Browse code
Make stack.sh work on SUSE
This adds packages to suse for systemd python linkages as well as
apache2 and which. And configures mod_proxy and mod_proxy_uwsgi with
a2enmod.
We also properly query if apache mods are enabled to avoid running
into systemd service restart limits. Enable mod_version across the board
as we use it and it may not be enabled by default (like in SUSE).
Also in addition to enabling mod_ssl we enable the SSL flag so that TLS
will work...
Finally we tell the system to trust the devstack CA.
Change-Id: I3442cebfb2e7c2550733eb95a12fab42e1229ce7
Clark Boylan authored on 2017/05/28 09:52:55Showing 3 changed files
| ... | ... |
@@ -1,3 +1,5 @@ |
| 1 |
+apache2 |
|
| 2 |
+apache2-devel |
|
| 1 | 3 |
bc |
| 2 | 4 |
bridge-utils |
| 3 | 5 |
ca-certificates-mozilla |
| ... | ... |
@@ -23,9 +25,11 @@ python-cmd2 # dist:opensuse-12.3 |
| 23 | 23 |
python-devel # pyOpenSSL |
| 24 | 24 |
python-xml |
| 25 | 25 |
screen |
| 26 |
+systemd-devel # for systemd-python |
|
| 26 | 27 |
tar |
| 27 | 28 |
tcpdump |
| 28 | 29 |
unzip |
| 29 | 30 |
util-linux |
| 30 | 31 |
wget |
| 32 |
+which |
|
| 31 | 33 |
zlib-devel |
| ... | ... |
@@ -53,8 +53,15 @@ APACHE_LOG_DIR="/var/log/${APACHE_NAME}"
|
| 53 | 53 |
function enable_apache_mod {
|
| 54 | 54 |
local mod=$1 |
| 55 | 55 |
# Apache installation, because we mark it NOPRIME |
| 56 |
- if is_ubuntu || is_suse ; then |
|
| 57 |
- if ! a2query -m $mod ; then |
|
| 56 |
+ if is_ubuntu; then |
|
| 57 |
+ # Skip mod_version as it is not a valid mod to enable |
|
| 58 |
+ # on debuntu, instead it is built in. |
|
| 59 |
+ if [[ "$mod" != "version" ]] && ! a2query -m $mod ; then |
|
| 60 |
+ sudo a2enmod $mod |
|
| 61 |
+ restart_apache_server |
|
| 62 |
+ fi |
|
| 63 |
+ elif is_suse; then |
|
| 64 |
+ if ! a2enmod -q $mod ; then |
|
| 58 | 65 |
sudo a2enmod $mod |
| 59 | 66 |
restart_apache_server |
| 60 | 67 |
fi |
| ... | ... |
@@ -96,7 +103,7 @@ function install_apache_uwsgi {
|
| 96 | 96 |
# delete the temp directory |
| 97 | 97 |
sudo rm -rf $dir |
| 98 | 98 |
|
| 99 |
- if is_ubuntu; then |
|
| 99 |
+ if is_ubuntu || is_suse ; then |
|
| 100 | 100 |
# we've got to enable proxy and proxy_uwsgi for this to work |
| 101 | 101 |
sudo a2enmod proxy |
| 102 | 102 |
sudo a2enmod proxy_uwsgi |
| ... | ... |
@@ -171,6 +178,8 @@ function apache_site_config_for {
|
| 171 | 171 |
# enable_apache_site() - Enable a particular apache site |
| 172 | 172 |
function enable_apache_site {
|
| 173 | 173 |
local site=$@ |
| 174 |
+ # Many of our sites use mod version. Just enable it. |
|
| 175 |
+ enable_apache_mod version |
|
| 174 | 176 |
if is_ubuntu; then |
| 175 | 177 |
sudo a2ensite ${site}
|
| 176 | 178 |
elif is_fedora || is_suse; then |
| ... | ... |
@@ -212,6 +212,9 @@ function init_CA {
|
| 212 | 212 |
if is_fedora; then |
| 213 | 213 |
sudo cp $INT_CA_DIR/ca-chain.pem /usr/share/pki/ca-trust-source/anchors/devstack-chain.pem |
| 214 | 214 |
sudo update-ca-trust |
| 215 |
+ elif is_suse; then |
|
| 216 |
+ sudo cp $INT_CA_DIR/ca-chain.pem /usr/share/pki/trust/anchors/devstack-chain.pem |
|
| 217 |
+ sudo update-ca-certificates |
|
| 215 | 218 |
elif is_ubuntu; then |
| 216 | 219 |
sudo cp $INT_CA_DIR/ca-chain.pem /usr/local/share/ca-certificates/devstack-int.crt |
| 217 | 220 |
sudo cp $ROOT_CA_DIR/cacert.pem /usr/local/share/ca-certificates/devstack-root.crt |
| ... | ... |
@@ -354,6 +357,9 @@ function fix_system_ca_bundle_path {
|
| 354 | 354 |
elif is_ubuntu; then |
| 355 | 355 |
sudo rm -f $capath |
| 356 | 356 |
sudo ln -s /etc/ssl/certs/ca-certificates.crt $capath |
| 357 |
+ elif is_suse; then |
|
| 358 |
+ sudo rm -f $capath |
|
| 359 |
+ sudo ln -s /etc/ssl/ca-bundle.pem $capath |
|
| 357 | 360 |
else |
| 358 | 361 |
echo "Don't know how to set the CA bundle, expect the install to fail." |
| 359 | 362 |
fi |
| ... | ... |
@@ -416,6 +422,9 @@ function enable_mod_ssl {
|
| 416 | 416 |
|
| 417 | 417 |
if is_ubuntu; then |
| 418 | 418 |
sudo a2enmod ssl |
| 419 |
+ elif is_suse; then |
|
| 420 |
+ sudo a2enmod ssl |
|
| 421 |
+ sudo a2enflag SSL |
|
| 419 | 422 |
elif is_fedora; then |
| 420 | 423 |
# Fedora enables mod_ssl by default |
| 421 | 424 |
: |
| ... | ... |
@@ -522,6 +531,9 @@ $listen_string |
| 522 | 522 |
LogFormat "%v %h %l %u %t \"%r\" %>s %b" |
| 523 | 523 |
</VirtualHost> |
| 524 | 524 |
EOF |
| 525 |
+ if is_suse ; then |
|
| 526 |
+ sudo a2enflag SSL |
|
| 527 |
+ fi |
|
| 525 | 528 |
for mod in ssl proxy proxy_http; do |
| 526 | 529 |
enable_apache_mod $mod |
| 527 | 530 |
done |