Valentin Lab
9 years ago
13 changed files with 680 additions and 10 deletions
-
61www/actions/load
-
44www/actions/relations/publish-dir/load-files
-
27www/build/Dockerfile
-
21www/build/entrypoint.sh
-
1www/build/etc/apache2/site-enabled/monitor.formanoo.org.passwd
-
50www/hooks/init
-
49www/hooks/log_rotate-relation-joined
-
76www/hooks/publish_dir-relation-joined
-
55www/hooks/web_proxy-relation-joined
-
277www/lib/common
-
25www/metadata.yaml
-
1www/revision
-
3www/shorewall
@ -0,0 +1,61 @@ |
|||
#!/bin/bash |
|||
|
|||
## deploy-files will deploy data files to $DOMAIN data from given FILE/DIRECTORY/URL |
|||
## |
|||
## |
|||
|
|||
if [ -z "$SERVICE_DATASTORE" ]; then |
|||
echo "This script is meant to be run through 'compose' to work properly." >&2 |
|||
exit 1 |
|||
fi |
|||
|
|||
usage="$exname [-h|--help] SOURCE DBNAME" |
|||
|
|||
SRC= |
|||
DOMAIN= |
|||
while [ "$1" ]; do |
|||
case "$1" in |
|||
"--help"|"-h") |
|||
print_usage |
|||
exit 0 |
|||
;; |
|||
*) |
|||
[ -z "$SRC" ] && { SRC=$1 ; shift ; continue ; } |
|||
[ -z "$DOMAIN" ] && { DOMAIN=$1 ; shift ; continue ; } |
|||
err "Unexpected argument '$1'." |
|||
exit 1 |
|||
;; |
|||
esac |
|||
shift |
|||
done |
|||
|
|||
if [ -z "$SRC" ]; then |
|||
err "You must provide a source file as first argument." |
|||
print_usage |
|||
exit 1 |
|||
fi |
|||
|
|||
if [ -z "$DOMAIN" ]; then |
|||
err "You must provide a destination domain as second argument." |
|||
exit 1 |
|||
fi |
|||
|
|||
|
|||
. lib/common |
|||
|
|||
set -e |
|||
|
|||
DOCKER_SITE_PATH=/var/www/$DOMAIN |
|||
if [ "$RELATION_BASE_CHARM" ]; then ## In a relation, we should use it then |
|||
DST=$DATASTORE/$RELATION_BASE_CHARM$DOCKER_SITE_PATH |
|||
else |
|||
DST=${SERVICE_DATASTORE}$DOCKER_SITE_PATH |
|||
fi |
|||
|
|||
echo rm -rf "$DST" |
|||
|
|||
mkdir -p "$DST" |
|||
|
|||
deploy_files "$SRC" "$DST" |
|||
|
|||
info "Deployed files from '$SRC' to '$DST'." |
@ -0,0 +1,44 @@ |
|||
#!/bin/bash |
|||
|
|||
## Load action gets a first argument a FILE/DIRECTORY/URL holding the necessary files. |
|||
## |
|||
## |
|||
|
|||
if [ -z "$SERVICE_DATASTORE" ]; then |
|||
echo "This script is meant to be run through 'compose' to work properly." >&2 |
|||
exit 1 |
|||
fi |
|||
|
|||
usage="$exname [-h|--help] SOURCE" |
|||
|
|||
while [ "$1" ]; do |
|||
case "$1" in |
|||
"--help"|"-h") |
|||
print_usage |
|||
exit 0 |
|||
;; |
|||
*) |
|||
[ -z "$SOURCE" ] && { SOURCE=$1 ; shift ; continue ; } |
|||
err "Unexpected argument '$1'." |
|||
exit 1 |
|||
;; |
|||
esac |
|||
shift |
|||
done |
|||
|
|||
if [ -z "$SOURCE" ]; then |
|||
err "You must provide a source file as first argument." |
|||
print_usage |
|||
exit 1 |
|||
fi |
|||
|
|||
include parse |
|||
include pretty |
|||
|
|||
set -e |
|||
|
|||
DOMAIN=$(relation-get domain) |
|||
|
|||
run_service_action "$RELATION_TARGET_CHARM" load "$SOURCE" "$DOMAIN" "$@" |
|||
|
|||
info "Correctly deployed '$SOURCE' towards domain '$DOMAIN'" |
@ -0,0 +1,27 @@ |
|||
FROM docker.0k.io/apache:carif |
|||
|
|||
|
|||
## Limesurvey |
|||
RUN apt-get update && \ |
|||
DEBIAN_FRONTEND=noninteractive apt-get install -y libfreetype6-dev libjpeg62-turbo-dev libmcrypt-dev libpng12-dev && \ |
|||
apt-get clean && \ |
|||
rm -rf /var/lib/apt/lists/* && \ |
|||
docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/ && \ |
|||
docker-php-ext-install gd pdo_mysql mbstring |
|||
|
|||
## Formanoo_nfo |
|||
RUN apt-get update && \ |
|||
DEBIAN_FRONTEND=noninteractive apt-get install -y libpq-dev && \ |
|||
apt-get clean && \ |
|||
rm -rf /var/lib/apt/lists/* |
|||
RUN docker-php-ext-install pgsql pdo_pgsql |
|||
|
|||
RUN a2enmod headers proxy_http rewrite ssl |
|||
|
|||
## Can remove this when SSL certificate are all valid ones |
|||
RUN apt-get update && apt-get install -y --force-yes ssl-cert |
|||
|
|||
COPY entrypoint.sh /entrypoint.sh |
|||
|
|||
ENTRYPOINT [ "/entrypoint.sh" ] |
|||
|
@ -0,0 +1,21 @@ |
|||
#!/bin/bash |
|||
|
|||
. /etc/apache2/envvars |
|||
|
|||
if [ "$SERVER_NAME" ]; then |
|||
FILE=/etc/apache2/apache2.conf |
|||
if grep -E "^ServerName\s+.*\$" "$FILE" > /dev/null 2>&1; then |
|||
echo "Updated IP." |
|||
sed -ri "s/^(ServerName)(\s+[^ ]*)\s*$/\1 $SERVER_NAME/g" "$FILE" |
|||
else |
|||
#echo "Added IP." |
|||
echo "ServerName $SERVER_NAME" >> "$FILE" |
|||
fi |
|||
fi |
|||
|
|||
## Using exec replaces the current bash process with the given one. |
|||
## this is necessary if we want that apache2 receives signals correctly. |
|||
exec apache2-foreground "$@" |
|||
|
|||
|
|||
|
@ -0,0 +1 @@ |
|||
admin:$apr1$DxN/jqDN$0hboJaVxmG5ETv8vNdDAN0 |
@ -0,0 +1,50 @@ |
|||
#!/bin/bash |
|||
|
|||
## Init is run on host |
|||
## For now it is run every time the script is launched, but |
|||
## it should be launched only once after build. |
|||
|
|||
## Accessible variables are: |
|||
## - SERVICE_NAME Name of current service |
|||
## - DOCKER_BASE_IMAGE Base image from which this service might be built if any |
|||
## - SERVICE_DATASTORE Location on host of the DATASTORE of this service |
|||
## - SERVICE_CONFIGSTORE Location on host of the CONFIGSTORE of this service |
|||
|
|||
|
|||
APACHE_LOG_DIR=/var/log/apache2 |
|||
|
|||
set -u |
|||
|
|||
cat <<EOF | file_put "$SERVICE_DATASTORE/var/www/html/.htaccess" |
|||
<IfModule mod_rewrite.c> |
|||
|
|||
RewriteEngine On |
|||
|
|||
RewriteCond %{HTTPS} off |
|||
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] |
|||
</IfModule> |
|||
EOF |
|||
|
|||
|
|||
cat <<EOF | file_put "$SERVICE_CONFIGSTORE/etc/apache2/sites-enabled/000-default.conf" |
|||
<VirtualHost *:80> |
|||
ServerAdmin webmaster@localhost |
|||
DocumentRoot /var/www/html |
|||
|
|||
<Directory /> |
|||
Options FollowSymLinks |
|||
AllowOverride None |
|||
</Directory> |
|||
|
|||
<Directory /var/www/html> |
|||
Options Indexes FollowSymLinks MultiViews |
|||
AllowOverride all |
|||
Order allow,deny |
|||
allow from all |
|||
</Directory> |
|||
|
|||
ErrorLog ${APACHE_LOG_DIR}/error.log |
|||
CustomLog ${APACHE_LOG_DIR}/access.log combined |
|||
|
|||
</VirtualHost> |
|||
EOF |
@ -0,0 +1,49 @@ |
|||
#!/bin/bash |
|||
|
|||
## Should be executable N time in a row with same result. |
|||
|
|||
. lib/common |
|||
|
|||
set -e |
|||
|
|||
LOGS=/var/log/apache2 |
|||
|
|||
## XXXvlab: hum it seems apache logging is run as root, so well... |
|||
# logs_creds=$(cached_cmd_on_base_image apache "stat -c '%u %g' '$LOGS'") || { |
|||
# debug "Failed to query for www-data gid in ${DARKYELLOW}apache${NORMAL} base image." |
|||
# return 1 |
|||
# } |
|||
|
|||
## XXXvlab: a lot of this intelligence should be moved away into ``logrotate`` charm |
|||
DST="$CONFIGSTORE/$TARGET_SERVICE_NAME/etc/logrotate.d/$SERVICE_NAME" |
|||
file_put "$DST" <<EOF |
|||
/var/log/docker/$SERVICE_NAME/*error.log |
|||
/var/log/docker/$SERVICE_NAME/*access.log |
|||
{ |
|||
weekly |
|||
missingok |
|||
dateext |
|||
dateyesterday |
|||
dateformat _%Y-%m-%d |
|||
extension .log |
|||
rotate 52 |
|||
compress |
|||
delaycompress |
|||
notifempty |
|||
create 640 root root |
|||
sharedscripts |
|||
postrotate |
|||
docker-send-signal \$${MASTER_BASE_CHARM_NAME^^}_NAME SIGUSR1; |
|||
endscript |
|||
} |
|||
EOF |
|||
|
|||
config-add "\ |
|||
$MASTER_TARGET_CHARM_NAME: |
|||
volumes: |
|||
- $DST:/etc/logrotate.d/docker-${SERVICE_NAME}:ro |
|||
- $SERVICE_DATASTORE$LOGS:/var/log/docker/$SERVICE_NAME:rw |
|||
$MASTER_BASE_CHARM_NAME: |
|||
volumes: |
|||
- $SERVICE_DATASTORE$LOGS:$LOGS:rw |
|||
" |
@ -0,0 +1,76 @@ |
|||
#!/bin/bash |
|||
|
|||
## Should be executable N time in a row with same result. |
|||
|
|||
. lib/common |
|||
|
|||
set -e |
|||
|
|||
DOMAIN=$(relation-get domain) |
|||
DATA_DIRS=$(relation-get data_dirs 2>/dev/null | shyaml get-values 2>/dev/null) || true |
|||
LOCATION=$(relation-get location 2>/dev/null) || true |
|||
CREDS=$(relation-get creds 2>/dev/null) || true |
|||
SERVER_ALIAS=$(relation-get server-alias 2>/dev/null) || true |
|||
|
|||
export SERVER_ALIAS |
|||
|
|||
if SSL_CERT_LOCATION=$(relation-get ssl-cert-file 2>/dev/null); then |
|||
SSL_CERT=/etc/ssl/certs/${DOMAIN}.pem |
|||
config-add "\ |
|||
$MASTER_BASE_CHARM_NAME: |
|||
volumes: |
|||
- ${SSL_CERT_LOCATION}:${SSL_CERT} |
|||
" |
|||
fi |
|||
|
|||
if SSL_KEY_LOCATION=$(relation-get ssl-key-file 2>/dev/null); then |
|||
SSL_KEY=/etc/ssl/private/${DOMAIN}.key |
|||
config-add "\ |
|||
$MASTER_BASE_CHARM_NAME: |
|||
volumes: |
|||
- ${SSL_KEY_LOCATION}:${SSL_KEY} |
|||
" |
|||
fi |
|||
|
|||
if SSL_CA_CERT_LOCATION=$(relation-get ssl-ca-cert-file 2>/dev/null); then |
|||
SSL_CA_CERT=/etc/ssl/cert/${DOMAIN}-ca.pem |
|||
config-add "\ |
|||
$MASTER_BASE_CHARM_NAME: |
|||
volumes: |
|||
- ${SSL_CA_CERT_LOCATION}:${SSL_CA_CERT} |
|||
" |
|||
fi |
|||
|
|||
export CREDS |
|||
apache_ssl_add "$DOMAIN" |
|||
|
|||
if [ "$LOCATION" ]; then |
|||
if [ -d "$LOCATION" -a ! -d "$LOCATION/.git" ]; then |
|||
err "Hum, location '$LOCATION' does not seem to be a git directory." |
|||
exit 1 |
|||
fi |
|||
|
|||
if ! [ -d "$LOCATION/.git" ]; then |
|||
BRANCH=$(relation-get branch) |
|||
BRANCH=${BRANCH:-master} |
|||
|
|||
SOURCE=$(relation-get source) |
|||
parent="$(dirname "$LOCATION")" |
|||
( |
|||
mkdir -p "$parent" && cd "$parent" |
|||
git clone -b "$BRANCH" "$SOURCE" "$(basename "$LOCATION")" |
|||
) |
|||
fi |
|||
apache_code_dir "$DOMAIN" "$LOCATION" |
|||
else |
|||
mkdir -p "$SERVICE_DATASTORE/var/www/${DOMAIN}" || return 1 |
|||
config-add " |
|||
$MASTER_BASE_CHARM_NAME: |
|||
volumes: |
|||
- $DATASTORE/$BASE_CHARM_NAME/var/www/${DOMAIN}:/var/www/${DOMAIN} |
|||
" |
|||
fi |
|||
|
|||
if [ "$DATA_DIRS" ]; then |
|||
apache_data_dir "$DOMAIN" "$DATA_DIRS" |
|||
fi |
@ -0,0 +1,55 @@ |
|||
#!/bin/bash |
|||
|
|||
## Should be executable N time in a row with same result. |
|||
|
|||
. lib/common |
|||
|
|||
set -e |
|||
|
|||
DOMAIN=$(relation-get domain) |
|||
TARGET=$(relation-get target) |
|||
APACHE_CUSTOM_RULES=$(relation-get apache-custom-rules 2>/dev/null) || true |
|||
CREDS=$(relation-get creds 2>/dev/null) || true |
|||
SERVER_ALIAS=$(relation-get server-alias 2>/dev/null) || true |
|||
|
|||
export SERVER_ALIAS |
|||
|
|||
|
|||
if SSL_CERT_LOCATION=$(relation-get ssl-cert-file 2>/dev/null); then |
|||
SSL_CERT=/etc/ssl/certs/${DOMAIN}.pem |
|||
config-add "\ |
|||
$MASTER_TARGET_CHARM_NAME: |
|||
volumes: |
|||
- ${SSL_CERT_LOCATION}:${SSL_CERT} |
|||
" |
|||
fi |
|||
|
|||
if SSL_KEY_LOCATION=$(relation-get ssl-key-file 2>/dev/null); then |
|||
SSL_KEY=/etc/ssl/private/${DOMAIN}.key |
|||
config-add "\ |
|||
$MASTER_TARGET_CHARM_NAME: |
|||
volumes: |
|||
- ${SSL_KEY_LOCATION}:${SSL_KEY} |
|||
" |
|||
fi |
|||
|
|||
if SSL_CA_CERT_LOCATION=$(relation-get ssl-ca-cert-file 2>/dev/null); then |
|||
SSL_CA_CERT=/etc/ssl/cert/${DOMAIN}-ca.pem |
|||
config-add "\ |
|||
$MASTER_TARGET_CHARM_NAME: |
|||
volumes: |
|||
- ${SSL_CA_CERT_LOCATION}:${SSL_CA_CERT} |
|||
" |
|||
fi |
|||
|
|||
control=$(echo "$DOMAIN%$TARGET%$APACHE_CUSTOM_RULES%$CREDS%$SSL_CERT%$SSL_CA_CERT%$SSL_KEY" | md5_compat) |
|||
|
|||
[ "$control" == "$(relation-get control 2>/dev/null)" ] && exit 0 |
|||
|
|||
## XXXvlab: could probably figure target ourselves |
|||
apache_ssl_proxy_add "$DOMAIN" "$TARGET" "$APACHE_CUSTOM_RULES" "$CREDS" |
|||
|
|||
relation-set control "$control" |
|||
|
|||
info "Configured $DARKYELLOW$BASE_CHARM_NAME$NORMAL for proxy access." |
|||
|
@ -0,0 +1,277 @@ |
|||
# -*- mode: shell-script -*- |
|||
|
|||
export APACHE_CONFIG_LOCATION="$SERVICE_CONFIGSTORE/etc/apache2/sites-enabled" |
|||
|
|||
## XXXvlab: berk, sending conf via environment and args. |
|||
apache_ssl_proxy_config () { |
|||
local DOMAIN="$1" TARGET="$2" CUSTOM_RULES="$3" CREDS="$4" |
|||
## target is meant to be a charm name |
|||
|
|||
PASSWORD_FILE=/etc/apache2/sites-enabled/${DOMAIN}.passwd |
|||
CRED_PART= |
|||
if [ "$CREDS" ]; then |
|||
CRED_PART=" |
|||
AuthType basic |
|||
AuthName "private" |
|||
AuthUserFile ${PASSWORD_FILE} |
|||
Require valid-user |
|||
" |
|||
rm -f "$SERVICE_CONFIGSTORE$PASSWORD_FILE" |
|||
include parse |
|||
first=c |
|||
while read-0 login password; do |
|||
debug "htpasswd -b$first ${PASSWORD_FILE} '$login' '$password'" |
|||
echo "htpasswd -b$first ${PASSWORD_FILE} '$login' '$password'" |
|||
[ "$first" ] && first= |
|||
done < <(echo "$CREDS" | shyaml key-values-0 2>/dev/null) | |
|||
docker run -i --entrypoint "/bin/bash" \ |
|||
-v "$APACHE_CONFIG_LOCATION:/etc/apache2/sites-enabled" \ |
|||
"$DOCKER_BASE_IMAGE" || return 1 |
|||
fi |
|||
|
|||
if [ -z "$SSL_CERT" ]; then |
|||
SSL_CERT=/etc/ssl/certs/ssl-cert-snakeoil.pem |
|||
fi |
|||
|
|||
if [ -z "$SSL_KEY" ]; then |
|||
SSL_KEY=/etc/ssl/private/ssl-cert-snakeoil.key |
|||
fi |
|||
|
|||
cat <<EOF |
|||
<IfModule mod_ssl.c> |
|||
|
|||
<VirtualHost *:443> |
|||
ServerAdmin ${ADMIN_MAIL:-contact@$DOMAIN} |
|||
ServerName ${DOMAIN} |
|||
$( |
|||
while read-0 alias; do |
|||
echo " ServerAlias $alias" |
|||
done < <(echo "$SERVER_ALIAS" | shyaml get-values-0 2>/dev/null) |
|||
) |
|||
ServerSignature Off |
|||
CustomLog /var/log/apache2/s-${DOMAIN}_access.log combined |
|||
ErrorLog /var/log/apache2/s-${DOMAIN}_error.log |
|||
ErrorLog syslog:local2 |
|||
|
|||
<IfModule mod_proxy.c> |
|||
ProxyRequests Off |
|||
<Proxy *> |
|||
Order deny,allow |
|||
Allow from all |
|||
</Proxy> |
|||
ProxyVia On |
|||
ProxyPass / http://$TARGET/ retry=0 |
|||
<Location / > |
|||
${CRED_PART} |
|||
ProxyPassReverse / |
|||
</Location> |
|||
</IfModule> |
|||
|
|||
## Forbid any cache, this is only usefull on dev server. |
|||
#Header set Cache-Control "no-cache" |
|||
#Header set Access-Control-Allow-Origin "*" |
|||
#Header set Access-Control-Allow-Methods "POST, GET, OPTIONS" |
|||
#Header set Access-Control-Allow-Headers "origin, content-type, accept" |
|||
|
|||
RequestHeader set "X-Forwarded-Proto" "https" |
|||
|
|||
## Fix IE problem (httpapache proxy dav error 408/409) |
|||
SetEnv proxy-nokeepalive 1 |
|||
#ServerSignature On |
|||
SSLProxyEngine On |
|||
SSLEngine On |
|||
|
|||
## Full stance |
|||
SSLCertificateFile $SSL_CERT |
|||
SSLCertificateKeyFile $SSL_KEY |
|||
$([ "$SSL_CA_CERT" ] && echo "SSLCACertificateFile $SSL_CA_CERT") |
|||
SSLVerifyClient None |
|||
|
|||
$CUSTOM_RULES |
|||
|
|||
</VirtualHost> |
|||
|
|||
</IfModule> |
|||
EOF |
|||
|
|||
} |
|||
export -f apache_ssl_proxy_config |
|||
|
|||
|
|||
apache_ssl_config() { |
|||
local DOMAIN=$1 |
|||
|
|||
|
|||
if [ -z "$SSL_CERT" ]; then |
|||
SSL_CERT=/etc/ssl/certs/ssl-cert-snakeoil.pem |
|||
fi |
|||
|
|||
if [ -z "$SSL_KEY" ]; then |
|||
SSL_KEY=/etc/ssl/private/ssl-cert-snakeoil.key |
|||
fi |
|||
|
|||
PASSWORD_FILE=/etc/apache2/sites-enabled/${DOMAIN}.passwd |
|||
CRED_PART= |
|||
if [ "$CREDS" ]; then |
|||
CRED_PART=" |
|||
AuthType basic |
|||
AuthName \"private\" |
|||
AuthUserFile ${PASSWORD_FILE} |
|||
Require valid-user |
|||
" |
|||
include parse || true |
|||
first= |
|||
if ! [ -e "$CONFIGSTORE/$MASTER_TARGET_CHARM_NAME$PASSWORD_FILE" ]; then |
|||
debug "No file $CONFIGSTORE/$MASTER_TARGET_CHARM_NAME$PASSWORD_FILE, creating password file." || true |
|||
first=c |
|||
fi |
|||
while read-0 login password; do |
|||
debug "htpasswd -b$first ${PASSWORD_FILE} '$login' '$password'" || true |
|||
echo "htpasswd -b$first ${PASSWORD_FILE} '$login' '$password'" |
|||
if [ "$first" ]; then |
|||
first= |
|||
fi |
|||
done < <(echo "$CREDS" | shyaml key-values-0 2>/dev/null) | |
|||
docker run -i --entrypoint "/bin/bash" \ |
|||
-v "$APACHE_CONFIG_LOCATION:/etc/apache2/sites-enabled" \ |
|||
"$DOCKER_BASE_IMAGE" || return 1 |
|||
else |
|||
CRED_PART="allow from all" |
|||
fi |
|||
|
|||
cat <<EOF |
|||
<IfModule mod_ssl.c> |
|||
|
|||
<VirtualHost *:443> |
|||
ServerAdmin ${ADMIN_MAIL:-contact@$DOMAIN} |
|||
ServerName ${DOMAIN} |
|||
$( |
|||
while read-0 alias; do |
|||
echo " ServerAlias $alias" |
|||
done < <(echo "$SERVER_ALIAS" | shyaml get-values-0 2>/dev/null) |
|||
) |
|||
|
|||
ServerSignature Off |
|||
CustomLog /var/log/apache2/s-${DOMAIN}_access.log combined |
|||
ErrorLog /var/log/apache2/s-${DOMAIN}_error.log |
|||
ErrorLog syslog:local2 |
|||
|
|||
DocumentRoot /var/www/${DOMAIN} |
|||
|
|||
<Directory /> |
|||
Options FollowSymLinks |
|||
AllowOverride None |
|||
</Directory> |
|||
|
|||
<Directory /var/www/${DOMAIN}> |
|||
Options Indexes FollowSymLinks MultiViews |
|||
AllowOverride all |
|||
${CRED_PART} |
|||
</Directory> |
|||
|
|||
SSLEngine On |
|||
|
|||
## Full stance |
|||
SSLCertificateFile $SSL_CERT |
|||
SSLCertificateKeyFile $SSL_KEY |
|||
$([ "$SSL_CA_CERT" ] && echo "SSLCACertificateFile $SSL_CA_CERT") |
|||
SSLVerifyClient None |
|||
|
|||
</VirtualHost> |
|||
|
|||
</IfModule> |
|||
EOF |
|||
|
|||
} |
|||
export -f apache_ssl_config |
|||
|
|||
|
|||
apache_ssl_add () { |
|||
local DOMAIN="$1" |
|||
DOCKER_SITE_PATH=/var/www/$DOMAIN |
|||
BASE=$DATASTORE/$BASE_CHARM_NAME |
|||
DST=$BASE$DOCKER_SITE_PATH |
|||
# [ -e "$APACHE_CONFIG_LOCATION/$DOMAIN.conf" ] && return 0 |
|||
mkdir -p "$APACHE_CONFIG_LOCATION" || return 1 |
|||
apache_ssl_config "$DOMAIN" > "$APACHE_CONFIG_LOCATION/$DOMAIN.conf" |
|||
www_data_gid=$(cached_cmd_on_base_image apache 'id -g www-data') || { |
|||
debug "Failed to query for www-data gid in ${DARKYELLOW}apache${NORMAL} base image." |
|||
return 1 |
|||
} |
|||
mkdir -p "$DST" |
|||
setfacl -R -m g:"$www_data_gid":rx "$DST" |
|||
info "Added $DOMAIN apache config." |
|||
} |
|||
export -f apache_ssl_add |
|||
|
|||
|
|||
apache_ssl_proxy_add () { |
|||
local DOMAIN="$1" TARGET="$2" CUSTOM_RULES="$3" CREDS="$4" |
|||
|
|||
mkdir -p "$APACHE_CONFIG_LOCATION" || return 1 |
|||
apache_ssl_proxy_config "$DOMAIN" "$TARGET" "$CUSTOM_RULES" "$CREDS" > "$APACHE_CONFIG_LOCATION/$DOMAIN.conf" || return 1 |
|||
info "Added $DOMAIN as a proxy to $TARGET." |
|||
} |
|||
export -f apache_ssl_proxy_add |
|||
|
|||
|
|||
apache_code_dir() { |
|||
local domain="$1" location="$2" |
|||
config-add " |
|||
$MASTER_BASE_CHARM_NAME: |
|||
volumes: |
|||
- $location:/var/www/$domain |
|||
" |
|||
} |
|||
|
|||
apache_data_dir() { |
|||
local DOMAIN=$1 DATA_COMMA_SEPARATED=$2 |
|||
|
|||
DOCKER_SITE_PATH=/var/www/$DOMAIN |
|||
BASE=$DATASTORE/$BASE_CHARM_NAME |
|||
DST=$BASE$DOCKER_SITE_PATH |
|||
DATA=() |
|||
while IFS="," read -ra ADDR; do |
|||
for dir in "${ADDR[@]}"; do |
|||
mkdir -p "$DST/$dir" |
|||
DATA+=($dir) |
|||
done |
|||
done <<< "$DATA_COMMA_SEPARATED" |
|||
|
|||
www_data_gid=$(cached_cmd_on_base_image apache 'id -g www-data') || { |
|||
debug "Failed to query for www-data gid in ${DARKYELLOW}apache${NORMAL} base image." |
|||
return 1 |
|||
} |
|||
info "www-data gid from ${DARKYELLOW}apache${NORMAL} is '$www_data_gid'" |
|||
|
|||
dirs=() |
|||
for d in "${DATA[@]}"; do |
|||
dirs+=("$DST/$d") |
|||
done |
|||
|
|||
chgrp "$www_data_gid" "${dirs[@]}" -R && chmod 775 "${dirs[@]}" -R |
|||
|
|||
config-add " |
|||
$MASTER_BASE_CHARM_NAME: |
|||
volumes: |
|||
$( |
|||
for d in "${DATA[@]}"; do |
|||
echo " - $DST/$d:$DOCKER_SITE_PATH/$d" |
|||
done |
|||
)" |
|||
|
|||
} |
|||
|
|||
deploy_files() { |
|||
local src="$1" dst="$2" |
|||
|
|||
if ! [ -d "$dst" ]; then |
|||
err "Destination '$dst' does not exist or is not a directory" |
|||
return 1 |
|||
fi |
|||
( |
|||
cd "$dst" && info "In $dst:" && |
|||
get_file "$src" | tar xv |
|||
) |
|||
} |
|||
export -f deploy_files |
@ -1,13 +1,20 @@ |
|||
name: www |
|||
summary: "Apache" |
|||
description: "Apache Web Server" |
|||
maintainer: "Valentin Lab <valentin.lab@kalysto.org>" |
|||
## XXXvlab: currently only used when building LXC along with hooks/install |
|||
## XXXvlab: docker uses the 'build' directory or the 'image:' option here. |
|||
inherit: base-0k |
|||
compatiblity: |
|||
compatiblity: ## 'hooks/install' script was run on a these images without issues |
|||
- ubuntu/15.10 |
|||
description: | |
|||
Installs a HTTP Apache server. |
|||
config-resources: |
|||
- /etc/apache2 |
|||
- /etc/postfix |
|||
docker-compose: |
|||
## XXXvlab: should move to global lxc/docker compatible option |
|||
ports: |
|||
- "0.0.0.0:80:80" |
|||
- "0.0.0.0:443:443" |
|||
data-resources: |
|||
- /var/www |
|||
- /var/www/html |
|||
- /var/log/apache2 |
|||
config-resources: |
|||
- /etc/apache2/sites-enabled |
|||
provides: |
|||
web-proxy: |
|||
tech-dep: "reversed" |
@ -1 +0,0 @@ |
|||
0 |
Write
Preview
Loading…
Cancel
Save
Reference in new issue