onion-service allmost works now

author: Christian Pointner <equinox@spreadspace.org> 2018-02-18 19:56:15 +0100
committer: Christian Pointner <equinox@spreadspace.org> 2018-02-18 19:56:15 +0100
commit: 4f61f0d742b386a699cb9ee3359a18b746cca2d5 (patch)
tree: ea112b2c292b62a5d99889cfb398894986398cba /src
parent: revamp handling of sfive proxy (diff)
2 files changed, 26 insertions, 5 deletions
diff --git a/src/examples/elevate2018.yml b/src/examples/elevate2018.yml
index 4d8b7be..ba84345 100644
--- a/src/examples/elevate2018.yml
+++ b/src/examples/elevate2018.yml
@@ -58,7 +58,7 @@ globals:
       flumotion_image_version: 12
       nginx_image_version: 4
       sfive_image_version: 2
-      onion_service_image_version: 3
+      onion_service_image_version: master-23
 inputs:
   sdi-orig:
     type: decklink
@@ -107,7 +107,7 @@ streams:
      burst-on-connect: 5
      hostname: "emc-%02i.spreadspace.org"
      repeater: True
-     onion-service: True
+     onion-service: "dear-nicoo-this-is-just-a-place-holder-for-now.onion"
 records:
   av:
     mux: avr
diff --git a/src/flufigut.py b/src/flufigut.py
index 366c13e..0289abd 100755
--- a/src/flufigut.py
+++ b/src/flufigut.py
@@ -507,7 +507,7 @@ class Planet:
     def __generate_stream_mux_instance(self, stream_name, stream, mux, format, profile, idx, cnt, porter):
         muxer_feed = 'mux-%s-%s-%s' % (mux, format, profile)
         feeder = muxer_feed
-        if 'repeater' in stream:
+        if 'repeater' in stream and stream['repeater']:
             feeder = self.__generate_stream_mux_repeater(stream_name, mux, format, profile, muxer_feed)
 
         comp_name = '%s-%s%i-stream-%s-%s-%s' % (stream['type'], stream_name, idx + 1, mux, format, profile)
@@ -545,6 +545,8 @@ class Planet:
         self.__add_worker_flag_exclusive(worker, "stream", stream_name)
         self.__add_worker_flag_exclusive(worker, "stream-hostname", hostname)
         self.__add_worker_flag_exclusive(worker, "stream-index", idx)
+        if 'onion-service' in stream and stream['onion-service']:
+            self.__add_worker_flag_exclusive(worker, "stream-onion", stream['onion-service'])
         if 'sfive' in self._desc.globals['stats']:
             self.__add_worker_flag_exclusive(worker, "sfive", self._desc.globals['stats']['sfive']['type'])
 
@@ -673,6 +675,10 @@ class K8sDeployment:
         kubernetes.config.load_kube_config()
         kubernetes.client.user_agent = 'flufigut'
 
+        self.__has_onion_service = False
+        self.__has_sfive = False
+        self.__has_sfive_onion = False
+
     def __create_namespace(self, v1):
         ns = kubernetes.client.V1Namespace()
         ns.metadata = kubernetes.client.V1ObjectMeta()
@@ -742,13 +748,15 @@ class K8sDeployment:
         if 'sfive' not in worker['flags']:
             return
 
+        self.__has_sfive = True
         cm = self.__generate_object(tmpl_env, 'sfive-cm.yml', worker)
         if 'data' not in cm or not cm['data']:
             cm['data'] = {}
         if worker['flags']['sfive'] == 'proxy' and 'stream' in worker['flags']:
             cm['data']['proxy.json'] = json.dumps(self._planet.sfive_proxy_config(worker['name']))
-            stream_name = worker['flags']['stream']
-            if 'onion-service' in self._desc.streams[stream_name] and len(self._desc.streams[stream_name]['nginx-muxes']) > 0:
+            if 'stream-onion' in worker['flags']:
+                self.__has_onion_service = True
+                self.__has_sfive_onion = True
                 cm['data']['proxy-onion.json'] = json.dumps(self._planet.sfive_proxy_config(worker['name'], True))
 
         v1.create_namespaced_config_map(self._namespace, cm)
@@ -759,6 +767,7 @@ class K8sDeployment:
     def deploy(self, template_dir):
         v1 = kubernetes.client.CoreV1Api()
         appsV1 = kubernetes.client.AppsV1Api()
+        rbacV1 = kubernetes.client.RbacAuthorizationV1Api()
         self.__create_namespace(v1)
 
         loader = jinja2.FileSystemLoader(os.path.join(template_dir, self._desc.globals['templates'], 'kubernetes'))
@@ -775,6 +784,18 @@ class K8sDeployment:
             self._deploy_nginx_worker(template_dir, tmpl_env, v1, appsV1, worker)
             self._deploy_sfive_worker(template_dir, tmpl_env, v1, appsV1, worker)
 
+        if self.__has_onion_service:
+            role = self.__generate_object(tmpl_env, 'onion-service-role.yml', worker)
+            rbacV1.create_namespaced_role(self._namespace, role)
+
+        if self.__has_sfive:
+            sa = self.__generate_object(tmpl_env, 'sfive-sa.yml', worker)
+            v1.create_namespaced_service_account(self._namespace, sa)
+
+        if self.__has_sfive_onion:
+            rb = self.__generate_object(tmpl_env, 'sfive-onion-rolebinding.yml', worker)
+            rbacV1.create_namespaced_role_binding(self._namespace, rb)
+
     def wipe(self):
         v1 = kubernetes.client.CoreV1Api()
         self.__delete_namespace(v1)
author	Christian Pointner <equinox@spreadspace.org>	2018-02-18 19:56:15 +0100
committer	Christian Pointner <equinox@spreadspace.org>	2018-02-18 19:56:15 +0100
commit	4f61f0d742b386a699cb9ee3359a18b746cca2d5 (patch)
tree	ea112b2c292b62a5d99889cfb398894986398cba /src
parent	revamp handling of sfive proxy (diff)