serve drivers directly via api if configured

Merge branch 'dev' into 'main'
fixed logging See merge request oscar.krause/fastapi-dls!47
2025-08-26 14:37:01 +08:00 · 2025-03-12 13:41:24 +01:00 · 2025-03-12 13:40:45 +01:00 · 2025-03-12 11:41:58 +01:00 · 2025-03-12 08:44:37 +01:00 · 2025-03-11 22:51:45 +01:00
4 changed files with 99 additions and 57 deletions
--- a/README.md
+++ b/README.md
@ -2,8 +2,9 @@

 Minimal Delegated License Service (DLS).

-Compatibility tested with official NLS 2.0.1, 2.1.0, 3.1.0, 3.3.1, 3.4.0. For Driver compatibility
+> Compatibility tested with official NLS 2.0.1, 2.1.0, 3.1.0, 3.3.1, 3.4.0. For Driver compatibility
 see [compatibility matrix](#vgpu-software-compatibility-matrix).
+Drivers are only supported until **17.x releases**.

 This service can be used without internet connection.
 Only the clients need a connection to this service on configured port.
@ -731,6 +732,11 @@ The error message can safely be ignored (since we have no license limitation :P)

 # vGPU Software Compatibility Matrix

+**18.x Drivers are not supported on FastAPI-DLS Versions < 1.6.0**
+
+<details>
+  <summary>Show Table</summary>
+
 Successfully tested with this package versions.

 | vGPU Suftware | Driver Branch | Linux vGPU Manager | Linux Driver | Windows Driver |  Release Date |      EOL Date |
@ -754,6 +760,8 @@ Successfully tested with this package versions.
 |    `15.4`     |     R525      | `525.147.01`       | `525.147.05` | `529.19`       |     June 2023 | December 2023 |
 |    `14.4`     |     R510      | `510.108.03`       | `510.108.03` | `514.08`       | December 2022 | February 2023 |

+</details>
+
 - https://docs.nvidia.com/grid/index.html
 - https://docs.nvidia.com/grid/gpus-supported-by-vgpu.html

--- a/app/main.py
+++ b/app/main.py
@ -1,11 +1,12 @@
 import logging
+import os.path
 from base64 import b64encode as b64enc
 from calendar import timegm
 from contextlib import asynccontextmanager
 from datetime import datetime, timedelta, UTC
 from hashlib import sha256
 from json import loads as json_loads
-from os import getenv as env
+from os import getenv as env, listdir
 from os.path import join, dirname
 from uuid import uuid4

@ -13,6 +14,7 @@ from dateutil.relativedelta import relativedelta
 from dotenv import load_dotenv
 from fastapi import FastAPI
 from fastapi.requests import Request
+from fastapi.staticfiles import StaticFiles
 from jose import jws, jwk, jwt, JWTError
 from jose.constants import ALGORITHMS
 from sqlalchemy import create_engine
@ -50,6 +52,7 @@ LEASE_RENEWAL_PERIOD = float(env('LEASE_RENEWAL_PERIOD', 0.15))
 LEASE_RENEWAL_DELTA = timedelta(days=int(env('LEASE_EXPIRE_DAYS', 90)), hours=int(env('LEASE_EXPIRE_HOURS', 0)))
 CLIENT_TOKEN_EXPIRE_DELTA = relativedelta(years=12)
 CORS_ORIGINS = str(env('CORS_ORIGINS', '')).split(',') if (env('CORS_ORIGINS')) else [f'https://{DLS_URL}']
+DRIVERS_DIR = env('DRIVERS_DIR', None)

 jwt_encode_key = jwk.construct(INSTANCE_KEY_RSA.export_key().decode('utf-8'), algorithm=ALGORITHMS.RS256)
 jwt_decode_key = jwk.construct(INSTANCE_KEY_PUB.export_key().decode('utf-8'), algorithm=ALGORITHMS.RS256)
@ -88,6 +91,9 @@ async def lifespan(_: FastAPI):
 config = dict(openapi_url=None, docs_url=None, redoc_url=None)  # dict(openapi_url='/-/openapi.json', docs_url='/-/docs', redoc_url='/-/redoc')
 app = FastAPI(title='FastAPI-DLS', description='Minimal Delegated License Service (DLS).', version=VERSION, lifespan=lifespan, **config)

