← Back to team overview

launchpad-reviewers team mailing list archive

  1. launchpad-reviewers team
  2. Mailing list archive
  3. Message #32796

[Merge] ~lgp171188/turnip:setup-haproxy-for-cgit-dev-environment into turnip:master

  Thread PreviousDate PreviousThread Next 
Guruprasad has proposed merging ~lgp171188/turnip:setup-haproxy-for-cgit-dev-environment into turnip:master.

Commit message:
Add docs and changes for setting up cgit in the dev environment

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)

For more details, see:
https://code.launchpad.net/~lgp171188/turnip/+git/turnip/+merge/489676
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of ~lgp171188/turnip:setup-haproxy-for-cgit-dev-environment into turnip:master.

diff --git a/Makefile b/Makefile
index 1f350bd..ea88d75 100644
--- a/Makefile
+++ b/Makefile
@@ -170,5 +170,19 @@ publish-tarball: build-tarball
 		$(SWIFT_CONTAINER_NAME) $(SWIFT_OBJECT_PATH) \
 		$(TARBALL_BUILD_PATH) turnip=$(TARBALL_BUILD_LABEL)
 
+copy-certificates:
+	mkdir -p /var/lib/haproxy
+	cat turnip.crt turnip.key > /var/lib/haproxy/default.pem
+
+copy-haproxy-turnip-http-config:
+	cat /etc/haproxy/haproxy.cfg haproxy-turnip-http.cfg > /tmp/haproxy.cfg
+	mv /tmp/haproxy.cfg /etc/haproxy/
+
+reload-haproxy: copy-certificates copy-haproxy-turnip-http-config
+	systemctl reload haproxy
+
+install: reload-haproxy
+
 .PHONY: build check clean dist run-api run-pack test
 .PHONY: build-tarball publish-tarball
+.PHONY: copy-certificates copy-haproxy-turnip-http-config install reload-haproxy
diff --git a/dependencies-devel.txt b/dependencies-devel.txt
index a57b98c..e62e1f8 100644
--- a/dependencies-devel.txt
+++ b/dependencies-devel.txt
@@ -1,2 +1,3 @@
 python3-swiftclient
 rabbitmq-server
+haproxy
diff --git a/docs/development.rst b/docs/development.rst
index 9d2d23a..f1dddb6 100644
--- a/docs/development.rst
+++ b/docs/development.rst
@@ -76,6 +76,15 @@ Start the HTTP API with:
 
    make run-api
 
+Setting up cgit
+---------------
+
+From the top-level directory of the turnip repository, run
+
+.. code:: bash
+
+   sudo make install
+
 
 Running Launchpad locally as a Git client to turnip
 ---------------------------------------------------
diff --git a/haproxy-turnip-http.cfg b/haproxy-turnip-http.cfg
new file mode 100644
index 0000000..10933d0
--- /dev/null
+++ b/haproxy-turnip-http.cfg
@@ -0,0 +1,8 @@
+
+frontend turnip-https
+    bind 0.0.0.0:443 ssl crt /var/lib/haproxy/default.pem no-sslv3
+    default_backend turnip-pack-frontend-http
+    option httplog
+
+backend turnip-pack-frontend-http
+    server turnip-pack-frontend-http 127.0.0.1:9419 check
diff --git a/turnip.crt b/turnip.crt
new file mode 100644
index 0000000..b81655f
--- /dev/null
+++ b/turnip.crt
@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFGzCCAwOgAwIBAgIUH37ShUXsEO6utMvD/Kzjo5MINW0wDQYJKoZIhvcNAQEL
+BQAwHTEbMBkGA1UEAwwSZ2l0LmxhdW5jaHBhZC50ZXN0MB4XDTI1MDcyNDEwMjAy
+MloXDTM1MDcyMjEwMjAyMlowHTEbMBkGA1UEAwwSZ2l0LmxhdW5jaHBhZC50ZXN0
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAybMIGwqb/CN775ciiE4Z
+ySHnQy2fGF3MnwE4UDy1nn66eZHf+wic63BGBCuZ4R1QNH3Q+FXF2bQ/+vadsZmW
+9ViVx9CeGFUuzG9W9zoaBD5fXgzRwrXzxOCOb2kIJt/xfATkun/eYC0BWCll49m3
+WDZO3LlWwp0Q+wmKWPjSQtExwwPaQgiQN7w8XasU9RMrOV8JEgCYgotGvziPY4dQ
+PqTTbX8Rm01mzwle6rjPLo6nXmwsmf4k+hBQMzff6+Zlbn+kNJWla5s7azmlsros
+O7HP+hNaskmnQstV/fEMt2C5bJ+GildTNdkwysuErnRCDSbU3aMpoRFoDe/ERGrh
+iVWvr1pUigc1JRnGcvl9ZanRujPmVQ8U3xlEwKBfTsrtX+ooBsPCgbyOjyYBMaFk
+MH2GrUgQH7PCvklsJPEOe9bR1AP0LwpaPnCgHLhOlALuA4KfgP03vdVYWM02IbLk
+J1mW10GYlmYK6mg2R9Te5Xu0GKa+N6tmUkQM0wmGhoYQrCoYv6hYL4rvtxYakQhW
+NswikeQGUDub/I2wbdq56mfD5KghxnYHw+ueu0bznh6gYZoAiiDXUVhQUDBdNJY5
+NIwD0OI4s6+z3NU9VNq0hWvx7EGacZ7bogq97mVk+LJA5qj4OyPWmLSaM5P8VINY
+mso7nekpTxpKlgNqJaNG2PMCAwEAAaNTMFEwHQYDVR0OBBYEFMN8FMT8HAb7HsLX
+xmDQBIXYkxwKMB8GA1UdIwQYMBaAFMN8FMT8HAb7HsLXxmDQBIXYkxwKMA8GA1Ud
+EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAEt/2avQ/Ua49lwLusL6PJpW
+z3Vuv9FDqLy6VqGcH0CpoEvQVtTeb+inkG/aSo7CE1yxjt+8ru0uh76zHJuCU7o5
+74p5LIV37bGGM4ycKhRuURp86OIVB5kvoYC15HbvkXrw7rcxWunhbLOjqFURJhk9
+kEg0n0CYXigNGf54mmVBxLT8KI9qmUTCQBbKlg5rCphhmdrRhKlFz+XtD6rK3dls
+pgpuDha/gWljBGyUpiB5Gah29uvAcvr63UuUUh9rN6hCHJBfuuaUDj0zB1H13UgF
+1nZBkyyC+KJEUBXjhG8de5hS10ITdQgWfk+BhgCIfd9uGZAYFtV/XOerpk1W9W9o
+iyzoYBUNYwejRepQSh1aQziWw5dLm5RwKdiSJTZ4jiYTmCyo0+4zbBBwyfYKA2fs
+1f7dB9EnvXpvimPRn7Yo0HQjzI37bmj0OyB26qKLyDw60GHYUOJ1rwRzbmy8V/kW
+BGaYHzFR16W/bFpT+CEQV2jpYjLdvfbIiNQUEd9WLeUkZUv9ckuUnKx7GAOGDgOS
++zPaKGLkH+iO34KPycAMya7kkS1/NqiSIUWWRmK9x9Yw0ajq1zFEblvXywwrFmmn
+zISVTRmDsfe04uT/4eiDw0R1HlaXJCwcCcTf7pIhXzRhNzdi+G5M3/nFe+dVwaDM
+e77krx8O98c3wJS7Ab+Y
+-----END CERTIFICATE-----
diff --git a/turnip.key b/turnip.key
new file mode 100644
index 0000000..cedb38b
--- /dev/null
+++ b/turnip.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDJswgbCpv8I3vv
+lyKIThnJIedDLZ8YXcyfAThQPLWefrp5kd/7CJzrcEYEK5nhHVA0fdD4VcXZtD/6
+9p2xmZb1WJXH0J4YVS7Mb1b3OhoEPl9eDNHCtfPE4I5vaQgm3/F8BOS6f95gLQFY
+KWXj2bdYNk7cuVbCnRD7CYpY+NJC0THDA9pCCJA3vDxdqxT1Eys5XwkSAJiCi0a/
+OI9jh1A+pNNtfxGbTWbPCV7quM8ujqdebCyZ/iT6EFAzN9/r5mVuf6Q0laVrmztr
+OaWyuiw7sc/6E1qySadCy1X98Qy3YLlsn4aKV1M12TDKy4SudEINJtTdoymhEWgN
+78REauGJVa+vWlSKBzUlGcZy+X1lqdG6M+ZVDxTfGUTAoF9Oyu1f6igGw8KBvI6P
+JgExoWQwfYatSBAfs8K+SWwk8Q571tHUA/QvClo+cKAcuE6UAu4Dgp+A/Te91VhY
+zTYhsuQnWZbXQZiWZgrqaDZH1N7le7QYpr43q2ZSRAzTCYaGhhCsKhi/qFgviu+3
+FhqRCFY2zCKR5AZQO5v8jbBt2rnqZ8PkqCHGdgfD6567RvOeHqBhmgCKINdRWFBQ
+MF00ljk0jAPQ4jizr7Pc1T1U2rSFa/HsQZpxntuiCr3uZWT4skDmqPg7I9aYtJoz
+k/xUg1iayjud6SlPGkqWA2olo0bY8wIDAQABAoICAQCyDDRPiqH/hWNWMFfvcuIY
+RrFa/969J7AFfJI1YiIA82WxAzBw7T14J/fmnoaLzdCLRbU+QpkQgKkp5KF3sVks
+4zH03Rdx62AQXwip3MQyksykvTQ9aVjypjeV6WWky3LkQ32VlGK9C31wUbr706ih
+We9rsMABs5zVvao+uAcDrJ78w13bhKuqR6QSG3+4h19UmavsFFKMil29VzRca4pO
+gjmRIuZr7Xufr2n2UYWyV4MvOtZ0aYBCrjvduqkUGKHZVRuiv6bywmlFUfIPP4Dk
+gSZSXttlHtdjgxM5w5uyFNQaKwgc/tEZa8xCeD17smzMJ0cpD2skH7V29/yNWLwV
+aZHBG3BMvg27H6wqMzkhO9ksgOnkVc2WW3KG5Th6EKICTGHOfuLHJ5tWoKJGWGYD
+tWEpfRhaTDDDkpDGkavWDtsHrYIzBqe0YF9wbNowlAKAQCQLjyGS5JgT/L98YsWL
+/e4CzT0seGF3PGYG9zQw50w56X3Oj5/XkMAbN0Uy7MjLNho7pk1BCLlh4aobrVj0
+Sx7xHjND74GuDuGm9d9h/sdCApOfTJQYigvub4iL+c2xwWox9Um644SQUkC5WjuF
+D91vijMZ79TsR5CeVHNxZJ7F2non0RpqZWrtGzonA3yV6shJtUYUQYPPyXyfCt8B
+Qm+4tvwTGmNYUfoU2XW7YQKCAQEA8LJfiBHJcqvvmFydC/1UWxugrwd8Ti8SgWqo
+pfSe+cxZJh67D414k4tFUb8SpJmBguFiQ2n7CVX+py/clB6hbp7cj/EujBg5+xN6
+a3bIMEzaAd3peCyyxR+So1WyL5yLjICtCKDmqpRonrubn1Yb8WXtkDuiYbnx9met
+GlCi2lJpcttN3oDE49Vh51LaVWEjNd2sIHLvVuqiwTEj7VaFturKequiW384cfOi
+0UE+twLgy9Xs2DiBLnx8TaJw8yg8jf7/hAtwj5BmyqIyvhwf4LcRExStQO0bEGjz
+qvib4FNuY4pewKVZTW+K4Dq3yfrwEXXq3AvGGfx/wOCISRu4nwKCAQEA1oXtyqS0
+hBBPe8ChPI2NoVx7NzVgzLaFWEAtyT97wVuQ8RVNMA0Bm/uz6EqD+UkUxsMa/LYK
+cvlKUaBokRtcndOIaqPTKKonHbiZHMZj8owdghUaeG970pf/09+CmfsPYvtdBpw0
+GzILNEcGonvP/EXYAzxUjSLrP5Mlp2qFOxTwbonQTk6K9v3S2/7luzPw28yodm+Y
+vkso6HKEyHR5iEFxOEBgdf5jhCCNiDvIVvOrm9Ow2EcW5/eHrFl3mdcuI+wBLZhr
+YX5DapLAqqZ+4/YCNJf8/luUzXSrZ0m/nbagwTKmrX/UlU+lnddqq3ZJl/gdHg0V
+Eh5Rx8HjpG17LQKCAQB+y7h/mb8hZWnGPaONmVpC1H8FNVBKb4m0G1fUdNT6iqe7
+6RxpyQDn2MofkiRkCWmsZMa69K2F8YNA13m/nZM1DwLp4QfATVLd7RjkW6KBrzp5
+GUnQQNu79DHvUUmYw0LQNUjx7rEU0zF5zSLiAR6fQC6xeHjGOoo4X81Uu33OvPNH
+yjdvKy6NRu9YSNEzgQRnb+so/OMQSnKKizR95sJx5aXckWXqBU7a2JnA2joLdryt
+JHisPrfuoS1qSFRwA5ZCxz4bdVtKhatgu6k3dOFmI4ofHxlVxpInRuJ2Apk6xziz
+v0TC/1fX7xadoNEI2eR1jkS2vo0RS26RULb6rFvJAoIBAQCGb1u7eEgf0tDcrrTc
+a6DsFDarPGozH9aknWOUEJKPc8B7NGwwxpXRmIT/92KJIEFC5hXNdI9LyenHCY0+
+EjWSOnPs0EmN3EOzHnHlVHZiE2iSkoMKImMocFTEA/emY20bDIcZk14cBNp8ol4I
+CSsn3uUl8fLSl6VxK9eW+OwRQGgD/Z1q1VHEwwAXGcAB9uTj+XdA8WJ5LkSulsWb
+kVJwDwLSy5UnnInkzTmkvEIqK33Jo3nZr4MtTzPY0CBhajXiEQ4T8saoTCYXbWwM
+BVbTqOFs8Cp9hArWTlzz14WbYk2PhRxq8gbYoxcYuVyBoxkvgS9OG8iumA2L73en
+HWzpAoIBAGHljI3dE3eA450RaMfoQkEyH7dUbGNcrKdnkTY1q2aR9E0yLY6QAaZN
+FbKZ1AVHL/ncradQf08MRn8V0xzVUVzi4TrxpdvchY0tWewNDJ6r/aFxPYbm8C3k
+6u54FTTgGqBIcC9CjVFZfGhfwSaDbcMAi0/Sr7PzzYTy8AgQyCvyKDYGZmIJxYNz
+hyA/xTw7WdjSZ8whUGp766LbOxBa2lhcXpOKlBXD0QNfIbYF5BwPP/P7KoT/aa4P
+j6pLWDPksCGjoftmfyHfJXxTPbzQ81e5J+IKAn61rg5XUJ+Y0aiPcwp7E0CJSmM7
+mQlWZ8RBlw+eOX+TiluOjDtF5Dx+LZ4=
+-----END PRIVATE KEY-----
diff --git a/utilities/make-dev-certificate b/utilities/make-dev-certificate
new file mode 100755
index 0000000..47b269e
--- /dev/null
+++ b/utilities/make-dev-certificate
@@ -0,0 +1,52 @@
+#! /usr/bin/python3
+#
+# Copyright 2025 Canonical Ltd.  This software is licensed under the
+# GNU Affero General Public License version 3 (see the file LICENSE).
+
+"""Make a new local development SSL certificate.
+
+This is a very occasional maintenance utility.  It writes new versions of
+turnip.key and turnip.crt, and these changes should be committed.
+"""
+
+import subprocess
+import sys
+from pathlib import Path
+
+vhosts = [
+    "git.launchpad.test",
+]
+
+
+def main():
+    """Run the script."""
+    repository_root = Path(__file__).parents[1]
+    key = str(repository_root / "turnip.key")
+    certificate = str(repository_root / "turnip.crt")
+    subprocess.check_call(
+        [
+            "openssl",
+            "req",
+            "-new",
+            "-newkey",
+            "rsa:4096",
+            "-nodes",
+            "-sha256",
+            "-subj",
+            "/CN=%s/" % vhosts[0],
+            "-x509",
+            "-days",
+            "3650",
+            "-keyout",
+            key,
+            "-out",
+            certificate,
+        ]
+    )
+    print("Created new local key and self-signed certificate.")
+    subprocess.check_call(["openssl", "x509", "-in", certificate, "-text"])
+    return 0
+
+
+if __name__ == "__main__":
+    sys.exit(main())

Follow ups

  Thread PreviousDate PreviousThread Next