Add nginx-reverse-proxy Software Release.

parent 478b2e13
...@@ -157,6 +157,7 @@ setup(name=name, ...@@ -157,6 +157,7 @@ setup(name=name,
'request = slapos.recipe.request:Recipe', 'request = slapos.recipe.request:Recipe',
'request.serialised = slapos.recipe.request:Serialised', 'request.serialised = slapos.recipe.request:Serialised',
'requestoptional = slapos.recipe.request:RequestOptional', 'requestoptional = slapos.recipe.request:RequestOptional',
'reverseproxy.nginx = slapos.recipe.reverse_proxy_nginx:Recipe',
'seleniumrunner = slapos.recipe.seleniumrunner:Recipe', 'seleniumrunner = slapos.recipe.seleniumrunner:Recipe',
'sheepdogtestbed = slapos.recipe.sheepdogtestbed:SheepDogTestBed', 'sheepdogtestbed = slapos.recipe.sheepdogtestbed:SheepDogTestBed',
'shell = slapos.recipe.shell:Recipe', 'shell = slapos.recipe.shell:Recipe',
......
##############################################################################
#
# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
from slapos.recipe.librecipe import GenericSlapRecipe
import zc.buildout
class Recipe(GenericSlapRecipe):
def _install(self):
path_list = []
# Check for mandatory arguments
domain_name = self.options['domain']
if not domain_name:
raise zc.buildout.UserError('No domain name specified. Please define '
'the "domain" instance parameter.')
# Fetch all parameters
https_port_number = self.options['https-port']
http_port_number = self.options['http-port']
smtp_port_number = self.options['smtp-port']
slave_instance_list = self.options['slave-instance-list']
ipv4 = self.options['ipv4']
ipv6 = '[%s]' % self.options['ipv6']
access_log = self.options['access-log']
error_log = self.options['error-log']
htdocs = self.options['htdocs']
# Parse list of slaves
# Generate Nginx configuration
nginx_configuration_dict = {
'listen_local_ipv4': ipv4,
'listen_global_ipv6': ipv6,
'domain_name': domain_name,
'smtp_port_number': smtp_port_number,
'error_log': error_log,
'access_log': access_log,
'htdocs': htdocs,
}
nginx_configuration_file = self.createFile(
self.options['configuration-file'],
self.substituteTemplate(self.getTemplateFilename('nginx.conf.in'),
nginx_configuration_dict)
)
path_list.append(nginx_configuration_file)
# Generate Nginx wrapper
wrapper = self.createWrapper(
name=self.options['wrapper'],
command=self.options['nginx-executable'],
parameters=[
'-c', self.options['configuration-file'],
'-p', self.options['home-directory']
]
)
# Send connection parameters for master instance
# Send connection parameters for each slave instance
return path_list
daemon off;
worker_processes 1;
#XXX-Cedric: TODO separate the different logs
error_log %(error_log)s debug;
events {
worker_connections 1024;
use epoll;
}
http {
log_format main
'$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$gzip_ratio"';
server {
listen %(listen_local_ipv4)s:8008;
server_name localhost;
access_log %(access_log)s main;
error_log %(error_log)s info;
root %(htdocs)s;
location ~ $ {
add_header Auth-Server 2a01:e34:ec03:8650:e2cb:4eff:fed9:6f58;
add_header Auth-Port 25;
return 200;
}
}
}
mail {
server_name %(domain_name)s;
auth_http %(listen_local_ipv4)s:8008;
server {
listen %(listen_local_ipv4)s:%(smtp_port_number)s;
listen %(listen_global_ipv6)s:%(smtp_port_number)s;
protocol smtp;
timeout 60s; # XXX-Cedric: turn back to 5s
proxy on;
xclient off;
smtp_auth none;
}
}
[buildout]
# XXX-Cedric: cahnge name to reverse-proxy-nginx
extends =
../../component/dcron/buildout.cfg
../../component/gzip/buildout.cfg
../../component/logrotate/buildout.cfg
../../component/nginx/buildout.cfg
../../component/openssl/buildout.cfg
../../stack/slapos.cfg
parts =
slapos-cookbook
eggs
instance-profile
[eggs]
recipe = zc.recipe.egg
eggs =
slapos.toolbox
[instance-profile]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance.cfg.in
output = ${buildout:directory}/instance.cfg
#md5sum = 650cd2527158734fd6ccd9ec374b5e69
mode = 0644
[buildout]
extends =
../../component/git/buildout.cfg
common.cfg
parts +=
slapos.cookbook-repository
check-recipe
develop =
${:parts-directory}/slapos.cookbook-repository
[slapos.cookbook-repository]
recipe = slapos.recipe.build:gitclone
repository = http://git.erp5.org/repos/slapos.git
branch = slaprunner
git-executable = ${git:location}/bin/git
[check-recipe]
recipe = plone.recipe.command
stop-on-error = true
update-command = ${:command}
command =
grep parts ${buildout:develop-eggs-directory}/slapos.cookbook.egg-link
[buildout]
parts =
directory
reverse-proxy
ca-nginx
logrotate
logrotate-entry-nginx
cron
cron-entry-logrotate
# Define egg directories to be the one from Software Release
# (/opt/slapgrid/...)
eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true
# Fetch parameters defined in SlapOS Master for this instance
[instance-parameter]
recipe = slapos.cookbook:slapconfiguration
computer = $${slap-connection:computer-id}
partition = $${slap-connection:partition-id}
url = $${slap-connection:server-url}
key = $${slap-connection:key-file}
cert = $${slap-connection:cert-file}
# Set default parameters
slave_instance_list =
domain = un-hardcode-me
http-port = 8080
https-port = 4443
smtp-port = 2525
# Create needed directories
[directory]
recipe = slapos.cookbook:mkdirectory
home = $${buildout:directory}
bin = $${:home}/bin
etc = $${:home}/etc
srv = $${:home}/srv
service = $${:home}/service
promise = $${:home}/promise
var = $${:home}/var
backup = $${:srv}/backup
log = $${:var}/log
run = $${:var}/run
ca-dir = $${:srv}/ssl
ca-requests = $${:ca-dir}/requests
ca-private = $${:ca-dir}/private
ca-certs = $${:ca-dir}/certs
ca-newcerts = $${:ca-dir}/newcerts
ca-crl = $${:ca-dir}/crl
nginx-configuration = $${:etc}/nginx
nginx-ssl = $${:ca-dir}/nginx
nginx-log = $${:home}/logs
nginx-htdocs = $${:srv}/www
cron-entries = $${:etc}/cron.d
crontabs = $${:etc}/crontabs
cronstamps = $${:etc}/cronstamps
logrotate-entries = $${:etc}/logrotate.d
logrotate-backup = $${:backup}/logrotate
# Deploy nginx and publish connection parameters inside of the recipe
[reverse-proxy]
recipe = slapos.cookbook:reverseproxy.nginx
nginx-executable = ${nginx:location}/sbin/nginx
wrapper = $${directory:bin}/nginx
configuration-file = $${directory:nginx-configuration}/nginx.conf
ipv6 = $${instance-parameter:ipv6-random}
ipv4 = $${instance-parameter:ipv4-random}
slave-instance-list = $${instance-parameter:slave_instance_list}
http-port = $${instance-parameter:http-port}
https-port = $${instance-parameter:https-port}
smtp-port = $${instance-parameter:smtp-port}
domain = $${instance-parameter:domain}
access-log = $${directory:nginx-log}/access.log
error-log = $${directory:nginx-log}/error.log
key-file = $${directory:nginx-configuration}/nginx.key
cert-file = $${directory:nginx-configuration}/nginx.crt
pid-file = $${directory:run}/nginx
htdocs = $${directory:nginx-htdocs}
home-directory = $${directory:home}
# Create and handle certificate related stuffs, including encapsulating run of nginx executable
[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = ${openssl:location}/bin/openssl
ca-dir = $${directory:ca-dir}
requests-directory = $${directory:ca-requests}
wrapper = $${directory:service}/ca
ca-private = $${directory:ca-private}
ca-certs = $${directory:ca-certs}
ca-newcerts = $${directory:ca-newcerts}
ca-crl = $${directory:ca-crl}
[ca-nginx]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
executable = $${reverse-proxy:wrapper}
wrapper = $${directory:service}/nginx
key-file = $${reverse-proxy:key-file}
cert-file = $${reverse-proxy:cert-file}
# Deploy logrotate
[logrotate]
recipe = slapos.cookbook:logrotate
# Binaries
logrotate-binary = ${logrotate:location}/usr/sbin/logrotate
gzip-binary = ${gzip:location}/bin/gzip
gunzip-binary = ${gzip:location}/bin/gunzip
# Directories
wrapper = $${directory:bin}/logrotate
conf = $${directory:etc}/logrotate.conf
logrotate-entries = $${directory:logrotate-entries}
backup = $${directory:logrotate-backup}
state-file = $${directory:srv}/logrotate.status
[logrotate-entry-nginx]
<= logrotate
recipe = slapos.cookbook:logrotate.d
name = nginx
log = $${reverse-proxy:access-log} $${reverse-proxy:error-log}
frequency = daily
rotate-num = 30
post = ${buildout:bin-directory}/killpidfromfile $${reverse-proxy:pid-file} SIGUSR1
sharedscripts = true
notifempty = true
create = true
# Deploy cron and configure it
[cron-simplelogger]
recipe = slapos.cookbook:simplelogger
wrapper = $${directory:bin}/cron_simplelogger
log = $${directory:log}/crond.log
[cron]
recipe = slapos.cookbook:cron
dcrond-binary = ${dcron:location}/sbin/crond
cron-entries = $${directory:cron-entries}
crontabs = $${directory:crontabs}
cronstamps = $${directory:cronstamps}
catcher = $${cron-simplelogger:wrapper}
binary = $${directory:service}/crond
[cron-entry-logrotate]
<= cron
recipe = slapos.cookbook:cron.d
name = logrotate
frequency = 0 0 * * *
command = $${logrotate:wrapper}
# Check promises
# XXX-TODO
# Publish instance connection parameters
# Note: Parameters of slaves are published in the reverse-proxy recipe
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment