10 files changed, 52 insertions, 22 deletions

diff --git a/README.md b/README.md
index 177667a..7002c57 100644
--- a/README.md
+++ b/README.md
@@ -221,6 +221,9 @@ masters:
     slave_keys:			optional path to a directory with slaves public key. Usefull when you want to create a master without slaves nodes in boards.yaml.
     persistent_db: True/False	(default False) Is the postgres DB is persistent over reboot
     http_fqdn:			The FQDN used to access the LAVA web interface. This is necessary if you use https otherwise you will issue CSRF errors.
+    allowed_hosts:		A list of FQDN used to access the LAVA master
+    - "fqdn1"
+    - "fqdn2"
     loglevel:
       lava-logs: DEBUG/INFO/WARN/ERROR			(optional) select the loglevel of lava-logs (default to DEBUG)
       lava-slave: DEBUG/INFO/WARN/ERROR			(optional) select the loglevel of lava-slave (default to DEBUG)
diff --git a/lava-master-base/99-stretch-backports b/lava-master-base/99-stretch-backports
index cfd4832..02491b1 100644
--- a/lava-master-base/99-stretch-backports
+++ b/lava-master-base/99-stretch-backports
@@ -37,3 +37,7 @@ Pin-Priority: 500
 Package: lavacli
 Pin: release n=stretch-backports
 Pin-Priority: 500
+
+Package: python3-junit.xml
+Pin: release n=stretch-backports
+Pin-Priority: 500
diff --git a/lava-master-base/Dockerfile b/lava-master-base/Dockerfile
index 03b634f..ee7d47f 100644
--- a/lava-master-base/Dockerfile
+++ b/lava-master-base/Dockerfile
@@ -12,6 +12,8 @@ RUN echo 'lava-server   lava-server/instance-name string lava-docker-instance' |
  && echo 'locales locales/locales_to_be_generated multiselect C.UTF-8 UTF-8, en_US.UTF-8 UTF-8 ' | debconf-set-selections \
  && echo 'locales locales/default_environment_locale select en_US.UTF-8' | debconf-set-selections
 
+RUN echo "APT::Install-Recommends false;" > /etc/apt/apt.conf.d/01norecommands
+
 # e2fsprogs is for libguestfs
 RUN DEBIAN_FRONTEND=noninteractive apt-get -y install \
  locales \
@@ -20,16 +22,18 @@ RUN DEBIAN_FRONTEND=noninteractive apt-get -y install \
  sudo \
  wget \
  e2fsprogs \
+ letsencrypt \
+ apt-transport-https \
  gnupg \
  vim
 
-RUN wget http://images.validation.linaro.org/production-repo/production-repo.key.asc \
- && apt-key add production-repo.key.asc \
- && echo 'deb http://images.validation.linaro.org/production-repo/ stretch-backports main' > /etc/apt/sources.list.d/lava.list \
+RUN wget https://apt.lavasoftware.org/lavasoftware.key.asc \
+ && apt-key add lavasoftware.key.asc \
+ && echo 'deb https://apt.lavasoftware.org/release stretch-backports main' > /etc/apt/sources.list.d/lava.list \
  && apt-get clean && apt-get update && apt-get -y upgrade
 
 RUN service postgresql start \
- && DEBIAN_FRONTEND=noninteractive apt-get -y install lava \
+ && DEBIAN_FRONTEND=noninteractive apt-get -y install lava lava-server \
  && sudo -u postgres psql lavaserver -c "DELETE FROM lava_scheduler_app_worker WHERE lava_scheduler_app_worker.hostname = 'example.com';" \
  && service postgresql stop
 
diff --git a/lava-master/Dockerfile b/lava-master/Dockerfile
index 5d2a119..f8ed805 100644
--- a/lava-master/Dockerfile
+++ b/lava-master/Dockerfile
@@ -1,4 +1,4 @@
-FROM baylibre/lava-master-base:2018.11-1_bpo9_1
+FROM baylibre/lava-master-base:2019.03_stretch
 
 COPY backup /root/backup/
 
@@ -20,11 +20,12 @@ COPY scripts/setup.sh /
 
 COPY settings.conf /etc/lava-server/
 
-COPY device-types-patch/ /root/device-types-patch/
-RUN cd /etc/lava-server/dispatcher-config/device-types/ && for patch in $(ls /root/device-types-patch/*patch) ; do sed -i 's,lava_scheduler_app/tests/device-types/,,' $patch && patch < $patch || exit $?; done
-
 COPY lava-patch/ /root/lava-patch
-RUN cd /usr/lib/python3/dist-packages && for patch in $(ls /root/lava-patch/*patch) ; do patch -p1 < $patch || exit $?;done
+RUN cd /usr/lib/python3/dist-packages && for patch in $(ls /root/lava-patch/*patch| sort) ; do echo $patch && patch -p1 < $patch || exit $?;done
+RUN rsync -avr /usr/lib/python3/dist-packages/lava_scheduler_app/tests/device-types/ /etc/lava-server/dispatcher-config/device-types/
+
+COPY device-types-patch/ /root/device-types-patch/
+RUN cd /etc/lava-server/dispatcher-config/device-types/ && for patch in $(ls /root/device-types-patch/*patch) ; do sed -i 's,lava_scheduler_app/tests/device-types/,,' $patch && echo $patch && patch < $patch || exit $?; done
 
 COPY zmq_auth/ /etc/lava-dispatcher/certificates.d/
 
diff --git a/lava-master/scripts/setup.sh b/lava-master/scripts/setup.sh
index c22a06f..489dd51 100755
--- a/lava-master/scripts/setup.sh
+++ b/lava-master/scripts/setup.sh
@@ -151,6 +151,10 @@ mkdir -p /root/.lavadocker/
 if [ -e /root/device-types ];then
 	for i in $(ls /root/device-types/*jinja2)
 	do
+		if [ -e /etc/lava-server/dispatcher-config/device-types/$(basename $i) ];then
+			echo "WARNING: overwriting device-type $i"
+			diff -u "/etc/lava-server/dispatcher-config/device-types/$(basename $i)" $i
+		fi
 		cp $i /etc/lava-server/dispatcher-config/device-types/
 		devicetype=$(basename $i |sed 's,.jinja2,,')
 		lava-server manage device-types list | grep -q "[[:space:]]$devicetype[[:space:]]"
diff --git a/lava-slave-base/Dockerfile b/lava-slave-base/Dockerfile
index ec884cf..d7852a7 100644
--- a/lava-slave-base/Dockerfile
+++ b/lava-slave-base/Dockerfile
@@ -1,5 +1,7 @@
 FROM bitnami/minideb:stretch
 
+RUN echo "APT::Install-Recommends false;" > /etc/apt/apt.conf.d/01norecommands
+
 RUN apt-get update
 
 # e2fsprogs is for libguestfs
@@ -10,6 +12,8 @@ RUN \
  DEBIAN_FRONTEND=noninteractive apt-get -y install \
  locales \
  vim \
+ letsencrypt \
+ apt-transport-https \
  sudo \
  python-setproctitle \
  tftpd-hpa \
@@ -24,11 +28,11 @@ RUN \
 RUN if [ "$(uname -m)" = "x86_64" -o "$(uname -m)" = "x86" ] ;then apt-get -y install qemu-kvm ; fi
 
 RUN DEBIAN_FRONTEND=noninteractive apt-get -y install wget gnupg
-RUN wget http://images.validation.linaro.org/production-repo/production-repo.key.asc
-RUN apt-key add production-repo.key.asc
-RUN echo 'deb http://images.validation.linaro.org/production-repo/ stretch-backports main' > /etc/apt/sources.list.d/lava.list
-RUN echo "deb http://deb.debian.org/debian/ stretch-backports main" >> /etc/apt/sources.list
-RUN apt-get clean && apt-get update
+RUN wget https://apt.lavasoftware.org/lavasoftware.key.asc \
+ && apt-key add lavasoftware.key.asc \
+ && echo 'deb https://apt.lavasoftware.org/release stretch-backports main' > /etc/apt/sources.list.d/lava.list \
+ && echo "deb http://deb.debian.org/debian/ stretch-backports main" >> /etc/apt/sources.list \
+ && apt-get clean && apt-get update
 COPY 99-stretch-backports /etc/apt/preferences.d/
 RUN DEBIAN_FRONTEND=noninteractive apt-get -y install lava-dispatcher
 
diff --git a/lava-slave/Dockerfile b/lava-slave/Dockerfile
index 32a76b0..3ff2888 100644
--- a/lava-slave/Dockerfile
+++ b/lava-slave/Dockerfile
@@ -1,8 +1,8 @@
-FROM baylibre/lava-slave-base:2018.11-1_bpo9_1
+FROM baylibre/lava-slave-base:2019.03_stretch
 
 RUN apt-get update
 
-RUN DEBIAN_FRONTEND=noninteractive apt-get -y install cu conmux
+RUN DEBIAN_FRONTEND=noninteractive apt-get -y install cu conmux telnet
 
 COPY configs/lava-slave /etc/lava-dispatcher/lava-slave
 
@@ -35,7 +35,9 @@ RUN apt-get update
 RUN apt-get -y install lavacli
 
 # PXE stuff
-RUN apt-get -y install grub-efi-amd64-bin
+RUN if [ $(uname -m) != amd64 ]; then dpkg --add-architecture amd64 && apt-get update; fi
+RUN apt-get -y install grub-efi-amd64-bin:amd64
+RUN if [ $(uname -m) != amd64 ]; then dpkg --remove architecture amd64 && apt-get update; fi
 RUN cd /var/lib/lava/dispatcher/tmp && grub-mknetdir --net-directory=.
 COPY grub.cfg /var/lib/lava/dispatcher/tmp/boot/grub/
 
@@ -44,6 +46,7 @@ COPY default/* /etc/default/
 COPY phyhostname /root/
 COPY scripts/setup.sh .
 
+RUN apt-get -y install patch
 COPY lava-patch/ /root/lava-patch
 RUN cd /usr/lib/python3/dist-packages && for patch in $(ls /root/lava-patch/*patch) ; do patch -p1 < $patch || exit $?;done
 
diff --git a/lava-slave/grub.cfg b/lava-slave/grub.cfg
index e133fed..d7074b3 100644
--- a/lava-slave/grub.cfg
+++ b/lava-slave/grub.cfg
@@ -5,7 +5,6 @@ insmod loopback
 insmod iso9660
 insmod all_video
 insmod regexp
-insmod biosdisk
 set pager=1
 
 # This fake menu is necessary for letting LAVA see that grub is started
diff --git a/lava-slave/scripts/setup.sh b/lava-slave/scripts/setup.sh
index e0e8322..0b8a0b2 100755
--- a/lava-slave/scripts/setup.sh
+++ b/lava-slave/scripts/setup.sh
@@ -18,7 +18,7 @@ TIMEOUT=300
 while [ $TIMEOUT -ge 1 ];
 do
 	STEP=2
-	lavacli $LAVACLIOPTS device-types list 2>/dev/null >/dev/null
+	lavacli $LAVACLIOPTS device-types list >/dev/null
 	if [ $? -eq 0 ];then
 		TIMEOUT=0
 	else
diff --git a/lavalab-gen.py b/lavalab-gen.py
index b0b58b4..d1a78e2 100755
--- a/lavalab-gen.py
+++ b/lavalab-gen.py
@@ -14,6 +14,7 @@ tokens_yaml = "tokens.yaml"
 baud_default = 115200
 ser2net_port_start = 63001
 ser2net_ports = {}
+allowed_hosts_list = [ '"127.0.0.1"' ]
 
 template_conmux = string.Template("""#
 # auto-generated by lavalab-gen.py for ${board}
@@ -60,6 +61,7 @@ template_settings_conf = string.Template("""
     "HTTPS_XML_RPC": false,
     "LOGIN_URL": "/accounts/login/",
     "LOGIN_REDIRECT_URL": "/",
+    "ALLOWED_HOSTS": [ $allowed_hosts ],
     "CSRF_TRUSTED_ORIGINS": ["$lava_http_fqdn"],
     "CSRF_COOKIE_SECURE": $cookie_secure,
     "SESSION_COOKIE_SECURE": $session_cookie_secure
@@ -94,7 +96,7 @@ def main():
     else:
         masters = workers["masters"]
     for master in masters:
-        keywords_master = [ "name", "type", "host", "users", "groups", "tokens", "webadmin_https", "persistent_db", "zmq_auth", "zmq_auth_key", "zmq_auth_key_secret", "http_fqdn", "slave_keys", "slaveenv", "loglevel" ]
+        keywords_master = [ "name", "type", "host", "users", "groups", "tokens", "webadmin_https", "persistent_db", "zmq_auth", "zmq_auth_key", "zmq_auth_key_secret", "http_fqdn", "slave_keys", "slaveenv", "loglevel", "allowed_hosts" ]
         for keyword in master:
             if not keyword in keywords_master:
                 print("WARNING: unknown keyword %s" % keyword)
@@ -149,13 +151,19 @@ def main():
             session_cookie_secure = "false"
         if "http_fqdn" in worker:
             lava_http_fqdn = worker["http_fqdn"]
+            allowed_hosts_list.append('"%s"' % lava_http_fqdn)
         else:
-            lava_http_fqdn = "example.com"
+            lava_http_fqdn = "127.0.0.1"
+        allowed_hosts_list.append('"%s"' % name)
+        if "allowed_hosts" in worker:
+            for allow_host in worker["allowed_hosts"]:
+                allowed_hosts_list.append('"%s"' % allow_host)
+        allowed_hosts = ','.join(allowed_hosts_list)
         f_fqdn = open("%s/lava_http_fqdn" % workerdir, 'w')
         f_fqdn.write(lava_http_fqdn)
         f_fqdn.close()
         fsettings = open("%s/settings.conf" % workerdir, 'w')
-        fsettings.write(template_settings_conf.substitute(cookie_secure=cookie_secure, session_cookie_secure=session_cookie_secure, lava_http_fqdn=lava_http_fqdn))
+        fsettings.write(template_settings_conf.substitute(cookie_secure=cookie_secure, session_cookie_secure=session_cookie_secure, lava_http_fqdn=lava_http_fqdn, allowed_hosts=allowed_hosts))
         fsettings.close()
         master_use_zmq_auth = False
         if "zmq_auth" in worker: