Add Traefik configuration and enhance loading state management

build-images.sh

@@ -35,6 +35,7 @@ buildah config --entrypoint=/ \
     --label="org.nethserver.authorizations=node:fwadm traefik@node:routeadm mail@any:mailadm" \
     --label="org.nethserver.tcp-ports-demand=2" \
     --label="org.nethserver.rootfull=0" \
+    --label="org.nethserver.min-core=3.12.4-0" \
     --label="org.nethserver.images=docker.io/sutoj/piler:1.4.8 docker.io/mariadb:10.11.13 docker.io/memcached:1.6.39-alpine docker.io/manticoresearch/manticore:10.1.0" \
     "${container}"
 # Commit the image

imageroot/actions/clone-module/50configure-module

@@ -0,0 +1 @@
+../restore-module/50configure-module

imageroot/actions/configure-module/05traefik

@@ -0,0 +1,33 @@
+#!/usr/bin/env python3
+
+#
+# Copyright (C) 2022 Nethesis S.r.l.
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+
+import json
+import sys
+import agent
+import os
+
+# Try to parse the stdin as JSON.
+# If parsing fails, output everything to stderr
+data = json.load(sys.stdin)
+
+# Setup default values
+host = data.get("host")
+h2hs = data.get("http2https", True)
+
+# Configure Traefik route for API
+set_route_data = {
+    'instance': os.environ['MODULE_ID'],
+    'url':  'http://127.0.0.1:' + os.environ["TCP_PORT_TRAEFIK"],
+    'host': host,
+    'http2https': h2hs,
+    'lets_encrypt_check': True,
+    'lets_encrypt_cleanup': True,
+}
+if 'lets_encrypt' in data:
+    set_route_data['lets_encrypt'] = data['lets_encrypt']
+
+agent.set_route(set_route_data)

imageroot/actions/configure-module/10configure

@@ -14,6 +14,8 @@ import agent
 # Try to parse the stdin as JSON.
 # If parsing fails, output everything to stderr
 data = json.load(sys.stdin)
+host = data.get("host")
+h2hs = data.get("http2https", True)
 
 # Connect to redis
 rdb = agent.redis_connect()
@@ -27,3 +29,5 @@ if providers:
     agent.set_env("PROVIDER_IP", providers[0]["host"])
 
 agent.set_env("RETENTION_DAYS", data["retention_days"])
+agent.set_env("TRAEFIK_HOST", host)
+agent.set_env("TRAEFIK_HTTP2HTTPS", h2hs)

imageroot/actions/configure-module/20traefik

@@ -1,48 +1 @@
-#!/usr/bin/env python3
-
-#
-# Copyright (C) 2022 Nethesis S.r.l.
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-
-import json
-import sys
-import agent
-import agent.tasks
-import os
-
-# Try to parse the stdin as JSON.
-# If parsing fails, output everything to stderr
-data = json.load(sys.stdin)
-
-# Setup default values
-host = data.get("host")
-h2hs = data.get("http2https", True)
-le = data.get("lets_encrypt", False)
-
-# Talk with agent using file descriptor.
-# Setup configuration from user input.
-agent.set_env("TRAEFIK_HOST", host)
-agent.set_env("TRAEFIK_HTTP2HTTPS", h2hs)
-agent.set_env("TRAEFIK_LETS_ENCRYPT", le)
-
-# Find default traefik instance for current node
-default_traefik_id = agent.resolve_agent_id('traefik@node')
-if default_traefik_id is None:
-    sys.exit(2)
-
-# Configure Traefik to route
-response = agent.tasks.run(
-    agent_id=agent.resolve_agent_id('traefik@node'),
-    action='set-route',
-    data={
-        'instance': os.environ['MODULE_ID'],
-        'url':  'http://127.0.0.1:' + os.environ["TCP_PORT_TRAEFIK"],
-        'host': host,
-        'http2https': h2hs,
-        'lets_encrypt': le
-    },
-)
-
-# Check if traefik configuration has been successfull
-agent.assert_exp(response['exit_code'] == 0)
+# Placeholder, see bug NethServer/dev#7058

imageroot/actions/configure-module/validate-input.json

@@ -14,8 +14,6 @@
     "type": "object",
     "required": [
         "host",
-        "http2https",
-        "lets_encrypt",
         "mail_server",
         "retention_days"
     ],

imageroot/actions/get-configuration/20read

@@ -16,7 +16,7 @@ config = {}
 
 config["host"] = os.environ.get("TRAEFIK_HOST",'')
 config["http2https"] =  os.environ.get("TRAEFIK_HTTP2HTTPS","False") == "True"
-config["lets_encrypt"] =  os.environ.get("TRAEFIK_LETS_ENCRYPT","False") == "True"
+config["lets_encrypt"] =  agent.get_route(os.environ['MODULE_ID']).get('lets_encrypt', False)
 config["mail_server"] = os.getenv("MAIL_SERVER", "")
 config['retention_days'] = int(os.getenv("RETENTION_DAYS", 2557))
 

imageroot/actions/restore-module/06copyenv

@@ -17,7 +17,6 @@ original_environment = request['environment']
 for evar in [
         "TRAEFIK_HOST",
         "TRAEFIK_HTTP2HTTPS",
-        "TRAEFIK_LETS_ENCRYPT",
         "MAIL_SERVER",
         "RETENTION_DAYS",
     ]:

imageroot/actions/restore-module/50configure-module

@@ -5,20 +5,14 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 #
 
-import sys
-import json
 import agent
 import os
 
-request = json.load(sys.stdin)
-renv = request['environment']
-
 configure_retval = agent.tasks.run(agent_id=os.environ['AGENT_ID'], action='configure-module', data={
-    "mail_server": renv["MAIL_SERVER"],
-    "lets_encrypt": renv["TRAEFIK_LETS_ENCRYPT"] == 'True',
-    "host": renv["TRAEFIK_HOST"],
-    "http2https": renv["TRAEFIK_HTTP2HTTPS"] == 'True',
+    "mail_server": os.environ["MAIL_SERVER"],
+    "host": os.environ["TRAEFIK_HOST"],
+    "http2https": os.environ["TRAEFIK_HTTP2HTTPS"] == 'True',
     "restore": True, # restore the configuration to the relay rule and the alwaysBccAddress
-    'retention_days': int(renv['RETENTION_DAYS']),
+    "retention_days": int(os.environ["RETENTION_DAYS"]),
 })
 agent.assert_exp(configure_retval['exit_code'] == 0, "The configure-module subtask failed!")