Merge remote-tracking branch 'origin/master'

2020-11-02 14:36:16 -06:00 · 2020-11-02 14:36:16 -06:00 · 5a5f0d1ce1
commit 5a5f0d1ce1
parent 159449c38c 7ae00c9940
8 changed files with 130 additions and 120 deletions
--- a/capsulflask/db.py
+++ b/capsulflask/db.py
@ -14,7 +14,7 @@ def init_app(app):
  databaseUrl = urlparse(app.config['DATABASE_URL'])

  app.config['PSYCOPG2_CONNECTION_POOL'] = psycopg2.pool.SimpleConnectionPool(
-    1, 
+    1,
    20,
    user = databaseUrl.username,
    password = databaseUrl.password,
@ -34,13 +34,13 @@ def init_app(app):
    key = result.group()
    with open(join(schemaMigrationsPath, filename), 'rb') as file:
      schemaMigrations[key] = file.read().decode("utf8")
-  
+
  connection = app.config['PSYCOPG2_CONNECTION_POOL'].getconn()

  hasSchemaVersionTable = False
  actionWasTaken = False
  schemaVersion = 0
-  desiredSchemaVersion = 7
+  desiredSchemaVersion = 8

  cursor = connection.cursor()

@ -95,11 +95,11 @@ def init_app(app):
    if schemaVersion != versionFromDatabase:
      app.logger.critical("incorrect schema version value \"{}\" after running migration {}, expected \"{}\". exiting.".format(
        versionFromDatabase,
-        migrationKey, 
+        migrationKey,
        schemaVersion
      ))
      exit(1)
-  
+
  cursor.close()

  app.config['PSYCOPG2_CONNECTION_POOL'].putconn(connection)
--- a/capsulflask/schema_migrations/08_down_various_os_updates.sql
+++ b/capsulflask/schema_migrations/08_down_various_os_updates.sql
@ -0,0 +1,34 @@
+DELETE FROM os_images WHERE id = 'openbsd68';
+DELETE FROM os_images WHERE id = 'alpine312';
+
+UPDATE os_images SET deprecated = FALSE WHERE id =  'openbsd67';
+UPDATE os_images SET deprecated = FALSE WHERE id =  'alpine311';
+
+UPDATE os_images SET template_image_file_name = 'alpine311.img'
+WHERE id = 'alpine311';
+
+UPDATE os_images SET template_image_file_name = 'ubuntu-18.04-minimal-cloudimg-amd64.img'
+WHERE id = 'ubuntu18';
+
+UPDATE os_images SET template_image_file_name = 'openbsd-cloud-2020-05.qcow2'
+WHERE id = 'openbsd66';
+
+UPDATE os_images SET template_image_file_name = 'openbsd67.img'
+WHERE id = 'openbsd67';
+
+UPDATE os_images SET template_image_file_name = 'ubuntu20.img'
+WHERE id = 'ubuntu20';
+
+UPDATE os_images SET template_image_file_name = 'debian10.img'
+WHERE id = 'debian10';
+
+UPDATE os_images SET template_image_file_name = 'centos7.img'
+WHERE id = 'centos7';
+
+UPDATE os_images SET template_image_file_name = 'centos8.img'
+WHERE id = 'centos8';
+
+UPDATE os_images SET template_image_file_name = 'guixsystem-cloud-2020-05.qcow2'
+WHERE id = 'guix110';
+
+UPDATE schemaversion SET version = 7;
--- a/capsulflask/schema_migrations/08_up_various_os_updates.sql
+++ b/capsulflask/schema_migrations/08_up_various_os_updates.sql
@ -0,0 +1,37 @@
+INSERT INTO os_images (id, template_image_file_name, description, deprecated)
+VALUES  ('openbsd68', 'openbsd/6.8/root.img.qcow2', 'OpenBSD 6.8', FALSE);
+
+INSERT INTO os_images (id, template_image_file_name, description, deprecated)
+VALUES  ('alpine312', 'alpine/3.12/root.img.qcow2', 'Alpine Linux 3.12', FALSE);
+
+UPDATE os_images SET deprecated = TRUE WHERE id =  'openbsd67';
+UPDATE os_images SET deprecated = TRUE WHERE id =  'alpine311';
+
+UPDATE os_images SET template_image_file_name = 'alpine/3.11/root.img.qcow2'
+WHERE id = 'alpine311';
+
+UPDATE os_images SET template_image_file_name = 'ubuntu/18.04/root.img.qcow2'
+WHERE id = 'ubuntu18';
+
+UPDATE os_images SET template_image_file_name = 'openbsd/6.6/root.img.qcow2'
+WHERE id = 'openbsd66';
+
+UPDATE os_images SET template_image_file_name = 'openbsd/6.7/root.img.qcow2'
+WHERE id = 'openbsd67';
+
+UPDATE os_images SET template_image_file_name = 'ubuntu/20.04/root.img.qcow2'
+WHERE id = 'ubuntu20';
+
+UPDATE os_images SET template_image_file_name = 'debian/10/root.img.qcow2'
+WHERE id = 'debian10';
+
+UPDATE os_images SET template_image_file_name = 'centos/7/root.img.qcow2'
+WHERE id = 'centos7';
+
+UPDATE os_images SET template_image_file_name = 'centos/8/root.img.qcow2'
+WHERE id = 'centos8';
+
+UPDATE os_images SET template_image_file_name = 'guix/1.10/root.img.qcow2'
+WHERE id = 'guix110';
+
+UPDATE schemaversion SET version = 8;
--- a/capsulflask/shell_scripts/create.sh
+++ b/capsulflask/shell_scripts/create.sh
@ -5,8 +5,7 @@
 # POSIX or die

 vmname="$1"
-# resolve the .qcow2 symlink so backing images never change
-template_file="/tank/img/$(readlink /tank/img/$2)"
+template_file="/tank/img/$2"
 vcpus="$3"
 memory="$4"
 pubkeys="$5"
@ -48,7 +47,7 @@ if [ -f /tank/vm/$vmname.qcow2 ]; then
    exit 1
 fi

-qemu-img create -f qcow2 -b "$template_file" "$disk"
+cp "$template_file" "$disk"
 cp /tank/config/cyberia-cloudinit.yml /tmp/cloudinit.yml
 echo "$pubkeys" | while IFS= read -r line; do
  echo "      - $line" >> /tmp/cloudinit.yml
--- a/capsulflask/templates/changelog.html
+++ b/capsulflask/templates/changelog.html
@ -8,18 +8,21 @@
 {% block subcontent %}
 <p>
 <ul>
-   <li>2020-01-30: Baikal ownership transferred to Cyberia Computer Club</li>
-   <li>2020-01-31: Prepping docs</li>
-   <li>2020-02-26: Re-prepping docs</li>
-   <li>2020-03-07: CVM goes live</li>
-   <li>2020-03-10: CVM name changed to Capsul</li>
-   <li>2020-03-10: Capsul site goes live</li>
-   <li>2020-03-22: Alpine support added</li>
-   <li>2020-03-25: Network limits made public</li>
-   <li>2020-04-17: OpenBSD support added</li>
-   <li>2020-04-26: Support link added</li>
-   <li>2020-05-04: Simplified payment page</li>
+   <li>2020-10-29: Add OpenBSD 6.8 and Alpine 3.12 support, remove previous versions.</li>
+   <li>2020-10-23: Automate VM build system (backend)</li>
+   <li>2020-10-22: Re-worked FAQ, added more supporting docs</li>
   <li>2020-05-16: Beta version of new Capsul web application</li>
+   <li>2020-05-04: Simplified payment page</li>
+   <li>2020-04-26: Support link added</li>
+   <li>2020-04-17: OpenBSD support added</li>
+   <li>2020-03-25: Network limits made public</li>
+   <li>2020-03-22: Alpine support added</li>
+   <li>2020-03-10: Capsul site goes live</li>
+   <li>2020-03-10: CVM name changed to Capsul</li>
+   <li>2020-03-07: CVM goes live</li>
+   <li>2020-02-26: Re-prepping docs</li>
+   <li>2020-01-31: Prepping docs</li>
+   <li>2020-01-30: Baikal ownership transferred to Cyberia Computer Club</li>
 </ul>           
 </p>
 {% endblock %}
--- a/capsulflask/templates/faq.html
+++ b/capsulflask/templates/faq.html
@ -11,65 +11,21 @@
 <ul>
   <li>
     Which instance type should I buy?
-     <ul><li>
-      It depends a lot on your requirements, but I can lay down a few guidelines.
-      <ul>
-        <li>
-          f1-s
-          <ul>
-            <li> blog </li>
-            <li> vpn </li>
-            <li> bot </li>
-            <li> cgit </li>
-          </ul>
-        </li>
-        <li>
-          f1-m
-          <ul>
-            <li> owncloud </li>
-            <li> gitea </li>
-            <li> popular blog/vpn/bot </li>
-          </ul>
-        </li>
-        <li>
-          f1-l
-          <ul>
-            <li> docker host </li>
-            <li> build system </li>
-          </ul>
-        </li>
-        <li>
-          f1-x
-          <ul>
-            <li> large webservice with thousands of users </li>
-            <li> rotund java app </li>
-          </ul>
-        </li>
-        <li>
-          f1-xx
-          <ul>
-            <li> gitlab (wow such memory very devops) </li>
-          </ul>
-        </li>
-        <li>
-          f1-xxx
-          <ul>
-            <li> something huge </li>
-          </ul>
-        </li>
-      </ul>
-     </li></ul>
+     <p>There are no hard rules for this sort of thing, but here are some guidelines:</p>
+     <p>f1-xs: blog, vpn, bot, cgit</p>
+     <p>f1-s: a bot, owncloud, gitea, popular blog</p>
+     <p>f1-m: docker host, build system</p>
+     <p>f1-l: large webservice, rotund java app</p>
+     <p>f1-x: gitlab (wow such memory very devops</p>
+     <p>f1-xx: something gargantuan</p>
   </li>
   <li>
     How do I log in?
-     <ul><li>
-      <p>ssh to the ip provided to you using the cyberian user.</p>
-      <pre class='code'>$ ssh cyberian@1.2.3.4</pre>
-     </li></ul>
+     <p>ssh to the ip provided to you using the cyberian user.</p>
+     <pre class='code'>$ ssh cyberian@1.2.3.4</pre>
   </li>
   <li>
-    How do I change to the root user?
-    <ul><li>
+     How do I change to the root user?
     <p>The cyberian user has passwordless sudo access by default. This should work:</p>
     <pre class='code'>
 # Linux
@ -77,74 +33,55 @@ $ sudo su -

 # OpenBSD
 $ doas su -</pre>
-    </li></ul>
   </li>
   <li>
-    Do you offer reverse DNS?
-    <ul><li>
+     Do you offer reverse DNS?
     <p>We do, but right now it's a manual process. Shoot us an email and we'll get it done.</p>
-    </li></ul>
   </li>
   <li>
-    What if I don't pay?
-    <ul><li>
-     <p>Your VM will be deleted. You will receive coal. 
-       You will be banned from our minetest server. 
-       We will attempt to give you ample warning before nuking a server, but that's no guarantee.
-      </p>
-    </li></ul>
+    What if I don't pay / don't maintain my payments?
+    <p>Your VM will eventually be deleted.
+       Capsul will send you a few inoffensive reminders as that termination date approaches.
+    </p>
   </li>
   <li>
    Besides my virtual machines and payments, what information do you keep about me?
-    <ul><li>
     <p>We associate an email address with every VM so that we can track payment and respond to support requests.</p>
-     <p>If you pay with a credit card, Stripe sends some additional details about you that we literally cannot delete.</p>
-    </li></ul>
+     <p>If you pay with a credit card, Stripe stores some additional details about you that we literally cannot delete.</p>
   </li>
   <li>
-    What can I do with my VM?
-    <ul><li>
-     <p>Make it into a mailserver, a bitcoin miner, a VPN host, whatever.</p>
-     <p>We place no restrictions on what you can do, as long as it's not illegal. Don't get us in trouble.</p>
-    </li></ul>
+     What can I do with my VM?
+     <p>Make it into a mailserver, a bitcoin miner, a VPN host, whatever you'd like.</p>
+     <p>Our systems exist within the USA, and as such we are bound by US law.</p>
   </li>
   <li>
-    Can you recover my passwords/insert new keys?
-    <ul><li>
-     <p>Can we? Technically yes. Will we? Never. It would violate the trust that our customers have in us. 
-      We have no interest in touching client VMs after they're running.
-      If you lose access to your VM, that's on you.</p>
-    </li></ul>
+     Can you recover my passwords/insert new keys?
+     <p>Can we? Technically yes. Will we? No, never. It would violate the trust that our users have in us.
+     We have no interest in touching client VMs after they're running.
+     We promise to keep your machines running smoothly.
+     If you lose access to your VM, that's on you.</p>
   </li>
   <li>
-    Do you offer refunds?
-    <ul><li>
-     <p>Not now.</p>
-    </li></ul>
+     Do you offer refunds?
+     <p>Not now, but email us and we can probably figure something out.</p>
   </li>
   <li>
    Where do the VMs run? Is it on a machine that you guys own/control?
-    <ul><li>
     <p>Capsul runs on a server named Baikal which Cyberia built from scratch & mailed to a datacenter
      in Georgia called CyberWurx. CyberWurx staff installed it for us in a rack space that
      Cyberia pays for. </p>
-    </li></ul>
   </li>
   <li>
-    Do you offer support?
-    <ul><li>
-     <p>Yep, email us at <a href="mailto:support@cyberia.club">support@cyberia.club</a></p>
-     <ul>
-       <li>all volunteers have very busy schedules, but we will do our best to respond in a reasonable time period.</li>
-       <li>If you would prefer private support, please send your mail to <a href="mailto:capsul@cyberia.club">capsul@cyberia.club</a> instead.</li>
-     </ul>
-    </li></ul>
+     Do you offer support?
+     <p>Yep, see <a href="/support">our support page</a>.</p>
+   </li>
+   <li>
+     Do you have an SLA?
+     <p>No, but we normally respond pretty quickly.</p>
   </li>
   <li>
    Will you implement feature X?
-    <ul><li>
-      Maybe! Email <a href="mailto:ops@cyberia.club">ops@cyberia.club</a> and ask us about it.
-    </li></ul>
+    <p>Maybe! Email <a href="mailto:ops@cyberia.club">ops@cyberia.club</a> and ask us about it.</p>
   </li>
 </ul>
 </p>
--- a/capsulflask/templates/support.html
+++ b/capsulflask/templates/support.html
@ -7,7 +7,7 @@
    <h1>SUPPORT</h1>
  </div>
  <div class="row half-margin">
-    <a href="mailto:support@cyberia.club?subject=Please%20halp!">support@cyberia.club</a> 
+    <a href="mailto:support@cyberia.club?subject=Please%20help!">support@cyberia.club</a> 
  </div>
 {% endblock %}

@ -17,7 +17,7 @@
  <a href="https://lists.cyberia.club/~cyberia/support">https://lists.cyberia.club/~cyberia/support</a>
 </p>
 <p>
-  If you do not want your mail to appear in a public archive, email <a href="mailto:capsul@cyberia.club?subject=Please%20halp!">capsul@cyberia.club</a> instead.
+  If you do not want your mail to appear in a public archive, email <a href="mailto:capsul@cyberia.club?subject=Please%20help!">capsul@cyberia.club</a> instead.
 </p>
 <p>
  Please describe your problem or feature request, and we will do our best to get back to you promptly. Thank you very much.
--- a/capsulflask/virt_model.py
+++ b/capsulflask/virt_model.py
@ -111,10 +111,10 @@ class ShellScriptVirtualization(VirtualizationInterface):
  def create(self, email: str, id: str, template_image_file_name: str, vcpus: int, memory_mb: int, ssh_public_keys: list):
    validate_capsul_id(id)

-    if not re.match(r"^[a-zA-Z0-9_.-]+$", template_image_file_name):
-      raise ValueError(f"template_image_file_name \"{template_image_file_name}\" must match \"^[a-zA-Z0-9_.-]+$\"")
+    if not re.match(r"^[a-zA-Z0-9/_.-]+$", template_image_file_name):
+      raise ValueError(f"template_image_file_name \"{template_image_file_name}\" must match \"^[a-zA-Z0-9/_.-]+$\"")

-    for ssh_public_key in ssh_public_keys: 
+    for ssh_public_key in ssh_public_keys:
      if not re.match(r"^(ssh|ecdsa)-[0-9A-Za-z+/_=@. -]+$", ssh_public_key):
        raise ValueError(f"ssh_public_key \"{ssh_public_key}\" must match \"^(ssh|ecdsa)-[0-9A-Za-z+/_=@. -]+$\"")