Commit d92849d0 authored by Cédric Le Ninivin's avatar Cédric Le Ninivin

apache-frontend: add support for default certificate in replicate

parent b3888897
...@@ -67,14 +67,14 @@ mode = 0644 ...@@ -67,14 +67,14 @@ mode = 0644
[template-apache-frontend] [template-apache-frontend]
recipe = slapos.recipe.template recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-apache-frontend.cfg url = ${:_profile_base_location_}/instance-apache-frontend.cfg
md5sum = 66a4c824a9f9a9995e1699549b941656 md5sum = 53de57ef78345cedd3c715a105539ca3
output = ${buildout:directory}/template-apache-frontend.cfg output = ${buildout:directory}/template-apache-frontend.cfg
mode = 0644 mode = 0644
[template-apache-replicate] [template-apache-replicate]
recipe = slapos.recipe.build:download recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/instance-apache-replicate.cfg.in url = ${:_profile_base_location_}/instance-apache-replicate.cfg.in
md5sum = 4a386500c21d0b59ce9a679c6110d375 md5sum = da22cc3b2095766c5e14b29afab2b760
mode = 0644 mode = 0644
[template-slave-list] [template-slave-list]
...@@ -98,7 +98,7 @@ mode = 640 ...@@ -98,7 +98,7 @@ mode = 640
[template-apache-frontend-configuration] [template-apache-frontend-configuration]
recipe = slapos.recipe.build:download recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/templates/apache.conf.in url = ${:_profile_base_location_}/templates/apache.conf.in
md5sum = 72922908c1f4e72c92bb03e072660c7c md5sum = e68401762b25b7a462ba5df187e003e8
mode = 640 mode = 640
[template-apache-cached-configuration] [template-apache-cached-configuration]
......
...@@ -118,6 +118,7 @@ configuration.apache_custom_https = "" ...@@ -118,6 +118,7 @@ configuration.apache_custom_https = ""
configuration.apache_custom_http = "" configuration.apache_custom_http = ""
configuration.apache-key = configuration.apache-key =
configuration.apache-certificate = configuration.apache-certificate =
configuration.apache-ca-certificate =
configuration.open-port = 80 443 configuration.open-port = 80 443
configuration.extra_slave_instance_list = configuration.extra_slave_instance_list =
configuration.disk-cache-size = 8G configuration.disk-cache-size = 8G
...@@ -256,6 +257,7 @@ extra-context = ...@@ -256,6 +257,7 @@ extra-context =
key access_control_string apache-configuration:access-control-string key access_control_string apache-configuration:access-control-string
key login_certificate ca-frontend:cert-file key login_certificate ca-frontend:cert-file
key login_key ca-frontend:key-file key login_key ca-frontend:key-file
key login_ca_crt ca-custom-frontend:rendered
key ca_dir certificate-authority:ca-dir key ca_dir certificate-authority:ca-dir
key ca_crl certificate-authority:ca-crl key ca_crl certificate-authority:ca-crl
key access_log apache-configuration:access-log key access_log apache-configuration:access-log
...@@ -380,6 +382,13 @@ cert-content = $${instance-parameter:configuration.apache-certificate} ...@@ -380,6 +382,13 @@ cert-content = $${instance-parameter:configuration.apache-certificate}
# Put domain name # Put domain name
name = $${instance-parameter:configuration.domain} name = $${instance-parameter:configuration.domain}
[ca-custom-frontend]
< = jinja2-template-base
template = ${template-empty:target}
rendered = $${cadirectory:certs}/apache_frontend.ca.crt
extra-context =
key content instance-parameter:configuration.apache-ca-certificate
[cron] [cron]
recipe = slapos.cookbook:cron recipe = slapos.cookbook:cron
dcrond-binary = ${dcron:location}/sbin/crond dcrond-binary = ${dcron:location}/sbin/crond
......
...@@ -23,6 +23,7 @@ context = ...@@ -23,6 +23,7 @@ context =
{% set slave_list_name = 'extra_slave_instance_list' -%} {% set slave_list_name = 'extra_slave_instance_list' -%}
{% set frontend_list = [] %} {% set frontend_list = [] %}
{% set frontend_section_list = [] %} {% set frontend_section_list = [] %}
{% set request_dict = {} %}
{% set namebase = 'apache-frontend' -%} {% set namebase = 'apache-frontend' -%}
# XXX Dirty hack, not possible to define default value before # XXX Dirty hack, not possible to define default value before
{% set sla_computer_apache_1_key = '-sla-1-computer_guid' -%} {% set sla_computer_apache_1_key = '-sla-1-computer_guid' -%}
...@@ -37,13 +38,13 @@ context = ...@@ -37,13 +38,13 @@ context =
{% set request_section_title = 'request-%s' % frontend_name -%} {% set request_section_title = 'request-%s' % frontend_name -%}
{% set sla_key = "-sla-%s-" % i -%} {% set sla_key = "-sla-%s-" % i -%}
{% set sla_key_length = sla_key | length %} {% set sla_key_length = sla_key | length %}
{% set sla_parameters = [] %} {% set sla_dict = {} %}
{% set config_key = "-frontend-config-%s-" % i %} {% set config_key = "-frontend-config-%s-" % i %}
{% set config_key_length = config_key | length %} {% set config_key_length = config_key | length %}
{% set config_dict = {} %} {% set config_dict = {} %}
{% for key in slapparameter_dict.keys() %} {% for key in slapparameter_dict.keys() %}
{% if key.startswith(sla_key) %} {% if key.startswith(sla_key) %}
{% do sla_parameters.append(key[sla_key_length:]) %} {% do sla_dict.__setitem__(key[sla_key_length:], slapparameter_dict.pop(key)) %}
# We check for specific configuration regarding the frontend # We check for specific configuration regarding the frontend
{% elif key.startswith(config_key) -%} {% elif key.startswith(config_key) -%}
{% do config_dict.__setitem__(key[config_key_length:], slapparameter_dict.pop(key)) %} {% do config_dict.__setitem__(key[config_key_length:], slapparameter_dict.pop(key)) %}
...@@ -52,23 +53,15 @@ context = ...@@ -52,23 +53,15 @@ context =
{% do frontend_list.append(frontend_name) -%} {% do frontend_list.append(frontend_name) -%}
{% do frontend_section_list.append(request_section_title) -%} {% do frontend_section_list.append(request_section_title) -%}
{% do part_list.append(request_section_title) -%} {% do part_list.append(request_section_title) -%}
[{{request_section_title}}] # Filling request dict for slave
<= replicate
name = {{frontend_name}}
{% set state_key = "-frontend-%s-state" % i %} {% set state_key = "-frontend-%s-state" % i %}
{% if slapparameter_dict.has_key(state_key) %} {% do request_dict.__setitem__(request_section_title,
state = {{ slapparameter_dict.pop(state_key) }} {
{% endif%} 'config': config_dict,
extra-config = {{ ' '.join(config_dict.keys()) }} 'name': frontend_name,
{% for key, value in config_dict.iteritems() -%} 'sla': sla_dict,
config-{{ key }} = {{ value }} 'state': slapparameter_dict.pop(state_key, None)
{% endfor -%} }) %}
{% if sla_parameters %}
sla = {{ ' '.join(sla_parameters) }}
{% for parameter in sla_parameters -%}
sla-{{ parameter }} = {{ slapparameter_dict.pop( sla_key + parameter ) }}
{% endfor -%}
{% endif -%}
{% endfor -%} {% endfor -%}
{% set authorized_slave_string = slapparameter_dict.pop('-frontend-authorized-slave-string', '') -%} {% set authorized_slave_string = slapparameter_dict.pop('-frontend-authorized-slave-string', '') -%}
...@@ -93,13 +86,29 @@ software-url = ${slap-connection:software-release-url} ...@@ -93,13 +86,29 @@ software-url = ${slap-connection:software-release-url}
{% endif %} {% endif %}
software-type = {{frontend_type}} software-type = {{frontend_type}}
return = private-ipv4 public-ipv4 slave-instance-information-list monitor_url return = private-ipv4 public-ipv4 slave-instance-information-list monitor_url
config = {{ ' '.join(slapparameter_dict.keys()) + ' ${:extra-config} ' + slave_list_name }} config = _
{% for parameter, value in slapparameter_dict.iteritems() -%}
config-{{parameter}} = {{ value }}
{% endfor -%}
config-{{ slave_list_name }} = {{ json_module.dumps(authorized_slave_list) }}
connection-monitor_url = connection-monitor_url =
{% for section, frontend_request in request_dict.iteritems() %}
[{{section}}]
<= replicate
name = {{ frontend_request.get('name') }}
{% if frontend_request.get('state') %}
state = {{ frontend_request.get('state') }}
{% endif%}
{% set slave_configuration_dict = frontend_request.get('config') %}
{% do slave_configuration_dict.update(**slapparameter_dict) %}
{% do slave_configuration_dict.__setitem__(slave_list_name, json_module.dumps(authorized_slave_list)) %}
config-_ = {{ json_module.dumps(slave_configuration_dict) }}
{% if frontend_request.get('sla') %}
sla = {{ ' '.join(frontend_request.get('sla').keys()) }}
{% for parameter, value in frontend_request.get('sla').iteritems() -%}
sla-{{ parameter }} = {{ value }}
{% endfor -%}
{% endif -%}
{% endfor -%}
[publish-information] [publish-information]
recipe = slapos.cookbook:publish recipe = slapos.cookbook:publish
domain = {{ slapparameter_dict.get('domain') }} domain = {{ slapparameter_dict.get('domain') }}
......
...@@ -114,6 +114,9 @@ BrowserMatch \bMSIE !no-gzip !gzip-only-text/html ...@@ -114,6 +114,9 @@ BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# SSL Configuration # SSL Configuration
SSLCertificateFile {{ login_certificate }} SSLCertificateFile {{ login_certificate }}
SSLCertificateKeyFile {{ login_key }} SSLCertificateKeyFile {{ login_key }}
{% if slapparameter_dict.get('apache-ca-certificate') %}
SSLCACertificateFile {{ login_ca_crt }}
{% endif %}
SSLRandomSeed startup builtin SSLRandomSeed startup builtin
SSLRandomSeed connect builtin SSLRandomSeed connect builtin
SSLSessionCache shmcb:/{{ httpd_mod_ssl_cache_directory }}/ssl_scache(512000) SSLSessionCache shmcb:/{{ httpd_mod_ssl_cache_directory }}/ssl_scache(512000)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment