Commit 64489915 authored by Cédric Le Ninivin's avatar Cédric Le Ninivin

slaprunner: add https to access slaprunner

slaprunner now run in local-ipv4 and is served by nginx which provide ssl
parent 61255d71
...@@ -40,8 +40,8 @@ class Recipe(GenericBaseRecipe): ...@@ -40,8 +40,8 @@ class Recipe(GenericBaseRecipe):
self.partition_amount = options['partition-amount'].strip() self.partition_amount = options['partition-amount'].strip()
self.cloud9_url = options.get('cloud9-url', '').strip() self.cloud9_url = options.get('cloud9-url', '').strip()
self.log_file = os.path.join(options['log_dir'].strip(), 'slaprunner.log') self.log_file = os.path.join(options['log_dir'].strip(), 'slaprunner.log')
# Set slaprunner access URL # Set slaprunner access URL, CLN Beware ipv6 access is made throught nginx
options['access-url'] = 'http://[%s]:%s' % (self.ipv6, self.runner_port) options['access-url'] = 'https://[%s]:%s' % (self.ipv6, self.runner_port)
def install(self): def install(self):
path_list = [] path_list = []
...@@ -62,7 +62,7 @@ class Recipe(GenericBaseRecipe): ...@@ -62,7 +62,7 @@ class Recipe(GenericBaseRecipe):
etc_dir=self.options['etc_dir'], etc_dir=self.options['etc_dir'],
run_dir=self.options['run_dir'], run_dir=self.options['run_dir'],
log_dir=self.options['log_dir'], log_dir=self.options['log_dir'],
runner_host=self.ipv6, runner_host=self.ipv4,
runner_port=self.runner_port, runner_port=self.runner_port,
ipv4_address=self.ipv4, ipv4_address=self.ipv4,
ipv6_address=self.ipv6, ipv6_address=self.ipv6,
...@@ -132,7 +132,7 @@ class Test(GenericBaseRecipe): ...@@ -132,7 +132,7 @@ class Test(GenericBaseRecipe):
etc_dir=self.options['etc_dir'], etc_dir=self.options['etc_dir'],
run_dir=self.options['etc_dir'], run_dir=self.options['etc_dir'],
log_dir=self.workdir, log_dir=self.workdir,
runner_host=self.ipv6, runner_host=self.ipv4,
runner_port=self.runner_port, runner_port=self.runner_port,
ipv4_address=self.ipv4, ipv4_address=self.ipv4,
ipv6_address=self.ipv6, ipv6_address=self.ipv6,
......
...@@ -10,24 +10,22 @@ extends = common.cfg ...@@ -10,24 +10,22 @@ extends = common.cfg
parts += parts +=
slapos.cookbook-repository slapos.cookbook-repository
slapos.toolbox-repository
# slapos.toolbox-repository
# slapos.core-repository # slapos.core-repository
# check-recipe # check-recipe
develop = develop =
${:parts-directory}/slapos.cookbook-repository ${:parts-directory}/slapos.toolbox-repository
# ${:parts-directory}/slapos.toolbox-repository ${:parts-directory}/slapos.cookbook-repository
# ${:parts-directory}/slapos.core-repository # ${:parts-directory}/slapos.core-repository
#[slapos.toolbox-repository] [slapos.toolbox-repository]
#recipe = slapos.recipe.build:gitclone recipe = slapos.recipe.build:gitclone
#repository = http://git.erp5.org/repos/slapos.toolbox.git repository = http://git.erp5.org/repos/slapos.toolbox.git
#branch = slaprunner-resiliency branch = slaprunner-resiliency
#git-executable = ${git:location}/bin/git git-executable = ${git:location}/bin/git
[slapos.cookbook-repository] [slapos.cookbook-repository]
recipe = slapos.recipe.build:gitclone recipe = slapos.recipe.build:gitclone
......
...@@ -99,7 +99,7 @@ private_key = $${sshkeys-dropbear-runner:private-key} ...@@ -99,7 +99,7 @@ private_key = $${sshkeys-dropbear-runner:private-key}
ipv4 = $${slap-network-information:local-ipv4} ipv4 = $${slap-network-information:local-ipv4}
ipv6 = $${slap-network-information:global-ipv6} ipv6 = $${slap-network-information:global-ipv6}
proxy_port = 50000 proxy_port = 50000
runner_port = 50000 runner_port = 50005
partition-amount = $${slap-parameter:instance-amount} partition-amount = $${slap-parameter:instance-amount}
cloud9-url = $${cloud9:access-url} cloud9-url = $${cloud9:access-url}
wrapper = $${directory:services}/slaprunner wrapper = $${directory:services}/slaprunner
...@@ -177,7 +177,7 @@ context = ...@@ -177,7 +177,7 @@ context =
key port node-frontend:port key port node-frontend:port
key key ca-node-frontend:key-file key key ca-node-frontend:key-file
key certificate ca-node-frontend:cert-file key certificate ca-node-frontend:cert-file
key backend_ip nginx-frontend:ip key backend_ip nginx-frontend:local-ip
key backend_port nginx-frontend:port key backend_port nginx-frontend:port
raw shell_path ${bash:location}/bin/bash raw shell_path ${bash:location}/bin/bash
raw node_env ${buildout:parts-directory}:${npm-modules:location}/node_modules raw node_env ${buildout:parts-directory}:${npm-modules:location}/node_modules
...@@ -200,11 +200,15 @@ scgi_temp_path = $${directory:tmp}/scgi_temp_path ...@@ -200,11 +200,15 @@ scgi_temp_path = $${directory:tmp}/scgi_temp_path
# Options # Options
nb_workers = 2 nb_workers = 2
# Network # Network
ip = $${slap-network-information:local-ipv4} local-ip = $${slap-network-information:local-ipv4}
port = 30001 port = 30001
global-ip = $${slap-network-information:global-ipv6}
global-port = $${slaprunner:runner_port}
# Backend # Backend
backend-ip = $${cloud9:ip} cloud9-ip = $${cloud9:ip}
backend-port = $${cloud9:port} cloud9-port = $${cloud9:port}
runner-ip = $${slaprunner:ipv4}
runner-port = $${slaprunner:runner_port}
# SSL # SSL
ssl-certificate = $${ca-nginx:cert-file} ssl-certificate = $${ca-nginx:cert-file}
ssl-key = $${ca-nginx:key-file} ssl-key = $${ca-nginx:key-file}
...@@ -297,7 +301,7 @@ software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/a ...@@ -297,7 +301,7 @@ software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/a
slave = true slave = true
config = url config = url
config-url = $${slaprunner:access-url} config-url = $${slaprunner:access-url}
return = site_url return = site_url domain
[request-cloud9-frontend] [request-cloud9-frontend]
<= slap-connection <= slap-connection
...@@ -318,7 +322,7 @@ return = site_url domain ...@@ -318,7 +322,7 @@ return = site_url domain
recipe = slapos.cookbook:publish recipe = slapos.cookbook:publish
1_info = Set your passord in slaprunner in order to access cloud9 1_info = Set your passord in slaprunner in order to access cloud9
backend_url = $${slaprunner:access-url} backend_url = $${slaprunner:access-url}
url = $${request-frontend:connection-site_url} url = https://$${request-frontend:connection-domain}
cloud9_backend_url = $${node-frontend:access-url} cloud9_backend_url = $${node-frontend:access-url}
cloud9_url = https://$${request-cloud9-frontend:connection-domain} cloud9_url = https://$${request-cloud9-frontend:connection-domain}
ssh_command = ssh $${dropbear-runner-server:host} -p $${dropbear-runner-server:port} ssh_command = ssh $${dropbear-runner-server:host} -p $${dropbear-runner-server:port}
...@@ -337,7 +341,7 @@ port = $${slaprunner:runner_port} ...@@ -337,7 +341,7 @@ port = $${slaprunner:runner_port}
[slaprunner-frontend-promise] [slaprunner-frontend-promise]
recipe = slapos.cookbook:check_url_available recipe = slapos.cookbook:check_url_available
path = $${directory:promises}/slaprunner_frontend path = $${directory:promises}/slaprunner_frontend
url = $${request-frontend:connection-site_url} url = https://$${request-frontend:connection-domain}
dash_path = ${dash:location}/bin/dash dash_path = ${dash:location}/bin/dash
curl_path = ${curl:location}/bin/curl curl_path = ${curl:location}/bin/curl
...@@ -357,7 +361,7 @@ port = $${node-frontend:port} ...@@ -357,7 +361,7 @@ port = $${node-frontend:port}
[nginx-promise] [nginx-promise]
recipe = slapos.cookbook:check_port_listening recipe = slapos.cookbook:check_port_listening
path = $${directory:promises}/nginx path = $${directory:promises}/nginx
hostname = $${nginx-frontend:ip} hostname = $${nginx-frontend:local-ip}
port = $${nginx-frontend:port} port = $${nginx-frontend:port}
[dropbear-promise] [dropbear-promise]
......
...@@ -18,7 +18,7 @@ http { ...@@ -18,7 +18,7 @@ http {
'' close; '' close;
} }
server { server {
listen {{ param_nginx_frontend['ip'] }}:{{ param_nginx_frontend['port'] }}; listen {{ param_nginx_frontend['local-ip'] }}:{{ param_nginx_frontend['port'] }};
server_name _; server_name _;
keepalive_timeout 90s; keepalive_timeout 90s;
...@@ -30,7 +30,7 @@ http { ...@@ -30,7 +30,7 @@ http {
location / { location / {
auth_basic "Restricted"; auth_basic "Restricted";
auth_basic_user_file {{ param_nginx_frontend['etc_dir'] }}/.htpasswd; auth_basic_user_file {{ param_nginx_frontend['etc_dir'] }}/.htpasswd;
proxy_pass http://{{ param_nginx_frontend['backend-ip'] }}:{{ param_nginx_frontend['backend-port'] }}; proxy_pass http://{{ param_nginx_frontend['cloud9-ip'] }}:{{ param_nginx_frontend['cloud9-port'] }};
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off; proxy_redirect off;
proxy_buffering off; proxy_buffering off;
...@@ -42,4 +42,29 @@ http { ...@@ -42,4 +42,29 @@ http {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
} }
} }
server {
listen [{{ param_nginx_frontend['global-ip'] }}]:{{ param_nginx_frontend['global-port'] }} ssl;
server_name _;
ssl_certificate {{ param_nginx_frontend['ssl-certificate'] }};
ssl_certificate_key {{ param_nginx_frontend['ssl-key'] }};
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
keepalive_timeout 90s;
client_body_temp_path {{ param_tempdir['client_body_temp_path'] }};
proxy_temp_path {{ param_tempdir['proxy_temp_path'] }};
fastcgi_temp_path {{ param_tempdir['fastcgi_temp_path'] }};
uwsgi_temp_path {{ param_tempdir['uwsgi_temp_path'] }};
scgi_temp_path {{ param_tempdir['scgi_temp_path'] }};
location / {
proxy_pass http://{{ param_nginx_frontend['runner-ip'] }}:{{ param_nginx_frontend['runner-port'] }};
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $http_host;
}
}
} }
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment