Commit 6da7601a authored by Julien Muchembled's avatar Julien Muchembled

NEO: enable SSL by default

parent 3fb90dcc
......@@ -50,6 +50,12 @@ class NeoBaseRecipe(GenericBaseRecipe):
#'-n', options['name'],
'-c', options['cluster'],
]
if options['ssl']:
option_list += (
'--ca', '~/etc/ca.crt',
'--cert', '~/etc/neo.crt',
'--key', '~/etc/neo.key',
)
option_list.extend(self._getOptionList())
return [self.createPythonScript(
options['wrapper'],
......
......@@ -220,6 +220,13 @@
},
"storage-dict": {
"description": "Storage configuration. For NEO, 'logfile' is automatically set (see http://git.erp5.org/gitweb/neoppod.git/blob/HEAD:/neo/client/component.xml for other settings).",
"properties": {
"ssl": {
"description": "For external NEO. Pass false if you want to disable SSL or pass custom values for ca/cert/key.",
"default": true,
"type": "boolean"
}
},
"additionalProperties": {"type": "string"},
"type": "object"
}
......
......@@ -10,6 +10,7 @@ wrapper = ${directory:etc_run}/neoadmin
logfile = ${directory:log}/neoadmin.log
ip = ${publish:ip}
port = ${publish:port-admin}
ssl = {{ dumps(slapparameter_dict['ssl']) }}
cluster = {{ dumps(slapparameter_dict['cluster']) }}
masters = ${publish:masters}
......
......@@ -35,6 +35,11 @@
},
"type": "object"
},
"ssl": {
"description": "Enable SSL. All nodes look for 3 files in ~/etc: ca.crt, neo.crt, neo.key. Waiting that SlapOS provides a way to manage certificates, the user must deploy them manually.",
"default": true,
"type": "boolean"
},
"node-list": {
"description": "List of dictionaries containing parameters for each node.",
"items": {
......
......@@ -10,6 +10,7 @@ wrapper = ${directory:etc_run}/neomaster
logfile = ${directory:log}/neomaster.log
ip = ${publish:ip}
port = ${publish:port-master}
ssl = {{ dumps(slapparameter_dict['ssl']) }}
cluster = {{ dumps(slapparameter_dict['cluster']) }}
partitions = {{ slapparameter_dict['partitions'] }}
replicas = {{ slapparameter_dict['replicas'] }}
......
......@@ -65,6 +65,7 @@ admins = {{ ' '.join(sorted(admin_list)) }}
recipe = slapos.cookbook:neoppod.storage
binary = {{ bin_directory }}/neostorage
ip = ${publish:ip}
ssl = {{ dumps(slapparameter_dict['ssl']) }}
cluster = {{ dumps(slapparameter_dict['cluster']) }}
masters = ${publish:masters}
database-adapter = MySQL
......
......@@ -42,6 +42,7 @@ config-cluster = {{ parameter_dict['cluster'] }}
{% set replicas = parameter_dict.get('replicas', 0) -%}
config-partitions = {{ dumps(parameter_dict.get('partitions', 12)) }}
config-replicas = {{ dumps(replicas) }}
config-ssl = {{ dumps(parameter_dict.get('ssl', 1)) }}
config-upstream-cluster = {{ dumps(parameter_dict.get('upstream-cluster', '')) }}
config-upstream-masters = {{ dumps(parameter_dict.get('upstream-masters', '')) }}
software-type = {{ software_type }}
......
......@@ -74,19 +74,19 @@ context =
[root-common]
<= download-base-neo
md5sum = 26193dbb132d340c8ba919a616449a17
md5sum = 88c34cfa913b89b2ed4c69168965cf84
[instance-neo-admin]
<= download-base-neo
md5sum = 16d11f0fe74de06aebbadcff3527db1c
md5sum = 7bbe0285e499f011dad68825a2264cad
[instance-neo-master]
<= download-base-neo
md5sum = 023f08763dbba2319f58e5c597f7761d
md5sum = 0cf303254855c3e1a8e3819004bee70f
[instance-neo-storage-mysql]
<= download-base-neo
md5sum = 14ccd057f51521f110a130f0d4aaebbd
md5sum = 0b62b63540d1bd1a2802f44aff5d1a57
[template-neo-my-cnf]
<= download-base-neo
......
......@@ -317,7 +317,7 @@ rendered = ${monitor-template-dummy:target}
[template-erp5]
<= download-base
filename = instance-erp5.cfg.in
md5sum = 60cdf98d996f220d66daa11452c3f4bf
md5sum = e8348f675195f25cf4212b72cb8a907b
[template-zeo]
<= download-base
......@@ -327,7 +327,7 @@ md5sum = 9670cf63099e2c520017a23defff51a4
[template-zope]
<= download-base
filename = instance-zope.cfg.in
md5sum = 44c4aa068cffe2c1d8320d59e6d1c499
md5sum = bf997f8bd9cacea96a514589bd7578a9
link-binary =
${aspell:location}/bin/aspell
${dmtx-utils:location}/bin/dmtxwrite
......
......@@ -62,8 +62,11 @@ connection-url = smtp://127.0.0.2:0/
{% if server_type == 'neo' -%}
{% set ((name, server_dict),) = server_dict.items() -%}
{% do neo.append(server_dict.get('cluster')) -%}
{% do server_dict.__setitem__('cluster', '${publish-early:neo-cluster}') -%}
{% do server_dict.update(cluster='${publish-early:neo-cluster}') -%}
{{ root_common.request_neo(server_dict, 'zodb-neo', 'neo-') }}
{% if not server_dict.get('ssl', 1) -%}
{% do zodb_dict[name].setdefault('storage-dict', {}).update(ssl=0) -%}
{% endif -%}
{% else -%}
{{ assert(server_type == 'zeo', server_type) -}}
{# BBB: for compatibility, keep 'zodb' as partition_reference for ZEO -#}
......
......@@ -192,9 +192,23 @@ bt5-repository =
[zope-conf-parameter-base]
ip = {{ ipv4 }}
site-id = {{ site_id }}
{% set storage_dict = {'neo': {}, 'zeo': slapparameter_dict.get('zodb-zeo', {})} -%}
{% set zeo_dict = slapparameter_dict.get('zodb-zeo', {}) -%}
{% for name, zodb in zodb_dict.iteritems() -%}
{% do zodb.setdefault('storage-dict', {}).update(storage_dict[zodb['type']].get(name, {})) -%}
{% set storage_dict = zodb.setdefault('storage-dict', {}) -%}
{% if zodb['type'] == 'zeo' -%}
{% do storage_dict.update(zeo_dict.get(name, ())) -%}
{% else -%}
{% if name == slapparameter_dict.get('neo-name') -%}
{% do storage_dict.update(master_nodes=slapparameter_dict['neo-masters'],
name=slapparameter_dict['neo-cluster']) -%}
{% endif -%}
{{ assert(storage_dict['master_nodes'], name) }}
{% if storage_dict.pop('ssl', 1) -%}
{% do storage_dict.update(ca='~/etc/ca.crt',
cert='~/etc/neo.crt',
key='~/etc/neo.key') -%}
{% endif -%}
{% endif -%}
{% endfor -%}
developer-list = {{ dumps(slapparameter_dict['developer-list']) }}
instance = ${directory:instance}
......@@ -250,14 +264,9 @@ node-id = {{ dumps(node_id_base ~ '-' ~ index) }}
{% for db_name, zodb in zodb_dict.iteritems() -%}
{% if zodb['type'] == 'neo' -%}
{% do import_set.add('neo.client') -%}
{% set log = buildout_directory ~ '/var/log/' ~ name ~ '-neo-' ~ db_name ~ '.log' -%}
{% set log = '~/var/log/' ~ name ~ '-neo-' ~ db_name ~ '.log' -%}
{% do log_list.append(log) -%}
{% do zodb['storage-dict'].__setitem__('logfile', log) -%}
{% if db_name == slapparameter_dict.get('neo-name') -%}
{% do zodb['storage-dict'].__setitem__('name', slapparameter_dict['neo-cluster']) -%}
{% do zodb['storage-dict'].__setitem__('master_nodes', slapparameter_dict['neo-masters']) -%}
{% endif -%}
{{ assert(zodb['storage-dict']['master_nodes'], db_name) }}
{% do zodb['storage-dict'].update(logfile=log) -%}
{% endif -%}
{% endfor -%}
import-list = {{ dumps(list(import_set)) }}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment