Merge branch 'master' into openstack

CHANGES.txt

 Changes
 =======
 
+0.83.1 (2013-09-10)
+------------------
+
+ * slapconfiguration: fixes previous releasei (don't encode tap_set because it's not a string). [Cedric de Saint Martin]
+
+0.83 (2013-09-10)
+-----------------
+
+ * slaprunner recipe: remove trailing / from master_url. [Cedric de Saint Martin]
+ * librecipe: add pidfile option for singletons. [Cedric de Saint Martin]
+ * Resiliency: Use new pidfile option. [Cedric de Saint Martin]
+ * Fix request.py for slave instances. [Cedric de Saint Martin]
+ * slapconfiguration recipe: cast some parameters from unicode to str. [Cedric de Saint Martin]
+
+0.82 (2013-08-30)
+-----------------
+
+ * Certificate Authority: Can receice certificate to install. [Cedric Le Ninivin]
+ * Squid: Add squid recipe. [Romain Courteaud]
+ * Request: Trasmit instace state to requested instances. [Benjamin Blanc / Cédric Le Ninivin]
+ * Slapconfiguration: Now return instance state. [Cédric Le Ninivin]
+ * Apache Frontend: Remove recipe
+
 0.81 (2013-08-12)
 -----------------
 

component/apache/buildout.cfg

@@ -21,9 +21,9 @@ md5sum = ffee70a111fd07372982b0550bbb14b7
 
 [apr-util]
 recipe = hexagonit.recipe.download
-version = 1.5.1
+version = 1.5.2
 url = http://mir2.ovh.net/ftp.apache.org/dist/apr/apr-util-${:version}.tar.bz2
-md5sum = 9c1db8606e520f201c451ec9a0b095f6
+md5sum = 89c1348aa79e898d7c34a6206311c9c2
 
 [apache]
 # inspired on http://old.aclark.net/team/aclark/blog/a-lamp-buildout-for-wordpress-and-other-php-apps/

component/faketime/buildout.cfg

+#  faketime - report faked system time to programs without having to change the system-wide time
+#  http://www.code-wizards.com/projects/libfaketime
+
+[buildout]
+parts = faketime
+
+[faketime]
+recipe = slapos.recipe.cmmi
+url = http://www.code-wizards.com/projects/libfaketime/libfaketime-0.9.1.tar.gz
+md5sum = ce3f996dfd5826b4ac62f1a7cc36ea27
+configure-command = true
+make-options =
+  PREFIX=${buildout:parts-directory}/${:_buildout_section_name_}
+make-binary = make -e -C src
+make-targets = install
+post-install = sed -i -e "16c\FTPL_PATH=${buildout:parts-directory}/${:_buildout_section_name_}/lib/faketime" ${buildout:parts-directory}/${:_buildout_section_name_}/bin/faketime

component/make/buildout.cfg

+[buildout]
+extends =
+  ../autoconf/buildout.cfg
+  ../automake/buildout.cfg
+
+[make]
+# make 3.82 breaks too many things. Stick with 3.81.
+# See http://lists.gnu.org/archive/html/make-alpha/2010-07/msg00025.html
+# for all incompatible changes.
+# Moreover, vanilla 3.81 does some seg faults, so use Debian patched version.
+<= make3.81-debian
+
+[make-dfsg_3.81-8.2.diff]
+# Debian patch coming from:
+# http://ftp.de.debian.org/debian/pool/main/m/make-dfsg/make-dfsg_3.81-8.2.diff.gz
+recipe = hexagonit.recipe.download
+url = ${:_profile_base_location_}/${:_buildout_section_name_}
+md5sum = fa77bb989a096fafbe7c78582e9415e3
+download-only = true
+
+[make3.81-debian]
+recipe = slapos.recipe.cmmi
+url = http://ftp.de.debian.org/debian/pool/main/m/make-dfsg/make-dfsg_3.81.orig.tar.gz
+md5sum = 7c93b1ab4680eb21c2c13f4f47741e2d
+patches =
+  ${make-dfsg_3.81-8.2.diff:location}/make-dfsg_3.81-8.2.diff
+patch-options = -p1

component/qemu-kvm/buildout.cfg

@@ -56,7 +56,7 @@ configure-options =
 
 [debian-amd64-netinst.iso]
 # Download the installer of Debian 7 (Wheezy)
-recipe = slapos.recipe.download
+recipe = hexagonit.recipe.download
 url = http://cdimage.debian.org/debian-cd/7.1.0/amd64/iso-cd/debian-7.1.0-amd64-netinst.iso
 filename = ${:_buildout_section_name_}
 md5sum = 80f498a1f9daa76bc911ae13692e4495

component/squid/buildout.cfg

+# Squid: Optimising Web Delivery
+# http://squid-cache.org
+
+[buildout]
+parts =
+  squid
+extends =
+  ../pkgconfig/buildout.cfg
+
+[squid]
+recipe = hexagonit.recipe.cmmi
+url = http://www.squid-cache.org/Versions/v3/3.2/squid-3.2.1.tar.gz
+md5sum = 3fb81acc6b70a432e3f0d8a0491056dc
+configure-options =
+  --disable-dependency-tracking
+  --disable-translation
+  --disable-htcp
+  --disable-snmp
+  --disable-loadable-modules
+  --disable-icmp
+  --disable-esi
+  --disable-icap-client
+  --disable-wccp
+  --disable-wccpv2
+  --disable-eui
+  --enable-http-violations
+  --disable-ipfw-transparent 
+  --disable-ipf-transparent
+  --disable-pf-transparent
+  --disable-linux-netfilter
+  --enable-follow-x-forwarded-for
+  --disable-auth
+  --disable-url-rewrite-helpers
+  --disable-auto-locale
+  --disable-kerberos
+  --enable-x-accelerator-vary
+  --disable-external-acl-helpers
+  --disable-auth-ntlm
+  --with-krb5-config=no
+Environment =
+  PATH=${pkgconfig:location}/bin:%(PATH)s

component/texinfo/buildout.cfg

+[buildout]
+extends =
+  ../ncurses/buildout.cfg
+
+[texinfo]
+# Most other components are not happy with texinfo 5, because it treats some
+# used-to-be-warnings as errors.
+<= texinfo4
+
+[texinfo4]
+recipe = slapos.recipe.cmmi
+url = http://ftp.gnu.org/gnu/texinfo/texinfo-4.13.tar.gz
+md5sum = 71ba711519209b5fb583fed2b3d86fcb
+configure-options =
+  --disable-static
+environment =
+  CFLAGS=-I${ncurses:location}/include
+  LDFLAGS=-L${ncurses:location}/lib -Wl,-rpath=${ncurses:location}/lib

component/zeromq/buildout.cfg

+[buildout]
+extends =
+  ../libtool/buildout.cfg
+  ../libuuid/buildout.cfg
+
+[zeromq]
+<= zeromq3
+
+[zeromq3]
+recipe = slapos.recipe.cmmi
+url = http://download.zeromq.org/zeromq-3.2.3.tar.gz
+md5sum = 1abf8246363249baf5931a065ee38203
+configure-options = --without-documentation
+environment =
+  PATH=${libtool:location}/bin:%(PATH)s
+  LDFLAGS=-L${libtool:location}/lib -Wl,-rpath -Wl,${libtool:location}/lib -L${libuuid:location}/lib -Wl,-rpath -Wl,${libuuid:location}/lib
+
+[zeromq2]
+recipe = slapos.recipe.cmmi
+url = http://download.zeromq.org/zeromq-2.2.0.tar.gz
+md5sum = 1b11aae09b19d18276d0717b2ea288f6
+configure-options =
+  --without-documentation
+environment =
+  PATH=${libtool:location}/bin:%(PATH)s
+  CXXFLAGS=-I${libuuid:location}/include
+  LDFLAGS=-L${libtool:location}/lib -Wl,-rpath -Wl,${libtool:location}/lib -L${libuuid:location}/lib -Wl,-rpath -Wl,${libuuid:location}/lib

setup.py

@@ -28,7 +28,7 @@ from setuptools import setup, find_packages
 import glob
 import os
 
-version = '0.82-dev'
+version = '0.83.1'
 name = 'slapos.cookbook'
 long_description = open("README.txt").read() + "\n" + \
     open("CHANGES.txt").read() + "\n"
@@ -70,7 +70,6 @@ setup(name=name,
         'zc.buildout': [
           'addresiliency = slapos.recipe.addresiliency:Recipe',
           'agent = slapos.recipe.agent:Recipe',
-          'apache.frontend = slapos.recipe.apache_frontend:Recipe',
           'apache.zope.backend = slapos.recipe.apache_zope_backend:Recipe',
           'apacheperl = slapos.recipe.apacheperl:Recipe',
           'apachephp = slapos.recipe.apachephp:Recipe',
@@ -191,6 +190,7 @@ setup(name=name,
           'slaprunner.import = slapos.recipe.slaprunner.backup:ImportRecipe',
           'softwaretype = slapos.recipe.softwaretype:Recipe',
           'sphinx= slapos.recipe.sphinx:Recipe',
+          'squid = slapos.recipe.squid:Recipe',
           'sshkeys_authority = slapos.recipe.sshkeys_authority:Recipe',
           'sshkeys_authority.request = slapos.recipe.sshkeys_authority:Request',
           'stunnel = slapos.recipe.stunnel:Recipe',

slapos/recipe/addresiliency/takeover.py

@@ -3,6 +3,7 @@ import logging
 import time
 
 import slapos
+from slapos.slap.slap import NotFoundError
 
 log = logging.getLogger(__name__)
 logging.basicConfig(level=logging.DEBUG)
@@ -58,8 +59,15 @@ def takeover(server_url, key_file, cert_file, computer_guid,
   log.debug("Renaming {}: {}".format(cp_winner.getId(), cp_exporter_ref))
 
   # update name (and later, software type) for the partition that will take over
+  while True:
+    time.sleep(10)
+    try:
+      cp_winner.rename(new_name=cp_exporter_ref)
+      break
+    except NotFoundError:
+      log.warning('Impossible to rename. Retrying in a few seconds...')
+  log.debug('Renamed.')
 
-  cp_winner.rename(new_name=cp_exporter_ref)
   cp_winner.bang(message='partitions have been renamed!')
   # Note: Root instance will reconfigure itself the winning instance (software_type
   # and parameters.)

slapos/recipe/apache_frontend/certificate_authority.py

-import os
-import subprocess
-import time
-import ConfigParser
-import uuid
-
-
-def popenCommunicate(command_list, input=None):
-  subprocess_kw = dict(stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
-  if input is not None:
-    subprocess_kw.update(stdin=subprocess.PIPE)
-  popen = subprocess.Popen(command_list, **subprocess_kw)
-  result = popen.communicate(input)[0]
-  if popen.returncode is None:
-    popen.kill()
-  if popen.returncode != 0:
-    raise ValueError('Issue during calling %r, result was:\n%s' % (
-      command_list, result))
-  return result
-
-
-class CertificateAuthority:
-  def __init__(self, key, certificate, openssl_binary,
-      openssl_configuration, request_dir):
-    self.key = key
-    self.certificate = certificate
-    self.openssl_binary = openssl_binary
-    self.openssl_configuration = openssl_configuration
-    self.request_dir = request_dir
-
-  def checkAuthority(self):
-    file_list = [ self.key, self.certificate ]
-    ca_ready = True
-    for f in file_list:
-      if not os.path.exists(f):
-        ca_ready = False
-        break
-    if ca_ready:
-      return
-    for f in file_list:
-      if os.path.exists(f):
-        os.unlink(f)
-    try:
-      # no CA, let us create new one
-      popenCommunicate([self.openssl_binary, 'req', '-nodes', '-config',
-          self.openssl_configuration, '-new', '-x509', '-extensions', 'v3_ca',
-          '-keyout', self.key, '-out', self.certificate, '-days', '10950'],
-          # Authority name will be random, so no instance has the same issuer
-          'Certificate Authority %s\n' % uuid.uuid1())
-    except:
-      try:
-        for f in file_list:
-          if os.path.exists(f):
-            os.unlink(f)
-      except:
-        # do not raise during cleanup
-        pass
-      raise
-
-  def _checkCertificate(self, common_name, key, certificate):
-    file_list = [key, certificate]
-    ready = True
-    for f in file_list:
-      if not os.path.exists(f):
-        ready = False
-        break
-    if ready:
-      return False
-    for f in file_list:
-      if os.path.exists(f):
-        os.unlink(f)
-    csr = certificate + '.csr'
-    try:
-      popenCommunicate([self.openssl_binary, 'req', '-config',
-        self.openssl_configuration, '-nodes', '-new', '-keyout',
-        key, '-out', csr, '-days', '3650'],
-        common_name + '\n')
-      try:
-        popenCommunicate([self.openssl_binary, 'ca', '-batch', '-config',
-          self.openssl_configuration, '-out', certificate,
-          '-infiles', csr])
-      finally:
-        if os.path.exists(csr):
-          os.unlink(csr)
-    except:
-      try:
-        for f in file_list:
-          if os.path.exists(f):
-            os.unlink(f)
-      except:
-        # do not raise during cleanup
-        pass
-      raise
-    else:
-      return True
-
-  def checkRequestDir(self):
-    for request_file in os.listdir(self.request_dir):
-      parser = ConfigParser.RawConfigParser()
-      parser.readfp(open(os.path.join(self.request_dir, request_file), 'r'))
-      if self._checkCertificate(parser.get('certificate', 'name'),
-          parser.get('certificate', 'key_file'), parser.get('certificate',
-            'certificate_file')):
-        print 'Created certificate %r' % parser.get('certificate', 'name')
-
-def runCertificateAuthority(args):
-  ca_conf = args[0]
-  ca = CertificateAuthority(ca_conf['key'], ca_conf['certificate'],
-      ca_conf['openssl_binary'], ca_conf['openssl_configuration'],
-      ca_conf['request_dir'])
-  while True:
-    ca.checkAuthority()
-    ca.checkRequestDir()
-    time.sleep(60)

slapos/recipe/apache_frontend/template/apache.conf.path-protected.in

-<Directory %(path)s>
-  Order Deny,Allow
-  Allow from %(access_control_string)s
-</Directory>
-
-<Directory %(document_root)s>
-  Order Allow,Deny
-  Allow from All
-</Directory>

slapos/recipe/apache_frontend/template/apache.location-snippet.conf.in

-<Location %(location)s>
-  Order Deny,Allow
-  Deny from all
-  Allow from %(allow_string)s
-</Location>

slapos/recipe/apache_frontend/template/apache.ssl-snippet.conf.in

-SSLCertificateFile %(login_certificate)s
-SSLCertificateKeyFile %(login_key)s
-SSLRandomSeed startup builtin
-SSLRandomSeed connect builtin
-SSLSessionCache shmcb:/%(httpd_mod_ssl_cache_directory)s/ssl_scache(512000)
-SSLSessionCacheTimeout  300
-SSLRandomSeed startup /dev/urandom 256
-SSLRandomSeed connect builtin
-SSLProtocol -ALL +SSLv3 +TLSv1
-SSLHonorCipherOrder On
-SSLCipherSuite RC4-SHA:HIGH:!ADH
-<FilesMatch "\.(cgi|shtml|phtml|php)$">
-      SSLOptions +StdEnvVars
-</FilesMatch>
-# Accept proxy to sites using self-signed SSL certificates
-SSLProxyCheckPeerCN off
-SSLProxyCheckPeerExpire off

slapos/recipe/apache_frontend/template/logrotate_entry.in

-%(file_list)s {
-  daily
-  dateext
-  rotate 30
-  compress
-  notifempty
-  sharedscripts
-  create
-  postrotate
-    %(postrotate)s
-  endscript
-  olddir %(olddir)s
-}

slapos/recipe/apache_frontend/template/stunnel.conf.entry.in

-[%(name)s]
-accept = %(public_ip)s:%(public_port)s
-connect = %(private_ip)s:%(private_port)s

slapos/recipe/apache_frontend/template/stunnel.conf.in

-foreground = yes
-output = %(log)s
-pid = %(pid_file)s
-syslog = no
-client = yes
-CApath = %(ca_path)s
-key = %(key)s
-CRLpath = %(ca_crl)s
-cert = %(cert)s
-sslVersion = SSLv3
-socket = l:TCP_NODELAY=1
-socket = r:TCP_NODELAY=1
-
-%(entry_str)s

slapos/recipe/apache_frontend/template/varnish.vcl.in

-# This is a basic VCL configuration file for varnish.  See the vcl(7)
-# man page for details on VCL syntax and semantics.
-# 
-# Default backend definition.  Set this to point to your content
-# server.
-# 
-backend default {
-    .host = "%(backend_host)s";
-    .port = "%(backend_port)s";
-    .probe = { 
-        .url = "/";
-        .timeout = 10s;
-        .interval = 10s;
-        .window = 4;
-        .threshold = 3;
-    }
-}
-# 
-# Below is a commented-out copy of the default VCL logic.  If you
-# redefine any of these subroutines, the built-in logic will be
-# appended to your code.
-# 
-# sub vcl_recv {
-#     if (req.http.x-forwarded-for) {
-#   set req.http.X-Forwarded-For =
-#       req.http.X-Forwarded-For ", " client.ip;
-#     } else {
-#   set req.http.X-Forwarded-For = client.ip;
-#     }
-#     if (req.request != "GET" &&
-#       req.request != "HEAD" &&
-#       req.request != "PUT" &&
-#       req.request != "POST" &&
-#       req.request != "TRACE" &&
-#       req.request != "OPTIONS" &&
-#       req.request != "DELETE") {
-#         /* Non-RFC2616 or CONNECT which is weird. */
-#         return (pipe);
-#     }
-#     if (req.request != "GET" && req.request != "HEAD") {
-#         /* We only deal with GET and HEAD by default */
-#         return (pass);
-#     }
-#     if (req.http.Authorization || req.http.Cookie) {
-#         /* Not cacheable by default */
-#         return (pass);
-#     }
-#     return (lookup);
-# }
-sub vcl_recv {
-    if (req.http.cache-control ~ "no-cache") {
-        purge_url(req.url);
-    }
-
-    if (req.url ~ "\.(css|js|ico)$") {
-        unset req.http.cookie;
-    }
-
-    # remove bogus cookies
-    if (req.http.Cookie) {
-        set req.http.Cookie = regsuball(req.http.Cookie, "(^|; ) *__utm.=[^;]+;? *", "\1");
-        set req.http.Cookie = regsuball(req.http.Cookie, "(^|; ) *__ac_name=\x22\x22;? *", "\1");
-        set req.http.Cookie = regsuball(req.http.Cookie, "(^|; ) *__ac=\x22Og.3D.3D\x22;? *", "\1");
-    }
-    if (req.http.Cookie == "") {
-        remove req.http.Cookie;
-    }
-
-    if (req.http.x-forwarded-for) {
-  set req.http.X-Forwarded-For =
-      req.http.X-Forwarded-For ", " client.ip;
-    } else {
-  set req.http.X-Forwarded-For = client.ip;
-    }
-    if (req.request != "GET" &&
-      req.request != "HEAD" &&
-      req.request != "PUT" &&
-      req.request != "POST" &&
-      req.request != "TRACE" &&
-      req.request != "OPTIONS" &&
-      req.request != "DELETE") {
-        /* Non-RFC2616 or CONNECT which is weird. */
-        return (pipe);
-    }
-    if (req.request != "GET" && req.request != "HEAD") {
-        /* We only deal with GET and HEAD by default */
-        return (pass);
-    }
-    if (req.http.Authorization) {
-        /* Not cacheable by default */
-        return (pass);
-    }
-    if (req.http.Cookie && req.http.Cookie ~ "(^|; ) *__ac=") {
-        /* Not cacheable for authorised users,
-     but KM images are cacheable */
-  if (!(req.url ~ "/km_img/.*\.(png|gif)$")) {
-    return (pass);
-  }
-    }
-    # XXX login form can defer based on __ac_name cookie value
-    if (req.url ~ "/(login_form|WebSite_viewLoginDialog)($|\?)") {
-        return (pass);
-    }
-    if (req.backend.healthy) {
-        set req.grace = 1h;
-    } else {
-        set req.grace = 1w;
-    }
-    return (lookup);
-}
-# 
-# sub vcl_pipe {
-#     # Note that only the first request to the backend will have
-#     # X-Forwarded-For set.  If you use X-Forwarded-For and want to
-#     # have it set for all requests, make sure to have:
-#     # set req.http.connection = "close";
-#     # here.  It is not set by default as it might break some broken web
-#     # applications, like IIS with NTLM authentication.
-#     return (pipe);
-# }
-# 
-# sub vcl_pass {
-#     return (pass);
-# }
-# 
-# sub vcl_hash {
-#     set req.hash += req.url;
-#     if (req.http.host) {
-#         set req.hash += req.http.host;
-#     } else {
-#         set req.hash += server.ip;
-#     }
-#     return (hash);
-# }
-# 
-# sub vcl_hit {
-#     if (!obj.cacheable) {
-#         return (pass);
-#     }
-#     return (deliver);
-# }
-# 
-# sub vcl_miss {
-#     return (fetch);
-# }
-# 
-# sub vcl_fetch {
-#     if (!beresp.cacheable) {
-#         return (pass);
-#     }
-#     if (beresp.http.Set-Cookie) {
-#         return (pass);
-#     }
-#     return (deliver);
-# }
-sub vcl_fetch {
-    # we only cache 200 (OK) and 304 (Not Modified) responses.
-    if (beresp.status != 200 && beresp.status != 304) {
-        set beresp.cacheable = false;
-    }
-
-    if (beresp.http.cache-control ~ "no-cache") {
-        set beresp.cacheable = false;
-    }
-
-    if (!beresp.cacheable) {
-        unset beresp.http.expires;
-        set beresp.http.cache-control = "no-cache";
-        return (pass);
-    }
-
-    # we don't care haproxy's cookie.
-    if (beresp.http.Set-Cookie && beresp.http.Set-Cookie !~ "^SERVERID=[^;]+; path=/$") {
-        return (pass);
-    }
-
-    if (req.url ~ "\.(css|js|ico)$") {
-        unset beresp.http.set-cookie;
-        set beresp.http.cache-control = regsub(beresp.http.cache-control, "^", "public,");
-        set beresp.http.cache-control = regsub(beresp.http.cache-control, ",$", "");
-    }
-
-    # remove some headers added by caching policy manager to avoid
-    # '304 Not Modified' in case of login <-> logout switching.
-    if (beresp.http.content-type ~ "^text/html") {
-  unset beresp.http.last-modified;
-    }
-
-    if (beresp.cacheable) {
-        /* Remove Expires from backend, it's not long enough */
-        unset beresp.http.expires;
-        /* Set the clients TTL on this object */
-        set beresp.http.cache-control = "max-age = 900";
-        /* Set how long Varnish will keep it */
-        set beresp.ttl = 1w;
-        /* marker for vcl_deliver to reset Age: */
-        set beresp.http.magicmarker = "1";
-    }
-
-    set beresp.grace = 1w;
-
-    return (deliver);
-}
-# 
-# sub vcl_deliver {
-#     return (deliver);
-# }
-sub vcl_deliver {
-    if (resp.http.magicmarker) {
-        /* Remove the magic marker */
-        unset resp.http.magicmarker;
-        /* By definition we have a fresh object */
-        set resp.http.age = "0";
-    }
-    if (obj.hits > 0) {
-        set resp.http.X-Cache = obj.hits;
-    } else {
-      set resp.http.X-Cache = "MISS";
-    }
-    return (deliver);
-}
-
-# 
-# sub vcl_error {
-#     set obj.http.Content-Type = "text/html; charset=utf-8";
-#     synthetic {"
-# <?xml version="1.0" encoding="utf-8"?>
-# <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-#  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-# <html>
-#   <head>
-#     <title>"} obj.status " " obj.response {"</title>
-#   </head>
-#   <body>
-#     <h1>Error "} obj.status " " obj.response {"</h1>
-#     <p>"} obj.response {"</p>
-#     <h3>Guru Meditation:</h3>
-#     <p>XID: "} req.xid {"</p>
-#     <hr>
-#     <p>Varnish cache server</p>
-#   </body>
-# </html>
-# "};
-#     return (deliver);
-# }

slapos/recipe/certificate_authority/__init__.py

@@ -103,16 +103,27 @@ class Request(Recipe):
     key_file = self.options['key-file']
     cert_file = self.options['cert-file']
 
+    key_content = self.options.get('key-content', None)
+    cert_content = self.options.get('cert-content', None)
+    request_needed = True
+
     name = self.options['name']
     hash_ = hashlib.sha512(name).hexdigest()
     key = os.path.join(self.ca_private, hash_ + self.ca_key_ext)
     certificate = os.path.join(self.ca_certs, hash_ + self.ca_crt_ext)
-    parser = ConfigParser.RawConfigParser()
-    parser.add_section('certificate')
-    parser.set('certificate', 'name', name)
-    parser.set('certificate', 'key_file', key)
-    parser.set('certificate', 'certificate_file', certificate)
-    parser.write(open(os.path.join(self.request_directory, hash_), 'w'))
+
+    # XXX Ugly hack to quickly provide custom certificate/key to everyone using the recipe
+    if key_content and cert_content:
+      open(key, 'w').write(key_content)
+      open(certificate, 'w').write(cert_content)
+      request_needed = False
+    else:
+      parser = ConfigParser.RawConfigParser()
+      parser.add_section('certificate')
+      parser.set('certificate', 'name', name)
+      parser.set('certificate', 'key_file', key)
+      parser.set('certificate', 'certificate_file', certificate)
+      parser.write(open(os.path.join(self.request_directory, hash_), 'w'))
 
     for link in [key_file, cert_file]:
       if os.path.islink(link):
@@ -123,11 +134,14 @@ class Request(Recipe):
     os.symlink(key, key_file)
     os.symlink(certificate, cert_file)
 
-    wrapper = self.createPythonScript(
-      self.options['wrapper'],
-      'slapos.recipe.librecipe.execute.execute_wait',
-      [ [self.options['executable']],
-        [certificate, key] ],
-    )
+    path_list = [key_file, cert_file]
+    if request_needed:
+      wrapper = self.createPythonScript(
+        self.options['wrapper'],
+        'slapos.recipe.librecipe.execute.execute_wait',
+        [ [self.options['executable']],
+          [certificate, key] ],
+      )
+      path_list.append(wrapper)
 
-    return [key_file, cert_file, wrapper]
+    return path_list

slapos/recipe/dcron.py

@@ -79,11 +79,17 @@ class Part(GenericBaseRecipe):
 day_of_week_dict = dict((name, dow) for dow, name in enumerate(
     "sunday monday tuesday wednesday thursday friday saturday".split())
   for name in (name, name[:3]))
+symbolic_dict = dict(hourly  = '0 * * * *',
+                     daily   = '0 0 * * *',
+                     monthly = '0 0 1 * *',
+                     weekly  = '0 0 * * 0')
 
 def systemd_to_cron(spec):
   """Convert from systemd.time(7) calendar spec to crontab spec"""
-  if spec in ("hourly", "daily", "monthly", "weekly"):
-    return '@' + spec
+  try:
+    return symbolic_dict[spec]
+  except KeyError:
+    pass
   if not spec.strip():
     raise ValueError
   spec = spec.split(' ')

slapos/recipe/librecipe/generic.py

@@ -33,6 +33,7 @@ import sys
 import inspect
 import re
 import shutil
+from textwrap import dedent
 import urllib
 import urlparse
 
@@ -129,10 +130,14 @@ class GenericBaseRecipe(object):
     return script
 
   def createWrapper(self, name, command, parameters, comments=[],
-        parameters_extra=False, environment=None):
+      parameters_extra=False, environment=None,
+      pidfile=None
+  ):
     """
     Creates a very simple (one command) shell script for process replacement.
     Takes care of quoting.
+    if pidfile parameter is specified, then it will make the wrapper a singleton,
+    accepting to run only if no other instance is running.
     """
 
     lines = [ '#!/bin/sh' ]
@@ -144,6 +149,21 @@ class GenericBaseRecipe(object):
       for key in environment:
         lines.append('export %s=%s' % (key, environment[key]))
 
+    if pidfile:
+      lines.append(dedent("""\
+          # Check for other instances
+          pidfile=%s
+          if [ -e $pidfile ]; then
+            pid=$(cat $pidfile)
+            if [[ ! -z $(ps -p "$pid" | grep $(basename %s)) ]]; then
+              echo "Already running with pid $pid."
+              exit 1
+            else
+              rm $pidfile
+            fi
+          fi
+          echo $$ > $pidfile""" % (pidfile, command)))
+
     lines.append('exec %s' % shlex.quote(command))
 
     for param in parameters:

slapos/recipe/notifier.py

@@ -64,7 +64,7 @@ class Callback(GenericBaseRecipe):
 class Notify(GenericBaseRecipe):
 
   def createNotifier(self, notifier_binary, wrapper, executable,
-                     log, title, notification_url, feed_url):
+                     log, title, notification_url, feed_url, pidfile=None):
 
     if not os.path.exists(log):
       # Just a touch
@@ -82,6 +82,7 @@ class Notify(GenericBaseRecipe):
     return self.createWrapper(name=wrapper,
                               command=notifier_binary,
                               parameters=parameters,
+                              pidfile=pidfile,
                               comments=[
                                   '',
                                   'Call an executable and send notification(s).',
@@ -101,6 +102,7 @@ class Notify(GenericBaseRecipe):
                                  executable=options['executable'],
                                  log=log,
                                  title=options['title'],
+                                 pidfile=options['pidfile'],
                                  notification_url=options['notify'],
                                  feed_url=feed_url)
     return [script]

slapos/recipe/request.py

@@ -88,8 +88,15 @@ class Recipe(object):
       installation of request section will fail.
       Possible names depend on requested partition's software type.
 
+    state (optional)
+     Requested state, default value is the state of the requester.
+
     Output:
       See "return" input key.
+      "instance-state"
+          The current state of the instance.
+      "requested-state"
+          The requested state of the instance.
   """
   failed = None
 
@@ -112,6 +119,8 @@ class Recipe(object):
     ))
     slave = options.get('slave', 'false').lower() in \
       librecipe.GenericBaseRecipe.TRUE_VALUES
+    # By default XXXX Way of doing it is ugly and dangerous
+    requested_state = options.get('state', buildout['slap-connection'].get('requested','started'))
     slap = slapmodule.slap()
     slap.initializeConnection(
       options['server-url'],
@@ -129,7 +138,7 @@ class Recipe(object):
     try:
       self.instance = request(software_url, software_type,
           name, partition_parameter_kw=partition_parameter_kw,
-          filter_kw=filter_kw, shared=slave)
+          filter_kw=filter_kw, shared=slave, state=requested_state)
       return_parameter_dict = self._getReturnParameterDict(self.instance,
           return_parameters)
       if not slave:
@@ -153,6 +162,13 @@ class Recipe(object):
       except KeyError:
         if self.failed is None:
           self.failed = param
+    options['requested-state'] = requested_state
+    try:
+      options['instance-state'] = self.instance.getState()
+    except slapmodule.ResourceNotReady:
+       # Odd case: SlapOS Master doesn't send the state of a slave partition.
+       # XXX Should be fixed in the SlapOS Master, we should not care here.
+       pass
 
   def _filterForStorage(self, partition_parameter_kw):
     return partition_parameter_kw

slapos/recipe/slapconfiguration.py

@@ -78,6 +78,8 @@ class Recipe(object):
       Partition parameter whose name cannot be represented unambiguously in
       buildout syntax are ignored. They cannot be accessed from buildout syntax
       anyway, and are available through "configuration" output key.
+    instance-state
+      The instance state.
   """
 
   # XXX: used to detect if a configuration key is a valid section key. This
@@ -91,10 +93,12 @@ class Recipe(object):
           options.get('key'),
           options.get('cert'),
       )
-      parameter_dict = slap.registerComputerPartition(
+      computer_partition = slap.registerComputerPartition(
           options['computer'],
           options['partition'],
-      ).getInstanceParameterDict()
+      )
+      parameter_dict = computer_partition.getInstanceParameterDict()
+      options['instance-state'] = computer_partition.getState()
       # XXX: those are not partition parameters, strictly speaking.
       # Make them available as individual section keys.
       for his_key in (
@@ -129,9 +133,9 @@ class Recipe(object):
 
       # also export single ip values for those recipes that don't support sets.
       if ipv4_set:
-          options['ipv4-random'] = list(ipv4_set)[0]
+          options['ipv4-random'] = list(ipv4_set)[0].encode('UTF-8')
       if ipv6_set:
-          options['ipv6-random'] = list(ipv6_set)[0]
+          options['ipv6-random'] = list(ipv6_set)[0].encode('UTF-8')
 
       options['tap'] = tap_set
       parameter_dict = self._expandParameterDict(options, parameter_dict)

slapos/recipe/slaprunner/__init__.py

@@ -49,7 +49,7 @@ class Recipe(GenericBaseRecipe):
     configuration = dict(
         software_root=self.software_directory,
         instance_root=self.instance_directory,
-        master_url='http://%s:%s/' % (self.ipv4, self.proxy_port),
+        master_url='http://%s:%s' % (self.ipv4, self.proxy_port),
         computer_id='slaprunner',
         partition_amount=self.partition_amount,
         slapgrid_sr=self.options['slapgrid_sr'],

slapos/recipe/squid/__init__.py

+##############################################################################
+#
+# Copyright (c) 2012 Vifib SARL and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+from slapos.recipe.librecipe import GenericBaseRecipe
+
+class Recipe(GenericBaseRecipe):
+  """
+  squid instance configuration.
+
+  wrapper-path -- location of the init script to generate
+
+  prepare-path -- location of the directory creation script to generate
+
+  binary-path -- location of the squid command
+
+  conf-path -- location of the configuration file
+
+  cache-path -- location of the cache directory
+
+  XXXX No good, specific...
+  open_port -- entrance port to the host and allowed to use cache
+
+  ip -- ip of the squid server
+
+  port -- port of the squid server
+
+  backend-ip -- ip of the service to cache
+
+  backend-port -- port of the service to cache
+
+  access-log-path -- location of the access log
+
+  cache-log-path -- location of the cache log
+
+  pid-filename-path -- location of the pid filename
+
+  """
+
+  def install(self):
+    config = dict(
+      ip=self.options['ip'], 
+      port=self.options['port'],
+      backend_ip=self.options['backend-ip'], 
+      backend_port=self.options['backend-port'],
+      cache_path=self.options['cache-path'],
+      access_log_path=self.options['access-log-path'],
+      cache_log_path=self.options['cache-log-path'],
+      pid_filename_path=self.options['pid-filename-path'],
+      open_port=self.options['open-port'],
+      )
+
+    template_filename = self.getTemplateFilename('squid.conf.in')
+    configuration_path = self.createFile(
+      self.options['conf-path'],
+      self.substituteTemplate(template_filename, config))
+
+    # Prepare directories
+    prepare_path = self.createPythonScript(
+      self.options['prepare-path'],
+      'slapos.recipe.librecipe.execute.execute',
+      arguments=[self.options['binary-path'].strip(), 
+                 '-z',
+                 '-f', configuration_path,
+                 ],)
+
+    # Create running wrapper
+    wrapper_path = self.createPythonScript(
+      self.options['wrapper-path'],
+      'slapos.recipe.librecipe.execute.execute',
+      arguments=[self.options['binary-path'].strip(), 
+                 '-N',
+                 '-f', configuration_path,
+                 ],)
+
+    return [configuration_path, wrapper_path, prepare_path]

slapos/recipe/squid/template/squid.conf.in

+refresh_pattern .   0 20%% 4320 max-stale=604800
+
+# Dissallow cachemgr access
+http_access deny manager
+
+# Squid service configuration
+http_port %(ip)s:%(port)s accel defaultsite=%(ip)s
+
+cache_peer %(backend_ip)s parent %(backend_port)s 0 no-query originserver name=backend
+
+acl our_sites port %(open_port)s
+http_access allow our_sites
+cache_peer_access backend allow our_sites
+cache_peer_access backend deny all
+
+# Drop squid headers
+# via off
+# reply_header_access X-Cache-Lookup deny all
+# reply_header_access X-Squid-Error deny all
+# reply_header_access X-Cache deny all
+
+header_replace X-Forwarded-For
+follow_x_forwarded_for allow all
+forwarded_for on
+
+# Use 1Go of RAM
+cache_mem 1024 MB
+# But do not keep big object in RAM
+maximum_object_size_in_memory 2048 KB
+
+# Log
+access_log %(access_log_path)s
+cache_log %(cache_log_path)s
+pid_filename %(pid_filename_path)s

software/apache-frontend/TODO.txt

+Apache:
+=======
+- set a redirection of / in option
+- Implement support of multiple ip (if possible) for multiple ssl (other solution is to ask master instance but quid to much apache process?)
+
+Squid:
+======
+- Only cache in ram. Problems with to much squid on the computer or too many slave?
+
+SlapOS:
+=======
+- Implement intelligent apache graceful -> Should check slave configuration and return error to slave if there is a problem (important but difficult)
+- useless srv/squid_cache directory so far

software/apache-frontend/common.cfg

 [buildout]
 extends =
+# dev Stuff
+  ../../component/git/buildout.cfg
+
+  ../../stack/slapos.cfg
   ../../component/binutils/buildout.cfg
   ../../component/lxml-python/buildout.cfg
   ../../component/apache/buildout.cfg
   ../../component/gzip/buildout.cfg
   ../../component/stunnel/buildout.cfg
-  ../../component/varnish/buildout.cfg
   ../../component/dcron/buildout.cfg
   ../../component/logrotate/buildout.cfg
   ../../component/rdiff-backup/buildout.cfg
-  ../../stack/slapos.cfg
+  ../../component/squid/buildout.cfg
 
-parts =
+parts +=
+  slapos-cookbook
+  slapos-toolbox
   template
+  template-apache-frontend
+  template-apache-replicate
   binutils
   apache-2.2
   apache-antiloris-apache-2.2
 
   stunnel
-  varnish-2.1
 
   dcron
   logrotate
   rdiff-backup
+  squid
 
-# Buildoutish
-  eggs
-  instance-recipe-egg
-
-[instance-recipe]
-# Note: In case if specific instantiation recipe is used this is the place to
-# put its name
-egg = slapos.cookbook
-module = apache.frontend
-
-[instance-recipe-egg]
+[slapos-toolbox]
 recipe = zc.recipe.egg
-eggs = ${instance-recipe:egg}
-
-[eggs]
-recipe = z3c.recipe.scripts
 eggs =
   ${lxml-python:egg}
   slapos.toolbox
 
+scripts =
+  killpidfromfile
+  onetimedownload
+
+[check-recipe]
+recipe = plone.recipe.command
+stop-on-error = true
+update-command = ${:command}
+command =
+  grep parts ${buildout:develop-eggs-directory}/slapos.cookbook.egg-link &&
+
 [template]
-# Default template for apache instance.
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance.cfg
-md5sum = e7b9f57da7eb1450fc15789e239388d4
+md5sum = 9c6346c8eaf484748e6be0b62b65cf2e
 output = ${buildout:directory}/template.cfg
 mode = 0644
+
+[template-apache-frontend]
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance-apache-frontend.cfg
+md5sum = 7e7e7599ec41cf1eb6e8e725d855c345
+output = ${buildout:directory}/template-apache-frontend.cfg
+mode = 0644
+
+[template-apache-replicate]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/instance-apache-replicate.cfg.in
+md5sum = 2c96799f1429d0541c04c0875d864777
+mode = 0644
+
+[template-slave-list]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/templates/apache-custom-slave-list.cfg.in
+md5sum = f5eef006211809669b12422240c6f436
+mode = 640
+
+[template-slave-configuration]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/templates/slave-virtualhost.conf.in
+md5sum = a7ad2e83b7f919fc45a7ef1e64344dcb
+mode = 640
+
+[template-replicate-publish-slave-information]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/templates/replicate-publish-slave-information.cfg.in
+mode = 640
+
+[template-apache-frontend-configuration]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/templates/apache.conf.in
+md5sum = c141b9e78c7e80d75bb40493910294e5
+mode = 640
+
+[template-apache-cached-configuration]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/templates/apache_cached.conf.in
+md5sum = 0c4393db80670daf18b432b7f07383e9
+mode = 640
+
+[template-rewrite-cached]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/templates/apache_cached_rewrite.txt.in
+md5sum = 2f30af4f9da340c2b0618599da03ed4b
+mode = 640
+
+[template-custom-slave-list]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/templates/apache-default-slave-list.cfg.in
+md5sum = 9362384cd80727987b34c7746a6de196
+mode = 640
+
+[template-not-found-html]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/templates/notfound.html
+filename = notfound.html
+md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
+mode = 640
+
+[template-default-virtualhost]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/templates/000.conf.in
+md5sum = c2bbf029e6adc432de0884fb5cf5d2ab
+mode = 640
+
+[template-default-slave-virtualhost]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/templates/default-virtualhost.conf.in
+md5sum = ac845c0fa3835832307a0e7323cb339d
+mode = 640
+
+[template-empty]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/templates/empty.in
+md5sum = c2314c3a9c3412a38d14b312d3df83c1
+mode = 640
\ No newline at end of file

software/apache-frontend/instance-apache-replicate.cfg.in

+{% if slap_software_type.startswith(software_type) -%}
+
+[jinja2-template-base]
+recipe = slapos.recipe.template:jinja2
+rendered = ${buildout:directory}/${:filename}
+extra-context =
+context =
+    import json_module json
+    key eggs_directory buildout:eggs-directory
+    key develop_eggs_directory buildout:develop-eggs-directory
+    key slap_software_type slap-parameter:slap_software_type
+    key slave_instance_list slap-parameter:slave_instance_list
+    ${:extra-context}
+
+{% set part_list = [] -%}
+{% set type_key = 'replicate-' %}
+{% set type_key_length = type_key | length %}
+{% if slap_software_type.startswith(type_key) %}
+{%   set frontend_type = slap_software_type[type_key_length:] -%}
+{% else -%}
+{%   set frontend_type = slapparameter_dict.pop('-frontend-type', 'default') -%}
+{% endif -%}
+{% set frontend_quantity = slapparameter_dict.pop('-frontend-quantity', '2') | int -%}
+{% set slave_list_name = 'extra_slave_instance_list' -%}
+{% set frontend_list = [] %}
+{% set frontend_section_list = [] %}
+{% set namebase = 'apache-frontend' -%}
+
+# Here we request individualy each frontend.
+# The presence of sla parameters is checked and added if found
+{% for i in range(1, frontend_quantity + 1) -%}
+{%   set frontend_name = "%s-%s" % (namebase, i) -%}
+{%   set request_section_title = 'request-%s' % frontend_name -%}
+{%   set sla_key = "-sla-%s-" % i -%}
+{%   set sla_key_length = sla_key | length %}
+{%   set sla_parameters = [] %}
+{%   for key in slapparameter_dict.keys() %}
+{%     if key.startswith(sla_key) %}
+{%       do sla_parameters.append(key[sla_key_length:]) %}
+{%     endif -%}
+{%   endfor -%}
+{%   do frontend_list.append(frontend_name) -%}
+{%   do frontend_section_list.append(request_section_title) -%}
+{%   do part_list.append(request_section_title) -%}
+[{{request_section_title}}]
+<= replicate
+name = {{frontend_name}}
+{%   if sla_parameters %}
+sla = {{ ' '.join(sla_parameters) }}
+{%     for parameter in sla_parameters -%}
+sla-{{ parameter }} = {{ slapparameter_dict.pop( sla_key + parameter ) }}
+{%     endfor -%}
+{%   endif -%}
+{% endfor -%}
+
+[replicate]
+<= slap-connection
+recipe = slapos.cookbook:request
+software-url = ${slap-connection:software-release-url}
+software-type = {{frontend_type}}
+return = private-ipv4 public-ipv4 slave-instance-information-list
+config = {{ ' '.join(slapparameter_dict.keys()) + ' ' + slave_list_name }}
+{% for parameter, value in slapparameter_dict.iteritems() -%}
+config-{{parameter}} = {{ value }}
+{% endfor -%}
+config-{{ slave_list_name }} = {{ json_module.dumps(slave_instance_list) }}
+
+[publish-information]
+recipe = slapos.cookbook:publish
+domain = {{ slapparameter_dict.get('domain') }}
+slave-amount = {{ slave_instance_list | length }}
+{% for frontend in frontend_list -%}
+#{{frontend}}-private-ipv4 = ${request-{{frontend}}:private-ipv4}
+{% endfor -%}
+
+
+#----------------------------
+#--
+#-- Publish slave information
+[publish-slave-information]
+recipe = slapos.cookbook:softwaretype
+default = ${dynamic-publish-slave-information:rendered}
+replicate = ${dynamic-publish-slave-information:rendered}
+
+[slave-information]
+{% for frontend_section in frontend_section_list -%}
+{{ frontend_section }} = {{ "${%s:connection-slave-instance-information-list}" % frontend_section }}
+{% endfor -%}
+
+[dynamic-publish-slave-information]
+< = jinja2-template-base
+template = {{ template_publish_slave_information }}
+filename = dynamic-publish-slave-information.cfg
+extensions = jinja2.ext.do
+extra-context =
+    section slave_information slave-information
+
+[buildout]
+parts =
+  publish-slave-information
+  publish-information
+{% for part in part_list -%}
+{{ '  %s' % part }}
+{% endfor -%}
+#      publish-information
+
+eggs-directory = {{ eggs_directory }}
+develop-eggs-directory = {{ develop_eggs_directory }}
+offline = true
+
+
+[slap_connection]
+# Kept for backward compatiblity
+computer_id = ${slap-connection:computer-id}
+partition_id = ${slap-connection:partition-id}
+server_url = ${slap-connection:server-url}
+software_release_url = ${slap-connection:software-release-url}
+key_file = ${slap-connection:key-file}
+cert_file = ${slap-connection:cert-file}
+
+[slap-parameter]
+slave_instance_list =
+-frontend-quantity = 2
+-frontend-type = default
+
+{%- endif %}

software/apache-frontend/instance.cfg

 [buildout]
 parts =
-  directory
-  apache
-  configtest
-  logrotate
-  logrotate-entry-apache
+  dynamic-template-apache-replicate
+  switch-softwaretype
 
 eggs-directory = ${buildout:eggs-directory}
 develop-eggs-directory = ${buildout:develop-eggs-directory}
-
-# Create all needed directories
-[directory]
-recipe = slapos.cookbook:mkdirectory
-
-bin = $${buildout:directory}/bin/
-etc = $${buildout:directory}/etc/
-srv = $${buildout:directory}/srv/
-var = $${buildout:directory}/var/
-
-backup = $${:srv}/backup
-log = $${:var}/log
-run = $${:var}/run
-service = $${:etc}/service
-
-logrotate-backup = $${:backup}/logrotate
-logrotate-entries = $${:etc}/logrotate.d
-
-
-# Deploy Apache (old way, with monolithic recipe)
-[apache]
-recipe = ${instance-recipe:egg}:${instance-recipe:module}
-httpd_home = ${apache-2.2:location}
-httpd_binary = ${apache-2.2:location}/bin/httpd
-logrotate_binary = ${logrotate:location}/usr/sbin/logrotate
-openssl_binary = ${openssl:location}/bin/openssl
-dcrond_binary = ${dcron:location}/sbin/crond
-varnishd_binary = ${varnish-2.1:location}/sbin/varnishd
-stunnel_binary = ${stunnel:location}/bin/stunnel
-rdiff_backup_binary = ${buildout:bin-directory}/rdiff-backup
-gcc_binary = gcc
-binutils_directory = ${binutils:location}/bin/
-
-access-log = $${directory:log}/frontend-apache-access.log
-error-log = $${directory:log}/frontend-apache-error.log
-pid-file = $${directory:run}/httpd.pid
-
-
-# Create wrapper for "apachectl conftest" in bin
-[configtest]
-recipe = slapos.cookbook:wrapper
-command-line = $${apache:httpd_binary} -f $${directory:etc}/apache_frontend.conf -t
-wrapper-path = $${directory:bin}/apache-configtest
-
-
-# Deploy Logrotate
-[logrotate]
-recipe = slapos.cookbook:logrotate
-# Binaries
-logrotate-binary = ${logrotate:location}/usr/sbin/logrotate
-gzip-binary = ${gzip:location}/bin/gzip
-gunzip-binary = ${gzip:location}/bin/gunzip
-# Directories
-wrapper = $${directory:bin}/logrotate
-conf = $${directory:etc}/logrotate.conf
-logrotate-entries = $${directory:logrotate-entries}
-backup = $${directory:logrotate-backup}
-state-file = $${directory:srv}/logrotate.status
-
-[logrotate-entry-apache]
-<= logrotate
-recipe = slapos.cookbook:logrotate.d
-name = apache
-log = $${apache:error-log} $${apache:access-log}
-frequency = daily
-rotate-num = 30
-post = ${buildout:bin-directory}/killpidfromfile $${apache:pid-file} SIGUSR1
-sharedscripts = true
-notifempty = true
-create = true
+offline = true
+
+[slap-parameters]
+recipe = slapos.cookbook:slapconfiguration
+computer = $${slap-connection:computer-id}
+partition = $${slap-connection:partition-id}
+url = $${slap-connection:server-url}
+key = $${slap-connection:key-file}
+cert = $${slap-connection:cert-file}
+
+[jinja2-template-base]
+recipe = slapos.recipe.template:jinja2
+rendered = $${buildout:directory}/$${:filename}
+extra-context =
+context =
+    import json_module json
+    key eggs_directory buildout:eggs-directory
+    key develop_eggs_directory buildout:develop-eggs-directory
+    key slap_software_type slap-parameters:slap-software-type
+    key slapparameter_dict slap-parameters:configuration
+    key slave_instance_list slap-parameters:slave-instance-list
+    $${:extra-context}
+
+[switch-softwaretype]
+recipe = slapos.cookbook:softwaretype
+default = ${template-apache-frontend:output}
+custom-personal = ${template-apache-frontend:output}
+custom-group = ${template-apache-frontend:output}
+replicate-default = $${dynamic-template-apache-replicate:rendered}
+replicate-custom-personal = $${dynamic-template-apache-replicate:rendered}
+replicate-custom-group = $${dynamic-template-apache-replicate:rendered}
+replicate = $${dynamic-template-apache-replicate:rendered}
+
+[dynamic-template-apache-replicate]
+< = jinja2-template-base
+template = ${template-apache-replicate:target}
+filename = instance-apache-replicate.cfg
+extensions = jinja2.ext.do
+extra-context =
+    raw template_publish_slave_information ${template-replicate-publish-slave-information:target}
+# Must match the key id in [switch-softwaretype] which uses this section.
+    raw software_type replicate

software/apache-frontend/software.cfg

@@ -18,6 +18,15 @@ slapos.recipe.template = 2.4.2
 slapos.toolbox = 0.34.0
 smmap = 0.8.2
 z3c.recipe.scripts = 1.0.1
+cliff = 1.4.4
+cmd2 = 0.6.5.1
+prettytable = 0.7.2
+requests = 1.2.3
+slapos.cookbook = 0.82
+
+# Required by:
+# slapos.cookbook==0.82
+lock-file = 2.0
 
 # Required by:
 # slapos.core==0.35.1
@@ -37,17 +46,17 @@ atomize = 0.1.1
 feedparser = 5.1.3
 
 # Required by:
-# slapos.cookbook==0.77.1
+# slapos.cookbook==0.82
 inotifyx = 0.2.0
 
 # Required by:
-# slapos.cookbook==0.77.1
+# slapos.cookbook==0.82
 # slapos.core==0.35.1
 # xml-marshaller==0.9.7
 lxml = 3.1.2
 
 # Required by:
-# slapos.cookbook==0.77.1
+# slapos.cookbook==0.82
 netaddr = 0.7.10
 
 # Required by:
@@ -67,11 +76,11 @@ psutil = 0.7.0
 pyflakes = 0.7
 
 # Required by:
-# slapos.cookbook==0.77.1
+# slapos.cookbook==0.82
 pytz = 2013b
 
 # Required by:
-# slapos.cookbook==0.77.1
+# slapos.cookbook==0.82
 # slapos.core==0.35.1
 # slapos.toolbox==0.34.0
 # zc.buildout==1.6.0-dev-SlapOS-010
@@ -79,7 +88,7 @@ pytz = 2013b
 setuptools = 0.6c12dev-r88846
 
 # Required by:
-# slapos.cookbook==0.77.1
+# slapos.cookbook==0.82
 # slapos.toolbox==0.34.0
 slapos.core = 0.35.1
 
@@ -92,7 +101,7 @@ supervisor = 3.0b1
 unittest2 = 0.5.1
 
 # Required by:
-# slapos.cookbook==0.77.1
+# slapos.cookbook==0.82
 # slapos.toolbox==0.34.0
 xml-marshaller = 0.9.7
 
@@ -102,10 +111,54 @@ zope.interface = 4.0.5
 
 [networkcache]
 # signature certificates of the following uploaders.
-#   Cedric de Saint Martin
 #   Romain Courteaud
-#   Test Agent
+#   Sebastien Robin
+#   Kazuhiko Shiozaki
+#   Cedric de Saint Martin
+#   Yingjie Xu
+#   Gabriel Monnerat
+#   Łukasz Nowak
+#   Test Agent (Automatic update from tests)
 signature-certificate-list =
+  -----BEGIN CERTIFICATE-----
+  MIIB4DCCAUkCADANBgkqhkiG9w0BAQsFADA5MQswCQYDVQQGEwJGUjEZMBcGA1UE
+  CBMQRGVmYXVsdCBQcm92aW5jZTEPMA0GA1UEChMGTmV4ZWRpMB4XDTExMDkxNTA5
+  MDAwMloXDTEyMDkxNTA5MDAwMlowOTELMAkGA1UEBhMCRlIxGTAXBgNVBAgTEERl
+  ZmF1bHQgUHJvdmluY2UxDzANBgNVBAoTBk5leGVkaTCBnzANBgkqhkiG9w0BAQEF
+  AAOBjQAwgYkCgYEApYZv6OstoqNzxG1KI6iE5U4Ts2Xx9lgLeUGAMyfJLyMmRLhw
+  boKOyJ9Xke4dncoBAyNPokUR6iWOcnPHtMvNOsBFZ2f7VA28em3+E1JRYdeNUEtX
+  Z0s3HjcouaNAnPfjFTXHYj4um1wOw2cURSPuU5dpzKBbV+/QCb5DLheynisCAwEA
+  ATANBgkqhkiG9w0BAQsFAAOBgQBCZLbTVdrw3RZlVVMFezSHrhBYKAukTwZrNmJX
+  mHqi2tN8tNo6FX+wmxUUAf3e8R2Ymbdbn2bfbPpcKQ2fG7PuKGvhwMG3BlF9paEC
+  q7jdfWO18Zp/BG7tagz0jmmC4y/8akzHsVlruo2+2du2freE8dK746uoMlXlP93g
+  QUUGLQ==
+  -----END CERTIFICATE-----
+  -----BEGIN CERTIFICATE-----
+  MIIB8jCCAVugAwIBAgIJAPu2zchZ2BxoMA0GCSqGSIb3DQEBBQUAMBIxEDAOBgNV
+  BAMMB3RzeGRldjMwHhcNMTExMDE0MTIxNjIzWhcNMTIxMDEzMTIxNjIzWjASMRAw
+  DgYDVQQDDAd0c3hkZXYzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrPbh+
+  YGmo6mWmhVb1vTqX0BbeU0jCTB8TK3i6ep3tzSw2rkUGSx3niXn9LNTFNcIn3MZN
+  XHqbb4AS2Zxyk/2tr3939qqOrS4YRCtXBwTCuFY6r+a7pZsjiTNddPsEhuj4lEnR
+  L8Ax5mmzoi9nE+hiPSwqjRwWRU1+182rzXmN4QIDAQABo1AwTjAdBgNVHQ4EFgQU
+  /4XXREzqBbBNJvX5gU8tLWxZaeQwHwYDVR0jBBgwFoAU/4XXREzqBbBNJvX5gU8t
+  LWxZaeQwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA07q/rKoE7fAda
+  FED57/SR00OvY9wLlFEF2QJ5OLu+O33YUXDDbGpfUSF9R8l0g9dix1JbWK9nQ6Yd
+  R/KCo6D0sw0ZgeQv1aUXbl/xJ9k4jlTxmWbPeiiPZEqU1W9wN5lkGuLxV4CEGTKU
+  hJA/yXa1wbwIPGvX3tVKdOEWPRXZLg==
+  -----END CERTIFICATE-----
+  -----BEGIN CERTIFICATE-----
+  MIIB7jCCAVegAwIBAgIJAJWA0jQ4o9DGMA0GCSqGSIb3DQEBBQUAMA8xDTALBgNV
+  BAMMBHg2MXMwIBcNMTExMTI0MTAyNDQzWhgPMjExMTEwMzExMDI0NDNaMA8xDTAL
+  BgNVBAMMBHg2MXMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANdJNiFsRlkH
+  vq2kHP2zdxEyzPAWZH3CQ3Myb3F8hERXTIFSUqntPXDKXDb7Y/laqjMXdj+vptKk
+  3Q36J+8VnJbSwjGwmEG6tym9qMSGIPPNw1JXY1R29eF3o4aj21o7DHAkhuNc5Tso
+  67fUSKgvyVnyH4G6ShQUAtghPaAwS0KvAgMBAAGjUDBOMB0GA1UdDgQWBBSjxFUE
+  RfnTvABRLAa34Ytkhz5vPzAfBgNVHSMEGDAWgBSjxFUERfnTvABRLAa34Ytkhz5v
+  PzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAFLDS7zNhlrQYSQO5KIj
+  z2RJe3fj4rLPklo3TmP5KLvendG+LErE2cbKPqnhQ2oVoj6u9tWVwo/g03PMrrnL
+  KrDm39slYD/1KoE5kB4l/p6KVOdeJ4I6xcgu9rnkqqHzDwI4v7e8/D3WZbpiFUsY
+  vaZhjNYKWQf79l6zXfOvphzJ
+  -----END CERTIFICATE-----
   -----BEGIN CERTIFICATE-----
   MIIB9jCCAV+gAwIBAgIJAO4V/jiMoICoMA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV
   BAMMCENPTVAtMjMyMCAXDTEyMDIxNjExMTAyM1oYDzIxMTIwMTIzMTExMDIzWjAT
@@ -120,17 +173,43 @@ signature-certificate-list =
   If1a2ZoqHRxoNo2yTmm7TSYRORWVS+vvfjY=
   -----END CERTIFICATE-----
   -----BEGIN CERTIFICATE-----
-  MIIB4DCCAUkCADANBgkqhkiG9w0BAQsFADA5MQswCQYDVQQGEwJGUjEZMBcGA1UE
-  CBMQRGVmYXVsdCBQcm92aW5jZTEPMA0GA1UEChMGTmV4ZWRpMB4XDTExMDkxNTA5
-  MDAwMloXDTEyMDkxNTA5MDAwMlowOTELMAkGA1UEBhMCRlIxGTAXBgNVBAgTEERl
-  ZmF1bHQgUHJvdmluY2UxDzANBgNVBAoTBk5leGVkaTCBnzANBgkqhkiG9w0BAQEF
-  AAOBjQAwgYkCgYEApYZv6OstoqNzxG1KI6iE5U4Ts2Xx9lgLeUGAMyfJLyMmRLhw
-  boKOyJ9Xke4dncoBAyNPokUR6iWOcnPHtMvNOsBFZ2f7VA28em3+E1JRYdeNUEtX
-  Z0s3HjcouaNAnPfjFTXHYj4um1wOw2cURSPuU5dpzKBbV+/QCb5DLheynisCAwEA
-  ATANBgkqhkiG9w0BAQsFAAOBgQBCZLbTVdrw3RZlVVMFezSHrhBYKAukTwZrNmJX
-  mHqi2tN8tNo6FX+wmxUUAf3e8R2Ymbdbn2bfbPpcKQ2fG7PuKGvhwMG3BlF9paEC
-  q7jdfWO18Zp/BG7tagz0jmmC4y/8akzHsVlruo2+2du2freE8dK746uoMlXlP93g
-  QUUGLQ==
+  MIIB9jCCAV+gAwIBAgIJAIlBksrZVkK8MA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV
+  BAMMCENPTVAtMzU3MCAXDTEyMDEyNjEwNTUyOFoYDzIxMTIwMTAyMTA1NTI4WjAT
+  MREwDwYDVQQDDAhDT01QLTM1NzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+  ts+iGUwi44vtIfwXR8DCnLtHV4ydl0YTK2joJflj0/Ws7mz5BYkxIU4fea/6+VF3
+  i11nwBgYgxQyjNztgc9u9O71k1W5tU95yO7U7bFdYd5uxYA9/22fjObaTQoC4Nc9
+  mTu6r/VHyJ1yRsunBZXvnk/XaKp7gGE9vNEyJvPn2bkCAwEAAaNQME4wHQYDVR0O
+  BBYEFKuGIYu8+6aEkTVg62BRYaD11PILMB8GA1UdIwQYMBaAFKuGIYu8+6aEkTVg
+  62BRYaD11PILMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAMoTRpBxK
+  YLEZJbofF7gSrRIcrlUJYXfTfw1QUBOKkGFFDsiJpEg4y5pUk1s5Jq9K3SDzNq/W
+  it1oYjOhuGg3al8OOeKFrU6nvNTF1BAvJCl0tr3POai5yXyN5jlK/zPfypmQYxE+
+  TaqQSGBJPVXYt6lrq/PRD9ciZgKLOwEqK8w=
+  -----END CERTIFICATE-----
+  -----BEGIN CERTIFICATE-----
+  MIIB9jCCAV+gAwIBAgIJAPHoWu90gbsgMA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNV
+  BAMMCXZpZmlibm9kZTAeFw0xMjAzMTkyMzIwNTVaFw0xMzAzMTkyMzIwNTVaMBQx
+  EjAQBgNVBAMMCXZpZmlibm9kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+  ozBijpO8PS5RTeKTzA90vi9ezvv4vVjNaguqT4UwP9+O1+i6yq1Y2W5zZxw/Klbn
+  oudyNzie3/wqs9VfPmcyU9ajFzBv/Tobm3obmOqBN0GSYs5fyGw+O9G3//6ZEhf0
+  NinwdKmrRX+d0P5bHewadZWIvlmOupcnVJmkks852BECAwEAAaNQME4wHQYDVR0O
+  BBYEFF9EtgfZZs8L2ZxBJxSiY6eTsTEwMB8GA1UdIwQYMBaAFF9EtgfZZs8L2ZxB
+  JxSiY6eTsTEwMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAc43YTfc6
+  baSemaMAc/jz8LNLhRE5dLfLOcRSoHda8y0lOrfe4lHT6yP5l8uyWAzLW+g6s3DA
+  Yme/bhX0g51BmI6gjKJo5DoPtiXk/Y9lxwD3p7PWi+RhN+AZQ5rpo8UfwnnN059n
+  yDuimQfvJjBFMVrdn9iP6SfMjxKaGk6gVmI=
+  -----END CERTIFICATE-----
+  -----BEGIN CERTIFICATE-----
+  MIIB9jCCAV+gAwIBAgIJAMNZBmoIOXPBMA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV
+  BAMMCENPTVAtMTMyMCAXDTEyMDUwMjEyMDQyNloYDzIxMTIwNDA4MTIwNDI2WjAT
+  MREwDwYDVQQDDAhDT01QLTEzMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+  6peZQt1sAmMAmSG9BVxxcXm8x15kE9iAplmANYNQ7z2YO57c10jDtlYlwVfi/rct
+  xNUOKQtc8UQtV/fJWP0QT0GITdRz5X/TkWiojiFgkopza9/b1hXs5rltYByUGLhg
+  7JZ9dZGBihzPfn6U8ESAKiJzQP8Hyz/o81FPfuHCftsCAwEAAaNQME4wHQYDVR0O
+  BBYEFNuxsc77Z6/JSKPoyloHNm9zF9yqMB8GA1UdIwQYMBaAFNuxsc77Z6/JSKPo
+  yloHNm9zF9yqMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAl4hBaJy1
+  cgiNV2+Z5oNTrHgmzWvSY4duECOTBxeuIOnhql3vLlaQmo0p8Z4c13kTZq2s3nhd
+  Loe5mIHsjRVKvzB6SvIaFUYq/EzmHnqNdpIGkT/Mj7r/iUs61btTcGUCLsUiUeci
+  Vd0Ozh79JSRpkrdI8R/NRQ2XPHAo+29TT70=
   -----END CERTIFICATE-----
   -----BEGIN CERTIFICATE-----
   MIIB9jCCAV+gAwIBAgIJAKRvzcy7OH0UMA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV

software/apache-frontend/templates/000.conf.in

+<VirtualHost *:{{ https_port }}>
+  ServerName www.example.org
+  SSLEngine on
+  SSLProxyEngine on
+  SSLProtocol -ALL +SSLv3 +TLSv1
+  SSLHonorCipherOrder On
+  SSLCipherSuite RC4-SHA:HIGH:!ADH
+
+  # Rewrite part
+  ProxyVia On
+  ProxyPreserveHost On
+  ProxyTimeout 600
+  RewriteEngine On
+
+
+  ErrorDocument 404 /notfound.html
+
+</VirtualHost>
+
+<VirtualHost *:{{ http_port }}>
+
+  ServerName www.example.org
+  ErrorDocument 404 /notfound.html
+</VirtualHost>
\ No newline at end of file

software/apache-frontend/templates/apache-custom-slave-list.cfg.in

+{% if software_type == slap_software_type -%}
+
+{% set cached_server_dict = {} -%}
+{% set part_list = [] -%}
+{% set cache_access = "http://%s:%s" % (local_ipv4, cache_port) -%}
+{% set generic_instance_parameter_dict = {'cache_access': cache_access,} -%}
+{% if extra_slave_instance_list -%}
+{%   set slave_instance_information_list = []-%}
+{%   set slave_instance_list = slave_instance_list + json_module.loads(extra_slave_instance_list) -%}
+{% endif -%}
+[jinja2-template-base]
+recipe = slapos.recipe.template:jinja2
+rendered = {{ apache_configuration_directory }}/${:filename}
+extra-context =
+context =
+    key eggs_directory buildout:eggs-directory
+    key develop_eggs_directory buildout:develop-eggs-directory
+    ${:extra-context}
+
+# Loop trhought slave list to set up slaves
+{% for slave_instance in slave_instance_list -%}
+{%   set slave_reference = slave_instance.get('slave_reference') -%}
+{%   set slave_section_title = 'dynamic-template-slave-instance-%s' % slave_reference -%}
+{%   set slave_parameter_dict = generic_instance_parameter_dict.copy() -%}
+{%   do part_list.append(slave_section_title) -%}
+# Set Up log files
+{%   do slave_parameter_dict.__setitem__('access_log', '/'.join([apache_log_directory, '%s_access_log' % slave_reference])) -%}
+{%   do slave_parameter_dict.__setitem__('error_log', '/'.join([apache_log_directory, '%s_error_log' % slave_reference])) -%}
+# Set up apache configuration file for slave
+[{{ slave_section_title }}]
+< = jinja2-template-base
+template = {{ template_slave_configuration }}
+filename = {{ '%s.conf' % slave_reference }}
+extra-context =
+    key apache_custom_https {{ 'slave-instance-%s-configuration:apache_custom_https' % slave_reference }}
+    key apache_custom_http {{ 'slave-instance-%s-configuration:apache_custom_http' % slave_reference }}
+    raw https_port {{ https_port }}
+    raw http_port {{ http_port }}
+{{ '\n' }}
+
+# Set ssl certificates for each slave
+{%   for cert_name in ('ssl_key', 'ssl_crt', 'ssl_ca_crt', 'ssl_csr')-%}
+{%     if cert_name in slave_instance -%}
+{%       set cert_title = '%s-%s' % (slave_reference, cert_name.replace('ssl_', '')) -%}
+{%       set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) -%}
+{%       do part_list.append(cert_title) -%}
+{%       do slave_parameter_dict.__setitem__(cert_name, cert_file) -%}
+# Store certificates on fs
+[{{ cert_title }}]
+< = jinja2-template-base
+template = {{ empty_template }}
+rendered = {{ cert_file }}
+extra-context =
+    key content {{ cert_title + '-config:value' }}
+# Store certificate in config
+[{{ cert_title + '-config' }}]
+value = {{ dumps(slave_instance.get(cert_name)) }}
+{%     endif -%}
+{%   endfor -%}
+
+# Set apache configuration value for slave
+[{{ ('slave-instance-%s-configuration' % slave_reference) }}]
+{% set apache_custom_http = ((slave_instance.get('apache_custom_http', '')) % slave_parameter_dict) -%}
+{% set apache_custom_https = ((slave_instance.get('apache_custom_https', '')) % slave_parameter_dict) -%}
+apache_custom_http = {{ dumps(apache_custom_http) }}
+apache_custom_https = {{ dumps(apache_custom_https) }}
+{{ '\n' }}
+
+# The slave use cache
+{%   if 'enable_cache' in slave_instance and 'url' in slave_instance and 'domain' in slave_instance -%}
+{%     do cached_server_dict.__setitem__(slave_instance.get('domain'), slave_instance.get('url')) -%}
+{%   endif -%}
+
+# Publish slave information
+{%   if not extra_slave_instance_list -%}
+{%     set publish_section_title = 'publish-%s-connection-information' % slave_instance.get('slave_reference') -%}
+{%     do part_list.append(publish_section_title) -%}
+[{{ publish_section_title }}]
+recipe = slapos.cookbook:publish
+public-ipv4 = {{ public_ipv4 }}
+-slave-reference = {{ slave_instance.get('slave_reference') }}
+{%   else -%}
+{%     do slave_instance_information_list.append({'slave-reference':slave_instance.get('slave_reference'), 'public-ipv4':public_ipv4}) -%}
+{%   endif -%}
+{% endfor -%}
+
+# Publish information for the instance
+{% set publish_section_title = 'publish-apache-information' -%}
+{% do part_list.append(publish_section_title) -%}
+[{{ publish_section_title }}]
+recipe = slapos.cookbook:publish
+public-ipv4 = {{ public_ipv4 }}
+private-ipv4 = {{ local_ipv4 }}
+{% if extra_slave_instance_list -%}
+slave-instance-information-list = {{ json_module.dumps(slave_instance_information_list) }}
+{% endif -%}
+
+{% do part_list.append('cached-rewrite-rules') -%}
+[cached-rewrite-rules]
+< = jinja2-template-base
+template = {{ template_rewrite_cached }}
+rendered = {{ rewrite_cached_configuration }}
+extra-context =
+    import json_module json
+    key server_dict rewrite-rules:rules
+
+[rewrite-rules]
+rules = {{ dumps(cached_server_dict) }}
+
+[buildout]
+parts +=
+{% for part in part_list -%}
+{{ '    %s' % part }}
+{% endfor -%}
+
+eggs-directory = {{ eggs_directory }}
+develop-eggs-directory = {{ develop_eggs_directory }}
+offline = true
+cache-access = {{ cache_access }}
+
+{% endif -%}

software/apache-frontend/templates/apache-default-slave-list.cfg.in

+{% if slap_software_type in software_type  -%}
+
+{% set cached_server_dict = {} -%}
+{% set part_list = [] -%}
+{% set cache_access = "http://%s:%s" % (local_ipv4, cache_port) -%}
+{% set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
+{% set generic_instance_parameter_dict = {'cache_access': cache_access,} -%}
+{% if extra_slave_instance_list -%}
+{%   set slave_instance_information_list = []-%}
+{%   set slave_instance_list = slave_instance_list + json_module.loads(extra_slave_instance_list) -%}
+{% endif -%}
+[jinja2-template-base]
+recipe = slapos.recipe.template:jinja2
+rendered = {{ apache_configuration_directory }}/${:filename}
+extra-context =
+context =
+    key eggs_directory buildout:eggs-directory
+    key develop_eggs_directory buildout:develop-eggs-directory
+    ${:extra-context}
+
+# Go throught slave list to set their configuration
+{% for slave_instance in slave_instance_list -%}
+{%   set slave_reference = slave_instance.get('slave_reference') -%}
+{%   set slave_section_title = 'dynamic-template-slave-instance-%s' % slave_reference -%}
+{%   set slave_parameter_dict = generic_instance_parameter_dict.copy() -%}
+# Set slave domain if none was defined
+{%   if slave_instance.get('domain', None) == None -%}
+# Backward compatibility
+{%     if slave_instance.get('custom_domain', None) != None -%}
+{%       do slave_instance.__setitem__('domain', slave_instance.get('custom_domain') )-%}
+{%     else -%}
+{%       do slave_instance.__setitem__('domain', "%s.%s" % (slave_instance.get('slave_reference').replace("-", "").lower(), domain)) -%}
+{%     endif -%}
+{%   endif -%}
+# Set personal log, two per slave
+{%   set access_log = '/'.join([apache_log_directory, '%s_access_log' % slave_reference]) -%}
+{%   set error_log = '/'.join([apache_log_directory, '%s_error_log' % slave_reference]) -%}
+# The slave use cache
+# Next line is forbidden and people who copy it will be hanged short
+{%   set enable_cache = ('' ~ slave_instance.get('enable_cache', '')).lower() in TRUE_VALUES -%}
+{%   if enable_cache -%}
+{%     do cached_server_dict.__setitem__(slave_instance.get('domain'), slave_instance.get('url')) -%}
+{%     do slave_instance.__setitem__('url', cache_access) -%}
+{%   endif -%}
+{%   do part_list.append(slave_section_title) -%}
+# Set up slave configuration file
+[{{ slave_section_title }}]
+< = jinja2-template-base
+template = {{ template_slave_configuration }}
+filename = {{ '%s.conf' % slave_reference }}
+extensions = jinja2.ext.do
+extra-context =
+    section slave_parameter {{ 'slave-instance-%s-configuration' % slave_reference }}
+    raw domain {{ domain }}
+    raw https_port {{ https_port }}
+    raw http_port {{ http_port }}
+    raw access_log {{ access_log }}
+    raw error_log {{ error_log }}
+{{ '\n' }}
+
+# Set ssl certificates for each slave
+{%   for cert_name in ('ssl_key', 'ssl_crt', 'ssl_ca_crt', 'ssl_csr')-%}
+{%     if cert_name in slave_instance -%}
+{%       set cert_title = '%s-%s' % (slave_reference, cert_name.replace('ssl_', '')) -%}
+{%       set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) -%}
+{%       do part_list.append(cert_title) -%}
+{%       do slave_instance.__setitem__('path_to_' ~ cert_name, cert_file) -%}
+# Store certificates on fs
+[{{ cert_title }}]
+< = jinja2-template-base
+template = {{ empty_template }}
+rendered = {{ cert_file }}
+extra-context =
+    key content {{ cert_title + '-config:value' }}
+# Store certificate in config
+[{{ cert_title + '-config' }}]
+value = {{ dumps(slave_instance.get(cert_name)) }}
+{%     endif -%}
+{%   endfor -%}
+
+# Set apache configuration for slave
+[{{ ('slave-instance-%s-configuration' % slave_reference) }}]
+{%   for key, value in slave_instance.iteritems() -%}
+{{ key }} = {{ dumps(value) }}
+{%   endfor %}
+
+# Publish slave information
+{%   if not extra_slave_instance_list -%}
+{%     set publish_section_title = 'publish-%s-connection-information' % slave_instance.get('slave_reference') -%}
+{%     do part_list.append(publish_section_title) -%}
+[{{ publish_section_title }}]
+recipe = slapos.cookbook:publish
+-slave-reference = {{ slave_instance.get('slave_reference') }}
+public-ipv4 = {{ public_ipv4 }}
+domain = {{ slave_instance.get('domain') }}
+url = http://{{ slave_instance.get('domain') }}
+# Backward compatibility
+site_url = ${:url}
+{%   else -%}
+{%     do slave_instance_information_list.append({'slave-reference':slave_instance.get('slave_reference'), 'public-ipv4':public_ipv4, 'domain':slave_instance.get('domain'), 'url':"http://%s" % slave_instance.get('domain'), 'site_url':"http://%s" % slave_instance.get('domain')}) -%}
+{%   endif -%}
+{% endfor -%}
+
+# Publish information for the instance
+{% set publish_section_title = 'publish-apache-information' -%}
+{% do part_list.append(publish_section_title) -%}
+[{{ publish_section_title }}]
+recipe = slapos.cookbook:publish
+public-ipv4 = {{ public_ipv4 }}
+private-ipv4 = {{ local_ipv4 }}
+domain = {{ domain }}
+{% if extra_slave_instance_list -%}
+slave-instance-information-list = {{ json_module.dumps(slave_instance_information_list) }}
+{% endif -%}
+
+
+{% do part_list.append('cached-rewrite-rules') -%}
+# Set rewrite rules for second apache
+[cached-rewrite-rules]
+< = jinja2-template-base
+template = {{ template_rewrite_cached }}
+rendered = {{ rewrite_cached_configuration }}
+extra-context =
+    import json_module json
+    key server_dict rewrite-rules:rules
+
+# Store Rewrite rules for second apache
+[rewrite-rules]
+rules = {{ dumps(cached_server_dict) }}
+
+# Add parts generated by template
+[buildout]
+parts +=
+{% for part in part_list -%}
+{{ '    %s' % part }}
+{% endfor -%}
+
+eggs-directory = {{ eggs_directory }}
+develop-eggs-directory = {{ develop_eggs_directory }}
+offline = true
+cache-access = {{ cache_access }}
+
+{% endif -%}

software/apache-frontend/templates/apache.conf.in

+# Apache configuration file for Zope
+# Automatically generated
+
+# Basic server configuration
+PidFile "{{ pid_file }}"
+ServerName {{ domain }}
+DocumentRoot {{ document_root }}
+ServerRoot {{ instance_home }}
+
+{% for ip in (ipv4_addr, "[%s]" % ipv6_addr) -%}
+{%   for port in (http_port, https_port) -%}
+{{ "Listen %s:%s" % (ip, port)  }}
+{%   endfor -%}
+{% endfor -%}
+
+ServerAdmin {{ server_admin }}
+DefaultType text/plain
+TypesConfig {{ httpd_home }}/conf/mime.types
+AddType application/x-compress .Z
+AddType application/x-gzip .gz .tgz
+
+# As backend is trusting REMOTE_USER header unset it always
+RequestHeader unset REMOTE_USER
+
+ServerTokens Prod
+
+# Log configuration
+ErrorLog "{{ error_log }}"
+LogLevel info
+# LogFormat "%h %{REMOTE_USER}i %{Host}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+# LogFormat "%h %{REMOTE_USER}i %{Host}i %l %u %t \"%r\" %>s %b" common
+# CustomLog "{{ access_log }}" common
+LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
+CustomLog "{{ access_log }}" combined
+
+<Directory {{ protected_path }}>
+  Order Deny,Allow
+  Allow from {{ access_control_string }}
+</Directory>
+
+<Directory {{ document_root }}>
+  Order Allow,Deny
+  Allow from All
+</Directory>
+
+# List of modules
+#LoadModule unixd_module modules/mod_unixd.so
+#LoadModule access_compat_module modules/mod_access_compat.so
+#LoadModule authz_core_module modules/mod_authz_core.so
+LoadModule authz_host_module  {{ httpd_home }}/modules/mod_authz_host.so
+LoadModule log_config_module  {{ httpd_home }}/modules/mod_log_config.so
+LoadModule deflate_module     {{ httpd_home }}/modules/mod_deflate.so
+LoadModule setenvif_module    {{ httpd_home }}/modules/mod_setenvif.so
+LoadModule version_module     {{ httpd_home }}/modules/mod_version.so
+LoadModule proxy_module       {{ httpd_home }}/modules/mod_proxy.so
+LoadModule proxy_http_module  {{ httpd_home }}/modules/mod_proxy_http.so
+LoadModule ssl_module         {{ httpd_home }}/modules/mod_ssl.so
+LoadModule mime_module        {{ httpd_home }}/modules/mod_mime.so
+LoadModule dav_module         {{ httpd_home }}/modules/mod_dav.so
+LoadModule dav_fs_module      {{ httpd_home }}/modules/mod_dav_fs.so
+LoadModule negotiation_module {{ httpd_home }}/modules/mod_negotiation.so
+LoadModule rewrite_module     {{ httpd_home }}/modules/mod_rewrite.so
+LoadModule headers_module     {{ httpd_home }}/modules/mod_headers.so
+LoadModule cache_module       {{ httpd_home }}/modules/mod_cache.so
+LoadModule mem_cache_module   {{ httpd_home }}/modules/mod_mem_cache.so
+LoadModule antiloris_module   {{ httpd_home }}/modules/mod_antiloris.so
+
+# The following directives modify normal HTTP response behavior to
+# handle known problems with browser implementations.
+BrowserMatch "Mozilla/2" nokeepalive
+BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown \
+                        downgrade-1.0 force-response-1.0
+BrowserMatch "RealPlayer 4\.0" force-response-1.0
+BrowserMatch "Java/1\.0" force-response-1.0
+BrowserMatch "JDK/1\.0" force-response-1.0
+# The following directive disables redirects on non-GET requests for
+# a directory that does not include the trailing slash.  This fixes a
+# problem with Microsoft WebFolders which does not appropriately handle
+# redirects for folders with DAV methods.
+# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
+BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
+BrowserMatch "MS FrontPage" redirect-carefully
+BrowserMatch "^WebDrive" redirect-carefully
+BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
+BrowserMatch "^gnome-vfs" redirect-carefully
+BrowserMatch "^XML Spy" redirect-carefully
+BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
+
+# Cache directives
+CacheEnable mem /
+CacheDefaultExpire 3600
+MCacheSize 8192
+MCacheMaxObjectCount 1000
+MCacheMaxObjectSize 8192
+MCacheRemovalAlgorithm LRU
+
+# Deflate
+AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/x-javascript application/javascript
+BrowserMatch ^Mozilla/4 gzip-only-text/html
+BrowserMatch ^Mozilla/4\.0[678] no-gzip
+BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+
+# SSL Configuration
+SSLCertificateFile {{ login_certificate }}
+SSLCertificateKeyFile {{ login_key }}
+SSLRandomSeed startup builtin
+SSLRandomSeed connect builtin
+SSLSessionCache shmcb:/{{ httpd_mod_ssl_cache_directory }}/ssl_scache(512000)
+SSLSessionCacheTimeout  300
+SSLRandomSeed startup /dev/urandom 256
+SSLRandomSeed connect builtin
+SSLProtocol -ALL +SSLv3 +TLSv1
+SSLHonorCipherOrder On
+SSLCipherSuite RC4-SHA:HIGH:!ADH
+<FilesMatch "\.(cgi|shtml|phtml|php)$">
+      SSLOptions +StdEnvVars
+</FilesMatch>
+# Accept proxy to sites using self-signed SSL certificates
+SSLProxyCheckPeerCN off
+SSLProxyCheckPeerExpire off
+
+NameVirtualHost *:{{ http_port }}
+NameVirtualHost *:{{ https_port }}
+include {{ slave_configuration_directory }}/*.conf
\ No newline at end of file

slapos/recipe/apache_frontend/template/apache.conf.in → software/apache-frontend/templates/apache_cached.conf.in

@@ -2,16 +2,16 @@
 # Automatically generated
 
 # Basic server configuration
-PidFile "%(pid_file)s"
-ServerName %(server_name)s
-DocumentRoot %(document_root)s
-ServerRoot %(instance_home)s
+PidFile "{{ pid_file }}"
+ServerName {{ domain }}
+DocumentRoot {{ document_root }}
+ServerRoot {{ instance_home }}
 
-%(listen)s
+{{ "Listen %s:%s" % (ipv4_addr, cached_port)  }}
 
-ServerAdmin %(server_admin)s
+ServerAdmin {{ server_admin }}
 DefaultType text/plain
-TypesConfig %(httpd_home)s/conf/mime.types
+TypesConfig {{ httpd_home }}/conf/mime.types
 AddType application/x-compress .Z
 AddType application/x-gzip .gz .tgz
 
@@ -21,35 +21,45 @@ RequestHeader unset REMOTE_USER
 ServerTokens Prod
 
 # Log configuration
-ErrorLog "%(error_log)s"
+ErrorLog "{{ error_log }}"
 LogLevel info
-LogFormat "%%h %%{REMOTE_USER}i %%{Host}i %%l %%u %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\"" combined
-LogFormat "%%h %%{REMOTE_USER}i %%{Host}i %%l %%u %%t \"%%r\" %%>s %%b" common
-CustomLog "%(access_log)s" common
-
-%(path_enable)s
+# LogFormat "%h %{REMOTE_USER}i %{Host}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+# LogFormat "%h %{REMOTE_USER}i %{Host}i %l %u %t \"%r\" %>s %b" common
+# CustomLog "{{ access_log }}" common
+LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
+CustomLog "{{ access_log }}" combined
+
+<Directory {{ protected_path }}>
+  Order Deny,Allow
+  Allow from {{ access_control_string }}
+</Directory>
+
+<Directory {{ document_root }}>
+  Order Allow,Deny
+  Allow from All
+</Directory>
 
 # List of modules
 #LoadModule unixd_module modules/mod_unixd.so
 #LoadModule access_compat_module modules/mod_access_compat.so
 #LoadModule authz_core_module modules/mod_authz_core.so
-LoadModule authz_host_module  %(httpd_home)s/modules/mod_authz_host.so
-LoadModule log_config_module  %(httpd_home)s/modules/mod_log_config.so
-LoadModule deflate_module     %(httpd_home)s/modules/mod_deflate.so
-LoadModule setenvif_module    %(httpd_home)s/modules/mod_setenvif.so
-LoadModule version_module     %(httpd_home)s/modules/mod_version.so
-LoadModule proxy_module       %(httpd_home)s/modules/mod_proxy.so
-LoadModule proxy_http_module  %(httpd_home)s/modules/mod_proxy_http.so
-LoadModule ssl_module         %(httpd_home)s/modules/mod_ssl.so
-LoadModule mime_module        %(httpd_home)s/modules/mod_mime.so
-LoadModule dav_module         %(httpd_home)s/modules/mod_dav.so
-LoadModule dav_fs_module      %(httpd_home)s/modules/mod_dav_fs.so
-LoadModule negotiation_module %(httpd_home)s/modules/mod_negotiation.so
-LoadModule rewrite_module     %(httpd_home)s/modules/mod_rewrite.so
-LoadModule headers_module     %(httpd_home)s/modules/mod_headers.so
-LoadModule cache_module       %(httpd_home)s/modules/mod_cache.so
-LoadModule mem_cache_module   %(httpd_home)s/modules/mod_mem_cache.so
-LoadModule antiloris_module   %(httpd_home)s/modules/mod_antiloris.so
+LoadModule authz_host_module  {{ httpd_home }}/modules/mod_authz_host.so
+LoadModule log_config_module  {{ httpd_home }}/modules/mod_log_config.so
+LoadModule deflate_module     {{ httpd_home }}/modules/mod_deflate.so
+LoadModule setenvif_module    {{ httpd_home }}/modules/mod_setenvif.so
+LoadModule version_module     {{ httpd_home }}/modules/mod_version.so
+LoadModule proxy_module       {{ httpd_home }}/modules/mod_proxy.so
+LoadModule proxy_http_module  {{ httpd_home }}/modules/mod_proxy_http.so
+LoadModule ssl_module         {{ httpd_home }}/modules/mod_ssl.so
+LoadModule mime_module        {{ httpd_home }}/modules/mod_mime.so
+LoadModule dav_module         {{ httpd_home }}/modules/mod_dav.so
+LoadModule dav_fs_module      {{ httpd_home }}/modules/mod_dav_fs.so
+LoadModule negotiation_module {{ httpd_home }}/modules/mod_negotiation.so
+LoadModule rewrite_module     {{ httpd_home }}/modules/mod_rewrite.so
+LoadModule headers_module     {{ httpd_home }}/modules/mod_headers.so
+LoadModule cache_module       {{ httpd_home }}/modules/mod_cache.so
+LoadModule mem_cache_module   {{ httpd_home }}/modules/mod_mem_cache.so
+LoadModule antiloris_module   {{ httpd_home }}/modules/mod_antiloris.so
 
 # The following directives modify normal HTTP response behavior to
 # handle known problems with browser implementations.
@@ -85,14 +95,28 @@ AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javasc
 BrowserMatch ^Mozilla/4 gzip-only-text/html
 BrowserMatch ^Mozilla/4\.0[678] no-gzip
 BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
-# Make sure proxies don't deliver the wrong content
-Header append Vary User-Agent
 
 # SSL Configuration
-%(ssl_snippet)s
+SSLCertificateFile {{ login_certificate }}
+SSLCertificateKeyFile {{ login_key }}
+SSLRandomSeed startup builtin
+SSLRandomSeed connect builtin
+SSLSessionCache shmcb:/{{ httpd_mod_ssl_cache_directory }}/ssl_scache(512000)
+SSLSessionCacheTimeout  300
+SSLRandomSeed startup /dev/urandom 256
+SSLRandomSeed connect builtin
+SSLProtocol -ALL +SSLv3 +TLSv1
+SSLHonorCipherOrder On
+SSLCipherSuite RC4-SHA:HIGH:!ADH
+<FilesMatch "\.(cgi|shtml|phtml|php)$">
+      SSLOptions +StdEnvVars
+</FilesMatch>
+# Accept proxy to sites using self-signed SSL certificates
+SSLProxyCheckPeerCN off
+SSLProxyCheckPeerExpire off
 
-<VirtualHost *:%(https_port)s>
-  SSLEngine on
+# Only accept generic (i.e not Zope) backends on http
+<VirtualHost *:{{ cached_port }}>
   SSLProxyEngine on
   # Rewrite part
   ProxyVia On
@@ -100,68 +124,10 @@ Header append Vary User-Agent
   ProxyTimeout 600
   RewriteEngine On
 
-  # Include configuration file not operated by slapos. This file won't be erased
-  # or changed when slapgrid is ran. It can be freely customized by node admin.
-  Include %(custom_apache_virtualhost_conf)s
-
-  # Define the 3 RewriteMaps (key -> value store): one for Zope, one generic,
-  # one generic https only,
-  # containing: rewritten URL -> original URL (a.k.a VirtualHostBase in Zope)
-  RewriteMap apachemapzope txt:%(apachemapzope_path)s
-  RewriteMap apachemapgeneric txt:%(apachemap_path)s
-  RewriteMap apachemapgenerichttpsonly txt:%(apachemap_httpsonly_path)s
-
-  # Define another RewriteMap for Zope, containing:
-  # rewritten URL -> VirtualHostRoot
-  RewriteMap apachemapzopepath txt:%(apachemapzopepath_path)s
-
-  # First, we check if we have a zope backend server
-  # If so, let's use Virtual Host Daemon rewrite
-  RewriteCond ${apachemapzope:%%{SERVER_NAME}} >""
-  # We suppose that Apache listens to 443 (even indirectly thanks to things like iptables)
-  RewriteRule ^/(.*)$ ${apachemapzope:%%{SERVER_NAME}}/VirtualHostBase/https/%%{SERVER_NAME}:443/${apachemapzopepath:%%{SERVER_NAME}}/VirtualHostRoot/$1 [L,P]
-
-  # If we have generic backend server, let's rewrite without virtual host daemon
-  RewriteCond ${apachemapgeneric:%%{SERVER_NAME}} >""
-  # We suppose that Apache listens to 443 (even indirectly thanks to things like iptables)
-  RewriteRule ^/(.*)$ ${apachemapgeneric:%%{SERVER_NAME}}/$1 [L,P]
-  # Same for https only server
-  RewriteCond ${apachemapgenerichttpsonly:%%{SERVER_NAME}} >""
-  # We suppose that Apache listens to 443 (even indirectly thanks to things like iptables)
-  RewriteRule ^/(.*)$ ${apachemapgenerichttpsonly:%%{SERVER_NAME}}/$1 [L,P]
+  RewriteMap apachemapcached txt:{{ apachecachedmap_path }}
+  RewriteCond ${apachemapcached:%{SERVER_NAME}} >""
+  RewriteRule ^/(.*)$ ${apachemapcached:%{SERVER_NAME}}/$1 [L,P]
 
   # If nothing exist : put a nice error
   ErrorDocument 404 /notfound.html
 </VirtualHost>
-
-
-# Only accept generic (i.e not Zope) backends on http
-<VirtualHost *:%(plain_http_port)s>
-  SSLProxyEngine on
-  # Rewrite part
-  ProxyVia On
-  ProxyPreserveHost On
-  ProxyTimeout 600
-  RewriteEngine On
-
-  # Remove "Secure" from cookies, as backend may be https
-  Header edit Set-Cookie "(?i)^(.+);secure$" "$1"
-
-  # Include configuration file not operated by slapos. This file won't be erased
-  # or changed when slapgrid is ran. It can be freely customized by node admin.
-  Include %(custom_apache_virtualhost_conf)s
-
-  RewriteMap apachemapgeneric txt:%(apachemap_path)s
-  RewriteCond ${apachemapgeneric:%%{SERVER_NAME}} >""
-  RewriteRule ^/(.*)$ ${apachemapgeneric:%%{SERVER_NAME}}/$1 [L,P]
-
-  # Not using HTTPS? Ask that guy over there.
-  # Dummy redirection to https. Note: will work only if https listens
-  # on standard port (443).
-  RewriteRule ^/(.*)$ https://%%{SERVER_NAME}%%{REQUEST_URI}
-</VirtualHost>
-
-
-# Include configuration file not operated by slapos. This file won't be erased
-# or changed when slapgrid is ran. It can be freely customized by node admin.
-Include %(custom_apache_conf)s

software/apache-frontend/templates/apache_cached_rewrite.txt.in

+{% for server_tuple in server_dict.items() -%}
+{{ "%s %s" % server_tuple }}
+{% endfor -%}

software/apache-frontend/templates/default-virtualhost.conf.in

+{% set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
+ 
+<VirtualHost *:{{ https_port }}>
+  ServerName {{ slave_parameter.get('domain') }}
+  ServerAlias {{ slave_parameter.get('domain') }}
+
+  SSLEngine on
+  SSLProxyEngine on
+  SSLProtocol -ALL +SSLv3 +TLSv1
+  SSLHonorCipherOrder On
+  SSLCipherSuite RC4-SHA:HIGH:!ADH
+
+{% set ssl_configuration_list = [('SSLCertificateFile', 'path_to_ssl_crt'),
+       			      	 ('SSLCertificateKeyFile', 'path_to_ssl_key'),
+                                 ('SSLCACertificateFile', 'path_to_ssl_ca_crt'),
+                                 ('SSLCertificateChainFile', 'path_to_ssl_ca_crt')] -%}
+
+{% for key, value in ssl_configuration_list -%}
+{%   if value in slave_parameter -%}
+{{ '  %s' % key }} {{ slave_parameter.get(value) }}
+{% endif -%}
+{% endfor -%}
+
+
+  # One Slave two logs
+  ErrorLog "{{ error_log }}"
+  LogLevel info
+  LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
+  CustomLog "{{ access_log }}" combined
+
+  # Rewrite part
+  ProxyVia On
+  ProxyPreserveHost On
+  ProxyTimeout 600
+  RewriteEngine On
+
+{% if slave_parameter.get('type', '') ==  'zope' -%}
+  # First, we check if we have a zope backend server
+  # If so, let's use Virtual Host Daemon rewrite
+  # We suppose that Apache listens to 443 (even indirectly thanks to things like iptables)
+  RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/VirtualHostBase/https/{{ slave_parameter.get('domain', '') }}:443/{{ slave_parameter.get('path', '') }}/VirtualHostRoot/$1 [L,P]
+{% else -%}
+  RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/$1 [L,P]
+{% endif -%}
+</VirtualHost>
+
+<VirtualHost *:{{ http_port }}>
+  ServerName {{ slave_parameter.get('domain') }}
+  ServerAlias {{ slave_parameter.get('domain') }}
+  SSLProxyEngine on
+  # Rewrite part
+  ProxyVia On
+  ProxyPreserveHost On
+  ProxyTimeout 600
+  RewriteEngine On
+
+  # One Slave two logs
+  ErrorLog "{{ error_log }}"
+  LogLevel info
+  LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
+  CustomLog "{{ access_log }}" combined
+
+  # Remove "Secure" from cookies, as backend may be https
+  Header edit Set-Cookie "(?i)^(.+);secure$" "$1"
+
+# Next line is forbidden and people who copy it will be hanged short
+{% set https_only = ('' ~ slave_parameter.get('https-only', '')).lower() in TRUE_VALUES -%}
+{% if https_only -%}
+  # Not using HTTPS? Ask that guy over there.
+  # Dummy redirection to https. Note: will work only if https listens
+  # on standard port (443).
+  RewriteCond     %{SERVER_PORT}  !^{{ https_port }}$
+  RewriteRule     ^/(.*)          https://%{SERVER_NAME}/$1 [NC,R,L]
+{% elif slave_parameter.get('type', '') ==  'zope' -%}
+  # First, we check if we have a zope backend server
+  # If so, let's use Virtual Host Daemon rewrite
+  # We suppose that Apache listens to 80 (even indirectly thanks to things like iptables)
+  RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/VirtualHostBase/http/{{ slave_parameter.get('domain', '') }}:80/{{ slave_parameter.get('path', '') }}/VirtualHostRoot/$1 [L,P]
+{% else -%}
+  RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/$1 [L,P]
+{% endif -%}
+  # If nothing exist : put a nice error
+#  ErrorDocument 404 /notfound.html
+# Dadiboom
+
+</VirtualHost>

software/apache-frontend/templates/empty.in

+{{ content }}
\ No newline at end of file

software/apache-frontend/templates/replicate-publish-slave-information.cfg.in

+{% set part_list = [] -%}
+{% set slave_information_dict = {} -%}
+
+# regroup slave information from all frontends
+{%- for frontend, slave_list_raw in slave_information.iteritems() -%}
+{%   set slave_list = json_module.loads(slave_list_raw) -%}
+{%   for slave_dict in slave_list -%}
+{%     set slave_reference = slave_dict.pop('slave-reference') %}
+{%     set current_slave_dict = slave_information_dict.get(slave_reference, {}) %}
+{%     do current_slave_dict.update(slave_dict) -%}
+{%     do current_slave_dict.__setitem__(
+            'replication_number',
+            current_slave_dict.get('replication_number', 0) + 1
+            ) -%}
+{%     do slave_information_dict.__setitem__(slave_reference, current_slave_dict) -%}
+{%   endfor -%}
+{% endfor %}
+
+# Publish information for each slave
+{% for slave_reference, slave_information in slave_information_dict.iteritems() %}
+{%   set publish_section_title = 'publish-%s' % slave_reference -%}
+{%   do part_list.append(publish_section_title) -%}
+[{{ publish_section_title }}]
+recipe = slapos.cookbook:publish
+-slave-reference = {{ slave_reference }}
+{%   for key, value in slave_information.iteritems() -%}
+{{ key }} = {{ value }}
+{%   endfor -%}
+{% endfor %}
+
+[buildout]
+parts =
+{% for part in part_list %}
+{{ '  %s' % part }}
+{% endfor %}
+
+eggs-directory = {{ eggs_directory }}
+develop-eggs-directory = {{ develop_eggs_directory }}
+offline = true
\ No newline at end of file

software/apache-frontend/templates/slave-virtualhost.conf.in

+<VirtualHost *:{{ https_port }}>
+{{ apache_custom_https }}
+</VirtualHost>
+
+<VirtualHost *:{{ http_port }}>
+{{ apache_custom_http }}
+</VirtualHost>

software/backupserver/instance-pullrdiffbackup.cfg.in

@@ -14,6 +14,7 @@ srv = $${buildout:directory}/srv
 var = $${buildout:directory}/var
 run = $${:var}/run
 log = $${:var}/log
+varnginx = $${:var}/nginx
 # scripts = $${:etc}/run
 services = $${:etc}/service
 cron-entries = $${:etc}/cron.d
@@ -71,10 +72,9 @@ directory = $${directory:backup}/$${:_buildout_section_name_}
 
 [{{ slave_reference }}-backup-private_key]
 recipe = plone.recipe.command
-stop-on-error = true
+stop-on-error = false
 command = ${dropbear-output:keygen} -t $${:type} -s 2048 -f $${:key} 
 key = $${directory:ssh}/$${:_buildout_section_name_}
-location = $${:key}
 type = rsa
 
 [{{ slave_reference }}-backup-public_key]

software/backupserver/software.cfg

@@ -182,7 +182,7 @@ mode = 0644
 [template-nginx-configuration]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/template-nginx.cfg.in
-md5sum = 1cf80a510a9ba9f6d9f12e2ce828615e
+md5sum = c54d36f55ba71c897505ed61213e104a
 output = ${buildout:directory}/template-nginx.cfg.in
 mode = 0644
 
@@ -196,7 +196,7 @@ mode = 0644
 [template-backup-script]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/template-backup-script.sh.in
-md5sum = ce63dd27aaea8b64f446a7aef9406873
+md5sum = 8a076962fc4df7f154572543899328e3
 output = ${buildout:directory}/template-backup-script.sh.in
 mode = 0644
 
@@ -234,7 +234,7 @@ mode = 0644
 [template-pullrdiffbackup]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance-pullrdiffbackup.cfg.in
-md5sum = 935ee60f0454ab50df74d0bcc3364d37
+md5sum = 9bf3a34fa41ae6fe57b183293b3ff377
 output = ${buildout:directory}/template-pullrdiffbackup.cfg
 mode = 0644
 
@@ -246,6 +246,7 @@ output = ${buildout:directory}/template.cfg
 mode = 0644
 
 [versions]
+zc.buildout = 1.6.0-dev-SlapOS-010
 rdiff-backup = 1.0.5
 Jinja2 = 2.7
 MarkupSafe = 0.18

software/backupserver/template-backup-script.sh.in

@@ -22,7 +22,8 @@ ${rdiff-backup-output:rdiff-backup} \
 RESULT=$?
  
 # Inform about backup status
-if [ $RESULT == 0 ]
+${coreutils-output:rm} -f $${:status_log}
+if [ $RESULT -eq 0 ]
 then
   ${coreutils-output:echo} "`${coreutils-output:date} -u`, $${:hostname} backup success" >> $${:status_log}
 else

software/backupserver/template-nginx.cfg.in

@@ -8,6 +8,8 @@ events {
   # multi_accept on;
 }
 
+error_log $${nginx-configuration:error_log};
+
 http {  
   
   ##
@@ -41,12 +43,12 @@ http {
   gzip on;
   gzip_disable "msie6";
 
-  # gzip_vary on;
-  # gzip_proxied any;
-  # gzip_comp_level 6;
-  # gzip_buffers 16 8k;
-  # gzip_http_version 1.1;
-  # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+  gzip_vary on;
+  gzip_proxied any;
+  gzip_comp_level 6;
+  gzip_buffers 16 8k;
+  gzip_http_version 1.1;
+  gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
 
 server {
   listen [$${nginx-configuration:ip}]:$${nginx-configuration:port};
@@ -55,6 +57,13 @@ server {
   ssl_certificate $${nginx-configuration:ssl_crt};
   ssl_certificate_key $${nginx-configuration:ssl_key};
 
+  fastcgi_temp_path  $${directory:varnginx} 1 2;
+  uwsgi_temp_path  $${directory:varnginx} 1 2;
+  scgi_temp_path  $${directory:varnginx} 1 2;
+
+  client_body_temp_path $${directory:varnginx} 1 2;
+  proxy_temp_path $${directory:varnginx} 1 2;
+
   ## Only allow GET and HEAD request methods
   if ($request_method !~ ^(GET|HEAD)$ ) {
      return 444;

software/helloworld/instance.cfg.in

@@ -45,7 +45,9 @@ configuration.name = John Doe
 # Create all needed directories, depending on your needs
 [directory]
 recipe = slapos.cookbook:mkdirectory
-etc = $${buildout:directory}/etc
+home = $${buildout:directory}
+etc = $${:home}/etc
+var = $${:home}/var
 # Executables put here will be started but not monitored (for startup scripts)
 script = $${:etc}/run/
 # Executables put here will be started and monitored (for daemons)
@@ -53,7 +55,8 @@ service = $${:etc}/service
 # Executables put here will be launched after buildout has completed to see
 # if instance is running
 promise = $${:etc}/promise/
-
+# Path of the log directory used by our service (see [hello-world])
+log = $${:var}/log
 
 # Create a simple shell script that will only output your name if you
 # specified it as instance parameter.
@@ -62,9 +65,11 @@ promise = $${:etc}/promise/
 # This recipe will try to "exec" the command-line after separating parameters.
 recipe = slapos.cookbook:wrapper
 # Notice that there is only one $ at ${dash:location}, it is because it comes from the Software Release buildout profile.
-command-line = ${dash:location}/bin/dash -c 'echo "Hello $${instance-parameter:configuration.name}!"; sleep 100000;' 
+command-line = ${dash:location}/bin/dash -c 'echo "Hello $${instance-parameter:configuration.name}, it is $(date)." > $${directory:log}/log.log; sleep 1000000;'
 # Put this shell script in the "etc/service" directory. Every executable of this
-# repository will be started and monitored by supervisord
+# repository will be started and monitored by supervisord. If one service
+# exits/crashes, it will trigger a "bang" and cause run of slapgrid for the
+# instance.
 wrapper-path = $${directory:service}/hello-world
 
 

software/helloworld/software.cfg

@@ -16,15 +16,15 @@ parts =
   slapos-cookbook
 # Call creation of instance.cfg file that will be called for deployment of
 # instance
-  template
+  instance-profile
 
 # Download instance.cfg.in (buildout profile used to deployment of instance),
 # replace all ${foo:bar} parameters by real values, and change $${foo:bar} to
 # ${foo:bar}
-[template]
+[instance-profile]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance.cfg.in
 output = ${buildout:directory}/instance.cfg
 # MD5 checksum can be skipped for development (easier to develop), but must be filled for production
-md5sum = 1fc461c00e86485bee77a942f39e3c43
+md5sum = ed94ac99ae1e596c0da5350da6ab6f52
 mode = 0644

software/kvm/common.cfg

@@ -79,7 +79,7 @@ command =
 [template]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance.cfg.in
-#md5sum = 461187060d12a6bea4d5b9699687c0e9
+#md5sum = bdd0495ef729e7272ec9c97aca919c09
 output = ${buildout:directory}/template.cfg
 mode = 0644
 
@@ -98,11 +98,11 @@ md5sum = 6753004b582c0470bd028253ce1964ad
 download-only = true
 
 [template-kvm-resilient-test]
-recipe = slapos.recipe.template
-url = ${:_profile_base_location_}/instance-kvm-resilient-test.cfg.in
-#md5sum = 9dead7572072307b6c38cdf47052225b
-output = ${buildout:directory}/template-kvm-resilient-test.cfg
+recipe = hexagonit.recipe.download
+url = ${:_profile_base_location_}/instance-kvm-resilient-test.cfg.jinja2
+md5sum = 027d68d9decbc6aec59365fa723975d7
 mode = 0644
+download-only = true
 
 [template-kvm-import]
 recipe = slapos.recipe.template
@@ -115,7 +115,7 @@ mode = 0644
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/template/kvm-import.sh.in
 filename = kvm-import.sh.in
-md5sum = e03ed049cddd8d157228b09e1ebc071a
+md5sum = a731372420dc59c0b5ba7bc5f39a14ad
 download-only = true
 mode = 0755
 
@@ -130,7 +130,7 @@ mode = 0644
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/template/kvm-export.sh.in
 filename = kvm-export.sh.in
-md5sum = 08cd8da2221f09095b14e35e6acd2a56
+md5sum = 3e878b3343c76f0d6950986fffcb6a8c
 download-only = true
 mode = 0755
 

software/kvm/development.cfg

@@ -23,7 +23,7 @@ git-executable = ${git:location}/bin/git
 [slapos.toolbox-repository]
 recipe = slapos.recipe.build:gitclone
 repository = http://git.erp5.org/repos/slapos.toolbox.git
-branch = master
+branch = kvmresiliency
 git-executable = ${git:location}/bin/git
 
 [erp5.util-repository]

software/kvm/instance-kvm-resilient-test.cfg.in → software/kvm/instance-kvm-resilient-test.cfg.jinja2

 [buildout]
 
-eggs-directory = ${buildout:eggs-directory}
-develop-eggs-directory = ${buildout:develop-eggs-directory}
+eggs-directory = {{ eggs_directory }}
+develop-eggs-directory = {{ develop_eggs_directory }}
 offline = true
 
 parts =
   deploy-resiliency-test
   request-resilient-kvm
+  deploy-standalone-resiliency-test
 
 [directory]
 recipe = slapos.cookbook:mkdirectory
-etc = $${buildout:directory}/etc/
-var = $${buildout:directory}/var/
-srv = $${buildout:directory}/srv/
-bin = $${buildout:directory}/bin/
-tmp = $${buildout:directory}/tmp/
-
-services = $${:etc}/service/
-scripts = $${:etc}/run/
+home = ${buildout:directory}
+etc = ${:home}/etc/
+var = ${:home}/var/
+srv = ${:home}/srv/
+bin = ${:home}/bin/
+tmp = ${:home}/tmp/
+log = ${:var}/log/
+services = ${:etc}/service/
+scripts = ${:etc}/run/
 
 [deploy-resiliency-test]
 recipe = slapos.cookbook:wrapper
-#log-path = {directory:log}
-wrapper-path = $${directory:bin}/runKVMResiliencyTestSuite
-#output = $${binary-wrap-launcher:binary-path}
-#site-id = "{site_id}"
-# Suppose that there is a user zope family in the configuration
-#erp5-url = $${erp5-cluster:connection-family-user}{:site-id}
-#parameters-extra = $*
-command-line = ${buildout:bin-directory}/runKVMResiliencyTestSuite --server-url=$${slap-connection:server-url} --key-file=$${slap-connection:key-file} --cert-file=$${slap-connection:cert-file} --computer-id=$${slap-connection:computer-id} --partition-id=$${slap-connection:partition-id} --software=$${slap-connection:software-release-url} --namebase=kvm --kvm-rootinstance-name='$${request-resilient-kvm:name}'
-#return = url
+wrapper-path = ${directory:scripts}/runKVMResiliencyTestSuite
+testnode-parameters = --test-result-path={{ slapparameter_dict.get('test-result-path') }} --revision={{ slapparameter_dict.get('test-suite-revision') }} --node-title={{ slapparameter_dict.get('scalability-launcher-title') }} --test-suite={{ slapparameter_dict.get('test-suite') }} --test-suite-master-url={{ slapparameter_dict.get('test-suite-master-url') }} --log-path=${directory:log}
+kvm-test-parameters = server_url=${slap-connection:server-url} key_file=${slap-connection:key-file} cert_file=${slap-connection:cert-file} computer_id=${slap-connection:computer-id} partition_id=${slap-connection:partition-id} software=${slap-connection:software-release-url} namebase=kvm kvm_rootinstance_name='${request-resilient-kvm:name}'
+
+command-line = {{ bin_directory }}/runResiliencyTest ${:testnode-parameters} ${:kvm-test-parameters}
+
+
+[deploy-standalone-resiliency-test]
+# Used to manually run the KVM test if we don't have a running testnode.
+recipe = slapos.cookbook:wrapper
+wrapper-path = ${directory:bin}/runStandaloneResiliencyTestSuite
+command-line = {{ bin_directory }}/runStandaloneResiliencyTest --test-suite-title=kvm ${deploy-resiliency-test:kvm-test-parameters}
 
 [request-resilient-kvm]
 <= slap-connection
 recipe = slapos.cookbook:request
-software-url = $${slap-connection:software-release-url}
+software-url = ${slap-connection:software-release-url}
 software-type = kvm-resilient
 name = Resilient KVM (Root Instance)
 config = virtual-hard-drive-url virtual-hard-drive-md5sum resiliency-backup-periodicity
-config-virtual-hard-drive-url = $${slap-parameter:virtual-hard-drive-url}
-config-virtual-hard-drive-md5sum = $${slap-parameter:virtual-hard-drive-md5sum}
+config-virtual-hard-drive-url = ${slap-parameter:virtual-hard-drive-url}
+config-virtual-hard-drive-md5sum = ${slap-parameter:virtual-hard-drive-md5sum}
 config-resiliency-backup-periodicity = */5
 # We don't use url parameter, but we want it to be there to make sure root instance is ready.
 return = url
 # XXX What to do?
 #sla = instance_guid
-#sla-instance_guid = $${slap-parameter:frontend-instance-guid}
+#sla-instance_guid = ${slap-parameter:frontend-instance-guid}
 
 [slap-parameter]
 virtual-hard-drive-url = https://softinst43236.host.vifib.net/data/public/8e2138.php?dl=true
 virtual-hard-drive-md5sum = de0f10c7c6538e9928879332afd9be7a
-# XXX: what to do about pbs-kvm1-computer-guid and kvm1-computer-guid ?
-

software/kvm/instance.cfg.in

@@ -17,7 +17,7 @@ kvm-import = ${template-kvm-import:output}
 kvm-export = ${template-kvm-export:output}
 
 # Used for the test of resiliency. The system wants a "test" software_type.
-test = ${template-kvm-resilient-test:output}
+test = $${dynamic-template-kvm-resilient-test:rendered}
 
 frozen = ${instance-frozen:output}
 pull-backup = ${template-pull-backup:output}
@@ -34,13 +34,24 @@ cert = $${slap-connection:cert-file}
 recipe = slapos.recipe.template:jinja2
 template = ${template-kvm-resilient:location}/instance-kvm-resilient.cfg.jinja2
 rendered = $${buildout:directory}/template-kvm-resilient.cfg
-context = key buildout buildout:bin-directory
-          key develop_eggs_directory buildout:develop-eggs-directory
-          key eggs_directory buildout:eggs-directory
-          key slapparameter_dict slap-configuration:configuration
+context =
+    key develop_eggs_directory buildout:develop-eggs-directory
+    key eggs_directory buildout:eggs-directory
+    key slapparameter_dict slap-configuration:configuration
 template-parts-destination = ${template-parts:destination}
 template-replicated-destination = ${template-replicated:destination}
 import-list = file parts :template-parts-destination
               file replicated :template-replicated-destination
 mode = 0644
 
+[dynamic-template-kvm-resilient-test]
+recipe = slapos.recipe.template:jinja2
+template = ${template-kvm-resilient-test:location}/instance-kvm-resilient-test.cfg.jinja2
+rendered = $${buildout:directory}/template-kvm-resilient-test.cfg
+bin-directory = ${buildout:bin-directory}
+context =
+    key bin_directory dynamic-template-kvm-resilient-test:bin-directory
+    key develop_eggs_directory buildout:develop-eggs-directory
+    key eggs_directory buildout:eggs-directory
+    key slapparameter_dict slap-configuration:configuration
+mode = 0644

software/kvm/template/kvm-export.sh.in

@@ -14,5 +14,5 @@ $QEMU_IMG snapshot -c $SNAPSHOT_NAME $DISK_PATH
 if [ -f $BACKUP_PATH ]; then
   rm $BACKUP_PATH
 fi
-$QEMU_IMG convert -f qcow2 -O qcow2 -s $SNAPSHOT_NAME $DISK_PATH $BACKUP_PATH
+$QEMU_IMG convert -f qcow2 -O qcow2 -s $SNAPSHOT_NAME $DISK_PATH $BACKUP_PATH && \
 $QEMU_IMG snapshot -d $SNAPSHOT_NAME $DISK_PATH

software/kvm/template/kvm-import.sh.in

@@ -3,5 +3,5 @@ DISK_PATH=${:disk-path}
 BACKUP_PATH=${:backup-disk-path}
 
 # TODO: Use rdiff
-rm $DISK_PATH
+rm $DISK_PATH && \
 cp $BACKUP_PATH $DISK_PATH

software/slapos-in-partition/README.txt

+XXX TODO

software/slapos-in-partition/common.cfg

+[buildout]
+extends =
+  ../../component/apache/buildout.cfg
+  ../../component/bash/buildout.cfg
+  ../../component/dcron/buildout.cfg
+  ../../component/dropbear/buildout.cfg
+  ../../component/gzip/buildout.cfg
+  ../../component/logrotate/buildout.cfg
+  ../../stack/slapos.cfg
+
+parts =
+  instance-profile
+  slapos-cookbook
+  eggs
+
+# Add hosting location of testing version of slapos.core
+find-links +=
+  http://www.nexedi.org/static/packages/source/slapos.core-testing/
+
+[environment]
+recipe = collective.recipe.environment
+
+
+[instance-profile]
+# 3 advantages of using jinja2 for ALL templates:
+# 1/ Explicit scope (pythonic style, we explicitely list what we want to be in the scope)
+# 2/ No troubles between $ and $$ (more simple)
+# 3/ We can explicitely define the path of executables (i.e
+#    in software, define httpd-executable = ${apache:location}/bin/httpd
+#    and in instance, just use httpd-executable without bother where it is actually
+#    (location can change inside of the component, from bin to sbin for example).
+recipe = slapos.recipe.template:jinja2
+template = ${:_profile_base_location_}/instance.cfg.jinja2
+rendered = ${buildout:directory}/instance.cfg
+#md5sum = 4861be4a581686feef9f9edea865d7ee
+mode = 0644
+context =
+    key bin_directory buildout:bin-directory
+    key develop_eggs_directory buildout:develop-eggs-directory
+    key eggs_directory buildout:eggs-directory
+    key path environment:PATH
+    raw httpd_executable ${apache:location}/bin/httpd
+    raw bash_executable ${bash:location}/bin/bash
+    raw dcron_executable ${dcron:location}/sbin/crond
+    raw dropbear_executable ${dropbear:location}/sbin/dropbear
+    raw dropbearkey_executable ${dropbear:location}/bin/dropbearkey
+    raw gzip_executable ${gzip:location}/bin/gzip
+    raw gunzip_executable ${gzip:location}/bin/gunzip
+    raw logrotate_executable ${logrotate:location}/sbin/logrotate
+    raw slapos_configuration_file_template_path ${slapos-configuration-file-template:target}
+    raw httpd_configuration_file_template_path ${httpd-configuration-file-template:target}
+
+[slapos-configuration-file-template]
+# Download the template of slapos.cfg
+recipe = slapos.recipe.download
+url = ${:_profile_base_location_}/template/slapos.cfg.in
+#md5sum = 
+target = ${buildout:directory}/slapos.cfg.in
+mode = 0644
+
+
+[httpd-configuration-file-template]
+# Download the template of httpd.conf
+recipe = slapos.recipe.download
+url = ${:_profile_base_location_}/template/httpd.conf.in
+mode = 0644
+#md5sum = 
+#target = ${
+
+[eggs]
+recipe = zc.recipe.egg
+eggs =
+  collective.recipe.template
+

software/slapos-in-partition/template/httpd.conf.in

+# Apache static configuration
+# Automatically generated
+
+# Basic server configuration
+PidFile "${:pid-file}"
+Listen [${:listening-ip}]:${:listening-port}
+ServerAdmin someone@email
+DefaultType text/plain
+TypesConfig conf/mime.types
+AddType application/x-compress .Z
+AddType application/x-gzip .gz .tgz
+
+DocumentRoot "${:document-root}"
+
+# Log configuration
+ErrorLog "${:error-log}"
+LogLevel warn
+LogFormat "%h %{REMOTE_USER}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%h %{REMOTE_USER}i %l %u %t \"%r\" %>s %b" common
+CustomLog "${:access-log}" common
+
+# Allow cross site scripting
+Header set Access-Control-Allow-Origin "*"
+
+# List of modules
+LoadModule unixd_module modules/mod_unixd.so
+LoadModule access_compat_module modules/mod_access_compat.so
+LoadModule authz_core_module modules/mod_authz_core.so
+LoadModule authz_host_module modules/mod_authz_host.so
+LoadModule log_config_module modules/mod_log_config.so
+LoadModule setenvif_module modules/mod_setenvif.so
+LoadModule version_module modules/mod_version.so
+LoadModule proxy_module modules/mod_proxy.so
+LoadModule proxy_http_module modules/mod_proxy_http.so
+LoadModule mime_module modules/mod_mime.so
+LoadModule negotiation_module modules/mod_negotiation.so
+LoadModule rewrite_module modules/mod_rewrite.so
+LoadModule headers_module modules/mod_headers.so
+LoadModule dir_module modules/mod_dir.so
+LoadModule alias_module modules/mod_alias.so
+LoadModule ssl_module modules/mod_ssl.so
+LoadModule autoindex_module modules/mod_autoindex.so
+
+<Directory />
+    Options Indexes FollowSymLinks
+    IndexOptions FancyIndexing
+    order allow,deny
+    Allow from All
+</Directory>
+

stack/resilient/buildout.cfg

@@ -48,7 +48,7 @@ mode = 0644
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/pbsready-export.cfg.in
 output = ${buildout:directory}/pbsready-export.cfg
-md5sum = ef3861861746d3574f39f1aa3200d74e
+md5sum = 5e27c391ceafb6a58032f1f87fba7826
 mode = 0644
 
 [template-pull-backup]
@@ -84,4 +84,6 @@ output = ${buildout:directory}/instance-frozen.cfg
 [versions]
 # Pin Jinja2 to 2.6, as 2.7 breaks current code
 Jinja2 = 2.6
+# ... And newer s.r.template requires Jinja2 >= 2.7
+slapos.recipe.template = 2.4.2