+if DRIVERS_DIR is not None:
+    app.mount('/-/static-drivers', StaticFiles(directory=str(DRIVERS_DIR), html=False), name='drivers')
+
 app.debug = DEBUG
 app.add_middleware(
    CORSMiddleware,
@ -186,6 +192,25 @@ async def _manage(request: Request):
    return HTMLr(response)


+@app.get('/-/drivers/{directory:path}', summary='* List drivers directory')
+async def _drivers(request: Request, directory: str | None):
+    if DRIVERS_DIR is None:
+        return Response(status_code=404, content=f'Variable "DRIVERS_DIR" not set.')
+
+    path = os.path.join(DRIVERS_DIR, directory)
+
+    if not os.path.exists(path) and not os.path.isfile(path):
+        return Response(status_code=404, content=f'Resource "{path}" not found!')
+
+    content = [{
+        "type": "file" if os.path.isfile(f'{path}/{_}') else "folder" if os.path.isdir(f'{path}/{_}') else "unknown",
+        "name": _,
+        "link": f'/-/static-drivers/{directory}{_}',
+    } for _ in listdir(path)]
+
+    return JSONr({"directory": path, "content": content})
+
+
@app.get('/-/origins', summary='* Origins')
 async def _origins(request: Request, leases: bool = False):
    session = sessionmaker(bind=db)()
@ -287,7 +312,7 @@ async def auth_v1_origin(request: Request):
    j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.now(UTC)

    origin_ref = j.get('candidate_origin_ref')
-    logging.info(f'> [  origin  ]: {origin_ref}: {j}')
+    logger.info(f'> [  origin  ]: {origin_ref}: {j}')

    data = Origin(
        origin_ref=origin_ref,
@ -317,7 +342,7 @@ async def auth_v1_origin_update(request: Request):
    j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.now(UTC)

    origin_ref = j.get('origin_ref')
-    logging.info(f'> [  update  ]: {origin_ref}: {j}')
+    logger.info(f'> [  update  ]: {origin_ref}: {j}')

    data = Origin(
        origin_ref=origin_ref,
@ -344,7 +369,7 @@ async def auth_v1_code(request: Request):
    j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.now(UTC)

    origin_ref = j.get('origin_ref')
-    logging.info(f'> [   code   ]: {origin_ref}: {j}')
+    logger.info(f'> [   code   ]: {origin_ref}: {j}')

    delta = relativedelta(minutes=15)
    expires = cur_time + delta
@ -381,7 +406,7 @@ async def auth_v1_token(request: Request):
        return JSONr(status_code=400, content={'status': 400, 'title': 'invalid token', 'detail': str(e)})

    origin_ref = payload.get('origin_ref')
-    logging.info(f'> [   auth   ]: {origin_ref}: {j}')
+    logger.info(f'> [   auth   ]: {origin_ref}: {j}')

    # validate the code challenge
    challenge = b64enc(sha256(j.get('code_verifier').encode('utf-8')).digest()).rstrip(b'=').decode('utf-8')
@ -424,7 +449,7 @@ async def leasing_v1_lessor(request: Request):

    origin_ref = token.get('origin_ref')
    scope_ref_list = j.get('scope_ref_list')
-    logging.info(f'> [  create  ]: {origin_ref}: create leases for scope_ref_list {scope_ref_list}')
+    logger.info(f'> [  create  ]: {origin_ref}: create leases for scope_ref_list {scope_ref_list}')

    lease_result_list = []
    for scope_ref in scope_ref_list:
@ -468,7 +493,7 @@ async def leasing_v1_lessor_lease(request: Request):
    origin_ref = token.get('origin_ref')

    active_lease_list = list(map(lambda x: x.lease_ref, Lease.find_by_origin_ref(db, origin_ref)))
-    logging.info(f'> [  leases  ]: {origin_ref}: found {len(active_lease_list)} active leases')
+    logger.info(f'> [  leases  ]: {origin_ref}: found {len(active_lease_list)} active leases')

    response = {
        "active_lease_list": active_lease_list,
@ -486,7 +511,7 @@ async def leasing_v1_lease_renew(request: Request, lease_ref: str):
    token, cur_time = __get_token(request), datetime.now(UTC)

    origin_ref = token.get('origin_ref')
-    logging.info(f'> [  renew   ]: {origin_ref}: renew {lease_ref}')
+    logger.info(f'> [  renew   ]: {origin_ref}: renew {lease_ref}')

    entity = Lease.find_by_origin_ref_and_lease_ref(db, origin_ref, lease_ref)
    if entity is None:
@ -513,7 +538,7 @@ async def leasing_v1_lease_delete(request: Request, lease_ref: str):
    token, cur_time = __get_token(request), datetime.now(UTC)

    origin_ref = token.get('origin_ref')
-    logging.info(f'> [  return  ]: {origin_ref}: return {lease_ref}')
+    logger.info(f'> [  return  ]: {origin_ref}: return {lease_ref}')

    entity = Lease.find_by_lease_ref(db, lease_ref)
    if entity.origin_ref != origin_ref:
@ -542,7 +567,7 @@ async def leasing_v1_lessor_lease_remove(request: Request):

    released_lease_list = list(map(lambda x: x.lease_ref, Lease.find_by_origin_ref(db, origin_ref)))
    deletions = Lease.cleanup(db, origin_ref)
-    logging.info(f'> [  remove  ]: {origin_ref}: removed {deletions} leases')
+    logger.info(f'> [  remove  ]: {origin_ref}: removed {deletions} leases')

    response = {
        "released_lease_list": released_lease_list,
@ -564,7 +589,7 @@ async def leasing_v1_lessor_shutdown(request: Request):

    released_lease_list = list(map(lambda x: x.lease_ref, Lease.find_by_origin_ref(db, origin_ref)))
    deletions = Lease.cleanup(db, origin_ref)
-    logging.info(f'> [ shutdown ]: {origin_ref}: removed {deletions} leases')
+    logger.info(f'> [ shutdown ]: {origin_ref}: removed {deletions} leases')

    response = {
        "released_lease_list": released_lease_list,
@ -587,7 +612,7 @@ if __name__ == '__main__':
    #
    ###

-    logging.info(f'> Starting dev-server ...')
+    logger.info(f'> Starting dev-server ...')

    ssl_keyfile = join(dirname(__file__), 'cert/webserver.key')
    ssl_certfile = join(dirname(__file__), 'cert/webserver.crt')
--- a/doc/Reverse
+++ b/doc/Reverse
@ -1,5 +1,7 @@
 # Reverse Engineering Notes

+[[_TOC_]]
+
 # Usefully commands

 ## Check licensing status
@ -27,7 +29,9 @@ nvidia-gridd[2986]: Acquiring license. (Info: license.nvidia.space; NVIDIA RTX V
 nvidia-gridd[2986]: License acquired successfully. (Info: license.nvidia.space, NVIDIA RTX Virtual Workstation; Expiry: 2023-1-29 22:3:0 GMT)
 ```

-# DLS-Container File-System (Docker)
+# Docker DLS-Container File-System
+
+- More about Docker Images https://git.collinwebdesigns.de/nvidia/nls

 ## Configuration data

@ -36,7 +40,51 @@ Most variables and configs are stored in `/var/lib/docker/volumes/configurations
 Files can be modified with `docker cp <container-id>:/venv/... /opt/localfile/...` and back.
 (May you need to fix permissions with `docker exec -u 0 <container-id> chown nonroot:nonroot /venv/...`)

-## Dive / Docker image inspector
+Config-Variables are in `etc/dls/config/service_env.conf`.
+
+
+## Site Key Uri - `/etc/dls/config/site_key_uri.bin`
+
+```
+base64-content...
+```
+
+## DB Password - `/etc/dls/config/dls_db_password.bin`
+
+```
+# docker cp -a <container-id>:/etc/dls/config/dls_db_password.bin /tmp/dls_db_password.bin
+base64-content...
+```
+
+**Decrypt database password**
+
+```
+cat dls_db_password.bin | base64 -d > dls_db_password.bin.raw
+openssl rsautl -decrypt -inkey /tmp/private-key.pem -in dls_db_password.bin.raw
+```
+
+# Docker Postgres-Container
+
+- It's enough to manipulate database licenses. There must not be changed any line of code to bypass licensing
+  validations.
+
+## Inspect
+
+Valid users are `dls_writer` and `postgres`.
+
+```shell
+docker exec -it <dls:pgsql> psql -h localhost -U postgres
+```
+
+## External Access
+
+Or you can modify `docker-compose.yaml` to forward Postgres port. To create a superuser for external access, use `docker exec` from above and rund the following:
+
+```sql
+CREATE USER admin WITH LOGIN SUPERUSER PASSWORD 'admin';
+```
+
+# Dive / Docker image inspector

 - `dive dls:appliance`

@ -53,45 +101,6 @@ Command:
 #(nop) ADD file:c1900d3e3a29c29a743a8da86c437006ec5d2aa873fb24e48033b6bf492bb37b in /
 ```

-## Private Key (Site-Key)
-
- `/etc/dls/config/decryptor/decryptor`
-
-```shell
- docker exec -it <container-id> /etc/dls/config/decryptor/decryptor > /tmp/private-key.pem
-```
-
-```
-----BEGIN RSA PRIVATE KEY-----
-...
-----END RSA PRIVATE KEY-----
-``` 
-
-## Site Key Uri - `/etc/dls/config/site_key_uri.bin`
-
-```
-base64-content...
-```
-
-## DB Password - `/etc/dls/config/dls_db_password.bin`
-
-```
-base64-content...
-```
-
-**Decrypt database password**
-
-```
-cd /var/lib/docker/volumes/configurations/_data
-cat dls_db_password.bin | base64 -d > dls_db_password.bin.raw
-openssl rsautl -decrypt -inkey /tmp/private-key.pem -in dls_db_password.bin.raw
-```
-
-# Database
-
- It's enough to manipulate database licenses. There must not be changed any line of code to bypass licensing
-  validations.
-
 # Logging / Stack Trace

 - https://docs.nvidia.com/license-system/latest/nvidia-license-system-user-guide/index.html#troubleshooting-dls-instance
--- a/requirements.txt
+++ b/requirements.txt
@ -1,8 +1,8 @@
-fastapi==0.115.6
+fastapi==0.115.8
 uvicorn[standard]==0.34.0
-python-jose==3.3.0
+python-jose==3.4.0
 pycryptodome==3.21.0
 python-dateutil==2.8.2
-sqlalchemy==2.0.37
+sqlalchemy==2.0.38
 markdown==3.7
 python-dotenv==1.0.1
Author	SHA1	Message	Date
Oscar Krause	699d85acc4	serve drivers directly via api if configured	2025-03-12 13:41:24 +01:00
Oscar Krause	584eee41ef	Merge branch 'dev' into 'main' fixed logging See merge request oscar.krause/fastapi-dls!47	2025-03-12 13:40:45 +01:00
Oscar Krause	25658cb1fb	code styling	2025-03-12 11:41:58 +01:00
Oscar Krause	43fdf1170c	Reverse Engineering Notes.md bearbeiten	2025-03-12 08:44:37 +01:00
Oscar Krause	a953e62bcb	Reverse Engineering Notes.md bearbeiten	2025-03-11 22:51:45 +01:00
Oscar Krause	9c0cd21e71	Reverse Engineering Notes.md bearbeiten	2025-03-11 22:32:13 +01:00
Oscar Krause	3f5fcbebb3	fixed logging	2025-03-11 22:04:35 +01:00
Oscar Krause	3fdd439035	Reverse Engineering Notes.md bearbeiten	2025-03-11 13:40:21 +01:00
Oscar Krause	d30dbced39	Reverse Engineering Notes.md bearbeiten	2025-03-10 23:47:55 +01:00
Oscar Krause	5b61d0a40e	Reverse Engineering Notes.md bearbeiten	2025-03-10 21:21:40 +01:00
Oscar Krause	83616c858b	Merge branch 'dev' into 'main' dev See merge request oscar.krause/fastapi-dls!44	2025-03-09 21:53:50 +01:00
Oscar Krause	ca25349a68	added notes about 18.x branch	2025-03-09 21:37:29 +01:00
Oscar Krause	262312b512	requirements.txt updated	2025-02-25 11:21:59 +01:00