omaha-server
This is the Python 2 version of omaha-server. To obtain the Python 3 version with the latest security updates and support for the latest Omaha versions (including Omaha v3.1 / v4), please go to our web site.
omaha-server implements the server side of Google's Omaha update protocol, which for example powers Chrome's automatic update mechanism. Because Omaha is typically used to update Windows applications, omaha-server also supports the Sparkle framework for updating Mac applications. omaha-server is used by organisations large and small for products that require sophisticated update logic and advanced usage statistics.
Setting up a development server
Requirements:
- Ubuntu Trusty 14.04 (LTS) (64-bit)
- paver
- docker or boot2docker for OS X & Windows
- docker-compose
$ sudo apt-get update
$ sudo apt-get install docker.io
$ sudo apt-get install python-paver python-pip
$ sudo pip install -U docker-compose
$ git clone https://github.com/Crystalnix/omaha-server.git
$ cd omaha-server
$ sudo paver up_local_dev_server
# Stop server
$ sudo docker-compose stop
Open http://{DOCKER_HOST}:9090/admin/
- username:
admin
- password:
admin
Setting up a development environment
Requirements:
- python 2.7
- virtualenvwrapper
- PostgreSQL
- Redis
$ mkvirtualenv omaha-server
$ pip install -r requirements/dev.txt
Tests
$ paver test
or
$ paver run_test_in_docker
Statistics
All statistics are stored in Redis. In order not to lose all data, we recommend to set up the backing up process. The proposed solution uses ElastiCache which supports automatic backups. In the case of a self-hosted solution do not forget to set up backups.
Required userid
. Including user id into request
Utils
A command for generating fake data such as requests, events and statistics:
# Usage: ./manage.py generate_fake_data [options] <app_id>
# Options:
# --count=COUNT Total number of data values (default: 100)
$ ./manage.py generate_fake_data {F07B3878-CD6F-4B96-B52F-95C4D2} --count=20
A command for generating fake statistics:
# Usage: ./manage.py generate_fake_statistics [options]
# Options:
# --count=COUNT Total number of data values (default: 100)
$ ./manage.py generate_fake_statistics --count=3000
A command for generating fake live data:
# Usage: ./manage.py generate_fake_live_data <app_id>
#
$ ./manage.py generate_fake_live_data {c00b6344-038f-4e51-bcb1-33ffdd812d81}
A command for generating fake live data for Mac:
# Usage: ./manage.py generate_fake_mac_live_data <app_name> <channel>
#
$ ./manage.py generate_fake_mac_live_data Application alpha
Deploying Omaha-Server to AWS Elastic Beanstalk
Requirements:
- Elastic Beanstalk command line tools
- ebs-deploy
- Sentry
- AWS RDS: Creating a DB Instance Running the PostgreSQL Database Engine
- Redis instance in AWS ElasticCache: Documentation
- AWS S3: Create a Bucket
- AWS Access Key ID and Secret Access Key
Initializing the Configuration
$ cd deploy
$ cp settings.yml.example settings.yml
To change Omaha-Server configuration, add the settings that you want to modify to the ebs.config
file. For example:
deploy:
aws_access_key: '**********'
aws_secret_key: '**********'
bucket: 'example-ebs-archives'
region: 'us-east-1' # http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
app:
name: 'omaha-server'
description: 'Omaha Server'
key_name: 'omaha_server'
solution_stack_name: '64bit Amazon Linux 2015.03 v1.4.3 running Docker 1.6.2' # optional default: '64bit Amazon Linux 2015.03 v1.4.3 running Docker 1.6.2'
InstanceType: 't2.large' # optional default: t2.small http://aws.amazon.com/ec2/instance-types/
autoscaling: # optional default: min=1 max=10
min: 4
max: 20
healthcheck_url: '/admin/' # optional default: '/healthcheck/status/'
environments:
omaha-server-private:
option_settings: # Configuration Options http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/command-options.html
'aws:autoscaling:launchconfiguration':
IamInstanceProfile: 'omaha-public'
SecurityGroups: 'omaha-server,omaha-server-private' # If you use Amazon VPC with Elastic Beanstalk so that your instances are launched within a virtual private cloud (VPC), specify security group IDs instead of a security group name.
'aws:ec2:vpc':
VPCId: 'vpc-bb6b9fdf'
Subnets: 'subnet-e386d5ba'
AssociatePublicIpAddress: 'true'
environment:
OMAHA_SERVER_PRIVATE: 'true'
SECRET_KEY: '**********'
DB_HOST: 'postgres.example.com'
DB_USER: 'omaha'
DB_NAME: 'omaha'
DB_PASSWORD: '**********'
AWS_STORAGE_BUCKET_NAME: 'omaha-server'
RAVEN_DNS: 'http://b3615b99118949dbae3c7d06e93fa74c:[email protected]/2'
RAVEN_DSN_STACKTRACE: 'http://637c17c832f44663b381916d4e0cb34d:[email protected]/5'
REDIS_HOST: 'redis.example.com'
DB_PUBLIC_USER: 'omaha_public'
DB_PUBLIC_PASSWORD: 'omaha_public_password'
AWS_ROLE: 'omaha-private'
omaha-server-public:
option_settings:
'aws:autoscaling:launchconfiguration':
IamInstanceProfile: 'omaha-public'
SecurityGroups: 'omaha-server,omaha-server-public'
environment:
OMAHA_SERVER_PRIVATE: 'false'
SECRET_KEY: '**********'
DB_HOST: 'postgres.example.com'
DB_USER: 'omaha_public'
DB_NAME: 'omaha'
DB_PASSWORD: 'omaha_public_password'
AWS_STORAGE_BUCKET_NAME: 'omaha-server'
RAVEN_DNS: 'http://b3615b99118949dbae3c7d06e93fa74c:[email protected]/2'
RAVEN_DSN_STACKTRACE: 'http://637c17c832f44663b381916d4e0cb34d:[email protected]/5'
REDIS_HOST: 'redis.example.com'
AWS_ROLE: 'omaha-public'
DJANGO_SETTINGS_MODULE: 'omaha_server.settings_prod'
Environment variables
Environment variable name | Description | Default value |
---|---|---|
APP_VERSION | App version | DEV |
DJANGO_SETTINGS_MODULE | omaha_server.settings_prod | |
SECRET_KEY | Django SECRET_KEY | |
HOST_NAME | Eb app host name | |
DB_HOST | DB Host | 127.0.0.1 |
DB_USER | DB User | postgres |
DB_NAME | DB Name | postgres |
DB_PASSWORD | DB Password | '' |
DB_PORT | DB port | 5432 |
AWS_ACCESS_KEY_ID | AWS Access Key | |
AWS_SECRET_ACCESS_KEY | AWS Secret Key | |
AWS_STORAGE_BUCKET_NAME | S3 storage bucket | |
RAVEN_DNS | Sentry url | |
RAVEN_DSN_STACKTRACE | Sentry url | RAVEN_DNS |
REDIS_HOST | Redis host | 127.0.0.1 |
REDIS_PORT | Redis port | 6379 |
REDIS_DB | Redis db | 1 |
REDIS_STAT_PORT | For statistics | REDIS_PORT |
REDIS_STAT_HOST | REDIS_HOST | |
REDIS_STAT_DB | 15 | |
UWSGI_PROCESSES | ||
UWSGI_THREADS | ||
OMAHA_SERVER_PRIVATE | Is private server | False |
DB_PUBLIC_USER | ||
DB_PUBLIC_PASSWORD | ||
AWS_ROLE | ||
OMAHA_URL_PREFIX | no trailing slash! | |
SENTRY_STACKTRACE_API_KEY | Auth API token | |
OMAHA_ONLY_HTTPS | HTTPS-only | False |
CUP_REQUEST_VALIDATION | False | |
CRASH_TRACKER | Sentry, ELK | Sentry |
LOGSTASH_HOST | Logstash host | |
LOGSTASH_PORT | Logstash TCP port | |
FILEBEAT_HOST | Filebeat host | 127.0.0.1 |
FILEBEAT_PORT | Filebeat UDP port | 9021 |
ELK_HOST | Logstash host | '' |
ELK_PORT | Logstash TCP port | '' |
FILEBEAT_DESTINATION | filebeat output type | '' |
LOG_NGINX_TO_FILEBEAT | Send logs to filebeat | 'True' |
EMAIL_SENDER | Verified SES email | |
EMAIL_RECIPIENTS | Feedback recepients |
- uWSGI Options & Environment variables
- Sentry
- Sentry API key is stored on the way Sentry Organization page -> API Keys
Initialize your ElasticBeanstalk application
# generate config file
$ python main.py
$ ebs-deploy init
Deploy your application
$ ebs-deploy deploy -e omaha-server-dev
Enable HTTPS
- Add SSL Certificate for Elastic Load Balancing
- Next, just add the following snippet to your file
deploy/settings.yml
# http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/command-options-general.html#command-options-general-elbloadbalancer
'aws:elb:loadbalancer':
LoadBalancerHTTPSPort: 443
LoadBalancerSSLPortProtocol: HTTPS
SSLCertificateId: arn:aws:acm:us-east-1:your-ssl-id # ToDo: change on your SSL ID
- Finally, in the case if you want to redirect all HTTP traffic to HTTPS, you can add
OMAHA_ONLY_HTTPS: true
to environment variables in the environment section. Warning: Please, don't activate the redirection of HTTP to HTTPS if you don't enable HTTPS. It will lead to that an Omaha server won't be accessible.
Enable Client Update Protocol v2
- Use Omaha eckeytool to generate private.pem key and cup_ecdsa_pubkey.{KEYID}.h files.
- Add cup_ecdsa_pubkey.{KEYID}.h to Omaha source directory /path/to/omaha/omaha/net/, set CupEcdsaRequestImpl::kCupProductionPublicKey in /path/to/omaha/omaha/net/cup_ecdsa_request.cc to new key and build Omaha client.
- Add private.pem keyid and path to omaha CUP_PEM_KEYS dictionary.
Links
Contributors
Thanks to Abiral Shrestha for the security reports and suggestions.
Copyright and license
This software is licensed under the Apache 2 license, quoted below.
Copyright 2020+ Omaha Consulting
Copyright 2014 - 2019 Crystalnix Limited
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.