mirror of
https://git.collinwebdesigns.de/oscar.krause/fastapi-dls.git
synced 2025-08-27 23:16:49 +08:00
Compare commits
No commits in common. "951fc352031258aab21c36d7248faaccb64ff11c" and "85623d1a653884703eef81a47a4afb7024bf8882" have entirely different histories.
951fc35203
...
85623d1a65
26
doc/Database.md
Normal file
26
doc/Database.md
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
# Database structure
|
||||||
|
|
||||||
|
## `request_routing.service_instance`
|
||||||
|
|
||||||
|
| xid | org_name |
|
||||||
|
|----------------------------------------|--------------------------|
|
||||||
|
| `10000000-0000-0000-0000-000000000000` | `lic-000000000000000000` |
|
||||||
|
|
||||||
|
- `xid` is used as `SERVICE_INSTANCE_XID`
|
||||||
|
|
||||||
|
## `request_routing.license_allotment_service_instance`
|
||||||
|
|
||||||
|
| xid | service_instance_xid | license_allotment_xid |
|
||||||
|
|----------------------------------------|----------------------------------------|----------------------------------------|
|
||||||
|
| `90000000-0000-0000-0000-000000000001` | `10000000-0000-0000-0000-000000000000` | `80000000-0000-0000-0000-000000000001` |
|
||||||
|
|
||||||
|
- `xid` is only a primary-key and never used as foreign-key or reference
|
||||||
|
- `license_allotment_xid` must be used to fetch `xid`'s from `request_routing.license_allotment_reference`
|
||||||
|
|
||||||
|
## `request_routing.license_allotment_reference`
|
||||||
|
|
||||||
|
| xid | license_allotment_xid |
|
||||||
|
|----------------------------------------|----------------------------------------|
|
||||||
|
| `20000000-0000-0000-0000-000000000001` | `80000000-0000-0000-0000-000000000001` |
|
||||||
|
|
||||||
|
- `xid` is used as `scope_ref_list` on token request
|
98
doc/Reverse Engineering Notes.md
Normal file
98
doc/Reverse Engineering Notes.md
Normal file
@ -0,0 +1,98 @@
|
|||||||
|
# Reverse Engineering Notes
|
||||||
|
|
||||||
|
[[_TOC_]]
|
||||||
|
|
||||||
|
# NLS Docker Stack
|
||||||
|
|
||||||
|
- More about Docker Images https://git.collinwebdesigns.de/nvidia/nls
|
||||||
|
|
||||||
|
## Appliance
|
||||||
|
|
||||||
|
### Configuration data
|
||||||
|
|
||||||
|
- Most variables and configs are stored in `/var/lib/docker/volumes/configurations/_data`.
|
||||||
|
- Config-Variables are in `etc/dls/config/service_env.conf`.
|
||||||
|
|
||||||
|
### NLS Logs
|
||||||
|
|
||||||
|
Logs are found in `/var/lib/docker/volumes/logs/_data`.
|
||||||
|
|
||||||
|
Most interesting logs are:
|
||||||
|
|
||||||
|
- `fileInstallation.log`
|
||||||
|
- `serviceInstance.log`
|
||||||
|
|
||||||
|
### File manipulation and copy
|
||||||
|
|
||||||
|
- Files can be copied with `docker cp <container-id>:/venv/... /opt/localfile/...`.
|
||||||
|
- Files can be directly edited via Docker-Volume mounts
|
||||||
|
- see `df -h` (one is nls, the other postgres container)
|
||||||
|
```
|
||||||
|
overlay 16G 11G 5.6G 66% /var/lib/docker/overlay2/<hash>/merged
|
||||||
|
overlay 16G 11G 5.6G 66% /var/lib/docker/overlay2/<hash>/merged
|
||||||
|
```
|
||||||
|
- then you can edit files with e.g. `nano venv/lib/python3.12/site-packages/...`
|
||||||
|
|
||||||
|
### Other tools / files
|
||||||
|
|
||||||
|
Other tools / files which may can helpful, but not known for what they are used.
|
||||||
|
|
||||||
|
- `/etc/dls/config/decryptor/decryptor`
|
||||||
|
- `/etc/dls/config/site_key_uri.bin`
|
||||||
|
- `/etc/dls/config/dls_db_password.bin`
|
||||||
|
|
||||||
|
## Database
|
||||||
|
|
||||||
|
- It's enough to manipulate database licenses. There must not be changed any line of code to bypass licensing
|
||||||
|
validations.
|
||||||
|
|
||||||
|
Valid users are `dls_writer` and `postgres`.
|
||||||
|
|
||||||
|
```shell
|
||||||
|
docker exec -it <dls:pgsql> psql -h localhost -U postgres
|
||||||
|
```
|
||||||
|
|
||||||
|
If you want external access to database, you have to add `ports: [ 5432:5432 ]` to postgres section in
|
||||||
|
`docker-compose.yml`.
|
||||||
|
Then you can *exec* into container with `psql` and add a new superuser:
|
||||||
|
|
||||||
|
```sql
|
||||||
|
CREATE
|
||||||
|
USER admin WITH LOGIN SUPERUSER PASSWORD 'admin';
|
||||||
|
```
|
||||||
|
|
||||||
|
# Logging / Stack Trace
|
||||||
|
|
||||||
|
- https://docs.nvidia.com/license-system/latest/nvidia-license-system-user-guide/index.html#troubleshooting-dls-instance
|
||||||
|
|
||||||
|
|
||||||
|
# Nginx
|
||||||
|
|
||||||
|
- NGINX uses `/opt/certs/cert.pem` and `/opt/certs/key.pem`
|
||||||
|
|
||||||
|
# Usefully commands on Client
|
||||||
|
|
||||||
|
## Check licensing status
|
||||||
|
|
||||||
|
- `nvidia-smi -q | grep "License"`
|
||||||
|
|
||||||
|
**Output**
|
||||||
|
|
||||||
|
```
|
||||||
|
vGPU Software Licensed Product
|
||||||
|
License Status : Licensed (Expiry: 2023-1-14 12:59:52 GMT)
|
||||||
|
```
|
||||||
|
|
||||||
|
## Track licensing progress
|
||||||
|
|
||||||
|
- NVIDIA Grid Log: `journalctl -u nvidia-gridd -f`
|
||||||
|
|
||||||
|
```
|
||||||
|
systemd: Started NVIDIA Grid Daemon.
|
||||||
|
nvidia-gridd: Configuration parameter ( ServerAddress ) not set
|
||||||
|
nvidia-gridd: vGPU Software package (0)
|
||||||
|
nvidia-gridd: Ignore service provider and node-locked licensing
|
||||||
|
nvidia-gridd: NLS initialized
|
||||||
|
nvidia-gridd: Acquiring license. (Info: license.nvidia.space; NVIDIA RTX Virtual Workstation)
|
||||||
|
nvidia-gridd: License acquired successfully. (Info: license.nvidia.space, NVIDIA RTX Virtual Workstation; Expiry: 2023-1-29 22:3:0 GMT)
|
||||||
|
```
|
@ -25,8 +25,8 @@ ORIGIN_REF, ALLOTMENT_REF, SECRET = str(uuid4()), '20000000-0000-0000-0000-00000
|
|||||||
# INSTANCE_KEY_RSA = generate_key()
|
# INSTANCE_KEY_RSA = generate_key()
|
||||||
# INSTANCE_KEY_PUB = INSTANCE_KEY_RSA.public_key()
|
# INSTANCE_KEY_PUB = INSTANCE_KEY_RSA.public_key()
|
||||||
|
|
||||||
INSTANCE_KEY_RSA = PrivateKey.from_file(str(join(dirname(__file__), '../app/cert/instance.private.pem')))
|
INSTANCE_KEY_RSA = PrivateKey(str(join(dirname(__file__), '../app/cert/instance.private.pem')))
|
||||||
INSTANCE_KEY_PUB = PublicKey.from_file(str(join(dirname(__file__), '../app/cert/instance.public.pem')))
|
INSTANCE_KEY_PUB = PublicKey(str(join(dirname(__file__), '../app/cert/instance.public.pem')))
|
||||||
|
|
||||||
jwt_encode_key = jwk.construct(INSTANCE_KEY_RSA.pem(), algorithm=ALGORITHMS.RS256)
|
jwt_encode_key = jwk.construct(INSTANCE_KEY_RSA.pem(), algorithm=ALGORITHMS.RS256)
|
||||||
jwt_decode_key = jwk.construct(INSTANCE_KEY_PUB.pem(), algorithm=ALGORITHMS.RS256)
|
jwt_decode_key = jwk.construct(INSTANCE_KEY_PUB.pem(), algorithm=ALGORITHMS.RS256)
|
||||||
|
Loading…
x
Reference in New Issue
Block a user