From 776d4a425f57d80fdc601b101ed164fd9206a315 Mon Sep 17 00:00:00 2001 From: Val Lorentz Date: Sat, 9 Sep 2023 17:33:05 +0200 Subject: [PATCH] Configure and start Sable in guest VMs --- .gitignore | 3 +- README.md | 13 +++- gen_conf.sh | 47 +++++++++++++ project.clj | 1 + src/jable/cli.clj | 2 +- src/jable/db.clj | 163 +++++++++++++++++++++++++++++++++++++++++++--- 6 files changed, 218 insertions(+), 11 deletions(-) create mode 100755 gen_conf.sh diff --git a/.gitignore b/.gitignore index b9df4c4..26886eb 100644 --- a/.gitignore +++ b/.gitignore @@ -3,8 +3,9 @@ pom.xml pom.xml.asc *.jar *.class -/lib/ /classes/ +/lib/ +/resources/ /store/ /target/ /checkouts/ diff --git a/README.md b/README.md index b4718f0..3a413fb 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,13 @@ -# jable +# jable (jepsen sable) +Test suite for [Sable](https://github.com/Libera-Chat/sable)'s networking layer +using the [Jepsen](https://github.com/jepsen-io/jepsen/) framework. + +How to run: + +1. Compile Sable somewhere on your system +2. setup VMs [suitable for Jepsen](https://github.com/jepsen-io/jepsen#vms-real-hardware-etc) +3. `git clone https://git.tf/val/jable/ && cd jable` +4. generate test TLS certs in `resources/`: `./gen_conf.sh` +5. Run tests: `lein run test --sable-bin /home/dev-sable/sable/target/debug/` +``` diff --git a/gen_conf.sh b/gen_conf.sh new file mode 100755 index 0000000..27de6a5 --- /dev/null +++ b/gen_conf.sh @@ -0,0 +1,47 @@ +mkdir -p resources/config/ resources/useless_openssl_data/ + +cat > resources/openssl.cnf < resources/useless_openssl_data/serial + +# Generate CA +openssl req -x509 -nodes -newkey rsa:2048 -batch \ + -outform PEM -out resources/config/ca_cert.pem \ + -keyout resources/ca_cert.key + +for server in $*; do + openssl genrsa -traditional \ + -out resources/config/server_$server.key \ + 2048 + openssl req -nodes -batch \ + -in resources/config/server_$server.key \ + -outform PEM -out resources/server_$server.req + openssl ca -config resources/openssl.cnf -days 3650 -md sha512 -batch \ + -subj /CN=$server \ + -keyfile resources/ca_cert.key -cert resources/config/ca_cert.pem \ + -in resources/server_$server.req \ + -out resources/config/server_$server.pem + openssl x509 -sha1 -in resources/config/server_$server.pem -fingerprint -noout \ + | sed "s/.*=//" | sed "s/://g" | tr '[:upper:]' '[:lower:]' > resources/server_$server.pem.sha1 +done + +rm -r resources/useless_openssl_data/ diff --git a/project.clj b/project.clj index 03c7eeb..c69c1ca 100644 --- a/project.clj +++ b/project.clj @@ -4,6 +4,7 @@ :license {:name "AGPL-3.0-only" :url "https://www.gnu.org/licenses/agpl-3.0.txt"} :dependencies [[org.clojure/clojure "1.11.1"] + [org.clojure/data.json "2.4.0"] [jepsen "0.3.3"]] :repl-options {:init-ns jable.core} :main jable.cli) diff --git a/src/jable/cli.clj b/src/jable/cli.clj index 7f929e2..c09c179 100644 --- a/src/jable/cli.clj +++ b/src/jable/cli.clj @@ -25,7 +25,7 @@ opts {:name "etcd" :os debian/os - :db (db/sable (:sable-bin opts)) + :db (db/sable (:sable-bin opts) (:nodes opts)) :pure-generators true})) (def cli-opts diff --git a/src/jable/db.clj b/src/jable/db.clj index 038fcb2..88f90db 100644 --- a/src/jable/db.clj +++ b/src/jable/db.clj @@ -13,6 +13,7 @@ (ns jable.db (:require [clojure.tools.logging :refer :all] + [clojure.data.json :as json] [clojure.string :as str] [jepsen [control :as c] [db :as db]] @@ -21,19 +22,165 @@ [jepsen.control.scp :as scp] [jepsen.os.debian :as debian])) +(def sable_binaries ["auth_client" "listener_process" "sable_ircd"]) + +(defn fingerprint + [node] + (slurp (str "resources/server_" node ".pem.sha1"))) + +(defn network_conf + [nodes] + { + :fanout 1 + :ca_file "/usr/local/etc/sable/ca_cert.pem" + + :peers (map (fn [node] {:name node + :address (str node ":6668") + :fingerprint (fingerprint node)}) + nodes)}) + +(def network_config_json + { + :opers [ + { + :name "operuser", + ; echo -n "operpassword" | openssl passwd -6 -stdin + :hash "$6$z5yA.OfGliDoi/R2$BgSsguS6bxAsPSCygDisgDw5JZuo5.88eU3Hyc7/4OaNpeKIxWGjOggeHzOl0xLiZg1vfwxXjOTFN14wG5vNI." + } + ], + + :alias_users [ + { + :nick "ChanServ", + :user "ChanServ", + :host "services.", + :realname "Channel services compatibility layer", + :command_alias "CS" + }, + { + :nick "NickServ", + :user "NickServ", + :host "services.", + :realname "Account services compatibility layer", + :command_alias "NS" + } + ], + + :default_roles { + "builtin:op" [ + "always_send", + "op_self", "op_grant", "voice_self", "voice_grant", + "receive_op", "receive_voice", "receive_opmod", + "topic", "kick", "set_simple_mode", "set_key", + "ban_view", "ban_add", "ban_remove_any", + "quiet_view", "quiet_add", "quiet_remove_any", + "exempt_view", "exempt_add", "exempt_remove_any", + "invite_self", "invite_other", + "invex_view", "invex_add", "invex_remove_any" + ], + "builtin:voice" [ + "always_send", + "voice_self", + "receive_voice", + "ban_view", "quiet_view" + ], + :builtin:all [ + "ban_view", "quiet_view" + ] + }, + + :debug_mode true + }) + + +(defn server_conf + [nodes node] + { + :server_id (.indexOf nodes node), + :server_name node, + :management { + :address "[::]:8888", + :client_ca "/usr/local/etc/sable/ca_cert.pem", + :authorised_fingerprints [], + }, + :server { + :listeners [ + { :address "[::]:6667" } + ] + }, + :event_log { + :event_expiry 3600 ; an hour + }, + :tls_config { + :key_file (str "/usr/local/etc/sable/server_" node ".key"), + :cert_file (str "/usr/local/etc/sable/server_" node ".pem"), + }, + :node_config { + :listen_addr "[::]:6668", + :cert_file (str "/usr/local/etc/sable/server_" node ".pem"), + :key_file (str "/usr/local/etc/sable/server_" node ".key"), + }, + :log { + :dir (str "/var/log/"), + :module-levels { + "sable" "trace" + }, + :targets [ + { + :target {:filename "sable.ircd.log"}, + :level "trace", + :modules [ "sable" "audit" "client_listener" ], + }, + ], + } + }) + +(defn configure_node + [nodes node] + (c/exec "echo" (json/write-str (network_conf nodes)) :> "/etc/sable/network.conf") + (c/exec "echo" (json/write-str network_config_json) :> "/etc/sable/network_config.json") + (c/exec "echo" (json/write-str (server_conf nodes node)) :> "/etc/sable/server.conf")) + +(def logfile "/var/log/sable_ircd.stdout") +(def pidfile "/var/run/sable_ircd.pid") + (defn sable "Sable IRCd install from binaries in a local directory." - [sable_bin_path] + [sable_bin_path nodes] (reify db/DB (setup! [_ test node] - (info node "installing Sable from" sable_bin_path) - (c/exec "rm" "-rf" "/tmp/sable_upload") - (c/exec "mkdir" "/tmp/sable_upload") - (let [remote_bin_path (c/upload (map (fn [file] (str sable_bin_path file)) - ["auth_client" "listener_process" "sable_ircd"]) + (c/exec "rm" "-rf" "/etc/sable" "/tmp/sable_upload" "/usr/local/etc/sable") + (c/exec "mkdir" "/tmp/sable_upload" "/etc/sable") + (info node "configuring Sable") + (let [remote_tmp_path (c/upload "resources/config" "/tmp/sable_upload")] (c/su - (c/exec* "cp" (str remote_bin_path "/*") "/usr/local/bin")))) + (c/exec* "mv" (str remote_tmp_path "/*") "/usr/local/etc/sable/"))) + (c/su (configure_node nodes node)) + (info node "installing Sable from" sable_bin_path) + (let [remote_tmp_path (c/upload (map (fn [file] (str sable_bin_path file)) + sable_binaries) + "/tmp/sable_upload")] + (c/su + (c/exec* "mv" (str remote_tmp_path "/*") "/usr/local/bin/"))) + (info node "starting Sable") + (c/su + (cu/start-daemon! + {:logfile logfile + :pidfile pidfile + :chdir "/usr/local/bin/"} + "sable_ircd" + "--foreground" + "--server-conf" "/etc/sable/server.conf" + "--network-conf" "/etc/sable/network.conf" + "--bootstrap-network" "/etc/sable/network_config.json")) + (Thread/sleep 1000)) (teardown! [_ test node] - (info node "tearing down Sable")))) + (info node "tearing down Sable") + (cu/stop-daemon! "sable_ircd" pidfile) + ;(c/exec "rm" "-f" + ; (map (fn [file] (str sable_bin_path file)) sable_binaries) + ; (map (fn [file] (str "/usr/local/bin/" file)) sable_binaries)) + ;(c/exec "rm" "-rf" "/tmp/sable_upload" "/usr/local/etc/sable" "/etc/sable") + )))