mirror of
https://github.com/balena-io/open-balena.git
synced 2025-06-24 18:25:16 +00:00
Compare commits
42 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| e6c865e383 | |||
| 617209dc9e | |||
| 853ffb33e8 | |||
| a029160caf | |||
| bb1328e27e | |||
| 395613af57 | |||
| 199d8eb4a4 | |||
| 6fdc554e43 | |||
| f8b8a1589a | |||
| 3bf14a2140 | |||
| fef145f993 | |||
| e068f8058f | |||
| c1ee146f0d | |||
| 9ad92596b9 | |||
| 56de2d20bb | |||
| 290c90c262 | |||
| 98b6100fed | |||
| e1bfb7f7b0 | |||
| 35ab5300e6 | |||
| fd031ad3a4 | |||
| 95d53993bc | |||
| 1721728794 | |||
| 061440f109 | |||
| 2f0fb27145 | |||
| 210bdcda37 | |||
| fac66040c8 | |||
| 85a69c1ef1 | |||
| e37a61e5f0 | |||
| 0fc85ff5b6 | |||
| 99dd615e55 | |||
| d3b021a1cb | |||
| b9b9b65ce6 | |||
| 9fb3f76858 | |||
| 52fb653223 | |||
| 7332b6971e | |||
| 011f3a35f9 | |||
| 0842b7b4ae | |||
| 37ecfb8996 | |||
| bd638ac409 | |||
| cec371f0b8 | |||
| eb1db83058 | |||
| 709d00b898 |
2
.github/CODEOWNERS
vendored
Normal file
2
.github/CODEOWNERS
vendored
Normal file
@ -0,0 +1,2 @@
|
||||
# Main repo owners:
|
||||
* @dfunckt @richbayliss
|
||||
7
.gitignore
vendored
7
.gitignore
vendored
@ -1,6 +1,7 @@
|
||||
.DS_Store
|
||||
.project
|
||||
.vagrant/
|
||||
config/
|
||||
src/
|
||||
package-lock.json
|
||||
|
||||
/config
|
||||
/docker-compose.yml
|
||||
/package-lock.json
|
||||
|
||||
50
.openbalenarc
Normal file
50
.openbalenarc
Normal file
@ -0,0 +1,50 @@
|
||||
#!/bin/bash
|
||||
|
||||
alias dc="/home/vagrant/openbalena/scripts/compose"
|
||||
|
||||
function enter () {
|
||||
if [[ $# -lt 1 ]]; then
|
||||
echo "Usage: enter <service name> [command]"
|
||||
echo " "
|
||||
echo " Runs a [command] in the service specified."
|
||||
echo " "
|
||||
echo " command:"
|
||||
echo " (default) /bin/bash"
|
||||
echo " "
|
||||
echo " example:"
|
||||
echo " enter api # this will run the command '/bin/bash' in the API service, providing a shell prompt"
|
||||
echo " enter api uptime # this will run the command 'uptime' in the API service, and return"
|
||||
return 1
|
||||
fi
|
||||
|
||||
|
||||
service="$1"
|
||||
shift
|
||||
COMMAND=/bin/bash
|
||||
if [[ $# -gt 0 ]]; then
|
||||
COMMAND="$@"
|
||||
fi
|
||||
dc exec ${service} /bin/bash -c "${COMMAND}"
|
||||
}
|
||||
|
||||
function logs () {
|
||||
if [[ $# -lt 1 ]]; then
|
||||
echo "Usage: logs <service name> [options]"
|
||||
echo " "
|
||||
echo " Shows the logs from journalctl in the service specified."
|
||||
echo " "
|
||||
echo " options:"
|
||||
echo " -f tail the log stream"
|
||||
echo " -n number of lines to take"
|
||||
echo " "
|
||||
echo " example:"
|
||||
echo " logs api -fn100 # this will tail the API log, starting with the last 100 lines"
|
||||
return 1
|
||||
fi
|
||||
|
||||
service="$1"
|
||||
shift
|
||||
enter ${service} journalctl "$@"
|
||||
}
|
||||
|
||||
cd /home/vagrant/openbalena
|
||||
919
.versionbot/CHANGELOG.yml
Normal file
919
.versionbot/CHANGELOG.yml
Normal file
@ -0,0 +1,919 @@
|
||||
- commits:
|
||||
- subject: 'services: Update Registry service version'
|
||||
hash: 853ffb33e8e29b085db57df1773f8875dca5bbe3
|
||||
body: |
|
||||
Update open-balena-registry to 2.11.1
|
||||
|
||||
This allows the registry to use an S3 bucket for storing images.
|
||||
footer:
|
||||
Change-type: minor
|
||||
change-type: minor
|
||||
Signed-off-by: Rich Bayliss <rich@balena.io>
|
||||
signed-off-by: Rich Bayliss <rich@balena.io>
|
||||
author: Rich Bayliss
|
||||
- subject: >-
|
||||
feature: Support deployment via balena push to local-mode balenaOS
|
||||
devices
|
||||
hash: a029160caf20096a14eb4955e1d5ddc7ecfdebf5
|
||||
body: >
|
||||
- remove some `.gitignore` entries as this is also honoured by `balena
|
||||
push`
|
||||
|
||||
- added a step to `scripts/quickstart` to produce a single, flat
|
||||
`docker-compose.yml` after running
|
||||
|
||||
- set the compose file versions to `2.0` to ensure only supported terms
|
||||
are used in the `docker-compose.yml` file output
|
||||
|
||||
- quoted empty env values as these need to be passed in as blank, and
|
||||
not ommitted
|
||||
|
||||
- include the MDNS publisher service IF the domain being used is a
|
||||
.local one
|
||||
|
||||
- corrected spelling of macOS in script messages
|
||||
|
||||
- move sidecar container source into ./src as per convention
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
Signed-off-by: Rich Bayliss <rich@balena.io>
|
||||
signed-off-by: Rich Bayliss <rich@balena.io>
|
||||
author: Rich Bayliss
|
||||
version: 1.3.0
|
||||
date: 2019-07-30T11:12:51.064Z
|
||||
- commits:
|
||||
- subject: 'tidy: Remove unused DEVICE_CONFIG_OPENVPN_CONFIG variable'
|
||||
hash: 199d8eb4a454cc99a9cd8329fa6beae49b9040e1
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
Signed-off-by: Rich Bayliss <rich@balena.io>
|
||||
signed-off-by: Rich Bayliss <rich@balena.io>
|
||||
author: Rich Bayliss
|
||||
- subject: 'services: Update Registry service version'
|
||||
hash: 6fdc554e4396f950398fcf61640386ef70e57467
|
||||
body: >
|
||||
Update open-balena-registry to 2.7.0
|
||||
|
||||
|
||||
This allows registry to be configured to use its internal Redis instance
|
||||
for caching. It is still disabled by default though.
|
||||
footer:
|
||||
Change-type: minor
|
||||
change-type: minor
|
||||
author: Akis Kesoglou
|
||||
- subject: 'services: Update API service version'
|
||||
hash: f8b8a1589a6f46589721b0eb3cb2a156730ca56c
|
||||
body: |
|
||||
Update open-balena-api from 0.11.8 to 0.19.5
|
||||
|
||||
This brings in the latest bugfixes and changes.
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
Signed-off-by: Rich Bayliss <rich@balena.io>
|
||||
signed-off-by: Rich Bayliss <rich@balena.io>
|
||||
author: Rich Bayliss
|
||||
nested:
|
||||
- commits:
|
||||
- subject: Update typed-error to 3.1.0
|
||||
hash: 7ba397da9f1765258c533d454aa49dbacb9c0b79
|
||||
body: |
|
||||
Update typed-error from 2.0.0 to 3.1.0
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
nested:
|
||||
- commits:
|
||||
- subject: 'dev: Enforce prettier coding standards'
|
||||
hash: 47c07a641fa39ddb833b41aff7a918accad08289
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: minor
|
||||
change-type: minor
|
||||
Signed-off-by: Will Boyce <will@balena.io>
|
||||
signed-off-by: Will Boyce <will@balena.io>
|
||||
author: Will Boyce
|
||||
- subject: 'npm: Update dependencies and remove `package-lock.json`'
|
||||
hash: 067bceb5c8dfd46f7e4ff0f58dead46fd9626167
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
Signed-off-by: Will Boyce <will@balena.io>
|
||||
signed-off-by: Will Boyce <will@balena.io>
|
||||
author: Will Boyce
|
||||
- subject: >-
|
||||
codeowners: Add top contributors @wrboyce, @Page-, and
|
||||
@dfunckt
|
||||
hash: 6acc8757a594f74f264c8d68ea4501c61bda9951
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
Signed-off-by: Will Boyce <will@balena.io>
|
||||
signed-off-by: Will Boyce <will@balena.io>
|
||||
author: Will Boyce
|
||||
- subject: 'versionbot: Add CHANGELOG.yml (for nested changelogs)'
|
||||
hash: 2b684a0bb0c95a5dbd3b130ba0f184d3464d298f
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
Signed-off-by: Will Boyce <will@balena.io>
|
||||
signed-off-by: Will Boyce <will@balena.io>
|
||||
author: Will Boyce
|
||||
version: typed-error-3.1.0
|
||||
date: 2019-04-01T10:20:01.427Z
|
||||
- commits:
|
||||
- author: CameronDiver
|
||||
body: ''
|
||||
footers:
|
||||
change-type: patch
|
||||
signed-off-by: Cameron Diver <cameron@balena.io>
|
||||
hash: aaa9391dc463c1037f85e845d30f6f9434bb4dc1
|
||||
subject: Update README with new import style
|
||||
date: '2018-11-01T12:08:25Z'
|
||||
version: typed-error-3.0.2
|
||||
- commits:
|
||||
- author: Pagan Gazzard
|
||||
body: ''
|
||||
footers:
|
||||
change-type: patch
|
||||
hash: 627cdd281d7b086df8fe5ed1ccb0e0e0df3df062
|
||||
subject: Update to typescript 3
|
||||
- author: Pagan Gazzard
|
||||
body: ''
|
||||
footers:
|
||||
change-type: patch
|
||||
hash: 00d182bb2bc29bd82adb4e8ea4527f6bda6c5278
|
||||
subject: Update dev dependencies
|
||||
- author: Pagan Gazzard
|
||||
body: ''
|
||||
hash: 94adac5d747f16b9228b39e56007ee0126c6f99c
|
||||
subject: Add node-10 to the circle test suite
|
||||
date: '2018-10-29T14:05:23Z'
|
||||
version: typed-error-3.0.1
|
||||
- commits:
|
||||
- author: Will Boyce
|
||||
body: >-
|
||||
* Switch to `export ...` syntax (from `export = ...`)
|
||||
|
||||
* Fix invalid export of class inheriting non-exported
|
||||
class
|
||||
footers:
|
||||
change-type: major
|
||||
hash: a6307b8c04d3456ad7d8a6ac19035b5e718c4311
|
||||
subject: Distribute generated typescript declaration
|
||||
- author: Will Boyce
|
||||
body: ''
|
||||
footers:
|
||||
change-type: patch
|
||||
hash: 37c4b700baadba8cdd6bc0c40df74b30b1a6301c
|
||||
subject: use circle for build/publish and add package-lock
|
||||
- author: Will Boyce
|
||||
body: ''
|
||||
footers:
|
||||
change-type: patch
|
||||
hash: 83e809281f5172ca1ff71bdf0ee663cd504f1428
|
||||
subject: add lint scripts/requirements
|
||||
- author: Will Boyce
|
||||
body: ''
|
||||
footers:
|
||||
change-type: minor
|
||||
hash: da9431d08e501a0d4d0db3a7fb2c0bd06d76d064
|
||||
subject: Remove `BaseError` class and directly subclass `Error`
|
||||
- author: Will Boyce
|
||||
body: ''
|
||||
footers:
|
||||
change-type: patch
|
||||
hash: e46a36b54498b68f513c6cb947e217c11525e160
|
||||
subject: 'Update dependencies, clean up package/tsconfig'
|
||||
date: '2018-04-17T08:19:27Z'
|
||||
version: typed-error-3.0.0
|
||||
- commits:
|
||||
- author: Akis Kesoglou
|
||||
body: ''
|
||||
footers:
|
||||
change-type: patch
|
||||
hash: d35c44f1e57f6386c6f769f8cafc28e0886719cc
|
||||
subject: Add LICENSE
|
||||
date: '2017-12-15T17:19:00Z'
|
||||
version: typed-error-2.0.1
|
||||
version: open-balena-api-0.19.5
|
||||
date: 2019-05-20T12:59:21.646Z
|
||||
- commits:
|
||||
- subject: Some linting fixes for resin-lint 3
|
||||
hash: 808fc3e1ec9b21d8df1166bc3265d92d6bfa1c59
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: open-balena-api-0.19.4
|
||||
date: 2019-05-20T12:11:09.118Z
|
||||
- commits:
|
||||
- subject: Silence expected API key related rejections
|
||||
hash: d9e10e7128be9c562bcabbd58243830c6b2d1e01
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Akis Kesoglou
|
||||
version: open-balena-api-0.19.3
|
||||
date: 2019-05-17T11:47:13.587Z
|
||||
- commits:
|
||||
- subject: Update dependencies
|
||||
hash: a01960d25643dd5da4f090638db8e87b297c00c5
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: open-balena-api-0.19.2
|
||||
date: 2019-05-17T10:44:43.341Z
|
||||
- commits:
|
||||
- subject: Make use of a prepared query for device state query
|
||||
hash: ffa3f0bbba27d2c7246a45ab4ed4ff342a5c772c
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
- subject: Update pinejs to 10.14.0
|
||||
hash: ff02a77bebe6d4fbdd0a7fa9e2f2ef736fc560bc
|
||||
body: |
|
||||
Update pinejs from 10.11.0 to 10.14.0
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
nested:
|
||||
- commits:
|
||||
- subject: >-
|
||||
Update pinejs-client-core and make use of prepared
|
||||
queries
|
||||
hash: f61469c74fcba879bffb1e5e677805480e16e614
|
||||
body: |
|
||||
Update abstract-sql-compiler from 6.4.0 to 6.4.2
|
||||
Update odata-parser from 1.0.1 to 1.0.3
|
||||
Update odata-to-abstract-sql from 3.1.1 to 3.1.2
|
||||
Update pinejs-client-core from 5.3.6 to 5.5.1
|
||||
Update sbvr-parser from 0.2.1 to 0.2.2
|
||||
Update sbvr-types from 2.0.2 to 2.0.3
|
||||
footer:
|
||||
Change-type: minor
|
||||
change-type: minor
|
||||
author: Pagan Gazzard
|
||||
nested:
|
||||
- commits:
|
||||
- subject: >-
|
||||
Add .versionbot/CHANGELOG.yml for downstream
|
||||
changelogs
|
||||
hash: d871880a00c86b8eeec37489cf1d62a3688aabcc
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: odata-parser-1.0.3
|
||||
date: 2019-05-08T14:25:13.528Z
|
||||
- commits:
|
||||
- author: Pagan Gazzard
|
||||
body: ''
|
||||
footers:
|
||||
change-type: patch
|
||||
hash: 70ac83b0059a99d1d42e986f0a42fb7120c35ee8
|
||||
subject: Update dependencies
|
||||
date: '2019-04-15T06:51:46Z'
|
||||
version: odata-parser-1.0.2
|
||||
- commits:
|
||||
- subject: Update and fix lodash typings
|
||||
hash: 2bf073bbff3a94d66c31e07d98c3e298f5132b2c
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
- subject: Update husky/mocha dev dependencies
|
||||
hash: 29f7d52185186bdb1171fdf27a923eb38887d009
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: abstract-sql-compiler-6.4.2
|
||||
date: 2019-05-09T21:32:48.414Z
|
||||
- commits:
|
||||
- subject: Fix typescript compilation
|
||||
hash: a3733e5c348687d74dd290538c6a7f3f3a4a4bb0
|
||||
body: |
|
||||
Update odata-parser from 1.0.1 to 1.0.3
|
||||
Update odata-to-abstract-sql from 3.0.0 to 3.0.1
|
||||
Update sbvr-parser from 0.2.1 to 0.2.2
|
||||
Update sbvr-types from 2.0.0 to 2.0.3
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
nested:
|
||||
- commits:
|
||||
- subject: >-
|
||||
Add .versionbot/CHANGELOG.yml for
|
||||
downstream changelogs
|
||||
hash: 45c5843b204def5a727b8ba8dfafb2a2347f50f3
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: sbvr-parser-0.2.2
|
||||
date: 2019-05-08T14:23:57.847Z
|
||||
- subject: Add node 12 tests
|
||||
hash: 094c059eb3c5fd6f3502c53e40ed4b90197ed5c2
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
- subject: Add repo.yml for upstream changelogs
|
||||
hash: 3f4bffe3a107a4b6fd30c15bf1e70c79e68e226e
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
- subject: >-
|
||||
Add .versionbot/CHANGELOG.yml for downstream
|
||||
changelogs
|
||||
hash: 5e4ab1569e5e7f7648d4c14df8d3bf9f834a4828
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: abstract-sql-compiler-6.4.1
|
||||
date: 2019-05-08T16:45:44.728Z
|
||||
- commits:
|
||||
- subject: >-
|
||||
Fix downstream declaration creation errors due
|
||||
to `Dictionary`
|
||||
hash: a8a39edff8cc7e1d05fb9b67037718970e94296c
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: pinejs-client-js-5.5.1
|
||||
date: 2019-05-15T13:32:13.920Z
|
||||
- commits:
|
||||
- subject: >-
|
||||
Add a prepare method that prepares a query into
|
||||
a function
|
||||
hash: eb7eccca7d90c453710575ebdf3adb9ef56835a7
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: minor
|
||||
change-type: minor
|
||||
author: Pagan Gazzard
|
||||
version: pinejs-client-js-5.5.0
|
||||
date: 2019-05-15T11:51:46.450Z
|
||||
- commits:
|
||||
- subject: Add CODEOWNERS
|
||||
hash: e01174008f812e0c24ec1036aa1f9ff0bc716e85
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
Signed-off-by: Gergely Imreh <gergely@balena.io>
|
||||
signed-off-by: Gergely Imreh <gergely@balena.io>
|
||||
author: Gergely Imreh
|
||||
version: pinejs-client-js-5.4.1
|
||||
date: 2019-05-10T10:14:00.677Z
|
||||
- commits:
|
||||
- subject: >-
|
||||
Add support for parameter aliases in resource
|
||||
ids
|
||||
hash: a4e6a640a3ced56bcd3ef7bf22770338e089a90d
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: minor
|
||||
change-type: minor
|
||||
author: Pagan Gazzard
|
||||
version: pinejs-client-js-5.4.0
|
||||
date: 2019-05-10T09:57:46.863Z
|
||||
- commits:
|
||||
- subject: Deduplicate transformation of GET results
|
||||
hash: dd856e24072f652684adf63af97408ee0ba7389c
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: pinejs-client-js-5.3.10
|
||||
date: 2019-05-10T09:44:09.422Z
|
||||
- commits:
|
||||
- subject: >-
|
||||
Simplify how we expose types, which means
|
||||
`subscribe` is now exposed
|
||||
hash: f81e0cc59e75e0f9ffc71d9f122b9cfab9c05165
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: pinejs-client-js-5.3.9
|
||||
date: 2019-05-10T08:57:16.276Z
|
||||
- commits:
|
||||
- subject: Add automatic formatting via prettier
|
||||
hash: a345d32f295acfa8ed4e5b815c24e1e7fdb335f2
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: pinejs-client-js-5.3.8
|
||||
date: 2019-05-09T17:38:43.260Z
|
||||
- commits:
|
||||
- subject: 'Remove node 4 build, add node 12'
|
||||
hash: 8d549277d80746feadbdd8a6bba37eb076270440
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
- subject: >-
|
||||
Add .versionbot/CHANGELOG.yml for downstream
|
||||
changelogs
|
||||
hash: 067bedf65e86a902b7334ed6e5f117d6ac41afde
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: pinejs-client-js-5.3.7
|
||||
date: 2019-05-08T15:41:50.201Z
|
||||
- commits:
|
||||
- subject: Add node 12 tests
|
||||
hash: a6cc208654a36228a35fb8d8886e62bccc3c9fa4
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
- subject: Add repo.yml for upstream changelogs
|
||||
hash: e50ca4f49d80b3e89d37f7d8bf6607b0f797c7ae
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
- subject: >-
|
||||
Add .versionbot/CHANGELOG.yml for downstream
|
||||
changelogs
|
||||
hash: 9d68e94757f2f9498dedf3d6f085ce77ea70652a
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: odata-to-abstract-sql-3.1.2
|
||||
date: 2019-05-08T15:52:48.099Z
|
||||
- commits:
|
||||
- subject: >-
|
||||
Add .versionbot/CHANGELOG.yml for downstream
|
||||
changelogs
|
||||
hash: cc2e3e23030521788c127b5750abf3c65645a710
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: sbvr-types-2.0.3
|
||||
date: 2019-05-08T14:29:46.824Z
|
||||
- commits:
|
||||
- subject: >-
|
||||
Add .versionbot/CHANGELOG.yml for downstream
|
||||
changelogs
|
||||
hash: 45c5843b204def5a727b8ba8dfafb2a2347f50f3
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: sbvr-parser-0.2.2
|
||||
date: 2019-05-08T14:23:57.847Z
|
||||
version: pinejs-10.14.0
|
||||
date: 2019-05-15T14:12:22.538Z
|
||||
- commits:
|
||||
- subject: >-
|
||||
Fix possible null error when using a parameter alias
|
||||
with no value
|
||||
hash: ee0cb996e27a2234eb62608152230074a614cc4e
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: pinejs-10.13.3
|
||||
date: 2019-05-14T11:01:52.288Z
|
||||
- commits:
|
||||
- subject: Add repo.yml for nested changelogs
|
||||
hash: 02a34373d90f29b5ec06f9ae9823d87207fbb577
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: pinejs-10.13.2
|
||||
date: 2019-05-08T15:09:50.814Z
|
||||
- commits:
|
||||
- subject: Add node 12 to the circle tests
|
||||
hash: 7ae335dce37abf005daaa2e43239ed26ae2519de
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: pinejs-10.13.1
|
||||
date: 2019-05-06T21:37:25.704Z
|
||||
- commits:
|
||||
- subject: Expose odata-compiler as a bin script
|
||||
hash: cf86826e0d6653c456057d4de8d849d00ffc023f
|
||||
body: >
|
||||
This means that it will now match the module
|
||||
dependencies of the
|
||||
|
||||
installed pinejs
|
||||
footer:
|
||||
Change-type: minor
|
||||
change-type: minor
|
||||
author: Pagan Gazzard
|
||||
version: pinejs-10.13.0
|
||||
date: 2019-05-06T17:33:54.911Z
|
||||
- commits:
|
||||
- subject: Expose sbvr-compiler as a bin script
|
||||
hash: e6718ffe901b4d711f47493ff907ee1fe2f947e0
|
||||
body: >
|
||||
This means that it will now match the module
|
||||
dependencies of the
|
||||
|
||||
installed pinejs
|
||||
footer:
|
||||
Change-type: minor
|
||||
change-type: minor
|
||||
author: Pagan Gazzard
|
||||
- subject: >-
|
||||
Move odata-metadata-generator into odata-metadata
|
||||
directory
|
||||
hash: d414696ff13c9d9f2183f44eda434d0da8d26f01
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: pinejs-10.12.0
|
||||
date: 2019-05-01T13:08:20.878Z
|
||||
- commits:
|
||||
- subject: >-
|
||||
Update @types/lodash, avoiding `_.isObject` where
|
||||
necessary
|
||||
hash: 77a281beef4e9b82c6070dba3027ddd606e4c08b
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: pinejs-10.11.3
|
||||
date: 2019-05-01T11:07:54.197Z
|
||||
- commits:
|
||||
- subject: >-
|
||||
Only validate the model if the query affected at least 1
|
||||
row
|
||||
hash: 8bfd0a1f1cd45a837957f210979ec910e0e46261
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: pinejs-10.11.2
|
||||
date: 2019-04-22T13:42:40.543Z
|
||||
- commits:
|
||||
- subject: >-
|
||||
Switch odata-metadata-generator to using an abstract sql
|
||||
model
|
||||
hash: 9cf5c16b50f7371552cb8876dd5ca724cccdf911
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: pinejs-10.11.1
|
||||
date: 2019-04-11T16:03:38.840Z
|
||||
version: open-balena-api-0.19.1
|
||||
date: 2019-05-15T19:19:14.258Z
|
||||
- commits:
|
||||
- subject: Update target to es2018
|
||||
hash: b3bab02244ae85e4805db95eec92a3ae61fb0d92
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: minor
|
||||
change-type: minor
|
||||
author: Pagan Gazzard
|
||||
version: open-balena-api-0.19.0
|
||||
date: 2019-05-15T15:25:47.366Z
|
||||
- commits:
|
||||
- subject: 'bug: Resolve NPM dependency issues preventing startup'
|
||||
hash: 13842dee794bd12465ba97572a7a3ee0a19b7fc6
|
||||
body: |
|
||||
Add `ts-node` as a dependency, as it had been marked as devOnly
|
||||
in a previous PR.
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
Signed-off-by: Rich Bayliss <rich@balena.io>
|
||||
signed-off-by: Rich Bayliss <rich@balena.io>
|
||||
author: Rich Bayliss
|
||||
version: open-balena-api-0.18.6
|
||||
date: 2019-05-10T11:05:12.524Z
|
||||
- commits:
|
||||
- subject: Add typed-error upstream to repo.yml
|
||||
hash: d50d88a873988aa2c9cf1f50ed721fbf92565869
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
- subject: Add open-balena-base upstream to repo.yml
|
||||
hash: 2d039de7c4c8f8728a5a5af931fa83f55ef2a303
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: open-balena-api-0.18.5
|
||||
date: 2019-05-08T16:12:46.186Z
|
||||
- commits:
|
||||
- subject: Disable the service start limit
|
||||
hash: d69d9b2355616685dfb570be6aa6c14ccc97a7c2
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
- subject: Update open-balena-base to v7.0.2
|
||||
hash: d363fa289386f39de9af1bc3a3eb0690b35d9ea0
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: open-balena-api-0.18.4
|
||||
date: 2019-05-06T11:23:47.208Z
|
||||
- commits:
|
||||
- subject: 'tests: Add test framework'
|
||||
hash: 52c6eebcc45f637d15b48b7ea7942e6011b891eb
|
||||
body: |
|
||||
Add a test framework to allow testing of the openBalena API
|
||||
|
||||
Added CircleCI pipeline to run tests.
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
Signed-off-by: Rich Bayliss <rich@balena.io>
|
||||
signed-off-by: Rich Bayliss <rich@balena.io>
|
||||
author: Rich Bayliss
|
||||
version: open-balena-api-0.18.3
|
||||
date: 2019-05-01T09:06:36.206Z
|
||||
- commits:
|
||||
- subject: Fix import ordering issue
|
||||
hash: d4f207d8b7d9c55ef0f173fd3e58d20d46a964bc
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
author: Pagan Gazzard
|
||||
version: open-balena-api-0.18.2
|
||||
date: 2019-04-29T12:32:17.257Z
|
||||
- commits:
|
||||
- subject: 'versionbot: add machine readable changelog'
|
||||
hash: 95c57fb121cda374e36e45aaf82ee36877e8b82f
|
||||
body: ''
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
Signed-off-by: Gergely Imreh <gergely@balena.io>
|
||||
signed-off-by: Gergely Imreh <gergely@balena.io>
|
||||
author: Gergely Imreh
|
||||
version: open-balena-api-0.18.1
|
||||
date: 2019-04-29T11:23:22.500Z
|
||||
- commits:
|
||||
- author: Gergely Imreh
|
||||
body: |-
|
||||
That OS version and upwards have docker with capability to pull
|
||||
from registry v2.
|
||||
footers:
|
||||
change-type: minor
|
||||
signed-off-by: Gergely Imreh <gergely@balena.io>
|
||||
hash: 9fa9f17256d3c975f1fa590d5d132433d1b20646
|
||||
subject: >-
|
||||
device-config: allow devices going back to v1.2.1 to use
|
||||
registry v2
|
||||
date: '2019-04-29T09:32:40Z'
|
||||
version: open-balena-api-0.18.0
|
||||
- commits:
|
||||
- author: Pagan Gazzard
|
||||
body: ''
|
||||
footers:
|
||||
change-type: patch
|
||||
hash: 41b3e535f633862c8191c0ee94b2a089179316ef
|
||||
subject: Handle requesting registry scopes with explicit indices above 20
|
||||
date: '2019-04-26T19:16:24Z'
|
||||
version: open-balena-api-0.17.4
|
||||
- commits:
|
||||
- author: Pagan Gazzard
|
||||
body: ''
|
||||
footers:
|
||||
change-type: patch
|
||||
hash: 501a5cb839d7bd6e24a4e702c9b2d55f6a7ccdae
|
||||
subject: Use more accurate `BadRequestError`s for invalid env var names
|
||||
- author: Pagan Gazzard
|
||||
body: ''
|
||||
hash: ec8543f76672e23a36353f2d38444f74867a3e64
|
||||
subject: Remove unnecessary `nameProp` argument from `addEnvHooks`
|
||||
- author: Pagan Gazzard
|
||||
body: ''
|
||||
hash: 8ca26a0368feaf72a40d528fc462dbb953426797
|
||||
subject: Avoid unnecessary object creation on env var validation
|
||||
date: '2019-04-26T09:24:50Z'
|
||||
version: open-balena-api-0.17.3
|
||||
- commits:
|
||||
- author: Will Boyce
|
||||
body: >-
|
||||
Allowing the server to dictate when keys are renegotiated allows
|
||||
us to
|
||||
|
||||
control load spikes more effectively.
|
||||
footers:
|
||||
change-type: patch
|
||||
signed-off-by: Will Boyce <will@balena.io>
|
||||
hash: de52f7e24057f12b0b9381d462ca1d0d0ea5a8d6
|
||||
subject: 'os-config: disable client-initiated vpn tls key renegotiation'
|
||||
date: '2019-04-24T12:32:57Z'
|
||||
version: open-balena-api-0.17.2
|
||||
- commits:
|
||||
- author: Pagan Gazzard
|
||||
body: ''
|
||||
footers:
|
||||
change-type: patch
|
||||
hash: f4676ba5237d374c9148db9855e7e0ce29bddb38
|
||||
subject: Remove unused `DEVICE_CONFIG_OPENVPN_CONFIG` fron env backend
|
||||
date: '2019-04-19T14:06:00Z'
|
||||
version: open-balena-api-0.17.1
|
||||
- commits:
|
||||
- author: Pagan Gazzard
|
||||
body: ''
|
||||
footers:
|
||||
change-type: minor
|
||||
hash: ef31eaefa2c75a3e6f61268bdc60af4b1e39f970
|
||||
subject: Rename `env_var_name` to `name` to match cloud
|
||||
date: '2019-04-18T15:54:23Z'
|
||||
version: open-balena-api-0.17.0
|
||||
- commits:
|
||||
- author: Rich Bayliss
|
||||
body: |-
|
||||
Add missing changes to make the `my_application` resource return
|
||||
results, instead of throwing an exception.
|
||||
footers:
|
||||
change-type: patch
|
||||
signed-off-by: Rich Bayliss <rich@balena.io>
|
||||
hash: 065454c21c7308b9e51395186a8023fc3b11b6a7
|
||||
subject: >-
|
||||
fix: Changes required to make `my_application` resource
|
||||
available
|
||||
date: '2019-04-18T13:38:33Z'
|
||||
version: open-balena-api-0.16.1
|
||||
- commits:
|
||||
- author: Pagan Gazzard
|
||||
body: ''
|
||||
footers:
|
||||
change-type: minor
|
||||
hash: 12bab4ff126f8156afa8aa1ad62f8776746d7c6e
|
||||
subject: Handle `my_applications` within pinejs
|
||||
date: '2019-04-17T14:18:41Z'
|
||||
version: open-balena-api-0.16.0
|
||||
- commits:
|
||||
- author: Will Boyce
|
||||
body: ''
|
||||
footers:
|
||||
change-type: patch
|
||||
signed-off-by: Will Boyce <will@balena.io>
|
||||
hash: 285091d355eb71099925d8e0eb5748aa50213de5
|
||||
subject: 'device-proxy: use `.balena` tld in favour of `.resin`'
|
||||
date: '2019-04-17T12:13:03Z'
|
||||
version: open-balena-api-0.15.2
|
||||
- commits:
|
||||
- author: Pagan Gazzard
|
||||
body: ''
|
||||
footers:
|
||||
change-type: patch
|
||||
hash: 76063693f447bdd155abe12004d52e51831fe7a9
|
||||
subject: Update method-override to 3.x
|
||||
date: '2019-04-17T09:52:51Z'
|
||||
version: open-balena-api-0.15.1
|
||||
- commits:
|
||||
- author: Pagan Gazzard
|
||||
body: |-
|
||||
Also splits index.js to make sure the bulk of it is typed
|
||||
Update pinejs from 10.8.0 to 10.11.0
|
||||
footers:
|
||||
change-type: minor
|
||||
hash: 384f53606795d4b565d8a851b86316ce4fcfbcb9
|
||||
subject: >-
|
||||
Rename `configPath` to `config` and make sure config.json is
|
||||
valid
|
||||
date: '2019-04-15T18:37:57Z'
|
||||
version: open-balena-api-0.15.0
|
||||
- commits:
|
||||
- author: Pablo Carranza Velez
|
||||
body: >-
|
||||
Added to the supervisor in
|
||||
https://github.com/balena-io/balena-supervisor/pull/934
|
||||
|
||||
We add this variable to the whitelist and add the information so
|
||||
that the UI can show it and allow changing it.
|
||||
footers:
|
||||
change-type: minor
|
||||
signed-off-by: Pablo Carranza Velez <pablocarranza@gmail.com>
|
||||
hash: ed41b29c8211d37897f656ed5b55594f3317aebe
|
||||
subject: >-
|
||||
Whitelist the new RESIN_SUPERVISOR_INSTANT_UPDATE_TRIGGER
|
||||
configuration variable
|
||||
date: '2019-04-11T18:27:19Z'
|
||||
version: open-balena-api-0.14.0
|
||||
- commits:
|
||||
- author: Pagan Gazzard
|
||||
body: ''
|
||||
footers:
|
||||
change-type: patch
|
||||
hash: f827088cd504c62753390d2f3929d9b9de708914
|
||||
subject: Fix `ResolvableReturnType` typing
|
||||
date: '2019-04-02T15:20:27Z'
|
||||
version: open-balena-api-0.13.3
|
||||
- commits:
|
||||
- author: Pagan Gazzard
|
||||
body: ''
|
||||
footers:
|
||||
change-type: patch
|
||||
hash: c0e11d4fd0080a74ca67568062ec8133fa9deb68
|
||||
subject: Add CODEOWNERS file
|
||||
date: '2019-04-01T13:32:08Z'
|
||||
version: open-balena-api-0.13.2
|
||||
- commits:
|
||||
- author: Pagan Gazzard
|
||||
body: ''
|
||||
footers:
|
||||
change-type: patch
|
||||
hash: da963b34c86e0f3a5bb7caefcf5cfad82a1de49e
|
||||
subject: Add an index for the vpn's service instance lookup
|
||||
date: '2019-04-01T13:18:22Z'
|
||||
version: open-balena-api-0.13.1
|
||||
- commits:
|
||||
- author: Pagan Gazzard
|
||||
body: Update pinejs from 10.6.1 to 10.8.0
|
||||
footers:
|
||||
change-type: patch
|
||||
hash: 4f7200e14388b379e4b068a64acbf2d4f4d62a9c
|
||||
subject: Use a readTransaction for device state
|
||||
- author: Pagan Gazzard
|
||||
body: ''
|
||||
footers:
|
||||
change-type: minor
|
||||
hash: 1f5005153dcf8aeb20622b6f23cc0131b9afd74a
|
||||
subject: >-
|
||||
Remove runInTransaction wrapper to avoid unnecessary function
|
||||
creation
|
||||
- author: Pagan Gazzard
|
||||
body: ''
|
||||
hash: 4ce469103710955e23754b09a94f8d1793cf82bc
|
||||
subject: Avoid need to repeateadly check for `readTransaction` existence
|
||||
date: '2019-03-28T11:00:59Z'
|
||||
version: open-balena-api-0.13.0
|
||||
- commits:
|
||||
- author: Stevche Radevski
|
||||
body: |-
|
||||
This will allow us to store the pre
|
||||
and post-image build logs as shown in
|
||||
the terminal.
|
||||
footers:
|
||||
change-type: minor
|
||||
signed-off-by: Stevche Radevski <stevche@balena.io>
|
||||
hash: e781deead7e08e4fc35e33769ab8262fdc941f2b
|
||||
subject: Add build log to release resource
|
||||
date: '2019-03-19T14:19:56Z'
|
||||
version: open-balena-api-0.12.0
|
||||
version: 1.2.0
|
||||
date: 2019-05-21T14:52:12.117Z
|
||||
411
CHANGELOG.md
411
CHANGELOG.md
@ -4,6 +4,417 @@ All notable changes to this project will be documented in this file
|
||||
automatically by Versionist. DO NOT EDIT THIS FILE MANUALLY!
|
||||
This project adheres to [Semantic Versioning](http://semver.org/).
|
||||
|
||||
# v1.3.0
|
||||
## (2019-07-30)
|
||||
|
||||
* services: Update Registry service version [Rich Bayliss]
|
||||
* feature: Support deployment via balena push to local-mode balenaOS devices [Rich Bayliss]
|
||||
|
||||
# v1.2.0
|
||||
## (2019-05-21)
|
||||
|
||||
* tidy: Remove unused DEVICE_CONFIG_OPENVPN_CONFIG variable [Rich Bayliss]
|
||||
* services: Update Registry service version [Akis Kesoglou]
|
||||
* services: Update API service version [Rich Bayliss]
|
||||
|
||||
<details>
|
||||
<summary> View details </summary>
|
||||
|
||||
## open-balena-api-0.19.5
|
||||
### (2019-05-20)
|
||||
|
||||
* Update typed-error to 3.1.0 [Pagan Gazzard]
|
||||
|
||||
<details>
|
||||
<summary> View details </summary>
|
||||
|
||||
### typed-error-3.1.0
|
||||
#### (2019-04-01)
|
||||
|
||||
* dev: Enforce prettier coding standards [Will Boyce]
|
||||
* npm: Update dependencies and remove `package-lock.json` [Will Boyce]
|
||||
* codeowners: Add top contributors @wrboyce, @Page-, and @dfunckt [Will Boyce]
|
||||
* versionbot: Add CHANGELOG.yml (for nested changelogs) [Will Boyce]
|
||||
|
||||
### typed-error-3.0.2
|
||||
#### (2018-11-01)
|
||||
|
||||
* Update README with new import style [CameronDiver]
|
||||
|
||||
### typed-error-3.0.1
|
||||
#### (2018-10-29)
|
||||
|
||||
* Update to typescript 3 [Pagan Gazzard]
|
||||
* Update dev dependencies [Pagan Gazzard]
|
||||
* Add node-10 to the circle test suite [Pagan Gazzard]
|
||||
|
||||
### typed-error-3.0.0
|
||||
#### (2018-04-17)
|
||||
|
||||
* Distribute generated typescript declaration [Will Boyce]
|
||||
* use circle for build/publish and add package-lock [Will Boyce]
|
||||
* add lint scripts/requirements [Will Boyce]
|
||||
* Remove `BaseError` class and directly subclass `Error` [Will Boyce]
|
||||
* Update dependencies, clean up package/tsconfig [Will Boyce]
|
||||
|
||||
### typed-error-2.0.1
|
||||
#### (2017-12-15)
|
||||
|
||||
* Add LICENSE [Akis Kesoglou]
|
||||
</details>
|
||||
|
||||
|
||||
## open-balena-api-0.19.4
|
||||
### (2019-05-20)
|
||||
|
||||
* Some linting fixes for resin-lint 3 [Pagan Gazzard]
|
||||
|
||||
## open-balena-api-0.19.3
|
||||
### (2019-05-17)
|
||||
|
||||
* Silence expected API key related rejections [Akis Kesoglou]
|
||||
|
||||
## open-balena-api-0.19.2
|
||||
### (2019-05-17)
|
||||
|
||||
* Update dependencies [Pagan Gazzard]
|
||||
|
||||
## open-balena-api-0.19.1
|
||||
### (2019-05-15)
|
||||
|
||||
* Make use of a prepared query for device state query [Pagan Gazzard]
|
||||
* Update pinejs to 10.14.0 [Pagan Gazzard]
|
||||
|
||||
<details>
|
||||
<summary> View details </summary>
|
||||
|
||||
### pinejs-10.14.0
|
||||
#### (2019-05-15)
|
||||
|
||||
* Update pinejs-client-core and make use of prepared queries [Pagan Gazzard]
|
||||
|
||||
<details>
|
||||
<summary> View details </summary>
|
||||
|
||||
#### odata-parser-1.0.3
|
||||
##### (2019-05-08)
|
||||
|
||||
* Add .versionbot/CHANGELOG.yml for downstream changelogs [Pagan Gazzard]
|
||||
|
||||
#### odata-parser-1.0.2
|
||||
##### (2019-04-15)
|
||||
|
||||
* Update dependencies [Pagan Gazzard]
|
||||
|
||||
#### abstract-sql-compiler-6.4.2
|
||||
##### (2019-05-09)
|
||||
|
||||
* Update and fix lodash typings [Pagan Gazzard]
|
||||
* Update husky/mocha dev dependencies [Pagan Gazzard]
|
||||
|
||||
#### abstract-sql-compiler-6.4.1
|
||||
##### (2019-05-08)
|
||||
|
||||
* Fix typescript compilation [Pagan Gazzard]
|
||||
|
||||
<details>
|
||||
<summary> View details </summary>
|
||||
|
||||
##### sbvr-parser-0.2.2
|
||||
###### (2019-05-08)
|
||||
|
||||
* Add .versionbot/CHANGELOG.yml for downstream changelogs [Pagan Gazzard]
|
||||
</details>
|
||||
|
||||
* Add node 12 tests [Pagan Gazzard]
|
||||
* Add repo.yml for upstream changelogs [Pagan Gazzard]
|
||||
* Add .versionbot/CHANGELOG.yml for downstream changelogs [Pagan Gazzard]
|
||||
|
||||
#### pinejs-client-js-5.5.1
|
||||
##### (2019-05-15)
|
||||
|
||||
* Fix downstream declaration creation errors due to `Dictionary` [Pagan Gazzard]
|
||||
|
||||
#### pinejs-client-js-5.5.0
|
||||
##### (2019-05-15)
|
||||
|
||||
* Add a prepare method that prepares a query into a function [Pagan Gazzard]
|
||||
|
||||
#### pinejs-client-js-5.4.1
|
||||
##### (2019-05-10)
|
||||
|
||||
* Add CODEOWNERS [Gergely Imreh]
|
||||
|
||||
#### pinejs-client-js-5.4.0
|
||||
##### (2019-05-10)
|
||||
|
||||
* Add support for parameter aliases in resource ids [Pagan Gazzard]
|
||||
|
||||
#### pinejs-client-js-5.3.10
|
||||
##### (2019-05-10)
|
||||
|
||||
* Deduplicate transformation of GET results [Pagan Gazzard]
|
||||
|
||||
#### pinejs-client-js-5.3.9
|
||||
##### (2019-05-10)
|
||||
|
||||
* Simplify how we expose types, which means `subscribe` is now exposed [Pagan Gazzard]
|
||||
|
||||
#### pinejs-client-js-5.3.8
|
||||
##### (2019-05-09)
|
||||
|
||||
* Add automatic formatting via prettier [Pagan Gazzard]
|
||||
|
||||
#### pinejs-client-js-5.3.7
|
||||
##### (2019-05-08)
|
||||
|
||||
* Remove node 4 build, add node 12 [Pagan Gazzard]
|
||||
* Add .versionbot/CHANGELOG.yml for downstream changelogs [Pagan Gazzard]
|
||||
|
||||
#### odata-to-abstract-sql-3.1.2
|
||||
##### (2019-05-08)
|
||||
|
||||
* Add node 12 tests [Pagan Gazzard]
|
||||
* Add repo.yml for upstream changelogs [Pagan Gazzard]
|
||||
* Add .versionbot/CHANGELOG.yml for downstream changelogs [Pagan Gazzard]
|
||||
|
||||
#### sbvr-types-2.0.3
|
||||
##### (2019-05-08)
|
||||
|
||||
* Add .versionbot/CHANGELOG.yml for downstream changelogs [Pagan Gazzard]
|
||||
|
||||
#### sbvr-parser-0.2.2
|
||||
##### (2019-05-08)
|
||||
|
||||
* Add .versionbot/CHANGELOG.yml for downstream changelogs [Pagan Gazzard]
|
||||
</details>
|
||||
|
||||
|
||||
### pinejs-10.13.3
|
||||
#### (2019-05-14)
|
||||
|
||||
* Fix possible null error when using a parameter alias with no value [Pagan Gazzard]
|
||||
|
||||
### pinejs-10.13.2
|
||||
#### (2019-05-08)
|
||||
|
||||
* Add repo.yml for nested changelogs [Pagan Gazzard]
|
||||
|
||||
### pinejs-10.13.1
|
||||
#### (2019-05-06)
|
||||
|
||||
* Add node 12 to the circle tests [Pagan Gazzard]
|
||||
|
||||
### pinejs-10.13.0
|
||||
#### (2019-05-06)
|
||||
|
||||
* Expose odata-compiler as a bin script [Pagan Gazzard]
|
||||
|
||||
### pinejs-10.12.0
|
||||
#### (2019-05-01)
|
||||
|
||||
* Expose sbvr-compiler as a bin script [Pagan Gazzard]
|
||||
* Move odata-metadata-generator into odata-metadata directory [Pagan Gazzard]
|
||||
|
||||
### pinejs-10.11.3
|
||||
#### (2019-05-01)
|
||||
|
||||
* Update @types/lodash, avoiding `_.isObject` where necessary [Pagan Gazzard]
|
||||
|
||||
### pinejs-10.11.2
|
||||
#### (2019-04-22)
|
||||
|
||||
* Only validate the model if the query affected at least 1 row [Pagan Gazzard]
|
||||
|
||||
### pinejs-10.11.1
|
||||
#### (2019-04-11)
|
||||
|
||||
* Switch odata-metadata-generator to using an abstract sql model [Pagan Gazzard]
|
||||
</details>
|
||||
|
||||
|
||||
## open-balena-api-0.19.0
|
||||
### (2019-05-15)
|
||||
|
||||
* Update target to es2018 [Pagan Gazzard]
|
||||
|
||||
## open-balena-api-0.18.6
|
||||
### (2019-05-10)
|
||||
|
||||
* bug: Resolve NPM dependency issues preventing startup [Rich Bayliss]
|
||||
|
||||
## open-balena-api-0.18.5
|
||||
### (2019-05-08)
|
||||
|
||||
* Add typed-error upstream to repo.yml [Pagan Gazzard]
|
||||
* Add open-balena-base upstream to repo.yml [Pagan Gazzard]
|
||||
|
||||
## open-balena-api-0.18.4
|
||||
### (2019-05-06)
|
||||
|
||||
* Disable the service start limit [Pagan Gazzard]
|
||||
* Update open-balena-base to v7.0.2 [Pagan Gazzard]
|
||||
|
||||
## open-balena-api-0.18.3
|
||||
### (2019-05-01)
|
||||
|
||||
* tests: Add test framework [Rich Bayliss]
|
||||
|
||||
## open-balena-api-0.18.2
|
||||
### (2019-04-29)
|
||||
|
||||
* Fix import ordering issue [Pagan Gazzard]
|
||||
|
||||
## open-balena-api-0.18.1
|
||||
### (2019-04-29)
|
||||
|
||||
* versionbot: add machine readable changelog [Gergely Imreh]
|
||||
|
||||
## open-balena-api-0.18.0
|
||||
### (2019-04-29)
|
||||
|
||||
* device-config: allow devices going back to v1.2.1 to use registry v2 [Gergely Imreh]
|
||||
|
||||
## open-balena-api-0.17.4
|
||||
### (2019-04-26)
|
||||
|
||||
* Handle requesting registry scopes with explicit indices above 20 [Pagan Gazzard]
|
||||
|
||||
## open-balena-api-0.17.3
|
||||
### (2019-04-26)
|
||||
|
||||
* Use more accurate `BadRequestError`s for invalid env var names [Pagan Gazzard]
|
||||
* Remove unnecessary `nameProp` argument from `addEnvHooks` [Pagan Gazzard]
|
||||
* Avoid unnecessary object creation on env var validation [Pagan Gazzard]
|
||||
|
||||
## open-balena-api-0.17.2
|
||||
### (2019-04-24)
|
||||
|
||||
* os-config: disable client-initiated vpn tls key renegotiation [Will Boyce]
|
||||
|
||||
## open-balena-api-0.17.1
|
||||
### (2019-04-19)
|
||||
|
||||
* Remove unused `DEVICE_CONFIG_OPENVPN_CONFIG` fron env backend [Pagan Gazzard]
|
||||
|
||||
## open-balena-api-0.17.0
|
||||
### (2019-04-18)
|
||||
|
||||
* Rename `env_var_name` to `name` to match cloud [Pagan Gazzard]
|
||||
|
||||
## open-balena-api-0.16.1
|
||||
### (2019-04-18)
|
||||
|
||||
* fix: Changes required to make `my_application` resource available [Rich Bayliss]
|
||||
|
||||
## open-balena-api-0.16.0
|
||||
### (2019-04-17)
|
||||
|
||||
* Handle `my_applications` within pinejs [Pagan Gazzard]
|
||||
|
||||
## open-balena-api-0.15.2
|
||||
### (2019-04-17)
|
||||
|
||||
* device-proxy: use `.balena` tld in favour of `.resin` [Will Boyce]
|
||||
|
||||
## open-balena-api-0.15.1
|
||||
### (2019-04-17)
|
||||
|
||||
* Update method-override to 3.x [Pagan Gazzard]
|
||||
|
||||
## open-balena-api-0.15.0
|
||||
### (2019-04-15)
|
||||
|
||||
* Rename `configPath` to `config` and make sure config.json is valid [Pagan Gazzard]
|
||||
|
||||
## open-balena-api-0.14.0
|
||||
### (2019-04-11)
|
||||
|
||||
* Whitelist the new RESIN_SUPERVISOR_INSTANT_UPDATE_TRIGGER configuration variable [Pablo Carranza Velez]
|
||||
|
||||
## open-balena-api-0.13.3
|
||||
### (2019-04-02)
|
||||
|
||||
* Fix `ResolvableReturnType` typing [Pagan Gazzard]
|
||||
|
||||
## open-balena-api-0.13.2
|
||||
### (2019-04-01)
|
||||
|
||||
* Add CODEOWNERS file [Pagan Gazzard]
|
||||
|
||||
## open-balena-api-0.13.1
|
||||
### (2019-04-01)
|
||||
|
||||
* Add an index for the vpn's service instance lookup [Pagan Gazzard]
|
||||
|
||||
## open-balena-api-0.13.0
|
||||
### (2019-03-28)
|
||||
|
||||
* Use a readTransaction for device state [Pagan Gazzard]
|
||||
* Remove runInTransaction wrapper to avoid unnecessary function creation [Pagan Gazzard]
|
||||
* Avoid need to repeateadly check for `readTransaction` existence [Pagan Gazzard]
|
||||
|
||||
## open-balena-api-0.12.0
|
||||
### (2019-03-19)
|
||||
|
||||
* Add build log to release resource [Stevche Radevski]
|
||||
</details>
|
||||
|
||||
# v1.1.1
|
||||
## (2019-05-07)
|
||||
|
||||
* docker: Update docker-compose version to latest [Heds Simons]
|
||||
|
||||
# v1.1.0
|
||||
## (2019-05-07)
|
||||
|
||||
* s3: Update to latest version with credentials [Heds Simons]
|
||||
|
||||
# v1.0.2
|
||||
## (2019-04-17)
|
||||
|
||||
* scripts: Handle missing coreutils on Mac [Roman Mazur]
|
||||
|
||||
# v1.0.1
|
||||
## (2019-03-20)
|
||||
|
||||
* vpn: Remove BALENA_ROOT_CA from the VPN trust chain [Rich Bayliss]
|
||||
|
||||
# v1.0.0
|
||||
## (2019-03-15)
|
||||
|
||||
* tags: Pin the image tags for the service stack [Rich Bayliss]
|
||||
|
||||
# v0.2.2
|
||||
## (2019-03-08)
|
||||
|
||||
* codeowners: Add CODEOWNERS file [Rich Bayliss]
|
||||
|
||||
# v0.2.1
|
||||
## (2019-03-08)
|
||||
|
||||
* certs: Add support for an ACME certificate provider [Rich Bayliss]
|
||||
|
||||
# v0.2.0
|
||||
## (2019-01-25)
|
||||
|
||||
* Do not publish DB and Redis ports to the host [Akis Kesoglou]
|
||||
|
||||
# v0.1.4
|
||||
## (2019-01-10)
|
||||
|
||||
* vagrant: Add missing Node dependency [Rich Bayliss]
|
||||
|
||||
# v0.1.3
|
||||
## (2019-01-10)
|
||||
|
||||
* vagrant: Improve the Vagrant file to make development easier [Rich Bayliss]
|
||||
|
||||
# v0.1.2
|
||||
## (2018-12-20)
|
||||
|
||||
* init: Make scripts macOS compatible [Rich Bayliss]
|
||||
|
||||
# v0.1.1
|
||||
## (2018-12-17)
|
||||
|
||||
|
||||
35
Vagrantfile
vendored
35
Vagrantfile
vendored
@ -7,25 +7,36 @@ Vagrant.require_version '>= 2.0.0'
|
||||
end
|
||||
|
||||
Vagrant.configure('2') do |config|
|
||||
config.vm.define 'openbalenavm'
|
||||
config.vm.box = 'bento/ubuntu-16.04'
|
||||
config.vm.box_url = 'https://vagrantcloud.com/bento/boxes/ubuntu-16.04/versions/201808.24.0/providers/virtualbox.box'
|
||||
config.vm.define 'openbalena'
|
||||
config.vm.hostname = 'openbalena-vagrant'
|
||||
config.vm.box = 'bento/ubuntu-18.04'
|
||||
|
||||
config.vm.network "public_network",
|
||||
use_dhcp_assigned_default_route: true
|
||||
|
||||
config.vm.synced_folder '.', '/vagrant', disabled: true
|
||||
config.vm.synced_folder '.', '/home/vagrant/open-balena'
|
||||
config.vm.network 'public_network', bridge: ENV.fetch('OPENBALENA_BRIDGE', '')
|
||||
config.vm.synced_folder '.', '/home/vagrant/openbalena'
|
||||
|
||||
config.ssh.forward_agent = true
|
||||
|
||||
config.vm.provision :docker
|
||||
config.vm.provision :docker_compose
|
||||
|
||||
# FIXME: remove node
|
||||
config.vm.provision :shell, inline: 'apt-get update && apt-get install -y nodejs && rm -rf /var/lib/apt/lists/*'
|
||||
$provision = <<-SCRIPT
|
||||
DOCKER_COMPOSE_VERSION=1.24.0
|
||||
|
||||
config.vm.provision :shell, privileged: false,
|
||||
inline: "cd /home/vagrant/open-balena && ./scripts/quickstart -p -d #{ENV.fetch('OPENBALENA_DOMAIN', 'openbalena.local')}"
|
||||
touch /home/vagrant/.bashrc
|
||||
grep -Fxq 'source /home/vagrant/openbalena/.openbalenarc' /home/vagrant/.bashrc || echo 'source /home/vagrant/openbalena/.openbalenarc' >> /home/vagrant/.bashrc
|
||||
|
||||
curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.34.0/install.sh | bash
|
||||
source "/home/vagrant/.nvm/nvm.sh" # This loads nvm
|
||||
nvm install 10.15.0 && nvm use 10.15.0
|
||||
|
||||
# Install a newer version of docker-compose
|
||||
(cd /usr/local/bin; \
|
||||
sudo curl -o docker-compose --silent --location https://github.com/docker/compose/releases/download/$DOCKER_COMPOSE_VERSION/docker-compose-Linux-x86_64; \
|
||||
sudo chmod a+x docker-compose)
|
||||
SCRIPT
|
||||
|
||||
config.vm.provision :shell, privileged: false, inline: $provision
|
||||
|
||||
config.vm.provision :shell, privileged: false,
|
||||
inline: "echo 'cd ~/open-balena' >> ~/.bashrc"
|
||||
end
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
version: '2.1'
|
||||
version: "2.0"
|
||||
|
||||
services:
|
||||
component:
|
||||
|
||||
31
compose/mdns.yml
Normal file
31
compose/mdns.yml
Normal file
@ -0,0 +1,31 @@
|
||||
version: "2.0"
|
||||
|
||||
services:
|
||||
balena-mdns-publisher:
|
||||
image: balena/balena-mdns-publisher:${OPENBALENA_MDNS_PUBLISHER_VERSION_TAG}
|
||||
network_mode: "host"
|
||||
cap_add:
|
||||
- SYS_RESOURCE
|
||||
- SYS_ADMIN
|
||||
security_opt:
|
||||
- apparmor:unconfined
|
||||
tmpfs:
|
||||
- /run
|
||||
- /sys/fs/cgroup
|
||||
# balenaOS - Required for host DBus comms. Not required for standalone Linux
|
||||
labels:
|
||||
io.balena.features.dbus: '1'
|
||||
io.balena.features.supervisor-api: '1'
|
||||
environment:
|
||||
CONFD_BACKEND: ENV
|
||||
# The name of the TLD to use. This *must* match certificates used for the rest of
|
||||
# the resin backend (eg. that for BALENA_ROOT_CA if present).
|
||||
MDNS_TLD: ${OPENBALENA_HOST_NAME}
|
||||
# List of subdomains to advertise. This must include all required hosts.
|
||||
MDNS_SUBDOMAINS: '["api", "db", "registry", "s3", "vpn"]'
|
||||
# The expectation is the DBus socket to use is always at the following location.
|
||||
DBUS_SESSION_BUS_ADDRESS: "unix:path=/host/run/dbus/system_bus_socket"
|
||||
# Selects the interface used for incoming connections from the wider subnet.
|
||||
# For NUCs, this is `eno1`. If running natively, pick the appropriate interface.
|
||||
# Alternatively, keep the default commented out to autoselect.
|
||||
#INTERFACE: "eno1"
|
||||
@ -1,17 +1,19 @@
|
||||
version: '2.1'
|
||||
version: "2.0"
|
||||
|
||||
volumes:
|
||||
db:
|
||||
registry:
|
||||
s3:
|
||||
redis:
|
||||
certs: {}
|
||||
cert-provider: {}
|
||||
db: {}
|
||||
redis: {}
|
||||
registry: {}
|
||||
s3: {}
|
||||
|
||||
services:
|
||||
api:
|
||||
extends:
|
||||
file: ./common.yml
|
||||
service: component
|
||||
image: balena/open-balena-api:${OPENBALENA_API_VERSION_TAG:-master}
|
||||
image: balena/open-balena-api:${OPENBALENA_API_VERSION_TAG}
|
||||
depends_on:
|
||||
- db
|
||||
- s3
|
||||
@ -20,12 +22,11 @@ services:
|
||||
API_VPN_SERVICE_API_KEY: ${OPENBALENA_API_VPN_SERVICE_API_KEY}
|
||||
BALENA_ROOT_CA: ${OPENBALENA_ROOT_CA}
|
||||
COOKIE_SESSION_SECRET: ${OPENBALENA_COOKIE_SESSION_SECRET}
|
||||
DB_HOST: db.${OPENBALENA_HOST_NAME}
|
||||
DB_HOST: db
|
||||
DB_PASSWORD: docker
|
||||
DB_PORT: 5432
|
||||
DB_USER: docker
|
||||
DELTA_HOST: delta.${OPENBALENA_HOST_NAME}
|
||||
DEVICE_CONFIG_OPENVPN_CONFIG: ${OPENBALENA_VPN_CONFIG}
|
||||
DEVICE_CONFIG_OPENVPN_CA: ${OPENBALENA_VPN_CA_CHAIN}
|
||||
DEVICE_CONFIG_SSH_AUTHORIZED_KEYS: ${OPENBALENA_SSH_AUTHORIZED_KEYS}
|
||||
HOST: api.${OPENBALENA_HOST_NAME}
|
||||
@ -36,20 +37,20 @@ services:
|
||||
JSON_WEB_TOKEN_EXPIRY_MINUTES: 10080
|
||||
JSON_WEB_TOKEN_SECRET: ${OPENBALENA_JWT_SECRET}
|
||||
MIXPANEL_TOKEN: __unused__
|
||||
PRODUCTION_MODE: '${OPENBALENA_PRODUCTION_MODE}'
|
||||
PRODUCTION_MODE: "${OPENBALENA_PRODUCTION_MODE}"
|
||||
PUBNUB_PUBLISH_KEY: __unused__
|
||||
PUBNUB_SUBSCRIBE_KEY: __unused__
|
||||
REDIS_HOST: redis.${OPENBALENA_HOST_NAME}
|
||||
REDIS_HOST: redis
|
||||
REDIS_PORT: 6379
|
||||
REGISTRY2_HOST: registry.${OPENBALENA_HOST_NAME}
|
||||
REGISTRY_HOST: registry.${OPENBALENA_HOST_NAME}
|
||||
SENTRY_DSN:
|
||||
SENTRY_DSN: ""
|
||||
TOKEN_AUTH_BUILDER_TOKEN: ${OPENBALENA_TOKEN_AUTH_BUILDER_TOKEN}
|
||||
TOKEN_AUTH_CERT_ISSUER: api.${OPENBALENA_HOST_NAME}
|
||||
TOKEN_AUTH_CERT_KEY: ${OPENBALENA_TOKEN_AUTH_KEY}
|
||||
TOKEN_AUTH_CERT_KID: ${OPENBALENA_TOKEN_AUTH_KID}
|
||||
TOKEN_AUTH_CERT_PUB: ${OPENBALENA_TOKEN_AUTH_PUB}
|
||||
TOKEN_AUTH_JWT_ALGO: 'ES256'
|
||||
TOKEN_AUTH_JWT_ALGO: "ES256"
|
||||
VPN_HOST: vpn.${OPENBALENA_HOST_NAME}
|
||||
VPN_PORT: 443
|
||||
VPN_SERVICE_API_KEY: ${OPENBALENA_VPN_SERVICE_API_KEY}
|
||||
@ -60,9 +61,8 @@ services:
|
||||
extends:
|
||||
file: ./common.yml
|
||||
service: component
|
||||
image: balena/open-balena-registry:${OPENBALENA_REGISTRY_VERSION_TAG:-master}
|
||||
image: balena/open-balena-registry:${OPENBALENA_REGISTRY_VERSION_TAG}
|
||||
depends_on:
|
||||
- api
|
||||
- s3
|
||||
- redis
|
||||
volumes:
|
||||
@ -73,10 +73,15 @@ services:
|
||||
BALENA_ROOT_CA: ${OPENBALENA_ROOT_CA}
|
||||
BALENA_TOKEN_AUTH_ISSUER: api.${OPENBALENA_HOST_NAME}
|
||||
BALENA_TOKEN_AUTH_REALM: https://api.${OPENBALENA_HOST_NAME}/auth/v1/token
|
||||
COMMON_REGION:
|
||||
REGISTRY2_S3_BUCKET:
|
||||
REGISTRY2_S3_KEY:
|
||||
REGISTRY2_S3_SECRET:
|
||||
COMMON_REGION:
|
||||
REGISTRY2_CACHE_ENABLED: "false"
|
||||
REGISTRY2_CACHE_ADDR: 127.0.0.1:6379
|
||||
REGISTRY2_CACHE_DB: 0
|
||||
REGISTRY2_CACHE_MAXMEMORY_MB: 1024 # megabytes
|
||||
REGISTRY2_CACHE_MAXMEMORY_POLICY: allkeys-lru
|
||||
REGISTRY2_S3_BUCKET:
|
||||
REGISTRY2_S3_KEY:
|
||||
REGISTRY2_S3_SECRET:
|
||||
REGISTRY2_SECRETKEY: ${OPENBALENA_REGISTRY_SECRET_KEY}
|
||||
REGISTRY2_STORAGEPATH: /data
|
||||
|
||||
@ -84,7 +89,7 @@ services:
|
||||
extends:
|
||||
file: ./common.yml
|
||||
service: component
|
||||
image: balena/open-balena-vpn:${OPENBALENA_VPN_VERSION_TAG:-master}
|
||||
image: balena/open-balena-vpn:${OPENBALENA_VPN_VERSION_TAG}
|
||||
depends_on:
|
||||
- api
|
||||
cap_add:
|
||||
@ -94,10 +99,10 @@ services:
|
||||
BALENA_API_HOST: api.${OPENBALENA_HOST_NAME}
|
||||
BALENA_ROOT_CA: ${OPENBALENA_ROOT_CA}
|
||||
BALENA_VPN_PORT: 443
|
||||
PRODUCTION_MODE: '${OPENBALENA_PRODUCTION_MODE}'
|
||||
PRODUCTION_MODE: "${OPENBALENA_PRODUCTION_MODE}"
|
||||
RESIN_VPN_GATEWAY: 10.2.0.1
|
||||
SENTRY_DSN:
|
||||
VPN_HAPROXY_USEPROXYPROTOCOL: 'true'
|
||||
SENTRY_DSN: ""
|
||||
VPN_HAPROXY_USEPROXYPROTOCOL: "true"
|
||||
VPN_OPENVPN_CA_CRT: ${OPENBALENA_VPN_CA}
|
||||
VPN_OPENVPN_SERVER_CRT: ${OPENBALENA_VPN_SERVER_CRT}
|
||||
VPN_OPENVPN_SERVER_DH: ${OPENBALENA_VPN_SERVER_DH}
|
||||
@ -108,17 +113,20 @@ services:
|
||||
extends:
|
||||
file: ./common.yml
|
||||
service: system
|
||||
image: balena/open-balena-db:${OPENBALENA_DB_VERSION_TAG:-master}
|
||||
image: balena/open-balena-db:${OPENBALENA_DB_VERSION_TAG}
|
||||
volumes:
|
||||
- db:/var/lib/postgresql/data
|
||||
|
||||
s3:
|
||||
extends:
|
||||
file: ./common.yml
|
||||
service: system
|
||||
image: balena/open-balena-s3:${OPENBALENA_S3_VERSION_TAG:-master}
|
||||
service: component
|
||||
image: balena/open-balena-s3:${OPENBALENA_S3_VERSION_TAG}
|
||||
volumes:
|
||||
- s3:/export
|
||||
environment:
|
||||
S3_MINIO_ACCESS_KEY: abcdef1234
|
||||
S3_MINIO_SECRET_KEY: "1234567890"
|
||||
|
||||
redis:
|
||||
extends:
|
||||
@ -132,21 +140,23 @@ services:
|
||||
extends:
|
||||
file: ./common.yml
|
||||
service: system
|
||||
build: ../haproxy
|
||||
build: ../src/haproxy
|
||||
depends_on:
|
||||
- api
|
||||
- registry
|
||||
- vpn
|
||||
- cert-provider
|
||||
- db
|
||||
- s3
|
||||
- redis
|
||||
- registry
|
||||
- vpn
|
||||
ports:
|
||||
- "80:80"
|
||||
- "222:222"
|
||||
- "443:443"
|
||||
- "3128:3128"
|
||||
- "5432:5432"
|
||||
- "6379:6379"
|
||||
expose:
|
||||
- "222"
|
||||
- "5432"
|
||||
- "6379"
|
||||
networks:
|
||||
default:
|
||||
aliases:
|
||||
@ -161,3 +171,15 @@ services:
|
||||
BALENA_HAPROXY_KEY: ${OPENBALENA_ROOT_KEY}
|
||||
BALENA_ROOT_CA: ${OPENBALENA_ROOT_CA}
|
||||
HAPROXY_HOSTNAME: ${OPENBALENA_HOST_NAME}
|
||||
volumes:
|
||||
- certs:/certs:ro
|
||||
|
||||
cert-provider:
|
||||
build: ../src/cert-provider
|
||||
volumes:
|
||||
- certs:/certs
|
||||
- cert-provider:/usr/src/app/certs
|
||||
environment:
|
||||
ACTIVE: ${OPENBALENA_ACME_CERT_ENABLED}
|
||||
DOMAINS: "api.${OPENBALENA_HOST_NAME},registry.${OPENBALENA_HOST_NAME},s3.${OPENBALENA_HOST_NAME},vpn.${OPENBALENA_HOST_NAME}"
|
||||
OUTPUT_PEM: /certs/open-balena.pem
|
||||
|
||||
@ -7,4 +7,4 @@
|
||||
# `compose/services.yml` as the "base" config.
|
||||
#
|
||||
# You may view the effective config with `scripts/compose config`.
|
||||
version: '2.1'
|
||||
version: "2.0"
|
||||
|
||||
6
compose/versions
Normal file
6
compose/versions
Normal file
@ -0,0 +1,6 @@
|
||||
export OPENBALENA_API_VERSION_TAG=v0.19.5
|
||||
export OPENBALENA_DB_VERSION_TAG=v2.0.3
|
||||
export OPENBALENA_REGISTRY_VERSION_TAG=v2.11.1
|
||||
export OPENBALENA_S3_VERSION_TAG=v2.6.2
|
||||
export OPENBALENA_VPN_VERSION_TAG=v8.10.0
|
||||
export OPENBALENA_MDNS_PUBLISHER_VERSION_TAG=v1.6.2
|
||||
@ -1,6 +0,0 @@
|
||||
FROM haproxy:1.8-alpine
|
||||
|
||||
COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
|
||||
COPY entry.sh /open-balena-entry
|
||||
|
||||
CMD /open-balena-entry
|
||||
@ -1,11 +0,0 @@
|
||||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
HAPROXY_CHAIN=/etc/ssl/private/open-balena.pem
|
||||
mkdir -p "$(dirname "${HAPROXY_CHAIN}")"
|
||||
(
|
||||
echo "${BALENA_HAPROXY_CRT}" | base64 -d
|
||||
echo "${BALENA_HAPROXY_KEY}" | base64 -d
|
||||
echo "${BALENA_ROOT_CA}" | base64 -d
|
||||
) > "${HAPROXY_CHAIN}"
|
||||
exec haproxy -f /usr/local/etc/haproxy/haproxy.cfg
|
||||
15
repo.yml
15
repo.yml
@ -1,2 +1,15 @@
|
||||
type: 'generic'
|
||||
type: "generic"
|
||||
reviewers: 1
|
||||
upstream:
|
||||
- repo: open-balena-api
|
||||
url: https://github.com/balena-io/open-balena-api
|
||||
- repo: open-balena-vpn
|
||||
url: https://github.com/balena-io/open-balena-vpn
|
||||
- repo: open-balena-registry
|
||||
url: https://github.com/balena-io/open-balena-registry
|
||||
- repo: open-balena-db
|
||||
url: https://github.com/balena-io/open-balena-db
|
||||
- repo: open-balena-s3
|
||||
url: https://github.com/balena-io/open-balena-s3
|
||||
- repo: balena-mdns-publisher
|
||||
url: https://github.com/balena-io/balena-mdns-publisher
|
||||
|
||||
35
scripts/_realpath
Normal file
35
scripts/_realpath
Normal file
@ -0,0 +1,35 @@
|
||||
#!/bin/bash -e
|
||||
|
||||
echo_error() {
|
||||
local RED=`tput setaf 1`
|
||||
local RESET=`tput sgr0`
|
||||
echo "${RED}ERROR: ${1}${RESET}"
|
||||
}
|
||||
|
||||
REALPATH=
|
||||
REALPATHS=(
|
||||
'realpath'
|
||||
'grealpath'
|
||||
'greadlink -f'
|
||||
)
|
||||
for cmd in "${REALPATHS[@]}"; do
|
||||
if command -v "${cmd%% *}" &>/dev/null; then
|
||||
REALPATH="${cmd}"
|
||||
break
|
||||
fi
|
||||
done
|
||||
|
||||
if [ -z "${REALPATH}" ]; then
|
||||
echo_error 'Unable to find suitable command for realpath.'
|
||||
if [ $(uname) == 'Darwin' ]; then
|
||||
echo 'GNU coreutils are required to build openBalena on macOS. To install with brew, run'
|
||||
echo ''
|
||||
echo ' brew install coreutils'
|
||||
echo ''
|
||||
fi
|
||||
exit 1
|
||||
fi
|
||||
|
||||
realpath() {
|
||||
echo $(command ${REALPATH} "$@")
|
||||
}
|
||||
@ -1,5 +1,7 @@
|
||||
#!/bin/bash -e
|
||||
|
||||
source "${BASH_SOURCE%/*}/_realpath"
|
||||
|
||||
CMD="$(realpath "$0")"
|
||||
DIR="$(dirname "${CMD}")"
|
||||
BASE_DIR="$(dirname "${DIR}")"
|
||||
@ -9,6 +11,12 @@ echo_bold() {
|
||||
printf "\\033[1m%s\\033[0m\\n" "$@"
|
||||
}
|
||||
|
||||
VERSIONS_FILE="${BASE_DIR}/compose/versions"
|
||||
if [ ! -f "$VERSIONS_FILE" ]; then
|
||||
echo_bold "No service versions defined in ${VERSIONS_FILE}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
ENV_FILE="${CONFIG_DIR}/activate"
|
||||
if [ ! -f "$ENV_FILE" ]; then
|
||||
echo_bold 'No configuration found; please create one first with: ./scripts/quickstart'
|
||||
@ -16,9 +24,17 @@ if [ ! -f "$ENV_FILE" ]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
source "${ENV_FILE}"
|
||||
|
||||
# only include the MDNS publisher IF the domain is valid...
|
||||
if [ ${OPENBALENA_HOST_NAME: -6} == ".local" ]; then
|
||||
INCLUDE_MDNS="-f ${BASE_DIR}/compose/mdns.yml"
|
||||
fi
|
||||
|
||||
# shellcheck source=/dev/null
|
||||
source "${ENV_FILE}"; docker-compose \
|
||||
source "${VERSIONS_FILE}"; docker-compose \
|
||||
--project-name 'openbalena' \
|
||||
-f "${BASE_DIR}/compose/services.yml" \
|
||||
${INCLUDE_MDNS} \
|
||||
-f "${CONFIG_DIR}/docker-compose.yml" \
|
||||
"$@"
|
||||
|
||||
@ -18,6 +18,8 @@ echo_bold() {
|
||||
printf "\\033[1m%s\\033[0m\\n" "${@}"
|
||||
}
|
||||
|
||||
source "${BASH_SOURCE%/*}/_realpath"
|
||||
|
||||
CMD="$(realpath "$0")"
|
||||
DIR="$(dirname "${CMD}")"
|
||||
FIG="${DIR}/compose"
|
||||
|
||||
@ -22,12 +22,14 @@ OUT="$(realpath "${2:-.}")"
|
||||
# shellcheck source=scripts/ssl-common.sh
|
||||
source "${DIR}/ssl-common.sh"
|
||||
|
||||
# Create a secret key and CA file for the self-signed CA
|
||||
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" init-pki 2>/dev/null
|
||||
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" --days="${CA_EXPIRY_DAYS}" --req-cn="ca.${CN}" build-ca nopass 2>/dev/null
|
||||
ROOT_CA="${ROOT_PKI}/ca.crt"
|
||||
echo "ROOT_CA=${ROOT_CA//$OUT/\$OUT}"
|
||||
|
||||
# update indexes and generate CRLs
|
||||
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" update-db 2>/dev/null
|
||||
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" gen-crl 2>/dev/null
|
||||
if [ ! -f $ROOT_CA ]; then
|
||||
# Create a secret key and CA file for the self-signed CA
|
||||
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" init-pki 2>/dev/null
|
||||
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" --days="${CA_EXPIRY_DAYS}" --req-cn="ca.${CN}" build-ca nopass 2>/dev/null
|
||||
|
||||
# update indexes and generate CRLs
|
||||
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" update-db 2>/dev/null
|
||||
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" gen-crl 2>/dev/null
|
||||
fi
|
||||
@ -22,13 +22,15 @@ OUT="$(realpath "${2:-.}")"
|
||||
# shellcheck source=scripts/ssl-common.sh
|
||||
source "${DIR}/ssl-common.sh"
|
||||
|
||||
# generate default CSR and sign (root + wildcard)
|
||||
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" --days="${CRT_EXPIRY_DAYS}" --subject-alt-name="DNS:*.${CN}" build-server-full "*.${CN}" nopass 2>/dev/null
|
||||
ROOT_CRT="${ROOT_PKI}"'/issued/*.'"${CN}"'.crt'
|
||||
ROOT_KEY="${ROOT_PKI}"'/private/*.'"${CN}"'.key'
|
||||
echo "ROOT_CRT=${ROOT_CRT//$OUT/\$OUT}"
|
||||
echo "ROOT_KEY=${ROOT_KEY//$OUT/\$OUT}"
|
||||
|
||||
# update indexes and generate CRLs
|
||||
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" update-db 2>/dev/null
|
||||
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" gen-crl 2>/dev/null
|
||||
if [ ! -f $ROOT_CRT ] || [ ! -f $ROOT_KEY ]; then
|
||||
rm -f $ROOT_CRT $ROOT_KEY
|
||||
# generate default CSR and sign (root + wildcard)
|
||||
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" --days="${CRT_EXPIRY_DAYS}" --subject-alt-name="DNS:*.${CN}" build-server-full "*.${CN}" nopass 2>/dev/null
|
||||
|
||||
# update indexes and generate CRLs
|
||||
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" update-db 2>/dev/null
|
||||
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" gen-crl 2>/dev/null
|
||||
fi;
|
||||
|
||||
@ -42,13 +42,12 @@ JWT_CRT="${CERT_FILE}.crt"
|
||||
JWT_KEY="${CERT_FILE}.pem"
|
||||
JWT_KID="${CERT_FILE}.kid"
|
||||
|
||||
mkdir -p "${CERT_DIR}"
|
||||
openssl ecparam -name prime256v1 -genkey -noout -out "${JWT_KEY}" 2>/dev/null
|
||||
openssl req -x509 -new -nodes -days "${CRT_EXPIRY_DAYS}" -key "${JWT_KEY}" -subj "/CN=api.${CN}" -out "${JWT_CRT}" 2>/dev/null
|
||||
openssl ec -in "${JWT_KEY}" -pubout -outform DER -out "${CERT_FILE}.der" 2>/dev/null
|
||||
keyid "${CERT_FILE}.der" >"${JWT_KID}"
|
||||
rm "${CERT_FILE}.der"
|
||||
|
||||
echo "JWT_CRT=${JWT_CRT//$OUT/\$OUT}"
|
||||
echo "JWT_KEY=${JWT_KEY//$OUT/\$OUT}"
|
||||
echo "JWT_KID=${JWT_KID//$OUT/\$OUT}"
|
||||
if [ ! -f $JWT_CRT ] || [ ! -f $JWT_KEY ] || [ ! -f $JWT_KID ]; then
|
||||
rm -f $JWT_CRT $JWT_KEY $JWT_KID
|
||||
mkdir -p "${CERT_DIR}"
|
||||
openssl ecparam -name prime256v1 -genkey -noout -out "${JWT_KEY}" 2>/dev/null
|
||||
openssl req -x509 -new -nodes -days "${CRT_EXPIRY_DAYS}" -key "${JWT_KEY}" -subj "/CN=api.${CN}" -out "${JWT_CRT}" 2>/dev/null
|
||||
openssl ec -in "${JWT_KEY}" -pubout -outform DER -out "${CERT_FILE}.der" 2>/dev/null
|
||||
keyid "${CERT_FILE}.der" >"${JWT_KID}"
|
||||
rm "${CERT_FILE}.der"
|
||||
fi
|
||||
|
||||
@ -21,33 +21,28 @@ OUT="$(realpath "${2:-.}")"
|
||||
|
||||
# shellcheck source=scripts/ssl-common.sh
|
||||
source "${DIR}/ssl-common.sh"
|
||||
|
||||
VPN_PKI="$(realpath "${OUT}/vpn")"
|
||||
|
||||
# generate VPN sub-CA
|
||||
"$easyrsa_bin" --pki-dir="${VPN_PKI}" init-pki 2>/dev/null
|
||||
"$easyrsa_bin" --pki-dir="${VPN_PKI}" --days="${CA_EXPIRY_DAYS}" --req-cn="vpn-ca.${CN}" build-ca nopass subca 2>/dev/null
|
||||
|
||||
# import sub-CA CSR into root PKI, sign, and copy back to vpn PKI
|
||||
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" import-req "${VPN_PKI}/reqs/ca.req" "vpn-ca" 2>/dev/null
|
||||
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" sign-req ca "vpn-ca" 2>/dev/null
|
||||
cp "${ROOT_PKI}/issued/vpn-ca.crt" "${VPN_PKI}/ca.crt"
|
||||
VPN_CA="${VPN_PKI}/ca.crt"
|
||||
echo "VPN_CA=${VPN_CA//$OUT/\$OUT}"
|
||||
|
||||
# generate and sign vpn server certificate
|
||||
"$easyrsa_bin" --pki-dir="${VPN_PKI}" --days="${CRT_EXPIRY_DAYS}" build-server-full "vpn.${CN}" nopass 2>/dev/null
|
||||
VPN_CRT="${VPN_PKI}/issued/vpn.${CN}.crt"
|
||||
VPN_KEY="${VPN_PKI}/private/vpn.${CN}.key"
|
||||
echo "VPN_CRT=${VPN_CRT//$OUT/\$OUT}"
|
||||
echo "VPN_KEY=${VPN_KEY//$OUT/\$OUT}"
|
||||
|
||||
# generate vpn dhparams (keysize of 2048 will do, 4096 can wind up taking hours to generate)
|
||||
"$easyrsa_bin" --pki-dir="${VPN_PKI}" --keysize=2048 gen-dh 2>/dev/null
|
||||
VPN_DH="${VPN_PKI}/dh.pem"
|
||||
echo "VPN_DH=${VPN_DH//$OUT/\$OUT}"
|
||||
|
||||
# update indexes and generate CRLs
|
||||
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" update-db 2>/dev/null
|
||||
"$easyrsa_bin" --pki-dir="${VPN_PKI}" update-db 2>/dev/null
|
||||
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" gen-crl 2>/dev/null
|
||||
"$easyrsa_bin" --pki-dir="${VPN_PKI}" gen-crl 2>/dev/null
|
||||
if [ ! -f $VPN_CA ] || [ ! -f $VPN_CRT ] || [ ! -f $VPN_KEY ] || [ ! -f $VPN_DH ]; then
|
||||
|
||||
rm -f $VPN_CA $VPN_CRT $VPN_DH $VPN_KEY
|
||||
|
||||
# generate VPN CA
|
||||
"$easyrsa_bin" --pki-dir="${VPN_PKI}" init-pki &>/dev/null
|
||||
"$easyrsa_bin" --pki-dir="${VPN_PKI}" --days="${CA_EXPIRY_DAYS}" --req-cn="vpn-ca.${CN}" build-ca nopass 2>/dev/null
|
||||
|
||||
# generate and sign vpn server certificate
|
||||
"$easyrsa_bin" --pki-dir="${VPN_PKI}" --days="${CRT_EXPIRY_DAYS}" build-server-full "vpn.${CN}" nopass 2>/dev/null
|
||||
|
||||
# generate vpn dhparams (keysize of 2048 will do, 4096 can wind up taking hours to generate)
|
||||
"$easyrsa_bin" --pki-dir="${VPN_PKI}" --keysize=2048 gen-dh 2>/dev/null
|
||||
|
||||
# update indexes and generate CRLs
|
||||
"$easyrsa_bin" --pki-dir="${VPN_PKI}" update-db 2>/dev/null
|
||||
"$easyrsa_bin" --pki-dir="${VPN_PKI}" gen-crl 2>/dev/null
|
||||
fi
|
||||
@ -12,10 +12,12 @@ usage() {
|
||||
echo " JWT_CRT Path to Token Auth certificate"
|
||||
echo " JWT_KEY Path to Token Auth private key"
|
||||
echo " JWT_KID Path to KeyID for the Token Auth certificate"
|
||||
echo " VPN_CA Path to the VPN sub-CA certificate"
|
||||
echo " VPN_CA Path to the VPN CA certificate"
|
||||
echo " VPN_CRT Path to the VPN server certificate"
|
||||
echo " VPN_KEY Path to the VPN server private key"
|
||||
echo " VPN_DH Path to the VPN server Diffie Hellman parameters"
|
||||
echo " SUPERUSER_EMAIL Email address of the superuser"
|
||||
echo " SUPERUSER_PASSWORD Password of the superuser"
|
||||
echo
|
||||
}
|
||||
|
||||
@ -31,36 +33,12 @@ randstr() {
|
||||
}
|
||||
|
||||
b64encode() {
|
||||
cat "$@" | base64 --wrap=0 2>/dev/null || cat "$@" | base64 --break=0
|
||||
echo "$@" | base64 --wrap=0 2>/dev/null || echo "$@" | base64 --break=0 2>/dev/null
|
||||
}
|
||||
|
||||
VPN_CONFIG=$(b64encode <<STR
|
||||
client
|
||||
remote vpn.$DOMAIN 443
|
||||
resolv-retry infinite
|
||||
|
||||
remote-cert-tls server
|
||||
ca /etc/openvpn/ca.crt
|
||||
auth-user-pass /var/volatile/vpn-auth
|
||||
auth-retry none
|
||||
script-security 2
|
||||
up /etc/openvpn-misc/upscript.sh
|
||||
up-restart
|
||||
down /etc/openvpn-misc/downscript.sh
|
||||
|
||||
comp-lzo
|
||||
dev resin-vpn
|
||||
dev-type tun
|
||||
proto tcp
|
||||
nobind
|
||||
|
||||
persist-key
|
||||
persist-tun
|
||||
verb 3
|
||||
user openvpn
|
||||
group openvpn
|
||||
STR
|
||||
)
|
||||
b64file() {
|
||||
b64encode "$(cat "$@")"
|
||||
}
|
||||
|
||||
cat <<STR
|
||||
export OPENBALENA_PRODUCTION_MODE=false
|
||||
@ -68,24 +46,23 @@ export OPENBALENA_COOKIE_SESSION_SECRET=$(randstr 32)
|
||||
export OPENBALENA_HOST_NAME=$DOMAIN
|
||||
export OPENBALENA_JWT_SECRET=$(randstr 32)
|
||||
export OPENBALENA_RESINOS_REGISTRY_CODE=$(randstr 32)
|
||||
export OPENBALENA_ROOT_CA=$(b64encode "$ROOT_CA")
|
||||
export OPENBALENA_ROOT_CRT=$(b64encode "${ROOT_CRT}")
|
||||
export OPENBALENA_ROOT_KEY=$(b64encode "${ROOT_KEY}")
|
||||
export OPENBALENA_ROOT_CA=$(b64file "${ROOT_CA}")
|
||||
export OPENBALENA_ROOT_CRT=$(b64file "${ROOT_CRT}")
|
||||
export OPENBALENA_ROOT_KEY=$(b64file "${ROOT_KEY}")
|
||||
export OPENBALENA_TOKEN_AUTH_BUILDER_TOKEN=$(randstr 64)
|
||||
export OPENBALENA_TOKEN_AUTH_PUB=$(b64encode "$JWT_CRT")
|
||||
export OPENBALENA_TOKEN_AUTH_KEY=$(b64encode "$JWT_KEY")
|
||||
export OPENBALENA_TOKEN_AUTH_KID=$(b64encode "$JWT_KID")
|
||||
export OPENBALENA_VPN_CA=$(b64encode "$VPN_CA")
|
||||
export OPENBALENA_VPN_CA_CHAIN=$(b64encode "$ROOT_CA" "$VPN_CA")
|
||||
export OPENBALENA_VPN_CONFIG=$VPN_CONFIG
|
||||
export OPENBALENA_VPN_SERVER_CRT=$(b64encode "$VPN_CRT")
|
||||
export OPENBALENA_VPN_SERVER_KEY=$(b64encode "$VPN_KEY")
|
||||
export OPENBALENA_VPN_SERVER_DH=$(b64encode "$VPN_DH")
|
||||
export OPENBALENA_TOKEN_AUTH_PUB=$(b64file "$JWT_CRT")
|
||||
export OPENBALENA_TOKEN_AUTH_KEY=$(b64file "$JWT_KEY")
|
||||
export OPENBALENA_TOKEN_AUTH_KID=$(b64file "$JWT_KID")
|
||||
export OPENBALENA_VPN_CA=$(b64file "$VPN_CA")
|
||||
export OPENBALENA_VPN_CA_CHAIN=$(b64file "$VPN_CA")
|
||||
export OPENBALENA_VPN_SERVER_CRT=$(b64file "$VPN_CRT")
|
||||
export OPENBALENA_VPN_SERVER_KEY=$(b64file "$VPN_KEY")
|
||||
export OPENBALENA_VPN_SERVER_DH=$(b64file "$VPN_DH")
|
||||
export OPENBALENA_VPN_SERVICE_API_KEY=$(randstr 32)
|
||||
export OPENBALENA_API_VPN_SERVICE_API_KEY=$(randstr 32)
|
||||
export OPENBALENA_REGISTRY_SECRET_KEY=$(randstr 32)
|
||||
export OPENBALENA_SSH_AUTHORIZED_KEYS=
|
||||
export NODE_EXTRA_CA_CERTS="$ROOT_CA"
|
||||
export OPENBALENA_SUPERUSER_EMAIL=$SUPERUSER_EMAIL
|
||||
export OPENBALENA_SUPERUSER_PASSWORD=$SUPERUSER_PASSWORD
|
||||
export OPENBALENA_SUPERUSER_PASSWORD=$(printf "%q" "${SUPERUSER_PASSWORD}")
|
||||
export OPENBALENA_ACME_CERT_ENABLED=${ACME_CERT_ENABLED:-false}
|
||||
STR
|
||||
|
||||
@ -1,5 +1,36 @@
|
||||
#!/bin/bash -e
|
||||
|
||||
BLACK=`tput setaf 0`
|
||||
RED=`tput setaf 1`
|
||||
GREEN=`tput setaf 2`
|
||||
YELLOW=`tput setaf 3`
|
||||
BLUE=`tput setaf 4`
|
||||
MAGENTA=`tput setaf 5`
|
||||
CYAN=`tput setaf 6`
|
||||
WHITE=`tput setaf 7`
|
||||
|
||||
BOLD=`tput bold`
|
||||
RESET=`tput sgr0`
|
||||
|
||||
# for macos machines, we need proper OpenSSL...
|
||||
OPENSSL_VERSION=$(openssl version -v)
|
||||
if [[ "${OPENSSL_VERSION}" =~ ^LibreSSL.*$ ]]; then
|
||||
echo -e "${RED}ERROR: You may not have a compatible OpenSSL version (${OPENSSL_VERSION}). Please install OpenSSL version 1.0.2q or above.${RESET}"
|
||||
if [ $(uname) == 'Darwin' ]; then
|
||||
echo 'OpenSSL is required to build openBalena on macOS. To install with brew, run'
|
||||
echo ''
|
||||
echo ' brew install openssl'
|
||||
echo ''
|
||||
fi
|
||||
exit 1
|
||||
fi
|
||||
|
||||
source "${BASH_SOURCE%/*}/_realpath"
|
||||
|
||||
domainResolves() {
|
||||
getent hosts "$1" > /dev/null 2>&1
|
||||
}
|
||||
|
||||
CMD="$(realpath "$0")"
|
||||
DIR="$(dirname "${CMD}")"
|
||||
BASE_DIR="$(dirname "${DIR}")"
|
||||
@ -9,8 +40,9 @@ CERTS_DIR="${CONFIG_DIR}/certs"
|
||||
DOMAIN=openbalena.local
|
||||
|
||||
usage() {
|
||||
echo "usage: $0 [-h] [-p] [-d DOMAIN] -U EMAIL -P PASSWORD"
|
||||
echo "usage: $0 [-c] [-h] [-p] [-d DOMAIN] -U EMAIL -P PASSWORD"
|
||||
echo
|
||||
echo " -c enable the ACME certificate service in staging or production mode."
|
||||
echo " -p patch hosts - patch the host /etc/hosts file"
|
||||
echo " -d DOMAIN the domain name this deployment will run as, eg. example.com. Default is 'openbalena.local'"
|
||||
echo " -U EMAIL the email address of the superuser account, used to login to your install from the Balena CLI"
|
||||
@ -20,13 +52,15 @@ usage() {
|
||||
|
||||
show_help=false
|
||||
patch_hosts=false
|
||||
while getopts ":hpd:U:P:" opt; do
|
||||
while getopts ":chpxd:U:P:" opt; do
|
||||
case "${opt}" in
|
||||
h) show_help=true;;
|
||||
p) patch_hosts=true;;
|
||||
x) set -x;;
|
||||
d) DOMAIN="${OPTARG}";;
|
||||
U) SUPERUSER_EMAIL="${OPTARG}";;
|
||||
P) SUPERUSER_PASSWORD="${OPTARG}";;
|
||||
c) ACME_CERT_ENABLED="true";;
|
||||
*)
|
||||
echo "Invalid argument: -${OPTARG}"
|
||||
usage
|
||||
@ -46,18 +80,25 @@ if [ "$show_help" = "true" ]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo_bold() {
|
||||
printf "\\033[1m%s\\033[0m\\n" "${@}"
|
||||
}
|
||||
|
||||
if [ -d "$CONFIG_DIR" ]; then
|
||||
echo 'Configuration directory already exists; please remove it first.'
|
||||
exit 1
|
||||
if [ ! -z "$ACME_CERT_ENABLED" ]; then
|
||||
echo "${BLUE}[INFO]${RESET} ACME Certificate request is ${BOLD}ENABLED${RESET}."
|
||||
|
||||
if ! domainResolves "api.${DOMAIN}"; then
|
||||
echo "${YELLOW}[WARN]${RESET} Unable to resolve \"api.${DOMAIN}\"!"
|
||||
echo "${YELLOW}[WARN]${RESET} This might mean that you cannot use an ACME issued certificate."
|
||||
fi
|
||||
fi
|
||||
|
||||
echo_bold() {
|
||||
echo "${BOLD}${@}${RESET}"
|
||||
}
|
||||
|
||||
echo_bold "==> Creating new configuration at: $CONFIG_DIR"
|
||||
mkdir -p "$CONFIG_DIR" "$CERTS_DIR"
|
||||
|
||||
echo_bold "==> Bootstrapping easy-rsa..."
|
||||
source "${DIR}/ssl-common.sh"
|
||||
|
||||
echo_bold "==> Generating root CA cert..."
|
||||
# shellcheck source=scripts/gen-root-ca
|
||||
source "${DIR}/gen-root-ca" "${DOMAIN}" "${CERTS_DIR}"
|
||||
@ -90,5 +131,25 @@ fi
|
||||
echo_bold "==> Success!"
|
||||
echo ' - Start the instance with: ./scripts/compose up -d'
|
||||
echo ' - Stop the instance with: ./scripts/compose stop'
|
||||
echo ' - To create the superuser, see: ./scripts/create-superuser -h'
|
||||
echo " - Use the following certificate with Balena CLI: ${CERTS_DIR}/root/ca.crt"
|
||||
echo ' - To create a single, flat, docker-compose.yml file, run:'
|
||||
echo ''
|
||||
echo ' ./scripts/compose config > docker-compose.yml'
|
||||
echo ''
|
||||
|
||||
if [ -z "${ACME_CERT_ENABLED}" ]; then
|
||||
echo " - Use the following certificate with Balena CLI: ${CERTS_DIR}/root/ca.crt"
|
||||
|
||||
case $(uname) in
|
||||
Darwin)
|
||||
echo ''
|
||||
printf ' On macOS:\n\n'
|
||||
printf ' sudo security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" "%s/root/ca.crt"\n' "${CERTS_DIR}"
|
||||
echo ''
|
||||
;;
|
||||
*)
|
||||
;;
|
||||
esac
|
||||
|
||||
echo -e " ${YELLOW}IMPORTANT:${RESET} You will need to restart your Docker daemon after trusting this certificate to allow your workstation to push images to the registry."
|
||||
echo ''
|
||||
fi
|
||||
|
||||
@ -7,6 +7,7 @@ if [ -z "${easyrsa_bin-}" ] || [ ! -x "${easyrsa_bin}" ]; then
|
||||
if [ -z "${easyrsa_bin}" ]; then
|
||||
easyrsa_dir="$(mktemp -dt easyrsa.XXXXXXXX)"
|
||||
easyrsa_url="https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.5/EasyRSA-nix-3.0.5.tgz"
|
||||
echo " - Downloading easy-rsa..."
|
||||
(cd "${easyrsa_dir}"; curl -sL "${easyrsa_url}" | tar xz --strip-components=1)
|
||||
easyrsa_bin="${easyrsa_dir}/easyrsa"
|
||||
# shellcheck disable=SC2064
|
||||
|
||||
20
src/cert-provider/Dockerfile
Normal file
20
src/cert-provider/Dockerfile
Normal file
@ -0,0 +1,20 @@
|
||||
FROM alpine
|
||||
|
||||
EXPOSE 80
|
||||
WORKDIR /usr/src/app
|
||||
VOLUME [ "/usr/src/app/certs" ]
|
||||
|
||||
RUN apk add --update bash curl git openssl ncurses socat
|
||||
|
||||
RUN git clone https://github.com/Neilpang/acme.sh.git && \
|
||||
cd acme.sh && \
|
||||
git checkout 08357e3cb0d80c84bdaf3e42ce0e439665387f57 . && \
|
||||
./acme.sh --install \
|
||||
--cert-home /usr/src/app/certs
|
||||
|
||||
COPY entry.sh /entry.sh
|
||||
COPY cert-provider.sh ./cert-provider.sh
|
||||
COPY fake-le-bundle.pem ./
|
||||
|
||||
ENTRYPOINT [ "/entry.sh" ]
|
||||
CMD [ "/usr/src/app/cert-provider.sh" ]
|
||||
181
src/cert-provider/cert-provider.sh
Executable file
181
src/cert-provider/cert-provider.sh
Executable file
@ -0,0 +1,181 @@
|
||||
#!/bin/bash
|
||||
|
||||
# the acme.sh client script, installed via Git in the Dockerfile...
|
||||
ACME_BIN="$(realpath ~/.acme.sh/acme.sh)"
|
||||
|
||||
# the path to a bundle of certs to verify a LetsEncrypt staging certificate until Apr 2036...
|
||||
ACME_STAGING_CA="/usr/src/app/fake-le-bundle.pem"
|
||||
|
||||
# the path to a file which stores the last successful mode of certificate we acquired...
|
||||
ACME_MODE_FILE="/usr/src/app/certs/last_run_mode"
|
||||
|
||||
# colour output helpers...
|
||||
reset=$(tput -T xterm sgr0)
|
||||
red=$(tput -T xterm setaf 1)
|
||||
green=$(tput -T xterm setaf 2)
|
||||
yellow=$(tput -T xterm setaf 3)
|
||||
blue=$(tput -T xterm setaf 4)
|
||||
|
||||
logError() {
|
||||
echo "${red}[Error]${reset} $1"
|
||||
}
|
||||
|
||||
logWarn() {
|
||||
echo "${yellow}[Warn]${reset} $1"
|
||||
}
|
||||
|
||||
logInfo() {
|
||||
echo "${blue}[Info]${reset} $1"
|
||||
}
|
||||
|
||||
logSuccess() {
|
||||
echo "${green}[Success]${reset} $1"
|
||||
}
|
||||
|
||||
logErrorAndStop() {
|
||||
logError "$1 [Stopping]"
|
||||
while true; do
|
||||
# do nothing forever...
|
||||
sleep 60
|
||||
done
|
||||
}
|
||||
|
||||
retryWithDelay() {
|
||||
RETRIES=${2:-3}
|
||||
DELAY=${3:-5}
|
||||
|
||||
local ATTEMPT=0
|
||||
while [ $RETRIES -gt $ATTEMPT ]; do
|
||||
let "ATTEMPT++"
|
||||
if $1; then
|
||||
return $?
|
||||
fi
|
||||
|
||||
echo "($ATTEMPT/$RETRIES) Retrying in ${DELAY} seconds..."
|
||||
sleep $DELAY
|
||||
done
|
||||
|
||||
return 1
|
||||
}
|
||||
|
||||
waitForOnline() {
|
||||
ADDRESS="${1,,}"
|
||||
|
||||
logInfo "Waiting for ${ADDRESS} to be available via HTTP..."
|
||||
retryWithDelay "curl --output /dev/null --silent --head --fail http://${ADDRESS}" 6 5
|
||||
}
|
||||
|
||||
isUsingStagingCert() {
|
||||
HOST="${1,,}"
|
||||
echo "" | openssl s_client -host "$HOST" -port 443 -showcerts 2>/dev/null | awk '/BEGIN CERT/ {p=1} ; p==1; /END CERT/ {p=0}' | openssl verify -CAfile "$ACME_STAGING_CA" > /dev/null 2>&1
|
||||
}
|
||||
|
||||
pre-flight() {
|
||||
case "$ACTIVE" in
|
||||
"true"|"yes")
|
||||
;;
|
||||
*)
|
||||
logError "ACTIVE variable is not enabled. Value should be \"true\" or \"yes\" to continue."
|
||||
return 1
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ -z "$DOMAINS" ]; then
|
||||
logError "DOMAINS must be set. Value should be a comma-delimited string of domains."
|
||||
return 1
|
||||
else
|
||||
IFS=, read -r -a ACME_DOMAINS <<< "$DOMAINS"
|
||||
IFS=' ' read -r -a ACME_DOMAIN_ARGS <<< "${ACME_DOMAINS[@]/#/-d }"
|
||||
fi
|
||||
|
||||
if [ -z "$VALIDATION" ]; then
|
||||
logInfo "VALIDATION not set. Using default: http-01"
|
||||
VALIDATION="http-01"
|
||||
else
|
||||
case "$VALIDATION" in
|
||||
"http-01")
|
||||
logInfo "Using validation method: $VALIDATION"
|
||||
;;
|
||||
*)
|
||||
logError "VALIDATION is invalid. Use a valid value: http-01"
|
||||
return 1
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
|
||||
if [ -z "$OUTPUT_PEM" ]; then
|
||||
logError "OUTPUT_PEM must be set. Value should be the path to install your certificate to."
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
waitToSeeStagingCert() {
|
||||
logInfo "Waiting for ${ACME_DOMAINS[0]} to use a staging certificate..."
|
||||
retryWithDelay "isUsingStagingCert ${ACME_DOMAINS[0]}" 3 5
|
||||
}
|
||||
|
||||
lastAcquiredCertFor() {
|
||||
ACME_MODE="${1:-none}"
|
||||
ACME_LAST_MODE="$(cat $ACME_MODE_FILE || echo '')"
|
||||
logInfo "Last acquired certificate for ${ACME_LAST_MODE^^}"
|
||||
[ "${ACME_LAST_MODE,,}" == "${ACME_MODE,,}" ]
|
||||
}
|
||||
|
||||
acquireCertificate() {
|
||||
ACME_MODE="${1:-staging}"
|
||||
ACME_FORCE="${2:-false}"
|
||||
ACME_OPTS=()
|
||||
|
||||
if [ "${ACME_FORCE,,}" == "true" ];then ACME_OPTS+=("--force"); fi
|
||||
case "$ACME_MODE" in
|
||||
"production")
|
||||
logInfo "Using PRODUCTION mode"
|
||||
;;
|
||||
*)
|
||||
logInfo "Using STAGING mode"
|
||||
ACME_OPTS+=("--staging")
|
||||
;;
|
||||
esac
|
||||
|
||||
case "$VALIDATION" in
|
||||
"http-01")
|
||||
ACME_OPTS+=("--standalone")
|
||||
;;
|
||||
*)
|
||||
logError "VALIDATION is invalid. Use a valid value: http-01"
|
||||
return 1
|
||||
;;
|
||||
esac
|
||||
|
||||
if ! waitForOnline "${ACME_DOMAINS[0]}"; then
|
||||
logError "Unable to access site over HTTP"
|
||||
return 1
|
||||
fi
|
||||
|
||||
logInfo "Issuing certificates..."
|
||||
"$ACME_BIN" --issue "${ACME_OPTS[@]}" "${ACME_DOMAIN_ARGS[@]}"
|
||||
|
||||
logInfo "Installing certificates..." && \
|
||||
"$ACME_BIN" --install-cert "${ACME_DOMAIN_ARGS[@]}" \
|
||||
--cert-file /tmp/cert.pem \
|
||||
--key-file /tmp/key.pem \
|
||||
--fullchain-file /tmp/fullchain.pem \
|
||||
--reloadcmd "cat /tmp/fullchain.pem /tmp/key.pem > $OUTPUT_PEM" && \
|
||||
|
||||
echo "${ACME_MODE}" > "${ACME_MODE_FILE}"
|
||||
}
|
||||
|
||||
pre-flight || logErrorAndStop "Unable to continue due to misconfiguration. See errors above."
|
||||
|
||||
waitForOnline "${ACME_DOMAINS[0]}" || logErrorAndStop "Unable to access ${ACME_DOMAINS[0]} on port 80. This is needed for certificate validation."
|
||||
|
||||
if ! lastAcquiredCertFor "production"; then
|
||||
acquireCertificate "staging" || logErrorAndStop "Unable to acquire a staging certificate."
|
||||
waitToSeeStagingCert || logErrorAndStop "Unable to detect certificate change over. Cannot issue a production certificate."
|
||||
acquireCertificate "production" "true" || logErrorAndStop "Unable to acquire a production certificate."
|
||||
fi
|
||||
|
||||
logSuccess "Done!"
|
||||
|
||||
logInfo "Running cron..."
|
||||
crond -f -d 7
|
||||
3
src/cert-provider/entry.sh
Executable file
3
src/cert-provider/entry.sh
Executable file
@ -0,0 +1,3 @@
|
||||
#!/bin/bash
|
||||
|
||||
exec "$@"
|
||||
56
src/cert-provider/fake-le-bundle.pem
Normal file
56
src/cert-provider/fake-le-bundle.pem
Normal file
@ -0,0 +1,56 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFATCCAumgAwIBAgIRAKc9ZKBASymy5TLOEp57N98wDQYJKoZIhvcNAQELBQAw
|
||||
GjEYMBYGA1UEAwwPRmFrZSBMRSBSb290IFgxMB4XDTE2MDMyMzIyNTM0NloXDTM2
|
||||
MDMyMzIyNTM0NlowGjEYMBYGA1UEAwwPRmFrZSBMRSBSb290IFgxMIICIjANBgkq
|
||||
hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA+pYHvQw5iU3v2b3iNuYNKYgsWD6KU7aJ
|
||||
diddtZQxSWYzUI3U0I1UsRPTxnhTifs/M9NW4ZlV13ZfB7APwC8oqKOIiwo7IwlP
|
||||
xg0VKgyz+kT8RJfYr66PPIYP0fpTeu42LpMJ+CKo9sbpgVNDZN2z/qiXrRNX/VtG
|
||||
TkPV7a44fZ5bHHVruAxvDnylpQxJobtCBWlJSsbIRGFHMc2z88eUz9NmIOWUKGGj
|
||||
EmP76x8OfRHpIpuxRSCjn0+i9+hR2siIOpcMOGd+40uVJxbRRP5ZXnUFa2fF5FWd
|
||||
O0u0RPI8HON0ovhrwPJY+4eWKkQzyC611oLPYGQ4EbifRsTsCxUZqyUuStGyp8oa
|
||||
aoSKfF6X0+KzGgwwnrjRTUpIl19A92KR0Noo6h622OX+4sZiO/JQdkuX5w/HupK0
|
||||
A0M0WSMCvU6GOhjGotmh2VTEJwHHY4+TUk0iQYRtv1crONklyZoAQPD76hCrC8Cr
|
||||
IbgsZLfTMC8TWUoMbyUDgvgYkHKMoPm0VGVVuwpRKJxv7+2wXO+pivrrUl2Q9fPe
|
||||
Kk055nJLMV9yPUdig8othUKrRfSxli946AEV1eEOhxddfEwBE3Lt2xn0hhiIedbb
|
||||
Ftf/5kEWFZkXyUmMJK8Ra76Kus2ABueUVEcZ48hrRr1Hf1N9n59VbTUaXgeiZA50
|
||||
qXf2bymE6F8CAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB
|
||||
Af8wHQYDVR0OBBYEFMEmdKSKRKDm+iAo2FwjmkWIGHngMA0GCSqGSIb3DQEBCwUA
|
||||
A4ICAQBCPw74M9X/Xx04K1VAES3ypgQYH5bf9FXVDrwhRFSVckria/7dMzoF5wln
|
||||
uq9NGsjkkkDg17AohcQdr8alH4LvPdxpKr3BjpvEcmbqF8xH+MbbeUEnmbSfLI8H
|
||||
sefuhXF9AF/9iYvpVNC8FmJ0OhiVv13VgMQw0CRKkbtjZBf8xaEhq/YqxWVsgOjm
|
||||
dm5CAQ2X0aX7502x8wYRgMnZhA5goC1zVWBVAi8yhhmlhhoDUfg17cXkmaJC5pDd
|
||||
oenZ9NVhW8eDb03MFCrWNvIh89DDeCGWuWfDltDq0n3owyL0IeSn7RfpSclpxVmV
|
||||
/53jkYjwIgxIG7Gsv0LKMbsf6QdBcTjhvfZyMIpBRkTe3zuHd2feKzY9lEkbRvRQ
|
||||
zbh4Ps5YBnG6CKJPTbe2hfi3nhnw/MyEmF3zb0hzvLWNrR9XW3ibb2oL3424XOwc
|
||||
VjrTSCLzO9Rv6s5wi03qoWvKAQQAElqTYRHhynJ3w6wuvKYF5zcZF3MDnrVGLbh1
|
||||
Q9ePRFBCiXOQ6wPLoUhrrbZ8LpFUFYDXHMtYM7P9sc9IAWoONXREJaO08zgFtMp4
|
||||
8iyIYUyQAbsvx8oD2M8kRvrIRSrRJSl6L957b4AFiLIQ/GgV2curs0jje7Edx34c
|
||||
idWw1VrejtwclobqNMVtG3EiPUIpJGpbMcJgbiLSmKkrvQtGng==
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEqzCCApOgAwIBAgIRAIvhKg5ZRO08VGQx8JdhT+UwDQYJKoZIhvcNAQELBQAw
|
||||
GjEYMBYGA1UEAwwPRmFrZSBMRSBSb290IFgxMB4XDTE2MDUyMzIyMDc1OVoXDTM2
|
||||
MDUyMzIyMDc1OVowIjEgMB4GA1UEAwwXRmFrZSBMRSBJbnRlcm1lZGlhdGUgWDEw
|
||||
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtWKySDn7rWZc5ggjz3ZB0
|
||||
8jO4xti3uzINfD5sQ7Lj7hzetUT+wQob+iXSZkhnvx+IvdbXF5/yt8aWPpUKnPym
|
||||
oLxsYiI5gQBLxNDzIec0OIaflWqAr29m7J8+NNtApEN8nZFnf3bhehZW7AxmS1m0
|
||||
ZnSsdHw0Fw+bgixPg2MQ9k9oefFeqa+7Kqdlz5bbrUYV2volxhDFtnI4Mh8BiWCN
|
||||
xDH1Hizq+GKCcHsinDZWurCqder/afJBnQs+SBSL6MVApHt+d35zjBD92fO2Je56
|
||||
dhMfzCgOKXeJ340WhW3TjD1zqLZXeaCyUNRnfOmWZV8nEhtHOFbUCU7r/KkjMZO9
|
||||
AgMBAAGjgeMwgeAwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAw
|
||||
HQYDVR0OBBYEFMDMA0a5WCDMXHJw8+EuyyCm9Wg6MHoGCCsGAQUFBwEBBG4wbDA0
|
||||
BggrBgEFBQcwAYYoaHR0cDovL29jc3Auc3RnLXJvb3QteDEubGV0c2VuY3J5cHQu
|
||||
b3JnLzA0BggrBgEFBQcwAoYoaHR0cDovL2NlcnQuc3RnLXJvb3QteDEubGV0c2Vu
|
||||
Y3J5cHQub3JnLzAfBgNVHSMEGDAWgBTBJnSkikSg5vogKNhcI5pFiBh54DANBgkq
|
||||
hkiG9w0BAQsFAAOCAgEABYSu4Il+fI0MYU42OTmEj+1HqQ5DvyAeyCA6sGuZdwjF
|
||||
UGeVOv3NnLyfofuUOjEbY5irFCDtnv+0ckukUZN9lz4Q2YjWGUpW4TTu3ieTsaC9
|
||||
AFvCSgNHJyWSVtWvB5XDxsqawl1KzHzzwr132bF2rtGtazSqVqK9E07sGHMCf+zp
|
||||
DQVDVVGtqZPHwX3KqUtefE621b8RI6VCl4oD30Olf8pjuzG4JKBFRFclzLRjo/h7
|
||||
IkkfjZ8wDa7faOjVXx6n+eUQ29cIMCzr8/rNWHS9pYGGQKJiY2xmVC9h12H99Xyf
|
||||
zWE9vb5zKP3MVG6neX1hSdo7PEAb9fqRhHkqVsqUvJlIRmvXvVKTwNCP3eCjRCCI
|
||||
PTAvjV+4ni786iXwwFYNz8l3PmPLCyQXWGohnJ8iBm+5nk7O2ynaPVW0U2W+pt2w
|
||||
SVuvdDM5zGv2f9ltNWUiYZHJ1mmO97jSY/6YfdOUH66iRtQtDkHBRdkNBsMbD+Em
|
||||
2TgBldtHNSJBfB3pm9FblgOcJ0FSWcUDWJ7vO0+NTXlgrRofRT6pVywzxVo6dND0
|
||||
WzYlTWeUVsO40xJqhgUQRER9YLOLxJ0O6C8i0xFxAMKOtSdodMB3RIwt7RFQ0uyt
|
||||
n5Z5MqkYhlMI3J1tPRTp1nEt9fyGspBOO05gi148Qasp+3N+svqKomoQglNoAxU=
|
||||
-----END CERTIFICATE-----
|
||||
10
src/haproxy/Dockerfile
Normal file
10
src/haproxy/Dockerfile
Normal file
@ -0,0 +1,10 @@
|
||||
FROM haproxy:1.9-alpine
|
||||
|
||||
VOLUME [ "/certs" ]
|
||||
|
||||
RUN apk add --update inotify-tools
|
||||
|
||||
COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
|
||||
COPY start-haproxy.sh /start-haproxy
|
||||
|
||||
CMD /start-haproxy
|
||||
@ -12,6 +12,9 @@ frontend http-in
|
||||
bind *:80
|
||||
reqadd X-Forwarded-Proto:\ http
|
||||
|
||||
acl is_cert_validation path -i -m beg "/.well-known/acme-challenge/"
|
||||
use_backend cert-provider if is_cert_validation
|
||||
|
||||
acl host_api hdr_dom(host) -i "api.${HAPROXY_HOSTNAME}"
|
||||
use_backend backend_api if host_api
|
||||
|
||||
@ -61,28 +64,35 @@ backend backend_api
|
||||
mode http
|
||||
option forwardfor
|
||||
balance roundrobin
|
||||
server resin_api_1 api:80 check port 80
|
||||
server balena_api_1 api:80 check port 80
|
||||
|
||||
backend backend_registry
|
||||
mode http
|
||||
option forwardfor
|
||||
balance roundrobin
|
||||
server resin_registry_1 registry:80 check port 80
|
||||
server balena_registry_1 registry:80 check port 80
|
||||
|
||||
backend backend_vpn
|
||||
mode http
|
||||
option forwardfor
|
||||
balance roundrobin
|
||||
server resin_vpn_1 vpn:80 check port 80
|
||||
server balena_vpn_1 vpn:80 check port 80
|
||||
|
||||
backend backend_s3
|
||||
mode http
|
||||
option forwardfor
|
||||
balance roundrobin
|
||||
server balena_s3_1 s3:80 check port 80
|
||||
|
||||
backend cert-provider
|
||||
mode http
|
||||
option forwardfor
|
||||
balance roundrobin
|
||||
server balena_cert-provider_1 cert-provider:80 no-check
|
||||
|
||||
backend vpn-devices
|
||||
mode tcp
|
||||
server resin_vpn_1 vpn:443 send-proxy-v2 check-send-proxy port 443
|
||||
server balena_vpn_1 vpn:443 send-proxy-v2 check-send-proxy port 443
|
||||
|
||||
frontend db
|
||||
mode tcp
|
||||
@ -92,7 +102,7 @@ frontend db
|
||||
|
||||
backend backend_db
|
||||
mode tcp
|
||||
server resin_db_1 db:5432 check port 5432
|
||||
server balena_db_1 db:5432 check port 5432
|
||||
|
||||
frontend redis
|
||||
mode tcp
|
||||
@ -102,7 +112,7 @@ frontend redis
|
||||
|
||||
backend backend_redis
|
||||
mode tcp
|
||||
server resin_redis_1 redis:6379 check port 6379
|
||||
server balena_redis_1 redis:6379 check port 6379
|
||||
|
||||
listen vpn-tunnel
|
||||
mode tcp
|
||||
32
src/haproxy/start-haproxy.sh
Executable file
32
src/haproxy/start-haproxy.sh
Executable file
@ -0,0 +1,32 @@
|
||||
#!/bin/sh
|
||||
|
||||
OPENBALENA_CERT=/etc/ssl/private/open-balena.pem
|
||||
mkdir -p "$(dirname "${OPENBALENA_CERT}")"
|
||||
|
||||
if [ -f "/certs/open-balena.pem" ]; then
|
||||
echo "Using certificate from cert-provider..."
|
||||
cp /certs/open-balena.pem "${OPENBALENA_CERT}"
|
||||
else
|
||||
echo "Building certificate from environment variables..."
|
||||
(
|
||||
echo "${BALENA_HAPROXY_CRT}" | base64 -d
|
||||
echo "${BALENA_HAPROXY_KEY}" | base64 -d
|
||||
echo "${BALENA_ROOT_CA}" | base64 -d
|
||||
) > "${OPENBALENA_CERT}"
|
||||
fi
|
||||
|
||||
haproxy -f /usr/local/etc/haproxy/haproxy.cfg -W &
|
||||
HAPROXY_PID=$!
|
||||
|
||||
while true; do
|
||||
inotifywait -r -e create -e modify -e delete /certs
|
||||
|
||||
if [ -f "/certs/open-balena.pem" ]; then
|
||||
echo "Updating certificate from cert-provider..."
|
||||
cp /certs/open-balena.pem "${OPENBALENA_CERT}"
|
||||
fi
|
||||
|
||||
echo "Certificate change detected. Reloading..."
|
||||
kill -SIGUSR2 $HAPROXY_PID
|
||||
sleep 1;
|
||||
done
|
||||
Reference in New Issue
Block a user