Merge ~pjdc/ubuntu-mirror-charm/+git/ubuntu-mirror-charm:linuxcontainers into ubuntu-mirror-charm:master
- Git
- lp:~pjdc/ubuntu-mirror-charm/+git/ubuntu-mirror-charm
- linuxcontainers
- Merge into master
Proposed by
Paul Collins
Status: | Merged |
---|---|
Approved by: | Paul Collins |
Approved revision: | f08fd0ed505169a5de682cd77cfee04228dfa68e |
Merged at revision: | c69b05c81bc8af2b1f25e38872d99f58576db775 |
Proposed branch: | ~pjdc/ubuntu-mirror-charm/+git/ubuntu-mirror-charm:linuxcontainers |
Merge into: | ubuntu-mirror-charm:master |
Diff against target: |
1231 lines (+1038/-9) 13 files modified
config.yaml (+80/-1) files/check-mirror.sh (+11/-2) files/mirror-linuxcontainers.sh (+97/-0) hooks/Config.py (+1/-0) hooks/hooks.py (+34/-6) keys/juju-tools.asc (+51/-0) keys/lxc-devel.asc (+29/-0) templates/apache-linuxcontainers-api.include.tmpl (+41/-0) templates/apache-linuxcontainers-tls.include.tmpl (+16/-0) templates/apache-linuxcontainers.tmpl (+74/-0) tests/unit/test_linuxcontainers.py (+56/-0) tests/unit/testdata/linuxcontainers/linuxcontainers.txt (+429/-0) tests/unit/testdata/linuxcontainers/thirdparty.txt (+119/-0) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Barry Price | Approve | ||
Canonical IS Reviewers | Pending | ||
Review via email: mp+396537@code.launchpad.net |
Commit message
add linuxcontainers support
Description of the change
To post a comment you must log in.
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote : | # |
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote : | # |
Change successfully merged at revision c69b05c81bc8af2
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | diff --git a/config.yaml b/config.yaml | |||
2 | index f2b4616..2f5f38c 100644 | |||
3 | --- a/config.yaml | |||
4 | +++ b/config.yaml | |||
5 | @@ -511,7 +511,7 @@ options: | |||
6 | 511 | type: string | 511 | type: string |
7 | 512 | description: "Root location of mirrored files for the MAAS images mirror" | 512 | description: "Root location of mirrored files for the MAAS images mirror" |
8 | 513 | mirror_maas-images_description: | 513 | mirror_maas-images_description: |
10 | 514 | default: "Ubuntu Old Releases" | 514 | default: "MAAS images" |
11 | 515 | type: string | 515 | type: string |
12 | 516 | description: "A brief welcome message for the MAAS images mirror" | 516 | description: "A brief welcome message for the MAAS images mirror" |
13 | 517 | mirror_maas-images_rsync_log: | 517 | mirror_maas-images_rsync_log: |
14 | @@ -563,6 +563,85 @@ options: | |||
15 | 563 | description: > | 563 | description: > |
16 | 564 | Local path of the key file to use when triggering downstream | 564 | Local path of the key file to use when triggering downstream |
17 | 565 | mirrors. If empty, downstream mirrors are not triggered. | 565 | mirrors. If empty, downstream mirrors are not triggered. |
18 | 566 | mirror_linuxcontainers_name: | ||
19 | 567 | default: "images.linuxcontainers.org" | ||
20 | 568 | type: string | ||
21 | 569 | description: > | ||
22 | 570 | FQDN of the Linux Containers image mirror. | ||
23 | 571 | |||
24 | 572 | When set to "image.linuxcontainers.org", the virtualhost will | ||
25 | 573 | redirect to the uk or us subdomain based on the source IP | ||
26 | 574 | location as determined by GeoIP. | ||
27 | 575 | mirror_linuxcontainers_aliases: | ||
28 | 576 | default: '["uk.images.linuxcontainers.org", "us.images.linuxcontainers.org"]' | ||
29 | 577 | type: string | ||
30 | 578 | description: > | ||
31 | 579 | List of Apache aliases for the Linux Containers image mirror. | ||
32 | 580 | |||
33 | 581 | When mirror_linuxcontainers_name is set to "images.linuxcontainers.org", | ||
34 | 582 | a separate virtualhost will be generated for each alias to act | ||
35 | 583 | as destinations for GeoIP-based redirects and to log traffic to | ||
36 | 584 | each alias separately. | ||
37 | 585 | |||
38 | 586 | Otherwise, these aliases will simple be declared as standard | ||
39 | 587 | Apache aliases using the ServerAlias directive. | ||
40 | 588 | mirror_linuxcontainers_path: | ||
41 | 589 | default: "/srv/ftp.root/lxc-images" | ||
42 | 590 | type: string | ||
43 | 591 | description: "Root location of mirrored files for the Linux Containers image mirror" | ||
44 | 592 | mirror_linuxcontainers_description: | ||
45 | 593 | default: "Linux Containers (LXC/LXD) Images" | ||
46 | 594 | type: string | ||
47 | 595 | description: "A brief welcome message for the Linux Containers image mirror" | ||
48 | 596 | mirror_linuxcontainers_rsync_log: | ||
49 | 597 | default: false | ||
50 | 598 | type: boolean | ||
51 | 599 | description: "Whether to log rsync requests for the Linux Containers image mirror" | ||
52 | 600 | mirror_linuxcontainers_command: | ||
53 | 601 | default: "mirror-linuxcontainers.sh" | ||
54 | 602 | type: string | ||
55 | 603 | description: "The command to use to sync the Linux Containers image mirror" | ||
56 | 604 | mirror_linuxcontainers_source_url: | ||
57 | 605 | default: "rsync://rsync.images.linuxcontainers.org/lxc-images" | ||
58 | 606 | type: string | ||
59 | 607 | description: "The URL the Linux Containers image mirror will be fetched from" | ||
60 | 608 | mirror_linuxcontainers_rsync_auth: | ||
61 | 609 | default: '{}' | ||
62 | 610 | type: string | ||
63 | 611 | description: "Optional rsync authentication details for mirror_linuxcontainers_source_url" | ||
64 | 612 | mirror_linuxcontainers_rsync_module: | ||
65 | 613 | default: "lxc-images" | ||
66 | 614 | type: string | ||
67 | 615 | description: "The name of the rsync module for this mirror role" | ||
68 | 616 | mirror_linuxcontainers_sync_time: | ||
69 | 617 | default: "ondemand" | ||
70 | 618 | type: string | ||
71 | 619 | description: "When mirror updates should be run. Either a cron(5) format time specification or 'ondemand' for ssh triggering" | ||
72 | 620 | mirror_linuxcontainers_trigger: | ||
73 | 621 | default: "" | ||
74 | 622 | type: string | ||
75 | 623 | description: "A base64 string containing the ssh trigger public key" | ||
76 | 624 | mirror_linuxcontainers_apache_early_extra: | ||
77 | 625 | default: "" | ||
78 | 626 | type: string | ||
79 | 627 | description: "A base64 string containing apache configuration options to be included early in the config file" | ||
80 | 628 | mirror_linuxcontainers_apache_late_extra: | ||
81 | 629 | default: "" | ||
82 | 630 | type: string | ||
83 | 631 | description: "A base64 string containing apache configuration options to be included late in the config file" | ||
84 | 632 | mirror_linuxcontainers_downstream_mirrors: | ||
85 | 633 | default: "" | ||
86 | 634 | type: "string" | ||
87 | 635 | description: > | ||
88 | 636 | A space-separated list of mirrors to trigger following a sync. | ||
89 | 637 | Username defaults to the mirror_user config setting, and | ||
90 | 638 | otherwise may be specified by "user@host" syntax. | ||
91 | 639 | mirror_linuxcontainers_trigger_keyfile: | ||
92 | 640 | default: "" | ||
93 | 641 | type: "string" | ||
94 | 642 | description: > | ||
95 | 643 | Local path of the key file to use when triggering downstream | ||
96 | 644 | mirrors. If empty, downstream mirrors are not triggered. | ||
97 | 566 | mirror_old-releases_name: | 645 | mirror_old-releases_name: |
98 | 567 | default: "old-releases.ubuntu.com" | 646 | default: "old-releases.ubuntu.com" |
99 | 568 | type: string | 647 | type: string |
100 | diff --git a/files/check-mirror.sh b/files/check-mirror.sh | |||
101 | index a04d177..003b48a 100755 | |||
102 | --- a/files/check-mirror.sh | |||
103 | +++ b/files/check-mirror.sh | |||
104 | @@ -63,14 +63,17 @@ case ${role} in | |||
105 | 63 | unsigned=xenial/current/SHA256SUMS | 63 | unsigned=xenial/current/SHA256SUMS |
106 | 64 | signed=${unsigned}.gpg | 64 | signed=${unsigned}.gpg |
107 | 65 | ;; | 65 | ;; |
108 | 66 | linuxcontainers) | ||
109 | 67 | unsigned=streams/v1/index.json | ||
110 | 68 | signed=${unsigned}.gpg | ||
111 | 69 | ;; | ||
112 | 66 | old-releases) | 70 | old-releases) |
113 | 67 | unsigned=ubuntu/dists/warty/Release | 71 | unsigned=ubuntu/dists/warty/Release |
114 | 68 | signed=${unsigned}.gpg | 72 | signed=${unsigned}.gpg |
115 | 69 | ;; | 73 | ;; |
116 | 70 | simple-streams) | 74 | simple-streams) |
117 | 71 | # TODO(pjdc): key is not packaged; fetch from install hook? | ||
118 | 72 | unsigned=juju/images/releases/streams/v1/index.json | 75 | unsigned=juju/images/releases/streams/v1/index.json |
120 | 73 | signed=${unsigned}.gpg # not used | 76 | signed=${unsigned}.gpg |
121 | 74 | ;; | 77 | ;; |
122 | 75 | maas-images) | 78 | maas-images) |
123 | 76 | # NOTE(pjdc): ephemeral-v3 is the current stuff and seems to have no fixed paths to signed files we could check | 79 | # NOTE(pjdc): ephemeral-v3 is the current stuff and seems to have no fixed paths to signed files we could check |
124 | @@ -99,12 +102,18 @@ case ${role} in | |||
125 | 99 | cloud-images) | 102 | cloud-images) |
126 | 100 | keyring_file=/usr/share/keyrings/ubuntu-cloudimage-keyring.gpg | 103 | keyring_file=/usr/share/keyrings/ubuntu-cloudimage-keyring.gpg |
127 | 101 | ;; | 104 | ;; |
128 | 105 | linuxcontainers) | ||
129 | 106 | keyring_file=/usr/local/share/ubuntu-mirror-charm.gpg | ||
130 | 107 | ;; | ||
131 | 102 | old-releases) | 108 | old-releases) |
132 | 103 | keyring_file=/usr/share/keyrings/ubuntu-archive-removed-keys.gpg | 109 | keyring_file=/usr/share/keyrings/ubuntu-archive-removed-keys.gpg |
133 | 104 | ;; | 110 | ;; |
134 | 105 | ubuntu-cloud-archive) | 111 | ubuntu-cloud-archive) |
135 | 106 | keyring_file=/usr/share/keyrings/ubuntu-cloud-keyring.gpg | 112 | keyring_file=/usr/share/keyrings/ubuntu-cloud-keyring.gpg |
136 | 107 | ;; | 113 | ;; |
137 | 114 | simple-streams) | ||
138 | 115 | keyring_file=/usr/local/share/ubuntu-mirror-charm.gpg | ||
139 | 116 | ;; | ||
140 | 108 | *) | 117 | *) |
141 | 109 | keyring_file=/usr/share/keyrings/ubuntu-archive-keyring.gpg | 118 | keyring_file=/usr/share/keyrings/ubuntu-archive-keyring.gpg |
142 | 110 | ;; | 119 | ;; |
143 | diff --git a/files/mirror-linuxcontainers.sh b/files/mirror-linuxcontainers.sh | |||
144 | 111 | new file mode 100755 | 120 | new file mode 100755 |
145 | index 0000000..4f0e3fb | |||
146 | --- /dev/null | |||
147 | +++ b/files/mirror-linuxcontainers.sh | |||
148 | @@ -0,0 +1,97 @@ | |||
149 | 1 | #!/bin/bash | ||
150 | 2 | # | ||
151 | 3 | #-------------------------------------------------------# | ||
152 | 4 | # This file is Juju managed - do not make local changes # | ||
153 | 5 | #-------------------------------------------------------# | ||
154 | 6 | # | ||
155 | 7 | # Author: Chris Stratford <chris.stratford@canonical.com> | ||
156 | 8 | # Copyright 2014,2021 Canonical Ltd. | ||
157 | 9 | # | ||
158 | 10 | # Triple-pass rsync mirror for images.linuxcontainers.org | ||
159 | 11 | # | ||
160 | 12 | # ${role}.conf should look like: | ||
161 | 13 | # DEST_DIR=/srv/ftp.root/lxc-images | ||
162 | 14 | # SOURCE_URL=rsync://rsync.image.linuxcontainers.org/lxc-images | ||
163 | 15 | # RSYNC_PASSWORD=secret | ||
164 | 16 | |||
165 | 17 | if [ $# -lt 1 ]; then | ||
166 | 18 | myname=$(basename $0) | ||
167 | 19 | echo "Usage: ${myname} <role>" | ||
168 | 20 | exit 1 | ||
169 | 21 | fi | ||
170 | 22 | |||
171 | 23 | role=$1 | ||
172 | 24 | myhostname=$(hostname) | ||
173 | 25 | logfile=${HOME}/log/mirror-${role}.log | ||
174 | 26 | |||
175 | 27 | # Magic to make sure things keep running in the background | ||
176 | 28 | # after ssh has gone away | ||
177 | 29 | if [ "$2" != "go" ]; then | ||
178 | 30 | annotate-output $0 $1 go > ${logfile} 2>&1 & | ||
179 | 31 | exit 0 | ||
180 | 32 | fi | ||
181 | 33 | |||
182 | 34 | set -u | ||
183 | 35 | |||
184 | 36 | function log { | ||
185 | 37 | echo $1 | ||
186 | 38 | } | ||
187 | 39 | |||
188 | 40 | function fatal { | ||
189 | 41 | log $1 | ||
190 | 42 | exit 1 | ||
191 | 43 | } | ||
192 | 44 | |||
193 | 45 | if [ -f ${HOME}/mirror-config/${role}.conf ]; then | ||
194 | 46 | . ${HOME}/mirror-config/${role}.conf | ||
195 | 47 | else | ||
196 | 48 | fatal "${role}.conf file missing - aborting" | ||
197 | 49 | fi | ||
198 | 50 | |||
199 | 51 | export RSYNC_PASSWORD | ||
200 | 52 | lockfile="Archive-Update-in-Progress-${role}-${myhostname}" | ||
201 | 53 | lockpath="${DEST_DIR}/${lockfile}" | ||
202 | 54 | |||
203 | 55 | if lockfile -! -l 43200 -r 0 "${lockpath}"; then | ||
204 | 56 | fatal "${myhostname} is unable to start an rsync for ${role}. Lockfile exists" | ||
205 | 57 | fi | ||
206 | 58 | trap "rm -f ${lockpath} > /dev/null 2>&1" exit | ||
207 | 59 | |||
208 | 60 | if [ ! -d ${DEST_DIR} ]; then | ||
209 | 61 | log "${DEST_DIR} does not exist yet, trying to create it..." | ||
210 | 62 | mkdir -p ${DEST_DIR} || fatal "Creation of ${DEST_DIR} failed." | ||
211 | 63 | fi | ||
212 | 64 | |||
213 | 65 | if [ -n "${RSYNC_USER}" ]; then | ||
214 | 66 | url=$(echo ${SOURCE_URL}|sed -e "s,//,//${RSYNC_USER}@,") | ||
215 | 67 | else | ||
216 | 68 | url=${SOURCE_URL} | ||
217 | 69 | fi | ||
218 | 70 | |||
219 | 71 | # If upstream is close to us and triggers us via ssh, we may start | ||
220 | 72 | # syncing before it has deleted its local lock file, which then | ||
221 | 73 | # becomes a "file has vanished" and non-zero exit, causing the trace | ||
222 | 74 | # file to not update, which makes the mirror seem stale when it isn't. | ||
223 | 75 | # Therefore, let's just: | ||
224 | 76 | log "== Sleeping to allow upstream delete its lock file ==" | ||
225 | 77 | sleep 5 | ||
226 | 78 | |||
227 | 79 | |||
228 | 80 | # Here we use a three-phase sunc as per RT#126178. | ||
229 | 81 | log "== Phase 1: Syncing new images from source ==" | ||
230 | 82 | rsync --timeout 10800 -a --include='/images/***' --exclude='*' ${SOURCE_URL} ${DEST_DIR} || fatal "Phase 1 sync from $url failed" | ||
231 | 83 | |||
232 | 84 | log "== Phase 2: Syncing metadata from source ==" | ||
233 | 85 | rsync --timeout 10800 -a --exclude "${lockpath}" --exclude '/images/***' --delete ${SOURCE_URL} ${DEST_DIR} || fatal "Phase 2 sync from $url failed" | ||
234 | 86 | |||
235 | 87 | log "== Phase 3: Removing images no longer present on source ==" | ||
236 | 88 | rsync --timeout 10800 -a --include='/images/***' --exclude='*' --delete ${SOURCE_URL} ${DEST_DIR} || fatal "Phase 3 sync from $url failed" | ||
237 | 89 | |||
238 | 90 | if [ -n "${DOWNSTREAM_MIRRORS}" -a -n "${TRIGGER_KEYFILE}" ]; then | ||
239 | 91 | t=15m | ||
240 | 92 | log "== Triggering downstream mirrors (will give up after $t) ==" | ||
241 | 93 | timeout $t ${SCRIPT_DIR}/trigger-downstream-mirrors.sh $role $TRIGGER_KEYFILE $DOWNSTREAM_MIRRORS | ||
242 | 94 | fi | ||
243 | 95 | |||
244 | 96 | savelog ${logfile} > /dev/null 2>&1 | ||
245 | 97 | rm -f ${lockpath} > /dev/null 2>&1 | ||
246 | diff --git a/hooks/Config.py b/hooks/Config.py | |||
247 | index 03f840a..5f41727 100755 | |||
248 | --- a/hooks/Config.py | |||
249 | +++ b/hooks/Config.py | |||
250 | @@ -241,6 +241,7 @@ class Config: | |||
251 | 241 | return [ | 241 | return [ |
252 | 242 | "cdimage", | 242 | "cdimage", |
253 | 243 | "cloud-image", | 243 | "cloud-image", |
254 | 244 | "linuxcontainers", | ||
255 | 244 | "maas-images", | 245 | "maas-images", |
256 | 245 | "old-releases", | 246 | "old-releases", |
257 | 246 | "ports", | 247 | "ports", |
258 | diff --git a/hooks/hooks.py b/hooks/hooks.py | |||
259 | index 3c1b3b4..24a6cc8 100755 | |||
260 | --- a/hooks/hooks.py | |||
261 | +++ b/hooks/hooks.py | |||
262 | @@ -18,6 +18,8 @@ import sys | |||
263 | 18 | import types | 18 | import types |
264 | 19 | import yaml | 19 | import yaml |
265 | 20 | 20 | ||
266 | 21 | from glob import glob | ||
267 | 22 | |||
268 | 21 | from charmhelpers.core.host import ( | 23 | from charmhelpers.core.host import ( |
269 | 22 | adduser, | 24 | adduser, |
270 | 23 | lsb_release, | 25 | lsb_release, |
271 | @@ -63,11 +65,13 @@ required_pkgs = [ | |||
272 | 63 | 'apache2', | 65 | 'apache2', |
273 | 64 | 'curl', # for check-mirror.sh | 66 | 'curl', # for check-mirror.sh |
274 | 65 | 'devscripts', # provides annotate-output | 67 | 'devscripts', # provides annotate-output |
275 | 68 | 'geoip-database', | ||
276 | 69 | 'libapache2-mod-geoip', | ||
277 | 66 | 'logrotate', | 70 | 'logrotate', |
278 | 67 | 'procmail', # provides lockfile | 71 | 'procmail', # provides lockfile |
279 | 68 | 'rsync', | 72 | 'rsync', |
280 | 69 | 'vsftpd', | ||
281 | 70 | 'ubuntu-cloud-keyring', # for check-mirror.sh | 73 | 'ubuntu-cloud-keyring', # for check-mirror.sh |
282 | 74 | 'vsftpd', | ||
283 | 71 | 'xinetd', | 75 | 'xinetd', |
284 | 72 | ] | 76 | ] |
285 | 73 | 77 | ||
286 | @@ -75,6 +79,7 @@ service_affecting_packages = ['apache2'] | |||
287 | 75 | 79 | ||
288 | 76 | apache_modules = [ | 80 | apache_modules = [ |
289 | 77 | 'expires', | 81 | 'expires', |
290 | 82 | 'geoip', | ||
291 | 78 | 'headers', | 83 | 'headers', |
292 | 79 | 'rewrite', | 84 | 'rewrite', |
293 | 80 | ] | 85 | ] |
294 | @@ -82,6 +87,7 @@ apache_modules = [ | |||
295 | 82 | scripts_to_copy = [ | 87 | scripts_to_copy = [ |
296 | 83 | 'mirror-1stage.sh', | 88 | 'mirror-1stage.sh', |
297 | 84 | 'mirror-2stage.sh', | 89 | 'mirror-2stage.sh', |
298 | 90 | 'mirror-linuxcontainers.sh', | ||
299 | 85 | 'check-mirror.sh', | 91 | 'check-mirror.sh', |
300 | 86 | 'check-updates.sh', | 92 | 'check-updates.sh', |
301 | 87 | ] | 93 | ] |
302 | @@ -522,8 +528,15 @@ def configure_apache(conf, hostname): # noqa: C901 | |||
303 | 522 | tmpl_data["logdir"] = apache_logdir | 528 | tmpl_data["logdir"] = apache_logdir |
304 | 523 | tmpl_data["addresses"] = role_config.get('addresses', ['*']) | 529 | tmpl_data["addresses"] = role_config.get('addresses', ['*']) |
305 | 524 | all_addresses.update(tmpl_data["addresses"]) | 530 | all_addresses.update(tmpl_data["addresses"]) |
308 | 525 | tmpl_data["ports"] = [80, 443] if role_config.get('https') else [80] | 531 | |
309 | 526 | all_ports.update(tmpl_data["ports"]) | 532 | ports = [80] |
310 | 533 | if role_config.get('https'): | ||
311 | 534 | ports.append(443) | ||
312 | 535 | if role == 'linuxcontainers': | ||
313 | 536 | ports.append(8443) | ||
314 | 537 | all_ports.update(ports) | ||
315 | 538 | tmpl_data["ports"] = ports | ||
316 | 539 | |||
317 | 527 | file_from_template(mirror['tmpl_file'], sites_available, tmpl_data) | 540 | file_from_template(mirror['tmpl_file'], sites_available, tmpl_data) |
318 | 528 | ensure_symlink(sites_available, sites_enabled) | 541 | ensure_symlink(sites_available, sites_enabled) |
319 | 529 | 542 | ||
320 | @@ -543,8 +556,11 @@ def configure_apache(conf, hostname): # noqa: C901 | |||
321 | 543 | os.chown(mirror["path"], mirror_userinfo.pw_uid, mirror_userinfo.pw_gid) | 556 | os.chown(mirror["path"], mirror_userinfo.pw_uid, mirror_userinfo.pw_gid) |
322 | 544 | ensure_symlink(mirror["path"], linkdest) | 557 | ensure_symlink(mirror["path"], linkdest) |
323 | 545 | 558 | ||
326 | 546 | # Update ports file | 559 | # archive.ubuntu.com must not open port 443. Three factors align |
327 | 547 | all_addresses.discard('*') # archive.ubuntu.com must not open port 443. | 560 | # to prevent this: 1) we do not set "addresses" or "https" in the |
328 | 561 | # role_map; 2) the template doesn't make non-port-80 sockets for | ||
329 | 562 | # members of "addresses"; 3) the wildcard address is discarded. | ||
330 | 563 | all_addresses.discard('*') | ||
331 | 548 | file_from_template('apache-listen-ports.conf.tmpl', '/etc/apache2/ports.conf', | 564 | file_from_template('apache-listen-ports.conf.tmpl', '/etc/apache2/ports.conf', |
332 | 549 | {'addresses': sorted(all_addresses), 'ports': sorted(all_ports)}) | 565 | {'addresses': sorted(all_addresses), 'ports': sorted(all_ports)}) |
333 | 550 | 566 | ||
334 | @@ -939,7 +955,10 @@ def configure_nrpe(conf, hostname): # noqa: C901 | |||
335 | 939 | tmpl_data["hostname"] = hostname | 955 | tmpl_data["hostname"] = hostname |
336 | 940 | tmpl_data["use"] = "active-service" | 956 | tmpl_data["use"] = "active-service" |
337 | 941 | tmpl_data["nagios_hostname"] = conf.nagios_hostname() | 957 | tmpl_data["nagios_hostname"] = conf.nagios_hostname() |
339 | 942 | tmpl_data["tracepath"] = os.path.join(mirror["path"], ".trace", mirror["base_role"] + "-" + hostname) | 958 | if role == "linuxcontainers": |
340 | 959 | tmpl_data["tracepath"] = os.path.join(mirror["path"], ".serial") | ||
341 | 960 | else: | ||
342 | 961 | tmpl_data["tracepath"] = os.path.join(mirror["path"], ".trace", mirror["base_role"] + "-" + hostname) | ||
343 | 943 | 962 | ||
344 | 944 | for check, check_details in role_checks.items(): | 963 | for check, check_details in role_checks.items(): |
345 | 945 | if check_details.get('when') and not role_config.get(check_details['when']): | 964 | if check_details.get('when') and not role_config.get(check_details['when']): |
346 | @@ -1104,6 +1123,14 @@ def configure_directories(conf, hostname): | |||
347 | 1104 | mkdir("/srv/ftp.root") | 1123 | mkdir("/srv/ftp.root") |
348 | 1105 | 1124 | ||
349 | 1106 | 1125 | ||
350 | 1126 | def configure_keyring(conf, hostname): | ||
351 | 1127 | import_cmd = [ | ||
352 | 1128 | '/usr/bin/gpg', '--no-default-keyring', '--keyring', '/usr/local/share/ubuntu-mirror-charm.gpg', '--import'] | ||
353 | 1129 | keys = glob(os.path.join(charm_dir(), 'keys', '*.asc')) | ||
354 | 1130 | import_cmd.extend(keys) | ||
355 | 1131 | check_call(import_cmd) | ||
356 | 1132 | |||
357 | 1133 | |||
358 | 1107 | @hooks.hook("install.real") | 1134 | @hooks.hook("install.real") |
359 | 1108 | def install(): | 1135 | def install(): |
360 | 1109 | conf = Config() | 1136 | conf = Config() |
361 | @@ -1134,6 +1161,7 @@ def config_changed(): | |||
362 | 1134 | configure_nrpe(conf, hostname) | 1161 | configure_nrpe(conf, hostname) |
363 | 1135 | configure_log_archiving(conf, hostname) | 1162 | configure_log_archiving(conf, hostname) |
364 | 1136 | configure_sysctl(conf, hostname) | 1163 | configure_sysctl(conf, hostname) |
365 | 1164 | configure_keyring(conf, hostname) | ||
366 | 1137 | 1165 | ||
367 | 1138 | 1166 | ||
368 | 1139 | @hooks.hook("upgrade-charm") | 1167 | @hooks.hook("upgrade-charm") |
369 | diff --git a/keys/juju-tools.asc b/keys/juju-tools.asc | |||
370 | 1140 | new file mode 100644 | 1168 | new file mode 100644 |
371 | index 0000000..0bf2290 | |||
372 | --- /dev/null | |||
373 | +++ b/keys/juju-tools.asc | |||
374 | @@ -0,0 +1,51 @@ | |||
375 | 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- | ||
376 | 2 | |||
377 | 3 | mQINBFJN1n8BEAC1vt2w08Y4ztJrv3maOycMezBb7iUs6DLH8hOZoqRO9EW9558W | ||
378 | 4 | 8CN6G4sVbC/nIhivvn/paw0gSicfYXGs5teCJL3ShrcsGkhTs+5q7UO2TVGAUPwb | ||
379 | 5 | CFWCqPkCB/+CiQ/fnEAWV5c11KzMTBtQ2nfJFS8rEQfc2PJMKqd/Y+LDItOc5E5Y | ||
380 | 6 | SseGT/60coyTZO0iE3mKv1osFjSJlUv/6f/ziHGgV+IowOtEeeaEz8H/oU4vHhyA | ||
381 | 7 | THL/k9DSNb0I/+aI8R84OB7EqrQ/ck6B6+CTbwGwkQUBK6z/Isl3uq9MhGjsiPjy | ||
382 | 8 | EfOJNTfa+knlQcedc3/2S/jTUBDxU+myga9gQ2jF4oEzb74LarpV4y1KXpsqyLwd | ||
383 | 9 | 8/vpNG5rTLtjZ3ZTJu7EkAra6pNK/Uxj9guIkCIGIVS1SWtsR0mCY+6TOdfJu7bt | ||
384 | 10 | qOcSWkp3gaYcnCid8ecZuD8KDcxJscdYBetxCV4TLVV5CwO4MMVkxcI3zL1ORzHS | ||
385 | 11 | j0W+aYzdtycHu2w8ZQwQRuFB2y5zsxE69MOoS857FzwhRctPSiwIPWH+Qo2BkNAM | ||
386 | 12 | K5fVc19z9kzgtRP1+rHgBox2w+hOSZiYf0vluaG7NPUsMfVOGBFTxn1W+rb3NL/m | ||
387 | 13 | hUoDPl2e2zoViEsaT2p+ATwFDN0DlQLLQxsVIbxdL6cfMQASHmADOHA6dwARAQAB | ||
388 | 14 | tEtKdWp1IFRvb2xzIChDYW5vbmljYWwgSnVqdSBUb29sIEJ1aWxkZXIpIDxqdWp1 | ||
389 | 15 | LXRvb2xzLW5vcmVwbHlAY2Fub25pY2FsLmNvbT6JAjkEEwEKACMFAlJN1n8CGwMH | ||
390 | 16 | CwkNCAwHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRA3j2KvahV9szBED/wOlDTMpevL | ||
391 | 17 | bYyh+mFaeNBw/mwCdWqpwQkpIRLwxt0al1eV9KIVhu6CK1g1UMZ24H3gy5Btj5N5 | ||
392 | 18 | ga02xgqfQRrP4Mqv2dYZOL5p8WFuZjbow9a+e89mqqFuW6/os57cFwZ7Z3imbBDa | ||
393 | 19 | aWzuzdeWLEK7PfT6rpik6ZMIpI1LGywI93abaZX8v6ouwFeQovXcS0HKt906+ElI | ||
394 | 20 | oWgSh8dL2hqZ71SR/74sehkEZSYfQRLa7RJCDvA/iInXeGRuyaheQ1iTrY606aBh | ||
395 | 21 | +NyOgr4cG+7Sy3FIbqgBx0hxkY8LZv4L7l2IDDjgbTEGILpQ2tkykDnFY7QgEdE4 | ||
396 | 22 | 5TzPONg9zyk91NRHqjLIm9CFt8P3rcs+MBjaxv+S45RIHQEu+ewkr6BihnPPldkN | ||
397 | 23 | eSIi4Z0OTTQfAI0oDkREVFnnOHfzZ8uafHXOnhUYsovZ3YrowoiNXOWRxeOvt5cL | ||
398 | 24 | XE0Gyq7n8ESe9JOCg3AZcrDX12xWX+gaSgDaD66fI5xr+A3128BLpYQTMXOpe1n9 | ||
399 | 25 | rfsiA8XBEFsB6+xMJBtSSPUsaWjes/aziI87fBv7FpEMagnWLqJ7xk2E2RR06B9t | ||
400 | 26 | F+SoiLF3aQ0ZJFqKpDDYBO5kZkHIql0jVkuPEz5fxTOZjZE4irTZiSMdJ6xsm9AU | ||
401 | 27 | axxW8e4pax116l4D2toMJPvXkA9lCZ3RIrkCDQRSTdZ/ARAA7SonLFZQrrLD93Jp | ||
402 | 28 | GpgJnYha6rr3pdIm9wH5PnV9Ysgyt/aM9RVrMXzSjMRpxdV6qxK7Lbzh/V9QxpoI | ||
403 | 29 | YvFIi4Yu5k0wDPSm/sowBtVI/X2WMSSvd3DUaigTFBQ1giIY3R46wqcY99RfUPJ1 | ||
404 | 30 | VsHFZ0mZq5GuAPSv/Ky7r9SByMDtQk+Pt8jiOIiJ8eGgKy/W0Wau8ImNqSUyj+67 | ||
405 | 31 | QeOCpEKTjS2gQypi6vgCtUCDfy4yHPxppARary/GDjVIAvwjdu/+0rshWcWUOwq8 | ||
406 | 32 | ex2ddPYQf9dGmF9CesaFknpVnkXb9pbw+qBF/CSdk6Z/ApgtXFGwWszP5/Wqq2Pd | ||
407 | 33 | ilM1C80WcZVhuwk+acYztk5P5hGw0XL2nDeNg08hcDy2NEL/hA9PM2DSFpoWy1aA | ||
408 | 34 | Gjt/8ICPY3SNJlfJUhMIBOK0nmHIoHGU/tX7AiuwEKyP8Qh5kp8fYoO4c59WfeKq | ||
409 | 35 | e6rbttt7IEywAlY6HiLMymqC/d0nPk0Cy5bujacH2y3ahAgCwNVvo+E77J7m7Ui2 | ||
410 | 36 | vqzvpcW6Fla2EzbXus4nIgqEV/qX6fQXqItptKZFvZeznj0epRswkmFm7KLXD5p1 | ||
411 | 37 | SzkmfAujy5xQJktZKvtTKRROnX5JdBB8RT83MIJr+U4FOT3UPQYc2V1O2k4PYF9G | ||
412 | 38 | g5YZtNPTvdx8dvN7qwiO7R7xenkAEQEAAYkCHwQYAQoACQUCUk3WfwIbDAAKCRA3 | ||
413 | 39 | j2KvahV9s4+SD/sEKOBs6YE2dhax0y/wx1AKJbkneVhxTjgCggY/rbnLm6w85xQl | ||
414 | 40 | EgGycmdRq4JkBDhmzsevx+THNJicBwN9qP12Z14kM1pr7WWw9fOmshPQx5kJXYs+ | ||
415 | 41 | FiK6f5vHXcNiTyvC8oOGquGrDoB7SACgTr+Lkm/dNfpRn0XsApUy6vQSqChAzqkJ | ||
416 | 42 | qYZCIIbHTea1DIoNhVI+VTaJ1Z5IqMM9mi43RVYeq7yyBNLwhdjEIOX9qBK4Secn | ||
417 | 43 | mFz94SCz+b5titGyFiBAJzPBP/NSwM6DP2OfRhsBC6K4xDELn8Dpucb9FHqaLG75 | ||
418 | 44 | K3oDhTEUfTBiG3PRfc57974+V3KrkK71rMzWpQJ2IyMtxzl8qO4JYhLRSL0kMq8/ | ||
419 | 45 | hYlXGcNwyUUtiDPOwvG44KDVgXbrnFTVqLU6nc9k/yPD1pfommaTAWrb2tTitkGf | ||
420 | 46 | zOxHnpWTP48l+6qzfEM1PUKvx3U04BZe8JCaU+JVdy6O/rLjEVjYq/vBY6EGOxa2 | ||
421 | 47 | C4Vs43YdFOXSa38ze0J4nFRGO8gOBP/EJyE8Nwqg7i+6VvkD+H2KbZVUXiWld+v/ | ||
422 | 48 | vwtaXhWd7JS+v38YZ4CijEBe69VYHpSNIz87uhVKgdkFBhoOGtf9/NEO7NYwk7/N | ||
423 | 49 | qsH+JQgcphKkC+JH0Dw7Q/0e16LClkPPa21NseVGUWzS0WmS+0egtDDutg== | ||
424 | 50 | =hQAI | ||
425 | 51 | -----END PGP PUBLIC KEY BLOCK----- | ||
426 | diff --git a/keys/lxc-devel.asc b/keys/lxc-devel.asc | |||
427 | 0 | new file mode 100644 | 52 | new file mode 100644 |
428 | index 0000000..90af404 | |||
429 | --- /dev/null | |||
430 | +++ b/keys/lxc-devel.asc | |||
431 | @@ -0,0 +1,29 @@ | |||
432 | 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- | ||
433 | 2 | |||
434 | 3 | mQINBFLQvwwBEADNVxfLfsKibZbF5v2Tct9N0gxdFViOzVd/IRDrJ6pTEAcMlWdS | ||
435 | 4 | h3VM3lV0qd1WtMlqCTgcbbk6zUAYnPQ2RsagCpOlaIZqbZ8Cv4390PuVAhG2QQvt | ||
436 | 5 | 9YrED00unJBomsC3QuF+xg0SBpHChmFUgJxomsFuAjowdMoh8XExM2v4TEe+vm9Z | ||
437 | 6 | 7ohBCxkw7C5cV9cQHeC1XiGBCccRe1Ib1U7+GmPUxAtGzHUsQQ4MjE/j830dmPJw | ||
438 | 7 | w/ZNauKyNqSzpBsMnEiX+8RwqYEeYtqBAw9pnA3BMSshfA5L5ORw3zYecowUWt+l | ||
439 | 8 | r5lhzBq2v3LLjzjwsb4wel8L7HZnUD+1bQe0QQkxWDKlHOIsB02DCwmz3fc9bvBI | ||
440 | 9 | KZwRQZ8al7HicpWc4zJPBb7U0BSHE+YwTdOffFFL7YfbRS+4yfn0JBSmtyfTPaOp | ||
441 | 10 | FvHV8MES52Mam3vyXWCKXC//3EXcWhhX4ZHfkcWJtEkDf1FwupptV6HEgx2d6UTZ | ||
442 | 11 | 0vEK20Dx+Hzlg0mpR10SS/ltch8w1Zl2co467oTMspdnPosTrxG0p2G+s/gUA/+E | ||
443 | 12 | LY8fB/heXfNSb5IB3JJ8OTI+cwqN1Aw9X4aKPQcvPGvfQ5Mz8FZ4gkV38QzzMHsr | ||
444 | 13 | 6eeZGUPcCctP6FVfCHO0Mzxwv2VOnTbH+k72Acni2piTwn0APd9LKilXOwARAQAB | ||
445 | 14 | tDpMWEMgcHJlLWJ1aWx0IGltYWdlcyA8bHhjLWRldmVsQGxpc3RzLmxpbnV4Y29u | ||
446 | 15 | dGFpbmVycy5vcmc+iQI4BBMBAgAiBQJS0L8MAhsDBgsJCAcDAgYVCAIJCgsEFgID | ||
447 | 16 | AQIeAQIXgAAKCRC67/iMIvbiFtzVD/933Dv/NsyPAiwT6BFLlqtq/Tl3NxcUogDS | ||
448 | 17 | Rkv1oMiIunaKZRE/pQbLJVTSbt/eC3Kz7I40juDNsFGXXhD/sQCovMc58NpTKNPR | ||
449 | 18 | zs3jC5vDIW721cLOhYqITvdWN+RKDCJqxBBNJztKEv29uA0PONssKBmC/apTdB6D | ||
450 | 19 | QLLy3ddO/LzxDrCtC8ePLGjeVoEelZHR3tg8QZE+oVBuL3ZC2NTg/XaLSDO4zGCg | ||
451 | 20 | Jyd1IHGKhi20Q/sBLmsFifnWt5b6ovmRqwlsZXqcS+a7Z+WSmZWT9hKIR2XSzYUW | ||
452 | 21 | pmlJNO4VPzHgEcaCxlw3HxQqX0Loz4R8Y91shKuJ591ZMtmyf4j6Yl9KZfLs+lZH | ||
453 | 22 | iX7uazhw4miXdpCvOKe8fPLa+68JGIYPxG22l2jqPJ9FIOtpSrJX3D/i8xed5h2V | ||
454 | 23 | Vd38fZBn+cH1Wqbw1Ni94/f66Rp5GzJyMoVO7A016Ek3wx920SmX4HkCSEel77pF | ||
455 | 24 | gvCBZkQDiD6TNCJxjHQpxoSGo6SDEfP0FjntB0yVy0zi+Iij9F3O1bPIIuses4OQ | ||
456 | 25 | FkUGJb6V0L1wXl5hOARmVtgn6klwhsLf0EsjuH9yJN2GCuaKdjAdR8J1TsjW+q4h | ||
457 | 26 | DKMvYOZ99YJUE+qujz9u93tJRZTuD8pQsGRez7qrZ0LUAdd/aOjNDLWzJ8AzeQE+ | ||
458 | 27 | OKVNmCzO9A== | ||
459 | 28 | =euOK | ||
460 | 29 | -----END PGP PUBLIC KEY BLOCK----- | ||
461 | diff --git a/templates/apache-linuxcontainers-api.include.tmpl b/templates/apache-linuxcontainers-api.include.tmpl | |||
462 | 0 | new file mode 100644 | 30 | new file mode 100644 |
463 | index 0000000..36cf273 | |||
464 | --- /dev/null | |||
465 | +++ b/templates/apache-linuxcontainers-api.include.tmpl | |||
466 | @@ -0,0 +1,41 @@ | |||
467 | 1 | ## This template does not use any Cheetah features (yet?) but for | ||
468 | 2 | ## consistency it is not included raw, and therefore $ is escaped. | ||
469 | 3 | # LXD: Recursive queries | ||
470 | 4 | RewriteCond %{QUERY_STRING} recursion=1 | ||
471 | 5 | RewriteRule ^/1.0.*\$ /meta/lxd%{REQUEST_URI}/index-rec.json [L] | ||
472 | 6 | |||
473 | 7 | # LXD: Normal queries | ||
474 | 8 | RewriteRule ^/1.0.*\$ /meta/lxd%{REQUEST_URI}/index.json [L] | ||
475 | 9 | |||
476 | 10 | <Location /> | ||
477 | 11 | Require all granted | ||
478 | 12 | </Location> | ||
479 | 13 | |||
480 | 14 | # LXC: Allow image listing | ||
481 | 15 | <Location /images> | ||
482 | 16 | Options +Indexes | ||
483 | 17 | </Location> | ||
484 | 18 | |||
485 | 19 | # LXD: API root | ||
486 | 20 | <Location /1.0/> | ||
487 | 21 | ErrorDocument 404 /meta/lxd/404.json | ||
488 | 22 | Options -Indexes | ||
489 | 23 | </Location> | ||
490 | 24 | |||
491 | 25 | # LXD: images | ||
492 | 26 | <Location /1.0/images/> | ||
493 | 27 | ErrorDocument 404 /meta/lxd/1.0/images/404.json | ||
494 | 28 | Options +FollowSymlinks | ||
495 | 29 | </Location> | ||
496 | 30 | |||
497 | 31 | # LXD: aliases | ||
498 | 32 | <Location /1.0/images/aliases/> | ||
499 | 33 | ErrorDocument 404 /meta/lxd/404.json | ||
500 | 34 | </Location> | ||
501 | 35 | |||
502 | 36 | # LXD: downloads | ||
503 | 37 | <LocationMatch "^/1.0/images/[0-9a-f]*/export"> | ||
504 | 38 | Header set Content-Type "multipart/form-data; boundary=f012e447-25dd-4f6d-8a14-105c3b27a768" | ||
505 | 39 | </LocationMatch> | ||
506 | 40 | # Simplestreams: redirect | ||
507 | 41 | RewriteRule ^/streams(.*)\$ /meta/simplestreams\$1 [L] | ||
508 | diff --git a/templates/apache-linuxcontainers-tls.include.tmpl b/templates/apache-linuxcontainers-tls.include.tmpl | |||
509 | 0 | new file mode 100644 | 42 | new file mode 100644 |
510 | index 0000000..3851d19 | |||
511 | --- /dev/null | |||
512 | +++ b/templates/apache-linuxcontainers-tls.include.tmpl | |||
513 | @@ -0,0 +1,16 @@ | |||
514 | 1 | #if $port == 80 | ||
515 | 2 | #set $proto = 'http' | ||
516 | 3 | #else if $port == 443 | ||
517 | 4 | #set $proto = 'https' | ||
518 | 5 | #else | ||
519 | 6 | #set $proto = 'https' | ||
520 | 7 | #end if | ||
521 | 8 | # SSL configuration | ||
522 | 9 | SSLEngine On | ||
523 | 10 | SSLCertificateFile /etc/ssl/certs/${name}.crt | ||
524 | 11 | SSLCertificateKeyFile /etc/ssl/private/${name}.key | ||
525 | 12 | SSLCertificateChainFile /etc/ssl/certs/${name}_chain.crt | ||
526 | 13 | Header always set Strict-Transport-Security "max-age=31536000" | ||
527 | 14 | RequestHeader set X_FORWARDED_PORT "${port}" | ||
528 | 15 | RequestHeader set X_FORWARDED_PROTO "${proto}" | ||
529 | 16 | |||
530 | diff --git a/templates/apache-linuxcontainers.tmpl b/templates/apache-linuxcontainers.tmpl | |||
531 | 0 | new file mode 100644 | 17 | new file mode 100644 |
532 | index 0000000..f2c9391 | |||
533 | --- /dev/null | |||
534 | +++ b/templates/apache-linuxcontainers.tmpl | |||
535 | @@ -0,0 +1,74 @@ | |||
536 | 1 | #for $port in $ports | ||
537 | 2 | #set global $port = $port | ||
538 | 3 | #set $sockets = ' '.join(sorted(['{}:{}'.format(address, port) for address in $addresses])) | ||
539 | 4 | #if $port == 80 | ||
540 | 5 | #set global $proto = 'http' | ||
541 | 6 | #set $uk_url = 'http://uk.{}/'.format($name) | ||
542 | 7 | #set $us_url = 'http://us.{}/'.format($name) | ||
543 | 8 | #else if $port == 443 | ||
544 | 9 | #set global $proto = 'https' | ||
545 | 10 | #set $uk_url = 'https://uk.{}/'.format($name) | ||
546 | 11 | #set $us_url = 'https://us.{}/'.format($name) | ||
547 | 12 | #else | ||
548 | 13 | #set global $proto = 'https' | ||
549 | 14 | #set $uk_url = 'https://uk.{}:{}/'.format($name, $port) | ||
550 | 15 | #set $us_url = 'https://us.{}:{}/'.format($name, $port) | ||
551 | 16 | #end if | ||
552 | 17 | <VirtualHost ${sockets}> | ||
553 | 18 | ServerName ${name} | ||
554 | 19 | #if $name != "images.linuxcontainers.org" | ||
555 | 20 | #for $alias in $aliases | ||
556 | 21 | ServerAlias ${alias} | ||
557 | 22 | #end for | ||
558 | 23 | #end if | ||
559 | 24 | CustomLog \${APACHE_LOG_DIR}/${name}.log vhost_combined | ||
560 | 25 | DocumentRoot /srv/${name}/www | ||
561 | 26 | |||
562 | 27 | <Location /> | ||
563 | 28 | Require all granted | ||
564 | 29 | </Location> | ||
565 | 30 | |||
566 | 31 | #if $proto == "https" | ||
567 | 32 | #include 'templates/apache-linuxcontainers-tls.include.tmpl' | ||
568 | 33 | #end if | ||
569 | 34 | RewriteEngine on | ||
570 | 35 | AllowEncodedSlashes On | ||
571 | 36 | |||
572 | 37 | #if $name == "images.linuxcontainers.org" | ||
573 | 38 | # GeoIP: Redirect everything to appropriate country server | ||
574 | 39 | GeoIPEnable On | ||
575 | 40 | GeoIPDBFile /usr/share/GeoIP/GeoIP.dat | ||
576 | 41 | GeoIPDBFile /usr/share/GeoIP/GeoIPv6.dat | ||
577 | 42 | |||
578 | 43 | # Send North America, Oceania and South America to the US server | ||
579 | 44 | RewriteCond %{ENV:GEOIP_CONTINENT_CODE} ^(NA|OC|SA)\$ | ||
580 | 45 | RewriteRule ^/(.*)\$ ${us_url}\$1 [R=301,L] | ||
581 | 46 | RewriteCond %{ENV:GEOIP_CONTINENT_CODE_V6} ^(NA|OC|SA)\$ | ||
582 | 47 | RewriteRule ^/(.*)\$ ${us_url}\$1 [R=301,L] | ||
583 | 48 | |||
584 | 49 | # Send Africa, Antarctica, Asia, Europe, and all else to the UK server | ||
585 | 50 | RewriteRule ^/(.*)\$ ${uk_url}\$1 [R=301,L] | ||
586 | 51 | #else | ||
587 | 52 | #include 'templates/apache-linuxcontainers-api.include.tmpl' | ||
588 | 53 | #end if | ||
589 | 54 | </VirtualHost> | ||
590 | 55 | |||
591 | 56 | #if $name == "images.linuxcontainers.org" | ||
592 | 57 | #for $alias in $aliases | ||
593 | 58 | <VirtualHost ${sockets}> | ||
594 | 59 | ServerName ${alias} | ||
595 | 60 | CustomLog \${APACHE_LOG_DIR}/${alias}.log vhost_combined | ||
596 | 61 | DocumentRoot /srv/${name}/www | ||
597 | 62 | |||
598 | 63 | #if $proto == "https" | ||
599 | 64 | #include 'templates/apache-linuxcontainers-tls.include.tmpl' | ||
600 | 65 | #end if | ||
601 | 66 | RewriteEngine on | ||
602 | 67 | AllowEncodedSlashes On | ||
603 | 68 | |||
604 | 69 | #include 'templates/apache-linuxcontainers-api.include.tmpl' | ||
605 | 70 | </VirtualHost> | ||
606 | 71 | |||
607 | 72 | #end for | ||
608 | 73 | #end if | ||
609 | 74 | #end for | ||
610 | diff --git a/tests/unit/test_linuxcontainers.py b/tests/unit/test_linuxcontainers.py | |||
611 | 0 | new file mode 100644 | 75 | new file mode 100644 |
612 | index 0000000..5a485ea | |||
613 | --- /dev/null | |||
614 | +++ b/tests/unit/test_linuxcontainers.py | |||
615 | @@ -0,0 +1,56 @@ | |||
616 | 1 | import os | ||
617 | 2 | import pytest | ||
618 | 3 | import unittest | ||
619 | 4 | |||
620 | 5 | from Cheetah.Template import Template | ||
621 | 6 | |||
622 | 7 | TEMPLATE = 'apache-linuxcontainers.tmpl' | ||
623 | 8 | |||
624 | 9 | THIRDPARTY_SEARCH_LIST = { | ||
625 | 10 | 'addresses': ['*'], | ||
626 | 11 | 'name': 'lxd.example.net', | ||
627 | 12 | 'aliases': ['uk.lxd.example.net', 'us.lxd.example.net'], | ||
628 | 13 | 'ports': [80, 443], | ||
629 | 14 | } | ||
630 | 15 | |||
631 | 16 | LINUXCONTAINERS_SEARCH_LIST = { | ||
632 | 17 | 'addresses': ['91.189.88.247', '[2001:67c:1360:8001::33]'], | ||
633 | 18 | 'name': 'images.linuxcontainers.org', | ||
634 | 19 | 'aliases': ['uk.images.linuxcontainers.org', 'us.images.linuxcontainers.org'], | ||
635 | 20 | 'ports': [80, 443, 8443], | ||
636 | 21 | } | ||
637 | 22 | |||
638 | 23 | |||
639 | 24 | class TestLinuxcontainers(unittest.TestCase): | ||
640 | 25 | def setUp(self): | ||
641 | 26 | self.addTypeEqualityFunc(str, self.assertMultiLineEqual) | ||
642 | 27 | self.maxDiff = None | ||
643 | 28 | self.testdata_dir = os.path.join(os.path.dirname(__file__), 'testdata', 'linuxcontainers') | ||
644 | 29 | |||
645 | 30 | def _template_compare(self, template, search_list, wanted_file): | ||
646 | 31 | template_file = os.path.join(os.getcwd(), template) | ||
647 | 32 | template = Template(file=template_file, searchList=search_list) | ||
648 | 33 | wanted = open(wanted_file).read() | ||
649 | 34 | self.assertEqual(str(template), wanted) | ||
650 | 35 | |||
651 | 36 | # Cheetah warns about using the Python version of NameMapper, so | ||
652 | 37 | # we ignore it here. Matching more closely by the message doesn't | ||
653 | 38 | # seem to work, probably because it begins with a newline and | ||
654 | 39 | # Python's warnings matching code anchors the message regexp. | ||
655 | 40 | @pytest.mark.filterwarnings("ignore::UserWarning:Cheetah") | ||
656 | 41 | def test_template_linuxcontainers(self): | ||
657 | 42 | self._template_compare( | ||
658 | 43 | os.path.join(os.getcwd(), 'templates', TEMPLATE), | ||
659 | 44 | LINUXCONTAINERS_SEARCH_LIST, | ||
660 | 45 | os.path.join(self.testdata_dir, 'linuxcontainers.txt')) | ||
661 | 46 | |||
662 | 47 | # Cheetah warns about using the Python version of NameMapper, so | ||
663 | 48 | # we ignore it here. Matching more closely by the message doesn't | ||
664 | 49 | # seem to work, probably because it begins with a newline and | ||
665 | 50 | # Python's warnings matching code anchors the message regexp. | ||
666 | 51 | @pytest.mark.filterwarnings("ignore::UserWarning:Cheetah") | ||
667 | 52 | def test_template_thirdparty(self): | ||
668 | 53 | self._template_compare( | ||
669 | 54 | os.path.join(os.getcwd(), 'templates', TEMPLATE), | ||
670 | 55 | THIRDPARTY_SEARCH_LIST, | ||
671 | 56 | os.path.join(self.testdata_dir, 'thirdparty.txt')) | ||
672 | diff --git a/tests/unit/testdata/linuxcontainers/linuxcontainers.txt b/tests/unit/testdata/linuxcontainers/linuxcontainers.txt | |||
673 | 0 | new file mode 100644 | 57 | new file mode 100644 |
674 | index 0000000..1056067 | |||
675 | --- /dev/null | |||
676 | +++ b/tests/unit/testdata/linuxcontainers/linuxcontainers.txt | |||
677 | @@ -0,0 +1,429 @@ | |||
678 | 1 | <VirtualHost 91.189.88.247:80 [2001:67c:1360:8001::33]:80> | ||
679 | 2 | ServerName images.linuxcontainers.org | ||
680 | 3 | CustomLog ${APACHE_LOG_DIR}/images.linuxcontainers.org.log vhost_combined | ||
681 | 4 | DocumentRoot /srv/images.linuxcontainers.org/www | ||
682 | 5 | |||
683 | 6 | <Location /> | ||
684 | 7 | Require all granted | ||
685 | 8 | </Location> | ||
686 | 9 | |||
687 | 10 | RewriteEngine on | ||
688 | 11 | AllowEncodedSlashes On | ||
689 | 12 | |||
690 | 13 | # GeoIP: Redirect everything to appropriate country server | ||
691 | 14 | GeoIPEnable On | ||
692 | 15 | GeoIPDBFile /usr/share/GeoIP/GeoIP.dat | ||
693 | 16 | GeoIPDBFile /usr/share/GeoIP/GeoIPv6.dat | ||
694 | 17 | |||
695 | 18 | # Send North America, Oceania and South America to the US server | ||
696 | 19 | RewriteCond %{ENV:GEOIP_CONTINENT_CODE} ^(NA|OC|SA)$ | ||
697 | 20 | RewriteRule ^/(.*)$ http://us.images.linuxcontainers.org/$1 [R=301,L] | ||
698 | 21 | RewriteCond %{ENV:GEOIP_CONTINENT_CODE_V6} ^(NA|OC|SA)$ | ||
699 | 22 | RewriteRule ^/(.*)$ http://us.images.linuxcontainers.org/$1 [R=301,L] | ||
700 | 23 | |||
701 | 24 | # Send Africa, Antarctica, Asia, Europe, and all else to the UK server | ||
702 | 25 | RewriteRule ^/(.*)$ http://uk.images.linuxcontainers.org/$1 [R=301,L] | ||
703 | 26 | </VirtualHost> | ||
704 | 27 | |||
705 | 28 | <VirtualHost 91.189.88.247:80 [2001:67c:1360:8001::33]:80> | ||
706 | 29 | ServerName uk.images.linuxcontainers.org | ||
707 | 30 | CustomLog ${APACHE_LOG_DIR}/uk.images.linuxcontainers.org.log vhost_combined | ||
708 | 31 | DocumentRoot /srv/images.linuxcontainers.org/www | ||
709 | 32 | |||
710 | 33 | RewriteEngine on | ||
711 | 34 | AllowEncodedSlashes On | ||
712 | 35 | |||
713 | 36 | # LXD: Recursive queries | ||
714 | 37 | RewriteCond %{QUERY_STRING} recursion=1 | ||
715 | 38 | RewriteRule ^/1.0.*$ /meta/lxd%{REQUEST_URI}/index-rec.json [L] | ||
716 | 39 | |||
717 | 40 | # LXD: Normal queries | ||
718 | 41 | RewriteRule ^/1.0.*$ /meta/lxd%{REQUEST_URI}/index.json [L] | ||
719 | 42 | |||
720 | 43 | <Location /> | ||
721 | 44 | Require all granted | ||
722 | 45 | </Location> | ||
723 | 46 | |||
724 | 47 | # LXC: Allow image listing | ||
725 | 48 | <Location /images> | ||
726 | 49 | Options +Indexes | ||
727 | 50 | </Location> | ||
728 | 51 | |||
729 | 52 | # LXD: API root | ||
730 | 53 | <Location /1.0/> | ||
731 | 54 | ErrorDocument 404 /meta/lxd/404.json | ||
732 | 55 | Options -Indexes | ||
733 | 56 | </Location> | ||
734 | 57 | |||
735 | 58 | # LXD: images | ||
736 | 59 | <Location /1.0/images/> | ||
737 | 60 | ErrorDocument 404 /meta/lxd/1.0/images/404.json | ||
738 | 61 | Options +FollowSymlinks | ||
739 | 62 | </Location> | ||
740 | 63 | |||
741 | 64 | # LXD: aliases | ||
742 | 65 | <Location /1.0/images/aliases/> | ||
743 | 66 | ErrorDocument 404 /meta/lxd/404.json | ||
744 | 67 | </Location> | ||
745 | 68 | |||
746 | 69 | # LXD: downloads | ||
747 | 70 | <LocationMatch "^/1.0/images/[0-9a-f]*/export"> | ||
748 | 71 | Header set Content-Type "multipart/form-data; boundary=f012e447-25dd-4f6d-8a14-105c3b27a768" | ||
749 | 72 | </LocationMatch> | ||
750 | 73 | # Simplestreams: redirect | ||
751 | 74 | RewriteRule ^/streams(.*)$ /meta/simplestreams$1 [L] | ||
752 | 75 | </VirtualHost> | ||
753 | 76 | |||
754 | 77 | <VirtualHost 91.189.88.247:80 [2001:67c:1360:8001::33]:80> | ||
755 | 78 | ServerName us.images.linuxcontainers.org | ||
756 | 79 | CustomLog ${APACHE_LOG_DIR}/us.images.linuxcontainers.org.log vhost_combined | ||
757 | 80 | DocumentRoot /srv/images.linuxcontainers.org/www | ||
758 | 81 | |||
759 | 82 | RewriteEngine on | ||
760 | 83 | AllowEncodedSlashes On | ||
761 | 84 | |||
762 | 85 | # LXD: Recursive queries | ||
763 | 86 | RewriteCond %{QUERY_STRING} recursion=1 | ||
764 | 87 | RewriteRule ^/1.0.*$ /meta/lxd%{REQUEST_URI}/index-rec.json [L] | ||
765 | 88 | |||
766 | 89 | # LXD: Normal queries | ||
767 | 90 | RewriteRule ^/1.0.*$ /meta/lxd%{REQUEST_URI}/index.json [L] | ||
768 | 91 | |||
769 | 92 | <Location /> | ||
770 | 93 | Require all granted | ||
771 | 94 | </Location> | ||
772 | 95 | |||
773 | 96 | # LXC: Allow image listing | ||
774 | 97 | <Location /images> | ||
775 | 98 | Options +Indexes | ||
776 | 99 | </Location> | ||
777 | 100 | |||
778 | 101 | # LXD: API root | ||
779 | 102 | <Location /1.0/> | ||
780 | 103 | ErrorDocument 404 /meta/lxd/404.json | ||
781 | 104 | Options -Indexes | ||
782 | 105 | </Location> | ||
783 | 106 | |||
784 | 107 | # LXD: images | ||
785 | 108 | <Location /1.0/images/> | ||
786 | 109 | ErrorDocument 404 /meta/lxd/1.0/images/404.json | ||
787 | 110 | Options +FollowSymlinks | ||
788 | 111 | </Location> | ||
789 | 112 | |||
790 | 113 | # LXD: aliases | ||
791 | 114 | <Location /1.0/images/aliases/> | ||
792 | 115 | ErrorDocument 404 /meta/lxd/404.json | ||
793 | 116 | </Location> | ||
794 | 117 | |||
795 | 118 | # LXD: downloads | ||
796 | 119 | <LocationMatch "^/1.0/images/[0-9a-f]*/export"> | ||
797 | 120 | Header set Content-Type "multipart/form-data; boundary=f012e447-25dd-4f6d-8a14-105c3b27a768" | ||
798 | 121 | </LocationMatch> | ||
799 | 122 | # Simplestreams: redirect | ||
800 | 123 | RewriteRule ^/streams(.*)$ /meta/simplestreams$1 [L] | ||
801 | 124 | </VirtualHost> | ||
802 | 125 | |||
803 | 126 | <VirtualHost 91.189.88.247:443 [2001:67c:1360:8001::33]:443> | ||
804 | 127 | ServerName images.linuxcontainers.org | ||
805 | 128 | CustomLog ${APACHE_LOG_DIR}/images.linuxcontainers.org.log vhost_combined | ||
806 | 129 | DocumentRoot /srv/images.linuxcontainers.org/www | ||
807 | 130 | |||
808 | 131 | <Location /> | ||
809 | 132 | Require all granted | ||
810 | 133 | </Location> | ||
811 | 134 | |||
812 | 135 | # SSL configuration | ||
813 | 136 | SSLEngine On | ||
814 | 137 | SSLCertificateFile /etc/ssl/certs/images.linuxcontainers.org.crt | ||
815 | 138 | SSLCertificateKeyFile /etc/ssl/private/images.linuxcontainers.org.key | ||
816 | 139 | SSLCertificateChainFile /etc/ssl/certs/images.linuxcontainers.org_chain.crt | ||
817 | 140 | Header always set Strict-Transport-Security "max-age=31536000" | ||
818 | 141 | RequestHeader set X_FORWARDED_PORT "443" | ||
819 | 142 | RequestHeader set X_FORWARDED_PROTO "https" | ||
820 | 143 | |||
821 | 144 | RewriteEngine on | ||
822 | 145 | AllowEncodedSlashes On | ||
823 | 146 | |||
824 | 147 | # GeoIP: Redirect everything to appropriate country server | ||
825 | 148 | GeoIPEnable On | ||
826 | 149 | GeoIPDBFile /usr/share/GeoIP/GeoIP.dat | ||
827 | 150 | GeoIPDBFile /usr/share/GeoIP/GeoIPv6.dat | ||
828 | 151 | |||
829 | 152 | # Send North America, Oceania and South America to the US server | ||
830 | 153 | RewriteCond %{ENV:GEOIP_CONTINENT_CODE} ^(NA|OC|SA)$ | ||
831 | 154 | RewriteRule ^/(.*)$ https://us.images.linuxcontainers.org/$1 [R=301,L] | ||
832 | 155 | RewriteCond %{ENV:GEOIP_CONTINENT_CODE_V6} ^(NA|OC|SA)$ | ||
833 | 156 | RewriteRule ^/(.*)$ https://us.images.linuxcontainers.org/$1 [R=301,L] | ||
834 | 157 | |||
835 | 158 | # Send Africa, Antarctica, Asia, Europe, and all else to the UK server | ||
836 | 159 | RewriteRule ^/(.*)$ https://uk.images.linuxcontainers.org/$1 [R=301,L] | ||
837 | 160 | </VirtualHost> | ||
838 | 161 | |||
839 | 162 | <VirtualHost 91.189.88.247:443 [2001:67c:1360:8001::33]:443> | ||
840 | 163 | ServerName uk.images.linuxcontainers.org | ||
841 | 164 | CustomLog ${APACHE_LOG_DIR}/uk.images.linuxcontainers.org.log vhost_combined | ||
842 | 165 | DocumentRoot /srv/images.linuxcontainers.org/www | ||
843 | 166 | |||
844 | 167 | # SSL configuration | ||
845 | 168 | SSLEngine On | ||
846 | 169 | SSLCertificateFile /etc/ssl/certs/images.linuxcontainers.org.crt | ||
847 | 170 | SSLCertificateKeyFile /etc/ssl/private/images.linuxcontainers.org.key | ||
848 | 171 | SSLCertificateChainFile /etc/ssl/certs/images.linuxcontainers.org_chain.crt | ||
849 | 172 | Header always set Strict-Transport-Security "max-age=31536000" | ||
850 | 173 | RequestHeader set X_FORWARDED_PORT "443" | ||
851 | 174 | RequestHeader set X_FORWARDED_PROTO "https" | ||
852 | 175 | |||
853 | 176 | RewriteEngine on | ||
854 | 177 | AllowEncodedSlashes On | ||
855 | 178 | |||
856 | 179 | # LXD: Recursive queries | ||
857 | 180 | RewriteCond %{QUERY_STRING} recursion=1 | ||
858 | 181 | RewriteRule ^/1.0.*$ /meta/lxd%{REQUEST_URI}/index-rec.json [L] | ||
859 | 182 | |||
860 | 183 | # LXD: Normal queries | ||
861 | 184 | RewriteRule ^/1.0.*$ /meta/lxd%{REQUEST_URI}/index.json [L] | ||
862 | 185 | |||
863 | 186 | <Location /> | ||
864 | 187 | Require all granted | ||
865 | 188 | </Location> | ||
866 | 189 | |||
867 | 190 | # LXC: Allow image listing | ||
868 | 191 | <Location /images> | ||
869 | 192 | Options +Indexes | ||
870 | 193 | </Location> | ||
871 | 194 | |||
872 | 195 | # LXD: API root | ||
873 | 196 | <Location /1.0/> | ||
874 | 197 | ErrorDocument 404 /meta/lxd/404.json | ||
875 | 198 | Options -Indexes | ||
876 | 199 | </Location> | ||
877 | 200 | |||
878 | 201 | # LXD: images | ||
879 | 202 | <Location /1.0/images/> | ||
880 | 203 | ErrorDocument 404 /meta/lxd/1.0/images/404.json | ||
881 | 204 | Options +FollowSymlinks | ||
882 | 205 | </Location> | ||
883 | 206 | |||
884 | 207 | # LXD: aliases | ||
885 | 208 | <Location /1.0/images/aliases/> | ||
886 | 209 | ErrorDocument 404 /meta/lxd/404.json | ||
887 | 210 | </Location> | ||
888 | 211 | |||
889 | 212 | # LXD: downloads | ||
890 | 213 | <LocationMatch "^/1.0/images/[0-9a-f]*/export"> | ||
891 | 214 | Header set Content-Type "multipart/form-data; boundary=f012e447-25dd-4f6d-8a14-105c3b27a768" | ||
892 | 215 | </LocationMatch> | ||
893 | 216 | # Simplestreams: redirect | ||
894 | 217 | RewriteRule ^/streams(.*)$ /meta/simplestreams$1 [L] | ||
895 | 218 | </VirtualHost> | ||
896 | 219 | |||
897 | 220 | <VirtualHost 91.189.88.247:443 [2001:67c:1360:8001::33]:443> | ||
898 | 221 | ServerName us.images.linuxcontainers.org | ||
899 | 222 | CustomLog ${APACHE_LOG_DIR}/us.images.linuxcontainers.org.log vhost_combined | ||
900 | 223 | DocumentRoot /srv/images.linuxcontainers.org/www | ||
901 | 224 | |||
902 | 225 | # SSL configuration | ||
903 | 226 | SSLEngine On | ||
904 | 227 | SSLCertificateFile /etc/ssl/certs/images.linuxcontainers.org.crt | ||
905 | 228 | SSLCertificateKeyFile /etc/ssl/private/images.linuxcontainers.org.key | ||
906 | 229 | SSLCertificateChainFile /etc/ssl/certs/images.linuxcontainers.org_chain.crt | ||
907 | 230 | Header always set Strict-Transport-Security "max-age=31536000" | ||
908 | 231 | RequestHeader set X_FORWARDED_PORT "443" | ||
909 | 232 | RequestHeader set X_FORWARDED_PROTO "https" | ||
910 | 233 | |||
911 | 234 | RewriteEngine on | ||
912 | 235 | AllowEncodedSlashes On | ||
913 | 236 | |||
914 | 237 | # LXD: Recursive queries | ||
915 | 238 | RewriteCond %{QUERY_STRING} recursion=1 | ||
916 | 239 | RewriteRule ^/1.0.*$ /meta/lxd%{REQUEST_URI}/index-rec.json [L] | ||
917 | 240 | |||
918 | 241 | # LXD: Normal queries | ||
919 | 242 | RewriteRule ^/1.0.*$ /meta/lxd%{REQUEST_URI}/index.json [L] | ||
920 | 243 | |||
921 | 244 | <Location /> | ||
922 | 245 | Require all granted | ||
923 | 246 | </Location> | ||
924 | 247 | |||
925 | 248 | # LXC: Allow image listing | ||
926 | 249 | <Location /images> | ||
927 | 250 | Options +Indexes | ||
928 | 251 | </Location> | ||
929 | 252 | |||
930 | 253 | # LXD: API root | ||
931 | 254 | <Location /1.0/> | ||
932 | 255 | ErrorDocument 404 /meta/lxd/404.json | ||
933 | 256 | Options -Indexes | ||
934 | 257 | </Location> | ||
935 | 258 | |||
936 | 259 | # LXD: images | ||
937 | 260 | <Location /1.0/images/> | ||
938 | 261 | ErrorDocument 404 /meta/lxd/1.0/images/404.json | ||
939 | 262 | Options +FollowSymlinks | ||
940 | 263 | </Location> | ||
941 | 264 | |||
942 | 265 | # LXD: aliases | ||
943 | 266 | <Location /1.0/images/aliases/> | ||
944 | 267 | ErrorDocument 404 /meta/lxd/404.json | ||
945 | 268 | </Location> | ||
946 | 269 | |||
947 | 270 | # LXD: downloads | ||
948 | 271 | <LocationMatch "^/1.0/images/[0-9a-f]*/export"> | ||
949 | 272 | Header set Content-Type "multipart/form-data; boundary=f012e447-25dd-4f6d-8a14-105c3b27a768" | ||
950 | 273 | </LocationMatch> | ||
951 | 274 | # Simplestreams: redirect | ||
952 | 275 | RewriteRule ^/streams(.*)$ /meta/simplestreams$1 [L] | ||
953 | 276 | </VirtualHost> | ||
954 | 277 | |||
955 | 278 | <VirtualHost 91.189.88.247:8443 [2001:67c:1360:8001::33]:8443> | ||
956 | 279 | ServerName images.linuxcontainers.org | ||
957 | 280 | CustomLog ${APACHE_LOG_DIR}/images.linuxcontainers.org.log vhost_combined | ||
958 | 281 | DocumentRoot /srv/images.linuxcontainers.org/www | ||
959 | 282 | |||
960 | 283 | <Location /> | ||
961 | 284 | Require all granted | ||
962 | 285 | </Location> | ||
963 | 286 | |||
964 | 287 | # SSL configuration | ||
965 | 288 | SSLEngine On | ||
966 | 289 | SSLCertificateFile /etc/ssl/certs/images.linuxcontainers.org.crt | ||
967 | 290 | SSLCertificateKeyFile /etc/ssl/private/images.linuxcontainers.org.key | ||
968 | 291 | SSLCertificateChainFile /etc/ssl/certs/images.linuxcontainers.org_chain.crt | ||
969 | 292 | Header always set Strict-Transport-Security "max-age=31536000" | ||
970 | 293 | RequestHeader set X_FORWARDED_PORT "8443" | ||
971 | 294 | RequestHeader set X_FORWARDED_PROTO "https" | ||
972 | 295 | |||
973 | 296 | RewriteEngine on | ||
974 | 297 | AllowEncodedSlashes On | ||
975 | 298 | |||
976 | 299 | # GeoIP: Redirect everything to appropriate country server | ||
977 | 300 | GeoIPEnable On | ||
978 | 301 | GeoIPDBFile /usr/share/GeoIP/GeoIP.dat | ||
979 | 302 | GeoIPDBFile /usr/share/GeoIP/GeoIPv6.dat | ||
980 | 303 | |||
981 | 304 | # Send North America, Oceania and South America to the US server | ||
982 | 305 | RewriteCond %{ENV:GEOIP_CONTINENT_CODE} ^(NA|OC|SA)$ | ||
983 | 306 | RewriteRule ^/(.*)$ https://us.images.linuxcontainers.org:8443/$1 [R=301,L] | ||
984 | 307 | RewriteCond %{ENV:GEOIP_CONTINENT_CODE_V6} ^(NA|OC|SA)$ | ||
985 | 308 | RewriteRule ^/(.*)$ https://us.images.linuxcontainers.org:8443/$1 [R=301,L] | ||
986 | 309 | |||
987 | 310 | # Send Africa, Antarctica, Asia, Europe, and all else to the UK server | ||
988 | 311 | RewriteRule ^/(.*)$ https://uk.images.linuxcontainers.org:8443/$1 [R=301,L] | ||
989 | 312 | </VirtualHost> | ||
990 | 313 | |||
991 | 314 | <VirtualHost 91.189.88.247:8443 [2001:67c:1360:8001::33]:8443> | ||
992 | 315 | ServerName uk.images.linuxcontainers.org | ||
993 | 316 | CustomLog ${APACHE_LOG_DIR}/uk.images.linuxcontainers.org.log vhost_combined | ||
994 | 317 | DocumentRoot /srv/images.linuxcontainers.org/www | ||
995 | 318 | |||
996 | 319 | # SSL configuration | ||
997 | 320 | SSLEngine On | ||
998 | 321 | SSLCertificateFile /etc/ssl/certs/images.linuxcontainers.org.crt | ||
999 | 322 | SSLCertificateKeyFile /etc/ssl/private/images.linuxcontainers.org.key | ||
1000 | 323 | SSLCertificateChainFile /etc/ssl/certs/images.linuxcontainers.org_chain.crt | ||
1001 | 324 | Header always set Strict-Transport-Security "max-age=31536000" | ||
1002 | 325 | RequestHeader set X_FORWARDED_PORT "8443" | ||
1003 | 326 | RequestHeader set X_FORWARDED_PROTO "https" | ||
1004 | 327 | |||
1005 | 328 | RewriteEngine on | ||
1006 | 329 | AllowEncodedSlashes On | ||
1007 | 330 | |||
1008 | 331 | # LXD: Recursive queries | ||
1009 | 332 | RewriteCond %{QUERY_STRING} recursion=1 | ||
1010 | 333 | RewriteRule ^/1.0.*$ /meta/lxd%{REQUEST_URI}/index-rec.json [L] | ||
1011 | 334 | |||
1012 | 335 | # LXD: Normal queries | ||
1013 | 336 | RewriteRule ^/1.0.*$ /meta/lxd%{REQUEST_URI}/index.json [L] | ||
1014 | 337 | |||
1015 | 338 | <Location /> | ||
1016 | 339 | Require all granted | ||
1017 | 340 | </Location> | ||
1018 | 341 | |||
1019 | 342 | # LXC: Allow image listing | ||
1020 | 343 | <Location /images> | ||
1021 | 344 | Options +Indexes | ||
1022 | 345 | </Location> | ||
1023 | 346 | |||
1024 | 347 | # LXD: API root | ||
1025 | 348 | <Location /1.0/> | ||
1026 | 349 | ErrorDocument 404 /meta/lxd/404.json | ||
1027 | 350 | Options -Indexes | ||
1028 | 351 | </Location> | ||
1029 | 352 | |||
1030 | 353 | # LXD: images | ||
1031 | 354 | <Location /1.0/images/> | ||
1032 | 355 | ErrorDocument 404 /meta/lxd/1.0/images/404.json | ||
1033 | 356 | Options +FollowSymlinks | ||
1034 | 357 | </Location> | ||
1035 | 358 | |||
1036 | 359 | # LXD: aliases | ||
1037 | 360 | <Location /1.0/images/aliases/> | ||
1038 | 361 | ErrorDocument 404 /meta/lxd/404.json | ||
1039 | 362 | </Location> | ||
1040 | 363 | |||
1041 | 364 | # LXD: downloads | ||
1042 | 365 | <LocationMatch "^/1.0/images/[0-9a-f]*/export"> | ||
1043 | 366 | Header set Content-Type "multipart/form-data; boundary=f012e447-25dd-4f6d-8a14-105c3b27a768" | ||
1044 | 367 | </LocationMatch> | ||
1045 | 368 | # Simplestreams: redirect | ||
1046 | 369 | RewriteRule ^/streams(.*)$ /meta/simplestreams$1 [L] | ||
1047 | 370 | </VirtualHost> | ||
1048 | 371 | |||
1049 | 372 | <VirtualHost 91.189.88.247:8443 [2001:67c:1360:8001::33]:8443> | ||
1050 | 373 | ServerName us.images.linuxcontainers.org | ||
1051 | 374 | CustomLog ${APACHE_LOG_DIR}/us.images.linuxcontainers.org.log vhost_combined | ||
1052 | 375 | DocumentRoot /srv/images.linuxcontainers.org/www | ||
1053 | 376 | |||
1054 | 377 | # SSL configuration | ||
1055 | 378 | SSLEngine On | ||
1056 | 379 | SSLCertificateFile /etc/ssl/certs/images.linuxcontainers.org.crt | ||
1057 | 380 | SSLCertificateKeyFile /etc/ssl/private/images.linuxcontainers.org.key | ||
1058 | 381 | SSLCertificateChainFile /etc/ssl/certs/images.linuxcontainers.org_chain.crt | ||
1059 | 382 | Header always set Strict-Transport-Security "max-age=31536000" | ||
1060 | 383 | RequestHeader set X_FORWARDED_PORT "8443" | ||
1061 | 384 | RequestHeader set X_FORWARDED_PROTO "https" | ||
1062 | 385 | |||
1063 | 386 | RewriteEngine on | ||
1064 | 387 | AllowEncodedSlashes On | ||
1065 | 388 | |||
1066 | 389 | # LXD: Recursive queries | ||
1067 | 390 | RewriteCond %{QUERY_STRING} recursion=1 | ||
1068 | 391 | RewriteRule ^/1.0.*$ /meta/lxd%{REQUEST_URI}/index-rec.json [L] | ||
1069 | 392 | |||
1070 | 393 | # LXD: Normal queries | ||
1071 | 394 | RewriteRule ^/1.0.*$ /meta/lxd%{REQUEST_URI}/index.json [L] | ||
1072 | 395 | |||
1073 | 396 | <Location /> | ||
1074 | 397 | Require all granted | ||
1075 | 398 | </Location> | ||
1076 | 399 | |||
1077 | 400 | # LXC: Allow image listing | ||
1078 | 401 | <Location /images> | ||
1079 | 402 | Options +Indexes | ||
1080 | 403 | </Location> | ||
1081 | 404 | |||
1082 | 405 | # LXD: API root | ||
1083 | 406 | <Location /1.0/> | ||
1084 | 407 | ErrorDocument 404 /meta/lxd/404.json | ||
1085 | 408 | Options -Indexes | ||
1086 | 409 | </Location> | ||
1087 | 410 | |||
1088 | 411 | # LXD: images | ||
1089 | 412 | <Location /1.0/images/> | ||
1090 | 413 | ErrorDocument 404 /meta/lxd/1.0/images/404.json | ||
1091 | 414 | Options +FollowSymlinks | ||
1092 | 415 | </Location> | ||
1093 | 416 | |||
1094 | 417 | # LXD: aliases | ||
1095 | 418 | <Location /1.0/images/aliases/> | ||
1096 | 419 | ErrorDocument 404 /meta/lxd/404.json | ||
1097 | 420 | </Location> | ||
1098 | 421 | |||
1099 | 422 | # LXD: downloads | ||
1100 | 423 | <LocationMatch "^/1.0/images/[0-9a-f]*/export"> | ||
1101 | 424 | Header set Content-Type "multipart/form-data; boundary=f012e447-25dd-4f6d-8a14-105c3b27a768" | ||
1102 | 425 | </LocationMatch> | ||
1103 | 426 | # Simplestreams: redirect | ||
1104 | 427 | RewriteRule ^/streams(.*)$ /meta/simplestreams$1 [L] | ||
1105 | 428 | </VirtualHost> | ||
1106 | 429 | |||
1107 | diff --git a/tests/unit/testdata/linuxcontainers/thirdparty.txt b/tests/unit/testdata/linuxcontainers/thirdparty.txt | |||
1108 | 0 | new file mode 100644 | 430 | new file mode 100644 |
1109 | index 0000000..0b1e58d | |||
1110 | --- /dev/null | |||
1111 | +++ b/tests/unit/testdata/linuxcontainers/thirdparty.txt | |||
1112 | @@ -0,0 +1,119 @@ | |||
1113 | 1 | <VirtualHost *:80> | ||
1114 | 2 | ServerName lxd.example.net | ||
1115 | 3 | ServerAlias uk.lxd.example.net | ||
1116 | 4 | ServerAlias us.lxd.example.net | ||
1117 | 5 | CustomLog ${APACHE_LOG_DIR}/lxd.example.net.log vhost_combined | ||
1118 | 6 | DocumentRoot /srv/lxd.example.net/www | ||
1119 | 7 | |||
1120 | 8 | <Location /> | ||
1121 | 9 | Require all granted | ||
1122 | 10 | </Location> | ||
1123 | 11 | |||
1124 | 12 | RewriteEngine on | ||
1125 | 13 | AllowEncodedSlashes On | ||
1126 | 14 | |||
1127 | 15 | # LXD: Recursive queries | ||
1128 | 16 | RewriteCond %{QUERY_STRING} recursion=1 | ||
1129 | 17 | RewriteRule ^/1.0.*$ /meta/lxd%{REQUEST_URI}/index-rec.json [L] | ||
1130 | 18 | |||
1131 | 19 | # LXD: Normal queries | ||
1132 | 20 | RewriteRule ^/1.0.*$ /meta/lxd%{REQUEST_URI}/index.json [L] | ||
1133 | 21 | |||
1134 | 22 | <Location /> | ||
1135 | 23 | Require all granted | ||
1136 | 24 | </Location> | ||
1137 | 25 | |||
1138 | 26 | # LXC: Allow image listing | ||
1139 | 27 | <Location /images> | ||
1140 | 28 | Options +Indexes | ||
1141 | 29 | </Location> | ||
1142 | 30 | |||
1143 | 31 | # LXD: API root | ||
1144 | 32 | <Location /1.0/> | ||
1145 | 33 | ErrorDocument 404 /meta/lxd/404.json | ||
1146 | 34 | Options -Indexes | ||
1147 | 35 | </Location> | ||
1148 | 36 | |||
1149 | 37 | # LXD: images | ||
1150 | 38 | <Location /1.0/images/> | ||
1151 | 39 | ErrorDocument 404 /meta/lxd/1.0/images/404.json | ||
1152 | 40 | Options +FollowSymlinks | ||
1153 | 41 | </Location> | ||
1154 | 42 | |||
1155 | 43 | # LXD: aliases | ||
1156 | 44 | <Location /1.0/images/aliases/> | ||
1157 | 45 | ErrorDocument 404 /meta/lxd/404.json | ||
1158 | 46 | </Location> | ||
1159 | 47 | |||
1160 | 48 | # LXD: downloads | ||
1161 | 49 | <LocationMatch "^/1.0/images/[0-9a-f]*/export"> | ||
1162 | 50 | Header set Content-Type "multipart/form-data; boundary=f012e447-25dd-4f6d-8a14-105c3b27a768" | ||
1163 | 51 | </LocationMatch> | ||
1164 | 52 | # Simplestreams: redirect | ||
1165 | 53 | RewriteRule ^/streams(.*)$ /meta/simplestreams$1 [L] | ||
1166 | 54 | </VirtualHost> | ||
1167 | 55 | |||
1168 | 56 | <VirtualHost *:443> | ||
1169 | 57 | ServerName lxd.example.net | ||
1170 | 58 | ServerAlias uk.lxd.example.net | ||
1171 | 59 | ServerAlias us.lxd.example.net | ||
1172 | 60 | CustomLog ${APACHE_LOG_DIR}/lxd.example.net.log vhost_combined | ||
1173 | 61 | DocumentRoot /srv/lxd.example.net/www | ||
1174 | 62 | |||
1175 | 63 | <Location /> | ||
1176 | 64 | Require all granted | ||
1177 | 65 | </Location> | ||
1178 | 66 | |||
1179 | 67 | # SSL configuration | ||
1180 | 68 | SSLEngine On | ||
1181 | 69 | SSLCertificateFile /etc/ssl/certs/lxd.example.net.crt | ||
1182 | 70 | SSLCertificateKeyFile /etc/ssl/private/lxd.example.net.key | ||
1183 | 71 | SSLCertificateChainFile /etc/ssl/certs/lxd.example.net_chain.crt | ||
1184 | 72 | Header always set Strict-Transport-Security "max-age=31536000" | ||
1185 | 73 | RequestHeader set X_FORWARDED_PORT "443" | ||
1186 | 74 | RequestHeader set X_FORWARDED_PROTO "https" | ||
1187 | 75 | |||
1188 | 76 | RewriteEngine on | ||
1189 | 77 | AllowEncodedSlashes On | ||
1190 | 78 | |||
1191 | 79 | # LXD: Recursive queries | ||
1192 | 80 | RewriteCond %{QUERY_STRING} recursion=1 | ||
1193 | 81 | RewriteRule ^/1.0.*$ /meta/lxd%{REQUEST_URI}/index-rec.json [L] | ||
1194 | 82 | |||
1195 | 83 | # LXD: Normal queries | ||
1196 | 84 | RewriteRule ^/1.0.*$ /meta/lxd%{REQUEST_URI}/index.json [L] | ||
1197 | 85 | |||
1198 | 86 | <Location /> | ||
1199 | 87 | Require all granted | ||
1200 | 88 | </Location> | ||
1201 | 89 | |||
1202 | 90 | # LXC: Allow image listing | ||
1203 | 91 | <Location /images> | ||
1204 | 92 | Options +Indexes | ||
1205 | 93 | </Location> | ||
1206 | 94 | |||
1207 | 95 | # LXD: API root | ||
1208 | 96 | <Location /1.0/> | ||
1209 | 97 | ErrorDocument 404 /meta/lxd/404.json | ||
1210 | 98 | Options -Indexes | ||
1211 | 99 | </Location> | ||
1212 | 100 | |||
1213 | 101 | # LXD: images | ||
1214 | 102 | <Location /1.0/images/> | ||
1215 | 103 | ErrorDocument 404 /meta/lxd/1.0/images/404.json | ||
1216 | 104 | Options +FollowSymlinks | ||
1217 | 105 | </Location> | ||
1218 | 106 | |||
1219 | 107 | # LXD: aliases | ||
1220 | 108 | <Location /1.0/images/aliases/> | ||
1221 | 109 | ErrorDocument 404 /meta/lxd/404.json | ||
1222 | 110 | </Location> | ||
1223 | 111 | |||
1224 | 112 | # LXD: downloads | ||
1225 | 113 | <LocationMatch "^/1.0/images/[0-9a-f]*/export"> | ||
1226 | 114 | Header set Content-Type "multipart/form-data; boundary=f012e447-25dd-4f6d-8a14-105c3b27a768" | ||
1227 | 115 | </LocationMatch> | ||
1228 | 116 | # Simplestreams: redirect | ||
1229 | 117 | RewriteRule ^/streams(.*)$ /meta/simplestreams$1 [L] | ||
1230 | 118 | </VirtualHost> | ||
1231 | 119 |
This merge proposal is being monitored by mergebot. Change the status to Approved to merge.