diff --git a/slapos/recipe/slaprunner/__init__.py b/slapos/recipe/slaprunner/__init__.py index 0b31a9a0fe0ba367ff9175599d60b633f3c5710e..e65993b1f6191b55191eb01cb2ab192427333a4b 100644 --- a/slapos/recipe/slaprunner/__init__.py +++ b/slapos/recipe/slaprunner/__init__.py @@ -40,8 +40,8 @@ class Recipe(GenericBaseRecipe): self.partition_amount = options['partition-amount'].strip() self.cloud9_url = options.get('cloud9-url', '').strip() self.log_file = os.path.join(options['log_dir'].strip(), 'slaprunner.log') - # Set slaprunner access URL - options['access-url'] = 'http://[%s]:%s' % (self.ipv6, self.runner_port) + # Set slaprunner access URL, CLN Beware ipv6 access is made throught nginx + options['access-url'] = 'https://[%s]:%s' % (self.ipv6, self.runner_port) def install(self): path_list = [] @@ -62,7 +62,7 @@ class Recipe(GenericBaseRecipe): etc_dir=self.options['etc_dir'], run_dir=self.options['run_dir'], log_dir=self.options['log_dir'], - runner_host=self.ipv6, + runner_host=self.ipv4, runner_port=self.runner_port, ipv4_address=self.ipv4, ipv6_address=self.ipv6, @@ -132,7 +132,7 @@ class Test(GenericBaseRecipe): etc_dir=self.options['etc_dir'], run_dir=self.options['etc_dir'], log_dir=self.workdir, - runner_host=self.ipv6, + runner_host=self.ipv4, runner_port=self.runner_port, ipv4_address=self.ipv4, ipv6_address=self.ipv6, diff --git a/software/slaprunner/development.cfg b/software/slaprunner/development.cfg index 60d886c8fe8717871ef07882939b02103a0279ee..c7d5ed52158459ff0b8c95d3e8a91f1f63392fb9 100644 --- a/software/slaprunner/development.cfg +++ b/software/slaprunner/development.cfg @@ -10,24 +10,22 @@ extends = common.cfg parts += slapos.cookbook-repository - - -# slapos.toolbox-repository + slapos.toolbox-repository # slapos.core-repository # check-recipe develop = - ${:parts-directory}/slapos.cookbook-repository -# ${:parts-directory}/slapos.toolbox-repository + ${:parts-directory}/slapos.toolbox-repository + ${:parts-directory}/slapos.cookbook-repository # ${:parts-directory}/slapos.core-repository -#[slapos.toolbox-repository] -#recipe = slapos.recipe.build:gitclone -#repository = http://git.erp5.org/repos/slapos.toolbox.git -#branch = slaprunner-resiliency -#git-executable = ${git:location}/bin/git +[slapos.toolbox-repository] +recipe = slapos.recipe.build:gitclone +repository = http://git.erp5.org/repos/slapos.toolbox.git +branch = slaprunner-resiliency +git-executable = ${git:location}/bin/git [slapos.cookbook-repository] recipe = slapos.recipe.build:gitclone diff --git a/software/slaprunner/instance-runner.cfg b/software/slaprunner/instance-runner.cfg index f7a8fabebb7f880a6f8b4769b261185d50baed18..8bb3df38b1dd30dc4382a51ae8097a591c5601df 100644 --- a/software/slaprunner/instance-runner.cfg +++ b/software/slaprunner/instance-runner.cfg @@ -99,7 +99,7 @@ private_key = $${sshkeys-dropbear-runner:private-key} ipv4 = $${slap-network-information:local-ipv4} ipv6 = $${slap-network-information:global-ipv6} proxy_port = 50000 -runner_port = 50000 +runner_port = 50005 partition-amount = $${slap-parameter:instance-amount} cloud9-url = $${cloud9:access-url} wrapper = $${directory:services}/slaprunner @@ -177,7 +177,7 @@ context = key port node-frontend:port key key ca-node-frontend:key-file key certificate ca-node-frontend:cert-file - key backend_ip nginx-frontend:ip + key backend_ip nginx-frontend:local-ip key backend_port nginx-frontend:port raw shell_path ${bash:location}/bin/bash raw node_env ${buildout:parts-directory}:${npm-modules:location}/node_modules @@ -200,11 +200,15 @@ scgi_temp_path = $${directory:tmp}/scgi_temp_path # Options nb_workers = 2 # Network -ip = $${slap-network-information:local-ipv4} +local-ip = $${slap-network-information:local-ipv4} port = 30001 +global-ip = $${slap-network-information:global-ipv6} +global-port = $${slaprunner:runner_port} # Backend -backend-ip = $${cloud9:ip} -backend-port = $${cloud9:port} +cloud9-ip = $${cloud9:ip} +cloud9-port = $${cloud9:port} +runner-ip = $${slaprunner:ipv4} +runner-port = $${slaprunner:runner_port} # SSL ssl-certificate = $${ca-nginx:cert-file} ssl-key = $${ca-nginx:key-file} @@ -297,7 +301,7 @@ software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/a slave = true config = url config-url = $${slaprunner:access-url} -return = site_url +return = site_url domain [request-cloud9-frontend] <= slap-connection @@ -318,7 +322,7 @@ return = site_url domain recipe = slapos.cookbook:publish 1_info = Set your passord in slaprunner in order to access cloud9 backend_url = $${slaprunner:access-url} -url = $${request-frontend:connection-site_url} +url = https://$${request-frontend:connection-domain} cloud9_backend_url = $${node-frontend:access-url} cloud9_url = https://$${request-cloud9-frontend:connection-domain} ssh_command = ssh $${dropbear-runner-server:host} -p $${dropbear-runner-server:port} @@ -337,7 +341,7 @@ port = $${slaprunner:runner_port} [slaprunner-frontend-promise] recipe = slapos.cookbook:check_url_available path = $${directory:promises}/slaprunner_frontend -url = $${request-frontend:connection-site_url} +url = https://$${request-frontend:connection-domain} dash_path = ${dash:location}/bin/dash curl_path = ${curl:location}/bin/curl @@ -357,7 +361,7 @@ port = $${node-frontend:port} [nginx-promise] recipe = slapos.cookbook:check_port_listening path = $${directory:promises}/nginx -hostname = $${nginx-frontend:ip} +hostname = $${nginx-frontend:local-ip} port = $${nginx-frontend:port} [dropbear-promise] diff --git a/software/slaprunner/nginx_conf.in b/software/slaprunner/nginx_conf.in index 6b224b417b72febcbfc62dd97600faf479fc3ce4..c5b2ed295395ce6cf433852f35392dd4141b8c3e 100644 --- a/software/slaprunner/nginx_conf.in +++ b/software/slaprunner/nginx_conf.in @@ -18,7 +18,7 @@ http { '' close; } server { - listen {{ param_nginx_frontend['ip'] }}:{{ param_nginx_frontend['port'] }}; + listen {{ param_nginx_frontend['local-ip'] }}:{{ param_nginx_frontend['port'] }}; server_name _; keepalive_timeout 90s; @@ -30,7 +30,7 @@ http { location / { auth_basic "Restricted"; auth_basic_user_file {{ param_nginx_frontend['etc_dir'] }}/.htpasswd; - proxy_pass http://{{ param_nginx_frontend['backend-ip'] }}:{{ param_nginx_frontend['backend-port'] }}; + proxy_pass http://{{ param_nginx_frontend['cloud9-ip'] }}:{{ param_nginx_frontend['cloud9-port'] }}; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_redirect off; proxy_buffering off; @@ -42,4 +42,29 @@ http { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } + server { + listen [{{ param_nginx_frontend['global-ip'] }}]:{{ param_nginx_frontend['global-port'] }} ssl; + server_name _; + ssl_certificate {{ param_nginx_frontend['ssl-certificate'] }}; + ssl_certificate_key {{ param_nginx_frontend['ssl-key'] }}; + ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!aNULL:!MD5; + keepalive_timeout 90s; + client_body_temp_path {{ param_tempdir['client_body_temp_path'] }}; + proxy_temp_path {{ param_tempdir['proxy_temp_path'] }}; + fastcgi_temp_path {{ param_tempdir['fastcgi_temp_path'] }}; + uwsgi_temp_path {{ param_tempdir['uwsgi_temp_path'] }}; + scgi_temp_path {{ param_tempdir['scgi_temp_path'] }}; + location / { + proxy_pass http://{{ param_nginx_frontend['runner-ip'] }}:{{ param_nginx_frontend['runner-port'] }}; + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; + proxy_redirect off; + proxy_buffering off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $http_host; + } + } }