Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Lukas Niegsch
slapos
Commits
66789ff2
Commit
66789ff2
authored
May 03, 2013
by
Cédric Le Ninivin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Remove stunnel from apache frontend recipe
parent
9558db11
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
268 additions
and
311 deletions
+268
-311
slapos/recipe/apache_frontend/__init__.py
slapos/recipe/apache_frontend/__init__.py
+239
-310
software/apache-frontend/instance.cfg
software/apache-frontend/instance.cfg
+29
-1
No files found.
slapos/recipe/apache_frontend/__init__.py
View file @
66789ff2
...
...
@@ -64,8 +64,6 @@ class Recipe(BaseSlapRecipe):
self
.
path_list
=
[]
self
.
requirements
,
self
.
ws
=
self
.
egg
.
working_set
()
# self.cron_d is a directory, where cron jobs can be registered
self
.
cron_d
=
self
.
installCrond
()
self
.
killpidfromfile
=
zc
.
buildout
.
easy_install
.
scripts
(
[(
'killpidfromfile'
,
'slapos.toolbox.killpidfromfile'
,
'killpidfromfile'
)],
self
.
ws
,
sys
.
executable
,
self
.
bin_directory
)[
0
]
...
...
@@ -163,27 +161,30 @@ class Recipe(BaseSlapRecipe):
rewrite_rule_list
.
append
(
rewrite_rule
)
# Certificate stuff
valid_certificate_str
=
self
.
parameter_dict
.
get
(
"domain_ssl_ca_cert"
)
valid_key_str
=
self
.
parameter_dict
.
get
(
"domain_ssl_ca_key"
)
if
valid_certificate_str
is
None
and
valid_key_str
is
None
:
ca_conf
=
self
.
installCertificateAuthority
()
key
,
certificate
=
self
.
requestCertificate
(
frontend_domain_name
)
else
:
ca_conf
=
self
.
installValidCertificateAuthority
(
frontend_domain_name
,
valid_certificate_str
,
valid_key_str
)
key
=
ca_conf
.
pop
(
"key"
)
certificate
=
ca_conf
.
pop
(
"certificate"
)
if
service_dict
!=
{}:
if
valid_certificate_str
is
not
None
and
valid_key_str
is
not
None
:
self
.
installCertificateAuthority
()
stunnel_key
,
stunnel_certificate
=
\
self
.
requestCertificate
(
frontend_domain_name
)
else
:
stunnel_key
,
stunnel_certificate
=
key
,
certificate
self
.
installStunnel
(
service_dict
,
stunnel_certificate
,
stunnel_key
,
ca_conf
[
"ca_crl"
],
ca_conf
[
"certificate_authority_path"
])
#valid_certificate_str = self.parameter_dict.get("domain_ssl_ca_cert")
#valid_key_str = self.parameter_dict.get("domain_ssl_ca_key")
#if valid_certificate_str is None and valid_key_str is None:
# ca_conf = self.installCertificateAuthority()
# key, certificate = self.requestCertificate(frontend_domain_name)
#else:
# ca_conf = self.installValidCertificateAuthority(
# frontend_domain_name, valid_certificate_str, valid_key_str)
# key = ca_conf.pop("key")
# certificate = ca_conf.pop("certificate")
#if service_dict != {}:
# if valid_certificate_str is not None and valid_key_str is not None:
# self.installCertificateAuthority()
# stunnel_key, stunnel_certificate = \
# self.requestCertificate(frontend_domain_name)
# else:
# stunnel_key, stunnel_certificate = key, certificate
stunnel_key
,
stunnel_certificate
=
self
.
options
[
'key_path'
],
self
.
options
[
'cert_path'
]
key
,
certificate
=
self
.
options
[
'key_path'
],
self
.
options
[
'cert_path'
]
#self.installStunnel(service_dict,
# stunnel_certificate, stunnel_key,
# self.options["ca_crl"],
# self.options["ca_dir"])
apache_parameter_dict
=
self
.
installFrontendApache
(
ip_list
=
[
"[%s]"
%
self
.
getGlobalIPv6Address
(),
...
...
@@ -272,13 +273,13 @@ class Recipe(BaseSlapRecipe):
service_name
=
"squid_%s"
%
reference
squid_ip
=
self
.
getLocalIPv4Address
()
stunnel_port
=
base_squid_port
+
1
#
self.installSquidCache(service_name,
#
ip=squid_ip,
#
port=base_squid_port,
#
backend_host=squid_ip,
#
backend_port=stunnel_port,
#
domain=domain,
#
size="1G")
#
self.installSquidCache(service_name,
#
ip=squid_ip,
#
port=base_squid_port,
#
backend_host=squid_ip,
#
backend_port=stunnel_port,
#
domain=domain,
#
size="1G")
service_dict
[
service_name
]
=
dict
(
public_ip
=
squid_ip
,
public_port
=
stunnel_port
,
private_ip
=
slave_host
.
replace
(
"["
,
""
).
replace
(
"]"
,
""
),
...
...
@@ -286,245 +287,208 @@ class Recipe(BaseSlapRecipe):
return
"%s http://%s:%s"
%
\
(
domain
,
squid_ip
,
base_squid_port
)
def
installSquidCache
(
self
,
name
,
ip
,
port
,
backend_host
,
backend_port
,
domain
,
size
=
"1G"
):
"""
Install a squid daemon for a certain address
"""
# directory = self.createDataDirectory(name)
# squid_config = dict(
# directory=directory,
# pid = "%s/squid.pid" % directory,
# port="%s:%s" % (ip, port),
# squidd_binary=self.options["squidd_binary"],
# control_port="%s:%s" % (ip, control_port),
# storage="file,%s/storage.bin,%s" % (directory, size))
#
# squid_argument_list = [squid_config['squidd_binary'].strip(),
# "-F", "-n", directory, "-P", squid_config["pid"], "-p",
# "cc_command=exec %s " % self.options["gcc_binary"] +\
# "-fpic -shared -o %o %s",
# "-f", config_file,
# "-a", squid_config["port"], "-T", squid_config["control_port"],
# "-s", squid_config["storage"]]
# environment = dict(PATH="%s:%s" % (self.options["binutils_directory"],
# os.environ.get('PATH')))
# wrapper = zc.buildout.easy_install.scripts([(name,
# 'slapos.recipe.librecipe.execute', 'executee')], self.ws,
# sys.executable, self.service_directory, arguments=[squid_argument_list,
# environment])[0]
# self.path_list.append(wrapper)
# directory = self.createDataDirectory(name)
config
=
dict
(
ip
=
ip
,
port
=
port
,
backend_ip
=
backend_host
,
backend_port
=
backend_port
,
domain
=
domain
,
# XXX Hardcoded
access_log_path
=
os
.
path
.
join
(
self
.
log_directory
,
'squid.access.log'
),
# XXX Hardcoded
cache_log_path
=
os
.
path
.
join
(
self
.
log_directory
,
'squid.cache.log'
),
# cache_path=self.options['cache-path'],
# XXX Hardcoded
pid_filename_path
=
os
.
path
.
join
(
self
.
run_directory
,
'squid.pid'
),
squid_binary
=
self
.
options
[
"squid_binary"
],
)
template_filename
=
self
.
getTemplateFilename
(
'squid.conf.in'
)
config_file
=
self
.
createConfigurationFile
(
"%s.conf"
%
name
,
self
.
substituteTemplate
(
self
.
getTemplateFilename
(
'squid.conf.in'
),
config
))
# # Prepare directories
# prepare_path = self.createPythonScript(
# self.options['prepare-path'],
# 'slapos.recipe.librecipe.execute.execute',
# arguments=[self.options['binary-path'].strip(),
# '-z',
# '-f', configuration_path,
# ],)
#
# # Create running wrapper
# wrapper_path = self.createPythonScript(
# self.options['wrapper-path'],
# 'slapos.recipe.librecipe.execute.execute',
# arguments=[self.options['binary-path'].strip(),
# '-N',
# '-f', configuration_path,
# ],)
#
# return [configuration_path, wrapper_path, prepare_path]
squid_argument_list
=
[
config
[
'squid_binary'
].
strip
(),
"-N"
,
"-f"
,
config_file
]
# "cc_command=exec %s " % self.options["gcc_binary"] +\
# "-fpic -shared -o %o %s",
# "-f", config_file,
# "-a", config["port"], "-T", config["control_port"],
# "-s", config["storage"]]
environment
=
dict
(
PATH
=
"%s:%s"
%
(
self
.
options
[
"binutils_directory"
],
os
.
environ
.
get
(
'PATH'
)))
wrapper
=
zc
.
buildout
.
easy_install
.
scripts
([(
name
,
'slapos.recipe.librecipe.execute'
,
'executee'
)],
self
.
ws
,
sys
.
executable
,
self
.
service_directory
,
arguments
=
[
squid_argument_list
,
environment
])[
0
]
self
.
path_list
.
append
(
wrapper
)
return
config
def
configureVarnishSlave
(
self
,
base_varnish_port
,
url
,
reference
,
service_dict
,
domain
):
# Varnish should use stunnel to connect to the backend
base_varnish_control_port
=
base_varnish_port
base_varnish_port
+=
1
# Use regex
host_regex
=
"((
\
[
\
w*|[0-9]+
\
.)(
\
:|)).*(
\
]|
\
.[0-9]+)"
slave_host
=
re
.
search
(
host_regex
,
url
).
group
(
0
)
port_regex
=
"
\
w+(
\
/|)$"
matcher
=
re
.
search
(
port_regex
,
url
)
if
matcher
is
not
None
:
slave_port
=
matcher
.
group
(
0
)
slave_port
=
slave_port
.
replace
(
"/"
,
""
)
elif
url
.
startswith
(
"https://"
):
slave_port
=
443
else
:
slave_port
=
80
service_name
=
"varnish_%s"
%
reference
varnish_ip
=
self
.
getLocalIPv4Address
()
stunnel_port
=
base_varnish_port
+
1
self
.
installVarnishCache
(
service_name
,
ip
=
varnish_ip
,
port
=
base_varnish_port
,
control_port
=
base_varnish_control_port
,
backend_host
=
varnish_ip
,
backend_port
=
stunnel_port
,
size
=
"1G"
)
service_dict
[
service_name
]
=
dict
(
public_ip
=
varnish_ip
,
public_port
=
stunnel_port
,
private_ip
=
slave_host
.
replace
(
"["
,
""
).
replace
(
"]"
,
""
),
private_port
=
slave_port
)
return
"%s http://%s:%s"
%
\
(
domain
,
varnish_ip
,
base_varnish_port
)
def
requestCertificate
(
self
,
name
):
hash
=
hashlib
.
sha512
(
name
).
hexdigest
()
key
=
os
.
path
.
join
(
self
.
ca_private
,
hash
+
self
.
ca_key_ext
)
certificate
=
os
.
path
.
join
(
self
.
ca_certs
,
hash
+
self
.
ca_crt_ext
)
parser
=
ConfigParser
.
RawConfigParser
()
parser
.
add_section
(
'certificate'
)
parser
.
set
(
'certificate'
,
'name'
,
name
)
parser
.
set
(
'certificate'
,
'key_file'
,
key
)
parser
.
set
(
'certificate'
,
'certificate_file'
,
certificate
)
parser
.
write
(
open
(
os
.
path
.
join
(
self
.
ca_request_dir
,
hash
),
'w'
))
return
key
,
certificate
def
installCrond
(
self
):
timestamps
=
self
.
createDataDirectory
(
'cronstamps'
)
cron_output
=
os
.
path
.
join
(
self
.
log_directory
,
'cron-output'
)
self
.
_createDirectory
(
cron_output
)
catcher
=
zc
.
buildout
.
easy_install
.
scripts
([(
'catchcron'
,
__name__
+
'.catdatefile'
,
'catdatefile'
)],
self
.
ws
,
sys
.
executable
,
self
.
bin_directory
,
arguments
=
[
cron_output
])[
0
]
self
.
path_list
.
append
(
catcher
)
cron_d
=
os
.
path
.
join
(
self
.
etc_directory
,
'cron.d'
)
crontabs
=
os
.
path
.
join
(
self
.
etc_directory
,
'crontabs'
)
self
.
_createDirectory
(
cron_d
)
self
.
_createDirectory
(
crontabs
)
wrapper
=
zc
.
buildout
.
easy_install
.
scripts
([(
'crond'
,
'slapos.recipe.librecipe.execute'
,
'execute'
)],
self
.
ws
,
sys
.
executable
,
self
.
service_directory
,
arguments
=
[
self
.
options
[
'dcrond_binary'
].
strip
(),
'-s'
,
cron_d
,
'-c'
,
crontabs
,
'-t'
,
timestamps
,
'-f'
,
'-l'
,
'5'
,
'-M'
,
catcher
]
)[
0
]
self
.
path_list
.
append
(
wrapper
)
return
cron_d
def
installValidCertificateAuthority
(
self
,
domain_name
,
certificate
,
key
):
ca_dir
=
os
.
path
.
join
(
self
.
data_root_directory
,
'ca'
)
ca_private
=
os
.
path
.
join
(
ca_dir
,
'private'
)
ca_certs
=
os
.
path
.
join
(
ca_dir
,
'certs'
)
ca_crl
=
os
.
path
.
join
(
ca_dir
,
'crl'
)
self
.
_createDirectory
(
ca_dir
)
for
path
in
(
ca_private
,
ca_certs
,
ca_crl
):
self
.
_createDirectory
(
path
)
key_path
=
os
.
path
.
join
(
ca_private
,
domain_name
+
".key"
)
certificate_path
=
os
.
path
.
join
(
ca_certs
,
domain_name
+
".crt"
)
self
.
_writeFile
(
key_path
,
key
)
self
.
_writeFile
(
certificate_path
,
certificate
)
return
dict
(
certificate_authority_path
=
ca_dir
,
ca_crl
=
ca_crl
,
certificate
=
certificate_path
,
key
=
key_path
)
def
installCertificateAuthority
(
self
,
ca_country_code
=
'XX'
,
ca_email
=
'xx@example.com'
,
ca_state
=
'State'
,
ca_city
=
'City'
,
ca_company
=
'Company'
):
backup_path
=
self
.
createBackupDirectory
(
'ca'
)
self
.
ca_dir
=
os
.
path
.
join
(
self
.
data_root_directory
,
'ca'
)
self
.
_createDirectory
(
self
.
ca_dir
)
self
.
ca_request_dir
=
os
.
path
.
join
(
self
.
ca_dir
,
'requests'
)
self
.
_createDirectory
(
self
.
ca_request_dir
)
config
=
dict
(
ca_dir
=
self
.
ca_dir
,
request_dir
=
self
.
ca_request_dir
)
self
.
ca_private
=
os
.
path
.
join
(
self
.
ca_dir
,
'private'
)
self
.
ca_certs
=
os
.
path
.
join
(
self
.
ca_dir
,
'certs'
)
self
.
ca_crl
=
os
.
path
.
join
(
self
.
ca_dir
,
'crl'
)
self
.
ca_newcerts
=
os
.
path
.
join
(
self
.
ca_dir
,
'newcerts'
)
self
.
ca_key_ext
=
'.key'
self
.
ca_crt_ext
=
'.crt'
for
d
in
[
self
.
ca_private
,
self
.
ca_crl
,
self
.
ca_newcerts
,
self
.
ca_certs
]:
self
.
_createDirectory
(
d
)
for
f
in
[
'crlnumber'
,
'serial'
]:
if
not
os
.
path
.
exists
(
os
.
path
.
join
(
self
.
ca_dir
,
f
)):
open
(
os
.
path
.
join
(
self
.
ca_dir
,
f
),
'w'
).
write
(
'01'
)
if
not
os
.
path
.
exists
(
os
.
path
.
join
(
self
.
ca_dir
,
'index.txt'
)):
open
(
os
.
path
.
join
(
self
.
ca_dir
,
'index.txt'
),
'w'
).
write
(
''
)
openssl_configuration
=
os
.
path
.
join
(
self
.
ca_dir
,
'openssl.cnf'
)
config
.
update
(
working_directory
=
self
.
ca_dir
,
country_code
=
ca_country_code
,
state
=
ca_state
,
city
=
ca_city
,
company
=
ca_company
,
email_address
=
ca_email
,
)
self
.
_writeFile
(
openssl_configuration
,
pkg_resources
.
resource_string
(
__name__
,
'template/openssl.cnf.ca.in'
)
%
config
)
# XXX-Cedric: Don't use this, but use slapos.recipe.certificate_authority
# from the instance profile.
self
.
path_list
.
extend
(
zc
.
buildout
.
easy_install
.
scripts
([
(
'certificate_authority'
,
__name__
+
'.certificate_authority'
,
'runCertificateAuthority'
)],
self
.
ws
,
sys
.
executable
,
self
.
service_directory
,
arguments
=
[
dict
(
openssl_configuration
=
openssl_configuration
,
openssl_binary
=
self
.
options
[
'openssl_binary'
],
certificate
=
os
.
path
.
join
(
self
.
ca_dir
,
'cacert.pem'
),
key
=
os
.
path
.
join
(
self
.
ca_private
,
'cakey.pem'
),
crl
=
os
.
path
.
join
(
self
.
ca_crl
),
request_dir
=
self
.
ca_request_dir
)]))
# def installSquidCache(self, name, ip, port, backend_host,
# backend_port, domain, size="1G"):
# """
# Install a squid daemon for a certain address
# """
## directory = self.createDataDirectory(name)
## squid_config = dict(
## directory=directory,
## pid = "%s/squid.pid" % directory,
## port="%s:%s" % (ip, port),
## squidd_binary=self.options["squidd_binary"],
## control_port="%s:%s" % (ip, control_port),
## storage="file,%s/storage.bin,%s" % (directory, size))
#
##
## squid_argument_list = [squid_config['squidd_binary'].strip(),
## "-F", "-n", directory, "-P", squid_config["pid"], "-p",
## "cc_command=exec %s " % self.options["gcc_binary"] +\
## "-fpic -shared -o %o %s",
## "-f", config_file,
## "-a", squid_config["port"], "-T", squid_config["control_port"],
## "-s", squid_config["storage"]]
## environment = dict(PATH="%s:%s" % (self.options["binutils_directory"],
## os.environ.get('PATH')))
## wrapper = zc.buildout.easy_install.scripts([(name,
## 'slapos.recipe.librecipe.execute', 'executee')], self.ws,
## sys.executable, self.service_directory, arguments=[squid_argument_list,
## environment])[0]
## self.path_list.append(wrapper)
#
#
## directory = self.createDataDirectory(name)
# config = dict(
# ip=ip,
# port=port,
# backend_ip=backend_host,
# backend_port=backend_port,
# domain=domain,
# # XXX Hardcoded
# access_log_path = os.path.join(self.log_directory, 'squid.access.log'),
# # XXX Hardcoded
# cache_log_path = os.path.join(self.log_directory, 'squid.cache.log'),
## cache_path=self.options['cache-path'],
# # XXX Hardcoded
# pid_filename_path=os.path.join(self.run_directory, 'squid.pid'),
# squid_binary=self.options["squid_binary"],
# )
#
# template_filename = self.getTemplateFilename('squid.conf.in')
# config_file = self.createConfigurationFile("%s.conf" % name,
# self.substituteTemplate(self.getTemplateFilename('squid.conf.in'),
# config))
#
## # Prepare directories
## prepare_path = self.createPythonScript(
## self.options['prepare-path'],
## 'slapos.recipe.librecipe.execute.execute',
## arguments=[self.options['binary-path'].strip(),
## '-z',
## '-f', configuration_path,
## ],)
##
## # Create running wrapper
## wrapper_path = self.createPythonScript(
## self.options['wrapper-path'],
## 'slapos.recipe.librecipe.execute.execute',
## arguments=[self.options['binary-path'].strip(),
## '-N',
## '-f', configuration_path,
## ],)
##
## return [configuration_path, wrapper_path, prepare_path]
#
# squid_argument_list = [config['squid_binary'].strip(),
# "-N", "-f", config_file]
## "cc_command=exec %s " % self.options["gcc_binary"] +\
## "-fpic -shared -o %o %s",
## "-f", config_file,
## "-a", config["port"], "-T", config["control_port"],
## "-s", config["storage"]]
# environment = dict(PATH="%s:%s" % (self.options["binutils_directory"],
# os.environ.get('PATH')))
# wrapper = zc.buildout.easy_install.scripts([(name,
# 'slapos.recipe.librecipe.execute', 'executee')], self.ws,
# sys.executable, self.service_directory, arguments=[squid_argument_list,
# environment])[0]
# self.path_list.append(wrapper)
#
# return config
# def requestCertificate(self, name):
# hash = hashlib.sha512(name).hexdigest()
# key = os.path.join(self.ca_private, hash + self.ca_key_ext)
# certificate = os.path.join(self.ca_certs, hash + self.ca_crt_ext)
# parser = ConfigParser.RawConfigParser()
# parser.add_section('certificate')
# parser.set('certificate', 'name', name)
# parser.set('certificate', 'key_file', key)
# parser.set('certificate', 'certificate_file', certificate)
# parser.write(open(os.path.join(self.ca_request_dir, hash), 'w'))
# return key, certificate
# def installCrond(self):
# timestamps = self.createDataDirectory('cronstamps')
# cron_output = os.path.join(self.log_directory, 'cron-output')
# self._createDirectory(cron_output)
# catcher = zc.buildout.easy_install.scripts([('catchcron',
# __name__ + '.catdatefile', 'catdatefile')], self.ws, sys.executable,
# self.bin_directory, arguments=[cron_output])[0]
# self.path_list.append(catcher)
# cron_d = os.path.join(self.etc_directory, 'cron.d')
# crontabs = os.path.join(self.etc_directory, 'crontabs')
# self._createDirectory(cron_d)
# self._createDirectory(crontabs)
# wrapper = zc.buildout.easy_install.scripts([('crond',
# 'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
# self.service_directory, arguments=[
# self.options['dcrond_binary'].strip(), '-s', cron_d, '-c', crontabs,
# '-t', timestamps, '-f', '-l', '5', '-M', catcher]
# )[0]
# self.path_list.append(wrapper)
# return cron_d
# def installValidCertificateAuthority(self, domain_name, certificate, key):
# ca_dir = os.path.join(self.data_root_directory, 'ca')
# ca_private = os.path.join(ca_dir, 'private')
# ca_certs = os.path.join(ca_dir, 'certs')
# ca_crl = os.path.join(ca_dir, 'crl')
# self._createDirectory(ca_dir)
# for path in (ca_private, ca_certs, ca_crl):
# self._createDirectory(path)
# key_path = os.path.join(ca_private, domain_name + ".key")
# certificate_path = os.path.join(ca_certs, domain_name + ".crt")
# self._writeFile(key_path, key)
# self._writeFile(certificate_path, certificate)
# return dict(certificate_authority_path=ca_dir,
# ca_crl=ca_crl,
# certificate=certificate_path,
# key=key_path)
#
# def installCertificateAuthority(self, ca_country_code='XX',
# ca_email='xx@example.com', ca_state='State', ca_city='City',
# ca_company='Company'):
# backup_path = self.createBackupDirectory('ca')
# self.ca_dir = os.path.join(self.data_root_directory, 'ca')
# self._createDirectory(self.ca_dir)
# self.ca_request_dir = os.path.join(self.ca_dir, 'requests')
# self._createDirectory(self.ca_request_dir)
# config = dict(ca_dir=self.ca_dir, request_dir=self.ca_request_dir)
# self.ca_private = os.path.join(self.ca_dir, 'private')
# self.ca_certs = os.path.join(self.ca_dir, 'certs')
# self.ca_crl = os.path.join(self.ca_dir, 'crl')
# self.ca_newcerts = os.path.join(self.ca_dir, 'newcerts')
# self.ca_key_ext = '.key'
# self.ca_crt_ext = '.crt'
# for d in [self.ca_private, self.ca_crl, self.ca_newcerts, self.ca_certs]:
# self._createDirectory(d)
# for f in ['crlnumber', 'serial']:
# if not os.path.exists(os.path.join(self.ca_dir, f)):
# open(os.path.join(self.ca_dir, f), 'w').write('01')
# if not os.path.exists(os.path.join(self.ca_dir, 'index.txt')):
# open(os.path.join(self.ca_dir, 'index.txt'), 'w').write('')
# openssl_configuration = os.path.join(self.ca_dir, 'openssl.cnf')
# config.update(
# working_directory=self.ca_dir,
# country_code=ca_country_code,
# state=ca_state,
# city=ca_city,
# company=ca_company,
# email_address=ca_email,
# )
# self._writeFile(openssl_configuration, pkg_resources.resource_string(
# __name__, 'template/openssl.cnf.ca.in') % config)
#
# # XXX-Cedric: Don't use this, but use slapos.recipe.certificate_authority
# # from the instance profile.
# self.path_list.extend(zc.buildout.easy_install.scripts([
# ('certificate_authority', __name__ + '.certificate_authority',
# 'runCertificateAuthority')],
# self.ws, sys.executable, self.service_directory, arguments=[dict(
# openssl_configuration=openssl_configuration,
# openssl_binary=self.options['openssl_binary'],
# certificate=os.path.join(self.ca_dir, 'cacert.pem'),
# key=os.path.join(self.ca_private, 'cakey.pem'),
# crl=os.path.join(self.ca_crl),
# request_dir=self.ca_request_dir
# )]))
# configure backup
backup_cron
=
os
.
path
.
join
(
self
.
cron_d
,
'ca_rdiff_backup'
)
open
(
backup_cron
,
'w'
).
write
(
'''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''
%
dict
(
rdiff_backup
=
self
.
options
[
'rdiff_backup_binary'
],
source
=
self
.
ca_dir
,
destination
=
backup_path
))
self
.
path_list
.
append
(
backup_cron
)
return
dict
(
ca_certificate
=
os
.
path
.
join
(
config
[
'ca_dir'
],
'cacert.pem'
),
ca_crl
=
os
.
path
.
join
(
config
[
'ca_dir'
],
'crl'
),
certificate_authority_path
=
config
[
'ca_dir'
]
)
#
backup_cron = os.path.join(self.cron_d, 'ca_rdiff_backup')
#
open(backup_cron, 'w').write(
#
'''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''%dict(
#
rdiff_backup=self.options['rdiff_backup_binary'],
#
source=self.ca_dir,
#
destination=backup_path))
#
self.path_list.append(backup_cron)
#
return dict(
#
ca_certificate=os.path.join(config['ca_dir'], 'cacert.pem'),
#
ca_crl=os.path.join(config['ca_dir'], 'crl'),
#
certificate_authority_path=config['ca_dir']
#
)
def
_getApacheConfigurationDict
(
self
,
name
,
ip_list
,
port
):
apache_conf
=
dict
()
...
...
@@ -543,41 +507,6 @@ class Recipe(BaseSlapRecipe):
apache_conf
[
'access_log'
]
=
self
.
options
[
'access-log'
]
return
apache_conf
def
installVarnishCache
(
self
,
name
,
ip
,
port
,
control_port
,
backend_host
,
backend_port
,
size
=
"1G"
):
"""
Install a varnish daemon for a certain address
"""
directory
=
self
.
createDataDirectory
(
name
)
varnish_config
=
dict
(
directory
=
directory
,
pid
=
"%s/varnish.pid"
%
directory
,
port
=
"%s:%s"
%
(
ip
,
port
),
varnishd_binary
=
self
.
options
[
"varnishd_binary"
],
control_port
=
"%s:%s"
%
(
ip
,
control_port
),
storage
=
"file,%s/storage.bin,%s"
%
(
directory
,
size
))
config_file
=
self
.
createConfigurationFile
(
"%s.conf"
%
name
,
self
.
substituteTemplate
(
self
.
getTemplateFilename
(
'varnish.vcl.in'
),
dict
(
backend_host
=
backend_host
,
backend_port
=
backend_port
)))
varnish_argument_list
=
[
varnish_config
[
'varnishd_binary'
].
strip
(),
"-F"
,
"-n"
,
directory
,
"-P"
,
varnish_config
[
"pid"
],
"-p"
,
"cc_command=exec %s "
%
self
.
options
[
"gcc_binary"
]
+
\
"-fpic -shared -o %o %s"
,
"-f"
,
config_file
,
"-a"
,
varnish_config
[
"port"
],
"-T"
,
varnish_config
[
"control_port"
],
"-s"
,
varnish_config
[
"storage"
]]
environment
=
dict
(
PATH
=
"%s:%s"
%
(
self
.
options
[
"binutils_directory"
],
os
.
environ
.
get
(
'PATH'
)))
wrapper
=
zc
.
buildout
.
easy_install
.
scripts
([(
name
,
'slapos.recipe.librecipe.execute'
,
'executee'
)],
self
.
ws
,
sys
.
executable
,
self
.
service_directory
,
arguments
=
[
varnish_argument_list
,
environment
])[
0
]
self
.
path_list
.
append
(
wrapper
)
return
varnish_config
def
installStunnel
(
self
,
service_dict
,
certificate
,
key
,
ca_crl
,
ca_path
):
"""Installs stunnel
...
...
@@ -669,14 +598,14 @@ class Recipe(BaseSlapRecipe):
open
(
custom_apache_virtual_configuration_file_location
,
'w'
)
# Create backup of custom apache configuration
backup_path
=
self
.
createBackupDirectory
(
'custom_apache_conf_backup'
)
backup_cron
=
os
.
path
.
join
(
self
.
cron_d
,
'custom_apache_conf_backup'
)
open
(
backup_cron
,
'w'
).
write
(
'''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''
%
dict
(
rdiff_backup
=
self
.
options
[
'rdiff_backup_binary'
],
source
=
custom_apache_configuration_directory
,
destination
=
backup_path
))
self
.
path_list
.
append
(
backup_cron
)
#
backup_path = self.createBackupDirectory('custom_apache_conf_backup')
#
backup_cron = os.path.join(self.cron_d, 'custom_apache_conf_backup')
#
open(backup_cron, 'w').write(
#
'''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''%dict(
#
rdiff_backup=self.options['rdiff_backup_binary'],
#
source=custom_apache_configuration_directory,
#
destination=backup_path))
#
self.path_list.append(backup_cron)
# Create configuration file and rewritemaps
apachemap_path
=
self
.
createConfigurationFile
(
...
...
software/apache-frontend/instance.cfg
View file @
66789ff2
...
...
@@ -37,6 +37,7 @@ cronstamps = $${:etc}/cronstamps
ca-dir = $${:srv}/ssl
squid-cache = $${:srv}/squid_cache
stunnel-conf = $${:etc}/stunnel
[instance-parameter]
# Fetches parameters defined in SlapOS Master for this instance.
...
...
@@ -115,6 +116,31 @@ wrapper = $${directory:service}/apache_frontend
# Put domain name
name = $${instance-parameter:configuration.domain}
[ca-stunnel]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = $${directory:stunnel-conf}/stunnel.key
cert-file = $${directory:stunnel-conf}/stunnel.crt
executable = $${stunnel:wrapper}
wrapper = $${basedirectory:services}/stunnel
[stunnel]
recipe = slapos.cookbook:stunnel
stunnel-binary = ${stunnel:location}/bin/stunnel
wrapper = $${directory:bin}/stunnel
log-file = $${directory:log}/stunnel.log
config-file = $${directory:etc}/stunnel.conf
key-file = $${ca-stunnel:key-file}
cert-file = $${ca-stunnel:cert-file}
pid-file = $${directory:run}/stunnel.pid
local-port = $${squid-hardcoded:backend-port}
local-host = $${squid-hardcoded:backend-ip}
remote-host = $${squid-hardcoded:remote-host}
remote-port = $${squid-hardcoded:remote-port}
client = false
post-rotate-script = $${directory:bin}/stunnel_post_rotate
[cron]
recipe = slapos.cookbook:cron
dcrond-binary = ${dcron:location}/sbin/crond
...
...
@@ -183,4 +209,6 @@ ip = 10.0.24.140
port = 26010
backend-ip = 10.0.24.140
backend-port = 26011
domain = softinst34784.bateau.org
\ No newline at end of file
domain = softinst34784.bateau.org
remote-host = 2001:470:1f14:169:d418:9eb7:1bea:8983
remote-port = 16001
\ No newline at end of file
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment