Revision 96f6f3e0
Added by Benoît PECCATTE over 7 years ago
| rudder-server-relay/SOURCES/relay-api/apache/relay-api.conf | ||
|---|---|---|
|
# Set up a WSGI serving process
|
||
|
WSGIDaemonProcess relay_api threads=5 user=rudder
|
||
|
WSGISocketPrefix /var/run/wsgi
|
||
|
|
||
|
## Set directory access permissions
|
||
|
|
||
|
<Directory /opt/rudder/share/relay-api/relay_api>
|
||
|
# Allow access from anybody
|
||
|
Allow from all
|
||
|
</Directory>
|
||
|
|
||
|
<Files /opt/rudder/share/relay-api/relay-api.wsgi>
|
||
|
# Allow access from anybody
|
||
|
Allow from all
|
||
|
</Files>
|
||
|
|
||
|
<Directory /opt/rudder/share/relay-api/flask>
|
||
|
|
||
|
# WSGI parameters
|
||
|
WSGIProcessGroup relay_api
|
||
|
WSGIApplicationGroup %{GLOBAL}
|
||
|
|
||
|
# Allow access from anybody
|
||
|
Allow from all
|
||
|
|
||
|
</Directory>
|
||
|
|
||
| rudder-server-relay/SOURCES/rudder-apache-relay-common.conf | ||
|---|---|---|
|
# Load relay-api
|
||
|
WSGIScriptAlias /rudder/relay-api /opt/rudder/share/relay-api/relay-api.wsgi
|
||
|
|
||
|
## Set directory access permissions
|
||
|
|
||
|
<Directory /opt/rudder/share/relay-api/relay_api>
|
||
|
# Allow access from anybody
|
||
|
Allow from all
|
||
|
</Directory>
|
||
|
|
||
|
<Files /opt/rudder/share/relay-api/relay-api.wsgi>
|
||
|
# Allow access from anybody
|
||
|
Allow from all
|
||
|
</Files>
|
||
|
|
||
|
<Directory /opt/rudder/share/relay-api/flask>
|
||
|
# Allow access from anybody
|
||
|
Allow from all
|
||
|
</Directory>
|
||
|
|
||
|
# Disallow by default
|
||
|
<Location /rudder/relay-api/>
|
||
|
# WSGI parameters
|
||
|
WSGIProcessGroup relay_api
|
||
|
WSGIApplicationGroup %{GLOBAL}
|
||
|
|
||
|
<IfVersion < 2.4>
|
||
|
Order deny,allow
|
||
| rudder-server-relay/SOURCES/rudder-vhost.conf | ||
|---|---|---|
|
# Set up a WSGI serving process common to ssl and non ssl vhost
|
||
|
WSGIDaemonProcess relay_api threads=5 user=rudder
|
||
|
|
||
|
<VirtualHost *:80>
|
||
|
|
||
|
ServerAdmin webmaster@localhost
|
||
| rudder-server-relay/SPECS/rudder-server-relay.spec | ||
|---|---|---|
|
cp -r %{_sourcedir}/relay-api/flask %{buildroot}%{rudderdir}/share/relay-api/
|
||
|
cp -r %{_sourcedir}/relay-api/relay_api %{buildroot}%{rudderdir}/share/relay-api/
|
||
|
cp %{_sourcedir}/relay-api/apache/relay-api.wsgi %{buildroot}%{rudderdir}/share/relay-api/
|
||
|
install -m 644 %{_sourcedir}/relay-api/apache/relay-api.conf %{buildroot}/etc/%{apache_vhost_dir}/relay-api.conf
|
||
|
install -m 644 %{_sourcedir}/relay-api/cleanup.sh %{buildroot}%{rudderdir}/share/relay-api/
|
||
|
|
||
|
# Others
|
||
| ... | ... | |
|
# Create the rudder user
|
||
|
if ! getent passwd %{rudder_user} >/dev/null; then
|
||
|
echo -n "INFO: Creating the %{rudder_user} user..."
|
||
|
useradd -r -m -G %{rudder_group} -d /var/rudder -c "Rudder,,," %{rudder_user} >/dev/null 2>&1
|
||
|
useradd -r -m -g %{rudder_group} -d /var/rudder -c "Rudder,,," %{rudder_user} >/dev/null 2>&1
|
||
|
echo " Done"
|
||
|
fi
|
||
|
|
||
| rudder-server-relay/debian/links | ||
|---|---|---|
|
/etc/apache2/conf-available/relay-api.conf /etc/apache2/conf.d/relay-api.conf
|
||
| rudder-server-relay/debian/postinst | ||
|---|---|---|
|
# Create the rudder user
|
||
|
if ! getent passwd rudder >/dev/null; then
|
||
|
echo -n "INFO: Creating the rudder user..."
|
||
|
useradd -r -m -G rudder -d /var/rudder -c "Rudder,,," rudder >/dev/null 2>&1
|
||
|
useradd -r -m -g rudder -d /var/rudder -c "Rudder,,," rudder >/dev/null 2>&1
|
||
|
echo " Done"
|
||
|
fi
|
||
|
|
||
|
# Get the current apache version
|
||
|
APACHE_VERSION=$(apache2 -v|grep Apache|sed "s%^.*Apache/\([0-9].[0-9]\).*%\1%")
|
||
|
|
||
|
SITES_TO_DISABLE="default 000-default default-ssl rudder-vhost rudder-vhost-ssl rudder-relay-vhost rudder-relay-vhost-ssl"
|
||
|
SITES_TO_ENABLE="rudder.conf"
|
||
|
|
||
| ... | ... | |
|
# This module is compiled in core in some distro (debian)
|
||
|
a2enmod version >/dev/null 2>&1 || true
|
||
|
|
||
|
# Enable the conf-available entry if running Apache 2.4
|
||
|
if [ ${APACHE_VERSION} = 2.4 ]
|
||
|
then
|
||
|
[ ! -e /etc/apache2/conf-available/relay-api.conf ] || a2enconf relay-api
|
||
|
fi
|
||
|
|
||
|
# Create inventory repositories and add rights to the apache user to
|
||
|
# access /var/rudder/inventories/incoming
|
||
|
chmod 751 /var/rudder/inventories
|
||
| rudder-server-relay/debian/rules | ||
|---|---|---|
|
dh_install --SOURCEDIR=$(CURDIR)/SOURCES/relay-api relay_api/ /opt/rudder/share/relay-api/
|
||
|
dh_install --SOURCEDIR=$(CURDIR)/SOURCES/relay-api flask/ /opt/rudder/share/relay-api/
|
||
|
dh_install --SOURCEDIR=$(CURDIR)/SOURCES/relay-api apache/relay-api.wsgi /opt/rudder/share/relay-api/
|
||
|
dh_install --SOURCEDIR=$(CURDIR)/SOURCES/relay-api apache/relay-api.conf /etc/apache2/conf-available/
|
||
|
dh_install --SOURCEDIR=$(CURDIR)/SOURCES/relay-api cleanup.sh /opt/rudder/share/relay-api/
|
||
|
cp $(CURDIR)/SOURCES/rudder-relay.cron $(CURDIR)/BUILD/rudder-relay
|
||
|
dh_install --SOURCEDIR=$(CURDIR)/BUILD/ rudder-relay /etc/cron.d/
|
||
Also available in: Unified diff
Fixes #9989: Relay api runs with www-data user instead of rudder