Commit 89c8a591 authored by Cédric Le Ninivin's avatar Cédric Le Ninivin

apache-frontend: root: deploy basic apche configuration

parent 879ef4ac
...@@ -10,6 +10,7 @@ context = ...@@ -10,6 +10,7 @@ context =
key develop_eggs_directory buildout:develop-eggs-directory key develop_eggs_directory buildout:develop-eggs-directory
key slap_software_type slap-parameter:slap_software_type key slap_software_type slap-parameter:slap_software_type
key slave_instance_list slap-parameter:slave_instance_list key slave_instance_list slap-parameter:slave_instance_list
section slapparameter_dict slap-parameter
${:extra-context} ${:extra-context}
################################ ################################
...@@ -158,10 +159,143 @@ extensions = jinja2.ext.do ...@@ -158,10 +159,143 @@ extensions = jinja2.ext.do
extra-context = extra-context =
section slave_information slave-information section slave_information slave-information
###########################
# Deploy slave configuration
#
[directory]
recipe = slapos.cookbook:mkdirectory
bin = ${buildout:directory}/bin/
etc = ${buildout:directory}/etc/
srv = ${buildout:directory}/srv/
var = ${buildout:directory}/var/
service = ${:etc}/service
log = ${:var}/log
ca-dir = ${:srv}/ssl
run = ${:var}/run
[frontend-configuration]
#template-log-access = ${template-log-access:target}
apache-directory = {{ build_path.get('apache-location') }}
apache-ipv6 = ${slap-network-information:global-ipv6}
apache-https-port = ${slap-parameter:port}
[dynamic-template-default-vh]
< = jinja2-template-base
template = {{ build_path.get('template-default-virtualhost') }}
rendered = ${apache-directory:slave-configuration}/000.conf
extensions = jinja2.ext.do
extra-context =
key http_port slap-parameter:plain_http_port
key https_port slap-parameter:port
[dynamic-apache-frontend-template]
< = jinja2-template-base
template = {{ build_path.get('template-apache-frontend-configuration') }}
rendered = ${apache-configuration:frontend-configuration}
extra-context =
raw httpd_home {{ build_path.get('apache-location') }}
key httpd_mod_ssl_cache_directory apache-directory:mod-ssl
key domain slap-parameter:domain
key document_root apache-directory:document-root
key instance_home buildout:directory
key ipv4_addr slap-network-information:local-ipv4
key ipv6_addr slap-network-information:global-ipv6
key http_port slap-parameter:plain_http_port
key https_port slap-parameter:port
raw server_admin Admin
key protected_path apache-configuration:protected-path
key access_control_string apache-configuration:access-control-string
key login_certificate ca-frontend:cert-file
key login_key ca-frontend:key-file
key ca_dir certificate-authority:ca-dir
key ca_crl certificate-authority:ca-crl
key access_log apache-configuration:access-log
key error_log apache-configuration:error-log
key pid_file apache-configuration:pid-file
key slave_configuration_directory apache-directory:slave-configuration
section frontend_configuration frontend-configuration
[apache-directory]
recipe = slapos.cookbook:mkdirectory
document-root = ${directory:srv}/htdocs
slave-configuration = ${directory:etc}/apache-slave-conf.d/
cache = ${directory:var}/cache
mod-ssl = ${:cache}/httpd_mod_ssl
vh-ssl = ${:slave-configuration}/ssl
slave-log = ${directory:log}/httpd
[apache-configuration]
frontend-configuration = ${directory:etc}/apache_frontend.conf
cached-configuration = ${directory:etc}/apache_frontend_cached.conf
access-log = ${directory:log}/frontend-apache-access.log
error-log = ${directory:log}/frontend-apache-error.log
pid-file = ${directory:run}/httpd.pid
protected-path = /
access-control-string = none
cached-rewrite-file = ${directory:etc}/apache_rewrite_cached.txt
frontend-configuration-verification = {{ build_path.get('apache-location') }}/bin/httpd -Sf ${:frontend-configuration}
frontend-graceful-command = ${:frontend-configuration-verification}; if [ $? -eq 0 ]; then kill -USR1 $(cat ${:pid-file}); fi
cached-configuration-verification = {{ build_path.get('apache-location') }}/bin/httpd -Sf ${:cached-configuration}
cached-graceful-command = ${:cached-configuration-verification}; if [ $? -eq 0 ]; then kill -USR1 $(cat ${apache-configuration:cache-pid-file}); fi
# Apache for cache configuration
cache-access-log = ${directory:log}/frontend-apache-access-cached.log
cache-error-log = ${directory:log}/frontend-apache-error-cached.log
cache-pid-file = ${directory:run}/httpd-cached.pid
[configtest]
recipe = slapos.cookbook:wrapper
command-line = {{ build_path.get('apache-location') }}/bin/httpd -f ${directory:etc}/apache_frontend.conf -t
wrapper-path = ${directory:bin}/apache-configtest
[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = {{ build_path.get('openssl-location') }}/bin/openssl
ca-dir = ${directory:ca-dir}
requests-directory = ${cadirectory:requests}
wrapper = ${directory:service}/certificate_authority
ca-private = ${cadirectory:private}
ca-certs = ${cadirectory:certs}
ca-newcerts = ${cadirectory:newcerts}
ca-crl = ${cadirectory:crl}
[cadirectory]
recipe = slapos.cookbook:mkdirectory
requests = ${directory:ca-dir}/requests/
private = ${directory:ca-dir}/private/
certs = ${directory:ca-dir}/certs/
newcerts = ${directory:ca-dir}/newcerts/
crl = ${directory:ca-dir}/crl/
[ca-frontend]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = ${cadirectory:certs}/apache_frontend.key
cert-file = ${cadirectory:certs}/apache_frontend.crt
executable = ${directory:service}/frontend_apache
wrapper = ${directory:service}/frontend_apache
key-content = ${slap-parameter:apache-key}
cert-content = ${slap-parameter:apache-certificate}
# Put domain name
name = ${slap-parameter:domain}
#####################
# Buidout elements
#
[buildout] [buildout]
parts = parts =
publish-slave-information publish-slave-information
publish-information publish-information
dynamic-apache-frontend-template
configtest
dynamic-template-default-vh
{% for part in part_list -%} {% for part in part_list -%}
{{ ' %s' % part }} {{ ' %s' % part }}
{% endfor -%} {% endfor -%}
...@@ -171,7 +305,6 @@ eggs-directory = {{ eggs_directory }} ...@@ -171,7 +305,6 @@ eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }} develop-eggs-directory = {{ develop_eggs_directory }}
offline = true offline = true
[slap_connection] [slap_connection]
# Kept for backward compatiblity # Kept for backward compatiblity
computer_id = ${slap-connection:computer-id} computer_id = ${slap-connection:computer-id}
...@@ -185,4 +318,10 @@ cert_file = ${slap-connection:cert-file} ...@@ -185,4 +318,10 @@ cert_file = ${slap-connection:cert-file}
slave_instance_list = slave_instance_list =
-frontend-quantity = 1 -frontend-quantity = 1
-frontend-type = single-default -frontend-type = single-default
plain_http_port = 8080
port = 4443
domain = example.com
apache-key =
apache-certificate =
{%- endif %} {%- endif %}
...@@ -26,6 +26,7 @@ context = ...@@ -26,6 +26,7 @@ context =
key slap_software_type slap-parameters:slap-software-type key slap_software_type slap-parameters:slap-software-type
key slapparameter_dict slap-parameters:configuration key slapparameter_dict slap-parameters:configuration
key slave_instance_list slap-parameters:slave-instance-list key slave_instance_list slap-parameters:slave-instance-list
section build_path buildout-path-information
$${:extra-context} $${:extra-context}
[switch-softwaretype] [switch-softwaretype]
...@@ -45,7 +46,6 @@ filename = instance-apache-replicate.cfg ...@@ -45,7 +46,6 @@ filename = instance-apache-replicate.cfg
extensions = jinja2.ext.do extensions = jinja2.ext.do
extra-context = extra-context =
import builtin __builtin__ import builtin __builtin__
import configparser_module ConfigParser
key root_directory buildout:directory key root_directory buildout:directory
section slave_list_parameter slave-list-parameter section slave_list_parameter slave-list-parameter
raw template_publish_slave_information ${template-replicate-publish-slave-information:target} raw template_publish_slave_information ${template-replicate-publish-slave-information:target}
...@@ -57,4 +57,11 @@ configuration-path = $${buildout:directory}/slave_configuration.json ...@@ -57,4 +57,11 @@ configuration-path = $${buildout:directory}/slave_configuration.json
deploy = DEPLOY deploy = DEPLOY
test = TEST test = TEST
ignore = IGNORE ignore = IGNORE
stop = STOP stop = STOP
\ No newline at end of file
[buildout-path-information]
openssl-location = ${openssl:location}
apache-location = ${apache-2.2:location}
monitor-template = ${monitor-template:output}
template-default-virtualhost = ${template-default-virtualhost:target}
template-apache-frontend-configuration = ${template-apache-frontend-configuration:target}
\ No newline at end of file
...@@ -128,7 +128,9 @@ SSLProtocol ALL -SSLv2 ...@@ -128,7 +128,9 @@ SSLProtocol ALL -SSLv2
SSLProxyCheckPeerCN off SSLProxyCheckPeerCN off
SSLProxyCheckPeerExpire off SSLProxyCheckPeerExpire off
{% if 'log-access-configuration' in frontend_configuration %}
include {{frontend_configuration.get('log-access-configuration')}} include {{frontend_configuration.get('log-access-configuration')}}
{% endif %}
NameVirtualHost *:{{ http_port }} NameVirtualHost *:{{ http_port }}
NameVirtualHost *:{{ https_port }} NameVirtualHost *:{{ https_port }}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment