diff --git a/.github/workflows/golang-test.yml b/.github/workflows/golang-test.yml index 36f929de7..8223faed7 100644 --- a/.github/workflows/golang-test.yml +++ b/.github/workflows/golang-test.yml @@ -46,5 +46,13 @@ jobs: - name: Install modules run: go mod tidy - - name: run build - run: GOOS=${{ matrix.os }} go build . \ No newline at end of file + - name: run build cli + run: GOOS=${{ matrix.os }} go build . + + - name: run build management + run: GOOS=${{ matrix.os }} go build . + working-directory: management + + - name: run build signal + run: GOOS=${{ matrix.os }} go build . + working-directory: signal \ No newline at end of file diff --git a/.goreleaser.yaml b/.goreleaser.yaml index c4826539a..e25006619 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -30,6 +30,16 @@ builds: goarch: - amd64 - arm64 + + - id: wiretrustee-signal + dir: signal + env: [CGO_ENABLED=0] + binary: wiretrustee-signal + goos: + - linux + goarch: + - amd64 + - arm64 archives: - builds: - wiretrustee @@ -54,9 +64,9 @@ nfpms: postinstall: "release_files/post_install.sh" dockers: - image_templates: - - wiretrustee/wiretrustee:signal-{{ .Version }}-amd64 + - wiretrustee/signal:{{ .Version }}-amd64 ids: - - wiretrustee + - wiretrustee-signal goarch: amd64 use: buildx dockerfile: signal/Dockerfile @@ -69,9 +79,9 @@ dockers: - "--label=org.opencontainers.image.version={{.Version}}" - "--label=maintainer=wiretrustee@wiretrustee.com" - image_templates: - - wiretrustee/wiretrustee:signal-{{ .Version }}-arm64v8 + - wiretrustee/signal:{{ .Version }}-arm64v8 ids: - - wiretrustee + - wiretrustee-signal goarch: arm64 use: buildx dockerfile: signal/Dockerfile @@ -145,15 +155,15 @@ dockers: - "--label=maintainer=wiretrustee@wiretrustee.com" docker_manifests: - - name_template: wiretrustee/wiretrustee:signal-{{ .Version }} + - name_template: wiretrustee/signal:{{ .Version }} image_templates: - - wiretrustee/wiretrustee:signal-{{ .Version }}-arm64v8 - - wiretrustee/wiretrustee:signal-{{ .Version }}-amd64 + - wiretrustee/signal:{{ .Version }}-arm64v8 + - wiretrustee/signal:{{ .Version }}-amd64 - - name_template: wiretrustee/wiretrustee:signal-latest + - name_template: wiretrustee/signal:latest image_templates: - - wiretrustee/wiretrustee:signal-{{ .Version }}-arm64v8 - - wiretrustee/wiretrustee:signal-{{ .Version }}-amd64 + - wiretrustee/signal:{{ .Version }}-arm64v8 + - wiretrustee/signal:{{ .Version }}-amd64 - name_template: wiretrustee/management:{{ .Version }} image_templates: diff --git a/README.md b/README.md index 0f74babb6..0faf8e8b1 100644 --- a/README.md +++ b/README.md @@ -141,22 +141,6 @@ For **Windows** systems: .\wiretrustee.exe service start ``` > You may need to run Powershell as Administrator -### Running the Signal service -After installing the application, you can run the signal using the command below: -````shell -/usr/local/bin/wiretrustee signal --log-level INFO -```` -This will launch the Signal server on port 10000, in case you want to change the port, use the flag --port. -#### Docker image -We have packed the Signal server into docker image. You can pull the image from Docker Hub and execute it with the following commands: -````shell -docker pull wiretrustee/wiretrustee:signal-latest -docker run -d --name wiretrustee-signal -p 10000:10000 wiretrustee/wiretrustee:signal-latest -```` -The default log-level is set to INFO, if you need you can change it using by updating the docker cmd as followed: -````shell -docker run -d --name wiretrustee-signal -p 10000:10000 wiretrustee/wiretrustee:signal-latest --log-level DEBUG -```` ### Running Management, Signal and Coturn Under infrastructure_files we have a docker-compose example to run both, Wiretrustee Management and Signal services, plus an instance of [Coturn](https://github.com/coturn/coturn), it also provides a turnserver.conf file as a simple example of Coturn configuration. diff --git a/cmd/root.go b/cmd/root.go index fcc8d16de..6afc3f7c7 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -47,7 +47,6 @@ func init() { rootCmd.AddCommand(initCmd) rootCmd.AddCommand(addPeerCmd) rootCmd.AddCommand(upCmd) - rootCmd.AddCommand(signalCmd) rootCmd.AddCommand(serviceCmd) serviceCmd.AddCommand(runCmd, startCmd, stopCmd, restartCmd) // service control commands are subcommands of service serviceCmd.AddCommand(installCmd, uninstallCmd) // service installer commands are subcommands of service diff --git a/infrastructure_files/docker-compose.yml b/infrastructure_files/docker-compose.yml index 2ac50105e..0f088b1d1 100644 --- a/infrastructure_files/docker-compose.yml +++ b/infrastructure_files/docker-compose.yml @@ -2,10 +2,15 @@ version: "3" services: # Signal signal: - image: wiretrustee/wiretrustee:signal-latest + image: wiretrustee/signal:latest restart: unless-stopped + volumes: + - wiretrustee-mgmt:/var/lib/wiretrustee ports: - 10000:10000 +# # port and command for Let's Encrypt validation +# - 443:443 +# command: ["--letsencrypt-domain", ""] # Management management: image: wiretrustee/management:latest @@ -29,4 +34,5 @@ services: # - ./cert.pem:/etc/coturn/certs/cert.pem:ro network_mode: host volumes: - wiretrustee-mgmt: \ No newline at end of file + wiretrustee-mgmt: + wiretrustee-signal: \ No newline at end of file diff --git a/signal/Dockerfile b/signal/Dockerfile index 9a6b74218..b85986810 100644 --- a/signal/Dockerfile +++ b/signal/Dockerfile @@ -1,3 +1,3 @@ FROM gcr.io/distroless/base:debug -ENTRYPOINT [ "/go/bin/wiretrustee","signal" ] -COPY wiretrustee /go/bin/wiretrustee \ No newline at end of file +ENTRYPOINT [ "/go/bin/wiretrustee-signal","run" ] +COPY wiretrustee-signal /go/bin/wiretrustee-signal \ No newline at end of file diff --git a/signal/README.md b/signal/README.md index 657e3fdc1..8af465e23 100644 --- a/signal/README.md +++ b/signal/README.md @@ -2,6 +2,55 @@ This is a Wiretrustee signal-exchange server and client library to exchange connection information between Wiretrustee peers +## Command Options +The CLI accepts the command **management** with the following options: +```shell +start Wiretrustee Signal Server daemon + +Usage: + wiretrustee-signal run [flags] + +Flags: + -h, --help help for run + --letsencrypt-domain string a domain to issue Let's Encrypt certificate for. Enables TLS using Let's Encrypt. Will fetch and renew certificate, and run the server with TLS + --port int Server port to listen on (e.g. 10000) (default 10000) + --ssl-dir string server ssl directory location. *Required only for Let's Encrypt certificates. (default "/var/lib/wiretrustee/") + +Global Flags: + --log-level string (default "info") +``` +## Running the Signal service (Docker) + +We have packed the Signal server into docker image. You can pull the image from Docker Hub and execute it with the following commands: +````shell +docker pull wiretrustee/signal:latest +docker run -d --name wiretrustee-signal -p 10000:10000 wiretrustee/signal:latest +```` +The default log-level is set to INFO, if you need you can change it using by updating the docker cmd as followed: +````shell +docker run -d --name wiretrustee-signal -p 10000:10000 wiretrustee/signal:latest --log-level DEBUG +```` +### Run with TLS (Let's Encrypt). +By specifying the **--letsencrypt-domain** the daemon will handle SSL certificate request and configuration. + +In the following example ```10000``` is the signal service **default** port, and ```443``` will be used as port for Let's Encrypt challenge and HTTP API. +> The server where you are running a container has to have a public IP (for Let's Encrypt certificate challenge). + +Replace with your server's public domain (e.g. mydomain.com or subdomain sub.mydomain.com). + +```bash +# create a volume +docker volume create wiretrustee-signal +# run the docker container +docker run -d --name wiretrustee-management \ +-p 10000:10000 \ +-p 443:443 \ +-v wiretrustee-signal:/var/lib/wiretrustee \ +wiretrustee/signal:latest \ +--letsencrypt-domain +``` +## For development purposes: + The project uses gRpc library and defines service in protobuf file located in: ```proto/signalexchange.proto``` diff --git a/signal/cmd/root.go b/signal/cmd/root.go new file mode 100644 index 000000000..5aa926b0a --- /dev/null +++ b/signal/cmd/root.go @@ -0,0 +1,62 @@ +package cmd + +import ( + "fmt" + log "github.com/sirupsen/logrus" + "github.com/spf13/cobra" + "os" + "os/signal" +) + +const ( + // ExitSetupFailed defines exit code + ExitSetupFailed = 1 +) + +var ( + logLevel string + + rootCmd = &cobra.Command{ + Use: "wiretrustee-signal", + Short: "", + Long: "", + } + + // Execution control channel for stopCh signal + stopCh chan int +) + +// Execute executes the root command. +func Execute() error { + return rootCmd.Execute() +} +func init() { + + stopCh = make(chan int) + + rootCmd.PersistentFlags().StringVar(&logLevel, "log-level", "info", "") + rootCmd.AddCommand(runCmd) + InitLog(logLevel) +} + +// SetupCloseHandler handles SIGTERM signal and exits with success +func SetupCloseHandler() { + c := make(chan os.Signal, 1) + signal.Notify(c, os.Interrupt) + go func() { + for range c { + fmt.Println("\r- Ctrl+C pressed in Terminal") + stopCh <- 0 + } + }() +} + +// InitLog parses and sets log-level input +func InitLog(logLevel string) { + level, err := log.ParseLevel(logLevel) + if err != nil { + log.Errorf("Failed parsing log-level %s: %s", logLevel, err) + os.Exit(ExitSetupFailed) + } + log.SetLevel(level) +} diff --git a/cmd/signal.go b/signal/cmd/run.go similarity index 61% rename from cmd/signal.go rename to signal/cmd/run.go index 20ce6fb59..7695a97ef 100644 --- a/cmd/signal.go +++ b/signal/cmd/run.go @@ -6,7 +6,7 @@ import ( log "github.com/sirupsen/logrus" "github.com/spf13/cobra" "github.com/wiretrustee/wiretrustee/encryption" - sigProto "github.com/wiretrustee/wiretrustee/signal/proto" + "github.com/wiretrustee/wiretrustee/signal/proto" "github.com/wiretrustee/wiretrustee/signal/server" "google.golang.org/grpc" "google.golang.org/grpc/credentials" @@ -19,7 +19,7 @@ import ( var ( signalPort int signalLetsencryptDomain string - signalDataDir string + signalSSLDir string signalKaep = grpc.KeepaliveEnforcementPolicy(keepalive.EnforcementPolicy{ MinTime: 5 * time.Second, @@ -33,22 +33,21 @@ var ( Timeout: 2 * time.Second, }) - signalCmd = &cobra.Command{ - Use: "signal", - Short: "start Wiretrustee Signal Server", + runCmd = &cobra.Command{ + Use: "run", + Short: "start Wiretrustee Signal Server daemon", Run: func(cmd *cobra.Command, args []string) { flag.Parse() - if _, err := os.Stat(signalDataDir); os.IsNotExist(err) { - err = os.MkdirAll(signalDataDir, os.ModeDir) - if err != nil { - log.Fatalf("failed creating datadir: %s: %v", signalDataDir, err) - } - } - var opts []grpc.ServerOption if signalLetsencryptDomain != "" { - certManager := encryption.CreateCertManager(signalDataDir, signalLetsencryptDomain) + if _, err := os.Stat(signalSSLDir); os.IsNotExist(err) { + err = os.MkdirAll(signalSSLDir, os.ModeDir) + if err != nil { + log.Fatalf("failed creating datadir: %s: %v", signalSSLDir, err) + } + } + certManager := encryption.CreateCertManager(signalSSLDir, signalLetsencryptDomain) transportCredentials := credentials.NewTLS(certManager.TLSConfig()) opts = append(opts, grpc.Creds(transportCredentials)) } @@ -65,7 +64,7 @@ var ( log.Fatalf("failed to listen: %v", err) } - sigProto.RegisterSignalExchangeServer(grpcServer, server.NewServer()) + proto.RegisterSignalExchangeServer(grpcServer, server.NewServer()) log.Printf("started server: localhost:%v", signalPort) if err := grpcServer.Serve(lis); err != nil { log.Fatalf("failed to serve: %v", err) @@ -79,7 +78,7 @@ var ( ) func init() { - signalCmd.PersistentFlags().IntVar(&signalPort, "port", 10000, "Server port to listen on (e.g. 10000)") - signalCmd.Flags().StringVar(&signalDataDir, "datadir", "/var/lib/wiretrustee/", "server data directory location") - signalCmd.Flags().StringVar(&signalLetsencryptDomain, "letsencrypt-domain", "", "a domain to issue Let's Encrypt certificate for. Enables TLS using Let's Encrypt. Will fetch and renew certificate, and run the server with TLS") + runCmd.PersistentFlags().IntVar(&signalPort, "port", 10000, "Server port to listen on (e.g. 10000)") + runCmd.Flags().StringVar(&signalSSLDir, "ssl-dir", "/var/lib/wiretrustee/", "server ssl directory location. *Required only for Let's Encrypt certificates.") + runCmd.Flags().StringVar(&signalLetsencryptDomain, "letsencrypt-domain", "", "a domain to issue Let's Encrypt certificate for. Enables TLS using Let's Encrypt. Will fetch and renew certificate, and run the server with TLS") } diff --git a/signal/main.go b/signal/main.go new file mode 100644 index 000000000..7fd98e1f6 --- /dev/null +++ b/signal/main.go @@ -0,0 +1,12 @@ +package main + +import ( + "github.com/wiretrustee/wiretrustee/signal/cmd" + "os" +) + +func main() { + if err := cmd.Execute(); err != nil { + os.Exit(1) + } +}