Commit d2bfc6e9 authored by Timothée Jaussoin's avatar Timothée Jaussoin

Integrate FlexiAPI in the RPM package (logs, conf, env…)

Update the GitlabCI and fix integration issues
Add a /api/ping authenticated endpoint
parent 5eb6a644
Pipeline #11824 passed with stages
in 10 minutes and 5 seconds
......@@ -5,20 +5,47 @@
variables:
DEPLOY_SERVER: buildbot@www.linphone.org
CENTOS7_DEPLOY_DIRECTORY: snapshots/centos7
stages:
- package
- deploy
- test
job-centos7-rpm:
tags: [ "docker-centos7" ]
image: gitlab.linphone.org:4567/bc/public/linphone-sdk/bc-dev-centos:7
image: gitlab.linphone.org:4567/bc/public/linphone-sdk/bc-dev-centos7-php
stage: package
script:
- make rpm
- make rpm-dev
artifacts:
paths:
- rpmbuild/x86_64/*.rpm
- rpmbuild/x86_64/*.rpm
when: always
expire_in: 1 year
cache:
key: ${CI_COMMIT_REF_SLUG}
paths:
- flexiapi/vendor/
job-centos7-rpm-test:
tags: [ "docker-centos7" ]
image: gitlab.linphone.org:4567/bc/public/linphone-sdk/bc-dev-centos7-php
stage: test
script:
- yum -y localinstall rpmbuild/x86_64/*.rpm
- cd /opt/belledonne-communications/share/flexisip-account-manager/flexiapi
- scl enable rh-php73 "php artisan key:generate"
- scl enable rh-php73 "vendor/bin/phpunit --log-junit $CI_PROJECT_DIR/flexiapi_phpunit.log"
artifacts:
paths:
- $CI_PROJECT_DIR/flexiapi_phpunit.log
- flexiapi/storage/logs/
when: always
expire_in: 1 day
job-centos7-rpm-deploy:
......@@ -33,7 +60,7 @@ job-centos7-rpm-deploy:
refs:
- master
changes:
- flexisip-account-manager.spec
- flexisip-account-manager.spec
dependencies:
- job-centos7-rpm
......@@ -41,8 +68,3 @@ job-centos7-rpm-deploy:
script:
- cd rpmbuild/x86_64 && rsync -e "ssh -o StrictHostKeyChecking=no" -pr . $DEPLOY_SERVER:$CENTOS7_DEPLOY_DIRECTORY
- ssh $DEPLOY_SERVER "chmod a+r $CENTOS7_DEPLOY_DIRECTORY/*.rpm && createrepo_c --update $CENTOS7_DEPLOY_DIRECTORY/."
stages:
- package
- deploy
......@@ -2,8 +2,11 @@ $(eval GIT_DESCRIBE = $(shell sh -c "git describe"))
OUTPUT_DIR = ${CURDIR}
prepare:
cd flexiapi && composer install --no-dev
rpm-only:
prepare-dev:
cd flexiapi && composer install
rpm-only:
rm -rf $(OUTPUT_DIR)/flexisip-account-manager
mkdir $(OUTPUT_DIR)/flexisip-account-manager
mkdir -p $(OUTPUT_DIR)/rpmbuild/SPECS
......@@ -11,7 +14,14 @@ rpm-only:
cp -R --parents src/**/*.php $(OUTPUT_DIR)/flexisip-account-manager/
cp -R --parents src/api/**/*.php $(OUTPUT_DIR)/flexisip-account-manager/
cp -R --parents conf/*.conf $(OUTPUT_DIR)/flexisip-account-manager/
cp -R --parents flexiapi/**/* $(OUTPUT_DIR)/flexisip-account-manager/
cp flexiapi/composer* $(OUTPUT_DIR)/flexisip-account-manager/flexiapi/
cp flexiapi/README.md $(OUTPUT_DIR)/flexisip-account-manager/flexiapi/
cp flexiapi/.env.example $(OUTPUT_DIR)/flexisip-account-manager/flexiapi/.env.example
cp flexiapi/artisan $(OUTPUT_DIR)/flexisip-account-manager/flexiapi/
cp flexiapi/phpunit.xml $(OUTPUT_DIR)/flexisip-account-manager/flexiapi/
cp README.md $(OUTPUT_DIR)/flexisip-account-manager/
cp -R httpd/ $(OUTPUT_DIR)/flexisip-account-manager/
cp flexisip-account-manager.spec $(OUTPUT_DIR)/rpmbuild/SPECS/
......@@ -21,5 +31,6 @@ rpm-only:
rm -rf $(OUTPUT_DIR)/flexisip-account-manager
rpm: prepare rpm-only
rpm-dev: prepare-dev rpm-only
.PHONY: rpm
......@@ -63,16 +63,29 @@ Finally start composer:
`cd /opt/belledonne-communications/share/flexisip-account-manager/ && composer install`
### 6. Packaging
### 4. Configure the API
------------------------------
The FlexiAPI configuration is located in the same directory as for the XMLRPC server. You can find its whole configuration in `/etc/flexisip-account-manager/flexiapi.env`.
You should normally only change the `DB_EXTERNAL` parameters then rollback and re-run the migrations (by default the API is assuming that it runs on two SQLite databases). To do so, find the root directory of `flexiapi` (normally under `/opt/belledonne-communications/share/flexisip-account-manager`), authenticate as your web user (`www-data` or `apache`) and run rollback and migrate (all the content will be destroyed, we recommend to do always do backup of your databases before running any migrations):
php artisan migrate:rollback
php artisan migrate
### 5. Packaging
--------------------
To build a rpm package on centos7:
make rpm
To build a rpm package with docker:
docker run -v $PWD:/home/bc -it gitlab.linphone.org:4567/bc/public/flexisip-account-manager/bc-dev-centos:7 make rpm
The flexisip-account-manager rpm package can be found in rpmbuild/RPMS/x86_64/bc-flexisip-account-manager*.rpm
Installation requires package centos-release-scl-rh to be installed for php7.1
### 7. Miscellaneous
docker run -v $PWD:/home/bc -it gitlab.linphone.org:4567/bc/public/flexisip-account-manager/bc-dev-centos:7 make rpm
GitLab is running the command above using `make rpm-dev`, this also install all the required dependencies to run `phpunit` properly (they are disabled by default to save space in the final rpm file).
The flexisip-account-manager rpm package can be found in `rpmbuild/RPMS/x86_64/bc-flexisip-account-manager*.rpm`
### 6. Miscellaneous
--------------------
- For remote provisioning create a `default.rc` file in `/opt/belledonne-communications/` and set the values you want
......@@ -92,4 +105,3 @@ client side, set the provisioning uri to the same host but to `provisioning.php`
- Also it can listen on IPv6 only.
To fix that, edit `/opt/rh/httpd24/root/etc/httpd/conf.d/ssl.conf` and add/set: `Listen 0.0.0.0:444 https`
......@@ -2,7 +2,7 @@ FROM gitlab.linphone.org:4567/bc/public/linphone-sdk/bc-dev-centos:7
USER root
# Install dependencies
RUN yum -y install centos-release-scl.noarch
RUN yum -y install centos-release-scl.noarch sysvinit-tools
RUN yum -y install composer.noarch rh-php73 rh-php73-php-mbstring
RUN mkdir -p /usr/local/bin
RUN echo -e "#!/usr/bin/bash\nsource scl_source enable rh-php73\nexec \"\$@\"\n" >> /usr/local/bin/entry-point.sh
......
APP_NAME=Laravel
APP_NAME=FlexiAPI
APP_ENV=local
APP_KEY=
APP_DEBUG=true
APP_DEBUG=false
APP_URL=http://localhost
LOG_CHANNEL=stack
DB_CONNECTION=local
DB_DATABASE=/var/www/flexiapi/db.sqlite
DB_EXTERNAL_CONNECTION=mysql
DB_EXTERNAL_DRIVER=mysql
DB_EXTERNAL_HOST=127.0.0.1
DB_EXTERNAL_PORT=3306
DB_EXTERNAL_DATABASE=flexisip
......@@ -22,27 +20,3 @@ CACHE_DRIVER=file
QUEUE_CONNECTION=sync
SESSION_DRIVER=cookie
SESSION_LIFETIME=120
REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379
MAIL_DRIVER=smtp
MAIL_HOST=smtp.mailtrap.io
MAIL_PORT=2525
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_DEFAULT_REGION=us-east-1
AWS_BUCKET=
PUSHER_APP_ID=
PUSHER_APP_KEY=
PUSHER_APP_SECRET=
PUSHER_APP_CLUSTER=mt1
MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
......@@ -6,7 +6,7 @@ This tool connects to the Flexisip CLI interface and exposes several endpoints t
Clone the repository, install the dependencies and generate a key.
composer install
composer install --no-dev
php artisan key:generate
Then configure the two databases connections in the `.env` file (from the `.env.example` one). And migrate the tables.
......@@ -29,4 +29,4 @@ To expire and/or clear old nonces a specific command should be called periodical
## Usage
The root page contains all the required documentation to authenticate and request the API.
\ No newline at end of file
The root page contains all the required documentation to authenticate and request the API.
......@@ -19,6 +19,8 @@
namespace App\Helpers;
use Illuminate\Support\Str;
use App\Account;
use App\DigestNonce;
......@@ -26,9 +28,7 @@ class Utils
{
public static function generateNonce(): string
{
return base64_encode(random_bytes(
SODIUM_CRYPTO_SECRETBOX_NONCEBYTES
));
return Str::random(32);
}
public static function generateValidNonce(Account $account): string
......
<?php
namespace App\Http\Controllers\Api;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
class PingController extends Controller
{
public function ping(Request $request)
{
return 'pong';
}
}
......@@ -18,4 +18,6 @@
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
RewriteBase /flexiapi/
</IfModule>
......@@ -24,6 +24,7 @@ Route::middleware('auth:api')->get('/user', function (Request $request) {
});
Route::group(['middleware' => ['auth.digest']], function () {
Route::get('ping', 'Api\PingController@ping');
Route::get('devices', 'Api\DeviceController@index');
Route::delete('devices/{uuid}', 'Api\DeviceController@destroy');
});
\ No newline at end of file
......@@ -30,7 +30,7 @@ class AuthenticateDigestTest extends TestCase
{
use RefreshDatabase;
const ROUTE = '/api/devices';
const ROUTE = '/api/ping';
const METHOD = 'GET';
const ALGORITHMS = ['md5' => 'MD5', 'sha256' => 'SHA-256'];
......
......@@ -9,6 +9,9 @@
#%define _docdir %{_datadir}/doc
%define build_number 17
%define var_dir /var/opt/belledonne-communications
%define opt_dir /opt/belledonne-communications/share/flexisip-account-manager
%define env_file "$RPM_BUILD_ROOT/etc/flexisip-account-manager/flexiapi.env"
#%if %{build_number}
#%define build_number_ext -%{build_number}
#%endif
......@@ -22,11 +25,11 @@ Group: Applications/Communications
License: GPL
URL: http://www.linphone.org
#Source0: %{name}-%{version}%{?build_number_ext}.tar.gz
Source0: flexisip-account-manager.tar.gz
Source0: flexisip-account-manager.tar.gz
#BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
# dependencies
Requires: rh-php73-php rh-php73-php-xmlrpc rh-php73-php-pdo rh-php73-php-mysqlnd rh-php73-php-mbstring
Requires: rh-php73-php rh-php73-php-xmlrpc rh-php73-php-pdo rh-php73-php-mysqlnd rh-php73-php-mbstring
%description
PHP server for Linphone and Flexisip providing module for account creation.
......@@ -37,11 +40,13 @@ PHP server for Linphone and Flexisip providing module for account creation.
%install
rm -rf "$RPM_BUILD_ROOT"
mkdir -p "$RPM_BUILD_ROOT/opt/belledonne-communications/share/flexisip-account-manager"
cp -R src/* "$RPM_BUILD_ROOT/opt/belledonne-communications/share/flexisip-account-manager/"
mkdir -p "$RPM_BUILD_ROOT/opt/belledonne-communications/share/flexisip-account-manager/flexiapi"
cp -R flexiapi/* "$RPM_BUILD_ROOT/opt/belledonne-communications/share/flexisip-account-manager/flexiapi"
cp README* "$RPM_BUILD_ROOT/opt/belledonne-communications/share/flexisip-account-manager/"
mkdir -p "$RPM_BUILD_ROOT%{opt_dir}"
cp -R src/* "$RPM_BUILD_ROOT%{opt_dir}/"
cp -R flexiapi "$RPM_BUILD_ROOT%{opt_dir}"
cp flexiapi/composer.json "$RPM_BUILD_ROOT%{opt_dir}/flexiapi"
cp README* "$RPM_BUILD_ROOT%{opt_dir}/"
mkdir -p "$RPM_BUILD_ROOT/etc/flexisip-account-manager"
cp -R conf/* "$RPM_BUILD_ROOT/etc/flexisip-account-manager/"
mkdir -p $RPM_BUILD_ROOT/opt/rh/httpd24/root/etc/httpd/conf.d
......@@ -50,24 +55,54 @@ cp httpd/flexisip-account-manager.conf "$RPM_BUILD_ROOT/opt/rh/httpd24/root/etc/
%post
if [ $1 -eq 1 ] ; then
mkdir -p /var/opt/belledonne-communications/log
touch /var/opt/belledonne-communications/log/account-manager.log
chown apache:apache /var/opt/belledonne-communications/log/account-manager.log
chcon -t httpd_sys_rw_content_t /var/opt/belledonne-communications/log/account-manager.log
setsebool -P httpd_can_network_connect_db on
mkdir -p %{var_dir}/log
touch %{var_dir}/log/account-manager.log
chown apache:apache %{var_dir}/log/account-manager.log
chcon -t httpd_sys_rw_content_t %{var_dir}/log/account-manager.log
setsebool -P httpd_can_network_connect_db on
# FlexiAPI base directories setup and rights
mkdir -p %{var_dir}/flexiapi/storage/app/public
mkdir -p %{var_dir}/flexiapi/storage/framework/cache %{var_dir}/flexiapi/storage/framework/sessions %{var_dir}/flexiapi/storage/framework/testing %{var_dir}/flexiapi/storage/framework/views
mkdir -p %{opt_dir}/flexiapi/bootstrap/cache
touch %{var_dir}/flexiapi/storage/db.sqlite
touch %{var_dir}/flexiapi/storage/external.db.sqlite
chown -R apache:apache %{var_dir}/flexiapi/storage
ln -s %{var_dir}/flexiapi/storage %{opt_dir}/flexiapi/.
# FlexiAPI logs file
mkdir -p %{var_dir}/log/flexiapi
chown -R apache:apache %{var_dir}/log/flexiapi
ln -s %{var_dir}/log/flexiapi %{opt_dir}/flexiapi/storage/logs
# FlexiAPI env file configuration
cd %{opt_dir}/flexiapi/
cp .env.example %{env_file}
sed -i 's/DB_DATABASE=.*/DB_DATABASE=\/var\/opt\/belledonne-communications\/flexiapi\/storage\/db.sqlite/g' %{env_file}
sed -i 's/DB_EXTERNAL_DRIVER=.*/DB_EXTERNAL_DRIVER=sqlite/g' %{env_file}
sed -i 's/DB_EXTERNAL_DATABASE=.*/DB_EXTERNAL_DATABASE=\/var\/opt\/belledonne-communications\/flexiapi\/storage\/external.db.sqlite/g' %{env_file}
ln -s %{env_file} .env
scl enable rh-php73 "php artisan key:generate"
scl enable rh-php73 "php artisan migrate"
fi
%files
/opt/belledonne-communications/share/flexisip-account-manager/flexiapi/**/*
/opt/belledonne-communications/share/flexisip-account-manager/api/account/*.php
/opt/belledonne-communications/share/flexisip-account-manager/config/*.php
/opt/belledonne-communications/share/flexisip-account-manager/database/*.php
/opt/belledonne-communications/share/flexisip-account-manager/misc/*.php
/opt/belledonne-communications/share/flexisip-account-manager/objects/*.php
/opt/belledonne-communications/share/flexisip-account-manager/tools/*.php
/opt/belledonne-communications/share/flexisip-account-manager/xmlrpc/*.php
/opt/belledonne-communications/share/flexisip-account-manager/README*
%{opt_dir}/flexiapi/
%{opt_dir}/api/account/*.php
%{opt_dir}/config/*.php
%{opt_dir}/database/*.php
%{opt_dir}/misc/*.php
%{opt_dir}/objects/*.php
%{opt_dir}/tools/*.php
%{opt_dir}/xmlrpc/*.php
%{opt_dir}/README*
%exclude %{opt_dir}/flexiapi/storage/
%exclude %{opt_dir}/flexiapi/bootstrap/cache
%config(noreplace) /etc/flexisip-account-manager/*.conf
%config(noreplace) /opt/rh/httpd24/root/etc/httpd/conf.d/flexisip-account-manager.conf
......@@ -76,6 +111,8 @@ fi
rm -rf $RPM_BUILD_ROOT
%changelog
* Tue Jan 5 2020 Timothée Jaussoin <timothee.jaussoin@belledonne-communications.com>
- Import and configure the new API package
* Thu Jul 4 2019 Sylvain Berfini <sylvain.berfini@belledonne-communications.com>
- New files layout
* Fri Jun 28 2019 Johan Pascal <johan.pascal@belledonne-communications.com>
......
Alias /flexiapi /opt/belledonne-communications/share/flexisip-account-manager/flexiapi/public
Alias /flexisip-account-manager /opt/belledonne-communications/share/flexisip-account-manager/xmlrpc
<Directory /opt/belledonne-communications/share/flexisip-account-manager/xmlrpc/>
Options FollowSymLinks MultiViews
AllowOverride None
Require all denied
<Files xmlrpc.php>
<RequireAll>
Require all granted
Require not env blockAccess
</RequireAll>
</Files>
<Files provisioning.php>
<RequireAll>
Require all granted
Require not env blockAccess
</RequireAll>
</Files>
Options FollowSymLinks MultiViews
AllowOverride None
Require all denied
<Files xmlrpc.php>
<RequireAll>
Require all granted
Require not env blockAccess
</RequireAll>
</Files>
<Files provisioning.php>
<RequireAll>
Require all granted
Require not env blockAccess
</RequireAll>
</Files>
</Directory>
<Directory /opt/belledonne-communications/share/flexisip-account-manager/flexiapi/public>
AllowOverride All
Order allow,deny
allow from all
Require all granted
DirectoryIndex index.php
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews -Indexes
</IfModule>
RewriteEngine On
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
RewriteBase /flexiapi/
</IfModule>
</Directory>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment