Add nginx-reverse-proxy Software Release.

parent f84eb3f1
......@@ -162,6 +162,7 @@ setup(name=name,
'request.serialised = slapos.recipe.request:Serialised',
'request.edge = slapos.recipe.request:RequestEdge',
'requestoptional = slapos.recipe.request:RequestOptional',
'reverseproxy.nginx = slapos.recipe.reverse_proxy_nginx:Recipe',
'seleniumrunner = slapos.recipe.seleniumrunner:Recipe',
'sheepdogtestbed = slapos.recipe.sheepdogtestbed:SheepDogTestBed',
'shell = slapos.recipe.shell:Recipe',
......
##############################################################################
#
# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
import operator
from slapos.recipe.librecipe import GenericSlapRecipe
import zc.buildout
class Recipe(GenericSlapRecipe):
def _install(self):
path_list = []
# Check for mandatory arguments
domain_name = self.options['domain']
if not domain_name:
raise zc.buildout.UserError('No domain name specified. Please define '
'the "domain" instance parameter.')
# XXX: add HTTP support
#https_port_number = self.options['https-port']
#http_port_number = self.options['http-port']
# Parse list of slaves
slave_instance_list = sorted(self.options['slave-instance-list'],
key=operator.itemgetter('slave_reference'))
# Now, we only take first instance and only use this one.
# XXX: TODO real implementation of slaves
zimbra_slave_instance = slave_instance_list[0]
# Generate Nginx configuration
nginx_configuration_dict = {
'listen-local-ipv4': self.options['ipv4'],
'listen-global-ipv6': '[%s]' % self.options['ipv6'],
'domain-name': domain_name,
'smtp-port-number': self.options['smtp-port'],
'error-log': self.options['error-log'],
'access-log': self.options['access-log'],
'htdocs': self.options['htdocs'],
'smtp-upstream-host': zimbra_slave_instance['smtp-upstream-host'],
'smtp-upstream-port': zimbra_slave_instance['smtp-upstream-port'],
}
nginx_configuration_file = self.createFile(
self.options['configuration-file'],
self.substituteTemplate(self.getTemplateFilename('nginx.conf.in'),
nginx_configuration_dict)
)
path_list.append(nginx_configuration_file)
# Generate Nginx wrapper
wrapper = self.createWrapper(
name=self.options['wrapper'],
command=self.options['nginx-executable'],
parameters=[
'-c', self.options['configuration-file'],
'-p', self.options['home-directory']
]
)
# TODO: reload configuration or have feature like apache_map
# Send connection informations about each slave
for slave_instance in slave_instance_list:
reference = slave_instance.get("slave_reference")
self.logger.debug('Sending connection parameters of slave '
'instance: %s' % reference)
try:
connection_dict = {
'listening-ipv6': self.options['ipv6'],
# Arbitrary, as the instance doesn't know its public IP.
'listening-ipv4': self.options['public-ipv4'],
# XXX-TODO
#'site_url': url,
}
self.setConnectionDict(connection_dict, reference)
except:
self.logger.fatal("Error while sending slave %s informations: %s",
reference, traceback.format_exc())
return path_list
daemon off;
worker_processes 1;
#XXX-Cedric: TODO separate the different logs
error_log %(error-log)s info;
events {
worker_connections 1024;
use epoll;
}
http {
log_format main
'$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$gzip_ratio"';
server {
listen %(listen-local-ipv4)s:8008;
server_name localhost;
access_log %(access-log)s main;
error_log %(error-log)s info;
root %(htdocs)s;
location ~ $ {
add_header Auth-Server %(smtp-upstream-host)s;
add_header Auth-Port %(smtp-upstream-port)s;
return 200;
}
}
}
mail {
server_name %(domain-name)s;
auth_http %(listen-local-ipv4)s:8008;
server {
listen %(listen-local-ipv4)s:%(smtp-port-number)s;
listen %(listen-global-ipv6)s:%(smtp-port-number)s;
protocol smtp;
timeout 5s;
proxy on;
xclient off;
smtp_auth none;
}
}
[buildout]
# XXX-Cedric: cahnge name to reverse-proxy-nginx
extends =
../../component/dcron/buildout.cfg
../../component/gzip/buildout.cfg
../../component/logrotate/buildout.cfg
../../component/nginx/buildout.cfg
../../component/openssl/buildout.cfg
../../stack/slapos.cfg
parts =
slapos-cookbook
eggs
instance-profile
[eggs]
recipe = zc.recipe.egg
eggs =
slapos.toolbox
[instance-profile]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance.cfg.in
output = ${buildout:directory}/instance.cfg
#md5sum = 650cd2527158734fd6ccd9ec374b5e69
mode = 0644
[buildout]
extends =
../../component/git/buildout.cfg
common.cfg
parts +=
slapos.cookbook-repository
check-recipe
develop =
${:parts-directory}/slapos.cookbook-repository
[slapos.cookbook-repository]
recipe = slapos.recipe.build:gitclone
repository = http://git.erp5.org/repos/slapos.git
branch = slaprunner
git-executable = ${git:location}/bin/git
[check-recipe]
recipe = plone.recipe.command
stop-on-error = true
update-command = ${:command}
command =
grep parts ${buildout:develop-eggs-directory}/slapos.cookbook.egg-link
[buildout]
parts =
directory
reverse-proxy
certificate-authority
ca-nginx
logrotate
logrotate-entry-nginx
cron
cron-entry-logrotate
smtp-port-promise
publish-connection-parameter
# Define egg directories to be the one from Software Release
# (/opt/slapgrid/...)
eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true
# Fetch parameters defined in SlapOS Master for this instance
[instance-parameter]
recipe = slapos.cookbook:slapconfiguration
computer = $${slap-connection:computer-id}
partition = $${slap-connection:partition-id}
url = $${slap-connection:server-url}
key = $${slap-connection:key-file}
cert = $${slap-connection:cert-file}
# Set default parameters
configuration.slave-instance-list =
configuration.domain = un-hardcode-me
#configuration.http-port = 80
#configuration.https-port = 443
configuration.smtp-port = 25
configuration.public-ipv4 =
# Create needed directories
[directory]
recipe = slapos.cookbook:mkdirectory
home = $${buildout:directory}
bin = $${:home}/bin
etc = $${:home}/etc
srv = $${:home}/srv
var = $${:home}/var
service = $${:etc}/service
promise = $${:etc}/promise
backup = $${:srv}/backup
log = $${:var}/log
run = $${:var}/run
ca-dir = $${:srv}/ssl
ca-requests = $${:ca-dir}/requests
ca-private = $${:ca-dir}/private
ca-certs = $${:ca-dir}/certs
ca-newcerts = $${:ca-dir}/newcerts
ca-crl = $${:ca-dir}/crl
nginx-configuration = $${:etc}/nginx
nginx-ssl = $${:ca-dir}/nginx
nginx-log = $${:home}/logs
nginx-htdocs = $${:srv}/www
cron-entries = $${:etc}/cron.d
crontabs = $${:etc}/crontabs
cronstamps = $${:etc}/cronstamps
logrotate-entries = $${:etc}/logrotate.d
logrotate-backup = $${:backup}/logrotate
# Deploy nginx and publish connection parameters inside of the recipe
[reverse-proxy]
recipe = slapos.cookbook:reverseproxy.nginx
nginx-executable = ${nginx-unstable:location}/sbin/nginx
wrapper = $${directory:bin}/nginx
configuration-file = $${directory:nginx-configuration}/nginx.conf
ipv6 = $${instance-parameter:ipv6-random}
ipv4 = $${instance-parameter:ipv4-random}
slave-instance-list = $${instance-parameter:slave-instance-list}
#http-port = $${instance-parameter:http-port}
#https-port = $${instance-parameter:https-port}
smtp-port = $${instance-parameter:configuration.smtp-port}
domain = $${instance-parameter:configuration.domain}
access-log = $${directory:nginx-log}/access.log
error-log = $${directory:nginx-log}/error.log
key-file = $${directory:nginx-configuration}/nginx.key
cert-file = $${directory:nginx-configuration}/nginx.crt
pid-file = $${directory:run}/nginx
htdocs = $${directory:nginx-htdocs}
home-directory = $${directory:home}
# Set the public IPs (if possible) as slave connection parameter so that user knows what IP
# to bind to its domain name
public-ipv4 = $${instance-parameter:configuration.public-ipv4}
# Create and handle certificate related stuffs, including encapsulating run of nginx executable
[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = ${openssl:location}/bin/openssl
ca-dir = $${directory:ca-dir}
requests-directory = $${directory:ca-requests}
wrapper = $${directory:service}/ca
ca-private = $${directory:ca-private}
ca-certs = $${directory:ca-certs}
ca-newcerts = $${directory:ca-newcerts}
ca-crl = $${directory:ca-crl}
[ca-nginx]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
executable = $${reverse-proxy:wrapper}
wrapper = $${directory:service}/nginx
key-file = $${reverse-proxy:key-file}
cert-file = $${reverse-proxy:cert-file}
# Deploy logrotate
[logrotate]
recipe = slapos.cookbook:logrotate
# Binaries
logrotate-binary = ${logrotate:location}/usr/sbin/logrotate
gzip-binary = ${gzip:location}/bin/gzip
gunzip-binary = ${gzip:location}/bin/gunzip
# Directories
wrapper = $${directory:bin}/logrotate
conf = $${directory:etc}/logrotate.conf
logrotate-entries = $${directory:logrotate-entries}
backup = $${directory:logrotate-backup}
state-file = $${directory:srv}/logrotate.status
[logrotate-entry-nginx]
<= logrotate
recipe = slapos.cookbook:logrotate.d
name = nginx
log = $${reverse-proxy:access-log} $${reverse-proxy:error-log}
frequency = daily
rotate-num = 30
post = ${buildout:bin-directory}/killpidfromfile $${reverse-proxy:pid-file} SIGUSR1
sharedscripts = true
notifempty = true
create = true
# Deploy cron and configure it
[cron-simplelogger]
recipe = slapos.cookbook:simplelogger
wrapper = $${directory:bin}/cron_simplelogger
log = $${directory:log}/crond.log
[cron]
recipe = slapos.cookbook:cron
dcrond-binary = ${dcron:location}/sbin/crond
cron-entries = $${directory:cron-entries}
crontabs = $${directory:crontabs}
cronstamps = $${directory:cronstamps}
catcher = $${cron-simplelogger:wrapper}
binary = $${directory:service}/crond
[cron-entry-logrotate]
<= cron
recipe = slapos.cookbook:cron.d
name = logrotate
frequency = 0 0 * * *
command = $${logrotate:wrapper}
# Check promises
[smtp-port-promise]
recipe = slapos.cookbook:check_port_listening
path = $${directory:promise}/smtp-port-promise
hostname = $${instance-parameter:ipv6-random}
port = $${instance-parameter:configuration.smtp-port}
# Publish instance connection parameters
# Note: Parameters of slaves are published in the reverse-proxy recipe
[publish-connection-parameter]
recipe = slapos.cookbook:publish
ipv4 = $${instance-parameter:ipv4-random}
ipv6 = $${instance-parameter:ipv6-random}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment