Commit 694f3319 authored by Kazuhiko Shiozaki's avatar Kazuhiko Shiozaki

Merge remote-tracking branch 'origin/master' into erp5-component

parents 2ad8cb70 2c303cf2
[buildout]
extends =
../../component/libtool/buildout.cfg
../../component/automake/buildout.cfg
../../component/autoconf/buildout.cfg
parts =
hwloc
[hwloc]
recipe = slapos.recipe.cmmi
url = http://www.open-mpi.org/software/hwloc/v1.9/downloads/hwloc-1.9.tar.gz
md5sum = 1f9f9155682fe8946a97c08896109508
environment =
PATH=${pkgconfig:location}/bin:${automake:location}/bin:${autoconf:location}/bin:${libtool:location}/bin:%(PATH)s
configure-options =
--prefix="${buildout:parts-directory}/${:_buildout_section_name_}"
\ No newline at end of file
[buildout]
extends =
../readline/buildout.cfg
parts =
lua
[lua]
recipe = slapos.recipe.cmmi
url = http://www.lua.org/ftp/lua-5.2.3.tar.gz
md5sum = dc7f94ec6ff15c985d2d6ad0f1b35654
configure-command = make posix
make-targets =
install INSTALL_TOP=${buildout:parts-directory}/${:_buildout_section_name_}
environment =
CMAKE_INCLUDE_PATH=${readline:location}/include
CMAKE_LIBRARY_PATH=${readline:location}/lib
CPPFLAGS =-I${readline:location}/include
LDFLAGS =-L${readline:location}/lib -Wl,-rpath=${readline:location}/lib
[buildout]
extends =
../../component/lua/buildout.cfg
../../component/hwloc/buildout.cfg
../../component/pkgconfig/buildout.cfg
../../component/libtool/buildout.cfg
../../component/make/buildout.cfg
../../component/openssl/buildout.cfg
../../component/tcl/buildout.cfg
../../component/libexpat/buildout.cfg
../../component/pcre/buildout.cfg
../../component/libcap/buildout.cfg
../../component/flex/buildout.cfg
../../component/ncurses/buildout.cfg
../../component/curl/buildout.cfg
../../component/zlib/buildout.cfg
parts =
trafficserver
[trafficserver]
recipe = slapos.recipe.cmmi
url = http://apache.claz.org/trafficserver/trafficserver-4.2.1.tar.bz2
md5sum = 18f7d56650cba260c8cce3bf4abfa56c
configure-options =
--prefix=${buildout:parts-directory}/${:_buildout_section_name_}
--with-openssl=${openssl:location}
--with-expat=${libexpat:location}
--with-pcre=${pcre:location}
--with-lua=${lua:location}
--with-ncurses=${ncurses:location}
--with-tcl=${tcl:location}/lib/
--with-zlib=${zlib:location}
environment =
PATH=${make:location}/bin:${libtool:location}/bin:${pkgconfig:location}/bin:%(PATH)s
LDFLAGS = -L${tcl:location}/lib -Wl,-rpath=${tcl:location}/lib
make-target =
check
install
...@@ -13,7 +13,8 @@ extends = ...@@ -13,7 +13,8 @@ extends =
../../component/dcron/buildout.cfg ../../component/dcron/buildout.cfg
../../component/logrotate/buildout.cfg ../../component/logrotate/buildout.cfg
../../component/rdiff-backup/buildout.cfg ../../component/rdiff-backup/buildout.cfg
../../component/squid/buildout.cfg ../../component/trafficserver/buildout.cfg
# Monitoring stack # Monitoring stack
../../stack/monitor/buildout.cfg ../../stack/monitor/buildout.cfg
...@@ -33,7 +34,6 @@ parts += ...@@ -33,7 +34,6 @@ parts +=
dcron dcron
logrotate logrotate
rdiff-backup rdiff-backup
squid
[slapos-toolbox] [slapos-toolbox]
recipe = zc.recipe.egg recipe = zc.recipe.egg
...@@ -67,7 +67,7 @@ mode = 0644 ...@@ -67,7 +67,7 @@ mode = 0644
[template-apache-frontend] [template-apache-frontend]
recipe = slapos.recipe.template recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-apache-frontend.cfg url = ${:_profile_base_location_}/instance-apache-frontend.cfg
md5sum = f5ec3d3b29d20ccdb00e3b64aa588fa5 md5sum = b823cb31ff97700c009cf14725690323
output = ${buildout:directory}/template-apache-frontend.cfg output = ${buildout:directory}/template-apache-frontend.cfg
mode = 0644 mode = 0644
...@@ -144,12 +144,6 @@ url = ${:_profile_base_location_}/templates/template-log-access.conf.in ...@@ -144,12 +144,6 @@ url = ${:_profile_base_location_}/templates/template-log-access.conf.in
md5sum = f85005b430978f3bd24ee7ce11b0e304 md5sum = f85005b430978f3bd24ee7ce11b0e304
mode = 640 mode = 640
[template-squid-configuration]
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/templates/squid.conf.jinja2
md5sum = f17753fa87da074bc949b2967a330099
mode = 640
[template-empty] [template-empty]
recipe = slapos.recipe.build:download recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/templates/empty.in url = ${:_profile_base_location_}/templates/empty.in
...@@ -162,3 +156,12 @@ url = ${:_profile_base_location_}/templates/wrapper.in ...@@ -162,3 +156,12 @@ url = ${:_profile_base_location_}/templates/wrapper.in
output = ${buildout:directory}/template-wrapper.cfg output = ${buildout:directory}/template-wrapper.cfg
mode = 0644 mode = 0644
md5sum = 8cde04bfd0c0e9bd56744b988275cfd8 md5sum = 8cde04bfd0c0e9bd56744b988275cfd8
[template-trafficserver-records-config]
recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/templates/trafficserver/${:filename}
md5sum = 950a19be225a25309a3bda3f61fb5f6a
location = ${buildout:parts-directory}/${:_buildout_section_name_}
filename = records.config.jinja2
download-only = true
mode = 0644
...@@ -9,16 +9,11 @@ parts = ...@@ -9,16 +9,11 @@ parts =
certificate-authority certificate-authority
logrotate-entry-apache logrotate-entry-apache
logrotate-entry-apache-cached logrotate-entry-apache-cached
logrotate-entry-squid
apache-frontend apache-frontend
apache-cached apache-cached
switch-apache-softwaretype switch-apache-softwaretype
frontend-apache-graceful frontend-apache-graceful
cached-apache-graceful cached-apache-graceful
squid-service
squid-prepare
squid-reload
promise-squid
dynamic-template-default-vh dynamic-template-default-vh
not-found-html not-found-html
promise-frontend-apache-configuration promise-frontend-apache-configuration
...@@ -28,6 +23,14 @@ parts = ...@@ -28,6 +23,14 @@ parts =
promise-apache-frontend-v6-https promise-apache-frontend-v6-https
promise-apache-frontend-v6-http promise-apache-frontend-v6-http
promise-apache-cached promise-apache-cached
trafficserver-launcher
trafficserver-reload
trafficserver-configuration-directory
trafficserver-records-config
trafficserver-remap-config
trafficserver-storage-config
## Monitoring part ## Monitoring part
###Parts to add for monitoring ###Parts to add for monitoring
certificate-authority certificate-authority
...@@ -47,6 +50,9 @@ parts = ...@@ -47,6 +50,9 @@ parts =
## Monitor for apache ## Monitor for apache
monitor-current-log-access monitor-current-log-access
monitor-backup-log-access monitor-backup-log-access
monitor-ats-cache-stats-wrapper
monitor-apache-configuration-verification
extends = ${monitor-template:output} extends = ${monitor-template:output}
...@@ -79,6 +85,7 @@ crontabs = $${:etc}/crontabs ...@@ -79,6 +85,7 @@ crontabs = $${:etc}/crontabs
cronstamps = $${:etc}/cronstamps cronstamps = $${:etc}/cronstamps
ca-dir = $${:srv}/ssl ca-dir = $${:srv}/ssl
[switch-apache-softwaretype] [switch-apache-softwaretype]
recipe = slapos.cookbook:softwaretype recipe = slapos.cookbook:softwaretype
single-default = $${dynamic-default-template-slave-list:rendered} single-default = $${dynamic-default-template-slave-list:rendered}
...@@ -117,14 +124,6 @@ apache-directory = ${apache-2.2:location} ...@@ -117,14 +124,6 @@ apache-directory = ${apache-2.2:location}
apache-ipv6 = $${instance-parameter:ipv6-random} apache-ipv6 = $${instance-parameter:ipv6-random}
apache-https-port = $${instance-parameter:configuration.port} apache-https-port = $${instance-parameter:configuration.port}
[monitor-current-log-access]
< = monitor-directory-access
source = $${directory:log}
[monitor-backup-log-access]
< = monitor-directory-access
source = $${directory:logrotate-backup}
[jinja2-template-base] [jinja2-template-base]
recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
rendered = $${buildout:directory}/$${:filename} rendered = $${buildout:directory}/$${:filename}
...@@ -135,6 +134,7 @@ context = ...@@ -135,6 +134,7 @@ context =
key develop_eggs_directory buildout:develop-eggs-directory key develop_eggs_directory buildout:develop-eggs-directory
key slap_software_type instance-parameter:slap-software-type key slap_software_type instance-parameter:slap-software-type
key slapparameter_dict instance-parameter:configuration key slapparameter_dict instance-parameter:configuration
section directory directory
$${:extra-context} $${:extra-context}
[dynamic-template-default-vh] [dynamic-template-default-vh]
...@@ -333,8 +333,8 @@ cache-access-log = $${directory:log}/frontend-apache-access-cached.log ...@@ -333,8 +333,8 @@ cache-access-log = $${directory:log}/frontend-apache-access-cached.log
cache-error-log = $${directory:log}/frontend-apache-error-cached.log cache-error-log = $${directory:log}/frontend-apache-error-cached.log
cache-pid-file = $${directory:run}/httpd-cached.pid cache-pid-file = $${directory:run}/httpd-cached.pid
# Comunication with squid # Comunication with ats
cache-port = 26010 cache-port = $${trafficserver-variable:input-port}
cache-through-port = 26011 cache-through-port = 26011
# Create wrapper for "apachectl conftest" in bin # Create wrapper for "apachectl conftest" in bin
...@@ -433,77 +433,70 @@ sharedscripts = true ...@@ -433,77 +433,70 @@ sharedscripts = true
notifempty = true notifempty = true
create = true create = true
[logrotate-entry-squid] #################
<= logrotate # Trafficserver
recipe = slapos.cookbook:logrotate.d #################
name = squid [trafficserver-directory]
log = $${squid-cache:cache-log-path} $${squid-cache:access-log-path}
frequency = daily
rotatep-num = 30
post = ${buildout:bin-directory}/killpidfromfile $${apache-configuration:pid-file} SIGHUP
sharedscripts = true
notifempty = true
create = true
######################
# Squid deployment
######################
[squid-directory]
recipe = slapos.cookbook:mkdirectory recipe = slapos.cookbook:mkdirectory
squid-cache = $${directory:srv}/squid_cache configuration = $${directory:etc}/trafficserver
local-state = $${directory:var}/trafficserver
[squid-cache] bin_path = ${trafficserver:location}/bin
prepare-path = $${directory:etc-run}/squid-prepare log = $${directory:log}/trafficserver
wrapper-path = $${directory:service}/squid cache-path = $${directory:srv}/ats_cache
binary-path = ${squid:location}/sbin/squid
configuration-path = $${directory:etc}/squid.cfg [trafficserver-variable]
cache-path = $${squid-directory:squid-cache} wrapper-path = $${directory:service}/trafficserver
ip = $${instance-parameter:ipv4-random} reload-path = $${directory:etc-run}/trafficserver-reload
port = $${apache-configuration:cache-port} local-ip = $${instance-parameter:ipv4-random}
backend-ip = $${instance-parameter:ipv4-random} input-port = 23432
backend-port = $${apache-configuration:cache-through-port} hostname = $${slap-parameter:frontend-name}
open-port = $${instance-parameter:configuration.open-port} remap = map / http://$${instance-parameter:ipv4-random}:$${apache-configuration:cache-through-port}
access-log-path = $${directory:log}/squid-access.log disk-cache-config = $${trafficserver-directory:cache-path} 8G volume=$${slap-parameter:frontend-name}
cache-log-path = $${directory:log}/squid-cache.log
pid-filename-path = $${directory:run}/squid.pid [trafficserver-configuration-directory]
recipe = plone.recipe.command
[squid-configuration] command = cp -rn ${trafficserver:location}/etc/trafficserver/* $${:target}
< = jinja2-template-base target = $${trafficserver-directory:configuration}
template = ${template-squid-configuration:target}
rendered = $${squid-cache:configuration-path} [trafficserver-launcher]
extra-context =
key ip squid-cache:ip
key port squid-cache:port
key backend_ip squid-cache:backend-ip
key backend_port squid-cache:backend-port
key cache_path squid-cache:cache-path
key access_log_path squid-cache:access-log-path
key cache_log_path squid-cache:cache-log-path
key pid_filename_path squid-cache:pid-filename-path
key open_port squid-cache:open-port
[squid-service]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
command-line = $${squid-cache:binary-path} -N -f $${squid-configuration:rendered} command-line = ${trafficserver:location}/bin/traffic_cop
wrapper-path = $${squid-cache:wrapper-path} wrapper-path = $${trafficserver-variable:wrapper-path}
environment = TS_ROOT=$${buildout:directory}
[squid-prepare] [trafficserver-reload]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
command-line = $${squid-cache:binary-path} -z -f $${squid-configuration:rendered} command-line = ${trafficserver:location}/bin/traffic_line -x
wrapper-path = $${squid-cache:prepare-path} wrapper-path = $${trafficserver-variable:reload-path}
environment = TS_ROOT=$${buildout:directory}
[squid-reload] [trafficserver-records-config]
recipe = slapos.cookbook:wrapper < = jinja2-template-base
command-line = ${buildout:bin-directory}/killpidfromfile $${squid-cache:pid-filename-path} SIGHUP template = ${template-trafficserver-records-config:location}/${template-trafficserver-records-config:filename}
wrapper-path = $${directory:etc-run}/squid-reload rendered = $${trafficserver-directory:configuration}/records.config
mode = 700
context =
import os_module os
section ats_directory trafficserver-directory
section ats_configuration trafficserver-variable
[promise-squid] [trafficserver-remap-config]
recipe = slapos.cookbook:check_port_listening < = jinja2-template-base
path = $${directory:promise}/squid template = ${template-empty:target}
hostname = $${instance-parameter:ipv4-random} rendered = $${trafficserver-configuration-directory:target}/remap.config
port = $${apache-configuration:cache-port} mode = 700
context =
key content trafficserver-variable:remap
# End of Squid part [trafficserver-storage-config]
< = jinja2-template-base
template = ${template-empty:target}
rendered = $${trafficserver-configuration-directory:target}/storage.config
mode = 700
context =
key content trafficserver-variable:disk-cache-config
### End of ATS sections
### Apaches Graceful and promises ### Apaches Graceful and promises
[frontend-apache-graceful] [frontend-apache-graceful]
...@@ -577,3 +570,62 @@ server_url = $${slap-connection:server-url} ...@@ -577,3 +570,62 @@ server_url = $${slap-connection:server-url}
software_release_url = $${slap-connection:software-release-url} software_release_url = $${slap-connection:software-release-url}
key_file = $${slap-connection:key-file} key_file = $${slap-connection:key-file}
cert_file = $${slap-connection:cert-file} cert_file = $${slap-connection:cert-file}
[slap-parameter]
# Define default parameter(s) that will be used later, in case user didn't
# specify it
# All parameters are available through the configuration.XX syntax.
# All possible parameters should have a default.
domain = example.org
public-ipv4 =
port = 4443
plain_http_port = 8080
server-admin = admin@example.com
apache_custom_https = ""
apache_custom_http = ""
apache-key =
apache-certificate =
open-port = 80 443
extra_slave_instance_list =
frontend-name =
#######
# Monitoring sections
#
[monitor-current-log-access]
< = monitor-directory-access
source = $${directory:log}
[monitor-backup-log-access]
< = monitor-directory-access
source = $${directory:logrotate-backup}
# Produce ATS Cache stats
[monitor-ats-cache-stats-wrapper]
< = jinja2-template-base
template = ${template-wrapper:output}
rendered = $${monitor-directory:monitoring-cgi}/ats-cache-stats
mode = 0700
command = export TS_ROOT=$${buildout:directory} && echo "<pre>$(${trafficserver:location}/bin/traffic_shell $${monitor-ats-cache-stats-config:rendered})</pre>"
extra-context =
key content monitor-ats-cache-stats-wrapper:command
[monitor-ats-cache-stats-config]
< = jinja2-template-base
template = ${template-empty:target}
rendered = $${trafficserver-configuration-directory:target}/cache-config.stats
mode = 644
context =
raw content show:cache-stats
# Display result of apache configuration check
[monitor-apache-configuration-verification]
< = jinja2-template-base
template = ${template-wrapper:output}
rendered = $${monitor-directory:monitoring-cgi}/front-httpd-configuration
mode = 0700
command = echo "<pre>$($${apache-configuration:frontend-configuration-verification})</pre>"
extra-context =
key content :command
refresh_pattern . 0 20% 4320 max-stale=604800
# Dissallow cachemgr access
http_access deny manager
# Squid service configuration
http_port {{ ip }}:{{ port }} accel defaultsite={{ ip }}
cache_peer {{ backend_ip }} parent {{ backend_port }} 0 no-query originserver name=backend
acl our_sites port {{ open_port }}
http_access allow our_sites
cache_peer_access backend allow our_sites
cache_peer_access backend deny all
# Drop squid headers
# via off
# reply_header_access X-Cache-Lookup deny all
# reply_header_access X-Squid-Error deny all
# reply_header_access X-Cache deny all
header_replace X-Forwarded-For
follow_x_forwarded_for allow all
forwarded_for on
cache_dir aufs {{ cache_path }} 5000 16 256
# Use 1Go of RAM
cache_mem 1024 MB
# But do not keep big object in RAM
maximum_object_size_in_memory 2048 KB
# Log
access_log {{ access_log_path }}
cache_log {{ cache_log_path }}
pid_filename {{ pid_filename_path }}
...@@ -42,30 +42,30 @@ recipe = slapos.recipe.template ...@@ -42,30 +42,30 @@ recipe = slapos.recipe.template
url = ${:_profile_base_location_}/monitor.cfg.in url = ${:_profile_base_location_}/monitor.cfg.in
output = ${buildout:directory}/monitor.cfg output = ${buildout:directory}/monitor.cfg
filename = monitor.cfg filename = monitor.cfg
md5sum = bd592a0f0c41ec15c643c4e91e9ec5cc md5sum = 499ba647f0c22f16bea3cc88bdfd98e8
mode = 0644 mode = 0644
[monitor-bin] [monitor-bin]
recipe = hexagonit.recipe.download recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/${:filename} url = ${:_profile_base_location_}/${:filename}
download-only = true download-only = true
md5sum = 1e7b4698f6627150b1eb783b06f8b13a md5sum = cb2f15850d3dc82459a0044adb4416cf
destination = ${buildout:directory}/parts/monitor-template-monitor-bin destination = ${buildout:directory}/parts/monitor-template-monitor-bin
filename = monitor.py.in filename = monitor.py.in
mode = 0644 mode = 0644
[index] [index]
recipe = hexagonit.recipe.download recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/webfiles/${:filename} url = ${:_profile_base_location_}/webfile-directory/${:filename}
download-only = true download-only = true
md5sum = 91ac749f86aecc0c383d93e51e15a572 md5sum = cd649264b331499241abfcdb4e81672a
destination = ${buildout:directory}/parts/monitor-index destination = ${buildout:directory}/parts/monitor-index
filename = index.cgi.in filename = index.cgi.in
mode = 0644 mode = 0644
[index-template] [index-template]
recipe = hexagonit.recipe.download recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/webfiles/${:filename} url = ${:_profile_base_location_}/webfile-directory/${:filename}
download-only = true download-only = true
destination = ${buildout:directory}/parts/monitor-template-index destination = ${buildout:directory}/parts/monitor-template-index
md5sum = e0d2aaeffc046b2ac6d9d717e1ba321d md5sum = e0d2aaeffc046b2ac6d9d717e1ba321d
...@@ -74,22 +74,31 @@ mode = 0644 ...@@ -74,22 +74,31 @@ mode = 0644
[status-cgi] [status-cgi]
recipe = hexagonit.recipe.download recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/webfiles/${:filename} url = ${:_profile_base_location_}/webfile-directory/${:filename}
download-only = true download-only = true
md5sum = aa2764cab87e457410435974f729e906 md5sum = 4fb26753ee669b8ac90ffe33dbd12e8f
destination = ${buildout:directory}/parts/monitor-template-status-cgi destination = ${buildout:directory}/parts/monitor-template-status-cgi
filename = status.cgi.in filename = status.cgi.in
mode = 0644 mode = 0644
[settings-cgi] [settings-cgi]
recipe = hexagonit.recipe.download recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/webfiles/${:filename} url = ${:_profile_base_location_}/webfile-directory/${:filename}
download-only = true download-only = true
md5sum = 18574b804da0c65d8670959f9e7c4774 md5sum = f19c8e4b94718d475520618ae57338c8
destination = ${buildout:directory}/parts/monitor-template-settings-cgi destination = ${buildout:directory}/parts/monitor-template-settings-cgi
filename = settings.cgi.in filename = settings.cgi.in
mode = 0644 mode = 0644
[monitor-password-cgi]
recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/webfile-directory/${:filename}
download-only = true
md5sum = 1a6153908934bf77e3e033eeabdc1675
destination = ${buildout:directory}/parts/monitor-template-monitor-password-cgi
filename = monitor-password.cgi.in
mode = 0644
[rss-bin] [rss-bin]
recipe = hexagonit.recipe.download recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/${:filename} url = ${:_profile_base_location_}/${:filename}
...@@ -108,9 +117,9 @@ logfile = $${directory:log}/crond.log ...@@ -108,9 +117,9 @@ logfile = $${directory:log}/crond.log
[download-static-files] [download-static-files]
recipe = hexagonit.recipe.download recipe = hexagonit.recipe.download
url = https://github.com/SlapOS/staticForMonitoring/blob/db670e7568871c69a64916d462ccb57629f1c77d/static-files.tar.gz?raw=true url = https://github.com/SlapOS/staticForMonitoring/blob/8b7050faa2dd22592766e25b66b9efe0d0b216c9/static-files.tar.gz?raw=true
download-only = true download-only = true
md5sum = 9e3feb2b520620d5b8d478eb9a9be6de md5sum = 05030ff31dc75c2b96559dedc70945f5
filename = static-files.tar.gz filename = static-files.tar.gz
destination = ${buildout:directory}/parts/monitor-static-files destination = ${buildout:directory}/parts/monitor-static-files
mode = 0644 mode = 0644
...@@ -18,6 +18,7 @@ url = https://[$${slap-parameters:ipv6-random}]:$${:port} ...@@ -18,6 +18,7 @@ url = https://[$${slap-parameters:ipv6-random}]:$${:port}
index-filename = index.cgi index-filename = index.cgi
index-path = $${monitor-directory:www}/$${:index-filename} index-path = $${monitor-directory:www}/$${:index-filename}
db-path = $${monitor-directory:etc}/monitor.db db-path = $${monitor-directory:etc}/monitor.db
monitor-password-path = $${monitor-directory:etc}/.monitor.shadow
[monitor-directory] [monitor-directory]
recipe = slapos.cookbook:mkdirectory recipe = slapos.cookbook:mkdirectory
...@@ -97,11 +98,14 @@ mode = 0644 ...@@ -97,11 +98,14 @@ mode = 0644
recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
template = ${index:location}/${index:filename} template = ${index:location}/${index:filename}
rendered = $${monitor-parameters:index-path} rendered = $${monitor-parameters:index-path}
update-apache-access = ${apache:location}/bin/htpasswd -cb $${monitor-parameters:htaccess-file} admin
mode = 0744 mode = 0744
context = context =
key cgi_directory monitor-directory:cgi-bin key cgi_directory monitor-directory:cgi-bin
raw index_template $${deploy-index-template:location}/$${deploy-index-template:filename} raw index_template $${deploy-index-template:location}/$${deploy-index-template:filename}
key password zero-parameters:monitor-password key monitor_password_path monitor-parameters:monitor-password-path
key monitor_password_script_path deploy-monitor-password-cgi:rendered
key apache_update_command :update-apache-access
raw extra_eggs_interpreter ${buildout:directory}/bin/${extra-eggs:interpreter} raw extra_eggs_interpreter ${buildout:directory}/bin/${extra-eggs:interpreter}
raw default_page /welcome.html raw default_page /welcome.html
...@@ -139,6 +143,17 @@ context = ...@@ -139,6 +143,17 @@ context =
key pwd monitor-directory:knowledge0-cgi key pwd monitor-directory:knowledge0-cgi
key this_file :filename key this_file :filename
[deploy-monitor-password-cgi]
recipe = slapos.recipe.template:jinja2
template = ${monitor-password-cgi:location}/${monitor-password-cgi:filename}
rendered = $${monitor-directory:knowledge0-cgi}/$${:filename}
filename = monitor-password.cgi
mode = 0744
context =
raw python_executable ${buildout:executable}
key pwd monitor-directory:knowledge0-cgi
key this_file :filename
[deploy-monitor-script] [deploy-monitor-script]
recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
template = ${monitor-bin:location}/${monitor-bin:filename} template = ${monitor-bin:location}/${monitor-bin:filename}
...@@ -159,12 +174,6 @@ context = ...@@ -159,12 +174,6 @@ context =
section directory monitor-directory section directory monitor-directory
section monitor_parameters monitor-parameters section monitor_parameters monitor-parameters
[monitor-htaccess]
recipe = plone.recipe.command
stop-on-error = true
htaccess-path = $${monitor-parameters:htaccess-file}
command = ${apache:location}/bin/htpasswd -cb $${:htaccess-path} admin $${zero-parameters:monitor-password}
[monitor-directory-access] [monitor-directory-access]
recipe = plone.recipe.command recipe = plone.recipe.command
command = ln -s $${:source} $${monitor-directory:private-directory} command = ln -s $${:source} $${monitor-directory:private-directory}
...@@ -211,7 +220,6 @@ name = example.com ...@@ -211,7 +220,6 @@ name = example.com
[public] [public]
recipe = slapos.cookbook:zero-knowledge.write recipe = slapos.cookbook:zero-knowledge.write
filename = knowledge0.cfg filename = knowledge0.cfg
monitor-password = passwordtochange
[zero-parameters] [zero-parameters]
recipe = slapos.cookbook:zero-knowledge.read recipe = slapos.cookbook:zero-knowledge.read
...@@ -279,7 +287,7 @@ input = inline: ...@@ -279,7 +287,7 @@ input = inline:
</Files> </Files>
AuthType Basic AuthType Basic
AuthName "Private access" AuthName "Private access"
AuthUserFile "$${monitor-htaccess:htaccess-path}" AuthUserFile "$${monitor-parameters:htaccess-file}"
Require valid-user Require valid-user
Options Indexes FollowSymLinks Options Indexes FollowSymLinks
Satisfy all Satisfy all
...@@ -315,4 +323,3 @@ curl_path = ${curl:location}/bin/curl ...@@ -315,4 +323,3 @@ curl_path = ${curl:location}/bin/curl
[publish-connection-informations] [publish-connection-informations]
recipe = slapos.cookbook:publish recipe = slapos.cookbook:publish
monitor_url = $${monitor-parameters:url} monitor_url = $${monitor-parameters:url}
IMPORTANT_monitor_info = Change the monitor_password as soon as possible ! Default is : $${public:monitor-password} . You can change it in the setting.cgi section of your monitorin interface
...@@ -7,6 +7,7 @@ import subprocess ...@@ -7,6 +7,7 @@ import subprocess
import sys import sys
import sqlite3 import sqlite3
import time import time
import threading
from optparse import OptionParser, make_option from optparse import OptionParser, make_option
...@@ -34,6 +35,26 @@ option_list = [ ...@@ -34,6 +35,26 @@ option_list = [
help="add the file containing services\'pid to the files to monitor") help="add the file containing services\'pid to the files to monitor")
] ]
class Popen(subprocess.Popen):
__timeout = None
def timeout(self, delay, delay_before_kill=5):
if self.__timeout is not None: self.__timeout.cancel()
self.__timeout = threading.Timer(delay, self.stop, [delay_before_kill])
self.__timeout.start()
def waiter():
self.wait()
self.__timeout.cancel()
threading.Thread(target=waiter).start()
def stop(self, delay_before_kill=5):
if self.__timeout is not None: self.__timeout.cancel()
self.terminate()
t = threading.Timer(delay_before_kill, self.kill)
t.start()
r = self.wait()
t.cancel()
return r
def init_db(): def init_db():
db = sqlite3.connect(db_path) db = sqlite3.connect(db_path)
...@@ -89,24 +110,26 @@ def runServices(directory): ...@@ -89,24 +110,26 @@ def runServices(directory):
def runScripts(directory): def runScripts(directory):
scripts = getListOfScripts(directory) scripts = getListOfScripts(directory)
script_timeout = 3 # XXX script_timeout could be passed as parameters
script_timeout = 60 # in seconds
result = {} result = {}
for script in scripts: for script in scripts:
command = [os.path.join(promise_dir, script)] command = [os.path.join(promise_dir, script)]
script = os.path.basename(command[0]) script = os.path.basename(command[0])
result[script] = '' result[script] = ''
process_handler = subprocess.Popen(command, process_handler = Popen(command,
cwd=instance_path, cwd=instance_path,
env=None if sys.platform == 'cygwin' else {}, env=None if sys.platform == 'cygwin' else {},
stdout=subprocess.PIPE, stdout=subprocess.PIPE,
stderr=subprocess.PIPE, stderr=subprocess.PIPE,
stdin=subprocess.PIPE) stdin=subprocess.PIPE)
process_handler.stdin.flush() process_handler.stdin.flush()
process_handler.stdin.close() process_handler.stdin.close()
process_handler.stdin = None process_handler.stdin = None
time.sleep(script_timeout) process_handler.timeout(script_timeout)
process_handler.wait()
if process_handler.poll() is None: if process_handler.poll() is None:
process_handler.terminate() process_handler.terminate()
......
...@@ -3,11 +3,12 @@ ...@@ -3,11 +3,12 @@
import cgi import cgi
import cgitb import cgitb
import Cookie import Cookie
import base64
import hashlib
import hmac
import jinja2 import jinja2
import json
import os import os
import subprocess import subprocess
import sys
import urllib import urllib
cgitb.enable(display=0, logdir="/tmp/cgi.log") cgitb.enable(display=0, logdir="/tmp/cgi.log")
...@@ -17,6 +18,58 @@ cookie = Cookie.SimpleCookie() ...@@ -17,6 +18,58 @@ cookie = Cookie.SimpleCookie()
cgi_path = "{{ cgi_directory }}" cgi_path = "{{ cgi_directory }}"
monitor_password_path = "{{ monitor_password_path }}"
monitor_password_script_path = "{{ monitor_password_script_path }}"
monitor_apache_password_command = "{{ apache_update_command }}"
########
# Password functions
#######
def crypt(word, salt="$$"):
salt = salt.split("$")
algo = salt[0] or 'sha1'
if algo in hashlib.algorithms:
H = getattr(hashlib, algo)
elif algo == "plain":
return "%s$%s" % (algo, word)
else:
raise ValueError
rounds = min(max(0, int(salt[1])), 30) if salt[1] else 9
salt = salt[2] or base64.b64encode(os.urandom(12), "./")
h = hmac.new(salt, word, H).digest()
for x in xrange(1, 1 << rounds):
h = H(h).digest()
return "%s$%s$%s$%s" % (algo, rounds, salt,
base64.b64encode(h, "./").rstrip("="))
def is_password_set():
if not os.path.exists(monitor_password_path):
return False
hashed_password = open(monitor_password_path, 'r').read()
try:
void, algo, salt, hsh = hashed_password.split('$')
except ValueError:
return False
return True
def set_password(raw_password):
hashed_password = crypt(raw_password)
subprocess.check_call(monitor_apache_password_command + " %s" % raw_password,
shell=True)
open(monitor_password_path, 'w').write(hashed_password)
def check_password(raw_password):
"""
Returns a boolean of whether the raw_password was correct. Handles
encryption formats behind the scenes.
"""
if not os.path.exists(monitor_password_path) or not raw_password:
return False
hashed_password = open(monitor_password_path, 'r').read()
return hashed_password == crypt(raw_password, hashed_password)
### End of password functions
def forward_form(): def forward_form():
command = os.path.join(cgi_path, form['posting-script'].value) command = os.path.join(cgi_path, form['posting-script'].value)
...@@ -33,8 +86,10 @@ def forward_form(): ...@@ -33,8 +86,10 @@ def forward_form():
pass pass
def return_document(): def return_document(command=None):
command = os.path.join(cgi_path, form['script'].value) if not command:
script = form['script'].value
command = os.path.join(cgi_path, script)
#XXX this functions should be called only for display, #XXX this functions should be called only for display,
#so a priori it doesn't need form data #so a priori it doesn't need form data
os.environ['QUERY_STRING'] = '' os.environ['QUERY_STRING'] = ''
...@@ -45,8 +100,8 @@ def return_document(): ...@@ -45,8 +100,8 @@ def return_document():
print open(command).read() print open(command).read()
else: else:
raise OSError raise OSError
except (subprocess.CalledProcessError, OSError): except (subprocess.CalledProcessError, OSError) as e:
print "<p>File cannot be found</p>" print "<p>Error :</p><pre>%s</pre>" % e
def make_menu(): def make_menu():
...@@ -62,29 +117,48 @@ def make_menu(): ...@@ -62,29 +117,48 @@ def make_menu():
return folder_list return folder_list
# Beginning of response def get_cookie_password():
print "Content-Type: text/html"
# Check if user is logged
if "password" in form:
password = form['password'].value
if password == '{{ password }}' :
cookie['password'] = password
print cookie, "; Path=/; HttpOnly"
else:
cookie_string = os.environ.get('HTTP_COOKIE') cookie_string = os.environ.get('HTTP_COOKIE')
if cookie_string: if cookie_string:
cookie.load(cookie_string) cookie.load(cookie_string)
try: try:
password = cookie['password'].value return cookie['password'].value
except KeyError: except KeyError:
password = None pass
else: return None
password = None
def set_cookie_password(password):
cookie['password'] = password
print cookie, "; Path=/; HttpOnly"
# Beginning of response
print "Content-Type: text/html"
password = None
# Check if user is logged
if "password_2" in form and "password" in form:
password_2 = form['password_2'].value
password_1 = form['password'].value
password = get_cookie_password()
if not is_password_set() or check_password(password):
if password_2 == password_1:
password = password_1
set_password(password)
set_cookie_password(password)
elif "password" in form:
password = form['password'].value
if is_password_set() and check_password(password):
set_cookie_password(password)
else:
password = get_cookie_password()
print '\n' print '\n'
if not password or password != '{{ password }}':
if not is_password_set():
return_document(monitor_password_script_path)
elif not check_password(password):
print "<html><head>" print "<html><head>"
print """ print """
<link rel="stylesheet" href="pure-min.css"> <link rel="stylesheet" href="pure-min.css">
...@@ -101,7 +175,6 @@ if not password or password != '{{ password }}': ...@@ -101,7 +175,6 @@ if not password or password != '{{ password }}':
<button type="submit" class="pure-button pure-button-primary">Access</button> <button type="submit" class="pure-button pure-button-primary">Access</button>
</form> </form>
</body></html>""" </body></html>"""
# redirection to the required script/page # redirection to the required script/page
else: else:
print print
......
#!{{ python_executable }}
import cgitb
cgitb.enable()
print "<html><head>"
print """
<script type="text/javascript" src="/jquery-1.10.2.min.js"></script>
<link rel="stylesheet" href="pure-min.css">
<link rel="stylesheet" href="/style.css">"""
print "</head><body>"
print "<h1>This is the monitoring interface</h1>"
print "<h2>Please set your password for later access</h2>"
print """
<form action="/index.cgi" method="post" class="pure-form-aligned">
<div class="pure-control-group">
<label for="password">Password*:</label>
<input placeholder="Set your password" type="password" name="password" id="password"></br>
</div><div class="pure-control-group">
<label for="password">Verify Password*:</label>
<input placeholder="Verify password" type="password" name="password_2" id="password_2"></br>
</div><p id="validate-status" style="color:red"></p>
<div class="pure-controls">
<button id="register-button" type="submit" class="pure-button pure-button-primary" disabled>Access</button></div>
</form>
<script type="text/javascript" src="monitor-register.js"></script>
</body></html>
"""
...@@ -17,14 +17,19 @@ config_file = "{{ config_cfg }}" ...@@ -17,14 +17,19 @@ config_file = "{{ config_cfg }}"
if not os.path.exists(config_file): if not os.path.exists(config_file):
print "Your software does <b>not</b> embed 0-knowledge. \ print "Your software does <b>not</b> embed 0-knowledge. \
This interface is useless in this case" This interface is useless in this case</body></html>"
exit(0) exit(0)
parser = ConfigParser.ConfigParser() parser = ConfigParser.ConfigParser()
parser.read(config_file) parser.read(config_file)
if not parser.has_section('public'):
print "<p>Your software does not use 0-knowledge settings.</p></body></html>"
exit(0)
for name in form: for name in form:
parser.set('public', name, form[name].value) if parser.has_option('public', name):
parser.set('public', name, form[name].value)
with open(config_file, 'w') as file: with open(config_file, 'w') as file:
parser.write(file) parser.write(file)
......
...@@ -3,6 +3,7 @@ ...@@ -3,6 +3,7 @@
import cgi import cgi
import cgitb import cgitb
import json import json
import os
import subprocess import subprocess
def refresh(): def refresh():
...@@ -11,10 +12,21 @@ def refresh(): ...@@ -11,10 +12,21 @@ def refresh():
cgitb.enable(display=0, logdir="/tmp/cgi.log") cgitb.enable(display=0, logdir="/tmp/cgi.log")
form = cgi.FieldStorage() form = cgi.FieldStorage()
if "refresh" in form:
refresh()
json_file = "{{ json_file }}" json_file = "{{ json_file }}"
if not os.path.exists(json_file) or "refresh" in form:
refresh()
if not os.path.exists(json_file):
print """<html><head>
<link rel="stylesheet" href="pure-min.css">
<link rel="stylesheet" href="/style.css">
</head><body>
<h1>Monitoring :</h1>
No status file found</p></body></html>"""
exit(0)
result = json.load(open(json_file)) result = json.load(open(json_file))
print "<html><head>" print "<html><head>"
...@@ -33,7 +45,7 @@ print "<br/>" ...@@ -33,7 +45,7 @@ print "<br/>"
print "<h2>These scripts and promises have failed :</h2>" print "<h2>These scripts and promises have failed :</h2>"
for r in result: for r in result:
if result[r] != '': if result[r] != '':
print "<h3>%s</h3><p style=\"padding-left:30px;\">%s</p>" % (r, result[r]) print "<h3>%s</h3><pre style=\"padding-left:30px;\">%s</pre>" % (cgi.escape(r), cgi.escape(result[r]))
print "<br/>" print "<br/>"
print "<h2>These scripts and promises were successful :</h2>" print "<h2>These scripts and promises were successful :</h2>"
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment