summaryrefslogtreecommitdiff
path: root/ci
diff options
context:
space:
mode:
Diffstat (limited to 'ci')
-rw-r--r--ci/docker/docker-compose.yml2
-rw-r--r--ci/docker/eduvpn-server.docker12
-rwxr-xr-xci/docker/healthcheck.sh5
-rwxr-xr-xci/docker/starteduvpn.sh37
4 files changed, 42 insertions, 14 deletions
diff --git a/ci/docker/docker-compose.yml b/ci/docker/docker-compose.yml
index 7e102e4..066c41d 100644
--- a/ci/docker/docker-compose.yml
+++ b/ci/docker/docker-compose.yml
@@ -33,7 +33,7 @@ services:
- NET_ADMIN
environment: *common-env
healthcheck:
- test: ["CMD", "systemctl", "status", "wg-quick@wg0"] # Wait for wireguard to come online
+ test: ["CMD", "/eduvpn/server/healthcheck.sh"] # Wait for wireguard to come online
interval: 5s
timeout: 10s
retries: 10
diff --git a/ci/docker/eduvpn-server.docker b/ci/docker/eduvpn-server.docker
index ab45a48..fd9891d 100644
--- a/ci/docker/eduvpn-server.docker
+++ b/ci/docker/eduvpn-server.docker
@@ -44,6 +44,9 @@ RUN cp resources/ssl.fedora.conf /etc/httpd/conf.d/ssl.conf
RUN cp resources/localhost.fedora.conf /etc/httpd/conf.d/localhost.conf
RUN cp resources/vpn.example.fedora.conf "/etc/httpd/conf.d/${WEB_FQDN}.conf"
+# Otherwise we get: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.20.0.6. Set the 'ServerName' directive globally to suppress this message
+RUN echo "ServerName 127.0.0.1" >> /etc/httpd/conf/httpd.conf
+
RUN sed -i "s/vpn.example/${WEB_FQDN}/" "/etc/httpd/conf.d/${WEB_FQDN}.conf"
RUN sed -i "s/vpn.example/${WEB_FQDN}/" "/etc/vpn-user-portal/config.php"
@@ -64,15 +67,10 @@ COPY ./ci/docker/selfsigned/${WEB_FQDN}.crt /etc/pki/tls/certs/${WEB_FQDN}.crt
WORKDIR /eduvpn/server
ADD ci/docker/starteduvpn.sh /eduvpn/server
ADD ci/docker/replaceexpiry.sh /eduvpn/server
+ADD ci/docker/healthcheck.sh /eduvpn/server
RUN chmod +x ./starteduvpn.sh
RUN chmod +x ./replaceexpiry.sh
-
-# While we could mimic the systemd units ourselves, let's use a systemctl replacement script
-# This makes it easier to update
-RUN wget https://raw.githubusercontent.com/gdraheim/docker-systemctl-replacement/master/files/docker/systemctl3.py -O /bin/systemctl
-
-# make it executable
-RUN chmod +x /bin/systemctl
+RUN chmod +x ./healthcheck.sh
CMD ["./starteduvpn.sh"]
diff --git a/ci/docker/healthcheck.sh b/ci/docker/healthcheck.sh
new file mode 100755
index 0000000..a6bbc0d
--- /dev/null
+++ b/ci/docker/healthcheck.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+# Check if wg show has any output
+output_wg="$(wg show)"
+[[ -n $output_wg ]]
diff --git a/ci/docker/starteduvpn.sh b/ci/docker/starteduvpn.sh
index 36c881d..fab2d2d 100755
--- a/ci/docker/starteduvpn.sh
+++ b/ci/docker/starteduvpn.sh
@@ -15,10 +15,11 @@ fi
# Replace expiry
./replaceexpiry.sh /etc/vpn-user-portal/config.php
-# Start the preliminary systemd units
-systemctl start php-fpm
-systemctl start httpd
-systemctl start crond
+# Start the preliminary services
+mkdir /run/php-fpm
+php-fpm --nodaemonize &
+crond &
+httpd -DFOREGROUND &
# Start the daemon in the background and get the PID
vpn-daemon &
@@ -27,8 +28,32 @@ pid_daemon=$!
# Wait a bit
sleep 5
-# Apply the vpn configuration
-vpn-maint-apply-changes
+# Snippet from vpn-maint-apply-changes
+# Enable & Start WireGuard
+rm -rf /etc/wireguard/*
+if ! /usr/libexec/vpn-server-node/server-config; then
+ exit 1
+fi
+for F in /etc/wireguard/*.conf
+do
+ case ${F} in
+ *.conf)
+ CONFIG_NAME=$(basename "${F}" .conf)
+ wg-quick up "${CONFIG_NAME}"
+ ;;
+ esac
+done
+# sync with vpn-daemon, no need to wait for the cron, but *ONLY* do this when
+# this is a machine with vpn-user-portal installed
+if [ -d /etc/vpn-user-portal ]; then
+ if [ -f /etc/redhat-release ]; then
+ sudo -u apache /usr/libexec/vpn-user-portal/daemon-sync
+ fi
+ if [ -f /etc/debian_version ]; then
+ sudo -u www-data /usr/libexec/vpn-user-portal/daemon-sync
+ fi
+fi
+
# Add the user with the env variables
sudo -u apache vpn-user-portal-account --add "${PORTAL_USER}" --password "${PORTAL_PASS}"