Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Labels
Merge Requests
103
Merge Requests
103
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Jobs
Commits
Open sidebar
nexedi
slapos
Commits
7a0756b2
Commit
7a0756b2
authored
May 27, 2020
by
Kazuhiko Shiozaki
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Revert "stack/erp5: support frontend-caucase-url-list option."
This reverts commit
e1236eea
.
parent
e1236eea
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
24 additions
and
63 deletions
+24
-63
software/erp5/instance-erp5-input-schema.json
software/erp5/instance-erp5-input-schema.json
+0
-5
stack/caucase/caucase.jinja2.library
stack/caucase/caucase.jinja2.library
+12
-14
stack/erp5/buildout.hash.cfg
stack/erp5/buildout.hash.cfg
+2
-2
stack/erp5/instance-balancer.cfg.in
stack/erp5/instance-balancer.cfg.in
+10
-41
stack/erp5/instance-erp5.cfg.in
stack/erp5/instance-erp5.cfg.in
+0
-1
No files found.
software/erp5/instance-erp5-input-schema.json
View file @
7a0756b2
...
...
@@ -453,11 +453,6 @@
"ssl"
:
{
"description"
:
"HTTPS certificate generation parameters"
,
"properties"
:
{
"frontend-caucase-url-list"
:
{
"title"
:
"Frontend Caucase URL List"
,
"description"
:
"List of URLs of caucase service of frontend groups."
,
"type"
:
"array"
},
"caucase-url"
:
{
"title"
:
"Caucase URL"
,
"description"
:
"URL of caucase service to use. If not set, global setting will be used."
,
...
...
stack/caucase/caucase.jinja2.library
View file @
7a0756b2
...
...
@@ -43,9 +43,9 @@ config-command = '{{ buildout_bin_directory }}/caucase-probe' 'http://{{ netloc
updater_path,
url,
data_dir,
crt_path,
ca_path,
crl_path,
crt_path=None,
key_path=None,
on_renew=None,
max_sleep=None,
...
...
@@ -59,25 +59,24 @@ config-command = '{{ buildout_bin_directory }}/caucase-probe' 'http://{{ netloc
recipe = slapos.cookbook:mkdirectory
data-dir = {{ data_dir }}
{% if crt_path %}
{% if template_csr_pem or template_csr -%}
{% if template_csr_pem or template_csr -%}
[{{ prefix }}-provided-csr-content]
{%
if template_csr_pem %}
{% if template_csr_pem %}
content = {{ dumps(template_csr_pem) }}
{%
elif template_csr %}
{% elif template_csr %}
content = {{ template_csr }}
{%
endif %}
{% endif %}
[{{ prefix }}-provided-csr]
recipe = slapos.recipe.template:jinja2
mode = 644
{%
if template_csr_pem %}
{% if template_csr_pem %}
template = inline:{{ '{{ content }}' }}
rendered = ${ {{- prefix }}-directory:data-dir}/provided.csr.pem
context = key content {{ prefix }}-provided-csr-content:content
{%
elif template_csr %}
{% elif template_csr %}
template = {{ '${' + prefix }}-provided-csr-content:content}
rendered = ${ {{- prefix }}-directory:data-dir}/provided.csr.pem
{%
endif %}
{% endif %}
{{ rerequest(
prefix=prefix ~ '-csr',
buildout_bin_directory=buildout_bin_directory,
...
...
@@ -85,13 +84,12 @@ rendered = ${ {{- prefix }}-directory:data-dir}/provided.csr.pem
csr='${:csr}',
key=key_path,
)}}
{%-
else -%}
{%- else -%}
[{{ prefix }}-csr]
recipe = plone.recipe.command
command = '{{ openssl }}' req -newkey rsa:2048 -batch -new -nodes -subj /CN=example.com -keyout '{{ key_path or crt_path }}' -out '${:csr}'
{%- endif %}
csr = ${ {{- prefix }}-directory:data-dir}/good.csr.pem
{%- endif %}
csr = ${ {{- prefix }}-directory:data-dir}/good.csr.pem
[{{ prefix }}]
recipe = slapos.cookbook:wrapper
...
...
@@ -100,8 +98,8 @@ command-line = '{{ buildout_bin_directory }}/caucase-updater'
--ca-url '{{ url }}'
--cas-ca '${ {{- prefix }}-directory:data-dir}/cas.crt.pem'
--mode '{{ mode }}'
{% if crt_path %}
--csr '${ {{- prefix }}-csr:csr}'
--crt '{{ crt_path }}'
{%- endif %}
--csr '${ {{- prefix }}-csr:csr}'
--crt '{{ crt_path }}'
--ca '{{ ca_path }}'
--crl '{{ crl_path }}'
{% if key_path %}--key '{{ key_path }}' {%- endif %}
...
...
stack/erp5/buildout.hash.cfg
View file @
7a0756b2
...
...
@@ -78,7 +78,7 @@ md5sum = d41d8cd98f00b204e9800998ecf8427e
[template-erp5]
filename = instance-erp5.cfg.in
md5sum =
038c367b7c4249d854bb0535891f29b3
md5sum =
82dc695e212be124d60ceb1143e56b0d
[template-zeo]
filename = instance-zeo.cfg.in
...
...
@@ -90,7 +90,7 @@ md5sum = 2f3ddd328ac1c375e483ecb2ef5ffb57
[template-balancer]
filename = instance-balancer.cfg.in
md5sum =
d375f1a15bade233fa134dcb05380f52
md5sum =
6851e0c28a025bd26a4d3450204ae335
[template-haproxy-cfg]
filename = haproxy.cfg.in
...
...
stack/erp5/instance-balancer.cfg.in
View file @
7a0756b2
...
...
@@ -21,40 +21,22 @@ recipe = slapos.recipe.template:jinja2
mode = 644
{{ caucase.updater(
prefix='caucase-updater
-0
',
prefix='caucase-updater',
buildout_bin_directory=parameter_dict['bin-directory'],
updater_path='${directory:services-on-watch}/caucase-updater
-0
',
updater_path='${directory:services-on-watch}/caucase-updater',
url=ssl_parameter_dict['caucase-url'],
data_dir='${directory:srv}/caucase-updater
-0
',
data_dir='${directory:srv}/caucase-updater',
crt_path='${apache-conf-ssl:caucase-cert}',
ca_path='${
directory:srv}/caucase-updater-0/ca.crt
',
crl_path='${
directory:srv}/caucase-updater-0/crl.pem
',
ca_path='${
apache-conf-ssl:ca-cert}
',
crl_path='${
apache-conf-ssl:crl}
',
key_path='${apache-conf-ssl:caucase-key}',
on_renew='${apache-graceful:output}',
max_sleep=ssl_parameter_dict.get('max-crl-update-delay', 1.0),
template_csr_pem=ssl_parameter_dict.get('csr'),
openssl=parameter_dict['openssl'] ~ '/bin/openssl',
)}}
{% do section('caucase-updater-0') -%}
{% do section('caucase-updater-0-promise') -%}
{% for idx, frontend_caucase_url in enumerate(ssl_parameter_dict['frontend-caucase-url-list']) -%}
{{ caucase.updater(
prefix='caucase-updater-%s' % (idx + 1),
buildout_bin_directory=parameter_dict['bin-directory'],
updater_path='${directory:services-on-watch}/caucase-updater-%s' % (idx + 1),
url=frontend_caucase_url,
data_dir='${directory:srv}/caucase-updater-%s' % (idx + 1),
ca_path='${directory:srv}/caucase-updater-%s/ca.crt' % (idx + 1),
crl_path='${directory:srv}/caucase-updater-%s/crl.pem' % (idx + 1),
on_renew='${apache-graceful:output}',
max_sleep=ssl_parameter_dict.get('max-crl-update-delay', 1.0),
template_csr_pem=ssl_parameter_dict.get('csr'),
openssl=parameter_dict['openssl'] ~ '/bin/openssl',
)}}
{% do section('caucase-updater-%s' % (idx + 1)) -%}
{% do section('caucase-updater-%s-promise' % (idx + 1)) -%}
{% endfor -%}
{% do section('caucase-updater') -%}
{% do section('caucase-updater-promise') -%}
{% set haproxy_dict = {} -%}
{% set apache_dict = {} -%}
...
...
@@ -194,22 +176,9 @@ wait-for-files =
recipe = collective.recipe.template
output = ${directory:bin}/apache-httpd-graceful
mode = 700
input =
inline:
#!{{parameter_dict['bin-directory']}}/python2.7
from lock_file import LockFile
import os
import subprocess
with LockFile('${apache-conf-ssl:ca-cert}.lock', wait = True):
ca_path_list = [{% for idx in range(len(frontend_caucase_url_list) + 1) -%} '{{ '${directory:srv}/caucase-updater-%s/ca.crt' % idx }}', {% endfor -%}]
valid_ca_path_list = [path for path in ca_path_list
if os.path.isfile(path) and subprocess.call(['openssl', 'x509', '-in', path], stdout=subprocess.PIPE) == 0]
file('${apache-conf-ssl:ca-cert}', 'w').write('\n'.join(file(path).read() for path in valid_ca_path_list))
crl_path_list = [{% for idx in range(len(frontend_caucase_url_list) + 1) -%} '{{ '${directory:srv}/caucase-updater-%s/crl.pem' % idx }}', {% endfor -%}]
valid_crl_path_list = [path for path in crl_path_list
if os.path.isfile(path) and subprocess.call(['openssl', 'crl', '-in', path], stdout=subprocess.PIPE) == 0]
file('${apache-conf-ssl:crl}', 'w').write('\n'.join(file(path).read() for path in valid_crl_path_list))
subprocess.call(['kill', '-USR1', file('${apache-conf-parameter-dict:pid-file}').read().strip()])
input = inline:
#!/bin/sh
kill -USR1 "$(cat '${apache-conf-parameter-dict:pid-file}')"
[{{ section('apache-promise') }}]
<= monitor-promise-base
...
...
stack/erp5/instance-erp5.cfg.in
View file @
7a0756b2
...
...
@@ -98,7 +98,6 @@ backup-caucased = ${:srv}/backup/caucased
{% do publish_dict.__setitem__('caucase-http-url', caucase_url) -%}
{% set balancer_dict = slapparameter_dict.get('balancer', {}) -%}
{% do balancer_dict.setdefault('ssl', {}).setdefault('caucase-url', caucase_url) -%}
{% do balancer_dict['ssl'].setdefault('frontend-caucase-url-list', []) -%}
{{ request('memcached-persistent', 'kumofs', 'kumofs', {'tcpv4-port': 2000}, {'url': True, 'monitor-base-url': False}, key_config={'monitor-passwd': 'monitor-htpasswd:passwd'}) }}
{{ request('memcached-volatile', 'kumofs', 'memcached', {'tcpv4-port': 2010, 'ram-storage-size': 64}, {'url': True, 'monitor-base-url': False}, key_config={'monitor-passwd': 'monitor-htpasswd:passwd'}) }}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment