --dport 123 -m state --state NEW,ESTABLISHED -j ACCEPT +# Allow to ftp server +-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT +-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 20 -m state --state NEW,ESTABLISHED -j ACCEPT +# Allow to https server +-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 443 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT +-A OUTPUT -p udp -m udp --sport 1024:65535 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT +# Allow to http server +-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT + +################################################################################## +# Output +# Connections from local servers +# + + +-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state RELATED -j ACCEPT +-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state NEW -j ACCEPT + + +-A OUTPUT -j LOG --log-prefix "iptables: OUTPUT: " --log-level 7 +COMMIT +# Completed on Sat Oct 15 17:20:41 2016 +# Generated by iptables-save v1.6.0 on Sat Oct 15 17:20:41 2016 +*nat +:PREROUTING ACCEPT [1:36] +:INPUT ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +:POSTROUTING ACCEPT [0:0] + +-A POSTROUTING -s 10.0.0.0/24 -d 10.0.0.0/24 -j ACCEPT +-A POSTROUTING -s 10.0.0.0/24 -j MASQUERADE +#-A POSTROUTING -o wlp7s0 -j MASQUERADE + +COMMIT +# Completed on Sat Oct 15 17:20:41 2016 diff --git a/tools/conf/etc/nginx/sites-enabled/git.localhost.conf b/tools/conf/etc/nginx/sites-enabled/git.localhost.conf new file mode 100644 index 0000000..d114ab8 --- /dev/null +++ b/tools/conf/etc/nginx/sites-enabled/git.localhost.conf @@ -0,0 +1,25 @@ +server { + listen 443 ssl; + + server_name git.localhost git.c9.core git.core.privat-network.net; + + root /srv/www/gitweb; + + location /static/ { + # static files (png/css) served from /usr/share/gitweb/static + root /usr/share/gitweb ; + expires 30d; + } + + location / { + index gitweb.cgi + fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; + fastcgi_param DOCUMENT_ROOT /srv/www/gitweb/; + fastcgi_param SCRIPT_NAME /gitweb.cgi$fastcgi_path_info; + fastcgi_split_path_info ^()(/?.+)$; + + include fastcgi_params; + fastcgi_pass unix:/var/run/fcgiwrap.sock; + } + +} diff --git a/tools/conf/etc/rc.d/blan b/tools/conf/etc/rc.d/blan index f75d272..f3ea322 100755 --- a/tools/conf/etc/rc.d/blan +++ b/tools/conf/etc/rc.d/blan @@ -4,60 +4,55 @@ # DEV="br0" -PHY="enp8s0" -ADDR=10.0.0.1 +ADDR=10.0.0.254 NET=10.0.0.0 +GW=192.168.1.254 MASK=24 -GTW=10.0.0.1 -NTAPS=$((`/usr/bin/nproc`-1)) + +# one tap for each cpu core +NTAPS=$((`/usr/bin/nproc`)) case $1 in - start) - /sbin/ip link add name ${DEV} type bridge - /sbin/ip link set dev ${DEV} up - - /bin/sleep 0.2s - /sbin/ip route flush dev ${PHY} - /sbin/ip addr flush dev ${PHY} - /sbin/ip link set dev ${PHY} master ${DEV} - - /sbin/ip addr add ${ADDR}/${MASK} dev ${DEV} broadcast + - - for i in `/usr/bin/seq $NTAPS` - do - TAP="tap$i" - echo $TAP - /sbin/ip tuntap add ${TAP} mode tap group kvm - /sbin/ip link set ${TAP} up - /bin/sleep 0.2s - #brctl addif $switch $1 - /sbin/ip link set ${TAP} master ${DEV} - done - - exit 0 - ;; - stop) - - for i in `/usr/bin/seq $NTAPS` - do - TAP="tap$i" - /sbin/ip link del ${TAP} - echo $TAP - done - - /sbin/ip link set dev ${DEV} down - /sbin/ip route flush dev ${DEV} - /sbin/ip link del ${DEV} - exit 0 - ;; - restart) - $0 stop - $0 start - ;; - *) - echo "Usage: $0 [start|stop|restart]" - ;; + start) + /sbin/ip link add name ${DEV} type bridge + /sbin/ip addr add ${ADDR}/${MASK} dev ${DEV} broadcast + + /sbin/ip link set dev ${DEV} up + /bin/sleep 0.2s + + for i in `/usr/bin/seq $NTAPS` + do + TAP="tap$i" + echo "Setting up ${TAP} tap interface." + /sbin/ip tuntap add ${TAP} mode tap group kvm + /sbin/ip link set ${TAP} up + /bin/sleep 0.2s + /sbin/ip link set ${TAP} master ${DEV} + done + + exit 0 + ;; + stop) + + for i in `/usr/bin/seq $NTAPS` + do + TAP="tap$i" + echo "Deleting ${TAP} tap interface." + /sbin/ip link del ${TAP} + done + + /sbin/ip link set dev ${DEV} down + /sbin/ip route flush dev ${DEV} + /sbin/ip link del ${DEV} + exit 0 + ;; + restart) + $0 stop + $0 start + ;; + *) + echo "Usage: $0 [start|stop|restart]" + ;; esac # End of file diff --git a/tools/conf/srv/gitolite/.gitolite.rc b/tools/conf/srv/gitolite/.gitolite.rc index e568453..fa18e4e 100644 --- a/tools/conf/srv/gitolite/.gitolite.rc +++ b/tools/conf/srv/gitolite/.gitolite.rc @@ -155,7 +155,7 @@ # 'partial-copy', # manage local, gitolite-controlled, copies of read-only upstream repos - # 'upstream', + 'upstream', # updates 'description' file instead of 'gitweb.description' config item # 'cgit', diff --git a/tools/conf/srv/gitolite/deploy-web-doc b/tools/conf/srv/gitolite/deploy-web-doc new file mode 100755 index 0000000..ae8e2db --- /dev/null +++ b/tools/conf/srv/gitolite/deploy-web-doc @@ -0,0 +1,42 @@ +#!/bin/bash +###################################################################### +# +# Put this file in your gitolite-admin; +# ~/gitolite-admin/local/hooks/repo-specific/deploy-web-doc +# +# set host to empty to create package for each push +# or set remote host to create package based on last deployed push +# host="https://doc.localhost" +host="" +# set name of witch branch should be deployed +branch_to_deploy="deploy_branch" + +###################################################################### + + +url="$host/.last_deploy" +source /srv/gitolite/deploy/hook.sh +read oldrev newrev refname +push_branch=$(git rev-parse --symbolic --abbrev-ref $refname) + +#SCRIPT_VARS=$(set) +#echo "project: $PROJECT" +#echo "local dir: $PWD" > /srv/gitolite/deploy/${GL_REPO} +#echo "${SCRIPT_VARS}" >> /srv/gitolite/deploy/${GL_REPO} + +if [[ $push_branch = $branch_to_deploy ]]; then + + # if host empty we make local tracking + if [[ $host = "" ]]; then + if [[ $(is_initial ${GL_REPO}) = "true" ]]; then + oldrev="initial" + fi + else + if [[ ! $(valid_url $url) = "true" ]]; then + echo "Deploy: set $url on remote to start creating packages" + exit 1 + fi + oldrev=$(get_remote_rev $url) + fi + create_package ${GL_REPO} ${PWD} ${oldrev} ${newrev} "deploy-web.sh" +fi diff --git a/tools/conf/srv/gitolite/deploy-web.sh b/tools/conf/srv/gitolite/deploy-web.sh new file mode 100644 index 0000000..01e92ac --- /dev/null +++ b/tools/conf/srv/gitolite/deploy-web.sh @@ -0,0 +1,75 @@ +#!/bin/bash + +pkg_path=$1 + +www_root="/srv/www" +www_user="nginx" +www_group="www" + +pkg_file="${pkg_path}/project" +pkg_rm="${pkg_path}/deleted" +pkg_files="${pkg_path}/files" + +if [ ! -f ${pkg_file} ]; then + echo "Deploy web: invalid pkg_file ${pkg_file}" + exit 1 +fi + +pkg_name=$(head -1 ${pkg_file}) +pkg_new=$(head -3 ${pkg_file} | tail -1) +pkg_new7=$(echo ${pkg_new} | cut -c1-7) + +pkg_www="${www_root}/${pkg_name}" +pkg_back="${pkg_www}/backup_deploy" +pkg_last="${pkg_www}/.last_deploy" + +if [ ! -d ${pkg_www} ]; then + echo "Deploy web: invalid pkg_www ${pkg_www}" + exit 1 +fi + +# first backup all data +if [[ ! $(ls ${pkg_www} | grep -v "backup_deploy") = "" ]]; then + if [ ! -d ${pkg_back} ]; then + sudo -u ${www_user} mkdir -p ${pkg_back} + fi + backup_file="${pkg_back}/${pkg_name}-$(date '+%Y-%j-%H-%M-%S').tar.gz" + echo "Deploy web: making backup ${backup_file}" + sudo -u ${www_user} tar --exclude ${pkg_back} --xattrs -zcpf ${backup_file} ${pkg_www} +fi + +# remove files and directories that have been deleted +if [ -f ${pkg_rm} ]; then + + echo "Deploy web: files to delete:" + # first we delete files + while read deleted_file; do + deleted_file="${pkg_www}/${deleted_file}" + if [ -f ${deleted_file} ]; then + echo "file rm ${deleted_file}" + rm ${deleted_file} + fi + done <${pkg_rm} + + # delete directories + while read deleted_file; do + deleted_file="${pkg_www}/${deleted_file}" + if [ -d ${deleted_file} ]; then + echo "file rm ${deleted_file}" + rm ${deleted_file} + fi + done <${pkg_rm} + +fi + +# copy new files to destination +if [ -d ${pkg_files} ]; then + echo "Deploy web: cp from ${pkg_files} to ${pkg_www}" + sudo -u ${www_user} cp -r ${pkg_files}/* ${pkg_www} +fi + +echo ${pkg_new} > ${pkg_last} +echo "Deploy: scripts/deployweb.sh ${pkg_name} ${pkg_new7} deployed." + +#remove temporary package +rm -r ${pkg_path} diff --git a/tools/conf/srv/gitolite/deploy.sh b/tools/conf/srv/gitolite/deploy.sh new file mode 100755 index 0000000..df11f4a --- /dev/null +++ b/tools/conf/srv/gitolite/deploy.sh @@ -0,0 +1,175 @@ +#!/bin/bash + +# origin package directory +packages_dir="/srv/gitolite/deploy/packages" +# temporary work directory +deploy_dir="/srv/gitolite/deploy/deploy_dir" +# scripts to deploy packages +deploy_scripts="/srv/gitolite/deploy/scripts" + +function get_script(){ + # receives package path return script to call + local pkg_path=$1 + echo $(head -2 ${pkg_path}/project | tail -1) +} + +function get_new(){ + # receives package path return commit hash (new) + local pkg_path=$1 + echo $(head -3 ${pkg_path}/project | tail -1) +} + +function get_dep(){ + # receives package path return previews commit hash (old) + local pkg_path=$1 + + new=$(head -3 ${pkg_path}/project | tail -1) + old=$(head -4 ${pkg_path}/project | tail -1) + + if [[ ! ${new} = ${old} ]]; then + echo ${old} | cut -c1-7 + fi +} + +function project_extract(){ + + # project directory containing extracted packages + local prj_dir=$1 + + # final extracted package + local prj_pkg="${prj_dir}/package" + + # temporary vars for swapping/iterating pkg_news + local pkg_new="" + local pkg_old="" + local pkg_dir="" + local pkg_temp="" + local pkg_next=1 + local pkg_del="" + local x=0 + local y=0 + + # array with all the news hashes + local pkg_news=($(ls ${prj_dir})) + + # total new packages + local total=${#pkg_news[@]} + + echo "Deploy: $(basename ${prj_dir}) extracting packages ${pkg_news[*]}" + + # find first package + for pkg_new in ${pkg_news[@]} + do + # get package dependency + pkg_dir="${prj_dir}/${pkg_new}" + pkg_old=$(get_dep ${pkg_dir}) + if [[ ! " ${pkg_news[@]} " =~ " ${pkg_old} " ]]; then + # pkg_news don't contain package + # we found initial package + pkg_temp=${pkg_news[0]} + pkg_news[0]=${pkg_new} + pkg_news[${x}]=${pkg_temp} + break + fi + x=$((${x}+1)) + done + + # Order packages by dependency start with first package + for (( y=0; y<${total}; y++ )) + do + pkg_next=$(($y+1)) + if [[ ${pkg_next} = ${total} ]]; then + ## we are in the last one + break + fi + + pkg_new=${pkg_news[$y]} + for (( x=pkg_next; x<${total}; x++ )) + do + pkg_dir="${prj_dir}/${pkg_news[${x}]}" + pkg_old=$(get_dep ${pkg_dir}) + # is dependent on current + if [[ ${pkg_old} = ${pkg_new} ]]; then + pkg_temp=${pkg_news[${pkg_next}]} + pkg_news[${pkg_next}]=${pkg_news[${x}]} + pkg_news[${x}]=${pkg_temp} + # we can break and pass next one + break + fi + done + done + + # create project final package directory + mkdir -p ${prj_pkg}/files + + # copy project information of last commit + cp ${prj_dir}/${pkg_news[$((${total}-1))]}/project ${prj_pkg} + + # now that packages are ordered we can start creating files + for pkg_new in ${pkg_news[@]} + do + pkg_dir=${prj_dir}/${pkg_new} + tar xf ${pkg_dir}/files.tar.xz \ + --directory ${prj_pkg}/files + + # if deleted files exists + if [ -f "${pkg_dir}/deleted" ]; then + # first collect all files/directories don't exist + while read pkg_del; do + # if file don't exist add entry to project deleted file + pkg_temp="${prj_pkg}/files/${pkg_del}" + if [ ! -f ${pkg_temp} ]; then + if [ ! -d ${pkg_temp} ]; then + # is not a file or directory from previous packages + echo ${pkg_del} >> ${prj_pkg}/deleted + fi + fi + done <${prj_dir}/${pkg_new}/deleted + + # delete directories and files + while read pkg_del; do + pkg_temp="${prj_pkg}/files/${pkg_del}" + if [ -d ${pkg_temp} ]; then + rm -r ${pkg_temp} + elif [ -f ${pkg_temp} ]; then + rm ${pkg_temp} + fi + done <${prj_dir}/${pkg_new}/deleted + fi + + #remove temporary directory + rm -r ${prj_dir}/${pkg_new} + done + + # call project deploy script + call_script=${deploy_scripts}/$(get_script $prj_pkg) + echo "Deploy: calling deploy script: ${call_script}" + /bin/bash ${call_script} ${prj_pkg} + +} + +if [[ ! $(ls ${deploy_dir}) = "" ]]; then + rm -r ${deploy_dir}/* +fi + +# first extract all packages from origin directory +for pkg_path in `find ${packages_dir} -type f -name "*.tar.gz"` +do + if [ -f ${pkg_path} ]; then + pkg_name=$(basename ${pkg_path}) + pkg_proj=$(echo ${pkg_name} | cut -d "_" -f 1) + pkg_new7=$(echo ${pkg_name} | tail -c -15 | cut -c -7) + pkg_temp=${deploy_dir}/${pkg_proj}/${pkg_new7} + mkdir -p ${pkg_temp} + tar xf ${pkg_path} --directory ${pkg_temp} + rm ${pkg_path} + fi +done + +# loop for all projects and deploy them +for prj_dir in `find ${deploy_dir} -maxdepth 1 -mindepth 1 -type d` +do + # order index of hashes based on old commit + echo "prj_dir $prj_dir" + project_extract ${prj_dir} +done diff --git a/tools/conf/srv/gitolite/deployweb b/tools/conf/srv/gitolite/deployweb deleted file mode 100755 index 5a18ed1..0000000 --- a/tools/conf/srv/gitolite/deployweb +++ /dev/null @@ -1,74 +0,0 @@ -#!/bin/sh - -###################################################################### -# -# Put this file in; -# /usr/share/gitolite/deployweb -# -DIR_WWW=/srv/www/ -DEPLOY_BRANCH=deployweb -TARGET_USER=nginx - -for DP_FILE in /srv/gitolite/deploy/* -do - - if [ ! -f "$DP_FILE" ]; then - # Nothing to do ;) - #echo "Deploy: invalid DP_FILE" - exit 1; - fi - - # Get project name - PROJECT=$(basename "$DP_FILE") - echo "Deploy: PROJECT=${PROJECT}" - - # Get git repository path and verify if exists - DIR_GIT=$(head -n 1 $DP_FILE) - if [ ! -d "$DIR_GIT" ]; then - echo "Deploy: invalid DIR_GIT: ${DIR_GIT}" - exit 2; - fi - echo "Deploy: DIR_GIT=${DIR_GIT}" - - # Get directory to deploy and verify if exists - GIT_WORK_TREE=${DIR_WWW}${PROJECT}/ - if [ ! -d "$GIT_WORK_TREE" ]; then - echo "Deploy: invalid GIT_WORK_TREE: ${GIT_WORK_TREE}" - echo "Deploy: creating directory: $GIT_WORK_TREE}" - mkdir -p $GIT_WORK_TREE - fi - echo "Deploy: GIT_WORK_TREE={$GIT_WORK_TREE}" - - # Deploy (checkout) - echo "Deploy: starting git checkout" - - git --git-dir=$DIR_GIT \ - --work-tree=$GIT_WORK_TREE \ - checkout -f $DEPLOY_BRANCH - - - # Fix ownership and permissions - echo "Deploy: fixing permissions" - - echo "Deploy: setting owner: chown -R ${TARGET_USER}" - chown -R ${TARGET_USER}:${TARGET_USER} $GIT_WORK_TREE - - echo "Deploy: setting directory permissions: chmod 755" - find $GIT_WORK_TREE -type d -print0 | xargs -0 chmod 755 - - echo "Deploy: setting file permissions: chmod 644" - find $GIT_WORK_TREE -type f -print0 | xargs -0 chmod 644 - - # Call project script - if [ -f "${GIT_WORK_TREE}/deploy.sh" ]; then - echo "Deploy: calling ${GIT_WORK_TREE}deploy.sh" - cd ${GIT_WORK_TREE} - sudo -u ${TARGET_USER} sh ${GIT_WORK_TREE}deploy.sh - fi - - # Done with project - echo "Deploy: removing deploy file="$DP_FILE - rm $DP_FILE - - exit 0; -done diff --git a/tools/conf/srv/gitolite/gitolite.conf b/tools/conf/srv/gitolite/gitolite.conf new file mode 100644 index 0000000..09133ec --- /dev/null +++ b/tools/conf/srv/gitolite/gitolite.conf @@ -0,0 +1,80 @@ +@guests = gitweb +@interns = silvino +@dev = silvino +@teamleads = silvino +@staff = @interns @dev @teamleads + +repo @secret + - = @guests + option deny-rules = 1 + +repo @floss + RW+ = @dev @staff + R = @all + +repo @project + RW+ = @teamleads + - master = @dev + - refs/tags/v[0-9] = @dev + RW+ develop/ = @dev + RW+ feature/ = @dev + RW+ hot-fix/ = @dev + RW = @dev + R = @interns + +repo @mirror + RW+ release/ = @teamleads + RW+ develop/ = @dev + RW+ feature/ = @dev + RW+ hot-fix/ = @dev + R = @all + +repo gitolite-admin + RW+ = gitolite + +repo c9-doc c9-ports c9-pmwiki c9-assistant + config gitweb.owner = "c9 team" + config gitweb.category = "c9" + +repo linux-pck + config gitweb.owner = "c9 team" + config gitweb.category = "mirrors" + +repo opt core contrib + config gitweb.owner = "crux" + config gitweb.category = "crux" + +repo c9-doc + config gitweb.description = "c9 documentation" + option hook.post-receive = deploy-web-doc + +repo c9-ports + config gitweb.description = "c9 ports" + +repo c9-pmwiki + config gitweb.description = "c9 wiki" + option hook.post-receive = deploy-web-doc + +repo c9-assistant + config gitweb.owner = "c9 team" + config gitweb.description = "c9 open assistant" + +repo core + config gitweb.description = "crux core collection" + +repo opt + config gitweb.description = "crux opt collection" + +repo contrib + config gitweb.description = "crux contrib collection" + +repo linux-pck + config gitweb.description = "PCK or Parabola Community Kernel are multiple patches, pf-kernel and zen-kernel for Linux-libre kernel" + option upstream.url = git://git.parabola.nu/pck.git + option upstream.nice = 120 + + +@secret = gitolite-admin +@project = c9-doc c9-ports c9-pmwiki c9-assistant +@project = core opt contrib +@mirror = linux-pck diff --git a/tools/conf/srv/gitolite/hook-deployweb b/tools/conf/srv/gitolite/hook-deployweb deleted file mode 100755 index 1a32bd9..0000000 --- a/tools/conf/srv/gitolite/hook-deployweb +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/sh - -###################################################################### -# -# Put this file in your gitolite-admin; -# ~/gitolite-admin/local/hooks/repo-specific/hook-deployweb -# -while read oldrev newrev refname -do - BRANCH=$(git rev-parse --symbolic --abbrev-ref $refname) - echo "Commit was for branch $BRANCH" - - if [ "$BRANCH" = "deployweb" ]; then - - # Get project name from current directory (without .git) - PROJECT=$(basename "$PWD") - PROJECT=${PROJECT%.git} - - echo "Project $PROJECT added to deploy list." - echo $PWD > /srv/gitolite/deploy/$PROJECT - fi -done diff --git a/tools/conf/srv/gitolite/hook.sh b/tools/conf/srv/gitolite/hook.sh new file mode 100644 index 0000000..1f977ca --- /dev/null +++ b/tools/conf/srv/gitolite/hook.sh @@ -0,0 +1,95 @@ +#!/bin/bash + +# final packages dir +packages_dir="/srv/gitolite/deploy/packages" +# hook work directory +hook_dir="/srv/gitolite/deploy/hook_dir" + +function is_initial(){ + local prj_name=$1 + if [ ! -d ${hook_dir}/${prj_name} ]; then + echo "true" + else + echo "false" + fi +} + +function get_remote_rev(){ + echo $(wget --no-check-certificate -qO- $1) +} + +function valid_url(){ + if [[ `wget -S --spider $1 --no-check-certificate 2>&1 | grep 'HTTP/1.1 200 OK'` ]]; + then + echo "true"; + fi +} + +function create_package(){ + # project name + local prj_name=$1 + # git repository directory + local git_dir=$2 + # last/old commit revision + local pkg_old=$3 + # new commit revision + local pkg_new=$4 + # script deploy call when extracting this package + local pkg_script=$5 + + local pkg_new7=$(echo $pkg_new | cut -c1-7) + + # project directory + local prj_dir="${hook_dir}/${prj_name}" + # package directory + local pkg_dir="${prj_dir}/${pkg_new7}" + # final tar file + local pkg_tar="${packages_dir}/${prj_name}_${pkg_new7}.tar.gz" + + # if temporary work directory exists maybe other process is creating packages + if [ -d "$pkg_dir" ]; then + echo "Deploy: temporary directory ${pkg_dir} exists, maybe other precess" + exit 1 + fi + # create temporary directory for this package + mkdir -p ${pkg_dir} + + echo "Deploy: ${prj_name} ${pkg_new7} package call ${pkg_script} on deploy." + + # save metadata to be used by deploy script + echo $prj_name > ${pkg_dir}/project + echo $pkg_script >> ${pkg_dir}/project + echo $pkg_new >> ${pkg_dir}/project + + # if is a valid old commit create a package with changes since then + # else create a full package (all files) + local is_commit=$(git --git-dir=${git_dir} cat-file -t ${pkg_old} 2>&1) + if [[ $is_commit = "commit" ]]; then + echo "Deploy: creating package from old commit." + # list with files to extract (Added Copied Modified Renamed) + file_list=$(git --git-dir=${git_dir} --no-pager diff \ + --diff-filter=ACMR \ + --name-only ${pkg_old} ${pkg_new}) + + # create tar archive with same name as commit hash with files + git --git-dir=${git_dir} archive -o ${pkg_dir}/files.tar.xz ${pkg_new} ${file_list} + + # first we create list of files to be removed + git --git-dir=${git_dir} --no-pager diff \ + --diff-filter=DR \ + --name-status -t ${pkg_old} ${pkg_new} | cut -f 2 > ${pkg_dir}/deleted + + # save old commit on metadata + echo $pkg_old >> ${pkg_dir}/project + else + echo "Deploy: creating initial package." + git --git-dir=${git_dir} archive -o ${pkg_dir}/files.tar.xz ${pkg_new} + + fi + + tar -zcpf ${pkg_tar} --directory=${pkg_dir} . + + echo "Deploy: package ${pkg_tar} ready !" + rm -r ${pkg_dir} + return 0 +} diff --git a/tools/gitolite.html b/tools/gitolite.html index 8083ca0..94abda0 100644 --- a/tools/gitolite.html +++ b/tools/gitolite.html @@ -138,38 +138,54 @@ <pre> @guests = gitweb - @interns = clair bob - @dev = alice david - @teamleads = mike + @interns = bob alice + @dev = fred mary joe + @teamleads = mary @staff = @interns @dev @teamleads + repo @secret + - = @guests + option deny-rules = 1 + + repo @floss + RW+ = @dev @staff + R = @all + + repo @project + RW+ = @teamleads + - master = @dev + - refs/tags/v[0-9] = @dev + RW+ develop/ = @dev + RW+ feature/ = @dev + RW+ hot-fix/ = @dev + RW = @dev + R = @interns repo gitolite-admin RW+ = gitolite - repo @floss - R = @all + repo c9-doc c9-ports c9-pmwiki + config gitweb.owner = "c9 team" + config gitweb.category = "c9" - repo @proto - RW+ = @staff + repo c9-doc + config gitweb.description = "c9 documentation" + option hook.post-receive = deploy-web-doc - repo @project - RW+ = @teamleads - - master = @dev - - refs/tags/v[0-9] = @dev - RW+ develop/ = @dev - RW+ feature/ = @dev @interns - RW+ hot-fix/ = @dev @interns - RW = @dev - R = @interns @guests + repo c9-ports + config gitweb.description = "c9 ports" - @project = c9-doc c9-ports + repo c9-pmwiki + config gitweb.description = "c9 wiki" + option hook.post-receive = deploy-web-doc - repo c9-doc c9-ports - option hook.post-receive = hook-deployweb + repo c9-assistant + config gitweb.owner = "c9 team" + config gitweb.category = "c9" + config gitweb.description = "c9 open assistant" - repo testing - RW+ = @staff + @secret = gitolite-admin + @project = c9-doc c9-ports c9-pmwiki c9-assistant </pre> <p>Commit and push;</p> @@ -202,8 +218,39 @@ $ git push </pre> + <h4>3.3.3 Delete Repository</h4> + + <pre> + # cd /srv/gitolite/repositories/ + # rm -rf c9-doc.git + </pre> + + <p>On workstation edit conf/gitolite.conf and remove c9-doc.</p> + <h2 id="hooks">4. Gitolite Hooks</h2> + <p>This document creates three scripts, one is run when gitolite receives + push to a project with hook active, second script is run under root + user to allow operations where gitolite user have no rights, third one + is project specific.</p> + + <p>This example try to have a separate creation of a package and its deployment, + in case deploy script is not on the same machine other method can be used to send + the package.</p> + + <p>A normal package will have a files.tar with all or new files to extract, + if necessary a deleted file with the list of files to be removed and a + project file with data about the package like new hash commit, or witch + script to call to deploy.</p> + + <p>Package is created under gitolite + <a href="conf/srv/gitolite/hook.sh">/srv/gitolite/deploy/hook.sh</a> + script and + <a href="conf/srv/gitolite/deploy.sh">/srv/gitolite/deploy/deploy.sh</a>, + deploy in this example is called called by cron.</p> + + <h3 id="gtl-activate">4.1. Activate Hooks</h3> + <p>Example from <a href="http://gitolite.com/gitolite/cookbook.html#v3.6-variation-repo-specific-hooks">Cookbook</a> how to apply hooks only to certain repos. Uncomment or add @@ -241,159 +288,221 @@ $ gitolite setup </pre> - <h3 id="gtl-deploy">4.1. Deploy Hook</h3> + <h3 id="gtl-deploy">4.2. Deploy and Hook script</h3> + + <p>Create deploy directory on remote, /srv/gitolite/deploy + was chosen to have less impact on the package system;</p> + + <pre> + $ sudo -u gitolite mkdir /srv/gitolite/deploy + </pre> + + <p>Script + <a href="conf/srv/gitolite/hook.sh">/srv/gitolite/deploy/hook.sh</a> + receives call create_package "project-name" "git-dir" + "valid oldrev/invalid" "newrev" "script/to/call.sh" from gitolite hook + and creates a package.</p> + + <pre> + $ sudo -u gitolite cp conf/srv/gitolite/hook.sh /srv/gitolite/deploy/ + </pre> + + <p>Script + <a href="conf/srv/gitolite/deploy.sh">/srv/gitolite/deploy/deploy.sh</a> + loops for each package, extracts, order commit hashes to create final + snapshot of files and call script to handle deploy.</p> + + <pre> + $ sudo -u gitolite cp conf/srv/gitolite/deploy.sh /srv/gitolite/deploy/ + </pre> + + <h3 id="gtl-setup">4.3. Setup project hook</h3> - <p>This manual create two users; one gitolite that handle git - central server and system www for web servers. To avoid permission - problems this example use gitolite hooks and cron. By using cron - we have permission to use chown, this way files end up with right - www user ownership and permissions.</p> + <p>Project hooks create a package by calling hook.sh script and + deploy a package being called by deploy.sh. Deploy script is a + simple example that handle multiple web projects.</p> - <p>This hook allows to select wich branch is deployed and if exists, - calls a script inside project folder with user www. This allows to - do post deploy (checkout) tasks such as composer update.</p> + <h4>4.3.1. Hook Script</h4> <p>Create - <a href="conf/srv/gitolite/hook-deployweb">gitolite-admin/local/hooks/repo-specific/hook-deployweb</a>;</p> + <a href="conf/srv/gitolite/deploy-web-doc">gitolite-admin/local/hooks/repo-specific/deploy-web-doc</a>;</p> <pre> #!/bin/bash - ###################################################################### # # Put this file in your gitolite-admin; - # ~/gitolite-admin/local/hooks/repo-specific/hook-deployweb + # ~/gitolite-admin/local/hooks/repo-specific/deploy-web-doc # - while read oldrev newrev refname - do - BRANCH=$(git rev-parse --symbolic --abbrev-ref $refname) - echo "Commit was for branch $BRANCH" + # set host to empty to create package for each push + # or set remote host to create package based on last deployed push + # host="https://doc.localhost" + host="" + # set name of witch branch should be deployed + branch_to_deploy="deploy_branch" + + ###################################################################### - if [[ "$BRANCH" == "master" ]];then - # Get project name from current directory (without .git) - PROJECT=$(basename "$PWD") - PROJECT=${PROJECT%.git} + url="$host/.last_deploy" + source /srv/gitolite/deploy/hook.sh + read oldrev newrev refname + push_branch=$(git rev-parse --symbolic --abbrev-ref $refname) - echo "Project $PROJECT added to deploy list." - echo $PWD > /srv/gitolite/deploy/$PROJECT - fi + #SCRIPT_VARS=$(set) + #echo "project: $PROJECT" + #echo "local dir: $PWD" > /srv/gitolite/deploy/${GL_REPO} + #echo "${SCRIPT_VARS}" >> /srv/gitolite/deploy/${GL_REPO} - done + if [[ $push_branch = $branch_to_deploy ]]; then + + # if host empty we make local tracking + if [[ $host = "" ]]; then + if [[ $(is_initial ${GL_REPO}) = "true" ]]; then + oldrev="initial" + fi + else + if [[ ! $(valid_url $url) = "true" ]]; then + echo "Deploy: set $url on remote to start creating packages" + exit 1 + fi + oldrev=$(get_remote_rev $url) + fi + create_package ${GL_REPO} ${PWD} ${oldrev} ${newrev} "deploy-web.sh" + fi </pre> - <p>Add scripts to the repos you want them to be active in - your conf file. For example:</p> + <p>Activate this hook, the idea is to start with this one as a template working + and then implement the final one. Edit gitolite admin configuration file and + activate:</p> <pre> repo c9-doc - option hook.post-receive = hook-deployweb + config gitweb.description = "c9 documentation" + option hook.post-receive = deploy-web-doc </pre> <p>Add, commit, and push the admin repo;</p> <pre> - $ git add -u && git commit -m "deploy hook" + $ git add local/hooks/repo-specific/hook-deployweb + $ git add -u && git commit -m "added deploy c9 hook" </pre> - <p>Create deploy directory on remote;</p> + <p>Now we can test if our script is functioning by creating a branch on c9-doc + making a random change and push;<p> <pre> - # su - gitolite - $ mkdir deploy + $ cd c9-doc + $ git checkout -b deploy_branch </pre> - <p>On remote run;</p> + <h4>4.3.2. Deploy Script</h4> + + <p>Create + <a href="conf/srv/gitolite/deploy-web.sh">/srv/gitolite/deploy/scripts/deploy-web.sh</a>;</p> <pre> - # su - gitolite - $ gitolite setup - </pre> + #!/bin/bash - <p>Create deploy script that cron will call - every minute, this script will check inside - /srv/gitolite/deploy folder for projects that have - been updated.</p> + pkg_path=$1 - <p>Create <a href="conf/srv/gitolite/deployweb">/usr/share/gitolite/deployweb</a>;</p> + www_root="/srv/www" + www_user="nginx" + www_group="www" - <pre> - #!/bin/sh + pkg_file="${pkg_path}/project" + pkg_rm="${pkg_path}/deleted" + pkg_files="${pkg_path}/files" - ###################################################################### - # - # Put this file in; - # /usr/share/gitolite/deployweb - # - DIR_WWW=/srv/www/ - DEPLOY_BRANCH=master - TARGET_USER=www + if [ ! -f ${pkg_file} ]; then + echo "Deploy web: invalid pkg_file ${pkg_file}" + exit 1 + fi - for DP_FILE in /srv/gitolite/deploy/* - do + pkg_name=$(head -1 ${pkg_file}) + pkg_new=$(head -3 ${pkg_file} | tail -1) + pkg_new7=$(echo ${pkg_new} | cut -c1-7) - if [ ! -f "$DP_FILE" ]; then - # Nothing to do ;) - #echo "Deploy: invalid DP_FILE" - exit 1; - fi + pkg_www="${www_root}/${pkg_name}" + pkg_back="${pkg_www}/backup_deploy" + pkg_last="${pkg_www}/.last_deploy" - # Get project name - PROJECT=$(basename "$DP_FILE") - echo "Deploy: PROJECT=${PROJECT}" + if [ ! -d ${pkg_www} ]; then + echo "Deploy web: invalid pkg_www ${pkg_www}" + exit 1 + fi - # Get git repository path and verify if exists - DIR_GIT=$(head -n 1 $DP_FILE) - if [ ! -d "$DIR_GIT" ]; then - echo "Deploy: invalid DIR_GIT: ${DIR_GIT}" - exit 2; - fi - echo "Deploy: DIR_GIT=${DIR_GIT}" - - # Get directory to deploy and verify if exists - GIT_WORK_TREE=${DIR_WWW}${PROJECT}/ - if [ ! -d "$GIT_WORK_TREE" ]; then - echo "Deploy: invalid GIT_WORK_TREE: ${GIT_WORK_TREE}" - echo "Deploy: creating directory: $GIT_WORK_TREE}" - mkdir -p $GIT_WORK_TREE + # first backup all data + if [[ ! $(ls ${pkg_www} | grep -v "backup_deploy") = "" ]]; then + if [ ! -d ${pkg_back} ]; then + sudo -u ${www_user} mkdir -p ${pkg_back} fi - echo "Deploy: GIT_WORK_TREE={$GIT_WORK_TREE}" - - # Deploy (checkout) - echo "Deploy: starting git checkout" + backup_file="${pkg_back}/${pkg_name}-$(date '+%Y-%j-%H-%M-%S').tar.gz" + echo "Deploy web: making backup ${backup_file}" + sudo -u ${www_user} tar --exclude ${pkg_back} --xattrs -zcpf ${backup_file} ${pkg_www} + fi + + # remove files and directories that have been deleted + if [ -f ${pkg_rm} ]; then + + echo "Deploy web: files to delete:" + # first we delete files + while read deleted_file; do + deleted_file="${pkg_www}/${deleted_file}" + if [ -f ${deleted_file} ]; then + echo "file rm ${deleted_file}" + rm ${deleted_file} + fi + done <${pkg_rm} + + # delete directories + while read deleted_file; do + deleted_file="${pkg_www}/${deleted_file}" + if [ -d ${deleted_file} ]; then + echo "file rm ${deleted_file}" + rm ${deleted_file} + fi + done <${pkg_rm} - git --git-dir=$DIR_GIT \ - --work-tree=$GIT_WORK_TREE \ - checkout -f $DEPLOY_BRANCH + fi + # copy new files to destination + if [ -d ${pkg_files} ]; then + echo "Deploy web: cp from ${pkg_files} to ${pkg_www}" + sudo -u ${www_user} cp -r ${pkg_files}/* ${pkg_www} + fi - # Fix ownership and permissions - echo "Deploy: fixing permissions" + echo ${pkg_new} > ${pkg_last} + echo "Deploy: scripts/deployweb.sh ${pkg_name} ${pkg_new7} deployed." - echo "Deploy: setting owner: chown -R ${TARGET_USER}" - chown -R ${TARGET_USER}:${TARGET_USER} $GIT_WORK_TREE + #remove temporary package + rm -r ${pkg_path} + </pre> - echo "Deploy: setting directory permissions: chmod 755" - find $GIT_WORK_TREE -type d -print0 | xargs -0 chmod 755 + <h4>4.3.3. Debuging hooks</h4> - echo "Deploy: setting file permissions: chmod 644" - find $GIT_WORK_TREE -type f -print0 | xargs -0 chmod 644 + <p>Comment gitolite admin repo script "if" and uncomment debug sections, this allow to + source the file with environment of hook.</p> - # Call project script - if [ -f "${GIT_WORK_TREE}/deploy.sh" ]; then - echo "Deploy: calling ${GIT_WORK_TREE}deploy.sh" - cd ${GIT_WORK_TREE} - sudo -u ${TARGET_USER} sh ${GIT_WORK_TREE}deploy.sh - fi + <p>Later you can delete this branch locally and remote and start fresh. To test + if hook is called each time you push run;</p> - # Done with project - echo "Deploy: removing deploy file="$DP_FILE - rm $DP_FILE - exit 0; - done + <pre> + $ echo $(( ( RANDOM % 10 ) +1 )) >> index.html && git add -u && git commit -m "test deploy" && git push git </pre> + <p>See if a file was created in /srv/gitolite/deploy with name of project and + with environmental variables of gitolite script.</p> + + <p>From now on you can test changes directly on + /srv/gitolite/.gitolite/local/hooks/repo-specific/hook-deployweb + and repeat above command to see the results or create a separate script with + all variables generated by above script set so you don't have to push at all.</p> + + <h4 id="gtl-deploy">4.4. Deploy with Cron</h4> + <p>Add cron job to call deploy script every minute;</p> <pre> @@ -434,7 +543,7 @@ our $projects_list = "/srv/gitolite/projects.list"; # The directories where your projects are. Must not end with a slash. - our $projectroot = "/srv/gitolite/repositories"; + our $projectroot = "/srv/gitolite/repositories"; # Base URLs for links displayed in the web interface. our @git_base_url_list = qw(git://core.privat-network.com http://git@core.private-network.com); diff --git a/tools/network.html b/tools/network.html index 43e4616..0dc51d6 100644 --- a/tools/network.html +++ b/tools/network.html @@ -14,30 +14,15 @@ by <a href="../core/network.html">net and wlan</a> scripts, they allow to connect to the internet in the most common environments.</p> + <p>For network statistics and monitoring see <a href="tcpdump.html">tcpdump</a>.</p> + <h2 id="bridge">Bridges</h2> <p>See <a href="conf/etc/rc.d/blan">/etc/rc.d/blan</a> on how to create interfaces at startup or as source to do it in automatic way;</p> - <pre> - DEV="br0" - PHY="enp8s0" - </pre> - - <pre> - # ip link add name ${DEV} type bridge - # ip link set dev ${DEV} up - </pre> - <pre> - # ip route flush dev ${PHY} - # ip addr flush dev ${PHY} - # ip link set dev ${PHY} master ${DEV} - </pre> - - <pre> - # ip addr add ${ADDR}/${MASK} dev ${DEV} broadcast + - </pre> + <p>For more information about bridges <a href="http://ebtables.netfilter.org/br_fw_ia/br_fw_ia.html#section7">Bridges with iptables</a></p> <a href="index.html">Tools Index</a> <p>This is part of the c9 Manual. diff --git a/tools/openssh.html b/tools/openssh.html index 12e5827..70fe76f 100644 --- a/tools/openssh.html +++ b/tools/openssh.html @@ -256,7 +256,7 @@ <p>To take advantage of tmux first login on remote and start <a href"../systools/tmux.html">tmux</a>, detach from the session - with ctrl + b d. On change ~/.profile and add alias;</p> + with ctrl + b d. Change ~/.bashrc and add follow alias;</p> <pre> alias core-server="ssh core -t tmux a" diff --git a/tools/qemu.html b/tools/qemu.html index 0079dfc..86fb7aa 100644 --- a/tools/qemu.html +++ b/tools/qemu.html @@ -12,7 +12,9 @@ <h2 id="kern">1. Host System</h2> - <p>Load modules, in this case kvm of intel cpu;</p> + <p>Prepare host system for virtual machines, this includes create new user, + loading necessary modules and configure network. Load kvm module, in this example + intel module is loaded but depends on host cpu;</p> <pre> # modprobe -a kvm-intel tun virtio @@ -27,6 +29,7 @@ <h2 id="disk">2. Disk images</h2> + <p>Qemu supports multiple disk images types.</p> <dl> <dt>img</dt> <dd>Raw disk image, allows dd to a physical device.</dd> @@ -115,67 +118,109 @@ KERNEL=="tun", GROUP="kvm", MODE="0660", OPTIONS+="static_node=net/tun" </pre> + <h3>2.1. Routing</h3> - <h3>2.1. Public Bridge</h3> - - <p>Create <a href="network.html#bridge">bridge</a>, create new - tap and add it to bridge;</p> - - <pre> - # DEV="br0" - # TAP="tap1" - </pre> - - <pre> - # ip tuntap add ${TAP} mode tap group kvm - # ip link set ${TAP} up - </pre> + <p>Create interface with correct permissions set for kvm group.</p> <pre> - # ip link set ${TAP} master ${DEV} + # sysctl -w net.ipv4.ip_forward=1 + # iptables -A INPUT -i br0 -j ACCEPT + # iptables -A FORWARD -i br0 -j ACCEPT + # iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -d 10.0.0.0/24 -j ACCEPT + # iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -j MASQUERADE </pre> - <h3>2.2. Routing</h3> + <h3>2.2. Public Bridge</h3> - <p>Create interface with correct permissions set for kvm group.</p> + <p>Create <a href="network.html#bridge">bridge</a>, create new + tap and add it to bridge;</p> <pre> - # sysctl -w net.ipv4.ip_forward=1 - # iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE + DEV="br0" + + ADDR=10.0.0.254 + NET=10.0.0.0 + GW=192.168.1.254 + MASK=24 + + # one tap for each cpu core + NTAPS=$((`/usr/bin/nproc`)) + + case $1 in + start) + /sbin/ip link add name ${DEV} type bridge + /sbin/ip addr add ${ADDR}/${MASK} dev ${DEV} broadcast + + /sbin/ip link set dev ${DEV} up + /bin/sleep 0.2s + + for i in `/usr/bin/seq $NTAPS` + do + TAP="tap$i" + echo "Setting up ${TAP} tap interface." + /sbin/ip tuntap add ${TAP} mode tap group kvm + /sbin/ip link set ${TAP} up + /bin/sleep 0.2s + /sbin/ip link set ${TAP} master ${DEV} + done + + exit 0 + ;; + stop) + + for i in `/usr/bin/seq $NTAPS` + do + TAP="tap$i" + echo "Deleting ${TAP} tap interface." + /sbin/ip link del ${TAP} + done + + /sbin/ip link set dev ${DEV} down + /sbin/ip route flush dev ${DEV} + /sbin/ip link del ${DEV} + exit 0 + ;; + restart) + $0 stop + $0 start + ;; + *) + echo "Usage: $0 [start|stop|restart]" + ;; + esac + + # End of file </pre> <h2 id="guest">Guest System</h2> - <p>Start qemu with 512 of ram, mydisk.img as disk and boot from iso</p> - <p>See <a href="scripts/system-qemu.sh">scripts/system-qemu.sh</a>, as template. Run virtual machine that uses above tap device;</p> <pre> - $ ISO=~/crux-3.2.iso - $ IMG=~/crux-img.qcow2 - $ TAP="tap1" + #!/bin/bash - $ qemu-system-x86_64 \ - -enable-kvm \ - -m 1024 \ - -boot d \ - -cdrom ${ISO} \ - -hda ${IMG} \ - -net nic,model=virtio -net tap,ifname=${TAP},script=no,downscript=no - </pre> + function rmac_addr (){ + printf '54:60:BE:EF:%02X:%02X\n' $((RANDOM%256)) $((RANDOM%256)) + } - <pre> - $ ISO=~/crux-3.2.iso - $ IMG=~/crux-img.qcow2 + #boot=d + boot=$1 + #iso=crux-3.2.iso + iso=$2 + #image=crux-img.qcow2 + image=$3 + #tap="tap1" + tap=$4 + mac=$(rmac_addr) - $ qemu-system-x86_64 \ + qemu-system-x86_64 \ -enable-kvm \ -m 1024 \ - -boot d \ - -cdrom ${ISO} \ - -hda ${IMG} \ - -net nic,model=virtio -net tap,ifname=${TAP},script=no,downscript=no + -boot ${boot} \ + -cdrom ${iso} \ + -hda ${image} \ + -device e1000,netdev=t0,mac=${mac} \ + -netdev tap,id=t0,ifname=${tap},script=no,downscript=no </pre> <a href="index.html">Tools Index</a> diff --git a/tools/scripts/autoport.sh b/tools/scripts/autoport.sh new file mode 100644 index 0000000..9965936 --- /dev/null +++ b/tools/scripts/autoport.sh @@ -0,0 +1,24 @@ +#!/bin/bash + +# Root Directory +DIR=$(dirname "$PWD"); + +DIR_CONF=$DIR"/conf" +COL_DIR=$DIR"/c9-ports/" + +#rm ck4up.conf +for port in ${COL_DIR}*/ ; do + + echo "Checking port $port" + # (cd $port && git clean -f -d . ) + # prtwash -p -s $port + prtverify -m clean-repo $port + + #echo "${port}Pkgfile;" + #source ${port}Pkgfile; + + #echo "$name md5 ${source[0]} @TAR@" >> ck4up.conf +done + +portspage --title=c9-ports . > index.html +httpup-repgen $COL_DIR diff --git a/tools/scripts/pkgmk-test.conf b/tools/scripts/pkgmk-test.conf new file mode 100644 index 0000000..2336685 --- /dev/null +++ b/tools/scripts/pkgmk-test.conf @@ -0,0 +1,38 @@ +# +# /etc/pkgmk.conf: pkgmk(8) configuration +# + +export CFLAGS="-O2 -march=x86-64" +export CXXFLAGS="${CFLAGS}" + +export MAKEFLAGS="-j4" + +case ${PKGMK_ARCH} in + "64"|"") + ;; + "32") + export CFLAGS="${CFLAGS} -m32" + export CXXFLAGS="${CXXFLAGS} -m32" + export LDFLAGS="${LDFLAGS} -m32" + export PKG_CONFIG_LIBDIR="/usr/lib32/pkgconfig" + ;; + *) + echo "Unknown architecture selected! Exiting." + exit 1 + ;; +esac + + PKGMK_SOURCE_MIRRORS=(https://ports.c9.core/distfiles/) +# PKGMK_SOURCE_DIR="$PWD" +# PKGMK_PACKAGE_DIR="$PWD" +# PKGMK_WORK_DIR="$PWD/work" +# PKGMK_DOWNLOAD="no" +# PKGMK_IGNORE_FOOTPRINT="no" +# PKGMK_IGNORE_NEW="no" +# PKGMK_NO_STRIP="no" +# PKGMK_DOWNLOAD_PROG="wget" +# PKGMK_WGET_OPTS="" +# PKGMK_CURL_OPTS="" +# PKGMK_COMPRESSION_MODE="gz" + + diff --git a/tools/scripts/pkgmk-test.sh b/tools/scripts/pkgmk-test.sh new file mode 100644 index 0000000..5509ac2 --- /dev/null +++ b/tools/scripts/pkgmk-test.sh @@ -0,0 +1,5 @@ +#!/bin/bash +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +CONF=${DIR}/pkgmk-test.conf + +fakeroot pkgmk -cf $CONF -d $1 diff --git a/tools/scripts/replace.sh b/tools/scripts/replace.sh index 8e393f0..e925e7d 100644..100755 --- a/tools/scripts/replace.sh +++ b/tools/scripts/replace.sh @@ -1,5 +1,6 @@ #!/bin/sh +# find and replace string on files folder=$1 oldstring=$2 newstring=$3 diff --git a/tools/storage.html b/tools/storage.html index 894873b..109c6fa 100644 --- a/tools/storage.html +++ b/tools/storage.html @@ -30,6 +30,20 @@ <h2 id="mv">2. Moving data</h2> + <p>Temp partition with 20M-50M;</dd> + + <pre> + (parted) mkpart primary ext4 4000MiB 4050MiB + </pre> + + <p>Ports partition with 120G allows to host sources, package + backups and ports;</dd> + + <pre> + (parted) mkpart primary ext4 192000MiB 312000MiB + </pre> + + <p>Reboot into single-user mode where services aren't started and networking is offline.<p> <pre> @@ -52,8 +66,14 @@ <p>Edit the <a href="../conf/etc/fstab">/etc/fstab</a>file:</p> <pre> + # Temporary Data /tmp + UUID=50bf6e55-6461-4dd4-b315-65b53cac0995 /tmp ext4 defaults,nodev,nosuid,noexec 0 0 + # Server Data /srv UUID=6fadcb98-e442-4af7-a5f2-1ddb6100a8c4 /srv ext4 defaults 0 2 + + # Ports Data /usr/ports + UUID=d1df6743-d3cb-4d5a-badb-96cef3181095 /usr/ports ext4 defaults,nodev,nosuid,noexec 0 0 </pre> <p>Reboot in normal mode.</p> diff --git a/tools/tcpdump.html b/tools/tcpdump.html index ef15b59..8c9932a 100644 --- a/tools/tcpdump.html +++ b/tools/tcpdump.html @@ -8,6 +8,10 @@ <h1>TCPDump</h1> <pre> + iftop + </pre> + + <pre> tcpdump -vvv -s 0 -l -n port 53 </pre> diff --git a/tools/vim.html b/tools/vim.html index d483e29..528c777 100644 --- a/tools/vim.html +++ b/tools/vim.html @@ -53,10 +53,21 @@ <p>Vertical split;</p> <pre> - :sp + :vsp + </pre> + + <p>Change horizontal to vertical</p> + <pre> + ctrl+w H + </pre> + + <p>Change vertical to horizontal</p> + <pre> + ctrl+w J </pre> <p>Move between window splits;</p> + <pre> ctrl+w (k,j,l,h) </pre> @@ -97,7 +108,6 @@ selection or object. For example to delete the next two words press: d + 2 + w. List of important operators objects, selections;</p> - <pre> <pre> operator + count + object |