mirror of
https://github.com/balena-io/open-balena.git
synced 2025-06-24 18:25:16 +00:00
Compare commits
50 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| bb1328e27e | |||
| 395613af57 | |||
| 199d8eb4a4 | |||
| 6fdc554e43 | |||
| f8b8a1589a | |||
| 3bf14a2140 | |||
| fef145f993 | |||
| e068f8058f | |||
| c1ee146f0d | |||
| 9ad92596b9 | |||
| 56de2d20bb | |||
| 290c90c262 | |||
| 98b6100fed | |||
| e1bfb7f7b0 | |||
| 35ab5300e6 | |||
| fd031ad3a4 | |||
| 95d53993bc | |||
| 1721728794 | |||
| 061440f109 | |||
| 2f0fb27145 | |||
| 210bdcda37 | |||
| fac66040c8 | |||
| 85a69c1ef1 | |||
| e37a61e5f0 | |||
| 0fc85ff5b6 | |||
| 99dd615e55 | |||
| d3b021a1cb | |||
| b9b9b65ce6 | |||
| 9fb3f76858 | |||
| 52fb653223 | |||
| 7332b6971e | |||
| 011f3a35f9 | |||
| 0842b7b4ae | |||
| 37ecfb8996 | |||
| bd638ac409 | |||
| cec371f0b8 | |||
| eb1db83058 | |||
| 709d00b898 | |||
| 6f56ee8fbd | |||
| 9d48debca6 | |||
| 254fd3b499 | |||
| 5bc74c3f75 | |||
| 93d51fcdd5 | |||
| b2ec80fbdb | |||
| ed077b5722 | |||
| a50910ca83 | |||
| 318362cc25 | |||
| acd40a79e6 | |||
| 627867aec4 | |||
| 2e4064fab7 |
2
.github/CODEOWNERS
vendored
Normal file
2
.github/CODEOWNERS
vendored
Normal file
@ -0,0 +1,2 @@
|
||||
# Main repo owners:
|
||||
* @dfunckt @richbayliss
|
||||
1
.gitignore
vendored
1
.gitignore
vendored
@ -3,3 +3,4 @@
|
||||
.vagrant/
|
||||
config/
|
||||
src/
|
||||
package-lock.json
|
||||
|
||||
50
.openbalenarc
Normal file
50
.openbalenarc
Normal file
@ -0,0 +1,50 @@
|
||||
#!/bin/bash
|
||||
|
||||
alias dc="/home/vagrant/openbalena/scripts/compose"
|
||||
|
||||
function enter () {
|
||||
if [[ $# -lt 1 ]]; then
|
||||
echo "Usage: enter <service name> [command]"
|
||||
echo " "
|
||||
echo " Runs a [command] in the service specified."
|
||||
echo " "
|
||||
echo " command:"
|
||||
echo " (default) /bin/bash"
|
||||
echo " "
|
||||
echo " example:"
|
||||
echo " enter api # this will run the command '/bin/bash' in the API service, providing a shell prompt"
|
||||
echo " enter api uptime # this will run the command 'uptime' in the API service, and return"
|
||||
return 1
|
||||
fi
|
||||
|
||||
|
||||
service="$1"
|
||||
shift
|
||||
COMMAND=/bin/bash
|
||||
if [[ $# -gt 0 ]]; then
|
||||
COMMAND="$@"
|
||||
fi
|
||||
dc exec ${service} /bin/bash -c "${COMMAND}"
|
||||
}
|
||||
|
||||
function logs () {
|
||||
if [[ $# -lt 1 ]]; then
|
||||
echo "Usage: logs <service name> [options]"
|
||||
echo " "
|
||||
echo " Shows the logs from journalctl in the service specified."
|
||||
echo " "
|
||||
echo " options:"
|
||||
echo " -f tail the log stream"
|
||||
echo " -n number of lines to take"
|
||||
echo " "
|
||||
echo " example:"
|
||||
echo " logs api -fn100 # this will tail the API log, starting with the last 100 lines"
|
||||
return 1
|
||||
fi
|
||||
|
||||
service="$1"
|
||||
shift
|
||||
enter ${service} journalctl "$@"
|
||||
}
|
||||
|
||||
cd /home/vagrant/openbalena
|
||||
875
.versionbot/CHANGELOG.yml
Normal file
875
.versionbot/CHANGELOG.yml
Normal file
@ -0,0 +1,875 @@
|
||||
- commits:
|
||||
- subject: 'tidy: Remove unused DEVICE_CONFIG_OPENVPN_CONFIG variable'
|
||||
hash: 199d8eb4a454cc99a9cd8329fa6beae49b9040e1
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
Signed-off-by: Rich Bayliss <rich@balena.io>
|
||||
signed-off-by: Rich Bayliss <rich@balena.io>
|
||||
author: Rich Bayliss
|
||||
- subject: 'services: Update Registry service version'
|
||||
hash: 6fdc554e4396f950398fcf61640386ef70e57467
|
||||
body: >
|
||||
Update open-balena-registry to 2.7.0
|
||||
|
||||
|
||||
This allows registry to be configured to use its internal Redis instance
|
||||
for caching. It is still disabled by default though.
|
||||
footer:
|
||||
Change-type: minor
|
||||
change-type: minor
|
||||
author: Akis Kesoglou
|
||||
- subject: 'services: Update API service version'
|
||||
hash: f8b8a1589a6f46589721b0eb3cb2a156730ca56c
|
||||
body: |
|
||||
Update open-balena-api from 0.11.8 to 0.19.5
|
||||
|
||||
This brings in the latest bugfixes and changes.
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
Signed-off-by: Rich Bayliss <rich@balena.io>
|
||||
signed-off-by: Rich Bayliss <rich@balena.io>
|
||||
author: Rich Bayliss
|
||||
nested:
|
||||
- commits:
|
||||
- subject: Update typed-error to 3.1.0
|
||||
hash: 7ba397da9f1765258c533d454aa49dbacb9c0b79
|
||||
body: |
|
||||
Update typed-error from 2.0.0 to 3.1.0
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
nested:
|
||||
- commits:
|
||||
- subject: 'dev: Enforce prettier coding standards'
|
||||
hash: 47c07a641fa39ddb833b41aff7a918accad08289
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: minor
|
||||
change-type: minor
|
||||
Signed-off-by: Will Boyce <will@balena.io>
|
||||
signed-off-by: Will Boyce <will@balena.io>
|
||||
author: Will Boyce
|
||||
- subject: 'npm: Update dependencies and remove `package-lock.json`'
|
||||
hash: 067bceb5c8dfd46f7e4ff0f58dead46fd9626167
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
Signed-off-by: Will Boyce <will@balena.io>
|
||||
signed-off-by: Will Boyce <will@balena.io>
|
||||
author: Will Boyce
|
||||
- subject: >-
|
||||
codeowners: Add top contributors @wrboyce, @Page-, and
|
||||
@dfunckt
|
||||
hash: 6acc8757a594f74f264c8d68ea4501c61bda9951
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
Signed-off-by: Will Boyce <will@balena.io>
|
||||
signed-off-by: Will Boyce <will@balena.io>
|
||||
author: Will Boyce
|
||||
- subject: 'versionbot: Add CHANGELOG.yml (for nested changelogs)'
|
||||
hash: 2b684a0bb0c95a5dbd3b130ba0f184d3464d298f
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
Signed-off-by: Will Boyce <will@balena.io>
|
||||
signed-off-by: Will Boyce <will@balena.io>
|
||||
author: Will Boyce
|
||||
version: typed-error-3.1.0
|
||||
date: 2019-04-01T10:20:01.427Z
|
||||
- commits:
|
||||
- author: CameronDiver
|
||||
body: ''
|
||||
footers:
|
||||
change-type: patch
|
||||
signed-off-by: Cameron Diver <cameron@balena.io>
|
||||
hash: aaa9391dc463c1037f85e845d30f6f9434bb4dc1
|
||||
subject: Update README with new import style
|
||||
date: '2018-11-01T12:08:25Z'
|
||||
version: typed-error-3.0.2
|
||||
- commits:
|
||||
- author: Pagan Gazzard
|
||||
body: ''
|
||||
footers:
|
||||
change-type: patch
|
||||
hash: 627cdd281d7b086df8fe5ed1ccb0e0e0df3df062
|
||||
subject: Update to typescript 3
|
||||
- author: Pagan Gazzard
|
||||
body: ''
|
||||
footers:
|
||||
change-type: patch
|
||||
hash: 00d182bb2bc29bd82adb4e8ea4527f6bda6c5278
|
||||
subject: Update dev dependencies
|
||||
- author: Pagan Gazzard
|
||||
body: ''
|
||||
hash: 94adac5d747f16b9228b39e56007ee0126c6f99c
|
||||
subject: Add node-10 to the circle test suite
|
||||
date: '2018-10-29T14:05:23Z'
|
||||
version: typed-error-3.0.1
|
||||
- commits:
|
||||
- author: Will Boyce
|
||||
body: >-
|
||||
* Switch to `export ...` syntax (from `export = ...`)
|
||||
|
||||
* Fix invalid export of class inheriting non-exported
|
||||
class
|
||||
footers:
|
||||
change-type: major
|
||||
hash: a6307b8c04d3456ad7d8a6ac19035b5e718c4311
|
||||
subject: Distribute generated typescript declaration
|
||||
- author: Will Boyce
|
||||
body: ''
|
||||
footers:
|
||||
change-type: patch
|
||||
hash: 37c4b700baadba8cdd6bc0c40df74b30b1a6301c
|
||||
subject: use circle for build/publish and add package-lock
|
||||
- author: Will Boyce
|
||||
body: ''
|
||||
footers:
|
||||
change-type: patch
|
||||
hash: 83e809281f5172ca1ff71bdf0ee663cd504f1428
|
||||
subject: add lint scripts/requirements
|
||||
- author: Will Boyce
|
||||
body: ''
|
||||
footers:
|
||||
change-type: minor
|
||||
hash: da9431d08e501a0d4d0db3a7fb2c0bd06d76d064
|
||||
subject: Remove `BaseError` class and directly subclass `Error`
|
||||
- author: Will Boyce
|
||||
body: ''
|
||||
footers:
|
||||
change-type: patch
|
||||
hash: e46a36b54498b68f513c6cb947e217c11525e160
|
||||
subject: 'Update dependencies, clean up package/tsconfig'
|
||||
date: '2018-04-17T08:19:27Z'
|
||||
version: typed-error-3.0.0
|
||||
- commits:
|
||||
- author: Akis Kesoglou
|
||||
body: ''
|
||||
footers:
|
||||
change-type: patch
|
||||
hash: d35c44f1e57f6386c6f769f8cafc28e0886719cc
|
||||
subject: Add LICENSE
|
||||
date: '2017-12-15T17:19:00Z'
|
||||
version: typed-error-2.0.1
|
||||
version: open-balena-api-0.19.5
|
||||
date: 2019-05-20T12:59:21.646Z
|
||||
- commits:
|
||||
- subject: Some linting fixes for resin-lint 3
|
||||
hash: 808fc3e1ec9b21d8df1166bc3265d92d6bfa1c59
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: open-balena-api-0.19.4
|
||||
date: 2019-05-20T12:11:09.118Z
|
||||
- commits:
|
||||
- subject: Silence expected API key related rejections
|
||||
hash: d9e10e7128be9c562bcabbd58243830c6b2d1e01
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Akis Kesoglou
|
||||
version: open-balena-api-0.19.3
|
||||
date: 2019-05-17T11:47:13.587Z
|
||||
- commits:
|
||||
- subject: Update dependencies
|
||||
hash: a01960d25643dd5da4f090638db8e87b297c00c5
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: open-balena-api-0.19.2
|
||||
date: 2019-05-17T10:44:43.341Z
|
||||
- commits:
|
||||
- subject: Make use of a prepared query for device state query
|
||||
hash: ffa3f0bbba27d2c7246a45ab4ed4ff342a5c772c
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
- subject: Update pinejs to 10.14.0
|
||||
hash: ff02a77bebe6d4fbdd0a7fa9e2f2ef736fc560bc
|
||||
body: |
|
||||
Update pinejs from 10.11.0 to 10.14.0
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
nested:
|
||||
- commits:
|
||||
- subject: >-
|
||||
Update pinejs-client-core and make use of prepared
|
||||
queries
|
||||
hash: f61469c74fcba879bffb1e5e677805480e16e614
|
||||
body: |
|
||||
Update abstract-sql-compiler from 6.4.0 to 6.4.2
|
||||
Update odata-parser from 1.0.1 to 1.0.3
|
||||
Update odata-to-abstract-sql from 3.1.1 to 3.1.2
|
||||
Update pinejs-client-core from 5.3.6 to 5.5.1
|
||||
Update sbvr-parser from 0.2.1 to 0.2.2
|
||||
Update sbvr-types from 2.0.2 to 2.0.3
|
||||
footer:
|
||||
Change-type: minor
|
||||
change-type: minor
|
||||
author: Pagan Gazzard
|
||||
nested:
|
||||
- commits:
|
||||
- subject: >-
|
||||
Add .versionbot/CHANGELOG.yml for downstream
|
||||
changelogs
|
||||
hash: d871880a00c86b8eeec37489cf1d62a3688aabcc
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: odata-parser-1.0.3
|
||||
date: 2019-05-08T14:25:13.528Z
|
||||
- commits:
|
||||
- author: Pagan Gazzard
|
||||
body: ''
|
||||
footers:
|
||||
change-type: patch
|
||||
hash: 70ac83b0059a99d1d42e986f0a42fb7120c35ee8
|
||||
subject: Update dependencies
|
||||
date: '2019-04-15T06:51:46Z'
|
||||
version: odata-parser-1.0.2
|
||||
- commits:
|
||||
- subject: Update and fix lodash typings
|
||||
hash: 2bf073bbff3a94d66c31e07d98c3e298f5132b2c
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
- subject: Update husky/mocha dev dependencies
|
||||
hash: 29f7d52185186bdb1171fdf27a923eb38887d009
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: abstract-sql-compiler-6.4.2
|
||||
date: 2019-05-09T21:32:48.414Z
|
||||
- commits:
|
||||
- subject: Fix typescript compilation
|
||||
hash: a3733e5c348687d74dd290538c6a7f3f3a4a4bb0
|
||||
body: |
|
||||
Update odata-parser from 1.0.1 to 1.0.3
|
||||
Update odata-to-abstract-sql from 3.0.0 to 3.0.1
|
||||
Update sbvr-parser from 0.2.1 to 0.2.2
|
||||
Update sbvr-types from 2.0.0 to 2.0.3
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
nested:
|
||||
- commits:
|
||||
- subject: >-
|
||||
Add .versionbot/CHANGELOG.yml for
|
||||
downstream changelogs
|
||||
hash: 45c5843b204def5a727b8ba8dfafb2a2347f50f3
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: sbvr-parser-0.2.2
|
||||
date: 2019-05-08T14:23:57.847Z
|
||||
- subject: Add node 12 tests
|
||||
hash: 094c059eb3c5fd6f3502c53e40ed4b90197ed5c2
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
- subject: Add repo.yml for upstream changelogs
|
||||
hash: 3f4bffe3a107a4b6fd30c15bf1e70c79e68e226e
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
- subject: >-
|
||||
Add .versionbot/CHANGELOG.yml for downstream
|
||||
changelogs
|
||||
hash: 5e4ab1569e5e7f7648d4c14df8d3bf9f834a4828
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: abstract-sql-compiler-6.4.1
|
||||
date: 2019-05-08T16:45:44.728Z
|
||||
- commits:
|
||||
- subject: >-
|
||||
Fix downstream declaration creation errors due
|
||||
to `Dictionary`
|
||||
hash: a8a39edff8cc7e1d05fb9b67037718970e94296c
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: pinejs-client-js-5.5.1
|
||||
date: 2019-05-15T13:32:13.920Z
|
||||
- commits:
|
||||
- subject: >-
|
||||
Add a prepare method that prepares a query into
|
||||
a function
|
||||
hash: eb7eccca7d90c453710575ebdf3adb9ef56835a7
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: minor
|
||||
change-type: minor
|
||||
author: Pagan Gazzard
|
||||
version: pinejs-client-js-5.5.0
|
||||
date: 2019-05-15T11:51:46.450Z
|
||||
- commits:
|
||||
- subject: Add CODEOWNERS
|
||||
hash: e01174008f812e0c24ec1036aa1f9ff0bc716e85
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
Signed-off-by: Gergely Imreh <gergely@balena.io>
|
||||
signed-off-by: Gergely Imreh <gergely@balena.io>
|
||||
author: Gergely Imreh
|
||||
version: pinejs-client-js-5.4.1
|
||||
date: 2019-05-10T10:14:00.677Z
|
||||
- commits:
|
||||
- subject: >-
|
||||
Add support for parameter aliases in resource
|
||||
ids
|
||||
hash: a4e6a640a3ced56bcd3ef7bf22770338e089a90d
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: minor
|
||||
change-type: minor
|
||||
author: Pagan Gazzard
|
||||
version: pinejs-client-js-5.4.0
|
||||
date: 2019-05-10T09:57:46.863Z
|
||||
- commits:
|
||||
- subject: Deduplicate transformation of GET results
|
||||
hash: dd856e24072f652684adf63af97408ee0ba7389c
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: pinejs-client-js-5.3.10
|
||||
date: 2019-05-10T09:44:09.422Z
|
||||
- commits:
|
||||
- subject: >-
|
||||
Simplify how we expose types, which means
|
||||
`subscribe` is now exposed
|
||||
hash: f81e0cc59e75e0f9ffc71d9f122b9cfab9c05165
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: pinejs-client-js-5.3.9
|
||||
date: 2019-05-10T08:57:16.276Z
|
||||
- commits:
|
||||
- subject: Add automatic formatting via prettier
|
||||
hash: a345d32f295acfa8ed4e5b815c24e1e7fdb335f2
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: pinejs-client-js-5.3.8
|
||||
date: 2019-05-09T17:38:43.260Z
|
||||
- commits:
|
||||
- subject: 'Remove node 4 build, add node 12'
|
||||
hash: 8d549277d80746feadbdd8a6bba37eb076270440
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
- subject: >-
|
||||
Add .versionbot/CHANGELOG.yml for downstream
|
||||
changelogs
|
||||
hash: 067bedf65e86a902b7334ed6e5f117d6ac41afde
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: pinejs-client-js-5.3.7
|
||||
date: 2019-05-08T15:41:50.201Z
|
||||
- commits:
|
||||
- subject: Add node 12 tests
|
||||
hash: a6cc208654a36228a35fb8d8886e62bccc3c9fa4
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
- subject: Add repo.yml for upstream changelogs
|
||||
hash: e50ca4f49d80b3e89d37f7d8bf6607b0f797c7ae
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
- subject: >-
|
||||
Add .versionbot/CHANGELOG.yml for downstream
|
||||
changelogs
|
||||
hash: 9d68e94757f2f9498dedf3d6f085ce77ea70652a
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: odata-to-abstract-sql-3.1.2
|
||||
date: 2019-05-08T15:52:48.099Z
|
||||
- commits:
|
||||
- subject: >-
|
||||
Add .versionbot/CHANGELOG.yml for downstream
|
||||
changelogs
|
||||
hash: cc2e3e23030521788c127b5750abf3c65645a710
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: sbvr-types-2.0.3
|
||||
date: 2019-05-08T14:29:46.824Z
|
||||
- commits:
|
||||
- subject: >-
|
||||
Add .versionbot/CHANGELOG.yml for downstream
|
||||
changelogs
|
||||
hash: 45c5843b204def5a727b8ba8dfafb2a2347f50f3
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: sbvr-parser-0.2.2
|
||||
date: 2019-05-08T14:23:57.847Z
|
||||
version: pinejs-10.14.0
|
||||
date: 2019-05-15T14:12:22.538Z
|
||||
- commits:
|
||||
- subject: >-
|
||||
Fix possible null error when using a parameter alias
|
||||
with no value
|
||||
hash: ee0cb996e27a2234eb62608152230074a614cc4e
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: pinejs-10.13.3
|
||||
date: 2019-05-14T11:01:52.288Z
|
||||
- commits:
|
||||
- subject: Add repo.yml for nested changelogs
|
||||
hash: 02a34373d90f29b5ec06f9ae9823d87207fbb577
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: pinejs-10.13.2
|
||||
date: 2019-05-08T15:09:50.814Z
|
||||
- commits:
|
||||
- subject: Add node 12 to the circle tests
|
||||
hash: 7ae335dce37abf005daaa2e43239ed26ae2519de
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: pinejs-10.13.1
|
||||
date: 2019-05-06T21:37:25.704Z
|
||||
- commits:
|
||||
- subject: Expose odata-compiler as a bin script
|
||||
hash: cf86826e0d6653c456057d4de8d849d00ffc023f
|
||||
body: >
|
||||
This means that it will now match the module
|
||||
dependencies of the
|
||||
|
||||
installed pinejs
|
||||
footer:
|
||||
Change-type: minor
|
||||
change-type: minor
|
||||
author: Pagan Gazzard
|
||||
version: pinejs-10.13.0
|
||||
date: 2019-05-06T17:33:54.911Z
|
||||
- commits:
|
||||
- subject: Expose sbvr-compiler as a bin script
|
||||
hash: e6718ffe901b4d711f47493ff907ee1fe2f947e0
|
||||
body: >
|
||||
This means that it will now match the module
|
||||
dependencies of the
|
||||
|
||||
installed pinejs
|
||||
footer:
|
||||
Change-type: minor
|
||||
change-type: minor
|
||||
author: Pagan Gazzard
|
||||
- subject: >-
|
||||
Move odata-metadata-generator into odata-metadata
|
||||
directory
|
||||
hash: d414696ff13c9d9f2183f44eda434d0da8d26f01
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: pinejs-10.12.0
|
||||
date: 2019-05-01T13:08:20.878Z
|
||||
- commits:
|
||||
- subject: >-
|
||||
Update @types/lodash, avoiding `_.isObject` where
|
||||
necessary
|
||||
hash: 77a281beef4e9b82c6070dba3027ddd606e4c08b
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: pinejs-10.11.3
|
||||
date: 2019-05-01T11:07:54.197Z
|
||||
- commits:
|
||||
- subject: >-
|
||||
Only validate the model if the query affected at least 1
|
||||
row
|
||||
hash: 8bfd0a1f1cd45a837957f210979ec910e0e46261
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: pinejs-10.11.2
|
||||
date: 2019-04-22T13:42:40.543Z
|
||||
- commits:
|
||||
- subject: >-
|
||||
Switch odata-metadata-generator to using an abstract sql
|
||||
model
|
||||
hash: 9cf5c16b50f7371552cb8876dd5ca724cccdf911
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: pinejs-10.11.1
|
||||
date: 2019-04-11T16:03:38.840Z
|
||||
version: open-balena-api-0.19.1
|
||||
date: 2019-05-15T19:19:14.258Z
|
||||
- commits:
|
||||
- subject: Update target to es2018
|
||||
hash: b3bab02244ae85e4805db95eec92a3ae61fb0d92
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: minor
|
||||
change-type: minor
|
||||
author: Pagan Gazzard
|
||||
version: open-balena-api-0.19.0
|
||||
date: 2019-05-15T15:25:47.366Z
|
||||
- commits:
|
||||
- subject: 'bug: Resolve NPM dependency issues preventing startup'
|
||||
hash: 13842dee794bd12465ba97572a7a3ee0a19b7fc6
|
||||
body: |
|
||||
Add `ts-node` as a dependency, as it had been marked as devOnly
|
||||
in a previous PR.
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
Signed-off-by: Rich Bayliss <rich@balena.io>
|
||||
signed-off-by: Rich Bayliss <rich@balena.io>
|
||||
author: Rich Bayliss
|
||||
version: open-balena-api-0.18.6
|
||||
date: 2019-05-10T11:05:12.524Z
|
||||
- commits:
|
||||
- subject: Add typed-error upstream to repo.yml
|
||||
hash: d50d88a873988aa2c9cf1f50ed721fbf92565869
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
- subject: Add open-balena-base upstream to repo.yml
|
||||
hash: 2d039de7c4c8f8728a5a5af931fa83f55ef2a303
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: open-balena-api-0.18.5
|
||||
date: 2019-05-08T16:12:46.186Z
|
||||
- commits:
|
||||
- subject: Disable the service start limit
|
||||
hash: d69d9b2355616685dfb570be6aa6c14ccc97a7c2
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
- subject: Update open-balena-base to v7.0.2
|
||||
hash: d363fa289386f39de9af1bc3a3eb0690b35d9ea0
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: open-balena-api-0.18.4
|
||||
date: 2019-05-06T11:23:47.208Z
|
||||
- commits:
|
||||
- subject: 'tests: Add test framework'
|
||||
hash: 52c6eebcc45f637d15b48b7ea7942e6011b891eb
|
||||
body: |
|
||||
Add a test framework to allow testing of the openBalena API
|
||||
|
||||
Added CircleCI pipeline to run tests.
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
Signed-off-by: Rich Bayliss <rich@balena.io>
|
||||
signed-off-by: Rich Bayliss <rich@balena.io>
|
||||
author: Rich Bayliss
|
||||
version: open-balena-api-0.18.3
|
||||
date: 2019-05-01T09:06:36.206Z
|
||||
- commits:
|
||||
- subject: Fix import ordering issue
|
||||
hash: d4f207d8b7d9c55ef0f173fd3e58d20d46a964bc
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: open-balena-api-0.18.2
|
||||
date: 2019-04-29T12:32:17.257Z
|
||||
- commits:
|
||||
- subject: 'versionbot: add machine readable changelog'
|
||||
hash: 95c57fb121cda374e36e45aaf82ee36877e8b82f
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
Signed-off-by: Gergely Imreh <gergely@balena.io>
|
||||
signed-off-by: Gergely Imreh <gergely@balena.io>
|
||||
author: Gergely Imreh
|
||||
version: open-balena-api-0.18.1
|
||||
date: 2019-04-29T11:23:22.500Z
|
||||
- commits:
|
||||
- author: Gergely Imreh
|
||||
body: |-
|
||||
That OS version and upwards have docker with capability to pull
|
||||
from registry v2.
|
||||
footers:
|
||||
change-type: minor
|
||||
signed-off-by: Gergely Imreh <gergely@balena.io>
|
||||
hash: 9fa9f17256d3c975f1fa590d5d132433d1b20646
|
||||
subject: >-
|
||||
device-config: allow devices going back to v1.2.1 to use
|
||||
registry v2
|
||||
date: '2019-04-29T09:32:40Z'
|
||||
version: open-balena-api-0.18.0
|
||||
- commits:
|
||||
- author: Pagan Gazzard
|
||||
body: ''
|
||||
footers:
|
||||
change-type: patch
|
||||
hash: 41b3e535f633862c8191c0ee94b2a089179316ef
|
||||
subject: Handle requesting registry scopes with explicit indices above 20
|
||||
date: '2019-04-26T19:16:24Z'
|
||||
version: open-balena-api-0.17.4
|
||||
- commits:
|
||||
- author: Pagan Gazzard
|
||||
body: ''
|
||||
footers:
|
||||
change-type: patch
|
||||
hash: 501a5cb839d7bd6e24a4e702c9b2d55f6a7ccdae
|
||||
subject: Use more accurate `BadRequestError`s for invalid env var names
|
||||
- author: Pagan Gazzard
|
||||
body: ''
|
||||
hash: ec8543f76672e23a36353f2d38444f74867a3e64
|
||||
subject: Remove unnecessary `nameProp` argument from `addEnvHooks`
|
||||
- author: Pagan Gazzard
|
||||
body: ''
|
||||
hash: 8ca26a0368feaf72a40d528fc462dbb953426797
|
||||
subject: Avoid unnecessary object creation on env var validation
|
||||
date: '2019-04-26T09:24:50Z'
|
||||
version: open-balena-api-0.17.3
|
||||
- commits:
|
||||
- author: Will Boyce
|
||||
body: >-
|
||||
Allowing the server to dictate when keys are renegotiated allows
|
||||
us to
|
||||
|
||||
control load spikes more effectively.
|
||||
footers:
|
||||
change-type: patch
|
||||
signed-off-by: Will Boyce <will@balena.io>
|
||||
hash: de52f7e24057f12b0b9381d462ca1d0d0ea5a8d6
|
||||
subject: 'os-config: disable client-initiated vpn tls key renegotiation'
|
||||
date: '2019-04-24T12:32:57Z'
|
||||
version: open-balena-api-0.17.2
|
||||
- commits:
|
||||
- author: Pagan Gazzard
|
||||
body: ''
|
||||
footers:
|
||||
change-type: patch
|
||||
hash: f4676ba5237d374c9148db9855e7e0ce29bddb38
|
||||
subject: Remove unused `DEVICE_CONFIG_OPENVPN_CONFIG` fron env backend
|
||||
date: '2019-04-19T14:06:00Z'
|
||||
version: open-balena-api-0.17.1
|
||||
- commits:
|
||||
- author: Pagan Gazzard
|
||||
body: ''
|
||||
footers:
|
||||
change-type: minor
|
||||
hash: ef31eaefa2c75a3e6f61268bdc60af4b1e39f970
|
||||
subject: Rename `env_var_name` to `name` to match cloud
|
||||
date: '2019-04-18T15:54:23Z'
|
||||
version: open-balena-api-0.17.0
|
||||
- commits:
|
||||
- author: Rich Bayliss
|
||||
body: |-
|
||||
Add missing changes to make the `my_application` resource return
|
||||
results, instead of throwing an exception.
|
||||
footers:
|
||||
change-type: patch
|
||||
signed-off-by: Rich Bayliss <rich@balena.io>
|
||||
hash: 065454c21c7308b9e51395186a8023fc3b11b6a7
|
||||
subject: >-
|
||||
fix: Changes required to make `my_application` resource
|
||||
available
|
||||
date: '2019-04-18T13:38:33Z'
|
||||
version: open-balena-api-0.16.1
|
||||
- commits:
|
||||
- author: Pagan Gazzard
|
||||
body: ''
|
||||
footers:
|
||||
change-type: minor
|
||||
hash: 12bab4ff126f8156afa8aa1ad62f8776746d7c6e
|
||||
subject: Handle `my_applications` within pinejs
|
||||
date: '2019-04-17T14:18:41Z'
|
||||
version: open-balena-api-0.16.0
|
||||
- commits:
|
||||
- author: Will Boyce
|
||||
body: ''
|
||||
footers:
|
||||
change-type: patch
|
||||
signed-off-by: Will Boyce <will@balena.io>
|
||||
hash: 285091d355eb71099925d8e0eb5748aa50213de5
|
||||
subject: 'device-proxy: use `.balena` tld in favour of `.resin`'
|
||||
date: '2019-04-17T12:13:03Z'
|
||||
version: open-balena-api-0.15.2
|
||||
- commits:
|
||||
- author: Pagan Gazzard
|
||||
body: ''
|
||||
footers:
|
||||
change-type: patch
|
||||
hash: 76063693f447bdd155abe12004d52e51831fe7a9
|
||||
subject: Update method-override to 3.x
|
||||
date: '2019-04-17T09:52:51Z'
|
||||
version: open-balena-api-0.15.1
|
||||
- commits:
|
||||
- author: Pagan Gazzard
|
||||
body: |-
|
||||
Also splits index.js to make sure the bulk of it is typed
|
||||
Update pinejs from 10.8.0 to 10.11.0
|
||||
footers:
|
||||
change-type: minor
|
||||
hash: 384f53606795d4b565d8a851b86316ce4fcfbcb9
|
||||
subject: >-
|
||||
Rename `configPath` to `config` and make sure config.json is
|
||||
valid
|
||||
date: '2019-04-15T18:37:57Z'
|
||||
version: open-balena-api-0.15.0
|
||||
- commits:
|
||||
- author: Pablo Carranza Velez
|
||||
body: >-
|
||||
Added to the supervisor in
|
||||
https://github.com/balena-io/balena-supervisor/pull/934
|
||||
|
||||
We add this variable to the whitelist and add the information so
|
||||
that the UI can show it and allow changing it.
|
||||
footers:
|
||||
change-type: minor
|
||||
signed-off-by: Pablo Carranza Velez <pablocarranza@gmail.com>
|
||||
hash: ed41b29c8211d37897f656ed5b55594f3317aebe
|
||||
subject: >-
|
||||
Whitelist the new RESIN_SUPERVISOR_INSTANT_UPDATE_TRIGGER
|
||||
configuration variable
|
||||
date: '2019-04-11T18:27:19Z'
|
||||
version: open-balena-api-0.14.0
|
||||
- commits:
|
||||
- author: Pagan Gazzard
|
||||
body: ''
|
||||
footers:
|
||||
change-type: patch
|
||||
hash: f827088cd504c62753390d2f3929d9b9de708914
|
||||
subject: Fix `ResolvableReturnType` typing
|
||||
date: '2019-04-02T15:20:27Z'
|
||||
version: open-balena-api-0.13.3
|
||||
- commits:
|
||||
- author: Pagan Gazzard
|
||||
body: ''
|
||||
footers:
|
||||
change-type: patch
|
||||
hash: c0e11d4fd0080a74ca67568062ec8133fa9deb68
|
||||
subject: Add CODEOWNERS file
|
||||
date: '2019-04-01T13:32:08Z'
|
||||
version: open-balena-api-0.13.2
|
||||
- commits:
|
||||
- author: Pagan Gazzard
|
||||
body: ''
|
||||
footers:
|
||||
change-type: patch
|
||||
hash: da963b34c86e0f3a5bb7caefcf5cfad82a1de49e
|
||||
subject: Add an index for the vpn's service instance lookup
|
||||
date: '2019-04-01T13:18:22Z'
|
||||
version: open-balena-api-0.13.1
|
||||
- commits:
|
||||
- author: Pagan Gazzard
|
||||
body: Update pinejs from 10.6.1 to 10.8.0
|
||||
footers:
|
||||
change-type: patch
|
||||
hash: 4f7200e14388b379e4b068a64acbf2d4f4d62a9c
|
||||
subject: Use a readTransaction for device state
|
||||
- author: Pagan Gazzard
|
||||
body: ''
|
||||
footers:
|
||||
change-type: minor
|
||||
hash: 1f5005153dcf8aeb20622b6f23cc0131b9afd74a
|
||||
subject: >-
|
||||
Remove runInTransaction wrapper to avoid unnecessary function
|
||||
creation
|
||||
- author: Pagan Gazzard
|
||||
body: ''
|
||||
hash: 4ce469103710955e23754b09a94f8d1793cf82bc
|
||||
subject: Avoid need to repeateadly check for `readTransaction` existence
|
||||
date: '2019-03-28T11:00:59Z'
|
||||
version: open-balena-api-0.13.0
|
||||
- commits:
|
||||
- author: Stevche Radevski
|
||||
body: |-
|
||||
This will allow us to store the pre
|
||||
and post-image build logs as shown in
|
||||
the terminal.
|
||||
footers:
|
||||
change-type: minor
|
||||
signed-off-by: Stevche Radevski <stevche@balena.io>
|
||||
hash: e781deead7e08e4fc35e33769ab8262fdc941f2b
|
||||
subject: Add build log to release resource
|
||||
date: '2019-03-19T14:19:56Z'
|
||||
version: open-balena-api-0.12.0
|
||||
version: 1.2.0
|
||||
date: 2019-05-21T14:52:12.117Z
|
||||
423
CHANGELOG.md
423
CHANGELOG.md
@ -4,6 +4,429 @@ All notable changes to this project will be documented in this file
|
||||
automatically by Versionist. DO NOT EDIT THIS FILE MANUALLY!
|
||||
This project adheres to [Semantic Versioning](http://semver.org/).
|
||||
|
||||
# v1.2.0
|
||||
## (2019-05-21)
|
||||
|
||||
* tidy: Remove unused DEVICE_CONFIG_OPENVPN_CONFIG variable [Rich Bayliss]
|
||||
* services: Update Registry service version [Akis Kesoglou]
|
||||
* services: Update API service version [Rich Bayliss]
|
||||
|
||||
<details>
|
||||
<summary> View details </summary>
|
||||
|
||||
## open-balena-api-0.19.5
|
||||
### (2019-05-20)
|
||||
|
||||
* Update typed-error to 3.1.0 [Pagan Gazzard]
|
||||
|
||||
<details>
|
||||
<summary> View details </summary>
|
||||
|
||||
### typed-error-3.1.0
|
||||
#### (2019-04-01)
|
||||
|
||||
* dev: Enforce prettier coding standards [Will Boyce]
|
||||
* npm: Update dependencies and remove `package-lock.json` [Will Boyce]
|
||||
* codeowners: Add top contributors @wrboyce, @Page-, and @dfunckt [Will Boyce]
|
||||
* versionbot: Add CHANGELOG.yml (for nested changelogs) [Will Boyce]
|
||||
|
||||
### typed-error-3.0.2
|
||||
#### (2018-11-01)
|
||||
|
||||
* Update README with new import style [CameronDiver]
|
||||
|
||||
### typed-error-3.0.1
|
||||
#### (2018-10-29)
|
||||
|
||||
* Update to typescript 3 [Pagan Gazzard]
|
||||
* Update dev dependencies [Pagan Gazzard]
|
||||
* Add node-10 to the circle test suite [Pagan Gazzard]
|
||||
|
||||
### typed-error-3.0.0
|
||||
#### (2018-04-17)
|
||||
|
||||
* Distribute generated typescript declaration [Will Boyce]
|
||||
* use circle for build/publish and add package-lock [Will Boyce]
|
||||
* add lint scripts/requirements [Will Boyce]
|
||||
* Remove `BaseError` class and directly subclass `Error` [Will Boyce]
|
||||
* Update dependencies, clean up package/tsconfig [Will Boyce]
|
||||
|
||||
### typed-error-2.0.1
|
||||
#### (2017-12-15)
|
||||
|
||||
* Add LICENSE [Akis Kesoglou]
|
||||
</details>
|
||||
|
||||
|
||||
## open-balena-api-0.19.4
|
||||
### (2019-05-20)
|
||||
|
||||
* Some linting fixes for resin-lint 3 [Pagan Gazzard]
|
||||
|
||||
## open-balena-api-0.19.3
|
||||
### (2019-05-17)
|
||||
|
||||
* Silence expected API key related rejections [Akis Kesoglou]
|
||||
|
||||
## open-balena-api-0.19.2
|
||||
### (2019-05-17)
|
||||
|
||||
* Update dependencies [Pagan Gazzard]
|
||||
|
||||
## open-balena-api-0.19.1
|
||||
### (2019-05-15)
|
||||
|
||||
* Make use of a prepared query for device state query [Pagan Gazzard]
|
||||
* Update pinejs to 10.14.0 [Pagan Gazzard]
|
||||
|
||||
<details>
|
||||
<summary> View details </summary>
|
||||
|
||||
### pinejs-10.14.0
|
||||
#### (2019-05-15)
|
||||
|
||||
* Update pinejs-client-core and make use of prepared queries [Pagan Gazzard]
|
||||
|
||||
<details>
|
||||
<summary> View details </summary>
|
||||
|
||||
#### odata-parser-1.0.3
|
||||
##### (2019-05-08)
|
||||
|
||||
* Add .versionbot/CHANGELOG.yml for downstream changelogs [Pagan Gazzard]
|
||||
|
||||
#### odata-parser-1.0.2
|
||||
##### (2019-04-15)
|
||||
|
||||
* Update dependencies [Pagan Gazzard]
|
||||
|
||||
#### abstract-sql-compiler-6.4.2
|
||||
##### (2019-05-09)
|
||||
|
||||
* Update and fix lodash typings [Pagan Gazzard]
|
||||
* Update husky/mocha dev dependencies [Pagan Gazzard]
|
||||
|
||||
#### abstract-sql-compiler-6.4.1
|
||||
##### (2019-05-08)
|
||||
|
||||
* Fix typescript compilation [Pagan Gazzard]
|
||||
|
||||
<details>
|
||||
<summary> View details </summary>
|
||||
|
||||
##### sbvr-parser-0.2.2
|
||||
###### (2019-05-08)
|
||||
|
||||
* Add .versionbot/CHANGELOG.yml for downstream changelogs [Pagan Gazzard]
|
||||
</details>
|
||||
|
||||
* Add node 12 tests [Pagan Gazzard]
|
||||
* Add repo.yml for upstream changelogs [Pagan Gazzard]
|
||||
* Add .versionbot/CHANGELOG.yml for downstream changelogs [Pagan Gazzard]
|
||||
|
||||
#### pinejs-client-js-5.5.1
|
||||
##### (2019-05-15)
|
||||
|
||||
* Fix downstream declaration creation errors due to `Dictionary` [Pagan Gazzard]
|
||||
|
||||
#### pinejs-client-js-5.5.0
|
||||
##### (2019-05-15)
|
||||
|
||||
* Add a prepare method that prepares a query into a function [Pagan Gazzard]
|
||||
|
||||
#### pinejs-client-js-5.4.1
|
||||
##### (2019-05-10)
|
||||
|
||||
* Add CODEOWNERS [Gergely Imreh]
|
||||
|
||||
#### pinejs-client-js-5.4.0
|
||||
##### (2019-05-10)
|
||||
|
||||
* Add support for parameter aliases in resource ids [Pagan Gazzard]
|
||||
|
||||
#### pinejs-client-js-5.3.10
|
||||
##### (2019-05-10)
|
||||
|
||||
* Deduplicate transformation of GET results [Pagan Gazzard]
|
||||
|
||||
#### pinejs-client-js-5.3.9
|
||||
##### (2019-05-10)
|
||||
|
||||
* Simplify how we expose types, which means `subscribe` is now exposed [Pagan Gazzard]
|
||||
|
||||
#### pinejs-client-js-5.3.8
|
||||
##### (2019-05-09)
|
||||
|
||||
* Add automatic formatting via prettier [Pagan Gazzard]
|
||||
|
||||
#### pinejs-client-js-5.3.7
|
||||
##### (2019-05-08)
|
||||
|
||||
* Remove node 4 build, add node 12 [Pagan Gazzard]
|
||||
* Add .versionbot/CHANGELOG.yml for downstream changelogs [Pagan Gazzard]
|
||||
|
||||
#### odata-to-abstract-sql-3.1.2
|
||||
##### (2019-05-08)
|
||||
|
||||
* Add node 12 tests [Pagan Gazzard]
|
||||
* Add repo.yml for upstream changelogs [Pagan Gazzard]
|
||||
* Add .versionbot/CHANGELOG.yml for downstream changelogs [Pagan Gazzard]
|
||||
|
||||
#### sbvr-types-2.0.3
|
||||
##### (2019-05-08)
|
||||
|
||||
* Add .versionbot/CHANGELOG.yml for downstream changelogs [Pagan Gazzard]
|
||||
|
||||
#### sbvr-parser-0.2.2
|
||||
##### (2019-05-08)
|
||||
|
||||
* Add .versionbot/CHANGELOG.yml for downstream changelogs [Pagan Gazzard]
|
||||
</details>
|
||||
|
||||
|
||||
### pinejs-10.13.3
|
||||
#### (2019-05-14)
|
||||
|
||||
* Fix possible null error when using a parameter alias with no value [Pagan Gazzard]
|
||||
|
||||
### pinejs-10.13.2
|
||||
#### (2019-05-08)
|
||||
|
||||
* Add repo.yml for nested changelogs [Pagan Gazzard]
|
||||
|
||||
### pinejs-10.13.1
|
||||
#### (2019-05-06)
|
||||
|
||||
* Add node 12 to the circle tests [Pagan Gazzard]
|
||||
|
||||
### pinejs-10.13.0
|
||||
#### (2019-05-06)
|
||||
|
||||
* Expose odata-compiler as a bin script [Pagan Gazzard]
|
||||
|
||||
### pinejs-10.12.0
|
||||
#### (2019-05-01)
|
||||
|
||||
* Expose sbvr-compiler as a bin script [Pagan Gazzard]
|
||||
* Move odata-metadata-generator into odata-metadata directory [Pagan Gazzard]
|
||||
|
||||
### pinejs-10.11.3
|
||||
#### (2019-05-01)
|
||||
|
||||
* Update @types/lodash, avoiding `_.isObject` where necessary [Pagan Gazzard]
|
||||
|
||||
### pinejs-10.11.2
|
||||
#### (2019-04-22)
|
||||
|
||||
* Only validate the model if the query affected at least 1 row [Pagan Gazzard]
|
||||
|
||||
### pinejs-10.11.1
|
||||
#### (2019-04-11)
|
||||
|
||||
* Switch odata-metadata-generator to using an abstract sql model [Pagan Gazzard]
|
||||
</details>
|
||||
|
||||
|
||||
## open-balena-api-0.19.0
|
||||
### (2019-05-15)
|
||||
|
||||
* Update target to es2018 [Pagan Gazzard]
|
||||
|
||||
## open-balena-api-0.18.6
|
||||
### (2019-05-10)
|
||||
|
||||
* bug: Resolve NPM dependency issues preventing startup [Rich Bayliss]
|
||||
|
||||
## open-balena-api-0.18.5
|
||||
### (2019-05-08)
|
||||
|
||||
* Add typed-error upstream to repo.yml [Pagan Gazzard]
|
||||
* Add open-balena-base upstream to repo.yml [Pagan Gazzard]
|
||||
|
||||
## open-balena-api-0.18.4
|
||||
### (2019-05-06)
|
||||
|
||||
* Disable the service start limit [Pagan Gazzard]
|
||||
* Update open-balena-base to v7.0.2 [Pagan Gazzard]
|
||||
|
||||
## open-balena-api-0.18.3
|
||||
### (2019-05-01)
|
||||
|
||||
* tests: Add test framework [Rich Bayliss]
|
||||
|
||||
## open-balena-api-0.18.2
|
||||
### (2019-04-29)
|
||||
|
||||
* Fix import ordering issue [Pagan Gazzard]
|
||||
|
||||
## open-balena-api-0.18.1
|
||||
### (2019-04-29)
|
||||
|
||||
* versionbot: add machine readable changelog [Gergely Imreh]
|
||||
|
||||
## open-balena-api-0.18.0
|
||||
### (2019-04-29)
|
||||
|
||||
* device-config: allow devices going back to v1.2.1 to use registry v2 [Gergely Imreh]
|
||||
|
||||
## open-balena-api-0.17.4
|
||||
### (2019-04-26)
|
||||
|
||||
* Handle requesting registry scopes with explicit indices above 20 [Pagan Gazzard]
|
||||
|
||||
## open-balena-api-0.17.3
|
||||
### (2019-04-26)
|
||||
|
||||
* Use more accurate `BadRequestError`s for invalid env var names [Pagan Gazzard]
|
||||
* Remove unnecessary `nameProp` argument from `addEnvHooks` [Pagan Gazzard]
|
||||
* Avoid unnecessary object creation on env var validation [Pagan Gazzard]
|
||||
|
||||
## open-balena-api-0.17.2
|
||||
### (2019-04-24)
|
||||
|
||||
* os-config: disable client-initiated vpn tls key renegotiation [Will Boyce]
|
||||
|
||||
## open-balena-api-0.17.1
|
||||
### (2019-04-19)
|
||||
|
||||
* Remove unused `DEVICE_CONFIG_OPENVPN_CONFIG` fron env backend [Pagan Gazzard]
|
||||
|
||||
## open-balena-api-0.17.0
|
||||
### (2019-04-18)
|
||||
|
||||
* Rename `env_var_name` to `name` to match cloud [Pagan Gazzard]
|
||||
|
||||
## open-balena-api-0.16.1
|
||||
### (2019-04-18)
|
||||
|
||||
* fix: Changes required to make `my_application` resource available [Rich Bayliss]
|
||||
|
||||
## open-balena-api-0.16.0
|
||||
### (2019-04-17)
|
||||
|
||||
* Handle `my_applications` within pinejs [Pagan Gazzard]
|
||||
|
||||
## open-balena-api-0.15.2
|
||||
### (2019-04-17)
|
||||
|
||||
* device-proxy: use `.balena` tld in favour of `.resin` [Will Boyce]
|
||||
|
||||
## open-balena-api-0.15.1
|
||||
### (2019-04-17)
|
||||
|
||||
* Update method-override to 3.x [Pagan Gazzard]
|
||||
|
||||
## open-balena-api-0.15.0
|
||||
### (2019-04-15)
|
||||
|
||||
* Rename `configPath` to `config` and make sure config.json is valid [Pagan Gazzard]
|
||||
|
||||
## open-balena-api-0.14.0
|
||||
### (2019-04-11)
|
||||
|
||||
* Whitelist the new RESIN_SUPERVISOR_INSTANT_UPDATE_TRIGGER configuration variable [Pablo Carranza Velez]
|
||||
|
||||
## open-balena-api-0.13.3
|
||||
### (2019-04-02)
|
||||
|
||||
* Fix `ResolvableReturnType` typing [Pagan Gazzard]
|
||||
|
||||
## open-balena-api-0.13.2
|
||||
### (2019-04-01)
|
||||
|
||||
* Add CODEOWNERS file [Pagan Gazzard]
|
||||
|
||||
## open-balena-api-0.13.1
|
||||
### (2019-04-01)
|
||||
|
||||
* Add an index for the vpn's service instance lookup [Pagan Gazzard]
|
||||
|
||||
## open-balena-api-0.13.0
|
||||
### (2019-03-28)
|
||||
|
||||
* Use a readTransaction for device state [Pagan Gazzard]
|
||||
* Remove runInTransaction wrapper to avoid unnecessary function creation [Pagan Gazzard]
|
||||
* Avoid need to repeateadly check for `readTransaction` existence [Pagan Gazzard]
|
||||
|
||||
## open-balena-api-0.12.0
|
||||
### (2019-03-19)
|
||||
|
||||
* Add build log to release resource [Stevche Radevski]
|
||||
</details>
|
||||
|
||||
# v1.1.1
|
||||
## (2019-05-07)
|
||||
|
||||
* docker: Update docker-compose version to latest [Heds Simons]
|
||||
|
||||
# v1.1.0
|
||||
## (2019-05-07)
|
||||
|
||||
* s3: Update to latest version with credentials [Heds Simons]
|
||||
|
||||
# v1.0.2
|
||||
## (2019-04-17)
|
||||
|
||||
* scripts: Handle missing coreutils on Mac [Roman Mazur]
|
||||
|
||||
# v1.0.1
|
||||
## (2019-03-20)
|
||||
|
||||
* vpn: Remove BALENA_ROOT_CA from the VPN trust chain [Rich Bayliss]
|
||||
|
||||
# v1.0.0
|
||||
## (2019-03-15)
|
||||
|
||||
* tags: Pin the image tags for the service stack [Rich Bayliss]
|
||||
|
||||
# v0.2.2
|
||||
## (2019-03-08)
|
||||
|
||||
* codeowners: Add CODEOWNERS file [Rich Bayliss]
|
||||
|
||||
# v0.2.1
|
||||
## (2019-03-08)
|
||||
|
||||
* certs: Add support for an ACME certificate provider [Rich Bayliss]
|
||||
|
||||
# v0.2.0
|
||||
## (2019-01-25)
|
||||
|
||||
* Do not publish DB and Redis ports to the host [Akis Kesoglou]
|
||||
|
||||
# v0.1.4
|
||||
## (2019-01-10)
|
||||
|
||||
* vagrant: Add missing Node dependency [Rich Bayliss]
|
||||
|
||||
# v0.1.3
|
||||
## (2019-01-10)
|
||||
|
||||
* vagrant: Improve the Vagrant file to make development easier [Rich Bayliss]
|
||||
|
||||
# v0.1.2
|
||||
## (2018-12-20)
|
||||
|
||||
* init: Make scripts macOS compatible [Rich Bayliss]
|
||||
|
||||
# v0.1.1
|
||||
## (2018-12-17)
|
||||
|
||||
* Ignore package-lock.json [Akis Kesoglou]
|
||||
* Print the proper path to root CA cert [Akis Kesoglou]
|
||||
|
||||
# v0.1.0
|
||||
## (2018-11-20)
|
||||
|
||||
* vagrant: Change into open-balena directory automatically [Will Boyce]
|
||||
* api: Pass full VPN CA chain to `os-config` [Will Boyce]
|
||||
* haproxy: Proxy port 3128 to vpn service [Will Boyce]
|
||||
|
||||
# v0.0.7
|
||||
## (2018-11-14)
|
||||
|
||||
* Update README [Akis Kesoglou]
|
||||
|
||||
# v0.0.6
|
||||
## (2018-11-10)
|
||||
|
||||
|
||||
131
README.md
131
README.md
@ -1,64 +1,113 @@
|
||||
<img alt="openBalena" src="docs/assets/openbalena-logo.svg" height="82">
|
||||
|
||||
## Host requirements
|
||||
---
|
||||
|
||||
- Docker >= 18.05.0
|
||||
- Docker Compose >= 1.11
|
||||
- OpenSSL >= 1.0.0
|
||||
- Python >= 2.7 or >=3.4
|
||||
- NodeJS >= 4.0
|
||||
OpenBalena is a platform to deploy and manage connected devices. Devices run
|
||||
[balenaOS][balena-os-website], a host operating system designed for running
|
||||
containers on IoT devices, and are managed via the [balena CLI][balena-cli],
|
||||
which you can use to configure your application containers, push updates, check
|
||||
status, view logs, and so forth. OpenBalena’s backend services, composed of
|
||||
battle-tested components that we’ve run in production on [balenaCloud][balena-cloud-website]
|
||||
for years, can store device information securely and reliably, allow remote
|
||||
management via a built-in VPN service, and efficiently distribute container
|
||||
images to your devices.
|
||||
|
||||
## Installation
|
||||
To learn more about openBalena, visit [balena.io/open][open-balena-website].
|
||||
|
||||
Make sure you have the software listed above installed.
|
||||
|
||||
In a terminal, clone the project with:
|
||||
## Features
|
||||
|
||||
$ git clone https://github.com/balena-io/open-balena.git
|
||||
- **Simple provisioning**: Adding devices to your fleet is a breeze
|
||||
- **Easy updates**: Remotely update the software on your devices with a single command
|
||||
- **Container-based**: Benefit from the power of virtualization, optimized for the edge
|
||||
- **Scalable**: Deploy and manage one device, or one million
|
||||
- **Powerful API & SDK**: Extend openBalena to fit your needs
|
||||
- **Built-in VPN**: Access your devices regardless of their network environment
|
||||
|
||||
Change into the `open-balena` directory and run the configuration script.
|
||||
This will create a new directory, `config`, and generate appropriate SSL
|
||||
certificates and configuration for the instance.
|
||||
|
||||
$ ./scripts/quickstart
|
||||
## Roadmap
|
||||
|
||||
You may optionally configure the instance to run under a custom domain name.
|
||||
The default is `openbalena.local`. For example:
|
||||
OpenBalena is currently in beta. While fully functional, it lacks features we
|
||||
consider important before we can comfortably call it production-ready. During
|
||||
this phase, don’t be alarmed if things don’t work as expected just yet (and
|
||||
please let us know about any bugs or errors you encounter!). The following
|
||||
improvements and new functionality is planned:
|
||||
|
||||
$ ./scripts/quickstart -d mydomain.com
|
||||
- Full documentation
|
||||
- Full test suite
|
||||
- Simplified deployment
|
||||
- Remote host OS updates
|
||||
- Support for custom device types
|
||||
|
||||
For more available options, see the script's help:
|
||||
|
||||
$ ./scripts/quickstart -h
|
||||
## Contributing
|
||||
|
||||
Start the instance with:
|
||||
Everyone is welcome to contribute to openBalena. There are many different ways
|
||||
to get involved apart from submitting pull requests, including helping other
|
||||
users on the [forums][forums], reporting or triaging [issues][issue-tracker],
|
||||
reviewing and discussing [pull requests][pulls], or just spreading the word.
|
||||
|
||||
$ ./scripts/compose up -d
|
||||
All of openBalena is hosted on GitHub. Apart from its constituent components,
|
||||
which are the [API][open-balena-api], [VPN][open-balena-vpn], [Registry][open-balena-registry],
|
||||
[S3 storage service][open-balena-s3], and [Database][open-balena-db], contributions
|
||||
are also welcome to its client-side software such as the [balena CLI][balena-cli],
|
||||
the [balena SDK][balena-sdk], [balenaOS][balena-os] and [balenaEngine][balena-engine].
|
||||
|
||||
Stop the instance with:
|
||||
|
||||
$ ./scripts/compose stop
|
||||
## Getting Started
|
||||
|
||||
To remove all traces of the instance, run the following commands and finally
|
||||
delete the configuration folder.
|
||||
Our [Getting Started][getting-started] guide is the most direct path to getting
|
||||
an openBalena installation up and running and successfully deploying your
|
||||
application to your device(s).
|
||||
|
||||
**WARNING**: This will remove *all* data.
|
||||
|
||||
$ ./scripts/compose kill
|
||||
$ ./scripts/compose down
|
||||
$ docker volume rm openbalena_s3 openbalena_redis openbalena_db openbalena_registry
|
||||
## Documentation
|
||||
|
||||
### macOS & Windows
|
||||
While we're still working on the project documentation, please refer to the
|
||||
[balenaCloud documentation][documentation]. BalenaCloud is built on top of
|
||||
openBalena, so the core concepts and functionality is identical. The following
|
||||
sections are of particular interest:
|
||||
|
||||
On macOS and Windows you need Vagrant. `open-balena` is not being tested with
|
||||
docker-machine. `open-balena` comes with an appropriate `Vagrantfile` for
|
||||
setting up the VM, installing dependencies and starting the platform.
|
||||
- [Overview / A balena primer](https://balena.io/docs/learn/welcome/primer)
|
||||
- [Overview / Core Concepts](https://balena.io/docs/learn/welcome/concepts)
|
||||
- [Overview / Going to production](https://balena.io/docs/learn/welcome/production-plan)
|
||||
- [Develop / Define a container](https://balena.io/docs/learn/develop/dockerfile)
|
||||
- [Develop / Multiple containers](https://balena.io/docs/learn/develop/multicontainer)
|
||||
- [Develop / Runtime](https://balena.io/docs/learn/develop/runtime)
|
||||
- [Develop / Interact with hardware](https://balena.io/docs/learn/develop/hardware)
|
||||
- [Deploy / Optimize your builds](https://balena.io/docs/learn/deploy/build-optimization)
|
||||
- [Reference](https://balena.io/docs/reference)
|
||||
- [FAQ](https://balena.io/docs/faq/troubleshooting/faq)
|
||||
|
||||
- Install Vagrant >= 2.0
|
||||
- `$ vagrant plugin install vagrant-docker-compose`
|
||||
- `$ vagrant up`
|
||||
|
||||
When provisioning completes and the VM has started, `open-balena` services
|
||||
should be running inside the VM. You will need to expose these services to
|
||||
the outside in order for them to be reachable by devices. To do so, you must
|
||||
setup DNS for the domain name you've deployed the instance as to point to the
|
||||
VM's IP address.
|
||||
## Getting Help
|
||||
|
||||
You are welcome to submit any questions, participate in discussions and request
|
||||
help with any issue in [openBalena forums][forums]. The balena team frequents
|
||||
these forums and will be happy to help. You can also ask other community members
|
||||
for help, or contribute by answering questions posted by fellow openBalena users.
|
||||
Please do not use the issue tracker for support-related questions.
|
||||
|
||||
|
||||
## License
|
||||
|
||||
OpenBalena is licensed under the terms of AGPL v3. See [LICENSE](LICENSE) for details.
|
||||
|
||||
|
||||
[balena-cli]: https://github.com/balena-io/balena-cli
|
||||
[balena-cloud-website]: https://balena.io/cloud
|
||||
[balena-engine]: https://github.com/balena-os/balena-engine
|
||||
[balena-os-website]: https://balena.io/os
|
||||
[balena-os]: https://github.com/balena-os/meta-balena
|
||||
[balena-sdk]: https://github.com/balena-io/balena-sdk
|
||||
[documentation]: https://balena.io/docs/learn/welcome/introduction/
|
||||
[forums]: https://forums.balena.io/c/open-balena
|
||||
[getting-started]: https://balena.io/open/docs/getting-started
|
||||
[issue-tracker]: https://github.com/balena-io/open-balena/issues
|
||||
[open-balena-api]: https://github.com/balena-io/open-balena-api
|
||||
[open-balena-db]: https://github.com/balena-io/open-balena-db
|
||||
[open-balena-registry]: https://github.com/balena-io/open-balena-registry
|
||||
[open-balena-s3]: https://github.com/balena-io/open-balena-s3
|
||||
[open-balena-vpn]: https://github.com/balena-io/open-balena-vpn
|
||||
[open-balena-website]: https://balena.io/open
|
||||
[pulls]: https://github.com/balena-io/open-balena/pulls
|
||||
|
||||
34
Vagrantfile
vendored
34
Vagrantfile
vendored
@ -7,22 +7,36 @@ Vagrant.require_version '>= 2.0.0'
|
||||
end
|
||||
|
||||
Vagrant.configure('2') do |config|
|
||||
config.vm.define 'openbalenavm'
|
||||
config.vm.box = 'bento/ubuntu-16.04'
|
||||
config.vm.box_url = 'https://vagrantcloud.com/bento/boxes/ubuntu-16.04/versions/201808.24.0/providers/virtualbox.box'
|
||||
config.vm.define 'openbalena'
|
||||
config.vm.hostname = 'openbalena-vagrant'
|
||||
config.vm.box = 'bento/ubuntu-18.04'
|
||||
|
||||
config.vm.network "public_network",
|
||||
use_dhcp_assigned_default_route: true
|
||||
|
||||
config.vm.synced_folder '.', '/vagrant', disabled: true
|
||||
config.vm.synced_folder '.', '/home/vagrant/open-balena'
|
||||
config.vm.network 'public_network', bridge: ENV.fetch('OPENBALENA_BRIDGE', '')
|
||||
config.vm.synced_folder '.', '/home/vagrant/openbalena'
|
||||
|
||||
config.ssh.forward_agent = true
|
||||
|
||||
config.vm.provision :docker
|
||||
config.vm.provision :docker_compose
|
||||
|
||||
# FIXME: remove node
|
||||
config.vm.provision :shell, inline: 'apt-get update && apt-get install -y nodejs && rm -rf /var/lib/apt/lists/*'
|
||||
$provision = <<-SCRIPT
|
||||
DOCKER_COMPOSE_VERSION=1.24.0
|
||||
|
||||
touch /home/vagrant/.bashrc
|
||||
grep -Fxq 'source /home/vagrant/openbalena/.openbalenarc' /home/vagrant/.bashrc || echo 'source /home/vagrant/openbalena/.openbalenarc' >> /home/vagrant/.bashrc
|
||||
|
||||
curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.34.0/install.sh | bash
|
||||
source "/home/vagrant/.nvm/nvm.sh" # This loads nvm
|
||||
nvm install 10.15.0 && nvm use 10.15.0
|
||||
|
||||
# Install a newer version of docker-compose
|
||||
(cd /usr/local/bin; \
|
||||
sudo curl -o docker-compose --silent --location https://github.com/docker/compose/releases/download/$DOCKER_COMPOSE_VERSION/docker-compose-Linux-x86_64; \
|
||||
sudo chmod a+x docker-compose)
|
||||
SCRIPT
|
||||
|
||||
config.vm.provision :shell, privileged: false, inline: $provision
|
||||
|
||||
config.vm.provision :shell, privileged: false,
|
||||
inline: "cd /home/vagrant/open-balena && ./scripts/quickstart -p -d #{ENV.fetch('OPENBALENA_DOMAIN', 'openbalena.local')}"
|
||||
end
|
||||
|
||||
20
cert-provider/Dockerfile
Normal file
20
cert-provider/Dockerfile
Normal file
@ -0,0 +1,20 @@
|
||||
FROM alpine
|
||||
|
||||
EXPOSE 80
|
||||
WORKDIR /usr/src/app
|
||||
VOLUME [ "/usr/src/app/certs" ]
|
||||
|
||||
RUN apk add --update bash curl git openssl ncurses socat
|
||||
|
||||
RUN git clone https://github.com/Neilpang/acme.sh.git && \
|
||||
cd acme.sh && \
|
||||
git checkout 08357e3cb0d80c84bdaf3e42ce0e439665387f57 . && \
|
||||
./acme.sh --install \
|
||||
--cert-home /usr/src/app/certs
|
||||
|
||||
COPY entry.sh /entry.sh
|
||||
COPY cert-provider.sh ./cert-provider.sh
|
||||
COPY fake-le-bundle.pem ./
|
||||
|
||||
ENTRYPOINT [ "/entry.sh" ]
|
||||
CMD [ "/usr/src/app/cert-provider.sh" ]
|
||||
181
cert-provider/cert-provider.sh
Executable file
181
cert-provider/cert-provider.sh
Executable file
@ -0,0 +1,181 @@
|
||||
#!/bin/bash
|
||||
|
||||
# the acme.sh client script, installed via Git in the Dockerfile...
|
||||
ACME_BIN="$(realpath ~/.acme.sh/acme.sh)"
|
||||
|
||||
# the path to a bundle of certs to verify a LetsEncrypt staging certificate until Apr 2036...
|
||||
ACME_STAGING_CA="/usr/src/app/fake-le-bundle.pem"
|
||||
|
||||
# the path to a file which stores the last successful mode of certificate we acquired...
|
||||
ACME_MODE_FILE="/usr/src/app/certs/last_run_mode"
|
||||
|
||||
# colour output helpers...
|
||||
reset=$(tput -T xterm sgr0)
|
||||
red=$(tput -T xterm setaf 1)
|
||||
green=$(tput -T xterm setaf 2)
|
||||
yellow=$(tput -T xterm setaf 3)
|
||||
blue=$(tput -T xterm setaf 4)
|
||||
|
||||
logError() {
|
||||
echo "${red}[Error]${reset} $1"
|
||||
}
|
||||
|
||||
logWarn() {
|
||||
echo "${yellow}[Warn]${reset} $1"
|
||||
}
|
||||
|
||||
logInfo() {
|
||||
echo "${blue}[Info]${reset} $1"
|
||||
}
|
||||
|
||||
logSuccess() {
|
||||
echo "${green}[Success]${reset} $1"
|
||||
}
|
||||
|
||||
logErrorAndStop() {
|
||||
logError "$1 [Stopping]"
|
||||
while true; do
|
||||
# do nothing forever...
|
||||
sleep 60
|
||||
done
|
||||
}
|
||||
|
||||
retryWithDelay() {
|
||||
RETRIES=${2:-3}
|
||||
DELAY=${3:-5}
|
||||
|
||||
local ATTEMPT=0
|
||||
while [ $RETRIES -gt $ATTEMPT ]; do
|
||||
let "ATTEMPT++"
|
||||
if $1; then
|
||||
return $?
|
||||
fi
|
||||
|
||||
echo "($ATTEMPT/$RETRIES) Retrying in ${DELAY} seconds..."
|
||||
sleep $DELAY
|
||||
done
|
||||
|
||||
return 1
|
||||
}
|
||||
|
||||
waitForOnline() {
|
||||
ADDRESS="${1,,}"
|
||||
|
||||
logInfo "Waiting for ${ADDRESS} to be available via HTTP..."
|
||||
retryWithDelay "curl --output /dev/null --silent --head --fail http://${ADDRESS}" 6 5
|
||||
}
|
||||
|
||||
isUsingStagingCert() {
|
||||
HOST="${1,,}"
|
||||
echo "" | openssl s_client -host "$HOST" -port 443 -showcerts 2>/dev/null | awk '/BEGIN CERT/ {p=1} ; p==1; /END CERT/ {p=0}' | openssl verify -CAfile "$ACME_STAGING_CA" > /dev/null 2>&1
|
||||
}
|
||||
|
||||
pre-flight() {
|
||||
case "$ACTIVE" in
|
||||
"true"|"yes")
|
||||
;;
|
||||
*)
|
||||
logError "ACTIVE variable is not enabled. Value should be \"true\" or \"yes\" to continue."
|
||||
return 1
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ -z "$DOMAINS" ]; then
|
||||
logError "DOMAINS must be set. Value should be a comma-delimited string of domains."
|
||||
return 1
|
||||
else
|
||||
IFS=, read -r -a ACME_DOMAINS <<< "$DOMAINS"
|
||||
IFS=' ' read -r -a ACME_DOMAIN_ARGS <<< "${ACME_DOMAINS[@]/#/-d }"
|
||||
fi
|
||||
|
||||
if [ -z "$VALIDATION" ]; then
|
||||
logInfo "VALIDATION not set. Using default: http-01"
|
||||
VALIDATION="http-01"
|
||||
else
|
||||
case "$VALIDATION" in
|
||||
"http-01")
|
||||
logInfo "Using validation method: $VALIDATION"
|
||||
;;
|
||||
*)
|
||||
logError "VALIDATION is invalid. Use a valid value: http-01"
|
||||
return 1
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
|
||||
if [ -z "$OUTPUT_PEM" ]; then
|
||||
logError "OUTPUT_PEM must be set. Value should be the path to install your certificate to."
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
waitToSeeStagingCert() {
|
||||
logInfo "Waiting for ${ACME_DOMAINS[0]} to use a staging certificate..."
|
||||
retryWithDelay "isUsingStagingCert ${ACME_DOMAINS[0]}" 3 5
|
||||
}
|
||||
|
||||
lastAcquiredCertFor() {
|
||||
ACME_MODE="${1:-none}"
|
||||
ACME_LAST_MODE="$(cat $ACME_MODE_FILE || echo '')"
|
||||
logInfo "Last acquired certificate for ${ACME_LAST_MODE^^}"
|
||||
[ "${ACME_LAST_MODE,,}" == "${ACME_MODE,,}" ]
|
||||
}
|
||||
|
||||
acquireCertificate() {
|
||||
ACME_MODE="${1:-staging}"
|
||||
ACME_FORCE="${2:-false}"
|
||||
ACME_OPTS=()
|
||||
|
||||
if [ "${ACME_FORCE,,}" == "true" ];then ACME_OPTS+=("--force"); fi
|
||||
case "$ACME_MODE" in
|
||||
"production")
|
||||
logInfo "Using PRODUCTION mode"
|
||||
;;
|
||||
*)
|
||||
logInfo "Using STAGING mode"
|
||||
ACME_OPTS+=("--staging")
|
||||
;;
|
||||
esac
|
||||
|
||||
case "$VALIDATION" in
|
||||
"http-01")
|
||||
ACME_OPTS+=("--standalone")
|
||||
;;
|
||||
*)
|
||||
logError "VALIDATION is invalid. Use a valid value: http-01"
|
||||
return 1
|
||||
;;
|
||||
esac
|
||||
|
||||
if ! waitForOnline "${ACME_DOMAINS[0]}"; then
|
||||
logError "Unable to access site over HTTP"
|
||||
return 1
|
||||
fi
|
||||
|
||||
logInfo "Issuing certificates..."
|
||||
"$ACME_BIN" --issue "${ACME_OPTS[@]}" "${ACME_DOMAIN_ARGS[@]}"
|
||||
|
||||
logInfo "Installing certificates..." && \
|
||||
"$ACME_BIN" --install-cert "${ACME_DOMAIN_ARGS[@]}" \
|
||||
--cert-file /tmp/cert.pem \
|
||||
--key-file /tmp/key.pem \
|
||||
--fullchain-file /tmp/fullchain.pem \
|
||||
--reloadcmd "cat /tmp/fullchain.pem /tmp/key.pem > $OUTPUT_PEM" && \
|
||||
|
||||
echo "${ACME_MODE}" > "${ACME_MODE_FILE}"
|
||||
}
|
||||
|
||||
pre-flight || logErrorAndStop "Unable to continue due to misconfiguration. See errors above."
|
||||
|
||||
waitForOnline "${ACME_DOMAINS[0]}" || logErrorAndStop "Unable to access ${ACME_DOMAINS[0]} on port 80. This is needed for certificate validation."
|
||||
|
||||
if ! lastAcquiredCertFor "production"; then
|
||||
acquireCertificate "staging" || logErrorAndStop "Unable to acquire a staging certificate."
|
||||
waitToSeeStagingCert || logErrorAndStop "Unable to detect certificate change over. Cannot issue a production certificate."
|
||||
acquireCertificate "production" "true" || logErrorAndStop "Unable to acquire a production certificate."
|
||||
fi
|
||||
|
||||
logSuccess "Done!"
|
||||
|
||||
logInfo "Running cron..."
|
||||
crond -f -d 7
|
||||
3
cert-provider/entry.sh
Executable file
3
cert-provider/entry.sh
Executable file
@ -0,0 +1,3 @@
|
||||
#!/bin/bash
|
||||
|
||||
exec "$@"
|
||||
56
cert-provider/fake-le-bundle.pem
Normal file
56
cert-provider/fake-le-bundle.pem
Normal file
@ -0,0 +1,56 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFATCCAumgAwIBAgIRAKc9ZKBASymy5TLOEp57N98wDQYJKoZIhvcNAQELBQAw
|
||||
GjEYMBYGA1UEAwwPRmFrZSBMRSBSb290IFgxMB4XDTE2MDMyMzIyNTM0NloXDTM2
|
||||
MDMyMzIyNTM0NlowGjEYMBYGA1UEAwwPRmFrZSBMRSBSb290IFgxMIICIjANBgkq
|
||||
hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA+pYHvQw5iU3v2b3iNuYNKYgsWD6KU7aJ
|
||||
diddtZQxSWYzUI3U0I1UsRPTxnhTifs/M9NW4ZlV13ZfB7APwC8oqKOIiwo7IwlP
|
||||
xg0VKgyz+kT8RJfYr66PPIYP0fpTeu42LpMJ+CKo9sbpgVNDZN2z/qiXrRNX/VtG
|
||||
TkPV7a44fZ5bHHVruAxvDnylpQxJobtCBWlJSsbIRGFHMc2z88eUz9NmIOWUKGGj
|
||||
EmP76x8OfRHpIpuxRSCjn0+i9+hR2siIOpcMOGd+40uVJxbRRP5ZXnUFa2fF5FWd
|
||||
O0u0RPI8HON0ovhrwPJY+4eWKkQzyC611oLPYGQ4EbifRsTsCxUZqyUuStGyp8oa
|
||||
aoSKfF6X0+KzGgwwnrjRTUpIl19A92KR0Noo6h622OX+4sZiO/JQdkuX5w/HupK0
|
||||
A0M0WSMCvU6GOhjGotmh2VTEJwHHY4+TUk0iQYRtv1crONklyZoAQPD76hCrC8Cr
|
||||
IbgsZLfTMC8TWUoMbyUDgvgYkHKMoPm0VGVVuwpRKJxv7+2wXO+pivrrUl2Q9fPe
|
||||
Kk055nJLMV9yPUdig8othUKrRfSxli946AEV1eEOhxddfEwBE3Lt2xn0hhiIedbb
|
||||
Ftf/5kEWFZkXyUmMJK8Ra76Kus2ABueUVEcZ48hrRr1Hf1N9n59VbTUaXgeiZA50
|
||||
qXf2bymE6F8CAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB
|
||||
Af8wHQYDVR0OBBYEFMEmdKSKRKDm+iAo2FwjmkWIGHngMA0GCSqGSIb3DQEBCwUA
|
||||
A4ICAQBCPw74M9X/Xx04K1VAES3ypgQYH5bf9FXVDrwhRFSVckria/7dMzoF5wln
|
||||
uq9NGsjkkkDg17AohcQdr8alH4LvPdxpKr3BjpvEcmbqF8xH+MbbeUEnmbSfLI8H
|
||||
sefuhXF9AF/9iYvpVNC8FmJ0OhiVv13VgMQw0CRKkbtjZBf8xaEhq/YqxWVsgOjm
|
||||
dm5CAQ2X0aX7502x8wYRgMnZhA5goC1zVWBVAi8yhhmlhhoDUfg17cXkmaJC5pDd
|
||||
oenZ9NVhW8eDb03MFCrWNvIh89DDeCGWuWfDltDq0n3owyL0IeSn7RfpSclpxVmV
|
||||
/53jkYjwIgxIG7Gsv0LKMbsf6QdBcTjhvfZyMIpBRkTe3zuHd2feKzY9lEkbRvRQ
|
||||
zbh4Ps5YBnG6CKJPTbe2hfi3nhnw/MyEmF3zb0hzvLWNrR9XW3ibb2oL3424XOwc
|
||||
VjrTSCLzO9Rv6s5wi03qoWvKAQQAElqTYRHhynJ3w6wuvKYF5zcZF3MDnrVGLbh1
|
||||
Q9ePRFBCiXOQ6wPLoUhrrbZ8LpFUFYDXHMtYM7P9sc9IAWoONXREJaO08zgFtMp4
|
||||
8iyIYUyQAbsvx8oD2M8kRvrIRSrRJSl6L957b4AFiLIQ/GgV2curs0jje7Edx34c
|
||||
idWw1VrejtwclobqNMVtG3EiPUIpJGpbMcJgbiLSmKkrvQtGng==
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEqzCCApOgAwIBAgIRAIvhKg5ZRO08VGQx8JdhT+UwDQYJKoZIhvcNAQELBQAw
|
||||
GjEYMBYGA1UEAwwPRmFrZSBMRSBSb290IFgxMB4XDTE2MDUyMzIyMDc1OVoXDTM2
|
||||
MDUyMzIyMDc1OVowIjEgMB4GA1UEAwwXRmFrZSBMRSBJbnRlcm1lZGlhdGUgWDEw
|
||||
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtWKySDn7rWZc5ggjz3ZB0
|
||||
8jO4xti3uzINfD5sQ7Lj7hzetUT+wQob+iXSZkhnvx+IvdbXF5/yt8aWPpUKnPym
|
||||
oLxsYiI5gQBLxNDzIec0OIaflWqAr29m7J8+NNtApEN8nZFnf3bhehZW7AxmS1m0
|
||||
ZnSsdHw0Fw+bgixPg2MQ9k9oefFeqa+7Kqdlz5bbrUYV2volxhDFtnI4Mh8BiWCN
|
||||
xDH1Hizq+GKCcHsinDZWurCqder/afJBnQs+SBSL6MVApHt+d35zjBD92fO2Je56
|
||||
dhMfzCgOKXeJ340WhW3TjD1zqLZXeaCyUNRnfOmWZV8nEhtHOFbUCU7r/KkjMZO9
|
||||
AgMBAAGjgeMwgeAwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAw
|
||||
HQYDVR0OBBYEFMDMA0a5WCDMXHJw8+EuyyCm9Wg6MHoGCCsGAQUFBwEBBG4wbDA0
|
||||
BggrBgEFBQcwAYYoaHR0cDovL29jc3Auc3RnLXJvb3QteDEubGV0c2VuY3J5cHQu
|
||||
b3JnLzA0BggrBgEFBQcwAoYoaHR0cDovL2NlcnQuc3RnLXJvb3QteDEubGV0c2Vu
|
||||
Y3J5cHQub3JnLzAfBgNVHSMEGDAWgBTBJnSkikSg5vogKNhcI5pFiBh54DANBgkq
|
||||
hkiG9w0BAQsFAAOCAgEABYSu4Il+fI0MYU42OTmEj+1HqQ5DvyAeyCA6sGuZdwjF
|
||||
UGeVOv3NnLyfofuUOjEbY5irFCDtnv+0ckukUZN9lz4Q2YjWGUpW4TTu3ieTsaC9
|
||||
AFvCSgNHJyWSVtWvB5XDxsqawl1KzHzzwr132bF2rtGtazSqVqK9E07sGHMCf+zp
|
||||
DQVDVVGtqZPHwX3KqUtefE621b8RI6VCl4oD30Olf8pjuzG4JKBFRFclzLRjo/h7
|
||||
IkkfjZ8wDa7faOjVXx6n+eUQ29cIMCzr8/rNWHS9pYGGQKJiY2xmVC9h12H99Xyf
|
||||
zWE9vb5zKP3MVG6neX1hSdo7PEAb9fqRhHkqVsqUvJlIRmvXvVKTwNCP3eCjRCCI
|
||||
PTAvjV+4ni786iXwwFYNz8l3PmPLCyQXWGohnJ8iBm+5nk7O2ynaPVW0U2W+pt2w
|
||||
SVuvdDM5zGv2f9ltNWUiYZHJ1mmO97jSY/6YfdOUH66iRtQtDkHBRdkNBsMbD+Em
|
||||
2TgBldtHNSJBfB3pm9FblgOcJ0FSWcUDWJ7vO0+NTXlgrRofRT6pVywzxVo6dND0
|
||||
WzYlTWeUVsO40xJqhgUQRER9YLOLxJ0O6C8i0xFxAMKOtSdodMB3RIwt7RFQ0uyt
|
||||
n5Z5MqkYhlMI3J1tPRTp1nEt9fyGspBOO05gi148Qasp+3N+svqKomoQglNoAxU=
|
||||
-----END CERTIFICATE-----
|
||||
@ -1,10 +1,12 @@
|
||||
version: '2.1'
|
||||
version: "2.1"
|
||||
|
||||
volumes:
|
||||
db:
|
||||
registry:
|
||||
s3:
|
||||
redis:
|
||||
certs: {}
|
||||
cert-provider: {}
|
||||
db: {}
|
||||
redis: {}
|
||||
registry: {}
|
||||
s3: {}
|
||||
|
||||
services:
|
||||
api:
|
||||
@ -20,13 +22,12 @@ services:
|
||||
API_VPN_SERVICE_API_KEY: ${OPENBALENA_API_VPN_SERVICE_API_KEY}
|
||||
BALENA_ROOT_CA: ${OPENBALENA_ROOT_CA}
|
||||
COOKIE_SESSION_SECRET: ${OPENBALENA_COOKIE_SESSION_SECRET}
|
||||
DB_HOST: db.${OPENBALENA_HOST_NAME}
|
||||
DB_HOST: db
|
||||
DB_PASSWORD: docker
|
||||
DB_PORT: 5432
|
||||
DB_USER: docker
|
||||
DELTA_HOST: delta.${OPENBALENA_HOST_NAME}
|
||||
DEVICE_CONFIG_OPENVPN_CONFIG: ${OPENBALENA_VPN_CONFIG}
|
||||
DEVICE_CONFIG_OPENVPN_CA: ${OPENBALENA_VPN_CA}
|
||||
DEVICE_CONFIG_OPENVPN_CA: ${OPENBALENA_VPN_CA_CHAIN}
|
||||
DEVICE_CONFIG_SSH_AUTHORIZED_KEYS: ${OPENBALENA_SSH_AUTHORIZED_KEYS}
|
||||
HOST: api.${OPENBALENA_HOST_NAME}
|
||||
IMAGE_MAKER_URL: img.${OPENBALENA_HOST_NAME}
|
||||
@ -36,10 +37,10 @@ services:
|
||||
JSON_WEB_TOKEN_EXPIRY_MINUTES: 10080
|
||||
JSON_WEB_TOKEN_SECRET: ${OPENBALENA_JWT_SECRET}
|
||||
MIXPANEL_TOKEN: __unused__
|
||||
PRODUCTION_MODE: '${OPENBALENA_PRODUCTION_MODE}'
|
||||
PRODUCTION_MODE: "${OPENBALENA_PRODUCTION_MODE}"
|
||||
PUBNUB_PUBLISH_KEY: __unused__
|
||||
PUBNUB_SUBSCRIBE_KEY: __unused__
|
||||
REDIS_HOST: redis.${OPENBALENA_HOST_NAME}
|
||||
REDIS_HOST: redis
|
||||
REDIS_PORT: 6379
|
||||
REGISTRY2_HOST: registry.${OPENBALENA_HOST_NAME}
|
||||
REGISTRY_HOST: registry.${OPENBALENA_HOST_NAME}
|
||||
@ -49,7 +50,7 @@ services:
|
||||
TOKEN_AUTH_CERT_KEY: ${OPENBALENA_TOKEN_AUTH_KEY}
|
||||
TOKEN_AUTH_CERT_KID: ${OPENBALENA_TOKEN_AUTH_KID}
|
||||
TOKEN_AUTH_CERT_PUB: ${OPENBALENA_TOKEN_AUTH_PUB}
|
||||
TOKEN_AUTH_JWT_ALGO: 'ES256'
|
||||
TOKEN_AUTH_JWT_ALGO: "ES256"
|
||||
VPN_HOST: vpn.${OPENBALENA_HOST_NAME}
|
||||
VPN_PORT: 443
|
||||
VPN_SERVICE_API_KEY: ${OPENBALENA_VPN_SERVICE_API_KEY}
|
||||
@ -62,7 +63,6 @@ services:
|
||||
service: component
|
||||
image: balena/open-balena-registry:${OPENBALENA_REGISTRY_VERSION_TAG:-master}
|
||||
depends_on:
|
||||
- api
|
||||
- s3
|
||||
- redis
|
||||
volumes:
|
||||
@ -73,10 +73,15 @@ services:
|
||||
BALENA_ROOT_CA: ${OPENBALENA_ROOT_CA}
|
||||
BALENA_TOKEN_AUTH_ISSUER: api.${OPENBALENA_HOST_NAME}
|
||||
BALENA_TOKEN_AUTH_REALM: https://api.${OPENBALENA_HOST_NAME}/auth/v1/token
|
||||
COMMON_REGION:
|
||||
REGISTRY2_S3_BUCKET:
|
||||
REGISTRY2_S3_KEY:
|
||||
REGISTRY2_S3_SECRET:
|
||||
COMMON_REGION:
|
||||
REGISTRY2_CACHE_ENABLED: "false"
|
||||
REGISTRY2_CACHE_ADDR: 127.0.0.1:6379
|
||||
REGISTRY2_CACHE_DB: 0
|
||||
REGISTRY2_CACHE_MAXMEMORY_MB: 1024 # megabytes
|
||||
REGISTRY2_CACHE_MAXMEMORY_POLICY: allkeys-lru
|
||||
REGISTRY2_S3_BUCKET:
|
||||
REGISTRY2_S3_KEY:
|
||||
REGISTRY2_S3_SECRET:
|
||||
REGISTRY2_SECRETKEY: ${OPENBALENA_REGISTRY_SECRET_KEY}
|
||||
REGISTRY2_STORAGEPATH: /data
|
||||
|
||||
@ -94,10 +99,10 @@ services:
|
||||
BALENA_API_HOST: api.${OPENBALENA_HOST_NAME}
|
||||
BALENA_ROOT_CA: ${OPENBALENA_ROOT_CA}
|
||||
BALENA_VPN_PORT: 443
|
||||
PRODUCTION_MODE: '${OPENBALENA_PRODUCTION_MODE}'
|
||||
PRODUCTION_MODE: "${OPENBALENA_PRODUCTION_MODE}"
|
||||
RESIN_VPN_GATEWAY: 10.2.0.1
|
||||
SENTRY_DSN:
|
||||
VPN_HAPROXY_USEPROXYPROTOCOL: 'true'
|
||||
SENTRY_DSN:
|
||||
VPN_HAPROXY_USEPROXYPROTOCOL: "true"
|
||||
VPN_OPENVPN_CA_CRT: ${OPENBALENA_VPN_CA}
|
||||
VPN_OPENVPN_SERVER_CRT: ${OPENBALENA_VPN_SERVER_CRT}
|
||||
VPN_OPENVPN_SERVER_DH: ${OPENBALENA_VPN_SERVER_DH}
|
||||
@ -115,10 +120,13 @@ services:
|
||||
s3:
|
||||
extends:
|
||||
file: ./common.yml
|
||||
service: system
|
||||
service: component
|
||||
image: balena/open-balena-s3:${OPENBALENA_S3_VERSION_TAG:-master}
|
||||
volumes:
|
||||
- s3:/export
|
||||
environment:
|
||||
S3_MINIO_ACCESS_KEY: abcdef1234
|
||||
S3_MINIO_SECRET_KEY: "1234567890"
|
||||
|
||||
redis:
|
||||
extends:
|
||||
@ -135,17 +143,20 @@ services:
|
||||
build: ../haproxy
|
||||
depends_on:
|
||||
- api
|
||||
- registry
|
||||
- vpn
|
||||
- cert-provider
|
||||
- db
|
||||
- s3
|
||||
- redis
|
||||
- registry
|
||||
- vpn
|
||||
ports:
|
||||
- "80:80"
|
||||
- "222:222"
|
||||
- "443:443"
|
||||
- "5432:5432"
|
||||
- "6379:6379"
|
||||
- "3128:3128"
|
||||
expose:
|
||||
- "222"
|
||||
- "5432"
|
||||
- "6379"
|
||||
networks:
|
||||
default:
|
||||
aliases:
|
||||
@ -160,3 +171,15 @@ services:
|
||||
BALENA_HAPROXY_KEY: ${OPENBALENA_ROOT_KEY}
|
||||
BALENA_ROOT_CA: ${OPENBALENA_ROOT_CA}
|
||||
HAPROXY_HOSTNAME: ${OPENBALENA_HOST_NAME}
|
||||
volumes:
|
||||
- certs:/certs:ro
|
||||
|
||||
cert-provider:
|
||||
build: ../cert-provider
|
||||
volumes:
|
||||
- certs:/certs
|
||||
- cert-provider:/usr/src/app/certs
|
||||
environment:
|
||||
ACTIVE: ${OPENBALENA_ACME_CERT_ENABLED}
|
||||
DOMAINS: "api.${OPENBALENA_HOST_NAME},registry.${OPENBALENA_HOST_NAME},s3.${OPENBALENA_HOST_NAME},vpn.${OPENBALENA_HOST_NAME}"
|
||||
OUTPUT_PEM: /certs/open-balena.pem
|
||||
|
||||
5
compose/versions
Normal file
5
compose/versions
Normal file
@ -0,0 +1,5 @@
|
||||
export OPENBALENA_API_VERSION_TAG=v0.19.5
|
||||
export OPENBALENA_DB_VERSION_TAG=v2.0.3
|
||||
export OPENBALENA_REGISTRY_VERSION_TAG=v2.7.0
|
||||
export OPENBALENA_S3_VERSION_TAG=v2.6.2
|
||||
export OPENBALENA_VPN_VERSION_TAG=v8.10.0
|
||||
8
docs/assets/openbalena-logo.svg
Normal file
8
docs/assets/openbalena-logo.svg
Normal file
@ -0,0 +1,8 @@
|
||||
<svg xmlns="http://www.w3.org/2000/svg" width="228" height="42" viewBox="0 0 228 42">
|
||||
<g fill="none" fill-rule="evenodd">
|
||||
<path fill="#00D2EA" d="M57.231 23.086c0 2.186 1.667 3.8 3.635 3.8 1.968 0 3.635-1.614 3.635-3.828 0-2.213-1.667-3.826-3.635-3.826-1.968 0-3.635 1.613-3.635 3.826v.028zm-4.537-.055c0-3.69 2.651-8.035 8.172-8.035 5.521 0 8.172 4.346 8.172 8.062 0 3.718-2.65 8.063-8.172 8.063-5.52 0-8.172-4.345-8.172-8.063v-.027zM83.55 23.059c0-1.776-1.312-3.854-3.8-3.854-1.093 0-2.05.437-2.732 1.148-.657.684-1.067 1.667-1.067 2.76 0 1.067.41 2.023 1.094 2.706a3.82 3.82 0 0 0 2.706 1.12c2.378 0 3.799-1.94 3.799-3.853v-.027zm-11.944-7.57h4.264v1.666c.984-1.147 2.487-2.186 4.81-2.186 5.384 0 7.407 4.728 7.407 8.253 0 4.374-3.061 7.954-7.38 7.954-2.733 0-4.018-1.312-4.564-1.886v6.424h-4.537V15.488zM101.204 21.2c-.11-.71-1.038-2.405-3.389-2.405-2.35 0-3.28 1.695-3.389 2.405h6.778zm-6.833 3.444c.191 1.612 1.722 2.678 3.499 2.678 1.448 0 2.214-.628 2.76-1.42h4.647c-.738 1.694-1.804 3.006-3.088 3.88a7.373 7.373 0 0 1-4.32 1.367c-4.344 0-8.035-3.526-8.035-8.036 0-4.236 3.335-8.144 7.954-8.144 2.323 0 4.318.902 5.74 2.405 1.913 2.05 2.487 4.482 2.131 7.27H94.371zM108.31 15.488h4.235v1.613c.52-.738 1.476-2.132 4.182-2.132 5.111 0 5.63 4.154 5.63 6.204v9.484h-4.537v-8.282c0-1.667-.355-3.143-2.377-3.143-2.241 0-2.597 1.613-2.597 3.17v8.255h-4.537V15.488zM33.85 15.174v11.583c0 1.704-.918 3.29-2.395 4.139l-10.1 5.807c-.27.155-.55.277-.839.372v4.636c.49-.128.96-.312 1.396-.564l13.117-7.542a5.92 5.92 0 0 0 2.962-5.118V13.444c0-.512-.077-1.017-.213-1.513l-4.015 2.382c.054.281.087.568.087.86M2.955 8.323c-.515.297-.98.682-1.385 1.128l3.986 2.365c.29-.298.605-.57.974-.783L16.59 5.23a4.79 4.79 0 0 1 4.766-.003l10.1 5.808c.303.174.573.388.823.621l3.967-2.353c-.368-.377-.764-.717-1.216-.978L21.913.783a5.927 5.927 0 0 0-5.895.004L2.955 8.323zM16.588 36.7L6.53 30.898a4.787 4.787 0 0 1-2.39-4.136V15.17c0-.21.027-.417.056-.623L.163 12.154A5.72 5.72 0 0 0 0 13.437v15.056a5.918 5.918 0 0 0 2.955 5.114l13.063 7.537c.454.262.943.452 1.456.582v-4.643a4.517 4.517 0 0 1-.886-.382"/>
|
||||
<g fill="#2A506F">
|
||||
<path d="M132.219 20.286c-.995.804-1.492 1.83-1.492 3.077 0 1.32.458 2.426 1.372 3.321.915.895 2.118 1.342 3.609 1.342 1.411 0 2.554-.426 3.43-1.279.874-.85 1.311-1.912 1.311-3.181 0-1.25-.437-2.315-1.312-3.194-.875-.88-2.018-1.32-3.43-1.32-1.332.019-2.495.43-3.488 1.234zM127 11h3.966v6.588h.06c.437-.578 1.018-1.025 1.745-1.342a8.611 8.611 0 0 1 2.251-.637c.199-.018.387-.031.567-.04.178-.01.358-.014.536-.014 2.426 0 4.414.805 5.965 2.413 1.55 1.609 2.326 3.47 2.326 5.584 0 .308-.02.629-.06.963a5.71 5.71 0 0 1-.209.99 8.547 8.547 0 0 1-.716 1.898 7.322 7.322 0 0 1-1.132 1.626 7.133 7.133 0 0 1-2.714 1.857 9 9 0 0 1-3.34.638c-1.134 0-2.182-.196-3.147-.584-.965-.388-1.764-1.025-2.4-1.911l-.06-.027v2.033H127V11zM159.655 23.499c0-1.247-.443-2.3-1.328-3.16-.885-.858-2.033-1.278-3.444-1.26-1.452-.018-2.64.416-3.564 1.302-.924.886-1.386 1.988-1.386 3.307 0 1.23.481 2.264 1.446 3.104.964.84 2.112 1.253 3.444 1.234 1.432.019 2.595-.407 3.49-1.274.894-.868 1.342-1.943 1.342-3.226v-.027zm3.757 7.536h-3.638v-2.033h-.06c-.497.65-1.154 1.184-1.969 1.6a8.656 8.656 0 0 1-2.534.84l-.551.054c-.19.018-.374.027-.552.027-1.273 0-2.427-.222-3.46-.664a7.556 7.556 0 0 1-2.624-1.83 7.805 7.805 0 0 1-1.52-2.494 8.312 8.312 0 0 1-.538-2.983c0-1.048.164-2.014.492-2.9.329-.885.87-1.717 1.625-2.494.836-.886 1.764-1.541 2.789-1.966 1.024-.424 2.141-.637 3.355-.637 1.133 0 2.177.222 3.13.664a6.44 6.44 0 0 1 2.417 1.939v-2.142h3.638v15.019zM166.364 31.035h3.966V11h-3.966zM186.046 21.926c-.319-.886-.895-1.582-1.73-2.087a5.247 5.247 0 0 0-2.773-.76h-.24a5.695 5.695 0 0 0-2.683.847c-.835.51-1.391 1.176-1.67 2h9.096zm-9.036 3.2c.298.885.85 1.59 1.655 2.113a4.842 4.842 0 0 0 2.699.787c.755 0 1.465-.118 2.131-.352.666-.236 1.189-.552 1.567-.95l4.384-.027c-.498 1.356-1.506 2.5-3.027 3.43-1.521.93-3.157 1.396-4.906 1.396-2.406 0-4.458-.763-6.158-2.29-1.7-1.527-2.55-3.385-2.55-5.572 0-2.223.845-4.13 2.535-5.72 1.69-1.59 3.767-2.386 6.232-2.386 2.366 0 4.37.789 6.01 2.366 1.64 1.576 2.46 3.41 2.46 5.5 0 .235-.015.465-.045.69-.03.225-.065.446-.105.662-.02.073-.035.136-.044.19a.888.888 0 0 0-.015.162H177.01zM192.607 16.016h3.668V17.4h.06c.456-.56 1.058-.994 1.804-1.302a7.395 7.395 0 0 1 2.34-.542h.597c.079 0 .16.01.239.027a6.924 6.924 0 0 1 2.31.57c.747.325 1.388.75 1.924 1.273l.224.204c.07.063.134.14.194.23.635.814 1.014 1.682 1.133 2.603.12.922.18 1.862.18 2.82v7.753h-3.967v-7.781c0-.253-.01-.505-.03-.759a7.26 7.26 0 0 0-.21-1.152c-.099-.37-.248-.709-.446-1.017a2.753 2.753 0 0 0-1.06-.868 3.827 3.827 0 0 0-1.385-.379h-.373c-.07 0-.144.01-.224.027a3.904 3.904 0 0 0-1.342.421 2.63 2.63 0 0 0-1.014.88c-.198.29-.348.629-.447 1.018-.1.388-.16.781-.18 1.179-.02.235-.029.47-.029.705v7.726h-3.966V16.016zM223.472 23.499c0-1.247-.443-2.3-1.327-3.16-.885-.858-2.034-1.278-3.444-1.26-1.453-.018-2.64.416-3.564 1.302-.924.886-1.388 1.988-1.388 3.307 0 1.23.483 2.264 1.447 3.104.964.84 2.113 1.253 3.445 1.234 1.431.019 2.594-.407 3.489-1.274.894-.868 1.342-1.943 1.342-3.226v-.027zm3.758 7.536h-3.64v-2.033h-.058c-.498.65-1.154 1.184-1.969 1.6a8.666 8.666 0 0 1-2.535.84l-.551.054c-.19.018-.373.027-.552.027-1.272 0-2.426-.222-3.46-.664a7.548 7.548 0 0 1-2.623-1.83 7.796 7.796 0 0 1-1.521-2.494 8.312 8.312 0 0 1-.538-2.983c0-1.048.165-2.014.492-2.9.33-.885.87-1.717 1.626-2.494.835-.886 1.764-1.541 2.788-1.966 1.024-.424 2.142-.637 3.355-.637 1.133 0 2.177.222 3.131.664a6.44 6.44 0 0 1 2.416 1.939v-2.142h3.639v15.019z"/>
|
||||
</g>
|
||||
</g>
|
||||
</svg>
|
||||
|
After Width: | Height: | Size: 5.5 KiB |
@ -1,6 +1,10 @@
|
||||
FROM haproxy:1.8-alpine
|
||||
FROM haproxy:1.9-alpine
|
||||
|
||||
VOLUME [ "/certs" ]
|
||||
|
||||
RUN apk add --update inotify-tools
|
||||
|
||||
COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
|
||||
COPY entry.sh /open-balena-entry
|
||||
COPY start-haproxy.sh /start-haproxy
|
||||
|
||||
CMD /open-balena-entry
|
||||
CMD /start-haproxy
|
||||
|
||||
@ -1,11 +0,0 @@
|
||||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
HAPROXY_CHAIN=/etc/ssl/private/open-balena.pem
|
||||
