Commit 8d221be7 authored by Alain Takoudjou's avatar Alain Takoudjou

kvm-cluster: setup apache http server for sharing files with vms

parent 80b99e40
...@@ -87,7 +87,7 @@ command = ...@@ -87,7 +87,7 @@ command =
[template] [template]
recipe = slapos.recipe.template recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance.cfg.in url = ${:_profile_base_location_}/instance.cfg.in
md5sum = cf67212d3155767d0d0d8a6d75d2d8ad md5sum = 3bca2c959d19881270c64f94ad1ebba8
output = ${buildout:directory}/template.cfg output = ${buildout:directory}/template.cfg
mode = 0644 mode = 0644
...@@ -95,7 +95,7 @@ mode = 0644 ...@@ -95,7 +95,7 @@ mode = 0644
recipe = hexagonit.recipe.download recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/instance-kvm.cfg.jinja2 url = ${:_profile_base_location_}/instance-kvm.cfg.jinja2
mode = 644 mode = 644
md5sum = 55eb9cb0d85dedbda0f03986cef261db md5sum = ea1e8f4a7c1878beec83267fd40728c2
download-only = true download-only = true
on-update = true on-update = true
...@@ -103,7 +103,7 @@ on-update = true ...@@ -103,7 +103,7 @@ on-update = true
recipe = hexagonit.recipe.download recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/instance-kvm-cluster.cfg.jinja2.in url = ${:_profile_base_location_}/instance-kvm-cluster.cfg.jinja2.in
mode = 644 mode = 644
md5sum = 1e4d8eade6d291480e5112ef9f31f031 md5sum = 5a864099760e3a37fa4604044d708657
download-only = true download-only = true
on-update = true on-update = true
...@@ -173,7 +173,7 @@ recipe = hexagonit.recipe.download ...@@ -173,7 +173,7 @@ recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/template/apache.conf.in url = ${:_profile_base_location_}/template/apache.conf.in
mode = 644 mode = 644
filename = apache.conf.in filename = apache.conf.in
md5sum = 91f05377aff35ffbac7f2687e90b5dcc md5sum = e9c9fd88d71e9dc7416149af5bcfb951
download-only = true download-only = true
on-update = true on-update = true
...@@ -191,9 +191,10 @@ recipe = slapos.recipe.template:jinja2 ...@@ -191,9 +191,10 @@ recipe = slapos.recipe.template:jinja2
filename = template-httpd.cfg filename = template-httpd.cfg
template = ${:_profile_base_location_}/instance-kvm-http.cfg.in template = ${:_profile_base_location_}/instance-kvm-http.cfg.in
rendered = ${buildout:parts-directory}/${:_buildout_section_name_}/instance-kvm-http.cfg rendered = ${buildout:parts-directory}/${:_buildout_section_name_}/instance-kvm-http.cfg
md5sum = 84b96dfc78e8d2611bf7210b8b6bb9c5 md5sum = fc8b3259942d6dedbc01065358a00d71
context = context =
key apache_location apache:location key apache_location apache:location
raw openssl_executable_location ${openssl:location}/bin/openssl
Please register or sign in to reply
raw template_apache_conf ${template-apache-conf:location}/${template-apache-conf:filename} raw template_apache_conf ${template-apache-conf:location}/${template-apache-conf:filename}
...@@ -66,19 +66,19 @@ config-data-to-vm = {{ dumps(kvm_parameter_dict.get('data-to-vm', '')) }} ...@@ -66,19 +66,19 @@ config-data-to-vm = {{ dumps(kvm_parameter_dict.get('data-to-vm', '')) }}
{% endif -%} {% endif -%}
# Enable simple http server on ipv6 so all VMs will access it # Enable simple http server on ipv6 so all VMs will access it
config-document-host = ${http-server:host} config-document-host = ${apache-conf:ip}
config-document-port = ${http-server:port} config-document-port = ${apache-conf:port}
config-document-path = ${http-server:path} config-document-path = ${hash-code:passwd}
return = return =
backend-url backend-url
url url
{% if use_nat.lower() -%} {% if str(use_nat).lower() -%}
{% for port in nat_rules_list -%} {% for port in nat_rules_list -%}
{{ ' ' }}nat-rule-url-{{ port }} {{ ' ' }}nat-rule-url-{{ port }}
{% endfor -%} {% endfor -%}
{% endif -%} {% endif -%}
{% if kvm_parameter_dict.get('use-tap', 'True').lower() == 'true' -%} {% if str(kvm_parameter_dict.get('use-tap', 'True')).lower() == 'true' -%}
{{ ' ' }}tap-ipv4 {{ ' ' }}tap-ipv4
{% do publish_dict.__setitem__('lan-' ~ instance_name, '${' ~ section ~ ':connection-tap-ipv4}') -%} {% do publish_dict.__setitem__('lan-' ~ instance_name, '${' ~ section ~ ':connection-tap-ipv4}') -%}
...@@ -135,6 +135,11 @@ sla-instance_guid = {{ slave_frontend_iguid }} ...@@ -135,6 +135,11 @@ sla-instance_guid = {{ slave_frontend_iguid }}
{% endfor %} {% endfor %}
# Enable simple http server on ipv6 so all VMs will access it # Enable simple http server on ipv6 so all VMs will access it
[hash-code]
recipe = slapos.cookbook:generate.password
storage-path = ${directory:etc}/code
bytes = 24
[directory] [directory]
recipe = slapos.cookbook:mkdirectory recipe = slapos.cookbook:mkdirectory
etc = ${buildout:directory}/etc etc = ${buildout:directory}/etc
...@@ -144,34 +149,19 @@ var = ${buildout:directory}/var ...@@ -144,34 +149,19 @@ var = ${buildout:directory}/var
log = ${:var}/log log = ${:var}/log
scripts = ${:etc}/run scripts = ${:etc}/run
services = ${:etc}/service services = ${:etc}/service
document = ${:srv}/document webroot = ${:srv}/document
promises = ${:etc}/promise promises = ${:etc}/promise
ssl = ${:etc}/ssl ssl = ${:etc}/ssl
[http-ssl] [directory-doc]
recipe = plone.recipe.command recipe = slapos.cookbook:mkdirectory
command = "{{ openssl_executable_location }}" req -newkey rsa -batch -new -x509 -days 3650 -nodes -keyout "${:key}" -out "${:cert}" document = ${directory:webroot}/${hash-code:passwd}
key = ${directory:ssl}/key
cert = ${directory:ssl}/cert [apache-conf]
update-command = denied-root-access = true
stop-on-error = true root = ${directory:webroot}/
index = ${directory:webroot}/${hash-code:passwd}
[http-server]
recipe = slapos.cookbook:simplehttpserver
host = {{ ipv6 }}
port = 9002 port = 9002
base-path = ${directory:document}
wrapper = ${directory:services}/simple-http-server
log-file = ${directory:log}/http.log
cert-file = ${http-ssl:cert}
key-file = ${http-ssl:key}
use-hash-url = true
[http-promise]
recipe = slapos.cookbook:check_port_listening
path = ${directory:promises}/http-server
hostname = ${http-server:host}
port = ${http-server:port}
{% if len(kvm_hostname_list) -%} {% if len(kvm_hostname_list) -%}
{% do part_list.append('write-vm-hostname') -%} {% do part_list.append('write-vm-hostname') -%}
...@@ -179,7 +169,7 @@ port = ${http-server:port} ...@@ -179,7 +169,7 @@ port = ${http-server:port}
recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
template = {{ template_content }} template = {{ template_content }}
filename = hosts filename = hosts
rendered = ${http-server:root-dir}/${:filename} rendered = ${directory:webroot}/${hash-code:passwd}/${:filename}
context = context =
raw content_list {{ kvm_hostname_list | join('#') }} raw content_list {{ kvm_hostname_list | join('#') }}
raw sep # raw sep #
...@@ -207,10 +197,14 @@ recipe = slapos.cookbook:publish ...@@ -207,10 +197,14 @@ recipe = slapos.cookbook:publish
{{ name }} = {{ value }} {{ name }} = {{ value }}
{% endfor %} {% endfor %}
[buildout] [buildout]
extends =
{{ template_httpd_cfg }}
parts = parts =
http-server httpd
http-promise httpd-promise
publish publish
directory-doc
# Complete parts with sections # Complete parts with sections
{{ part_list | join('\n ') }} {{ part_list | join('\n ') }}
......
...@@ -14,33 +14,48 @@ log = ${:var}/log ...@@ -14,33 +14,48 @@ log = ${:var}/log
services = ${:etc}/service services = ${:etc}/service
promises = ${:etc}/promise promises = ${:etc}/promise
run = ${:var}/run run = ${:var}/run
document = ${:srv}/document
ssl = ${:etc}/ssl
[apache-conf] [apache-conf]
recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
template = {{ template_apache_conf }} template = {{ template_apache_conf }}
rendered = ${directory:etc}/apache.conf rendered = ${directory:etc}/apache.conf
#ipv6 = ${slap-network-information:global-ipv6} ip = ${slap-network-information:global-ipv6}
ipv4 = ${slap-network-information:local-ipv4} #ipv4 = ${slap-network-information:local-ipv4}
port = ${slap-parameter:httpd-port} port = ${slap-parameter:httpd-port}
error-log = ${directory:log}/apache-error.log error-log = ${directory:log}/apache-error.log
access-log = ${directory:log}/apache-access.log access-log = ${directory:log}/apache-access.log
pid-file = ${directory:run}/apache.pid pid-file = ${directory:run}/apache.pid
index = ${directory:public} index = ${directory:public}
root = {:index}
denied-root-access = false
context = context =
key port :port key port :port
key ip :ipv4 key ip :ip
key access_log :access-log key access_log :access-log
key error_log :error-log key error_log :error-log
key pid_file :pid-file key pid_file :pid-file
key index_folder :index key index_folder :index
key cert httpd-ssl:cert
key key httpd-ssl:key
key document_root :root
[httpd] [httpd]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:services}/httpd wrapper-path = ${directory:services}/httpd
command-line = "{{ apache_location }}/bin/httpd" -f "${apache-conf:rendered}" -DFOREGROUND command-line = "{{ apache_location }}/bin/httpd" -f "${apache-conf:rendered}" -DFOREGROUND
[httpd-ssl]
recipe = plone.recipe.command
command = "{{ openssl_executable_location }}" req -newkey rsa -batch -new -x509 -days 3650 -nodes -keyout "${:key}" -out "${:cert}"
key = ${directory:ssl}/key
cert = ${directory:ssl}/cert
update-command =
stop-on-error = true
[httpd-promise] [httpd-promise]
recipe = slapos.cookbook:check_port_listening recipe = slapos.cookbook:check_port_listening
path = ${directory:promises}/apache-httpd path = ${directory:promises}/apache-httpd
hostname = ${apache-conf:ipv4} hostname = ${apache-conf:ip}
port = ${apache-conf:port} port = ${apache-conf:port}
\ No newline at end of file
...@@ -135,7 +135,7 @@ external-disk-number = ${slap-parameter:external-disk-number} ...@@ -135,7 +135,7 @@ external-disk-number = ${slap-parameter:external-disk-number}
external-disk-size = ${slap-parameter:external-disk-size} external-disk-size = ${slap-parameter:external-disk-size}
external-disk-format = ${slap-parameter:external-disk-format} external-disk-format = ${slap-parameter:external-disk-format}
{% if enable_http == 'tue' or ( use_tap == 'true' and tap_network_dict.has_key('ipv4') ) -%} {% if enable_http == 'true' or ( use_tap == 'true' and tap_network_dict.has_key('ipv4') ) -%}
httpd-port = ${slap-parameter:httpd-port} httpd-port = ${slap-parameter:httpd-port}
{% else -%} {% else -%}
httpd-port = 0 httpd-port = 0
......
...@@ -67,6 +67,7 @@ filename = template-kvm-cluster.cfg ...@@ -67,6 +67,7 @@ filename = template-kvm-cluster.cfg
extra-context = extra-context =
section parameter_dict dynamic-template-kvm-cluster-parameters section parameter_dict dynamic-template-kvm-cluster-parameters
raw template_content ${template-content:location}/${template-content:filename} raw template_content ${template-content:location}/${template-content:filename}
raw template_httpd_cfg ${template-httpd:rendered}
[dynamic-template-kvm] [dynamic-template-kvm]
recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
......
...@@ -27,6 +27,17 @@ ServerTokens Prod ...@@ -27,6 +27,17 @@ ServerTokens Prod
ServerSignature Off ServerSignature Off
TraceEnable Off TraceEnable Off
SSLEngine on
SSLCertificateFile {{ cert }}
SSLCertificateKeyFile {{ key }}
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLProtocol All -SSLv2
SSLProxyEngine On
DocumentRoot {{ document_root }}
ErrorLog "{{ error_log }}" ErrorLog "{{ error_log }}"
# Default apache log format with request time in microsecond at the end # Default apache log format with request time in microsecond at the end
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
...@@ -40,10 +51,11 @@ SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded ...@@ -40,10 +51,11 @@ SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
Require all denied Require all denied
</Directory> </Directory>
DocumentRoot {{ index_folder }}
<Directory {{ index_folder }}> <Directory {{ index_folder }}>
Options Indexes FollowSymLinks Options Indexes FollowSymLinks
Require ip {{ ip }} # Require ip {{ ip }}
# Require env forwarded '{{ ip }}' # Require env forwarded '{{ ip }}'
Require all denied # Require all denied
AllowOverride None
Require all granted
</Directory> </Directory>
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment