better lemur integration

db/gen/create_tables.sql

@@ -1,148 +0,0 @@
--- Deployment
-CREATE TABLE Deployment (
-  DeploymentId SERIAL PRIMARY KEY,
-  ProviderType VARCHAR(255) NOT NULL,
-  TargetType VARCHAR(255) NOT NULL,
-  TargetName VARCHAR(255) NOT NULL,
-  FactoryCluster VARCHAR(255),
-  FactoryNodeName VARCHAR(255),
-  CPU INTEGER,
-  VCPU INTEGER,
-  Memory INTEGER,
-  Labels VARCHAR(255) [] DEFAULT '{}',
-  UNIQUE (TargetType, TargetName)
-);
-CREATE INDEX Deployment_FactoryNodeName_index ON Deployment(FactoryNodeName);
-
--- Cluster
-CREATE TABLE FactoryCluster (
-  ClusterId SERIAL PRIMARY KEY,
-  ClusterName VARCHAR(255) NOT NULL UNIQUE,
-  ClusterDescription VARCHAR(255) NOT NULL,
-  VirtualIp VARCHAR(15) NOT NULL,
-  ZoneName VARCHAR(255) NOT NULL
-);
-
--- Node in Cluster
-CREATE TABLE FactoryClusterNode (
-  ClusterNodeId SERIAL PRIMARY KEY,
-  ClusterId INTEGER NOT NULL,
-  ServerName VARCHAR(255) NOT NULL UNIQUE,
-  FOREIGN KEY (ClusterId) REFERENCES FactoryCluster(ClusterId)
-);
-CREATE INDEX FactoryClusterNode_ServerName_index ON FactoryClusterNode(ServerName);
--- Site
-CREATE TABLE Site (
-  SiteId SERIAL PRIMARY KEY,
-  SiteName VARCHAR(255) NOT NULL UNIQUE,
-  SiteDescription VARCHAR(255) NOT NULL
-);
-
--- Zone
-CREATE TABLE Zone (
-  ZoneId SERIAL PRIMARY KEY,
-  ZoneName VARCHAR(255) NOT NULL UNIQUE,
-  ZoneDescription VARCHAR(255) NOT NULL,
-  SitesName VARCHAR(255) [] NOT NULL
-);
-
--- Server
-CREATE TABLE Server (
-  ServerId SERIAL PRIMARY KEY,
-  ServerName VARCHAR(255) NOT NULL UNIQUE,
-  ServerDescription VARCHAR(255) NOT NULL,
-  ServerServermodelName VARCHAR(255) NOT NULL,
-  ReleaseDistribution VARCHAR(255) NOT NULL,
-  SiteName VARCHAR(255) NOT NULL,
-  ZonesName VARCHAR(255) [] NOT NULL,
-  ZonesIP VARCHAR(255) [] NOT NULL
-);
--- Source
-CREATE TABLE Source (
-  SourceId SERIAL PRIMARY KEY,
-  SourceName VARCHAR(255) NOT NULL UNIQUE,
-  SourceURL TEXT
-);
-
--- Release
-CREATE TABLE Release (
-  ReleaseId SERIAL PRIMARY KEY,
-  ReleaseName VARCHAR(255) NOT NULL,
-  ReleaseSourceId INTEGER NOT NULL,
-  ReleaseDistribution VARCHAR(20) CONSTRAINT releasedistribution_choice CHECK (ReleaseDistribution IN ('last', 'n-1', 'n-2')),
-  UNIQUE (ReleaseName, ReleaseSourceId),
-  UNIQUE (ReleaseDistribution, ReleaseSourceId),
-  FOREIGN KEY (ReleaseSourceId) REFERENCES Source(SourceId)
-);
-
--- Servermodel
-CREATE TABLE Servermodel (
-  ServermodelId SERIAL PRIMARY KEY,
-  ServermodelName VARCHAR(255) NOT NULL,
-  ServermodelDescription VARCHAR(255) NOT NULL,
-  Osname VARCHAR(255),
-  Osversion VARCHAR(255),
-  ISO VARCHAR(255),
-  ServermodelParents VARCHAR(255) [] DEFAULT '{}',
-  SourceName VARCHAR(255) NOT NULL,
-  ReleaseDistribution VARCHAR(255) NOT NULL,
-  ServermodelApplicationserviceId INTEGER NOT NULL,
-  UNIQUE (ServermodelName, SourceName, ReleaseDistribution)
-);
-CREATE INDEX ServermodelApplicationserviceId_index ON Servermodel (ServermodelApplicationserviceId);
-
--- Applicationservice
-CREATE TABLE Applicationservice (
-  ApplicationserviceId SERIAL PRIMARY KEY,
-  ApplicationserviceName VARCHAR(255) NOT NULL,
-  ApplicationserviceDescription VARCHAR(255) NOT NULL,
-  ApplicationserviceReleaseId INTEGER NOT NULL,
-  OS JSON,
-  UNIQUE (ApplicationserviceName, ApplicationserviceReleaseId)
-);
-
-CREATE TABLE ApplicationserviceDependency (
-  ApplicationserviceId INTEGER NOT NULL,
-  ApplicationserviceDependencyId INTEGER NOT NULL,
-  UNIQUE(ApplicationserviceId, ApplicationserviceDependencyId),
-  FOREIGN KEY (ApplicationserviceId) REFERENCES Applicationservice(ApplicationserviceId),
-  FOREIGN KEY (ApplicationserviceDependencyId) REFERENCES Applicationservice(ApplicationserviceId)
-);
-
--- Log
-CREATE TABLE log(
-  Msg VARCHAR(255) NOT NULL,
-  Level VARCHAR(10) NOT NULL,
-  Path VARCHAR(255),
-  Username VARCHAR(100) NOT NULL,
-  Data JSON,
-  Date timestamp DEFAULT current_timestamp
-);
--- User, Role and ACL
-CREATE TABLE RisottoUser (
-  UserId SERIAL PRIMARY KEY,
-  UserLogin VARCHAR(100) NOT NULL UNIQUE,
-  UserName VARCHAR(100) NOT NULL,
-  UserSurname VARCHAR(100) NOT NULL
-);
-
-CREATE TABLE UserRole (
-  RoleId SERIAL PRIMARY KEY,
-  RoleUserId INTEGER NOT NULL,
-  RoleName VARCHAR(255) NOT NULL,
-  RoleAttribute VARCHAR(255),
-  RoleAttributeValue VARCHAR(255),
-  FOREIGN KEY (RoleUserId) REFERENCES RisottoUser(UserId)
-);
-
-CREATE TABLE URI (
-  URIId SERIAL PRIMARY KEY,
-  URIName VARCHAR(255) NOT NULL UNIQUE
-);
-
-CREATE TABLE RoleURI (
-  RoleName VARCHAR(255) NOT NULL,
-  URIId INTEGER NOT NULL,
-  FOREIGN KEY (URIId) REFERENCES URI(URIId),
-  PRIMARY KEY (RoleName, URIId)
-);

debian/changelog

@@ -1,5 +0,0 @@
-eole-risotto (0.1) unstable; urgency=medium
-
-  * Création du paquet
-
- -- Cadoles <contact@cadoles.com>  Thu, 02 Apr 2020 10:43:03 +0200

debian/compat

@@ -1 +0,0 @@
-11

debian/control

@@ -1,18 +0,0 @@
-Source: eole-risotto
-Section: admin
-Priority: optional
-Maintainer: Cadoles <contact@cadoles.com>
-Build-Depends: debhelper (>= 11)
-Standards-Version: 3.9.3 
-Homepage: https://forge.cadoles.com/Infra/risotto
-Vcs-Git: https://forge.cadoles.com/Infra/risotto
-Vcs-Browser: https://forge.cadoles.com/Infra/risotto
-
-Package: eole-risotto
-Architecture: any
-Depends: ${misc:Depends}, 
-Description: configuration pour l’intégration de risotto dans EOLE
- .
- Pour toute information complémentaire, veuillez vous rendre sur le
- site du projet.
-

debian/copyright

@@ -1,44 +0,0 @@
-Format: http://dep.debian.net/deps/dep5
-Upstream-Name: {PROJECT}
-Source: {URL}
-
-Files: *
-Copyright: YEAR {UPSTREAM} {AUTHOR} <{MAIL}>
-License: {UPSTREAM LICENSE}
-
-Files: debian/*
-Copyright: 2012 Équipe EOLE <eole@ac-dijon.fr>
-License: CeCILL-2
-
-License: {UPSTREAM LICENSE}
- {TEXT OF THE LICENSE}
-
-License: CeCILL-2
- This software is governed by the CeCILL-2 license under French law and
- abiding by the rules of distribution of free software.  You can  use,
- modify and or redistribute the software under the terms of the CeCILL-2
- license as circulated by CEA, CNRS and INRIA at the following URL
- "http://www.cecill.info";.
- .
- As a counterpart to the access to the source code and  rights to copy,
- modify and redistribute granted by the license, users are provided only
- with a limited warranty  and the software's author,  the holder of the
- economic rights,  and the successive licensors  have only  limited
- liability.
- .
- In this respect, the user's attention is drawn to the risks associated
- with loading,  using,  modifying and/or developing or reproducing the
- software by the user in light of its specific status of free software,
- that may mean  that it is complicated to manipulate,  and  that  also
- therefore means  that it is reserved for developers  and  experienced
- professionals having in-depth computer knowledge. Users are therefore
- encouraged to load and test the software's suitability as regards their
- requirements in conditions enabling the security of their systems and/or
- data to be ensured and,  more generally, to use and operate it in the
- same conditions as regards security.
- .
- The fact that you are presently reading this means that you have had
- knowledge of the CeCILL-2 license and that you accept its terms.
- .
- On Eole systems, the complete text of the CeCILL-2 License can be found
- in '/usr/share/common-licenses/CeCILL-2-en'.

debian/eole-risotto.dirs

@@ -1,5 +0,0 @@
-/srv/risotto/configurations
-/srv/risotto/tmp
-/srv/risotto/seed
-/srv/factory
-/var/cache/risotto/servermodel

debian/rules

@@ -1,11 +0,0 @@
-#!/usr/bin/make -f
-# -*- makefile -*-
-
-# Uncomment this to turn on verbose mode.
-#export DH_VERBOSE=1
-
-%:
-	dh $@
-
-override_dh_installsystemd:
-	dh_installsystemd -peole-risotto --no-enable --no-start --no-stop-on-upgrade

debian/source/format

@@ -1 +0,0 @@
-3.0 (quilt)

dicos/20_partitioning_risotto.xml

@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<creole>
+    <variables>
+        <family name='système'>
+            <!-- We need to recalculate the variables -->
+            <variable name='eole_lv_names' redefine='True' remove_check='True' />
+            <variable name='eole_lv_standard_extends' redefine='True' remove_check='True' />
+        </family>
+    </variables>
+    <constraints>
+        <!-- Default AmonEcole* logical volumes -->
+        <auto name='calc_multi_val' target='eole_lv_names'>
+            <param>root</param>
+            <param>tmp</param>
+        </auto>
+        <auto name='calc_multi_val' target='eole_lv_standard_extends'>
+            <param type='number'>100</param>
+            <param type='number'>0</param>
+        </auto>
+    </constraints>
+    <help/>
+</creole>
+<!-- vim: ts=4 sw=4 expandtab
+-->
+

dicos/50_risotto.xml

@@ -2,10 +2,12 @@
 <creole>
     <files>
         <service>risotto</service>
-        <file filelist='risotto' name='/etc/risotto/risotto.conf' mkdir='True' rm='True'/>
-        <file filelist='risotto' name='/etc/systemd/system/risotto.service' mkdir='True' rm='True'/>
-        <file filelist='risotto' name='/etc/eole/eole-db.d/risotto.yml' mkdir='True' rm='True'/>
-        <file filelist='risotto' name='/etc/eole/eole-db.d/tiramisu.yml' mkdir='True' rm='True'/>
+        <service_access service='risotto'>
+            <port>8080</port>
+        </service_access>
+        <file name='/etc/risotto/risotto.conf' owner="risotto" mkdir='True' rm='True'/>
+        <file name='/etc/eole/eole-db.d/risotto.yml' mkdir='True' rm='True'/>
+        <file name='/etc/eole/eole-db.d/tiramisu.yml'/>
     </files>
     <variables>
         <family name='risotto'>
@@ -34,33 +36,17 @@
                 <value>localhost</value>
             </variable>
             <variable name='risotto_messages_dir' type='filename' description='Emplacement des messages de l’API' hidden='True'>
-                <value>/srv/risotto-message/messages</value>
+                <value>/usr/share/risotto-message/messages</value>
             </variable>
             <variable name='risotto_cache_dir' type='filename' description='Emplacement du cache' hidden='True'>
-                <value>/var/cache/risotto</value>
+                <value>/srv/risotto/cache</value>
             </variable>
             <variable name='risotto_seed_dir' type='filename' description='Emplacement des descriptions de services' hidden='True'>
                 <value>/srv/risotto/seed</value>
             </variable>
-            <variable name='risotto_factory_configuration_dir' type='filename' description='Emplacement de la configuration du provider factory' hidden='True'>
-                <value>/srv/factory/</value>
+            <variable name='risotto_images_dir' type='filename' description='Emplacement des images disques' hidden='True'>
+                <value>/srv/risotto/images</value>
             </variable>
         </family>
     </variables>
-    <constraints>
-    </constraints>
-    <help>
-        <variable name='risotto_configuration_dir'>Aide pour la variable risotto_configuration_dir</variable>
-        <variable name='risotto_temp_dir'>Aide pour la variable risotto_temp_dir</variable>
-        <variable name='risotto_default_user'>Aide pour la variable risotto_default_user</variable>
-        <variable name='risotto_main_dbname'>Aide pour la variable risotto_main_dbname</variable>
-        <variable name='risotto_tiramisu_dbname'>Aide pour la variable risotto_tiramisu_dbname</variable>
-        <variable name='risotto_db_user'>Aide pour la variable risotto_db_user</variable>
-        <variable name='risotto_tiramisu_db_user'>Aide pour la variable risotto_tiramisu_db_user</variable>
-        <variable name='risotto_db_address'>Aide pour la variable risotto_db_address</variable>
-        <variable name='risotto_messages_dir'>Aide pour la variable risotto_messages_dir</variable>
-        <variable name='risotto_cache_dir'>Aide pour la variable risotto_cache_dir</variable>
-        <variable name='risotto_seed_dir'>Aide pour la variable risotto_seed_dir</variable>
-        <variable name='risotto_factory_configuration_dir'>Aide pour la variable risotto_factory_configuration_dir</variable>
-    </help>
 </creole>

posttemplate/10-fix-postgresql-permissions

@@ -2,6 +2,8 @@
 
 set -e
 
+systemctl start postgresql.service
+
 psql -Upostgres -c "grant all on all tables in schema public to risotto" risotto
 psql -Upostgres -c "grant all on all sequences in schema public to risotto" risotto
 psql -Upostgres -c "grant all on all functions in schema public to risotto" risotto
@@ -9,4 +11,6 @@ psql -Upostgres -c "grant all on all tables in schema public to tiramisu" tirami
 psql -Upostgres -c "grant all on all sequences in schema public to tiramisu" tiramisu
 psql -Upostgres -c "grant all on all functions in schema public to tiramisu" tiramisu
 
+systemctl stop postgresql.service
+
 exit 0

posttemplate/20-directories

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+for dir in risotto_cache_dir risotto_seed_dir risotto_temp_dir risotto_configuration_dir risotto_images_dir; do
+    dirname=$(CreoleGet $dir)
+    mkdir -p $dirname
+    chown risotto: $dirname
+done
+
+exit 0

risotto.service

@@ -1,9 +1,12 @@
 [Unit]
 Description=risotto
+After=postgresql.service
 
 [Service]
-EnvironmentFile=/etc/risotto/risotto.conf
+Type=notify
 ExecStart=/usr/bin/risotto-server
+User=risotto
+Group=risotto
 
 [Install]
 WantedBy=multi-user.target

tmpl/risotto.conf

@@ -1,14 +1,40 @@
-CONFIGURATION_DIR=%%getVar('risotto_configuration_dir')
-PROVIDER_FACTORY_CONFIG_DIR=%%getVar('risotto_factory_configuration_dir')
-TMP_DIR=%%getVar('risotto_temp_dir')
-DEFAULT_USER=%%getVar('risotto_default_user')
-RISOTTO_DB_NAME=%%getVar('risotto_main_dbname')
-RISOTTO_DB_USER=%%getVar('risotto_db_user')
+CONFIGURATION_DIR=%%risotto_configuration_dir
+TMP_DIR="%%risotto_temp_dir"
+IMAGE_PATH="%%risotto_images_dir"
+DEFAULT_USER="%%risotto_default_user"
+RISOTTO_DB_NAME="%%risotto_main_dbname"
+RISOTTO_DB_USER="%%risotto_db_user"
 RISOTTO_DB_PASSWORD=replace_me
-TIRAMISU_DB_NAME=%%getVar('risotto_tiramisu_dbname')
-TIRAMISU_DB_USER=%%getVar('risotto_tiramisu_db_user')
+TIRAMISU_DB_NAME="%%risotto_tiramisu_dbname"
+TIRAMISU_DB_USER="%%risotto_tiramisu_db_user"
 TIRAMISU_DB_PASSWORD=replace_me
-DB_ADDRESS=%%getVar('risotto_db_address')
-MESSAGE_PATH=%%getVar('risotto_messages_dir')
-CACHE_ROOT_PATH=%%getVar('risotto_cache_dir')
-SRV_SEED_PATH=%%getVar('risotto_seed_dir')
+RISOTTO_URL="http://%%nom_domaine_machine:8080/"
+DB_ADDRESS="%%risotto_db_address"
+MESSAGE_PATH="%%risotto_messages_dir"
+CACHE_ROOT_PATH="%%risotto_cache_dir"
+SRV_SEED_PATH="%%risotto_seed_dir"
+%set %%var = %%getVar('celeryrisotto_db_user', None)
+%if not %%is_empty(%%var)
+CELERYRISOTTO_DB_NAME="%%celeryrisotto_main_dbname"
+CELERYRISOTTO_DB_USER="%%var"
+CELERYRISOTTO_DB_PASSWORD=replace_me
+%end if
+%set %%var = %%getVar('lemur_db_user', None)
+%if not %%is_empty(%%var)
+LEMUR_DB_NAME="%%lemur_db_name"
+LEMUR_DB_USER="%%var"
+LEMUR_DB_PASSWORD='replace_me'
+%end if
+%set %%var = %%getVar('password_admin_username', None)
+%if not %%is_empty(%%var)
+PASSWORD_ADMIN_USERNAME="%%password_admin_username"
+PASSWORD_ADMIN_EMAIL="%%password_admin_email"
+PASSWORD_ADMIN_PASSWORD="%%password_admin_password"
+PASSWORD_DEVICE_IDENTIFIER="%%password_device_identifier"
+PASSWORD_URL="https://%%nom_domaine_machine:8001/"
+PASSWORD_LENGTH=%%password_length
+%end if
+%if %%getVar('lemur_db_name', None)
+PKI_ADMIN_PASSWORD="%%lemur_admin_password"
+PKI_ADMIN_EMAIL="%%lemur_admin_email"
+%end if

tmpl/risotto.yml

@@ -1,17 +1,23 @@
-%set %%dbname = %%getVar('risotto_main_dbname')
+%from os import listdir
+%set %%dbname = %%risotto_main_dbname
 ---
-dbuser: %%getVar('risotto_db_user')
+dbuser: %%risotto_db_user
 dbuser_options:
-    - LOGIN
+  - LOGIN
 privileges:
-    %%{dbname}.public.*: 'ALL'
-    %%{dbname}.public: 'ALL'
-    %%{dbname}: 'ALL'
-dbhost: %%getVar('risotto_db_address')
+  %%{dbname}.public.*: 'ALL'
+  %%{dbname}.public: 'ALL'
+  %%{dbname}: 'ALL'
+dbhost: %%risotto_db_address
 dbport: 5432
 dbtype: postgres
 dbname: %%dbname
-template: 'postgres'
-sqlscripts: ['/usr/share/eole/db/eole-risotto/gen/create_tables.sql']
+template: 'template0'
+sqlscripts:
+%for %%file in %%listdir('/usr/share/eole/db/eole-risotto/gen/')
+ %if %%file.endswith('.sql')
+  - /usr/share/eole/db/eole-risotto/gen/%%file
+ %end if
+%end for
 pwd_files:
-        - {'file': '/etc/risotto/risotto.conf', 'pattern': 'RISOTTO_DB_PASSWORD='}
+  - {'file': '/etc/risotto/risotto.conf', 'pattern': 'RISOTTO_DB_PASSWORD='}

tmpl/tiramisu.yml

@@ -1,17 +1,17 @@
-%set %%dbname = %%getVar('risotto_tiramisu_dbname')
+%set %%dbname = %%risotto_tiramisu_dbname
 ---
-dbuser: %%getVar('risotto_tiramisu_db_user')
+dbuser: %%risotto_tiramisu_db_user
 dbuser_options:
     - LOGIN
 privileges:
     %%{dbname}.public.*: 'ALL'
     %%{dbname}.public: 'ALL'
     %%{dbname}: 'ALL'
-dbhost: %%getVar('risotto_db_address')
+dbhost: %%risotto_db_address
 dbport: 5432
 dbtype: postgres
-dbname: %%getVar('risotto_tiramisu_dbname')
-template: 'postgres'
+dbname: %%risotto_tiramisu_dbname
+template: 'template0'
 pwd_files:
         - {'file': '/etc/risotto/risotto.conf', 'pattern': 'TIRAMISU_DB_PASSWORD='}