This adds packages to suse for systemd python linkages as well as
apache2 and which. And configures mod_proxy and mod_proxy_uwsgi with
a2enmod.
We also properly query if apache mods are enabled to avoid running
into systemd service restart limits. Enable mod_version across the board
as we use it and it may not be enabled by default (like in SUSE).
Also in addition to enabling mod_ssl we enable the SSL flag so that TLS
will work...
Finally we tell the system to trust the devstack CA.
Change-Id: I3442cebfb2e7c2550733eb95a12fab42e1229ce7
... | ... |
@@ -1,3 +1,5 @@ |
1 |
+apache2 |
|
2 |
+apache2-devel |
|
1 | 3 |
bc |
2 | 4 |
bridge-utils |
3 | 5 |
ca-certificates-mozilla |
... | ... |
@@ -23,9 +25,11 @@ python-cmd2 # dist:opensuse-12.3 |
23 | 23 |
python-devel # pyOpenSSL |
24 | 24 |
python-xml |
25 | 25 |
screen |
26 |
+systemd-devel # for systemd-python |
|
26 | 27 |
tar |
27 | 28 |
tcpdump |
28 | 29 |
unzip |
29 | 30 |
util-linux |
30 | 31 |
wget |
32 |
+which |
|
31 | 33 |
zlib-devel |
... | ... |
@@ -53,8 +53,15 @@ APACHE_LOG_DIR="/var/log/${APACHE_NAME}" |
53 | 53 |
function enable_apache_mod { |
54 | 54 |
local mod=$1 |
55 | 55 |
# Apache installation, because we mark it NOPRIME |
56 |
- if is_ubuntu || is_suse ; then |
|
57 |
- if ! a2query -m $mod ; then |
|
56 |
+ if is_ubuntu; then |
|
57 |
+ # Skip mod_version as it is not a valid mod to enable |
|
58 |
+ # on debuntu, instead it is built in. |
|
59 |
+ if [[ "$mod" != "version" ]] && ! a2query -m $mod ; then |
|
60 |
+ sudo a2enmod $mod |
|
61 |
+ restart_apache_server |
|
62 |
+ fi |
|
63 |
+ elif is_suse; then |
|
64 |
+ if ! a2enmod -q $mod ; then |
|
58 | 65 |
sudo a2enmod $mod |
59 | 66 |
restart_apache_server |
60 | 67 |
fi |
... | ... |
@@ -96,7 +103,7 @@ function install_apache_uwsgi { |
96 | 96 |
# delete the temp directory |
97 | 97 |
sudo rm -rf $dir |
98 | 98 |
|
99 |
- if is_ubuntu; then |
|
99 |
+ if is_ubuntu || is_suse ; then |
|
100 | 100 |
# we've got to enable proxy and proxy_uwsgi for this to work |
101 | 101 |
sudo a2enmod proxy |
102 | 102 |
sudo a2enmod proxy_uwsgi |
... | ... |
@@ -171,6 +178,8 @@ function apache_site_config_for { |
171 | 171 |
# enable_apache_site() - Enable a particular apache site |
172 | 172 |
function enable_apache_site { |
173 | 173 |
local site=$@ |
174 |
+ # Many of our sites use mod version. Just enable it. |
|
175 |
+ enable_apache_mod version |
|
174 | 176 |
if is_ubuntu; then |
175 | 177 |
sudo a2ensite ${site} |
176 | 178 |
elif is_fedora || is_suse; then |
... | ... |
@@ -212,6 +212,9 @@ function init_CA { |
212 | 212 |
if is_fedora; then |
213 | 213 |
sudo cp $INT_CA_DIR/ca-chain.pem /usr/share/pki/ca-trust-source/anchors/devstack-chain.pem |
214 | 214 |
sudo update-ca-trust |
215 |
+ elif is_suse; then |
|
216 |
+ sudo cp $INT_CA_DIR/ca-chain.pem /usr/share/pki/trust/anchors/devstack-chain.pem |
|
217 |
+ sudo update-ca-certificates |
|
215 | 218 |
elif is_ubuntu; then |
216 | 219 |
sudo cp $INT_CA_DIR/ca-chain.pem /usr/local/share/ca-certificates/devstack-int.crt |
217 | 220 |
sudo cp $ROOT_CA_DIR/cacert.pem /usr/local/share/ca-certificates/devstack-root.crt |
... | ... |
@@ -354,6 +357,9 @@ function fix_system_ca_bundle_path { |
354 | 354 |
elif is_ubuntu; then |
355 | 355 |
sudo rm -f $capath |
356 | 356 |
sudo ln -s /etc/ssl/certs/ca-certificates.crt $capath |
357 |
+ elif is_suse; then |
|
358 |
+ sudo rm -f $capath |
|
359 |
+ sudo ln -s /etc/ssl/ca-bundle.pem $capath |
|
357 | 360 |
else |
358 | 361 |
echo "Don't know how to set the CA bundle, expect the install to fail." |
359 | 362 |
fi |
... | ... |
@@ -416,6 +422,9 @@ function enable_mod_ssl { |
416 | 416 |
|
417 | 417 |
if is_ubuntu; then |
418 | 418 |
sudo a2enmod ssl |
419 |
+ elif is_suse; then |
|
420 |
+ sudo a2enmod ssl |
|
421 |
+ sudo a2enflag SSL |
|
419 | 422 |
elif is_fedora; then |
420 | 423 |
# Fedora enables mod_ssl by default |
421 | 424 |
: |
... | ... |
@@ -522,6 +531,9 @@ $listen_string |
522 | 522 |
LogFormat "%v %h %l %u %t \"%r\" %>s %b" |
523 | 523 |
</VirtualHost> |
524 | 524 |
EOF |
525 |
+ if is_suse ; then |
|
526 |
+ sudo a2enflag SSL |
|
527 |
+ fi |
|
525 | 528 |
for mod in ssl proxy proxy_http; do |
526 | 529 |
enable_apache_mod $mod |
527 | 530 |
done |