feat: add tmce plugin

Include the jar plugin as encrypted file inside the module image. The plugin is decrypted when the cluster has a valid subscription. Subscribe also to subscription-change event to adapt the environment.
NethServer · Jan 27, 2025 · e259e9b · e259e9b
1 parent 7700a11
commit e259e9b
Show file tree

Hide file tree

Showing 5 changed files with 43 additions and 0 deletions.
diff --git a/build-images.sh b/build-images.sh
@@ -160,6 +160,16 @@ fi
 echo "Build static UI files with node..."
 buildah run --env="NODE_OPTIONS=--openssl-legacy-provider" nodebuilder-webtop sh -c "cd /usr/src/ui && yarn install && yarn build"
 
+# Download tmce plugin jar: plugin is encrypted with GPG, the password is 'subscription'
+tmce_jar_url="https://distfeed.nethserver.org/webtop/webtop-tmceplugins-6.3.1.0.jar.gpg"
+tmce_jar_path="${PWD}/webtop-tmceplugins-6.3.1.0.jar.gpg"
+echo "Downloading encrypted tmce plugin jar from ${tmce_jar_url}..."
+curl --fail -L -o "${tmce_jar_path}" "${tmce_jar_url}"
+
+# Add tmce plugin jar to the image
+mkdir -p imageroot/plugins
+mv "${tmce_jar_path}" imageroot/plugins/webtop-tmceplugins.jar.gpg
+
 # Add imageroot directory to the container image
 buildah add "${container}" imageroot /imageroot
 buildah add "${container}" ui/dist /ui

diff --git a/imageroot/actions/configure-module/30subscription b/imageroot/actions/configure-module/30subscription
@@ -0,0 +1,22 @@
+#!/usr/bin/env python3
+
+#
+# Copyright (C) 2025 Nethesis S.r.l.
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+
+import agent
+import subprocess
+
+rdb = agent.redis_connect(privileged=False)
+
+subscription = rdb.hgetall('cluster/subscription')
+
+with open('subscription.env', 'w') as env:
+    if subscription:
+        env.write(f'VALID_SUBSCRIPTION=true\n')
+        env.write("TMCE_PLUGIN=--volume=./webtop-tmceplugins.jar:/usr/local/tomcat/webapps/webtop/WEB-INF/lib/webtop-tmceplugins.jar:z\n")
+        subprocess.run(['gpg', '--batch', '--yes', '--passphrase', 'subscription', '-d', '-o', 'webtop-tmceplugins.jar', '../plugins/webtop-tmceplugins.jar.gpg'])
+    else:
+        env.write(f'VALID_SUBSCRIPTION=false\n')
+        env.write(f"TMCE_PLUGIN=--volume=../plugins/webtop-tmceplugins.jar.gpg:/usr/local/tomcat/webapps/webtop/WEB-INF/lib/webtop-tmceplugins.jar.gpg:z\n")
diff --git a/imageroot/events/subscription-changed/30subscription b/imageroot/events/subscription-changed/30subscription
@@ -0,0 +1 @@
+../../actions/configure-module/30subscription
diff --git a/imageroot/events/subscription-changed/70restart b/imageroot/events/subscription-changed/70restart
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+#
+# Copyright (C) 2025 Nethesis S.r.l.
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+
+systemctl --user restart webapp
diff --git a/imageroot/systemd/user/webapp.service b/imageroot/systemd/user/webapp.service
@@ -11,6 +11,7 @@ PartOf=webtop.service
 [Service]
 Environment=PODMAN_SYSTEMD_UNIT=%n
 EnvironmentFile=%S/state/environment
+EnvironmentFile=%S/state/subscription.env
 WorkingDirectory=%S/state
 Restart=always
 ExecStartPre=/bin/rm -f %t/webapp.pid %t/webapp.ctr-id
@@ -22,6 +23,7 @@ ExecStart=/usr/bin/podman run \
 			 -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true \
 			 -Dmail.mime.address.strict=false -Dwebtop.etc.dir=/etc/webtop \
 			 -Duser.timezone=${WEBTOP_TIMEZONE}" \
+    ${TMCE_PLUGIN} \
     --volume=webtop-home:/var/lib/nethserver/webtop \
     --volume=./webtop.properties:/etc/webtop/webtop.properties:z \
     --pod=webtop \