From 35649ae0d2a356c310fd92f16356bdd086cab290 Mon Sep 17 00:00:00 2001 From: Clark Boylan Date: Sat, 27 May 2017 17:52:55 -0700 Subject: [PATCH] Make stack.sh work on SUSE This adds packages to suse for systemd python linkages as well as apache2 and which. And configures mod_proxy and mod_proxy_uwsgi with a2enmod. We also properly query if apache mods are enabled to avoid running into systemd service restart limits. Enable mod_version across the board as we use it and it may not be enabled by default (like in SUSE). Also in addition to enabling mod_ssl we enable the SSL flag so that TLS will work... Finally we tell the system to trust the devstack CA. Change-Id: I3442cebfb2e7c2550733eb95a12fab42e1229ce7 --- files/rpms-suse/general | 4 ++++ lib/apache | 15 ++++++++++++--- lib/tls | 12 ++++++++++++ 3 files changed, 28 insertions(+), 3 deletions(-) diff --git a/files/rpms-suse/general b/files/rpms-suse/general index 1044c25288..370f2409f7 100644 --- a/files/rpms-suse/general +++ b/files/rpms-suse/general @@ -1,3 +1,5 @@ +apache2 +apache2-devel bc bridge-utils ca-certificates-mozilla @@ -23,9 +25,11 @@ python-cmd2 # dist:opensuse-12.3 python-devel # pyOpenSSL python-xml screen +systemd-devel # for systemd-python tar tcpdump unzip util-linux wget +which zlib-devel diff --git a/lib/apache b/lib/apache index 34ac660266..43d5000808 100644 --- a/lib/apache +++ b/lib/apache @@ -53,8 +53,15 @@ APACHE_LOG_DIR="/var/log/${APACHE_NAME}" function enable_apache_mod { local mod=$1 # Apache installation, because we mark it NOPRIME - if is_ubuntu || is_suse ; then - if ! a2query -m $mod ; then + if is_ubuntu; then + # Skip mod_version as it is not a valid mod to enable + # on debuntu, instead it is built in. + if [[ "$mod" != "version" ]] && ! a2query -m $mod ; then + sudo a2enmod $mod + restart_apache_server + fi + elif is_suse; then + if ! a2enmod -q $mod ; then sudo a2enmod $mod restart_apache_server fi @@ -96,7 +103,7 @@ function install_apache_uwsgi { # delete the temp directory sudo rm -rf $dir - if is_ubuntu; then + if is_ubuntu || is_suse ; then # we've got to enable proxy and proxy_uwsgi for this to work sudo a2enmod proxy sudo a2enmod proxy_uwsgi @@ -171,6 +178,8 @@ function apache_site_config_for { # enable_apache_site() - Enable a particular apache site function enable_apache_site { local site=$@ + # Many of our sites use mod version. Just enable it. + enable_apache_mod version if is_ubuntu; then sudo a2ensite ${site} elif is_fedora || is_suse; then diff --git a/lib/tls b/lib/tls index 238687c5dd..de7a3affa1 100644 --- a/lib/tls +++ b/lib/tls @@ -212,6 +212,9 @@ function init_CA { if is_fedora; then sudo cp $INT_CA_DIR/ca-chain.pem /usr/share/pki/ca-trust-source/anchors/devstack-chain.pem sudo update-ca-trust + elif is_suse; then + sudo cp $INT_CA_DIR/ca-chain.pem /usr/share/pki/trust/anchors/devstack-chain.pem + sudo update-ca-certificates elif is_ubuntu; then sudo cp $INT_CA_DIR/ca-chain.pem /usr/local/share/ca-certificates/devstack-int.crt sudo cp $ROOT_CA_DIR/cacert.pem /usr/local/share/ca-certificates/devstack-root.crt @@ -354,6 +357,9 @@ function fix_system_ca_bundle_path { elif is_ubuntu; then sudo rm -f $capath sudo ln -s /etc/ssl/certs/ca-certificates.crt $capath + elif is_suse; then + sudo rm -f $capath + sudo ln -s /etc/ssl/ca-bundle.pem $capath else echo "Don't know how to set the CA bundle, expect the install to fail." fi @@ -416,6 +422,9 @@ function enable_mod_ssl { if is_ubuntu; then sudo a2enmod ssl + elif is_suse; then + sudo a2enmod ssl + sudo a2enflag SSL elif is_fedora; then # Fedora enables mod_ssl by default : @@ -522,6 +531,9 @@ $listen_string LogFormat "%v %h %l %u %t \"%r\" %>s %b" EOF + if is_suse ; then + sudo a2enflag SSL + fi for mod in ssl proxy proxy_http; do enable_apache_mod $mod done