Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Iliya Manolov
slapos
Commits
a7296367
Commit
a7296367
authored
Jul 04, 2016
by
Tristan Cavelier
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
cloudooo: add apache to handle SSL
parent
cb942b0f
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
166 additions
and
14 deletions
+166
-14
software/cloudooo/instance-cloudoo-input-schema.json
software/cloudooo/instance-cloudoo-input-schema.json
+21
-0
software/cloudooo/instance-cloudoo.cfg.in
software/cloudooo/instance-cloudoo.cfg.in
+128
-12
software/cloudooo/instance.cfg.in
software/cloudooo/instance.cfg.in
+4
-0
software/cloudooo/software.cfg
software/cloudooo/software.cfg
+4
-2
stack/cloudooo.cfg
stack/cloudooo.cfg
+9
-0
No files found.
software/cloudooo/instance-cloudoo-input-schema.json
View file @
a7296367
...
...
@@ -14,6 +14,27 @@
"description"
:
"Number of backend cloudooo instances"
,
"default"
:
1
,
"type"
:
"integer"
},
"ssl"
:
{
"description"
:
"Custom ssl certificate, key and optionaly client ca-cert and crl"
,
"properties"
:
{
"cert"
:
{
"description"
:
"The content of the certificate file"
,
"type"
:
"string"
},
"key"
:
{
"description"
:
"The content of the ssl key file"
,
"type"
:
"string"
},
"ca-cert"
:
{
"description"
:
"The content of the ca-certificate file"
,
"type"
:
"string"
},
"crl"
:
{
"description"
:
"The content of the revocation file"
,
"type"
:
"string"
}
}
}
}
}
software/cloudooo/instance-cloudoo.cfg.in
View file @
a7296367
{% set ipv4 = (ipv4_set | list)[0] -%}
{% if ipv6_set %}{% set ipv6 = (ipv6_set | list)[0] %}{% endif -%}
{% set next_port = slapparameter_dict.get('tcpv4-port', 8000) | int -%}
{% set backend_count = slapparameter_dict.get('backend-count', 1) | int -%}
{% set ssl_parameter_dict = slapparameter_dict.get('ssl', {}) %}
{% set apache_port = next_port -%}
{% set haproxy_port = next_port + 1 -%}
{% set next_port = next_port + 2 -%}
{% set apache_ip_list = [ipv4] -%}
{% if ipv6_set -%}
{% do apache_ip_list.append('[' ~ ipv6 ~ ']') -%}
{% endif -%}
{% set apache_dict = {} -%}
{% do apache_dict.__setitem__("cloudooo", (apache_port, "https", 'http://' ~ ipv4 ~ ':' ~ haproxy_port)) -%}
{% set bin_directory = parameter_dict['buildout-bin-directory'] -%}
{% set section_list = [] -%}
{% macro section(name) %}{% do section_list.append(name) %}{{ name }}{% endmacro -%}
{% set cloudooo_section_list = [] -%}
{% macro cloudooo(name) %}{% do cloudooo_section_list.append(name) %}{{ name }}{% endmacro -%}
[simplefile]
recipe = slapos.recipe.template:jinja2
template = inline:{{ '{{ content }}' }}
{% macro simplefile(section_name, file_path, content, mode='') -%}
{% set content_section_name = section_name ~ '-content' -%}
[{{ content_section_name }}]
content = {{ dumps(content) }}
[{{ section_name }}]
< = simplefile
rendered = {{ file_path }}
context = key content {{ content_section_name }}:content
mode = {{ mode }}
{%- endmacro %}
[buildout]
parts =
publish-cloudooo-connection-information
publish
apache
apache-conf
apache-promise
cloudooo-test-runner
haproxy
xvfb-instance
wkhtmltopdf-on-xvfb
...
...
@@ -13,9 +51,79 @@ eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}
offline = true
[publish-cloudooo-connection-information]
[apache]
recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:services}/apache
command-line = "{{ parameter_dict['apache'] }}/bin/httpd" -f "${apache-conf:rendered}" -DFOREGROUND
[apache-conf]
recipe = slapos.recipe.template:jinja2
template = {{ parameter_dict['template-apache-conf'] }}
rendered = ${directory:apache-conf}/apache.conf
context = section parameter_dict apache-conf-parameter-dict
[apache-conf-parameter-dict]
backend-list = {{ dumps(apache_dict.values()) }}
ip-list = {{ dumps(apache_ip_list) }}
pid-file = ${directory:run}/apache.pid
error-log = ${directory:log}/apache-error.log
access-log = ${directory:log}/apache-access.log
# Apache 2.4's default value (60 seconds) can be a bit too short
timeout = 300
# Basic SSL server configuration
cert = ${apache-ssl:cert}
key = ${apache-ssl:key}
cipher =
ssl-session-cache = ${directory:log}/apache-ssl-session-cache
# Client x509 auth
ca-cert = ${apache-ssl-client:cert}
crl = ${apache-ssl-client:crl}
[apache-promise]
# Check any apache port in ipv4, expect other ports and ipv6 to behave consistently
recipe = slapos.cookbook:check_port_listening
path = ${directory:promise}/apache
hostname = {{ ipv4 }}
port = {{ apache_dict.values()[0][0] }}
[apache-conf-ssl]
cert = ${directory:apache-conf}/apache.crt
key = ${directory:apache-conf}/apache.pem
ca-cert = ${directory:apache-conf}/ca.crt
crl = ${directory:apache-conf}/crl.pem
[apache-ssl]
{% if ssl_parameter_dict.get('key') -%}
key = ${apache-ssl-key:rendered}
cert = ${apache-ssl-cert:rendered}
{{ simplefile('apache-ssl-key', '${apache-conf-ssl:key}', ssl_parameter_dict['key']) }}
{{ simplefile('apache-ssl-cert', '${apache-conf-ssl:cert}', ssl_parameter_dict['cert']) }}
{% else %}
recipe = plone.recipe.command
command = "{{ parameter_dict['openssl'] }}/bin/openssl" req -newkey rsa -batch -new -x509 -days 3650 -nodes -keyout "${:key}" -out "${:cert}"
key = ${apache-conf-ssl:key}
cert = ${apache-conf-ssl:cert}
{%- endif %}
[apache-ssl-client]
{% if ssl_parameter_dict.get('ca-cert') -%}
cert = ${apache-ssl-ca:rendered}
crl = ${apache-ssl-crl:rendered}
{{ simplefile('apache-ssl-ca', '${apache-conf-ssl:ca-cert}', ssl_parameter_dict['ca-cert']) }}
{{ simplefile('apache-ssl-crl', '${apache-conf-ssl:crl}', ssl_parameter_dict['crl']) }}
{% else %}
cert =
crl =
{%- endif %}
[publish]
recipe = slapos.cookbook:publish.serialised
url = cloudooo://${haproxy:ip}:${haproxy:port}/
{% for family_name, (apache_port, scheme, _) in apache_dict.items() -%}
{{ family_name ~ '-v6' }} = {% if ipv6_set %}{{ scheme ~ '://[' ~ ipv6 ~ ']:' ~ apache_port }}{% endif %}
{{ family_name }} = {{ scheme ~ '://' ~ ipv4 ~ ':' ~ apache_port }}
{% endfor -%}
[cloudooo-base]
recipe = slapos.cookbook:generic.cloudooo
...
...
@@ -32,19 +140,17 @@ ooo-binary-path = {{ parameter_dict['libreoffice-bin'] }}/program
ooo-paster = {{ bin_directory }}/cloudooo_paster
ooo-uno-path = {{ parameter_dict['libreoffice-bin'] }}/basis-link/program
{% set cloudooo_port = slapparameter_dict.get('tcpv4-port', 23000) | int -%}
{% set backend_count = slapparameter_dict.get('backend-count', 1) | int -%}
{% for index in range(backend_count) -%}
{% set name = 'cloudooo-' ~ index -%}
[{{
section
(name) }}]
[{{
cloudooo
(name) }}]
< = cloudooo-base
port = {{
cloudooo
_port }}
openoffice-port = {{
cloudooo
_port + 1 }}
port = {{
next
_port }}
openoffice-port = {{
next
_port + 1 }}
configuration-file = ${directory:etc}/{{ name }}.cfg
data-directory = ${directory:srv}/{{ name }}
wrapper = ${directory:services}/{{ name }}
{% set
cloudooo_port = cloudooo
_port + 2 -%}
{% set
next_port = next
_port + 2 -%}
{% endfor -%}
[haproxy]
...
...
@@ -53,13 +159,13 @@ name = cloudooo
conf-path = ${directory:etc}/haproxy.cfg
socket-path = ${directory:run}/haproxy.sock
ip = {{ ipv4 }}
port =
8001
port =
{{ haproxy_port }}
maxconn = 1
wrapper-path = ${directory:services}/haproxy
binary-path = {{ parameter_dict['haproxy'] }}/sbin/haproxy
ctl-path = ${directory:bin}/haproxy-ctl
backend-list =
{%- for section_name in section_list %}
{%- for section_name in
cloudooo_
section_list %}
{{ "${" ~ section_name ~ ":ip}:${" ~ section_name ~ ":port}" }}
{%- endfor %}
...
...
@@ -83,6 +189,7 @@ font-system-folder = {{ parameter_dict['fonts'] }}
font-folder = ${directory:font}
service-folder = ${directory:services}
[binary-link]
recipe = slapos.cookbook:symbolic.link
target-directory = ${directory:bin}
...
...
@@ -105,9 +212,18 @@ link-binary =
# rest of parts are candidates for some generic stuff
[directory]
recipe = slapos.cookbook:mkdirectory
apache-conf = ${:etc}/apache
bin = ${buildout:directory}/bin
ca-dir = ${buildout:directory}/srv/ssl
certs = ${:ca-dir}/certs
crl = ${:ca-dir}/crl
etc = ${buildout:directory}/etc
font = ${:srv}/font
log = ${:var}/log
newcerts = ${:ca-dir}/newcerts
private = ${:ca-dir}/private
promise = ${directory:etc}/promise
requests = ${:ca-dir}/requests
run = ${:var}/run
services = ${:etc}/run
srv = ${buildout:directory}/srv
...
...
software/cloudooo/instance.cfg.in
View file @
a7296367
...
...
@@ -19,12 +19,14 @@ recipe = slapos.recipe.template:jinja2
rendered = ${buildout:parts-directory}/${:_buildout_section_name_}/${:filename}
extra-context =
context =
key ipv6_set slap-parameters:ipv6
key eggs_directory buildout:eggs-directory
key develop_eggs_directory buildout:develop-eggs-directory
key slapparameter_dict slap-parameters:configuration
${:extra-context}
[dynamic-template-cloudooo-parameters]
apache = {{ apache_location }}
buildout-bin-directory = {{ buildout_bin_directory }}
cairo = {{ cairo_location }}
coreutils = {{ coreutils_location }}
...
...
@@ -53,8 +55,10 @@ libpng12 = {{ libpng12_location }}
libreoffice-bin = {{ libreoffice_bin_location }}
libxcb = {{ libxcb_location }}
mesa = {{ mesa_location }}
openssl = {{ openssl_location }}
poppler = {{ poppler_location }}
pixman = {{ pixman_location }}
template-apache-conf = {{ template_apache_conf }}
wkhtmltopdf = {{ wkhtmltopdf_location }}
xdamage = {{ xdamage_location }}
xfixes = {{ xfixes_location }}
...
...
software/cloudooo/software.cfg
View file @
a7296367
...
...
@@ -38,8 +38,9 @@ context =
# XXX: "template.cfg" is hardcoded in instanciation recipe
filename = template.cfg
template = ${:_profile_base_location_}/instance.cfg.in
md5sum =
6e215fc2969a5d3d653981371a3a952a
md5sum =
295c1f58e761732fcc430dd5cd6467b1
extra-context =
key apache_location apache:location
key buildout_bin_directory buildout:bin-directory
key coreutils_location coreutils:location
key cairo_location cairo:location
...
...
@@ -74,6 +75,7 @@ extra-context =
key pixman_location pixman:location
key poppler_location poppler:location
key template_cloudooo template-cloudooo:target
key template_apache_conf template-apache-backend-conf:target
key wkhtmltopdf_location wkhtmltopdf:location
key xdamage_location xdamage:location
key xfixes_location xfixes:location
...
...
@@ -83,5 +85,5 @@ extra-context =
[template-cloudooo]
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/instance-cloudoo.cfg.in
md5sum =
fbb353dda68ad7f9b108e74bb7d785ae
md5sum =
afb0ec2b44baa40814075f917c02aa0d
mode = 640
stack/cloudooo.cfg
View file @
a7296367
...
...
@@ -6,6 +6,7 @@ exec-sitecustomize = false
extends =
../stack/slapos.cfg
../component/apache/buildout.cfg
../component/cloudooo/buildout.cfg
../component/coreutils/buildout.cfg
../component/cups/buildout.cfg
...
...
@@ -23,6 +24,7 @@ extends =
../component/libffi/buildout.cfg
../component/libpng/buildout.cfg
../component/libreoffice-bin/buildout.cfg
../component/logrotate/buildout.cfg
../component/lxml-python/buildout.cfg
../component/mesa/buildout.cfg
../component/poppler/buildout.cfg
...
...
@@ -37,6 +39,7 @@ parts =
libreoffice-bin
stunnel
dcron
install-plone-recipe-command
# basic Xorg
libXdmcp
...
...
@@ -69,11 +72,17 @@ parts =
ffmpeg
rdiff-backup
apache
apache-antiloris
haproxy
cloudooo-develop
cloudooo
[install-plone-recipe-command]
recipe = plone.recipe.command
command = true
[versions]
Paste = 2.0.2
PasteScript = 2.0.2
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment