Commit 3c2a9b13 authored by Cédric Le Ninivin's avatar Cédric Le Ninivin

apache-frontend: Remove stunnel from apache frontend recipe

parent 4b915f9b
...@@ -64,8 +64,6 @@ class Recipe(BaseSlapRecipe): ...@@ -64,8 +64,6 @@ class Recipe(BaseSlapRecipe):
self.path_list = [] self.path_list = []
self.requirements, self.ws = self.egg.working_set() self.requirements, self.ws = self.egg.working_set()
# self.cron_d is a directory, where cron jobs can be registered
self.cron_d = self.installCrond()
self.killpidfromfile = zc.buildout.easy_install.scripts( self.killpidfromfile = zc.buildout.easy_install.scripts(
[('killpidfromfile', 'slapos.toolbox.killpidfromfile', [('killpidfromfile', 'slapos.toolbox.killpidfromfile',
'killpidfromfile')], self.ws, sys.executable, self.bin_directory)[0] 'killpidfromfile')], self.ws, sys.executable, self.bin_directory)[0]
...@@ -163,27 +161,30 @@ class Recipe(BaseSlapRecipe): ...@@ -163,27 +161,30 @@ class Recipe(BaseSlapRecipe):
rewrite_rule_list.append(rewrite_rule) rewrite_rule_list.append(rewrite_rule)
# Certificate stuff # Certificate stuff
valid_certificate_str = self.parameter_dict.get("domain_ssl_ca_cert") #valid_certificate_str = self.parameter_dict.get("domain_ssl_ca_cert")
valid_key_str = self.parameter_dict.get("domain_ssl_ca_key") #valid_key_str = self.parameter_dict.get("domain_ssl_ca_key")
if valid_certificate_str is None and valid_key_str is None: #if valid_certificate_str is None and valid_key_str is None:
ca_conf = self.installCertificateAuthority() # ca_conf = self.installCertificateAuthority()
key, certificate = self.requestCertificate(frontend_domain_name) # key, certificate = self.requestCertificate(frontend_domain_name)
else: #else:
ca_conf = self.installValidCertificateAuthority( # ca_conf = self.installValidCertificateAuthority(
frontend_domain_name, valid_certificate_str, valid_key_str) # frontend_domain_name, valid_certificate_str, valid_key_str)
key = ca_conf.pop("key") # key = ca_conf.pop("key")
certificate = ca_conf.pop("certificate") # certificate = ca_conf.pop("certificate")
if service_dict != {}: #if service_dict != {}:
if valid_certificate_str is not None and valid_key_str is not None: # if valid_certificate_str is not None and valid_key_str is not None:
self.installCertificateAuthority() # self.installCertificateAuthority()
stunnel_key, stunnel_certificate = \ # stunnel_key, stunnel_certificate = \
self.requestCertificate(frontend_domain_name) # self.requestCertificate(frontend_domain_name)
else: # else:
stunnel_key, stunnel_certificate = key, certificate # stunnel_key, stunnel_certificate = key, certificate
self.installStunnel(service_dict, stunnel_key, stunnel_certificate = self.options['key_path'], self.options['cert_path']
stunnel_certificate, stunnel_key,
ca_conf["ca_crl"], key, certificate = self.options['key_path'], self.options['cert_path']
ca_conf["certificate_authority_path"]) #self.installStunnel(service_dict,
# stunnel_certificate, stunnel_key,
# self.options["ca_crl"],
# self.options["ca_dir"])
apache_parameter_dict = self.installFrontendApache( apache_parameter_dict = self.installFrontendApache(
ip_list=["[%s]" % self.getGlobalIPv6Address(), ip_list=["[%s]" % self.getGlobalIPv6Address(),
...@@ -272,13 +273,13 @@ class Recipe(BaseSlapRecipe): ...@@ -272,13 +273,13 @@ class Recipe(BaseSlapRecipe):
service_name = "squid_%s" % reference service_name = "squid_%s" % reference
squid_ip = self.getLocalIPv4Address() squid_ip = self.getLocalIPv4Address()
stunnel_port = base_squid_port + 1 stunnel_port = base_squid_port + 1
#self.installSquidCache(service_name, # self.installSquidCache(service_name,
# ip=squid_ip, # ip=squid_ip,
# port=base_squid_port, # port=base_squid_port,
# backend_host=squid_ip, # backend_host=squid_ip,
# backend_port=stunnel_port, # backend_port=stunnel_port,
# domain=domain, # domain=domain,
# size="1G") # size="1G")
service_dict[service_name] = dict(public_ip=squid_ip, service_dict[service_name] = dict(public_ip=squid_ip,
public_port=stunnel_port, public_port=stunnel_port,
private_ip=slave_host.replace("[", "").replace("]", ""), private_ip=slave_host.replace("[", "").replace("]", ""),
...@@ -286,245 +287,208 @@ class Recipe(BaseSlapRecipe): ...@@ -286,245 +287,208 @@ class Recipe(BaseSlapRecipe):
return "%s http://%s:%s" % \ return "%s http://%s:%s" % \
(domain, squid_ip, base_squid_port) (domain, squid_ip, base_squid_port)
def installSquidCache(self, name, ip, port, backend_host, # def installSquidCache(self, name, ip, port, backend_host,
backend_port, domain, size="1G"): # backend_port, domain, size="1G"):
""" # """
Install a squid daemon for a certain address # Install a squid daemon for a certain address
""" # """
# directory = self.createDataDirectory(name) ## directory = self.createDataDirectory(name)
# squid_config = dict( ## squid_config = dict(
# directory=directory, ## directory=directory,
# pid = "%s/squid.pid" % directory, ## pid = "%s/squid.pid" % directory,
# port="%s:%s" % (ip, port), ## port="%s:%s" % (ip, port),
# squidd_binary=self.options["squidd_binary"], ## squidd_binary=self.options["squidd_binary"],
# control_port="%s:%s" % (ip, control_port), ## control_port="%s:%s" % (ip, control_port),
# storage="file,%s/storage.bin,%s" % (directory, size)) ## storage="file,%s/storage.bin,%s" % (directory, size))
#
# ##
# squid_argument_list = [squid_config['squidd_binary'].strip(), ## squid_argument_list = [squid_config['squidd_binary'].strip(),
# "-F", "-n", directory, "-P", squid_config["pid"], "-p", ## "-F", "-n", directory, "-P", squid_config["pid"], "-p",
# "cc_command=exec %s " % self.options["gcc_binary"] +\ ## "cc_command=exec %s " % self.options["gcc_binary"] +\
# "-fpic -shared -o %o %s", ## "-fpic -shared -o %o %s",
# "-f", config_file, ## "-f", config_file,
# "-a", squid_config["port"], "-T", squid_config["control_port"], ## "-a", squid_config["port"], "-T", squid_config["control_port"],
# "-s", squid_config["storage"]] ## "-s", squid_config["storage"]]
# environment = dict(PATH="%s:%s" % (self.options["binutils_directory"], ## environment = dict(PATH="%s:%s" % (self.options["binutils_directory"],
# os.environ.get('PATH'))) ## os.environ.get('PATH')))
# wrapper = zc.buildout.easy_install.scripts([(name, ## wrapper = zc.buildout.easy_install.scripts([(name,
# 'slapos.recipe.librecipe.execute', 'executee')], self.ws, ## 'slapos.recipe.librecipe.execute', 'executee')], self.ws,
# sys.executable, self.service_directory, arguments=[squid_argument_list, ## sys.executable, self.service_directory, arguments=[squid_argument_list,
# environment])[0] ## environment])[0]
# self.path_list.append(wrapper) ## self.path_list.append(wrapper)
#
#
# directory = self.createDataDirectory(name) ## directory = self.createDataDirectory(name)
config = dict( # config = dict(
ip=ip, # ip=ip,
port=port, # port=port,
backend_ip=backend_host, # backend_ip=backend_host,
backend_port=backend_port, # backend_port=backend_port,
domain=domain, # domain=domain,
# XXX Hardcoded # # XXX Hardcoded
access_log_path = os.path.join(self.log_directory, 'squid.access.log'), # access_log_path = os.path.join(self.log_directory, 'squid.access.log'),
# XXX Hardcoded # # XXX Hardcoded
cache_log_path = os.path.join(self.log_directory, 'squid.cache.log'), # cache_log_path = os.path.join(self.log_directory, 'squid.cache.log'),
# cache_path=self.options['cache-path'], ## cache_path=self.options['cache-path'],
# XXX Hardcoded # # XXX Hardcoded
pid_filename_path=os.path.join(self.run_directory, 'squid.pid'), # pid_filename_path=os.path.join(self.run_directory, 'squid.pid'),
squid_binary=self.options["squid_binary"], # squid_binary=self.options["squid_binary"],
) # )
#
template_filename = self.getTemplateFilename('squid.conf.in') # template_filename = self.getTemplateFilename('squid.conf.in')
config_file = self.createConfigurationFile("%s.conf" % name, # config_file = self.createConfigurationFile("%s.conf" % name,
self.substituteTemplate(self.getTemplateFilename('squid.conf.in'), # self.substituteTemplate(self.getTemplateFilename('squid.conf.in'),
config)) # config))
#
# # Prepare directories ## # Prepare directories
# prepare_path = self.createPythonScript( ## prepare_path = self.createPythonScript(
# self.options['prepare-path'], ## self.options['prepare-path'],
# 'slapos.recipe.librecipe.execute.execute', ## 'slapos.recipe.librecipe.execute.execute',
# arguments=[self.options['binary-path'].strip(), ## arguments=[self.options['binary-path'].strip(),
# '-z', ## '-z',
# '-f', configuration_path, ## '-f', configuration_path,
# ],) ## ],)
# ##
# # Create running wrapper ## # Create running wrapper
# wrapper_path = self.createPythonScript( ## wrapper_path = self.createPythonScript(
# self.options['wrapper-path'], ## self.options['wrapper-path'],
# 'slapos.recipe.librecipe.execute.execute', ## 'slapos.recipe.librecipe.execute.execute',
# arguments=[self.options['binary-path'].strip(), ## arguments=[self.options['binary-path'].strip(),
# '-N', ## '-N',
# '-f', configuration_path, ## '-f', configuration_path,
# ],) ## ],)
# ##
# return [configuration_path, wrapper_path, prepare_path] ## return [configuration_path, wrapper_path, prepare_path]
#
squid_argument_list = [config['squid_binary'].strip(), # squid_argument_list = [config['squid_binary'].strip(),
"-N", "-f", config_file] # "-N", "-f", config_file]
# "cc_command=exec %s " % self.options["gcc_binary"] +\ ## "cc_command=exec %s " % self.options["gcc_binary"] +\
# "-fpic -shared -o %o %s", ## "-fpic -shared -o %o %s",
# "-f", config_file, ## "-f", config_file,
# "-a", config["port"], "-T", config["control_port"], ## "-a", config["port"], "-T", config["control_port"],
# "-s", config["storage"]] ## "-s", config["storage"]]
environment = dict(PATH="%s:%s" % (self.options["binutils_directory"], # environment = dict(PATH="%s:%s" % (self.options["binutils_directory"],
os.environ.get('PATH'))) # os.environ.get('PATH')))
wrapper = zc.buildout.easy_install.scripts([(name, # wrapper = zc.buildout.easy_install.scripts([(name,
'slapos.recipe.librecipe.execute', 'executee')], self.ws, # 'slapos.recipe.librecipe.execute', 'executee')], self.ws,
sys.executable, self.service_directory, arguments=[squid_argument_list, # sys.executable, self.service_directory, arguments=[squid_argument_list,
environment])[0] # environment])[0]
self.path_list.append(wrapper) # self.path_list.append(wrapper)
#
return config # return config
# def requestCertificate(self, name):
# hash = hashlib.sha512(name).hexdigest()
# key = os.path.join(self.ca_private, hash + self.ca_key_ext)
def configureVarnishSlave(self, base_varnish_port, url, reference, # certificate = os.path.join(self.ca_certs, hash + self.ca_crt_ext)
service_dict, domain): # parser = ConfigParser.RawConfigParser()
# Varnish should use stunnel to connect to the backend # parser.add_section('certificate')
base_varnish_control_port = base_varnish_port # parser.set('certificate', 'name', name)
base_varnish_port += 1 # parser.set('certificate', 'key_file', key)
# Use regex # parser.set('certificate', 'certificate_file', certificate)
host_regex = "((\[\w*|[0-9]+\.)(\:|)).*(\]|\.[0-9]+)" # parser.write(open(os.path.join(self.ca_request_dir, hash), 'w'))
slave_host = re.search(host_regex, url).group(0) # return key, certificate
port_regex = "\w+(\/|)$"
matcher = re.search(port_regex, url) # def installCrond(self):
if matcher is not None: # timestamps = self.createDataDirectory('cronstamps')
slave_port = matcher.group(0) # cron_output = os.path.join(self.log_directory, 'cron-output')
slave_port = slave_port.replace("/", "") # self._createDirectory(cron_output)
elif url.startswith("https://"): # catcher = zc.buildout.easy_install.scripts([('catchcron',
slave_port = 443 # __name__ + '.catdatefile', 'catdatefile')], self.ws, sys.executable,
else: # self.bin_directory, arguments=[cron_output])[0]
slave_port = 80 # self.path_list.append(catcher)
service_name = "varnish_%s" % reference # cron_d = os.path.join(self.etc_directory, 'cron.d')
varnish_ip = self.getLocalIPv4Address() # crontabs = os.path.join(self.etc_directory, 'crontabs')
stunnel_port = base_varnish_port + 1 # self._createDirectory(cron_d)
self.installVarnishCache(service_name, # self._createDirectory(crontabs)
ip=varnish_ip, # wrapper = zc.buildout.easy_install.scripts([('crond',
port=base_varnish_port, # 'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
control_port=base_varnish_control_port, # self.service_directory, arguments=[
backend_host=varnish_ip, # self.options['dcrond_binary'].strip(), '-s', cron_d, '-c', crontabs,
backend_port=stunnel_port, # '-t', timestamps, '-f', '-l', '5', '-M', catcher]
size="1G") # )[0]
service_dict[service_name] = dict(public_ip=varnish_ip, # self.path_list.append(wrapper)
public_port=stunnel_port, # return cron_d
private_ip=slave_host.replace("[", "").replace("]", ""),
private_port=slave_port) # def installValidCertificateAuthority(self, domain_name, certificate, key):
return "%s http://%s:%s" % \ # ca_dir = os.path.join(self.data_root_directory, 'ca')
(domain, varnish_ip, base_varnish_port) # ca_private = os.path.join(ca_dir, 'private')
# ca_certs = os.path.join(ca_dir, 'certs')
def requestCertificate(self, name): # ca_crl = os.path.join(ca_dir, 'crl')
hash = hashlib.sha512(name).hexdigest() # self._createDirectory(ca_dir)
key = os.path.join(self.ca_private, hash + self.ca_key_ext) # for path in (ca_private, ca_certs, ca_crl):
certificate = os.path.join(self.ca_certs, hash + self.ca_crt_ext) # self._createDirectory(path)
parser = ConfigParser.RawConfigParser() # key_path = os.path.join(ca_private, domain_name + ".key")
parser.add_section('certificate') # certificate_path = os.path.join(ca_certs, domain_name + ".crt")
parser.set('certificate', 'name', name) # self._writeFile(key_path, key)
parser.set('certificate', 'key_file', key) # self._writeFile(certificate_path, certificate)
parser.set('certificate', 'certificate_file', certificate) # return dict(certificate_authority_path=ca_dir,
parser.write(open(os.path.join(self.ca_request_dir, hash), 'w')) # ca_crl=ca_crl,
return key, certificate # certificate=certificate_path,
# key=key_path)
def installCrond(self): #
timestamps = self.createDataDirectory('cronstamps') # def installCertificateAuthority(self, ca_country_code='XX',
cron_output = os.path.join(self.log_directory, 'cron-output') # ca_email='xx@example.com', ca_state='State', ca_city='City',
self._createDirectory(cron_output) # ca_company='Company'):
catcher = zc.buildout.easy_install.scripts([('catchcron', # backup_path = self.createBackupDirectory('ca')
__name__ + '.catdatefile', 'catdatefile')], self.ws, sys.executable, # self.ca_dir = os.path.join(self.data_root_directory, 'ca')
self.bin_directory, arguments=[cron_output])[0] # self._createDirectory(self.ca_dir)
self.path_list.append(catcher) # self.ca_request_dir = os.path.join(self.ca_dir, 'requests')
cron_d = os.path.join(self.etc_directory, 'cron.d') # self._createDirectory(self.ca_request_dir)
crontabs = os.path.join(self.etc_directory, 'crontabs') # config = dict(ca_dir=self.ca_dir, request_dir=self.ca_request_dir)
self._createDirectory(cron_d) # self.ca_private = os.path.join(self.ca_dir, 'private')
self._createDirectory(crontabs) # self.ca_certs = os.path.join(self.ca_dir, 'certs')
wrapper = zc.buildout.easy_install.scripts([('crond', # self.ca_crl = os.path.join(self.ca_dir, 'crl')
'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable, # self.ca_newcerts = os.path.join(self.ca_dir, 'newcerts')
self.service_directory, arguments=[ # self.ca_key_ext = '.key'
self.options['dcrond_binary'].strip(), '-s', cron_d, '-c', crontabs, # self.ca_crt_ext = '.crt'
'-t', timestamps, '-f', '-l', '5', '-M', catcher] # for d in [self.ca_private, self.ca_crl, self.ca_newcerts, self.ca_certs]:
)[0] # self._createDirectory(d)
self.path_list.append(wrapper) # for f in ['crlnumber', 'serial']:
return cron_d # if not os.path.exists(os.path.join(self.ca_dir, f)):
# open(os.path.join(self.ca_dir, f), 'w').write('01')
def installValidCertificateAuthority(self, domain_name, certificate, key): # if not os.path.exists(os.path.join(self.ca_dir, 'index.txt')):
ca_dir = os.path.join(self.data_root_directory, 'ca') # open(os.path.join(self.ca_dir, 'index.txt'), 'w').write('')
ca_private = os.path.join(ca_dir, 'private') # openssl_configuration = os.path.join(self.ca_dir, 'openssl.cnf')
ca_certs = os.path.join(ca_dir, 'certs') # config.update(
ca_crl = os.path.join(ca_dir, 'crl') # working_directory=self.ca_dir,
self._createDirectory(ca_dir) # country_code=ca_country_code,
for path in (ca_private, ca_certs, ca_crl): # state=ca_state,
self._createDirectory(path) # city=ca_city,
key_path = os.path.join(ca_private, domain_name + ".key") # company=ca_company,
certificate_path = os.path.join(ca_certs, domain_name + ".crt") # email_address=ca_email,
self._writeFile(key_path, key) # )
self._writeFile(certificate_path, certificate) # self._writeFile(openssl_configuration, pkg_resources.resource_string(
return dict(certificate_authority_path=ca_dir, # __name__, 'template/openssl.cnf.ca.in') % config)
ca_crl=ca_crl, #
certificate=certificate_path, # # XXX-Cedric: Don't use this, but use slapos.recipe.certificate_authority
key=key_path) # # from the instance profile.
# self.path_list.extend(zc.buildout.easy_install.scripts([
def installCertificateAuthority(self, ca_country_code='XX', # ('certificate_authority', __name__ + '.certificate_authority',
ca_email='xx@example.com', ca_state='State', ca_city='City', # 'runCertificateAuthority')],
ca_company='Company'): # self.ws, sys.executable, self.service_directory, arguments=[dict(
backup_path = self.createBackupDirectory('ca') # openssl_configuration=openssl_configuration,
self.ca_dir = os.path.join(self.data_root_directory, 'ca') # openssl_binary=self.options['openssl_binary'],
self._createDirectory(self.ca_dir) # certificate=os.path.join(self.ca_dir, 'cacert.pem'),
self.ca_request_dir = os.path.join(self.ca_dir, 'requests') # key=os.path.join(self.ca_private, 'cakey.pem'),
self._createDirectory(self.ca_request_dir) # crl=os.path.join(self.ca_crl),
config = dict(ca_dir=self.ca_dir, request_dir=self.ca_request_dir) # request_dir=self.ca_request_dir
self.ca_private = os.path.join(self.ca_dir, 'private') # )]))
self.ca_certs = os.path.join(self.ca_dir, 'certs')
self.ca_crl = os.path.join(self.ca_dir, 'crl')
self.ca_newcerts = os.path.join(self.ca_dir, 'newcerts')
self.ca_key_ext = '.key'
self.ca_crt_ext = '.crt'
for d in [self.ca_private, self.ca_crl, self.ca_newcerts, self.ca_certs]:
self._createDirectory(d)
for f in ['crlnumber', 'serial']:
if not os.path.exists(os.path.join(self.ca_dir, f)):
open(os.path.join(self.ca_dir, f), 'w').write('01')
if not os.path.exists(os.path.join(self.ca_dir, 'index.txt')):
open(os.path.join(self.ca_dir, 'index.txt'), 'w').write('')
openssl_configuration = os.path.join(self.ca_dir, 'openssl.cnf')
config.update(
working_directory=self.ca_dir,
country_code=ca_country_code,
state=ca_state,
city=ca_city,
company=ca_company,
email_address=ca_email,
)
self._writeFile(openssl_configuration, pkg_resources.resource_string(
__name__, 'template/openssl.cnf.ca.in') % config)
# XXX-Cedric: Don't use this, but use slapos.recipe.certificate_authority
# from the instance profile.
self.path_list.extend(zc.buildout.easy_install.scripts([
('certificate_authority', __name__ + '.certificate_authority',
'runCertificateAuthority')],
self.ws, sys.executable, self.service_directory, arguments=[dict(
openssl_configuration=openssl_configuration,
openssl_binary=self.options['openssl_binary'],
certificate=os.path.join(self.ca_dir, 'cacert.pem'),
key=os.path.join(self.ca_private, 'cakey.pem'),
crl=os.path.join(self.ca_crl),
request_dir=self.ca_request_dir
)]))
# configure backup # configure backup
backup_cron = os.path.join(self.cron_d, 'ca_rdiff_backup') #backup_cron = os.path.join(self.cron_d, 'ca_rdiff_backup')
open(backup_cron, 'w').write( #open(backup_cron, 'w').write(
'''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''%dict( # '''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''%dict(
rdiff_backup=self.options['rdiff_backup_binary'], # rdiff_backup=self.options['rdiff_backup_binary'],
source=self.ca_dir, # source=self.ca_dir,
destination=backup_path)) # destination=backup_path))
self.path_list.append(backup_cron) #self.path_list.append(backup_cron)
return dict( # return dict(
ca_certificate=os.path.join(config['ca_dir'], 'cacert.pem'), # ca_certificate=os.path.join(config['ca_dir'], 'cacert.pem'),
ca_crl=os.path.join(config['ca_dir'], 'crl'), # ca_crl=os.path.join(config['ca_dir'], 'crl'),
certificate_authority_path=config['ca_dir'] # certificate_authority_path=config['ca_dir']
) # )
def _getApacheConfigurationDict(self, name, ip_list, port): def _getApacheConfigurationDict(self, name, ip_list, port):
apache_conf = dict() apache_conf = dict()
...@@ -543,41 +507,6 @@ class Recipe(BaseSlapRecipe): ...@@ -543,41 +507,6 @@ class Recipe(BaseSlapRecipe):
apache_conf['access_log'] = self.options['access-log'] apache_conf['access_log'] = self.options['access-log']
return apache_conf return apache_conf
def installVarnishCache(self, name, ip, port, control_port, backend_host,
backend_port, size="1G"):
"""
Install a varnish daemon for a certain address
"""
directory = self.createDataDirectory(name)
varnish_config = dict(
directory=directory,
pid = "%s/varnish.pid" % directory,
port="%s:%s" % (ip, port),
varnishd_binary=self.options["varnishd_binary"],
control_port="%s:%s" % (ip, control_port),
storage="file,%s/storage.bin,%s" % (directory, size))
config_file = self.createConfigurationFile("%s.conf" % name,
self.substituteTemplate(self.getTemplateFilename('varnish.vcl.in'),
dict(backend_host=backend_host, backend_port=backend_port)))
varnish_argument_list = [varnish_config['varnishd_binary'].strip(),
"-F", "-n", directory, "-P", varnish_config["pid"], "-p",
"cc_command=exec %s " % self.options["gcc_binary"] +\
"-fpic -shared -o %o %s",
"-f", config_file,
"-a", varnish_config["port"], "-T", varnish_config["control_port"],
"-s", varnish_config["storage"]]
environment = dict(PATH="%s:%s" % (self.options["binutils_directory"],
os.environ.get('PATH')))
wrapper = zc.buildout.easy_install.scripts([(name,
'slapos.recipe.librecipe.execute', 'executee')], self.ws,
sys.executable, self.service_directory, arguments=[varnish_argument_list,
environment])[0]
self.path_list.append(wrapper)
return varnish_config
def installStunnel(self, service_dict, certificate, def installStunnel(self, service_dict, certificate,
key, ca_crl, ca_path): key, ca_crl, ca_path):
"""Installs stunnel """Installs stunnel
...@@ -669,14 +598,14 @@ class Recipe(BaseSlapRecipe): ...@@ -669,14 +598,14 @@ class Recipe(BaseSlapRecipe):
open(custom_apache_virtual_configuration_file_location, 'w') open(custom_apache_virtual_configuration_file_location, 'w')
# Create backup of custom apache configuration # Create backup of custom apache configuration
backup_path = self.createBackupDirectory('custom_apache_conf_backup') #backup_path = self.createBackupDirectory('custom_apache_conf_backup')
backup_cron = os.path.join(self.cron_d, 'custom_apache_conf_backup') #backup_cron = os.path.join(self.cron_d, 'custom_apache_conf_backup')
open(backup_cron, 'w').write( #open(backup_cron, 'w').write(
'''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''%dict( # '''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''%dict(
rdiff_backup=self.options['rdiff_backup_binary'], # rdiff_backup=self.options['rdiff_backup_binary'],
source=custom_apache_configuration_directory, # source=custom_apache_configuration_directory,
destination=backup_path)) # destination=backup_path))
self.path_list.append(backup_cron) #self.path_list.append(backup_cron)
# Create configuration file and rewritemaps # Create configuration file and rewritemaps
apachemap_path = self.createConfigurationFile( apachemap_path = self.createConfigurationFile(
......
...@@ -37,6 +37,7 @@ cronstamps = $${:etc}/cronstamps ...@@ -37,6 +37,7 @@ cronstamps = $${:etc}/cronstamps
ca-dir = $${:srv}/ssl ca-dir = $${:srv}/ssl
squid-cache = $${:srv}/squid_cache squid-cache = $${:srv}/squid_cache
stunnel-conf = $${:etc}/stunnel
[instance-parameter] [instance-parameter]
# Fetches parameters defined in SlapOS Master for this instance. # Fetches parameters defined in SlapOS Master for this instance.
...@@ -115,6 +116,31 @@ wrapper = $${directory:service}/apache_frontend ...@@ -115,6 +116,31 @@ wrapper = $${directory:service}/apache_frontend
# Put domain name # Put domain name
name = $${instance-parameter:configuration.domain} name = $${instance-parameter:configuration.domain}
[ca-stunnel]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = $${directory:stunnel-conf}/stunnel.key
cert-file = $${directory:stunnel-conf}/stunnel.crt
executable = $${stunnel:wrapper}
wrapper = $${basedirectory:services}/stunnel
[stunnel]
recipe = slapos.cookbook:stunnel
stunnel-binary = ${stunnel:location}/bin/stunnel
wrapper = $${directory:bin}/stunnel
log-file = $${directory:log}/stunnel.log
config-file = $${directory:etc}/stunnel.conf
key-file = $${ca-stunnel:key-file}
cert-file = $${ca-stunnel:cert-file}
pid-file = $${directory:run}/stunnel.pid
local-port = $${squid-hardcoded:backend-port}
local-host = $${squid-hardcoded:backend-ip}
remote-host = $${squid-hardcoded:remote-host}
remote-port = $${squid-hardcoded:remote-port}
client = false
post-rotate-script = $${directory:bin}/stunnel_post_rotate
[cron] [cron]
recipe = slapos.cookbook:cron recipe = slapos.cookbook:cron
dcrond-binary = ${dcron:location}/sbin/crond dcrond-binary = ${dcron:location}/sbin/crond
...@@ -183,4 +209,6 @@ ip = 10.0.24.140 ...@@ -183,4 +209,6 @@ ip = 10.0.24.140
port = 26010 port = 26010
backend-ip = 10.0.24.140 backend-ip = 10.0.24.140
backend-port = 26011 backend-port = 26011
domain = softinst34784.bateau.org domain = softinst34784.bateau.org
\ No newline at end of file remote-host = 2001:470:1f14:169:d418:9eb7:1bea:8983
remote-port = 16001
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment