Commit 37e10364 authored by Kazuhiko Shiozaki's avatar Kazuhiko Shiozaki

install stunnel in generic_varnish to support https backend.

parent 13a81682
......@@ -39,9 +39,28 @@ class Recipe(GenericSlapRecipe):
ip = self.options['ip']
backend_url = self.parameter_dict['tidstorage-url']
backend_server, backend_port = self._getBackendServer(backend_url)
path_list = []
if backend_url.startswith('https://'):
config = dict(
stunnel_binary=self.options['stunnel-binary'],
stunnel_server=ip,
stunnel_port=int(self.options['stunnel-port']),
stunnel_pid_file=self.options['stunnel-pid-file'],
stunnel_conf_file=self.options['stunnel-conf-file'],
shell_path=self.options['shell-path'],
backend_server=backend_server.replace('[', '').replace(']', ''),
backend_port=backend_port,
)
path_list.append(self.createExecutable(self.options['stunnel-wrapper'],
self.substituteTemplate(self.getTemplateFilename('stunnel.in'),
config)))
path_list.append(self.createFile(self.options['stunnel-conf-file'],
self.substituteTemplate(self.getTemplateFilename('stunnel.conf.in'),
config)))
backend_server = ip
backend_port = int(self.options['stunnel-port'])
varnishd_manager_port = int(self.options['manager-port'])
varnishd_server_port = int(self.options['server-port'])
path_list = []
config = dict(
varnishd_binary=self.options['varnishd-binary'],
varnish_ip=ip,
......
foreground = yes
output = /dev/stdout
pid = %(stunnel_pid_file)s
debug = 4
[remote]
accept = %(stunnel_server)s:%(stunnel_port)s
client = yes
connect = %(backend_server)s:%(backend_port)s
sni = %(stunnel_server)s
#!%(shell_path)s
DAEMON_OPTS="%(stunnel_conf_file)s"
exec %(stunnel_binary)s ${DAEMON_OPTS} 2>&1
......@@ -48,6 +48,7 @@ extends =
../../component/python-2.7/buildout.cfg
../../component/python-ldap-python/buildout.cfg
../../component/rdiff-backup/buildout.cfg
../../component/stunnel/buildout.cfg
../../component/subversion/buildout.cfg
../../component/tesseract/buildout.cfg
../../component/varnish/buildout.cfg
......@@ -76,6 +77,7 @@ parts =
graphviz
haproxy
jsl
stunnel
varnish-3.0
w3m
poppler
......@@ -235,7 +237,7 @@ mode = 640
# XXX: "template.cfg" is hardcoded in instanciation recipe
filename = template.cfg
template = ${:_profile_base_location_}/instance.cfg.in
md5sum = fbb7ea50d7ea6d4e25725801cc3fd5f9
md5sum = a1a5a9983207e4a8128bab331cbd3cd5
extra-context =
key apache_location apache:location
key aspell_location aspell:location
......@@ -274,6 +276,7 @@ extra-context =
key openssl_location openssl:location
key poppler_location poppler:location
key sed_location sed:location
key stunnel_location stunnel:location
key template_cloudooo template-cloudooo:target
key template_erp5_single template-erp5-single:target
key template_erp5_cluster template-erp5-cluster:target
......@@ -316,7 +319,7 @@ mode = 640
[template-varnish]
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/instance-varnish.cfg.in
md5sum = 728650f5d20ad637d8d824d1968865ca
md5sum = ae0465591c22c0cb316c1706965c6b18
mode = 640
[bt5-repository]
......
......@@ -28,18 +28,23 @@ recipe = slapos.cookbook:generic.varnish
ip = ${slap-network-information:local-ipv4}
server-port = 6001
manager-port = 6002
stunnel-port = 6003
# Paths: Running wrappers
varnishd-wrapper = ${basedirectory:services}/varnishd
varnishlog-wrapper = ${rootdirectory:bin}/varnishlog
stunnel-wrapper = ${basedirectory:services}/stunnel
# Binary information
varnishd-binary = {{ parameter_dict['varnish'] }}/sbin/varnishd
varnishlog-binary = {{ parameter_dict['varnish'] }}/bin/varnishlog
shell-path = {{ parameter_dict['dash'] }}/bin/dash
stunnel-binary = {{ parameter_dict['stunnel'] }}/bin/stunnel
# Configuration by VCL
vcl-file = ${rootdirectory:etc}/default.vcl
pid-file = ${basedirectory:run}/varnishd.pid
stunnel-conf-file = ${rootdirectory:etc}/stunnel.conf
stunnel-pid-file = ${basedirectory:run}/stunnel.pid
varnish-data = ${directory:varnish-data}
# this will pass at -n option
varnish-instance-name = ${directory:varnish-instance}
......
......@@ -99,6 +99,7 @@ dash = {{ dash_location }}
dcron = {{ dcron_location }}
gzip = {{ gzip_location }}
logrotate = {{ logrotate_location }}
stunnel = {{ stunnel_location }}
varnish = {{ varnish_location }}
wget = {{ wget_location }}
buildout-bin-directory = {{ buildout_bin_directory }}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment