Add comments and minor fixups

author: jwijenbergh <jeroenwijenbergh@protonmail.com> 2022-03-25 14:23:57 +0100
committer: jwijenbergh <jeroenwijenbergh@protonmail.com> 2022-03-25 14:23:57 +0100
commit: 1708d88ca975e11af912d10f0d793ac6ee775919 (patch)
tree: e64171a5a0093d22fd11a0f3d69d11343102a3fa /ci
parent: bd8eda82e5d08d2ca33022b0533c831303a73019 (diff)
4 files changed, 40 insertions, 7 deletions
diff --git a/ci/docker/docker-compose.yml b/ci/docker/docker-compose.yml
index f924571..9832871 100644
--- a/ci/docker/docker-compose.yml
+++ b/ci/docker/docker-compose.yml
@@ -1,9 +1,12 @@
 version: '3'
 
+# Common environment vars
+# These are the credentials for the portal
 x-common-env: &common-env
   PORTAL_USER: ${PORTAL_USER}
   PORTAL_PASS: ${PORTAL_PASS}
 
+# Define a network so that the containers can talk with eachother using their service name
 networks:
   eduvpn_network:
     ipam:
@@ -11,12 +14,14 @@ networks:
         config:
           - subnet: 172.20.0.0/24
 
+# Defines the services
 services:
+  # The eduvpn server with portal
   eduvpnserver:
     build:
       context: "."
       dockerfile: 'ci/docker/eduvpn-server.docker'
-    sysctls:
+    sysctls: # needed for wireguard permissions, otherwise we get a permisison failed
       - net.ipv6.conf.all.disable_ipv6=0
     networks:
       eduvpn_network:
@@ -29,6 +34,7 @@ services:
         interval: 5s
         timeout: 10s
         retries: 10
+  # The container for testing the go code
   gotest:
     build:
       context: "."
@@ -37,6 +43,7 @@ services:
     networks:
       eduvpn_network:
         ipv4_address: 172.20.0.5
+    # Wait for eduvpn server to come online
     depends_on:
       eduvpnserver:
         condition: service_healthy
diff --git a/ci/docker/eduvpn-server.docker b/ci/docker/eduvpn-server.docker
index b1e2c70..52d49d1 100644
--- a/ci/docker/eduvpn-server.docker
+++ b/ci/docker/eduvpn-server.docker
@@ -1,15 +1,22 @@
 FROM fedora:36
 
+# This dockerfile was adapted from https://github.com/eduvpn/documentation/blob/v3/deploy_fedora.sh
+# DO NOT USE THIS IN PRODUCTION, ONLY FOR TESTING
+
+# Install git to clone the documentation repo
 RUN dnf -y install git
 
 WORKDIR /eduvpn
 
+# Clone the documentation
 RUN git clone https://github.com/eduvpn/documentation
 
 WORKDIR /eduvpn/documentation
 
+# Checkout v3 branch
 RUN git checkout v3
 
+# Add dev package
 RUN echo -e '[eduVPN_v3-dev]\n\
 name=eduVPN 3.x Development Packages (Fedora $releasever)\n\
 baseurl=https://repo.tuxed.net/eduVPN/v3-dev/rpm/fedora-$releasever-$basearch\n\
@@ -18,31 +25,35 @@ gpgkey=https://repo.tuxed.net/fkooman+repo@tuxed.net.asc\n\
 enabled=1'\
 >> /etc/yum.repos.d/eduVPN_v3-dev.repo
 
-RUN cat /etc/yum.repos.d/eduVPN_v3-dev.repo
-
+# Install dependencies
 RUN dnf -y install mod_ssl php-opcache httpd iptables-nft pwgen cronie \
     iptables-services php-fpm php-cli policycoreutils-python-utils chrony \
     ipcalc tmux wget iproute
 
+# Install vpn packages
 RUN dnf -y install vpn-server-node vpn-user-portal vpn-maint-scripts
 
+# Set webserver name
 ARG WEB_FQDN=eduvpnserver
 
+# Copy and apply configurations
 RUN cp resources/ssl.fedora.conf /etc/httpd/conf.d/ssl.conf
 RUN cp resources/localhost.fedora.conf /etc/httpd/conf.d/localhost.conf
 RUN cp resources/vpn.example.fedora.conf "/etc/httpd/conf.d/${WEB_FQDN}.conf"
 
 RUN sed -i "s/vpn.example/${WEB_FQDN}/" "/etc/httpd/conf.d/${WEB_FQDN}.conf"
-
 RUN sed -i "s/vpn.example/${WEB_FQDN}/" "/etc/vpn-user-portal/config.php"
 
+# Update ip ranges
 RUN sed -i "s|10.42.42.0|$(ipcalc -4 -r 24 -n --no-decorate)|" "/etc/vpn-user-portal/config.php"
 RUN sed -i "s|fd42::|$(ipcalc -6 -r 64 -n --no-decorate)|" "/etc/vpn-user-portal/config.php"
 RUN sed -i "s|10.43.43.0|$(ipcalc -4 -r 24 -n --no-decorate)|" "/etc/vpn-user-portal/config.php"
 RUN sed -i "s|fd43::|$(ipcalc -6 -r 64 -n --no-decorate)|" "/etc/vpn-user-portal/config.php"
 
+# Update secrets
 RUN cp /etc/vpn-user-portal/keys/node.0.key /etc/vpn-server-node/keys/node.key
 
+# Create self signed cert and key
 RUN openssl req \
     -nodes \
     -subj "/CN=${WEB_FQDN}" \
@@ -53,13 +64,17 @@ RUN openssl req \
     -out "/etc/pki/tls/certs/${WEB_FQDN}.crt" \
     -days 90
 
+# Add the start script
 WORKDIR /eduvpn/server
 ADD ci/docker/starteduvpn.sh /eduvpn/server
 
 RUN chmod +x ./starteduvpn.sh
 
+# While we could mimic the systemd units ourselves, let's use a systemctl replacement script
+# This makes it easier to update
 RUN wget https://raw.githubusercontent.com/gdraheim/docker-systemctl-replacement/master/files/docker/systemctl3.py -O /bin/systemctl
 
+# make it executable
 RUN chmod +x /bin/systemctl
 
 CMD ["./starteduvpn.sh"]
diff --git a/ci/docker/go-test.docker b/ci/docker/go-test.docker
index 9e6ad3a..3e56f67 100644
--- a/ci/docker/go-test.docker
+++ b/ci/docker/go-test.docker
@@ -1,10 +1,10 @@
 FROM golang:1.18
 
-WORKDIR /eduvpn
+# This docker image is for testing the go code with go test and the needed dependencies for selenium
 
+WORKDIR /eduvpn
 
 # Selenium dependencies
-
 # Firefox
 RUN echo "deb http://deb.debian.org/debian/ unstable main contrib non-free" >> /etc/apt/sources.list.d/debian.list
 RUN apt-get update
@@ -15,11 +15,12 @@ WORKDIR /eduvpn/go/vendor
 
 RUN wget https://github.com/mozilla/geckodriver/releases/download/v0.30.0/geckodriver-v0.30.0-linux64.tar.gz
 RUN tar xzvf geckodriver-v0.30.0-linux64.tar.gz
-
 ENV PATH="/eduvpn/go/vendor:$PATH"
 
+# Set up file tree
 WORKDIR /eduvpn/go
 
+# Taken from golang docker example
 # pre-copy/cache go.mod for pre-downloading dependencies and only redownloading them in subsequent builds if they change
 COPY ./go.mod go.sum ./
 RUN go mod download && go mod verify
@@ -32,4 +33,5 @@ COPY ./src ./src
 # Copy selenium scripts
 COPY ./selenium_eduvpn.py ./selenium_eduvpn.py
 
+# Run the tests
 CMD ["go", "test", "-mod=readonly", "github.com/jwijenbergh/eduvpn-common/src", "-v"]
diff --git a/ci/docker/starteduvpn.sh b/ci/docker/starteduvpn.sh
index 39eb53e..580150b 100644
--- a/ci/docker/starteduvpn.sh
+++ b/ci/docker/starteduvpn.sh
@@ -1,5 +1,7 @@
 #!/usr/bin/env bash
 
+# Check if credentials are set
+# If not fail with exit code 1
 if [[ -z "${PORTAL_USER}" ]]; then
     printf "Error: No portal username set, set the PORTAL_USER env var\n"
     exit 1
@@ -10,16 +12,23 @@ if [[ -z "${PORTAL_PASS}" ]]; then
     exit 1
 fi
 
+# Start the preliminary systemd units
 systemctl start php-fpm
 systemctl start httpd
 systemctl start crond
 
+# Start the daemon in the background and get the PID
 vpn-daemon &
 pid_daemon=$!
+
+# Wait a bit
 sleep 5
 
+# Apply the vpn configuration
 vpn-maint-apply-changes
 
+# Add the user with the env variables
 sudo -u apache vpn-user-portal-account --add "${PORTAL_USER}" --password "${PORTAL_PASS}"
 
+# Wait for the daemon to finish
 wait $pid_daemon
author	jwijenbergh <jeroenwijenbergh@protonmail.com>	2022-03-25 14:23:57 +0100
committer	jwijenbergh <jeroenwijenbergh@protonmail.com>	2022-03-25 14:23:57 +0100
commit	1708d88ca975e11af912d10f0d793ac6ee775919 (patch)
tree	e64171a5a0093d22fd11a0f3d69d11343102a3fa /ci
parent	bd8eda82e5d08d2ca33022b0533c831303a73019 (diff)