Enhance instantiate/startup process

Many changes: 1. Add copyright notices to scripts. 2. Add code to startup.py to run services in the “apache” group instead of as root (hopefully; testing this next). 3. Update WebRTC chat/video demo to use local hostname for STUN/TURN server address instead of hardcoded IP. 4. Updated updater script (update.sh) to fetch the EC2 local and public IPs instead of using hardcoded IPs for starting turnserver. 5. Added code to user-data.sh (instantiation-time script) to copy the startup.py script to the per-boot space so the startup process gets run on reboots. This should allow us to run everything on both stage and prod without fiddling, and should allow rebooting to pick up changes without having to start processes by hand afterward.
mdn · Nov 30, 2015 · 736e9d8 · 736e9d8
1 parent 02d0510
commit 736e9d8
Show file tree

Hide file tree

Showing 4 changed files with 56 additions and 8 deletions.
diff --git a/s/webrtc-from-chat/chatclient.js b/s/webrtc-from-chat/chatclient.js
@@ -11,6 +11,11 @@
 
 "use strict";
 
+// Get our hostname
+
+var myHostname = window.location.hostname;
+console.log("Hostname: " + myHostname);
+
 // WebSocket chat/signaling channel variables.
 
 var connection = null;
@@ -74,7 +79,7 @@ function setUsername() {
 // Open and configure the connection to the WebSocket server.
 
 function connect() {
-  var serverUrl = "ws://" + window.location.hostname + ":6503";
+  var serverUrl = "ws://" + myHostname + ":6503";
 
   connection = new WebSocket(serverUrl, "json");
 
@@ -291,13 +296,13 @@ function setupVideoCall(signalMessage) {
   myPeerConnection = new RTCPeerConnection({
       iceServers: [     // Information about ICE servers - Use your own!
         {
-          urls: "stun:52.5.80.241"   // A STUN server
+          urls: "stun:" + hostname   // A STUN server
         },
         {
           urls: "stun:stun.l.google.com:19302"
         },
         {
-          urls: "turn:52.5.80.241",  // A TURN server
+          urls: "turn:" + hostname,  // A TURN server
           username: "webrtc",
           credential: "turnserver"
         }

diff --git a/startup.py b/startup.py
@@ -1,11 +1,16 @@
+#!/usr/bin/python
 #
 # MDN Sample Server
 # Start up samples as needed.
 #
+# Any copyright is dedicated to the Public Domain.
+# http://creativecommons.org/publicdomain/zero/1.0/
+#
 
 import os
 import sys
 import subprocess
+import pwd
 
 #
 # startService
@@ -17,11 +22,35 @@
 def startService(path):
   print("Starting service: " + path)
 
-  startupScript = path + "/" + "startup.sh";
+  startupScript = path + "/" + "startup.sh"
   if os.path.exists(startupScript):
     sys.stdout.flush()
 
-    subprocess.Popen(["/bin/bash", startupScript], cwd = path)
+    pw_record = pwd.getpwnam("apache")
+
+    env = os.environ.copy()
+    env['HOME'] = pw_record.pw_dir
+    env['LOGNAME'] = pw_record.pw_name
+    env['PWD'] = path
+    env['USER'] = pw_record.pw_name
+
+    process = subprocess.Popen(
+      ["/bin/bash", startupScript], cwd = path, env = env, preexec_fn=demoteUser(pw_record.pw_uid, pw_record.pw_gid)
+    )
+
+    # TODO: At some point we should record process IDs for restarts/shutdowns/etc
+
+#
+# demoteUser
+#
+# Downgrade to execute the process using the specified user ID and group ID.
+#
+def demoteUser(user_uid, user_gid):
+  def result():
+    os.setgid(user_gid)
+    os.setuid(user_uid)
+
+  return result
 
 #
 # Main program

diff --git a/update.sh b/update.sh
@@ -6,6 +6,14 @@
 #
 # It then calls the startup.py script to start each sample's
 # background tasks as needed.
+#
+# Any copyright is dedicated to the Public Domain.
+# http://creativecommons.org/publicdomain/zero/1.0/
+
+# Get information we need about our server setup
+
+PUBLIC_IP=$(curl --silent http://169.254.169.254/latest/meta-data/public-ipv4)
+LOCAL_IP=$(curl --silent http://169.254.169.254/latest/meta-data/local-ipv4)
 
 # Update existing software
 
@@ -45,7 +53,7 @@ systemctl enable httpd.service
 
 # Start the turn server
 
-turnserver --syslog -a -o -L 172.31.45.0 -X 52.5.80.241 -E 172.31.45.0 -f --min-port=32355 --max-port=65535 --user=webrtc:turnserver -r mdnSamples --log-file=stdout -v
+turnserver --syslog -a -o -L $LOCAL_IP -X $PUBLIC_IP -E $LOCAL_IP -f --min-port=32355 --max-port=65535 --user=webrtc:turnserver -r mdnSamples --log-file=stdout -v
 
 # Start spinning up Sample Server stuff here
 

diff --git a/user-data.sh b/user-data.sh
@@ -9,6 +9,9 @@
 # This script is based on this tutorial on the AWS docs site:
 #    http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/install-LAMP.html
 #
+# Any copyright is dedicated to the Public Domain.
+# http://creativecommons.org/publicdomain/zero/1.0/
+#
 
 # Install packages needed for Web server support
 
@@ -25,14 +28,17 @@ usermod -a -G www ec2-user
 
 git clone https://github.com/mdn/samples-server /var/www/html
 
-# Pull the main startup script from github
+# Pull the main startup scripts from github
 
 curl https://raw.githubusercontent.com/mdn/samples-server/master/update.sh > /usr/local/bin/update.sh
 chmod +x /usr/local/bin/update.sh
 
+curl https://raw.githubusercontent.com/mdn/samples-server/master/startup.py > /var/lib/cloud/scripts/per-boot/startup.py
+chmod +x /var/lib/cloud/scripts/per-boot/startup.py
+
 # Create the service that will run the startup script on boot
 
-# Run the startup script; this will update the operating system and
+# Run the updater script; this will update the operating system and
 # system tools, then pull the latest code from Github
 
 /usr/local/bin/update.sh