Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
isaak yansane-sisk
slapos
Commits
3cb46bac
Commit
3cb46bac
authored
Jun 06, 2011
by
Cédric de Saint Martin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
MySQL : add stunnel to recipe
parent
7537572c
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
145 additions
and
7 deletions
+145
-7
slapos/recipe/mysql/__init__.py
slapos/recipe/mysql/__init__.py
+101
-7
slapos/recipe/mysql/template/stunnel.conf.in
slapos/recipe/mysql/template/stunnel.conf.in
+44
-0
No files found.
slapos/recipe/mysql/__init__.py
View file @
3cb46bac
...
@@ -43,15 +43,21 @@ class Recipe(BaseSlapRecipe):
...
@@ -43,15 +43,21 @@ class Recipe(BaseSlapRecipe):
self
.
cron_d
=
self
.
installCrond
()
self
.
cron_d
=
self
.
installCrond
()
self
.
logrotate_d
,
self
.
logrotate_backup
=
self
.
installLogrotate
()
self
.
logrotate_d
,
self
.
logrotate_backup
=
self
.
installLogrotate
()
mysql_conf
=
self
.
installMysqlServer
(
self
.
getGlobalIPv6Address
(),
45678
)
mysql_conf
=
self
.
installMysqlServer
(
self
.
getLocalIPv4Address
(),
45678
)
ca_conf
=
self
.
installCertificateAuthority
()
stunnel_conf
=
self
.
installStunnel
(
self
.
getGlobalIPv6Address
(),
12345
,
mysql_conf
[
'port'
],
ca_conf
[
'ca_certificate'
],
ca_conf
[
'ca_crl'
],
ca_conf
[
'certificate_authority_path'
])
self
.
linkBinary
()
self
.
linkBinary
()
self
.
setConnectionDict
(
dict
(
self
.
setConnectionDict
(
dict
(
ip
=
mysq
l_conf
[
'ip'
],
stunnel_ip
=
stunne
l_conf
[
'ip'
],
port
=
mysq
l_conf
[
'tcp_port'
],
stunnel_port
=
stunne
l_conf
[
'tcp_port'
],
database
=
mysql_conf
[
'mysql_database'
],
mysql_
database
=
mysql_conf
[
'mysql_database'
],
user
=
mysql_conf
[
'mysql_user'
],
mysql_
user
=
mysql_conf
[
'mysql_user'
],
password
=
mysql_conf
[
'mysql_password'
],
mysql_
password
=
mysql_conf
[
'mysql_password'
],
))
))
return
self
.
path_list
return
self
.
path_list
...
@@ -121,7 +127,95 @@ class Recipe(BaseSlapRecipe):
...
@@ -121,7 +127,95 @@ class Recipe(BaseSlapRecipe):
'logrotate_entry.in'
),
'logrotate_entry.in'
),
dict
(
file_list
=
' '
.
join
([
'"'
+
q
+
'"'
for
q
in
log_file_list
]),
dict
(
file_list
=
' '
.
join
([
'"'
+
q
+
'"'
for
q
in
log_file_list
]),
postrotate
=
postrotate_script
,
olddir
=
self
.
logrotate_backup
)))
postrotate
=
postrotate_script
,
olddir
=
self
.
logrotate_backup
)))
def
installCertificateAuthority
(
self
,
ca_country_code
=
'XX'
,
ca_email
=
'xx@example.com'
,
ca_state
=
'State'
,
ca_city
=
'City'
,
ca_company
=
'Company'
):
backup_path
=
self
.
createBackupDirectory
(
'ca'
)
self
.
ca_dir
=
os
.
path
.
join
(
self
.
data_root_directory
,
'ca'
)
self
.
_createDirectory
(
self
.
ca_dir
)
self
.
ca_request_dir
=
os
.
path
.
join
(
self
.
ca_dir
,
'requests'
)
self
.
_createDirectory
(
self
.
ca_request_dir
)
config
=
dict
(
ca_dir
=
self
.
ca_dir
,
request_dir
=
self
.
ca_request_dir
)
self
.
ca_private
=
os
.
path
.
join
(
self
.
ca_dir
,
'private'
)
self
.
ca_certs
=
os
.
path
.
join
(
self
.
ca_dir
,
'certs'
)
self
.
ca_crl
=
os
.
path
.
join
(
self
.
ca_dir
,
'crl'
)
self
.
ca_newcerts
=
os
.
path
.
join
(
self
.
ca_dir
,
'newcerts'
)
self
.
ca_key_ext
=
'.key'
self
.
ca_crt_ext
=
'.crt'
for
d
in
[
self
.
ca_private
,
self
.
ca_crl
,
self
.
ca_newcerts
,
self
.
ca_certs
]:
self
.
_createDirectory
(
d
)
for
f
in
[
'crlnumber'
,
'serial'
]:
if
not
os
.
path
.
exists
(
os
.
path
.
join
(
self
.
ca_dir
,
f
)):
open
(
os
.
path
.
join
(
self
.
ca_dir
,
f
),
'w'
).
write
(
'01'
)
if
not
os
.
path
.
exists
(
os
.
path
.
join
(
self
.
ca_dir
,
'index.txt'
)):
open
(
os
.
path
.
join
(
self
.
ca_dir
,
'index.txt'
),
'w'
).
write
(
''
)
openssl_configuration
=
os
.
path
.
join
(
self
.
ca_dir
,
'openssl.cnf'
)
config
.
update
(
working_directory
=
self
.
ca_dir
,
country_code
=
ca_country_code
,
state
=
ca_state
,
city
=
ca_city
,
company
=
ca_company
,
email_address
=
ca_email
,
)
self
.
_writeFile
(
openssl_configuration
,
pkg_resources
.
resource_string
(
__name__
,
'template/openssl.cnf.ca.in'
)
%
config
)
self
.
path_list
.
extend
(
zc
.
buildout
.
easy_install
.
scripts
([
(
'certificate_authority'
,
__name__
+
'.certificate_authority'
,
'runCertificateAuthority'
)],
self
.
ws
,
sys
.
executable
,
self
.
wrapper_directory
,
arguments
=
[
dict
(
openssl_configuration
=
openssl_configuration
,
openssl_binary
=
self
.
options
[
'openssl_binary'
],
certificate
=
os
.
path
.
join
(
self
.
ca_dir
,
'cacert.pem'
),
key
=
os
.
path
.
join
(
self
.
ca_private
,
'cakey.pem'
),
crl
=
os
.
path
.
join
(
self
.
ca_crl
),
request_dir
=
self
.
ca_request_dir
)]))
# configure backup
backup_cron
=
os
.
path
.
join
(
self
.
cron_d
,
'ca_rdiff_backup'
)
open
(
backup_cron
,
'w'
).
write
(
'''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''
%
dict
(
rdiff_backup
=
self
.
options
[
'rdiff_backup_binary'
],
source
=
self
.
ca_dir
,
destination
=
backup_path
))
self
.
path_list
.
append
(
backup_cron
)
return
dict
(
ca_certificate
=
os
.
path
.
join
(
config
[
'ca_dir'
],
'cacert.pem'
),
ca_crl
=
os
.
path
.
join
(
config
[
'ca_dir'
],
'crl'
),
certificate_authority_path
=
config
[
'ca_dir'
]
)
def
installStunnel
(
self
,
ip
,
port
,
external_port
,
ca_certificate
,
ca_crl
,
ca_path
):
"""Installs stunnel"""
template_filename
=
self
.
getTemplateFilename
(
'stunnel.conf.in'
)
log
=
os
.
path
.
join
(
self
.
log_directory
,
'stunnel.log'
)
pid_file
=
os
.
path
.
join
(
self
.
run_directory
,
'stunnel.pid'
)
stunnel_conf
=
dict
(
ip
=
ip
,
port
=
port
,
pid_file
=
pid_file
,
log
=
log
,
cert
=
ca_certificate
,
ca_crl
=
ca_crl
,
ca_path
=
ca_path
,
external_port
=
external_port
,
)
stunnel_conf_path
=
self
.
createConfigurationFile
(
"stunnel.conf"
,
self
.
substituteTemplate
(
template_filename
,
stunnel_conf
))
wrapper
=
zc
.
buildout
.
easy_install
.
scripts
([(
'stunnel'
,
'slapos.recipe.erp5.execute'
,
'execute'
)],
self
.
ws
,
sys
.
executable
,
self
.
wrapper_directory
,
arguments
=
[
self
.
options
[
'stunnel_binary'
].
strip
(),
stunnel_conf_path
]
)[
0
]
self
.
path_list
.
append
(
wrapper
)
return
stunnel_conf
def
installMysqlServer
(
self
,
ip
,
port
,
database
=
'database'
,
user
=
'user'
,
def
installMysqlServer
(
self
,
ip
,
port
,
database
=
'database'
,
user
=
'user'
,
template_filename
=
None
,
mysql_conf
=
None
):
template_filename
=
None
,
mysql_conf
=
None
):
if
mysql_conf
is
None
:
if
mysql_conf
is
None
:
...
...
slapos/recipe/mysql/template/stunnel.conf.in
0 → 100644
View file @
3cb46bac
foreground = yes
output = %(log)s
pid = %(pid_file)s
syslog = no
;accept = %(ip)s%(port)
CApath = %(ca_path)
; Certificate/key is needed in server mode and optional in client mode
cert = /etc/ssl/certs/stunnel.pem
;key = /etc/ssl/certs/stunnel.pem
; Protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = SSLv3
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = zlib
; Authentication stuff
;verify = 2
; Don't forget to c_rehash CApath
; CApath is located inside chroot jail
;CApath = /certs
; It's often easier to use CAfile
;CAfile = /etc/stunnel/certs.pem
; Don't forget to c_rehash CRLpath
; CRLpath is located inside chroot jail
;CRLpath = /crls
; Alternatively you can use CRLfile
;CRLfile = /etc/stunnel/crls.pem
; Some debugging stuff useful for troubleshooting
;debug = 7
;output = /var/log/stunnel4/stunnel.log
; Use it for client mode
;client = yes
; Service-level configuration
[mysqls]
accept = %(ip)s%(port)
connect = %(external_port)
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment