10 Commits

Author SHA1 Message Date
3wc
982556a2c5 Tag with current branch, instead of latest
Some checks reported errors
continuous-integration/drone/pr Build was killed
continuous-integration/drone/push Build is passing
2021-07-22 00:28:33 +02:00
3wc
13646e64da Make docker-compose file less demanding
Some checks failed
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is passing
2021-07-21 23:50:47 +02:00
3wc
67149f437a Changes from @decentral1se code review 2021-07-21 23:50:47 +02:00
3wc
308ac05fe6 Add openssh-cient to Dockerfile for ssh-keyscan 2021-07-21 23:50:47 +02:00
3wc
c378c2b287 STRIPE_SECRET_KEY not STRIPE_PUBLISHABLE_KEY 2021-07-21 23:50:47 +02:00
3wc
5367822747 Load secrets from files if _FILE vars are set 2021-07-21 23:50:47 +02:00
3wc
e295b4420c Docker updates for libvirtd 2021-07-21 23:50:47 +02:00
3wc
e4180b8306 Use Flask server in development 2021-07-21 23:50:47 +02:00
3wc
5cd5126039 Multi-stage build oh my! 2021-07-21 23:50:47 +02:00
3wc
f8e9ab2482 Initial attempt at Docker 2021-07-21 23:50:47 +02:00
17 changed files with 141 additions and 128 deletions

13
.drone.yml Normal file
View File

@ -0,0 +1,13 @@
---
kind: pipeline
name: publish docker image
steps:
- name: build and publish
image: plugins/docker
settings:
username:
from_secret: docker_reg_username_3wc
password:
from_secret: docker_reg_passwd_3wc
repo: 3wordchant/capsul-flask
tags: ${DRONE_COMMIT_BRANCH}

1
.gitignore vendored
View File

@ -1,6 +1,5 @@
notes.txt
.env
.env.bak
.vscode
*.pyc

48
Dockerfile Normal file
View File

@ -0,0 +1,48 @@
FROM python:3.8-alpine as build
RUN apk add --no-cache \
build-base \
gcc \
gettext \
git \
jpeg-dev \
libffi-dev \
libjpeg \
musl-dev \
postgresql-dev \
python3-dev \
zlib-dev
RUN mkdir -p /app/{code,venv}
WORKDIR /app/code
COPY Pipfile Pipfile.lock /app/code/
RUN python3 -m venv /app/venv
RUN pip install pipenv setuptools
ENV PATH="/app/venv/bin:$PATH" VIRTUAL_ENV="/app/venv"
RUN pip install wheel cppy
# Install dependencies into the virtual environment with Pipenv
RUN pipenv install --deploy --verbose
FROM python:3.8-alpine
RUN apk add --no-cache \
cloud-utils \
libjpeg \
libpq \
libstdc++ \
libvirt-client \
openssh-client \
virt-install
COPY . /app/code/
WORKDIR /app/code
COPY --from=build /app/venv /app/venv
ENV PATH="/app/venv/bin:$PATH" VIRTUAL_ENV="/app/venv"
CMD ["gunicorn", "--bind", "0.0.0.0:5000", "-k", "gevent", "--worker-connections", "1000", "app:app"]
VOLUME /app/code
EXPOSE 5000

View File

@ -26,8 +26,24 @@ class StdoutMockFlaskMail:
def send(self, message: Message):
current_app.logger.info(f"Email would have been sent if configured:\n\nto: {','.join(message.recipients)}\nsubject: {message.subject}\nbody:\n\n{message.body}\n\n")
load_dotenv(find_dotenv())
for var_name in [
"SPOKE_HOST_TOKEN", "HUB_TOKEN", "STRIPE_SECRET_KEY",
"BTCPAY_PRIVATE_KEY", "MAIL_PASSWORD"
]:
var = os.environ.get(f"{var_name}_FILE")
if not var:
continue
if not os.path.isfile(var):
continue
with open(var) as secret_file:
os.environ[var_name] = secret_file.read().rstrip('\n')
del os.environ[f"{var_name}_FILE"]
app = Flask(__name__)
app.config.from_mapping(
@ -142,12 +158,8 @@ app.config['HTTP_CLIENT'] = MyHTTPClient(timeout_seconds=int(app.config['INTERNA
app.config['BTCPAY_ENABLED'] = False
if app.config['BTCPAY_URL'] != "":
try:
response = requests.get(app.config['BTCPAY_URL'])
if response.status_code == 200:
app.config['BTCPAY_CLIENT'] = btcpay.Client(api_uri=app.config['BTCPAY_URL'], pem=app.config['BTCPAY_PRIVATE_KEY'])
app.config['BTCPAY_ENABLED'] = True
else:
app.logger.warning(f"Can't reach BTCPAY_URL {app.config['BTCPAY_URL']}: Response status code: {response.status_code}. Capsul will work fine except cryptocurrency payments will not work.")
except:
app.logger.warning("unable to create btcpay client. Capsul will work fine except cryptocurrency payments will not work. The error was: " + my_exec_info_message(sys.exc_info()))

View File

@ -62,18 +62,6 @@ def sql_script(f, c):
model.connection.commit()
@bp.cli.command('account-balance')
@click.option('-u', help='users email address')
@with_appcontext
def account_balance(u):
vms = get_model().list_vms_for_account(u)
payments = get_model().list_payments_for_account(u)
click.echo(".")
click.echo(".")
click.echo(get_account_balance(vms, payments, datetime.utcnow()))
click.echo(".")
@bp.cli.command('cron-task')
@with_appcontext

View File

@ -199,14 +199,6 @@ def create():
capacity_avaliable = current_app.config["HUB_MODEL"].capacity_avaliable(512*1024*1024)
errors = list()
affordable_vm_sizes = dict()
for key, vm_size in vm_sizes.items():
# if a user deposits $7.50 and then creates an f1-s vm which costs 7.50 a month,
# then they have to delete the vm and re-create it, they will not be able to, they will have to pay again.
# so for UX it makes a lot of sense to give a small margin of 25 cents for usability sake
if vm_size["dollars_per_month"] <= account_balance+0.25:
affordable_vm_sizes[key] = vm_size
if request.method == "POST":
if "csrf-token" not in request.form or request.form['csrf-token'] != session['csrf-token']:
return abort(418, f"u want tea")
@ -217,8 +209,6 @@ def create():
errors.append("Size is required")
elif size not in vm_sizes:
errors.append(f"Invalid size {size}")
elif size not in affordable_vm_sizes:
errors.append(f"Your account must have enough credit to run an {size} for 1 month before you will be allowed to create it")
if not os:
errors.append("OS is required")
@ -270,6 +260,13 @@ def create():
return redirect(f"{url_for('console.index')}?created={id}")
affordable_vm_sizes = dict()
for key, vm_size in vm_sizes.items():
# if a user deposits $7.50 and then creates an f1-s vm which costs 7.50 a month,
# then they have to delete the vm and re-create it, they will not be able to, they will have to pay again.
# so for UX it makes a lot of sense to give a small margin of 25 cents for usability sake
if vm_size["dollars_per_month"] <= account_balance+0.25:
affordable_vm_sizes[key] = vm_size
for error in errors:
flash(error)

View File

@ -43,7 +43,7 @@ def init_app(app, is_running_server):
hasSchemaVersionTable = False
actionWasTaken = False
schemaVersion = 0
desiredSchemaVersion = 20
desiredSchemaVersion = 18
cursor = connection.cursor()

View File

@ -228,8 +228,8 @@ class CapsulFlaskHub(VirtualizationInterface):
# no need to do anything here since if it cant be parsed then generic_operation will handle it.
pass
assigned_hosts_string = ", ".join(assigned_hosts)
if number_of_assigned != 1:
assigned_hosts_string = ", ".join(assigned_hosts)
raise ValueError(f"expected create capsul operation {operation_id} to be assigned to one host, it was assigned to {number_of_assigned} ({assigned_hosts_string})")
if error_message != "":
raise ValueError(f"create capsul operation {operation_id} on {assigned_hosts_string} failed with {error_message}")

View File

@ -58,7 +58,6 @@ def btcpay_payment():
dollars = result[1]
if len(errors) == 0:
try:
invoice = current_app.config['BTCPAY_CLIENT'].create_invoice(dict(
price=float(dollars),
currency="USD",
@ -67,10 +66,6 @@ def btcpay_payment():
redirectURL=f"{current_app.config['BASE_URL']}/console/account-balance",
notificationURL=f"{current_app.config['BASE_URL']}/payment/btcpay/webhook"
))
except:
current_app.logger.error(f"An error occurred while attempting to reach BTCPay Server: {my_exec_info_message(sys.exc_info())}")
flash("An error occurred while attempting to reach BTCPay Server.")
return redirect(url_for("console.account_balance"))
current_app.logger.info(f"created btcpay invoice: {invoice}")

View File

@ -1,8 +0,0 @@
DELETE FROM os_images WHERE id = 'guixsystem130';
DELETE FROM os_images WHERE id = 'archlinux';
UPDATE os_images SET deprecated = FALSE WHERE id = 'guixsystem120';
UPDATE os_images SET deprecated = FALSE WHERE id = 'centos7';
UPDATE os_images SET deprecated = FALSE WHERE id = 'centos8';
UPDATE os_images SET description = 'Ubuntu 20.04 LTS (Fossa)' WHERE id = 'ubuntu20';
UPDATE schemaversion SET version = 18;

View File

@ -1,12 +0,0 @@
INSERT INTO os_images (id, template_image_file_name, description, deprecated)
VALUES ('guixsystem130', 'guixsystem/1.3.0/root.img.qcow2', 'Guix System 1.3.0', FALSE);
INSERT INTO os_images (id, template_image_file_name, description, deprecated)
VALUES ('archlinux', 'archlinux/root.img.qcow2', 'Arch Linux', FALSE);
UPDATE os_images SET deprecated = TRUE WHERE id = 'guixsystem120';
UPDATE os_images SET deprecated = TRUE WHERE id = 'centos7';
UPDATE os_images SET deprecated = TRUE WHERE id = 'centos8';
UPDATE os_images SET description = 'Ubuntu 20.04 (Focal)' WHERE id = 'ubuntu20';
UPDATE schemaversion SET version = 19;

View File

@ -1,21 +0,0 @@
ALTER TABLE host_network ALTER CONSTRAINT host_network_host_fkey NOT DEFERRABLE;
ALTER TABLE host_operation ALTER CONSTRAINT host_operation_host_fkey NOT DEFERRABLE;
ALTER TABLE host_operation ALTER CONSTRAINT host_operation_operation_fkey NOT DEFERRABLE;
ALTER TABLE login_tokens ALTER CONSTRAINT login_tokens_email_fkey NOT DEFERRABLE;
ALTER TABLE operations ALTER CONSTRAINT operations_email_fkey NOT DEFERRABLE;
ALTER TABLE payment_sessions ALTER CONSTRAINT payment_sessions_email_fkey NOT DEFERRABLE;
ALTER TABLE payments ALTER CONSTRAINT payments_email_fkey NOT DEFERRABLE;
ALTER TABLE ssh_public_keys ALTER CONSTRAINT ssh_public_keys_email_fkey NOT DEFERRABLE;
ALTER TABLE unresolved_btcpay_invoices ALTER CONSTRAINT unresolved_btcpay_invoices_email_fkey NOT DEFERRABLE;
ALTER TABLE unresolved_btcpay_invoices ALTER CONSTRAINT unresolved_btcpay_invoices_email_payment_id_fkey NOT DEFERRABLE;
ALTER TABLE vm_ssh_authorized_key ALTER CONSTRAINT vm_ssh_public_key_email_ssh_public_key_name_fkey NOT DEFERRABLE;
ALTER TABLE vm_ssh_authorized_key ALTER CONSTRAINT vm_ssh_public_key_email_vm_id_fkey NOT DEFERRABLE;
ALTER TABLE vm_ssh_host_key ALTER CONSTRAINT vm_ssh_host_key_email_vm_id_fkey NOT DEFERRABLE;
ALTER TABLE vms ALTER CONSTRAINT vms_email_fkey NOT DEFERRABLE;
ALTER TABLE vms ALTER CONSTRAINT vms_host_network_name_fkey NOT DEFERRABLE;
ALTER TABLE vms ALTER CONSTRAINT vms_host_fkey NOT DEFERRABLE;
ALTER TABLE vms ALTER CONSTRAINT vms_os_fkey NOT DEFERRABLE;
ALTER TABLE vms ALTER CONSTRAINT vms_size_fkey NOT DEFERRABLE;
UPDATE schemaversion SET version = 19;

View File

@ -1,21 +0,0 @@
ALTER TABLE host_network ALTER CONSTRAINT host_network_host_fkey DEFERRABLE INITIALLY DEFERRED;
ALTER TABLE host_operation ALTER CONSTRAINT host_operation_host_fkey DEFERRABLE INITIALLY DEFERRED;
ALTER TABLE host_operation ALTER CONSTRAINT host_operation_operation_fkey DEFERRABLE INITIALLY DEFERRED;
ALTER TABLE login_tokens ALTER CONSTRAINT login_tokens_email_fkey DEFERRABLE INITIALLY DEFERRED;
ALTER TABLE operations ALTER CONSTRAINT operations_email_fkey DEFERRABLE INITIALLY DEFERRED;
ALTER TABLE payment_sessions ALTER CONSTRAINT payment_sessions_email_fkey DEFERRABLE INITIALLY DEFERRED;
ALTER TABLE payments ALTER CONSTRAINT payments_email_fkey DEFERRABLE INITIALLY DEFERRED;
ALTER TABLE ssh_public_keys ALTER CONSTRAINT ssh_public_keys_email_fkey DEFERRABLE INITIALLY DEFERRED;
ALTER TABLE unresolved_btcpay_invoices ALTER CONSTRAINT unresolved_btcpay_invoices_email_fkey DEFERRABLE INITIALLY DEFERRED;
ALTER TABLE unresolved_btcpay_invoices ALTER CONSTRAINT unresolved_btcpay_invoices_email_payment_id_fkey DEFERRABLE INITIALLY DEFERRED;
ALTER TABLE vm_ssh_authorized_key ALTER CONSTRAINT vm_ssh_public_key_email_ssh_public_key_name_fkey DEFERRABLE INITIALLY DEFERRED;
ALTER TABLE vm_ssh_authorized_key ALTER CONSTRAINT vm_ssh_public_key_email_vm_id_fkey DEFERRABLE INITIALLY DEFERRED;
ALTER TABLE vm_ssh_host_key ALTER CONSTRAINT vm_ssh_host_key_email_vm_id_fkey DEFERRABLE INITIALLY DEFERRED;
ALTER TABLE vms ALTER CONSTRAINT vms_email_fkey DEFERRABLE INITIALLY DEFERRED;
ALTER TABLE vms ALTER CONSTRAINT vms_host_network_name_fkey DEFERRABLE INITIALLY DEFERRED;
ALTER TABLE vms ALTER CONSTRAINT vms_host_fkey DEFERRABLE INITIALLY DEFERRED;
ALTER TABLE vms ALTER CONSTRAINT vms_os_fkey DEFERRABLE INITIALLY DEFERRED;
ALTER TABLE vms ALTER CONSTRAINT vms_size_fkey DEFERRABLE INITIALLY DEFERRED;
UPDATE schemaversion SET version = 20;

View File

@ -182,9 +182,6 @@ def handle_destroy(operation_id, request_body):
return abort(400, f"bad request; email is required for destroy")
try:
vm = current_app.config['SPOKE_MODEL'].get(request_body['id'], False)
current_app.logger.warning(f"destroy {request_body['id']} was called for {request_body['email']}, however the vm does not exist. returning success. ")
if vm is not None:
current_app.config['SPOKE_MODEL'].destroy(id=request_body['id'], email=request_body['email'])
except:
error_message = my_exec_info_message(sys.exc_info())

View File

@ -7,11 +7,18 @@
<h1>SUPPORT</h1>
</div>
<div class="row half-margin">
<a href="mailto:support@cyberia.club?subject=capsul%20support%20request">support@cyberia.club</a>
<a href="mailto:support@cyberia.club?subject=Please%20help!">support@cyberia.club</a>
</div>
{% endblock %}
{% block subcontent %}
<p>
Note: We maintain a searchable archive of all support emails at
<a href="https://lists.cyberia.club/~cyberia/support">https://lists.cyberia.club/~cyberia/support</a>
</p>
<p>
If you do not want your mail to appear in a public archive, email <a href="mailto:capsul@cyberia.club?subject=Please%20help!">capsul@cyberia.club</a> instead.
</p>
<p>
Please describe your problem or feature request, and we will do our best to get back to you promptly. Thank you very much.
</p>

36
docker-compose.yml Normal file
View File

@ -0,0 +1,36 @@
---
version: "3.8"
services:
app:
image: 3wordchant/capsul-flask:latest
build: .
volumes:
- "./:/app/code"
- "../tank:/tank"
# - "/var/run/libvirt/libvirt-sock:/var/run/libvirt/libvirt-sock"
depends_on:
- db
ports:
- "5000:5000"
environment:
- "POSTGRES_CONNECTION_PARAMETERS=host=db port=5432 user=capsul password=capsul dbname=capsul"
- SPOKE_MODEL=shell-scripts
#- FLASK_DEBUG=1
- BASE_URL=http://localhost:5000
- ADMIN_PANEL_ALLOW_EMAIL_ADDRESSES=3wc.capsul@doesthisthing.work
- VIRSH_DEFAULT_CONNECT_URI=qemu:///system
# The image uses gunicorn by default, let's override it with Flask's
# built-in development server
command: ["flask", "run", "-h", "0.0.0.0", "-p", "5000"]
db:
image: "postgres:9.6.5-alpine"
volumes:
- "postgres:/var/lib/postgresql/data"
environment:
POSTGRES_USER: capsul
POSTGRES_PASSWORD: capsul
POSTGRES_DB: capsul
volumes:
postgres:

View File

@ -48,20 +48,3 @@ $ pipenv run flask cli sql -c "SELECT id, created, email, dollars, invalidated f
## how to view the logs on the database server (legion.cyberia.club)
`sudo -u postgres pg_dump capsul-flask | gzip -9 > capsul-backup-2021-02-15.gz`
## changing the email address on an account
```
UPDATE accounts SET lower_case_email = 'new@email.address' WHERE email = 'old@email.address' ;
UPDATE accounts SET email = 'new@email.address' WHERE email = 'old@email.address' ;
UPDATE login_tokens SET email = 'new@email.address' WHERE email = 'old@email.address' ;
UPDATE operations SET email = 'new@email.address' WHERE email = 'old@email.address' ;
UPDATE payment_sessions SET email = 'new@email.address' WHERE email = 'old@email.address' ;
UPDATE payments SET email = 'new@email.address' WHERE email = 'old@email.address' ;
UPDATE ssh_public_keys SET email = 'new@email.address' WHERE email = 'old@email.address' ;
UPDATE unresolved_btcpay_invoices SET email = 'new@email.address' WHERE email = 'old@email.address' ;
UPDATE vm_ssh_authorized_key SET email = 'new@email.address' WHERE email = 'old@email.address' ;
UPDATE vm_ssh_host_key SET email = 'new@email.address' WHERE email = 'old@email.address' ;
UPDATE vms SET email = 'new@email.address' WHERE email = 'old@email.address' ;
```