예제 #1
0
def configure_haproxy(service_ports):
    '''
    Configure HAProxy based on the current peers in the service
    cluster using the provided port map:

        "swift": [ 8080, 8070 ]

    HAproxy will also be reloaded/started if required

    service_ports: dict: dict of lists of [ frontend, backend ]
    '''
    cluster_hosts = {}
    cluster_hosts[os.getenv('JUJU_UNIT_NAME').replace('/', '-')] = \
        unit_get('private-address')
    for r_id in relation_ids('cluster'):
        for unit in relation_list(r_id):
            cluster_hosts[unit.replace('/', '-')] = \
                relation_get(attribute='private-address',
                             rid=r_id,
                             unit=unit)
    context = {
        'units': cluster_hosts,
        'service_ports': service_ports
        }
    with open(HAPROXY_CONF, 'w') as f:
        f.write(render_template(os.path.basename(HAPROXY_CONF),
                                context))
    with open(HAPROXY_DEFAULT, 'w') as f:
        f.write('ENABLED=1')

    reload('haproxy')
예제 #2
0
def enable_ssl(ssl_key, ssl_cert, ssl_port):
    uid = pwd.getpwnam("root").pw_uid
    gid = grp.getgrnam("rabbitmq").gr_gid
    with open(ssl_key_file, 'w') as key_file:
        key_file.write(ssl_key)
    os.chmod(ssl_key_file, 0640)
    os.chown(ssl_key_file, uid, gid)
    with open(ssl_cert_file, 'w') as cert_file:
        cert_file.write(ssl_cert)
    os.chmod(ssl_cert_file, 0640)
    os.chown(ssl_cert_file, uid, gid)
    with open(RABBITMQ_CONF, 'w') as rmq_conf:
        rmq_conf.write(utils.render_template(os.path.basename(RABBITMQ_CONF),
                                             {"ssl_port": ssl_port,
                                              "ssl_cert_file": ssl_cert_file,
                                              "ssl_key_file": ssl_key_file}))
예제 #3
0
def enable_ssl(ssl_key, ssl_cert, ssl_port):
    uid = pwd.getpwnam("root").pw_uid
    gid = grp.getgrnam("rabbitmq").gr_gid
    with open(ssl_key_file, 'w') as key_file:
        key_file.write(ssl_key)
    os.chmod(ssl_key_file, 0640)
    os.chown(ssl_key_file, uid, gid)
    with open(ssl_cert_file, 'w') as cert_file:
        cert_file.write(ssl_cert)
    os.chmod(ssl_cert_file, 0640)
    os.chown(ssl_cert_file, uid, gid)
    with open(RABBITMQ_CONF, 'w') as rmq_conf:
        rmq_conf.write(
            utils.render_template(
                os.path.basename(RABBITMQ_CONF), {
                    "ssl_port": ssl_port,
                    "ssl_cert_file": ssl_cert_file,
                    "ssl_key_file": ssl_key_file
                }))
예제 #4
0
def enable_https(port_maps, namespace, cert, key, ca_cert=None):
    '''
    For a given number of port mappings, configures apache2
    HTTPs local reverse proxying using certficates and keys provided in
    either configuration data (preferred) or relation data.  Assumes ports
    are not in use (calling charm should ensure that).

    port_maps: dict: external to internal port mappings
    namespace: str: name of charm
    '''
    def _write_if_changed(path, new_content):
        content = None
        if os.path.exists(path):
            with open(path, 'r') as f:
                content = f.read().strip()
        if content != new_content:
            with open(path, 'w') as f:
                f.write(new_content)
            return True
        else:
            return False

    juju_log('INFO', "Enabling HTTPS for port mappings: {}".format(port_maps))
    http_restart = False

    if cert:
        cert = b64decode(cert)
    if key:
        key = b64decode(key)
    if ca_cert:
        ca_cert = b64decode(ca_cert)

    if not cert and not key:
        juju_log('ERROR',
                 "Expected but could not find SSL certificate data, not "
                 "configuring HTTPS!")
        return False

    install('apache2')
    if RELOAD_CHECK in subprocess.check_output(['a2enmod', 'ssl',
                                                'proxy', 'proxy_http']):
        http_restart = True

    ssl_dir = os.path.join('/etc/apache2/ssl', namespace)
    if not os.path.exists(ssl_dir):
        os.makedirs(ssl_dir)

    if (_write_if_changed(os.path.join(ssl_dir, 'cert'), cert)):
        http_restart = True
    if (_write_if_changed(os.path.join(ssl_dir, 'key'), key)):
        http_restart = True
    os.chmod(os.path.join(ssl_dir, 'key'), 0600)

    install_ca_cert(ca_cert)

    sites_dir = '/etc/apache2/sites-available'
    for ext_port, int_port in port_maps.items():
        juju_log('INFO',
                 'Creating apache2 reverse proxy vhost'
                 ' for {}:{}'.format(ext_port,
                                     int_port))
        site = "{}_{}".format(namespace, ext_port)
        site_path = os.path.join(sites_dir, site)
        with open(site_path, 'w') as fsite:
            context = {
                "ext": ext_port,
                "int": int_port,
                "namespace": namespace,
                "private_address": get_host_ip()
                }
            fsite.write(render_template(SITE_TEMPLATE,
                                        context))

        if RELOAD_CHECK in subprocess.check_output(['a2ensite', site]):
            http_restart = True

    if http_restart:
        restart('apache2')

    return True
예제 #5
0
파일: views.py 프로젝트: sergij/roach
def render_popup(request, template, context):
    html = render_template(request, template, context)
    return AjaxFormResponse(request, html=html)
예제 #6
0
파일: views.py 프로젝트: sergij/roach
def render_popup(request, template, context):
    html = render_template(request, template, context)
    return AjaxFormResponse(request, html=html)