changeset 3381:127dde80a0a5

docker: dockers images, first draft: This patch introduce new docker images, replacing the unmaintained ones which were in sat_docs. Images + docker-compose files are provided to use SàT backend and Libervia, but also to integrate and configure Prosody and SàT PubSub to run end-to-end tests.
author Goffi <goffi@goffi.org>
date Mon, 19 Oct 2020 09:30:45 +0200 (2020-10-19)
parents 4dbf9fcbf26d
children 3b08caa805e7
files docker/README docker/backend/Dockerfile docker/backend/sat.conf docker/backend/scripts/entrypoint.sh docker/backend_e2e/Dockerfile docker/backend_e2e/certificates/README docker/backend_e2e/certificates/minica-key.pem docker/backend_e2e/certificates/minica.pem docker/backend_e2e/certificates/server1.test/cert.pem docker/backend_e2e/certificates/server1.test/key.pem docker/backend_e2e/sat.conf docker/docker-compose.yml docker/docker-compose_e2e.yml docker/libervia/Dockerfile docker/prosody_e2e/Dockerfile docker/prosody_e2e/certificates/README docker/prosody_e2e/certificates/server1.test/cert.pem docker/prosody_e2e/certificates/server1.test/key.pem docker/prosody_e2e/entrypoint.sh docker/prosody_e2e/prosody.cfg.lua docker/pubsub/Dockerfile docker/pubsub/entrypoint.sh
diffstat 22 files changed, 539 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docker/README	Mon Oct 19 09:30:45 2020 +0200
@@ -0,0 +1,3 @@
+This directory and subdirectories contain files to build and manage Docker images of Salut à Toi.
+
+Please refer to documentation for details.
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docker/backend/Dockerfile	Mon Oct 19 09:30:45 2020 +0200
@@ -0,0 +1,51 @@
+FROM debian:buster
+
+LABEL maintainer="Goffi <tmp_dockerfiles@goffi.org>"
+
+ARG DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update && apt-get upgrade -y && \
+    apt-get install -y --no-install-recommends locales python3-dev python3-venv python3-wheel mercurial libxml2-dev libxslt-dev libcairo2-dev libjpeg-dev libgirepository1.0-dev libdbus-1-dev libdbus-glib-1-dev dbus-x11 cmake && \
+    \
+    # will be used to put many SàT specific data
+    mkdir -p /usr/share/sat/certificates && \
+    addgroup tls-cert --gid 9999 && \
+    chown :tls-cert /usr/share/sat/certificates && \
+    chmod 2770 /usr/share/sat/certificates && \
+    # it's better to have a dedicated user
+    useradd -m sat && adduser sat tls-cert && \
+    # we'll put all source there to have an easy mount point
+    mkdir /src && chown sat:sat /src && \
+    \
+    # we need UTF-8 locale
+    sed -i "s/# en_US.UTF-8/en_US.UTF-8/" /etc/locale.gen && locale-gen && \
+    \
+    # we need a TCP socket for D-Bus
+    sed -i "s&<listen>unix:tmpdir=/tmp</listen>&\0\n  <listen>tcp:host=localhost,bind=*,port=55555,family=ipv4</listen>\n  <auth>ANONYMOUS</auth>\n  <allow_anonymous/>&" /usr/share/dbus-1/session.conf
+
+ENV LC_ALL en_US.UTF-8
+
+WORKDIR /home/sat
+USER sat
+
+RUN python3 -m venv sat_env && sat_env/bin/pip install wheel && cd /src && \
+    # We install thoses packages in editable mode, so we can replace them easily with volumes.
+    # We need to move *.egg-info (generated by pip) out of src dirs, otherwise mounting
+    # local repos without it them cause troubles
+    hg clone https://repos.goffi.org/urwid-satext && ~/sat_env/bin/pip install -e urwid-satext && \
+    mv urwid-satext/urwid_satext.egg-info ~/sat_env/lib/python3.*/site-packages && \
+    hg clone https://repos.goffi.org/sat_tmp && ~/sat_env/bin/pip install -e sat_tmp && \
+    mv sat_tmp/sat_tmp.egg-info ~/sat_env/lib/python3.*/site-packages && \
+    hg clone https://repos.goffi.org/sat_templates && ~/sat_env/bin/pip install -e sat_templates && \
+    mv sat_templates/sat_templates.egg-info ~/sat_env/lib/python3.*/site-packages && \
+    hg clone https://repos.goffi.org/sat_media && \
+    hg clone https://repos.goffi.org/sat && ~/sat_env/bin/pip install -e 'sat[SVG]' && \
+    mv sat/sat.egg-info ~/sat_env/lib/python3.*/site-packages
+
+ENV DBUS_SESSION_BUS_ADDRESS=tcp:host=sat,port=55555,family=ipv4
+ENV PATH=/home/sat/sat_env/bin:$PATH
+
+COPY --chown=root:root sat.conf /etc/_sat.conf
+COPY --chown=sat:sat scripts/entrypoint.sh /home/sat/
+
+ENTRYPOINT ["/home/sat/entrypoint.sh"]
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docker/backend/sat.conf	Mon Oct 19 09:30:45 2020 +0200
@@ -0,0 +1,2 @@
+[DEFAULT]
+media_dir = /home/sat/sat_media
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docker/backend/scripts/entrypoint.sh	Mon Oct 19 09:30:45 2020 +0200
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+eval $(dbus-launch --sh-syntax)
+
+# default, backend is launched in foreground
+if [ $# -eq 0 ]
+then
+	exec sat fg
+fi
+
+# backend is launched with an explicit subcommand
+if [ $1 = fg -o $1 = bg -o $1 = debug -o $1 = stop -o $1 = status ]
+then
+	exec sat "$@"
+fi
+
+# a whole command is specified
+sat bg
+exec "$@"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docker/backend_e2e/Dockerfile	Mon Oct 19 09:30:45 2020 +0200
@@ -0,0 +1,20 @@
+FROM salutatoi/sat
+
+LABEL maintainer="Goffi <tmp_dockerfiles@goffi.org>"
+
+USER root
+
+# we install pre-generated certificates so we can do tests with valid TLS
+COPY --chown=root:root certificates/minica.pem /usr/local/share/ca-certificates/minica.crt
+COPY --chown=root:tls-cert certificates/server1.test/cert.pem /usr/share/sat/certificates/server1.test.pem
+COPY --chown=root:tls-cert certificates/server1.test/key.pem /usr/share/sat/certificates/server1.test-key.pem
+RUN update-ca-certificates
+
+COPY --chown=root:root sat.conf /etc/sat.conf
+
+WORKDIR /home/sat
+USER sat
+
+# we create the file sharing component which will autoconnect when backend is started
+RUN ./entrypoint.sh jp profile create file_sharing -j files.server1.test -p "" --xmpp-password test_e2e -C file_sharing -A && \
+sat stop
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docker/backend_e2e/certificates/README	Mon Oct 19 09:30:45 2020 +0200
@@ -0,0 +1,14 @@
+Those certificates are used to activate TLS for end-2-end testing (to be as
+close as possible as production environment), they are used in other containers
+needing TLS certificates (notably Prosody).
+
+To generate them, minica has been used. Minica can be found at https://github.com/jsha/minica.
+
+The following commands have been used:
+
+$ minica --domains "server1.test,*.server1.test,server2.test,server3.test,sat.test"
+$ chmod 0644 minica.pem
+$ chmod 0644 server1.test/cert.pem
+$ chmod 0640 server1.test/key.pem
+
+Note that certificates are valid for 2 years and 30 days, so they must be renewed after this delay.
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docker/backend_e2e/certificates/minica-key.pem	Mon Oct 19 09:30:45 2020 +0200
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA1tNEhyBVuicN4NpD7ZTUj5aTz2OUfPaQn41XC7QVKjlvlzFv
+d4cJMJLf7jWaAuRK5/Rs8Mzpc/AMTrn1N68gTfhqv5eykqkyNsGBnoZL93gr5UXR
+V5YPDlfpUdExVfMNS6uTERaz5SKH1/yKvQQ6kTxVTNoxeA58iQuwpV/O3hsj8a7U
+2oTf36Wz55aqbpda+S/3D6qZnjPbNQY0h5SY98QlaB3jPVG11/sRX2BIeRgdczTW
+5fzdlMdvAEG8o/JXLcjoQZyK6EnOBfd/8uYINV1JI7mXVk77PmpJRLVFy4LU78Qd
+RkRfjBafr6KqrgrY8yZB7z1Rzdkc2r8StwCtKQIDAQABAoIBAQDBpLDZ6SC9ayTM
+cZLXnte4EvBr+gRIXG1jFSHIr+yAIkPfkrU6liOHgG2QKQsJ3kVTLvXgXaV2V4SQ
+lnlfV2IURn/a8mAKaa+UwfsYLVBe4xkWU0fv3pj1wfLUSHBjXHK4qhEoT0GbovO2
+krNwzFYKwsrVOr1qzgwd8MarW2B6vW9gMmy8XKX27A4h3/Kmmm1xqzIFDWxox5Ey
+oo6Vi5RTC+NBcOoZyRsEXMsch9CWM/Jb4mXtOhjhVDvHdixLRVNpYWp/pYEdT9DC
+k3Z9QITnmluW4z8epDtQVAOYl7kAckYI3Jloh6UcuT+6lNF2JRBEoKIi7txf2tyR
+EDfYUe1NAoGBAO7KXA8PaGMnaolNk3ewgbIdVqNFk0UesLKEf4rdqbnODRIxQPiK
+y8Kvut4g03AGKxFEZoV/eKCzU85vBfvWWfgrhYfc6wK1dgt04/xwqbt0k+WUqBau
+IiXiCfSJ6C0cVzeQo4ULRwrXGSGBgm84fS/OkDt6SmPu6qe+040xlyMjAoGBAOZO
+wSWB/auhocho40wXSNVZo2TsQ1Np8dpyouueaDR9nVdxhSclc07ebTFNMXyXmiim
+cPMi0aRRoKN3vWLAdS9H/m51oynLavRjD/tM2ffgio6ZDav3VmeXbVhAC6Jx1mdO
+e+msVfBhkbr8/Hw5Huvbq+Jg0ek+cLK9dJ2idMlDAoGACK+zyZh146V7aqM3yhLR
+pPkMPcQ6JzmGk/fd699EXU3xi8fe5SunXd2mno3zIxAWYPpsAE8yxCXB1rCTNyYE
+/9IVeWu/4MlZEfGemYA/rGIBP0i5FJohA9/FHPAnUfzF72+Dg0N1wh8w+tcLN6CG
+bUbGWGOKcTgvsQpwB6LWLKECgYEA42tDKNGK94883VRNltarUhoY0dDHzregXjCz
+Fm2uwp6D31Q2wuglS+0x7+wlAL4HOTrZ8A0i7Nq6AJF9zuTzEoRKBzNcsimvbLHh
+lypVVoNA7vzN1lD/3n1WOT3M/1Tf/dUvYRiPKDaAnB+zBsu07/xUZ89pmKPSz31r
+iTlhj1cCgYBK/Qp6YIljE76v1zbmg0wxlJOUdJsgz+9NT6CxgixZc6W4ZhJa6UxG
+uJlsHlY5VENHn6o4OQypNUkbne82o7ahA+J2lgHPSTS7+pp++iKn8gBbDpHsWFI8
+X+WOhrEIfy5E/NVIMc04UJTPsI8ulO/vfyzO0xodeqEr/uizg6eqew==
+-----END RSA PRIVATE KEY-----
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docker/backend_e2e/certificates/minica.pem	Mon Oct 19 09:30:45 2020 +0200
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDSzCCAjOgAwIBAgIIAo5tHhN+8L4wDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
+AxMVbWluaWNhIHJvb3QgY2EgMDI4ZTZkMCAXDTIwMTAxNTE1NTgzNloYDzIxMjAx
+MDE1MTU1ODM2WjAgMR4wHAYDVQQDExVtaW5pY2Egcm9vdCBjYSAwMjhlNmQwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDW00SHIFW6Jw3g2kPtlNSPlpPP
+Y5R89pCfjVcLtBUqOW+XMW93hwkwkt/uNZoC5Ern9GzwzOlz8AxOufU3ryBN+Gq/
+l7KSqTI2wYGehkv3eCvlRdFXlg8OV+lR0TFV8w1Lq5MRFrPlIofX/Iq9BDqRPFVM
+2jF4DnyJC7ClX87eGyPxrtTahN/fpbPnlqpul1r5L/cPqpmeM9s1BjSHlJj3xCVo
+HeM9UbXX+xFfYEh5GB1zNNbl/N2Ux28AQbyj8lctyOhBnIroSc4F93/y5gg1XUkj
+uZdWTvs+aklEtUXLgtTvxB1GRF+MFp+voqquCtjzJkHvPVHN2RzavxK3AK0pAgMB
+AAGjgYYwgYMwDgYDVR0PAQH/BAQDAgKEMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
+BgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSeeFeFn1GBlQwZ
+JMKrZAZm5F3MrzAfBgNVHSMEGDAWgBSeeFeFn1GBlQwZJMKrZAZm5F3MrzANBgkq
+hkiG9w0BAQsFAAOCAQEAdjQmoZeC30WvhJTJNx5kbk8+o+6sxEHdxOdo0Ck/eycC
+hH86ZXhllNX9FRO7NWrxi+f1oEfkOqgZY2yPyxaDC/1JznsfHLpbOpz1C4y5UIXb
+IinDKCCtQwEpz9HB3B3bTKToDX32pX2BbdiUXmqppNlkrL5QUuFciCMXwUT8VoU4
+JCGAF0mWQ42ztkzaaV0m5dHO7NMdd3Gb4F3zSbl5/68Zvn69JxCAzLsHhjJKF1bD
+BJ/ZwBrBhM9HTr0ydujaBKRHN65BwycoUSDrLN1k7HRUNFEfRSC1KItxZhkjp1H2
+vrZZPD2BhqpqKDGWnr4Pt302MVMzmJ9/KYmw60Q+Pg==
+-----END CERTIFICATE-----
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docker/backend_e2e/certificates/server1.test/cert.pem	Mon Oct 19 09:30:45 2020 +0200
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDajCCAlKgAwIBAgIIGiq8h878I2UwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
+AxMVbWluaWNhIHJvb3QgY2EgMDI4ZTZkMB4XDTIwMTAxNTE1NTgzN1oXDTIyMTEx
+NDE2NTgzN1owFzEVMBMGA1UEAxMMc2VydmVyMS50ZXN0MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA4DGw8na006QD8nUviZ+zqbvx932RzvdPMLU56GA8
+4vDrRhJy/0R1KrZ/4IxgPxmAJ1zXsgHMwSVy4sQiplhzrh3WKt1e8/Q4B4RJOexa
+B++dKIu7RLOoByVocikJle0wXqhJy4dwWz5mg2SGXyiya//QEgK29TJYAK7n8oxB
+vN/mFGxd0rOLMONVa8hQTfv6cVktP5PoXN0VVm8iC6nJjlLK1XzO1+VQeB/9j9cU
+UfO9EJxJUoBuGIRIzu0HrIUZVAxbtST5U5Pp0JgiUisl0AD95vG/d0qK5JUTrSIo
+l8/5QtpMLWlXmwzqF+N3CxaQQYYBLKLrBzgmr2Zq3IHyzwIDAQABo4GwMIGtMA4G
+A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD
+VR0TAQH/BAIwADAfBgNVHSMEGDAWgBSeeFeFn1GBlQwZJMKrZAZm5F3MrzBNBgNV
+HREERjBEggxzZXJ2ZXIxLnRlc3SCDiouc2VydmVyMS50ZXN0ggxzZXJ2ZXIyLnRl
+c3SCDHNlcnZlcjMudGVzdIIIc2F0LnRlc3QwDQYJKoZIhvcNAQELBQADggEBAMQ8
+LKB9rDhhsfQplKLRWIg9ZwDDkb1aeqPiyvKgeufbocMC9V1TF74WK/JD2Ai77d5t
+kuOwLm1pAFOlch6ziCnMLioID9uL4Qq9eDqQF2b62QPgRfWOzfEBgAvml6OSVZB9
+xMiKHtJAoZwK+eqtyaJpT/m6IAO6qkOSrGakuNoGdbAa0YaiwuFVWBsL7Y7cl7TJ
+iwWIAtHxjpxu8wFCKMfHgx81cVpC18CFxCJNE/QaQCATRC5BlPH+U7b5o2iEUAsB
+GRfYChjAgthyvjHvHu+NkmsrMrNJz+1C9kvLcBvrYNoz1IZOkK/LO2SJA5EzMchV
++/bh3qFF/VGNI0RNbVs=
+-----END CERTIFICATE-----
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docker/backend_e2e/certificates/server1.test/key.pem	Mon Oct 19 09:30:45 2020 +0200
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA4DGw8na006QD8nUviZ+zqbvx932RzvdPMLU56GA84vDrRhJy
+/0R1KrZ/4IxgPxmAJ1zXsgHMwSVy4sQiplhzrh3WKt1e8/Q4B4RJOexaB++dKIu7
+RLOoByVocikJle0wXqhJy4dwWz5mg2SGXyiya//QEgK29TJYAK7n8oxBvN/mFGxd
+0rOLMONVa8hQTfv6cVktP5PoXN0VVm8iC6nJjlLK1XzO1+VQeB/9j9cUUfO9EJxJ
+UoBuGIRIzu0HrIUZVAxbtST5U5Pp0JgiUisl0AD95vG/d0qK5JUTrSIol8/5QtpM
+LWlXmwzqF+N3CxaQQYYBLKLrBzgmr2Zq3IHyzwIDAQABAoIBAQCZwvrtEGUs0kyy
+uZSE+zcprnFhoImkPRHfAixZJ8gajcmPIZAlazpAtTI3O4+3NzIhzRdSStG3louY
+45QwKnIMdQIyG+nHvzO+VAg05dlJoBlVeaBSmjUf0ZQ019hvL2IBScJzCM0Sh1Wf
+wA44rZzRXX3DHIGG4aRhs5P5UiCz/EMbZYZcHVoly7FKv+wfwXII5CeKbnXyFnFo
+SbnhNd/knvKukyQSGd1MDyd6eiGudCIogH9c7VGjSEwvCdqh19VEEfH2UMdt0uHJ
+Sh/0RFDpktVNF7xgdVg8e2+NLGuPo3+XtyQsMB3KffYgsuYOdAwNxifxsjPtUigf
+QNDDi4vBAoGBAPGPvbGlIigpKP35KravHmeoYsb86v1LDzaR7syXxPpiH0flHKIp
+pRlIuiv78aWYzspHYzmZDz0QHIUWbKL7i/X18Fm5R8JnzpIoqlTj47nxlYf99xke
+5cWM51KswlHcQffmQzOmPke94Ah56HjVQmeOXMYbSYrpBupjyz2BihBJAoGBAO2Y
+M+nuKuarM0APQcXRuoB6VGr2JZnwrVctU19v7l8SU92f/aaOgTFjOVQKTqk/HT6f
+j/9zM6Sf6qZEfA4lCGg3CwA6aFVjaHxVdYHN2PH/bqI4pDT7RjdmpfZaaJU2LBIF
+C/HZIsISX1bzkO17DQfzsIXFOP4/66DwClpHdxpXAoGAeCM3AqzQKg0eeAF9/tFl
+W8RhK/oJnOPBszAtBc/NhYFbcVQ/Q19W3xZOkSWCbwtqfSu366N18raamI4ohX55
+g2BHozgEumkKUaKr5ABa99VwuuvSAspdGD0VpwaItlHG9VWtwnhBrUh/rXeD6OSX
+XA1vko9rqgxvBg+Puw077xECgYBbenuaeRHZiFcONhGb6blGGFOCb01g7PLAmvn7
+x+vefP7/WMdfpoSFkG+VNPa+YUeQQf0+XIuouc2twLaG96k5/t9kchiTr9ed74Vz
+ud7qpe9h1C8dGxYY5JPHu12C/b2QHpNPxcuFL2+32cWWOgd1ZVU03A+qjM/bQjCq
+O9PWtwKBgHJydIaMPm1cWUPVBwFvEyat0meF6O0IXqkTZnoE1JI92hG0iUK0h94q
+b/pZSfxeEzc208TbP+mu2PIolv4oGbuBcCDprhRQZYubcxsDcWbNlpYld6uKju9n
+eE7kmSqcu6d8si4BLCydlBfjjT5WUd7aYKVvXenYRHP4+NkxN+Vn
+-----END RSA PRIVATE KEY-----
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docker/backend_e2e/sat.conf	Mon Oct 19 09:30:45 2020 +0200
@@ -0,0 +1,4 @@
+[component file_sharing]
+tls_certificate = /usr/share/sat/certificates/server1.test.pem
+tls_private_key = /usr/share/sat/certificates/server1.test-key.pem
+http_upload_public_facing_url = https://sat.test:8888
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docker/docker-compose.yml	Mon Oct 19 09:30:45 2020 +0200
@@ -0,0 +1,11 @@
+version: "3.6"
+services:
+
+  sat:
+    image: salutatoi/sat
+    build: backend
+
+  libervia:
+    build: libervia
+    depends_on:
+      - sat
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docker/docker-compose_e2e.yml	Mon Oct 19 09:30:45 2020 +0200
@@ -0,0 +1,42 @@
+version: "3.6"
+services:
+
+  prosody:
+    build: prosody_e2e
+    image: salutatoi/prosody_e2e
+    depends_on:
+      # we need to depend on sat to get IP address of the container for conf
+      - sat
+    tmpfs: /var/lib/prosody
+    tmpfs: /var/log/prosody
+    networks:
+      default:
+        aliases:
+          - server1.test
+          - server2.test
+          - server3.test
+
+  db:
+    image: postgres
+    environment:
+      POSTGRES_PASSWORD: test_e2e
+      POSTGRES_DB: pubsub
+    tmpfs: /var/lib/postgresql/data
+
+  pubsub:
+    build: pubsub
+    image: salutatoi/sat_pubsub
+    depends_on:
+      - db
+      - prosody
+    environment:
+      PGHOST: db
+      PGUSER: postgres
+      PGPASSWORD: test_e2e
+      SAT_PUBSUB_RHOST: server1.test
+      SAT_PUBSUB_JID: pubsub.server1.test
+      SAT_PUBSUB_XMPP_PWD: test_e2e
+
+  sat:
+    build: backend_e2e
+    image: salutatoi/sat_e2e
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docker/libervia/Dockerfile	Mon Oct 19 09:30:45 2020 +0200
@@ -0,0 +1,17 @@
+FROM salutatoi/sat:latest
+
+LABEL maintainer="Goffi <tmp_dockerfiles@goffi.org>"
+
+ARG DEBIAN_FRONTEND=noninteractive
+
+USER root
+
+RUN apt-get install -y --no-install-recommends yarnpkg
+WORKDIR /home/sat
+USER sat
+RUN cd /src && hg clone https://repos.goffi.org/libervia && \
+    ~/sat_env/bin/pip install -e libervia && \
+    mv libervia/libervia.egg-info ~/sat_env/lib/python3.*/site-packages
+
+ENTRYPOINT ["libervia"]
+CMD ["fg"]
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docker/prosody_e2e/Dockerfile	Mon Oct 19 09:30:45 2020 +0200
@@ -0,0 +1,22 @@
+FROM prosody/prosody
+
+LABEL maintainer="Goffi <tmp_dockerfiles@goffi.org>"
+
+ARG DEBIAN_FRONTEND=noninteractive
+
+# we synchronize tls-cert group with the one in salutatoi/sat
+RUN addgroup tls-cert --gid 9999 && adduser prosody tls-cert && \
+    # we want third party modules
+    apt-get update && apt-get install -y --no-install-recommends mercurial && \
+    mkdir -p /usr/local/share/prosody && \
+    hg clone https://hg.prosody.im/prosody-modules /usr/local/share/prosody/modules && \
+    chown -R prosody:prosody /usr/local/share/prosody
+
+COPY --chown=root:prosody prosody.cfg.lua /etc/prosody/prosody.cfg.lua
+COPY --chown=root:tls-cert certificates/server1.test/cert.pem /usr/share/sat/certificates/server1.test.pem
+COPY --chown=root:tls-cert certificates/server1.test/key.pem /usr/share/sat/certificates/server1.test-key.pem
+
+# we add exec to handle properly signals, this is missing upstream
+# FIXME: to be removed when new images are generated with
+#        https://github.com/prosody/prosody-docker/pull/65
+RUN sed -i "s/^runuser -u prosody/exec \0/" /entrypoint.sh
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docker/prosody_e2e/certificates/README	Mon Oct 19 09:30:45 2020 +0200
@@ -0,0 +1,2 @@
+this certificates are used to enable TLS during tests. Those must be the same as in
+backend_e2e (they are generated there)
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docker/prosody_e2e/certificates/server1.test/cert.pem	Mon Oct 19 09:30:45 2020 +0200
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDajCCAlKgAwIBAgIIGiq8h878I2UwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
+AxMVbWluaWNhIHJvb3QgY2EgMDI4ZTZkMB4XDTIwMTAxNTE1NTgzN1oXDTIyMTEx
+NDE2NTgzN1owFzEVMBMGA1UEAxMMc2VydmVyMS50ZXN0MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA4DGw8na006QD8nUviZ+zqbvx932RzvdPMLU56GA8
+4vDrRhJy/0R1KrZ/4IxgPxmAJ1zXsgHMwSVy4sQiplhzrh3WKt1e8/Q4B4RJOexa
+B++dKIu7RLOoByVocikJle0wXqhJy4dwWz5mg2SGXyiya//QEgK29TJYAK7n8oxB
+vN/mFGxd0rOLMONVa8hQTfv6cVktP5PoXN0VVm8iC6nJjlLK1XzO1+VQeB/9j9cU
+UfO9EJxJUoBuGIRIzu0HrIUZVAxbtST5U5Pp0JgiUisl0AD95vG/d0qK5JUTrSIo
+l8/5QtpMLWlXmwzqF+N3CxaQQYYBLKLrBzgmr2Zq3IHyzwIDAQABo4GwMIGtMA4G
+A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD
+VR0TAQH/BAIwADAfBgNVHSMEGDAWgBSeeFeFn1GBlQwZJMKrZAZm5F3MrzBNBgNV
+HREERjBEggxzZXJ2ZXIxLnRlc3SCDiouc2VydmVyMS50ZXN0ggxzZXJ2ZXIyLnRl
+c3SCDHNlcnZlcjMudGVzdIIIc2F0LnRlc3QwDQYJKoZIhvcNAQELBQADggEBAMQ8
+LKB9rDhhsfQplKLRWIg9ZwDDkb1aeqPiyvKgeufbocMC9V1TF74WK/JD2Ai77d5t
+kuOwLm1pAFOlch6ziCnMLioID9uL4Qq9eDqQF2b62QPgRfWOzfEBgAvml6OSVZB9
+xMiKHtJAoZwK+eqtyaJpT/m6IAO6qkOSrGakuNoGdbAa0YaiwuFVWBsL7Y7cl7TJ
+iwWIAtHxjpxu8wFCKMfHgx81cVpC18CFxCJNE/QaQCATRC5BlPH+U7b5o2iEUAsB
+GRfYChjAgthyvjHvHu+NkmsrMrNJz+1C9kvLcBvrYNoz1IZOkK/LO2SJA5EzMchV
++/bh3qFF/VGNI0RNbVs=
+-----END CERTIFICATE-----
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docker/prosody_e2e/certificates/server1.test/key.pem	Mon Oct 19 09:30:45 2020 +0200
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA4DGw8na006QD8nUviZ+zqbvx932RzvdPMLU56GA84vDrRhJy
+/0R1KrZ/4IxgPxmAJ1zXsgHMwSVy4sQiplhzrh3WKt1e8/Q4B4RJOexaB++dKIu7
+RLOoByVocikJle0wXqhJy4dwWz5mg2SGXyiya//QEgK29TJYAK7n8oxBvN/mFGxd
+0rOLMONVa8hQTfv6cVktP5PoXN0VVm8iC6nJjlLK1XzO1+VQeB/9j9cUUfO9EJxJ
+UoBuGIRIzu0HrIUZVAxbtST5U5Pp0JgiUisl0AD95vG/d0qK5JUTrSIol8/5QtpM
+LWlXmwzqF+N3CxaQQYYBLKLrBzgmr2Zq3IHyzwIDAQABAoIBAQCZwvrtEGUs0kyy
+uZSE+zcprnFhoImkPRHfAixZJ8gajcmPIZAlazpAtTI3O4+3NzIhzRdSStG3louY
+45QwKnIMdQIyG+nHvzO+VAg05dlJoBlVeaBSmjUf0ZQ019hvL2IBScJzCM0Sh1Wf
+wA44rZzRXX3DHIGG4aRhs5P5UiCz/EMbZYZcHVoly7FKv+wfwXII5CeKbnXyFnFo
+SbnhNd/knvKukyQSGd1MDyd6eiGudCIogH9c7VGjSEwvCdqh19VEEfH2UMdt0uHJ
+Sh/0RFDpktVNF7xgdVg8e2+NLGuPo3+XtyQsMB3KffYgsuYOdAwNxifxsjPtUigf
+QNDDi4vBAoGBAPGPvbGlIigpKP35KravHmeoYsb86v1LDzaR7syXxPpiH0flHKIp
+pRlIuiv78aWYzspHYzmZDz0QHIUWbKL7i/X18Fm5R8JnzpIoqlTj47nxlYf99xke
+5cWM51KswlHcQffmQzOmPke94Ah56HjVQmeOXMYbSYrpBupjyz2BihBJAoGBAO2Y
+M+nuKuarM0APQcXRuoB6VGr2JZnwrVctU19v7l8SU92f/aaOgTFjOVQKTqk/HT6f
+j/9zM6Sf6qZEfA4lCGg3CwA6aFVjaHxVdYHN2PH/bqI4pDT7RjdmpfZaaJU2LBIF
+C/HZIsISX1bzkO17DQfzsIXFOP4/66DwClpHdxpXAoGAeCM3AqzQKg0eeAF9/tFl
+W8RhK/oJnOPBszAtBc/NhYFbcVQ/Q19W3xZOkSWCbwtqfSu366N18raamI4ohX55
+g2BHozgEumkKUaKr5ABa99VwuuvSAspdGD0VpwaItlHG9VWtwnhBrUh/rXeD6OSX
+XA1vko9rqgxvBg+Puw077xECgYBbenuaeRHZiFcONhGb6blGGFOCb01g7PLAmvn7
+x+vefP7/WMdfpoSFkG+VNPa+YUeQQf0+XIuouc2twLaG96k5/t9kchiTr9ed74Vz
+ud7qpe9h1C8dGxYY5JPHu12C/b2QHpNPxcuFL2+32cWWOgd1ZVU03A+qjM/bQjCq
+O9PWtwKBgHJydIaMPm1cWUPVBwFvEyat0meF6O0IXqkTZnoE1JI92hG0iUK0h94q
+b/pZSfxeEzc208TbP+mu2PIolv4oGbuBcCDprhRQZYubcxsDcWbNlpYld6uKju9n
+eE7kmSqcu6d8si4BLCydlBfjjT5WUd7aYKVvXenYRHP4+NkxN+Vn
+-----END RSA PRIVATE KEY-----
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docker/prosody_e2e/entrypoint.sh	Mon Oct 19 09:30:45 2020 +0200
@@ -0,0 +1,15 @@
+#!/bin/bash
+set -e
+
+usermod -u "$(stat -c %u /var/lib/prosody/.)" prosody
+
+if [[ "$1" != "prosody" ]]; then
+    exec prosodyctl "$@"
+    exit 0;
+fi
+
+if [ "$LOCAL" -a  "$PASSWORD" -a "$DOMAIN" ] ; then
+    prosodyctl register "$LOCAL" "$DOMAIN" "$PASSWORD"
+fi
+
+exec runuser -u prosody -- "$@"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docker/prosody_e2e/prosody.cfg.lua	Mon Oct 19 09:30:45 2020 +0200
@@ -0,0 +1,115 @@
+-- Prosody XMPP Server Configuration
+-- Adapted for SàT e2e tests
+
+local socket = require "socket"
+
+daemonize = false;
+admins = { }
+
+plugin_paths = { "/usr/local/share/prosody/modules" }
+
+modules_enabled = {
+	"admin_adhoc";
+	"blocklist";
+	"carbons";
+	"csi";
+	"csi_simple";
+	"delegation";
+	"dialback";
+	"disco";
+	"mam";
+	"pep";
+	"ping";
+	"private";
+	"privilege";
+	"register";
+	"roster";
+	"saslauth";
+	"smacks";
+	"time";
+	"tls";
+	"uptime";
+	"vcard4";
+	"vcard_legacy";
+	"version";
+}
+
+modules_disabled = {
+}
+
+allow_registration = true
+registration_whitelist = { socket.dns.toip("sat") }
+whitelist_registration_only = true
+
+c2s_require_encryption = true
+s2s_require_encryption = true
+s2s_secure_auth = false
+
+pidfile = "/var/run/prosody/prosody.pid"
+
+authentication = "internal_hashed"
+
+archive_expires_after = "1d"
+
+log = {
+    {levels = {min = "info"}, to = "console"};
+}
+
+certificates = "certs"
+
+ssl = {
+	key = "/usr/share/sat/certificates/server1.test-key.pem";
+	certificate = "/usr/share/sat/certificates/server1.test.pem";
+}
+
+component_interface = "*"
+
+VirtualHost "server1.test"
+	privileged_entities = {
+		["pubsub.server1.test"] = {
+			roster = "get";
+            message = "outgoing";
+			presence = "roster";
+		},
+	}
+
+	delegations = {
+		["urn:xmpp:mam:2"] = {
+			filtering = {"node"};
+			jid = "pubsub.server1.test";
+		},
+		["http://jabber.org/protocol/pubsub"] = {
+			jid = "pubsub.server1.test";
+		},
+		["http://jabber.org/protocol/pubsub#owner"] = {
+			jid = "pubsub.server1.test";
+		},
+		["https://salut-a-toi/protocol/schema:0"] = {
+			jid = "pubsub.server1.test";
+		},
+		["http://jabber.org/protocol/disco#items:*"] = {
+			jid = "pubsub.server1.test";
+		},
+		["https://salut-a-toi.org/spec/pubsub_admin:0"] = {
+			jid = "pubsub.server1.test";
+		},
+	}
+
+VirtualHost "server2.test"
+
+VirtualHost "server3.test"
+
+-- Component "muc.server1.test" "muc"
+-- 	modules_enabled = {
+-- 		"muc_mam";
+-- 		"vcard";
+-- 	}
+
+Component "pubsub.server1.test"
+	component_secret = "test_e2e"
+	modules_enabled = {"privilege", "delegation"}
+
+Component "proxy.server1.test" "proxy65"
+
+Component "files.server1.test"
+	component_secret = "test_e2e"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docker/pubsub/Dockerfile	Mon Oct 19 09:30:45 2020 +0200
@@ -0,0 +1,30 @@
+FROM debian:buster
+
+LABEL maintainer="Goffi <tmp_dockerfiles@goffi.org>"
+
+ARG DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update && apt-get upgrade -y && \
+    apt-get install -y --no-install-recommends locales python3-dev python3-venv python3-wheel mercurial libpq-dev gcc postgresql-client && \
+    # it's better to have a dedicated user
+    useradd -m sat && \
+    mkdir /src && chown sat:sat /src && \
+    \
+    # we need UTF-8 locale
+    sed -i "s/# en_US.UTF-8/en_US.UTF-8/" /etc/locale.gen && locale-gen
+
+ENV LC_ALL en_US.UTF-8
+
+WORKDIR /home/sat
+COPY entrypoint.sh /home/sat
+RUN chown sat:sat /home/sat/entrypoint.sh && chmod 0555 /home/sat/entrypoint.sh
+
+USER sat
+RUN python3 -m venv sat_env && sat_env/bin/pip install wheel && cd /src && \
+    # we install thoses packages in editable mode, so we can replace them easily with volumes
+    hg clone https://repos.goffi.org/sat_tmp && ~/sat_env/bin/pip install -e sat_tmp && \
+    mv sat_tmp/sat_tmp.egg-info ~/sat_env/lib/python3.*/site-packages && \
+    hg clone https://repos.goffi.org/sat_pubsub && ~/sat_env/bin/pip install -e sat_pubsub && \
+    mv sat_pubsub/sat_pubsub.egg-info ~/sat_env/lib/python3.*/site-packages
+
+ENTRYPOINT ["/home/sat/entrypoint.sh"]
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docker/pubsub/entrypoint.sh	Mon Oct 19 09:30:45 2020 +0200
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+# we first need to wait for PostgreSQL
+# cf. https://stackoverflow.com/a/39028690 (thanks!)
+
+RETRIES=5
+
+until psql -c "select 1" > /dev/null 2>&1 || [ $RETRIES -eq 0 ]; do
+  echo "Waiting for postgres server, $((RETRIES--)) remaining attempts…"
+  sleep 1
+done
+
+ori_dir=${PWD}
+cd /src/sat_pubsub/db
+
+# PG should be OK, we now initialize the database. If it's already done, it will fail
+# with exit code 3
+psql -v ON_ERROR_STOP=1 pubsub < pubsub.sql 2>/dev/null
+case $? in
+    0) printf "database initialized\n" ;;
+    3) printf "database already exists\n" ;;
+    *) printf "can't initialize database, please check PostgreSQL container parameters\n" >&2
+       exit 1
+       ;;
+esac
+
+cd $ori_dir
+
+exec /home/sat/sat_env/bin/twistd -n sat-pubsub "$@"