cloudooo: request a shared https frontend

d7fc013c · Jérome Perrin · b3d8cf82 · d7fc013c · d7fc013c
Commit d7fc013c authored Apr 11, 2023 by Jérome Perrin
Hide whitespace changes
Inline Side-by-side

Showing with 30 additions and 9 deletions

software/cloudooo/buildout.hash.cfg software/cloudooo/buildout.hash.cfg +1 -1

software/cloudooo/instance-cloudooo.cfg.in software/cloudooo/instance-cloudooo.cfg.in +29 -8

No files found.
--- a/software/cloudooo/buildout.hash.cfg
+++ b/software/cloudooo/buildout.hash.cfg
@@ -18,7 +18,7 @@ md5sum = d1e4d7306c39f2ebc64d0407860d4301

 [template-cloudooo-instance]
 filename = instance-cloudooo.cfg.in
-md5sum = 13759bf9720f0e7109fc35a8ad8a50a9
+md5sum = 0e7bb29f954747f237be1175f059dbc7

 [template-haproxy-cfg]
 filename = haproxy.cfg.in

--- a/software/cloudooo/instance-cloudooo.cfg.in
+++ b/software/cloudooo/instance-cloudooo.cfg.in
 {% set ipv4 = (ipv4_set | list)[0] -%}
-{% if ipv6_set %}{% set ipv6 = (ipv6_set | list)[0] %}{% endif -%}
+{% set ipv6 = (ipv6_set | list)[0] %}
 {% set instance_parameter_dict = parameter_dict['instance-parameter-dict'] -%}
 {% macro assert(x) %}{{ ("",)[not x] }}{% endmacro -%}

@@ -32,10 +32,7 @@
 {% set apache_port = next_port() -%}
 {% set haproxy_port = next_port() -%}

-{% set apache_ip_list = [ipv4] -%}
-{% if ipv6_set -%}
-{%   do apache_ip_list.append('[' ~ ipv6 ~ ']') -%}
-{% endif -%}
+{% set apache_ip_list = [ipv4, '[' ~ ipv6 ~ ']'] -%}
 {% set apache_dict = {} -%}
 {% do apache_dict.__setitem__(publish_url_name, (apache_port, "https", 'http://' ~ ipv4 ~ ':' ~ haproxy_port, False)) -%}

@@ -67,6 +64,7 @@ parts =
  apache-conf
  apache-promise
  apache-logrotate
+  frontend-available-promise
  cloudooo-test-runner
  haproxy-service
  xvfb-instance
@@ -77,6 +75,8 @@ parts =
 recipe = slapos.cookbook:wrapper
 wrapper-path = ${directory:services}/apache
 command-line = "{{ parameter_dict['apache'] }}/bin/httpd" -f "${apache-conf:output}" -DFOREGROUND
+ipv4-url = TODO
+ipv6-url = https://[{{ ipv6 }}]:{{ apache_port }}/

 [apache-conf]
 recipe = slapos.recipe.template:jinja2
@@ -98,16 +98,36 @@ key = ${apache-ssl:key}
 cipher =
 ssl-session-cache = ${directory:log}/apache-ssl-session-cache

-[apache-promise]
-# Check any apache port in ipv4, expect other ports and ipv6 to behave consistently
+[check-url-available-promise]
 <= monitor-promise-base
 promise = check_url_available
-name = apache.py
+name = ${:_buildout_section_name_}.py
+
+[apache-promise]
+# Check any apache port in ipv4, expect other ports and ipv6 to behave consistently
+<= check-url-available-promise
 config-url = https://{{ ipv4 }}:{{ list(apache_dict.values())[0][0] }}
 # XXX cloudooo replies "400 Bad Request" for GET on / but what we want to check
 # is that we don't have a "503 Service Unavailable" from apache or haproxy.
 config-http-code = 400

+[frontend]
+<= slap-connection
+recipe = slapos.cookbook:requestoptional
+name = Cloudooo Frontend
+# XXX We have hardcoded SR URL here.
+software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
+shared = true
+config-url = ${apache:ipv6-url}
+return = domain secure_access
+
+[frontend-available-promise]
+<= check-url-available-promise
+config-url = ${frontend:connection-secure_access}
+check-secure = 1
+config-http-code = 400
+
+
 [apache-conf-ssl]
 cert = ${directory:apache-conf}/apache.crt
 key = ${directory:apache-conf}/apache.pem
@@ -132,6 +152,7 @@ recipe = slapos.cookbook:publish.serialised
 {{   family_name ~ '-v6' }} = {% if ipv6_set %}{{ scheme ~ '://[' ~ ipv6 ~ ']:' ~ apache_port }}{% endif %}
 {{   family_name }} = {{ scheme ~ '://' ~ ipv4 ~ ':' ~ apache_port }}
 {% endfor -%}
+url = ${frontend:connection-secure_access}

 [fontconfig-conf]
 recipe = slapos.recipe.template:jinja2