Make stack.sh work on SUSE
This adds packages to suse for systemd python linkages as well as
apache2 and which. And configures mod_proxy and mod_proxy_uwsgi with
a2enmod.
We also properly query if apache mods are enabled to avoid running
into systemd service restart limits. Enable mod_version across the board
as we use it and it may not be enabled by default (like in SUSE).
Also in addition to enabling mod_ssl we enable the SSL flag so that TLS
will work...
Finally we tell the system to trust the devstack CA.
Change-Id: I3442cebfb2e7c2550733eb95a12fab42e1229ce7
diff --git a/files/rpms-suse/general b/files/rpms-suse/general
index 1044c25..370f240 100644
--- a/files/rpms-suse/general
+++ b/files/rpms-suse/general
@@ -1,3 +1,5 @@
+apache2
+apache2-devel
bc
bridge-utils
ca-certificates-mozilla
@@ -23,9 +25,11 @@
python-devel # pyOpenSSL
python-xml
screen
+systemd-devel # for systemd-python
tar
tcpdump
unzip
util-linux
wget
+which
zlib-devel
diff --git a/lib/apache b/lib/apache
index 34ac660..43d5000 100644
--- a/lib/apache
+++ b/lib/apache
@@ -53,8 +53,15 @@
function enable_apache_mod {
local mod=$1
# Apache installation, because we mark it NOPRIME
- if is_ubuntu || is_suse ; then
- if ! a2query -m $mod ; then
+ if is_ubuntu; then
+ # Skip mod_version as it is not a valid mod to enable
+ # on debuntu, instead it is built in.
+ if [[ "$mod" != "version" ]] && ! a2query -m $mod ; then
+ sudo a2enmod $mod
+ restart_apache_server
+ fi
+ elif is_suse; then
+ if ! a2enmod -q $mod ; then
sudo a2enmod $mod
restart_apache_server
fi
@@ -96,7 +103,7 @@
# delete the temp directory
sudo rm -rf $dir
- if is_ubuntu; then
+ if is_ubuntu || is_suse ; then
# we've got to enable proxy and proxy_uwsgi for this to work
sudo a2enmod proxy
sudo a2enmod proxy_uwsgi
@@ -171,6 +178,8 @@
# enable_apache_site() - Enable a particular apache site
function enable_apache_site {
local site=$@
+ # Many of our sites use mod version. Just enable it.
+ enable_apache_mod version
if is_ubuntu; then
sudo a2ensite ${site}
elif is_fedora || is_suse; then
diff --git a/lib/tls b/lib/tls
index 238687c..de7a3af 100644
--- a/lib/tls
+++ b/lib/tls
@@ -212,6 +212,9 @@
if is_fedora; then
sudo cp $INT_CA_DIR/ca-chain.pem /usr/share/pki/ca-trust-source/anchors/devstack-chain.pem
sudo update-ca-trust
+ elif is_suse; then
+ sudo cp $INT_CA_DIR/ca-chain.pem /usr/share/pki/trust/anchors/devstack-chain.pem
+ sudo update-ca-certificates
elif is_ubuntu; then
sudo cp $INT_CA_DIR/ca-chain.pem /usr/local/share/ca-certificates/devstack-int.crt
sudo cp $ROOT_CA_DIR/cacert.pem /usr/local/share/ca-certificates/devstack-root.crt
@@ -354,6 +357,9 @@
elif is_ubuntu; then
sudo rm -f $capath
sudo ln -s /etc/ssl/certs/ca-certificates.crt $capath
+ elif is_suse; then
+ sudo rm -f $capath
+ sudo ln -s /etc/ssl/ca-bundle.pem $capath
else
echo "Don't know how to set the CA bundle, expect the install to fail."
fi
@@ -416,6 +422,9 @@
if is_ubuntu; then
sudo a2enmod ssl
+ elif is_suse; then
+ sudo a2enmod ssl
+ sudo a2enflag SSL
elif is_fedora; then
# Fedora enables mod_ssl by default
:
@@ -522,6 +531,9 @@
LogFormat "%v %h %l %u %t \"%r\" %>s %b"
</VirtualHost>
EOF
+ if is_suse ; then
+ sudo a2enflag SSL
+ fi
for mod in ssl proxy proxy_http; do
enable_apache_mod $mod
done