Commit 8732f703 authored by Kazuhiko Shiozaki's avatar Kazuhiko Shiozaki

Merge branch 'erp5-component' into erp5

parents 9b7b0aa7 e4ff584b
...@@ -17,12 +17,13 @@ filename = stunnel-4-hooks.py ...@@ -17,12 +17,13 @@ filename = stunnel-4-hooks.py
[stunnel-4] [stunnel-4]
recipe = slapos.recipe.cmmi recipe = slapos.recipe.cmmi
url = ftp://ftp.stunnel.org/stunnel/archive/4.x/stunnel-4.55.tar.gz url = https://www.stunnel.org/downloads/stunnel-4.56.tar.gz
md5sum = ebe6670368d30c6a01ca33b9c50cb239 md5sum = ac4c4a30bd7a55b6687cbd62d864054c
pre-configure-hook = ${stunnel-4-hook-download:location}/${stunnel-4-hook-download:filename}:pre_configure_hook pre-configure-hook = ${stunnel-4-hook-download:location}/${stunnel-4-hook-download:filename}:pre_configure_hook
configure-options = configure-options =
--enable-ipv6 --enable-ipv6
--disable-libwrap --disable-libwrap
--disable-fips
--with-ssl=${openssl:location} --with-ssl=${openssl:location}
environment = environment =
CPPFLAGS=-I${zlib:location}/include CPPFLAGS=-I${zlib:location}/include
......
Listen %(ip)s:%(port)s Listen %(ip)s:%(port)s
<VirtualHost *:%(port)s> <VirtualHost *:%(port)s>
%(ssl_enable)s %(ssl_enable)s
RewriteRule (.*) %(backend)s%(backend-path)s$1 [L,P] RewriteRule ^/(.*) %(backend)s%(backend-path)s/$1 [L,P]
</VirtualHost> </VirtualHost>
...@@ -39,9 +39,28 @@ class Recipe(GenericSlapRecipe): ...@@ -39,9 +39,28 @@ class Recipe(GenericSlapRecipe):
ip = self.options['ip'] ip = self.options['ip']
backend_url = self.parameter_dict['tidstorage-url'] backend_url = self.parameter_dict['tidstorage-url']
backend_server, backend_port = self._getBackendServer(backend_url) backend_server, backend_port = self._getBackendServer(backend_url)
path_list = []
if backend_url.startswith('https://'):
config = dict(
stunnel_binary=self.options['stunnel-binary'],
stunnel_server=ip,
stunnel_port=int(self.options['stunnel-port']),
stunnel_pid_file=self.options['stunnel-pid-file'],
stunnel_conf_file=self.options['stunnel-conf-file'],
shell_path=self.options['shell-path'],
backend_server=backend_server.replace('[', '').replace(']', ''),
backend_port=backend_port,
)
path_list.append(self.createExecutable(self.options['stunnel-wrapper'],
self.substituteTemplate(self.getTemplateFilename('stunnel.in'),
config)))
path_list.append(self.createFile(self.options['stunnel-conf-file'],
self.substituteTemplate(self.getTemplateFilename('stunnel.conf.in'),
config)))
backend_server = ip
backend_port = int(self.options['stunnel-port'])
varnishd_manager_port = int(self.options['manager-port']) varnishd_manager_port = int(self.options['manager-port'])
varnishd_server_port = int(self.options['server-port']) varnishd_server_port = int(self.options['server-port'])
path_list = []
config = dict( config = dict(
varnishd_binary=self.options['varnishd-binary'], varnishd_binary=self.options['varnishd-binary'],
varnish_ip=ip, varnish_ip=ip,
......
foreground = yes
pid = %(stunnel_pid_file)s
debug = 4
[remote]
accept = %(stunnel_server)s:%(stunnel_port)s
client = yes
connect = %(backend_server)s:%(backend_port)s
sni = %(stunnel_server)s
#!%(shell_path)s
DAEMON_OPTS="%(stunnel_conf_file)s"
exec %(stunnel_binary)s ${DAEMON_OPTS} 2>&1
...@@ -11,6 +11,4 @@ DAEMON_OPTS="-F \ ...@@ -11,6 +11,4 @@ DAEMON_OPTS="-F \
PIDFILE=%(varnishd_pid_file)s PIDFILE=%(varnishd_pid_file)s
# exporting PATH here so that we will pass the PATH variable to the subprocess # exporting PATH here so that we will pass the PATH variable to the subprocess
export PATH export PATH
output=$(/bin/tempfile -s.varnish) exec %(varnishd_binary)s -P ${PIDFILE} ${DAEMON_OPTS} 2>&1
exec %(varnishd_binary)s -P ${PIDFILE} ${DAEMON_OPTS} > ${output} 2>&1
...@@ -18,5 +18,4 @@ if [ -z "${VARNISHLOG_ENABLED}" ] || \ ...@@ -18,5 +18,4 @@ if [ -z "${VARNISHLOG_ENABLED}" ] || \
exit 0; exit 0;
fi fi
output=$(/bin/tempfile -s.varnish) exec %(varnishlog_binary)s ${DAEMON_OPTS} 2>&1
exec %(varnishlog_binary)s ${DAEMON_OPTS} > ${output} 2>&1
...@@ -35,11 +35,22 @@ _isurl = re.compile('([a-zA-Z0-9+.-]+)://').match ...@@ -35,11 +35,22 @@ _isurl = re.compile('([a-zA-Z0-9+.-]+)://').match
# based on Zope2.utilities.mkzopeinstance.write_inituser # based on Zope2.utilities.mkzopeinstance.write_inituser
def Zope2InitUser(path, username, password): def Zope2InitUser(path, username, password):
# Set password only once
# Currently, rely on existence of a simple file:
# Create it the first time, then next time, detect this file and do no-op.
inituser_done_path = '%s_done' % path
if os.path.exists(inituser_done_path):
return
if os.path.exists(path):
return
open(path, 'w').write('') open(path, 'w').write('')
os.chmod(path, 0600) os.chmod(path, 0600)
open(path, "w").write('%s:{SHA}%s\n' % ( open(path, 'w').write('%s:{SHA}%s\n' % (
username,binascii.b2a_base64(hashlib.sha1(password).digest())[:-1])) username,binascii.b2a_base64(hashlib.sha1(password).digest())[:-1]))
open(inituser_done_path, 'w').write('"inituser" file already created once.')
class Recipe(GenericBaseRecipe): class Recipe(GenericBaseRecipe):
def _options(self, options): def _options(self, options):
options['password'] = self.generatePassword() options['password'] = self.generatePassword()
......
...@@ -35,11 +35,22 @@ _isurl = re.compile('([a-zA-Z0-9+.-]+)://').match ...@@ -35,11 +35,22 @@ _isurl = re.compile('([a-zA-Z0-9+.-]+)://').match
# based on Zope2.utilities.mkzopeinstance.write_inituser # based on Zope2.utilities.mkzopeinstance.write_inituser
def Zope2InitUser(path, username, password): def Zope2InitUser(path, username, password):
# Set password only once
# Currently, rely on existence of a simple file:
# Create it the first time, then next time, detect this file and do no-op.
inituser_done_path = '%s_done' % path
if os.path.exists(inituser_done_path):
return
if os.path.exists(path):
return
open(path, 'w').write('') open(path, 'w').write('')
os.chmod(path, 0600) os.chmod(path, 0600)
open(path, "w").write('%s:{SHA}%s\n' % ( open(path, 'w').write('%s:{SHA}%s\n' % (
username,binascii.b2a_base64(hashlib.sha1(password).digest())[:-1])) username,binascii.b2a_base64(hashlib.sha1(password).digest())[:-1]))
open(inituser_done_path, 'w').write('"inituser" file already created once.')
class Recipe(GenericBaseRecipe): class Recipe(GenericBaseRecipe):
def _options(self, options): def _options(self, options):
options['password'] = self.generatePassword() options['password'] = self.generatePassword()
......
...@@ -48,6 +48,7 @@ extends = ...@@ -48,6 +48,7 @@ extends =
../../component/python-2.7/buildout.cfg ../../component/python-2.7/buildout.cfg
../../component/python-ldap-python/buildout.cfg ../../component/python-ldap-python/buildout.cfg
../../component/rdiff-backup/buildout.cfg ../../component/rdiff-backup/buildout.cfg
../../component/stunnel/buildout.cfg
../../component/subversion/buildout.cfg ../../component/subversion/buildout.cfg
../../component/tesseract/buildout.cfg ../../component/tesseract/buildout.cfg
../../component/varnish/buildout.cfg ../../component/varnish/buildout.cfg
...@@ -76,6 +77,7 @@ parts = ...@@ -76,6 +77,7 @@ parts =
graphviz graphviz
haproxy haproxy
jsl jsl
stunnel
varnish-3.0 varnish-3.0
w3m w3m
poppler poppler
...@@ -235,7 +237,7 @@ mode = 640 ...@@ -235,7 +237,7 @@ mode = 640
# XXX: "template.cfg" is hardcoded in instanciation recipe # XXX: "template.cfg" is hardcoded in instanciation recipe
filename = template.cfg filename = template.cfg
template = ${:_profile_base_location_}/instance.cfg.in template = ${:_profile_base_location_}/instance.cfg.in
md5sum = fbb7ea50d7ea6d4e25725801cc3fd5f9 md5sum = a1a5a9983207e4a8128bab331cbd3cd5
extra-context = extra-context =
key apache_location apache:location key apache_location apache:location
key aspell_location aspell:location key aspell_location aspell:location
...@@ -274,6 +276,7 @@ extra-context = ...@@ -274,6 +276,7 @@ extra-context =
key openssl_location openssl:location key openssl_location openssl:location
key poppler_location poppler:location key poppler_location poppler:location
key sed_location sed:location key sed_location sed:location
key stunnel_location stunnel:location
key template_cloudooo template-cloudooo:target key template_cloudooo template-cloudooo:target
key template_erp5_single template-erp5-single:target key template_erp5_single template-erp5-single:target
key template_erp5_cluster template-erp5-cluster:target key template_erp5_cluster template-erp5-cluster:target
...@@ -316,7 +319,7 @@ mode = 640 ...@@ -316,7 +319,7 @@ mode = 640
[template-varnish] [template-varnish]
recipe = slapos.recipe.build:download recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/instance-varnish.cfg.in url = ${:_profile_base_location_}/instance-varnish.cfg.in
md5sum = 728650f5d20ad637d8d824d1968865ca md5sum = ae0465591c22c0cb316c1706965c6b18
mode = 640 mode = 640
[bt5-repository] [bt5-repository]
......
...@@ -28,18 +28,23 @@ recipe = slapos.cookbook:generic.varnish ...@@ -28,18 +28,23 @@ recipe = slapos.cookbook:generic.varnish
ip = ${slap-network-information:local-ipv4} ip = ${slap-network-information:local-ipv4}
server-port = 6001 server-port = 6001
manager-port = 6002 manager-port = 6002
stunnel-port = 6003
# Paths: Running wrappers # Paths: Running wrappers
varnishd-wrapper = ${basedirectory:services}/varnishd varnishd-wrapper = ${basedirectory:services}/varnishd
varnishlog-wrapper = ${rootdirectory:bin}/varnishlog varnishlog-wrapper = ${rootdirectory:bin}/varnishlog
stunnel-wrapper = ${basedirectory:services}/stunnel
# Binary information # Binary information
varnishd-binary = {{ parameter_dict['varnish'] }}/sbin/varnishd varnishd-binary = {{ parameter_dict['varnish'] }}/sbin/varnishd
varnishlog-binary = {{ parameter_dict['varnish'] }}/bin/varnishlog varnishlog-binary = {{ parameter_dict['varnish'] }}/bin/varnishlog
shell-path = {{ parameter_dict['dash'] }}/bin/dash shell-path = {{ parameter_dict['dash'] }}/bin/dash
stunnel-binary = {{ parameter_dict['stunnel'] }}/bin/stunnel
# Configuration by VCL # Configuration by VCL
vcl-file = ${rootdirectory:etc}/default.vcl vcl-file = ${rootdirectory:etc}/default.vcl
pid-file = ${basedirectory:run}/varnishd.pid pid-file = ${basedirectory:run}/varnishd.pid
stunnel-conf-file = ${rootdirectory:etc}/stunnel.conf
stunnel-pid-file = ${basedirectory:run}/stunnel.pid
varnish-data = ${directory:varnish-data} varnish-data = ${directory:varnish-data}
# this will pass at -n option # this will pass at -n option
varnish-instance-name = ${directory:varnish-instance} varnish-instance-name = ${directory:varnish-instance}
......
...@@ -99,6 +99,7 @@ dash = {{ dash_location }} ...@@ -99,6 +99,7 @@ dash = {{ dash_location }}
dcron = {{ dcron_location }} dcron = {{ dcron_location }}
gzip = {{ gzip_location }} gzip = {{ gzip_location }}
logrotate = {{ logrotate_location }} logrotate = {{ logrotate_location }}
stunnel = {{ stunnel_location }}
varnish = {{ varnish_location }} varnish = {{ varnish_location }}
wget = {{ wget_location }} wget = {{ wget_location }}
buildout-bin-directory = {{ buildout_bin_directory }} buildout-bin-directory = {{ buildout_bin_directory }}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment