def install_load_balancer(apiserver, tls):
''' Create the default vhost template for load balancing '''
# Get the tls paths from the layer data.
layer_options = layer.options('tls-client')
server_cert_path = layer_options.get('server_certificate_path')
cert_exists = server_cert_path and os.path.isfile(server_cert_path)
server_key_path = layer_options.get('server_key_path')
key_exists = server_key_path and os.path.isfile(server_key_path)
# Do both the the key and certificate exist?
if cert_exists and key_exists:
# At this point the cert and key exist, and they are owned by root.
chown = ['chown', 'www-data:www-data', server_cert_path]
# Change the owner to www-data so the nginx process can read the cert.
subprocess.call(chown)
chown = ['chown', 'www-data:www-data', server_key_path]
# Change the owner to www-data so the nginx process can read the key.
subprocess.call(chown)
hookenv.open_port(hookenv.config('port'))
services = apiserver.services()
nginx.configure_site(
'apilb',
'apilb.conf',
server_name='_',
services=services,
port=hookenv.config('port'),
server_certificate=server_cert_path,
server_key=server_key_path,
)
hookenv.status_set('active', 'Loadbalancer ready.')
def configure_website():
config = hookenv.config()
configure_site('uosci_dashboard', 'uosci.conf', app_path='/var/www/html')
subprocess.check_call(['uosci-dashboard', '--path', '/var/www/html'])
hookenv.open_port('80')
hookenv.status_set('active', 'UOSCI Dashboard is now available')
set_state('dashboard.init')
def install_load_balancer():
''' Create the default vhost template for load balancing '''
apiserver = endpoint_from_flag('apiserver.available')
# Do both the key and certificate exist?
if server_crt_path.exists() and server_key_path.exists():
# At this point the cert and key exist, and they are owned by root.
chown = ['chown', 'www-data:www-data', str(server_crt_path)]
# Change the owner to www-data so the nginx process can read the cert.
subprocess.call(chown)
chown = ['chown', 'www-data:www-data', str(server_key_path)]
# Change the owner to www-data so the nginx process can read the key.
subprocess.call(chown)
port = hookenv.config('port')
hookenv.open_port(port)
services = apiserver.services()
nginx.configure_site(
'apilb',
'apilb.conf',
server_name='_',
services=services,
port=port,
server_certificate=str(server_crt_path),
server_key=str(server_key_path),
proxy_read_timeout=hookenv.config('proxy_read_timeout'))
maybe_write_apilb_logrotate_config()
hookenv.status_set('active', 'Loadbalancer ready.')
def install_app():
""" Performs application installation
"""
hookenv.log('Installing Dokuwiki', 'info')
# Configure NGINX vhost
nginx.configure_site('default', 'vhost.conf',
listen_address=php.socket())
# Update application
dokuwiki.download_archive()
# Needs to set dokuwiki directory permissions for installation
app_path = nginx.get_app_path()
render(source='local.php',
target=path.join(app_path, 'conf/local.php'),
context=config, perms=0o644)
render(source='acl.auth.php',
target=path.join(app_path, 'conf/acl.auth.php'),
context=config, perms=0o644)
render(source='plugins.local.php',
target=path.join(app_path, 'conf/plugins.local.php'),
context=config, perms=0o644)
# Clean up install.php as we don't need it
call("rm -f {}/conf/install.php", shell=True)
php.restart()
service_restart('nginx')
hookenv.status_set('active', 'Dokuwiki is installed!')
def install_presentation():
""" Install presentation
"""
opts = options('git-deploy')
hookenv.status_set('maintenance',
'Installing and building the presentation.')
# Build and install
with chdir(os.path.join(opts.get('target'), 'current')):
with open('requirements.txt', 'r') as f:
for i in list(map(lambda b: b.strip('\n'), f.readlines())):
pip_install(i)
sphinx_build_cmd = 'sphinx-build -b html source %s' % opts.get('target')
subprocess.call(sphinx_build_cmd.split(), shell=False)
present_chown_cmd = 'chown -R www-data:www-data %s' % opts.get('target')
subprocess.call(present_chown_cmd.split(), shell=False)
# Configure nginx vhost
configure_site('present', 'present.vhost', app_path=opts.get('target'))
# Open presentation front-end port
hookenv.open_port(config['port'])
# Set status
hookenv.status_set('active',
'Presentation is active on port %s' % config['port'])
# Set flag
set_flag('presentation.available')
def start_nginx():
hookenv.log("Configuring site for nginx")
configure_site('default',
'gunicornhost.conf',
flask_port=config['flask-port'])
set_state('flask.nginx.installed')
status_set('active', 'Ready')
def install_load_balancer(apiserver, tls):
''' Create the default vhost template for load balancing '''
# Get the tls paths from the layer data.
layer_options = layer.options('tls-client')
server_cert_path = layer_options.get('server_certificate_path')
cert_exists = server_cert_path and os.path.isfile(server_cert_path)
server_key_path = layer_options.get('server_key_path')
key_exists = server_key_path and os.path.isfile(server_key_path)
# Do both the key and certificate exist?
if cert_exists and key_exists:
# At this point the cert and key exist, and they are owned by root.
chown = ['chown', 'www-data:www-data', server_cert_path]
# Change the owner to www-data so the nginx process can read the cert.
subprocess.call(chown)
chown = ['chown', 'www-data:www-data', server_key_path]
# Change the owner to www-data so the nginx process can read the key.
subprocess.call(chown)
port = hookenv.config('port')
hookenv.open_port(port)
services = apiserver.services()
nginx.configure_site(
'apilb',
'apilb.conf',
server_name='_',
services=services,
port=port,
server_certificate=server_cert_path,
server_key=server_key_path,
proxy_read_timeout=hookenv.config('proxy_read_timeout'))
maybe_write_apilb_logrotate_config()
hookenv.status_set('active', 'Loadbalancer ready.')
def render_elasticsearch_lb_proxy():
"""Write out elasticsearch lb proxy
"""
status_set('maintenance', 'Configuring elasticsearch loadbalancing proxy')
configure_site('es_lb_proxy', 'es_lb_proxy.conf.tmpl')
status_set('active', 'Elasticsearch loadbalancer/proxy configured')
# Set state
set_state('elasticsearch.lb.proxy.available')
def configure_nginx():
print("Configuring NGINX reverse proxy and https endpoint.")
fqdn = config().get('fqdn')
live = lets_encrypt.live()
configure_site('mattermost', 'mattermost.nginx.tmpl',
key_path=live['privkey'],
crt_path=live['fullchain'], fqdn=fqdn)
set_state('mattermost.nginx.configured')
def render_memcache_lb_proxy():
"""Write out memcache lb proxy
"""
status_set('maintenance', 'Configuring Memcache loadbalancing proxy')
configure_site('memcache_lb_proxy', 'memcache_lb_proxy.conf.tmpl')
status_set('active', 'Memcache loadbalancer/proxy configured')
set_state('memcache.lb.proxy.available')
set_state('memcache.client.available')
def render_nginx_conf():
# Configure nginx vhost
configure_site('fiche', 'fiche.nginx.tmpl', port=config('port'),
app_path=options('git-deploy').get('target'))
# Open fiche front-end port
open_port(config('port'))
# Set state
set_state('fiche.web.configured')
def _configure_static_serve(auth_backends=None):
"""Configure the static file serve."""
cfg = hookenv.config()
vhost_config = setup.get_virtualhost_config(auth_backends,
cfg['resource-name'],
cfg['auth-cache-enabled'],
cfg['auth-cache-duration'],
cfg['auth-cache-inactivity'])
configure_site('archive-auth-mirror', 'nginx-static.j2', **vhost_config)
def configure_nginx():
print("Configuring NGINX reverse proxy and https endpoint.")
fqdn = config().get('fqdn')
live = lets_encrypt.live()
configure_site('mattermost',
'mattermost.nginx.tmpl',
key_path=live['privkey'],
crt_path=live['fullchain'],
fqdn=fqdn)
set_state('mattermost.nginx.configured')
def render_nginx_template_restart_nginx():
"""NGINX
"""
status_set('maintenance', 'Configuring website')
configure_site('documize', 'documize.nginx.tmpl')
open_port(config('port'))
start_restart('nginx')
status_set('active', 'Documize available: %s' % unit_public_ip())
set_state('documize.web.available')
def configure_nginx():
"""Configure NGINX server for fresh_rss
"""
ctxt = {'fqdn': config['fqdn'], 'port': config['port']}
configure_site('fresh-rss', 'fresh-rss.conf', **ctxt)
hookenv.open_port(ctxt['port'])
status.active('nginx configured')
set_flag('fresh-rss.nginx.configured')
def configure_memcache_proxy_hosts():
"""Write out the nginx config containing the memcache servers
"""
memcache_servers = [{'host': host, 'port': "11211"} for host in
kv.get('memcache_hosts')]
configure_site('memcache_cluster', 'memcache_cluster.conf.tmpl',
memcache_servers=memcache_servers)
set_state('memcache.client.proxy.available')
def setup_vhost():
status_set('maintenance', 'setting up vhost')
nginx.configure_site(
'uca-tracker',
'vhost.conf',
app_path='/usr/share/nginx/www',
)
ch_host.service_restart('nginx')
set_state('uca-tracker.nginx.ready')
def configure_es_proxy_hosts():
"""Write out the nginx config containing the es servers
"""
ES_SERVERS = []
for host in kv.get('es_hosts').split(","):
ES_SERVERS.append({'host': host, 'port': "9200"})
configure_site('es_cluster', 'es_cluster.conf.tmpl', es_servers=ES_SERVERS)
set_state('visimil.elasticsearch.available')
def configure_es_proxy_hosts():
"""Write out the nginx config containing the es servers
"""
hookenv.status_set('maintenance',
'Configuring elasticsearch loadbalancing proxy')
nginx.configure_site('es_cluster',
'es_cluster.conf.tmpl',
es_servers=kv.get('es_hosts'))
hookenv.status_set('active', 'Elasticsearch loadbalancer/proxy configured')
reactive.clear_flag('juju.elasticsearch.available')
reactive.set_flag('elasticsearch.client.proxy.available')
def set_up(reverseproxy):
hookenv.log('Http relation found')
services = reverseproxy.services()
hookenv.log(services)
live = lets_encrypt.live()
template = 'encrypt.nginx.tmpl'
if config['credentials']:
template = 'encrypt.nginx.auth.tmpl'
configure_site('default',
template,
privkey=live['privkey'],
fullchain=live['fullchain'],
fqdn=config['fqdn'],
hostname=services[0]['hosts'][0]['hostname'],
dhparam=os.path.join(dhparam_dir, dhparam))
status_set('active', 'Ready')
set_state('lets-encrypt-nginx.running')
def install_load_balancer():
''' Create the default vhost template for load balancing '''
apiserver = endpoint_from_name('apiserver')
lb_consumers = endpoint_from_name('lb-consumers')
if not (server_crt_path.exists() and server_key_path.exists()):
hookenv.log('Skipping due to missing cert')
return
if not (apiserver.services() or lb_consumers.all_requests):
hookenv.log('Skipping due to requests not ready')
return
# At this point the cert and key exist, and they are owned by root.
chown = ['chown', 'www-data:www-data', str(server_crt_path)]
# Change the owner to www-data so the nginx process can read the cert.
subprocess.call(chown)
chown = ['chown', 'www-data:www-data', str(server_key_path)]
# Change the owner to www-data so the nginx process can read the key.
subprocess.call(chown)
servers = {}
if apiserver and apiserver.services():
servers[hookenv.config('port')] = {(h['hostname'], h['port'])
for service in apiserver.services()
for h in service['hosts']}
for request in lb_consumers.all_requests:
for server_port in request.port_mapping.keys():
service = servers.setdefault(server_port, set())
service.update(
(backend, backend_port)
for backend, backend_port in itertools.product(
request.backends, request.port_mapping.values()))
nginx.configure_site(
'apilb',
'apilb.conf',
servers=servers,
server_certificate=str(server_crt_path),
server_key=str(server_key_path),
proxy_read_timeout=hookenv.config('proxy_read_timeout'))
maybe_write_apilb_logrotate_config()
for listen_port in servers.keys():
hookenv.open_port(listen_port)
status.active('Loadbalancer ready.')
def configure_webserver_le():
"""Configure nginx
"""
status_set('maintenance', 'Configuring website')
fqdn = config().get('fqdn')
live = lets_encrypt.live()
configure_site('mattermost',
'mattermost.nginx.tmpl',
key_path=live['privkey'],
crt_path=live['fullchain'],
fqdn=fqdn)
open_port(80)
open_port(443)
close_port(8065)
restart_service('nginx')
status_set('active', 'Mattermost available: https://%s' % fqdn)
set_state('mattermost.web.configured')
def setup(ssltermination):
live = lets_encrypt.live(db.get('fqdns'))
for data in ssltermination.get_data():
service = data['service']
try:
os.remove('/etc/nginx/.htpasswd/{}'.format(service))
except OSError:
pass
# Did we get credentials? If so, configure them.
for user in data['basic_auth']:
try:
check_call([
'htpasswd', '-b',
'/etc/nginx/.htpasswd/{}'.format(service), user['name'],
user['password']
])
except CalledProcessError:
check_call([
'htpasswd', '-bc',
'/etc/nginx/.htpasswd/{}'.format(service), user['name'],
user['password']
])
configuration = {
'privkey': live['privkey'],
'fullchain': live['fullchain'],
'service': service,
'servers': data['private_ips'],
'fqdns': data['fqdns'],
'dhparam': live['dhparam'],
'auth_basic': bool(data['basic_auth'])
}
if data['loadbalancing']:
configuration['loadbalancing'] = data['loadbalancing']
configure_site('{}.conf'.format(service), 'service.conf',
**configuration)
set_state('ssl-termination-proxy.running')
status_set(
'active',
'{} have been registered and are online'.format(db.get('fqdns')))
def start_nginx():
hookenv.log("Configuring site for nginx")
configure_site('default', 'gunicornhost.conf', flask_port=config['flask-port'])
set_state('flask.nginx.installed')
status_set('active', 'Ready')
def _configure_static_serve():
"""Configure the static file serve."""
vhost_config = setup.get_virtualhost_config()
configure_site('archive-auth-mirror', 'nginx-static.j2', **vhost_config)
def configure_web_server():
nginx.configure_site('conda-mirror', 'conda-mirror-vhost.conf')
status.active('Nginx configured')
set_flag('conda-mirror.nginx.configured')
def start_nginx():
hookenv.log("Configuring site for nginx")
configure_site('flask',
'gunicornhost.conf',
flask_port=config['flask-port'])
set_state('flask.nginx.installed')
def render_elasticsearch_lb_proxy():
"""Write out elasticsearch lb proxy
"""
nginx.configure_site('es_lb_proxy', 'es_lb_proxy.conf.tmpl')
reactive.set_flag('elasticsearch.lb.proxy.available')
def _configure_static_serve(auth_backends=None):
"""Configure the static file serve."""
auth_cache_time = hookenv.config()['auth-cache-time']
vhost_config = setup.get_virtualhost_config(
auth_backends=auth_backends, auth_cache_time=auth_cache_time)
configure_site('archive-auth-mirror', 'nginx-static.j2', **vhost_config)
def configure_nginx():
"""
Once nginx is ready, setup our vhost entry.
"""
nginx.configure_site('default', 'vhost.conf')
set_state('ghost.nginx.configured')
def configure_nginx():
"""
Once nginx is ready, setup our vhost entry.
"""
nginx.configure_site('default', 'vhost.conf')
set_state('ghost.nginx.configured')