mkdir -p "$(dirname "${HAPROXY_CHAIN}")"
|
||||
(
|
||||
echo "${BALENA_HAPROXY_CRT}" | base64 -d
|
||||
echo "${BALENA_HAPROXY_KEY}" | base64 -d
|
||||
echo "${BALENA_ROOT_CA}" | base64 -d
|
||||
) > "${HAPROXY_CHAIN}"
|
||||
exec haproxy -f /usr/local/etc/haproxy/haproxy.cfg
|
||||
@ -12,6 +12,9 @@ frontend http-in
|
||||
bind *:80
|
||||
reqadd X-Forwarded-Proto:\ http
|
||||
|
||||
acl is_cert_validation path -i -m beg "/.well-known/acme-challenge/"
|
||||
use_backend cert-provider if is_cert_validation
|
||||
|
||||
acl host_api hdr_dom(host) -i "api.${HAPROXY_HOSTNAME}"
|
||||
use_backend backend_api if host_api
|
||||
|
||||
@ -80,6 +83,12 @@ backend backend_s3
|
||||
option forwardfor
|
||||
balance roundrobin
|
||||
|
||||
backend cert-provider
|
||||
mode http
|
||||
option forwardfor
|
||||
balance roundrobin
|
||||
server resin_cert-provider_1 cert-provider:80 no-check
|
||||
|
||||
backend vpn-devices
|
||||
mode tcp
|
||||
server resin_vpn_1 vpn:443 send-proxy-v2 check-send-proxy port 443
|
||||
@ -103,3 +112,8 @@ frontend redis
|
||||
backend backend_redis
|
||||
mode tcp
|
||||
server resin_redis_1 redis:6379 check port 6379
|
||||
|
||||
listen vpn-tunnel
|
||||
mode tcp
|
||||
bind *:3128
|
||||
server balena_vpn vpn:3128 check port 3128
|
||||
|
||||
32
haproxy/start-haproxy.sh
Executable file
32
haproxy/start-haproxy.sh
Executable file
@ -0,0 +1,32 @@
|
||||
#!/bin/sh
|
||||
|
||||
OPENBALENA_CERT=/etc/ssl/private/open-balena.pem
|
||||
mkdir -p "$(dirname "${OPENBALENA_CERT}")"
|
||||
|
||||
if [ -f "/certs/open-balena.pem" ]; then
|
||||
echo "Using certificate from cert-provider..."
|
||||
cp /certs/open-balena.pem "${OPENBALENA_CERT}"
|
||||
else
|
||||
echo "Building certificate from environment variables..."
|
||||
(
|
||||
echo "${BALENA_HAPROXY_CRT}" | base64 -d
|
||||
echo "${BALENA_HAPROXY_KEY}" | base64 -d
|
||||
echo "${BALENA_ROOT_CA}" | base64 -d
|
||||
) > "${OPENBALENA_CERT}"
|
||||
fi
|
||||
|
||||
haproxy -f /usr/local/etc/haproxy/haproxy.cfg -W &
|
||||
HAPROXY_PID=$!
|
||||
|
||||
while true; do
|
||||
inotifywait -r -e create -e modify -e delete /certs
|
||||
|
||||
if [ -f "/certs/open-balena.pem" ]; then
|
||||
echo "Updating certificate from cert-provider..."
|
||||
cp /certs/open-balena.pem "${OPENBALENA_CERT}"
|
||||
fi
|
||||
|
||||
echo "Certificate change detected. Reloading..."
|
||||
kill -SIGUSR2 $HAPROXY_PID
|
||||
sleep 1;
|
||||
done
|
||||
3
package-lock.json
generated
3
package-lock.json
generated
@ -1,3 +0,0 @@
|
||||
{
|
||||
"lockfileVersion": 1
|
||||
}
|
||||
13
repo.yml
13
repo.yml
@ -1,2 +1,13 @@
|
||||
type: 'generic'
|
||||
type: "generic"
|
||||
reviewers: 1
|
||||
upstream:
|
||||
- repo: open-balena-api
|
||||
url: https://github.com/balena-io/open-balena-api
|
||||
- repo: open-balena-vpn
|
||||
url: https://github.com/balena-io/open-balena-vpn
|
||||
- repo: open-balena-registry
|
||||
url: https://github.com/balena-io/open-balena-registry
|
||||
- repo: open-balena-db
|
||||
url: https://github.com/balena-io/open-balena-db
|
||||
- repo: open-balena-s3
|
||||
url: https://github.com/balena-io/open-balena-s3
|
||||
|
||||
35
scripts/_realpath
Normal file
35
scripts/_realpath
Normal file
@ -0,0 +1,35 @@
|
||||
#!/bin/bash -e
|
||||
|
||||
echo_error() {
|
||||
local RED=`tput setaf 1`
|
||||
local RESET=`tput sgr0`
|
||||
echo "${RED}ERROR: ${1}${RESET}"
|
||||
}
|
||||
|
||||
REALPATH=
|
||||
REALPATHS=(
|
||||
'realpath'
|
||||
'grealpath'
|
||||
'greadlink -f'
|
||||
)
|
||||
for cmd in "${REALPATHS[@]}"; do
|
||||
if command -v "${cmd%% *}" &>/dev/null; then
|
||||
REALPATH="${cmd}"
|
||||
break
|
||||
fi
|
||||
done
|
||||
|
||||
if [ -z "${REALPATH}" ]; then
|
||||
echo_error 'Unable to find suitable command for realpath.'
|
||||
if [ $(uname) == 'Darwin' ]; then
|
||||
echo 'GNU coreutils are required to build openBalena on MacOS. To install with brew, run'
|
||||
echo ''
|
||||
echo ' brew install coreutils'
|
||||
echo ''
|
||||
fi
|
||||
exit 1
|
||||
fi
|
||||
|
||||
realpath() {
|
||||
echo $(command ${REALPATH} "$@")
|
||||
}
|
||||
@ -1,5 +1,7 @@
|
||||
#!/bin/bash -e
|
||||
|
||||
source "${BASH_SOURCE%/*}/_realpath"
|
||||
|
||||
CMD="$(realpath "$0")"
|
||||
DIR="$(dirname "${CMD}")"
|
||||
BASE_DIR="$(dirname "${DIR}")"
|
||||
@ -9,6 +11,12 @@ echo_bold() {
|
||||
printf "\\033[1m%s\\033[0m\\n" "$@"
|
||||
}
|
||||
|
||||
VERSIONS_FILE="${BASE_DIR}/compose/versions"
|
||||
if [ ! -f "$VERSIONS_FILE" ]; then
|
||||
echo_bold "No service versions defined in ${VERSIONS_FILE}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
ENV_FILE="${CONFIG_DIR}/activate"
|
||||
if [ ! -f "$ENV_FILE" ]; then
|
||||
echo_bold 'No configuration found; please create one first with: ./scripts/quickstart'
|
||||
@ -17,7 +25,7 @@ if [ ! -f "$ENV_FILE" ]; then
|
||||
fi
|
||||
|
||||
# shellcheck source=/dev/null
|
||||
source "${ENV_FILE}"; docker-compose \
|
||||
source "${VERSIONS_FILE}"; source "${ENV_FILE}"; docker-compose \
|
||||
--project-name 'openbalena' \
|
||||
-f "${BASE_DIR}/compose/services.yml" \
|
||||
-f "${CONFIG_DIR}/docker-compose.yml" \
|
||||
|
||||
@ -18,6 +18,8 @@ echo_bold() {
|
||||
printf "\\033[1m%s\\033[0m\\n" "${@}"
|
||||
}
|
||||
|
||||
source "${BASH_SOURCE%/*}/_realpath"
|
||||
|
||||
CMD="$(realpath "$0")"
|
||||
DIR="$(dirname "${CMD}")"
|
||||
FIG="${DIR}/compose"
|
||||
|
||||
@ -22,12 +22,14 @@ OUT="$(realpath "${2:-.}")"
|
||||
# shellcheck source=scripts/ssl-common.sh
|
||||
source "${DIR}/ssl-common.sh"
|
||||
|
||||
# Create a secret key and CA file for the self-signed CA
|
||||
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" init-pki 2>/dev/null
|
||||
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" --days="${CA_EXPIRY_DAYS}" --req-cn="ca.${CN}" build-ca nopass 2>/dev/null
|
||||
ROOT_CA="${ROOT_PKI}/ca.crt"
|
||||
echo "ROOT_CA=${ROOT_CA//$OUT/\$OUT}"
|
||||
|
||||
# update indexes and generate CRLs
|
||||
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" update-db 2>/dev/null
|
||||
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" gen-crl 2>/dev/null
|
||||
if [ ! -f $ROOT_CA ]; then
|
||||
# Create a secret key and CA file for the self-signed CA
|
||||
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" init-pki 2>/dev/null
|
||||
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" --days="${CA_EXPIRY_DAYS}" --req-cn="ca.${CN}" build-ca nopass 2>/dev/null
|
||||
|
||||
# update indexes and generate CRLs
|
||||
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" update-db 2>/dev/null
|
||||
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" gen-crl 2>/dev/null
|
||||
fi
|
||||
@ -22,13 +22,15 @@ OUT="$(realpath "${2:-.}")"
|
||||
# shellcheck source=scripts/ssl-common.sh
|
||||
source "${DIR}/ssl-common.sh"
|
||||
|
||||
# generate default CSR and sign (root + wildcard)
|
||||
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" --days="${CRT_EXPIRY_DAYS}" --subject-alt-name="DNS:*.${CN}" build-server-full "*.${CN}" nopass 2>/dev/null
|
||||
ROOT_CRT="${ROOT_PKI}"'/issued/*.'"${CN}"'.crt'
|
||||
ROOT_KEY="${ROOT_PKI}"'/private/*.'"${CN}"'.key'
|
||||
echo "ROOT_CRT=${ROOT_CRT//$OUT/\$OUT}"
|
||||
echo "ROOT_KEY=${ROOT_KEY//$OUT/\$OUT}"
|
||||
|
||||
# update indexes and generate CRLs
|
||||
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" update-db 2>/dev/null
|
||||
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" gen-crl 2>/dev/null
|
||||
if [ ! -f $ROOT_CRT ] || [ ! -f $ROOT_KEY ]; then
|
||||
rm -f $ROOT_CRT $ROOT_KEY
|
||||
# generate default CSR and sign (root + wildcard)
|
||||
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" --days="${CRT_EXPIRY_DAYS}" --subject-alt-name="DNS:*.${CN}" build-server-full "*.${CN}" nopass 2>/dev/null
|
||||
|
||||
# update indexes and generate CRLs
|
||||
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" update-db 2>/dev/null
|
||||
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" gen-crl 2>/dev/null
|
||||
fi;
|
||||
|
||||
@ -42,13 +42,12 @@ JWT_CRT="${CERT_FILE}.crt"
|
||||
JWT_KEY="${CERT_FILE}.pem"
|
||||
JWT_KID="${CERT_FILE}.kid"
|
||||
|
||||
mkdir -p "${CERT_DIR}"
|
||||
openssl ecparam -name prime256v1 -genkey -noout -out "${JWT_KEY}" 2>/dev/null
|
||||
openssl req -x509 -new -nodes -days "${CRT_EXPIRY_DAYS}" -key "${JWT_KEY}" -subj "/CN=api.${CN}" -out "${JWT_CRT}" 2>/dev/null
|
||||
openssl ec -in "${JWT_KEY}" -pubout -outform DER -out "${CERT_FILE}.der" 2>/dev/null
|
||||
keyid "${CERT_FILE}.der" >"${JWT_KID}"
|
||||
rm "${CERT_FILE}.der"
|
||||
|
||||
echo "JWT_CRT=${JWT_CRT//$OUT/\$OUT}"
|
||||
echo "JWT_KEY=${JWT_KEY//$OUT/\$OUT}"
|
||||
echo "JWT_KID=${JWT_KID//$OUT/\$OUT}"
|
||||
if [ ! -f $JWT_CRT ] || [ ! -f $JWT_KEY ] || [ ! -f $JWT_KID ]; then
|
||||
rm -f $JWT_CRT $JWT_KEY $JWT_KID
|
||||
mkdir -p "${CERT_DIR}"
|
||||
openssl ecparam -name prime256v1 -genkey -noout -out "${JWT_KEY}" 2>/dev/null
|
||||
openssl req -x509 -new -nodes -days "${CRT_EXPIRY_DAYS}" -key "${JWT_KEY}" -subj "/CN=api.${CN}" -out "${JWT_CRT}" 2>/dev/null
|
||||
openssl ec -in "${JWT_KEY}" -pubout -outform DER -out "${CERT_FILE}.der" 2>/dev/null
|
||||
keyid "${CERT_FILE}.der" >"${JWT_KID}"
|
||||
rm "${CERT_FILE}.der"
|
||||
fi
|
||||
|
||||
@ -21,33 +21,28 @@ OUT="$(realpath "${2:-.}")"
|
||||
|
||||
# shellcheck source=scripts/ssl-common.sh
|
||||
source "${DIR}/ssl-common.sh"
|
||||
|
||||
VPN_PKI="$(realpath "${OUT}/vpn")"
|
||||
|
||||
# generate VPN sub-CA
|
||||
"$easyrsa_bin" --pki-dir="${VPN_PKI}" init-pki 2>/dev/null
|
||||
"$easyrsa_bin" --pki-dir="${VPN_PKI}" --days="${CA_EXPIRY_DAYS}" --req-cn="vpn-ca.${CN}" build-ca nopass subca 2>/dev/null
|
||||
|
||||
# import sub-CA CSR into root PKI, sign, and copy back to vpn PKI
|
||||
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" import-req "${VPN_PKI}/reqs/ca.req" "vpn-ca" 2>/dev/null
|
||||
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" sign-req ca "vpn-ca" 2>/dev/null
|
||||
cp "${ROOT_PKI}/issued/vpn-ca.crt" "${VPN_PKI}/ca.crt"
|
||||
VPN_CA="${VPN_PKI}/ca.crt"
|
