Commit c470ad28 authored by Cédric Le Ninivin's avatar Cédric Le Ninivin

apache-frontend: Frontend can now handle both custom and default slaves

parent 51568042
...@@ -168,7 +168,8 @@ extra-context = ...@@ -168,7 +168,8 @@ extra-context =
key local_ipv4 instance-parameter:ipv4-random key local_ipv4 instance-parameter:ipv4-random
key cache_port apache-configuration:cache-port key cache_port apache-configuration:cache-port
raw empty_template ${template-empty:target} raw empty_template ${template-empty:target}
raw template_slave_configuration ${template-slave-configuration:target} raw template_custom_slave_configuration ${template-slave-configuration:target}
raw template_default_slave_configuration ${template-default-slave-virtualhost:target}
raw template_rewrite_cached ${template-rewrite-cached:target} raw template_rewrite_cached ${template-rewrite-cached:target}
raw software_type single-custom-personal raw software_type single-custom-personal
section logrotate_dict logrotate section logrotate_dict logrotate
......
...@@ -61,6 +61,17 @@ sla-{{ parameter }} = {{ slapparameter_dict.pop( sla_key + parameter ) }} ...@@ -61,6 +61,17 @@ sla-{{ parameter }} = {{ slapparameter_dict.pop( sla_key + parameter ) }}
{% endif -%} {% endif -%}
{% endfor -%} {% endfor -%}
{% set authorized_slave_string = slapparameter_dict.pop('-frontend-authorized-slave-string', '') -%}
{% set authorized_slave_list = [] %}
{% set rejected_slave_list = [] %}
{% for slave in slave_instance_list %}
{% if not (slave.has_key('apache_custom_http') and not slave.get('slave_reference') in authorized_slave_string) %}
{% do authorized_slave_list.append(slave) %}
{% else %}
{% do rejected_slave_list.append(slave.get('slave_reference')) %}
{% endif %}
{% endfor -%}
[replicate] [replicate]
<= slap-connection <= slap-connection
recipe = slapos.cookbook:requestoptional recipe = slapos.cookbook:requestoptional
...@@ -76,13 +87,16 @@ config = {{ ' '.join(slapparameter_dict.keys()) + ' ' + slave_list_name }} ...@@ -76,13 +87,16 @@ config = {{ ' '.join(slapparameter_dict.keys()) + ' ' + slave_list_name }}
{% for parameter, value in slapparameter_dict.iteritems() -%} {% for parameter, value in slapparameter_dict.iteritems() -%}
config-{{parameter}} = {{ value }} config-{{parameter}} = {{ value }}
{% endfor -%} {% endfor -%}
config-{{ slave_list_name }} = {{ json_module.dumps(slave_instance_list) }} config-{{ slave_list_name }} = {{ json_module.dumps(authorized_slave_list) }}
connection-monitor_url = connection-monitor_url =
[publish-information] [publish-information]
recipe = slapos.cookbook:publish recipe = slapos.cookbook:publish
domain = {{ slapparameter_dict.get('domain') }} domain = {{ slapparameter_dict.get('domain') }}
slave-amount = {{ slave_instance_list | length }} slave-amount = {{ slave_instance_list | length }}
accepted-slave-amount = {{ authorized_slave_list | length }}
rejected-slave-amount = {{ rejected_slave_list | length }}
rejected-slave-list = {{ json_module.dumps(rejected_slave_list) }}
{% for frontend in frontend_section_list %} {% for frontend in frontend_section_list %}
{{ frontend }}-monitor-url = {{ '${' + frontend + ':connection-monitor_url}' }} {{ frontend }}-monitor-url = {{ '${' + frontend + ':connection-monitor_url}' }}
{% endfor -%} {% endfor -%}
......
...@@ -3,6 +3,7 @@ ...@@ -3,6 +3,7 @@
{% set cached_server_dict = {} -%} {% set cached_server_dict = {} -%}
{% set part_list = [] -%} {% set part_list = [] -%}
{% set cache_access = "http://%s:%s" % (local_ipv4, cache_port) -%} {% set cache_access = "http://%s:%s" % (local_ipv4, cache_port) -%}
{% set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
{% set generic_instance_parameter_dict = {'cache_access': cache_access,} -%} {% set generic_instance_parameter_dict = {'cache_access': cache_access,} -%}
{% set slave_log_dict = {} -%} {% set slave_log_dict = {} -%}
{% if extra_slave_instance_list -%} {% if extra_slave_instance_list -%}
...@@ -29,8 +30,11 @@ context = ...@@ -29,8 +30,11 @@ context =
{% set slave_reference = slave_instance.get('slave_reference') -%} {% set slave_reference = slave_instance.get('slave_reference') -%}
{% set slave_section_title = 'dynamic-template-slave-instance-%s' % slave_reference -%} {% set slave_section_title = 'dynamic-template-slave-instance-%s' % slave_reference -%}
{% set slave_parameter_dict = generic_instance_parameter_dict.copy() -%} {% set slave_parameter_dict = generic_instance_parameter_dict.copy() -%}
{% set slave_publish_dict = {} -%}
{% do part_list.append(slave_section_title) -%} {% do part_list.append(slave_section_title) -%}
############################
#### Set Slave Log Directory and access
{% set slave_directory_section = slave_reference + "-directory" -%} {% set slave_directory_section = slave_reference + "-directory" -%}
{% set slave_log_folder = logrotate_dict.get('backup') + '/' + slave_reference + "-logs" -%} {% set slave_log_folder = logrotate_dict.get('backup') + '/' + slave_reference + "-logs" -%}
...@@ -41,6 +45,8 @@ log-folder = {{slave_log_folder}} ...@@ -41,6 +45,8 @@ log-folder = {{slave_log_folder}}
# Set Up log files # Set Up log files
{% do slave_parameter_dict.__setitem__('access_log', '/'.join([apache_log_directory, '%s_access_log' % slave_reference])) -%} {% do slave_parameter_dict.__setitem__('access_log', '/'.join([apache_log_directory, '%s_access_log' % slave_reference])) -%}
{% do slave_parameter_dict.__setitem__('error_log', '/'.join([apache_log_directory, '%s_error_log' % slave_reference])) -%} {% do slave_parameter_dict.__setitem__('error_log', '/'.join([apache_log_directory, '%s_error_log' % slave_reference])) -%}
{% do slave_instance.__setitem__('access_log', slave_parameter_dict.get('access_log')) -%}
{% do slave_instance.__setitem__('error_log', slave_parameter_dict.get('error_log')) -%}
# Set slave logrotate entry # Set slave logrotate entry
{% set slave_logrotate_section = slave_reference + "-logs" -%} {% set slave_logrotate_section = slave_reference + "-logs" -%}
...@@ -85,17 +91,11 @@ command = {{frontend_configuration.get('apache-directory')}}/bin/htpasswd -cb ${ ...@@ -85,17 +91,11 @@ command = {{frontend_configuration.get('apache-directory')}}/bin/htpasswd -cb ${
# Add slave log directory to the slave log access dict # Add slave log directory to the slave log access dict
{% do slave_log_dict.__setitem__(slave_reference, slave_log_folder) %} {% do slave_log_dict.__setitem__(slave_reference, slave_log_folder) %}
# Set up apache configuration file for slave {% set slave_log_access_url = 'https://' + slave_reference + ':${'+ slave_password_section +':passwd}@[' + frontend_configuration.get('apache-ipv6') + ']:' + frontend_configuration.get('apache-https-port') + '/' + slave_reference.lower() + '/' %}
[{{ slave_section_title }}] {% do slave_publish_dict.__setitem__('log-access', slave_log_access_url) %}
< = jinja2-template-base
template = {{ template_slave_configuration }} ############################
filename = {{ '%s.conf' % slave_reference }} #### Set Slave Certificates if needed
extra-context =
key apache_custom_https {{ 'slave-instance-%s-configuration:apache_custom_https' % slave_reference }}
key apache_custom_http {{ 'slave-instance-%s-configuration:apache_custom_http' % slave_reference }}
raw https_port {{ https_port }}
raw http_port {{ http_port }}
{{ '\n' }}
# Set ssl certificates for each slave # Set ssl certificates for each slave
{% for cert_name in ('ssl_key', 'ssl_crt', 'ssl_ca_crt', 'ssl_csr')-%} {% for cert_name in ('ssl_key', 'ssl_crt', 'ssl_ca_crt', 'ssl_csr')-%}
...@@ -104,6 +104,7 @@ extra-context = ...@@ -104,6 +104,7 @@ extra-context =
{% set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) -%} {% set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) -%}
{% do part_list.append(cert_title) -%} {% do part_list.append(cert_title) -%}
{% do slave_parameter_dict.__setitem__(cert_name, cert_file) -%} {% do slave_parameter_dict.__setitem__(cert_name, cert_file) -%}
{% do slave_instance.__setitem__('path_to_' + cert_name, cert_file) -%}
# Store certificates on fs # Store certificates on fs
[{{ cert_title }}] [{{ cert_title }}]
< = jinja2-template-base < = jinja2-template-base
...@@ -117,6 +118,25 @@ value = {{ dumps(slave_instance.get(cert_name)) }} ...@@ -117,6 +118,25 @@ value = {{ dumps(slave_instance.get(cert_name)) }}
{% endif -%} {% endif -%}
{% endfor -%} {% endfor -%}
############################
#### Set Slave Configuration
{% if slave_instance.has_key('apache_custom_http') %}
#### Set Configuration for custom slaves
# Set up apache configuration file for slave
[{{ slave_section_title }}]
< = jinja2-template-base
template = {{ template_custom_slave_configuration }}
filename = {{ '%s.conf' % slave_reference }}
extra-context =
key apache_custom_https {{ 'slave-instance-%s-configuration:apache_custom_https' % slave_reference }}
key apache_custom_http {{ 'slave-instance-%s-configuration:apache_custom_http' % slave_reference }}
raw https_port {{ https_port }}
raw http_port {{ http_port }}
{{ '\n' }}
# Set apache configuration value for slave # Set apache configuration value for slave
[{{ ('slave-instance-%s-configuration' % slave_reference) }}] [{{ ('slave-instance-%s-configuration' % slave_reference) }}]
{% set apache_custom_http = ((slave_instance.get('apache_custom_http', '')) % slave_parameter_dict) -%} {% set apache_custom_http = ((slave_instance.get('apache_custom_http', '')) % slave_parameter_dict) -%}
...@@ -130,18 +150,63 @@ apache_custom_https = {{ dumps(apache_custom_https) }} ...@@ -130,18 +150,63 @@ apache_custom_https = {{ dumps(apache_custom_https) }}
{% do cached_server_dict.__setitem__(slave_instance.get('domain'), slave_instance.get('url')) -%} {% do cached_server_dict.__setitem__(slave_instance.get('domain'), slave_instance.get('url')) -%}
{% endif -%} {% endif -%}
# Publish information
{% do slave_publish_dict.update(**{'slave-reference':slave_instance.get('slave_reference'), 'public-ipv4':public_ipv4, 'log-access': slave_log_access_url}) %}
{% else %}
#### Set Configuration for default slaves
# Set slave domain if none was defined
{% if slave_instance.get('custom_domain', None) == None -%}
{% do slave_instance.__setitem__('custom_domain', "%s.%s" % (slave_instance.get('slave_reference').replace("-", "").lower(), slapparameter_dict.get('domain'))) -%}
{% endif -%}
# The slave use cache
# Next line is forbidden and people who copy it will be hanged short
{% set enable_cache = ('' ~ slave_instance.get('enable_cache', '')).lower() in TRUE_VALUES -%}
{% if enable_cache -%}
{% do cached_server_dict.__setitem__(slave_instance.get('custom_domain'), slave_instance.get('url')) -%}
{% do slave_instance.__setitem__('url', cache_access) -%}
{% endif -%}
{% do part_list.append(slave_section_title) -%}
[{{ ('slave-instance-%s-configuration' % slave_reference) }}]
{% for key, value in slave_instance.iteritems() -%}
{{ key }} = {{ dumps(value) }}
{% endfor %}
# Set up slave configuration file
[{{ slave_section_title }}]
< = jinja2-template-base
template = {{ template_default_slave_configuration }}
filename = {{ '%s.conf' % slave_reference }}
extensions = jinja2.ext.do
extra-context =
section slave_parameter {{ 'slave-instance-%s-configuration' % slave_reference }}
raw https_port {{ https_port }}
raw http_port {{ http_port }}
{{ '\n' }}
{% do slave_publish_dict.update(**{'slave-reference':slave_instance.get('slave_reference'), 'public-ipv4':public_ipv4, 'domain':slave_instance.get('custom_domain'), 'url':"http://%s" % slave_instance.get('custom_domain'), 'site_url':"http://%s" % slave_instance.get('custom_domain')}) %}
{% endif -%}
############################
#### Publish Slave Information
# Publish slave information # Publish slave information
{% set slave_log_access_url = 'https://' + slave_reference + ':${'+ slave_password_section +':passwd}@[' + frontend_configuration.get('apache-ipv6') + ']:' + frontend_configuration.get('apache-https-port') + '/' + slave_reference.lower() + '/' %}
{% if not extra_slave_instance_list -%} {% if not extra_slave_instance_list -%}
{% set publish_section_title = 'publish-%s-connection-information' % slave_instance.get('slave_reference') -%} {% set publish_section_title = 'publish-%s-connection-information' % slave_instance.get('slave_reference') -%}
{% do part_list.append(publish_section_title) -%} {% do part_list.append(publish_section_title) -%}
[{{ publish_section_title }}] [{{ publish_section_title }}]
recipe = slapos.cookbook:publish recipe = slapos.cookbook:publish
public-ipv4 = {{ public_ipv4 }} {% for key, value in slave_publish_dict.iteritems() %}
log-access = {{ slave_log_access_url }} {{ key }} = {{ value }}
-slave-reference = {{ slave_instance.get('slave_reference') }} {% endfor %}
{% else -%} {% else -%}
{% do slave_instance_information_list.append({'slave-reference':slave_instance.get('slave_reference'), 'public-ipv4':public_ipv4, 'log-access': slave_log_access_url}) -%} {% do slave_instance_information_list.append(slave_publish_dict) -%}
{% endif -%} {% endif -%}
{% endfor -%} {% endfor -%}
......
{% set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%} {% set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
<VirtualHost *:{{ https_port }}> <VirtualHost *:{{ https_port }}>
ServerName {{ slave_parameter.get('domain') }} ServerName {{ slave_parameter.get('custom_domain') }}
ServerAlias {{ slave_parameter.get('domain') }} ServerAlias {{ slave_parameter.get('custom_domain') }}
SSLEngine on SSLEngine on
SSLProxyEngine on SSLProxyEngine on
...@@ -23,10 +23,10 @@ ...@@ -23,10 +23,10 @@
# One Slave two logs # One Slave two logs
ErrorLog "{{ error_log }}" ErrorLog "{{ slave_parameter.get('error_log') }}"
LogLevel info LogLevel info
LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
CustomLog "{{ access_log }}" combined CustomLog "{{ slave_parameter.get('access_log') }}" combined
# Rewrite part # Rewrite part
ProxyVia On ProxyVia On
...@@ -38,15 +38,15 @@ ...@@ -38,15 +38,15 @@
# First, we check if we have a zope backend server # First, we check if we have a zope backend server
# If so, let's use Virtual Host Daemon rewrite # If so, let's use Virtual Host Daemon rewrite
# We suppose that Apache listens to 443 (even indirectly thanks to things like iptables) # We suppose that Apache listens to 443 (even indirectly thanks to things like iptables)
RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/VirtualHostBase/https/{{ slave_parameter.get('domain', '') }}:443/{{ slave_parameter.get('path', '') }}/VirtualHostRoot/$1 [L,P] RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/VirtualHostBase/https/{{ slave_parameter.get('custom_domain', '') }}:443/{{ slave_parameter.get('path', '') }}/VirtualHostRoot/$1 [L,P]
{% else -%} {% else -%}
RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/$1 [L,P] RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/$1 [L,P]
{% endif -%} {% endif -%}
</VirtualHost> </VirtualHost>
<VirtualHost *:{{ http_port }}> <VirtualHost *:{{ http_port }}>
ServerName {{ slave_parameter.get('domain') }} ServerName {{ slave_parameter.get('custom_domain') }}
ServerAlias {{ slave_parameter.get('domain') }} ServerAlias {{ slave_parameter.get('custom_domain') }}
SSLProxyEngine on SSLProxyEngine on
# Rewrite part # Rewrite part
ProxyVia On ProxyVia On
...@@ -55,10 +55,10 @@ ...@@ -55,10 +55,10 @@
RewriteEngine On RewriteEngine On
# One Slave two logs # One Slave two logs
ErrorLog "{{ error_log }}" ErrorLog "{{ slave_parameter.get('error_log') }}"
LogLevel info LogLevel info
LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
CustomLog "{{ access_log }}" combined CustomLog "{{ slave_parameter.get('access_log') }}" combined
# Remove "Secure" from cookies, as backend may be https # Remove "Secure" from cookies, as backend may be https
Header edit Set-Cookie "(?i)^(.+);secure$" "$1" Header edit Set-Cookie "(?i)^(.+);secure$" "$1"
...@@ -75,7 +75,7 @@ ...@@ -75,7 +75,7 @@
# First, we check if we have a zope backend server # First, we check if we have a zope backend server
# If so, let's use Virtual Host Daemon rewrite # If so, let's use Virtual Host Daemon rewrite
# We suppose that Apache listens to 80 (even indirectly thanks to things like iptables) # We suppose that Apache listens to 80 (even indirectly thanks to things like iptables)
RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/VirtualHostBase/http/{{ slave_parameter.get('domain', '') }}:80/{{ slave_parameter.get('path', '') }}/VirtualHostRoot/$1 [L,P] RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/VirtualHostBase/http/{{ slave_parameter.get('custom_domain', '') }}:80/{{ slave_parameter.get('path', '') }}/VirtualHostRoot/$1 [L,P]
{% else -%} {% else -%}
RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/$1 [L,P] RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/$1 [L,P]
{% endif -%} {% endif -%}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment