def install_load_balancer(apiserver, tls): ''' Create the default vhost template for load balancing ''' # Get the tls paths from the layer data. layer_options = layer.options('tls-client') server_cert_path = layer_options.get('server_certificate_path') cert_exists = server_cert_path and os.path.isfile(server_cert_path) server_key_path = layer_options.get('server_key_path') key_exists = server_key_path and os.path.isfile(server_key_path) # Do both the the key and certificate exist? if cert_exists and key_exists: # At this point the cert and key exist, and they are owned by root. chown = ['chown', 'www-data:www-data', server_cert_path] # Change the owner to www-data so the nginx process can read the cert. subprocess.call(chown) chown = ['chown', 'www-data:www-data', server_key_path] # Change the owner to www-data so the nginx process can read the key. subprocess.call(chown) hookenv.open_port(hookenv.config('port')) services = apiserver.services() nginx.configure_site( 'apilb', 'apilb.conf', server_name='_', services=services, port=hookenv.config('port'), server_certificate=server_cert_path, server_key=server_key_path, ) hookenv.status_set('active', 'Loadbalancer ready.')
def configure_website(): config = hookenv.config() configure_site('uosci_dashboard', 'uosci.conf', app_path='/var/www/html') subprocess.check_call(['uosci-dashboard', '--path', '/var/www/html']) hookenv.open_port('80') hookenv.status_set('active', 'UOSCI Dashboard is now available') set_state('dashboard.init')
def install_load_balancer(): ''' Create the default vhost template for load balancing ''' apiserver = endpoint_from_flag('apiserver.available') # Do both the key and certificate exist? if server_crt_path.exists() and server_key_path.exists(): # At this point the cert and key exist, and they are owned by root. chown = ['chown', 'www-data:www-data', str(server_crt_path)] # Change the owner to www-data so the nginx process can read the cert. subprocess.call(chown) chown = ['chown', 'www-data:www-data', str(server_key_path)] # Change the owner to www-data so the nginx process can read the key. subprocess.call(chown) port = hookenv.config('port') hookenv.open_port(port) services = apiserver.services() nginx.configure_site( 'apilb', 'apilb.conf', server_name='_', services=services, port=port, server_certificate=str(server_crt_path), server_key=str(server_key_path), proxy_read_timeout=hookenv.config('proxy_read_timeout')) maybe_write_apilb_logrotate_config() hookenv.status_set('active', 'Loadbalancer ready.')
def install_app(): """ Performs application installation """ hookenv.log('Installing Dokuwiki', 'info') # Configure NGINX vhost nginx.configure_site('default', 'vhost.conf', listen_address=php.socket()) # Update application dokuwiki.download_archive() # Needs to set dokuwiki directory permissions for installation app_path = nginx.get_app_path() render(source='local.php', target=path.join(app_path, 'conf/local.php'), context=config, perms=0o644) render(source='acl.auth.php', target=path.join(app_path, 'conf/acl.auth.php'), context=config, perms=0o644) render(source='plugins.local.php', target=path.join(app_path, 'conf/plugins.local.php'), context=config, perms=0o644) # Clean up install.php as we don't need it call("rm -f {}/conf/install.php", shell=True) php.restart() service_restart('nginx') hookenv.status_set('active', 'Dokuwiki is installed!')
def install_presentation(): """ Install presentation """ opts = options('git-deploy') hookenv.status_set('maintenance', 'Installing and building the presentation.') # Build and install with chdir(os.path.join(opts.get('target'), 'current')): with open('requirements.txt', 'r') as f: for i in list(map(lambda b: b.strip('\n'), f.readlines())): pip_install(i) sphinx_build_cmd = 'sphinx-build -b html source %s' % opts.get('target') subprocess.call(sphinx_build_cmd.split(), shell=False) present_chown_cmd = 'chown -R www-data:www-data %s' % opts.get('target') subprocess.call(present_chown_cmd.split(), shell=False) # Configure nginx vhost configure_site('present', 'present.vhost', app_path=opts.get('target')) # Open presentation front-end port hookenv.open_port(config['port']) # Set status hookenv.status_set('active', 'Presentation is active on port %s' % config['port']) # Set flag set_flag('presentation.available')
def start_nginx(): hookenv.log("Configuring site for nginx") configure_site('default', 'gunicornhost.conf', flask_port=config['flask-port']) set_state('flask.nginx.installed') status_set('active', 'Ready')
def install_load_balancer(apiserver, tls): ''' Create the default vhost template for load balancing ''' # Get the tls paths from the layer data. layer_options = layer.options('tls-client') server_cert_path = layer_options.get('server_certificate_path') cert_exists = server_cert_path and os.path.isfile(server_cert_path) server_key_path = layer_options.get('server_key_path') key_exists = server_key_path and os.path.isfile(server_key_path) # Do both the key and certificate exist? if cert_exists and key_exists: # At this point the cert and key exist, and they are owned by root. chown = ['chown', 'www-data:www-data', server_cert_path] # Change the owner to www-data so the nginx process can read the cert. subprocess.call(chown) chown = ['chown', 'www-data:www-data', server_key_path] # Change the owner to www-data so the nginx process can read the key. subprocess.call(chown) port = hookenv.config('port') hookenv.open_port(port) services = apiserver.services() nginx.configure_site( 'apilb', 'apilb.conf', server_name='_', services=services, port=port, server_certificate=server_cert_path, server_key=server_key_path, proxy_read_timeout=hookenv.config('proxy_read_timeout')) maybe_write_apilb_logrotate_config() hookenv.status_set('active', 'Loadbalancer ready.')
def render_elasticsearch_lb_proxy(): """Write out elasticsearch lb proxy """ status_set('maintenance', 'Configuring elasticsearch loadbalancing proxy') configure_site('es_lb_proxy', 'es_lb_proxy.conf.tmpl') status_set('active', 'Elasticsearch loadbalancer/proxy configured') # Set state set_state('elasticsearch.lb.proxy.available')
def configure_nginx(): print("Configuring NGINX reverse proxy and https endpoint.") fqdn = config().get('fqdn') live = lets_encrypt.live() configure_site('mattermost', 'mattermost.nginx.tmpl', key_path=live['privkey'], crt_path=live['fullchain'], fqdn=fqdn) set_state('mattermost.nginx.configured')
def render_memcache_lb_proxy(): """Write out memcache lb proxy """ status_set('maintenance', 'Configuring Memcache loadbalancing proxy') configure_site('memcache_lb_proxy', 'memcache_lb_proxy.conf.tmpl') status_set('active', 'Memcache loadbalancer/proxy configured') set_state('memcache.lb.proxy.available') set_state('memcache.client.available')
def render_nginx_conf(): # Configure nginx vhost configure_site('fiche', 'fiche.nginx.tmpl', port=config('port'), app_path=options('git-deploy').get('target')) # Open fiche front-end port open_port(config('port')) # Set state set_state('fiche.web.configured')
def _configure_static_serve(auth_backends=None): """Configure the static file serve.""" cfg = hookenv.config() vhost_config = setup.get_virtualhost_config(auth_backends, cfg['resource-name'], cfg['auth-cache-enabled'], cfg['auth-cache-duration'], cfg['auth-cache-inactivity']) configure_site('archive-auth-mirror', 'nginx-static.j2', **vhost_config)
def render_nginx_template_restart_nginx(): """NGINX """ status_set('maintenance', 'Configuring website') configure_site('documize', 'documize.nginx.tmpl') open_port(config('port')) start_restart('nginx') status_set('active', 'Documize available: %s' % unit_public_ip()) set_state('documize.web.available')
def configure_nginx(): """Configure NGINX server for fresh_rss """ ctxt = {'fqdn': config['fqdn'], 'port': config['port']} configure_site('fresh-rss', 'fresh-rss.conf', **ctxt) hookenv.open_port(ctxt['port']) status.active('nginx configured') set_flag('fresh-rss.nginx.configured')
def configure_memcache_proxy_hosts(): """Write out the nginx config containing the memcache servers """ memcache_servers = [{'host': host, 'port': "11211"} for host in kv.get('memcache_hosts')] configure_site('memcache_cluster', 'memcache_cluster.conf.tmpl', memcache_servers=memcache_servers) set_state('memcache.client.proxy.available')
def setup_vhost(): status_set('maintenance', 'setting up vhost') nginx.configure_site( 'uca-tracker', 'vhost.conf', app_path='/usr/share/nginx/www', ) ch_host.service_restart('nginx') set_state('uca-tracker.nginx.ready')
def configure_es_proxy_hosts(): """Write out the nginx config containing the es servers """ ES_SERVERS = [] for host in kv.get('es_hosts').split(","): ES_SERVERS.append({'host': host, 'port': "9200"}) configure_site('es_cluster', 'es_cluster.conf.tmpl', es_servers=ES_SERVERS) set_state('visimil.elasticsearch.available')
def configure_es_proxy_hosts(): """Write out the nginx config containing the es servers """ hookenv.status_set('maintenance', 'Configuring elasticsearch loadbalancing proxy') nginx.configure_site('es_cluster', 'es_cluster.conf.tmpl', es_servers=kv.get('es_hosts')) hookenv.status_set('active', 'Elasticsearch loadbalancer/proxy configured') reactive.clear_flag('juju.elasticsearch.available') reactive.set_flag('elasticsearch.client.proxy.available')
def set_up(reverseproxy): hookenv.log('Http relation found') services = reverseproxy.services() hookenv.log(services) live = lets_encrypt.live() template = 'encrypt.nginx.tmpl' if config['credentials']: template = 'encrypt.nginx.auth.tmpl' configure_site('default', template, privkey=live['privkey'], fullchain=live['fullchain'], fqdn=config['fqdn'], hostname=services[0]['hosts'][0]['hostname'], dhparam=os.path.join(dhparam_dir, dhparam)) status_set('active', 'Ready') set_state('lets-encrypt-nginx.running')
def install_load_balancer(): ''' Create the default vhost template for load balancing ''' apiserver = endpoint_from_name('apiserver') lb_consumers = endpoint_from_name('lb-consumers') if not (server_crt_path.exists() and server_key_path.exists()): hookenv.log('Skipping due to missing cert') return if not (apiserver.services() or lb_consumers.all_requests): hookenv.log('Skipping due to requests not ready') return # At this point the cert and key exist, and they are owned by root. chown = ['chown', 'www-data:www-data', str(server_crt_path)] # Change the owner to www-data so the nginx process can read the cert. subprocess.call(chown) chown = ['chown', 'www-data:www-data', str(server_key_path)] # Change the owner to www-data so the nginx process can read the key. subprocess.call(chown) servers = {} if apiserver and apiserver.services(): servers[hookenv.config('port')] = {(h['hostname'], h['port']) for service in apiserver.services() for h in service['hosts']} for request in lb_consumers.all_requests: for server_port in request.port_mapping.keys(): service = servers.setdefault(server_port, set()) service.update( (backend, backend_port) for backend, backend_port in itertools.product( request.backends, request.port_mapping.values())) nginx.configure_site( 'apilb', 'apilb.conf', servers=servers, server_certificate=str(server_crt_path), server_key=str(server_key_path), proxy_read_timeout=hookenv.config('proxy_read_timeout')) maybe_write_apilb_logrotate_config() for listen_port in servers.keys(): hookenv.open_port(listen_port) status.active('Loadbalancer ready.')
def configure_webserver_le(): """Configure nginx """ status_set('maintenance', 'Configuring website') fqdn = config().get('fqdn') live = lets_encrypt.live() configure_site('mattermost', 'mattermost.nginx.tmpl', key_path=live['privkey'], crt_path=live['fullchain'], fqdn=fqdn) open_port(80) open_port(443) close_port(8065) restart_service('nginx') status_set('active', 'Mattermost available: https://%s' % fqdn) set_state('mattermost.web.configured')
def setup(ssltermination): live = lets_encrypt.live(db.get('fqdns')) for data in ssltermination.get_data(): service = data['service'] try: os.remove('/etc/nginx/.htpasswd/{}'.format(service)) except OSError: pass # Did we get credentials? If so, configure them. for user in data['basic_auth']: try: check_call([ 'htpasswd', '-b', '/etc/nginx/.htpasswd/{}'.format(service), user['name'], user['password'] ]) except CalledProcessError: check_call([ 'htpasswd', '-bc', '/etc/nginx/.htpasswd/{}'.format(service), user['name'], user['password'] ]) configuration = { 'privkey': live['privkey'], 'fullchain': live['fullchain'], 'service': service, 'servers': data['private_ips'], 'fqdns': data['fqdns'], 'dhparam': live['dhparam'], 'auth_basic': bool(data['basic_auth']) } if data['loadbalancing']: configuration['loadbalancing'] = data['loadbalancing'] configure_site('{}.conf'.format(service), 'service.conf', **configuration) set_state('ssl-termination-proxy.running') status_set( 'active', '{} have been registered and are online'.format(db.get('fqdns')))
def _configure_static_serve(): """Configure the static file serve.""" vhost_config = setup.get_virtualhost_config() configure_site('archive-auth-mirror', 'nginx-static.j2', **vhost_config)
def configure_web_server(): nginx.configure_site('conda-mirror', 'conda-mirror-vhost.conf') status.active('Nginx configured') set_flag('conda-mirror.nginx.configured')
def start_nginx(): hookenv.log("Configuring site for nginx") configure_site('flask', 'gunicornhost.conf', flask_port=config['flask-port']) set_state('flask.nginx.installed')
def render_elasticsearch_lb_proxy(): """Write out elasticsearch lb proxy """ nginx.configure_site('es_lb_proxy', 'es_lb_proxy.conf.tmpl') reactive.set_flag('elasticsearch.lb.proxy.available')
def _configure_static_serve(auth_backends=None): """Configure the static file serve.""" auth_cache_time = hookenv.config()['auth-cache-time'] vhost_config = setup.get_virtualhost_config( auth_backends=auth_backends, auth_cache_time=auth_cache_time) configure_site('archive-auth-mirror', 'nginx-static.j2', **vhost_config)
def configure_nginx(): """ Once nginx is ready, setup our vhost entry. """ nginx.configure_site('default', 'vhost.conf') set_state('ghost.nginx.configured')