run nodemanager on sage nodes. require admin to set password or disable

4 lat temu · 065433470d
--- a/BIN
+++ b/BIN
--- a/automation/roles/nginx/templates/site_sage.conf.j2
+++ b/automation/roles/nginx/templates/site_sage.conf.j2
@@ -18,7 +18,15 @@ server {
        proxy_set_header X-Forwarded-Proto https;
    }

   location ^~ /.well-known/acme-challenge/ {
    location /nodeman {
        proxy_pass http://127.0.0.1:7800/;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Host {{ server_name }};
        proxy_set_header X-Forwarded-Proto https;
    }

    location ^~ /.well-known/acme-challenge/ {
        default_type "text/plain";
        root /var/www/html;
    }
--- a/automation/roles/nginx/templates/site_sage_alias.conf.j2
+++ b/automation/roles/nginx/templates/site_sage_alias.conf.j2
@@ -18,7 +18,15 @@ server {
        proxy_set_header X-Forwarded-Proto https;
    }

   location ^~ /.well-known/acme-challenge/ {
    location /nodeman {
        proxy_pass http://127.0.0.1:7800/;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Host {{ server_name }};
        proxy_set_header X-Forwarded-Proto https;
    }

    location ^~ /.well-known/acme-challenge/ {
        default_type "text/plain";
        root /var/www/html;
    }
--- a/bubble-server/src/main/java/bubble/resources/cloud/NodeManagerResource.java
+++ b/bubble-server/src/main/java/bubble/resources/cloud/NodeManagerResource.java
@@ -58,6 +58,8 @@ public class NodeManagerResource {
    @POST @Path("/set_password")
    public Response setPassword (@Context ContainerRequest ctx,
                                 LoginRequest request) {
        final Account caller = userPrincipal(ctx);
        if (!caller.admin()) return forbidden();

        final String password = request.getPassword();
        if (empty(password)) return invalid("err.password.required");
@@ -83,6 +85,9 @@ public class NodeManagerResource {

    @POST @Path("/disable")
    public Response disable (@Context ContainerRequest ctx) {
        final Account caller = userPrincipal(ctx);
        if (!caller.admin()) return forbidden();

        nodeManagerService.disable();
        return ok_empty();
    }