Commit 66789ff2 authored by Cédric Le Ninivin's avatar Cédric Le Ninivin

Remove stunnel from apache frontend recipe

parent 9558db11
...@@ -64,8 +64,6 @@ class Recipe(BaseSlapRecipe): ...@@ -64,8 +64,6 @@ class Recipe(BaseSlapRecipe):
self.path_list = [] self.path_list = []
self.requirements, self.ws = self.egg.working_set() self.requirements, self.ws = self.egg.working_set()
# self.cron_d is a directory, where cron jobs can be registered
self.cron_d = self.installCrond()
self.killpidfromfile = zc.buildout.easy_install.scripts( self.killpidfromfile = zc.buildout.easy_install.scripts(
[('killpidfromfile', 'slapos.toolbox.killpidfromfile', [('killpidfromfile', 'slapos.toolbox.killpidfromfile',
'killpidfromfile')], self.ws, sys.executable, self.bin_directory)[0] 'killpidfromfile')], self.ws, sys.executable, self.bin_directory)[0]
...@@ -163,27 +161,30 @@ class Recipe(BaseSlapRecipe): ...@@ -163,27 +161,30 @@ class Recipe(BaseSlapRecipe):
rewrite_rule_list.append(rewrite_rule) rewrite_rule_list.append(rewrite_rule)
# Certificate stuff # Certificate stuff
valid_certificate_str = self.parameter_dict.get("domain_ssl_ca_cert") #valid_certificate_str = self.parameter_dict.get("domain_ssl_ca_cert")
valid_key_str = self.parameter_dict.get("domain_ssl_ca_key") #valid_key_str = self.parameter_dict.get("domain_ssl_ca_key")
if valid_certificate_str is None and valid_key_str is None: #if valid_certificate_str is None and valid_key_str is None:
ca_conf = self.installCertificateAuthority() # ca_conf = self.installCertificateAuthority()
key, certificate = self.requestCertificate(frontend_domain_name) # key, certificate = self.requestCertificate(frontend_domain_name)
else: #else:
ca_conf = self.installValidCertificateAuthority( # ca_conf = self.installValidCertificateAuthority(
frontend_domain_name, valid_certificate_str, valid_key_str) # frontend_domain_name, valid_certificate_str, valid_key_str)
key = ca_conf.pop("key") # key = ca_conf.pop("key")
certificate = ca_conf.pop("certificate") # certificate = ca_conf.pop("certificate")
if service_dict != {}: #if service_dict != {}:
if valid_certificate_str is not None and valid_key_str is not None: # if valid_certificate_str is not None and valid_key_str is not None:
self.installCertificateAuthority() # self.installCertificateAuthority()
stunnel_key, stunnel_certificate = \ # stunnel_key, stunnel_certificate = \
self.requestCertificate(frontend_domain_name) # self.requestCertificate(frontend_domain_name)
else: # else:
stunnel_key, stunnel_certificate = key, certificate # stunnel_key, stunnel_certificate = key, certificate
self.installStunnel(service_dict, stunnel_key, stunnel_certificate = self.options['key_path'], self.options['cert_path']
stunnel_certificate, stunnel_key,
ca_conf["ca_crl"], key, certificate = self.options['key_path'], self.options['cert_path']
ca_conf["certificate_authority_path"]) #self.installStunnel(service_dict,
# stunnel_certificate, stunnel_key,
# self.options["ca_crl"],
# self.options["ca_dir"])
apache_parameter_dict = self.installFrontendApache( apache_parameter_dict = self.installFrontendApache(
ip_list=["[%s]" % self.getGlobalIPv6Address(), ip_list=["[%s]" % self.getGlobalIPv6Address(),
...@@ -272,13 +273,13 @@ class Recipe(BaseSlapRecipe): ...@@ -272,13 +273,13 @@ class Recipe(BaseSlapRecipe):
service_name = "squid_%s" % reference service_name = "squid_%s" % reference
squid_ip = self.getLocalIPv4Address() squid_ip = self.getLocalIPv4Address()
stunnel_port = base_squid_port + 1 stunnel_port = base_squid_port + 1
#self.installSquidCache(service_name, # self.installSquidCache(service_name,
# ip=squid_ip, # ip=squid_ip,
# port=base_squid_port, # port=base_squid_port,
# backend_host=squid_ip, # backend_host=squid_ip,
# backend_port=stunnel_port, # backend_port=stunnel_port,
# domain=domain, # domain=domain,
# size="1G") # size="1G")
service_dict[service_name] = dict(public_ip=squid_ip, service_dict[service_name] = dict(public_ip=squid_ip,
public_port=stunnel_port, public_port=stunnel_port,
private_ip=slave_host.replace("[", "").replace("]", ""), private_ip=slave_host.replace("[", "").replace("]", ""),
...@@ -286,28 +287,86 @@ class Recipe(BaseSlapRecipe): ...@@ -286,28 +287,86 @@ class Recipe(BaseSlapRecipe):
return "%s http://%s:%s" % \ return "%s http://%s:%s" % \
(domain, squid_ip, base_squid_port) (domain, squid_ip, base_squid_port)
def installSquidCache(self, name, ip, port, backend_host, # def installSquidCache(self, name, ip, port, backend_host,
backend_port, domain, size="1G"): # backend_port, domain, size="1G"):
""" # """
Install a squid daemon for a certain address # Install a squid daemon for a certain address
""" # """
# directory = self.createDataDirectory(name) ## directory = self.createDataDirectory(name)
# squid_config = dict( ## squid_config = dict(
# directory=directory, ## directory=directory,
# pid = "%s/squid.pid" % directory, ## pid = "%s/squid.pid" % directory,
# port="%s:%s" % (ip, port), ## port="%s:%s" % (ip, port),
# squidd_binary=self.options["squidd_binary"], ## squidd_binary=self.options["squidd_binary"],
# control_port="%s:%s" % (ip, control_port), ## control_port="%s:%s" % (ip, control_port),
# storage="file,%s/storage.bin,%s" % (directory, size)) ## storage="file,%s/storage.bin,%s" % (directory, size))
#
##
## squid_argument_list = [squid_config['squidd_binary'].strip(),
## "-F", "-n", directory, "-P", squid_config["pid"], "-p",
## "cc_command=exec %s " % self.options["gcc_binary"] +\
## "-fpic -shared -o %o %s",
## "-f", config_file,
## "-a", squid_config["port"], "-T", squid_config["control_port"],
## "-s", squid_config["storage"]]
## environment = dict(PATH="%s:%s" % (self.options["binutils_directory"],
## os.environ.get('PATH')))
## wrapper = zc.buildout.easy_install.scripts([(name,
## 'slapos.recipe.librecipe.execute', 'executee')], self.ws,
## sys.executable, self.service_directory, arguments=[squid_argument_list,
## environment])[0]
## self.path_list.append(wrapper)
# #
# squid_argument_list = [squid_config['squidd_binary'].strip(), #
# "-F", "-n", directory, "-P", squid_config["pid"], "-p", ## directory = self.createDataDirectory(name)
# "cc_command=exec %s " % self.options["gcc_binary"] +\ # config = dict(
# "-fpic -shared -o %o %s", # ip=ip,
# "-f", config_file, # port=port,
# "-a", squid_config["port"], "-T", squid_config["control_port"], # backend_ip=backend_host,
# "-s", squid_config["storage"]] # backend_port=backend_port,
# domain=domain,
# # XXX Hardcoded
# access_log_path = os.path.join(self.log_directory, 'squid.access.log'),
# # XXX Hardcoded
# cache_log_path = os.path.join(self.log_directory, 'squid.cache.log'),
## cache_path=self.options['cache-path'],
# # XXX Hardcoded
# pid_filename_path=os.path.join(self.run_directory, 'squid.pid'),
# squid_binary=self.options["squid_binary"],
# )
#
# template_filename = self.getTemplateFilename('squid.conf.in')
# config_file = self.createConfigurationFile("%s.conf" % name,
# self.substituteTemplate(self.getTemplateFilename('squid.conf.in'),
# config))
#
## # Prepare directories
## prepare_path = self.createPythonScript(
## self.options['prepare-path'],
## 'slapos.recipe.librecipe.execute.execute',
## arguments=[self.options['binary-path'].strip(),
## '-z',
## '-f', configuration_path,
## ],)
##
## # Create running wrapper
## wrapper_path = self.createPythonScript(
## self.options['wrapper-path'],
## 'slapos.recipe.librecipe.execute.execute',
## arguments=[self.options['binary-path'].strip(),
## '-N',
## '-f', configuration_path,
## ],)
##
## return [configuration_path, wrapper_path, prepare_path]
#
# squid_argument_list = [config['squid_binary'].strip(),
# "-N", "-f", config_file]
## "cc_command=exec %s " % self.options["gcc_binary"] +\
## "-fpic -shared -o %o %s",
## "-f", config_file,
## "-a", config["port"], "-T", config["control_port"],
## "-s", config["storage"]]
# environment = dict(PATH="%s:%s" % (self.options["binutils_directory"], # environment = dict(PATH="%s:%s" % (self.options["binutils_directory"],
# os.environ.get('PATH'))) # os.environ.get('PATH')))
# wrapper = zc.buildout.easy_install.scripts([(name, # wrapper = zc.buildout.easy_install.scripts([(name,
...@@ -315,216 +374,121 @@ class Recipe(BaseSlapRecipe): ...@@ -315,216 +374,121 @@ class Recipe(BaseSlapRecipe):
# sys.executable, self.service_directory, arguments=[squid_argument_list, # sys.executable, self.service_directory, arguments=[squid_argument_list,
# environment])[0] # environment])[0]
# self.path_list.append(wrapper) # self.path_list.append(wrapper)
# directory = self.createDataDirectory(name)
config = dict(
ip=ip,
port=port,
backend_ip=backend_host,
backend_port=backend_port,
domain=domain,
# XXX Hardcoded
access_log_path = os.path.join(self.log_directory, 'squid.access.log'),
# XXX Hardcoded
cache_log_path = os.path.join(self.log_directory, 'squid.cache.log'),
# cache_path=self.options['cache-path'],
# XXX Hardcoded
pid_filename_path=os.path.join(self.run_directory, 'squid.pid'),
squid_binary=self.options["squid_binary"],
)
template_filename = self.getTemplateFilename('squid.conf.in')
config_file = self.createConfigurationFile("%s.conf" % name,
self.substituteTemplate(self.getTemplateFilename('squid.conf.in'),
config))
# # Prepare directories
# prepare_path = self.createPythonScript(
# self.options['prepare-path'],
# 'slapos.recipe.librecipe.execute.execute',
# arguments=[self.options['binary-path'].strip(),
# '-z',
# '-f', configuration_path,
# ],)
# #
# # Create running wrapper # return config
# wrapper_path = self.createPythonScript(
# self.options['wrapper-path'], # def requestCertificate(self, name):
# 'slapos.recipe.librecipe.execute.execute', # hash = hashlib.sha512(name).hexdigest()
# arguments=[self.options['binary-path'].strip(), # key = os.path.join(self.ca_private, hash + self.ca_key_ext)
# '-N', # certificate = os.path.join(self.ca_certs, hash + self.ca_crt_ext)
# '-f', configuration_path, # parser = ConfigParser.RawConfigParser()
# ],) # parser.add_section('certificate')
# parser.set('certificate', 'name', name)
# parser.set('certificate', 'key_file', key)
# parser.set('certificate', 'certificate_file', certificate)
# parser.write(open(os.path.join(self.ca_request_dir, hash), 'w'))
# return key, certificate
# def installCrond(self):
# timestamps = self.createDataDirectory('cronstamps')
# cron_output = os.path.join(self.log_directory, 'cron-output')
# self._createDirectory(cron_output)
# catcher = zc.buildout.easy_install.scripts([('catchcron',
# __name__ + '.catdatefile', 'catdatefile')], self.ws, sys.executable,
# self.bin_directory, arguments=[cron_output])[0]
# self.path_list.append(catcher)
# cron_d = os.path.join(self.etc_directory, 'cron.d')
# crontabs = os.path.join(self.etc_directory, 'crontabs')
# self._createDirectory(cron_d)
# self._createDirectory(crontabs)
# wrapper = zc.buildout.easy_install.scripts([('crond',
# 'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
# self.service_directory, arguments=[
# self.options['dcrond_binary'].strip(), '-s', cron_d, '-c', crontabs,
# '-t', timestamps, '-f', '-l', '5', '-M', catcher]
# )[0]
# self.path_list.append(wrapper)
# return cron_d
# def installValidCertificateAuthority(self, domain_name, certificate, key):
# ca_dir = os.path.join(self.data_root_directory, 'ca')
# ca_private = os.path.join(ca_dir, 'private')
# ca_certs = os.path.join(ca_dir, 'certs')
# ca_crl = os.path.join(ca_dir, 'crl')
# self._createDirectory(ca_dir)
# for path in (ca_private, ca_certs, ca_crl):
# self._createDirectory(path)
# key_path = os.path.join(ca_private, domain_name + ".key")
# certificate_path = os.path.join(ca_certs, domain_name + ".crt")
# self._writeFile(key_path, key)
# self._writeFile(certificate_path, certificate)
# return dict(certificate_authority_path=ca_dir,
# ca_crl=ca_crl,
# certificate=certificate_path,
# key=key_path)
# #
# return [configuration_path, wrapper_path, prepare_path] # def installCertificateAuthority(self, ca_country_code='XX',
# ca_email='xx@example.com', ca_state='State', ca_city='City',
squid_argument_list = [config['squid_binary'].strip(), # ca_company='Company'):
"-N", "-f", config_file] # backup_path = self.createBackupDirectory('ca')
# "cc_command=exec %s " % self.options["gcc_binary"] +\ # self.ca_dir = os.path.join(self.data_root_directory, 'ca')
# "-fpic -shared -o %o %s", # self._createDirectory(self.ca_dir)
# "-f", config_file, # self.ca_request_dir = os.path.join(self.ca_dir, 'requests')
# "-a", config["port"], "-T", config["control_port"], # self._createDirectory(self.ca_request_dir)
# "-s", config["storage"]] # config = dict(ca_dir=self.ca_dir, request_dir=self.ca_request_dir)
environment = dict(PATH="%s:%s" % (self.options["binutils_directory"], # self.ca_private = os.path.join(self.ca_dir, 'private')
os.environ.get('PATH'))) # self.ca_certs = os.path.join(self.ca_dir, 'certs')
wrapper = zc.buildout.easy_install.scripts([(name, # self.ca_crl = os.path.join(self.ca_dir, 'crl')
'slapos.recipe.librecipe.execute', 'executee')], self.ws, # self.ca_newcerts = os.path.join(self.ca_dir, 'newcerts')
sys.executable, self.service_directory, arguments=[squid_argument_list, # self.ca_key_ext = '.key'
environment])[0] # self.ca_crt_ext = '.crt'
self.path_list.append(wrapper) # for d in [self.ca_private, self.ca_crl, self.ca_newcerts, self.ca_certs]:
# self._createDirectory(d)
return config # for f in ['crlnumber', 'serial']:
# if not os.path.exists(os.path.join(self.ca_dir, f)):
# open(os.path.join(self.ca_dir, f), 'w').write('01')
# if not os.path.exists(os.path.join(self.ca_dir, 'index.txt')):
# open(os.path.join(self.ca_dir, 'index.txt'), 'w').write('')
def configureVarnishSlave(self, base_varnish_port, url, reference, # openssl_configuration = os.path.join(self.ca_dir, 'openssl.cnf')
service_dict, domain): # config.update(
# Varnish should use stunnel to connect to the backend # working_directory=self.ca_dir,
base_varnish_control_port = base_varnish_port # country_code=ca_country_code,
base_varnish_port += 1 # state=ca_state,
# Use regex # city=ca_city,
host_regex = "((\[\w*|[0-9]+\.)(\:|)).*(\]|\.[0-9]+)" # company=ca_company,
slave_host = re.search(host_regex, url).group(0) # email_address=ca_email,
port_regex = "\w+(\/|)$" # )
matcher = re.search(port_regex, url) # self._writeFile(openssl_configuration, pkg_resources.resource_string(
if matcher is not None: # __name__, 'template/openssl.cnf.ca.in') % config)
slave_port = matcher.group(0) #
slave_port = slave_port.replace("/", "") # # XXX-Cedric: Don't use this, but use slapos.recipe.certificate_authority
elif url.startswith("https://"): # # from the instance profile.
slave_port = 443 # self.path_list.extend(zc.buildout.easy_install.scripts([
else: # ('certificate_authority', __name__ + '.certificate_authority',
slave_port = 80 # 'runCertificateAuthority')],
service_name = "varnish_%s" % reference # self.ws, sys.executable, self.service_directory, arguments=[dict(
varnish_ip = self.getLocalIPv4Address() # openssl_configuration=openssl_configuration,
stunnel_port = base_varnish_port + 1 # openssl_binary=self.options['openssl_binary'],
self.installVarnishCache(service_name, # certificate=os.path.join(self.ca_dir, 'cacert.pem'),
ip=varnish_ip, # key=os.path.join(self.ca_private, 'cakey.pem'),
port=base_varnish_port, # crl=os.path.join(self.ca_crl),
control_port=base_varnish_control_port, # request_dir=self.ca_request_dir
backend_host=varnish_ip, # )]))
backend_port=stunnel_port,
size="1G")
service_dict[service_name] = dict(public_ip=varnish_ip,
public_port=stunnel_port,
private_ip=slave_host.replace("[", "").replace("]", ""),
private_port=slave_port)
return "%s http://%s:%s" % \
(domain, varnish_ip, base_varnish_port)
def requestCertificate(self, name):
hash = hashlib.sha512(name).hexdigest()
key = os.path.join(self.ca_private, hash + self.ca_key_ext)
certificate = os.path.join(self.ca_certs, hash + self.ca_crt_ext)
parser = ConfigParser.RawConfigParser()
parser.add_section('certificate')
parser.set('certificate', 'name', name)
parser.set('certificate', 'key_file', key)
parser.set('certificate', 'certificate_file', certificate)
parser.write(open(os.path.join(self.ca_request_dir, hash), 'w'))
return key, certificate
def installCrond(self):
timestamps = self.createDataDirectory('cronstamps')
cron_output = os.path.join(self.log_directory, 'cron-output')
self._createDirectory(cron_output)
catcher = zc.buildout.easy_install.scripts([('catchcron',
__name__ + '.catdatefile', 'catdatefile')], self.ws, sys.executable,
self.bin_directory, arguments=[cron_output])[0]
self.path_list.append(catcher)
cron_d = os.path.join(self.etc_directory, 'cron.d')
crontabs = os.path.join(self.etc_directory, 'crontabs')
self._createDirectory(cron_d)
self._createDirectory(crontabs)
wrapper = zc.buildout.easy_install.scripts([('crond',
'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
self.service_directory, arguments=[
self.options['dcrond_binary'].strip(), '-s', cron_d, '-c', crontabs,
'-t', timestamps, '-f', '-l', '5', '-M', catcher]
)[0]
self.path_list.append(wrapper)
return cron_d
def installValidCertificateAuthority(self, domain_name, certificate, key):
ca_dir = os.path.join(self.data_root_directory, 'ca')
ca_private = os.path.join(ca_dir, 'private')
ca_certs = os.path.join(ca_dir, 'certs')
ca_crl = os.path.join(ca_dir, 'crl')
self._createDirectory(ca_dir)
for path in (ca_private, ca_certs, ca_crl):
self._createDirectory(path)
key_path = os.path.join(ca_private, domain_name + ".key")
certificate_path = os.path.join(ca_certs, domain_name + ".crt")
self._writeFile(key_path, key)
self._writeFile(certificate_path, certificate)
return dict(certificate_authority_path=ca_dir,
ca_crl=ca_crl,
certificate=certificate_path,
key=key_path)
def installCertificateAuthority(self, ca_country_code='XX',
ca_email='xx@example.com', ca_state='State', ca_city='City',
ca_company='Company'):
backup_path = self.createBackupDirectory('ca')
self.ca_dir = os.path.join(self.data_root_directory, 'ca')
self._createDirectory(self.ca_dir)
self.ca_request_dir = os.path.join(self.ca_dir, 'requests')
self._createDirectory(self.ca_request_dir)
config = dict(ca_dir=self.ca_dir, request_dir=self.ca_request_dir)
self.ca_private = os.path.join(self.ca_dir, 'private')
self.ca_certs = os.path.join(self.ca_dir, 'certs')
self.ca_crl = os.path.join(self.ca_dir, 'crl')
self.ca_newcerts = os.path.join(self.ca_dir, 'newcerts')
self.ca_key_ext = '.key'
self.ca_crt_ext = '.crt'
for d in [self.ca_private, self.ca_crl, self.ca_newcerts, self.ca_certs]:
self._createDirectory(d)
for f in ['crlnumber', 'serial']:
if not os.path.exists(os.path.join(self.ca_dir, f)):
open(os.path.join(self.ca_dir, f), 'w').write('01')
if not os.path.exists(os.path.join(self.ca_dir, 'index.txt')):
open(os.path.join(self.ca_dir, 'index.txt'), 'w').write('')
openssl_configuration = os.path.join(self.ca_dir, 'openssl.cnf')
config.update(
working_directory=self.ca_dir,
country_code=ca_country_code,
state=ca_state,
city=ca_city,
company=ca_company,
email_address=ca_email,
)
self._writeFile(openssl_configuration, pkg_resources.resource_string(
__name__, 'template/openssl.cnf.ca.in') % config)
# XXX-Cedric: Don't use this, but use slapos.recipe.certificate_authority
# from the instance profile.
self.path_list.extend(zc.buildout.easy_install.scripts([
('certificate_authority', __name__ + '.certificate_authority',
'runCertificateAuthority')],
self.ws, sys.executable, self.service_directory, arguments=[dict(
openssl_configuration=openssl_configuration,
openssl_binary=self.options['openssl_binary'],
certificate=os.path.join(self.ca_dir, 'cacert.pem'),
key=os.path.join(self.ca_private, 'cakey.pem'),
crl=os.path.join(self.ca_crl),
request_dir=self.ca_request_dir
)]))
# configure backup # configure backup
backup_cron = os.path.join(self.cron_d, 'ca_rdiff_backup') #backup_cron = os.path.join(self.cron_d, 'ca_rdiff_backup')
open(backup_cron, 'w').write( #open(backup_cron, 'w').write(
'''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''%dict( # '''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''%dict(
rdiff_backup=self.options['rdiff_backup_binary'], # rdiff_backup=self.options['rdiff_backup_binary'],
source=self.ca_dir, # source=self.ca_dir,
destination=backup_path)) # destination=backup_path))
self.path_list.append(backup_cron) #self.path_list.append(backup_cron)
return dict( # return dict(
ca_certificate=os.path.join(config['ca_dir'], 'cacert.pem'), # ca_certificate=os.path.join(config['ca_dir'], 'cacert.pem'),
ca_crl=os.path.join(config['ca_dir'], 'crl'), # ca_crl=os.path.join(config['ca_dir'], 'crl'),
certificate_authority_path=config['ca_dir'] # certificate_authority_path=config['ca_dir']
) # )
def _getApacheConfigurationDict(self, name, ip_list, port): def _getApacheConfigurationDict(self, name, ip_list, port):
apache_conf = dict() apache_conf = dict()
...@@ -543,41 +507,6 @@ class Recipe(BaseSlapRecipe): ...@@ -543,41 +507,6 @@ class Recipe(BaseSlapRecipe):
apache_conf['access_log'] = self.options['access-log'] apache_conf['access_log'] = self.options['access-log']
return apache_conf return apache_conf
def installVarnishCache(self, name, ip, port, control_port, backend_host,
backend_port, size="1G"):
"""
Install a varnish daemon for a certain address
"""
directory = self.createDataDirectory(name)
varnish_config = dict(
directory=directory,
pid = "%s/varnish.pid" % directory,
port="%s:%s" % (ip, port),
varnishd_binary=self.options["varnishd_binary"],
control_port="%s:%s" % (ip, control_port),
storage="file,%s/storage.bin,%s" % (directory, size))
config_file = self.createConfigurationFile("%s.conf" % name,
self.substituteTemplate(self.getTemplateFilename('varnish.vcl.in'),
dict(backend_host=backend_host, backend_port=backend_port)))
varnish_argument_list = [varnish_config['varnishd_binary'].strip(),
"-F", "-n", directory, "-P", varnish_config["pid"], "-p",
"cc_command=exec %s " % self.options["gcc_binary"] +\
"-fpic -shared -o %o %s",
"-f", config_file,
"-a", varnish_config["port"], "-T", varnish_config["control_port"],
"-s", varnish_config["storage"]]
environment = dict(PATH="%s:%s" % (self.options["binutils_directory"],
os.environ.get('PATH')))
wrapper = zc.buildout.easy_install.scripts([(name,
'slapos.recipe.librecipe.execute', 'executee')], self.ws,
sys.executable, self.service_directory, arguments=[varnish_argument_list,
environment])[0]
self.path_list.append(wrapper)
return varnish_config
def installStunnel(self, service_dict, certificate, def installStunnel(self, service_dict, certificate,
key, ca_crl, ca_path): key, ca_crl, ca_path):
"""Installs stunnel """Installs stunnel
...@@ -669,14 +598,14 @@ class Recipe(BaseSlapRecipe): ...@@ -669,14 +598,14 @@ class Recipe(BaseSlapRecipe):
open(custom_apache_virtual_configuration_file_location, 'w') open(custom_apache_virtual_configuration_file_location, 'w')
# Create backup of custom apache configuration # Create backup of custom apache configuration
backup_path = self.createBackupDirectory('custom_apache_conf_backup') #backup_path = self.createBackupDirectory('custom_apache_conf_backup')
backup_cron = os.path.join(self.cron_d, 'custom_apache_conf_backup') #backup_cron = os.path.join(self.cron_d, 'custom_apache_conf_backup')
open(backup_cron, 'w').write( #open(backup_cron, 'w').write(
'''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''%dict( # '''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''%dict(
rdiff_backup=self.options['rdiff_backup_binary'], # rdiff_backup=self.options['rdiff_backup_binary'],
source=custom_apache_configuration_directory, # source=custom_apache_configuration_directory,
destination=backup_path)) # destination=backup_path))
self.path_list.append(backup_cron) #self.path_list.append(backup_cron)
# Create configuration file and rewritemaps # Create configuration file and rewritemaps
apachemap_path = self.createConfigurationFile( apachemap_path = self.createConfigurationFile(
......
...@@ -37,6 +37,7 @@ cronstamps = $${:etc}/cronstamps ...@@ -37,6 +37,7 @@ cronstamps = $${:etc}/cronstamps
ca-dir = $${:srv}/ssl ca-dir = $${:srv}/ssl
squid-cache = $${:srv}/squid_cache squid-cache = $${:srv}/squid_cache
stunnel-conf = $${:etc}/stunnel
[instance-parameter] [instance-parameter]
# Fetches parameters defined in SlapOS Master for this instance. # Fetches parameters defined in SlapOS Master for this instance.
...@@ -115,6 +116,31 @@ wrapper = $${directory:service}/apache_frontend ...@@ -115,6 +116,31 @@ wrapper = $${directory:service}/apache_frontend
# Put domain name # Put domain name
name = $${instance-parameter:configuration.domain} name = $${instance-parameter:configuration.domain}
[ca-stunnel]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = $${directory:stunnel-conf}/stunnel.key
cert-file = $${directory:stunnel-conf}/stunnel.crt
executable = $${stunnel:wrapper}
wrapper = $${basedirectory:services}/stunnel
[stunnel]
recipe = slapos.cookbook:stunnel
stunnel-binary = ${stunnel:location}/bin/stunnel
wrapper = $${directory:bin}/stunnel
log-file = $${directory:log}/stunnel.log
config-file = $${directory:etc}/stunnel.conf
key-file = $${ca-stunnel:key-file}
cert-file = $${ca-stunnel:cert-file}
pid-file = $${directory:run}/stunnel.pid
local-port = $${squid-hardcoded:backend-port}
local-host = $${squid-hardcoded:backend-ip}
remote-host = $${squid-hardcoded:remote-host}
remote-port = $${squid-hardcoded:remote-port}
client = false
post-rotate-script = $${directory:bin}/stunnel_post_rotate
[cron] [cron]
recipe = slapos.cookbook:cron recipe = slapos.cookbook:cron
dcrond-binary = ${dcron:location}/sbin/crond dcrond-binary = ${dcron:location}/sbin/crond
...@@ -184,3 +210,5 @@ port = 26010 ...@@ -184,3 +210,5 @@ port = 26010
backend-ip = 10.0.24.140 backend-ip = 10.0.24.140
backend-port = 26011 backend-port = 26011
domain = softinst34784.bateau.org domain = softinst34784.bateau.org
remote-host = 2001:470:1f14:169:d418:9eb7:1bea:8983
remote-port = 16001
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment