diff options
| author | Rob Austein <sra@hactrn.net> | 2013-05-02 06:14:47 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2013-05-02 06:14:47 +0000 |
| commit | 7e968aea942beeb2741c70de235c68979c1f907b (patch) | |
| tree | aaf68483d01b19fe99d6e99f5c4a54b545f5551c | |
| parent | 575c98b4f5dbda958134c0f5d30a8e9b44eb7c8e (diff) | |
Whack Ubuntu Apache configuration to use rpkigui-apache-conf-gen.
svn path=/trunk/; revision=5315
| -rw-r--r-- | buildtools/debian-skeleton/rpki-ca.install | 1 | ||||
| -rw-r--r-- | buildtools/debian-skeleton/rpki-ca.postinst | 50 | ||||
| -rw-r--r-- | buildtools/debian-skeleton/rpki-ca.postrm | 1 | ||||
| -rw-r--r-- | buildtools/debian-skeleton/rpki-ca.prerm | 11 | ||||
| -rw-r--r-- | rpkid/portal-gui/Makefile.in | 16 | ||||
| -rw-r--r-- | rpkid/portal-gui/apache.conf.in | 43 | ||||
| -rwxr-xr-x | rpkid/portal-gui/routeviews.sh | 12 | ||||
| -rwxr-xr-x | rpkid/portal-gui/scripts/rpkigui-apache-conf-gen | 57 | ||||
| -rw-r--r-- | rpkid/setup.py | 21 |
9 files changed, 58 insertions, 154 deletions
diff --git a/buildtools/debian-skeleton/rpki-ca.install b/buildtools/debian-skeleton/rpki-ca.install index bf926af0..fe3e4fed 100644 --- a/buildtools/debian-skeleton/rpki-ca.install +++ b/buildtools/debian-skeleton/rpki-ca.install @@ -1,5 +1,4 @@ etc/rpki/rpki-confgen.xml -etc/rpki/apache.conf usr/lib usr/sbin usr/share diff --git a/buildtools/debian-skeleton/rpki-ca.postinst b/buildtools/debian-skeleton/rpki-ca.postinst index 2d9e6dff..08af52e0 100644 --- a/buildtools/debian-skeleton/rpki-ca.postinst +++ b/buildtools/debian-skeleton/rpki-ca.postinst @@ -20,55 +20,7 @@ setup_rpkid_group() { } setup_apache() { - - # Whack our config into existing config file for default SSL - # vhost; if you want this to run in a different vhost, you'll have - # to do that yourself. - f=/etc/apache2/sites-available/default-ssl - cmd=no - awk < $f > ${f}.tmp ' - BEGIN { - conf_file = "/etc/rpki/apache.conf"; - conf_regexp = "^[ \t]*Include[ \t]+" conf_file "[ \t]*$"; - conf_line = "\tInclude " conf_file; - } - /^[ \t]*<\/VirtualHost>/ { - print conf_line; - } - $0 !~ conf_regexp { - print; - }' - if cmp -s $f ${f}.tmp - then - rm -f ${f}.tmp - else - if test ! -f ${f}.orig - then - ln $f ${f}.orig - fi - mv -f ${f}.tmp $f - cmd=reload - fi - - # Enable default SSL vhost if necessary. - if test ! -f /etc/apache2/sites-enabled/default-ssl - then - a2ensite default-ssl - cmd=reload - fi - - # Enable mod_ssl if necessary. - if test ! -f /etc/apache2/mods-enabled/ssl.conf - then - a2enmod ssl - cmd=restart - fi - - # Whack Apache if we've changed anything here. - if test $cmd != no - then - service apache2 $cmd - fi + /usr/lib/rpki/rpkigui-apache-conf-gen --debian --install --verbose } setup_rpki_conf() { diff --git a/buildtools/debian-skeleton/rpki-ca.postrm b/buildtools/debian-skeleton/rpki-ca.postrm index c5e9179a..c93f84df 100644 --- a/buildtools/debian-skeleton/rpki-ca.postrm +++ b/buildtools/debian-skeleton/rpki-ca.postrm @@ -28,6 +28,7 @@ case "$1" in mysql --defaults-file=/etc/mysql/debian.cnf --execute "source $sql" fi rm -f /etc/rpki.conf /etc/rpki.conf.sample $sql + rm -f /etc/rpki/apache.conf /etc/rpki/apache.cer /etc/rpki/apache.key ;; remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) diff --git a/buildtools/debian-skeleton/rpki-ca.prerm b/buildtools/debian-skeleton/rpki-ca.prerm index bb28512f..b6033cf2 100644 --- a/buildtools/debian-skeleton/rpki-ca.prerm +++ b/buildtools/debian-skeleton/rpki-ca.prerm @@ -44,7 +44,12 @@ case "$1" in rm -f /etc/cron.daily/rpkigui-check-expired rm -f /etc/cron.d/rpki-update-bpki - # Clean up what we did to Apache. + # Clean up what we did to Apache. Modern version of this is + # just invocation of a Python script, but for now we also + # retain code needed to clean up nasty mess we created in the + # past, to avoid breaking old installations on upgrade. + + # Remove the old stuff first. f=/etc/apache2/sites-available/default-ssl awk < $f > ${f}.tmp ' @@ -68,6 +73,10 @@ case "$1" in # Not sure whether we should do "service apache2 reload" # here, one could make a case either way. Skip for now. + # Now remove the new stuff. + + /usr/lib/rpki/rpkigui-apache-conf-gen --debian --remove --verbose + ;; upgrade|deconfigure) diff --git a/rpkid/portal-gui/Makefile.in b/rpkid/portal-gui/Makefile.in index ba206f5c..0725f793 100644 --- a/rpkid/portal-gui/Makefile.in +++ b/rpkid/portal-gui/Makefile.in @@ -22,27 +22,15 @@ RCYNIC_HTML_DIR=@RCYNIC_HTML_DIR@ INSTDIR=${DESTDIR}$(datarootdir)/rpki -# automatically built sources -BUILD=apache.conf - -all: $(BUILD) +all: + @true clean: @true distclean: clean - rm -f $(BUILD) rm -f Makefile -edit = sed \ - -e 's|@INSTDIR[@]|$(INSTDIR)|g' \ - -e 's|@WSGI_DAEMON_PROCESS[@]|$(WSGI_DAEMON_PROCESS)|' \ - -e 's|@WSGI_PROCESS_GROUP[@]|$(WSGI_PROCESS_GROUP)|' \ - -e 's|@RCYNIC_HTML_DIR[@]|$(RCYNIC_HTML_DIR)|' - -apache.conf: $(srcdir)/apache.conf.in Makefile - $(edit) $@.in > $@ - install: all deinstall uninstall: diff --git a/rpkid/portal-gui/apache.conf.in b/rpkid/portal-gui/apache.conf.in deleted file mode 100644 index 8b556f43..00000000 --- a/rpkid/portal-gui/apache.conf.in +++ /dev/null @@ -1,43 +0,0 @@ -# $Id$ -# -# Sample apache configuration file for using the portal-gui with -# mod_wsgi - -# -# Configure the WSGI application to run as a separate process from the -# Apache daemon itself. -# -@WSGI_DAEMON_PROCESS@ -@WSGI_PROCESS_GROUP@ - -<Directory @INSTDIR@/wsgi> - Order deny,allow - Allow from all -</Directory> - -# -# Defines the URL to the portal-gui -# -WSGIScriptAlias / @INSTDIR@/wsgi/rpki.wsgi - -<Directory @INSTDIR@/media> - Order deny,allow - Allow from all -</Directory> - -Alias /media/ @INSTDIR@/media/ -Alias /site_media/ @INSTDIR@/media/ - -<Directory @RCYNIC_HTML_DIR@> - Order deny,allow - Allow from all -</Directory> - -# Leave the trailing slash off the URL, otherwise /rcynic is swallowed by the -# WSGIScriptAlias -Alias /rcynic @RCYNIC_HTML_DIR@/ - -# Redirect to the dashboard when someone hits the bare vhost -RedirectMatch ^/$ /rpki/ - -# vim:ft=apache diff --git a/rpkid/portal-gui/routeviews.sh b/rpkid/portal-gui/routeviews.sh deleted file mode 100755 index ad8f40ba..00000000 --- a/rpkid/portal-gui/routeviews.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh - -i=oix-full-snapshot-latest.dat.bz2 -o=/tmp/$i - -#curl -s -S -o $o http://archive.routeviews.org/oix-route-views/$i -# wget is stock in Ubuntu so use that instead of curl -wget -q -O $o http://archive.routeviews.org/oix-route-views/$i - -if [ $? -eq 0 ]; then - rpkigui-import-routes -l error $o -fi diff --git a/rpkid/portal-gui/scripts/rpkigui-apache-conf-gen b/rpkid/portal-gui/scripts/rpkigui-apache-conf-gen index 8968e89a..cbf0655a 100755 --- a/rpkid/portal-gui/scripts/rpkigui-apache-conf-gen +++ b/rpkid/portal-gui/scripts/rpkigui-apache-conf-gen @@ -69,11 +69,6 @@ vhost = '''\ # Enable HTTPS SSLEngine on - - # There's no perfect place to put these, but $sysconfdir/rpki isn't - # a terrible place, and we can symlink from there to, eg, the - # Debian/Ubuntu SnakeOil certificates if necessary. - # SSLCertificateFile %(sysconfdir)s/rpki/apache.cer SSLCertificateKeyFile %(sysconfdir)s/rpki/apache.key @@ -101,13 +96,15 @@ class Abstract(object): def __init__(self, args): self.args = args - if args.verbose: - print "Platform: %s, action: %s" % (self.__class__.__name__, args.action) + self.log("Platform: %s, action: %s" % (self.__class__.__name__, args.action)) getattr(self, args.action)() - def run(self, *cmd, **kwargs): + def log(self, msg): if self.args.verbose: - print "Running", " ".join(cmd) + print msg + + def run(self, *cmd, **kwargs): + self.log("Running %s" % " ".join(cmd)) subprocess.check_call(cmd, **kwargs) req_cmd = ("openssl", "req", "-new", @@ -135,8 +132,8 @@ class Abstract(object): def unlink(self, fn, silent = False): if os.path.exists(fn): - if self.args.verbose and not silent: - print "Removing", fn + if not silent: + self.log("Removing %s" % fn) os.unlink(fn) def del_certs(self, silent = False): @@ -160,27 +157,30 @@ class Abstract(object): raise subprocess.CalledProcessError(req.returncode, self.req_cmd) if x509.wait(): raise subprocess.CalledProcessError(x509.returncode, self.x509_cmd) - if self.args.verbose: - print "Created", self.apache_cer, "and", self.apache_key, "chmoding", self.apache_key + self.log("Created %s and %s, chmoding %s" % (self.apache_cer, self.apache_key, self.apache_key)) os.chmod(self.apache_key, 0600) def install(self): with open(self.apache_conf_sample, "w") as f: - if self.args.verbose: - print "Writing", f.name + self.log("Writing %s" % f.name) if self.apache_conf_preface is not None: f.write(self.apache_conf_preface) f.write(vhost) if not os.path.exists(self.apache_conf): - if self.args.verbose: - print "Linking", apache_conf, "to", apache_conf_sample - os.link(apache_conf_sample, apache_conf) + self.log("Linking %s to %s" % (self.apache_conf, self.apache_conf_sample)) + os.link(self.apache_conf_sample, self.apache_conf) if not os.path.exists(self.apache_conf_target): - if self.args.verbose: - print "Symlinking", self.apache_conf_target, "to", self.apache_conf + self.log("Symlinking %s to %s" % (self.apache_conf_target, self.apache_conf)) os.symlink(self.apache_conf, self.apache_conf_target) self.add_certs() - self.restart_apache() + self.enable() + self.restart() + + def enable(self): + pass + + def disable(self): + pass def remove(self): try: @@ -191,10 +191,12 @@ class Abstract(object): if same: self.unlink(self.apache_conf) self.unlink(self.apache_conf_target) - self.restart_apache() + self.disable() + self.restart() def purge(self): self.remove() + self.unlink(self.apache_conf) self.del_certs() class Guess(Abstract): @@ -228,12 +230,12 @@ class FreeBSD(Abstract): NameVirtualHost *:443 ''' + "\n" - def restart_apache(self): + def restart(self): self.run("service", "apache22", "restart") class Debian(Abstract): - apache_conf_target = "/etc/apache2/mods-available/rpki" + apache_conf_target = "/etc/apache2/sites-available/rpki" snake_oil_cer = "/etc/ssl/certs/ssl-cert-snakeoil.pem" snake_oil_key = "/etc/ssl/private/ssl-cert-snakeoil.key" @@ -246,9 +248,14 @@ class Debian(Abstract): if not os.path.exists(self.apache_key): os.symlink(self.snake_oil_key, self.apache_key) - def restart_apache(self): + def enable(self): self.run("a2enmod", "ssl") self.run("a2ensite", "rpki") + + def disable(self): + self.run("a2dissite", "rpki") + + def restart(self): self.run("service", "apache2", "restart") class NIY(Abstract): diff --git a/rpkid/setup.py b/rpkid/setup.py index 273d4eae..678d5f61 100644 --- a/rpkid/setup.py +++ b/rpkid/setup.py @@ -23,6 +23,7 @@ try: except ImportError: class autoconf: + "Fake autoconf object to let --help work without autoconf." sbindir = libexecdir = datarootdir = sysconfdir = CFLAGS = LDFLAGS = LIBS = "" # pylint: disable=W0622 @@ -46,12 +47,14 @@ setup(name = "rpkitoolkit", extra_compile_args = autoconf.CFLAGS.split(), extra_link_args = (autoconf.LDFLAGS + " " + autoconf.LIBS).split())], - package_data = {"rpki.gui.app" : ["migrations/*.py", - "static/*/*", - "templates/*.html", - "templates/*/*.html", - "templatetags/*.py"], - "rpki.gui.cacheview" : ["templates/*/*.html"]}, + package_data = {"rpki.gui.app" : + ["migrations/*.py", + "static/*/*", + "templates/*.html", + "templates/*/*.html", + "templatetags/*.py"], + "rpki.gui.cacheview" : + ["templates/*/*.html"]}, scripts = [(autoconf.sbindir, ["rpkic", "rpki-confgen", @@ -67,10 +70,10 @@ setup(name = "rpkitoolkit", "rpkid", "portal-gui/scripts/rpkigui-import-routes", "portal-gui/scripts/rpkigui-check-expired", - "portal-gui/scripts/rpkigui-rcynic"])], + "portal-gui/scripts/rpkigui-rcynic", + "portal-gui/scripts/rpkigui-apache-conf-gen"])], data_files = [(autoconf.sysconfdir + "/rpki", - ["portal-gui/apache.conf", - "rpki-confgen.xml"]), + ["rpki-confgen.xml"]), (autoconf.datarootdir + "/rpki/wsgi", ["portal-gui/rpki.wsgi"]), (autoconf.datarootdir + "/rpki/media/css", |