Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Eteri
slapos
Commits
3c2a9b13
Commit
3c2a9b13
authored
May 03, 2013
by
Cédric Le Ninivin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
apache-frontend: Remove stunnel from apache frontend recipe
parent
4b915f9b
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
268 additions
and
311 deletions
+268
-311
slapos/recipe/apache_frontend/__init__.py
slapos/recipe/apache_frontend/__init__.py
+239
-310
software/apache-frontend/instance.cfg
software/apache-frontend/instance.cfg
+29
-1
No files found.
slapos/recipe/apache_frontend/__init__.py
View file @
3c2a9b13
...
@@ -64,8 +64,6 @@ class Recipe(BaseSlapRecipe):
...
@@ -64,8 +64,6 @@ class Recipe(BaseSlapRecipe):
self
.
path_list
=
[]
self
.
path_list
=
[]
self
.
requirements
,
self
.
ws
=
self
.
egg
.
working_set
()
self
.
requirements
,
self
.
ws
=
self
.
egg
.
working_set
()
# self.cron_d is a directory, where cron jobs can be registered
self
.
cron_d
=
self
.
installCrond
()
self
.
killpidfromfile
=
zc
.
buildout
.
easy_install
.
scripts
(
self
.
killpidfromfile
=
zc
.
buildout
.
easy_install
.
scripts
(
[(
'killpidfromfile'
,
'slapos.toolbox.killpidfromfile'
,
[(
'killpidfromfile'
,
'slapos.toolbox.killpidfromfile'
,
'killpidfromfile'
)],
self
.
ws
,
sys
.
executable
,
self
.
bin_directory
)[
0
]
'killpidfromfile'
)],
self
.
ws
,
sys
.
executable
,
self
.
bin_directory
)[
0
]
...
@@ -163,27 +161,30 @@ class Recipe(BaseSlapRecipe):
...
@@ -163,27 +161,30 @@ class Recipe(BaseSlapRecipe):
rewrite_rule_list
.
append
(
rewrite_rule
)
rewrite_rule_list
.
append
(
rewrite_rule
)
# Certificate stuff
# Certificate stuff
valid_certificate_str
=
self
.
parameter_dict
.
get
(
"domain_ssl_ca_cert"
)
#valid_certificate_str = self.parameter_dict.get("domain_ssl_ca_cert")
valid_key_str
=
self
.
parameter_dict
.
get
(
"domain_ssl_ca_key"
)
#valid_key_str = self.parameter_dict.get("domain_ssl_ca_key")
if
valid_certificate_str
is
None
and
valid_key_str
is
None
:
#if valid_certificate_str is None and valid_key_str is None:
ca_conf
=
self
.
installCertificateAuthority
()
# ca_conf = self.installCertificateAuthority()
key
,
certificate
=
self
.
requestCertificate
(
frontend_domain_name
)
# key, certificate = self.requestCertificate(frontend_domain_name)
else
:
#else:
ca_conf
=
self
.
installValidCertificateAuthority
(
# ca_conf = self.installValidCertificateAuthority(
frontend_domain_name
,
valid_certificate_str
,
valid_key_str
)
# frontend_domain_name, valid_certificate_str, valid_key_str)
key
=
ca_conf
.
pop
(
"key"
)
# key = ca_conf.pop("key")
certificate
=
ca_conf
.
pop
(
"certificate"
)
# certificate = ca_conf.pop("certificate")
if
service_dict
!=
{}:
#if service_dict != {}:
if
valid_certificate_str
is
not
None
and
valid_key_str
is
not
None
:
# if valid_certificate_str is not None and valid_key_str is not None:
self
.
installCertificateAuthority
()
# self.installCertificateAuthority()
stunnel_key
,
stunnel_certificate
=
\
# stunnel_key, stunnel_certificate = \
self
.
requestCertificate
(
frontend_domain_name
)
# self.requestCertificate(frontend_domain_name)
else
:
# else:
stunnel_key
,
stunnel_certificate
=
key
,
certificate
# stunnel_key, stunnel_certificate = key, certificate
self
.
installStunnel
(
service_dict
,
stunnel_key
,
stunnel_certificate
=
self
.
options
[
'key_path'
],
self
.
options
[
'cert_path'
]
stunnel_certificate
,
stunnel_key
,
ca_conf
[
"ca_crl"
],
key
,
certificate
=
self
.
options
[
'key_path'
],
self
.
options
[
'cert_path'
]
ca_conf
[
"certificate_authority_path"
])
#self.installStunnel(service_dict,
# stunnel_certificate, stunnel_key,
# self.options["ca_crl"],
# self.options["ca_dir"])
apache_parameter_dict
=
self
.
installFrontendApache
(
apache_parameter_dict
=
self
.
installFrontendApache
(
ip_list
=
[
"[%s]"
%
self
.
getGlobalIPv6Address
(),
ip_list
=
[
"[%s]"
%
self
.
getGlobalIPv6Address
(),
...
@@ -272,13 +273,13 @@ class Recipe(BaseSlapRecipe):
...
@@ -272,13 +273,13 @@ class Recipe(BaseSlapRecipe):
service_name
=
"squid_%s"
%
reference
service_name
=
"squid_%s"
%
reference
squid_ip
=
self
.
getLocalIPv4Address
()
squid_ip
=
self
.
getLocalIPv4Address
()
stunnel_port
=
base_squid_port
+
1
stunnel_port
=
base_squid_port
+
1
#
self.installSquidCache(service_name,
#
self.installSquidCache(service_name,
#
ip=squid_ip,
#
ip=squid_ip,
#
port=base_squid_port,
#
port=base_squid_port,
#
backend_host=squid_ip,
#
backend_host=squid_ip,
#
backend_port=stunnel_port,
#
backend_port=stunnel_port,
#
domain=domain,
#
domain=domain,
#
size="1G")
#
size="1G")
service_dict
[
service_name
]
=
dict
(
public_ip
=
squid_ip
,
service_dict
[
service_name
]
=
dict
(
public_ip
=
squid_ip
,
public_port
=
stunnel_port
,
public_port
=
stunnel_port
,
private_ip
=
slave_host
.
replace
(
"["
,
""
).
replace
(
"]"
,
""
),
private_ip
=
slave_host
.
replace
(
"["
,
""
).
replace
(
"]"
,
""
),
...
@@ -286,28 +287,86 @@ class Recipe(BaseSlapRecipe):
...
@@ -286,28 +287,86 @@ class Recipe(BaseSlapRecipe):
return
"%s http://%s:%s"
%
\
return
"%s http://%s:%s"
%
\
(
domain
,
squid_ip
,
base_squid_port
)
(
domain
,
squid_ip
,
base_squid_port
)
def
installSquidCache
(
self
,
name
,
ip
,
port
,
backend_host
,
# def installSquidCache(self, name, ip, port, backend_host,
backend_port
,
domain
,
size
=
"1G"
):
# backend_port, domain, size="1G"):
"""
# """
Install a squid daemon for a certain address
# Install a squid daemon for a certain address
"""
# """
# directory = self.createDataDirectory(name)
## directory = self.createDataDirectory(name)
# squid_config = dict(
## squid_config = dict(
# directory=directory,
## directory=directory,
# pid = "%s/squid.pid" % directory,
## pid = "%s/squid.pid" % directory,
# port="%s:%s" % (ip, port),
## port="%s:%s" % (ip, port),
# squidd_binary=self.options["squidd_binary"],
## squidd_binary=self.options["squidd_binary"],
# control_port="%s:%s" % (ip, control_port),
## control_port="%s:%s" % (ip, control_port),
# storage="file,%s/storage.bin,%s" % (directory, size))
## storage="file,%s/storage.bin,%s" % (directory, size))
#
##
## squid_argument_list = [squid_config['squidd_binary'].strip(),
## "-F", "-n", directory, "-P", squid_config["pid"], "-p",
## "cc_command=exec %s " % self.options["gcc_binary"] +\
## "-fpic -shared -o %o %s",
## "-f", config_file,
## "-a", squid_config["port"], "-T", squid_config["control_port"],
## "-s", squid_config["storage"]]
## environment = dict(PATH="%s:%s" % (self.options["binutils_directory"],
## os.environ.get('PATH')))
## wrapper = zc.buildout.easy_install.scripts([(name,
## 'slapos.recipe.librecipe.execute', 'executee')], self.ws,
## sys.executable, self.service_directory, arguments=[squid_argument_list,
## environment])[0]
## self.path_list.append(wrapper)
#
#
# squid_argument_list = [squid_config['squidd_binary'].strip(),
#
# "-F", "-n", directory, "-P", squid_config["pid"], "-p",
## directory = self.createDataDirectory(name)
# "cc_command=exec %s " % self.options["gcc_binary"] +\
# config = dict(
# "-fpic -shared -o %o %s",
# ip=ip,
# "-f", config_file,
# port=port,
# "-a", squid_config["port"], "-T", squid_config["control_port"],
# backend_ip=backend_host,
# "-s", squid_config["storage"]]
# backend_port=backend_port,
# domain=domain,
# # XXX Hardcoded
# access_log_path = os.path.join(self.log_directory, 'squid.access.log'),
# # XXX Hardcoded
# cache_log_path = os.path.join(self.log_directory, 'squid.cache.log'),
## cache_path=self.options['cache-path'],
# # XXX Hardcoded
# pid_filename_path=os.path.join(self.run_directory, 'squid.pid'),
# squid_binary=self.options["squid_binary"],
# )
#
# template_filename = self.getTemplateFilename('squid.conf.in')
# config_file = self.createConfigurationFile("%s.conf" % name,
# self.substituteTemplate(self.getTemplateFilename('squid.conf.in'),
# config))
#
## # Prepare directories
## prepare_path = self.createPythonScript(
## self.options['prepare-path'],
## 'slapos.recipe.librecipe.execute.execute',
## arguments=[self.options['binary-path'].strip(),
## '-z',
## '-f', configuration_path,
## ],)
##
## # Create running wrapper
## wrapper_path = self.createPythonScript(
## self.options['wrapper-path'],
## 'slapos.recipe.librecipe.execute.execute',
## arguments=[self.options['binary-path'].strip(),
## '-N',
## '-f', configuration_path,
## ],)
##
## return [configuration_path, wrapper_path, prepare_path]
#
# squid_argument_list = [config['squid_binary'].strip(),
# "-N", "-f", config_file]
## "cc_command=exec %s " % self.options["gcc_binary"] +\
## "-fpic -shared -o %o %s",
## "-f", config_file,
## "-a", config["port"], "-T", config["control_port"],
## "-s", config["storage"]]
# environment = dict(PATH="%s:%s" % (self.options["binutils_directory"],
# environment = dict(PATH="%s:%s" % (self.options["binutils_directory"],
# os.environ.get('PATH')))
# os.environ.get('PATH')))
# wrapper = zc.buildout.easy_install.scripts([(name,
# wrapper = zc.buildout.easy_install.scripts([(name,
...
@@ -315,216 +374,121 @@ class Recipe(BaseSlapRecipe):
...
@@ -315,216 +374,121 @@ class Recipe(BaseSlapRecipe):
# sys.executable, self.service_directory, arguments=[squid_argument_list,
# sys.executable, self.service_directory, arguments=[squid_argument_list,
# environment])[0]
# environment])[0]
# self.path_list.append(wrapper)
# self.path_list.append(wrapper)
# directory = self.createDataDirectory(name)
config
=
dict
(
ip
=
ip
,
port
=
port
,
backend_ip
=
backend_host
,
backend_port
=
backend_port
,
domain
=
domain
,
# XXX Hardcoded
access_log_path
=
os
.
path
.
join
(
self
.
log_directory
,
'squid.access.log'
),
# XXX Hardcoded
cache_log_path
=
os
.
path
.
join
(
self
.
log_directory
,
'squid.cache.log'
),
# cache_path=self.options['cache-path'],
# XXX Hardcoded
pid_filename_path
=
os
.
path
.
join
(
self
.
run_directory
,
'squid.pid'
),
squid_binary
=
self
.
options
[
"squid_binary"
],
)
template_filename
=
self
.
getTemplateFilename
(
'squid.conf.in'
)
config_file
=
self
.
createConfigurationFile
(
"%s.conf"
%
name
,
self
.
substituteTemplate
(
self
.
getTemplateFilename
(
'squid.conf.in'
),
config
))
# # Prepare directories
# prepare_path = self.createPythonScript(
# self.options['prepare-path'],
# 'slapos.recipe.librecipe.execute.execute',
# arguments=[self.options['binary-path'].strip(),
# '-z',
# '-f', configuration_path,
# ],)
#
#
# # Create running wrapper
# return config
# wrapper_path = self.createPythonScript(
# self.options['wrapper-path'],
# def requestCertificate(self, name):
# 'slapos.recipe.librecipe.execute.execute',
# hash = hashlib.sha512(name).hexdigest()
# arguments=[self.options['binary-path'].strip(),
# key = os.path.join(self.ca_private, hash + self.ca_key_ext)
# '-N',
# certificate = os.path.join(self.ca_certs, hash + self.ca_crt_ext)
# '-f', configuration_path,
# parser = ConfigParser.RawConfigParser()
# ],)
# parser.add_section('certificate')
# parser.set('certificate', 'name', name)
# parser.set('certificate', 'key_file', key)
# parser.set('certificate', 'certificate_file', certificate)
# parser.write(open(os.path.join(self.ca_request_dir, hash), 'w'))
# return key, certificate
# def installCrond(self):
# timestamps = self.createDataDirectory('cronstamps')
# cron_output = os.path.join(self.log_directory, 'cron-output')
# self._createDirectory(cron_output)
# catcher = zc.buildout.easy_install.scripts([('catchcron',
# __name__ + '.catdatefile', 'catdatefile')], self.ws, sys.executable,
# self.bin_directory, arguments=[cron_output])[0]
# self.path_list.append(catcher)
# cron_d = os.path.join(self.etc_directory, 'cron.d')
# crontabs = os.path.join(self.etc_directory, 'crontabs')
# self._createDirectory(cron_d)
# self._createDirectory(crontabs)
# wrapper = zc.buildout.easy_install.scripts([('crond',
# 'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
# self.service_directory, arguments=[
# self.options['dcrond_binary'].strip(), '-s', cron_d, '-c', crontabs,
# '-t', timestamps, '-f', '-l', '5', '-M', catcher]
# )[0]
# self.path_list.append(wrapper)
# return cron_d
# def installValidCertificateAuthority(self, domain_name, certificate, key):
# ca_dir = os.path.join(self.data_root_directory, 'ca')
# ca_private = os.path.join(ca_dir, 'private')
# ca_certs = os.path.join(ca_dir, 'certs')
# ca_crl = os.path.join(ca_dir, 'crl')
# self._createDirectory(ca_dir)
# for path in (ca_private, ca_certs, ca_crl):
# self._createDirectory(path)
# key_path = os.path.join(ca_private, domain_name + ".key")
# certificate_path = os.path.join(ca_certs, domain_name + ".crt")
# self._writeFile(key_path, key)
# self._writeFile(certificate_path, certificate)
# return dict(certificate_authority_path=ca_dir,
# ca_crl=ca_crl,
# certificate=certificate_path,
# key=key_path)
#
#
# return [configuration_path, wrapper_path, prepare_path]
# def installCertificateAuthority(self, ca_country_code='XX',
# ca_email='xx@example.com', ca_state='State', ca_city='City',
squid_argument_list
=
[
config
[
'squid_binary'
].
strip
(),
# ca_company='Company'):
"-N"
,
"-f"
,
config_file
]
# backup_path = self.createBackupDirectory('ca')
# "cc_command=exec %s " % self.options["gcc_binary"] +\
# self.ca_dir = os.path.join(self.data_root_directory, 'ca')
# "-fpic -shared -o %o %s",
# self._createDirectory(self.ca_dir)
# "-f", config_file,
# self.ca_request_dir = os.path.join(self.ca_dir, 'requests')
# "-a", config["port"], "-T", config["control_port"],
# self._createDirectory(self.ca_request_dir)
# "-s", config["storage"]]
# config = dict(ca_dir=self.ca_dir, request_dir=self.ca_request_dir)
environment
=
dict
(
PATH
=
"%s:%s"
%
(
self
.
options
[
"binutils_directory"
],
# self.ca_private = os.path.join(self.ca_dir, 'private')
os
.
environ
.
get
(
'PATH'
)))
# self.ca_certs = os.path.join(self.ca_dir, 'certs')
wrapper
=
zc
.
buildout
.
easy_install
.
scripts
([(
name
,
# self.ca_crl = os.path.join(self.ca_dir, 'crl')
'slapos.recipe.librecipe.execute'
,
'executee'
)],
self
.
ws
,
# self.ca_newcerts = os.path.join(self.ca_dir, 'newcerts')
sys
.
executable
,
self
.
service_directory
,
arguments
=
[
squid_argument_list
,
# self.ca_key_ext = '.key'
environment
])[
0
]
# self.ca_crt_ext = '.crt'
self
.
path_list
.
append
(
wrapper
)
# for d in [self.ca_private, self.ca_crl, self.ca_newcerts, self.ca_certs]:
# self._createDirectory(d)
return
config
# for f in ['crlnumber', 'serial']:
# if not os.path.exists(os.path.join(self.ca_dir, f)):
# open(os.path.join(self.ca_dir, f), 'w').write('01')
# if not os.path.exists(os.path.join(self.ca_dir, 'index.txt')):
# open(os.path.join(self.ca_dir, 'index.txt'), 'w').write('')
def
configureVarnishSlave
(
self
,
base_varnish_port
,
url
,
reference
,
# openssl_configuration = os.path.join(self.ca_dir, 'openssl.cnf')
service_dict
,
domain
):
# config.update(
# Varnish should use stunnel to connect to the backend
# working_directory=self.ca_dir,
base_varnish_control_port
=
base_varnish_port
# country_code=ca_country_code,
base_varnish_port
+=
1
# state=ca_state,
# Use regex
# city=ca_city,
host_regex
=
"((
\
[
\
w*|[0-9]+
\
.)(
\
:|)).*(
\
]|
\
.[0-9]+)"
# company=ca_company,
slave_host
=
re
.
search
(
host_regex
,
url
).
group
(
0
)
# email_address=ca_email,
port_regex
=
"
\
w+(
\
/|)$"
# )
matcher
=
re
.
search
(
port_regex
,
url
)
# self._writeFile(openssl_configuration, pkg_resources.resource_string(
if
matcher
is
not
None
:
# __name__, 'template/openssl.cnf.ca.in') % config)
slave_port
=
matcher
.
group
(
0
)
#
slave_port
=
slave_port
.
replace
(
"/"
,
""
)
# # XXX-Cedric: Don't use this, but use slapos.recipe.certificate_authority
elif
url
.
startswith
(
"https://"
):
# # from the instance profile.
slave_port
=
443
# self.path_list.extend(zc.buildout.easy_install.scripts([
else
:
# ('certificate_authority', __name__ + '.certificate_authority',
slave_port
=
80
# 'runCertificateAuthority')],
service_name
=
"varnish_%s"
%
reference
# self.ws, sys.executable, self.service_directory, arguments=[dict(
varnish_ip
=
self
.
getLocalIPv4Address
()
# openssl_configuration=openssl_configuration,
stunnel_port
=
base_varnish_port
+
1
# openssl_binary=self.options['openssl_binary'],
self
.
installVarnishCache
(
service_name
,
# certificate=os.path.join(self.ca_dir, 'cacert.pem'),
ip
=
varnish_ip
,
# key=os.path.join(self.ca_private, 'cakey.pem'),
port
=
base_varnish_port
,
# crl=os.path.join(self.ca_crl),
control_port
=
base_varnish_control_port
,
# request_dir=self.ca_request_dir
backend_host
=
varnish_ip
,
# )]))
backend_port
=
stunnel_port
,
size
=
"1G"
)
service_dict
[
service_name
]
=
dict
(
public_ip
=
varnish_ip
,
public_port
=
stunnel_port
,
private_ip
=
slave_host
.
replace
(
"["
,
""
).
replace
(
"]"
,
""
),
private_port
=
slave_port
)
return
"%s http://%s:%s"
%
\
(
domain
,
varnish_ip
,
base_varnish_port
)
def
requestCertificate
(
self
,
name
):
hash
=
hashlib
.
sha512
(
name
).
hexdigest
()
key
=
os
.
path
.
join
(
self
.
ca_private
,
hash
+
self
.
ca_key_ext
)
certificate
=
os
.
path
.
join
(
self
.
ca_certs
,
hash
+
self
.
ca_crt_ext
)
parser
=
ConfigParser
.
RawConfigParser
()
parser
.
add_section
(
'certificate'
)
parser
.
set
(
'certificate'
,
'name'
,
name
)
parser
.
set
(
'certificate'
,
'key_file'
,
key
)
parser
.
set
(
'certificate'
,
'certificate_file'
,
certificate
)
parser
.
write
(
open
(
os
.
path
.
join
(
self
.
ca_request_dir
,
hash
),
'w'
))
return
key
,
certificate
def
installCrond
(
self
):
timestamps
=
self
.
createDataDirectory
(
'cronstamps'
)
cron_output
=
os
.
path
.
join
(
self
.
log_directory
,
'cron-output'
)
self
.
_createDirectory
(
cron_output
)
catcher
=
zc
.
buildout
.
easy_install
.
scripts
([(
'catchcron'
,
__name__
+
'.catdatefile'
,
'catdatefile'
)],
self
.
ws
,
sys
.
executable
,
self
.
bin_directory
,
arguments
=
[
cron_output
])[
0
]
self
.
path_list
.
append
(
catcher
)
cron_d
=
os
.
path
.
join
(
self
.
etc_directory
,
'cron.d'
)
crontabs
=
os
.
path
.
join
(
self
.
etc_directory
,
'crontabs'
)
self
.
_createDirectory
(
cron_d
)
self
.
_createDirectory
(
crontabs
)
wrapper
=
zc
.
buildout
.
easy_install
.
scripts
([(
'crond'
,
'slapos.recipe.librecipe.execute'
,
'execute'
)],
self
.
ws
,
sys
.
executable
,
self
.
service_directory
,
arguments
=
[
self
.
options
[
'dcrond_binary'
].
strip
(),
'-s'
,
cron_d
,
'-c'
,
crontabs
,
'-t'
,
timestamps
,
'-f'
,
'-l'
,
'5'
,
'-M'
,
catcher
]
)[
0
]
self
.
path_list
.
append
(
wrapper
)
return
cron_d
def
installValidCertificateAuthority
(
self
,
domain_name
,
certificate
,
key
):
ca_dir
=
os
.
path
.
join
(
self
.
data_root_directory
,
'ca'
)
ca_private
=
os
.
path
.
join
(
ca_dir
,
'private'
)
ca_certs
=
os
.
path
.
join
(
ca_dir
,
'certs'
)
ca_crl
=
os
.
path
.
join
(
ca_dir
,
'crl'
)
self
.
_createDirectory
(
ca_dir
)
for
path
in
(
ca_private
,
ca_certs
,
ca_crl
):
self
.
_createDirectory
(
path
)
key_path
=
os
.
path
.
join
(
ca_private
,
domain_name
+
".key"
)
certificate_path
=
os
.
path
.
join
(
ca_certs
,
domain_name
+
".crt"
)
self
.
_writeFile
(
key_path
,
key
)
self
.
_writeFile
(
certificate_path
,
certificate
)
return
dict
(
certificate_authority_path
=
ca_dir
,
ca_crl
=
ca_crl
,
certificate
=
certificate_path
,
key
=
key_path
)
def
installCertificateAuthority
(
self
,
ca_country_code
=
'XX'
,
ca_email
=
'xx@example.com'
,
ca_state
=
'State'
,
ca_city
=
'City'
,
ca_company
=
'Company'
):
backup_path
=
self
.
createBackupDirectory
(
'ca'
)
self
.
ca_dir
=
os
.
path
.
join
(
self
.
data_root_directory
,
'ca'
)
self
.
_createDirectory
(
self
.
ca_dir
)
self
.
ca_request_dir
=
os
.
path
.
join
(
self
.
ca_dir
,
'requests'
)
self
.
_createDirectory
(
self
.
ca_request_dir
)
config
=
dict
(
ca_dir
=
self
.
ca_dir
,
request_dir
=
self
.
ca_request_dir
)
self
.
ca_private
=
os
.
path
.
join
(
self
.
ca_dir
,
'private'
)
self
.
ca_certs
=
os
.
path
.
join
(
self
.
ca_dir
,
'certs'
)
self
.
ca_crl
=
os
.
path
.
join
(
self
.
ca_dir
,
'crl'
)
self
.
ca_newcerts
=
os
.
path
.
join
(
self
.
ca_dir
,
'newcerts'
)
self
.
ca_key_ext
=
'.key'
self
.
ca_crt_ext
=
'.crt'
for
d
in
[
self
.
ca_private
,
self
.
ca_crl
,
self
.
ca_newcerts
,
self
.
ca_certs
]:
self
.
_createDirectory
(
d
)
for
f
in
[
'crlnumber'
,
'serial'
]:
if
not
os
.
path
.
exists
(
os
.
path
.
join
(
self
.
ca_dir
,
f
)):
open
(
os
.
path
.
join
(
self
.
ca_dir
,
f
),
'w'
).
write
(
'01'
)
if
not
os
.
path
.
exists
(
os
.
path
.
join
(
self
.
ca_dir
,
'index.txt'
)):
open
(
os
.
path
.
join
(
self
.
ca_dir
,
'index.txt'
),
'w'
).
write
(
''
)
openssl_configuration
=
os
.
path
.
join
(
self
.
ca_dir
,
'openssl.cnf'
)
config
.
update
(
working_directory
=
self
.
ca_dir
,
country_code
=
ca_country_code
,
state
=
ca_state
,
city
=
ca_city
,
company
=
ca_company
,
email_address
=
ca_email
,
)
self
.
_writeFile
(
openssl_configuration
,
pkg_resources
.
resource_string
(
__name__
,
'template/openssl.cnf.ca.in'
)
%
config
)
# XXX-Cedric: Don't use this, but use slapos.recipe.certificate_authority
# from the instance profile.
self
.
path_list
.
extend
(
zc
.
buildout
.
easy_install
.
scripts
([
(
'certificate_authority'
,
__name__
+
'.certificate_authority'
,
'runCertificateAuthority'
)],
self
.
ws
,
sys
.
executable
,
self
.
service_directory
,
arguments
=
[
dict
(
openssl_configuration
=
openssl_configuration
,
openssl_binary
=
self
.
options
[
'openssl_binary'
],
certificate
=
os
.
path
.
join
(
self
.
ca_dir
,
'cacert.pem'
),
key
=
os
.
path
.
join
(
self
.
ca_private
,
'cakey.pem'
),
crl
=
os
.
path
.
join
(
self
.
ca_crl
),
request_dir
=
self
.
ca_request_dir
)]))
# configure backup
# configure backup
backup_cron
=
os
.
path
.
join
(
self
.
cron_d
,
'ca_rdiff_backup'
)
#
backup_cron = os.path.join(self.cron_d, 'ca_rdiff_backup')
open
(
backup_cron
,
'w'
).
write
(
#
open(backup_cron, 'w').write(
'''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''
%
dict
(
#
'''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''%dict(
rdiff_backup
=
self
.
options
[
'rdiff_backup_binary'
],
#
rdiff_backup=self.options['rdiff_backup_binary'],
source
=
self
.
ca_dir
,
#
source=self.ca_dir,
destination
=
backup_path
))
#
destination=backup_path))
self
.
path_list
.
append
(
backup_cron
)
#
self.path_list.append(backup_cron)
return
dict
(
#
return dict(
ca_certificate
=
os
.
path
.
join
(
config
[
'ca_dir'
],
'cacert.pem'
),
#
ca_certificate=os.path.join(config['ca_dir'], 'cacert.pem'),
ca_crl
=
os
.
path
.
join
(
config
[
'ca_dir'
],
'crl'
),
#
ca_crl=os.path.join(config['ca_dir'], 'crl'),
certificate_authority_path
=
config
[
'ca_dir'
]
#
certificate_authority_path=config['ca_dir']
)
#
)
def
_getApacheConfigurationDict
(
self
,
name
,
ip_list
,
port
):
def
_getApacheConfigurationDict
(
self
,
name
,
ip_list
,
port
):
apache_conf
=
dict
()
apache_conf
=
dict
()
...
@@ -543,41 +507,6 @@ class Recipe(BaseSlapRecipe):
...
@@ -543,41 +507,6 @@ class Recipe(BaseSlapRecipe):
apache_conf
[
'access_log'
]
=
self
.
options
[
'access-log'
]
apache_conf
[
'access_log'
]
=
self
.
options
[
'access-log'
]
return
apache_conf
return
apache_conf
def
installVarnishCache
(
self
,
name
,
ip
,
port
,
control_port
,
backend_host
,
backend_port
,
size
=
"1G"
):
"""
Install a varnish daemon for a certain address
"""
directory
=
self
.
createDataDirectory
(
name
)
varnish_config
=
dict
(
directory
=
directory
,
pid
=
"%s/varnish.pid"
%
directory
,
port
=
"%s:%s"
%
(
ip
,
port
),
varnishd_binary
=
self
.
options
[
"varnishd_binary"
],
control_port
=
"%s:%s"
%
(
ip
,
control_port
),
storage
=
"file,%s/storage.bin,%s"
%
(
directory
,
size
))
config_file
=
self
.
createConfigurationFile
(
"%s.conf"
%
name
,
self
.
substituteTemplate
(
self
.
getTemplateFilename
(
'varnish.vcl.in'
),
dict
(
backend_host
=
backend_host
,
backend_port
=
backend_port
)))
varnish_argument_list
=
[
varnish_config
[
'varnishd_binary'
].
strip
(),
"-F"
,
"-n"
,
directory
,
"-P"
,
varnish_config
[
"pid"
],
"-p"
,
"cc_command=exec %s "
%
self
.
options
[
"gcc_binary"
]
+
\
"-fpic -shared -o %o %s"
,
"-f"
,
config_file
,
"-a"
,
varnish_config
[
"port"
],
"-T"
,
varnish_config
[
"control_port"
],
"-s"
,
varnish_config
[
"storage"
]]
environment
=
dict
(
PATH
=
"%s:%s"
%
(
self
.
options
[
"binutils_directory"
],
os
.
environ
.
get
(
'PATH'
)))
wrapper
=
zc
.
buildout
.
easy_install
.
scripts
([(
name
,
'slapos.recipe.librecipe.execute'
,
'executee'
)],
self
.
ws
,
sys
.
executable
,
self
.
service_directory
,
arguments
=
[
varnish_argument_list
,
environment
])[
0
]
self
.
path_list
.
append
(
wrapper
)
return
varnish_config
def
installStunnel
(
self
,
service_dict
,
certificate
,
def
installStunnel
(
self
,
service_dict
,
certificate
,
key
,
ca_crl
,
ca_path
):
key
,
ca_crl
,
ca_path
):
"""Installs stunnel
"""Installs stunnel
...
@@ -669,14 +598,14 @@ class Recipe(BaseSlapRecipe):
...
@@ -669,14 +598,14 @@ class Recipe(BaseSlapRecipe):
open
(
custom_apache_virtual_configuration_file_location
,
'w'
)
open
(
custom_apache_virtual_configuration_file_location
,
'w'
)
# Create backup of custom apache configuration
# Create backup of custom apache configuration
backup_path
=
self
.
createBackupDirectory
(
'custom_apache_conf_backup'
)
#
backup_path = self.createBackupDirectory('custom_apache_conf_backup')
backup_cron
=
os
.
path
.
join
(
self
.
cron_d
,
'custom_apache_conf_backup'
)
#
backup_cron = os.path.join(self.cron_d, 'custom_apache_conf_backup')
open
(
backup_cron
,
'w'
).
write
(
#
open(backup_cron, 'w').write(
'''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''
%
dict
(
#
'''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''%dict(
rdiff_backup
=
self
.
options
[
'rdiff_backup_binary'
],
#
rdiff_backup=self.options['rdiff_backup_binary'],
source
=
custom_apache_configuration_directory
,
#
source=custom_apache_configuration_directory,
destination
=
backup_path
))
#
destination=backup_path))
self
.
path_list
.
append
(
backup_cron
)
#
self.path_list.append(backup_cron)
# Create configuration file and rewritemaps
# Create configuration file and rewritemaps
apachemap_path
=
self
.
createConfigurationFile
(
apachemap_path
=
self
.
createConfigurationFile
(
...
...
software/apache-frontend/instance.cfg
View file @
3c2a9b13
...
@@ -37,6 +37,7 @@ cronstamps = $${:etc}/cronstamps
...
@@ -37,6 +37,7 @@ cronstamps = $${:etc}/cronstamps
ca-dir = $${:srv}/ssl
ca-dir = $${:srv}/ssl
squid-cache = $${:srv}/squid_cache
squid-cache = $${:srv}/squid_cache
stunnel-conf = $${:etc}/stunnel
[instance-parameter]
[instance-parameter]
# Fetches parameters defined in SlapOS Master for this instance.
# Fetches parameters defined in SlapOS Master for this instance.
...
@@ -115,6 +116,31 @@ wrapper = $${directory:service}/apache_frontend
...
@@ -115,6 +116,31 @@ wrapper = $${directory:service}/apache_frontend
# Put domain name
# Put domain name
name = $${instance-parameter:configuration.domain}
name = $${instance-parameter:configuration.domain}
[ca-stunnel]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = $${directory:stunnel-conf}/stunnel.key
cert-file = $${directory:stunnel-conf}/stunnel.crt
executable = $${stunnel:wrapper}
wrapper = $${basedirectory:services}/stunnel
[stunnel]
recipe = slapos.cookbook:stunnel
stunnel-binary = ${stunnel:location}/bin/stunnel
wrapper = $${directory:bin}/stunnel
log-file = $${directory:log}/stunnel.log
config-file = $${directory:etc}/stunnel.conf
key-file = $${ca-stunnel:key-file}
cert-file = $${ca-stunnel:cert-file}
pid-file = $${directory:run}/stunnel.pid
local-port = $${squid-hardcoded:backend-port}
local-host = $${squid-hardcoded:backend-ip}
remote-host = $${squid-hardcoded:remote-host}
remote-port = $${squid-hardcoded:remote-port}
client = false
post-rotate-script = $${directory:bin}/stunnel_post_rotate
[cron]
[cron]
recipe = slapos.cookbook:cron
recipe = slapos.cookbook:cron
dcrond-binary = ${dcron:location}/sbin/crond
dcrond-binary = ${dcron:location}/sbin/crond
...
@@ -184,3 +210,5 @@ port = 26010
...
@@ -184,3 +210,5 @@ port = 26010
backend-ip = 10.0.24.140
backend-ip = 10.0.24.140
backend-port = 26011
backend-port = 26011
domain = softinst34784.bateau.org
domain = softinst34784.bateau.org
remote-host = 2001:470:1f14:169:d418:9eb7:1bea:8983
remote-port = 16001
\ No newline at end of file
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment