diff --git a/slapos/recipe/erp5/__init__.py b/slapos/recipe/erp5/__init__.py index df9f1959ec27681ce3dfdd49350ce7dd6c8b8ed7..b0a4dda45d25ef825e1f2f3b48b50837b095b4ee 100644 --- a/slapos/recipe/erp5/__init__.py +++ b/slapos/recipe/erp5/__init__.py @@ -794,6 +794,8 @@ class Recipe(BaseSlapRecipe): config=apache_config_file ) ])) + # Note: IPv6 is assumed always + return 'https://[%(ip)s]:%(port)s' % apache_conf def installBackendApache(self, ip, port, backend, key, certificate, suffix='', access_control_string=None): diff --git a/slapos/recipe/erp5/template/site.zcml b/slapos/recipe/erp5/template/site.zcml index 648fc6c9970ee7292e7f2fdd722a152e7b621c25..47454428ef0282edeab26b4bb96edf57bce2f33c 100644 --- a/slapos/recipe/erp5/template/site.zcml +++ b/slapos/recipe/erp5/template/site.zcml @@ -3,10 +3,10 @@ xmlns:meta="http://namespaces.zope.org/meta" xmlns:five="http://namespaces.zope.org/five"> - <include package="Zope2.App" /> <include package="Products.Five" /> <meta:redefinePermission from="zope2.Public" to="zope.Public" /> + <!-- Load the meta --> <include files="package-includes/*-meta.zcml" /> <five:loadProducts file="meta.zcml"/> @@ -19,7 +19,8 @@ <includeOverrides files="package-includes/*-overrides.zcml" /> <five:loadProductsOverrides /> + <securityPolicy - component="AccessControl.security.SecurityPolicy" /> + component="Products.Five.security.FiveSecurityPolicy" /> </configure> diff --git a/slapos/recipe/vifib.py b/slapos/recipe/vifib.py index d092663a2ed5e1a50390d22c229c82013e70629e..a33248f6e3cd2834c7594079de26ec494512e240 100644 --- a/slapos/recipe/vifib.py +++ b/slapos/recipe/vifib.py @@ -147,6 +147,9 @@ SSLCARevocationPath %(ca_crl)s""" login_url_list) apache_login = self.installBackendApache(self.getGlobalIPv6Address(), 15000, login_haproxy, backend_key, backend_certificate) + apache_frontend_login = self.installFrontendZopeApache( + self.getGlobalIPv6Address(), 4443, 'vifib', '/', + apache_login, '/', backend_key, backend_certificate) # Four Web Service Nodes (Machine access) service_url_list = [] for i in (1, 2, 3, 4): @@ -170,6 +173,7 @@ SSLCARevocationPath %(ca_crl)s""" known_tid_storage_identifier_dict, 'http://'+login_haproxy) self.linkBinary() self.setConnectionDict(dict( + front_end_url=apache_frontend_login, site_url=apache_login, site_user=user, site_password=password, diff --git a/software/vifib/software.cfg b/software/vifib/software.cfg new file mode 100644 index 0000000000000000000000000000000000000000..5a5fc10f5caf084676cdcc56762f74cb2734c592 --- /dev/null +++ b/software/vifib/software.cfg @@ -0,0 +1,31 @@ +[buildout] +extends = + ../erp5/software.cfg + +parts += + vifib + +[eggs] +eggs += slapos.core + +[instance-recipe] +egg = slapos.cookbook +module = vifib + +[vifib] +# Recipe zerokspot.recipe.git is disabled, as is not possible to change its +# environment to use localy delivered git. +# plone.recipe.command can do same job, but it is controllable which binary +# will be used +recipe = plone.recipe.command +location = ${buildout:parts-directory}/${:_buildout_section_name_} +stop-on-error = true +repository = http://git.erp5.org/repos/slapos.core.git +command = ${git:location}/bin/git clone --quiet ${:repository} ${:location} +update-command = cd ${:location} && ${git:location}/bin/git pull --quiet + +[products] +# XXX: Lack of eggification workaround +# list of products, possible to extend, it is passed in reversed way +# to allow overriding during extending profile +list = ${products-deps:location} ${erp5:location}/product ${vifib:location}/master/product diff --git a/stack/erp5.cfg b/stack/erp5.cfg index b5b8c12690c01adb1e243df8ae2527281bdfb453..fb29895a3764f8457aba79415c26d76cbae25e6b 100644 --- a/stack/erp5.cfg +++ b/stack/erp5.cfg @@ -9,6 +9,22 @@ find-links = http://dist.repoze.org http://www.nexedi.org/static/packages/source/ +# Separate from site eggs +allowed-eggs-from-site-packages = +include-site-packages = false +exec-sitecustomize = false + +# Use only quite well working sites. +allow-hosts = + *.nexedi.org + *.python.org + *.sourceforge.net + dist.repoze.org + effbot.org + github.com + psutil.googlecode.com + www.dabeaz.com + extends = # Exact version of Zope http://svn.zope.org/repos/main/Zope/tags/2.12.18/versions.cfg