Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Cédric Le Ninivin
slapos
Commits
a7296367
Commit
a7296367
authored
Jul 04, 2016
by
Tristan Cavelier
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
cloudooo: add apache to handle SSL
parent
cb942b0f
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
166 additions
and
14 deletions
+166
-14
software/cloudooo/instance-cloudoo-input-schema.json
software/cloudooo/instance-cloudoo-input-schema.json
+21
-0
software/cloudooo/instance-cloudoo.cfg.in
software/cloudooo/instance-cloudoo.cfg.in
+128
-12
software/cloudooo/instance.cfg.in
software/cloudooo/instance.cfg.in
+4
-0
software/cloudooo/software.cfg
software/cloudooo/software.cfg
+4
-2
stack/cloudooo.cfg
stack/cloudooo.cfg
+9
-0
No files found.
software/cloudooo/instance-cloudoo-input-schema.json
View file @
a7296367
...
@@ -14,6 +14,27 @@
...
@@ -14,6 +14,27 @@
"description"
:
"Number of backend cloudooo instances"
,
"description"
:
"Number of backend cloudooo instances"
,
"default"
:
1
,
"default"
:
1
,
"type"
:
"integer"
"type"
:
"integer"
},
"ssl"
:
{
"description"
:
"Custom ssl certificate, key and optionaly client ca-cert and crl"
,
"properties"
:
{
"cert"
:
{
"description"
:
"The content of the certificate file"
,
"type"
:
"string"
},
"key"
:
{
"description"
:
"The content of the ssl key file"
,
"type"
:
"string"
},
"ca-cert"
:
{
"description"
:
"The content of the ca-certificate file"
,
"type"
:
"string"
},
"crl"
:
{
"description"
:
"The content of the revocation file"
,
"type"
:
"string"
}
}
}
}
}
}
}
}
software/cloudooo/instance-cloudoo.cfg.in
View file @
a7296367
{% set ipv4 = (ipv4_set | list)[0] -%}
{% set ipv4 = (ipv4_set | list)[0] -%}
{% if ipv6_set %}{% set ipv6 = (ipv6_set | list)[0] %}{% endif -%}
{% set next_port = slapparameter_dict.get('tcpv4-port', 8000) | int -%}
{% set backend_count = slapparameter_dict.get('backend-count', 1) | int -%}
{% set ssl_parameter_dict = slapparameter_dict.get('ssl', {}) %}
{% set apache_port = next_port -%}
{% set haproxy_port = next_port + 1 -%}
{% set next_port = next_port + 2 -%}
{% set apache_ip_list = [ipv4] -%}
{% if ipv6_set -%}
{% do apache_ip_list.append('[' ~ ipv6 ~ ']') -%}
{% endif -%}
{% set apache_dict = {} -%}
{% do apache_dict.__setitem__("cloudooo", (apache_port, "https", 'http://' ~ ipv4 ~ ':' ~ haproxy_port)) -%}
{% set bin_directory = parameter_dict['buildout-bin-directory'] -%}
{% set bin_directory = parameter_dict['buildout-bin-directory'] -%}
{% set section_list = [] -%}
{% set section_list = [] -%}
{% macro section(name) %}{% do section_list.append(name) %}{{ name }}{% endmacro -%}
{% set cloudooo_section_list = [] -%}
{% macro cloudooo(name) %}{% do cloudooo_section_list.append(name) %}{{ name }}{% endmacro -%}
[simplefile]
recipe = slapos.recipe.template:jinja2
template = inline:{{ '{{ content }}' }}
{% macro simplefile(section_name, file_path, content, mode='') -%}
{% set content_section_name = section_name ~ '-content' -%}
[{{ content_section_name }}]
content = {{ dumps(content) }}
[{{ section_name }}]
< = simplefile
rendered = {{ file_path }}
context = key content {{ content_section_name }}:content
mode = {{ mode }}
{%- endmacro %}
[buildout]
[buildout]
parts =
parts =
publish-cloudooo-connection-information
publish
apache
apache-conf
apache-promise
cloudooo-test-runner
cloudooo-test-runner
haproxy
xvfb-instance
xvfb-instance
wkhtmltopdf-on-xvfb
wkhtmltopdf-on-xvfb
...
@@ -13,9 +51,79 @@ eggs-directory = {{ eggs_directory }}
...
@@ -13,9 +51,79 @@ eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}
offline = true
offline = true
[publish-cloudooo-connection-information]
[apache]
recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:services}/apache
command-line = "{{ parameter_dict['apache'] }}/bin/httpd" -f "${apache-conf:rendered}" -DFOREGROUND
[apache-conf]
recipe = slapos.recipe.template:jinja2
template = {{ parameter_dict['template-apache-conf'] }}
rendered = ${directory:apache-conf}/apache.conf
context = section parameter_dict apache-conf-parameter-dict
[apache-conf-parameter-dict]
backend-list = {{ dumps(apache_dict.values()) }}
ip-list = {{ dumps(apache_ip_list) }}
pid-file = ${directory:run}/apache.pid
error-log = ${directory:log}/apache-error.log
access-log = ${directory:log}/apache-access.log
# Apache 2.4's default value (60 seconds) can be a bit too short
timeout = 300
# Basic SSL server configuration
cert = ${apache-ssl:cert}
key = ${apache-ssl:key}
cipher =
ssl-session-cache = ${directory:log}/apache-ssl-session-cache
# Client x509 auth
ca-cert = ${apache-ssl-client:cert}
crl = ${apache-ssl-client:crl}
[apache-promise]
# Check any apache port in ipv4, expect other ports and ipv6 to behave consistently
recipe = slapos.cookbook:check_port_listening
path = ${directory:promise}/apache
hostname = {{ ipv4 }}
port = {{ apache_dict.values()[0][0] }}
[apache-conf-ssl]
cert = ${directory:apache-conf}/apache.crt
key = ${directory:apache-conf}/apache.pem
ca-cert = ${directory:apache-conf}/ca.crt
crl = ${directory:apache-conf}/crl.pem
[apache-ssl]
{% if ssl_parameter_dict.get('key') -%}
key = ${apache-ssl-key:rendered}
cert = ${apache-ssl-cert:rendered}
{{ simplefile('apache-ssl-key', '${apache-conf-ssl:key}', ssl_parameter_dict['key']) }}
{{ simplefile('apache-ssl-cert', '${apache-conf-ssl:cert}', ssl_parameter_dict['cert']) }}
{% else %}
recipe = plone.recipe.command
command = "{{ parameter_dict['openssl'] }}/bin/openssl" req -newkey rsa -batch -new -x509 -days 3650 -nodes -keyout "${:key}" -out "${:cert}"
key = ${apache-conf-ssl:key}
cert = ${apache-conf-ssl:cert}
{%- endif %}
[apache-ssl-client]
{% if ssl_parameter_dict.get('ca-cert') -%}
cert = ${apache-ssl-ca:rendered}
crl = ${apache-ssl-crl:rendered}
{{ simplefile('apache-ssl-ca', '${apache-conf-ssl:ca-cert}', ssl_parameter_dict['ca-cert']) }}
{{ simplefile('apache-ssl-crl', '${apache-conf-ssl:crl}', ssl_parameter_dict['crl']) }}
{% else %}
cert =
crl =
{%- endif %}
[publish]
recipe = slapos.cookbook:publish.serialised
recipe = slapos.cookbook:publish.serialised
url = cloudooo://${haproxy:ip}:${haproxy:port}/
{% for family_name, (apache_port, scheme, _) in apache_dict.items() -%}
{{ family_name ~ '-v6' }} = {% if ipv6_set %}{{ scheme ~ '://[' ~ ipv6 ~ ']:' ~ apache_port }}{% endif %}
{{ family_name }} = {{ scheme ~ '://' ~ ipv4 ~ ':' ~ apache_port }}
{% endfor -%}
[cloudooo-base]
[cloudooo-base]
recipe = slapos.cookbook:generic.cloudooo
recipe = slapos.cookbook:generic.cloudooo
...
@@ -32,19 +140,17 @@ ooo-binary-path = {{ parameter_dict['libreoffice-bin'] }}/program
...
@@ -32,19 +140,17 @@ ooo-binary-path = {{ parameter_dict['libreoffice-bin'] }}/program
ooo-paster = {{ bin_directory }}/cloudooo_paster
ooo-paster = {{ bin_directory }}/cloudooo_paster
ooo-uno-path = {{ parameter_dict['libreoffice-bin'] }}/basis-link/program
ooo-uno-path = {{ parameter_dict['libreoffice-bin'] }}/basis-link/program
{% set cloudooo_port = slapparameter_dict.get('tcpv4-port', 23000) | int -%}
{% set backend_count = slapparameter_dict.get('backend-count', 1) | int -%}
{% for index in range(backend_count) -%}
{% for index in range(backend_count) -%}
{% set name = 'cloudooo-' ~ index -%}
{% set name = 'cloudooo-' ~ index -%}
[{{
section
(name) }}]
[{{
cloudooo
(name) }}]
< = cloudooo-base
< = cloudooo-base
port = {{
cloudooo
_port }}
port = {{
next
_port }}
openoffice-port = {{
cloudooo
_port + 1 }}
openoffice-port = {{
next
_port + 1 }}
configuration-file = ${directory:etc}/{{ name }}.cfg
configuration-file = ${directory:etc}/{{ name }}.cfg
data-directory = ${directory:srv}/{{ name }}
data-directory = ${directory:srv}/{{ name }}
wrapper = ${directory:services}/{{ name }}
wrapper = ${directory:services}/{{ name }}
{% set
cloudooo_port = cloudooo
_port + 2 -%}
{% set
next_port = next
_port + 2 -%}
{% endfor -%}
{% endfor -%}
[haproxy]
[haproxy]
...
@@ -53,13 +159,13 @@ name = cloudooo
...
@@ -53,13 +159,13 @@ name = cloudooo
conf-path = ${directory:etc}/haproxy.cfg
conf-path = ${directory:etc}/haproxy.cfg
socket-path = ${directory:run}/haproxy.sock
socket-path = ${directory:run}/haproxy.sock
ip = {{ ipv4 }}
ip = {{ ipv4 }}
port =
8001
port =
{{ haproxy_port }}
maxconn = 1
maxconn = 1
wrapper-path = ${directory:services}/haproxy
wrapper-path = ${directory:services}/haproxy
binary-path = {{ parameter_dict['haproxy'] }}/sbin/haproxy
binary-path = {{ parameter_dict['haproxy'] }}/sbin/haproxy
ctl-path = ${directory:bin}/haproxy-ctl
ctl-path = ${directory:bin}/haproxy-ctl
backend-list =
backend-list =
{%- for section_name in section_list %}
{%- for section_name in
cloudooo_
section_list %}
{{ "${" ~ section_name ~ ":ip}:${" ~ section_name ~ ":port}" }}
{{ "${" ~ section_name ~ ":ip}:${" ~ section_name ~ ":port}" }}
{%- endfor %}
{%- endfor %}
...
@@ -83,6 +189,7 @@ font-system-folder = {{ parameter_dict['fonts'] }}
...
@@ -83,6 +189,7 @@ font-system-folder = {{ parameter_dict['fonts'] }}
font-folder = ${directory:font}
font-folder = ${directory:font}
service-folder = ${directory:services}
service-folder = ${directory:services}
[binary-link]
[binary-link]
recipe = slapos.cookbook:symbolic.link
recipe = slapos.cookbook:symbolic.link
target-directory = ${directory:bin}
target-directory = ${directory:bin}
...
@@ -105,9 +212,18 @@ link-binary =
...
@@ -105,9 +212,18 @@ link-binary =
# rest of parts are candidates for some generic stuff
# rest of parts are candidates for some generic stuff
[directory]
[directory]
recipe = slapos.cookbook:mkdirectory
recipe = slapos.cookbook:mkdirectory
apache-conf = ${:etc}/apache
bin = ${buildout:directory}/bin
bin = ${buildout:directory}/bin
ca-dir = ${buildout:directory}/srv/ssl
certs = ${:ca-dir}/certs
crl = ${:ca-dir}/crl
etc = ${buildout:directory}/etc
etc = ${buildout:directory}/etc
font = ${:srv}/font
font = ${:srv}/font
log = ${:var}/log
newcerts = ${:ca-dir}/newcerts
private = ${:ca-dir}/private
promise = ${directory:etc}/promise
requests = ${:ca-dir}/requests
run = ${:var}/run
run = ${:var}/run
services = ${:etc}/run
services = ${:etc}/run
srv = ${buildout:directory}/srv
srv = ${buildout:directory}/srv
...
...
software/cloudooo/instance.cfg.in
View file @
a7296367
...
@@ -19,12 +19,14 @@ recipe = slapos.recipe.template:jinja2
...
@@ -19,12 +19,14 @@ recipe = slapos.recipe.template:jinja2
rendered = ${buildout:parts-directory}/${:_buildout_section_name_}/${:filename}
rendered = ${buildout:parts-directory}/${:_buildout_section_name_}/${:filename}
extra-context =
extra-context =
context =
context =
key ipv6_set slap-parameters:ipv6
key eggs_directory buildout:eggs-directory
key eggs_directory buildout:eggs-directory
key develop_eggs_directory buildout:develop-eggs-directory
key develop_eggs_directory buildout:develop-eggs-directory
key slapparameter_dict slap-parameters:configuration
key slapparameter_dict slap-parameters:configuration
${:extra-context}
${:extra-context}
[dynamic-template-cloudooo-parameters]
[dynamic-template-cloudooo-parameters]
apache = {{ apache_location }}
buildout-bin-directory = {{ buildout_bin_directory }}
buildout-bin-directory = {{ buildout_bin_directory }}
cairo = {{ cairo_location }}
cairo = {{ cairo_location }}
coreutils = {{ coreutils_location }}
coreutils = {{ coreutils_location }}
...
@@ -53,8 +55,10 @@ libpng12 = {{ libpng12_location }}
...
@@ -53,8 +55,10 @@ libpng12 = {{ libpng12_location }}
libreoffice-bin = {{ libreoffice_bin_location }}
libreoffice-bin = {{ libreoffice_bin_location }}
libxcb = {{ libxcb_location }}
libxcb = {{ libxcb_location }}
mesa = {{ mesa_location }}
mesa = {{ mesa_location }}
openssl = {{ openssl_location }}
poppler = {{ poppler_location }}
poppler = {{ poppler_location }}
pixman = {{ pixman_location }}
pixman = {{ pixman_location }}
template-apache-conf = {{ template_apache_conf }}
wkhtmltopdf = {{ wkhtmltopdf_location }}
wkhtmltopdf = {{ wkhtmltopdf_location }}
xdamage = {{ xdamage_location }}
xdamage = {{ xdamage_location }}
xfixes = {{ xfixes_location }}
xfixes = {{ xfixes_location }}
...
...
software/cloudooo/software.cfg
View file @
a7296367
...
@@ -38,8 +38,9 @@ context =
...
@@ -38,8 +38,9 @@ context =
# XXX: "template.cfg" is hardcoded in instanciation recipe
# XXX: "template.cfg" is hardcoded in instanciation recipe
filename = template.cfg
filename = template.cfg
template = ${:_profile_base_location_}/instance.cfg.in
template = ${:_profile_base_location_}/instance.cfg.in
md5sum =
6e215fc2969a5d3d653981371a3a952a
md5sum =
295c1f58e761732fcc430dd5cd6467b1
extra-context =
extra-context =
key apache_location apache:location
key buildout_bin_directory buildout:bin-directory
key buildout_bin_directory buildout:bin-directory
key coreutils_location coreutils:location
key coreutils_location coreutils:location
key cairo_location cairo:location
key cairo_location cairo:location
...
@@ -74,6 +75,7 @@ extra-context =
...
@@ -74,6 +75,7 @@ extra-context =
key pixman_location pixman:location
key pixman_location pixman:location
key poppler_location poppler:location
key poppler_location poppler:location
key template_cloudooo template-cloudooo:target
key template_cloudooo template-cloudooo:target
key template_apache_conf template-apache-backend-conf:target
key wkhtmltopdf_location wkhtmltopdf:location
key wkhtmltopdf_location wkhtmltopdf:location
key xdamage_location xdamage:location
key xdamage_location xdamage:location
key xfixes_location xfixes:location
key xfixes_location xfixes:location
...
@@ -83,5 +85,5 @@ extra-context =
...
@@ -83,5 +85,5 @@ extra-context =
[template-cloudooo]
[template-cloudooo]
recipe = slapos.recipe.build:download
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/instance-cloudoo.cfg.in
url = ${:_profile_base_location_}/instance-cloudoo.cfg.in
md5sum =
fbb353dda68ad7f9b108e74bb7d785ae
md5sum =
afb0ec2b44baa40814075f917c02aa0d
mode = 640
mode = 640
stack/cloudooo.cfg
View file @
a7296367
...
@@ -6,6 +6,7 @@ exec-sitecustomize = false
...
@@ -6,6 +6,7 @@ exec-sitecustomize = false
extends =
extends =
../stack/slapos.cfg
../stack/slapos.cfg
../component/apache/buildout.cfg
../component/cloudooo/buildout.cfg
../component/cloudooo/buildout.cfg
../component/coreutils/buildout.cfg
../component/coreutils/buildout.cfg
../component/cups/buildout.cfg
../component/cups/buildout.cfg
...
@@ -23,6 +24,7 @@ extends =
...
@@ -23,6 +24,7 @@ extends =
../component/libffi/buildout.cfg
../component/libffi/buildout.cfg
../component/libpng/buildout.cfg
../component/libpng/buildout.cfg
../component/libreoffice-bin/buildout.cfg
../component/libreoffice-bin/buildout.cfg
../component/logrotate/buildout.cfg
../component/lxml-python/buildout.cfg
../component/lxml-python/buildout.cfg
../component/mesa/buildout.cfg
../component/mesa/buildout.cfg
../component/poppler/buildout.cfg
../component/poppler/buildout.cfg
...
@@ -37,6 +39,7 @@ parts =
...
@@ -37,6 +39,7 @@ parts =
libreoffice-bin
libreoffice-bin
stunnel
stunnel
dcron
dcron
install-plone-recipe-command
# basic Xorg
# basic Xorg
libXdmcp
libXdmcp
...
@@ -69,11 +72,17 @@ parts =
...
@@ -69,11 +72,17 @@ parts =
ffmpeg
ffmpeg
rdiff-backup
rdiff-backup
apache
apache-antiloris
haproxy
haproxy
cloudooo-develop
cloudooo-develop
cloudooo
cloudooo
[install-plone-recipe-command]
recipe = plone.recipe.command
command = true
[versions]
[versions]
Paste = 2.0.2
Paste = 2.0.2
PasteScript = 2.0.2
PasteScript = 2.0.2
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment