add zrok-share package

openziti · Nov 3, 2023 · 9f0ddd0 · 9f0ddd0
1 parent c7fc1d8
commit 9f0ddd0
Show file tree

Hide file tree

Showing 11 changed files with 507 additions and 22 deletions.
diff --git a/.goreleaser-linux-arm64.yml b/.goreleaser-linux-arm64.yml
@@ -57,3 +57,71 @@ nfpms:
       - src: /opt/openziti/bin/zrok
         dst: /usr/bin/zrok
         type: "symlink"
+
+  - package_name: zrok-share
+    id: zrok-share
+    vendor: NetFoundry
+    homepage: https://zrok.io/
+    maintainer: [email protected]
+    description: |-
+      This package provides zrok-share.service. To enable, edit the "/opt/openziti/etc/zrok/zrok-share.env" file with the
+      desired sharing configuration, and run "systemctl enable zrok-share.service && systemctl restart zrok-share.service".
+    license: Apache 2.0
+
+    # do not bundle the built binaries, only supporting files
+    meta: true
+
+    # Formats to be generated.
+    formats:
+      - deb
+      - rpm
+
+    # {{ .ConventionalFileName }} satisfies the RPM name convention.
+    file_name_template: "{{ .ConventionalFileName }}"
+
+    # Umask to be used on files without explicit mode set. (overridable)
+    umask: 0o002
+
+    # Package version within this release version.
+    release: 1
+
+    # Section.
+    section: default
+
+    # Priority.
+    priority: optional
+
+    # GoReleaser will automatically add the binaries here
+    dependencies:
+      - zrok
+
+    recommends:
+      - jq
+
+    # Contents to add to the package.
+    contents:
+      - dst: /lib/systemd/system/
+        src: ./nfpm/zrok-share.service
+
+      - dst: /opt/openziti/etc/zrok
+        type: dir
+        file_info:
+          mode: 0755
+
+      - dst: /opt/openziti/bin/
+        src: ./nfpm/zrok-share.bash
+        file_info:
+          mode: 0755
+
+      - dst: /opt/openziti/bin/
+        src: ./nfpm/zrok-enable.bash
+        file_info:
+          mode: 0755
+
+      - dst: /opt/openziti/etc/zrok/
+        src: ./nfpm/zrok-share.env
+        type: config|noreplace
+
+      - dst: /opt/openziti/etc/zrok/
+        src: ./etc/caddy/multiple_upstream.Caddyfile
+        type: config|noreplace
diff --git a/.goreleaser-linux-armhf.yml b/.goreleaser-linux-armhf.yml
@@ -57,3 +57,71 @@ nfpms:
       - src: /opt/openziti/bin/zrok
         dst: /usr/bin/zrok
         type: "symlink"
+
+  - package_name: zrok-share
+    id: zrok-share
+    vendor: NetFoundry
+    homepage: https://zrok.io/
+    maintainer: [email protected]
+    description: |-
+      This package provides zrok-share.service. To enable, edit the "/opt/openziti/etc/zrok/zrok-share.env" file with the
+      desired sharing configuration, and run "systemctl enable zrok-share.service && systemctl restart zrok-share.service".
+    license: Apache 2.0
+
+    # do not bundle the built binaries, only supporting files
+    meta: true
+
+    # Formats to be generated.
+    formats:
+      - deb
+      - rpm
+
+    # {{ .ConventionalFileName }} satisfies the RPM name convention.
+    file_name_template: "{{ .ConventionalFileName }}"
+
+    # Umask to be used on files without explicit mode set. (overridable)
+    umask: 0o002
+
+    # Package version within this release version.
+    release: 1
+
+    # Section.
+    section: default
+
+    # Priority.
+    priority: optional
+
+    # GoReleaser will automatically add the binaries here
+    dependencies:
+      - zrok
+
+    recommends:
+      - jq
+
+    # Contents to add to the package.
+    contents:
+      - dst: /lib/systemd/system/
+        src: ./nfpm/zrok-share.service
+
+      - dst: /opt/openziti/etc/zrok
+        type: dir
+        file_info:
+          mode: 0755
+
+      - dst: /opt/openziti/bin/
+        src: ./nfpm/zrok-share.bash
+        file_info:
+          mode: 0755
+
+      - dst: /opt/openziti/bin/
+        src: ./nfpm/zrok-enable.bash
+        file_info:
+          mode: 0755
+
+      - dst: /opt/openziti/etc/zrok/
+        src: ./nfpm/zrok-share.env
+        type: config|noreplace
+
+      - dst: /opt/openziti/etc/zrok/
+        src: ./etc/caddy/multiple_upstream.Caddyfile
+        type: config|noreplace
diff --git a/.goreleaser-linux.yml b/.goreleaser-linux.yml
@@ -53,3 +53,71 @@ nfpms:
       - src: /opt/openziti/bin/zrok
         dst: /usr/bin/zrok
         type: "symlink"
+
+  - package_name: zrok-share
+    id: zrok-share
+    vendor: NetFoundry
+    homepage: https://zrok.io/
+    maintainer: [email protected]
+    description: |-
+      This package provides zrok-share.service. To enable, edit the "/opt/openziti/etc/zrok/zrok-share.env" file with the
+      desired sharing configuration, and run "systemctl enable zrok-share.service && systemctl restart zrok-share.service".
+    license: Apache 2.0
+
+    # do not bundle the built binaries, only supporting files
+    meta: true
+
+    # Formats to be generated.
+    formats:
+      - deb
+      - rpm
+
+    # {{ .ConventionalFileName }} satisfies the RPM name convention.
+    file_name_template: "{{ .ConventionalFileName }}"
+
+    # Umask to be used on files without explicit mode set. (overridable)
+    umask: 0o002
+
+    # Package version within this release version.
+    release: 1
+
+    # Section.
+    section: default
+
+    # Priority.
+    priority: optional
+
+    # GoReleaser will automatically add the binaries here
+    dependencies:
+      - zrok
+
+    recommends:
+      - jq
+
+    # Contents to add to the package.
+    contents:
+      - dst: /lib/systemd/system/
+        src: ./nfpm/zrok-share.service
+
+      - dst: /opt/openziti/etc/zrok
+        type: dir
+        file_info:
+          mode: 0755
+
+      - dst: /opt/openziti/bin/
+        src: ./nfpm/zrok-share.bash
+        file_info:
+          mode: 0755
+
+      - dst: /opt/openziti/bin/
+        src: ./nfpm/zrok-enable.bash
+        file_info:
+          mode: 0755
+
+      - dst: /opt/openziti/etc/zrok/
+        src: ./nfpm/zrok-share.env
+        type: config|noreplace
+
+      - dst: /opt/openziti/etc/zrok/
+        src: ./etc/caddy/multiple_upstream.Caddyfile
+        type: config|noreplace
diff --git a/docker/compose/zrok-public-reserved/compose.yml b/docker/compose/zrok-public-reserved/compose.yml
@@ -90,12 +90,14 @@ services:
       - -euc
       - |
         if [[ -s ~/.zrok/reserved.json ]]; then
-          ZROK_RESERVE_TOKEN="$(jq '.token' ~/.zrok/reserved.json 2>/dev/null)"  
-          if [[ -z "$${ZROK_RESERVE_TOKEN}" || "$${ZROK_RESERVE_TOKEN}" == null ]]; then
+          ZROK_RESERVED_TOKEN="$(jq '.token' ~/.zrok/reserved.json 2>/dev/null)"
+
+          if [[ -z "$${ZROK_RESERVED_TOKEN}" || "$${ZROK_RESERVED_TOKEN}" == null ]]; then
             echo "ERROR: invalid reserved.json: $(jq -c . ~/.zrok/reserved.json)" >&2
             exit 1
-          else 
-            echo "INFO: zrok backend is already reserved: $${ZROK_RESERVE_TOKEN}"
+          else
+
+            echo "INFO: zrok backend is already reserved: $${ZROK_RESERVED_TOKEN}"
             exit 0
           fi
         else
@@ -138,21 +140,24 @@ services:
           if [[ -z "$${ZROK_PUBLIC_URLS}" || "$${ZROK_PUBLIC_URLS}" == null ]]; then
             echo "ERROR: frontend endpoints not defined" >&2
             exit 1
-          else 
+          else
+
             echo "INFO: zrok public URLs: $${ZROK_PUBLIC_URLS}"
           fi
-          ZROK_RESERVE_TOKEN=$(jq -r '.token' ~/.zrok/reserved.json 2>/dev/null)
-          if [[ -z "$${ZROK_RESERVE_TOKEN}" && "$${ZROK_RESERVE_TOKEN}" == null ]]; then
+          ZROK_RESERVED_TOKEN=$(jq -r '.token' ~/.zrok/reserved.json 2>/dev/null)
+          if [[ -z "$${ZROK_RESERVED_TOKEN}" && "$${ZROK_RESERVED_TOKEN}" == null ]]; then
             echo "ERROR: zrok reservation token not defined" >&2
             exit 1
-          else 
-            echo "INFO: zrok reservation token: $${ZROK_RESERVE_TOKEN}"
+          else
+
+            echo "INFO: zrok reservation token: $${ZROK_RESERVED_TOKEN}"
           fi
 
-          echo "INFO: running: zrok $${@} $${ZROK_RESERVE_TOKEN}"
-          exec zrok "$${@}" $${ZROK_RESERVE_TOKEN}
+          echo "INFO: running: zrok $${@} $${ZROK_RESERVED_TOKEN}"
+          exec zrok "$${@}" $${ZROK_RESERVED_TOKEN}
         fi
-    command: -- share reserved --headless 
+    command: -- share reserved --headless
+
     depends_on:
       zrok-reserve:
         condition: service_completed_successfully

diff --git a/etc/caddy/README.md b/etc/caddy/README.md
@@ -0,0 +1,21 @@
+
+# Caddyfile Samples
+
+The Caddyfile samples in this directory are for use with `--backend-mode caddy ./my.Caddyfile` which runs an embedded
+Caddy server.
+
+With a zrok reserved share, you have the option to permanently override the path to the Caddyfile when you run `zrok
+share reserved ${ZROK_RESERVED_TOKEN} --override-endpoint new.Caddyfile`.
+
+The Caddyfile must have this structure because it is rendered as a Go template by zrok to bind the HTTP listener.
+
+```console
+http:// {
+    bind {{ .ZrokBindAddress }}
+    # customize reverse_proxy, file_server, etc.
+}
+```
+
+## Notes
+
+simple_reverse_proxy.Caddyfile is bundled in the zrok-share package for Linux as an example Caddyfile.
diff --git a/etc/caddy/multiple_upstream.Caddyfile b/etc/caddy/multiple_upstream.Caddyfile
@@ -2,18 +2,24 @@
 #
 http:// {
     # Bind to the zrok share
-	bind {{ .ZrokBindAddress }}
+    bind {{ .ZrokBindAddress }}
 
     # Handle paths starting with `/zrok/*`
     # This will also strip the `/zrok/` from the path before sending to the backend
-	handle_path /zrok/* {
-	    reverse_proxy https://zrok.io {
-	        header_up Host zrok.io
-	    }
-	}
+    handle_path /zrok/* {
+        reverse_proxy https://zrok.io {
+            header_up Host zrok.io
+        }
+    }
 
-	# All other traffic goes to localhost:3000
-	reverse_proxy /* 127.0.0.1:3000 {
-		header_up Host localhost:3000
-	}
+    # serve index.html if it exists, else a file index
+    handle_path /zrok-static/* {
+        root * /var/www/html
+        file_server browse
+    }
+
+    # All other traffic goes to localhost:3000
+    reverse_proxy /* 127.0.0.1:3000 {
+        header_up Host localhost:3000
+    }
 }
diff --git a/nfpm/README.md b/nfpm/README.md
@@ -0,0 +1,4 @@
+
+# nfpm supporting files
+
+These files are sourced by nfpm when invoked by goreleaser to build Linux packages.
diff --git a/nfpm/zrok-enable.bash b/nfpm/zrok-enable.bash
@@ -0,0 +1,46 @@
+#!/usr/bin/env bash
+#
+# this script uses a zrok enable token to enable a zrok environment in $HOME/.zrok
+#
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+# set HOME to the first colon-sep dir in STATE_DIRECTORY inherited from systemd, e.g. /var/lib/zrok-share
+export HOME="${STATE_DIRECTORY%:*}" 
+
+if (( $# )); then
+  if [[ -s "$1" ]]; then
+    source "$1"
+  else
+    echo "ERROR: $1 is empty or not a readable file" >&2
+    exit 1
+  fi
+else
+  # TODO: consider defining a default environment file
+  # if [[ -s /opt/openziti/etc/zrok.env ]]; then
+  #   source /opt/openziti/etc/zrok.env
+  # else
+  #   echo "ERROR: need /opt/openziti/etc/zrok.env or filename argument to read share configuration" >&2
+  #   exit 1
+  # fi
+  echo "ERROR: need filename argument to read env configuration" >&2
+  exit 1
+fi
+
+if [[ -s ~/.zrok/environment.json ]]; then
+  echo "INFO: zrok environment is already enabled. Delete '$(realpath ~/.zrok/environment.json)' if you want to destroy"\
+        " it and create a new environment."
+  exit 0
+else
+  if [[ -z "${ZROK_ENABLE_TOKEN}" ]]; then
+    echo "ERROR: ZROK_ENABLE_TOKEN is not defined" >&2
+    exit 1
+  else
+    zrok config set apiEndpoint "${ZROK_API_ENDPOINT:-https://api.zrok.io}"
+    echo "INFO: running: zrok enable ..."
+    exec zrok enable --headless --description "${ZROK_ENVIRONMENT_NAME:-$(hostname -s) reserved public share}" "${ZROK_ENABLE_TOKEN}"
+  fi
+fi
+
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,4 @@

		# nfpm supporting files

		These files are sourced by nfpm when invoked by goreleaser to build Linux packages.