||||
echo "VPN_CA=${VPN_CA//$OUT/\$OUT}"
|
||||
|
||||
# generate and sign vpn server certificate
|
||||
"$easyrsa_bin" --pki-dir="${VPN_PKI}" --days="${CRT_EXPIRY_DAYS}" build-server-full "vpn.${CN}" nopass 2>/dev/null
|
||||
VPN_CRT="${VPN_PKI}/issued/vpn.${CN}.crt"
|
||||
VPN_KEY="${VPN_PKI}/private/vpn.${CN}.key"
|
||||
echo "VPN_CRT=${VPN_CRT//$OUT/\$OUT}"
|
||||
echo "VPN_KEY=${VPN_KEY//$OUT/\$OUT}"
|
||||
|
||||
# generate vpn dhparams (keysize of 2048 will do, 4096 can wind up taking hours to generate)
|
||||
"$easyrsa_bin" --pki-dir="${VPN_PKI}" --keysize=2048 gen-dh 2>/dev/null
|
||||
VPN_DH="${VPN_PKI}/dh.pem"
|
||||
echo "VPN_DH=${VPN_DH//$OUT/\$OUT}"
|
||||
|
||||
# update indexes and generate CRLs
|
||||
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" update-db 2>/dev/null
|
||||
"$easyrsa_bin" --pki-dir="${VPN_PKI}" update-db 2>/dev/null
|
||||
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" gen-crl 2>/dev/null
|
||||
"$easyrsa_bin" --pki-dir="${VPN_PKI}" gen-crl 2>/dev/null
|
||||
if [ ! -f $VPN_CA ] || [ ! -f $VPN_CRT ] || [ ! -f $VPN_KEY ] || [ ! -f $VPN_DH ]; then
|
||||
|
||||
rm -f $VPN_CA $VPN_CRT $VPN_DH $VPN_KEY
|
||||
|
||||
# generate VPN CA
|
||||
"$easyrsa_bin" --pki-dir="${VPN_PKI}" init-pki &>/dev/null
|
||||
"$easyrsa_bin" --pki-dir="${VPN_PKI}" --days="${CA_EXPIRY_DAYS}" --req-cn="vpn-ca.${CN}" build-ca nopass 2>/dev/null
|
||||
|
||||
# generate and sign vpn server certificate
|
||||
"$easyrsa_bin" --pki-dir="${VPN_PKI}" --days="${CRT_EXPIRY_DAYS}" build-server-full "vpn.${CN}" nopass 2>/dev/null
|
||||
|
||||
# generate vpn dhparams (keysize of 2048 will do, 4096 can wind up taking hours to generate)
|
||||
"$easyrsa_bin" --pki-dir="${VPN_PKI}" --keysize=2048 gen-dh 2>/dev/null
|
||||
|
||||
# update indexes and generate CRLs
|
||||
"$easyrsa_bin" --pki-dir="${VPN_PKI}" update-db 2>/dev/null
|
||||
"$easyrsa_bin" --pki-dir="${VPN_PKI}" gen-crl 2>/dev/null
|
||||
fi
|
||||
@ -12,10 +12,12 @@ usage() {
|
||||
echo " JWT_CRT Path to Token Auth certificate"
|
||||
echo " JWT_KEY Path to Token Auth private key"
|
||||
echo " JWT_KID Path to KeyID for the Token Auth certificate"
|
||||
echo " VPN_CA Path to the VPN sub-CA certificate"
|
||||
echo " VPN_CA Path to the VPN CA certificate"
|
||||
echo " VPN_CRT Path to the VPN server certificate"
|
||||
echo " VPN_KEY Path to the VPN server private key"
|
||||
echo " VPN_DH Path to the VPN server Diffie Hellman parameters"
|
||||
echo " SUPERUSER_EMAIL Email address of the superuser"
|
||||
echo " SUPERUSER_PASSWORD Password of the superuser"
|
||||
echo
|
||||
}
|
||||
|
||||
@ -31,36 +33,12 @@ randstr() {
|
||||
}
|
||||
|
||||
b64encode() {
|
||||
cat "$@" | base64 --wrap=0 2>/dev/null || cat "$@" | base64 --break=0
|
||||
echo "$@" | base64 --wrap=0 2>/dev/null || echo "$@" | base64 --break=0 2>/dev/null
|
||||
}
|
||||
|
||||
VPN_CONFIG=$(b64encode <<STR
|
||||
client
|
||||
remote vpn.$DOMAIN 443
|
||||
resolv-retry infinite
|
||||
|
||||
remote-cert-tls server
|
||||
ca /etc/openvpn/ca.crt
|
||||
auth-user-pass /var/volatile/vpn-auth
|
||||
auth-retry none
|
||||
script-security 2
|
||||
up /etc/openvpn-misc/upscript.sh
|
||||
up-restart
|
||||
down /etc/openvpn-misc/downscript.sh
|
||||
|
||||
comp-lzo
|
||||
dev resin-vpn
|
||||
dev-type tun
|
||||
proto tcp
|
||||
nobind
|
||||
|
||||
persist-key
|
||||
persist-tun
|
||||
verb 3
|
||||
user openvpn
|
||||
group openvpn
|
||||
STR
|
||||
)
|
||||
b64file() {
|
||||
b64encode "$(cat "$@")"
|
||||
}
|
||||
|
||||
cat <<STR
|
||||
export OPENBALENA_PRODUCTION_MODE=false
|
||||
@ -68,23 +46,23 @@ export OPENBALENA_COOKIE_SESSION_SECRET=$(randstr 32)
|
||||
export OPENBALENA_HOST_NAME=$DOMAIN
|
||||
export OPENBALENA_JWT_SECRET=$(randstr 32)
|
||||
export OPENBALENA_RESINOS_REGISTRY_CODE=$(randstr 32)
|
||||
export OPENBALENA_ROOT_CA=$(b64encode "$ROOT_CA")
|
||||
export OPENBALENA_ROOT_CRT=$(b64encode "${ROOT_CRT}")
|
||||
export OPENBALENA_ROOT_KEY=$(b64encode "${ROOT_KEY}")
|
||||
export OPENBALENA_ROOT_CA=$(b64file "${ROOT_CA}")
|
||||
export OPENBALENA_ROOT_CRT=$(b64file "${ROOT_CRT}")
|
||||
export OPENBALENA_ROOT_KEY=$(b64file "${ROOT_KEY}")
|
||||
export OPENBALENA_TOKEN_AUTH_BUILDER_TOKEN=$(randstr 64)
|
||||
export OPENBALENA_TOKEN_AUTH_PUB=$(b64encode "$JWT_CRT")
|
||||
export OPENBALENA_TOKEN_AUTH_KEY=$(b64encode "$JWT_KEY")
|
||||
export OPENBALENA_TOKEN_AUTH_KID=$(b64encode "$JWT_KID")
|
||||
export OPENBALENA_VPN_CA=$(b64encode "$VPN_CA")
|
||||
export OPENBALENA_VPN_CONFIG=$VPN_CONFIG
|
||||
export OPENBALENA_VPN_SERVER_CRT=$(b64encode "$VPN_CRT")
|
||||
export OPENBALENA_VPN_SERVER_KEY=$(b64encode "$VPN_KEY")
|
||||
export OPENBALENA_VPN_SERVER_DH=$(b64encode "$VPN_DH")
|
||||
export OPENBALENA_TOKEN_AUTH_PUB=$(b64file "$JWT_CRT")
|
||||
export OPENBALENA_TOKEN_AUTH_KEY=$(b64file "$JWT_KEY")
|
||||
export OPENBALENA_TOKEN_AUTH_KID=$(b64file "$JWT_KID")
|
||||
export OPENBALENA_VPN_CA=$(b64file "$VPN_CA")
|
||||
export OPENBALENA_VPN_CA_CHAIN=$(b64file "$VPN_CA")
|
||||
export OPENBALENA_VPN_SERVER_CRT=$(b64file "$VPN_CRT")
|
||||
export OPENBALENA_VPN_SERVER_KEY=$(b64file "$VPN_KEY")
|
||||
export OPENBALENA_VPN_SERVER_DH=$(b64file "$VPN_DH")
|
||||
export OPENBALENA_VPN_SERVICE_API_KEY=$(randstr 32)
|
||||
export OPENBALENA_API_VPN_SERVICE_API_KEY=$(randstr 32)
|
||||
export OPENBALENA_REGISTRY_SECRET_KEY=$(randstr 32)
|
||||
export OPENBALENA_SSH_AUTHORIZED_KEYS=
|
||||
export NODE_EXTRA_CA_CERTS="$ROOT_CA"
|
||||
export OPENBALENA_SUPERUSER_EMAIL=$SUPERUSER_EMAIL
|
||||
export OPENBALENA_SUPERUSER_PASSWORD=$SUPERUSER_PASSWORD
|
||||
export OPENBALENA_SUPERUSER_PASSWORD=$(printf "%q" "${SUPERUSER_PASSWORD}")
|
||||
export OPENBALENA_ACME_CERT_ENABLED=${ACME_CERT_ENABLED:-false}
|
||||
STR
|
||||
|
||||
@ -1,5 +1,30 @@
|
||||
#!/bin/bash -e
|
||||
|
||||
BLACK=`tput setaf 0`
|
||||
RED=`tput setaf 1`
|
||||
GREEN=`tput setaf 2`
|
||||
YELLOW=`tput setaf 3`
|
||||
BLUE=`tput setaf 4`
|
||||
MAGENTA=`tput setaf 5`
|
||||
CYAN=`tput setaf 6`
|
||||
WHITE=`tput setaf 7`
|
||||
|
||||
BOLD=`tput bold`
|
||||
RESET=`tput sgr0`
|
||||
|
||||
# for macos machines, we need proper OpenSSL...
|
||||
OPENSSL_VERSION=$(openssl version -v)
|
||||
if [[ "${OPENSSL_VERSION}" =~ ^LibreSSL.*$ ]]; then
|
||||
echo -e "${RED}ERROR: You may not have a compatible OpenSSL version (${OPENSSL_VERSION}). Please install OpenSSL version 1.0.2q or above.${RESET}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
source "${BASH_SOURCE%/*}/_realpath"
|
||||
|
||||
domainResolves() {
|
||||
getent hosts "$1" > /dev/null 2>&1
|
||||
}
|
||||
|
||||
CMD="$(realpath "$0")"
|
||||
DIR="$(dirname "${CMD}")"
|
||||
BASE_DIR="$(dirname "${DIR}")"
|
||||
@ -9,8 +34,9 @@ CERTS_DIR="${CONFIG_DIR}/certs"
|
||||
DOMAIN=openbalena.local
|
||||
|
||||
usage() {
|
||||
echo "usage: $0 [-h] [-p] [-d DOMAIN] -U EMAIL -P PASSWORD"
|
||||
echo "usage: $0 [-c] [-h] [-p] [-d DOMAIN] -U EMAIL -P PASSWORD"
|
||||
echo
|
||||
echo " -c enable the ACME certificate service in staging or production mode."
|
||||
echo " -p patch hosts - patch the host /etc/hosts file"
|
||||
echo " -d DOMAIN the domain name this deployment will run as, eg. example.com. Default is 'openbalena.local'"
|
||||
echo " -U EMAIL the email address of the superuser account, used to login to your install from the Balena CLI"
|
||||
@ -20,13 +46,15 @@ usage() {
|
||||
|
||||
show_help=false
|
||||
patch_hosts=false
|
||||
while getopts ":hpd:U:P:" opt; do
|
||||
while getopts ":chpxd:U:P:" opt; do
|
||||
case "${opt}" in
|
||||
h) show_help=true;;
|
||||
p) patch_hosts=true;;
|
||||
x) set -x;;
|
||||
d) DOMAIN="${OPTARG}";;
|
||||
U) SUPERUSER_EMAIL="${OPTARG}";;
|
||||
P) SUPERUSER_PASSWORD="${OPTARG}";;
|
||||
c) ACME_CERT_ENABLED="true";;
|
||||
*)
|
||||
echo "Invalid argument: -${OPTARG}"
|
||||
usage
|
||||
@ -46,18 +74,25 @@ if [ "$show_help" = "true" ]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo_bold() {
|
||||
printf "\\033[1m%s\\033[0m\\n" "${@}"
|
||||
}
|
||||
|
||||
if [ -d "$CONFIG_DIR" ]; then
|
||||
echo 'Configuration directory already exists; please remove it first.'
|
||||
exit 1
|
||||
if [ ! -z "$ACME_CERT_ENABLED" ]; then
|
||||
echo "${BLUE}[INFO]${RESET} ACME Certificate request is ${BOLD}ENABLED${RESET}."
|
||||
|
||||
if ! domainResolves "api.${DOMAIN}"; then
|
||||
echo "${YELLOW}[WARN]${RESET} Unable to resolve \"api.${DOMAIN}\"!"
|
||||
echo "${YELLOW}[WARN]${RESET} This might mean that you cannot use an ACME issued certificate."
|
||||
fi
|
||||
fi
|
||||
|
||||
echo_bold() {
|
||||
echo "${BOLD}${@}${RESET}"
|
||||
}
|
||||
|
||||
echo_bold "==> Creating new configuration at: $CONFIG_DIR"
|
||||
mkdir -p "$CONFIG_DIR" "$CERTS_DIR"
|
||||
|
||||
echo_bold "==> Bootstrapping easy-rsa..."
|
||||
source "${DIR}/ssl-common.sh"
|
||||
|
||||
echo_bold "==> Generating root CA cert..."
|
||||
# shellcheck source=scripts/gen-root-ca
|
||||
source "${DIR}/gen-root-ca" "${DOMAIN}" "${CERTS_DIR}"
|
||||
@ -90,5 +125,7 @@ fi
|
||||
echo_bold "==> Success!"
|
||||
echo ' - Start the instance with: ./scripts/compose up -d'
|
||||
echo ' - Stop the instance with: ./scripts/compose stop'
|
||||
echo ' - To create the superuser, see: ./scripts/create-superuser -h'
|
||||
echo " - Use the following certificate with Balena CLI: ${CONFIG_DIR}/root/ca.crt"
|
||||
|
||||
if [ -z "${ACME_CERT_ENABLED}" ]; then
|
||||
echo " - Use the following certificate with Balena CLI: ${CERTS_DIR}/root/ca.crt"
|
||||
fi
|
||||
|
||||
@ -7,6 +7,7 @@ if [ -z "${easyrsa_bin-}" ] || [ ! -x "${easyrsa_bin}" ]; then
|
||||
if [ -z "${easyrsa_bin}" ]; then
|
||||
easyrsa_dir="$(mktemp -dt easyrsa.XXXXXXXX)"
|
||||
easyrsa_url="https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.5/EasyRSA-nix-3.0.5.tgz"
|
||||
echo " - Downloading easy-rsa..."
|
||||
(cd "${easyrsa_dir}"; curl -sL "${easyrsa_url}" | tar xz --strip-components=1)
|
||||
easyrsa_bin="${easyrsa_dir}/easyrsa"
|
||||
# shellcheck disable=SC2064
|
||||
|
||||
Reference in New Issue
Block a user