Commit e13f7c63 authored by Marco Mariani's avatar Marco Mariani

Merge remote-tracking branch 'origin/master' into zimbra

parents 0e3ec32b e40afbc5
Changes
=======
0.77.1 (2013-04-18)
-------------------
* Re-release of 0.77.0.
0.77.0 (2013-04-18)
-------------------
* Allow to pass extra parameters when creating simple wrapper. [Sebastien Robin]
* Apache frontend: Append all rewrite module options to http as well. [Cedric de Saint Martin]
* Apache frontend: Add https-only support. [Cedric de Saint Martin]
* Apache frontend: make logrotate work by using "generic" component. [Cedric de Saint Martin]
0.76.0 (2013-04-03)
-------------------
......
......@@ -6,5 +6,5 @@ parts =
recipe = hexagonit.recipe.download
# Post-0.4 release from January 2013
url = http://github.com/kanaka/noVNC/zipball/3b2acc2258d36137a37edfbe0f03a3099189c49d
md5sum = 0d06abc20e59643e14fefe52b42daf60
md5sum = a276be8fa193652bb5de8a271603f11f
strip-top-level-dir = true
......@@ -3,6 +3,7 @@ extends =
../../component/gnutls/buildout.cfg
../../component/libpng/buildout.cfg
../../component/libuuid/buildout.cfg
../../component/xorg/buildout.cfg
../../component/zlib/buildout.cfg
[kvm]
......@@ -11,9 +12,11 @@ extends =
[qemu-kvm]
recipe = slapos.recipe.cmmi
url = http://downloads.sourceforge.net/project/kvm/qemu-kvm/1.2.0/qemu-kvm-1.2.0.tar.gz
md5sum = d7b18b673c48abfee65a9c0245df0415
# qemu-kvm and qemu are now the same since 1.3.
url = http://wiki.qemu-project.org/download/qemu-1.4.1.tar.bz2
md5sum = eb2d696956324722b5ecfa46e41f9a75
configure-options =
--target-list=""
--disable-sdl
--disable-xen
--enable-vnc-tls
......@@ -24,9 +27,11 @@ configure-options =
--disable-docs
--enable-vnc-png
--disable-vnc-jpeg
--enable-vnc-ws
--extra-cflags="-I${gnutls:location}/include -I${libuuid:location}/include -I${zlib:location}/include -I${libpng:location}/include"
--extra-ldflags="-Wl,-rpath -Wl,${glib:location}/lib -L${glib:location}/lib -Wl,-rpath -Wl,${gnutls:location}/lib -L${gnutls:location}/lib -Wl,-rpath -Wl,${gpg-error:location}/lib -L${gpg-error:location}/lib -L${gettext:location}/lib -Wl,-rpath -Wl,${gettext:location}/lib -Wl,-rpath -Wl,${libpng:location}/lib -L${libpng:location}/lib -L${libuuid:location}/lib -Wl,-rpath -Wl,${libuuid:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -lpng -lz -lgnutls"
--disable-werror
environment =
PATH=${pkgconfig:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${gnutls:location}/lib/pkgconfig:${glib:location}/lib/pkgconfig
PKG_CONFIG_PATH=${gnutls:location}/lib/pkgconfig:${glib:location}/lib/pkgconfig:${pixman:location}/lib/pkgconfig
......@@ -4,8 +4,8 @@ parts =
[zabbix-agent]
recipe = slapos.recipe.cmmi
url = http://prdownloads.sourceforge.net/zabbix/zabbix-2.0.1.tar.gz?download
md5sum = 3b301aa4f2b7cb5ede46884b9c7873e1
url = http://prdownloads.sourceforge.net/zabbix/zabbix-2.0.5.tar.gz?download
md5sum = 0c0721c31889b63bce9aa556bcb927e8
configure-options =
--enable-agent
--enable-ipv6
......@@ -28,7 +28,7 @@ from setuptools import setup, find_packages
import glob
import os
version = '0.76.1.dev'
version = '0.77.2.dev'
name = 'slapos.cookbook'
long_description = open("README.txt").read() + "\n" + \
open("CHANGES.txt").read() + "\n"
......
......@@ -36,6 +36,7 @@ import ConfigParser
import re
import traceback
TRUE_VALUES = ['y', 'yes', '1', 'true']
class Recipe(BaseSlapRecipe):
......@@ -65,13 +66,13 @@ class Recipe(BaseSlapRecipe):
# self.cron_d is a directory, where cron jobs can be registered
self.cron_d = self.installCrond()
self.logrotate_d, self.logrotate_backup = self.installLogrotate()
self.killpidfromfile = zc.buildout.easy_install.scripts(
[('killpidfromfile', 'slapos.recipe.erp5.killpidfromfile',
[('killpidfromfile', 'slapos.toolbox.killpidfromfile',
'killpidfromfile')], self.ws, sys.executable, self.bin_directory)[0]
self.path_list.append(self.killpidfromfile)
rewrite_rule_list = []
rewrite_rule_https_only_list = []
rewrite_rule_zope_list = []
rewrite_rule_zope_path_list = []
slave_dict = {}
......@@ -88,19 +89,15 @@ class Recipe(BaseSlapRecipe):
# Sanitize inputs
backend_url = slave_instance.get("url", None)
reference = slave_instance.get("slave_reference")
enable_cache = slave_instance.get('enable_cache', '').lower() in TRUE_VALUES
slave_type = slave_instance.get('type', '').lower() or None
if slave_instance.haskey("enable_cache"):
enable_cache = slave_instance.get("enable_cache", "").upper() in ('1', 'TRUE')
else:
enable_cache = False
if slave_instance.haskey("type"):
slave_type = slave_instance.get("type", "").lower()
else:
slave_type = None
https_only = slave_instance.get('https-only', '').lower() in TRUE_VALUES
# Set scheme (http? https?)
# Future work may allow to choose between http and https (or both?)
if https_only:
scheme = 'https://'
else:
scheme = 'http://'
self.logger.info('Processing slave instance: %s' % reference)
......@@ -143,6 +140,10 @@ class Recipe(BaseSlapRecipe):
rewrite_rule = "%s %s" % (domain, backend_url)
# Finally, if successful, we add the rewrite rule to our list of rules
# We have 4 RewriteMaps:
# - One for generic (non-zope) websites, accepting both HTTP and HTTPS
# - One for generic websites that only accept HTTPS
# - Two for Zope-based websites
if rewrite_rule:
# We check if we have a zope slave. It requires different rewrite
# rule structure.
......@@ -153,6 +154,9 @@ class Recipe(BaseSlapRecipe):
# For Zope, we have another dict containing the path e.g '/erp5/...
rewrite_rule_path = "%s %s" % (domain, slave_instance.get('path', ''))
rewrite_rule_zope_path_list.append(rewrite_rule_path)
else:
if https_only:
rewrite_rule_https_only_list.append(rewrite_rule)
else:
rewrite_rule_list.append(rewrite_rule)
......@@ -186,6 +190,7 @@ class Recipe(BaseSlapRecipe):
plain_http_port=frontend_plain_http_port_number,
name=frontend_domain_name,
rewrite_rule_list=rewrite_rule_list,
rewrite_rule_https_only_list=rewrite_rule_https_only_list,
rewrite_rule_zope_list=rewrite_rule_zope_list,
rewrite_rule_zope_path_list=rewrite_rule_zope_path_list,
key=key, certificate=certificate)
......@@ -279,29 +284,6 @@ class Recipe(BaseSlapRecipe):
return "%s http://%s:%s" % \
(domain, varnish_ip, base_varnish_port)
def installLogrotate(self):
"""Installs logortate main configuration file and registers its to cron"""
logrotate_d = os.path.abspath(os.path.join(self.etc_directory,
'logrotate.d'))
self._createDirectory(logrotate_d)
logrotate_backup = self.createBackupDirectory('logrotate')
logrotate_conf = self.createConfigurationFile("logrotate.conf",
"include %s" % logrotate_d)
logrotate_cron = os.path.join(self.cron_d, 'logrotate')
state_file = os.path.join(self.data_root_directory, 'logrotate.status')
open(logrotate_cron, 'w').write('0 0 * * * %s -s %s %s' %
(self.options['logrotate_binary'], state_file, logrotate_conf))
self.path_list.extend([logrotate_d, logrotate_conf, logrotate_cron])
return logrotate_d, logrotate_backup
def registerLogRotation(self, name, log_file_list, postrotate_script):
"""Register new log rotation requirement"""
open(os.path.join(self.logrotate_d, name), 'w').write(
self.substituteTemplate(self.getTemplateFilename(
'logrotate_entry.in'),
dict(file_list=' '.join(['"'+q+'"' for q in log_file_list]),
postrotate=postrotate_script, olddir=self.logrotate_backup)))
def requestCertificate(self, name):
hash = hashlib.sha512(name).hexdigest()
key = os.path.join(self.ca_private, hash + self.ca_key_ext)
......@@ -418,8 +400,7 @@ class Recipe(BaseSlapRecipe):
def _getApacheConfigurationDict(self, name, ip_list, port):
apache_conf = dict()
apache_conf['server_name'] = name
apache_conf['pid_file'] = os.path.join(self.run_directory,
name + '.pid')
apache_conf['pid_file'] = self.options['pid-file']
apache_conf['lock_file'] = os.path.join(self.run_directory,
name + '.lock')
apache_conf['document_root'] = os.path.join(self.data_root_directory,
......@@ -429,13 +410,8 @@ class Recipe(BaseSlapRecipe):
apache_conf['ip_list'] = ip_list
apache_conf['port'] = port
apache_conf['server_admin'] = 'admin@'
apache_conf['error_log'] = os.path.join(self.log_directory,
'frontend-apache-error.log')
apache_conf['access_log'] = os.path.join(self.log_directory,
'frontend-apache-access.log')
self.registerLogRotation(name, [apache_conf['error_log'],
apache_conf['access_log']], self.killpidfromfile + ' ' +
apache_conf['pid_file'] + ' SIGUSR1')
apache_conf['error_log'] = self.options['error-log']
apache_conf['access_log'] = self.options['access-log']
return apache_conf
def installVarnishCache(self, name, ip, port, control_port, backend_host,
......@@ -517,10 +493,13 @@ class Recipe(BaseSlapRecipe):
port=4443, plain_http_port=8080,
rewrite_rule_list=None,
rewrite_rule_zope_list=None,
rewrite_rule_https_only_list=None,
rewrite_rule_zope_path_list=None,
access_control_string=None):
if rewrite_rule_list is None:
rewrite_rule_list = []
if rewrite_rule_https_only_list is None:
rewrite_rule_zope_path_list = []
if rewrite_rule_zope_list is None:
rewrite_rule_zope_list = []
if rewrite_rule_zope_path_list is None:
......@@ -571,15 +550,22 @@ class Recipe(BaseSlapRecipe):
self.path_list.append(backup_cron)
# Create configuration file and rewritemaps
apachemap_name = "apachemap.txt"
apachemapzope_name = "apachemapzope.txt"
apachemapzopepath_name = "apachemapzopepath.txt"
self.createConfigurationFile(apachemap_name, "\n".join(rewrite_rule_list))
self.createConfigurationFile(apachemapzope_name,
"\n".join(rewrite_rule_zope_list))
self.createConfigurationFile(apachemapzopepath_name,
"\n".join(rewrite_rule_zope_path_list))
apachemap_path = self.createConfigurationFile(
"apache_rewritemap_generic.txt",
"\n".join(rewrite_rule_list)
)
apachemap_httpsonly_path = self.createConfigurationFile(
"apache_rewritemap_httpsonly.txt",
"\n".join(rewrite_rule_https_only_list)
)
apachemap_zope_path = self.createConfigurationFile(
"apache_rewritemap_zope.txt",
"\n".join(rewrite_rule_zope_list)
)
apachemap_zopepath_path = self.createConfigurationFile(
"apache_rewritemap_zopepath.txt",
"\n".join(rewrite_rule_zope_path_list)
)
apache_conf = self._getApacheConfigurationDict(name, ip_list, port)
apache_conf['ssl_snippet'] = self.substituteTemplate(
......@@ -606,9 +592,10 @@ class Recipe(BaseSlapRecipe):
apache_conf.update(**dict(
path_enable=path,
apachemap_path=os.path.join(self.etc_directory, apachemap_name),
apachemapzope_path=os.path.join(self.etc_directory, apachemapzope_name),
apachemapzopepath_path=os.path.join(self.etc_directory, apachemapzopepath_name),
apachemap_path=apachemap_path,
apachemap_httpsonly_path=apachemap_httpsonly_path,
apachemapzope_path=apachemap_zope_path,
apachemapzopepath_path=apachemap_zopepath_path,
apache_domain=name,
https_port=port,
plain_http_port=plain_http_port,
......
......@@ -104,10 +104,12 @@ Header append Vary User-Agent
# or changed when slapgrid is ran. It can be freely customized by node admin.
Include %(custom_apache_virtualhost_conf)s
# Define the two RewriteMaps (key -> value store): one for Zope, one generic
# Define the 3 RewriteMaps (key -> value store): one for Zope, one generic,
# one generic https only,
# containing: rewritten URL -> original URL (a.k.a VirtualHostBase in Zope)
RewriteMap apachemapzope txt:%(apachemapzope_path)s
RewriteMap apachemapgeneric txt:%(apachemap_path)s
RewriteMap apachemapgenerichttpsonly txt:%(apachemap_httpsonly_path)s
# Define another RewriteMap for Zope, containing:
# rewritten URL -> VirtualHostRoot
......@@ -123,21 +125,32 @@ Header append Vary User-Agent
RewriteCond ${apachemapgeneric:%%{SERVER_NAME}} >""
# We suppose that Apache listens to 443 (even indirectly thanks to things like iptables)
RewriteRule ^/(.*)$ ${apachemapgeneric:%%{SERVER_NAME}}/$1 [L,P]
# Same for https only server
RewriteCond ${apachemapgenerichttpsonly:%%{SERVER_NAME}} >""
# We suppose that Apache listens to 443 (even indirectly thanks to things like iptables)
RewriteRule ^/(.*)$ ${apachemapgenerichttpsonly:%%{SERVER_NAME}}/$1 [L,P]
# If nothing exist : put a nice error
ErrorDocument 404 /notfound.html
</VirtualHost>
# Only accept generic (i.e not Zope) backends on http
<VirtualHost *:%(plain_http_port)s>
RewriteEngine On
SSLProxyEngine on
# Rewrite part
ProxyVia On
ProxyPreserveHost On
ProxyTimeout 600
RewriteEngine On
# Remove "Secure" from cookies, as backend may be https
Header edit Set-Cookie "(?i)^(.+);secure$" "$1"
# Include configuration file not operated by slapos. This file won't be erased
# or changed when slapgrid is ran. It can be freely customized by node admin.
Include %(custom_apache_virtualhost_conf)s
# We accept generic (i.e not lamp) backends on http
RewriteMap apachemapgeneric txt:%(apachemap_path)s
RewriteCond ${apachemapgeneric:%%{SERVER_NAME}} >""
RewriteRule ^/(.*)$ ${apachemapgeneric:%%{SERVER_NAME}}/$1 [L,P]
......@@ -148,6 +161,7 @@ Header append Vary User-Agent
RewriteRule ^/(.*)$ https://%%{SERVER_NAME}%%{REQUEST_URI}
</VirtualHost>
# Include configuration file not operated by slapos. This file won't be erased
# or changed when slapgrid is ran. It can be freely customized by node admin.
Include %(custom_apache_conf)s
......@@ -107,7 +107,8 @@ class Recipe(GenericSlapRecipe):
http_redirect_server = ''
config = dict(
ip=self.options['ip'],
ipv6=self.options['ipv6'],
ipv4=self.options['ipv4'],
port=self.options['port'],
key=self.options['ssl-key-path'],
certificate=self.options['ssl-cert-path'],
......
......@@ -37,12 +37,13 @@ var fs = require('fs'),
httpProxy = require('http-proxy'),
proxyByUrl = require('proxy-by-url');
var listenInterface = process.argv[2],
port = process.argv[3],
sslKeyFile = process.argv[4],
sslCertFile = process.argv[5],
proxyTable = process.argv[6],
redirect = process.argv[7] || false,
var listenInterfacev6 = process.argv[2],
listenInterfacev4 = process.argv[3],
port = process.argv[4],
sslKeyFile = process.argv[5],
sslCertFile = process.argv[6],
proxyTable = process.argv[7],
redirect = process.argv[8] || false,
isRawIPv6;
if (process.argv.length < 7) {
......@@ -50,11 +51,6 @@ if (process.argv.length < 7) {
process.exit(1);
}
isRawIPv6 = function checkipv6(str) {
// Inspired by http://forums.intermapper.com/viewtopic.php?t=452
return (/^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?\s*$/.test(str));
}(listenInterface);
/**
* Dummy middleware that throws 404 not found. Does not contain websocket
* middleware.
......@@ -69,7 +65,7 @@ var middlewareNotFound = function(req, res, proxy) {
/**
* Create server
*/
var proxyServer = httpProxy.createServer(
var proxyServerv6 = httpProxy.createServer(
// We declare our proxyByUrl middleware
proxyByUrl(proxyTable),
// Then we add your dummy middleware, called when proxyByUrl doesn't find url.
......@@ -87,42 +83,70 @@ var proxyServer = httpProxy.createServer(
)
},
source: {
host: listenInterface,
host: listenInterfacev6,
port: port
}}
);
var proxyServerv4 = httpProxy.createServer(
// We declare our proxyByUrl middleware
proxyByUrl(proxyTable),
// Then we add your dummy middleware, called when proxyByUrl doesn't find url.
middlewareNotFound,
// And we set HTTPS options for server. HTTP will be forbidden.
{
https: {
key: fs.readFileSync(
sslKeyFile,
'utf8'
),
cert: fs.readFileSync(
sslCertFile,
'utf8'
)
},
source: {
host: listenInterfacev4,
port: port
}}
);
console.log('HTTPS server starting and trying to listen on ' +
listenInterface + ':' + port);
listenInterfacev4 + ':' + port);
// Release the beast.
proxyServer.listen(port, listenInterface);
proxyServerv6.listen(port, listenInterfacev6);
proxyServerv4.listen(port, listenInterfacev4);
// Dummy HTTP server redirecting to HTTPS. Only has sense if we can use port 80
if (redirect === '1') {
console.log('HTTP redirect server starting and trying to listen on ' +
listenInterface + ':' + httpPort);
try {
var httpPort = 80;
http.createServer(function(req, res) {
var url;
if (isRawIPv6 === true) {
url = 'https://[' + listenInterface + ']';
} else {
url = 'https://' + listenInterface;
}
// If non standard port : need to specify it
if (port !== 443) {
url = url + ':' + port;
}
// Add last part of URL
url = url + req.url;
console.log(url);
// Anwser "permanently redirected"
res.statusCode = 301;
res.setHeader('Location', url);
res.end();
}).listen(httpPort, listenInterface);
} catch (error) {
console.log('Couldn\'t start plain HTTP redirection server : ' + error)
}
/*
*try {
* var httpPort = 80;
* http.createServer(function(req, res) {
* var url;
* if (isRawIPv6 === true) {
* url = 'https://[' + listenInterface + ']';
* } else {
* url = 'https://' + listenInterface;
* }
* // If non standard port : need to specify it
* if (port !== 443) {
* url = url + ':' + port;
* }
* // Add last part of URL
* url = url + req.url;
* console.log(url);
* // Anwser "permanently redirected"
* res.statusCode = 301;
* res.setHeader('Location', url);
* res.end();
* }).listen(httpPort, listenInterface);
* } catch (error) {
* console.log('Couldn\'t start plain HTTP redirection server : ' + error)
* }
*/
}
......@@ -2,4 +2,4 @@
# BEWARE: This file is operated by slapgrid
# BEWARE: It will be overwritten automatically
export NODE_PATH=%(node_env)s
exec %(node_path)s %(conf_path)s %(ip)s %(port)s %(key)s %(certificate)s %(map_path)s %(plain_http)s
exec %(node_path)s %(conf_path)s %(ipv6)s %(ipv4)s %(port)s %(key)s %(certificate)s %(map_path)s %(plain_http)s
......@@ -119,10 +119,13 @@ class Recipe(BaseSlapRecipe):
# self.cron_d is a directory, where cron jobs can be registered
self.cron_d = self.installCrond()
self.logrotate_d, self.logrotate_backup = self.installLogrotate()
zabbix_agentd_conf = self.installZabbixAgentd(self.getGlobalIPv6Address(),
zabbix_agentd_conf = self.installZabbixAgentd(
self.getGlobalIPv6Address(),
10050,
self.parameter_dict['hostname'],
self.parameter_dict['server'])
self.parameter_dict['server'],
self.parameter_dict.get('custom-user-parameter', '')
)
self.setConnectionDict(dict(ip=zabbix_agentd_conf['ip'],
name=zabbix_agentd_conf['hostname'],
port=str(zabbix_agentd_conf['port'])))
......
......@@ -118,6 +118,13 @@ Domain name to use as frontend. The frontend will be accessible from this domain
[instancereference].[masterdomain].
Example: www.mycustomdomain.com
https-only
~~~~~~~~~~
Specify if website should be accessed using https only. If so, the frontend
will redirect the user to https if accessed from http.
Possible values: "true", "false".
This is an optional parameter. Defaults to false.
path
~~~~
Only used if type is "zope".
......
......@@ -3,6 +3,7 @@ extends =
../../component/binutils/buildout.cfg
../../component/lxml-python/buildout.cfg
../../component/apache/buildout.cfg
../../component/gzip/buildout.cfg
../../component/stunnel/buildout.cfg
../../component/varnish/buildout.cfg
../../component/dcron/buildout.cfg
......@@ -38,14 +39,15 @@ recipe = zc.recipe.egg
eggs = ${instance-recipe:egg}
[eggs]
recipe = zc.recipe.egg
recipe = z3c.recipe.scripts
eggs =
${lxml-python:egg}
slapos.toolbox
[template]
# Default template for apache instance.
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance.cfg
md5sum = fea902a2b9dbf8c80ff201bcf73f9396
md5sum = e7b9f57da7eb1450fc15789e239388d4
output = ${buildout:directory}/template.cfg
mode = 0644
[buildout]
parts =
directory
instance
apache
configtest
logrotate
logrotate-entry-apache
eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
......@@ -10,15 +12,23 @@ develop-eggs-directory = ${buildout:develop-eggs-directory}
# Create all needed directories
[directory]
recipe = slapos.cookbook:mkdirectory
bin = $${buildout:directory}/bin/
etc = $${buildout:directory}/etc/
var = $${buildout:directory}/var/
srv = $${buildout:directory}/srv/
bin = $${buildout:directory}/bin/
var = $${buildout:directory}/var/
backup = $${:srv}/backup
log = $${:var}/log
run = $${:var}/run
service = $${:etc}/service
logrotate-backup = $${:backup}/logrotate
logrotate-entries = $${:etc}/logrotate.d
# Deploy Apache (old way, with monolithic recipe)
[instance]
[apache]
recipe = ${instance-recipe:egg}:${instance-recipe:module}
httpd_home = ${apache-2.2:location}
httpd_binary = ${apache-2.2:location}/bin/httpd
......@@ -31,9 +41,40 @@ rdiff_backup_binary = ${buildout:bin-directory}/rdiff-backup
gcc_binary = gcc
binutils_directory = ${binutils:location}/bin/
access-log = $${directory:log}/frontend-apache-access.log
error-log = $${directory:log}/frontend-apache-error.log
pid-file = $${directory:run}/httpd.pid
# Create wrapper for "apachectl conftest" in bin
[configtest]
recipe = slapos.cookbook:wrapper
command-line = $${instance:httpd_binary} -f $${directory:etc}/apache_frontend.conf -t
output = $${directory:bin}/apache-configtest
command-line = $${apache:httpd_binary} -f $${directory:etc}/apache_frontend.conf -t
wrapper-path = $${directory:bin}/apache-configtest
# Deploy Logrotate
[logrotate]
recipe = slapos.cookbook:logrotate
# Binaries
logrotate-binary = ${logrotate:location}/usr/sbin/logrotate
gzip-binary = ${gzip:location}/bin/gzip
gunzip-binary = ${gzip:location}/bin/gunzip
# Directories
wrapper = $${directory:bin}/logrotate
conf = $${directory:etc}/logrotate.conf
logrotate-entries = $${directory:logrotate-entries}
backup = $${directory:logrotate-backup}
state-file = $${directory:srv}/logrotate.status
[logrotate-entry-apache]
<= logrotate
recipe = slapos.cookbook:logrotate.d
name = apache
log = $${apache:error-log} $${apache:access-log}
frequency = daily
rotate-num = 30
post = ${buildout:bin-directory}/killpidfromfile $${apache:pid-file} SIGUSR1
sharedscripts = true
notifempty = true
create = true
......@@ -4,67 +4,101 @@ extends = common.cfg
[versions]
Jinja2 = 2.6
Werkzeug = 0.8.3
apache-libcloud = 0.12.3
async = 0.6.1
buildout-versions = 1.7
hexagonit.recipe.cmmi = 1.6
gitdb = 0.5.4
hexagonit.recipe.cmmi = 2.0
meld3 = 0.6.10
pycrypto = 2.6
rdiff-backup = 1.0.5
slapos.cookbook = 0.71.1
slapos.recipe.build = 0.11.5
slapos.recipe.build = 0.11.6
slapos.recipe.cmmi = 0.1
slapos.recipe.template = 2.4.2
slapos.toolbox = 0.34.0
smmap = 0.8.2
z3c.recipe.scripts = 1.0.1
# Required by:
# slapos.core==0.33.1
# slapos.core==0.35.1
# slapos.toolbox==0.34.0
Flask = 0.9
# Required by:
# hexagonit.recipe.cmmi==1.6
hexagonit.recipe.download = 1.6nxd002
# slapos.toolbox==0.34.0
GitPython = 0.3.2.RC1
# Required by:
# slapos.cookbook==0.71.1
# slapos.toolbox==0.34.0
atomize = 0.1.1
# Required by:
# slapos.toolbox==0.34.0
feedparser = 5.1.3
# Required by:
# slapos.cookbook==0.77.1
inotifyx = 0.2.0
# Required by:
# slapos.cookbook==0.71.1
# slapos.core==0.33.1
# slapos.cookbook==0.77.1
# slapos.core==0.35.1
# xml-marshaller==0.9.7
lxml = 3.0.2
lxml = 3.1.2
# Required by:
# slapos.cookbook==0.71.1
# slapos.cookbook==0.77.1
netaddr = 0.7.10
# Required by:
# slapos.core==0.33.1
# slapos.core==0.35.1
netifaces = 0.8
# Required by:
# slapos.cookbook==0.71.1
pytz = 2012j
# slapos.toolbox==0.34.0
paramiko = 1.10.1
# Required by:
# slapos.cookbook==0.71.1
# slapos.core==0.33.1
# slapos.toolbox==0.34.0
psutil = 0.7.0
# Required by:
# slapos.core==0.35.1
pyflakes = 0.7
# Required by:
# slapos.cookbook==0.77.1
pytz = 2013b
# Required by:
# slapos.cookbook==0.77.1
# slapos.core==0.35.1
# slapos.toolbox==0.34.0
# zc.buildout==1.6.0-dev-SlapOS-010
# zc.recipe.egg==1.3.2
setuptools = 0.6c12dev-r88846
# Required by:
# slapos.cookbook==0.71.1
slapos.core = 0.33.1
# slapos.cookbook==0.77.1
# slapos.toolbox==0.34.0
slapos.core = 0.35.1
# Required by:
# slapos.core==0.33.1
# slapos.core==0.35.1
supervisor = 3.0b1
# Required by:
# slapos.cookbook==0.71.1
xml-marshaller = 0.9.7
# slapos.core==0.35.1
unittest2 = 0.5.1
# Required by:
# slapos.core==0.33.1
zope.interface = 4.0.3
# slapos.cookbook==0.77.1
# slapos.toolbox==0.34.0
xml-marshaller = 0.9.7
# Required by:
# slapos.core==0.35.1
zope.interface = 4.0.5
[networkcache]
# signature certificates of the following uploaders.
......
......@@ -56,6 +56,7 @@ recipe = plone.recipe.command
destination = ${buildout:parts-directory}/${:_buildout_section_name_}
location = ${buildout:parts-directory}/${:_buildout_section_name_}
command =
export HOME=${:location};
rm -fr ${:destination} &&
mkdir -p ${:destination} &&
cd ${:destination} &&
......@@ -69,17 +70,10 @@ command =
[template-kvm]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-kvm.cfg.in
md5sum = c0320447308299ec9caaeece4187bc1f
md5sum = 87197471aa93863c310204e8865b5ac1
output = ${buildout:directory}/template-kvm.cfg
mode = 0644
[template-kvmplus]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-kvmplus.cfg.in
md5sum = c8e92237eeda93caca1132b5202c3a02
output = ${buildout:directory}/template-kvmplus.cfg
mode = 0644
[template-nbd]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-nbd.cfg.in
......@@ -90,13 +84,13 @@ mode = 0644
[template-frontend]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-frontend.cfg.in
md5sum = 73359b52013b1b65f75005e8698ed180
md5sum = cdb690495e9eb007d2b7d2f8e12f5c59
output = ${buildout:directory}/template-frontend.cfg
mode = 0644
[template]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance.cfg.in
md5sum = 68788763d23f70f24b9e575871c903a8
md5sum = 0a98e34aaec7097a84066c0665e3a49a
output = ${buildout:directory}/template.cfg
mode = 0644
[buildout]
extends =
../../git/buildout.cfg
../../component/git/buildout.cfg
common.cfg
parts +=
slapos.cookbook-repository
slapos.core-repository
slapos.toolbox-repository
check-recipe
develop =
${:parts-directory}/slapos.cookbook-repository
${:parts-directory}/slapos.toolbox-repository
[slapos.cookbook-repository]
recipe = slapos.recipe.build:gitclone
repository = http://git.erp5.org/repos/slapos.git
branch = slaprunner
branch = kvm
git-executable = ${git:location}/bin/git
[slapos.toolbox-repository]
recipe = slapos.recipe.build:gitclone
repository = http://git.erp5.org/repos/slapos.toolbox.git
branch = master
git-executable = ${git:location}/bin/git
[check-recipe]
......@@ -24,3 +30,4 @@ stop-on-error = true
update-command = ${:command}
command =
grep parts ${buildout:develop-eggs-directory}/slapos.cookbook.egg-link &&
grep parts ${buildout:develop-eggs-directory}/slapos.toolbox.egg-link
......@@ -11,7 +11,8 @@ parts =
cron-entry-logrotate
ca-frontend
certificate-authority
frontend-promise
frontend-promise-ipv6
frontend-promise-ipv4
eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
......@@ -47,7 +48,8 @@ logrotate-entries = $${rootdirectory:etc}/logrotate.d
recipe = slapos.cookbook:kvm.frontend
domain = $${ca-frontend:name}
# port = $${slap-parameter:port}
ip = $${slap-network-information:local-ipv4}
ipv6 = $${slap-network-information:global-ipv6}
ipv4 = $${slap-network-information:local-ipv4}
port = $${slap-parameter:port}
http-redirection = $${slap-parameter:http-redirection}
ssl-key-path = $${ca-frontend:key-file}
......@@ -60,10 +62,16 @@ node-binary = ${nodejs:location}/bin/node
node-env = ${buildout:parts-directory}:${npm-modules:location}/node_modules
shell-path = ${dash:location}/bin/dash
[frontend-promise]
[frontend-promise-ipv6]
recipe = slapos.cookbook:check_port_listening
path = $${basedirectory:promises}/frontend_promise
hostname = $${frontend-instance:ip}
hostname = $${frontend-instance:ipv6}
port = $${frontend-instance:port}
[frontend-promise-ipv4]
recipe = slapos.cookbook:check_port_listening
path = $${basedirectory:promises}/frontend_promise
hostname = $${frontend-instance:ipv4}
port = $${frontend-instance:port}
[certificate-authority]
......@@ -133,6 +141,7 @@ state-file = $${rootdirectory:srv}/logrotate.status
# Default value if no port is specified
port = 4443
http-redirection = 0
slave_instance_list =
# [logrotate-entry-frontend]
# <= logrotate
......
......@@ -36,7 +36,7 @@ storage-path = $${directory:srv}/mac
[gen-passwd]
recipe = slapos.cookbook:generate.password
storage-path = $${directory:srv}/passwd
bytes = 4
bytes = 8
[kvm-instance]
# XXX-Cedric: change "KVM" recipe to simple "create wrappers". No need for this
......@@ -135,7 +135,7 @@ key-file = $${slap-connection:key-file}
cert-file = $${slap-connection:cert-file}
computer-id = $${slap-connection:computer-id}
partition-id = $${slap-connection:partition-id}
name = SlaveFrontend
name = VNC Frontend
software-type = $${slap-parameter:frontend-software-type}
slave = true
config = host port
......@@ -162,7 +162,6 @@ curl_path = ${curl:location}/bin/curl
[slap-parameter]
# Default values if not specified
frontend-instance-guid = SOFTINST-11031
frontend-software-type = frontend
frontend-software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/refs/tags/slapos-0.92:/software/kvm/software.cfg
......
#############################
#
# Instanciate kvm+
#
#############################
# Deprecated. Just specify amount of RAM / disk you want in instance parameter.
[buildout]
extends = ${template-kvm:output}
[slap-parameter]
ram-size = 2048
disk-size = 20
\ No newline at end of file
......@@ -10,7 +10,6 @@ offline = true
recipe = slapos.cookbook:softwaretype
default = ${template-kvm:output}
kvm = ${template-kvm:output}
kvm+ = ${template-kvmplus:output}
nbd = ${template-nbd:output}
frontend = ${template-frontend:output}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment