First tutorial

Lawouach · Lawouach · commit 4eba88d4a62b · 2018-06-26T11:17:56.000+02:00
Signed-off-by: Sylvain Hellegouarch &lt;sh@defuze.org&gt;
diff --git a/tutorials/a-simple-walkthrough/astre.py b/tutorials/a-simple-walkthrough/astre.py
@@ -0,0 +1,57 @@
+from datetime import date, datetime
+import os
+
+from astral import Astral
+import cherrypy
+from cherrypy.process.plugins import Daemonizer, PIDFile
+import pytz
+
+
+class Root:
+    @cherrypy.expose
+    @cherrypy.tools.json_in()
+    @cherrypy.tools.json_out()
+    def index(self) -> str:
+        """
+        Compute sunrise and sunset for the given city.
+        """
+        a = Astral()
+        a.solar_depression = 'civil'
+
+        params = cherrypy.request.json
+        city_name = params["city"] or ""
+        try:
+            city = a[city_name]
+        except KeyError:
+            return {"error": "unknown city"}
+
+        tz = pytz.timezone(city.timezone)
+
+        sun = city.sun(date=date.today(), local=False)
+        result = {}
+        for k, v in sun.items():
+            if isinstance(v, datetime):
+                result[k] = v.astimezone(tz).isoformat()
+            else:
+                result[k] = v
+        return result
+
+
+def run():
+    cur_dir = os.path.abspath(os.path.dirname(__file__))
+
+    cherrypy.config.update({
+        "environment": "production",
+        "log.screen": True,
+        "server.socket_port": 8444,
+        "server.ssl_module": "builtin",
+        "server.ssl_private_key": os.path.join(cur_dir, "../../key.pem"),
+        "server.ssl_certificate": os.path.join(cur_dir, "../../cert.pem")
+    })
+    Daemonizer(cherrypy.engine).subscribe()
+    PIDFile(cherrypy.engine, 'astre.pid').subscribe()
+    cherrypy.quickstart(Root())
+
+
+if __name__ == '__main__':
+    run()
diff --git a/tutorials/a-simple-walkthrough/experiment.json b/tutorials/a-simple-walkthrough/experiment.json
@@ -0,0 +1,106 @@
+{
+    "version": "1.0.0",
+    "title": "What is the impact of an expired certificate on our application chain?",
+    "description": "If a certificate expires, we should gracefully deal with the issue.",
+    "tags": ["tls"],
+    "steady-state-hypothesis": {
+        "title": "Application responds",
+        "probes": [
+            {
+                "type": "probe",
+                "name": "the-astre-service-must-be-running",
+                "tolerance": true,
+                "provider": {
+                    "type": "python",
+                    "module": "os.path",
+                    "func": "exists",
+                    "arguments": {
+                        "path": "astre.pid"
+                    }
+                }
+            },
+            {
+                "type": "probe",
+                "name": "the-sunset-service-must-be-running",
+                "tolerance": true,
+                "provider": {
+                    "type": "python",
+                    "module": "os.path",
+                    "func": "exists",
+                    "arguments": {
+                        "path": "sunset.pid"
+                    }
+                }
+            },
+            {
+                "type": "probe",
+                "name": "we-can-request-sunset",
+                "tolerance": 200,
+                "provider": {
+                    "type": "http",
+                    "timeout": 3,
+                    "verify_tls": false,
+                    "url": "https://localhost:8443/city/Paris"
+                }
+            }
+        ]
+    },
+    "method": [
+        {
+            "type": "action",
+            "name": "swap-to-expired-cert",
+            "provider": {
+                "type": "process",
+                "path": "cp",
+                "arguments": "expired-cert.pem cert.pem"
+            }
+        },
+        {
+            "type": "probe",
+            "name": "read-tls-cert-expiry-date",
+            "provider": {
+                "type": "process",
+                "path": "openssl",
+                "arguments": "x509 -enddate -noout -in cert.pem"
+            }
+        },
+        {
+            "type": "action",
+            "name": "restart-astre-service-to-pick-up-certificate",
+            "provider": {
+                "type": "process",
+                "path": "pkill",
+                "arguments": "--echo -HUP -F astre.pid"
+            }
+        },
+        {
+            "type": "action",
+            "name": "restart-sunset-service-to-pick-up-certificate",
+            "provider": {
+                "type": "process",
+                "path": "pkill",
+                "arguments": "--echo -HUP -F sunset.pid"
+            },
+            "pauses": {
+                "after": 1
+            }
+        }
+    ],
+    "rollbacks": [
+        {
+            "type": "action",
+            "name": "swap-to-vald-cert",
+            "provider": {
+                "type": "process",
+                "path": "cp",
+                "arguments": "valid-cert.pem cert.pem"
+            }
+        },
+        {
+            "ref": "restart-astre-service-to-pick-up-certificate"
+        },
+        {
+            "ref": "restart-sunset-service-to-pick-up-certificate"
+        }
+    ]
+}
diff --git a/tutorials/a-simple-walkthrough/expired-cert.pem b/tutorials/a-simple-walkthrough/expired-cert.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDmzCCAoOgAwIBAgIJAMeAgmoUPaRiMA0GCSqGSIb3DQEBCwUAMGQxCzAJBgNV
+BAYTAkZSMREwDwYDVQQIDAhCcml0dGFueTEOMAwGA1UEBwwFUGFyaXMxEDAOBgNV
+BAoMB0NvbXBhbnkxDDAKBgNVBAsMA09yZzESMBAGA1UEAwwJbG9jYWxob3N0MB4X
+DTE4MDUwNDE1MDAwMFoXDTE4MDUwNTE1MDAwMFowZDELMAkGA1UEBhMCRlIxETAP
+BgNVBAgMCEJyaXR0YW55MQ4wDAYDVQQHDAVQYXJpczEQMA4GA1UECgwHQ29tcGFu
+eTEMMAoGA1UECwwDT3JnMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC6+m6dLZrwhgJmGADR7uCG6pBTC13TnHRNZzRV
+S8AIZOxzZxV6QHHt1ysa7NTCx0WiGtJ6iRJmLMqTJ5wpw2VB6/Je+y9QwcXHXN8V
+SneXOfk+dRBT4IlZ+WWvIfLx6TA/fYabUsbvB/nHZblt09M7aMnROQVmIr0fqVT/
+oI4bk6K550I3xEZMiw9MAvn8OG1TZ4qbsOr6zYTlOTFDpH7Ss3mF1Psg93WRKSub
+EbBH/CK/60u2vw7eHrah3xbVEQBrKDDvrJlc3dmJA9ONzkTVue1oUpY2GkHzD2cH
+fKsORN46I//dC2AHWnnw+r0dkRgI9po5QOVmSJxDWKERPxk7AgMBAAGjUDBOMB0G
+A1UdDgQWBBQGwOwXjELeYRPjEsrawTJ5PjF0wDAfBgNVHSMEGDAWgBQGwOwXjELe
+YRPjEsrawTJ5PjF0wDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA+
+xP12Qruo3cW/c8HSmQnTe5/r/Lg9qyK9wgsXxlo/OPT8ZJN5vEgwKZEVY4/5oSYX
+O8LnDjslzYiZcpi9kcW/02SjpjiRQOz8UpLYsxJBgzXQzqc5Ih5q7krQtezmy4JZ
+uJyCuaSuXtOzHuSL2M/3wwr9lvPJ+Sk1+KIC3b+cWPpUKAnUB63PO8tY9v4xtnzi
+bd6Kzf9Dmzo2LId2wpPUcvZ6hEsdutq5/EYnV1CJbNJEAqnRWexaX2mR3T/Mx3/6
+hF90Mk/Spe8lBL7YL6OyBTISS5cTSMMtA1FtKgXLrY0SDmoDDKlmdAj77W8QtTgm
+ZVaHIbIgLi59xtvYu6yF
+-----END CERTIFICATE-----
diff --git a/tutorials/a-simple-walkthrough/key.pem b/tutorials/a-simple-walkthrough/key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC6+m6dLZrwhgJm
+GADR7uCG6pBTC13TnHRNZzRVS8AIZOxzZxV6QHHt1ysa7NTCx0WiGtJ6iRJmLMqT
+J5wpw2VB6/Je+y9QwcXHXN8VSneXOfk+dRBT4IlZ+WWvIfLx6TA/fYabUsbvB/nH
+Zblt09M7aMnROQVmIr0fqVT/oI4bk6K550I3xEZMiw9MAvn8OG1TZ4qbsOr6zYTl
+OTFDpH7Ss3mF1Psg93WRKSubEbBH/CK/60u2vw7eHrah3xbVEQBrKDDvrJlc3dmJ
+A9ONzkTVue1oUpY2GkHzD2cHfKsORN46I//dC2AHWnnw+r0dkRgI9po5QOVmSJxD
+WKERPxk7AgMBAAECggEBAIIQ9WNnNxG71u1YIzHmHtAbWXw7OvCaNBkoArKW+CWe
+txDsE3ewXtBZTkXzm2lHH3xNdj8BHQhwfhZxhmNS5hw+WqKRzu85bDBrvU9dNuW+
+0VAONOZ0Gne5Um/KiOqZERQJaNqhcXsTrEB11dC9eoIoOcPOC6Bp5++fZl5QPKqX
+D0P/O54oKLtibgpapP7Fobw3zvQXcbLicttiVNipnZdsRIR/J9a2oMTBQ+VcXbWG
+7AIJnJVqrNVqE+yCcqzf3e6SiE/9ZM6QYjEKZGzECJrPg+nrsGjLsMId/UNzKwZS
+A2zNgm7vrxQ8LJzKZ/l+QI0KJJkE1HOMuuSja2RqTJkCgYEA3OKlunKIIzSJJk5n
+zZh8Auu5F5r5hWoxA9qNgS77U1Bw4qmHPg0NKPLvCw/tLQCL/XFRsi4iZ0RZ0XyX
+CtwrJXqirP+w+HXo7usQYAH9wGPLZ+PE32oHdxv/7VgH/9UftGz8JL3kaLHNjUAo
+yEwXxenf9kdow4gX+aEC6pqltqUCgYEA2LPe4DAs9wVp+73crMnr3OMFOn7lx/HV
+2wG8So3zXVs+w/tGPXrjO4AOLWv1elh3S/aulioMHPeor+WvX+AnRo5W5xXfIa4d
+3YIfmkCMg05VyNUnSwj9FIPbz8W/FNFgz7b4OwHwtz2WlApuMGMKVoWzPpMk2Nww
+nD9Sj/Wgal8CgYEA0/vwcW9Zl+/jcA/vLzEYUvVHPZBNx+yR/dDR3RjpupuIuv9X
+/AUqjBIZt9QhGv9bWnBWp1n/Snwedx3LF3EVN3LqjH0Xqlv+oMyXeoxuqyUbISlG
+1+M6JuWISJAjnTM8qjuuANT9UDzTuKvKd/APILHDbug5cu45lCkiU2T3hMECgYEA
+wcjn7/dk3mmbAyIf6uyO3XKuREciWJDsuvJsXQdfsAZetIdJosT320eCZh/63zOp
+SucH7QUg2+6kjNeK4uPie3fiQrgOV2ILFwC8HgbHIMy2begfQTyChQv9T2n4nDc4
+qcdnZ+0uQ87xjuVc8CxBHGpnhfezpbISTkdaH555m2UCgYB/+92Ybuq+NE58vniN
+hkVSX5RjVF3+r5akWOkywBVZvcfa5ATabzm7eXsAzXwcM2zZC1gq9zbZJRX9sLc6
+tHpuLQiSPyMDXQfgy5S+FDUSu/BktbRx7nZ4PWUBrC4qcms77Qq+NCGWQ9HUEGPo
+bclNhHe+IWE/KDUCf+DgJji8cQ==
+-----END PRIVATE KEY-----
diff --git a/tutorials/a-simple-walkthrough/requirements.txt b/tutorials/a-simple-walkthrough/requirements.txt
@@ -0,0 +1,4 @@
+astral
+cherrypy
+pytz
+requests
diff --git a/tutorials/a-simple-walkthrough/sunset.py b/tutorials/a-simple-walkthrough/sunset.py
@@ -0,0 +1,44 @@
+import os
+
+import cherrypy
+from cherrypy.process.plugins import Daemonizer, PIDFile
+import requests
+
+cur_dir = os.path.abspath(os.path.dirname(__file__))
+key_path = os.path.join(cur_dir, "../../key.pem")
+cert_path = os.path.join(cur_dir, "../../cert.pem")
+
+
+class Root:
+    @cherrypy.expose
+    def city(self, name):
+        r = requests.post("https://localhost:8444/", timeout=(2, 2), json={
+            "city": name
+        }, verify=cert_path)
+
+        if r.status_code != 200:
+            raise cherrypy.HTTPError(500, r.text)
+
+        cherrypy.response.headers["Content-Type"] = "text/plain"
+        return "The sunset will occur at {} in {}".format(
+            r.json()["sunset"], name
+        )
+
+
+def run():
+
+    cherrypy.config.update({
+        "environment": "production",
+        "log.screen": True,
+        "server.socket_port": 8443,
+        "server.ssl_module": "builtin",
+        "server.ssl_private_key": key_path,
+        "server.ssl_certificate": cert_path
+    })
+    Daemonizer(cherrypy.engine).subscribe()
+    PIDFile(cherrypy.engine, 'sunset.pid').subscribe()
+    cherrypy.quickstart(Root())
+
+
+if __name__ == '__main__':
+    run()
diff --git a/tutorials/a-simple-walkthrough/valid-cert.pem b/tutorials/a-simple-walkthrough/valid-cert.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDnTCCAoWgAwIBAgIJALBVtstA2EzQMA0GCSqGSIb3DQEBCwUAMGUxCzAJBgNV
+BAYTAkZSMREwDwYDVQQIDAhCcml0dGFueTEPMA0GA1UEBwwGUmVubmVzMRAwDgYD
+VQQKDAdDb21wYW55MQwwCgYDVQQLDANPcmcxEjAQBgNVBAMMCWxvY2FsaG9zdDAe
+Fw0xODA1MTQxNDI2NDlaFw0yODA1MTExNDI2NDlaMGUxCzAJBgNVBAYTAkZSMREw
+DwYDVQQIDAhCcml0dGFueTEPMA0GA1UEBwwGUmVubmVzMRAwDgYDVQQKDAdDb21w
+YW55MQwwCgYDVQQLDANPcmcxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBALr6bp0tmvCGAmYYANHu4IbqkFMLXdOcdE1n
+NFVLwAhk7HNnFXpAce3XKxrs1MLHRaIa0nqJEmYsypMnnCnDZUHr8l77L1DBxcdc
+3xVKd5c5+T51EFPgiVn5Za8h8vHpMD99hptSxu8H+cdluW3T0ztoydE5BWYivR+p
+VP+gjhuTornnQjfERkyLD0wC+fw4bVNnipuw6vrNhOU5MUOkftKzeYXU+yD3dZEp
+K5sRsEf8Ir/rS7a/Dt4etqHfFtURAGsoMO+smVzd2YkD043ORNW57WhSljYaQfMP
+Zwd8qw5E3joj/90LYAdaefD6vR2RGAj2mjlA5WZInENYoRE/GTsCAwEAAaNQME4w
+HQYDVR0OBBYEFAbA7BeMQt5hE+MSytrBMnk+MXTAMB8GA1UdIwQYMBaAFAbA7BeM
+Qt5hE+MSytrBMnk+MXTAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
+AJbF4bpngVhafhRPe5DEcDJwg3wEiFcRCCZoyQTN/GPIagZbEOr1whdXutxHlAPR
+Em1BxPkKbTJ7f2edq9BHgFTvw4VYkXUG1ssd8H8/GOX5K1cqActDMGiRqGi3oD6V
+i9A416rO0rNvpijixCPqvE3ye8PEgFL7WLvSI9p9MetAHiqFbTN974y916hhNTEV
+hMhPtSoPrH88VpvEsNADQrlrVQaEaxCuNvJXsXPh7Sw7r8+rvjBiCeY6J9S3SQfB
+VMKn7Hgc1Ct56/YLDXvjFZBx6dL7wb0TScNEqVanX6nVeUPPCe7TLkZQY/nIn4c7
+d/KbiuL7BIb5B7bjMkmmNq0=
+-----END CERTIFICATE-----

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +astral
 +cherrypy
 +pytz
 +requests