From d92849d0c1679da87a05ece35318dd9a83f7c614 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Le=20Ninivin?= <cedric.leninivin@tiolive.com>
Date: Fri, 8 Aug 2014 14:27:42 +0200
Subject: [PATCH] apache-frontend: add support for default certificate in
replicate
---
software/apache-frontend/common.cfg | 6 +-
.../instance-apache-frontend.cfg | 9 +++
.../instance-apache-replicate.cfg.in | 55 +++++++++++--------
.../apache-frontend/templates/apache.conf.in | 3 +
4 files changed, 47 insertions(+), 26 deletions(-)
diff --git a/software/apache-frontend/common.cfg b/software/apache-frontend/common.cfg
index 550308586..7a1ea0026 100644
--- a/software/apache-frontend/common.cfg
+++ b/software/apache-frontend/common.cfg
@@ -67,14 +67,14 @@ mode = 0644
[template-apache-frontend]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-apache-frontend.cfg
-md5sum = 66a4c824a9f9a9995e1699549b941656
+md5sum = 53de57ef78345cedd3c715a105539ca3
output = ${buildout:directory}/template-apache-frontend.cfg
mode = 0644
[template-apache-replicate]
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/instance-apache-replicate.cfg.in
-md5sum = 4a386500c21d0b59ce9a679c6110d375
+md5sum = da22cc3b2095766c5e14b29afab2b760
mode = 0644
[template-slave-list]
@@ -98,7 +98,7 @@ mode = 640
[template-apache-frontend-configuration]
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/templates/apache.conf.in
-md5sum = 72922908c1f4e72c92bb03e072660c7c
+md5sum = e68401762b25b7a462ba5df187e003e8
mode = 640
[template-apache-cached-configuration]
diff --git a/software/apache-frontend/instance-apache-frontend.cfg b/software/apache-frontend/instance-apache-frontend.cfg
index 5dc4fc580..38a69717f 100644
--- a/software/apache-frontend/instance-apache-frontend.cfg
+++ b/software/apache-frontend/instance-apache-frontend.cfg
@@ -118,6 +118,7 @@ configuration.apache_custom_https = ""
configuration.apache_custom_http = ""
configuration.apache-key =
configuration.apache-certificate =
+configuration.apache-ca-certificate =
configuration.open-port = 80 443
configuration.extra_slave_instance_list =
configuration.disk-cache-size = 8G
@@ -256,6 +257,7 @@ extra-context =
key access_control_string apache-configuration:access-control-string
key login_certificate ca-frontend:cert-file
key login_key ca-frontend:key-file
+ key login_ca_crt ca-custom-frontend:rendered
key ca_dir certificate-authority:ca-dir
key ca_crl certificate-authority:ca-crl
key access_log apache-configuration:access-log
@@ -380,6 +382,13 @@ cert-content = $${instance-parameter:configuration.apache-certificate}
# Put domain name
name = $${instance-parameter:configuration.domain}
+[ca-custom-frontend]
+< = jinja2-template-base
+template = ${template-empty:target}
+rendered = $${cadirectory:certs}/apache_frontend.ca.crt
+extra-context =
+ key content instance-parameter:configuration.apache-ca-certificate
+
[cron]
recipe = slapos.cookbook:cron
dcrond-binary = ${dcron:location}/sbin/crond
diff --git a/software/apache-frontend/instance-apache-replicate.cfg.in b/software/apache-frontend/instance-apache-replicate.cfg.in
index d1b352630..c611e7774 100644
--- a/software/apache-frontend/instance-apache-replicate.cfg.in
+++ b/software/apache-frontend/instance-apache-replicate.cfg.in
@@ -23,6 +23,7 @@ context =
{% set slave_list_name = 'extra_slave_instance_list' -%}
{% set frontend_list = [] %}
{% set frontend_section_list = [] %}
+{% set request_dict = {} %}
{% set namebase = 'apache-frontend' -%}
# XXX Dirty hack, not possible to define default value before
{% set sla_computer_apache_1_key = '-sla-1-computer_guid' -%}
@@ -37,13 +38,13 @@ context =
{% set request_section_title = 'request-%s' % frontend_name -%}
{% set sla_key = "-sla-%s-" % i -%}
{% set sla_key_length = sla_key | length %}
-{% set sla_parameters = [] %}
+{% set sla_dict = {} %}
{% set config_key = "-frontend-config-%s-" % i %}
{% set config_key_length = config_key | length %}
{% set config_dict = {} %}
{% for key in slapparameter_dict.keys() %}
{% if key.startswith(sla_key) %}
-{% do sla_parameters.append(key[sla_key_length:]) %}
+{% do sla_dict.__setitem__(key[sla_key_length:], slapparameter_dict.pop(key)) %}
# We check for specific configuration regarding the frontend
{% elif key.startswith(config_key) -%}
{% do config_dict.__setitem__(key[config_key_length:], slapparameter_dict.pop(key)) %}
@@ -52,23 +53,15 @@ context =
{% do frontend_list.append(frontend_name) -%}
{% do frontend_section_list.append(request_section_title) -%}
{% do part_list.append(request_section_title) -%}
-[{{request_section_title}}]
-<= replicate
-name = {{frontend_name}}
+# Filling request dict for slave
{% set state_key = "-frontend-%s-state" % i %}
-{% if slapparameter_dict.has_key(state_key) %}
-state = {{ slapparameter_dict.pop(state_key) }}
-{% endif%}
-extra-config = {{ ' '.join(config_dict.keys()) }}
-{% for key, value in config_dict.iteritems() -%}
-config-{{ key }} = {{ value }}
-{% endfor -%}
-{% if sla_parameters %}
-sla = {{ ' '.join(sla_parameters) }}
-{% for parameter in sla_parameters -%}
-sla-{{ parameter }} = {{ slapparameter_dict.pop( sla_key + parameter ) }}
-{% endfor -%}
-{% endif -%}
+{% do request_dict.__setitem__(request_section_title,
+ {
+ 'config': config_dict,
+ 'name': frontend_name,
+ 'sla': sla_dict,
+ 'state': slapparameter_dict.pop(state_key, None)
+ }) %}
{% endfor -%}
{% set authorized_slave_string = slapparameter_dict.pop('-frontend-authorized-slave-string', '') -%}
@@ -93,13 +86,29 @@ software-url = ${slap-connection:software-release-url}
{% endif %}
software-type = {{frontend_type}}
return = private-ipv4 public-ipv4 slave-instance-information-list monitor_url
-config = {{ ' '.join(slapparameter_dict.keys()) + ' ${:extra-config} ' + slave_list_name }}
-{% for parameter, value in slapparameter_dict.iteritems() -%}
-config-{{parameter}} = {{ value }}
-{% endfor -%}
-config-{{ slave_list_name }} = {{ json_module.dumps(authorized_slave_list) }}
+config = _
connection-monitor_url =
+{% for section, frontend_request in request_dict.iteritems() %}
+[{{section}}]
+<= replicate
+name = {{ frontend_request.get('name') }}
+{% if frontend_request.get('state') %}
+state = {{ frontend_request.get('state') }}
+{% endif%}
+{% set slave_configuration_dict = frontend_request.get('config') %}
+{% do slave_configuration_dict.update(**slapparameter_dict) %}
+{% do slave_configuration_dict.__setitem__(slave_list_name, json_module.dumps(authorized_slave_list)) %}
+config-_ = {{ json_module.dumps(slave_configuration_dict) }}
+{% if frontend_request.get('sla') %}
+sla = {{ ' '.join(frontend_request.get('sla').keys()) }}
+{% for parameter, value in frontend_request.get('sla').iteritems() -%}
+sla-{{ parameter }} = {{ value }}
+{% endfor -%}
+{% endif -%}
+{% endfor -%}
+
+
[publish-information]
recipe = slapos.cookbook:publish
domain = {{ slapparameter_dict.get('domain') }}
diff --git a/software/apache-frontend/templates/apache.conf.in b/software/apache-frontend/templates/apache.conf.in
index 03a1d68d3..07d8cd24a 100644
--- a/software/apache-frontend/templates/apache.conf.in
+++ b/software/apache-frontend/templates/apache.conf.in
@@ -114,6 +114,9 @@ BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# SSL Configuration
SSLCertificateFile {{ login_certificate }}
SSLCertificateKeyFile {{ login_key }}
+{% if slapparameter_dict.get('apache-ca-certificate') %}
+SSLCACertificateFile {{ login_ca_crt }}
+{% endif %}
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLSessionCache shmcb:/{{ httpd_mod_ssl_cache_directory }}/ssl_scache(512000)
--
2.30.9