Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
moodle_rebase10.1.2
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Dmitry Blinov
moodle_rebase10.1.2
Commits
d44a97f9
Commit
d44a97f9
authored
Aug 29, 2011
by
Łukasz Nowak
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Implement optional key authorisation entry point.
parent
4bdba2e6
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
88 additions
and
58 deletions
+88
-58
slapos/recipe/erp5/__init__.py
slapos/recipe/erp5/__init__.py
+85
-3
slapos/recipe/vifib.py
slapos/recipe/vifib.py
+3
-55
No files found.
slapos/recipe/erp5/__init__.py
View file @
d44a97f9
...
...
@@ -74,10 +74,11 @@ class Recipe(BaseSlapRecipe):
if
self
.
parameter_dict
.
get
(
"slap_software_type"
,
""
).
lower
()
==
"cluster"
:
# Site access is done by HAProxy
zope_access
,
site_access
=
self
.
installZopeCluster
(
)
zope_access
,
site_access
,
key_access
=
self
.
installZopeCluster
(
ca_conf
)
else
:
zope_access
=
self
.
installZopeStandalone
()
site_access
=
zope_access
key_access
=
None
key
,
certificate
=
self
.
requestCertificate
(
'Login Based Access'
)
apache_conf
=
dict
(
...
...
@@ -120,6 +121,8 @@ class Recipe(BaseSlapRecipe):
memcached_url
=
memcached_conf
[
'memcached_url'
],
kumo_url
=
kumo_conf
[
'kumo_address'
]
))
if
key_access
is
not
None
:
connection_dict
[
'key_access'
]
=
key_access
self
.
setConnectionDict
(
connection_dict
)
return
self
.
path_list
...
...
@@ -144,7 +147,66 @@ class Recipe(BaseSlapRecipe):
with_timerservice
=
True
,
thread_amount
=
thread_amount_per_zope
)
def
installZopeCluster
(
self
):
def
installKeyAuthorisationApache
(
self
,
ipv6
,
port
,
backend
,
key
,
certificate
,
ca_conf
,
key_auth_path
=
'/'
):
if
ipv6
:
ip
=
self
.
getGlobalIPv6Address
()
else
:
ip
=
self
.
getLocalIPv4Address
()
ssl_template
=
"""SSLEngine on
SSLVerifyClient require
RequestHeader set REMOTE_USER %%{SSL_CLIENT_S_DN_CN}s
SSLCertificateFile %(key_auth_certificate)s
SSLCertificateKeyFile %(key_auth_key)s
SSLCACertificateFile %(ca_certificate)s
SSLCARevocationPath %(ca_crl)s"""
apache_conf
=
self
.
_getApacheConfigurationDict
(
'key_auth_apache'
,
ip
,
port
)
apache_conf
[
'ssl_snippet'
]
=
ssl_template
%
dict
(
key_auth_certificate
=
certificate
,
key_auth_key
=
key
,
ca_certificate
=
ca_conf
[
'ca_certificate'
],
ca_crl
=
ca_conf
[
'ca_crl'
]
)
prefix
=
'ssl_key_auth_apache'
rewrite_rule_template
=
\
"RewriteRule (.*) http://%(backend)s%(key_auth_path)s$1 [L,P]"
path_template
=
pkg_resources
.
resource_string
(
'slapos.recipe.erp5'
,
'template/apache.zope.conf.path.in'
)
path
=
path_template
%
dict
(
path
=
'/'
)
d
=
dict
(
path
=
path
,
backend
=
backend
,
backend_path
=
'/'
,
port
=
apache_conf
[
'port'
],
vhname
=
path
.
replace
(
'/'
,
''
),
key_auth_path
=
key_auth_path
,
)
rewrite_rule
=
rewrite_rule_template
%
d
apache_conf
.
update
(
**
dict
(
path_enable
=
path
,
rewrite_rule
=
rewrite_rule
))
apache_config_file
=
self
.
createConfigurationFile
(
prefix
+
'.conf'
,
pkg_resources
.
resource_string
(
'slapos.recipe.erp5'
,
'template/apache.zope.conf.in'
)
%
apache_conf
)
self
.
path_list
.
append
(
apache_config_file
)
self
.
path_list
.
extend
(
zc
.
buildout
.
easy_install
.
scripts
([(
'key_auth_apache'
,
'slapos.recipe.erp5.apache'
,
'runApache'
)],
self
.
ws
,
sys
.
executable
,
self
.
wrapper_directory
,
arguments
=
[
dict
(
required_path_list
=
[
certificate
,
key
,
ca_conf
[
'ca_certificate'
],
ca_conf
[
'ca_crl'
]],
binary
=
self
.
options
[
'httpd_binary'
],
config
=
apache_config_file
)
]))
if
ipv6
:
return
'https://[%(ip)s:%(port)s]'
%
apache_conf
else
:
return
'https://%(ip)s:%(port)s'
%
apache_conf
def
installZopeCluster
(
self
,
ca_conf
=
None
):
""" Install ERP5 using ZEO Cluster
"""
site_check_path
=
'/%s/getId'
%
self
.
site_id
...
...
@@ -157,6 +219,9 @@ class Recipe(BaseSlapRecipe):
user_node_amount
=
int
(
self
.
options
.
get
(
"cluster_user_node_amount"
,
2
))
key_auth_node_amount
=
int
(
self
.
options
.
get
(
"key_auth_node_amount"
,
0
))
ip
=
self
.
getLocalIPv4Address
()
storage_dict
=
self
.
_requestZeoFileStorage
(
'Zeo Server 1'
,
'main'
)
...
...
@@ -210,11 +275,28 @@ class Recipe(BaseSlapRecipe):
login_haproxy
=
self
.
installHaproxy
(
ip
,
15001
,
'login'
,
site_check_path
,
login_url_list
)
key_access
=
None
if
key_auth_node_amount
>
0
:
service_url_list
=
[]
for
i
in
range
(
key_auth_node_amount
):
zope_port
+=
1
service_url_list
.
append
(
self
.
installZope
(
ip
,
zope_port
,
'zope_service_%s'
%
i
,
with_timerservice
=
False
,
zodb_configuration_string
=
zodb_configuration_string
,
tidstorage_config
=
tidstorage_config
))
service_haproxy
=
self
.
installHaproxy
(
ip
,
15000
,
'service'
,
site_check_path
,
service_url_list
)
key_auth_key
,
key_auth_certificate
=
self
.
requestCertificate
(
'Key Based Access'
)
key_access
=
self
.
installKeyAuthorisationApache
(
True
,
15500
,
service_haproxy
,
key_auth_key
,
key_auth_certificate
,
ca_conf
)
self
.
installTidStorage
(
tidstorage_config
[
'host'
],
tidstorage_config
[
'port'
],
known_tid_storage_identifier_dict
,
'http://'
+
login_haproxy
)
return
login_url_list
[
-
1
],
login_haproxy
return
login_url_list
[
-
1
],
login_haproxy
,
key_access
def
_requestZeoFileStorage
(
self
,
server_name
,
storage_name
):
"""Local, slap.request compatible, call to ask for filestorage on Zeo
...
...
slapos/recipe/vifib.py
View file @
d44a97f9
...
...
@@ -34,58 +34,6 @@ class Recipe(slapos.recipe.erp5.Recipe):
default_bt5_list
=
[]
def
installKeyAuthorisationApache
(
self
,
ip
,
port
,
backend
,
key
,
certificate
,
ca_conf
,
key_auth_path
=
'/erp5/portal_slap'
):
ssl_template
=
"""SSLEngine on
SSLVerifyClient require
RequestHeader set REMOTE_USER %%{SSL_CLIENT_S_DN_CN}s
SSLCertificateFile %(key_auth_certificate)s
SSLCertificateKeyFile %(key_auth_key)s
SSLCACertificateFile %(ca_certificate)s
SSLCARevocationPath %(ca_crl)s"""
apache_conf
=
self
.
_getApacheConfigurationDict
(
'key_auth_apache'
,
ip
,
port
)
apache_conf
[
'ssl_snippet'
]
=
ssl_template
%
dict
(
key_auth_certificate
=
certificate
,
key_auth_key
=
key
,
ca_certificate
=
ca_conf
[
'ca_certificate'
],
ca_crl
=
ca_conf
[
'ca_crl'
]
)
prefix
=
'ssl_key_auth_apache'
rewrite_rule_template
=
\
"RewriteRule (.*) http://%(backend)s%(key_auth_path)s$1 [L,P]"
path_template
=
pkg_resources
.
resource_string
(
'slapos.recipe.erp5'
,
'template/apache.zope.conf.path.in'
)
path
=
path_template
%
dict
(
path
=
'/'
)
d
=
dict
(
path
=
path
,
backend
=
backend
,
backend_path
=
'/'
,
port
=
apache_conf
[
'port'
],
vhname
=
path
.
replace
(
'/'
,
''
),
key_auth_path
=
key_auth_path
,
)
rewrite_rule
=
rewrite_rule_template
%
d
apache_conf
.
update
(
**
dict
(
path_enable
=
path
,
rewrite_rule
=
rewrite_rule
))
apache_config_file
=
self
.
createConfigurationFile
(
prefix
+
'.conf'
,
pkg_resources
.
resource_string
(
'slapos.recipe.erp5'
,
'template/apache.zope.conf.in'
)
%
apache_conf
)
self
.
path_list
.
append
(
apache_config_file
)
self
.
path_list
.
extend
(
zc
.
buildout
.
easy_install
.
scripts
([(
'key_auth_apache'
,
'slapos.recipe.erp5.apache'
,
'runApache'
)],
self
.
ws
,
sys
.
executable
,
self
.
wrapper_directory
,
arguments
=
[
dict
(
required_path_list
=
[
certificate
,
key
,
ca_conf
[
'ca_certificate'
],
ca_conf
[
'ca_crl'
]],
binary
=
self
.
options
[
'httpd_binary'
],
config
=
apache_config_file
)
]))
return
'https://%(ip)s:%(port)s'
%
apache_conf
def
_getZeoClusterDict
(
self
):
site_path
=
'/erp5/'
return
{
...
...
@@ -172,9 +120,9 @@ SSLCARevocationPath %(ca_crl)s"""
key_auth_key
,
key_auth_certificate
=
self
.
requestCertificate
(
'Key Based Access'
)
apache_keyauth
=
self
.
installKeyAuthorisationApache
(
se
lf
.
getLocalIPv4Address
(),
15500
,
service_haproxy
,
key_auth_key
,
key_auth_
certificate
,
ca_conf
,
key_auth_
path
=
self
.
key_auth_path
)
apache_keyauth
=
self
.
installKeyAuthorisationApache
(
False
,
15500
,
se
rvice_haproxy
,
key_auth_key
,
key_auth_certificate
,
ca_conf
,
key_auth_path
=
self
.
key_auth_path
)
memcached_conf
=
self
.
installMemcached
(
ip
=
self
.
getLocalIPv4Address
(),
port
=
11000
)
kumo_conf
=
self
.
installKumo
(
self
.
getLocalIPv4Address
())
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment