val/jable
1
0
Fork 0
Code Issues Pull Requests Activity

Configure and start Sable in guest VMs

Browse Source
This commit is contained in:
Val Lorentz
2023-09-09 17:33:05 +02:00
parent fbe2cd6951
commit 776d4a425f
6 changed files with 218 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -3,8 +3,9 @@ pom.xml
pom.xml.asc pom.xml.asc
*.jar *.jar
*.class *.class
/lib/
/classes/ /classes/
/lib/
/resources/
/store/ /store/
/target/ /target/
/checkouts/ /checkouts/

13
README.md
View File

@ -1,2 +1,13 @@
# jable # jable (jepsen sable)
Test suite for [Sable](https://github.com/Libera-Chat/sable)'s networking layer
using the [Jepsen](https://github.com/jepsen-io/jepsen/) framework.
How to run:
1. Compile Sable somewhere on your system
2. setup VMs [suitable for Jepsen](https://github.com/jepsen-io/jepsen#vms-real-hardware-etc)
3. `git clone https://git.tf/val/jable/ && cd jable`
4. generate test TLS certs in `resources/`: `./gen_conf.sh`
5. Run tests: `lein run test --sable-bin /home/dev-sable/sable/target/debug/`
```

47
gen_conf.sh Executable file
View File

@ -0,0 +1,47 @@
mkdir -p resources/config/ resources/useless_openssl_data/
cat > resources/openssl.cnf <<EOF
[ ca ]
default_ca = CA_default # The default ca section
[ CA_default ]
new_certs_dir = resources/useless_openssl_data/
database = resources/useless_openssl_data/db
policy = policy_anything
serial = resources/useless_openssl_data/serial
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
EOF
touch resources/useless_openssl_data/db
echo 01 > resources/useless_openssl_data/serial
# Generate CA
openssl req -x509 -nodes -newkey rsa:2048 -batch \
-outform PEM -out resources/config/ca_cert.pem \
-keyout resources/ca_cert.key
for server in $*; do
openssl genrsa -traditional \
-out resources/config/server_$server.key \
2048
openssl req -nodes -batch \
-in resources/config/server_$server.key \
-outform PEM -out resources/server_$server.req
openssl ca -config resources/openssl.cnf -days 3650 -md sha512 -batch \
-subj /CN=$server \
-keyfile resources/ca_cert.key -cert resources/config/ca_cert.pem \
-in resources/server_$server.req \
-out resources/config/server_$server.pem
openssl x509 -sha1 -in resources/config/server_$server.pem -fingerprint -noout \
| sed "s/.*=//" | sed "s/://g" | tr '[:upper:]' '[:lower:]' > resources/server_$server.pem.sha1
done
rm -r resources/useless_openssl_data/

1
project.clj
View File

@ -4,6 +4,7 @@
:license {:name "AGPL-3.0-only" :license {:name "AGPL-3.0-only"
:url "https://www.gnu.org/licenses/agpl-3.0.txt"} :url "https://www.gnu.org/licenses/agpl-3.0.txt"}
:dependencies [[org.clojure/clojure "1.11.1"] :dependencies [[org.clojure/clojure "1.11.1"]
[org.clojure/data.json "2.4.0"]
[jepsen "0.3.3"]] [jepsen "0.3.3"]]
:repl-options {:init-ns jable.core} :repl-options {:init-ns jable.core}
:main jable.cli) :main jable.cli)

2
src/jable/cli.clj
View File

@ -25,7 +25,7 @@
opts opts
{:name "etcd" {:name "etcd"
:os debian/os :os debian/os
:db (db/sable (:sable-bin opts)) :db (db/sable (:sable-bin opts) (:nodes opts))
:pure-generators true})) :pure-generators true}))
(def cli-opts (def cli-opts

163
src/jable/db.clj
View File

@ -13,6 +13,7 @@
(ns jable.db (ns jable.db
(:require [clojure.tools.logging :refer :all] (:require [clojure.tools.logging :refer :all]
[clojure.data.json :as json]
[clojure.string :as str] [clojure.string :as str]
[jepsen [control :as c] [jepsen [control :as c]
[db :as db]] [db :as db]]
@ -21,19 +22,165 @@
[jepsen.control.scp :as scp] [jepsen.control.scp :as scp]
[jepsen.os.debian :as debian])) [jepsen.os.debian :as debian]))
(def sable_binaries ["auth_client" "listener_process" "sable_ircd"])
(defn fingerprint
[node]
(slurp (str "resources/server_" node ".pem.sha1")))
(defn network_conf
[nodes]
{
:fanout 1
:ca_file "/usr/local/etc/sable/ca_cert.pem"
:peers (map (fn [node] {:name node
:address (str node ":6668")
:fingerprint (fingerprint node)})
nodes)})
(def network_config_json
{
:opers [
{
:name "operuser",
; echo -n "operpassword" | openssl passwd -6 -stdin
:hash "$6$z5yA.OfGliDoi/R2$BgSsguS6bxAsPSCygDisgDw5JZuo5.88eU3Hyc7/4OaNpeKIxWGjOggeHzOl0xLiZg1vfwxXjOTFN14wG5vNI."
}
],
:alias_users [
{
:nick "ChanServ",
:user "ChanServ",
:host "services.",
:realname "Channel services compatibility layer",
:command_alias "CS"
},
{
:nick "NickServ",
:user "NickServ",
:host "services.",
:realname "Account services compatibility layer",
:command_alias "NS"
}
],
:default_roles {
"builtin:op" [
"always_send",
"op_self", "op_grant", "voice_self", "voice_grant",
"receive_op", "receive_voice", "receive_opmod",
"topic", "kick", "set_simple_mode", "set_key",
"ban_view", "ban_add", "ban_remove_any",
"quiet_view", "quiet_add", "quiet_remove_any",
"exempt_view", "exempt_add", "exempt_remove_any",
"invite_self", "invite_other",
"invex_view", "invex_add", "invex_remove_any"
],
"builtin:voice" [
"always_send",
"voice_self",
"receive_voice",
"ban_view", "quiet_view"
],
:builtin:all [
"ban_view", "quiet_view"
]
},
:debug_mode true
})
(defn server_conf
[nodes node]
{
:server_id (.indexOf nodes node),
:server_name node,
:management {
:address "[::]:8888",
:client_ca "/usr/local/etc/sable/ca_cert.pem",
:authorised_fingerprints [],
},
:server {
:listeners [
{ :address "[::]:6667" }
]
},
:event_log {
:event_expiry 3600 ; an hour
},
:tls_config {
:key_file (str "/usr/local/etc/sable/server_" node ".key"),
:cert_file (str "/usr/local/etc/sable/server_" node ".pem"),
},
:node_config {
:listen_addr "[::]:6668",
:cert_file (str "/usr/local/etc/sable/server_" node ".pem"),
:key_file (str "/usr/local/etc/sable/server_" node ".key"),
},
:log {
:dir (str "/var/log/"),
:module-levels {
"sable" "trace"
},
:targets [
{
:target {:filename "sable.ircd.log"},
:level "trace",
:modules [ "sable" "audit" "client_listener" ],
},
],
}
})
(defn configure_node
[nodes node]
(c/exec "echo" (json/write-str (network_conf nodes)) :> "/etc/sable/network.conf")
(c/exec "echo" (json/write-str network_config_json) :> "/etc/sable/network_config.json")
(c/exec "echo" (json/write-str (server_conf nodes node)) :> "/etc/sable/server.conf"))
(def logfile "/var/log/sable_ircd.stdout")
(def pidfile "/var/run/sable_ircd.pid")
(defn sable (defn sable
"Sable IRCd install from binaries in a local directory." "Sable IRCd install from binaries in a local directory."
[sable_bin_path] [sable_bin_path nodes]
(reify db/DB (reify db/DB
(setup! [_ test node] (setup! [_ test node]
(info node "installing Sable from" sable_bin_path) (c/exec "rm" "-rf" "/etc/sable" "/tmp/sable_upload" "/usr/local/etc/sable")
(c/exec "rm" "-rf" "/tmp/sable_upload") (c/exec "mkdir" "/tmp/sable_upload" "/etc/sable")
(c/exec "mkdir" "/tmp/sable_upload") (info node "configuring Sable")
(let [remote_bin_path (c/upload (map (fn [file] (str sable_bin_path file)) (let [remote_tmp_path (c/upload "resources/config"
["auth_client" "listener_process" "sable_ircd"])
"/tmp/sable_upload")] "/tmp/sable_upload")]
(c/su (c/su
(c/exec* "cp" (str remote_bin_path "/*") "/usr/local/bin")))) (c/exec* "mv" (str remote_tmp_path "/*") "/usr/local/etc/sable/")))
(c/su (configure_node nodes node))
(info node "installing Sable from" sable_bin_path)
(let [remote_tmp_path (c/upload (map (fn [file] (str sable_bin_path file))
sable_binaries)
"/tmp/sable_upload")]
(c/su
(c/exec* "mv" (str remote_tmp_path "/*") "/usr/local/bin/")))
(info node "starting Sable")
(c/su
(cu/start-daemon!
{:logfile logfile
:pidfile pidfile
:chdir "/usr/local/bin/"}
"sable_ircd"
"--foreground"
"--server-conf" "/etc/sable/server.conf"
"--network-conf" "/etc/sable/network.conf"
"--bootstrap-network" "/etc/sable/network_config.json"))
(Thread/sleep 1000))
(teardown! [_ test node] (teardown! [_ test node]
(info node "tearing down Sable")))) (info node "tearing down Sable")
(cu/stop-daemon! "sable_ircd" pidfile)
;(c/exec "rm" "-f"
; (map (fn [file] (str sable_bin_path file)) sable_binaries)
; (map (fn [file] (str "/usr/local/bin/" file)) sable_binaries))
;(c/exec "rm" "-rf" "/tmp/sable_upload" "/usr/local/etc/sable" "/etc/sable")
)))