diff --git a/slapos/recipe/neoppod.py b/slapos/recipe/neoppod.py index 20c2c7292b460493d41ff408dac41f9a7b4194ac..bca651b40795f027fce72c47ae8b1cfa262f0c16 100644 --- a/slapos/recipe/neoppod.py +++ b/slapos/recipe/neoppod.py @@ -50,6 +50,12 @@ class NeoBaseRecipe(GenericBaseRecipe): #'-n', options['name'], '-c', options['cluster'], ] + if options['ssl']: + option_list += ( + '--ca', '~/etc/ca.crt', + '--cert', '~/etc/neo.crt', + '--key', '~/etc/neo.key', + ) option_list.extend(self._getOptionList()) return [self.createPythonScript( options['wrapper'], diff --git a/software/erp5/instance-erp5-input-schema.json b/software/erp5/instance-erp5-input-schema.json index 1bff4fb81f66f3fe9373c817ae79847861a656fb..e75918b63277c92911102c9090bae0c5108c1610 100644 --- a/software/erp5/instance-erp5-input-schema.json +++ b/software/erp5/instance-erp5-input-schema.json @@ -220,6 +220,13 @@ }, "storage-dict": { "description": "Storage configuration. For NEO, 'logfile' is automatically set (see http://git.erp5.org/gitweb/neoppod.git/blob/HEAD:/neo/client/component.xml for other settings).", + "properties": { + "ssl": { + "description": "For external NEO. Pass false if you want to disable SSL or pass custom values for ca/cert/key.", + "default": true, + "type": "boolean" + } + }, "additionalProperties": {"type": "string"}, "type": "object" } diff --git a/software/neoppod/instance-neo-admin.cfg.in b/software/neoppod/instance-neo-admin.cfg.in index 4f561a25bf27cca501b9144c3b75b588095feefc..f37cdf982a925ce22fb555fe785a11d34e4ee4af 100644 --- a/software/neoppod/instance-neo-admin.cfg.in +++ b/software/neoppod/instance-neo-admin.cfg.in @@ -10,6 +10,7 @@ wrapper = ${directory:etc_run}/neoadmin logfile = ${directory:log}/neoadmin.log ip = ${publish:ip} port = ${publish:port-admin} +ssl = {{ dumps(slapparameter_dict['ssl']) }} cluster = {{ dumps(slapparameter_dict['cluster']) }} masters = ${publish:masters} diff --git a/software/neoppod/instance-neo-input-schema.json b/software/neoppod/instance-neo-input-schema.json index 0dac81f5949d3276484393be61981de00fa7c924..1ddb3625634c034afff6ce6a8ef5a128c277724f 100644 --- a/software/neoppod/instance-neo-input-schema.json +++ b/software/neoppod/instance-neo-input-schema.json @@ -35,6 +35,11 @@ }, "type": "object" }, + "ssl": { + "description": "Enable SSL. All nodes look for 3 files in ~/etc: ca.crt, neo.crt, neo.key. Waiting that SlapOS provides a way to manage certificates, the user must deploy them manually.", + "default": true, + "type": "boolean" + }, "node-list": { "description": "List of dictionaries containing parameters for each node.", "items": { diff --git a/software/neoppod/instance-neo-master.cfg.in b/software/neoppod/instance-neo-master.cfg.in index 3cbe31a8da4eec79f5ce60a093cb99eba32d9703..4338bdffcdf2ae2375d09084670cb6948906c674 100644 --- a/software/neoppod/instance-neo-master.cfg.in +++ b/software/neoppod/instance-neo-master.cfg.in @@ -10,6 +10,7 @@ wrapper = ${directory:etc_run}/neomaster logfile = ${directory:log}/neomaster.log ip = ${publish:ip} port = ${publish:port-master} +ssl = {{ dumps(slapparameter_dict['ssl']) }} cluster = {{ dumps(slapparameter_dict['cluster']) }} partitions = {{ slapparameter_dict['partitions'] }} replicas = {{ slapparameter_dict['replicas'] }} diff --git a/software/neoppod/instance-neo-storage-mysql.cfg.in b/software/neoppod/instance-neo-storage-mysql.cfg.in index 262b3d0df30cc9d537fc67eb2270554ec95446bc..1be3ab1d163674e2e9978ade85277d11240a113b 100644 --- a/software/neoppod/instance-neo-storage-mysql.cfg.in +++ b/software/neoppod/instance-neo-storage-mysql.cfg.in @@ -65,6 +65,7 @@ admins = {{ ' '.join(sorted(admin_list)) }} recipe = slapos.cookbook:neoppod.storage binary = {{ bin_directory }}/neostorage ip = ${publish:ip} +ssl = {{ dumps(slapparameter_dict['ssl']) }} cluster = {{ dumps(slapparameter_dict['cluster']) }} masters = ${publish:masters} database-adapter = MySQL diff --git a/software/neoppod/root-common.cfg.in b/software/neoppod/root-common.cfg.in index 3116241ba1774f2690e1538c76a7ca275132330f..7a28c9bba9202b1ba023fe65db94cdfe3cd90d91 100644 --- a/software/neoppod/root-common.cfg.in +++ b/software/neoppod/root-common.cfg.in @@ -42,6 +42,7 @@ config-cluster = {{ parameter_dict['cluster'] }} {% set replicas = parameter_dict.get('replicas', 0) -%} config-partitions = {{ dumps(parameter_dict.get('partitions', 12)) }} config-replicas = {{ dumps(replicas) }} +config-ssl = {{ dumps(parameter_dict.get('ssl', 1)) }} config-upstream-cluster = {{ dumps(parameter_dict.get('upstream-cluster', '')) }} config-upstream-masters = {{ dumps(parameter_dict.get('upstream-masters', '')) }} software-type = {{ software_type }} diff --git a/software/neoppod/software-common.cfg b/software/neoppod/software-common.cfg index 2b3fbba46de2a60db80f288ee70e88960e5a0627..a41aba9c74321ebcd82d4bb2eabbb15271481a51 100644 --- a/software/neoppod/software-common.cfg +++ b/software/neoppod/software-common.cfg @@ -74,19 +74,19 @@ context = [root-common] <= download-base-neo -md5sum = 26193dbb132d340c8ba919a616449a17 +md5sum = 88c34cfa913b89b2ed4c69168965cf84 [instance-neo-admin] <= download-base-neo -md5sum = 16d11f0fe74de06aebbadcff3527db1c +md5sum = 7bbe0285e499f011dad68825a2264cad [instance-neo-master] <= download-base-neo -md5sum = 023f08763dbba2319f58e5c597f7761d +md5sum = 0cf303254855c3e1a8e3819004bee70f [instance-neo-storage-mysql] <= download-base-neo -md5sum = 14ccd057f51521f110a130f0d4aaebbd +md5sum = 0b62b63540d1bd1a2802f44aff5d1a57 [template-neo-my-cnf] <= download-base-neo diff --git a/stack/erp5/buildout.cfg b/stack/erp5/buildout.cfg index 2a976babbb904a137c7e0f4680d923ae0daac4f0..9c4e6ed85e3730bb46773afb4f8e550465416021 100644 --- a/stack/erp5/buildout.cfg +++ b/stack/erp5/buildout.cfg @@ -317,7 +317,7 @@ rendered = ${monitor-template-dummy:target} [template-erp5] <= download-base filename = instance-erp5.cfg.in -md5sum = 60cdf98d996f220d66daa11452c3f4bf +md5sum = e8348f675195f25cf4212b72cb8a907b [template-zeo] <= download-base @@ -327,7 +327,7 @@ md5sum = 9670cf63099e2c520017a23defff51a4 [template-zope] <= download-base filename = instance-zope.cfg.in -md5sum = 44c4aa068cffe2c1d8320d59e6d1c499 +md5sum = bf997f8bd9cacea96a514589bd7578a9 link-binary = ${aspell:location}/bin/aspell ${dmtx-utils:location}/bin/dmtxwrite diff --git a/stack/erp5/instance-erp5.cfg.in b/stack/erp5/instance-erp5.cfg.in index 34b859359809415a1a70ff3539e649ec652d57d5..58209878b3c57c638b2c4c0d4497528f39fae585 100644 --- a/stack/erp5/instance-erp5.cfg.in +++ b/stack/erp5/instance-erp5.cfg.in @@ -62,8 +62,11 @@ connection-url = smtp://127.0.0.2:0/ {% if server_type == 'neo' -%} {% set ((name, server_dict),) = server_dict.items() -%} {% do neo.append(server_dict.get('cluster')) -%} -{% do server_dict.__setitem__('cluster', '${publish-early:neo-cluster}') -%} +{% do server_dict.update(cluster='${publish-early:neo-cluster}') -%} {{ root_common.request_neo(server_dict, 'zodb-neo', 'neo-') }} +{% if not server_dict.get('ssl', 1) -%} +{% do zodb_dict[name].setdefault('storage-dict', {}).update(ssl=0) -%} +{% endif -%} {% else -%} {{ assert(server_type == 'zeo', server_type) -}} {# BBB: for compatibility, keep 'zodb' as partition_reference for ZEO -#} diff --git a/stack/erp5/instance-zope.cfg.in b/stack/erp5/instance-zope.cfg.in index f1d83dc0337d2d231072d26543848358a8f5a3d3..c7e9485f3f87d361378338221849acf5df952a4a 100644 --- a/stack/erp5/instance-zope.cfg.in +++ b/stack/erp5/instance-zope.cfg.in @@ -192,9 +192,23 @@ bt5-repository = [zope-conf-parameter-base] ip = {{ ipv4 }} site-id = {{ site_id }} -{% set storage_dict = {'neo': {}, 'zeo': slapparameter_dict.get('zodb-zeo', {})} -%} +{% set zeo_dict = slapparameter_dict.get('zodb-zeo', {}) -%} {% for name, zodb in zodb_dict.iteritems() -%} -{% do zodb.setdefault('storage-dict', {}).update(storage_dict[zodb['type']].get(name, {})) -%} +{% set storage_dict = zodb.setdefault('storage-dict', {}) -%} +{% if zodb['type'] == 'zeo' -%} +{% do storage_dict.update(zeo_dict.get(name, ())) -%} +{% else -%} +{% if name == slapparameter_dict.get('neo-name') -%} +{% do storage_dict.update(master_nodes=slapparameter_dict['neo-masters'], + name=slapparameter_dict['neo-cluster']) -%} +{% endif -%} +{{ assert(storage_dict['master_nodes'], name) }} +{% if storage_dict.pop('ssl', 1) -%} +{% do storage_dict.update(ca='~/etc/ca.crt', + cert='~/etc/neo.crt', + key='~/etc/neo.key') -%} +{% endif -%} +{% endif -%} {% endfor -%} developer-list = {{ dumps(slapparameter_dict['developer-list']) }} instance = ${directory:instance} @@ -250,14 +264,9 @@ node-id = {{ dumps(node_id_base ~ '-' ~ index) }} {% for db_name, zodb in zodb_dict.iteritems() -%} {% if zodb['type'] == 'neo' -%} {% do import_set.add('neo.client') -%} -{% set log = buildout_directory ~ '/var/log/' ~ name ~ '-neo-' ~ db_name ~ '.log' -%} +{% set log = '~/var/log/' ~ name ~ '-neo-' ~ db_name ~ '.log' -%} {% do log_list.append(log) -%} -{% do zodb['storage-dict'].__setitem__('logfile', log) -%} -{% if db_name == slapparameter_dict.get('neo-name') -%} -{% do zodb['storage-dict'].__setitem__('name', slapparameter_dict['neo-cluster']) -%} -{% do zodb['storage-dict'].__setitem__('master_nodes', slapparameter_dict['neo-masters']) -%} -{% endif -%} -{{ assert(zodb['storage-dict']['master_nodes'], db_name) }} +{% do zodb['storage-dict'].update(logfile=log) -%} {% endif -%} {% endfor -%} import-list = {{ dumps(list(import_set)) }}