Commit a344db13 authored by Romain Courteaud's avatar Romain Courteaud

Allow to create non SSL backend access

parent 270cf177
...@@ -132,22 +132,34 @@ class Recipe(GenericSlapRecipe): ...@@ -132,22 +132,34 @@ class Recipe(GenericSlapRecipe):
zope_id=part_name, zope_port=current_zope_port, zope_timeserver=False, zope_id=part_name, zope_port=current_zope_port, zope_timeserver=False,
**zope_dict) **zope_dict)
haproxy_backend_list.append('${%(part_name)s:ip}:${%(part_name)s:port}' % dict(part_name=part_name)) haproxy_backend_list.append('${%(part_name)s:ip}:${%(part_name)s:port}' % dict(part_name=part_name))
scheme = backend_configuration.get('scheme', ['https'])
# now generate backend access # now generate backend access
current_apache_port += 1 current_apache_port += 1
current_haproxy_port += 1 current_haproxy_port += 1
part_list.append('apache-%(backend_name)s ca-apache-%(backend_name)s logrotate-entry-apache-%(backend_name)s haproxy-%(backend_name)s' % dict(backend_name=backend_name))
backend_dict = dict( backend_dict = dict(
backend_name=backend_name, backend_name=backend_name,
apache_port=current_apache_port, apache_port=current_apache_port,
apache_public_port=current_apache_port+1,
haproxy_port=current_haproxy_port, haproxy_port=current_haproxy_port,
access_control_string=backend_configuration['access-control-string'], access_control_string=backend_configuration['access-control-string'],
maxconn=backend_configuration['maxconn'], maxconn=backend_configuration['maxconn'],
server_check_path='/%s/getId' % site_id, server_check_path='/%s/getId' % site_id,
haproxy_backend_list=' '.join(haproxy_backend_list) haproxy_backend_list=' '.join(haproxy_backend_list)
) )
publish_url_list.append('url-%(backend_name)s = https://[${apache-%(backend_name)s:ip}]:${apache-%(backend_name)s:port}' % dict( current_apache_port += 1
backend_name=backend_name))
output += snippet_backend % backend_dict output += snippet_backend % backend_dict
if 'http' in scheme:
part_list.append('apache-public-%(backend_name)s logrotate-entry-apache-public-%(backend_name)s' % dict(backend_name=backend_name))
publish_url_list.append('url-public-%(backend_name)s = https://[${apache-public-%(backend_name)s:ip}]:${apache-public-%(backend_name)s:port}' % dict(
backend_name=backend_name))
if 'https' in scheme:
part_list.append('apache-%(backend_name)s ca-apache-%(backend_name)s logrotate-entry-apache-%(backend_name)s haproxy-%(backend_name)s' % dict(backend_name=backend_name))
publish_url_list.append('url-%(backend_name)s = https://[${apache-%(backend_name)s:ip}]:${apache-%(backend_name)s:port}' % dict(
backend_name=backend_name))
output += SECTION_BACKEND_PUBLISHER + '\n' output += SECTION_BACKEND_PUBLISHER + '\n'
output += '\n'.join(publish_url_list) output += '\n'.join(publish_url_list)
part_list.append('publish-apache-backend-list') part_list.append('publish-apache-backend-list')
......
[apache-public-%(backend_name)s]
recipe = slapos.cookbook:apache.zope.backend
backend = http://$${haproxy-public-%(backend_name)s:ip}:$${haproxy-%(backend_name)s:port}/
ip = $${slap-network-information:global-ipv6}
port = %(apache_public_port)s
scheme = http
wrapper = $${basedirectory:services}/apache-public-%(backend_name)s
configuration-file = $${directory:apache-conf}/apache-public-%(backend_name)s.conf
access-control-string = %(access_control_string)s
pid-file = $${basedirectory:run}/apache-public-%(backend_name)s.pid
lock-file = $${basedirectory:run}/apache-public-%(backend_name)s.lock
error-log = $${basedirectory:log}/apache-public-%(backend_name)s-error.log
access-log = $${basedirectory:log}/apache-public-%(backend_name)s-access.log
apache-binary = ${apache:location}/bin/httpd
[apache-%(backend_name)s] [apache-%(backend_name)s]
recipe = slapos.cookbook:apache.zope.backend recipe = slapos.cookbook:apache.zope.backend
backend = http://$${haproxy-%(backend_name)s:ip}:$${haproxy-%(backend_name)s:port}/ backend = http://$${haproxy-%(backend_name)s:ip}:$${haproxy-%(backend_name)s:port}/
ip = $${slap-network-information:global-ipv6} ip = $${slap-network-information:global-ipv6}
port = %(apache_port)s port = %(apache_port)s
wrapper = $${rootdirectory:bin}/apache-%(backend_name)s wrapper = $${rootdirectory:bin}/apache-%(backend_name)s
scheme = https
key-file = $${directory:apache-conf}/apache-%(backend_name)s.key key-file = $${directory:apache-conf}/apache-%(backend_name)s.key
cert-file = $${directory:apache-conf}/apache-%(backend_name)s.crt cert-file = $${directory:apache-conf}/apache-%(backend_name)s.crt
configuration-file = $${directory:apache-conf}/apache-%(backend_name)s.conf configuration-file = $${directory:apache-conf}/apache-%(backend_name)s.conf
...@@ -22,6 +38,13 @@ cert-file = $${apache-%(backend_name)s:cert-file} ...@@ -22,6 +38,13 @@ cert-file = $${apache-%(backend_name)s:cert-file}
executable = $${apache-%(backend_name)s:wrapper} executable = $${apache-%(backend_name)s:wrapper}
wrapper = $${basedirectory:services}/apache-%(backend_name)s wrapper = $${basedirectory:services}/apache-%(backend_name)s
[logrotate-entry-apache-public-%(backend_name)s]
<= logrotate
recipe = slapos.cookbook:logrotate.d
name = apache-public-%(backend_name)s
log = $${apache-public-%(backend_name)s:error-log} $${apache-public-%(backend_name)s:access-log}
post = ${buildout:bin-directory}/killpidfromfile $${apache-public-%(backend_name)s:pid-file} SIGUSR1
[logrotate-entry-apache-%(backend_name)s] [logrotate-entry-apache-%(backend_name)s]
<= logrotate <= logrotate
recipe = slapos.cookbook:logrotate.d recipe = slapos.cookbook:logrotate.d
......
...@@ -153,7 +153,7 @@ mode = 0644 ...@@ -153,7 +153,7 @@ mode = 0644
[template-snippet-backend] [template-snippet-backend]
recipe = slapos.recipe.template recipe = slapos.recipe.template
url = ${:_profile_base_location_}/snippet-backend.cfg url = ${:_profile_base_location_}/snippet-backend.cfg
md5sum = e2b26547ba1435ec1b8e8cd1de89e2c6 md5sum = 1f6d4341f02bc2432625d3a8cee6f65f
output = ${buildout:directory}/template-snippet-backend.cfg output = ${buildout:directory}/template-snippet-backend.cfg
mode = 0644 mode = 0644
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment