Make stack.sh work on SUSE

This adds packages to suse for systemd python linkages as well as apache2 and which. And configures mod_proxy and mod_proxy_uwsgi with a2enmod. We also properly query if apache mods are enabled to avoid running into systemd service restart limits. Enable mod_version across the board as we use it and it may not be enabled by default (like in SUSE). Also in addition to enabling mod_ssl we enable the SSL flag so that TLS will work... Finally we tell the system to trust the devstack CA. Change-Id: I3442cebfb2e7c2550733eb95a12fab42e1229ce7
2017-05-27 17:52:55 -07:00 · 2017-05-27 17:52:55 -07:00 · 35649ae0d2
parent 9b2a2fa55d
commit 35649ae0d2
3 changed files with 28 additions and 3 deletions
--- a/files/rpms-suse/general
+++ b/files/rpms-suse/general
@ -1,3 +1,5 @@
+apache2
+apache2-devel
 bc
 bridge-utils
 ca-certificates-mozilla
@ -23,9 +25,11 @@ python-cmd2 # dist:opensuse-12.3
 python-devel  # pyOpenSSL
 python-xml
 screen
+systemd-devel # for systemd-python
 tar
 tcpdump
 unzip
 util-linux
 wget
+which
 zlib-devel
--- a/lib/apache
+++ b/lib/apache
@ -53,8 +53,15 @@ APACHE_LOG_DIR="/var/log/${APACHE_NAME}"
 function enable_apache_mod {
    local mod=$1
    # Apache installation, because we mark it NOPRIME
-    if is_ubuntu || is_suse ; then
-        if ! a2query -m $mod ; then
+    if is_ubuntu; then
+        # Skip mod_version as it is not a valid mod to enable
+        # on debuntu, instead it is built in.
+        if [[ "$mod" != "version" ]] && ! a2query -m $mod ; then
+            sudo a2enmod $mod
+            restart_apache_server
+        fi
+    elif is_suse; then
+        if ! a2enmod -q $mod ; then
            sudo a2enmod $mod
            restart_apache_server
        fi
@ -96,7 +103,7 @@ function install_apache_uwsgi {
    # delete the temp directory
    sudo rm -rf $dir

-    if is_ubuntu; then
+    if is_ubuntu || is_suse ; then
        # we've got to enable proxy and proxy_uwsgi for this to work
        sudo a2enmod proxy
        sudo a2enmod proxy_uwsgi
@ -171,6 +178,8 @@ function apache_site_config_for {
 # enable_apache_site() - Enable a particular apache site
 function enable_apache_site {
    local site=$@
+    # Many of our sites use mod version. Just enable it.
+    enable_apache_mod version
    if is_ubuntu; then
        sudo a2ensite ${site}
    elif is_fedora || is_suse; then
--- a/lib/tls
+++ b/lib/tls
@ -212,6 +212,9 @@ function init_CA {
    if is_fedora; then
        sudo cp $INT_CA_DIR/ca-chain.pem /usr/share/pki/ca-trust-source/anchors/devstack-chain.pem
        sudo update-ca-trust
+    elif is_suse; then
+        sudo cp $INT_CA_DIR/ca-chain.pem /usr/share/pki/trust/anchors/devstack-chain.pem
+        sudo update-ca-certificates
    elif is_ubuntu; then
        sudo cp $INT_CA_DIR/ca-chain.pem /usr/local/share/ca-certificates/devstack-int.crt
        sudo cp $ROOT_CA_DIR/cacert.pem /usr/local/share/ca-certificates/devstack-root.crt
@ -354,6 +357,9 @@ function fix_system_ca_bundle_path {
            elif is_ubuntu; then
                sudo rm -f $capath
                sudo ln -s /etc/ssl/certs/ca-certificates.crt $capath
+            elif is_suse; then
+                sudo rm -f $capath
+                sudo ln -s /etc/ssl/ca-bundle.pem $capath
            else
                echo "Don't know how to set the CA bundle, expect the install to fail."
            fi
@ -416,6 +422,9 @@ function enable_mod_ssl {

    if is_ubuntu; then
        sudo a2enmod ssl
+    elif is_suse; then
+        sudo a2enmod ssl
+        sudo a2enflag SSL
    elif is_fedora; then
        # Fedora enables mod_ssl by default
        :
@ -522,6 +531,9 @@ $listen_string
    LogFormat "%v %h %l %u %t \"%r\" %>s %b"
 </VirtualHost>
 EOF
+    if is_suse ; then
+        sudo a2enflag SSL
+    fi
    for mod in ssl proxy proxy_http; do
        enable_apache_mod $mod
    done