Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos-caddy
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Guillaume Hervier
slapos-caddy
Commits
437a5bc1
Commit
437a5bc1
authored
Oct 11, 2017
by
Rafael Monnerat
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
slapos-master: Update instance templates to follow up recent modifications for erp5 stack.
parent
a7bd942b
Changes
6
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
129 additions
and
98 deletions
+129
-98
software/slapos-master/apache-backend.conf.in
software/slapos-master/apache-backend.conf.in
+10
-6
software/slapos-master/buildout.hash.cfg
software/slapos-master/buildout.hash.cfg
+0
-4
software/slapos-master/instance-balancer.cfg.in
software/slapos-master/instance-balancer.cfg.in
+89
-26
software/slapos-master/instance-create-erp5-site-real.cfg.in
software/slapos-master/instance-create-erp5-site-real.cfg.in
+0
-38
software/slapos-master/instance-erp5.cfg.in
software/slapos-master/instance-erp5.cfg.in
+30
-20
software/slapos-master/software.cfg
software/slapos-master/software.cfg
+0
-4
No files found.
software/slapos-master/apache-backend.conf.in
View file @
437a5bc1
...
@@ -108,12 +108,16 @@ SSLProxyEngine On
...
@@ -108,12 +108,16 @@ SSLProxyEngine On
# As backend is trusting REMOTE_USER header unset it always
# As backend is trusting REMOTE_USER header unset it always
RequestHeader unset REMOTE_USER
RequestHeader unset REMOTE_USER
RequestHeader unset SSL_CLIENT_SERIAL
{% if parameter_dict['ca-cert'] -%}
{% if parameter_dict['ca-cert'] -%}
SSLVerifyClient
require
SSLVerifyClient
optional
RequestHeader set REMOTE_USER %{SSL_CLIENT_S_DN_CN}s
RequestHeader set REMOTE_USER %{SSL_CLIENT_S_DN_CN}s
RequestHeader set SSL_CLIENT_SERIAL "%{SSL_CLIENT_M_SERIAL}s"
SSLCACertificateFile {{ parameter_dict['ca-cert'] }}
SSLCACertificateFile {{ parameter_dict['ca-cert'] }}
{% if parameter_dict['crl'] -%}
SSLCARevocationCheck chain
SSLCARevocationCheck chain
SSLCARevocationFile {{ parameter_dict['crl'] }}
SSLCARevocationFile {{ parameter_dict['crl'] }}
{%- endif %}
{%- endif %}
{%- endif %}
ErrorLog "{{ parameter_dict['error-log'] }}"
ErrorLog "{{ parameter_dict['error-log'] }}"
...
@@ -133,20 +137,20 @@ RewriteEngine On
...
@@ -133,20 +137,20 @@ RewriteEngine On
Listen {{ ip }}:{{ port }}
Listen {{ ip }}:{{ port }}
{% endfor -%}
{% endfor -%}
<VirtualHost *:{{ port }}>
<VirtualHost *:{{ port }}>
{% if enable_authentication -%}
SSLEngine on
{% if enable_authentication and parameter_dict['shared-ca-cert'] and parameter_dict['shared-crl'] -%}
SSLVerifyClient require
SSLVerifyClient require
# Custom block we use for now different parameters.
RequestHeader set REMOTE_USER %{SSL_CLIENT_S_DN_CN}s
RequestHeader set REMOTE_USER %{SSL_CLIENT_S_DN_CN}s
SSLCACertificateFile {{ parameter_dict['shared-ca-cert'] }}
SSLCACertificateFile {{ parameter_dict['shared-ca-cert'] }}
SSLCARevocationPath {{ parameter_dict['shared-crl'] }}
SSLCARevocationPath {{ parameter_dict['shared-crl'] }}
LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
# We would like to separate the the authentificated logs.
# We would like to separate the the authentificated logs.
ErrorLog "{{ parameter_dict['log-dir'] }}/apache-service-error.log"
ErrorLog "{{ parameter_dict['log-dir'] }}/apache-service-error.log"
CustomLog "{{ parameter_dict['log-dir'] }}/apache-service-access.log" combined
CustomLog "{{ parameter_dict['log-dir'] }}/apache-service-access.log" combined
{% endif -%}
{% endif -%}
SSLEngine on
RewriteRule ^/(.*) {{ backend }}/$1 [L,P]
RewriteRule ^/(.*) {{ backend }}/$1 [L,P]
</VirtualHost>
</VirtualHost>
{% endfor -%}
{% endfor -%}
software/slapos-master/buildout.hash.cfg
View file @
437a5bc1
...
@@ -24,7 +24,3 @@ md5sum = c5ce18fa4d4be9b9a2d789f3bbd37840
...
@@ -24,7 +24,3 @@ md5sum = c5ce18fa4d4be9b9a2d789f3bbd37840
[template-apache-backend-conf]
[template-apache-backend-conf]
filename = apache-backend.conf.in
filename = apache-backend.conf.in
md5sum = ea77222f440bb72fee4939fe1b72976e
md5sum = ea77222f440bb72fee4939fe1b72976e
[template-create-erp5-site-real]
filename = instance-create-erp5-site-real.cfg.in
md5sum = 86a2b244341218cd0c4b6d398c61ee20
software/slapos-master/instance-balancer.cfg.in
View file @
437a5bc1
{% set part_list = [] -%}
{% set part_list = [] -%}
{% set ssl_parameter_dict = slapparameter_dict.get('ssl', {}) %}
{% set ssl_parameter_dict = slapparameter_dict.get('ssl', {}) %}
{% set caucase_url = slapparameter_dict.get('caucase-url', '') -%}
{% macro section(name) %}{% do part_list.append(name) %}{{ name }}{% endmacro -%}
{% macro section(name) %}{% do part_list.append(name) %}{{ name }}{% endmacro -%}
{% set use_ipv6 = slapparameter_dict.get('use-ipv6', False) -%}
{% set use_ipv6 = slapparameter_dict.get('use-ipv6', False) -%}
{% set shared_ca_path = slapparameter_dict['shared-certificate-authority-path'] -%}
{% set shared_ca_path = slapparameter_dict['shared-certificate-authority-path'] -%}
...
@@ -37,6 +38,56 @@ context = key content {{content_section_name}}:content
...
@@ -37,6 +38,56 @@ context = key content {{content_section_name}}:content
mode = {{ mode }}
mode = {{ mode }}
{%- endmacro %}
{%- endmacro %}
[certificate-request-base]
recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:bin}/request-instance-certificate
parameters-extra = true
command-line = {{ parameter_dict['bin-directory'] }}/caucase-cliweb
--crt-file ${apache-conf-ssl:cert}
--key-file ${apache-conf-ssl:key}
--crl-file ${apache-conf-ssl:crl}
--ca-url {{ caucase_url }}
--ca-crt-file ${apache-conf-ssl:ca-cert}
{% macro request_cert(name, common_name) -%}
{% set get_crl_periodicity = slapparameter_dict.get('crl-update-periodicity', 'daily') -%}
[{{ section(name ~ '-certificate-request') }}]
recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:services}/request-{{ name }}-certificate
command-line =
${certificate-request-base:wrapper-path}
--cn {{ common_name }}
--request
[{{ section(name ~ '-renew-cron-entry') }}]
recipe = slapos.cookbook:cron.d
cron-entries = ${cron:cron-entries}
name = {{ name }}-certificate-auto-renew
time = weekly
# 2592000 = 30*24*60*60 equivalent to one month in seconds
command = ${certificate-request-base:wrapper-path} --renew --threshold 2592000 --on-renew="${apache-graceful:output}"
[{{ section(name ~ '-download-crl') }}]
# download the crl for the first time
recipe = plone.recipe.command
command =
if [ ! -s "${apache-conf-ssl:crl}" ]; then
${certificate-request-base:wrapper-path} --update-crl
fi
update-command = ${:command}
stop-on-error = true
[{{ section(name ~ '-update-crl-cron-entry') }}]
recipe = slapos.cookbook:cron.d
cron-entries = ${cron:cron-entries}
name = {{ name }}-update-crl
time = {{ get_crl_periodicity }}
# XXX - Update crl call apache graceful restart, it's not recommended to check crl too often, Apache
# has an issue with reload and can be frozen and stop responding. Default periodicity time = daily
command = ${certificate-request-base:wrapper-path} --update-crl --on-crl-update="${apache-graceful:output}"
{%- endmacro %}
{% if use_ipv6 -%}
{% if use_ipv6 -%}
[zope-tunnel-base]
[zope-tunnel-base]
recipe = slapos.cookbook:ipv4toipv6
recipe = slapos.cookbook:ipv4toipv6
...
@@ -82,6 +133,7 @@ ipv6 = {{ zope_address.split(']:')[0][1:] }}
...
@@ -82,6 +133,7 @@ ipv6 = {{ zope_address.split(']:')[0][1:] }}
-#}
-#}
{% do zope_family_address_list[0][0] -%}
{% do zope_family_address_list[0][0] -%}
{% set haproxy_port = next_port() -%}
{% set haproxy_port = next_port() -%}
{% set backend_path = slapparameter_dict['backend-path-dict'][family_name] -%}
{% do haproxy_dict.__setitem__(family_name, (haproxy_port, zope_family_address_list)) -%}
{% do haproxy_dict.__setitem__(family_name, (haproxy_port, zope_family_address_list)) -%}
{% if has_webdav -%}
{% if has_webdav -%}
{% set internal_scheme = 'http' -%}{# mod_rewrite does not recognise webdav scheme -#}
{% set internal_scheme = 'http' -%}{# mod_rewrite does not recognise webdav scheme -#}
...
@@ -90,8 +142,7 @@ ipv6 = {{ zope_address.split(']:')[0][1:] }}
...
@@ -90,8 +142,7 @@ ipv6 = {{ zope_address.split(']:')[0][1:] }}
{% set internal_scheme = 'http' -%}
{% set internal_scheme = 'http' -%}
{% set external_scheme = 'https' -%}
{% set external_scheme = 'https' -%}
{% endif -%}
{% endif -%}
{% set backend_path = slapparameter_dict['backend-path-dict'][family_name] -%}
{% set ssl_authentication = slapparameter_dict['ssl-authentication-dict'].get(family_name, False) -%}
{% set ssl_authentication = slapparameter_dict['ssl-authentication-dict'][family_name] -%}
{% do apache_dict.__setitem__(family_name, (next_port(), external_scheme, internal_scheme ~ '://' ~ ipv4 ~ ':' ~ haproxy_port ~ backend_path, ssl_authentication)) -%}
{% do apache_dict.__setitem__(family_name, (next_port(), external_scheme, internal_scheme ~ '://' ~ ipv4 ~ ':' ~ haproxy_port ~ backend_path, ssl_authentication)) -%}
{% endfor -%}
{% endfor -%}
...
@@ -125,9 +176,9 @@ crl = ${directory:apache-conf}/crl.pem
...
@@ -125,9 +176,9 @@ crl = ${directory:apache-conf}/crl.pem
backend-list = {{ dumps(apache_dict.values()) }}
backend-list = {{ dumps(apache_dict.values()) }}
ip-list = {{ dumps(apache_ip_list) }}
ip-list = {{ dumps(apache_ip_list) }}
pid-file = ${directory:run}/apache.pid
pid-file = ${directory:run}/apache.pid
log-dir = ${directory:log}
error-log = ${directory:log}/apache-error.log
error-log = ${directory:log}/apache-error.log
access-log = ${directory:log}/apache-access.log
access-log = ${directory:log}/apache-access.log
log-dir = ${directory:log}
# Apache 2.4's default value (60 seconds) can be a bit too short
# Apache 2.4's default value (60 seconds) can be a bit too short
timeout = 300
timeout = 300
# Basic SSL server configuration
# Basic SSL server configuration
...
@@ -144,8 +195,6 @@ shared-ca-cert = {{ shared_ca_path }}/cacert.pem
...
@@ -144,8 +195,6 @@ shared-ca-cert = {{ shared_ca_path }}/cacert.pem
shared-crl = {{ shared_ca_path }}/crl
shared-crl = {{ shared_ca_path }}/crl
{%- endif %}
{%- endif %}
[apache-conf]
[apache-conf]
< = jinja2-template-base
< = jinja2-template-base
template = {{ parameter_dict['template-apache-conf'] }}
template = {{ parameter_dict['template-apache-conf'] }}
...
@@ -156,6 +205,18 @@ context = section parameter_dict apache-conf-parameter-dict
...
@@ -156,6 +205,18 @@ context = section parameter_dict apache-conf-parameter-dict
recipe = slapos.cookbook:wrapper
recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:services}/apache
wrapper-path = ${directory:services}/apache
command-line = "{{ parameter_dict['apache'] }}/bin/httpd" -f "${apache-conf:rendered}" -DFOREGROUND
command-line = "{{ parameter_dict['apache'] }}/bin/httpd" -f "${apache-conf:rendered}" -DFOREGROUND
wait-for-files =
${apache-conf-ssl:cert}
${apache-conf-ssl:key}
[apache-graceful]
recipe = collective.recipe.template
input = inline:
#!/bin/sh
kill -USR1 "$(cat '${apache-conf-parameter-dict:pid-file}')"
output = ${directory:bin}/apache-httpd-graceful
mode = 700
[{{ section('apache-promise') }}]
[{{ section('apache-promise') }}]
# Check any apache port in ipv4, expect other ports and ipv6 to behave consistently
# Check any apache port in ipv4, expect other ports and ipv6 to behave consistently
...
@@ -164,7 +225,7 @@ path = ${directory:promise}/apache
...
@@ -164,7 +225,7 @@ path = ${directory:promise}/apache
hostname = {{ ipv4 }}
hostname = {{ ipv4 }}
port = {{ apache_dict.values()[0][0] }}
port = {{ apache_dict.values()[0][0] }}
[
publish
]
[
{{ section('publish') }}
]
recipe = slapos.cookbook:publish.serialised
recipe = slapos.cookbook:publish.serialised
{% for family_name, (apache_port, scheme, _, _) in apache_dict.items() -%}
{% for family_name, (apache_port, scheme, _, _) in apache_dict.items() -%}
{{ family_name ~ '-v6' }} = {% if ipv6_set %}{{ scheme ~ '://[' ~ ipv6 ~ ']:' ~ apache_port }}{% endif %}
{{ family_name ~ '-v6' }} = {% if ipv6_set %}{{ scheme ~ '://[' ~ ipv6 ~ ']:' ~ apache_port }}{% endif %}
...
@@ -178,6 +239,11 @@ key = ${apache-ssl-key:rendered}
...
@@ -178,6 +239,11 @@ key = ${apache-ssl-key:rendered}
cert = ${apache-ssl-cert:rendered}
cert = ${apache-ssl-cert:rendered}
{{ simplefile('apache-ssl-key', '${apache-conf-ssl:key}', ssl_parameter_dict['key']) }}
{{ simplefile('apache-ssl-key', '${apache-conf-ssl:key}', ssl_parameter_dict['key']) }}
{{ simplefile('apache-ssl-cert', '${apache-conf-ssl:cert}', ssl_parameter_dict['cert']) }}
{{ simplefile('apache-ssl-cert', '${apache-conf-ssl:cert}', ssl_parameter_dict['cert']) }}
{% elif caucase_url -%}
key = ${apache-conf-ssl:key}
cert = ${apache-conf-ssl:cert}
{{ request_cert('erp5', 'instance.apache@erp5') }}
{% else %}
{% else %}
recipe = plone.recipe.command
recipe = plone.recipe.command
command = "{{ parameter_dict['openssl'] }}/bin/openssl" req -newkey rsa -batch -new -x509 -days 3650 -nodes -keyout "${:key}" -out "${:cert}"
command = "{{ parameter_dict['openssl'] }}/bin/openssl" req -newkey rsa -batch -new -x509 -days 3650 -nodes -keyout "${:key}" -out "${:cert}"
...
@@ -191,12 +257,15 @@ cert = ${apache-ssl-ca:rendered}
...
@@ -191,12 +257,15 @@ cert = ${apache-ssl-ca:rendered}
crl = ${apache-ssl-crl:rendered}
crl = ${apache-ssl-crl:rendered}
{{ simplefile('apache-ssl-ca', '${apache-conf-ssl:ca-cert}', ssl_parameter_dict['ca-cert']) }}
{{ simplefile('apache-ssl-ca', '${apache-conf-ssl:ca-cert}', ssl_parameter_dict['ca-cert']) }}
{{ simplefile('apache-ssl-crl', '${apache-conf-ssl:crl}', ssl_parameter_dict['crl']) }}
{{ simplefile('apache-ssl-crl', '${apache-conf-ssl:crl}', ssl_parameter_dict['crl']) }}
{% elif caucase_url -%}
cert = ${apache-conf-ssl:ca-cert}
crl = ${apache-conf-ssl:crl}
{% else %}
{% else %}
cert =
cert =
crl =
crl =
{%- endif %}
{%- endif %}
{% set apache_service_log_list = {} -%}
{% set apache_service_log_list = {} -%}
{% for family_name, (_, _, _, authentication) in apache_dict.items() -%}
{% for family_name, (_, _, _, authentication) in apache_dict.items() -%}
{% if authentication -%}
{% if authentication -%}
...
@@ -211,7 +280,7 @@ post = test ! -s ${apache-conf-parameter-dict:pid-file} || {{ parameter_dict['bi
...
@@ -211,7 +280,7 @@ post = test ! -s ${apache-conf-parameter-dict:pid-file} || {{ parameter_dict['bi
{% endif -%}
{% endif -%}
{% endfor -%}
{% endfor -%}
[
logrotate-apache
]
[
{{ section('logrotate-apache') }}
]
< = logrotate-entry-base
< = logrotate-entry-base
name = apache
name = apache
log = ${apache-conf-parameter-dict:error-log} ${apache-conf-parameter-dict:access-log}
log = ${apache-conf-parameter-dict:error-log} ${apache-conf-parameter-dict:access-log}
...
@@ -222,7 +291,7 @@ recipe = slapos.cookbook:mkdirectory
...
@@ -222,7 +291,7 @@ recipe = slapos.cookbook:mkdirectory
apache-conf = ${:etc}/apache
apache-conf = ${:etc}/apache
bin = ${buildout:directory}/bin
bin = ${buildout:directory}/bin
etc = ${buildout:directory}/etc
etc = ${buildout:directory}/etc
promise = ${
directory
:etc}/promise
promise = ${:etc}/promise
services = ${:etc}/run
services = ${:etc}/run
var = ${buildout:directory}/var
var = ${buildout:directory}/var
run = ${:var}/run
run = ${:var}/run
...
@@ -235,39 +304,33 @@ newcerts = ${:ca-dir}/newcerts
...
@@ -235,39 +304,33 @@ newcerts = ${:ca-dir}/newcerts
crl = ${:ca-dir}/crl
crl = ${:ca-dir}/crl
apachedex = ${monitor-directory:private}/apachedex
apachedex = ${monitor-directory:private}/apachedex
[
monitor-generate-apachedex-report
]
[
{{ section('monitor-generate-apachedex-report') }}
]
recipe = slapos.cookbook:wrapper
recipe = slapos.cookbook:wrapper
wrapper-path = ${monitor-directory:reports}/${:command}
wrapper-path = ${monitor-directory:reports}/${:command}
command-line = "{{ parameter_dict['run-apachedex-location'] }}" "{{ parameter_dict['apachedex-location'] }}" "${directory:apachedex}"
--default "${apachedex-parameters:default}" --apache-log-list "${apachedex-parameters:apache-log-list}" --base-list "${apachedex-parameters:base-list}" --skip-base-list "${apachedex-parameters:skip-base-list}" --erp5-base-list "${apachedex-parameters:erp5-base-list
}"
command-line = "{{ parameter_dict['run-apachedex-location'] }}" "{{ parameter_dict['apachedex-location'] }}" "${directory:apachedex}"
${monitor-publish-parameters:monitor-base-url}/private/apachedex --apache-log-list "${apachedex-parameters:apache-log-list}" --config "${apachedex-parameters:configuration
}"
command = apachedex_every_3_hour
command = apachedex_every_
2
3_hour
[apachedex-parameters]
[apachedex-parameters]
default_parameter =
# XXX - Sample log file with curent date: apache_access.log-%(date)s.gz
# XXX - Sample log file with curent date: apache_access.log-%(date)s.gz
# which will be equivalent to apache_access.log-20150112.gz if the date is 2015-01-12
# which will be equivalent to apache_access.log-20150112.gz if the date is 2015-01-12
apache-log-list = ${apache-conf-parameter-dict:access-log}
apache-log-list = ${apache-conf-parameter-dict:access-log}
default = ${monitor-directory:etc}/apdex_default
configuration = {{ slapparameter_dict['apachedex-configuration'] }}
base-list = ${monitor-directory:etc}/apdex_base_list
promise-threshold = {{ slapparameter_dict['apachedex-promise-threshold'] }}
skip-base-list = ${monitor-directory:etc}/apdex_skip_base_list
erp5-base-list = ${monitor-directory:etc}/apdex_erp5_base_list
[{{ section('monitor-promise-apachedex-result') }}]
recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:promise}/check-apachedex-result
command-line = "{{ parameter_dict['promise-check-apachedex-result'] }}" --apachedex_path "${directory:apachedex}" --status_file ${monitor-directory:private}/apachedex.report.json --threshold "${apachedex-parameters:promise-threshold}"
[monitor-instance-parameter]
[monitor-instance-parameter]
monitor-httpd-ipv6 = {{ (ipv6_set | list)[0] }}
monitor-httpd-ipv6 = {{ (ipv6_set | list)[0] }}
monitor-httpd-port = {{ next_port() }}
monitor-httpd-port = {{ next_port() }}
monitor-title =
Balancer monitor
monitor-title =
{{ slapparameter_dict['name'] }}
password = {{ slapparameter_dict['monitor-passwd'] }}
password = {{ slapparameter_dict['monitor-passwd'] }}
instance-configuration =
file apachedex-default ${apachedex-parameters:default}
file apachedex-base-list ${apachedex-parameters:base-list}
file apachedex-skip-base-list ${apachedex-parameters:skip-base-list}
file apachedex-erp5-base-list ${apachedex-parameters:erp5-base-list}
[buildout]
[buildout]
extends =
extends =
{{ logrotate_cfg }}
{{ logrotate_cfg }}
{{ parameter_dict['template-monitor'] }}
{{ parameter_dict['template-monitor'] }}
parts +=
parts +=
publish
logrotate-apache
monitor-generate-apachedex-report
{{ part_list | join('\n ') }}
{{ part_list | join('\n ') }}
software/slapos-master/instance-create-erp5-site-real.cfg.in
deleted
100644 → 0
View file @
a7bd942b
[directory]
recipe = slapos.cookbook:mkdirectory
etc = ${buildout:directory}/etc
services = ${:etc}/run
promise = ${:etc}/promise
[erp5-bootstrap]
recipe = slapos.cookbook:erp5.bootstrap
runner-path = ${directory:services}/erp5-bootstrap
{# Note: a random domain name will be picked if several point to the same IP -#}
{% set reverse_hosts = {} -%}
{% for x, y in publish['hosts-dict'].iteritems() -%}
{% do reverse_hosts.__setitem__(y, x) -%}
{% endfor -%}
{# XXX: Expect the first database to be the one to use for catalog. -#}
{% set mysql_parsed = urlparse.urlparse(publish['mariadb-database-list'][0]) -%}
mysql-url = {{ dumps(urlparse.urlunparse(mysql_parsed[:1] + (mysql_parsed.username + ":" + mysql_parsed.password + "@" + reverse_hosts.get(mysql_parsed.hostname, mysql_parsed.hostname) + ':' ~ mysql_parsed.port, ) + mysql_parsed[2:])) }}
{# Pick the first http[s] family found, they should be all equivalent anyway. -#}
{# Don't pick the https[s] configurated with ssl-authenticat=true. By convention, this family name contain 'service'. -#}
{% set family_list = [] -%}
{% for key, value in publish.items() -%}
{% if key.startswith('family-') and value.startswith('http') and not 'service' in key -%}
{% do family_list.append(value.split('://', 1)) -%}
{% endif -%}
{% endfor -%}
zope-url = {{ dumps(family_list[0][0] + '://' + publish['inituser-login'] + ':' + publish_early['inituser-password'] + '@' + family_list[0][1] + '/' + publish['site-id']) }}
[promise-erp5-site]
recipe = slapos.cookbook:check_url_available
url = ${erp5-bootstrap:zope-url}
path = ${directory:promise}/erp5-site
dash_path = {{ parameter_dict['dash-location'] }}/bin/dash
curl_path = {{ parameter_dict['curl-location'] }}/bin/curl
[buildout]
parts = promise-erp5-site
eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}
software/slapos-master/instance-erp5.cfg.in
View file @
437a5bc1
{% import "root_common" as root_common with context %}
{% import "root_common" as root_common with context
-
%}
{% set frontend_dict = slapparameter_dict.get('frontend', {}) -%}
{% set frontend_dict = slapparameter_dict.get('frontend', {}) -%}
{% set has_frontend = frontend_dict.get('software-url', '') != '' -%}
{% set has_frontend = frontend_dict.get('software-url', '') != '' -%}
{% set site_id = slapparameter_dict.get('site-id', 'erp5') -%}
{% set site_id = slapparameter_dict.get('site-id', 'erp5') -%}
...
@@ -9,7 +9,9 @@
...
@@ -9,7 +9,9 @@
{% set has_jupyter = jupyter_dict.get('enable', jupyter_enable_default.lower() in ('true', 'yes')) -%}
{% set has_jupyter = jupyter_dict.get('enable', jupyter_enable_default.lower() in ('true', 'yes')) -%}
{% set jupyter_zope_family = jupyter_dict.get('zope-family', '') -%}
{% set jupyter_zope_family = jupyter_dict.get('zope-family', '') -%}
{% set monitor_base_url_dict = {} -%}
{% set monitor_base_url_dict = {} -%}
{% set caucase_url = slapparameter_dict.get('caucase', {}).pop('url', '') -%}
{% set monitor_dict = slapparameter_dict.get('monitor', {}) %}
{% set monitor_dict = slapparameter_dict.get('monitor', {}) %}
{% set crl_update_period = slapparameter_dict.get('caucase', {}).pop('crl-update-periodicity', 'daily') -%}
[request-common]
[request-common]
<= request-common-base
<= request-common-base
config-use-ipv6 = {{ dumps(slapparameter_dict.get('use-ipv6', False)) }}
config-use-ipv6 = {{ dumps(slapparameter_dict.get('use-ipv6', False)) }}
...
@@ -52,6 +54,14 @@ config-name = {{ name }}
...
@@ -52,6 +54,14 @@ config-name = {{ name }}
connection-url = smtp://127.0.0.2:0/
connection-url = smtp://127.0.0.2:0/
{%- endif %}
{%- endif %}
{% if caucase_url -%}
{% do publish_dict.__setitem__('caucase-http-url', caucase_url) -%}
[request-caucase]
connection-http-url = {{ caucase_url }}
{%- else %}
{{ request('caucase', 'caucase', 'caucase', {'server-port': 8890, 'server-https-port': 8891, 'auto-sign-csr-amount': 2}, {'http-url': True, 'https-url': False}) }}
{% endif -%}
{# ZODB -#}
{# ZODB -#}
{% set zodb_dict = {} -%}
{% set zodb_dict = {} -%}
{% set storage_dict = {} -%}
{% set storage_dict = {} -%}
...
@@ -95,16 +105,16 @@ recipe = slapos.cookbook:publish-early
...
@@ -95,16 +105,16 @@ recipe = slapos.cookbook:publish-early
{%- if neo %}
{%- if neo %}
neo-cluster gen-neo-cluster:name
neo-cluster gen-neo-cluster:name
{%- if neo[0] %}
{%- if neo[0] %}
neo-cluster = {{
neo[0]
}}
neo-cluster = {{
dumps(neo[0])
}}
{%- endif %}
{%- endif %}
{%- endif %}
{%- endif %}
{%- set inituser_password = slapparameter_dict.get('inituser-password') %}
{%- set inituser_password = slapparameter_dict.get('inituser-password') %}
{%- if inituser_password %}
{%- if inituser_password %}
inituser-password = {{
inituser_password
}}
inituser-password = {{
dumps(inituser_password)
}}
{%- endif %}
{%- endif %}
{%- set deadlock_debugger_password = slapparameter_dict.get('deadlock-debugger-password') -%}
{%- set deadlock_debugger_password = slapparameter_dict.get('deadlock-debugger-password') -%}
{%- if deadlock_debugger_password %}
{%- if deadlock_debugger_password %}
deadlock-debugger-password = {{ d
eadlock_debugger_password
}}
deadlock-debugger-password = {{ d
umps(deadlock_debugger_password)
}}
{%- endif %}
{%- endif %}
[gen-password]
[gen-password]
...
@@ -139,6 +149,7 @@ return =
...
@@ -139,6 +149,7 @@ return =
{% endif -%}
{% endif -%}
config-bt5 = {{ dumps(slapparameter_dict.get('bt5', bt5_default_list)) }}
config-bt5 = {{ dumps(slapparameter_dict.get('bt5', bt5_default_list)) }}
config-bt5-repository-url = {{ dumps(slapparameter_dict.get('bt5-repository-url', local_bt5_repository)) }}
config-bt5-repository-url = {{ dumps(slapparameter_dict.get('bt5-repository-url', local_bt5_repository)) }}
config-caucase-url = ${request-caucase:connection-http-url}
config-cloudooo-url = ${request-cloudooo:connection-url}
config-cloudooo-url = ${request-cloudooo:connection-url}
config-deadlock-debugger-password = ${publish-early:deadlock-debugger-password}
config-deadlock-debugger-password = ${publish-early:deadlock-debugger-password}
config-developer-list = {{ dumps(slapparameter_dict.get('developer-list', [inituser_login])) }}
config-developer-list = {{ dumps(slapparameter_dict.get('developer-list', [inituser_login])) }}
...
@@ -154,7 +165,7 @@ config-mysql-url-list = ${request-mariadb:connection-database-list}
...
@@ -154,7 +165,7 @@ config-mysql-url-list = ${request-mariadb:connection-database-list}
config-site-id = {{ dumps(site_id) }}
config-site-id = {{ dumps(site_id) }}
config-smtp-url = ${request-smtp:connection-url}
config-smtp-url = ${request-smtp:connection-url}
config-timezone = {{ dumps(slapparameter_dict.get('timezone', 'UTC')) }}
config-timezone = {{ dumps(slapparameter_dict.get('timezone', 'UTC')) }}
config-wendelin-core-zblk-fmt = {{ dumps(slapparameter_dict.get('wendelin-core-zblk-fmt', '')) }}
config-wendelin-core-zblk-fmt = {{ dumps(slapparameter_dict.get('wendelin-core-zblk-fmt', '')) }}
config-ca-path = ${directory:ca-dir}
config-ca-path = ${directory:ca-dir}
config-zodb-dict = {{ dumps(zodb_dict) }}
config-zodb-dict = {{ dumps(zodb_dict) }}
{% for server_type, server_dict in storage_dict.iteritems() -%}
{% for server_type, server_dict in storage_dict.iteritems() -%}
...
@@ -171,23 +182,22 @@ config-tidstorage-port = ${request-zodb:connection-tidstorage-port}
...
@@ -171,23 +182,22 @@ config-tidstorage-port = ${request-zodb:connection-tidstorage-port}
software-type = zope
software-type = zope
{% set zope_family_dict = {} -%}
{% set zope_family_dict = {} -%}
{% set jupyter_zope_family_default = [] -%}
{% set zope_backend_path_dict = {} -%}
{% set zope_backend_path_dict = {} -%}
{% set ssl_authentication_dict = {} -%}
{% set ssl_authentication_dict = {} -%}
{% set jupyter_zope_family_default = [] -%}
{% for custom_name, zope_parameter_dict in
zope_partition_dict.items() -%}
{% for custom_name, zope_parameter_dict in zope_partition_dict.items() -%}
{% set partition_name = 'zope-' ~ custom_name -%}
{% set partition_name = 'zope-' ~ custom_name -%}
{% set section_name = 'request-' ~ partition_name -%}
{% set section_name = 'request-' ~ partition_name -%}
{% set backend_path = zope_parameter_dict.get('backend-path', '/') % {'site-id': site_id} %}
{% set zope_family = zope_parameter_dict.get('family', 'default') -%}
{% set zope_family = zope_parameter_dict.get('family', 'default') -%}
{% set backend_path = zope_parameter_dict.get('backend-path', '/') % {'site-id': site_id} %}
{# # default jupyter zope family is first zope family. -#}
{# # default jupyter zope family is first zope family. -#}
{# # use list.append() to update it, because in jinja2 set changes only local scope. -#}
{# # use list.append() to update it, because in jinja2 set changes only local scope. -#}
{% if not jupyter_zope_family_default -%}
{% if not jupyter_zope_family_default -%}
{% do jupyter_zope_family_default.append(zope_family) -%}
{% do jupyter_zope_family_default.append(zope_family) -%}
{% endif -%}
{% endif -%}
{% do zope_family_dict.setdefault(zope_family, []).append(section_name) -%}
{% do zope_family_dict.setdefault(zope_family, []).append(section_name) -%}
{% do zope_backend_path_dict.
setdefault(zope_parameter_dict.get('family', 'default')
, backend_path) -%}
{% do zope_backend_path_dict.
__setitem__(zope_family
, backend_path) -%}
{% do ssl_authentication_dict.
setdefault(zope_parameter_dict.get('family', 'default')
, zope_parameter_dict.get('ssl-authentication', False)) -%}
{% do ssl_authentication_dict.
__setitem__(zope_family
, zope_parameter_dict.get('ssl-authentication', False)) -%}
[{{ section_name }}]
[{{ section_name }}]
<= request-zope-base
<= request-zope-base
name = {{ partition_name }}
name = {{ partition_name }}
...
@@ -201,7 +211,6 @@ config-longrequest-logger-interval = {{ dumps(zope_parameter_dict.get('longreque
...
@@ -201,7 +211,6 @@ config-longrequest-logger-interval = {{ dumps(zope_parameter_dict.get('longreque
config-longrequest-logger-timeout = {{ dumps(zope_parameter_dict.get('longrequest-logger-timeout', 1)) }}
config-longrequest-logger-timeout = {{ dumps(zope_parameter_dict.get('longrequest-logger-timeout', 1)) }}
config-port-base = {{ dumps(zope_parameter_dict.get('port-base', 2200)) }}
config-port-base = {{ dumps(zope_parameter_dict.get('port-base', 2200)) }}
config-webdav = {{ dumps(zope_parameter_dict.get('webdav', False)) }}
config-webdav = {{ dumps(zope_parameter_dict.get('webdav', False)) }}
config-name = {{ partition_name }}
{% endfor -%}
{% endfor -%}
{# if not explicitly configured, connect jupyter to first zope family, which -#}
{# if not explicitly configured, connect jupyter to first zope family, which -#}
...
@@ -211,7 +220,6 @@ config-name = {{ partition_name }}
...
@@ -211,7 +220,6 @@ config-name = {{ partition_name }}
{% endif -%}
{% endif -%}
{# We need to concatenate lists that we cannot read as lists, so this gets hairy. -#}
{# We need to concatenate lists that we cannot read as lists, so this gets hairy. -#}
{% set zope_address_list_id_dict = {} -%}
{% set zope_family_parameter_dict = {} -%}
{% set zope_family_parameter_dict = {} -%}
{% for family_name, zope_section_id_list in zope_family_dict.items() -%}
{% for family_name, zope_section_id_list in zope_family_dict.items() -%}
{% for zope_section_id in zope_section_id_list -%}
{% for zope_section_id in zope_section_id_list -%}
...
@@ -300,6 +308,7 @@ return =
...
@@ -300,6 +308,7 @@ return =
{{ family }}-v6
{{ family }}-v6
{% endfor -%}
{% endfor -%}
{% do monitor_base_url_dict.__setitem__('request-balancer', '${' ~ 'request-balancer' ~ ':connection-monitor-base-url}') -%}
{% do monitor_base_url_dict.__setitem__('request-balancer', '${' ~ 'request-balancer' ~ ':connection-monitor-base-url}') -%}
config-zope-family-dict = {{ dumps(zope_family_parameter_dict) }}
config-zope-family-dict = {{ dumps(zope_family_parameter_dict) }}
config-tcpv4-port = {{ dumps(balancer_dict.get('tcpv4-port', 2150)) }}
config-tcpv4-port = {{ dumps(balancer_dict.get('tcpv4-port', 2150)) }}
{% for zope_section_id, name in zope_address_list_id_dict.items() -%}
{% for zope_section_id, name in zope_address_list_id_dict.items() -%}
...
@@ -307,16 +316,17 @@ config-{{ name }} = {{ ' ${' ~ zope_section_id ~ ':connection-zope-address-list}
...
@@ -307,16 +316,17 @@ config-{{ name }} = {{ ' ${' ~ zope_section_id ~ ':connection-zope-address-list}
{% endfor -%}
{% endfor -%}
# XXX: should those really be same for all families ?
# XXX: should those really be same for all families ?
config-haproxy-server-check-path = {{ dumps(balancer_dict.get('haproxy-server-check-path', '/') % {'site-id': site_id}) }}
config-haproxy-server-check-path = {{ dumps(balancer_dict.get('haproxy-server-check-path', '/') % {'site-id': site_id}) }}
config-backend-path = {{ dumps(balancer_dict.get('apache-backend-path', '/') % {'site-id': site_id}) }}
config-ssl = {{ dumps(balancer_dict.get('ssl', {})) }}
config-ssl = {{ dumps(balancer_dict.get('ssl', {})) }}
config-backend-path-dict = {{ dumps(zope_backend_path_dict) }}
config-ssl-authentication-dict = {{ dumps(ssl_authentication_dict) }}
config-shared-certificate-authority-path = ${directory:ca-dir}
config-monitor-passwd = ${monitor-htpasswd:passwd}
config-monitor-passwd = ${monitor-htpasswd:passwd}
config-name = ${:name}
config-name = ${:name}
config-caucase-url = ${request-caucase:connection-http-url}
config-crl-update-periodicity = {{ crl_update_period }}
config-shared-certificate-authority-path = ${directory:ca-dir}
config-backend-path-dict = {{ dumps(zope_backend_path_dict) }}
config-ssl-authentication-dict = {{ dumps(ssl_authentication_dict) }}
config-apachedex-promise-threshold = {{ dumps(monitor_dict.get('apachedex-promise-threshold', 70)) }}
config-apachedex-promise-threshold = {{ dumps(monitor_dict.get('apachedex-promise-threshold', 70)) }}
config-apachedex-configuration = {{ dumps(monitor_dict.get('apachedex-configuration',
config-apachedex-configuration = {{ dumps(monitor_dict.get('apachedex-configuration',
'--erp5-base "/erp5(/|$|/\?)" --skip-user-agent Zabbix --error-detail --js-embed --quiet')) }}
'--erp5-base "/erp5(/|$|/\?)" --skip-user-agent Zabbix --error-detail --js-embed --quiet')) }}
[request-frontend-base]
[request-frontend-base]
{% if has_frontend -%}
{% if has_frontend -%}
...
@@ -365,10 +375,10 @@ monitor-httpd-port = 8386
...
@@ -365,10 +375,10 @@ monitor-httpd-port = 8386
[buildout]
[buildout]
extends = {{ template_monitor }}
extends = {{ template_monitor }}
parts +=
parts +=
apache-certificate-authority
apache-certificate-authority
fix-ca-folder
fix-ca-folder
publish
monitor-base
monitor-base
[monitor-conf-parameters]
[monitor-conf-parameters]
...
...
software/slapos-master/software.cfg
View file @
437a5bc1
...
@@ -58,9 +58,5 @@ filename = instance-balancer.cfg.in
...
@@ -58,9 +58,5 @@ filename = instance-balancer.cfg.in
url = ${:_profile_base_location_}/${:filename}
url = ${:_profile_base_location_}/${:filename}
filename = apache-backend.conf.in
filename = apache-backend.conf.in
[template-create-erp5-site-real]
< = download-base-part
filename = instance-create-erp5-site-real.cfg.in
[versions]
[versions]
python-memcached = 1.47
python-memcached = 1.47
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment