Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Eteri
slapos
Commits
572b8e6d
Commit
572b8e6d
authored
Jan 08, 2013
by
Marco Mariani
Browse files
Options
Browse Files
Download
Plain Diff
Merge remote-tracking branch 'origin/master' into lapp-resilient3
parents
1a31d960
a695668b
Changes
11
Hide whitespace changes
Inline
Side-by-side
Showing
11 changed files
with
369 additions
and
136 deletions
+369
-136
CHANGES.txt
CHANGES.txt
+16
-0
component/busybox/buildout.cfg
component/busybox/buildout.cfg
+1
-1
setup.py
setup.py
+27
-1
slapos/recipe/apache_frontend/__init__.py
slapos/recipe/apache_frontend/__init__.py
+61
-11
slapos/recipe/apache_frontend/template/apache.conf.in
slapos/recipe/apache_frontend/template/apache.conf.in
+28
-20
slapos/recipe/apache_frontend/template/apache.conf.path-protected.in
...pe/apache_frontend/template/apache.conf.path-protected.in
+7
-3
software/apache-frontend/README.apache_frontend.txt
software/apache-frontend/README.apache_frontend.txt
+77
-16
software/apache-frontend/common.cfg
software/apache-frontend/common.cfg
+51
-0
software/apache-frontend/development.cfg
software/apache-frontend/development.cfg
+32
-0
software/apache-frontend/instance.cfg
software/apache-frontend/instance.cfg
+22
-1
software/apache-frontend/software.cfg
software/apache-frontend/software.cfg
+47
-83
No files found.
CHANGES.txt
View file @
572b8e6d
Changes
Changes
=======
=======
0.71.1 (2013-01-04)
-------------------
* Frontend: Sort instances by reference to avoid attacks. [Cedric de Saint
Martin]
* Frontend: Add public_ipv4 parameter support to ease deployment of slave
frontend. [Cedric de Saint Martin]
* Frontend: Move apache_frontend wrappers to watched directory (etc/service).
[Cedric de Saint Martin]
* Frontend: Add native path to varnish environment. [Cedric de Saint Martin]
0.71 (2012-12-20)
-----------------
* frontend: Add "path" parameter for Zope instances. [Cedric de Saint Martin]
0.70 (2012-11-05)
0.70 (2012-11-05)
-----------------
-----------------
...
...
component/busybox/buildout.cfg
View file @
572b8e6d
...
@@ -5,7 +5,7 @@ parts = busybox
...
@@ -5,7 +5,7 @@ parts = busybox
[busybox]
[busybox]
recipe = slapos.recipe.build
recipe = slapos.recipe.build
url = http://git.busybox.net/busybox/snapshot/busybox-1_20_1.tar.gz
url = http://git.busybox.net/busybox/snapshot/busybox-1_20_1.tar.gz
md5sum =
15758fc37ae8051d6def1b8afb691821
md5sum =
2dcfee8add6b9c52d6a91e97ba705b66
script =
script =
extract_dir = self.extract(self.download(%(url)r, %(md5sum)r))
extract_dir = self.extract(self.download(%(url)r, %(md5sum)r))
workdir = guessworkdir(extract_dir)
workdir = guessworkdir(extract_dir)
...
...
setup.py
View file @
572b8e6d
##############################################################################
#
# Copyright (c) 2010-2013 Vifib SARL and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
from
setuptools
import
setup
,
find_packages
from
setuptools
import
setup
,
find_packages
import
glob
import
glob
import
os
import
os
version
=
'0.7
0.1
-dev'
version
=
'0.7
1.2
-dev'
name
=
'slapos.cookbook'
name
=
'slapos.cookbook'
long_description
=
open
(
"README.txt"
).
read
()
+
"
\
n
"
+
\
long_description
=
open
(
"README.txt"
).
read
()
+
"
\
n
"
+
\
open
(
"CHANGES.txt"
).
read
()
+
"
\
n
"
open
(
"CHANGES.txt"
).
read
()
+
"
\
n
"
...
...
slapos/recipe/apache_frontend/__init__.py
View file @
572b8e6d
...
@@ -28,6 +28,7 @@ from slapos.recipe.librecipe import BaseSlapRecipe
...
@@ -28,6 +28,7 @@ from slapos.recipe.librecipe import BaseSlapRecipe
import
os
import
os
import
pkg_resources
import
pkg_resources
import
hashlib
import
hashlib
import
operator
import
sys
import
sys
import
zc.buildout
import
zc.buildout
import
zc.recipe.egg
import
zc.recipe.egg
...
@@ -43,6 +44,9 @@ class Recipe(BaseSlapRecipe):
...
@@ -43,6 +44,9 @@ class Recipe(BaseSlapRecipe):
'template/%s'
%
template_name
)
'template/%s'
%
template_name
)
def
_install
(
self
):
def
_install
(
self
):
# Define directory not defined in deprecated lib
self
.
service_directory
=
os
.
path
.
join
(
self
.
etc_directory
,
'service'
)
# Check for mandatory arguments
# Check for mandatory arguments
frontend_domain_name
=
self
.
parameter_dict
.
get
(
"domain"
)
frontend_domain_name
=
self
.
parameter_dict
.
get
(
"domain"
)
if
frontend_domain_name
is
None
:
if
frontend_domain_name
is
None
:
...
@@ -69,9 +73,17 @@ class Recipe(BaseSlapRecipe):
...
@@ -69,9 +73,17 @@ class Recipe(BaseSlapRecipe):
rewrite_rule_list
=
[]
rewrite_rule_list
=
[]
rewrite_rule_zope_list
=
[]
rewrite_rule_zope_list
=
[]
rewrite_rule_zope_path_list
=
[]
slave_dict
=
{}
slave_dict
=
{}
service_dict
=
{}
service_dict
=
{}
# Sort slave instance by reference to avoid most security issues
slave_instance_list
=
sorted
(
slave_instance_list
,
key
=
operator
.
itemgetter
(
'slave_reference'
))
# dict of used domains, only used to track duplicates
domain_dict
=
{}
for
slave_instance
in
slave_instance_list
:
for
slave_instance
in
slave_instance_list
:
backend_url
=
slave_instance
.
get
(
"url"
,
None
)
backend_url
=
slave_instance
.
get
(
"url"
,
None
)
reference
=
slave_instance
.
get
(
"slave_reference"
)
reference
=
slave_instance
.
get
(
"slave_reference"
)
...
@@ -97,6 +109,12 @@ class Recipe(BaseSlapRecipe):
...
@@ -97,6 +109,12 @@ class Recipe(BaseSlapRecipe):
domain
=
"%s.%s"
%
(
reference
.
replace
(
"-"
,
""
).
lower
(),
domain
=
"%s.%s"
%
(
reference
.
replace
(
"-"
,
""
).
lower
(),
frontend_domain_name
)
frontend_domain_name
)
if
domain_dict
.
get
(
domain
):
# This domain already has been processed, skip this new one
continue
else
:
domain_dict
[
domain
]
=
True
# Define the URL where the instance will be available
# Define the URL where the instance will be available
# WARNING: we use default ports (443, 80) here.
# WARNING: we use default ports (443, 80) here.
slave_dict
[
reference
]
=
"%s%s/"
%
(
scheme
,
domain
)
slave_dict
[
reference
]
=
"%s%s/"
%
(
scheme
,
domain
)
...
@@ -118,6 +136,9 @@ class Recipe(BaseSlapRecipe):
...
@@ -118,6 +136,9 @@ class Recipe(BaseSlapRecipe):
# RewriteMap for Zope Virtual Host Monster websites.
# RewriteMap for Zope Virtual Host Monster websites.
if
slave_instance
.
get
(
"type"
,
""
).
lower
()
in
[
'zope'
]:
if
slave_instance
.
get
(
"type"
,
""
).
lower
()
in
[
'zope'
]:
rewrite_rule_zope_list
.
append
(
rewrite_rule
)
rewrite_rule_zope_list
.
append
(
rewrite_rule
)
# For Zope, we have another dict containing the path e.g '/erp5/...
rewrite_rule_path
=
"%s %s"
%
(
domain
,
slave_instance
.
get
(
'path'
,
''
))
rewrite_rule_zope_path_list
.
append
(
rewrite_rule_path
)
else
:
else
:
rewrite_rule_list
.
append
(
rewrite_rule
)
rewrite_rule_list
.
append
(
rewrite_rule
)
...
@@ -152,6 +173,7 @@ class Recipe(BaseSlapRecipe):
...
@@ -152,6 +173,7 @@ class Recipe(BaseSlapRecipe):
name
=
frontend_domain_name
,
name
=
frontend_domain_name
,
rewrite_rule_list
=
rewrite_rule_list
,
rewrite_rule_list
=
rewrite_rule_list
,
rewrite_rule_zope_list
=
rewrite_rule_zope_list
,
rewrite_rule_zope_list
=
rewrite_rule_zope_list
,
rewrite_rule_zope_path_list
=
rewrite_rule_zope_path_list
,
key
=
key
,
certificate
=
certificate
)
key
=
key
,
certificate
=
certificate
)
# Send connection informations about each slave
# Send connection informations about each slave
...
@@ -160,9 +182,12 @@ class Recipe(BaseSlapRecipe):
...
@@ -160,9 +182,12 @@ class Recipe(BaseSlapRecipe):
"instance: %s"
%
reference
)
"instance: %s"
%
reference
)
try
:
try
:
connection_dict
=
{
connection_dict
=
{
'frontend_ipv6_address'
:
self
.
getGlobalIPv6Address
(),
# Send the public IPs (if possible) so that user knows what IP
'frontend_ipv4_address'
:
self
.
getLocalIPv4Address
(),
# to bind to its domain name
'site_url'
:
url
'frontend_ipv6_address'
:
self
.
getGlobalIPv6Address
(),
'frontend_ipv4_address'
:
self
.
parameter_dict
.
get
(
"public-ipv4"
,
self
.
getLocalIPv4Address
()),
'site_url'
:
url
,
}
}
self
.
setConnectionDict
(
connection_dict
,
reference
)
self
.
setConnectionDict
(
connection_dict
,
reference
)
except
:
except
:
...
@@ -289,7 +314,7 @@ class Recipe(BaseSlapRecipe):
...
@@ -289,7 +314,7 @@ class Recipe(BaseSlapRecipe):
self
.
_createDirectory
(
crontabs
)
self
.
_createDirectory
(
crontabs
)
wrapper
=
zc
.
buildout
.
easy_install
.
scripts
([(
'crond'
,
wrapper
=
zc
.
buildout
.
easy_install
.
scripts
([(
'crond'
,
'slapos.recipe.librecipe.execute'
,
'execute'
)],
self
.
ws
,
sys
.
executable
,
'slapos.recipe.librecipe.execute'
,
'execute'
)],
self
.
ws
,
sys
.
executable
,
self
.
wrapper
_directory
,
arguments
=
[
self
.
service
_directory
,
arguments
=
[
self
.
options
[
'dcrond_binary'
].
strip
(),
'-s'
,
cron_d
,
'-c'
,
crontabs
,
self
.
options
[
'dcrond_binary'
].
strip
(),
'-s'
,
cron_d
,
'-c'
,
crontabs
,
'-t'
,
timestamps
,
'-f'
,
'-l'
,
'5'
,
'-M'
,
catcher
]
'-t'
,
timestamps
,
'-f'
,
'-l'
,
'5'
,
'-M'
,
catcher
]
)[
0
]
)[
0
]
...
@@ -346,10 +371,13 @@ class Recipe(BaseSlapRecipe):
...
@@ -346,10 +371,13 @@ class Recipe(BaseSlapRecipe):
)
)
self
.
_writeFile
(
openssl_configuration
,
pkg_resources
.
resource_string
(
self
.
_writeFile
(
openssl_configuration
,
pkg_resources
.
resource_string
(
__name__
,
'template/openssl.cnf.ca.in'
)
%
config
)
__name__
,
'template/openssl.cnf.ca.in'
)
%
config
)
# XXX-Cedric: Don't use this, but use slapos.recipe.certificate_authority
# from the instance profile.
self
.
path_list
.
extend
(
zc
.
buildout
.
easy_install
.
scripts
([
self
.
path_list
.
extend
(
zc
.
buildout
.
easy_install
.
scripts
([
(
'certificate_authority'
,
__name__
+
'.certificate_authority'
,
(
'certificate_authority'
,
__name__
+
'.certificate_authority'
,
'runCertificateAuthority'
)],
'runCertificateAuthority'
)],
self
.
ws
,
sys
.
executable
,
self
.
wrapper
_directory
,
arguments
=
[
dict
(
self
.
ws
,
sys
.
executable
,
self
.
service
_directory
,
arguments
=
[
dict
(
openssl_configuration
=
openssl_configuration
,
openssl_configuration
=
openssl_configuration
,
openssl_binary
=
self
.
options
[
'openssl_binary'
],
openssl_binary
=
self
.
options
[
'openssl_binary'
],
certificate
=
os
.
path
.
join
(
self
.
ca_dir
,
'cacert.pem'
),
certificate
=
os
.
path
.
join
(
self
.
ca_dir
,
'cacert.pem'
),
...
@@ -382,6 +410,8 @@ class Recipe(BaseSlapRecipe):
...
@@ -382,6 +410,8 @@ class Recipe(BaseSlapRecipe):
name
+
'.lock'
)
name
+
'.lock'
)
apache_conf
[
'document_root'
]
=
os
.
path
.
join
(
self
.
data_root_directory
,
apache_conf
[
'document_root'
]
=
os
.
path
.
join
(
self
.
data_root_directory
,
'htdocs'
)
'htdocs'
)
apache_conf
[
'instance_home'
]
=
os
.
path
.
join
(
self
.
work_directory
)
apache_conf
[
'httpd_home'
]
=
self
.
options
[
'httpd_home'
]
apache_conf
[
'ip_list'
]
=
ip_list
apache_conf
[
'ip_list'
]
=
ip_list
apache_conf
[
'port'
]
=
port
apache_conf
[
'port'
]
=
port
apache_conf
[
'server_admin'
]
=
'admin@'
apache_conf
[
'server_admin'
]
=
'admin@'
...
@@ -419,10 +449,11 @@ class Recipe(BaseSlapRecipe):
...
@@ -419,10 +449,11 @@ class Recipe(BaseSlapRecipe):
"-f"
,
config_file
,
"-f"
,
config_file
,
"-a"
,
varnish_config
[
"port"
],
"-T"
,
varnish_config
[
"control_port"
],
"-a"
,
varnish_config
[
"port"
],
"-T"
,
varnish_config
[
"control_port"
],
"-s"
,
varnish_config
[
"storage"
]]
"-s"
,
varnish_config
[
"storage"
]]
environment
=
dict
(
PATH
=
self
.
options
[
"binutils_directory"
])
environment
=
dict
(
PATH
=
"%s:%s"
%
(
self
.
options
[
"binutils_directory"
],
os
.
environ
.
get
(
'PATH'
)))
wrapper
=
zc
.
buildout
.
easy_install
.
scripts
([(
name
,
wrapper
=
zc
.
buildout
.
easy_install
.
scripts
([(
name
,
'slapos.recipe.librecipe.execute'
,
'executee'
)],
self
.
ws
,
'slapos.recipe.librecipe.execute'
,
'executee'
)],
self
.
ws
,
sys
.
executable
,
self
.
wrapper
_directory
,
arguments
=
[
varnish_argument_list
,
sys
.
executable
,
self
.
service
_directory
,
arguments
=
[
varnish_argument_list
,
environment
])[
0
]
environment
])[
0
]
self
.
path_list
.
append
(
wrapper
)
self
.
path_list
.
append
(
wrapper
)
...
@@ -461,7 +492,7 @@ class Recipe(BaseSlapRecipe):
...
@@ -461,7 +492,7 @@ class Recipe(BaseSlapRecipe):
stunnel_conf
))
stunnel_conf
))
wrapper
=
zc
.
buildout
.
easy_install
.
scripts
([(
'stunnel'
,
wrapper
=
zc
.
buildout
.
easy_install
.
scripts
([(
'stunnel'
,
'slapos.recipe.librecipe.execute'
,
'execute_wait'
)],
self
.
ws
,
'slapos.recipe.librecipe.execute'
,
'execute_wait'
)],
self
.
ws
,
sys
.
executable
,
self
.
wrapper
_directory
,
arguments
=
[
sys
.
executable
,
self
.
service
_directory
,
arguments
=
[
[
self
.
options
[
'stunnel_binary'
].
strip
(),
stunnel_conf_path
],
[
self
.
options
[
'stunnel_binary'
].
strip
(),
stunnel_conf_path
],
[
certificate
,
key
]]
[
certificate
,
key
]]
)[
0
]
)[
0
]
...
@@ -470,8 +501,17 @@ class Recipe(BaseSlapRecipe):
...
@@ -470,8 +501,17 @@ class Recipe(BaseSlapRecipe):
def
installFrontendApache
(
self
,
ip_list
,
key
,
certificate
,
name
,
def
installFrontendApache
(
self
,
ip_list
,
key
,
certificate
,
name
,
port
=
4443
,
plain_http_port
=
8080
,
port
=
4443
,
plain_http_port
=
8080
,
rewrite_rule_list
=
[],
rewrite_rule_zope_list
=
[],
rewrite_rule_list
=
None
,
rewrite_rule_zope_list
=
None
,
rewrite_rule_zope_path_list
=
None
,
access_control_string
=
None
):
access_control_string
=
None
):
if
rewrite_rule_list
is
None
:
rewrite_rule_list
=
[]
if
rewrite_rule_zope_list
is
None
:
rewrite_rule_zope_list
=
[]
if
rewrite_rule_zope_path_list
is
None
:
rewrite_rule_zope_path_list
=
[]
# Create htdocs, populate it with default 404 document
# Create htdocs, populate it with default 404 document
htdocs_location
=
os
.
path
.
join
(
self
.
data_root_directory
,
'htdocs'
)
htdocs_location
=
os
.
path
.
join
(
self
.
data_root_directory
,
'htdocs'
)
self
.
_createDirectory
(
htdocs_location
)
self
.
_createDirectory
(
htdocs_location
)
...
@@ -512,9 +552,14 @@ class Recipe(BaseSlapRecipe):
...
@@ -512,9 +552,14 @@ class Recipe(BaseSlapRecipe):
# Create configuration file and rewritemaps
# Create configuration file and rewritemaps
apachemap_name
=
"apachemap.txt"
apachemap_name
=
"apachemap.txt"
apachemapzope_name
=
"apachemapzope.txt"
apachemapzope_name
=
"apachemapzope.txt"
apachemapzopepath_name
=
"apachemapzopepath.txt"
self
.
createConfigurationFile
(
apachemap_name
,
"
\
n
"
.
join
(
rewrite_rule_list
))
self
.
createConfigurationFile
(
apachemap_name
,
"
\
n
"
.
join
(
rewrite_rule_list
))
self
.
createConfigurationFile
(
apachemapzope_name
,
self
.
createConfigurationFile
(
apachemapzope_name
,
"
\
n
"
.
join
(
rewrite_rule_zope_list
))
"
\
n
"
.
join
(
rewrite_rule_zope_list
))
self
.
createConfigurationFile
(
apachemapzopepath_name
,
"
\
n
"
.
join
(
rewrite_rule_zope_path_list
))
apache_conf
=
self
.
_getApacheConfigurationDict
(
name
,
ip_list
,
port
)
apache_conf
=
self
.
_getApacheConfigurationDict
(
name
,
ip_list
,
port
)
apache_conf
[
'ssl_snippet'
]
=
self
.
substituteTemplate
(
apache_conf
[
'ssl_snippet'
]
=
self
.
substituteTemplate
(
self
.
getTemplateFilename
(
'apache.ssl-snippet.conf.in'
),
self
.
getTemplateFilename
(
'apache.ssl-snippet.conf.in'
),
...
@@ -532,12 +577,17 @@ class Recipe(BaseSlapRecipe):
...
@@ -532,12 +577,17 @@ class Recipe(BaseSlapRecipe):
path
=
self
.
substituteTemplate
(
path
=
self
.
substituteTemplate
(
self
.
getTemplateFilename
(
'apache.conf.path-protected.in'
),
self
.
getTemplateFilename
(
'apache.conf.path-protected.in'
),
dict
(
path
=
'/'
,
access_control_string
=
'none'
))
dict
(
path
=
'/'
,
access_control_string
=
'none'
,
document_root
=
apache_conf
[
'document_root'
],
)
)
apache_conf
.
update
(
**
dict
(
apache_conf
.
update
(
**
dict
(
path_enable
=
path
,
path_enable
=
path
,
apachemap_path
=
os
.
path
.
join
(
self
.
etc_directory
,
apachemap_name
),
apachemap_path
=
os
.
path
.
join
(
self
.
etc_directory
,
apachemap_name
),
apachemapzope_path
=
os
.
path
.
join
(
self
.
etc_directory
,
apachemapzope_name
),
apachemapzope_path
=
os
.
path
.
join
(
self
.
etc_directory
,
apachemapzope_name
),
apachemapzopepath_path
=
os
.
path
.
join
(
self
.
etc_directory
,
apachemapzopepath_name
),
apache_domain
=
name
,
apache_domain
=
name
,
https_port
=
port
,
https_port
=
port
,
plain_http_port
=
plain_http_port
,
plain_http_port
=
plain_http_port
,
...
@@ -553,7 +603,7 @@ class Recipe(BaseSlapRecipe):
...
@@ -553,7 +603,7 @@ class Recipe(BaseSlapRecipe):
self
.
path_list
.
extend
(
zc
.
buildout
.
easy_install
.
scripts
([(
self
.
path_list
.
extend
(
zc
.
buildout
.
easy_install
.
scripts
([(
'frontend_apache'
,
'slapos.recipe.erp5.apache'
,
'runApache'
)],
self
.
ws
,
'frontend_apache'
,
'slapos.recipe.erp5.apache'
,
'runApache'
)],
self
.
ws
,
sys
.
executable
,
self
.
wrapper
_directory
,
arguments
=
[
sys
.
executable
,
self
.
service
_directory
,
arguments
=
[
dict
(
dict
(
required_path_list
=
[
key
,
certificate
],
required_path_list
=
[
key
,
certificate
],
binary
=
self
.
options
[
'httpd_binary'
],
binary
=
self
.
options
[
'httpd_binary'
],
...
...
slapos/recipe/apache_frontend/template/apache.conf.in
View file @
572b8e6d
...
@@ -5,12 +5,13 @@
...
@@ -5,12 +5,13 @@
PidFile "%(pid_file)s"
PidFile "%(pid_file)s"
ServerName %(server_name)s
ServerName %(server_name)s
DocumentRoot %(document_root)s
DocumentRoot %(document_root)s
ServerRoot %(instance_home)s
%(listen)s
%(listen)s
ServerAdmin %(server_admin)s
ServerAdmin %(server_admin)s
DefaultType text/plain
DefaultType text/plain
TypesConfig conf/mime.types
TypesConfig
%(httpd_home)s/
conf/mime.types
AddType application/x-compress .Z
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-gzip .gz .tgz
...
@@ -32,23 +33,23 @@ CustomLog "%(access_log)s" common
...
@@ -32,23 +33,23 @@ CustomLog "%(access_log)s" common
#LoadModule unixd_module modules/mod_unixd.so
#LoadModule unixd_module modules/mod_unixd.so
#LoadModule access_compat_module modules/mod_access_compat.so
#LoadModule access_compat_module modules/mod_access_compat.so
#LoadModule authz_core_module modules/mod_authz_core.so
#LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_host_module
%(httpd_home)s/
modules/mod_authz_host.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule log_config_module
%(httpd_home)s/
modules/mod_log_config.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule deflate_module
%(httpd_home)s/
modules/mod_deflate.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule setenvif_module
%(httpd_home)s/
modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule version_module
%(httpd_home)s/
modules/mod_version.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_module
%(httpd_home)s/
modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_http_module
%(httpd_home)s/
modules/mod_proxy_http.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule ssl_module
%(httpd_home)s/
modules/mod_ssl.so
LoadModule mime_module modules/mod_mime.so
LoadModule mime_module
%(httpd_home)s/
modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule dav_module
%(httpd_home)s/
modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule dav_fs_module
%(httpd_home)s/
modules/mod_dav_fs.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule negotiation_module
%(httpd_home)s/
modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule rewrite_module
%(httpd_home)s/
modules/mod_rewrite.so
LoadModule headers_module modules/mod_headers.so
LoadModule headers_module
%(httpd_home)s/
modules/mod_headers.so
LoadModule cache_module modules/mod_cache.so
LoadModule cache_module
%(httpd_home)s/
modules/mod_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule mem_cache_module
%(httpd_home)s/
modules/mod_mem_cache.so
LoadModule antiloris_module modules/mod_antiloris.so
LoadModule antiloris_module
%(httpd_home)s/
modules/mod_antiloris.so
# The following directives modify normal HTTP response behavior to
# The following directives modify normal HTTP response behavior to
# handle known problems with browser implementations.
# handle known problems with browser implementations.
...
@@ -99,17 +100,24 @@ Header append Vary User-Agent
...
@@ -99,17 +100,24 @@ Header append Vary User-Agent
ProxyTimeout 600
ProxyTimeout 600
RewriteEngine On
RewriteEngine On
# Define the two rewritemaps : one for zope, one generic
# Define the two RewriteMaps (key -> value store): one for Zope, one generic
# containing: rewritten URL -> original URL (a.k.a VirtualHostBase in Zope)
RewriteMap apachemapzope txt:%(apachemapzope_path)s
RewriteMap apachemapzope txt:%(apachemapzope_path)s
RewriteMap apachemapgeneric txt:%(apachemap_path)s
RewriteMap apachemapgeneric txt:%(apachemap_path)s
# Define another RewriteMap for Zope, containing:
# rewritten URL -> VirtualHostRoot
RewriteMap apachemapzopepath txt:%(apachemapzopepath_path)s
# First, we check if we have a zope backend server
# First, we check if we have a zope backend server
# If so, let's use Virtual Host Daemon rewrite
# If so, let's use Virtual Host Daemon rewrite
RewriteCond ${apachemapzope:%%{SERVER_NAME}} >""
RewriteCond ${apachemapzope:%%{SERVER_NAME}} >""
RewriteRule ^/(.*)$ ${apachemapzope:%%{SERVER_NAME}}/VirtualHostBase/https/%%{SERVER_NAME}:%%{SERVER_PORT}/VirtualHostRoot/$1 [L,P]
# We suppose that Apache listens to 443 (even indirectly thanks to things like iptables)
RewriteRule ^/(.*)$ ${apachemapzope:%%{SERVER_NAME}}/VirtualHostBase/https/%%{SERVER_NAME}:443/${apachemapzopepath:%%{SERVER_NAME}}/VirtualHostRoot/$1 [L,P]
# If we have generic backend server, let's rewrite without virtual host daemon
# If we have generic backend server, let's rewrite without virtual host daemon
RewriteCond ${apachemapgeneric:%%{SERVER_NAME}} >""
RewriteCond ${apachemapgeneric:%%{SERVER_NAME}} >""
# We suppose that Apache listens to 443 (even indirectly thanks to things like iptables)
RewriteRule ^/(.*)$ ${apachemapgeneric:%%{SERVER_NAME}}/$1 [L,P]
RewriteRule ^/(.*)$ ${apachemapgeneric:%%{SERVER_NAME}}/$1 [L,P]
# If nothing exist : put a nice error
# If nothing exist : put a nice error
...
...
slapos/recipe/apache_frontend/template/apache.conf.path-protected.in
View file @
572b8e6d
# Path protected
<Directory %(path)s>
<Location %(path)s>
Order Deny,Allow
Order Deny,Allow
Allow from %(access_control_string)s
Allow from %(access_control_string)s
</Location>
</Directory>
<Directory %(document_root)s>
Order Allow,Deny
Allow from All
</Directory>
software/apache-frontend/README.apache_frontend.txt
View file @
572b8e6d
...
@@ -9,15 +9,22 @@ It means that a single main instance of Apache will be used to act as frontend
...
@@ -9,15 +9,22 @@ It means that a single main instance of Apache will be used to act as frontend
for many slaves.
for many slaves.
How to
use
How to
deploy a frontend server
==========
==========
=====================
First, you will need to request a "master" instance of Apache Frontend with
This is to deploy an entire frontend server with a public IPv4.
"domain" parameter, like::
If you want to use an already deployed frontend to make your service available
via ipv4, switch to the "Example" parts.
First, you will need to request a "master" instance of Apache Frontend with:
* A "domain" parameter where the frontend will be available
* A "public-ipv4" parameter to state which public IPv4 will be used
like::
<?xml version='1.0' encoding='utf-8'?>
<?xml version='1.0' encoding='utf-8'?>
<instance>
<instance>
<parameter id="domain">moulefrite.org</parameter>
<parameter id="domain">moulefrite.org</parameter>
<parameter id="p
ort">443
</parameter>
<parameter id="p
ublic-ipv4">xxx.xxx.xxx.xxx
</parameter>
</instance>
</instance>
Then, it is possible to request many slave instances
Then, it is possible to request many slave instances
...
@@ -69,11 +76,11 @@ url of backend to use.
...
@@ -69,11 +76,11 @@ url of backend to use.
"url" is a mandatory parameter.
"url" is a mandatory parameter.
Example: http://mybackend.com/myresource
Example: http://mybackend.com/myresource
cache
enable_
cache
~~~~~
~~~~~
Specify if slave instance should use a varnish / stunnel to connect to backend.
Specify if slave instance should use a varnish / stunnel to connect to backend.
Possible values: "true", "false".
Possible values: "true", "false".
"
cache" is an optional parameter. Defaults to "false".
"
enable_cache" is an optional parameter. Defaults to "false".
Example: true
Example: true
type
type
...
@@ -81,30 +88,83 @@ type
...
@@ -81,30 +88,83 @@ type
Specify if slave instance will redirect to a zope backend. If specified, Apache
Specify if slave instance will redirect to a zope backend. If specified, Apache
RewriteRule will use Zope's Virtual Host Daemon.
RewriteRule will use Zope's Virtual Host Daemon.
Possible values: "zope", "default".
Possible values: "zope", "default".
"type" is an optional parameter. Defaults to "default".
"type" is an optional parameter. Defaults to "default".
Example: zope
Example: zope
custom_domain
custom_domain
~~~~~~~~~~~~~
~~~~~~~~~~~~~
Domain name to use as frontend. The frontend will be accessible from this domain.
Domain name to use as frontend. The frontend will be accessible from this domain.
"custom_domain" is an optional parameter. Defaults to
"custom_domain" is an optional parameter. Defaults to
[instancereference].[masterdomain].
[instancereference].[masterdomain].
Example: www.mycustomdomain.com
Example: www.mycustomdomain.com
path
~~~~
Only used if type is "zope".
Will append the specified path to the "VirtualHostRoot" of the zope's
VirtualHostMonster.
"path" is an optional parameter, ignored if not specified.
Example of value: "/erp5/web_site_module/hosting/"
Examples
========
Here are some example of how to make your SlapOS service available through
an already deployed frontend.
Simple Example
--------------
Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be
redirected and accessible from the proxy::
instance = request(
software_release=apache_frontend,
software_type="RootSoftwareInstance",
partition_reference='my frontend',
shared=True,
partition_parameter_kw={
"url":"https://[1:2:3:4:5:6:7:8]:1234",
}
)
Zope Example
------------
Request slave frontend instance using a Zope backend so that
https://[1:2:3:4:5:6:7:8]:1234 will be redirected and accessible from the
proxy::
instance = request(
software_release=apache_frontend,
software_type="RootSoftwareInstance",
partition_reference='my frontend',
shared=True,
partition_parameter_kw={
"url":"https://[1:2:3:4:5:6:7:8]:1234",
"type":"zope",
}
)
Advanced example
Advanced example
================
----------------
Request slave frontend instance using a Zope backend, with Varnish activated,
Request slave frontend instance using a Zope backend, with Varnish activated,
listening to a custom domain::
listening to a custom domain and redirecting to /erp5/ so that
https://[1:2:3:4:5:6:7:8]:1234/erp5/ will be redirected and accessible from
the proxy::
instance = request(
instance = request(
software_release=apache_frontend,
software_release=apache_frontend,
partition_reference='frontend2',
software_type="RootSoftwareInstance",
partition_reference='my frontend',
shared=True,
shared=True,
partition_parameter_kw={
partition_parameter_kw={
"url":"https://[1:2:3:4
]:1234/someresource
",
"url":"https://[1:2:3:4
:5:6:7:8]:1234
",
"cache":"true",
"
enable_
cache":"true",
"type":"zope",
"type":"zope",
"path":"/erp5",
"custom_domain":"mycustomdomain.com",
"custom_domain":"mycustomdomain.com",
}
}
)
)
...
@@ -115,8 +175,9 @@ Notes
...
@@ -115,8 +175,9 @@ Notes
It is not possible with slapos to listen to port <= 1024, because process are
It is not possible with slapos to listen to port <= 1024, because process are
not run as root. It is a good idea then to go on the node where the instance is
not run as root. It is a good idea then to go on the node where the instance is
and set some iptables rules like (if using default ports)::
and set some iptables rules like (if using default ports)::
iptables -t nat -A PREROUTING -p tcp -d {public ip} --dport 443 -j DNAT --to-destination {listening ip}:4443
iptables -t nat -A PREROUTING -p tcp -d {public_ip} --dport 80 -j DNAT --to-destination {listening ip}:8080
iptables -t nat -A PREROUTING -p tcp -d {public_ipv4} --dport 443 -j DNAT --to-destination {listening_ipv4}:4443
iptables -t nat -A PREROUTING -p tcp -d {public_ipv4} --dport 80 -j DNAT --to-destination {listening_ipv4}:8080
Where {public ip} is the public IP of your server, or at least the LAN IP to where your NAT will forward to.
Where {public ip} is the public IP of your server, or at least the LAN IP to where your NAT will forward to.
{listening ip} is the private ipv4 (like 10.0.34.123) that the instance is using and sending as connection parameter.
{listening ip} is the private ipv4 (like 10.0.34.123) that the instance is using and sending as connection parameter.
software/apache-frontend/common.cfg
0 → 100644
View file @
572b8e6d
[buildout]
extends =
../../component/binutils/buildout.cfg
../../component/lxml-python/buildout.cfg
../../component/apache/buildout.cfg
../../component/stunnel/buildout.cfg
../../component/varnish/buildout.cfg
../../component/dcron/buildout.cfg
../../component/logrotate/buildout.cfg
../../component/rdiff-backup/buildout.cfg
../../stack/slapos.cfg
parts =
template
binutils
apache-2.2
apache-antiloris-apache-2.2
stunnel
varnish-2.1
dcron
logrotate
rdiff-backup
# Buildoutish
eggs
instance-recipe-egg
[instance-recipe]
# Note: In case if specific instantiation recipe is used this is the place to
# put its name
egg = slapos.cookbook
module = apache.frontend
[instance-recipe-egg]
recipe = zc.recipe.egg
eggs = ${instance-recipe:egg}
[eggs]
recipe = zc.recipe.egg
eggs =
${lxml-python:egg}
[template]
# Default template for apache instance.
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance.cfg
md5sum = fea902a2b9dbf8c80ff201bcf73f9396
output = ${buildout:directory}/template.cfg
mode = 0644
\ No newline at end of file
software/apache-frontend/development.cfg
0 → 100644
View file @
572b8e6d
# Development profile of apache-frontend.
# Exactly the same as software.cfg, but fetch the slapos.cookbook
# from git repository instead of fetching stable version,
# allowing to play with bleeding edge environment.
# You'll need to run buildout twice for this profile.
[buildout]
extends =
# Extend in this order, otherwise "parts" will be taken from git profile
../../component/git/buildout.cfg
common.cfg
parts +=
slapos.cookbook-repository
develop =
${:parts-directory}/slapos.cookbook-repository
[slapos.cookbook-repository]
recipe = slapos.recipe.build:gitclone
repository = http://git.erp5.org/repos/slapos.git
branch = frontend
git-executable = ${git:location}/bin/git
[check-recipe]
recipe = plone.recipe.command
stop-on-error = true
update-command = ${:command}
command =
grep parts ${buildout:develop-eggs-directory}/slapos.cookbook.egg-link &&
software/apache-frontend/instance.cfg
View file @
572b8e6d
[buildout]
[buildout]
parts =
parts =
directory
instance
instance
configtest
eggs-directory = ${buildout:eggs-directory}
eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
# Create all needed directories
[directory]
recipe = slapos.cookbook:mkdirectory
etc = $${buildout:directory}/etc/
var = $${buildout:directory}/var/
srv = $${buildout:directory}/srv/
bin = $${buildout:directory}/bin/
service = $${:etc}/service
# Deploy Apache (old way, with monolithic recipe)
[instance]
[instance]
recipe = ${instance-recipe:egg}:${instance-recipe:module}
recipe = ${instance-recipe:egg}:${instance-recipe:module}
httpd_home = ${apache-2.2:location}
httpd_binary = ${apache-2.2:location}/bin/httpd
httpd_binary = ${apache-2.2:location}/bin/httpd
logrotate_binary = ${logrotate:location}/usr/sbin/logrotate
logrotate_binary = ${logrotate:location}/usr/sbin/logrotate
openssl_binary = ${openssl:location}/bin/openssl
openssl_binary = ${openssl:location}/bin/openssl
...
@@ -14,5 +28,12 @@ dcrond_binary = ${dcron:location}/sbin/crond
...
@@ -14,5 +28,12 @@ dcrond_binary = ${dcron:location}/sbin/crond
varnishd_binary = ${varnish-2.1:location}/sbin/varnishd
varnishd_binary = ${varnish-2.1:location}/sbin/varnishd
stunnel_binary = ${stunnel:location}/bin/stunnel
stunnel_binary = ${stunnel:location}/bin/stunnel
rdiff_backup_binary = ${buildout:bin-directory}/rdiff-backup
rdiff_backup_binary = ${buildout:bin-directory}/rdiff-backup
gcc_binary =
${gcc-java-minimal:location}/bin/
gcc
gcc_binary = gcc
binutils_directory = ${binutils:location}/bin/
binutils_directory = ${binutils:location}/bin/
# Create wrapper for "apachectl conftest" in bin
[configtest]
recipe = slapos.cookbook:wrapper
command-line = $${instance:httpd_binary} -f $${directory:etc}/apache_frontend.conf -t
output = $${directory:bin}/apache-configtest
software/apache-frontend/software.cfg
View file @
572b8e6d
[buildout]
[buildout]
versions = versions
extends = common.cfg
extends =
../../component/binutils/buildout.cfg
../../component/gcc/buildout.cfg
../../component/lxml-python/buildout.cfg
../../component/apache/buildout.cfg
../../component/stunnel/buildout.cfg
../../component/varnish/buildout.cfg
../../component/dcron/buildout.cfg
../../component/logrotate/buildout.cfg
../../component/rdiff-backup/buildout.cfg
../../stack/slapos.cfg
parts =
template
binutils
gcc-java-minimal
apache-2.2
apache-antiloris-apache-2.2
stunnel
varnish-2.1
dcron
logrotate
rdiff-backup
# Buildoutish
eggs
instance-recipe-egg
[instance-recipe]
# Note: In case if specific instantiation recipe is used this is the place to
# put its name
egg = slapos.cookbook
module = apache.frontend
[instance-recipe-egg]
recipe = zc.recipe.egg
eggs = ${instance-recipe:egg}
[eggs]
recipe = zc.recipe.egg
eggs =
${lxml-python:egg}
[template]
# Default template for apache instance.
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance.cfg
md5sum = 74c0f41246d167c020854a212e919ce4
output = ${buildout:directory}/template.cfg
mode = 0644
[versions]
[versions]
Jinja2 = 2.6
Jinja2 = 2.6
Werkzeug = 0.8.3
Werkzeug = 0.8.3
buildout-versions = 1.7
buildout-versions = 1.7
hexagonit.recipe.cmmi = 1.
5.0
hexagonit.recipe.cmmi = 1.
6
meld3 = 0.6.
8
meld3 = 0.6.
10
rdiff-backup = 1.0.5
rdiff-backup = 1.0.5
slapos.cookbook = 0.52
slapos.cookbook = 0.71.1
slapos.recipe.template = 2.3
slapos.recipe.build = 0.11.5
slapos.recipe.template = 2.4.2
# Required by:
# Required by:
# slapos.core==0.
24
# slapos.core==0.
33.1
Flask = 0.
8
Flask = 0.
9
# Required by:
# Required by:
#
slapos.cookbook==0.52
#
hexagonit.recipe.cmmi==1.6
PyXML = 0.8.4
hexagonit.recipe.download = 1.6
# Required by:
# Required by:
# slapos.cookbook==0.
52
# slapos.cookbook==0.
71.1
inotifyx = 0.2.0
inotifyx = 0.2.0
# Required by:
# Required by:
# slapos.cookbook==0.
52
# slapos.cookbook==0.
71.1
# slapos.core==0.
24
# slapos.core==0.
33.1
# xml-marshaller==0.9.7
# xml-marshaller==0.9.7
lxml =
2.3.4
lxml =
3.0.2
# Required by:
# Required by:
# slapos.cookbook==0.
52
# slapos.cookbook==0.
71.1
netaddr = 0.7.
6
netaddr = 0.7.
10
# Required by:
# Required by:
# slapos.core==0.
24
# slapos.core==0.
33.1
netifaces = 0.8
netifaces = 0.8
# Required by:
# Required by:
# slapos.cookbook==0.52
# slapos.cookbook==0.71.1
# slapos.core==0.24
pytz = 2012j
# zc.buildout==1.6.0-dev-SlapOS-004
# Required by:
# slapos.cookbook==0.71.1
# slapos.core==0.33.1
# zc.buildout==1.6.0-dev-SlapOS-010
# zc.recipe.egg==1.3.2
# zc.recipe.egg==1.3.2
setuptools = 0.6c12dev-r88846
setuptools = 0.6c12dev-r88846
# Required by:
# Required by:
# slapos.cookbook==0.
52
# slapos.cookbook==0.
71.1
slapos.core = 0.
24
slapos.core = 0.
33.1
# Required by:
# Required by:
# slapos.core==0.
24
# slapos.core==0.
33.1
supervisor = 3.0
a12
supervisor = 3.0
b1
# Required by:
# Required by:
# slapos.cookbook==0.
52
# slapos.cookbook==0.
71.1
xml-marshaller = 0.9.7
xml-marshaller = 0.9.7
# Required by:
# Required by:
# slapos.co
okbook==0.52
# slapos.co
re==0.33.1
z
c.recipe.egg = 1.3.2
z
ope.interface = 4.0.3
# Required by:
# slapos.core==0.24
zope.interface = 4.0.0
[networkcache]
[networkcache]
# Cedric de Saint Martin signature certificate
# signature certificates of the following uploaders.
# Cedric de Saint Martin
# Romain Courteaud
signature-certificate-list =
signature-certificate-list =
-----BEGIN CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIB9jCCAV+gAwIBAgIJAO4V/jiMoICoMA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV
MIIB9jCCAV+gAwIBAgIJAO4V/jiMoICoMA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV
...
@@ -133,3 +84,16 @@ signature-certificate-list =
...
@@ -133,3 +84,16 @@ signature-certificate-list =
Gn9t8mdVQflNqOlAMkOlUv1ZugCt9rXYQOV7rrEYJBWirn43BOMn9Flp2nibblby
Gn9t8mdVQflNqOlAMkOlUv1ZugCt9rXYQOV7rrEYJBWirn43BOMn9Flp2nibblby
If1a2ZoqHRxoNo2yTmm7TSYRORWVS+vvfjY=
If1a2ZoqHRxoNo2yTmm7TSYRORWVS+vvfjY=
-----END CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIB4DCCAUkCADANBgkqhkiG9w0BAQsFADA5MQswCQYDVQQGEwJGUjEZMBcGA1UE
CBMQRGVmYXVsdCBQcm92aW5jZTEPMA0GA1UEChMGTmV4ZWRpMB4XDTExMDkxNTA5
MDAwMloXDTEyMDkxNTA5MDAwMlowOTELMAkGA1UEBhMCRlIxGTAXBgNVBAgTEERl
ZmF1bHQgUHJvdmluY2UxDzANBgNVBAoTBk5leGVkaTCBnzANBgkqhkiG9w0BAQEF
AAOBjQAwgYkCgYEApYZv6OstoqNzxG1KI6iE5U4Ts2Xx9lgLeUGAMyfJLyMmRLhw
boKOyJ9Xke4dncoBAyNPokUR6iWOcnPHtMvNOsBFZ2f7VA28em3+E1JRYdeNUEtX
Z0s3HjcouaNAnPfjFTXHYj4um1wOw2cURSPuU5dpzKBbV+/QCb5DLheynisCAwEA
ATANBgkqhkiG9w0BAQsFAAOBgQBCZLbTVdrw3RZlVVMFezSHrhBYKAukTwZrNmJX
mHqi2tN8tNo6FX+wmxUUAf3e8R2Ymbdbn2bfbPpcKQ2fG7PuKGvhwMG3BlF9paEC
q7jdfWO18Zp/BG7tagz0jmmC4y/8akzHsVlruo2+2du2freE8dK746uoMlXlP93g
QUUGLQ==
-----END CERTIFICATE-----
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment