vcs-test: fix deployment and systemd socket association
Quoting https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances
under "Best Practices":
> Grant the instance the https://www.googleapis.com/auth/cloud-platform
> scope to allow full access to all Google Cloud APIs, so that the IAM
> permissions of the instance are completely determined by the IAM roles
> of the service account.
Updates golang/go#27127
Change-Id: Icceb3b17a12223199efd67d27f6bca2b71f8fadc
Reviewed-on: https://go-review.googlesource.com/130475
Reviewed-by: Andrew Bonventre <andybons@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
diff --git a/vcs-test/rebuild-server.sh b/vcs-test/rebuild-server.sh
index 7fe2f0c..e41a56c 100755
--- a/vcs-test/rebuild-server.sh
+++ b/vcs-test/rebuild-server.sh
@@ -11,6 +11,7 @@
--image-project debian-cloud --image-family debian-9 \
--machine-type n1-standard-1 \
--service-account=vcs-test@symbolic-datum-552.iam.gserviceaccount.com \
+ --scopes cloud-platform \
--tags=allow-ssh,http-server,https-server
while sleep 5 && ! gcloud compute ssh vcs-test -- date; do
@@ -20,7 +21,7 @@
gcloud compute ssh vcs-test -- sudo -n bash -c \''
mkdir -p /home/vcweb/svn
chown -R uucp:uucp /home/vcweb
- chown -R 777 /home/vcweb
+ chmod -R 777 /home/vcweb
apt-get update
apt-get install -y mercurial fossil bzr git apache2 ed subversion libapache2-mod-svn
perl -pie 's/80/8888/' /etc/apache2/ports.conf
diff --git a/vcs-test/redeploy-vcweb.sh b/vcs-test/redeploy-vcweb.sh
index 38f9675..5ea6144 100755
--- a/vcs-test/redeploy-vcweb.sh
+++ b/vcs-test/redeploy-vcweb.sh
@@ -6,13 +6,14 @@
set -e
info="$USER $(date)"
-CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build "-ldflags=\"-X=main.buildInfo=$info\"" -o vcweb.exe ./vcweb
+GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build "-ldflags=\"-X=main.buildInfo=$info\"" -o vcweb.exe ./vcweb
trap "rm -f vcweb.exe" EXIT
gcloud beta compute scp vcweb.exe vcs-test:
gcloud compute ssh vcs-test -- sudo -n bash -c \''
mv vcweb.exe /usr/bin/vcweb
+ chmod a+rx /usr/bin/vcweb
systemctl restart vcweb.service
systemctl status -l vcweb.service
'\'
diff --git a/vcs-test/vcweb/main.go b/vcs-test/vcweb/main.go
index a3d6028..0425192 100644
--- a/vcs-test/vcweb/main.go
+++ b/vcs-test/vcweb/main.go
@@ -69,17 +69,12 @@
handler := logger(http.HandlerFunc(loadAndHandle))
// If running under systemd, listen on 80 and 443 and serve TLS.
- if listeners, _ := activation.Listeners(); len(listeners) == 2 {
- // Want listeners[0] is port 80, listeners[1] is port 443.
- // There's no guaranteed order of the listeners!
- // Sometimes we get 80, 443; other times we get 443, 80.
- names := strings.Split(os.Getenv("LISTEN_FDNAMES"), ":")
- if strings.Contains(names[0], "https") {
- listeners[0], listeners[1] = listeners[1], listeners[0]
- }
+ if listeners, _ := activation.ListenersWithNames(); len(listeners) == 2 {
+ httpListener := listeners["vcweb-http.socket"][0]
+ httpsListener := listeners["vcweb-https.socket"][0]
go func() {
- log.Fatal(http.Serve(listeners[0], handler))
+ log.Fatal(http.Serve(httpListener, handler))
}()
dir := acme.LetsEncryptURL
if *staging {
@@ -115,7 +110,7 @@
daemon.SdNotify(false, "WATCHDOG=1")
}
}()
- log.Fatal(s.ServeTLS(listeners[1], "", ""))
+ log.Fatal(s.ServeTLS(httpsListener, "", ""))
}
// Local development on :8088.
