Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Levin Zimmermann
slapos
Commits
437a5bc1
Commit
437a5bc1
authored
Oct 11, 2017
by
Rafael Monnerat
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
slapos-master: Update instance templates to follow up recent modifications for erp5 stack.
parent
a7bd942b
Changes
6
Show whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
129 additions
and
98 deletions
+129
-98
software/slapos-master/apache-backend.conf.in
software/slapos-master/apache-backend.conf.in
+10
-6
software/slapos-master/buildout.hash.cfg
software/slapos-master/buildout.hash.cfg
+0
-4
software/slapos-master/instance-balancer.cfg.in
software/slapos-master/instance-balancer.cfg.in
+89
-26
software/slapos-master/instance-create-erp5-site-real.cfg.in
software/slapos-master/instance-create-erp5-site-real.cfg.in
+0
-38
software/slapos-master/instance-erp5.cfg.in
software/slapos-master/instance-erp5.cfg.in
+30
-20
software/slapos-master/software.cfg
software/slapos-master/software.cfg
+0
-4
No files found.
software/slapos-master/apache-backend.conf.in
View file @
437a5bc1
...
@@ -108,13 +108,17 @@ SSLProxyEngine On
...
@@ -108,13 +108,17 @@ SSLProxyEngine On
# As backend is trusting REMOTE_USER header unset it always
# As backend is trusting REMOTE_USER header unset it always
RequestHeader unset REMOTE_USER
RequestHeader unset REMOTE_USER
RequestHeader unset SSL_CLIENT_SERIAL
{% if parameter_dict['ca-cert'] -%}
{% if parameter_dict['ca-cert'] -%}
SSLVerifyClient
require
SSLVerifyClient
optional
RequestHeader set REMOTE_USER %{SSL_CLIENT_S_DN_CN}s
RequestHeader set REMOTE_USER %{SSL_CLIENT_S_DN_CN}s
RequestHeader set SSL_CLIENT_SERIAL "%{SSL_CLIENT_M_SERIAL}s"
SSLCACertificateFile {{ parameter_dict['ca-cert'] }}
SSLCACertificateFile {{ parameter_dict['ca-cert'] }}
{% if parameter_dict['crl'] -%}
SSLCARevocationCheck chain
SSLCARevocationCheck chain
SSLCARevocationFile {{ parameter_dict['crl'] }}
SSLCARevocationFile {{ parameter_dict['crl'] }}
{%- endif %}
{%- endif %}
{%- endif %}
ErrorLog "{{ parameter_dict['error-log'] }}"
ErrorLog "{{ parameter_dict['error-log'] }}"
# Default apache log format with request time in microsecond at the end
# Default apache log format with request time in microsecond at the end
...
@@ -133,8 +137,10 @@ RewriteEngine On
...
@@ -133,8 +137,10 @@ RewriteEngine On
Listen {{ ip }}:{{ port }}
Listen {{ ip }}:{{ port }}
{% endfor -%}
{% endfor -%}
<VirtualHost *:{{ port }}>
<VirtualHost *:{{ port }}>
{% if enable_authentication -%}
SSLEngine on
{% if enable_authentication and parameter_dict['shared-ca-cert'] and parameter_dict['shared-crl'] -%}
SSLVerifyClient require
SSLVerifyClient require
# Custom block we use for now different parameters.
RequestHeader set REMOTE_USER %{SSL_CLIENT_S_DN_CN}s
RequestHeader set REMOTE_USER %{SSL_CLIENT_S_DN_CN}s
SSLCACertificateFile {{ parameter_dict['shared-ca-cert'] }}
SSLCACertificateFile {{ parameter_dict['shared-ca-cert'] }}
SSLCARevocationPath {{ parameter_dict['shared-crl'] }}
SSLCARevocationPath {{ parameter_dict['shared-crl'] }}
...
@@ -145,8 +151,6 @@ Listen {{ ip }}:{{ port }}
...
@@ -145,8 +151,6 @@ Listen {{ ip }}:{{ port }}
ErrorLog "{{ parameter_dict['log-dir'] }}/apache-service-error.log"
ErrorLog "{{ parameter_dict['log-dir'] }}/apache-service-error.log"
CustomLog "{{ parameter_dict['log-dir'] }}/apache-service-access.log" combined
CustomLog "{{ parameter_dict['log-dir'] }}/apache-service-access.log" combined
{% endif -%}
{% endif -%}
SSLEngine on
RewriteRule ^/(.*) {{ backend }}/$1 [L,P]
RewriteRule ^/(.*) {{ backend }}/$1 [L,P]
</VirtualHost>
</VirtualHost>
{% endfor -%}
{% endfor -%}
software/slapos-master/buildout.hash.cfg
View file @
437a5bc1
...
@@ -24,7 +24,3 @@ md5sum = c5ce18fa4d4be9b9a2d789f3bbd37840
...
@@ -24,7 +24,3 @@ md5sum = c5ce18fa4d4be9b9a2d789f3bbd37840
[template-apache-backend-conf]
[template-apache-backend-conf]
filename = apache-backend.conf.in
filename = apache-backend.conf.in
md5sum = ea77222f440bb72fee4939fe1b72976e
md5sum = ea77222f440bb72fee4939fe1b72976e
[template-create-erp5-site-real]
filename = instance-create-erp5-site-real.cfg.in
md5sum = 86a2b244341218cd0c4b6d398c61ee20
software/slapos-master/instance-balancer.cfg.in
View file @
437a5bc1
{% set part_list = [] -%}
{% set part_list = [] -%}
{% set ssl_parameter_dict = slapparameter_dict.get('ssl', {}) %}
{% set ssl_parameter_dict = slapparameter_dict.get('ssl', {}) %}
{% set caucase_url = slapparameter_dict.get('caucase-url', '') -%}
{% macro section(name) %}{% do part_list.append(name) %}{{ name }}{% endmacro -%}
{% macro section(name) %}{% do part_list.append(name) %}{{ name }}{% endmacro -%}
{% set use_ipv6 = slapparameter_dict.get('use-ipv6', False) -%}
{% set use_ipv6 = slapparameter_dict.get('use-ipv6', False) -%}
{% set shared_ca_path = slapparameter_dict['shared-certificate-authority-path'] -%}
{% set shared_ca_path = slapparameter_dict['shared-certificate-authority-path'] -%}
...
@@ -37,6 +38,56 @@ context = key content {{content_section_name}}:content
...
@@ -37,6 +38,56 @@ context = key content {{content_section_name}}:content
mode = {{ mode }}
mode = {{ mode }}
{%- endmacro %}
{%- endmacro %}
[certificate-request-base]
recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:bin}/request-instance-certificate
parameters-extra = true
command-line = {{ parameter_dict['bin-directory'] }}/caucase-cliweb
--crt-file ${apache-conf-ssl:cert}
--key-file ${apache-conf-ssl:key}
--crl-file ${apache-conf-ssl:crl}
--ca-url {{ caucase_url }}
--ca-crt-file ${apache-conf-ssl:ca-cert}
{% macro request_cert(name, common_name) -%}
{% set get_crl_periodicity = slapparameter_dict.get('crl-update-periodicity', 'daily') -%}
[{{ section(name ~ '-certificate-request') }}]
recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:services}/request-{{ name }}-certificate
command-line =
${certificate-request-base:wrapper-path}
--cn {{ common_name }}
--request
[{{ section(name ~ '-renew-cron-entry') }}]
recipe = slapos.cookbook:cron.d
cron-entries = ${cron:cron-entries}
name = {{ name }}-certificate-auto-renew
time = weekly
# 2592000 = 30*24*60*60 equivalent to one month in seconds
command = ${certificate-request-base:wrapper-path} --renew --threshold 2592000 --on-renew="${apache-graceful:output}"
[{{ section(name ~ '-download-crl') }}]
# download the crl for the first time
recipe = plone.recipe.command
command =
if [ ! -s "${apache-conf-ssl:crl}" ]; then
${certificate-request-base:wrapper-path} --update-crl
fi
update-command = ${:command}
stop-on-error = true
[{{ section(name ~ '-update-crl-cron-entry') }}]
recipe = slapos.cookbook:cron.d
cron-entries = ${cron:cron-entries}
name = {{ name }}-update-crl
time = {{ get_crl_periodicity }}
# XXX - Update crl call apache graceful restart, it's not recommended to check crl too often, Apache
# has an issue with reload and can be frozen and stop responding. Default periodicity time = daily
command = ${certificate-request-base:wrapper-path} --update-crl --on-crl-update="${apache-graceful:output}"
{%- endmacro %}
{% if use_ipv6 -%}
{% if use_ipv6 -%}
[zope-tunnel-base]
[zope-tunnel-base]
recipe = slapos.cookbook:ipv4toipv6
recipe = slapos.cookbook:ipv4toipv6
...
@@ -82,6 +133,7 @@ ipv6 = {{ zope_address.split(']:')[0][1:] }}
...
@@ -82,6 +133,7 @@ ipv6 = {{ zope_address.split(']:')[0][1:] }}
-#}
-#}
{% do zope_family_address_list[0][0] -%}
{% do zope_family_address_list[0][0] -%}
{% set haproxy_port = next_port() -%}
{% set haproxy_port = next_port() -%}
{% set backend_path = slapparameter_dict['backend-path-dict'][family_name] -%}
{% do haproxy_dict.__setitem__(family_name, (haproxy_port, zope_family_address_list)) -%}
{% do haproxy_dict.__setitem__(family_name, (haproxy_port, zope_family_address_list)) -%}
{% if has_webdav -%}
{% if has_webdav -%}
{% set internal_scheme = 'http' -%}{# mod_rewrite does not recognise webdav scheme -#}
{% set internal_scheme = 'http' -%}{# mod_rewrite does not recognise webdav scheme -#}
...
@@ -90,8 +142,7 @@ ipv6 = {{ zope_address.split(']:')[0][1:] }}
...
@@ -90,8 +142,7 @@ ipv6 = {{ zope_address.split(']:')[0][1:] }}
{% set internal_scheme = 'http' -%}
{% set internal_scheme = 'http' -%}
{% set external_scheme = 'https' -%}
{% set external_scheme = 'https' -%}
{% endif -%}
{% endif -%}
{% set backend_path = slapparameter_dict['backend-path-dict'][family_name] -%}
{% set ssl_authentication = slapparameter_dict['ssl-authentication-dict'].get(family_name, False) -%}
{% set ssl_authentication = slapparameter_dict['ssl-authentication-dict'][family_name] -%}
{% do apache_dict.__setitem__(family_name, (next_port(), external_scheme, internal_scheme ~ '://' ~ ipv4 ~ ':' ~ haproxy_port ~ backend_path, ssl_authentication)) -%}
{% do apache_dict.__setitem__(family_name, (next_port(), external_scheme, internal_scheme ~ '://' ~ ipv4 ~ ':' ~ haproxy_port ~ backend_path, ssl_authentication)) -%}
{% endfor -%}
{% endfor -%}
...
@@ -125,9 +176,9 @@ crl = ${directory:apache-conf}/crl.pem
...
@@ -125,9 +176,9 @@ crl = ${directory:apache-conf}/crl.pem
backend-list = {{ dumps(apache_dict.values()) }}
backend-list = {{ dumps(apache_dict.values()) }}
ip-list = {{ dumps(apache_ip_list) }}
ip-list = {{ dumps(apache_ip_list) }}
pid-file = ${directory:run}/apache.pid
pid-file = ${directory:run}/apache.pid
log-dir = ${directory:log}
error-log = ${directory:log}/apache-error.log
error-log = ${directory:log}/apache-error.log
access-log = ${directory:log}/apache-access.log
access-log = ${directory:log}/apache-access.log
log-dir = ${directory:log}
# Apache 2.4's default value (60 seconds) can be a bit too short
# Apache 2.4's default value (60 seconds) can be a bit too short
timeout = 300
timeout = 300
# Basic SSL server configuration
# Basic SSL server configuration
...
@@ -144,8 +195,6 @@ shared-ca-cert = {{ shared_ca_path }}/cacert.pem
...
@@ -144,8 +195,6 @@ shared-ca-cert = {{ shared_ca_path }}/cacert.pem
shared-crl = {{ shared_ca_path }}/crl
shared-crl = {{ shared_ca_path }}/crl
{%- endif %}
{%- endif %}
[apache-conf]
[apache-conf]
< = jinja2-template-base
< = jinja2-template-base
template = {{ parameter_dict['template-apache-conf'] }}
template = {{ parameter_dict['template-apache-conf'] }}
...
@@ -156,6 +205,18 @@ context = section parameter_dict apache-conf-parameter-dict
...
@@ -156,6 +205,18 @@ context = section parameter_dict apache-conf-parameter-dict
recipe = slapos.cookbook:wrapper
recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:services}/apache
wrapper-path = ${directory:services}/apache
command-line = "{{ parameter_dict['apache'] }}/bin/httpd" -f "${apache-conf:rendered}" -DFOREGROUND
command-line = "{{ parameter_dict['apache'] }}/bin/httpd" -f "${apache-conf:rendered}" -DFOREGROUND
wait-for-files =
${apache-conf-ssl:cert}
${apache-conf-ssl:key}
[apache-graceful]
recipe = collective.recipe.template
input = inline:
#!/bin/sh
kill -USR1 "$(cat '${apache-conf-parameter-dict:pid-file}')"
output = ${directory:bin}/apache-httpd-graceful
mode = 700
[{{ section('apache-promise') }}]
[{{ section('apache-promise') }}]
# Check any apache port in ipv4, expect other ports and ipv6 to behave consistently
# Check any apache port in ipv4, expect other ports and ipv6 to behave consistently
...
@@ -164,7 +225,7 @@ path = ${directory:promise}/apache
...
@@ -164,7 +225,7 @@ path = ${directory:promise}/apache
hostname = {{ ipv4 }}
hostname = {{ ipv4 }}
port = {{ apache_dict.values()[0][0] }}
port = {{ apache_dict.values()[0][0] }}
[
publish
]
[
{{ section('publish') }}
]
recipe = slapos.cookbook:publish.serialised
recipe = slapos.cookbook:publish.serialised
{% for family_name, (apache_port, scheme, _, _) in apache_dict.items() -%}
{% for family_name, (apache_port, scheme, _, _) in apache_dict.items() -%}
{{ family_name ~ '-v6' }} = {% if ipv6_set %}{{ scheme ~ '://[' ~ ipv6 ~ ']:' ~ apache_port }}{% endif %}
{{ family_name ~ '-v6' }} = {% if ipv6_set %}{{ scheme ~ '://[' ~ ipv6 ~ ']:' ~ apache_port }}{% endif %}
...
@@ -178,6 +239,11 @@ key = ${apache-ssl-key:rendered}
...
@@ -178,6 +239,11 @@ key = ${apache-ssl-key:rendered}
cert = ${apache-ssl-cert:rendered}
cert = ${apache-ssl-cert:rendered}
{{ simplefile('apache-ssl-key', '${apache-conf-ssl:key}', ssl_parameter_dict['key']) }}
{{ simplefile('apache-ssl-key', '${apache-conf-ssl:key}', ssl_parameter_dict['key']) }}
{{ simplefile('apache-ssl-cert', '${apache-conf-ssl:cert}', ssl_parameter_dict['cert']) }}
{{ simplefile('apache-ssl-cert', '${apache-conf-ssl:cert}', ssl_parameter_dict['cert']) }}
{% elif caucase_url -%}
key = ${apache-conf-ssl:key}
cert = ${apache-conf-ssl:cert}
{{ request_cert('erp5', 'instance.apache@erp5') }}
{% else %}
{% else %}
recipe = plone.recipe.command
recipe = plone.recipe.command
command = "{{ parameter_dict['openssl'] }}/bin/openssl" req -newkey rsa -batch -new -x509 -days 3650 -nodes -keyout "${:key}" -out "${:cert}"
command = "{{ parameter_dict['openssl'] }}/bin/openssl" req -newkey rsa -batch -new -x509 -days 3650 -nodes -keyout "${:key}" -out "${:cert}"
...
@@ -191,12 +257,15 @@ cert = ${apache-ssl-ca:rendered}
...
@@ -191,12 +257,15 @@ cert = ${apache-ssl-ca:rendered}
crl = ${apache-ssl-crl:rendered}
crl = ${apache-ssl-crl:rendered}
{{ simplefile('apache-ssl-ca', '${apache-conf-ssl:ca-cert}', ssl_parameter_dict['ca-cert']) }}
{{ simplefile('apache-ssl-ca', '${apache-conf-ssl:ca-cert}', ssl_parameter_dict['ca-cert']) }}
{{ simplefile('apache-ssl-crl', '${apache-conf-ssl:crl}', ssl_parameter_dict['crl']) }}
{{ simplefile('apache-ssl-crl', '${apache-conf-ssl:crl}', ssl_parameter_dict['crl']) }}
{% elif caucase_url -%}
cert = ${apache-conf-ssl:ca-cert}
crl = ${apache-conf-ssl:crl}
{% else %}
{% else %}
cert =
cert =
crl =
crl =
{%- endif %}
{%- endif %}
{% set apache_service_log_list = {} -%}
{% set apache_service_log_list = {} -%}
{% for family_name, (_, _, _, authentication) in apache_dict.items() -%}
{% for family_name, (_, _, _, authentication) in apache_dict.items() -%}
{% if authentication -%}
{% if authentication -%}
...
@@ -211,7 +280,7 @@ post = test ! -s ${apache-conf-parameter-dict:pid-file} || {{ parameter_dict['bi
...
@@ -211,7 +280,7 @@ post = test ! -s ${apache-conf-parameter-dict:pid-file} || {{ parameter_dict['bi
{% endif -%}
{% endif -%}
{% endfor -%}
{% endfor -%}
[
logrotate-apache
]
[
{{ section('logrotate-apache') }}
]
< = logrotate-entry-base
< = logrotate-entry-base
name = apache
name = apache
log = ${apache-conf-parameter-dict:error-log} ${apache-conf-parameter-dict:access-log}
log = ${apache-conf-parameter-dict:error-log} ${apache-conf-parameter-dict:access-log}
...
@@ -222,7 +291,7 @@ recipe = slapos.cookbook:mkdirectory
...
@@ -222,7 +291,7 @@ recipe = slapos.cookbook:mkdirectory
apache-conf = ${:etc}/apache
apache-conf = ${:etc}/apache
bin = ${buildout:directory}/bin
bin = ${buildout:directory}/bin
etc = ${buildout:directory}/etc
etc = ${buildout:directory}/etc
promise = ${
directory
:etc}/promise
promise = ${:etc}/promise
services = ${:etc}/run
services = ${:etc}/run
var = ${buildout:directory}/var
var = ${buildout:directory}/var
run = ${:var}/run
run = ${:var}/run
...
@@ -235,39 +304,33 @@ newcerts = ${:ca-dir}/newcerts
...
@@ -235,39 +304,33 @@ newcerts = ${:ca-dir}/newcerts
crl = ${:ca-dir}/crl
crl = ${:ca-dir}/crl
apachedex = ${monitor-directory:private}/apachedex
apachedex = ${monitor-directory:private}/apachedex
[
monitor-generate-apachedex-report
]
[
{{ section('monitor-generate-apachedex-report') }}
]
recipe = slapos.cookbook:wrapper
recipe = slapos.cookbook:wrapper
wrapper-path = ${monitor-directory:reports}/${:command}
wrapper-path = ${monitor-directory:reports}/${:command}
command-line = "{{ parameter_dict['run-apachedex-location'] }}" "{{ parameter_dict['apachedex-location'] }}" "${directory:apachedex}"
--default "${apachedex-parameters:default}" --apache-log-list "${apachedex-parameters:apache-log-list}" --base-list "${apachedex-parameters:base-list}" --skip-base-list "${apachedex-parameters:skip-base-list}" --erp5-base-list "${apachedex-parameters:erp5-base-list
}"
command-line = "{{ parameter_dict['run-apachedex-location'] }}" "{{ parameter_dict['apachedex-location'] }}" "${directory:apachedex}"
${monitor-publish-parameters:monitor-base-url}/private/apachedex --apache-log-list "${apachedex-parameters:apache-log-list}" --config "${apachedex-parameters:configuration
}"
command = apachedex_every_3_hour
command = apachedex_every_
2
3_hour
[apachedex-parameters]
[apachedex-parameters]
default_parameter =
# XXX - Sample log file with curent date: apache_access.log-%(date)s.gz
# XXX - Sample log file with curent date: apache_access.log-%(date)s.gz
# which will be equivalent to apache_access.log-20150112.gz if the date is 2015-01-12
# which will be equivalent to apache_access.log-20150112.gz if the date is 2015-01-12
apache-log-list = ${apache-conf-parameter-dict:access-log}
apache-log-list = ${apache-conf-parameter-dict:access-log}
default = ${monitor-directory:etc}/apdex_default
configuration = {{ slapparameter_dict['apachedex-configuration'] }}
base-list = ${monitor-directory:etc}/apdex_base_list
promise-threshold = {{ slapparameter_dict['apachedex-promise-threshold'] }}
skip-base-list = ${monitor-directory:etc}/apdex_skip_base_list
erp5-base-list = ${monitor-directory:etc}/apdex_erp5_base_list
[{{ section('monitor-promise-apachedex-result') }}]
recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:promise}/check-apachedex-result
command-line = "{{ parameter_dict['promise-check-apachedex-result'] }}" --apachedex_path "${directory:apachedex}" --status_file ${monitor-directory:private}/apachedex.report.json --threshold "${apachedex-parameters:promise-threshold}"
[monitor-instance-parameter]
[monitor-instance-parameter]
monitor-httpd-ipv6 = {{ (ipv6_set | list)[0] }}
monitor-httpd-ipv6 = {{ (ipv6_set | list)[0] }}
monitor-httpd-port = {{ next_port() }}
monitor-httpd-port = {{ next_port() }}
monitor-title =
Balancer monitor
monitor-title =
{{ slapparameter_dict['name'] }}
password = {{ slapparameter_dict['monitor-passwd'] }}
password = {{ slapparameter_dict['monitor-passwd'] }}
instance-configuration =
file apachedex-default ${apachedex-parameters:default}
file apachedex-base-list ${apachedex-parameters:base-list}
file apachedex-skip-base-list ${apachedex-parameters:skip-base-list}
file apachedex-erp5-base-list ${apachedex-parameters:erp5-base-list}
[buildout]
[buildout]
extends =
extends =
{{ logrotate_cfg }}
{{ logrotate_cfg }}
{{ parameter_dict['template-monitor'] }}
{{ parameter_dict['template-monitor'] }}
parts +=
parts +=
publish
logrotate-apache
monitor-generate-apachedex-report
{{ part_list | join('\n ') }}
{{ part_list | join('\n ') }}
software/slapos-master/instance-create-erp5-site-real.cfg.in
deleted
100644 → 0
View file @
a7bd942b
[directory]
recipe = slapos.cookbook:mkdirectory
etc = ${buildout:directory}/etc
services = ${:etc}/run
promise = ${:etc}/promise
[erp5-bootstrap]
recipe = slapos.cookbook:erp5.bootstrap
runner-path = ${directory:services}/erp5-bootstrap
{# Note: a random domain name will be picked if several point to the same IP -#}
{% set reverse_hosts = {} -%}
{% for x, y in publish['hosts-dict'].iteritems() -%}
{% do reverse_hosts.__setitem__(y, x) -%}
{% endfor -%}
{# XXX: Expect the first database to be the one to use for catalog. -#}
{% set mysql_parsed = urlparse.urlparse(publish['mariadb-database-list'][0]) -%}
mysql-url = {{ dumps(urlparse.urlunparse(mysql_parsed[:1] + (mysql_parsed.username + ":" + mysql_parsed.password + "@" + reverse_hosts.get(mysql_parsed.hostname, mysql_parsed.hostname) + ':' ~ mysql_parsed.port, ) + mysql_parsed[2:])) }}
{# Pick the first http[s] family found, they should be all equivalent anyway. -#}
{# Don't pick the https[s] configurated with ssl-authenticat=true. By convention, this family name contain 'service'. -#}
{% set family_list = [] -%}
{% for key, value in publish.items() -%}
{% if key.startswith('family-') and value.startswith('http') and not 'service' in key -%}
{% do family_list.append(value.split('://', 1)) -%}
{% endif -%}
{% endfor -%}
zope-url = {{ dumps(family_list[0][0] + '://' + publish['inituser-login'] + ':' + publish_early['inituser-password'] + '@' + family_list[0][1] + '/' + publish['site-id']) }}
[promise-erp5-site]
recipe = slapos.cookbook:check_url_available
url = ${erp5-bootstrap:zope-url}
path = ${directory:promise}/erp5-site
dash_path = {{ parameter_dict['dash-location'] }}/bin/dash
curl_path = {{ parameter_dict['curl-location'] }}/bin/curl
[buildout]
parts = promise-erp5-site
eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}
software/slapos-master/instance-erp5.cfg.in
View file @
437a5bc1
{% import "root_common" as root_common with context %}
{% import "root_common" as root_common with context
-
%}
{% set frontend_dict = slapparameter_dict.get('frontend', {}) -%}
{% set frontend_dict = slapparameter_dict.get('frontend', {}) -%}
{% set has_frontend = frontend_dict.get('software-url', '') != '' -%}
{% set has_frontend = frontend_dict.get('software-url', '') != '' -%}
{% set site_id = slapparameter_dict.get('site-id', 'erp5') -%}
{% set site_id = slapparameter_dict.get('site-id', 'erp5') -%}
...
@@ -9,7 +9,9 @@
...
@@ -9,7 +9,9 @@
{% set has_jupyter = jupyter_dict.get('enable', jupyter_enable_default.lower() in ('true', 'yes')) -%}
{% set has_jupyter = jupyter_dict.get('enable', jupyter_enable_default.lower() in ('true', 'yes')) -%}
{% set jupyter_zope_family = jupyter_dict.get('zope-family', '') -%}
{% set jupyter_zope_family = jupyter_dict.get('zope-family', '') -%}
{% set monitor_base_url_dict = {} -%}
{% set monitor_base_url_dict = {} -%}
{% set caucase_url = slapparameter_dict.get('caucase', {}).pop('url', '') -%}
{% set monitor_dict = slapparameter_dict.get('monitor', {}) %}
{% set monitor_dict = slapparameter_dict.get('monitor', {}) %}
{% set crl_update_period = slapparameter_dict.get('caucase', {}).pop('crl-update-periodicity', 'daily') -%}
[request-common]
[request-common]
<= request-common-base
<= request-common-base
config-use-ipv6 = {{ dumps(slapparameter_dict.get('use-ipv6', False)) }}
config-use-ipv6 = {{ dumps(slapparameter_dict.get('use-ipv6', False)) }}
...
@@ -52,6 +54,14 @@ config-name = {{ name }}
...
@@ -52,6 +54,14 @@ config-name = {{ name }}
connection-url = smtp://127.0.0.2:0/
connection-url = smtp://127.0.0.2:0/
{%- endif %}
{%- endif %}
{% if caucase_url -%}
{% do publish_dict.__setitem__('caucase-http-url', caucase_url) -%}
[request-caucase]
connection-http-url = {{ caucase_url }}
{%- else %}
{{ request('caucase', 'caucase', 'caucase', {'server-port': 8890, 'server-https-port': 8891, 'auto-sign-csr-amount': 2}, {'http-url': True, 'https-url': False}) }}
{% endif -%}
{# ZODB -#}
{# ZODB -#}
{% set zodb_dict = {} -%}
{% set zodb_dict = {} -%}
{% set storage_dict = {} -%}
{% set storage_dict = {} -%}
...
@@ -95,16 +105,16 @@ recipe = slapos.cookbook:publish-early
...
@@ -95,16 +105,16 @@ recipe = slapos.cookbook:publish-early
{%- if neo %}
{%- if neo %}
neo-cluster gen-neo-cluster:name
neo-cluster gen-neo-cluster:name
{%- if neo[0] %}
{%- if neo[0] %}
neo-cluster = {{
neo[0]
}}
neo-cluster = {{
dumps(neo[0])
}}
{%- endif %}
{%- endif %}
{%- endif %}
{%- endif %}
{%- set inituser_password = slapparameter_dict.get('inituser-password') %}
{%- set inituser_password = slapparameter_dict.get('inituser-password') %}
{%- if inituser_password %}
{%- if inituser_password %}
inituser-password = {{
inituser_password
}}
inituser-password = {{
dumps(inituser_password)
}}
{%- endif %}
{%- endif %}
{%- set deadlock_debugger_password = slapparameter_dict.get('deadlock-debugger-password') -%}
{%- set deadlock_debugger_password = slapparameter_dict.get('deadlock-debugger-password') -%}
{%- if deadlock_debugger_password %}
{%- if deadlock_debugger_password %}
deadlock-debugger-password = {{ d
eadlock_debugger_password
}}
deadlock-debugger-password = {{ d
umps(deadlock_debugger_password)
}}
{%- endif %}
{%- endif %}
[gen-password]
[gen-password]
...
@@ -139,6 +149,7 @@ return =
...
@@ -139,6 +149,7 @@ return =
{% endif -%}
{% endif -%}
config-bt5 = {{ dumps(slapparameter_dict.get('bt5', bt5_default_list)) }}
config-bt5 = {{ dumps(slapparameter_dict.get('bt5', bt5_default_list)) }}
config-bt5-repository-url = {{ dumps(slapparameter_dict.get('bt5-repository-url', local_bt5_repository)) }}
config-bt5-repository-url = {{ dumps(slapparameter_dict.get('bt5-repository-url', local_bt5_repository)) }}
config-caucase-url = ${request-caucase:connection-http-url}
config-cloudooo-url = ${request-cloudooo:connection-url}
config-cloudooo-url = ${request-cloudooo:connection-url}
config-deadlock-debugger-password = ${publish-early:deadlock-debugger-password}
config-deadlock-debugger-password = ${publish-early:deadlock-debugger-password}
config-developer-list = {{ dumps(slapparameter_dict.get('developer-list', [inituser_login])) }}
config-developer-list = {{ dumps(slapparameter_dict.get('developer-list', [inituser_login])) }}
...
@@ -171,23 +182,22 @@ config-tidstorage-port = ${request-zodb:connection-tidstorage-port}
...
@@ -171,23 +182,22 @@ config-tidstorage-port = ${request-zodb:connection-tidstorage-port}
software-type = zope
software-type = zope
{% set zope_family_dict = {} -%}
{% set zope_family_dict = {} -%}
{% set jupyter_zope_family_default = [] -%}
{% set zope_backend_path_dict = {} -%}
{% set zope_backend_path_dict = {} -%}
{% set ssl_authentication_dict = {} -%}
{% set ssl_authentication_dict = {} -%}
{% set jupyter_zope_family_default = [] -%}
{% for custom_name, zope_parameter_dict in zope_partition_dict.items() -%}
{% for custom_name, zope_parameter_dict in zope_partition_dict.items() -%}
{% set partition_name = 'zope-' ~ custom_name -%}
{% set partition_name = 'zope-' ~ custom_name -%}
{% set section_name = 'request-' ~ partition_name -%}
{% set section_name = 'request-' ~ partition_name -%}
{% set backend_path = zope_parameter_dict.get('backend-path', '/') % {'site-id': site_id} %}
{% set zope_family = zope_parameter_dict.get('family', 'default') -%}
{% set zope_family = zope_parameter_dict.get('family', 'default') -%}
{% set backend_path = zope_parameter_dict.get('backend-path', '/') % {'site-id': site_id} %}
{# # default jupyter zope family is first zope family. -#}
{# # default jupyter zope family is first zope family. -#}
{# # use list.append() to update it, because in jinja2 set changes only local scope. -#}
{# # use list.append() to update it, because in jinja2 set changes only local scope. -#}
{% if not jupyter_zope_family_default -%}
{% if not jupyter_zope_family_default -%}
{% do jupyter_zope_family_default.append(zope_family) -%}
{% do jupyter_zope_family_default.append(zope_family) -%}
{% endif -%}
{% endif -%}
{% do zope_family_dict.setdefault(zope_family, []).append(section_name) -%}
{% do zope_family_dict.setdefault(zope_family, []).append(section_name) -%}
{% do zope_backend_path_dict.
setdefault(zope_parameter_dict.get('family', 'default')
, backend_path) -%}
{% do zope_backend_path_dict.
__setitem__(zope_family
, backend_path) -%}
{% do ssl_authentication_dict.
setdefault(zope_parameter_dict.get('family', 'default')
, zope_parameter_dict.get('ssl-authentication', False)) -%}
{% do ssl_authentication_dict.
__setitem__(zope_family
, zope_parameter_dict.get('ssl-authentication', False)) -%}
[{{ section_name }}]
[{{ section_name }}]
<= request-zope-base
<= request-zope-base
name = {{ partition_name }}
name = {{ partition_name }}
...
@@ -201,7 +211,6 @@ config-longrequest-logger-interval = {{ dumps(zope_parameter_dict.get('longreque
...
@@ -201,7 +211,6 @@ config-longrequest-logger-interval = {{ dumps(zope_parameter_dict.get('longreque
config-longrequest-logger-timeout = {{ dumps(zope_parameter_dict.get('longrequest-logger-timeout', 1)) }}
config-longrequest-logger-timeout = {{ dumps(zope_parameter_dict.get('longrequest-logger-timeout', 1)) }}
config-port-base = {{ dumps(zope_parameter_dict.get('port-base', 2200)) }}
config-port-base = {{ dumps(zope_parameter_dict.get('port-base', 2200)) }}
config-webdav = {{ dumps(zope_parameter_dict.get('webdav', False)) }}
config-webdav = {{ dumps(zope_parameter_dict.get('webdav', False)) }}
config-name = {{ partition_name }}
{% endfor -%}
{% endfor -%}
{# if not explicitly configured, connect jupyter to first zope family, which -#}
{# if not explicitly configured, connect jupyter to first zope family, which -#}
...
@@ -211,7 +220,6 @@ config-name = {{ partition_name }}
...
@@ -211,7 +220,6 @@ config-name = {{ partition_name }}
{% endif -%}
{% endif -%}
{# We need to concatenate lists that we cannot read as lists, so this gets hairy. -#}
{# We need to concatenate lists that we cannot read as lists, so this gets hairy. -#}
{% set zope_address_list_id_dict = {} -%}
{% set zope_family_parameter_dict = {} -%}
{% set zope_family_parameter_dict = {} -%}
{% for family_name, zope_section_id_list in zope_family_dict.items() -%}
{% for family_name, zope_section_id_list in zope_family_dict.items() -%}
{% for zope_section_id in zope_section_id_list -%}
{% for zope_section_id in zope_section_id_list -%}
...
@@ -300,6 +308,7 @@ return =
...
@@ -300,6 +308,7 @@ return =
{{ family }}-v6
{{ family }}-v6
{% endfor -%}
{% endfor -%}
{% do monitor_base_url_dict.__setitem__('request-balancer', '${' ~ 'request-balancer' ~ ':connection-monitor-base-url}') -%}
{% do monitor_base_url_dict.__setitem__('request-balancer', '${' ~ 'request-balancer' ~ ':connection-monitor-base-url}') -%}
config-zope-family-dict = {{ dumps(zope_family_parameter_dict) }}
config-zope-family-dict = {{ dumps(zope_family_parameter_dict) }}
config-tcpv4-port = {{ dumps(balancer_dict.get('tcpv4-port', 2150)) }}
config-tcpv4-port = {{ dumps(balancer_dict.get('tcpv4-port', 2150)) }}
{% for zope_section_id, name in zope_address_list_id_dict.items() -%}
{% for zope_section_id, name in zope_address_list_id_dict.items() -%}
...
@@ -307,16 +316,17 @@ config-{{ name }} = {{ ' ${' ~ zope_section_id ~ ':connection-zope-address-list}
...
@@ -307,16 +316,17 @@ config-{{ name }} = {{ ' ${' ~ zope_section_id ~ ':connection-zope-address-list}
{% endfor -%}
{% endfor -%}
# XXX: should those really be same for all families ?
# XXX: should those really be same for all families ?
config-haproxy-server-check-path = {{ dumps(balancer_dict.get('haproxy-server-check-path', '/') % {'site-id': site_id}) }}
config-haproxy-server-check-path = {{ dumps(balancer_dict.get('haproxy-server-check-path', '/') % {'site-id': site_id}) }}
config-backend-path = {{ dumps(balancer_dict.get('apache-backend-path', '/') % {'site-id': site_id}) }}
config-ssl = {{ dumps(balancer_dict.get('ssl', {})) }}
config-ssl = {{ dumps(balancer_dict.get('ssl', {})) }}
config-backend-path-dict = {{ dumps(zope_backend_path_dict) }}
config-ssl-authentication-dict = {{ dumps(ssl_authentication_dict) }}
config-shared-certificate-authority-path = ${directory:ca-dir}
config-monitor-passwd = ${monitor-htpasswd:passwd}
config-monitor-passwd = ${monitor-htpasswd:passwd}
config-name = ${:name}
config-name = ${:name}
config-caucase-url = ${request-caucase:connection-http-url}
config-crl-update-periodicity = {{ crl_update_period }}
config-shared-certificate-authority-path = ${directory:ca-dir}
config-backend-path-dict = {{ dumps(zope_backend_path_dict) }}
config-ssl-authentication-dict = {{ dumps(ssl_authentication_dict) }}
config-apachedex-promise-threshold = {{ dumps(monitor_dict.get('apachedex-promise-threshold', 70)) }}
config-apachedex-promise-threshold = {{ dumps(monitor_dict.get('apachedex-promise-threshold', 70)) }}
config-apachedex-configuration = {{ dumps(monitor_dict.get('apachedex-configuration',
config-apachedex-configuration = {{ dumps(monitor_dict.get('apachedex-configuration',
'--erp5-base "/erp5(/|$|/\?)" --skip-user-agent Zabbix --error-detail --js-embed --quiet')) }}
'--erp5-base "/erp5(/|$|/\?)" --skip-user-agent Zabbix --error-detail --js-embed --quiet')) }}
[request-frontend-base]
[request-frontend-base]
{% if has_frontend -%}
{% if has_frontend -%}
...
@@ -365,10 +375,10 @@ monitor-httpd-port = 8386
...
@@ -365,10 +375,10 @@ monitor-httpd-port = 8386
[buildout]
[buildout]
extends = {{ template_monitor }}
extends = {{ template_monitor }}
parts +=
parts +=
apache-certificate-authority
apache-certificate-authority
fix-ca-folder
fix-ca-folder
publish
monitor-base
monitor-base
[monitor-conf-parameters]
[monitor-conf-parameters]
...
...
software/slapos-master/software.cfg
View file @
437a5bc1
...
@@ -58,9 +58,5 @@ filename = instance-balancer.cfg.in
...
@@ -58,9 +58,5 @@ filename = instance-balancer.cfg.in
url = ${:_profile_base_location_}/${:filename}
url = ${:_profile_base_location_}/${:filename}
filename = apache-backend.conf.in
filename = apache-backend.conf.in
[template-create-erp5-site-real]
< = download-base-part
filename = instance-create-erp5-site-real.cfg.in
[versions]
[versions]
python-memcached = 1.47
python-memcached = 1.47
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment