Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Paul Graydon
slapos
Commits
09162bd3
Commit
09162bd3
authored
Jun 05, 2015
by
Jérome Perrin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
PALO: polished ETL and support for ssl
parent
7559a94a
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
120 additions
and
140 deletions
+120
-140
software/palo/instance.cfg.in
software/palo/instance.cfg.in
+88
-60
software/palo/palo.ini.in
software/palo/palo.ini.in
+7
-3
software/palo/server.xml.in
software/palo/server.xml.in
+17
-67
software/palo/software.cfg
software/palo/software.cfg
+8
-10
No files found.
software/palo/instance.cfg.in
View file @
09162bd3
[buildout]
[buildout]
parts =
parts =
instance-parameter
instance-parameter
directory
palo_olap
palo_olap
publish-connection-parameter
palo_etl
palo_etl
publish-connection-parameter
eggs-directory = ${buildout:eggs-directory}
eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true
offline = true
# TODO: json schema with parameters
# TODO: review certificate generation, file permissions and passwords
# common parts
[instance-parameter]
[instance-parameter]
recipe = slapos.cookbook:slapconfiguration
recipe = slapos.cookbook:slapconfiguration
computer = $${slap_connection:computer_id}
computer = $${slap_connection:computer_id}
...
@@ -19,51 +21,53 @@ url = $${slap_connection:server_url}
...
@@ -19,51 +21,53 @@ url = $${slap_connection:server_url}
key = $${slap_connection:key_file}
key = $${slap_connection:key_file}
cert = $${slap_connection:cert_file}
cert = $${slap_connection:cert_file}
# erp5_url is the URL of an ERP5 instance, with erp5_palo business template installed
configuration.erp5_url =
configuration.erp5_url =
# TODO: configuration of a simple password based authentication ?
[palo_olap_parameter]
ipv4 = $${instance-parameter:ipv4-random}
[publish-connection-parameter]
ipv6 = $${instance-parameter:ipv6-random}
recipe = slapos.cookbook:publish
palo_olap_port = 7777
palo_olap = [$${palo_olap_parameter:ipv6}]:$${palo_olap_parameter:palo_olap_port}
palo_olap_admin_port = 7778
palo_olap_ssl = [$${palo_olap_parameter:ipv6}]:$${palo_olap_parameter:palo_olap_ssl_port}
palo_etl_url = https://[$${palo_etl_parameter:tomcat_host}]:$${palo_etl_parameter:tomcat_port}/etlserver/services//ETL-Server?wsdl
# palo_olap_admin_url = [$${palo_olap_parameter:ipv6}]:$${palo_olap_parameter:palo_olap_admin_port}
[directory]
[directory]
recipe = slapos.cookbook:mkdirectory
recipe = slapos.cookbook:mkdirectory
home = $${buildout:directory}
home = $${buildout:directory}
bin = $${:home}/bin
etc = $${:home}/etc
etc = $${:home}/etc
var = $${:home}/var
script = $${:etc}/run
script = $${:etc}/run/
service = $${:etc}/service
service = $${:etc}/service
promise = $${:etc}/promise/
promise = $${:etc}/promise
var = $${:home}/var
log = $${:var}/log
log = $${:var}/log
srv = $${:home}/srv
[directory_palo_etl]
<= directory
data_directory = $${:var}/palo_olap/
[directory_tomcat]
<= directory
catalina_base = $${:var}/palo_etl
catalina_logs = $${:catalina_base}/logs
catalina_temp = $${:catalina_base}/temp
catalina_webapps = $${:catalina_base}/webapps
catalina_work = $${:catalina_base}/work
catalina_conf = $${:catalina_base}/conf
# Palo olap instance
[palo_olap_parameter]
ipv4 = $${instance-parameter:ipv4-random}
ipv6 = $${instance-parameter:ipv6-random}
palo_olap_port = 7777
palo_olap_ssl_port = 7778
palo_olap_admin_port = 7779
key-file = $${certificate_palo_olap:key-file}
dh1024-file = $${certificate_palo_olap:dh1024-file}
[TODO]
# XXX this depends on architecture. Maybe we need to patch palo_olap for that
todo =
extensions_dir = ${palo_olap:location}/usr/lib64
tunnel
etl
log_rotation
[directory_palo_olap]
<= directory
data_directory = $${:var}/palo_olap
[palo_ini]
[palo_ini]
recipe = slapos.recipe.template:jinja2
recipe = slapos.recipe.template:jinja2
template = ${
:_profile_base_location_}/palo.ini.in
template = ${
template_palo_ini:target}
rendered = $${directory:etc}/palo.ini
rendered = $${directory:etc}/palo.ini
extensions = jinja2.ext.do
context =
context = import json_module json
key directory_log directory:log
key directory_log directory:log
raw palo_olap_repository_location ${palo_olap-repository.git:location}
raw palo_olap_repository_location ${palo_olap-repository.git:location}
section parameter instance-parameter
section parameter instance-parameter
...
@@ -71,45 +75,69 @@ context = import json_module json
...
@@ -71,45 +75,69 @@ context = import json_module json
key erp5_url instance-parameter:configuration.erp5_url
key erp5_url instance-parameter:configuration.erp5_url
raw erp5_login_worker_path ${erp5_login_worker:output}
raw erp5_login_worker_path ${erp5_login_worker:output}
[certificate_palo_olap]
recipe = plone.recipe.command
# Manually generate certificates as documented in palo.ini.sample
command =
${openssl:location}/bin/openssl req -x509 -nodes -days 3650 \
-subj "/C=AA/ST=X/L=X/O=Dis/CN=$${palo_olap_parameter:ipv6}" \
-newkey rsa:1024 -keyout $${:key-file} -out $${:key-file} && \
${openssl:location}/bin/openssl dhparam -2 -outform PEM -out $${:dh1024-file} 1024
key-file = $${directory:etc}/palo_olap.pem
dh1024-file = $${directory:etc}/dh1024.pem
[palo_olap]
[palo_olap]
recipe = slapos.cookbook:wrapper
recipe = slapos.cookbook:wrapper
command-line = ${palo_olap:location}/usr/bin/palo --data-directory $${directory_palo_
etl
:data_directory} --init-file $${palo_ini:rendered}
command-line = ${palo_olap:location}/usr/bin/palo --data-directory $${directory_palo_
olap
:data_directory} --init-file $${palo_ini:rendered}
wrapper-path = $${directory:service}/palo_olap
wrapper-path = $${directory:service}/palo_olap
[tomcat_palo_etl]
recipe = plone.recipe.command
command = echo "needed ?"
[palo_etl]
# Palo etl instance
recipe = slapos.cookbook:wrapper
command-line = ${tomcat:location}/bin/catalina.sh run
wrapper-path = $${directory:service}/palo_etl
environment = JAVA_HOME = ${java:location}
CATALINA_BASE = $${directory_tomcat:catalina_base}
dependencies = $${palo_etl_server_xml:rendered} $${tomcat_palo_etl:recipe}
[palo_etl_server_xml]
recipe = slapos.recipe.template:jinja2
# XXX template = ${template_server_xml:location}/${template_server_xml:filename}
template = ${template_server_xml:url}
rendered = $${directory_tomcat:catalina_conf}/server.xml
extensions = jinja2.ext.do
context = import json_module json
section palo_etl_parameter palo_etl_parameter
raw palo_etl_server_war ${palo_etl_download:location}
[palo_etl_parameter]
[palo_etl_parameter]
tomcat_port = 8
888
tomcat_port = 8
443
tomcat_host = $${:ipv6}
tomcat_host = $${:ipv6}
tomcat_server_port = 8006
ipv4 = $${instance-parameter:ipv4-random}
ipv4 = $${instance-parameter:ipv4-random}
ipv6 = $${instance-parameter:ipv6-random}
ipv6 = $${instance-parameter:ipv6-random}
palo_etl_war = ${palo_etl_download:location}
palo_etl_war = ${palo_etl_download:location}
keystore_file = $${keystore_import:keystore_file}
keystore_pass = $${keystore_import:keystore_pass}
[publish-connection-parameter]
[keystore_import]
recipe = slapos.cookbook:publish
recipe = plone.recipe.command
palo_olap_url = $${palo_olap_parameter:ipv4}:$${palo_olap_parameter:palo_olap_port}
command =
palo_olap_ipv6_url = [$${palo_olap_parameter:ipv6}]:$${palo_olap_parameter:palo_olap_port}
${java:location}/bin/keytool \
palo_olap_admin_url = $${palo_olap_parameter:ipv4}:$${palo_olap_parameter:palo_olap_admin_port}
-genkeypair \
palo_etl_url = http://[$${palo_etl_parameter:tomcat_host}]:$${palo_etl_parameter:tomcat_port}/etlserver/services/ETL-Server?wsdl
-alias "tomcat" \
-keyalg RSA \
-keypass "$${:keystore_pass}" \
-dname "CN=Web Server,OU=Unit,O=Organization,L=City,S=State,C=Country" \
-keystore "$${:keystore_file}" \
-storepass "$${:keystore_pass}"
keystore_file = $${directory_palo_etl:catalina_base}/.keystore
keystore_pass = insecure
[directory_palo_etl]
<= directory
catalina_base = $${:var}/palo_etl
catalina_logs = $${:catalina_base}/logs
catalina_temp = $${:catalina_base}/temp
catalina_webapps = $${:catalina_base}/webapps
catalina_work = $${:catalina_base}/work
catalina_conf = $${:catalina_base}/conf
[palo_etl_server_xml]
recipe = slapos.recipe.template:jinja2
template = ${template_server_xml:target}
rendered = $${directory_palo_etl:catalina_conf}/server.xml
context =
section palo_etl_parameter palo_etl_parameter
raw palo_etl_server_war ${palo_etl_download:location}
[palo_etl]
recipe = slapos.cookbook:wrapper
command-line = ${tomcat:location}/bin/catalina.sh run
wrapper-path = $${directory:service}/palo_etl
environment =
JAVA_HOME = ${java:location}
CATALINA_BASE = $${directory_palo_etl:catalina_base}
dependencies = $${palo_etl_server_xml:rendered}
software/palo/palo.ini.in
View file @
09162bd3
template-directory {{ palo_olap_repository_location }}/Api
template-directory {{ palo_olap_repository_location }}/Api
http {{ palo_olap_parameter.ipv4 }} {{ palo_olap_parameter.palo_olap_port }}
http {{ palo_olap_parameter.ipv6 }} {{ palo_olap_parameter.palo_olap_port }}
http {{ palo_olap_parameter.ipv6 }} {{ palo_olap_parameter.palo_olap_port }}
https {{ palo_olap_parameter.palo_olap_ssl_port }}
encryption optional
key-files {{ palo_olap_parameter['key-file'] }} {{ palo_olap_parameter['key-file'] }} {{ palo_olap_parameter['dh1024-file'] }}
extensions {{ palo_olap_parameter.extensions_dir }}
log {{ directory_log }}/palo_olap.log
log {{ directory_log }}/palo_olap.log
verbose debug
verbose debug
{% if erp5_url %}
{% if erp5_url %}
workerlogin authorization
workerlogin authorization
worker {{ erp5_login_worker_path }} {{ directory_log }}/erp5_login_worker.log {{ erp5_url }}
worker {{ erp5_login_worker_path }} {{ directory_log }}/erp5_login_worker.log {{ erp5_url }}
admin {{ palo_olap_parameter.ipv4 }} {{ palo_olap_parameter.palo_olap_admin_port }}
#
admin {{ palo_olap_parameter.ipv4 }} {{ palo_olap_parameter.palo_olap_admin_port }}
{% else %}
{% else %}
# no authorization enabled, as instance parameter erp5_url was not defined
# no authorization enabled, as instance parameter erp5_url was not defined
{% endif %}
{% endif %}
software/palo/server.xml.in
View file @
09162bd3
<?xml version='1.0' encoding='utf-8'?>
<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
Debug: {{ repr(palo_etl_parameter) }}
-->
<Server
port=
"-1"
shutdown=
"SHUTDOWN"
>
<Server
port=
"-1"
shutdown=
"SHUTDOWN"
>
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener
className=
"org.apache.catalina.core.AprLifecycleListener"
SSLEngine=
"on"
/>
<!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
<Listener
className=
"org.apache.catalina.core.JasperListener"
/>
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener
className=
"org.apache.catalina.core.JreMemoryLeakPreventionListener"
/>
<!-- JMX Support for the Tomcat server. Documentation at /docs/non-existent.html -->
<!--
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
-->
<!--
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
-->
<Service
name=
"Catalina"
>
<Service
name=
"Catalina"
>
<Connector
address=
"{{ palo_etl_parameter['tomcat_host'] }}"
port=
"{{ palo_etl_parameter['tomcat_port'] }}"
<Connector
protocol=
"org.apache.coyote.http11.Http11Protocol"
address=
"{{ palo_etl_parameter['tomcat_host'] }}"
port=
"{{ palo_etl_parameter['tomcat_port'] }}"
maxThreads=
"10"
maxThreads=
"10"
minSpareThreads=
"3"
scheme=
"https"
maxSpareThreads=
"7"
secure=
"true"
connectionTimeout=
"20000"
clientAuth=
"false"
enableLookups=
"false"
sslProtocol=
"TLS"
maxHttpHeaderSize=
"8192"
SSLEnabled=
"true"
protocol=
"HTTP/1.1"
keypass=
"{{ palo_etl_parameter['keystore_pass'] }}"
useBodyEncodingForURI=
"true"
keystore=
"{{ palo_etl_parameter['keystore_file'] }}"
redirectPort=
"8443"
/>
acceptCount=
"100"
disableUploadTimeout=
"true"
/>
<Context
path=
"/"
docBase=
"{{ palo_etl_parameter['palo_etl_war'] }}/etlserver.war"
<Context
path=
"/"
docBase=
"{{ palo_etl_parameter['palo_etl_war'] }}/etlserver.war"
debug=
"1"
privileged=
"true"
>
privileged=
"true"
>
<Realm
className=
"org.apache.catalina.realm.UserDatabaseRealm"
resourceName=
"UserDatabase"
/>
</Context>
</Context>
<Engine
name=
"Catalina"
defaultHost=
"localhost"
>
<Engine
name=
"Catalina"
defaultHost=
"localhost"
>
<Realm
className=
"org.apache.catalina.realm.UserDatabaseRealm"
<Host
name=
"localhost"
appBase=
"webapps"
resourceName=
"UserDatabase"
/>
<Host
name=
"localhost"
appBase=
"webapps"
debug=
"1"
unpackWARs=
"true"
autoDeploy=
"true"
unpackWARs=
"true"
autoDeploy=
"true"
xmlValidation=
"false"
xmlNamespaceAware=
"false"
>
xmlValidation=
"false"
xmlNamespaceAware=
"false"
>
</Host>
</Host>
</Engine>
</Engine>
</Service>
</Service>
</Server>
</Server>
\ No newline at end of file
software/palo/software.cfg
View file @
09162bd3
...
@@ -6,17 +6,17 @@ extends =
...
@@ -6,17 +6,17 @@ extends =
parts =
parts =
palo_olap
palo_olap
palo_etl
palo_etl
_download
template_server_xml
template_server_xml
template_palo_ini
slapos-cookbook
slapos-cookbook
instance-profile
instance-profile
[instance-profile]
[instance-profile]
recipe = slapos.recipe.template
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance.cfg.in
url = ${:_profile_base_location_}/instance.cfg.in
output = ${buildout:directory}/instance.cfg
output = ${buildout:directory}/instance.cfg
#md5sum =
#md5sum =
b30db17333d11ce11f486a96e68ad9b1
mode = 0644
mode = 0644
[palo_etl_download]
[palo_etl_download]
...
@@ -32,11 +32,9 @@ mode = 644
...
@@ -32,11 +32,9 @@ mode = 644
[template_server_xml]
[template_server_xml]
< = download-base
< = download-base
filename = server.xml.in
filename = server.xml.in
# md5sum =
#md5sum = 19daa17468de0940e0d10d4bd4adf86e
[palo_etl]
recipe = plone.recipe.command
command = echo "etl downlaoded in ${palo_etl_download:location}"
needs = ${palo_etl_download:url}
[versions]
[template_palo_ini]
< = download-base
filename = palo.ini.in
#md5sum = d85f449ce322eba4d75b6ad28c8bece8
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment