Improved vmscripts and js client lib reliability. (#293)

* Added certbot ssl support to vm scripts.
* Client lib blake3 init improvement.
* Client lib connection review process improvement.

examples/js_client/hp-client-lib.js

@@ -166,6 +166,8 @@
         // 0 indicates we are not missing any connections. This will be initially set when connect() is called.
         let connectionsMissingFrom = 0;
 
+        let reviewConnectionsTimer = null;
+
         // Checks for missing connections and attempts to establish them.
         const reviewConnections = () => {
 
@@ -173,7 +175,7 @@
                 return;
 
             // Check for connection changes periodically.
-            setTimeout(() => {
+            reviewConnectionsTimer = setTimeout(() => {
                 reviewConnections();
             }, connectionCheckIntervalMs);
 
@@ -304,6 +306,12 @@
                 return;
 
             status = 2;
+
+            if (reviewConnectionsTimer) {
+                clearTimeout(reviewConnectionsTimer);
+                reviewConnectionsTimer = null;
+            }
+
             emitter.clear(events.connectionChange);
             emitter.clear(events.contractOutput);
             emitter.clear(events.contractReadResponse);
@@ -718,8 +726,10 @@
 
             emitter = null;
 
-            if (handshakeTimer)
+            if (handshakeTimer) {
                 clearTimeout(handshakeTimer);
+                handshakeTimer = null;
+            }
 
             // If there are any ongoing resolvers resolve them with error output.
 
@@ -776,6 +786,7 @@
                 });
             }
             else {
+                ws.close();
                 return Promise.resolve();
             }
         }
@@ -1102,16 +1113,23 @@
     }
 
     let blake3Resolver = null;
+    let blake3awaiter = null;
     // Set blake3 reference.
     async function initBlake3() {
-        if (blake3) // If already set, do nothing.
+        if (blake3) { // If already set, do nothing.
             return;
-        else if (isBrowser && window.blake3) // browser (if blake3 already loaded)
+        }
+        else if (isBrowser && window.blake3) {// browser (if blake3 already loaded)
             blake3 = window.blake3;
-        else if (isBrowser && !window.blake3) // If blake3 not yet loaded in browser, wait for it.
-            blake3 = await new Promise(resolve => blake3Resolver = resolve);
-        else if (!isBrowser) // nodejs
+        }
+        else if (isBrowser && !window.blake3) { // If blake3 not yet loaded in browser, wait for it.
+            if (!blake3awaiter)
+                blake3awaiter = new Promise(resolve => blake3Resolver = resolve);
+            blake3 = await blake3awaiter;
+        }
+        else if (!isBrowser) { // nodejs
             blake3 = require('blake3');
+        }
 
         if (!blake3)
             throw "Blake3 reference not found.";

test/vm-cluster/cluster.sh

@@ -47,16 +47,23 @@ contdir=$basedir/$CONTRACT
 vmcount=${#vmaddrs[@]}
 mode=$1
 hpcore=$(realpath ../..)
-let nodeid=$2-1
+
+# Check if second arg (nodeid) is a number or not.
+# If it's a number then reduce 1 from it to get zero-based node index.
+if ! [[ $2 =~ ^[0-9]+$ ]] ; then
+    let nodeid=-1
+else
+    let nodeid=$2-1
+fi
 
 if [ "$mode" = "info" ] || [ "$mode" = "new" ] || [ "$mode" = "update" ] || [ "$mode" = "reconfig" ] || \
    [ "$mode" = "start" ] || [ "$mode" = "stop" ] || [ "$mode" = "check" ] || [ "$mode" = "log" ] || [ "$mode" = "kill" ] || \
-   [ "$mode" = "ssh" ] || [ "$mode" = "reboot" ] || [ "$mode" = "dns" ] || [ "$mode" = "ssl" ] || [ "$mode" = "lcl" ] || [ "$mode" = "pubkey" ]; then
+   [ "$mode" = "ssh" ] || [ "$mode" = "reboot" ] || [ "$mode" = "ssl" ] || [ "$mode" = "lcl" ] || [ "$mode" = "pubkey" ]; then
     echo "mode: $mode ($contdir)"
 else
     echo "Invalid command. [ info | new | update | reconfig" \
         " | start [N] | stop [N] | check [N] | log <N> | kill [N] | reboot <N> | ssh <N>or<command>" \
-        " | dns <N> <zerossl file> | ssl <N> | lcl | pubkey <N> ] expected."
+        " | ssl <email>or<N> <email> | lcl | pubkey <N> ] expected."
     exit 1
 fi
 
@@ -72,8 +79,7 @@ fi
 # kill - Force kill hot pocket (if running) on specified vm node or entire cluster.
 # reboot - Reboot specified vm node.
 # ssh - Open up an ssh terminal for the specified vm node.
-# dns - Uploads given zerossl domain verification file to vm and starts http server for DNS check.
-# ssl - Uploads matching zerossl certificate bundle from ~/downloads/ to the contract.
+# ssl - Creates LetsEncrypt ssl certs matching with the vm domain name.
 # lcl - Displays the lcls of all nodes.
 # pubkey - Displays the pubkey on specified vm node or entire cluster.
 
@@ -175,7 +181,7 @@ fi
 if [ $mode = "ssh" ]; then
     if [ $nodeid = -1 ]; then
         if [ -n "$2" ]; then
-            # Interprit second arg as a command to execute on all nodes.
+            # Interpret second arg as a command to execute on all nodes.
             command=${*:2}
             echo "Executing '$command' on all nodes..."
             for (( i=0; i<$vmcount; i++ ))
@@ -197,44 +203,33 @@ if [ $mode = "ssh" ]; then
     fi
 fi
 
-if [ $mode = "dns" ]; then
-    if [ $nodeid = -1 ]; then
-        echo "Please specify node no."
-        exit 1
-    fi
-    if [[ $3 = "" ]]; then
-        echo "Please provide zerossl domain verification txt file path."
-        exit 1
-    fi
-    vmaddr=${vmaddrs[$nodeid]}
-    sshpass -p $vmpass ssh $vmuser@$vmaddr "mkdir -p $basedir/web80/.well-known/pki-validation"
-    sshpass -p $vmpass scp $3 $vmuser@$vmaddr:$basedir/web80/.well-known/pki-validation/
-    sshpass -p $vmpass ssh $vmuser@$vmaddr "sudo apt-get install -y python"
-    sshpass -p $vmpass ssh $vmuser@$vmaddr -t "cd $basedir/web80 && sudo python -m SimpleHTTPServer 80"
-    exit 0
-fi
-
 if [ $mode = "ssl" ]; then
     if [ $nodeid = -1 ]; then
-        echo "Please specify node no."
-        exit 1
+        if [ -n "$2" ]; then
+            # If nodeid is not specified, interpret second arg as the ssl account notification email.
+            command="$contdir/ssl.sh $2"
+            for (( i=0; i<$vmcount; i++ ))
+            do
+                vmaddr=${vmaddrs[i]}
+                let nodeid=$i+1
+                echo "node"$nodeid":" $(sshpass -p $vmpass ssh $vmuser@$vmaddr $command) &
+            done
+            wait
+        else
+            echo "Please specify node no. or ssl account notification email."
+            exit 1
+        fi
+    else
+        # if nodeid is specified, interpret third arg as the ssl account notification email.
+        if [ -n "$3" ]; then
+            command="$contdir/ssl.sh $3"
+            vmaddr=${vmaddrs[$nodeid]}
+            sshpass -p $vmpass ssh $vmuser@$vmaddr $command
+        else
+            echo "Please specify ssl account notification email."
+            exit 1
+        fi
     fi
-    vmaddr=${vmaddrs[$nodeid]}
-
-    sudo apt-get install -y unzip
-    unzip -d ~/downloads/$vmaddr/ ~/downloads/$vmaddr.zip || exit 1;
-    pushd ~/downloads/$vmaddr > /dev/null 2>&1
-    mkdir certs
-    cat certificate.crt <(echo) ca_bundle.crt > certs/tlscert.pem
-    mv private.key certs/tlskey.pem
-    popd > /dev/null 2>&1
-    
-    echo "Sending tls certs to the contract..."
-    sshpass -p $vmpass scp ~/downloads/$vmaddr/certs/* $vmuser@$vmaddr:$basedir/hpfiles/ssl/
-    sshpass -p $vmpass ssh $vmuser@$vmaddr cp -rf $basedir/hpfiles/ssl/* $contdir/cfg/
-    
-    rm -r ~/downloads/$vmaddr
-    echo "Done"
     exit 0
 fi
 

test/vm-cluster/setup-hp.sh

@@ -3,6 +3,7 @@
 mode=$1
 basedir=$2
 contdir=$3 # Contract directory
+vmaddr=$4
 
 if [[ ! -f /swapfile ]]
 then
@@ -87,6 +88,15 @@ if [ $mode = "new" ] || [ $mode = "reconfig" ]; then
    echo "echo \"select seq_no || '-' || lower(hex(ledger_hash)) from ledger order by seq_no DESC limit 1;\" | sqlite3 file:$contdir/ledger_fs/seed/primary/\$max_shard_no/ledger.sqlite?mode=ro" >> $contdir/lcl.sh
    sudo chmod +x $contdir/lcl.sh
 
+   # Create ssl.sh script
+   # This installs LetsEncrypt certbot and generates the SSL certs matching with vm domain name.
+   echo "snap install --classic certbot && ln -s /snap/bin/certbot /usr/bin/certbot > /dev/null 2>&1" > $contdir/ssl.sh
+   echo "certbot certonly --standalone -n -m \$1 --agree-tos -d $vmaddr" >> $contdir/ssl.sh
+   echo "cp /etc/letsencrypt/live/$vmaddr/fullchain.pem $basedir/hpfiles/ssl/tlscert.pem" >> $contdir/ssl.sh
+   echo "cp /etc/letsencrypt/live/$vmaddr/privkey.pem $basedir/hpfiles/ssl/tlskey.pem" >> $contdir/ssl.sh
+   echo "cp -rf $basedir/hpfiles/ssl/* $contdir/cfg/" >> $contdir/ssl.sh
+   sudo chmod +x $contdir/ssl.sh
+
    # Configure .screenrc
    pushd $contdir > /dev/null 2>&1
    echo "chdir $contdir" >> hp.screenrc

test/vm-cluster/setup-vm.sh

@@ -19,6 +19,6 @@ fi
 if [ $mode = "new" ] || [ $mode = "reconfig" ]; then
     # Run hp setup script on the VM and download the generated hp.cfg
     echo "Configuring HP..."
-    sshpass -p $vmpass ssh $vmuser@$vmaddr $basedir/hpfiles/setup-hp.sh $mode $basedir $contdir
+    sshpass -p $vmpass ssh $vmuser@$vmaddr $basedir/hpfiles/setup-hp.sh $mode $basedir $contdir $vmaddr
     sshpass -p $vmpass scp $vmuser@$vmaddr:$contdir/cfg/hp.cfg ./cfg/node$nodeid.cfg
 fi