Add nginx-reverse-proxy Software Release.

3b43f325 · Cédric de Saint Martin · f84eb3f1 · 3b43f325 · 3b43f325 · 3b43f325
Commit 3b43f325 authored Mar 18, 2013 by Cédric de Saint Martin
6 changed files
--- a/setup.py
+++ b/setup.py
@@ -162,6 +162,7 @@ setup(name=name,
          'request.serialised = slapos.recipe.request:Serialised',
          'request.edge = slapos.recipe.request:RequestEdge',
          'requestoptional = slapos.recipe.request:RequestOptional',
+          'reverseproxy.nginx = slapos.recipe.reverse_proxy_nginx:Recipe',
          'seleniumrunner = slapos.recipe.seleniumrunner:Recipe',
          'sheepdogtestbed = slapos.recipe.sheepdogtestbed:SheepDogTestBed',
          'shell = slapos.recipe.shell:Recipe',

--- a/slapos/recipe/reverse_proxy_nginx/__init__.py
+++ b/slapos/recipe/reverse_proxy_nginx/__init__.py
+##############################################################################
+#
+# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+import operator
+from slapos.recipe.librecipe import GenericSlapRecipe
+import zc.buildout
+
+class Recipe(GenericSlapRecipe):
+  def _install(self):
+    path_list = []
+
+    # Check for mandatory arguments
+    domain_name = self.options['domain']
+    if not domain_name:
+      raise zc.buildout.UserError('No domain name specified. Please define '
+          'the "domain" instance parameter.')
+
+    # XXX: add HTTP support
+    #https_port_number = self.options['https-port']
+    #http_port_number = self.options['http-port']
+
+    # Parse list of slaves
+    slave_instance_list = sorted(self.options['slave-instance-list'],
+                                 key=operator.itemgetter('slave_reference'))
+
+    # Now, we only take first instance and only use this one.
+    # XXX: TODO real implementation of slaves
+    zimbra_slave_instance = slave_instance_list[0]
+
+    # Generate Nginx configuration
+    nginx_configuration_dict = {
+      'listen-local-ipv4': self.options['ipv4'],
+      'listen-global-ipv6': '[%s]' % self.options['ipv6'],
+      'domain-name': domain_name,
+      'smtp-port-number': self.options['smtp-port'],
+      'error-log': self.options['error-log'],
+      'access-log': self.options['access-log'],
+      'htdocs': self.options['htdocs'],
+      'smtp-upstream-host': zimbra_slave_instance['smtp-upstream-host'],
+      'smtp-upstream-port': zimbra_slave_instance['smtp-upstream-port'],
+    }
+    nginx_configuration_file = self.createFile(
+        self.options['configuration-file'],
+        self.substituteTemplate(self.getTemplateFilename('nginx.conf.in'),
+        nginx_configuration_dict)
+    )
+    path_list.append(nginx_configuration_file)
+    
+    # Generate Nginx wrapper
+    wrapper = self.createWrapper(
+        name=self.options['wrapper'],
+        command=self.options['nginx-executable'],
+        parameters=[
+            '-c', self.options['configuration-file'],
+            '-p', self.options['home-directory']
+        ]
+    )
+
+    # TODO: reload configuration or have feature like apache_map
+
+    # Send connection informations about each slave
+    for slave_instance in slave_instance_list:
+      reference = slave_instance.get("slave_reference")
+      self.logger.debug('Sending connection parameters of slave '
+          'instance: %s' % reference)
+      try:
+        connection_dict = {
+            'listening-ipv6': self.options['ipv6'],
+            # Arbitrary, as the instance doesn't know its public IP.
+            'listening-ipv4': self.options['public-ipv4'],
+            # XXX-TODO
+            #'site_url': url,
+        }
+        self.setConnectionDict(connection_dict, reference)
+      except:
+        self.logger.fatal("Error while sending slave %s informations: %s",
+            reference, traceback.format_exc())
+
+    return path_list
--- a/slapos/recipe/reverse_proxy_nginx/template/nginx.conf.in
+++ b/slapos/recipe/reverse_proxy_nginx/template/nginx.conf.in
+daemon off;
+worker_processes 1;
+
+#XXX-Cedric: TODO separate the different logs
+error_log %(error-log)s info;
+
+events {
+        worker_connections 1024;
+        use epoll;
+}
+
+http {
+        log_format main
+                '$remote_addr - $remote_user [$time_local] '
+                '"$request" $status $bytes_sent '
+                '"$http_referer" "$http_user_agent" '
+                '"$gzip_ratio"';
+
+        server {
+                listen %(listen-local-ipv4)s:8008;
+                server_name localhost;
+                access_log %(access-log)s main;
+                error_log %(error-log)s info;
+
+                root %(htdocs)s;
+
+                location ~ $ {
+                        add_header Auth-Server %(smtp-upstream-host)s;
+                        add_header Auth-Port %(smtp-upstream-port)s;
+                        return 200;
+                }
+        }
+}
+
+mail {
+        server_name %(domain-name)s;
+
+        auth_http %(listen-local-ipv4)s:8008;
+
+        server {
+                listen %(listen-local-ipv4)s:%(smtp-port-number)s;
+                listen %(listen-global-ipv6)s:%(smtp-port-number)s;
+                protocol smtp;
+                timeout 5s;
+                proxy on;
+                xclient off;
+                smtp_auth none;
+        }
+}
--- a/software/reverse-proxy-nginx/common.cfg
+++ b/software/reverse-proxy-nginx/common.cfg
+[buildout]
+
+# XXX-Cedric: cahnge name to reverse-proxy-nginx
+
+extends =
+  ../../component/dcron/buildout.cfg
+  ../../component/gzip/buildout.cfg
+  ../../component/logrotate/buildout.cfg
+  ../../component/nginx/buildout.cfg
+  ../../component/openssl/buildout.cfg
+  ../../stack/slapos.cfg
+
+parts =
+  slapos-cookbook
+  eggs
+  instance-profile
+
+[eggs]
+recipe = zc.recipe.egg
+eggs =
+  slapos.toolbox
+
+[instance-profile]
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance.cfg.in
+output = ${buildout:directory}/instance.cfg
+#md5sum = 650cd2527158734fd6ccd9ec374b5e69
+mode = 0644
+
--- a/software/reverse-proxy-nginx/development.cfg
+++ b/software/reverse-proxy-nginx/development.cfg
+[buildout]
+extends =
+  ../../component/git/buildout.cfg
+  common.cfg
+
+parts +=
+  slapos.cookbook-repository
+  check-recipe
+
+develop =
+  ${:parts-directory}/slapos.cookbook-repository
+
+[slapos.cookbook-repository]
+recipe = slapos.recipe.build:gitclone
+repository = http://git.erp5.org/repos/slapos.git
+branch = slaprunner
+git-executable = ${git:location}/bin/git
+
+[check-recipe]
+recipe = plone.recipe.command
+stop-on-error = true
+update-command = ${:command}
+command =
+  grep parts ${buildout:develop-eggs-directory}/slapos.cookbook.egg-link
--- a/software/reverse-proxy-nginx/instance.cfg.in
+++ b/software/reverse-proxy-nginx/instance.cfg.in
+[buildout]
+parts =
+  directory
+  reverse-proxy
+  certificate-authority
+  ca-nginx
+  logrotate
+  logrotate-entry-nginx
+  cron
+  cron-entry-logrotate
+  smtp-port-promise
+  publish-connection-parameter
+
+# Define egg directories to be the one from Software Release
+# (/opt/slapgrid/...)
+eggs-directory = ${buildout:eggs-directory}
+develop-eggs-directory = ${buildout:develop-eggs-directory}
+offline = true
+
+# Fetch parameters defined in SlapOS Master for this instance
+[instance-parameter]
+recipe = slapos.cookbook:slapconfiguration
+computer = $${slap-connection:computer-id}
+partition = $${slap-connection:partition-id}
+url = $${slap-connection:server-url}
+key = $${slap-connection:key-file}
+cert = $${slap-connection:cert-file}
+
+# Set default parameters
+configuration.slave-instance-list =
+configuration.domain = un-hardcode-me
+#configuration.http-port = 80
+#configuration.https-port = 443
+configuration.smtp-port = 25
+configuration.public-ipv4 =
+
+# Create needed directories
+[directory]
+recipe = slapos.cookbook:mkdirectory
+home = $${buildout:directory}
+bin = $${:home}/bin
+etc = $${:home}/etc
+srv = $${:home}/srv
+var = $${:home}/var
+
+service = $${:etc}/service
+promise = $${:etc}/promise
+backup = $${:srv}/backup
+log = $${:var}/log
+run = $${:var}/run
+
+ca-dir = $${:srv}/ssl
+ca-requests = $${:ca-dir}/requests
+ca-private = $${:ca-dir}/private
+ca-certs = $${:ca-dir}/certs
+ca-newcerts = $${:ca-dir}/newcerts
+ca-crl = $${:ca-dir}/crl
+
+nginx-configuration = $${:etc}/nginx
+nginx-ssl = $${:ca-dir}/nginx
+nginx-log = $${:home}/logs
+nginx-htdocs = $${:srv}/www
+
+cron-entries = $${:etc}/cron.d
+crontabs = $${:etc}/crontabs
+cronstamps = $${:etc}/cronstamps
+
+logrotate-entries = $${:etc}/logrotate.d
+logrotate-backup = $${:backup}/logrotate
+
+
+# Deploy nginx and publish connection parameters inside of the recipe
+[reverse-proxy]
+recipe = slapos.cookbook:reverseproxy.nginx
+nginx-executable = ${nginx-unstable:location}/sbin/nginx
+wrapper = $${directory:bin}/nginx
+
+configuration-file = $${directory:nginx-configuration}/nginx.conf
+
+ipv6 = $${instance-parameter:ipv6-random}
+ipv4 = $${instance-parameter:ipv4-random}
+slave-instance-list = $${instance-parameter:slave-instance-list}
+#http-port = $${instance-parameter:http-port}
+#https-port = $${instance-parameter:https-port}
+smtp-port = $${instance-parameter:configuration.smtp-port}
+domain = $${instance-parameter:configuration.domain}
+
+access-log = $${directory:nginx-log}/access.log
+error-log = $${directory:nginx-log}/error.log
+
+key-file = $${directory:nginx-configuration}/nginx.key
+cert-file = $${directory:nginx-configuration}/nginx.crt
+
+pid-file = $${directory:run}/nginx
+
+htdocs = $${directory:nginx-htdocs}
+home-directory = $${directory:home}
+
+# Set the public IPs (if possible) as slave connection parameter so that user knows what IP
+# to bind to its domain name
+public-ipv4 = $${instance-parameter:configuration.public-ipv4}
+
+# Create and handle certificate related stuffs, including encapsulating run of nginx executable
+[certificate-authority]
+recipe = slapos.cookbook:certificate_authority
+openssl-binary = ${openssl:location}/bin/openssl
+ca-dir = $${directory:ca-dir}
+requests-directory = $${directory:ca-requests}
+wrapper = $${directory:service}/ca
+ca-private = $${directory:ca-private}
+ca-certs = $${directory:ca-certs}
+ca-newcerts = $${directory:ca-newcerts}
+ca-crl = $${directory:ca-crl}
+
+[ca-nginx]
+<= certificate-authority
+recipe = slapos.cookbook:certificate_authority.request
+executable = $${reverse-proxy:wrapper}
+wrapper = $${directory:service}/nginx
+key-file = $${reverse-proxy:key-file}
+cert-file = $${reverse-proxy:cert-file}
+
+
+# Deploy logrotate
+[logrotate]
+recipe = slapos.cookbook:logrotate
+# Binaries
+logrotate-binary = ${logrotate:location}/usr/sbin/logrotate
+gzip-binary = ${gzip:location}/bin/gzip
+gunzip-binary = ${gzip:location}/bin/gunzip
+# Directories
+wrapper = $${directory:bin}/logrotate
+conf = $${directory:etc}/logrotate.conf
+logrotate-entries = $${directory:logrotate-entries}
+backup = $${directory:logrotate-backup}
+state-file = $${directory:srv}/logrotate.status
+
+[logrotate-entry-nginx]
+<= logrotate
+recipe = slapos.cookbook:logrotate.d
+name = nginx
+log = $${reverse-proxy:access-log} $${reverse-proxy:error-log}
+frequency = daily
+rotate-num = 30
+post = ${buildout:bin-directory}/killpidfromfile $${reverse-proxy:pid-file} SIGUSR1
+sharedscripts = true
+notifempty = true
+create = true
+
+
+# Deploy cron and configure it
+[cron-simplelogger]
+recipe = slapos.cookbook:simplelogger
+wrapper = $${directory:bin}/cron_simplelogger
+log = $${directory:log}/crond.log
+
+[cron]
+recipe = slapos.cookbook:cron
+dcrond-binary = ${dcron:location}/sbin/crond
+cron-entries = $${directory:cron-entries}
+crontabs = $${directory:crontabs}
+cronstamps = $${directory:cronstamps}
+catcher = $${cron-simplelogger:wrapper}
+binary = $${directory:service}/crond
+
+[cron-entry-logrotate]
+<= cron
+recipe = slapos.cookbook:cron.d
+name = logrotate
+frequency = 0 0 * * *
+command = $${logrotate:wrapper}
+
+
+# Check promises
+[smtp-port-promise]
+recipe = slapos.cookbook:check_port_listening
+path = $${directory:promise}/smtp-port-promise
+hostname = $${instance-parameter:ipv6-random}
+port = $${instance-parameter:configuration.smtp-port}
+
+
+# Publish instance connection parameters
+# Note: Parameters of slaves are published in the reverse-proxy recipe
+[publish-connection-parameter]
+recipe = slapos.cookbook:publish
+ipv4 = $${instance-parameter:ipv4-random}
+ipv6 = $${instance-parameter:ipv6-random}
+