diff --git a/CHANGES.txt b/CHANGES.txt index 14894785e32a8834ce9888f5db6f640e96f802ed..7c7a38458e224a4f4c423db31c427649ee1cfc25 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,10 +1,49 @@ Changes ======= -0.40 (Unreleased) +0.46 (Unreleased) ----------------- - * seleniumrunner initial release. [Cedric de Saint Martin] + * No change yet. + +0.45 (2012-03-29) +----------------- + + * slaprunner: change number of available partitions to 7 [Alain Takoudjou] + +0.44 (2012-03-28) +----------------- + + * minor: apachephp: update apache configuration to work with Apache2.4 + +0.43 (2012-03-28) +----------------- + + * minor: erp5: add missing .zcml files into egg. [Cedric de Saint Martin] + +0.42 (2012-03-26) +----------------- + + * erp5: Add web_checker recipe. [Tatuya Kamada] + * erp5: Add generic_varnish recipe. [Tatuya Kamada] + * erp5: Simplify erp5_update to only create the ERP5 site. [Romain Courteaud] + * erp5: Allow to pass CA parameters from section. [艁ukasz Nowak] + +0.41 (2012-03-21) +----------------- + + * Release new "generic" version of KVM, includes frontend. + [Cedric de Saint Martin] + +0.40.1 (2012-03-01) +----------------- + + * Fix manifest to include files needed for apache. [Cedric de Saint Martin] + +0.40 (2012-03-01) +----------------- + + * apache_frontend initial release. [Cedric de Saint Martin] 0.39 (2012-02-20) ----------------- @@ -195,9 +234,10 @@ Changes ----------------- * Add PHPMyAdmin software release used in SlapOS tutorials - [Cedric de Saint Martin] + [Cedric de Saint Martin] * Add slaprunner software release [Cedric de Saint Martin] + 0.9 (2011-06-24) ---------------- diff --git a/MANIFEST.in b/MANIFEST.in index b539622c6ba87c997b61b624d0c9e8b6745785ad..baa42c13a7d5241c999f964b98c679ceaa9b02cb 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -1,5 +1,7 @@ include CHANGES.txt -include slapos/recipe/generic_zope/template/site.zcml +include slapos/recipe/apache_frontend/template/notfound.html recursive-include slapos/recipe *.in recursive-include slapos/recipe *.bin recursive-include slapos/recipe README.*.txt +recursive-include slapos/recipe *.js +recursive-include slapos/recipe *.zcml diff --git a/component/alsa/buildout.cfg b/component/alsa/buildout.cfg index 3c91b1fdfd3e392dc589c33b54bf42eaad54cf81..452bb71207ad6caa76e781c837974ca44ffafdeb 100644 --- a/component/alsa/buildout.cfg +++ b/component/alsa/buildout.cfg @@ -6,7 +6,7 @@ parts = # Contains libasound recipe = hexagonit.recipe.cmmi url = ftp://ftp.alsa-project.org/pub/lib/alsa-lib-1.0.24.1.tar.bz2 -#md5sum = d55a9d7d2a79d738a1b7a511cffda4b6 +md5sum = 7cc05f25e1d5b65da8fb3fdcd540f226 configure-options = --disable-static --disable-aload @@ -18,4 +18,4 @@ configure-options = --disable-ucm --disable-alisp --disable-old-symbols - --disable-python \ No newline at end of file + --disable-python diff --git a/component/apache-php/buildout.cfg b/component/apache-php/buildout.cfg index 71ea1daa372e2eb23dec0e51d0c22c3a006b7624..dcf667fa68463892ceee1eb0e6b76f4cc874597f 100644 --- a/component/apache-php/buildout.cfg +++ b/component/apache-php/buildout.cfg @@ -1,10 +1,11 @@ [buildout] parts = apache-php -extends = +extends = ../apache/buildout.cfg + ../bzip2/buildout.cfg ../cclient/buildout.cfg - ../curl/buildout.cfg + ../curl/buildout.cfg ../freetype/buildout.cfg ../gettext/buildout.cfg ../libiconv/buildout.cfg @@ -19,13 +20,14 @@ extends = [apache-php] # Note: Shall react on each build of apache and reinstall itself recipe = hexagonit.recipe.cmmi -url = http://fr2.php.net/distributions/php-5.3.8.tar.gz -md5sum = f4ce40d5d156ca66a996dbb8a0e7666a +url = http://fr2.php.net/distributions/php-5.3.10.tar.gz +md5sum = 2b3d2d0ff22175685978fb6a5cbcdc13 configure-options = --with-apxs2=${apache:location}/bin/apxs --with-libxml-dir=${libxml2:location} --with-mysql=${mariadb:location} --with-zlib-dir=${zlib:location} + --with-bz2-dir=${bzip2:location} --with-mcrypt=${libmcrypt:location} --with-gd --with-jpeg-dir=${libjpeg:location} @@ -37,7 +39,7 @@ configure-options = --with-mysqli=mysqlnd --with-curl=${curl:location} --with-zip-dir=${zip:location} - --with-imap=${cclient:location} + --with-imap=${cclient:location} --with-iconv-dir=${libiconv:location} --with-gettext=${gettext:location} --with-ldap=${openldap:location} @@ -48,12 +50,13 @@ configure-options = --enable-session --enable-exif --enable-zip + --enable-bz2 --enable-ftp environment = PKG_CONFIG_PATH=${libxml2:location}/lib/pkgconfig:${openssl:location}/lib/pkgconfig - PATH=${pkgconfig:location}/bin:${libxml2:location}/bin:%(PATH)s - LDFLAGS =-L${libtool:location}/lib -Wl,-rpath -Wl,${libtool:location}/lib -L${mariadb:location}/lib -Wl,-rpath -Wl,${mariadb:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -L${libmcrypt:location}/lib -Wl,-rpath -Wl,${libmcrypt:location}/libblkid + PATH=${pkgconfig:location}/bin:${bzip2:location}/bin:${libxml2:location}/bin:%(PATH)s + LDFLAGS =-L${bzip2:location}/lib -Wl,-rpath -Wl,${bzip2:location}/lib -L${libtool:location}/lib -Wl,-rpath -Wl,${libtool:location}/lib -L${mariadb:location}/lib -Wl,-rpath -Wl,${mariadb:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -L${libmcrypt:location}/lib -Wl,-rpath -Wl,${libmcrypt:location}/libblkid [libmcrypt] @@ -64,4 +67,4 @@ md5sum = c4f491dd411a09e9de3b8702ea6f73eb [xml-rpc] recipe = hexagonit.recipe.cmmi url = http://downloads.sourceforge.net/project/phpxmlrpc/phpxmlrpc/2.2.2/xmlrpc-2.2.2.tar.gz -md5sum = 59a644c636c6d98267d0c99b406ae9e8 \ No newline at end of file +md5sum = 59a644c636c6d98267d0c99b406ae9e8 diff --git a/component/apache/buildout.cfg b/component/apache/buildout.cfg index 42d1c7162ba8b1965e77a6ba9a1ba43bc045771f..dcf21258e9172cbc5346aec8c64d85fc965a4a07 100644 --- a/component/apache/buildout.cfg +++ b/component/apache/buildout.cfg @@ -13,24 +13,30 @@ extends = ../sqlite3/buildout.cfg ../zlib/buildout.cfg -[apache-CVE-2011-3368.patch] +[apr] recipe = hexagonit.recipe.download -md5sum = 1ad598213480ddfc239ce6359b7b2c0b -url = http://www.apache.org/dist/httpd/patches/apply_to_2.2.21/CVE-2011-3368.patch -filename = ${:_buildout_section_name_} -download-only = true +version = 1.4.6 +url = http://mir2.ovh.net/ftp.apache.org/dist/apr/apr-${:version}.tar.bz2 +md5sum = ffee70a111fd07372982b0550bbb14b7 + +[apr-util] +recipe = hexagonit.recipe.download +version = 1.4.1 +url = http://mir2.ovh.net/ftp.apache.org/dist/apr/apr-util-${:version}.tar.bz2 +md5sum = 52b31b33fb1aa16e65ddaefc76e41151 [apache] # inspired on http://old.aclark.net/team/aclark/blog/a-lamp-buildout-for-wordpress-and-other-php-apps/ recipe = hexagonit.recipe.cmmi depends = ${gdbm:version} -url = http://mir2.ovh.net/ftp.apache.org/dist//httpd/httpd-2.2.21.tar.bz2 -md5sum = 1696ae62cd879ab1d4dd9ff021a470f2 -patches = - ${apache-CVE-2011-3368.patch:location}/${apache-CVE-2011-3368.patch:filename} -patch-options = -p1 -configure-options = --disable-static +version = 2.4.1 +revision = 1 +url = http://mir2.ovh.net/ftp.apache.org/dist/httpd/httpd-${:version}.tar.bz2 +md5sum = 7d3001c7a26b985d17caa367a868f11c +configure-command = cp -ar ${apr:location}/apr-${apr:version} srclib/apr/; cp -ar ${apr-util:location}/apr-util-${apr-util:version} srclib/apr-util; ./configure +configure-options = --prefix=${buildout:parts-directory}/${:_buildout_section_name_} + --disable-static --enable-authn-alias --enable-bucketeer --enable-cache @@ -57,6 +63,7 @@ configure-options = --disable-static --enable-dav-fs --enable-so --enable-ssl + --disable-lua --with-included-apr --with-ssl=${openssl:location} --with-z=${zlib:location} @@ -82,11 +89,27 @@ environment = CPPFLAGS =-I${libuuid:location}/include LDFLAGS =-Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${openssl:location}/lib -L${libuuid:location}/lib -Wl,-rpath=${libuuid:location}/lib -Wl,-rpath=${libexpat:location}/lib -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${sqlite3:location}/lib -Wl,-rpath=${gdbm:location}/lib +[mod_antiloris-apache-2.4.patch] +# http://www.apachelounge.com/viewtopic.php?p=19139 +# http://www.apachelounge.com/viewtopic.php?p=20551 +recipe = hexagonit.recipe.download +url =${:_profile_base_location_}/${:filename} +filename = mod_antiloris-apache-2.4.patch +download-only = true +md5sum = 4f074f035d3b37f3f3e71cd9616440f3 + [apache-antiloris] # Note: Shall react on each build of apache and reinstall itself recipe = hexagonit.recipe.cmmi url = http://sourceforge.net/projects/mod-antiloris/files/mod_antiloris-0.4.tar.bz2/download md5sum = 66862bf10e9be3a023e475604a28a0b4 +patch-options = -p0 +patches = + ${mod_antiloris-apache-2.4.patch:location}/${mod_antiloris-apache-2.4.patch:filename} +depends = + ${apache:version} + ${apache:revision} + ${mod_antiloris-apache-2.4.patch:md5sum} configure-command = ${apache:location}/bin/apxs configure-options = -c mod_antiloris.c make-binary = ${:configure-command} diff --git a/component/apache/mod_antiloris-apache-2.4.patch b/component/apache/mod_antiloris-apache-2.4.patch new file mode 100644 index 0000000000000000000000000000000000000000..a5150b37fd39836ce23a424c0d6e03e33cd13fcf --- /dev/null +++ b/component/apache/mod_antiloris-apache-2.4.patch @@ -0,0 +1,127 @@ +--- mod_antiloris.c.orig 2009-07-28 15:27:42.000000000 +0200 ++++ mod_antiloris.c 2012-03-06 11:05:50.167576066 +0100 +@@ -1,5 +1,5 @@ + /* +- mod_antiloris 0.2 ++ mod_antiloris 0.5 + Copyright (C) 2008 Monshouwer Internet Diensten + + Author: Kees Monshouwer +@@ -22,11 +22,16 @@ + #include "http_connection.h" + #include "http_log.h" + #include "ap_mpm.h" ++#include "ap_release.h" + #include "apr_strings.h" + #include "scoreboard.h" + + #define MODULE_NAME "mod_antiloris" +-#define MODULE_VERSION "0.4" ++#define MODULE_VERSION "0.5.1" ++ ++#ifdef APLOG_USE_MODULE ++APLOG_USE_MODULE(antiloris); ++#endif + + module AP_MODULE_DECLARE_DATA antiloris_module; + +@@ -58,6 +63,8 @@ + /* Parse the IPReadLimit directive */ + static const char *ipreadlimit_config_cmd(cmd_parms *parms, void *mconfig, const char *arg) + { ++ signed long int limit; ++ + antiloris_config *conf = ap_get_module_config(parms->server->module_config, &antiloris_module); + const char *err = ap_check_cmd_context (parms, GLOBAL_ONLY); + +@@ -65,7 +72,7 @@ + return err; + } + +- signed long int limit = strtol(arg, (char **) NULL, 10); ++ limit = strtol(arg, (char **) NULL, 10); + + /* No reasonable person would want more than 2^16. Better would be + to use LONG_MAX but that causes portability problems on win32 */ +@@ -80,7 +87,7 @@ + + /* Array describing structure of configuration directives */ + static command_rec antiloris_cmds[] = { +- AP_INIT_TAKE1("IPReadLimit", ipreadlimit_config_cmd, NULL, RSRC_CONF, "Maximum simultaneous connections in READ state per IP address"), ++ AP_INIT_TAKE1("IPReadLimit", ipreadlimit_config_cmd, NULL, RSRC_CONF, "Maximum simultaneous connections per IP address"), + {NULL} + }; + +@@ -103,12 +110,15 @@ + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, MODULE_NAME " " MODULE_VERSION " started"); + ap_mpm_query(AP_MPMQ_HARD_LIMIT_THREADS, &thread_limit); + ap_mpm_query(AP_MPMQ_HARD_LIMIT_DAEMONS, &server_limit); ++ ap_add_version_component(p, MODULE_NAME "/" MODULE_VERSION); + return OK; + } + + + static int pre_connection(conn_rec *c) + { ++ char *client_ip; ++ + antiloris_config *conf = ap_get_module_config (c->base_server->module_config, &antiloris_module); + sb_handle *sbh = c->sbh; + +@@ -123,16 +133,26 @@ + worker_score *ws_record; + + ws_record = &ap_scoreboard_image->servers[sbh->child_num][sbh->thread_num]; +- apr_cpystrn(ws_record->client, c->remote_ip, sizeof(ws_record->client)); ++ apr_cpystrn(ws_record->client, c->client_ip, sizeof(ws_record->client)); + +- char *client_ip = ws_record->client; ++ client_ip = ws_record->client; + + /* Count up the number of connections we are handling right now from this IP address */ + for (i = 0; i < server_limit; ++i) { + for (j = 0; j < thread_limit; ++j) { +- ws_record = ap_get_scoreboard_worker(i, j); ++#if AP_SERVER_MAJORVERSION_NUMBER == 2 && AP_SERVER_MINORVERSION_NUMBER > 2 ++ ws_record = ap_get_scoreboard_worker_from_indexes(i, j); ++#else ++ ws_record = ap_get_scoreboard_worker(i, j); ++#endif + switch (ws_record->status) { + case SERVER_BUSY_READ: ++ case SERVER_BUSY_WRITE: ++ case SERVER_BUSY_KEEPALIVE: ++ case SERVER_BUSY_DNS: ++ case SERVER_BUSY_LOG: ++ case SERVER_CLOSING: ++ case SERVER_GRACEFUL: + if (strcmp(client_ip, ws_record->client) == 0) + ip_count++; + break; +@@ -143,7 +163,7 @@ + } + + if (ip_count > conf->limit) { +- ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, "Rejected, too many connections in READ state from %s", c->remote_ip); ++ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, "[client %s] Antiloris rejected, too many connections", c->client_ip); + return OK; + } else { + return DECLINED; +@@ -151,17 +171,10 @@ + } + + +-static void child_init (apr_pool_t *p, server_rec *s) +-{ +- ap_add_version_component(p, MODULE_NAME "/" MODULE_VERSION); +-} +- +- + static void register_hooks(apr_pool_t *p) + { + ap_hook_post_config(post_config, NULL, NULL, APR_HOOK_MIDDLE); + ap_hook_process_connection(pre_connection, NULL, NULL, APR_HOOK_FIRST); +- ap_hook_child_init(child_init, NULL, NULL, APR_HOOK_MIDDLE); + } + + module AP_MODULE_DECLARE_DATA antiloris_module = { diff --git a/component/aspell/buildout.cfg b/component/aspell/buildout.cfg new file mode 100644 index 0000000000000000000000000000000000000000..365126682545dee4173f7eec1172eb2e4ad4f016 --- /dev/null +++ b/component/aspell/buildout.cfg @@ -0,0 +1,11 @@ +[buildout] +parts = + aspell + +extends = + ../ncurses/buildout.cfg + +[aspell] +recipe = hexagonit.recipe.cmmi +url = http://ftp.gnu.org/gnu/aspell/aspell-0.60.6.1.tar.gz +md5sum = e66a9c9af6a60dc46134fdacf6ce97d7 diff --git a/component/automake/buildout.cfg b/component/automake/buildout.cfg index 3d552ff020a88df7e9bb462dbb82d7b00e754b60..fbd7082c95f97c17befc75af4b8c2a821d9701b8 100644 --- a/component/automake/buildout.cfg +++ b/component/automake/buildout.cfg @@ -7,7 +7,7 @@ parts = [automake-1.11] recipe = hexagonit.recipe.cmmi -md5sum = c2972c4d9b3e29c03d5f2af86249876f -url = http://ftp.gnu.org/gnu/automake/automake-1.11.1.tar.bz2 +md5sum = 93ecb319f0365cb801990b00f658d026 +url = http://ftp.gnu.org/gnu/automake/automake-1.11.3.tar.gz environment = PATH =${autoconf:location}/bin:${perl:location}/bin:%(PATH)s diff --git a/component/binutils/buildout.cfg b/component/binutils/buildout.cfg new file mode 100644 index 0000000000000000000000000000000000000000..e20a1620559712cf2e4dd8f9f5e2c5d58f776e09 --- /dev/null +++ b/component/binutils/buildout.cfg @@ -0,0 +1,8 @@ +[buildout] +parts = + binutils + +[binutils] +recipe = hexagonit.recipe.cmmi +url = http://ftp.gnu.org/gnu/binutils/binutils-2.21.1.tar.bz2 +md5sum = bde820eac53fa3a8d8696667418557ad diff --git a/component/ca-certificates/buildout.cfg b/component/ca-certificates/buildout.cfg index cd11287aa84d8acf900003c302e7caf6fd87c4c8..850821bdc102895cdf94ceca17827c1d895a4be7 100644 --- a/component/ca-certificates/buildout.cfg +++ b/component/ca-certificates/buildout.cfg @@ -14,7 +14,7 @@ download-only = true [ca-certificates] recipe = hexagonit.recipe.cmmi -version = 20111211 +version = 20120212 url = ftp://ftp.free.fr/mirrors/ftp.debian.org/pool/main/c/ca-certificates/ca-certificates_${:version}.tar.gz patches = ${ca-certificates-sbin-dir.patch:location}/${ca-certificates-sbin-dir.patch:filename} diff --git a/component/cloud9/buildout.cfg b/component/cloud9/buildout.cfg new file mode 100644 index 0000000000000000000000000000000000000000..71f299a6b3d56290a39ec8bedf92fa95f71e9a70 --- /dev/null +++ b/component/cloud9/buildout.cfg @@ -0,0 +1,45 @@ +[buildout] +extends = + ../dcron/buildout.cfg + ../libxml2/buildout.cfg + ../logrotate/buildout.cfg + ../rdiff-backup/buildout.cfg + ../nodejs/buildout.cfg + +parts = + nodejs + npm + cloud9 + +[cloud9] +<= cloud9-git + +[cloud9-git] +# Online IDE written in javascript/node.js +# URL : c9.io +# You can use it using the following command : +# NODE_PATH=${:destination}/node_modules ${nodejs:node_location} ${:cloud9_js_location} +recipe = plone.recipe.command +stop-on-error = true +commit = 97db1467c517d265438684bd2a70b0b76ee282f6 +repository = https://github.com/ajaxorg/cloud9.git +location = ${buildout:parts-directory}/${:_buildout_section_name_} +git-binary = ${git:location}/bin/git +npm-binary = ${nodejs-0.4:location}/bin/node ${npm:location}/bin/npm +command = export GIT_SSL_NO_VERIFY=true; (${:git-binary} clone --quiet ${:repository} ${:location} && cd ${:location} && ${:git-binary} reset --hard ${:commit} && ${:git-binary} submodule update --init && cd support/jsdav && PATH=${nodejs-0.4:location}/bin:$PATH LDFLAGS=-L${libxml2:location}/lib ${:npm-binary} install) || (rm -fr ${:location}; exit 1) +update-command = + +[cloud9-npm] +# Online IDE written in javascript/node.js +# URL : c9.io +# You can use it using the following command : +# NODE_PATH=${:destination}/node_modules ${nodejs:node_location} ${:cloud9_js_location} +recipe = slapos.recipe.npm +# Node part has to be specified, otherwise system node is used. +node = nodejs-0.6 +# List of packages to install +packages = + cloud9 +# Specify environment jsDAV (dependency of cloud9) needs libxml2 +environment = + LDFLAGS=-L${libxml2:location}/lib -Wl,-rpath=${libxml2:location}/lib diff --git a/component/cloudooo/buildout.cfg b/component/cloudooo/buildout.cfg index ff627da7a399fea06d1de77a06c3b1b55d177fdd..40d156d6b72ca5265cbf422b1242514ac1e4b371 100644 --- a/component/cloudooo/buildout.cfg +++ b/component/cloudooo/buildout.cfg @@ -1,64 +1,25 @@ [buildout] -software_home = ${:directory} - extends = - ../profiles/versions-common.cfg - ../profiles/software-definition.cfg - ../profiles/common.cfg - ../xpdf/buildout.cfg - ../imagemagick/buildout.cfg - ../file/buildout.cfg - ../pdftk/buildout.cfg - ../ffmpeg/buildout.cfg - ../python-2.6/buildout.cfg - ../libreoffice-bin/buildout.cfg ../lxml-python/buildout.cfg -python = software_definition -versions = versions parts = - instance_template cloudooo - imagemagick - instance-egg - libreoffice-bin - file - xpdf - pdftk - ffmpeg - python2.6 - bootstrap2.6 -cloudooo-packages = - cloudooo.handler.ooo - cloudooo.handler.pdf - cloudooo.handler.ffmpeg - cloudooo.handler.imagemagick - cloudooo +sources = sources +[sources] +# Include information related to official cloudooo source code. +cloudooo = git http://git.erp5.org/repos/cloudooo.git -[instance-egg] -recipe = zc.recipe.egg +[lxml-python] python = python2.6 -eggs = - erp5.recipe.cloudoooinstance - z3c.recipe.mkdir - ${buildout:cloudooo-packages} - [cloudooo] recipe = zc.recipe.egg python = python2.6 -interpreter = pycloudoo -scripts = eggs = ${lxml-python:egg} - collective.recipe.supervisor - plone.recipe.command - erp5.extension.sectionextender - supervisor - ${buildout:cloudooo-packages} - -[software_definition] -software_home = ${buildout:directory} -executable = ${python2.6:executable} + cloudooo + PasteScript +scripts = + paster=cloudooo_paster diff --git a/component/file/buildout.cfg b/component/file/buildout.cfg index a5cfc0924b1da82e1a85fe926da15ba89d323c33..5c171cd90560eee2ceee88ee4028f095e2aad5b7 100644 --- a/component/file/buildout.cfg +++ b/component/file/buildout.cfg @@ -8,8 +8,8 @@ extends = [file] recipe = hexagonit.recipe.cmmi -url = ftp://ftp.astron.com/pub/file/file-5.10.tar.gz -md5sum = 4cea34b087b060772511e066e2038196 +url = ftp://ftp.astron.com/pub/file/file-5.11.tar.gz +md5sum = 16a407bd66d6c7a832f3a5c0d609c27b configure-options = --disable-static environment = diff --git a/component/firefox/buildout.cfg b/component/firefox/buildout.cfg index 4b8bf8a4d5d48b1144835ecc1d9124c81cc813b1..b55f70653aa8868102cf284871f62e3dfeabd41b 100644 --- a/component/firefox/buildout.cfg +++ b/component/firefox/buildout.cfg @@ -20,8 +20,8 @@ depends = ${liberation-fonts:location} ${ipaex-fonts:location} -x86 = http://releases.mozilla.org/pub/mozilla.org/firefox/releases/7.0.1/linux-i686/fr/firefox-7.0.1.tar.bz2 42c2559892f26ed2a0563faaf693a00f -x86-64 = http://releases.mozilla.org/pub/mozilla.org/firefox/releases/7.0.1/linux-x86_64/en-US/firefox-7.0.1.tar.bz2 20d6c8e3dfc97d08d1dec7d0479f924f +x86 = http://releases.mozilla.org/pub/mozilla.org/firefox/releases/11.0/linux-i686/fr/firefox-11.0.tar.bz2 a7e9c614ddac993476ef771afaedf568 +x86-64 = http://releases.mozilla.org/pub/mozilla.org/firefox/releases/11.0/linux-x86_64/fr/firefox-11.0.tar.bz2 b358865c08145211314a62660e871614 script = if not self.options.get('url'): self.options['url'], self.options['md5sum'] = self.options[guessPlatform()].split(' ') diff --git a/component/fontconfig/buildout.cfg b/component/fontconfig/buildout.cfg index 1198708d99db24b93ef9452bd5ec6770a3e9d29d..58643399d8f9b4ec09a3c9f12e31e813107076fe 100644 --- a/component/fontconfig/buildout.cfg +++ b/component/fontconfig/buildout.cfg @@ -4,6 +4,7 @@ extends = ../freetype/buildout.cfg ../libxml2/buildout.cfg ../pkgconfig/buildout.cfg + ../bzip2/buildout.cfg ../zlib/buildout.cfg parts = @@ -23,5 +24,5 @@ configure-options = environment = PATH=${pkgconfig:location}/bin:%(PATH)s PKG_CONFIG_PATH=${libxml2:location}/lib/pkgconfig - CPPFLAGS=-I${zlib:location}/include - LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib + CPPFLAGS=-I${zlib:location}/include -I${bzip2:location}/include + LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${bzip2:location}/lib -Wl,-rpath=${bzip2:location}/lib diff --git a/component/freetype/buildout.cfg b/component/freetype/buildout.cfg index c358b3e996713b4d215af71d95eb238c3b9a318e..c4c818a1643770a94e99fb66cec45f6451a515a3 100644 --- a/component/freetype/buildout.cfg +++ b/component/freetype/buildout.cfg @@ -3,6 +3,7 @@ [buildout] extends = + ../bzip2/buildout.cfg ../zlib/buildout.cfg parts = @@ -10,10 +11,10 @@ parts = [freetype] recipe = hexagonit.recipe.cmmi -url = http://download.savannah.gnu.org/releases/freetype/freetype-2.4.8.tar.bz2 -md5sum = dbf2caca1d3afd410a29217a9809d397 +url = http://download.savannah.gnu.org/releases/freetype/freetype-2.4.9.tar.bz2 +md5sum = 77a893dae81fd5b896632715ca041179 configure-options = --disable-static environment = - CPPFLAGS=-I${zlib:location}/include - LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib + CPPFLAGS=-I${bzip2:location}/include -I${zlib:location}/include + LDFLAGS=-L${bzip2:location}/lib -Wl,-rpath=${bzip2:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib diff --git a/component/gettext/buildout.cfg b/component/gettext/buildout.cfg index c84d0bac194187463336604d75c538ae9a31c7c5..bfb9e58f45519ca9bb0bb9febc5a8a17d14f6f4a 100644 --- a/component/gettext/buildout.cfg +++ b/component/gettext/buildout.cfg @@ -20,6 +20,7 @@ configure-options = --without-emacs --disable-acl --disable-openmp + --without-git environment = CPPFLAGS=-I${libxml2:location}/include -I${zlib:location}/include -I${ncurses:location}/include diff --git a/component/ghostscript/buildout.cfg b/component/ghostscript/buildout.cfg index 85ff413060e3c14faf7a6ee981e0e5de3577f03a..3a38e298efb00ffcdc6038c3258e9aa12d58ea0b 100644 --- a/component/ghostscript/buildout.cfg +++ b/component/ghostscript/buildout.cfg @@ -9,24 +9,25 @@ parts = ghostscript [ghostscript-common] recipe = hexagonit.recipe.cmmi +depends = + ${libtiff:version} configure-options = --disable-cups - --disable-cairo + --with-system-libtiff --without-x --with-drivers=FILES # it seems that parallel build sometimes fails for ghostscript. make-options = -j1 environment = PATH=${pkgconfig:location}/bin:%(PATH)s - PKG_CONFIG_PATH=${fontconfig:location}/lib/pkgconfig - CPPFLAGS=-I${libtiff:location}/include - LDFLAGS=-Wl,-rpath=${fontconfig:location}/lib -L${libjpeg:location}/lib -Wl,-rpath=${libjpeg:location}/lib -L${libtiff:location}/lib -Wl,-rpath=${libtiff:location}/lib - LD_LIBRARY_PATH=${fontconfig:location}/lib + PKG_CONFIG_PATH=${fontconfig:location}/lib/pkgconfig:${libtiff:location}/lib/pkgconfig + LDFLAGS=-Wl,-rpath=${fontconfig:location}/lib -L${libjpeg:location}/lib -Wl,-rpath=${libjpeg:location}/lib -Wl,-rpath=${libtiff:location}/lib + LD_LIBRARY_PATH=${fontconfig:location}/lib:${libtiff:location}/lib [ghostscript] <= ghostscript-9 [ghostscript-9] <= ghostscript-common -url = http://downloads.ghostscript.com/public/ghostscript-9.04.tar.bz2 -md5sum = 9f6899e821ab6d78ab2c856f10fa3023 +url = http://downloads.ghostscript.com/public/ghostscript-9.05.tar.bz2 +md5sum = 8bcef1f33ddf8a4d12b2cf8da385c191 diff --git a/component/git/buildout.cfg b/component/git/buildout.cfg index a848e34be7d4cebcb545beba3ede60dbf2465f87..e88ef464e4391b6195359efd00559c534b559f3a 100644 --- a/component/git/buildout.cfg +++ b/component/git/buildout.cfg @@ -13,8 +13,8 @@ parts = [git] recipe = hexagonit.recipe.cmmi -url = http://git-core.googlecode.com/files/git-1.7.8.3.tar.gz -md5sum = 7a4bc5160166537d4da5eb48a7670dff +url = http://git-core.googlecode.com/files/git-1.7.8.4.tar.gz +md5sum = e6c3319d76d52a830af395046fc56143 configure-options = --with-curl=${curl:location} --with-openssl=${openssl:location} diff --git a/component/graphviz/buildout.cfg b/component/graphviz/buildout.cfg index 85f97fb1401061b41d01b54dca91fd43efd4c9dc..9658c1ad0f270709599968ac4a42d5eb58765677 100644 --- a/component/graphviz/buildout.cfg +++ b/component/graphviz/buildout.cfg @@ -5,6 +5,7 @@ parts = graphviz extends = + ../bzip2/buildout.cfg ../fontconfig/buildout.cfg ../freetype/buildout.cfg ../libpng/buildout.cfg @@ -50,5 +51,5 @@ configure-options = environment = PATH=${pkgconfig:location}/bin:%(PATH)s PKG_CONFIG_PATH=${fontconfig:location}/lib/pkgconfig:${freetype:location}/lib/pkgconfig - CPPFLAGS=-I${zlib:location}/include - LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib + CPPFLAGS=-I${bzip2:location}/include -I${zlib:location}/include + LDFLAGS=-L${bzip2:location}/lib -Wl,-rpath=${bzip2:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib diff --git a/component/groonga/buildout.cfg b/component/groonga/buildout.cfg index 4c863643c58545e6148050d30e3fa267e48195e3..b5394501d32d1af5873c3da9ba3e79c9ba5b895c 100644 --- a/component/groonga/buildout.cfg +++ b/component/groonga/buildout.cfg @@ -7,10 +7,11 @@ parts = [groonga] recipe = hexagonit.recipe.cmmi -url = http://packages.groonga.org/source/groonga/groonga-1.2.9.tar.gz -md5sum = 47117baa401a3db08362e00f94fced12 +url = http://packages.groonga.org/source/groonga/groonga-2.0.0.tar.gz +md5sum = 09e6a34db15cf42b6a3aff07e0f841ff configure-options = --disable-static --disable-glibtest --disable-benchmark + --disable-document --without-mecab diff --git a/component/haproxy/buildout.cfg b/component/haproxy/buildout.cfg index 1d24658422513a11df0a704d7be14f0f5ae06619..08ba79f3311378a0b0f015e1a304d16bfbd7b222 100644 --- a/component/haproxy/buildout.cfg +++ b/component/haproxy/buildout.cfg @@ -10,6 +10,6 @@ configure-command = true # otherwise use "generic". # For ARCH value, x86_64 and i[3456]86 are supported. make-options = - TARGET="$(uname -sr 2>/dev/null|grep -q '^Linux 2\.6' && echo linux26 || echo generic)" + TARGET="$(uname -sr 2>/dev/null|grep -Eq '^Linux (2\.6|3)' && echo linux26 || echo generic)" ARCH="$(uname -m 2>/dev/null|grep -E '^(x86_64|i[3456]86)$')" PREFIX=${buildout:parts-directory}/${:_buildout_section_name_} diff --git a/component/imagemagick/buildout.cfg b/component/imagemagick/buildout.cfg index 062a81e90d94cd3d17068115be38c321ff9cfbd1..283af483b86f63cb9efe3a649f48ad9dc0a25915 100644 --- a/component/imagemagick/buildout.cfg +++ b/component/imagemagick/buildout.cfg @@ -27,8 +27,10 @@ filename = imagemagick-6.6.6-1-no-gsx-gsc-probe.patch [imagemagick] recipe = hexagonit.recipe.cmmi -url = ftp://ftp.imagemagick.org/pub/ImageMagick/ImageMagick-6.7.3-10.tar.bz2 -md5sum = 3c1d1a04b1ed2998217e16001b58069f +url = ftp://ftp.imagemagick.org/pub/ImageMagick/ImageMagick-6.7.5-10.tar.bz2 +md5sum = 99bc7ec1e756fa75f1af6150df3d1383 +depends = + ${libtiff:version} configure-options = --disable-static --without-x diff --git a/component/java/buildout.cfg b/component/java/buildout.cfg index fdfd350db67e0bcf9a5f392e12a8ecb6e411850d..657b140eb732b0629cd10d316201cb17358e6b07 100644 --- a/component/java/buildout.cfg +++ b/component/java/buildout.cfg @@ -29,8 +29,8 @@ slapos_promisee = directory:javaws file:lib/rt.jar file:bin/java -x86 = http://javadl.sun.com/webapps/download/AutoDL?BundleId=52240 0bd27d325c5ce11ce863d982ad052f7f -x86-64 = http://javadl.sun.com/webapps/download/AutoDL?BundleId=52242 a4d929bc4d6511290c07c3745477b77b +x86 = http://download.oracle.com/otn-pub/java/jdk/6u30-b12/jre-6u30-linux-i586.bin 3e80243483bc825c34ae01a4373cce5f +x86-64 = http://download.oracle.com/otn-pub/java/jdk/6u30-b12/jre-6u30-linux-x64.bin a4d28c49251d6b9c2d300b3d61f1ce95 script = if not self.options.get('url'): self.options['url'], self.options['md5sum'] = self.options[guessPlatform()].split(' ') download_file = self.download(self.options['url'], self.options.get('md5sum')) @@ -43,7 +43,7 @@ script = subprocess.call([auto_extract_bin]) self.cleanup_dir_list.append(extract_dir) workdir = guessworkdir(extract_dir) - self.copyTree(os.path.join(workdir, "jre1.6.0_27"), "%(location)s") + self.copyTree(os.path.join(workdir, "jre1.6.0_30"), "%(location)s") [java-sdk-1.6.0] recipe = slapos.recipe.build diff --git a/component/libjpeg/buildout.cfg b/component/libjpeg/buildout.cfg index a4340087680f77f71fad2997a5dbba19d0841e80..74e4461d2ff7cb84e17cd11652f868f25015f436 100644 --- a/component/libjpeg/buildout.cfg +++ b/component/libjpeg/buildout.cfg @@ -4,7 +4,7 @@ parts = [libjpeg] recipe = hexagonit.recipe.cmmi -url = http://www.ijg.org/files/jpegsrc.v8b.tar.gz -md5sum = e022acbc5b36cd2cb70785f5b575661e +url = http://www.ijg.org/files/jpegsrc.v8d.tar.gz +md5sum = 52654eb3b2e60c35731ea8fc87f1bd29 configure-options = --disable-static diff --git a/component/libpng/buildout.cfg b/component/libpng/buildout.cfg index a78e8143ea8c5762c182fb003a8388bcbacbe591..70229b0eb89f4be0160f5de730696d21bed9c9c1 100644 --- a/component/libpng/buildout.cfg +++ b/component/libpng/buildout.cfg @@ -3,6 +3,7 @@ extends = ../zlib/buildout.cfg parts = + libpng12 libpng [libpng-common] @@ -13,7 +14,12 @@ environment = CPPFLAGS =-I${zlib:location}/include LDFLAGS =-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib +[libpng12] +<= libpng-common +url = http://download.sourceforge.net/libpng/libpng-1.2.47.tar.bz2 +md5sum = 4389dab9fcd2f9d57ac14701b9115f59 + [libpng] <= libpng-common -url = http://download.sourceforge.net/libpng/libpng-1.5.5.tar.bz2 -md5sum = 3270bf2990c3174ae939388398de751e +url = http://download.sourceforge.net/libpng/libpng-1.5.9.tar.bz2 +md5sum = 684ba5f05da436a99c6303a83c7856d6 diff --git a/component/libreoffice-bin/buildout.cfg b/component/libreoffice-bin/buildout.cfg index b5604c2e0b7920a1864e8d0ba52fe3b68afd7c7e..c788822e839fa055b37b7f16bc79e58846720dd8 100644 --- a/component/libreoffice-bin/buildout.cfg +++ b/component/libreoffice-bin/buildout.cfg @@ -12,15 +12,15 @@ find-links = [libreoffice-bin] recipe = slapos.recipe.build # here, two %s are used, first one is for directory name (eg. x86_64), and second one is for filename (eg. x86-64). -version = 3.4.5 +version = 3.5.1 url = http://download.documentfoundation.org/libreoffice/stable/${:version}/rpm/%s/LibO_${:version}_Linux_%s_install-rpm_en-US.tar.gz # supported architectures md5sums -md5sum_x86 = 34786e6aa570782abac551ab092f3fb3 -md5sum_x86-64 = 2159a50daab707c02b669a83f635ff0c +md5sum_x86 = ee46fdafb8361b8e131994508c2723b3 +md5sum_x86-64 = ddda58719358e5c97ca5d1c118646574 # where office code can be found? -officedir = libreoffice3.4 +officedir = libreoffice3.5 # script to install script = @@ -38,7 +38,11 @@ script = rpmsdir = os.path.join(workdir, [q for q in os.listdir(workdir) if q == 'RPMS'][0]) rpmlist = [os.path.join(rpmsdir, q) for q in os.listdir(rpmsdir) if q.endswith('.rpm') and 'javafilter' not in q and 'xsltfilter' not in q] [self.pipeCommand([[sys.executable, '${:rpm2cpio}', rpm], ['${:cpio}', '-idum']], cwd=storagedir) for rpm in rpmlist] - self.copyTree(os.path.join(storagedir, 'opt', '${:officedir}'), location, ['basis3.4', 'ure']) + self.copyTree(os.path.join(storagedir, 'opt', '${:officedir}'), location, ['ure-link']) + os.symlink('ure', os.path.join(location, 'ure-link')) + # backward compatibility for cloudooo configuration + os.mkdir(os.path.join(location, 'basis-link')) + os.symlink(os.path.join('..', 'program'), os.path.join(location, 'basis-link', 'program')) # helper binaries cpio = ${cpio:location}/bin/cpio diff --git a/component/libtiff/buildout.cfg b/component/libtiff/buildout.cfg index 0d7814db8b058371406bec52aee355f886449286..ddf2db3d051729ca404f9eb60811cac452dbb363 100644 --- a/component/libtiff/buildout.cfg +++ b/component/libtiff/buildout.cfg @@ -9,10 +9,11 @@ parts = [libtiff] recipe = hexagonit.recipe.cmmi -#url = http://download.osgeo.org/libtiff/tiff-3.9.5.tar.gz +version = 4.0.1 +#url = http://download.osgeo.org/libtiff/tiff-${:version}.tar.gz # server is down - circumvent -url = http://www.imagemagick.org/download/delegates/tiff-3.9.5.tar.gz -md5sum = 8fc7ce3b4e1d0cc8a319336967815084 +url = http://www.imagemagick.org/download/delegates/tiff-${:version}.tar.gz +md5sum = fae149cc9da35c598d8be897826dfc63 configure-options = --disable-static --without-x diff --git a/component/mariadb/buildout.cfg b/component/mariadb/buildout.cfg index d98313f30be73ff9f4ba0ea4c32bd28d751f043c..3fa8cf611d75b74197191270fefd3dc89ab6e89b 100644 --- a/component/mariadb/buildout.cfg +++ b/component/mariadb/buildout.cfg @@ -3,10 +3,13 @@ [buildout] extends = + ../cmake/buildout.cfg ../zlib/buildout.cfg ../groonga/buildout.cfg + ../libaio/buildout.cfg ../libevent/buildout.cfg ../ncurses/buildout.cfg + ../openssl/buildout.cfg ../pkgconfig/buildout.cfg ../readline/buildout.cfg @@ -22,9 +25,9 @@ download-only = true [mariadb] recipe = hexagonit.recipe.cmmi -version = 5.3.3-rc +version = 5.3.5-ga url = http://downloads.askmonty.org/f/mariadb-${:version}/kvm-tarbake-jaunty-x86/mariadb-${:version}.tar.gz/from/http:/ftp.osuosl.org/pub/mariadb -md5sum = 715c61bb101acc7d37e893f6a9de9267 +md5sum = 98ce0441b37c8d681855150495fdc03b # compile directory is required to build mysql plugins. keep-compile-dir = true # configure: how to avoid searching for my.cnf? @@ -42,10 +45,9 @@ configure-options = --with-extra-charsets=complex --with-collation=utf8_unicode_ci --with-big-tables - --with-embedded-server + --without-embedded-server --with-plugins=max-no-ndb --with-aria-tmp-tables - --without-plugin-innodb_plugin --without-plugin-oqgraph --without-readline --with-ssl @@ -61,11 +63,68 @@ environment = [mroonga-mariadb] recipe = hexagonit.recipe.cmmi -url = https://github.com/downloads/mroonga/mroonga/mroonga-1.11.tar.gz -md5sum = 69e56246226e0b9969ee7f99e08aa7da +url = https://github.com/downloads/mroonga/mroonga/mroonga-2.00.tar.gz +md5sum = 49dab92863b5c3fa1d49344c73357ca2 configure-options = --with-mysql-source=${mariadb:location}__compile__/mariadb-${mariadb:version} --with-mysql-config=${mariadb:location}/bin/mysql_config +depends = + ${mariadb:version} +environment = + PATH=${groonga:location}/bin:${pkgconfig:location}/bin:%(PATH)s + CPPFLAGS=-I${groonga:location}/include/groonga + LDFLAGS=-L${groonga:location}/lib + PKG_CONFIG_PATH=${groonga:location}/lib/pkgconfig + +[mariadb-5.5-no_test-patch] +recipe = hexagonit.recipe.download +url = ${:_profile_base_location_}/${:filename} +md5sum = 14e6d713c16298a10f40d29f2b799aca +filename = mariadb_5.5_create_system_tables__no_test.patch +download-only = true + +[mariadb-5.5] +recipe = hexagonit.recipe.cmmi +version = 5.5.20 +url = http://downloads.askmonty.org/f/mariadb-${:version}/kvm-tarbake-jaunty-x86/mariadb-${:version}.tar.gz/from/http://ftp.osuosl.org/pub/mariadb +md5sum = e618343b5039fa468c0e1e6098785e3c +# compile directory is required to build mysql plugins. +keep-compile-dir = true +patch-options = -p0 +patches = + ${mariadb-5.5-no_test-patch:location}/${mariadb-5.5-no_test-patch:filename} +configure-command = ${cmake:location}/bin/cmake +configure-options = + -DCMAKE_INSTALL_PREFIX=${buildout:parts-directory}/${:_buildout_section_name_} + -DBUILD_CONFIG=mysql_release + -DDEFAULT_CHARSET=utf8 + -DDEFAULT_COLLATION=utf8_unicode_ci + -DWITH_SSL=system + -DWITH_ZLIB=system + -DWITH_READLINE=0 + -DWITH_PIC=1 + -DWITH_EXTRA_CHARSETS=complex + -DWITH_EMBEDDED_SERVER=0 + -DWITHOUT_EXAMPLE_STORAGE_ENGINE=1 + -DWITHOUT_DAEMON_EXAMPLE=1 + -DWITH_SPHINX_STORAGE_ENGINE=1 + -DCMAKE_C_FLAGS="-I${libaio:location}/include -I${ncurses:location}/include -I${openssl:location}/include -I${readline5:location}/include -I${zlib:location}/include" + -DCMAKE_INSTALL_RPATH=${libaio:location}/lib:${ncurses:location}/lib:${openssl:location}/lib:${readline5:location}/lib:${zlib:location}/lib +environment = + CMAKE_PROGRAM_PATH=${cmake:location}/bin + CMAKE_INCLUDE_PATH=${libaio:location}/include:${ncurses:location}/include:${openssl:location}/include:${readline5:location}/include:${zlib:location}/include + CMAKE_LIBRARY_PATH=${libaio:location}/lib:${ncurses:location}/lib:${openssl:location}/lib:${readline5:location}/lib:${zlib:location}/lib + LDFLAGS=-L${libaio:location}/lib + +[mroonga-mariadb-5.5] +recipe = hexagonit.recipe.cmmi +url = https://github.com/downloads/mroonga/mroonga/mroonga-2.00.tar.gz +md5sum = 49dab92863b5c3fa1d49344c73357ca2 +configure-options = + --with-mysql-source=${mariadb-5.5:location}__compile__/mariadb-${mariadb-5.5:version} + --with-mysql-config=${mariadb-5.5:location}/bin/mysql_config +depends = + ${mariadb-5.5:version} environment = PATH=${groonga:location}/bin:${pkgconfig:location}/bin:%(PATH)s CPPFLAGS=-I${groonga:location}/include/groonga diff --git a/component/noVNC/buildout.cfg b/component/noVNC/buildout.cfg index 00dad6c804d8c077bcb44ffe946a889fa95b14a1..41b6f8ae2886031efe5dc3c11497f4420a370ec0 100644 --- a/component/noVNC/buildout.cfg +++ b/component/noVNC/buildout.cfg @@ -3,6 +3,6 @@ parts = noVNC [noVNC] -recipe = hexagonit.recipe.download -url = https://github.com/kanaka/noVNC/tarball/master +recipe = slapos.recipe.build:download-unpacked +url = https://github.com/kanaka/noVNC/tarball/v0.2 strip-top-level-dir = true diff --git a/component/nodejs/buildout.cfg b/component/nodejs/buildout.cfg new file mode 100644 index 0000000000000000000000000000000000000000..dddcf4bef82274e0e4d7c02f1c275fac93574b0c --- /dev/null +++ b/component/nodejs/buildout.cfg @@ -0,0 +1,50 @@ +[buildout] +extends = + ../git/buildout.cfg + ../pkgconfig/buildout.cfg + ../openssl/buildout.cfg + ../python-2.7/buildout.cfg + ../zlib/buildout.cfg + +parts = + nodejs + +[nodejs] +# Server-side Javascript. +recipe = hexagonit.recipe.cmmi +url = http://nodejs.org/dist/v0.6.12/node-v0.6.12.tar.gz +md5sum = a12766ae4003c9712927d1fa134ed9f6 +configure-options = + --openssl-includes=${openssl:location}/include + --openssl-libpath=${openssl:location}/lib +environment = + PATH=${pkgconfig:location}/bin:${python2.7:location}/bin:%(PATH)s + PKG_CONFIG_PATH=${openssl:location}/lib/pkgconfig/ + CPPFLAGS=-I${zlib:location}/include + LDFLAGS=-Wl,-rpath=${openssl:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib + +[nodejs-0.4] +recipe = hexagonit.recipe.cmmi +url = http://nodejs.org/dist/node-v0.4.12.tar.gz +md5sum = a6375eaa43db5356bf443e25b828ae16 +configure-options = + --openssl-includes=${openssl:location}/include + --openssl-libpath=${openssl:location}/lib +environment = + PATH=${pkgconfig:location}/bin:${python2.7:location}/bin:%(PATH)s + PKG_CONFIG_PATH=${openssl:location}/lib/pkgconfig/ + CPPFLAGS=-I${zlib:location}/include + LDFLAGS=-Wl,-rpath=${openssl:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib + +[npm] +# Node.js Package Manager +# Deprecated. Included in node >= 0.6.3. +recipe = plone.recipe.command +location = ${buildout:parts-directory}/${:_buildout_section_name_} +stop-on-error = true +commit = 3136abc5c6b3ed332c4700ece24450fada63639b +origin = https://github.com/isaacs/npm.git +git-bin = ${git:location}/bin/git +node-bin = ${nodejs-0.4:location}/bin/node +command = (GIT_SSL_NO_VERIFY=true ${:git-bin} clone --quiet ${:origin} ${:location} && cd ${:location} && ${:git-bin} reset --hard ${:commit} && ${:location}/configure --prefix=${:location} && GIT_SSL_NO_VERIFY=true ${:git-bin} submodule update --init --recursive && ${:node-bin} cli.js install npm@1.0.106 -g -f) || (rm -fr ${:location}; exit 1) +update-command = diff --git a/component/openssl/buildout.cfg b/component/openssl/buildout.cfg index 22398442b9f29b75202256977df6327a9297a63d..ba87ebacb27dfefa51a658a38195b49e8bb290a6 100644 --- a/component/openssl/buildout.cfg +++ b/component/openssl/buildout.cfg @@ -19,12 +19,20 @@ url = ${:_profile_base_location_}/${:filename} filename = ${:_buildout_section_name_} download-only = true +[openssl-exlibs.patch] +recipe = hexagonit.recipe.download +md5sum = dfb8979460d6d75f2d23d1ea83bbb40a +url = ${:_profile_base_location_}/${:filename} +filename = ${:_buildout_section_name_} +download-only = true + [openssl] recipe = hexagonit.recipe.cmmi -url = https://www.openssl.org/source/openssl-1.0.0g.tar.gz -md5sum = 07ecbe4324f140d157478637d6beccf1 +url = https://www.openssl.org/source/openssl-1.0.1.tar.gz +md5sum = 134f168bc2a8333f19f81d684841710b patches = ${openssl-nodoc.patch:location}/${openssl-nodoc.patch:filename} + ${openssl-exlibs.patch:location}/${openssl-exlibs.patch:filename} patch-options = -p0 configure-command = ./config configure-options = @@ -33,13 +41,11 @@ configure-options = --openssldir=${buildout:parts-directory}/${:_buildout_section_name_}/etc/ssl --prefix=${buildout:parts-directory}/${:_buildout_section_name_} --libdir=lib - shared - no-zlib + shared no-idea no-mdc2 no-rc5 zlib + -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${buildout:parts-directory}/${:_buildout_section_name_}/lib # it seems that parallel build sometimes fails for openssl. make-options = -j1 make-targets = install && rm -f ${buildout:parts-directory}/${:_buildout_section_name_}/etc/ssl/certs/* && for i in ${ca-certificates:location}/certs/*/*.crt; do ln -sv $i ${buildout:parts-directory}/${:_buildout_section_name_}/etc/ssl/certs/`${buildout:parts-directory}/${:_buildout_section_name_}/bin/openssl x509 -hash -noout -in $i`.0; done; true - LDFLAGS="-Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${buildout:parts-directory}/${:_buildout_section_name_}/lib" - SHARED_LDFLAGS="-Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${buildout:parts-directory}/${:_buildout_section_name_}/lib" diff --git a/component/openssl/openssl-exlibs.patch b/component/openssl/openssl-exlibs.patch new file mode 100644 index 0000000000000000000000000000000000000000..63b4d11602190283702b31cd68058b4771a5380e --- /dev/null +++ b/component/openssl/openssl-exlibs.patch @@ -0,0 +1,19 @@ +--- engines/ccgost/Makefile~ 2010-08-24 23:46:34.000000000 +0200 ++++ engines/ccgost/Makefile 2012-03-14 10:11:46.826419864 +0100 +@@ -7,6 +7,7 @@ + AR= ar r + CFLAGS= $(INCLUDES) $(CFLAG) + LIB=$(TOP)/libcrypto.a ++EX_LIBS= + + LIBSRC= gost2001.c gost2001_keyx.c gost89.c gost94_keyx.c gost_ameth.c gost_asn1.c gost_crypt.c gost_ctl.c gost_eng.c gosthash.c gost_keywrap.c gost_md.c gost_params.c gost_pmeth.c gost_sign.c + +@@ -32,7 +33,7 @@ + $(MAKE) -f $(TOP)/Makefile.shared -e \ + LIBNAME=$(LIBNAME) \ + LIBEXTRAS='$(LIBOBJ)' \ +- LIBDEPS='-L$(TOP) -lcrypto' \ ++ LIBDEPS='-L$(TOP) -lcrypto $(EX_LIBS)' \ + link_o.$(SHLIB_TARGET); \ + else \ + $(AR) $(LIB) $(LIBOBJ); \ diff --git a/component/percona-toolkit/buildout.cfg b/component/percona-toolkit/buildout.cfg index 5b2047a8dcd4c800d7817506fd65fa95c393f66f..d24c053588b440b71fa829d20ab1e5ce134bfc83 100644 --- a/component/percona-toolkit/buildout.cfg +++ b/component/percona-toolkit/buildout.cfg @@ -10,7 +10,7 @@ parts = recipe = hexagonit.recipe.cmmi depends = ${perl:version} -url = http://www.percona.com/redir/downloads/percona-toolkit/percona-toolkit-2.0.1.tar.gz -md5sum = 3a78c78672cb7c634bda35dfb2f817bf +url = http://www.percona.com/redir/downloads/percona-toolkit/2.0.4/percona-toolkit-2.0.4.tar.gz +md5sum = df7dffcccb48d50f143849629228d4b4 configure-command = ${perl:location}/bin/perl Makefile.PL diff --git a/component/poppler/buildout.cfg b/component/poppler/buildout.cfg index 938aa32a707ba399cc9d46f17368bcb06d1f42c2..ed0583a75ec172a733cc6bde0b918e6b6bc5ef75 100644 --- a/component/poppler/buildout.cfg +++ b/component/poppler/buildout.cfg @@ -1,6 +1,7 @@ [buildout] parts = poppler extends = + ../bzip2/buildout.cfg ../fontconfig/buildout.cfg ../freetype/buildout.cfg ../jbigkit/buildout.cfg @@ -17,10 +18,12 @@ extends = recipe = hexagonit.recipe.cmmi md5sum = b566d1fbaa29b9257bf0ecc130e7b2ca url = http://poppler.freedesktop.org/poppler-0.17.2.tar.gz +depends = + ${libtiff:version} configure-options = --disable-cairo-output --disable-cms - --disable-curl + --disable-libcurl --disable-gtk-doc-html --disable-gtk-test --disable-poppler-cpp @@ -31,5 +34,5 @@ configure-options = environment = PATH=${pkgconfig:location}/bin:%(PATH)s PKG_CONFIG_PATH=${fontconfig:location}/lib/pkgconfig:${freetype:location}/lib/pkgconfig:${libpng:location}/lib/pkgconfig - CPPFLAGS=-I${libjpeg:location}/include -I${libpng:location}/include -I${libtiff:location}/include -I${zlib:location}/include - LDFLAGS=-L${jbigkit:location}/lib -Wl,-rpath=${jbigkit:location}/lib -L${libjpeg:location}/lib -Wl,-rpath=${libjpeg:location}/lib -L${libtiff:location}/lib -Wl,-rpath=${libtiff:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib + CPPFLAGS=-I${bzip2:location}/include -I${libjpeg:location}/include -I${libpng:location}/include -I${libtiff:location}/include -I${zlib:location}/include + LDFLAGS=-L${bzip2:location}/lib -Wl,-rpath=${bzip2:location}/lib -L${jbigkit:location}/lib -Wl,-rpath=${jbigkit:location}/lib -L${libjpeg:location}/lib -Wl,-rpath=${libjpeg:location}/lib -L${libtiff:location}/lib -Wl,-rpath=${libtiff:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib diff --git a/component/python-2.6/buildout.cfg b/component/python-2.6/buildout.cfg index cf1f1634707b5ee91f7942ada40d0789bd1ece64..cb46c70fd15b1a952894dec53346e13f73450b6f 100644 --- a/component/python-2.6/buildout.cfg +++ b/component/python-2.6/buildout.cfg @@ -30,16 +30,18 @@ depends = # other settings in this part if we don't set it explicitly here. prefix = ${buildout:parts-directory}/${:_buildout_section_name_} version = 2.6 -package_version = ${:version}.7 +package_version = ${:version}.8 +package_version_suffix = rc1 executable = ${:prefix}/bin/python${:version} url = - http://python.org/ftp/python/${:package_version}/Python-${:package_version}.tar.bz2 -md5sum = d40ef58ed88438a870bbeb0ac5d4217b + http://python.org/ftp/python/${:package_version}/Python-${:package_version}${:package_version_suffix}.tar.bz2 +md5sum = df6ccdac7da3b7c7c79124b92110277e patch-options = -p1 patches = ${python-2.6.6-no_system_inc_dirs.patch:location}/${python-2.6.6-no_system_inc_dirs.patch:filename} configure-options = + --enable-ipv6 --enable-unicode=ucs4 --with-threads diff --git a/component/python-2.7/buildout.cfg b/component/python-2.7/buildout.cfg index e4a5f5cbcb7aa889f61c359bcf94003f8ac93737..fb5fc7ad3795c014fcc318c044270386566c31e2 100644 --- a/component/python-2.7/buildout.cfg +++ b/component/python-2.7/buildout.cfg @@ -3,6 +3,7 @@ extends = ../bzip2/buildout.cfg ../gdbm/buildout.cfg ../gettext/buildout.cfg + ../libexpat/buildout.cfg ../ncurses/buildout.cfg ../openssl/buildout.cfg ../readline/buildout.cfg @@ -12,21 +13,6 @@ extends = parts = python2.7 -[python2.7] -<= python2.7.2 - -[python2.7.1] -<= python2.7common -package_version = 2.7.1 -md5sum = aa27bc25725137ba155910bd8e5ddc4f -package_version_suffix = - -[python2.7.2] -<= python2.7common -package_version = 2.7.2 -md5sum = ba7b2f11ffdbf195ee0d111b9455a5bd -package_version_suffix = - [bootstrap2.7] recipe = zc.recipe.egg eggs = zc.buildout @@ -36,8 +22,12 @@ scripts = arguments = sys.argv[1:] + ["bootstrap"] python = python2.7 -[python2.7common] +[python2.7] recipe = hexagonit.recipe.cmmi +package_version = 2.7.3 +package_version_suffix = rc1 +md5sum = 72aaa940dfa2777de161d7cb27c91df7 + depends = ${gdbm:version} # This is actually the default setting for prefix, but we can't use it in @@ -49,9 +39,11 @@ executable = ${:prefix}/bin/python${:version} url = http://python.org/ftp/python/${:package_version}/Python-${:package_version}${:package_version_suffix}.tar.bz2 configure-options = + --enable-ipv6 --enable-unicode=ucs4 + --with-system-expat --with-threads environment = - CPPFLAGS=-I${zlib:location}/include -I${readline:location}/include -I${ncurses:location}/include/ -I${ncurses:location}/include/ncursesw/ -I${bzip2:location}/include -I${gdbm:location}/include -I${openssl:location}/include -I${sqlite3:location}/include -I${gettext:location}/include - LDFLAGS=-L${zlib:location}/lib -L${readline:location}/lib -L${ncurses:location}/lib -L${bzip2:location}/lib -L${gdbm:location}/lib -L${openssl:location}/lib -L${sqlite3:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${readline:location}/lib -Wl,-rpath=${ncurses:location}/lib -Wl,-rpath=${bzip2:location}/lib -Wl,-rpath=${gdbm:location}/lib -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${sqlite3:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib + CPPFLAGS=-I${zlib:location}/include -I${readline:location}/include -I${libexpat:location}/include -I${ncurses:location}/include -I${ncurses:location}/include/ncursesw -I${bzip2:location}/include -I${gdbm:location}/include -I${openssl:location}/include -I${sqlite3:location}/include -I${gettext:location}/include + LDFLAGS=-L${zlib:location}/lib -L${readline:location}/lib -L${libexpat:location}/lib -L${ncurses:location}/lib -L${bzip2:location}/lib -L${gdbm:location}/lib -L${openssl:location}/lib -L${sqlite3:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${readline:location}/lib -Wl,-rpath=${libexpat:location}/lib -Wl,-rpath=${ncurses:location}/lib -Wl,-rpath=${bzip2:location}/lib -Wl,-rpath=${gdbm:location}/lib -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${sqlite3:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib diff --git a/component/readline/buildout.cfg b/component/readline/buildout.cfg index 273cbffb9bace11e618db63be51a3b56ab2faa1b..4210e38ad834bea15d6ddccd7f8466b1476f5a6f 100644 --- a/component/readline/buildout.cfg +++ b/component/readline/buildout.cfg @@ -12,18 +12,6 @@ configure-options = --enable-multibyte --disable-static -# readline-5.x is still used for GPL2 only softwares. -[readline5] -recipe = hexagonit.recipe.cmmi -url = http://ftp.gnu.org/gnu/readline/readline-5.2.tar.gz -md5sum = e39331f32ad14009b9ff49cc10c5e751 -configure-options = - --enable-multibyte - --disable-static - --with-ncurses=${ncurses:location} -environment = - LDFLAGS =-Wl,-rpath=${ncurses:location}/lib - [readline] recipe = hexagonit.recipe.cmmi url = http://ftp.gnu.org/gnu/readline/readline-6.2.tar.gz diff --git a/component/slapos/buildout.cfg b/component/slapos/buildout.cfg index 71e9ad796e3e9f787389c17d0c95948c26952fe7..0088c4709030c33159f60734cb6acb5402071282 100644 --- a/component/slapos/buildout.cfg +++ b/component/slapos/buildout.cfg @@ -120,17 +120,17 @@ Werkzeug = 0.8.3 buildout-versions = 1.7 collective.recipe.template = 1.9 hexagonit.recipe.cmmi = 1.5.0 -lxml = 2.3.3 +lxml = 2.3.4 meld3 = 0.6.8 netaddr = 0.7.6 -slapos.core = 0.22 +slapos.core = 0.24 slapos.libnetworkcache = 0.12 xml-marshaller = 0.9.7 -z3c.recipe.scripts = 1.0.1 +z3c.recipe.scripts = 1.0.1 zc.recipe.egg = 1.3.2 # Required by: -# slapos.core==0.22 +# slapos.core==0.24 Flask = 0.8 # Required by: @@ -138,11 +138,11 @@ Flask = 0.8 hexagonit.recipe.download = 1.5.0 # Required by: -# slapos.core==0.22 +# slapos.core==0.24 netifaces = 0.8 # Required by: -# slapos.core==0.22 +# slapos.core==0.24 # slapos.libnetworkcache==0.12 # supervisor==3.0a12 # zc.buildout==1.6.0-dev-SlapOS-004 @@ -150,9 +150,9 @@ netifaces = 0.8 setuptools = 0.6c12dev-r88846 # Required by: -# slapos.core==0.22 +# slapos.core==0.24 supervisor = 3.0a12 # Required by: -# slapos.core==0.22 +# slapos.core==0.24 zope.interface = 3.8.0 diff --git a/component/sphinx/buildout.cfg b/component/sphinx/buildout.cfg index bb8b0aa7c192c88870a8c49586f4aeb530ca15f3..b6ae4bf2f6f2411b1fe4b84a0a635e72c12b640f 100644 --- a/component/sphinx/buildout.cfg +++ b/component/sphinx/buildout.cfg @@ -21,9 +21,7 @@ recipe = hexagonit.recipe.cmmi url = http://sphinxsearch.com/files/sphinx-2.0.2-beta.tar.gz md5sum = fafe0f1a71d0ded32404c067eba7d0b3 configure-options = - --with-mysql - --with-mysql-includes=${mariadb:location}/include/mysql - --with-mysql-libs=${mariadb:location}/lib/mysql + --with-mysql=${mariadb:location} --with-libstemmer --with-iconv --without-pgsql diff --git a/component/stunnel/buildout.cfg b/component/stunnel/buildout.cfg index 8321200e7becbc25dbb364092978c176574c2a6e..63eb5e6b098c8e9086eca629de947eb923238972 100644 --- a/component/stunnel/buildout.cfg +++ b/component/stunnel/buildout.cfg @@ -17,8 +17,8 @@ filename = stunnel-4-hooks.py [stunnel-4] recipe = hexagonit.recipe.cmmi -url = http://mirror.bit.nl/stunnel/stunnel-4.52.tar.gz -md5sum = f5e713dda0e8efa659f372832ecd0c2c +url = http://mirror.bit.nl/stunnel/stunnel-4.53.tar.gz +md5sum = ab3bfc915357d67da18c73f73610d593 pre-configure-hook = ${stunnel-4-hook-download:location}/${stunnel-4-hook-download:filename}:pre_configure_hook configure-options = --enable-ipv6 diff --git a/component/tesseract/buildout.cfg b/component/tesseract/buildout.cfg index eb738c8c3161c44269d3340bd289da6d8e01afeb..221bdd7ea2b076ab579d4692fb829a321c40f8a1 100644 --- a/component/tesseract/buildout.cfg +++ b/component/tesseract/buildout.cfg @@ -23,6 +23,8 @@ stop-on-error = yes recipe = hexagonit.recipe.cmmi url = http://tesseract-ocr.googlecode.com/files/tesseract-3.00.tar.gz md5sum = cc812a261088ea0c3d2da735be35d09f +depends = + ${libtiff:version} configure-options = --disable-static --datarootdir=${tesseract-share:location} diff --git a/component/tomcat/buildout.cfg b/component/tomcat/buildout.cfg new file mode 100644 index 0000000000000000000000000000000000000000..8ce1c3dec54834715d36f920e3aa5d0f70fe39a2 --- /dev/null +++ b/component/tomcat/buildout.cfg @@ -0,0 +1,22 @@ +# Apache Tomcat - an open source software implementation of the Java Servlet and JavaServer Pages technologies. +# http://tomcat.apache.org/ + +[buildout] + +parts = + tomcat + +[tomcat] +<= tomcat6 + +[tomcat6] +recipe = hexagonit.recipe.download +strip-top-level-dir = true +url = http://apache.multidist.com/tomcat/tomcat-6/v6.0.35/bin/apache-tomcat-6.0.35.tar.gz +md5sum = 171d255cd60894b29a41684ce0ff93a8 + +[tomcat7] +recipe = hexagonit.recipe.download +strip-top-level-dir = true +url = http://apache.multidist.com/tomcat/tomcat-7/v7.0.25/bin/apache-tomcat-7.0.25.tar.gz +md5sum = 2aa59d23555d641b20efad4aed86b693 diff --git a/component/wget/buildout.cfg b/component/wget/buildout.cfg new file mode 100644 index 0000000000000000000000000000000000000000..08195cc8dfeee9d636d6fa0fa0b3a32e674ffad0 --- /dev/null +++ b/component/wget/buildout.cfg @@ -0,0 +1,25 @@ +[buildout] +extends = + ../openssl/buildout.cfg + ../pkgconfig/buildout.cfg + ../zlib/buildout.cfg +parts = + wget + +[wget] +recipe = hexagonit.recipe.cmmi +url = http://ftp.gnu.org/gnu/wget/wget-1.13.4.tar.bz2 +md5sum = 12115c3750a4d92f9c6ac62bac372e85 +configure-options = + --enable-ipv6 + --enable-opie + --disable-iri + --with-ssl=openssl + --with-libssl-prefix=${openssl:location} + --with-zlib-lib=${zlib:location} + +environment = + PATH=${pkgconfig:location}/bin:%(PATH)s + PKG_CONFIG_PATH=${openssl:location}/lib/pkgconfig + LDFLAGS=-L${zlib:location}/lib -L${openssl:location}/lib + CPPFLAGS=-I${zlib:location}/include -I${openssl:location}/include diff --git a/component/xorg/buildout.cfg b/component/xorg/buildout.cfg index 9258a76ce07248887351550c8c1630c9e8069051..edc919ff94c7b4030ce8f66c67fb5d3eeb32dfa5 100644 --- a/component/xorg/buildout.cfg +++ b/component/xorg/buildout.cfg @@ -13,8 +13,8 @@ parts = libXdmcp libXext libXau - libXinerama libSM + libXrender [xorg-aclocal] ACLOCAL=${xorg-util-macros:location}/share/aclocal @@ -33,6 +33,7 @@ configure-options = --without-xmlto --without-fop environment = + PKG_CONFIG_PATH=${xorg-util-macros:location}/share/pkgconfig PATH=${libxml2:location}/bin:${pkgconfig:location}/bin:%(PATH)s [xextproto] @@ -43,6 +44,9 @@ configure-options = --disable-specs --without-xmlto --without-fop +environment = + PKG_CONFIG_PATH=${xorg-util-macros:location}/share/pkgconfig + PATH=${pkgconfig:location}/bin:%(PATH)s [xtrans] recipe = hexagonit.recipe.cmmi @@ -53,6 +57,7 @@ configure-options = --without-xmlto --without-fop environment = + PKG_CONFIG_PATH=${xorg-util-macros:location}/share/pkgconfig PATH=${pkgconfig:location}/bin:%(PATH)s [libXau] @@ -62,7 +67,7 @@ md5sum = 4a2cbd83727682f9ee1c1e719bac6adb configure-options = --disable-static environment = - PKG_CONFIG_PATH=${xproto:location}/lib/pkgconfig + PKG_CONFIG_PATH=${xorg-util-macros:location}/share/pkgconfig:${xproto:location}/lib/pkgconfig PATH=${pkgconfig:location}/bin:%(PATH)s [xcbproto] @@ -99,7 +104,7 @@ recipe = hexagonit.recipe.cmmi url = http://www.x.org/releases/X11R7.6/src/lib/libXext-1.2.0.tar.bz2 md5sum = 9bb236ff0193e9fc1c1fb504dd840331 environment = - PKG_CONFIG_PATH=${xcbproto:location}/lib/pkgconfig:${libXau:location}/lib/pkgconfig:${xproto:location}/lib/pkgconfig:${xorg-libpthread-stubs:location}/lib/pkgconfig:${xextproto:location}/lib/pkgconfig:${libX11:location}/lib/pkgconfig:${libxcb:location}/lib/pkgconfig + PKG_CONFIG_PATH=${xorg-util-macros:location}/share/pkgconfig:${xcbproto:location}/lib/pkgconfig:${libXau:location}/lib/pkgconfig:${xproto:location}/lib/pkgconfig:${xorg-libpthread-stubs:location}/lib/pkgconfig:${xextproto:location}/lib/pkgconfig:${libX11:location}/lib/pkgconfig:${libxcb:location}/lib/pkgconfig CPPFLAGS=-I${xcbproto:location}/include -I${libXau:location}/include -I${xproto:location}/include -I${xorg-libpthread-stubs:location}/include -I${xextproto:location}/include -I${libX11:location}/include -I${libxcb:location}/include LD_LIBRARY_PATH=${xcbproto:location}/lib:${libXau:location}/lib:${xorg-libpthread-stubs:location}/lib:${xextproto:location}/lib:${libX11:location}/lib:${libxcb:location}/lib LD_RUN_PATH=${xcbproto:location}/lib:${libXau:location}/lib:${xorg-libpthread-stubs:location}/lib:${xextproto:location}/lib:${libX11:location}/lib:${libxcb:location}/lib @@ -148,7 +153,7 @@ configure-options = --without-xmlto --without-fop environment = - PKG_CONFIG_PATH=${xproto:location}/lib/pkgconfig:${xextproto:location}/lib/pkgconfig:${xtrans:location}/share/pkgconfig:${libxcb:location}/lib/pkgconfig:${xorg-libpthread-stubs:location}/lib/pkgconfig:${libXau:location}/lib/pkgconfig:${inputproto:location}/lib/pkgconfig:${kbproto:location}/lib/pkgconfig + PKG_CONFIG_PATH=${xorg-util-macros:location}/share/pkgconfig:${xproto:location}/lib/pkgconfig:${xextproto:location}/lib/pkgconfig:${xtrans:location}/share/pkgconfig:${libxcb:location}/lib/pkgconfig:${xorg-libpthread-stubs:location}/lib/pkgconfig:${libXau:location}/lib/pkgconfig:${inputproto:location}/lib/pkgconfig:${kbproto:location}/lib/pkgconfig LD_LIBRARY_PATH=${xproto:location}/lib:${xextproto:location}/lib:${libxcb:location}/lib LD_RUN_PATH=${xproto:location}/lib:${xextproto:location}/lib:${libxcb:location}/lib PATH=${pkgconfig:location}/bin:%(PATH)s @@ -329,7 +334,7 @@ configure-options = --without-xmlto --without-fop environment = - PKG_CONFIG_PATH=${xproto:location}/lib/pkgconfig:${xtrans:location}/share/pkgconfig + PKG_CONFIG_PATH=${xorg-util-macros:location}/share/pkgconfig:${xproto:location}/lib/pkgconfig:${xtrans:location}/share/pkgconfig PATH=${pkgconfig:location}/bin:%(PATH)s [libSM] @@ -341,10 +346,26 @@ configure-options = --without-xmlto --without-fop environment = - PKG_CONFIG_PATH=${libICE:location}/lib/pkgconfig:${libuuid:location}/lib/pkgconfig:${xproto:location}/lib/pkgconfig:${xtrans:location}/share/pkgconfig + PKG_CONFIG_PATH=${xorg-util-macros:location}/share/pkgconfig:${libICE:location}/lib/pkgconfig:${libuuid:location}/lib/pkgconfig:${xproto:location}/lib/pkgconfig:${xtrans:location}/share/pkgconfig PATH=${pkgconfig:location}/bin:%(PATH)s LIBUUID_CFLAGS=-I${libuuid:location}/include +[renderproto] +recipe = hexagonit.recipe.cmmi +url = http://www.x.org/releases/X11R7.6/src/proto/renderproto-0.11.1.tar.bz2 +md5sum = a914ccc1de66ddeb4b611c6b0686e274 + +[libXrender] +recipe = hexagonit.recipe.cmmi +url = http://www.x.org/releases/X11R7.6/src/lib/libXrender-0.9.6.tar.bz2 +md5sum = 3b3b7d076c2384b6c600c0b5f4ba971f +configure-options = + --disable-static +environment = + PKG_CONFIG_PATH=${libX11:location}/lib/pkgconfig:${renderproto:location}/lib/pkgconfig:${xorg-util-macros:location}/share/pkgconfig + PATH=${pkgconfig:location}/bin:%(PATH)s + CPPFLAGS=-I${libX11:location}/include -I${renderproto:location}/include -I${xproto:location}/include + [libXt] recipe = hexagonit.recipe.cmmi url = http://www.x.org/releases/X11R7.6/src/lib/libXt-1.0.9.tar.bz2 diff --git a/component/zlib/buildout.cfg b/component/zlib/buildout.cfg index 3afcf1f80d48f48101c70cdeab6f5bc4228b895f..830d92c8e43e4e58af9ab90fc69f1f2f7c074f6e 100644 --- a/component/zlib/buildout.cfg +++ b/component/zlib/buildout.cfg @@ -4,5 +4,5 @@ parts = [zlib] recipe = hexagonit.recipe.cmmi -url = http://prdownloads.sourceforge.net/libpng/zlib-1.2.5.tar.gz?download -md5sum = c735eab2d659a96e5a594c9e8541ad63 +url = http://prdownloads.sourceforge.net/libpng/zlib-1.2.6.tar.bz2?download +md5sum = dc2cfa0d2313ca77224b4d932b2911e9 diff --git a/setup.py b/setup.py index 10cdeec329e8d1e2a491e0c83618e80404c4c34f..01af1693a53100b2275a3ed43c9db43abe5c9a0e 100644 --- a/setup.py +++ b/setup.py @@ -2,7 +2,7 @@ from setuptools import setup, find_packages import glob import os -version = '0.40-dev' +version = '0.46-dev' name = 'slapos.cookbook' long_description = open("README.txt").read() + "\n" + \ open("CHANGES.txt").read() + "\n" @@ -40,11 +40,13 @@ setup(name=name, zip_safe=True, entry_points={ 'zc.buildout': [ + 'apache.frontend = slapos.recipe.apache_frontend:Recipe', 'apachephp = slapos.recipe.apachephp:Recipe', 'apacheproxy = slapos.recipe.apacheproxy:Recipe', 'apache.zope.backend = slapos.recipe.apache_zope_backend:Recipe', 'certificate_authority = slapos.recipe.certificate_authority:Recipe', 'certificate_authority.request = slapos.recipe.certificate_authority:Request', + 'check_port_listening = slapos.recipe.check_port_listening:Recipe', 'cron = slapos.recipe.dcron:Recipe', 'cron.d = slapos.recipe.dcron:Part', 'davstorage = slapos.recipe.davstorage:Recipe', @@ -55,14 +57,18 @@ setup(name=name, 'erp5scalabilitytestbed = slapos.recipe.erp5scalabilitytestbed:Recipe', 'equeue = slapos.recipe.equeue:Recipe', 'erp5testnode = slapos.recipe.erp5testnode:Recipe', + 'generate.mac = slapos.recipe.generatemac:Recipe', + 'nbdserver = slapos.recipe.nbdserver:Recipe', + 'generic.onetimeupload = slapos.recipe.generic_onetimeupload:Recipe', 'helloworld = slapos.recipe.helloworld:Recipe', 'generic.cloudooo = slapos.recipe.generic_cloudooo:Recipe', 'fontconfig = slapos.recipe.fontconfig:Recipe', 'java = slapos.recipe.java:Recipe', 'kumofs = slapos.recipe.kumofs:Recipe', + 'kvm = slapos.recipe.kvm:Recipe', + 'kvm.frontend = slapos.recipe.kvm_frontend:Recipe', 'generic.kumofs = slapos.recipe.generic_kumofs:Recipe', 'haproxy = slapos.recipe.haproxy:Recipe', - 'kvm = slapos.recipe.kvm:Recipe', 'libcloud = slapos.recipe.libcloud:Recipe', 'libcloudrequest = slapos.recipe.libcloudrequest:Recipe', 'lockfile = slapos.recipe.lockfile:Recipe', @@ -72,11 +78,11 @@ setup(name=name, 'mydumper = slapos.recipe.mydumper:Recipe', 'generic.mysql = slapos.recipe.generic_mysql:Recipe', 'mkdirectory = slapos.recipe.mkdirectory:Recipe', - 'nbdserver = slapos.recipe.nbdserver:Recipe', 'nosqltestbed = slapos.recipe.nosqltestbed:NoSQLTestBed', 'notifier = slapos.recipe.notifier:Recipe', 'notifier.callback = slapos.recipe.notifier:Callback', 'notifier.notify = slapos.recipe.notifier:Notify', + 'novnc = slapos.recipe.novnc:Recipe', 'lamp = slapos.recipe.lamp:Request', 'lamp.request = slapos.recipe.lamp:Request', 'lamp.static = slapos.recipe.lamp:Static', @@ -114,8 +120,12 @@ setup(name=name, 'generate.cloudooo = slapos.recipe.generate_cloudooo:Recipe', 'zeo = slapos.recipe.zeo:Recipe', 'tidstorage = slapos.recipe.tidstorage:Recipe', + 'erp5.bootstrap = slapos.recipe.erp5_bootstrap:Recipe', + 'erp5.promise = slapos.recipe.erp5_promise:Recipe', 'erp5.update = slapos.recipe.erp5_update:Recipe', 'erp5.test = slapos.recipe.erp5_test:Recipe', + 'generic.varnish = slapos.recipe.generic_varnish:Recipe', + 'webchecker = slapos.recipe.web_checker:Recipe', ], 'slapos.recipe.nosqltestbed.plugin': [ 'kumo = slapos.recipe.nosqltestbed.kumo:KumoTestBed', diff --git a/slapos/recipe/README.apache_frontend.txt b/slapos/recipe/README.apache_frontend.txt new file mode 100644 index 0000000000000000000000000000000000000000..89da1b88f1d91025b3cff543c0025a5d39dd727a --- /dev/null +++ b/slapos/recipe/README.apache_frontend.txt @@ -0,0 +1,36 @@ +apache_frontend +========== + +Frontend using Apache, allowing to rewrite and proxy URLs like +myinstance.myfrontenddomainname.com to real IP/URL of myinstance. + +apache_frontend works using the master instance / slave instance design. +It means that a single main instance of Apache will be used to act as frontend +for many slaves. + + +How to use +======== +First, you will need to request a "master" instance of Apache Frontend with +"domain" parameter, like : +<?xml version='1.0' encoding='utf-8'?> +<instance> + <parameter id="domain">moulefrite.com</parameter> + <parameter id="port">443</parameter> +</instance> + +Then, it is possible to request many slave instances +(currently only from slapconsole, UI doesn't work yet) +of Apache Frontend, like : +instance = request( + software_release=apache_frontend, + partition_reference='frontend2', + shared=True, + partition_parameter_kw={"url":"https://[1:2:3:4]:1234/someresource"} + ) +Those slave instances will be redirected to the "master" instance, +and you will see on the "master" instance the associated RewriteRules of +all slave instances. + +Finally, the slave instance will be accessible from : +https://someidentifier.moulefrite.com. diff --git a/slapos/recipe/README.helloworld.txt b/slapos/recipe/README.helloworld.txt deleted file mode 100644 index 50a7fc1812a75c5d2584503b41c7787b7521533b..0000000000000000000000000000000000000000 --- a/slapos/recipe/README.helloworld.txt +++ /dev/null @@ -1,4 +0,0 @@ -helloworld -========== - -It only installs a dummy wrapper saying "Hello World!" and sends to the master an "HelloWorld" parameter. diff --git a/slapos/recipe/README.kvm_frontend.txt b/slapos/recipe/README.kvm_frontend.txt new file mode 100644 index 0000000000000000000000000000000000000000..b600221c6a89767798aa1a94834e786b53f680ab --- /dev/null +++ b/slapos/recipe/README.kvm_frontend.txt @@ -0,0 +1,56 @@ +kvm_frontend +=== + +Introduction +------------ + +The ``slapos.recipe.kvm_frontend`` aims to provide proxy server to KVM instances. + +It allows HTTPS IPv4/IPv6 proxying (with or without domain name), and supports +the WebSocket technology needed for VNC-in-webapplication noVNC. + +It works following the master/slave instances system. A master instance is +created, containing all what is needed to run the proxy. Slave instances +are later created, adding one line in the master instance's proxy configuration +that specify the IP/port to proxy to the KVM. + +The slave instance (kvm) is then accessible from +http://[masterinstanceIPorhostname]/[randomgeneratednumber] + + +Instance parameters +------------ + +Incoming master instance parameters ++++++++ + +``port`` - Port of server, optional, defaults to 4443. +``domain`` - domain name to use, optional, default to + "host.vifib.net". +``redirect_plain_http`` - if value is one of ['y', 'yes', '1', 'true'], instance + will try to create a simple http server on port 80 + redirecting to the proxy. Optional. + +Incoming slave instance parameters ++++++++ + +``host`` - KVM instance IP or hostname. Mandatory. +``port`` - KVM instance port, Mandatory. +``https`` - if value is one of ['n', 'no', '0', 'false'], will try to connect + to target in plain http. Optional. + +Connection parameters +------------- + +Outgoing master connection parameters ++++++++ + +``domain_ipv6_address`` - Proxy IP +``site_url`` - Proxy URL + +Outgoing slave connection parameters are : ++++++++ + +``site_url`` - URL of instance +``domain_name`` - Domain name of proxy +``port`` - Port of proxy diff --git a/slapos/recipe/apache_frontend/__init__.py b/slapos/recipe/apache_frontend/__init__.py new file mode 100644 index 0000000000000000000000000000000000000000..acb67c8d418c51a42bb7251ceb05831bef64bb56 --- /dev/null +++ b/slapos/recipe/apache_frontend/__init__.py @@ -0,0 +1,442 @@ +############################################################################## +# +# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved. +# +# WARNING: This program as such is intended to be used by professional +# programmers who take the whole responsibility of assessing all potential +# consequences resulting from its eventual inadequacies and bugs +# End users who are looking for a ready-to-use solution with commercial +# guarantees and support are strongly adviced to contract a Free Software +# Service Company +# +# This program is Free Software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 3 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +############################################################################## +from slapos.recipe.librecipe import BaseSlapRecipe +import os +import pkg_resources +import hashlib +import sys +import zc.buildout +import zc.recipe.egg +import ConfigParser +import re + + +class Recipe(BaseSlapRecipe): + + def getTemplateFilename(self, template_name): + return pkg_resources.resource_filename(__name__, + 'template/%s' % template_name) + + def _install(self): + self.path_list = [] + self.requirements, self.ws = self.egg.working_set() + + # self.cron_d is a directory, where cron jobs can be registered + self.cron_d = self.installCrond() + self.logrotate_d, self.logrotate_backup = self.installLogrotate() + self.killpidfromfile = zc.buildout.easy_install.scripts( + [('killpidfromfile', 'slapos.recipe.erp5.killpidfromfile', + 'killpidfromfile')], self.ws, sys.executable, self.bin_directory)[0] + + self.path_list.append(self.killpidfromfile) + + frontend_port_number = self.parameter_dict.get("port", 4443) + frontend_domain_name = self.parameter_dict.get("domain", + "host.vifib.net") + + base_varnish_port = 26009 + slave_instance_list = self.parameter_dict.get("slave_instance_list", []) + rewrite_rule_list = [] + slave_dict = {} + service_dict = {} + if frontend_port_number is 443: + base_url = "%s/" % frontend_domain_name + else: + base_url = "%s:%s/" % (frontend_domain_name, frontend_port_number) + for slave_instance in slave_instance_list: + url = slave_instance.get("url") + if url is None: + continue + reference = slave_instance.get("slave_reference") + subdomain = reference.replace("-", "").lower() + slave_dict[reference] = "https://%s.%s" % (subdomain, base_url) + + enable_cache = slave_instance.get("enable_cache", "") + if enable_cache.upper() in ('1', 'TRUE'): + # Varnish should use stunnel to connect to the backend + base_varnish_control_port = base_varnish_port + base_varnish_port += 1 + # Use regex + host_regex = "((\[\w*|[0-9]+\.)(\:|)).*(\]|\.[0-9]+)" + slave_host = re.search(host_regex, url).group(0) + port_regex = "\w+(\/|)$" + matcher = re.search(port_regex, url) + if matcher is not None: + slave_port = matcher.group(0) + slave_port = slave_port.replace("/", "") + elif url.startswith("https://"): + slave_port = 443 + else: + slave_port = 80 + service_name = "varnish_%s" % reference + varnish_ip = self.getLocalIPv4Address() + stunnel_port = base_varnish_port + 1 + self.installVarnishCache(service_name, + ip=varnish_ip, + port=base_varnish_port, + control_port=base_varnish_control_port, + backend_host=varnish_ip, + backend_port=stunnel_port, + size="1G") + service_dict[service_name] = dict(public_ip=varnish_ip, + public_port=stunnel_port, + private_ip=slave_host.replace("[", "").replace("]", ""), + private_port=slave_port) + rewrite_rule_list.append("%s.%s http://%s:%s" % \ + (reference.replace("-", ""), frontend_domain_name, + varnish_ip, base_varnish_port)) + base_varnish_port += 2 + else: + rewrite_rule_list.append("%s.%s %s" % (subdomain, frontend_domain_name, + url)) + + valid_certificate_str = self.parameter_dict.get("domain_ssl_ca_cert") + valid_key_str = self.parameter_dict.get("domain_ssl_ca_key") + + if valid_certificate_str is None and valid_key_str is None: + ca_conf = self.installCertificateAuthority() + key, certificate = self.requestCertificate(frontend_domain_name) + else: + ca_conf = self.installValidCertificateAuthority( + frontend_domain_name, valid_certificate_str, valid_key_str) + key = ca_conf.pop("key") + certificate = ca_conf.pop("certificate") + + if service_dict != {}: + if valid_certificate_str is not None and valid_key_str is not None: + self.installCertificateAuthority() + stunnel_key, stunnel_certificate = \ + self.requestCertificate(frontend_domain_name) + else: + stunnel_key, stunnet_certificate = key, certificate + self.installStunnel(service_dict, + stunnel_certificate, stunnel_key, + ca_conf["ca_crl"], + ca_conf["certificate_authority_path"]) + + apache_parameter_dict = self.installFrontendApache( + ip_list=["[%s]" % self.getGlobalIPv6Address(), + self.getLocalIPv4Address()], + port=frontend_port_number, + name=frontend_domain_name, + rewrite_rule_list=rewrite_rule_list, + key=key, certificate=certificate) + + for reference, url in slave_dict.iteritems(): + self.setConnectionDict(dict(site_url=url), reference) + + self.setConnectionDict( + dict(site_url=apache_parameter_dict["site_url"], + domain_ipv6_address=self.getGlobalIPv6Address(), + domain_ipv4_address=self.getLocalIPv4Address())) + return self.path_list + + def installLogrotate(self): + """Installs logortate main configuration file and registers its to cron""" + logrotate_d = os.path.abspath(os.path.join(self.etc_directory, + 'logrotate.d')) + self._createDirectory(logrotate_d) + logrotate_backup = self.createBackupDirectory('logrotate') + logrotate_conf = self.createConfigurationFile("logrotate.conf", + "include %s" % logrotate_d) + logrotate_cron = os.path.join(self.cron_d, 'logrotate') + state_file = os.path.join(self.data_root_directory, 'logrotate.status') + open(logrotate_cron, 'w').write('0 0 * * * %s -s %s %s' % + (self.options['logrotate_binary'], state_file, logrotate_conf)) + self.path_list.extend([logrotate_d, logrotate_conf, logrotate_cron]) + return logrotate_d, logrotate_backup + + def registerLogRotation(self, name, log_file_list, postrotate_script): + """Register new log rotation requirement""" + open(os.path.join(self.logrotate_d, name), 'w').write( + self.substituteTemplate(self.getTemplateFilename( + 'logrotate_entry.in'), + dict(file_list=' '.join(['"'+q+'"' for q in log_file_list]), + postrotate=postrotate_script, olddir=self.logrotate_backup))) + + def requestCertificate(self, name): + hash = hashlib.sha512(name).hexdigest() + key = os.path.join(self.ca_private, hash + self.ca_key_ext) + certificate = os.path.join(self.ca_certs, hash + self.ca_crt_ext) + parser = ConfigParser.RawConfigParser() + parser.add_section('certificate') + parser.set('certificate', 'name', name) + parser.set('certificate', 'key_file', key) + parser.set('certificate', 'certificate_file', certificate) + parser.write(open(os.path.join(self.ca_request_dir, hash), 'w')) + return key, certificate + + def installCrond(self): + timestamps = self.createDataDirectory('cronstamps') + cron_output = os.path.join(self.log_directory, 'cron-output') + self._createDirectory(cron_output) + catcher = zc.buildout.easy_install.scripts([('catchcron', + __name__ + '.catdatefile', 'catdatefile')], self.ws, sys.executable, + self.bin_directory, arguments=[cron_output])[0] + self.path_list.append(catcher) + cron_d = os.path.join(self.etc_directory, 'cron.d') + crontabs = os.path.join(self.etc_directory, 'crontabs') + self._createDirectory(cron_d) + self._createDirectory(crontabs) + wrapper = zc.buildout.easy_install.scripts([('crond', + 'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable, + self.wrapper_directory, arguments=[ + self.options['dcrond_binary'].strip(), '-s', cron_d, '-c', crontabs, + '-t', timestamps, '-f', '-l', '5', '-M', catcher] + )[0] + self.path_list.append(wrapper) + return cron_d + + def installValidCertificateAuthority(self, domain_name, certificate, key): + ca_dir = os.path.join(self.data_root_directory, 'ca') + ca_private = os.path.join(ca_dir, 'private') + ca_certs = os.path.join(ca_dir, 'certs') + ca_crl = os.path.join(ca_dir, 'crl') + self._createDirectory(ca_dir) + for path in (ca_private, ca_certs, ca_crl): + self._createDirectory(path) + key_path = os.path.join(ca_private, domain_name + ".key") + certificate_path = os.path.join(ca_certs, domain_name + ".crt") + self._writeFile(key_path, key) + self._writeFile(certificate_path, certificate) + return dict(certificate_authority_path=ca_dir, + ca_crl=ca_crl, + certificate=certificate_path, + key=key_path) + + def installCertificateAuthority(self, ca_country_code='XX', + ca_email='xx@example.com', ca_state='State', ca_city='City', + ca_company='Company'): + backup_path = self.createBackupDirectory('ca') + self.ca_dir = os.path.join(self.data_root_directory, 'ca') + self._createDirectory(self.ca_dir) + self.ca_request_dir = os.path.join(self.ca_dir, 'requests') + self._createDirectory(self.ca_request_dir) + config = dict(ca_dir=self.ca_dir, request_dir=self.ca_request_dir) + self.ca_private = os.path.join(self.ca_dir, 'private') + self.ca_certs = os.path.join(self.ca_dir, 'certs') + self.ca_crl = os.path.join(self.ca_dir, 'crl') + self.ca_newcerts = os.path.join(self.ca_dir, 'newcerts') + self.ca_key_ext = '.key' + self.ca_crt_ext = '.crt' + for d in [self.ca_private, self.ca_crl, self.ca_newcerts, self.ca_certs]: + self._createDirectory(d) + for f in ['crlnumber', 'serial']: + if not os.path.exists(os.path.join(self.ca_dir, f)): + open(os.path.join(self.ca_dir, f), 'w').write('01') + if not os.path.exists(os.path.join(self.ca_dir, 'index.txt')): + open(os.path.join(self.ca_dir, 'index.txt'), 'w').write('') + openssl_configuration = os.path.join(self.ca_dir, 'openssl.cnf') + config.update( + working_directory=self.ca_dir, + country_code=ca_country_code, + state=ca_state, + city=ca_city, + company=ca_company, + email_address=ca_email, + ) + self._writeFile(openssl_configuration, pkg_resources.resource_string( + __name__, 'template/openssl.cnf.ca.in') % config) + self.path_list.extend(zc.buildout.easy_install.scripts([ + ('certificate_authority', __name__ + '.certificate_authority', + 'runCertificateAuthority')], + self.ws, sys.executable, self.wrapper_directory, arguments=[dict( + openssl_configuration=openssl_configuration, + openssl_binary=self.options['openssl_binary'], + certificate=os.path.join(self.ca_dir, 'cacert.pem'), + key=os.path.join(self.ca_private, 'cakey.pem'), + crl=os.path.join(self.ca_crl), + request_dir=self.ca_request_dir + )])) + + # configure backup + backup_cron = os.path.join(self.cron_d, 'ca_rdiff_backup') + open(backup_cron, 'w').write( + '''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''%dict( + rdiff_backup=self.options['rdiff_backup_binary'], + source=self.ca_dir, + destination=backup_path)) + self.path_list.append(backup_cron) + + return dict( + ca_certificate=os.path.join(config['ca_dir'], 'cacert.pem'), + ca_crl=os.path.join(config['ca_dir'], 'crl'), + certificate_authority_path=config['ca_dir'] + ) + + def _getApacheConfigurationDict(self, name, ip_list, port): + apache_conf = dict() + apache_conf['server_name'] = name + apache_conf['pid_file'] = os.path.join(self.run_directory, + name + '.pid') + apache_conf['lock_file'] = os.path.join(self.run_directory, + name + '.lock') + apache_conf['document_root'] = os.path.join(self.data_root_directory, + 'htdocs') + apache_conf['ip_list'] = ip_list + apache_conf['port'] = port + apache_conf['server_admin'] = 'admin@' + apache_conf['error_log'] = os.path.join(self.log_directory, + name + '-error.log') + apache_conf['access_log'] = os.path.join(self.log_directory, + name + '-access.log') + self.registerLogRotation(name, [apache_conf['error_log'], + apache_conf['access_log']], self.killpidfromfile + ' ' + + apache_conf['pid_file'] + ' SIGUSR1') + return apache_conf + + def installVarnishCache(self, name, ip, port, control_port, backend_host, + backend_port, size="1G"): + """ + Install a varnish daemon for a certain address + """ + directory = self.createDataDirectory(name) + varnish_config = dict( + directory=directory, + pid = "%s/varnish.pid" % directory, + port="%s:%s" % (ip, port), + varnishd_binary=self.options["varnishd_binary"], + control_port="%s:%s" % (ip, control_port), + storage="file,%s/storage.bin,%s" % (directory, size)) + + config_file = self.createConfigurationFile("%s.conf" % name, + self.substituteTemplate(self.getTemplateFilename('varnish.vcl.in'), + dict(backend_host=backend_host, backend_port=backend_port))) + + varnish_argument_list = [varnish_config['varnishd_binary'].strip(), + "-F", "-n", directory, "-P", varnish_config["pid"], "-p", + "cc_command=exec %s " % self.options["gcc_binary"] +\ + "-fpic -shared -o %o %s", + "-f", config_file, + "-a", varnish_config["port"], "-T", varnish_config["control_port"], + "-s", varnish_config["storage"]] + environment = dict(PATH=self.options["binutils_directory"]) + wrapper = zc.buildout.easy_install.scripts([(name, + 'slapos.recipe.librecipe.execute', 'executee')], self.ws, + sys.executable, self.wrapper_directory, arguments=[varnish_argument_list, + environment])[0] + self.path_list.append(wrapper) + + return varnish_config + + def installStunnel(self, service_dict, certificate, + key, ca_crl, ca_path): + """Installs stunnel + service_dict = + { name: (public_ip, private_ip, public_port, private_port),} + """ + template_filename = self.getTemplateFilename('stunnel.conf.in') + template_entry_filename = self.getTemplateFilename('stunnel.conf.entry.in') + + log = os.path.join(self.log_directory, 'stunnel.log') + pid_file = os.path.join(self.run_directory, 'stunnel.pid') + stunnel_conf = dict( + pid_file=pid_file, + log=log, + cert = certificate, + key = key, + ca_crl = ca_crl, + ca_path = ca_path, + entry_str='' + ) + entry_list = [] + for name, parameter_dict in service_dict.iteritems(): + parameter_dict["name"] = name + entry_str = self.substituteTemplate(template_entry_filename, + parameter_dict) + entry_list.append(entry_str) + + stunnel_conf["entry_str"] = "\n".join(entry_list) + stunnel_conf_path = self.createConfigurationFile("stunnel.conf", + self.substituteTemplate(template_filename, + stunnel_conf)) + wrapper = zc.buildout.easy_install.scripts([('stunnel', + 'slapos.recipe.librecipe.execute', 'execute_wait')], self.ws, + sys.executable, self.wrapper_directory, arguments=[ + [self.options['stunnel_binary'].strip(), stunnel_conf_path], + [certificate, key]] + )[0] + self.path_list.append(wrapper) + return stunnel_conf + + def installFrontendApache(self, ip_list, port, key, certificate, name, + rewrite_rule_list=[], rewrite_rule_zope_list=[], + access_control_string=None): + # Create htdocs, populate it with default 404 document + htdocs_location = os.path.join(self.data_root_directory, 'htdocs') + self._createDirectory(htdocs_location) + notfound_file_location = os.path.join(htdocs_location, 'notfound.html') + notfound_template_file_location = self.getTemplateFilename( + 'notfound.html') + notfound_file_content = open(notfound_template_file_location, 'r').read() + self._writeFile(notfound_file_location, notfound_file_content) + + # Create configuration file and rewritemaps + apachemap_name = "apachemap.txt" + # XXX-Cedric : implement zope specific rewrites list. Current apachemap is + # generic and does not use VirtualHost Monster. + apachemapzope_name = "apachemapzope.txt" + self.createConfigurationFile(apachemap_name, "\n".join(rewrite_rule_list)) + self.createConfigurationFile(apachemapzope_name, + "\n".join(rewrite_rule_zope_list)) + apache_conf = self._getApacheConfigurationDict(name, ip_list, port) + apache_conf['ssl_snippet'] = self.substituteTemplate( + self.getTemplateFilename('apache.ssl-snippet.conf.in'), + dict(login_certificate=certificate, login_key=key)) + + apache_conf["listen"] = "\n".join(["Listen %s:%s" % (ip, port) for ip in ip_list]) + + path = self.substituteTemplate( + self.getTemplateFilename('apache.conf.path-protected.in'), + dict(path='/', access_control_string='none')) + + apache_conf.update(**dict( + path_enable=path, + apachemap_path=os.path.join(self.etc_directory, apachemap_name), + apachemapzope_path=os.path.join(self.etc_directory, apachemapzope_name), + apache_domain=name, + port=port, + )) + + apache_conf_string = self.substituteTemplate( + self.getTemplateFilename('apache.conf.in'), apache_conf) + + apache_config_file = self.createConfigurationFile('apache_frontend.conf', + apache_conf_string) + + + self.path_list.append(apache_config_file) + self.path_list.extend(zc.buildout.easy_install.scripts([( + name, 'slapos.recipe.erp5.apache', 'runApache')], self.ws, + sys.executable, self.wrapper_directory, arguments=[ + dict( + required_path_list=[key, certificate], + binary=self.options['httpd_binary'], + config=apache_config_file) + ])) + + return dict(site_url="https://%s:%s/" % (name, port)) diff --git a/slapos/recipe/kvm/certificate_authority.py b/slapos/recipe/apache_frontend/certificate_authority.py similarity index 100% rename from slapos/recipe/kvm/certificate_authority.py rename to slapos/recipe/apache_frontend/certificate_authority.py diff --git a/slapos/recipe/apache_frontend/template/apache.conf.in b/slapos/recipe/apache_frontend/template/apache.conf.in new file mode 100644 index 0000000000000000000000000000000000000000..1ec1e6cd12b02dd24f2d6ab9232f6c2cfe89254a --- /dev/null +++ b/slapos/recipe/apache_frontend/template/apache.conf.in @@ -0,0 +1,74 @@ +# Apache configuration file for Zope +# Automatically generated + +# Basic server configuration +PidFile "%(pid_file)s" +LockFile "%(lock_file)s" +ServerName %(server_name)s +DocumentRoot %(document_root)s + +%(listen)s + +ServerAdmin %(server_admin)s +DefaultType text/plain +TypesConfig conf/mime.types +AddType application/x-compress .Z +AddType application/x-gzip .gz .tgz + +# As backend is trusting REMOTE_USER header unset it always +RequestHeader unset REMOTE_USER + +# SSL Configuration +%(ssl_snippet)s + +# Log configuration +ErrorLog "%(error_log)s" +LogLevel warn +LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\"" combined +LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b" common +CustomLog "%(access_log)s" common + +# Directory protection +<Directory /> + Options FollowSymLinks + AllowOverride None + Order deny,allow + Deny from all +</Directory> + +%(path_enable)s + +# Rewrite part +RewriteEngine On + +# Define the two rewritemaps : one for zope, one generic +RewriteMap apachemapzope txt:%(apachemapzope_path)s +RewriteMap apachemapgeneric txt:%(apachemap_path)s + +# First, we check if we have a zope backend server +# If so, let's use Virtual Host Daemon rewrite +#RewriteCond ${apachemapzope:%%{SERVER_NAME}} >"" +#RewriteRule ^/(\w+)($|/.*) ${apachemapzope:$1}/VirtualHostBase/https/%(apache_domain)s:%(port)s/VirtualHostRoot/_vh_$1$2 [L,P] + +# If we have generic backend server, let's rewrite without virtual host daemon +RewriteCond ${apachemapgeneric:%%{SERVER_NAME}} >"" +RewriteRule ^/(.*)$ ${apachemapgeneric:%%{SERVER_NAME}}/$1 [L,P] + +# If nothing exist : put a nice error +ErrorDocument 404 /notfound.html + +# List of modules +LoadModule authz_host_module modules/mod_authz_host.so +LoadModule log_config_module modules/mod_log_config.so +LoadModule setenvif_module modules/mod_setenvif.so +LoadModule version_module modules/mod_version.so +LoadModule proxy_module modules/mod_proxy.so +LoadModule proxy_http_module modules/mod_proxy_http.so +LoadModule ssl_module modules/mod_ssl.so +LoadModule mime_module modules/mod_mime.so +LoadModule dav_module modules/mod_dav.so +LoadModule dav_fs_module modules/mod_dav_fs.so +LoadModule negotiation_module modules/mod_negotiation.so +LoadModule rewrite_module modules/mod_rewrite.so +LoadModule headers_module modules/mod_headers.so +LoadModule antiloris_module modules/mod_antiloris.so diff --git a/slapos/recipe/apache_frontend/template/apache.conf.path-protected.in b/slapos/recipe/apache_frontend/template/apache.conf.path-protected.in new file mode 100644 index 0000000000000000000000000000000000000000..0644a2afec06f030dd4663d0f4a3280af12d5fed --- /dev/null +++ b/slapos/recipe/apache_frontend/template/apache.conf.path-protected.in @@ -0,0 +1,5 @@ +# Path protected +<Location %(path)s> + Order Deny,Allow + Allow from %(access_control_string)s +</Location> diff --git a/slapos/recipe/apache_frontend/template/apache.location-snippet.conf.in b/slapos/recipe/apache_frontend/template/apache.location-snippet.conf.in new file mode 100644 index 0000000000000000000000000000000000000000..470260a8fcfad00dfa6ee8cb68d9684e4d05310c --- /dev/null +++ b/slapos/recipe/apache_frontend/template/apache.location-snippet.conf.in @@ -0,0 +1,5 @@ +<Location %(location)s> + Order Deny,Allow + Deny from all + Allow from %(allow_string)s +</Location> diff --git a/slapos/recipe/apache_frontend/template/apache.ssl-snippet.conf.in b/slapos/recipe/apache_frontend/template/apache.ssl-snippet.conf.in new file mode 100644 index 0000000000000000000000000000000000000000..67e6766ef23dfac6021247daa5dadebc8f69a126 --- /dev/null +++ b/slapos/recipe/apache_frontend/template/apache.ssl-snippet.conf.in @@ -0,0 +1,6 @@ +SSLEngine on +SSLProxyEngine on +SSLCertificateFile %(login_certificate)s +SSLCertificateKeyFile %(login_key)s +SSLRandomSeed startup builtin +SSLRandomSeed connect builtin diff --git a/slapos/recipe/apache_frontend/template/logrotate_entry.in b/slapos/recipe/apache_frontend/template/logrotate_entry.in new file mode 100644 index 0000000000000000000000000000000000000000..bfa2abf0970af28f8cab98793db9b09db85d1847 --- /dev/null +++ b/slapos/recipe/apache_frontend/template/logrotate_entry.in @@ -0,0 +1,13 @@ +%(file_list)s { + daily + dateext + rotate 30 + compress + notifempty + sharedscripts + create + postrotate + %(postrotate)s + endscript + olddir %(olddir)s +} diff --git a/slapos/recipe/apache_frontend/template/notfound.html b/slapos/recipe/apache_frontend/template/notfound.html new file mode 100644 index 0000000000000000000000000000000000000000..2e87e0a9bec1acebe77ad603c9023ce9f6b464f4 --- /dev/null +++ b/slapos/recipe/apache_frontend/template/notfound.html @@ -0,0 +1,9 @@ +<html> +<head> + <title>Instance not found</title> +</head> +<body> +<h1>This instance has not been found.</h1> +<p>If this error persists, please check your instance URL and status on SlapOS Master.</p> +</body> +</html> diff --git a/slapos/recipe/kvm/template/openssl.cnf.ca.in b/slapos/recipe/apache_frontend/template/openssl.cnf.ca.in similarity index 67% rename from slapos/recipe/kvm/template/openssl.cnf.ca.in rename to slapos/recipe/apache_frontend/template/openssl.cnf.ca.in index 67067178b951729004cc20c0156bc76d8d968d23..8a450a68762145e72923635273e06a00e80d34ca 100644 --- a/slapos/recipe/kvm/template/openssl.cnf.ca.in +++ b/slapos/recipe/apache_frontend/template/openssl.cnf.ca.in @@ -6,16 +6,16 @@ # This definition stops the following lines choking if HOME isn't # defined. HOME = . -RANDFILE = $ENV::HOME/.rnd +RANDFILE = $ENV::HOME/.rnd # Extra OBJECT IDENTIFIER info: -#oid_file = $ENV::HOME/.oid -oid_section = new_oids +#oid_file = $ENV::HOME/.oid +oid_section = new_oids # To use this configuration file with the "-extfile" option of the # "openssl x509" utility, name here the section containing the # X.509v3 extensions to use: -# extensions = +# extensions = # (Alternatively, use a configuration file that has only # X.509v3 extensions in its main [= default] section.) @@ -40,27 +40,27 @@ default_ca = CA_default # The default ca section [ CA_default ] dir = %(working_directory)s # Where everything is kept -certs = $dir/certs # Where the issued certs are kept -crl_dir = $dir/crl # Where the issued crl are kept -database = $dir/index.txt # database index file. -#unique_subject = no # Set to 'no' to allow creation of - # several ctificates with same subject. -new_certs_dir = $dir/newcerts # default place for new certs. - -certificate = $dir/cacert.pem # The CA certificate -serial = $dir/serial # The current serial number -crlnumber = $dir/crlnumber # the current crl number - # must be commented out to leave a V1 CRL -crl = $dir/crl.pem # The current CRL +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several ctificates with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL private_key = $dir/private/cakey.pem # The private key -RANDFILE = $dir/private/.rand # private random number file +RANDFILE = $dir/private/.rand # private random number file -x509_extensions = usr_cert # The extentions to add to the cert +x509_extensions = usr_cert # The extentions to add to the cert # Comment out the following two lines for the "traditional" # (and highly broken) format. -name_opt = ca_default # Subject Name options -cert_opt = ca_default # Certificate field options +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options # Extension copying option: use with caution. # copy_extensions = copy @@ -68,21 +68,21 @@ cert_opt = ca_default # Certificate field options # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs # so this is commented out by default to leave a V1 CRL. # crlnumber must also be commented out to leave a V1 CRL. -# crl_extensions = crl_ext +# crl_extensions = crl_ext -default_days = 3650 # how long to certify for -default_crl_days = 30 # how long before next CRL -default_md = default # use public key default MD -preserve = no # keep passed DN ordering +default_days = 3650 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = default # use public key default MD +preserve = no # keep passed DN ordering # A few difference way of specifying how similar the request should look # For type CA, the listed attributes must be the same, and the optional # and supplied fields are just that :-) -policy = policy_match +policy = policy_match # For the CA policy [ policy_match ] -countryName = match +countryName = match stateOrProvinceName = match organizationName = match organizationalUnitName = optional @@ -108,7 +108,7 @@ default_md = sha1 default_keyfile = privkey.pem distinguished_name = req_distinguished_name #attributes = req_attributes -x509_extensions = v3_ca # The extentions to add to the self signed cert +x509_extensions = v3_ca # The extentions to add to the self signed cert # Passwords for private keys if not present they will be prompted for # input_password = secret @@ -116,7 +116,7 @@ x509_extensions = v3_ca # The extentions to add to the self signed cert # This sets a mask for permitted string types. There are several options. # default: PrintableString, T61String, BMPString. -# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) # utf8only: only UTF8Strings (PKIX recommendation after 2004). # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). # MASK:XXXX a literal mask value. @@ -126,39 +126,39 @@ string_mask = utf8only # req_extensions = v3_req # The extensions to add to a certificate request [ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_value = %(country_code)s -countryName_min = 2 -countryName_max = 2 +countryName = Country Name (2 letter code) +countryName_value = %(country_code)s +countryName_min = 2 +countryName_max = 2 -stateOrProvinceName = State or Province Name (full name) -stateOrProvinceName_value = %(state)s +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_value = %(state)s -localityName = Locality Name (eg, city) -localityName_value = %(city)s +localityName = Locality Name (eg, city) +localityName_value = %(city)s -0.organizationName = Organization Name (eg, company) -0.organizationName_value = %(company)s +0.organizationName = Organization Name (eg, company) +0.organizationName_value = %(company)s # we can do this but it is not needed normally :-) -#1.organizationName = Second Organization Name (eg, company) -#1.organizationName_default = World Wide Web Pty Ltd +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd -commonName = Common Name (eg, your name or your server\'s hostname) -commonName_max = 64 +commonName = Common Name (eg, your name or your server\'s hostname) +commonName_max = 64 -emailAddress = Email Address +emailAddress = Email Address emailAddress_value = %(email_address)s -emailAddress_max = 64 +emailAddress_max = 64 -# SET-ex3 = SET extension number 3 +# SET-ex3 = SET extension number 3 #[ req_attributes ] -#challengePassword = A challenge password -#challengePassword_min = 4 -#challengePassword_max = 20 +#challengePassword = A challenge password +#challengePassword_min = 4 +#challengePassword_max = 20 # -#unstructuredName = An optional company name +#unstructuredName = An optional company name [ usr_cert ] @@ -173,7 +173,7 @@ basicConstraints=CA:FALSE # the certificate can be used for anything *except* object signing. # This is OK for an SSL server. -# nsCertType = server +# nsCertType = server # For an object signing certificate this would be used. # nsCertType = objsign @@ -188,7 +188,7 @@ basicConstraints=CA:FALSE # keyUsage = nonRepudiation, digitalSignature, keyEncipherment # This will be displayed in Netscape's comment listbox. -nsComment = "OpenSSL Generated Certificate" +nsComment = "OpenSSL Generated Certificate" # PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier=hash @@ -278,7 +278,7 @@ basicConstraints=CA:FALSE # the certificate can be used for anything *except* object signing. # This is OK for an SSL server. -# nsCertType = server +# nsCertType = server # For an object signing certificate this would be used. # nsCertType = objsign @@ -293,7 +293,7 @@ basicConstraints=CA:FALSE # keyUsage = nonRepudiation, digitalSignature, keyEncipherment # This will be displayed in Netscape's comment listbox. -nsComment = "OpenSSL Generated Certificate" +nsComment = "OpenSSL Generated Certificate" # PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier=hash @@ -327,24 +327,24 @@ default_tsa = tsa_config1 # the default TSA section [ tsa_config1 ] # These are used by the TSA reply generation only. -dir = /etc/pki/tls # TSA root directory -serial = $dir/tsaserial # The current serial number (mandatory) -crypto_device = builtin # OpenSSL engine to use for signing -signer_cert = $dir/tsacert.pem # The TSA signing certificate - # (optional) -certs = $dir/cacert.pem # Certificate chain to include in reply - # (optional) -signer_key = $dir/private/tsakey.pem # The TSA private key (optional) - -default_policy = tsa_policy1 # Policy if request did not specify it - # (optional) -other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) -digests = md5, sha1 # Acceptable message digests (mandatory) -accuracy = secs:1, millisecs:500, microsecs:100 # (optional) -clock_precision_digits = 0 # number of digits after dot. (optional) -ordering = yes # Is ordering defined for timestamps? - # (optional, default: no) -tsa_name = yes # Must the TSA name be included in the reply? - # (optional, default: no) -ess_cert_id_chain = no # Must the ESS cert id chain be included? - # (optional, default: no) +dir = /etc/pki/tls # TSA root directory +serial = $dir/tsaserial # The current serial number (mandatory) +crypto_device = builtin # OpenSSL engine to use for signing +signer_cert = $dir/tsacert.pem # The TSA signing certificate + # (optional) +certs = $dir/cacert.pem # Certificate chain to include in reply + # (optional) +signer_key = $dir/private/tsakey.pem # The TSA private key (optional) + +default_policy = tsa_policy1 # Policy if request did not specify it + # (optional) +other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) +digests = md5, sha1 # Acceptable message digests (mandatory) +accuracy = secs:1, millisecs:500, microsecs:100 # (optional) +clock_precision_digits = 0 # number of digits after dot. (optional) +ordering = yes # Is ordering defined for timestamps? + # (optional, default: no) +tsa_name = yes # Must the TSA name be included in the reply? + # (optional, default: no) +ess_cert_id_chain = no # Must the ESS cert id chain be included? + # (optional, default: no) diff --git a/slapos/recipe/apache_frontend/template/stunnel.conf.entry.in b/slapos/recipe/apache_frontend/template/stunnel.conf.entry.in new file mode 100644 index 0000000000000000000000000000000000000000..ff22e9bd4751c1b37a3761610b077ac038e3692b --- /dev/null +++ b/slapos/recipe/apache_frontend/template/stunnel.conf.entry.in @@ -0,0 +1,3 @@ +[%(name)s] +accept = %(public_ip)s:%(public_port)s +connect = %(private_ip)s:%(private_port)s diff --git a/slapos/recipe/apache_frontend/template/stunnel.conf.in b/slapos/recipe/apache_frontend/template/stunnel.conf.in new file mode 100644 index 0000000000000000000000000000000000000000..e1264d7d61fcc214765ffc50c1e2f8b3d9f46e9f --- /dev/null +++ b/slapos/recipe/apache_frontend/template/stunnel.conf.in @@ -0,0 +1,14 @@ +foreground = yes +output = %(log)s +pid = %(pid_file)s +syslog = no +client = yes +CApath = %(ca_path)s +key = %(key)s +CRLpath = %(ca_crl)s +cert = %(cert)s +sslVersion = SSLv3 +socket = l:TCP_NODELAY=1 +socket = r:TCP_NODELAY=1 + +%(entry_str)s diff --git a/slapos/recipe/apache_frontend/template/varnish.vcl.in b/slapos/recipe/apache_frontend/template/varnish.vcl.in new file mode 100644 index 0000000000000000000000000000000000000000..1113fe2348bb75fc9100ea07d28234069bb2c464 --- /dev/null +++ b/slapos/recipe/apache_frontend/template/varnish.vcl.in @@ -0,0 +1,245 @@ +# This is a basic VCL configuration file for varnish. See the vcl(7) +# man page for details on VCL syntax and semantics. +# +# Default backend definition. Set this to point to your content +# server. +# +backend default { + .host = "%(backend_host)s"; + .port = "%(backend_port)s"; + .probe = { + .url = "/"; + .timeout = 10s; + .interval = 10s; + .window = 4; + .threshold = 3; + } +} +# +# Below is a commented-out copy of the default VCL logic. If you +# redefine any of these subroutines, the built-in logic will be +# appended to your code. +# +# sub vcl_recv { +# if (req.http.x-forwarded-for) { +# set req.http.X-Forwarded-For = +# req.http.X-Forwarded-For ", " client.ip; +# } else { +# set req.http.X-Forwarded-For = client.ip; +# } +# if (req.request != "GET" && +# req.request != "HEAD" && +# req.request != "PUT" && +# req.request != "POST" && +# req.request != "TRACE" && +# req.request != "OPTIONS" && +# req.request != "DELETE") { +# /* Non-RFC2616 or CONNECT which is weird. */ +# return (pipe); +# } +# if (req.request != "GET" && req.request != "HEAD") { +# /* We only deal with GET and HEAD by default */ +# return (pass); +# } +# if (req.http.Authorization || req.http.Cookie) { +# /* Not cacheable by default */ +# return (pass); +# } +# return (lookup); +# } +sub vcl_recv { + if (req.http.cache-control ~ "no-cache") { + purge_url(req.url); + } + + if (req.url ~ "\.(css|js|ico)$") { + unset req.http.cookie; + } + + # remove bogus cookies + if (req.http.Cookie) { + set req.http.Cookie = regsuball(req.http.Cookie, "(^|; ) *__utm.=[^;]+;? *", "\1"); + set req.http.Cookie = regsuball(req.http.Cookie, "(^|; ) *__ac_name=\x22\x22;? *", "\1"); + set req.http.Cookie = regsuball(req.http.Cookie, "(^|; ) *__ac=\x22Og.3D.3D\x22;? *", "\1"); + } + if (req.http.Cookie == "") { + remove req.http.Cookie; + } + + if (req.http.x-forwarded-for) { + set req.http.X-Forwarded-For = + req.http.X-Forwarded-For ", " client.ip; + } else { + set req.http.X-Forwarded-For = client.ip; + } + if (req.request != "GET" && + req.request != "HEAD" && + req.request != "PUT" && + req.request != "POST" && + req.request != "TRACE" && + req.request != "OPTIONS" && + req.request != "DELETE") { + /* Non-RFC2616 or CONNECT which is weird. */ + return (pipe); + } + if (req.request != "GET" && req.request != "HEAD") { + /* We only deal with GET and HEAD by default */ + return (pass); + } + if (req.http.Authorization) { + /* Not cacheable by default */ + return (pass); + } + if (req.http.Cookie && req.http.Cookie ~ "(^|; ) *__ac=") { + /* Not cacheable for authorised users, + but KM images are cacheable */ + if (!(req.url ~ "/km_img/.*\.(png|gif)$")) { + return (pass); + } + } + # XXX login form can defer based on __ac_name cookie value + if (req.url ~ "/(login_form|WebSite_viewLoginDialog)($|\?)") { + return (pass); + } + if (req.backend.healthy) { + set req.grace = 1h; + } else { + set req.grace = 1w; + } + return (lookup); +} +# +# sub vcl_pipe { +# # Note that only the first request to the backend will have +# # X-Forwarded-For set. If you use X-Forwarded-For and want to +# # have it set for all requests, make sure to have: +# # set req.http.connection = "close"; +# # here. It is not set by default as it might break some broken web +# # applications, like IIS with NTLM authentication. +# return (pipe); +# } +# +# sub vcl_pass { +# return (pass); +# } +# +# sub vcl_hash { +# set req.hash += req.url; +# if (req.http.host) { +# set req.hash += req.http.host; +# } else { +# set req.hash += server.ip; +# } +# return (hash); +# } +# +# sub vcl_hit { +# if (!obj.cacheable) { +# return (pass); +# } +# return (deliver); +# } +# +# sub vcl_miss { +# return (fetch); +# } +# +# sub vcl_fetch { +# if (!beresp.cacheable) { +# return (pass); +# } +# if (beresp.http.Set-Cookie) { +# return (pass); +# } +# return (deliver); +# } +sub vcl_fetch { + # we only cache 200 (OK) and 304 (Not Modified) responses. + if (beresp.status != 200 && beresp.status != 304) { + set beresp.cacheable = false; + } + + if (beresp.http.cache-control ~ "no-cache") { + set beresp.cacheable = false; + } + + if (!beresp.cacheable) { + unset beresp.http.expires; + set beresp.http.cache-control = "no-cache"; + return (pass); + } + + # we don't care haproxy's cookie. + if (beresp.http.Set-Cookie && beresp.http.Set-Cookie !~ "^SERVERID=[^;]+; path=/$") { + return (pass); + } + + if (req.url ~ "\.(css|js|ico)$") { + unset beresp.http.set-cookie; + set beresp.http.cache-control = regsub(beresp.http.cache-control, "^", "public,"); + set beresp.http.cache-control = regsub(beresp.http.cache-control, ",$", ""); + } + + # remove some headers added by caching policy manager to avoid + # '304 Not Modified' in case of login <-> logout switching. + if (beresp.http.content-type ~ "^text/html") { + unset beresp.http.last-modified; + } + + if (beresp.cacheable) { + /* Remove Expires from backend, it's not long enough */ + unset beresp.http.expires; + /* Set the clients TTL on this object */ + set beresp.http.cache-control = "max-age = 900"; + /* Set how long Varnish will keep it */ + set beresp.ttl = 1w; + /* marker for vcl_deliver to reset Age: */ + set beresp.http.magicmarker = "1"; + } + + set beresp.grace = 1w; + + return (deliver); +} +# +# sub vcl_deliver { +# return (deliver); +# } +sub vcl_deliver { + if (resp.http.magicmarker) { + /* Remove the magic marker */ + unset resp.http.magicmarker; + /* By definition we have a fresh object */ + set resp.http.age = "0"; + } + if (obj.hits > 0) { + set resp.http.X-Cache = obj.hits; + } else { + set resp.http.X-Cache = "MISS"; + } + return (deliver); +} + +# +# sub vcl_error { +# set obj.http.Content-Type = "text/html; charset=utf-8"; +# synthetic {" +# <?xml version="1.0" encoding="utf-8"?> +# <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" +# "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +# <html> +# <head> +# <title>"} obj.status " " obj.response {"</title> +# </head> +# <body> +# <h1>Error "} obj.status " " obj.response {"</h1> +# <p>"} obj.response {"</p> +# <h3>Guru Meditation:</h3> +# <p>XID: "} req.xid {"</p> +# <hr> +# <p>Varnish cache server</p> +# </body> +# </html> +# "}; +# return (deliver); +# } diff --git a/slapos/recipe/apache_zope_backend/__init__.py b/slapos/recipe/apache_zope_backend/__init__.py index e4b23482e552fe3d860e2f7d3112d4148e2ea83e..8da96f658d30f2ddcf7cb885ffff68cdd703c24f 100644 --- a/slapos/recipe/apache_zope_backend/__init__.py +++ b/slapos/recipe/apache_zope_backend/__init__.py @@ -33,10 +33,33 @@ class Recipe(GenericBaseRecipe): ip = self.options['ip'] port = self.options['port'] backend = self.options['backend'] - key = self.options['key-file'] - certificate = self.options['cert-file'] - access_control_string = self.options['access-control-string'] + apache_conf = dict() + + scheme = self.options['scheme'] + if scheme == 'http': + required_path_list = [] + apache_conf['ssl_snippet'] = '' + elif scheme == 'https': + key = self.options['key-file'] + certificate = self.options['cert-file'] + required_path_list = [key, certificate] + apache_conf['key'] = key + apache_conf['certificate'] = certificate + apache_conf['ssl_session_cache'] = self.options['ssl-session-cache'] + apache_conf['ssl_snippet'] = pkg_resources.resource_string(__name__, + 'template/snippet.ssl.in') % apache_conf + if 'ssl-authentication' in self.options and self.optionIsTrue( + 'ssl-authentication'): + apache_conf['ssl_snippet'] += pkg_resources.resource_string(__name__, + 'template/snippet.ssl.ca.in') % dict( + ca_certificate=self.options['ssl-authentication-certificate'], + ca_crl=self.options['ssl-authentication-crl'] + ) + else: + raise ValueError, "Unsupported scheme %s" % scheme + + access_control_string = self.options['access-control-string'] apache_conf['pid_file'] = self.options['pid-file'] apache_conf['lock_file'] = self.options['lock-file'] apache_conf['ip'] = ip @@ -45,11 +68,10 @@ class Recipe(GenericBaseRecipe): apache_conf['error_log'] = self.options['error-log'] apache_conf['access_log'] = self.options['access-log'] apache_conf['server_name'] = '%s' % apache_conf['ip'] - apache_conf['certificate'] = certificate - apache_conf['key'] = key apache_conf['path'] = '/' apache_conf['access_control_string'] = access_control_string - apache_conf['rewrite_rule'] = "RewriteRule (.*) %s$1 [L,P]" % backend + apache_conf['rewrite_rule'] = "RewriteRule (.*) %s%s [L,P]" % (backend, + self.options.get('backend-path', '/')) apache_conf_string = pkg_resources.resource_string(__name__, 'template/apache.zope.conf.in') % apache_conf apache_config_file = self.createFile(self.options['configuration-file'], @@ -58,7 +80,7 @@ class Recipe(GenericBaseRecipe): wrapper = self.createPythonScript(self.options['wrapper'], __name__ + '.apache.runApache', [ dict( - required_path_list=[key, certificate], + required_path_list=required_path_list, binary=self.options['apache-binary'], config=apache_config_file ) diff --git a/slapos/recipe/apache_zope_backend/template/apache.zope.conf.in b/slapos/recipe/apache_zope_backend/template/apache.zope.conf.in index ac689e15fcbe647833625b98f29a369085d4e2cc..f39107b2f944cf9b383a528465ffe92f8cbfcf9f 100644 --- a/slapos/recipe/apache_zope_backend/template/apache.zope.conf.in +++ b/slapos/recipe/apache_zope_backend/template/apache.zope.conf.in @@ -2,12 +2,16 @@ # Automatically generated # List of modules +LoadModule unixd_module modules/mod_unixd.so +LoadModule access_compat_module modules/mod_access_compat.so +LoadModule authz_core_module modules/mod_authz_core.so LoadModule authz_host_module modules/mod_authz_host.so LoadModule log_config_module modules/mod_log_config.so LoadModule setenvif_module modules/mod_setenvif.so LoadModule version_module modules/mod_version.so LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so +LoadModule socache_shmcb_module modules/mod_socache_shmcb.so LoadModule ssl_module modules/mod_ssl.so LoadModule mime_module modules/mod_mime.so LoadModule dav_module modules/mod_dav.so @@ -18,24 +22,23 @@ LoadModule headers_module modules/mod_headers.so # Basic server configuration PidFile "%(pid_file)s" -LockFile "%(lock_file)s" Listen %(ip)s:%(port)s ServerAdmin %(server_admin)s TypesConfig conf/mime.types AddType application/x-compress .Z AddType application/x-gzip .gz .tgz +ServerTokens Prod +ServerSignature Off +TraceEnable Off + +# Apache 2.4's default value (60 seconds) can be a bit too short +TimeOut 300 + # As backend is trusting REMOTE_USER header unset it always RequestHeader unset REMOTE_USER -# SSL Configuration -SSLEngine on -SSLCertificateFile %(certificate)s -SSLCertificateKeyFile %(key)s -SSLRandomSeed startup builtin -SSLRandomSeed connect builtin - -SSLProxyEngine On +%(ssl_snippet)s # Log configuration ErrorLog "%(error_log)s" diff --git a/slapos/recipe/apache_zope_backend/template/snippet.ssl.ca.in b/slapos/recipe/apache_zope_backend/template/snippet.ssl.ca.in new file mode 100644 index 0000000000000000000000000000000000000000..58a774f759dd866d9ad0f7b1d21339ab6a359475 --- /dev/null +++ b/slapos/recipe/apache_zope_backend/template/snippet.ssl.ca.in @@ -0,0 +1,4 @@ +SSLVerifyClient require +RequestHeader set REMOTE_USER %%{SSL_CLIENT_S_DN_CN}s +SSLCACertificateFile %(ca_certificate)s +SSLCARevocationPath %(ca_crl)s diff --git a/slapos/recipe/apache_zope_backend/template/snippet.ssl.in b/slapos/recipe/apache_zope_backend/template/snippet.ssl.in new file mode 100644 index 0000000000000000000000000000000000000000..0b9f8b357c002b1ef58a48807f760936707a38f6 --- /dev/null +++ b/slapos/recipe/apache_zope_backend/template/snippet.ssl.in @@ -0,0 +1,12 @@ + +# SSL Configuration +SSLEngine on +SSLCertificateFile %(certificate)s +SSLCertificateKeyFile %(key)s +SSLRandomSeed startup builtin +SSLRandomSeed connect builtin +SSLProtocol -ALL +SSLv3 +TLSv1 +SSLHonorCipherOrder On +SSLCipherSuite RC4-SHA:HIGH:!ADH +SSLSessionCache shmcb:%(ssl_session_cache)s(512000) +SSLProxyEngine On diff --git a/slapos/recipe/apachephp/template/apache.in b/slapos/recipe/apachephp/template/apache.in index 8dc3ef81d383ccbeb5d1fbd269f4013f64ec7622..a354890425d6f96e946627a659c65299e4c0091c 100644 --- a/slapos/recipe/apachephp/template/apache.in +++ b/slapos/recipe/apachephp/template/apache.in @@ -3,7 +3,6 @@ # Basic server configuration PidFile "%(pid_file)s" -LockFile "%(lock_file)s" Listen %(ip)s:%(port)s PHPINIDir %(php_ini_dir)s ServerAdmin someone@email @@ -25,20 +24,21 @@ CustomLog "%(access_log)s" common <Directory /> Options FollowSymLinks AllowOverride None - Order deny,allow - Deny from all + Require all denied </Directory> <Directory %(document_root)s> Options FollowSymLinks AllowOverride All - Order allow,deny - Allow from all + Require all granted </Directory> DocumentRoot %(document_root)s DirectoryIndex index.html index.php # List of modules +LoadModule unixd_module modules/mod_unixd.so +LoadModule access_compat_module modules/mod_access_compat.so +LoadModule authz_core_module modules/mod_authz_core.so LoadModule authz_host_module modules/mod_authz_host.so LoadModule log_config_module modules/mod_log_config.so LoadModule setenvif_module modules/mod_setenvif.so diff --git a/slapos/recipe/certificate_authority/__init__.py b/slapos/recipe/certificate_authority/__init__.py index 8cbbd7d088825149111a88e5a71043407303427d..297182915dc248a7504ef8d1314493aa28f61317 100644 --- a/slapos/recipe/certificate_authority/__init__.py +++ b/slapos/recipe/certificate_authority/__init__.py @@ -45,13 +45,14 @@ class Recipe(GenericBaseRecipe): def install(self): path_list = [] - # XXX: We gotta find better a way to get these options - ca_country_code = 'XX' - ca_email = 'xx@example.com' - ca_state = 'State', - ca_city = 'City' - ca_company = 'Company' - # XXX: end + ca_country_code = self.options.get('country-code', 'XX') + ca_email = self.options.get('email', 'xx@example.com') + # XXX-BBB: State by mistake has been configured as string "('State',)" + # string, so keep this for backward compatibility of existing + # automatically setup CAs + ca_state = self.options.get('state', "('State',)") + ca_city = self.options.get('city', 'City') + ca_company = self.options.get('company', 'Company') self.setPath() diff --git a/slapos/recipe/check_port_listening/__init__.py b/slapos/recipe/check_port_listening/__init__.py new file mode 100644 index 0000000000000000000000000000000000000000..542072d68f8b9e331dd52f88e8557cc1e406d250 --- /dev/null +++ b/slapos/recipe/check_port_listening/__init__.py @@ -0,0 +1,48 @@ +############################################################################## +# +# Copyright (c) 2011 Vifib SARL and Contributors. All Rights Reserved. +# +# WARNING: This program as such is intended to be used by professional +# programmers who take the whole responsibility of assessing all potential +# consequences resulting from its eventual inadequacies and bugs +# End users who are looking for a ready-to-use solution with commercial +# guarantees and support are strongly adviced to contract a Free Software +# Service Company +# +# This program is Free Software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 3 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +############################################################################## +from slapos.recipe.librecipe import GenericBaseRecipe +import sys + +class Recipe(GenericBaseRecipe): + """ + Check listening port promise + """ + + def install(self): + config = dict( + hostname=self.options['hostname'], + port=self.options['port'], + python_path=sys.executable, + ) + + vnc_promise = self.createExecutable( + self.options['path'], + self.substituteTemplate( + self.getTemplateFilename('socket_connection_attempt.py.in'), + config)) + + return [vnc_promise] diff --git a/slapos/recipe/check_port_listening/template/socket_connection_attempt.py.in b/slapos/recipe/check_port_listening/template/socket_connection_attempt.py.in new file mode 100644 index 0000000000000000000000000000000000000000..7c7a2699123fffd451900f6f604b2c74133dd68f --- /dev/null +++ b/slapos/recipe/check_port_listening/template/socket_connection_attempt.py.in @@ -0,0 +1,21 @@ +#!%(python_path)s +# BEWARE: This file is operated by slapgrid +# BEWARE: It will be overwritten automatically +import socket +import sys + +hostname = "%(hostname)s" +port = %(port)s + +connection_okay = False + +try: + s = socket.create_connection((hostname, port)) + connection_okay = True + s.close() +except (socket.error, socket.timeout): + connection_okay = False + +if not connection_okay: + print >> sys.stderr, "%(port)s on %(hostname)s isn't listening" + sys.exit(127) diff --git a/slapos/recipe/davstorage/template/httpd.conf.in b/slapos/recipe/davstorage/template/httpd.conf.in index 515593e8cff5e37dbb88bc8ff15b6c78a843a490..9fdea7ade783da6be7be6fc5420faa98d28d9563 100644 --- a/slapos/recipe/davstorage/template/httpd.conf.in +++ b/slapos/recipe/davstorage/template/httpd.conf.in @@ -3,6 +3,9 @@ ServerRoot "%(server_root)s" Listen [%(ip)s]:%(port)s # Needed modules +LoadModule unixd_module modules/mod_unixd.so +LoadModule access_compat_module modules/mod_access_compat.so +LoadModule authz_core_module modules/mod_authz_core.so LoadModule authn_file_module "%(modules_dir)s/mod_authn_file.so" LoadModule authz_host_module "%(modules_dir)s/mod_authz_host.so" LoadModule authz_user_module "%(modules_dir)s/mod_authz_user.so" @@ -11,6 +14,7 @@ LoadModule auth_digest_module "%(modules_dir)s/mod_auth_digest.so" LoadModule log_config_module "%(modules_dir)s/mod_log_config.so" LoadModule headers_module "%(modules_dir)s/mod_headers.so" LoadModule setenvif_module "%(modules_dir)s/mod_setenvif.so" +LoadModule socache_shmcb_module modules/mod_socache_shmcb.so LoadModule ssl_module "%(modules_dir)s/mod_ssl.so" LoadModule mime_module "%(modules_dir)s/mod_mime.so" LoadModule dav_module "%(modules_dir)s/mod_dav.so" @@ -25,7 +29,6 @@ ServerTokens ProductOnly DocumentRoot "%(document_root)s" PidFile "%(pid_file)s" -LockFile "%(lock_file)s" DavLockDB "%(davlock_db)s" <Directory /> diff --git a/slapos/recipe/erp5/template/apache.zope.conf.in b/slapos/recipe/erp5/template/apache.zope.conf.in index a63d292996d3842c9883126a7ba44b2da1b16564..973cd992f727630f7a0b44c0ae759e70699f7bb0 100644 --- a/slapos/recipe/erp5/template/apache.zope.conf.in +++ b/slapos/recipe/erp5/template/apache.zope.conf.in @@ -2,12 +2,16 @@ # Automatically generated # List of modules +LoadModule unixd_module modules/mod_unixd.so +LoadModule access_compat_module modules/mod_access_compat.so +LoadModule authz_core_module modules/mod_authz_core.so LoadModule authz_host_module modules/mod_authz_host.so LoadModule log_config_module modules/mod_log_config.so LoadModule setenvif_module modules/mod_setenvif.so LoadModule version_module modules/mod_version.so LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so +LoadModule socache_shmcb_module modules/mod_socache_shmcb.so LoadModule ssl_module modules/mod_ssl.so LoadModule mime_module modules/mod_mime.so LoadModule dav_module modules/mod_dav.so @@ -19,7 +23,6 @@ LoadModule antiloris_module modules/mod_antiloris.so # Basic server configuration PidFile "%(pid_file)s" -LockFile "%(lock_file)s" Listen %(ip)s:%(port)s ServerAdmin %(server_admin)s TypesConfig conf/mime.types diff --git a/slapos/recipe/erp5_bootstrap/__init__.py b/slapos/recipe/erp5_bootstrap/__init__.py new file mode 100644 index 0000000000000000000000000000000000000000..f6f1a99dc68da6bc38ed26212788b4673d57ab80 --- /dev/null +++ b/slapos/recipe/erp5_bootstrap/__init__.py @@ -0,0 +1,66 @@ +############################################################################## +# +# Copyright (c) 2012 Vifib SARL and Contributors. All Rights Reserved. +# +# WARNING: This program as such is intended to be used by professional +# programmers who take the whole responsibility of assessing all potential +# consequences resulting from its eventual inadequacies and bugs +# End users who are looking for a ready-to-use solution with commercial +# guarantees and support are strongly adviced to contract a Free Software +# Service Company +# +# This program is Free Software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 3 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +############################################################################## + +from slapos.recipe.librecipe import GenericBaseRecipe +import os +import sys +import urlparse + +class Recipe(GenericBaseRecipe): + """ + Instanciate ERP5 in Zope + """ + + def install(self): + parsed = urlparse.urlparse(self.options['mysql-url']) + mysql_connection_string = "%(database)s@%(hostname)s:%(port)s "\ + "%(username)s %(password)s" % dict( + database=parsed.path.split('/')[1], + hostname=parsed.hostname, + port=parsed.port, + username=parsed.username, + password=parsed.password + ) + + zope_parsed = urlparse.urlparse(self.options['zope-url']) + + config = dict( + python_path=sys.executable, + user=zope_parsed.username, + password=zope_parsed.password, + site_id=zope_parsed.path.split('/')[1], + host="%s:%s" % (zope_parsed.hostname, zope_parsed.port), + sql_connection_string=mysql_connection_string, + ) + + # Runners + runner_path = self.createExecutable( + self.options['runner-path'], + self.substituteTemplate(self.getTemplateFilename('erp5_bootstrap.in'), + config)) + + return [runner_path] diff --git a/slapos/recipe/erp5_bootstrap/template/erp5_bootstrap.in b/slapos/recipe/erp5_bootstrap/template/erp5_bootstrap.in new file mode 100644 index 0000000000000000000000000000000000000000..c3087f8dc581a2edc4e5f3f1d9c04a6b23c35b43 --- /dev/null +++ b/slapos/recipe/erp5_bootstrap/template/erp5_bootstrap.in @@ -0,0 +1,35 @@ +#!%(python_path)s + +import httplib +import urllib +import base64 + +user = "%(user)s" +password = "%(password)s" +host = "%(host)s" +site_id = "%(site_id)s" +erp5_catalog_storage = 'erp5_mysql_innodb_catalog' +mysql_url = "%(sql_connection_string)s" + +header_dict = {'Authorization': 'Basic %%s' %% \ + base64.encodestring('%%s:%%s' %% (user, password)).strip()} +zope_connection = httplib.HTTPConnection(host) + +# Check if an ERP5 site is already created, as ERP5 does support having +# 2 instances in the same zope, and this script should not destroy user data +zope_connection.request('GET', '/isERP5SitePresent', headers=header_dict) +result = zope_connection.getresponse() + +if result.status == 204: # and (result.read() == "False"): + + # Create the expected ERP5 instance + zope_connection.request( + 'POST', '/manage_addProduct/ERP5/manage_addERP5Site', + urllib.urlencode({ + 'id': site_id, + 'erp5_catalog_storage': erp5_catalog_storage, + 'erp5_sql_connection_string': mysql_url, + 'cmf_activity_sql_connection_string': mysql_url, + }), + headers=header_dict) + diff --git a/slapos/recipe/erp5_promise/__init__.py b/slapos/recipe/erp5_promise/__init__.py new file mode 100644 index 0000000000000000000000000000000000000000..dec8b1cb59077458c8b65100d72409ab93809673 --- /dev/null +++ b/slapos/recipe/erp5_promise/__init__.py @@ -0,0 +1,52 @@ +############################################################################## +# +# Copyright (c) 2012 Vifib SARL and Contributors. All Rights Reserved. +# +# WARNING: This program as such is intended to be used by professional +# programmers who take the whole responsibility of assessing all potential +# consequences resulting from its eventual inadequacies and bugs +# End users who are looking for a ready-to-use solution with commercial +# guarantees and support are strongly adviced to contract a Free Software +# Service Company +# +# This program is Free Software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 3 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +############################################################################## + +from slapos.recipe.librecipe import GenericBaseRecipe +import ConfigParser + +class Recipe(GenericBaseRecipe): + """ + Generate ERP5 promise configuration file + """ + + def install(self): + + promise_parser = ConfigParser.RawConfigParser() + + promise_parser.add_section('portal_templates') + promise_parser.set('portal_templates', 'repository', self.options['bt5-repository-url']) + promise_parser.set('portal_templates', 'expected_bt5', self.options['bt5']) + + promise_parser.add_section('external_service') + promise_parser.set('external_service', 'cloudooo_url', self.options['cloudooo-url']) + promise_parser.set('external_service', 'memcached_url', self.options['memcached-url']) + promise_parser.set('external_service', 'kumofs_url', self.options['kumofs-url']) + promise_parser.set('external_service', 'smtp_url', self.options['smtp-url']) + + promise_parser.write(open(self.options['promise-path'], 'w')) + + return [self.options['promise-path']] diff --git a/slapos/recipe/fontconfig/template/fontconfig.cfg.in b/slapos/recipe/fontconfig/template/fontconfig.cfg.in index c6799d21dc15414354306d605ec3f9abd4fc8f4a..9167e6c7cec9eba371941e533aa55bc5f59ef85e 100644 --- a/slapos/recipe/fontconfig/template/fontconfig.cfg.in +++ b/slapos/recipe/fontconfig/template/fontconfig.cfg.in @@ -1,5 +1,6 @@ <?xml version="1.0"?> <!DOCTYPE fontconfig SYSTEM "fonts.dtd"> <fontconfig> +<cachedir>~/.fontconfig</cachedir> %(font_folder_path_snippet)s </fontconfig> \ No newline at end of file diff --git a/slapos/recipe/generate_erp5_tidstorage.py b/slapos/recipe/generate_erp5_tidstorage.py index cfc03e6642581d39549fbff3cbcfb550fd301078..8ab68ed8d47526352c49ad3d2e06822de9d99524 100644 --- a/slapos/recipe/generate_erp5_tidstorage.py +++ b/slapos/recipe/generate_erp5_tidstorage.py @@ -57,6 +57,9 @@ class Recipe(GenericSlapRecipe): known_tid_storage_identifier_dict = {} snippet_zeo = open(self.options['snippet-zeo']).read() for zeo_id, zeo_configuration_list in json_data['zeo'].iteritems(): + if not type(zeo_configuration_list) in (type([]), type(set()), type(())): + raise ValueError('%s passed in json is not a list, json: %s.' % ( + zeo_configuration_list, json_data)) storage_list = [] a = storage_list.append for zeo_slave in zeo_configuration_list: @@ -92,7 +95,8 @@ class Recipe(GenericSlapRecipe): zeo_connection_string = '\n'.join(zeo_connection_list) zope_dict.update( timezone=json_data['timezone'], - zeo_connection_string=zeo_connection_string + zeo_connection_string=zeo_connection_string, + site_id=site_id, ) # always one distribution node current_zope_port += 1 @@ -151,32 +155,72 @@ class Recipe(GenericSlapRecipe): longrequest_logger_interval=longrequest_logger_interval, **zope_dict) haproxy_backend_list.append('${%(part_name)s:ip}:${%(part_name)s:port}' % dict(part_name=part_name)) + + scheme = backend_configuration.get('scheme', ['https']) + # now generate backend access current_apache_port += 1 current_haproxy_port += 1 - part_list.append('apache-%(backend_name)s ca-apache-%(backend_name)s logrotate-entry-apache-%(backend_name)s haproxy-%(backend_name)s' % dict(backend_name=backend_name)) backend_dict = dict( backend_name=backend_name, apache_port=current_apache_port, + apache_public_port=current_apache_port+1, haproxy_port=current_haproxy_port, access_control_string=backend_configuration['access-control-string'], maxconn=backend_configuration['maxconn'], server_check_path='/%s/getId' % site_id, - haproxy_backend_list=' '.join(haproxy_backend_list) + haproxy_backend_list=' '.join(haproxy_backend_list), + ssl_authentication=backend_configuration.get('ssl-authentication', + False), + backend_path=backend_configuration.get('backend-path', '/') % { + 'site-id': site_id} + ) - publish_url_list.append('url-%(backend_name)s = https://[${apache-%(backend_name)s:ip}]:${apache-%(backend_name)s:port}' % dict( - backend_name=backend_name)) + current_apache_port += 1 output += snippet_backend % backend_dict + + if 'http' in scheme: + part_list.append('apache-public-%(backend_name)s logrotate-entry-apache-public-%(backend_name)s' % dict(backend_name=backend_name)) + publish_url_list.append('url-public-%(backend_name)s = http://[${apache-public-%(backend_name)s:ip}]:${apache-public-%(backend_name)s:port}' % dict( + backend_name=backend_name)) + if 'https' in scheme: + part_list.append('apache-%(backend_name)s ca-apache-%(backend_name)s logrotate-entry-apache-%(backend_name)s haproxy-%(backend_name)s' % dict(backend_name=backend_name)) + publish_url_list.append('url-%(backend_name)s = https://[${apache-%(backend_name)s:ip}]:${apache-%(backend_name)s:port}' % dict( + backend_name=backend_name)) + output += SECTION_BACKEND_PUBLISHER + '\n' output += '\n'.join(publish_url_list) part_list.append('publish-apache-backend-list') + master_dict = self.parameter_dict.copy() + if 'erp5-ca' in json_data: + erp5_ca = json_data['erp5-ca'] + # Fetching exactly named parameters from json in order to raise proper + # error if required + master_dict.update( + erp5_ca_country_code = erp5_ca['country-code'], + erp5_ca_email = erp5_ca['email'], + erp5_ca_state = erp5_ca['state'], + erp5_ca_city = erp5_ca['city'], + erp5_ca_company = erp5_ca['company'] + ) + else: + master_dict.update(dict( + erp5_ca_country_code = 'XX', + erp5_ca_email = 'xx@example.com', + # XXX-BBB: State by mistake has been configured as string "('State',)" + # string, so keep this for backward compatibility of existing + # automatically setup CAs + erp5_ca_state = "('State',)", + erp5_ca_city = 'City', + erp5_ca_company = 'Company' + )) prepend = open(self.options['snippet-master']).read() % dict( part_list=' \n'.join([' '+q for q in part_list]), known_tid_storage_identifier_dict=known_tid_storage_identifier_dict, haproxy_section="haproxy-%s" % backend_name, zope_section=zope_id, site_id=site_id, - **self.parameter_dict + **master_dict ) output = prepend + output with open(self.options['output'], 'w') as f: diff --git a/slapos/recipe/helloworld.py b/slapos/recipe/generatemac.py similarity index 75% rename from slapos/recipe/helloworld.py rename to slapos/recipe/generatemac.py index 743f242e97b2a6f9f574b9199ccf9b36e9baa41b..45abf6d2ee8961b025539b442403af8a62ee2036 100644 --- a/slapos/recipe/helloworld.py +++ b/slapos/recipe/generatemac.py @@ -1,3 +1,4 @@ + ############################################################################## # # Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved. @@ -24,21 +25,16 @@ # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # ############################################################################## -from slapos.recipe.librecipe import BaseSlapRecipe +import random + +from slapos.recipe.librecipe import GenericBaseRecipe -class Recipe(BaseSlapRecipe): +class Recipe(GenericBaseRecipe): - def _install(self): - parameter_dict = self.computer_partition.getInstanceParameterDict() - dummy_wrapper = self.createRunningWrapper('dummy', """#!/bin/sh -while [ true ] -do - sleep 10 - echo "Hello World!" -done""") + def __init__(self, buildout, name, options): + # First octet has to represent a locally administered address + octet_list = [254] + [random.randint(0x00, 0xff) for x in range(5)] + options['mac-address'] = ':'.join(['%02x' % x for x in octet_list]) - self.computer_partition.setConnectionDict(dict( - hello_world="Hello World!", - )) - return [dummy_wrapper] - \ No newline at end of file + def install(self): + return [] diff --git a/slapos/recipe/generic_kumofs/__init__.py b/slapos/recipe/generic_kumofs/__init__.py index 0b939c8879e7282e1e528c248aefe3e86e20afc0..03d1a78b8236019e641e8eceb04175b08e0d6d2d 100644 --- a/slapos/recipe/generic_kumofs/__init__.py +++ b/slapos/recipe/generic_kumofs/__init__.py @@ -52,7 +52,8 @@ class Recipe(GenericBaseRecipe): kumo_manager_port=kumo_manager_port, kumo_server_port=kumo_server_port, kumo_server_listen_port=kumo_server_listen_port, - kumo_gateway_port=kumo_gateway_port + kumo_gateway_port=kumo_gateway_port, + shell_path=self.options['shell-path'], ) path_list.append(self.createExecutable(self.options['gateway-wrapper'], diff --git a/slapos/recipe/generic_kumofs/template/kumo_gateway.in b/slapos/recipe/generic_kumofs/template/kumo_gateway.in index 912f8f1007ad2cad325c56ce13a634375cee8ebc..f18c8a4ec358c4bd92c2c8506db279c2afb6f3b2 100644 --- a/slapos/recipe/generic_kumofs/template/kumo_gateway.in +++ b/slapos/recipe/generic_kumofs/template/kumo_gateway.in @@ -1,2 +1,2 @@ -#!/bin/sh +#!%(shell_path)s exec %(kumo_gateway_binary)s -F -E -m %(kumo_manager_ip)s:%(kumo_manager_port)s -t %(kumo_gateway_ip)s:%(kumo_gateway_port)s -o %(kumo_gateway_log)s diff --git a/slapos/recipe/generic_kumofs/template/kumo_manager.in b/slapos/recipe/generic_kumofs/template/kumo_manager.in index e63e3c569de5f689176f19793706e49f90d3c95f..25e2ed1a0e78385c08f11b08f309a2d01d325af3 100644 --- a/slapos/recipe/generic_kumofs/template/kumo_manager.in +++ b/slapos/recipe/generic_kumofs/template/kumo_manager.in @@ -1,2 +1,2 @@ -#!/bin/sh +#!%(shell_path)s exec %(kumo_manager_binary)s -a -l %(kumo_manager_ip)s:%(kumo_manager_port)s -o %(kumo_manager_log)s diff --git a/slapos/recipe/generic_kumofs/template/kumo_server.in b/slapos/recipe/generic_kumofs/template/kumo_server.in index 81aeabb323590320bc1be69b1854d50cdc3d9687..aba0ac6f257d8f44a2c1d32b8a37677aef41416d 100644 --- a/slapos/recipe/generic_kumofs/template/kumo_server.in +++ b/slapos/recipe/generic_kumofs/template/kumo_server.in @@ -1,2 +1,2 @@ -#!/bin/sh +#!%(shell_path)s exec %(kumo_server_binary)s -l %(kumo_server_ip)s:%(kumo_server_port)s -L %(kumo_server_listen_port)s -m %(kumo_manager_ip)s:%(kumo_manager_port)s -s %(kumo_server_storage)s -o %(kumo_server_log)s diff --git a/slapos/recipe/generic_memcached/__init__.py b/slapos/recipe/generic_memcached/__init__.py index 7a3a77a2a63034bef5e35acc34dd04b8f0da9334..fa6a40eddd6e9e99913deaad281f2c32698bf662 100644 --- a/slapos/recipe/generic_memcached/__init__.py +++ b/slapos/recipe/generic_memcached/__init__.py @@ -46,6 +46,7 @@ class Recipe(GenericBaseRecipe): memcached_binary=self.options['binary_path'], memcached_ip=self.options['ip'], memcached_port=self.options['port'], + shell_path=self.options['shell-path'], ) executable_path = self.createExecutable( diff --git a/slapos/recipe/generic_memcached/template/memcached.in b/slapos/recipe/generic_memcached/template/memcached.in index 92dae43a99feff580ac9ff3a6437c25a925f32e5..32bf42cb99456d42d62045969cec373c2323a7f9 100644 --- a/slapos/recipe/generic_memcached/template/memcached.in +++ b/slapos/recipe/generic_memcached/template/memcached.in @@ -1,2 +1,2 @@ -#!/bin/sh +#!%(shell_path)s exec %(memcached_binary)s -p %(memcached_port)s -U %(memcached_port)s -l %(memcached_ip)s diff --git a/slapos/recipe/generic_mysql/__init__.py b/slapos/recipe/generic_mysql/__init__.py index 6c36637d99ede3a452307337e9a5b94a15a6a26f..c0ef36b466e027201e8e7360846147ee23967701 100644 --- a/slapos/recipe/generic_mysql/__init__.py +++ b/slapos/recipe/generic_mysql/__init__.py @@ -67,6 +67,12 @@ class Recipe(GenericBaseRecipe): mysql_script_list = [] + # user defined functions + mysql_script_list.append(self.substituteTemplate( + self.getTemplateFilename('mysql-init-function.sql.in'), + { + } + )) # real database mysql_script_list.append(self.substituteTemplate( self.getTemplateFilename('initmysql.sql.in'), diff --git a/slapos/recipe/generic_mysql/template/my.cnf.in b/slapos/recipe/generic_mysql/template/my.cnf.in index 25d951e863b594e5ac3ca2709897da3763c45754..78e847cd871daf80b807807c29a02549af2092c4 100644 --- a/slapos/recipe/generic_mysql/template/my.cnf.in +++ b/slapos/recipe/generic_mysql/template/my.cnf.in @@ -17,15 +17,15 @@ pid-file = %(pid_file)s log-error = %(error_log)s slow_query_log slow_query_log_file = %(slow_query_log)s -long_query_time = 5 +long_query_time = 1 max_allowed_packet = 128M query_cache_size = 32M -plugin-load = ha_groonga.so;ha_sphinx.so +plugin-load = ha_mroonga.so;ha_sphinx.so;handlersocket.so # By default only 100 connections are allowed, when using zeo # we may have much more connections -# max_connections = 1000 +max_connections = 1000 # The following are important to configure and depend a lot on to the size of # your database and the available resources. diff --git a/slapos/recipe/erp5/template/mysql-init-function.sql.in b/slapos/recipe/generic_mysql/template/mysql-init-function.sql.in similarity index 73% rename from slapos/recipe/erp5/template/mysql-init-function.sql.in rename to slapos/recipe/generic_mysql/template/mysql-init-function.sql.in index c4d0cbde46c01372b3808db3601e517e14788b4e..6105ac73fe8887b30f452176a549a30a2ca94404 100644 --- a/slapos/recipe/erp5/template/mysql-init-function.sql.in +++ b/slapos/recipe/generic_mysql/template/mysql-init-function.sql.in @@ -1,5 +1,5 @@ USE mysql; DROP FUNCTION IF EXISTS last_insert_grn_id; -CREATE FUNCTION last_insert_grn_id RETURNS INTEGER SONAME 'ha_groonga.so'; +CREATE FUNCTION last_insert_grn_id RETURNS INTEGER SONAME 'ha_mroonga.so'; DROP FUNCTION IF EXISTS sphinx_snippets; CREATE FUNCTION sphinx_snippets RETURNS STRING SONAME 'sphinx.so'; diff --git a/slapos/recipe/generic_onetimeupload/__init__.py b/slapos/recipe/generic_onetimeupload/__init__.py new file mode 100644 index 0000000000000000000000000000000000000000..97ef798220e045de31c3d917ba7daf1167b182b1 --- /dev/null +++ b/slapos/recipe/generic_onetimeupload/__init__.py @@ -0,0 +1,59 @@ +############################################################################## +# +# Copyright (c) 2011 Vifib SARL and Contributors. All Rights Reserved. +# +# WARNING: This program as such is intended to be used by professional +# programmers who take the whole responsibility of assessing all potential +# consequences resulting from its eventual inadequacies and bugs +# End users who are looking for a ready-to-use solution with commercial +# guarantees and support are strongly adviced to contract a Free Software +# Service Company +# +# This program is Free Software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 3 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +############################################################################## +from slapos.recipe.librecipe import GenericBaseRecipe +import binascii +import os +import sys + +class Recipe(GenericBaseRecipe): + """ + kvm instance configuration. + """ + + def __init__(self, buildout, name, options): + options['key'] = binascii.hexlify(os.urandom(24)) + return GenericBaseRecipe.__init__(self, buildout, name, options) + + def install(self): + config = dict( + ip=self.options['ip'], + port=self.options['port'], + onetimeupload_path=self.options['onetimeupload-path'], + shell_path=self.options['shell-path'], + log_path=self.options['log-path'], + image=self.options['image-path'], + key=self.options['key'], + ) + + # Runners + runner_path = self.createExecutable( + self.options['path'], + self.substituteTemplate(self.getTemplateFilename('onetimeupload_run.in'), + config)) + + return [runner_path] + diff --git a/slapos/recipe/nbdserver/template/onetimeupload_run.in b/slapos/recipe/generic_onetimeupload/template/onetimeupload_run.in similarity index 90% rename from slapos/recipe/nbdserver/template/onetimeupload_run.in rename to slapos/recipe/generic_onetimeupload/template/onetimeupload_run.in index 9d6cfe22248f543a22fc43e9c0b5deb2080500a3..a09627d5501af0b3e2d71835ea345c71efc1b37b 100644 --- a/slapos/recipe/nbdserver/template/onetimeupload_run.in +++ b/slapos/recipe/generic_onetimeupload/template/onetimeupload_run.in @@ -1,4 +1,4 @@ -#!/bin/sh +#!%(shell_path)s # BEWARE: This file is operated by slapgrid # BEWARE: It will be overwritten automatically exec %(onetimeupload_path)s -l %(log_path)s %(ip)s %(port)s %(image)s %(key)s diff --git a/slapos/recipe/generic_varnish/__init__.py b/slapos/recipe/generic_varnish/__init__.py new file mode 100644 index 0000000000000000000000000000000000000000..4187b7ea0993a245a8be326aebf9461a381f39d1 --- /dev/null +++ b/slapos/recipe/generic_varnish/__init__.py @@ -0,0 +1,77 @@ +############################################################################## +# +# Copyright (c) 2012 Vifib SARL and Contributors. All Rights Reserved. +# +# WARNING: This program as such is intended to be used by professional +# programmers who take the whole responsibility of assessing all potential +# consequences resulting from its eventual inadequacies and bugs +# End users who are looking for a ready-to-use solution with commercial +# guarantees and support are strongly adviced to contract a Free Software +# Service Company +# +# This program is Free Software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 3 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +############################################################################## +import os +import re +from slapos.recipe.librecipe import GenericSlapRecipe + +class Recipe(GenericSlapRecipe): + """ + Instantiate varnish daemon + + TODO: + - use varnish3.x and replace .vcl for it + """ + def _install(self): + ip = self.options['ip'] + backend_url = self.parameter_dict['tidstorage-url'] + backend_ip, backend_port = self._getBackendServer(backend_url) + varnishd_manager_port = int(self.options['manager-port']) + varnishd_server_port = int(self.options['server-port']) + path_list = [] + config = dict( + varnishd_binary=self.options['varnishd-binary'], + varnish_ip=ip, + varnishlog_binary=self.options['varnishlog-binary'], + varnishd_manager_port=varnishd_manager_port, + varnishd_server_port=varnishd_server_port, + varnishd_pid_file=self.options['pid-file'], + varnish_instance_name=self.options['varnish-instance-name'], + varnish_data=self.options['varnish-data'], + shell_path=self.options['shell-path'], + vcl_file=self.options['vcl-file'], + backend_ip = backend_ip, + backend_port = backend_port, + backend_server = "[%s]" % backend_ip, + ) + + path_list.append(self.createExecutable(self.options['varnishd-wrapper'], + self.substituteTemplate(self.getTemplateFilename('varnishd.in'), + config))) + path_list.append(self.createExecutable(self.options['varnishlog-wrapper'], + self.substituteTemplate(self.getTemplateFilename('varnishlog.in'), + config))) + path_list.append(self.createFile(self.options['vcl-file'], + self.substituteTemplate(self.getTemplateFilename('default.vcl.in'), + config))) + return path_list + + def _getBackendServer(self, url): + r = re.compile('\/\/\[(.*)\]:(\d*)') + result = r.search(url) + ip = result.groups()[0] + port = result.groups()[1] + return (ip, port) diff --git a/slapos/recipe/generic_varnish/template/default.vcl.in b/slapos/recipe/generic_varnish/template/default.vcl.in new file mode 100644 index 0000000000000000000000000000000000000000..bac86d2dc551489ced38b93e1c420cc935614820 --- /dev/null +++ b/slapos/recipe/generic_varnish/template/default.vcl.in @@ -0,0 +1,124 @@ +#This is a basic VCL configuration file for varnish. See the vcl(7) +#man page for details on VCL syntax and semantics. +# +#Default backend definition. Set this to point to your content +#server. +# +backend default { + .host = "%(backend_ip)s"; + .port = "%(backend_port)s"; + .probe = { + .timeout = 30s; + .interval = 5s; + .window = 4; + .threshold = 3; + .request = + "OPTIONS /erp5/getId HTTP/1.1" + "Host: %(backend_server)s:%(backend_port)s" + "Accept-Encoding: identity" + "Connection: close" + "User-Agent: Varnish"; + } +} +# +#Below is a commented-out copy of the default VCL logic. If you +#redefine any of these subroutines, the built-in logic will be +#appended to your code. +# + +sub vcl_recv { + if (req.request != "GET" && + req.request != "HEAD" && + req.request != "PUT" && + req.request != "POST" && + req.request != "TRACE" && + req.request != "OPTIONS" && + req.request != "PURGE" && + req.request != "DELETE") { + /* Non-RFC2616 or CONNECT which is weird. */ + pipe; + } + if (req.request != "GET" && req.request != "HEAD" && req.request != "PURGE") { + /* We only deal with GET and HEAD by default */ + pass; + } + remove req.http.Cookie; + remove req.http.Set-Cookie; + if (req.http.Accept-Encoding) { + if (req.http.Accept-Encoding ~ "gzip") { + set req.http.Accept-Encoding = "gzip"; + } elsif (req.http.Accept-Encoding ~ "deflate") { + set req.http.Accept-Encoding = "deflate"; + } else { + # unkown algorithm + remove req.http.Accept-Encoding; + } + } + # Force deflate + remove req.http.Accept-Encoding; + # We do not care about Accept-Language, this is url controlled + remove req.http.Accept-Language; + #if (req.request == "PURGE") { + # if (!client.ip ~ purge) { + # error 405 "Not allowed."; + # } + # purge_url(req.url); + # error 200 "HASHPURGED"; + # unset req.http.x; + #} + set req.grace = 30d; + lookup; +} + +sub vcl_hash { + set req.hash += req.url; + hash; +} + +sub vcl_hit { + #if (req.request == "PURGE" && client.ip ~ purge) { + # set obj.ttl = 0s; + # error 200 "Purged."; + #} + + #if (client.ip ~ purge){ + # # Force refresh from localhost + # set obj.ttl = 0s; + # return (restart); + #} + # According Vary Header do not return those headers + remove req.http.Accept-Language; + remove req.http.Accept-Encoding; + remove req.http.Cookie; + deliver; +} + +sub vcl_miss { + fetch; +} + +sub vcl_fetch { + /* Never send request to backend even if client ask refreshed content */ + if (obj.cacheable) { + /* Setup grace period for 30days for all cacheable contents */ + #set req.grace = 30d; + set obj.grace = 30d; + } + deliver; + } + + +sub vcl_deliver { + if (obj.hits > 0) { + set resp.http.X-Cache = obj.hits; + } else { + set resp.http.X-Cache = "MISS"; + } + #if (obj.hash) { + # set resp.http.X-Hash = obj.hash; + #} else { + # set resp.http.X-Hash = "No hash"; + #} + + deliver; +} diff --git a/slapos/recipe/generic_varnish/template/varnishd.in b/slapos/recipe/generic_varnish/template/varnishd.in new file mode 100644 index 0000000000000000000000000000000000000000..c30582488bc3b0876ed5a218c2b3fb0777cd6592 --- /dev/null +++ b/slapos/recipe/generic_varnish/template/varnishd.in @@ -0,0 +1,15 @@ +#!%(shell_path)s + +DAEMON_OPTS="-F \ + -a %(varnish_ip)s:%(varnishd_server_port)s \ + -T %(varnish_ip)s:%(varnishd_manager_port)s \ + -n %(varnish_instance_name)s \ + -f %(vcl_file)s \ + -s file,%(varnish_data)s/varnish_storage.bin,1G" + +PIDFILE=%(varnishd_pid_file)s +# exporting PATH here so that we will pass the PATH variable to the subprocess +export PATH +output=$(/bin/tempfile -s.varnish) +exec %(varnishd_binary)s -P ${PIDFILE} ${DAEMON_OPTS} > ${output} 2>&1 + diff --git a/slapos/recipe/generic_varnish/template/varnishlog.in b/slapos/recipe/generic_varnish/template/varnishlog.in new file mode 100644 index 0000000000000000000000000000000000000000..72141b9f7c4baec464ef725707d0bf0f77a45b42 --- /dev/null +++ b/slapos/recipe/generic_varnish/template/varnishlog.in @@ -0,0 +1,6 @@ +#!%(shell_path)s + +DAEMON_OPTS="-a %(varnish_ip)s:%(varnishd_server_port)s \ + -n %(varnish_instance_name)s" + +exec %(varnishlog_binary)s ${DAEMON_OPTS} "$@" diff --git a/slapos/recipe/generic_varnish/template/varnishlogd.in b/slapos/recipe/generic_varnish/template/varnishlogd.in new file mode 100644 index 0000000000000000000000000000000000000000..b0f1e24dcae66c8d3b2c007eec13da3ecbfb17e8 --- /dev/null +++ b/slapos/recipe/generic_varnish/template/varnishlogd.in @@ -0,0 +1,22 @@ +#!%(shell_path)s + +DAEMON_OPTS="-F \ + -a %(varnish_ip)s:%(varnishd_server_port)s \ + -T %(varnish_ip)s:%(varnishd_manager_port)s \ + -n %(varnish_instance_name)s \ + -f %(vcl_file)s \ + -s file,%(varnish_data)s/varnish_storage.bin,1G" + +PIDFILE=%(varnishd_pid_file)s +# exporting PATH here so that it will pass the PATH variable to the subprocess +export PATH + +# If unset, or set to "0" or "no", exit +if [ -z "${VARNISHLOG_ENABLED}" ] || \ + [ "${VARNISHLOG_ENABLED}" = "0" ] || \ + [ "${VARNISHLOG_ENABLED}" = "no" ]; then + exit 0; +fi + +output=$(/bin/tempfile -s.varnish) +exec %(varnishlog_binary)s ${DAEMON_OPTS} > ${output} 2>&1 diff --git a/slapos/recipe/generic_zope/__init__.py b/slapos/recipe/generic_zope/__init__.py index 0c29ac934228aa025b2363d9e4947e7ec6129827..5f1b601ea645842b4022b71911d3970a7b71d8b9 100644 --- a/slapos/recipe/generic_zope/__init__.py +++ b/slapos/recipe/generic_zope/__init__.py @@ -128,6 +128,13 @@ class Recipe(GenericBaseRecipe): zope_conf_content = self.substituteTemplate(zope_wrapper_template_location, zope_config) + if ('promise-path' in self.options) and ('site-id' in self.options): + zope_conf_content += self.substituteTemplate(self.getTemplateFilename( + 'zope.conf.promise.in'), { + 'site-id': self.options['site-id'], + 'promise-path': self.options['promise-path'], + }) + zope_conf_path = self.createFile(self.options['configuration-file'], zope_conf_content) path_list.append(zope_conf_path) # Create init script diff --git a/slapos/recipe/generic_zope/template/zope.conf.in b/slapos/recipe/generic_zope/template/zope.conf.in index 3853b0d641c8d5aa664890f9f2c5e050b61db921..36f0fead11786fcdc74c89c046fc81bba1d86685 100644 --- a/slapos/recipe/generic_zope/template/zope.conf.in +++ b/slapos/recipe/generic_zope/template/zope.conf.in @@ -20,6 +20,11 @@ zserver-threads %(thread_amount)s pid-filename %(pid-filename)s lock-filename %(lock-filename)s +# Encoding +rest-input-encoding utf-8 +rest-output-encoding utf-8 +default-zpublisher-encoding utf-8 + # Temporary storage database (for sessions) <zodb_db temporary> <temporarystorage> diff --git a/slapos/recipe/generic_zope/template/zope.conf.promise.in b/slapos/recipe/generic_zope/template/zope.conf.promise.in new file mode 100644 index 0000000000000000000000000000000000000000..692ae21c2ea70fa5e456572e4750bb7edc86d42a --- /dev/null +++ b/slapos/recipe/generic_zope/template/zope.conf.promise.in @@ -0,0 +1,5 @@ + +# ERP5 promise +<product-config /%(site-id)s> + promise_path %(promise-path)s +</product-config> diff --git a/slapos/recipe/generic_zope_zeo_client/__init__.py b/slapos/recipe/generic_zope_zeo_client/__init__.py index 94e4cf8b9727c99e211521ef79efab42945a22bf..f3ea8d57401a1d0ab8c2713c9f8377d3a328eb8b 100644 --- a/slapos/recipe/generic_zope_zeo_client/__init__.py +++ b/slapos/recipe/generic_zope_zeo_client/__init__.py @@ -115,7 +115,7 @@ class Recipe(GenericBaseRecipe): TMPDIR=self.options['tmp-path'], HOME=self.options['tmp-path'], PATH=self.options['bin-path'], - TIMEZONE=self.options['timezone'], + TZ=self.options['timezone'], ) # longrequestlogger product which requires environment settings @@ -157,6 +157,18 @@ class Recipe(GenericBaseRecipe): if self.isTrueValue(self.options['timeserver']): zope_conf_content += self.substituteTemplate(self.getTemplateFilename( 'zope.conf.timeserver.in'), {}) + if 'tidstorage-ip' in self.options: + zope_conf_content += self.substituteTemplate(self.getTemplateFilename( + 'zope.conf.tidstorage.in'), { + 'tidstorage-ip': self.options['tidstorage-ip'], + 'tidstorage-port': self.options['tidstorage-port'], + }) + if ('promise-path' in self.options) and ('site-id' in self.options): + zope_conf_content += self.substituteTemplate(self.getTemplateFilename( + 'zope.conf.promise.in'), { + 'site-id': self.options['site-id'], + 'promise-path': self.options['promise-path'], + }) zope_conf_path = self.createFile(self.options['configuration-file'], zope_conf_content) path_list.append(zope_conf_path) diff --git a/slapos/recipe/generic_zope_zeo_client/template/zope.conf.in b/slapos/recipe/generic_zope_zeo_client/template/zope.conf.in index 9f64fff798c1af0a03901b565e825229ff5ff521..72866b799963049f94f8e39c9ff7b4b848518e65 100644 --- a/slapos/recipe/generic_zope_zeo_client/template/zope.conf.in +++ b/slapos/recipe/generic_zope_zeo_client/template/zope.conf.in @@ -20,6 +20,11 @@ zserver-threads %(thread_amount)s pid-filename %(pid-filename)s lock-filename %(lock-filename)s +# Encoding +rest-input-encoding utf-8 +rest-output-encoding utf-8 +default-zpublisher-encoding utf-8 + # Temporary storage database (for sessions) <zodb_db temporary> <temporarystorage> diff --git a/slapos/recipe/generic_zope_zeo_client/template/zope.conf.promise.in b/slapos/recipe/generic_zope_zeo_client/template/zope.conf.promise.in new file mode 100644 index 0000000000000000000000000000000000000000..692ae21c2ea70fa5e456572e4750bb7edc86d42a --- /dev/null +++ b/slapos/recipe/generic_zope_zeo_client/template/zope.conf.promise.in @@ -0,0 +1,5 @@ + +# ERP5 promise +<product-config /%(site-id)s> + promise_path %(promise-path)s +</product-config> diff --git a/slapos/recipe/generic_zope_zeo_client/template/zope.conf.tidstorage.in b/slapos/recipe/generic_zope_zeo_client/template/zope.conf.tidstorage.in new file mode 100644 index 0000000000000000000000000000000000000000..d3e0bb4bad6b5bdd86a6925b8b9f722941947513 --- /dev/null +++ b/slapos/recipe/generic_zope_zeo_client/template/zope.conf.tidstorage.in @@ -0,0 +1,6 @@ + +# TIDStorage connection +<product-config TIDStorage> + backend-ip %(tidstorage-ip)s + backend-port %(tidstorage-port)s +</product-config> diff --git a/slapos/recipe/generic_zope_zeo_client/template/zope.conf.timeserver.in b/slapos/recipe/generic_zope_zeo_client/template/zope.conf.timeserver.in index 707c6bab66727c76535bd64ef1ef9923dc7c97b4..a1edc33f97608278fc55eb90373bb48d99908f94 100644 --- a/slapos/recipe/generic_zope_zeo_client/template/zope.conf.timeserver.in +++ b/slapos/recipe/generic_zope_zeo_client/template/zope.conf.timeserver.in @@ -2,5 +2,5 @@ # ERP5 Timer Service %%import timerserver <timer-server> - interval 5 + interval 1 </timer-server> diff --git a/slapos/recipe/kvm/__init__.py b/slapos/recipe/kvm/__init__.py index e4d5688562bd5d1590f8922d144ef582d86965ec..54ec9a442a48014717616d341d37e705fcd53bd3 100644 --- a/slapos/recipe/kvm/__init__.py +++ b/slapos/recipe/kvm/__init__.py @@ -1,6 +1,6 @@ ############################################################################## # -# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved. +# Copyright (c) 2011 Vifib SARL and Contributors. All Rights Reserved. # # WARNING: This program as such is intended to be used by professional # programmers who take the whole responsibility of assessing all potential @@ -24,333 +24,53 @@ # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # ############################################################################## +from slapos.recipe.librecipe import GenericBaseRecipe +import binascii import os import sys -from slapos.recipe.librecipe import BaseSlapRecipe -import subprocess -import binascii -import random -import zc.buildout -import pkg_resources -import ConfigParser -import hashlib - -class Recipe(BaseSlapRecipe): - - # To avoid magic numbers - VNC_BASE_PORT = 5900 - - def _install(self): - """ - Set the connection dictionnary for the computer partition and create a list - of paths to the different wrappers - - Parameters : none - - Returns : List path_list - """ - self.path_list = [] - - self.requirements, self.ws = self.egg.working_set() - self.cron_d = self.installCrond() - - self.ca_conf = self.installCertificateAuthority() - self.key_path, self.certificate_path = self.requestCertificate('noVNC') - - # Install the socket_connection_attempt script - catcher = zc.buildout.easy_install.scripts( - [('check_port_listening', 'slapos.recipe.kvm.socket_connection_attempt', - 'connection_attempt')], - self.ws, - sys.executable, - self.bin_directory, - ) - # Save the check_port_listening script path - check_port_listening_script = catcher[0] - # Get the port_listening_promise template path, and save it - self.port_listening_promise_path = pkg_resources.resource_filename( - __name__, 'template/port_listening_promise.in') - self.port_listening_promise_conf = dict( - check_port_listening_script=check_port_listening_script, - ) - - kvm_conf = self.installKvm(vnc_ip = self.getLocalIPv4Address()) - - vnc_port = Recipe.VNC_BASE_PORT + kvm_conf['vnc_display'] - - noVNC_conf = self.installNoVnc(source_ip = self.getGlobalIPv6Address(), - source_port = 6080, - target_ip = kvm_conf['vnc_ip'], - target_port = vnc_port) - - self.linkBinary() - self.computer_partition.setConnectionDict(dict( - url = "https://[%s]:%s/vnc_auto.html?host=[%s]&port=%s&encrypt=1" % ( - noVNC_conf['source_ip'], - noVNC_conf['source_port'], - noVNC_conf['source_ip'], - noVNC_conf['source_port']), - password = kvm_conf['vnc_passwd'])) - - return self.path_list - - def installKvm(self, vnc_ip): - """ - Create kvm configuration dictionnary and instanciate a wrapper for kvm and - kvm controller - - Parameters : IP the vnc server is listening on - - Returns : Dictionnary kvm_conf - """ - kvm_conf = dict(vnc_ip = vnc_ip) - - connection_found = False - for tap_interface, dummy in self.parameter_dict['ip_list']: - # Get an ip associated to a tap interface - if tap_interface: - connection_found = True - if not connection_found: - raise NotImplementedError("Do not support ip without tap interface") - - kvm_conf['tap_interface'] = tap_interface - - # Disk path - kvm_conf['disk_path'] = os.path.join(self.data_root_directory, - 'virtual.qcow2') - kvm_conf['socket_path'] = os.path.join(self.var_directory, 'qmp_socket') - # XXX Weak password - ##XXX -Vivien: add an option to generate one password for all instances - # and/or to input it yourself - kvm_conf['vnc_passwd'] = binascii.hexlify(os.urandom(4)) - - #XXX pid_file path, database_path, path to python binary and xml path - kvm_conf['pid_file_path'] = os.path.join(self.run_directory, 'pid_file') - kvm_conf['database_path'] = os.path.join(self.data_root_directory, - 'slapmonitor_database') - kvm_conf['python_path'] = sys.executable - kvm_conf['qemu_path'] = self.options['qemu_path'] - #xml_path = os.path.join(self.var_directory, 'slapreport.xml' ) - # Create disk if needed - if not os.path.exists(kvm_conf['disk_path']): - retcode = subprocess.call(["%s create -f qcow2 %s %iG" % ( - self.options['qemu_img_path'], kvm_conf['disk_path'], - int(self.options['disk_size']))], shell=True) - if retcode != 0: - raise OSError, "Disk creation failed!" - - # Options nbd_ip and nbd_port are provided by slapos master - kvm_conf['nbd_ip'] = self.parameter_dict['nbd_ip'] - kvm_conf['nbd_port'] = self.parameter_dict['nbd_port'] - - # First octet has to represent a locally administered address - octet_list = [254] + [random.randint(0x00, 0xff) for x in range(5)] - kvm_conf['mac_address'] = ':'.join(['%02x' % x for x in octet_list]) - - kvm_conf['hostname'] = "slaposkvm" - kvm_conf['smp_count'] = self.options['smp_count'] - kvm_conf['ram_size'] = self.options['ram_size'] - - kvm_conf['vnc_display'] = 1 - - # Instanciate KVM - kvm_template_location = pkg_resources.resource_filename( - __name__, os.path.join( - 'template', 'kvm_run.in')) - - kvm_runner_path = self.createRunningWrapper("kvm", - self.substituteTemplate(kvm_template_location, - kvm_conf)) - - self.path_list.append(kvm_runner_path) - - # Instanciate KVM controller - kvm_controller_template_location = pkg_resources.resource_filename( - __name__, os.path.join( - 'template', - 'kvm_controller_run.in' )) - - kvm_controller_runner_path = self.createRunningWrapper("kvm_controller", - self.substituteTemplate(kvm_controller_template_location, - kvm_conf)) - - self.path_list.append(kvm_controller_runner_path) - - # Instanciate Slapmonitor - ##slapmonitor_runner_path = self.instanciate_wrapper("slapmonitor", - # [database_path, pid_file_path, python_path]) - # Instanciate Slapreport - ##slapreport_runner_path = self.instanciate_wrapper("slapreport", - # [database_path, python_path]) - - # Add VNC promise - self.port_listening_promise_conf.update( - hostname=kvm_conf['vnc_ip'], - port=Recipe.VNC_BASE_PORT + kvm_conf['vnc_display'], +class Recipe(GenericBaseRecipe): + """ + kvm instance configuration. + """ + + def __init__(self, buildout, name, options): + options['passwd'] = binascii.hexlify(os.urandom(4)) + return GenericBaseRecipe.__init__(self, buildout, name, options) + + def install(self): + config = dict( + tap_interface=self.options['tap'], + vnc_ip=self.options['vnc-ip'], + vnc_port=self.options['vnc-port'], + nbd_ip=self.options['nbd-ip'], + nbd_port=self.options['nbd-port'], + disk_path=self.options['disk-path'], + disk_size=self.options['disk-size'], + mac_address=self.options['mac-address'], + smp_count=self.options['smp-count'], + ram_size=self.options['ram-size'], + socket_path=self.options['socket-path'], + pid_file_path=self.options['pid-path'], + python_path=sys.executable, + shell_path=self.options['shell-path'], + qemu_path=self.options['qemu-path'], + qemu_img_path=self.options['qemu-img-path'], + # XXX Weak password + vnc_passwd=self.options['passwd'] ) - self.createPromiseWrapper("vnc_promise", - self.substituteTemplate(self.port_listening_promise_path, - self.port_listening_promise_conf, - ) - ) - return kvm_conf + # Runners + runner_path = self.createExecutable( + self.options['runner-path'], + self.substituteTemplate(self.getTemplateFilename('kvm_run.in'), + config)) - def installNoVnc(self, source_ip, source_port, target_ip, target_port): - """ - Create noVNC configuration dictionnary and instanciate Websockify proxy + controller_path = self.createExecutable( + self.options['controller-path'], + self.substituteTemplate(self.getTemplateFilename('kvm_controller_run.in'), + config)) - Parameters : IP of the proxy, port on which is situated the proxy, - IP of the vnc server, port on which is situated the vnc server, - path to python binary - - Returns : noVNC configuration dictionnary - """ - - noVNC_conf = {} - - noVNC_conf['source_ip'] = source_ip - noVNC_conf['source_port'] = source_port - - execute_arguments = [[ - self.options['websockify'].strip(), - '--web', - self.options['noVNC_location'], - '--key=%s' % (self.key_path), - '--cert=%s' % (self.certificate_path), - '--ssl-only', - '%s:%s' % (source_ip, source_port), - '%s:%s' % (target_ip, target_port)], - [self.certificate_path, self.key_path]] - - self.path_list.extend(zc.buildout.easy_install.scripts([('websockify', - 'slapos.recipe.librecipe.execute', 'execute_wait')], self.ws, sys.executable, - self.wrapper_directory, arguments=execute_arguments)) - - # Add noVNC promise - self.port_listening_promise_conf.update(hostname=noVNC_conf['source_ip'], - port=noVNC_conf['source_port'], - ) - self.createPromiseWrapper("novnc_promise", - self.substituteTemplate(self.port_listening_promise_path, - self.port_listening_promise_conf, - ) - ) - - return noVNC_conf - - def linkBinary(self): - """Links binaries to instance's bin directory for easier exposal""" - for linkline in self.options.get('link_binary_list', '').splitlines(): - if not linkline: - continue - target = linkline.split() - if len(target) == 1: - target = target[0] - path, linkname = os.path.split(target) - else: - linkname = target[1] - target = target[0] - link = os.path.join(self.bin_directory, linkname) - if os.path.lexists(link): - if not os.path.islink(link): - raise zc.buildout.UserError( - 'Target link already %r exists but it is not link' % link) - os.unlink(link) - os.symlink(target, link) - self.logger.debug('Created link %r -> %r' % (link, target)) - self.path_list.append(link) - - def installCertificateAuthority(self, ca_country_code='XX', - ca_email='xx@example.com', ca_state='State', ca_city='City', - ca_company='Company'): - backup_path = self.createBackupDirectory('ca') - self.ca_dir = os.path.join(self.data_root_directory, 'ca') - self._createDirectory(self.ca_dir) - self.ca_request_dir = os.path.join(self.ca_dir, 'requests') - self._createDirectory(self.ca_request_dir) - config = dict(ca_dir=self.ca_dir, request_dir=self.ca_request_dir) - self.ca_private = os.path.join(self.ca_dir, 'private') - self.ca_certs = os.path.join(self.ca_dir, 'certs') - self.ca_crl = os.path.join(self.ca_dir, 'crl') - self.ca_newcerts = os.path.join(self.ca_dir, 'newcerts') - self.ca_key_ext = '.key' - self.ca_crt_ext = '.crt' - for d in [self.ca_private, self.ca_crl, self.ca_newcerts, self.ca_certs]: - self._createDirectory(d) - for f in ['crlnumber', 'serial']: - if not os.path.exists(os.path.join(self.ca_dir, f)): - open(os.path.join(self.ca_dir, f), 'w').write('01') - if not os.path.exists(os.path.join(self.ca_dir, 'index.txt')): - open(os.path.join(self.ca_dir, 'index.txt'), 'w').write('') - openssl_configuration = os.path.join(self.ca_dir, 'openssl.cnf') - config.update( - working_directory=self.ca_dir, - country_code=ca_country_code, - state=ca_state, - city=ca_city, - company=ca_company, - email_address=ca_email, - ) - self._writeFile(openssl_configuration, pkg_resources.resource_string( - __name__, 'template/openssl.cnf.ca.in') % config) - self.path_list.extend(zc.buildout.easy_install.scripts([ - ('certificate_authority', - __name__ + '.certificate_authority', 'runCertificateAuthority')], - self.ws, sys.executable, self.wrapper_directory, arguments=[dict( - openssl_configuration=openssl_configuration, - openssl_binary=self.options['openssl_binary'], - certificate=os.path.join(self.ca_dir, 'cacert.pem'), - key=os.path.join(self.ca_private, 'cakey.pem'), - crl=os.path.join(self.ca_crl), - request_dir=self.ca_request_dir - )])) - # configure backup - backup_cron = os.path.join(self.cron_d, 'ca_rdiff_backup') - open(backup_cron, 'w').write( - '''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''%dict( - rdiff_backup=self.options['rdiff_backup_binary'], - source=self.ca_dir, - destination=backup_path)) - self.path_list.append(backup_cron) - - return dict( - ca_certificate=os.path.join(config['ca_dir'], 'cacert.pem'), - ca_crl=os.path.join(config['ca_dir'], 'crl'), - certificate_authority_path=config['ca_dir'] - ) - def requestCertificate(self, name): - hash = hashlib.sha512(name).hexdigest() - key = os.path.join(self.ca_private, hash + self.ca_key_ext) - certificate = os.path.join(self.ca_certs, hash + self.ca_crt_ext) - parser = ConfigParser.RawConfigParser() - parser.add_section('certificate') - parser.set('certificate', 'name', name) - parser.set('certificate', 'key_file', key) - parser.set('certificate', 'certificate_file', certificate) - parser.write(open(os.path.join(self.ca_request_dir, hash), 'w')) - return key, certificate + return [runner_path, controller_path] - def installCrond(self): - timestamps = self.createDataDirectory('cronstamps') - cron_output = os.path.join(self.log_directory, 'cron-output') - self._createDirectory(cron_output) - catcher = zc.buildout.easy_install.scripts([('catchcron', - __name__ + '.catdatefile', 'catdatefile')], self.ws, sys.executable, - self.bin_directory, arguments=[cron_output])[0] - self.path_list.append(catcher) - cron_d = os.path.join(self.etc_directory, 'cron.d') - crontabs = os.path.join(self.etc_directory, 'crontabs') - self._createDirectory(cron_d) - self._createDirectory(crontabs) - # Use execute from erp5. - wrapper = zc.buildout.easy_install.scripts([('crond', - 'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable, - self.wrapper_directory, arguments=[ - self.options['dcrond_binary'].strip(), '-s', cron_d, '-c', crontabs, - '-t', timestamps, '-f', '-l', '5', '-M', catcher] - )[0] - self.path_list.append(wrapper) - return cron_d diff --git a/slapos/recipe/kvm/socket_connection_attempt.py b/slapos/recipe/kvm/socket_connection_attempt.py deleted file mode 100644 index dfd9fad4b930518c6ef94a88c69ed40ce6b22539..0000000000000000000000000000000000000000 --- a/slapos/recipe/kvm/socket_connection_attempt.py +++ /dev/null @@ -1,26 +0,0 @@ -import socket -import sys - -def connection_attempt(): - - try: - hostname, port = sys.argv[1:3] - except ValueError: - print >> sys.stderr, """Bad command line. - Usage: %s hostname|ip port""" % sys.argv[0] - sys.exit(1) - - connection_okay = False - - try: - s = socket.create_connection((hostname, port)) - connection_okay = True - s.close() - except (socket.error, socket.timeout): - connection_okay = False - - if not connection_okay: - print >> sys.stderr, "%(port)s on %(ip)s isn't listening" % { - 'port': port, 'ip': hostname - } - sys.exit(127) diff --git a/slapos/recipe/kvm/template/kvm_run.in b/slapos/recipe/kvm/template/kvm_run.in index 3987f1df1135c832be80d5e0b19a9dc9dc3192ea..d4f770a2d6f471b0ab208f67e57816b93a8f82c7 100644 --- a/slapos/recipe/kvm/template/kvm_run.in +++ b/slapos/recipe/kvm/template/kvm_run.in @@ -1,17 +1,55 @@ -#!/bin/sh +#!%(python_path)s # BEWARE: This file is operated by slapgrid # BEWARE: It will be overwritten automatically -# TODO: -net nic,model=virtio, but OS installer has to provide the virtio_net -# module -exec %(qemu_path)s \ - -net nic,macaddr=%(mac_address)s \ - -net tap,ifname=%(tap_interface)s,script=no,downscript=no \ - -smp %(smp_count)s \ - -m %(ram_size)s \ - -cdrom nbd:[%(nbd_ip)s]:%(nbd_port)s \ - -drive file=%(disk_path)s,if=virtio,boot=on \ - -vnc %(vnc_ip)s:1,ipv4,password \ - -boot menu=on \ - -qmp unix:%(socket_path)s,server \ - -pidfile %(pid_file_path)s +# Echo client program +import os +import socket +import subprocess + +def getSocketStatus(host, port): + s = None + for res in socket.getaddrinfo(host, port, + socket.AF_UNSPEC, socket.SOCK_STREAM): + af, socktype, proto, canonname, sa = res + try: + s = socket.socket(af, socktype, proto) + except socket.error, msg: + s = None + continue + try: + s.connect(sa) + except socket.error, msg: + s.close() + s = None + continue + break + return s + +# create disk if doesn't exist +disk_path = '%(disk_path)s' +if not os.path.exists(disk_path): + subprocess.Popen(['%(qemu_img_path)s', 'create' ,'-f', 'qcow2', + '%(disk_path)s', '%(disk_size)sG']) + +kvm_argument_list = ['kvm', '-net', 'nic,macaddr=%(mac_address)s', + '-net', 'tap,ifname=%(tap_interface)s,script=no,downscript=no', + '-smp', '%(smp_count)s', + '-m', '%(ram_size)s', + '-drive', 'file=%(disk_path)s,if=virtio,boot=on', + '-vnc', '%(vnc_ip)s:1,ipv4,password', + '-boot', 'menu=on', + '-qmp', 'unix:%(socket_path)s,server', + '-pidfile', '%(pid_file_path)s', +] + +# Try to connect to NBD server +s = getSocketStatus('%(nbd_ip)s', %(nbd_port)s) +if s is None: + # NBD is not available : launch kvm without it + print 'Warning : Nbd is not available.' + os.execv('%(qemu_path)s', kvm_argument_list) +else: + # NBD is available + kvm_argument_list.extend(['-cdrom', 'nbd:[%(nbd_ip)s]:%(nbd_port)s']) + os.execv('%(qemu_path)s', kvm_argument_list) diff --git a/slapos/recipe/kvm/template/port_listening_promise.in b/slapos/recipe/kvm/template/port_listening_promise.in deleted file mode 100644 index 15fa390d01e38096cfb8a9d01356bf1687e3f740..0000000000000000000000000000000000000000 --- a/slapos/recipe/kvm/template/port_listening_promise.in +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/env sh - -"%(check_port_listening_script)s" "%(hostname)s" "%(port)s" -exit $? diff --git a/slapos/recipe/kvm/template/slapmonitor_run.in b/slapos/recipe/kvm/template/slapmonitor_run.in deleted file mode 100644 index c790e0904af68481fb1b6f13d9cdbd64454b4ad7..0000000000000000000000000000000000000000 --- a/slapos/recipe/kvm/template/slapmonitor_run.in +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -# BEWARE: This file is operated by slapgrid -# BEWARE: It will be overwritten automatically -exec %(python_path)s %(slapmonitor_path)s %(pid_file_path)s %(database_path)s diff --git a/slapos/recipe/kvm/template/slapreport_run.in b/slapos/recipe/kvm/template/slapreport_run.in deleted file mode 100644 index 4b3dd99a377d0dcbcf256255c056877811dce397..0000000000000000000000000000000000000000 --- a/slapos/recipe/kvm/template/slapreport_run.in +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -# BEWARE: This file is operated by slapgrid -# BEWARE: It will be overwritten automatically -exec %(python_path)s %(slapreport_path)s $1 %(database_path)s diff --git a/slapos/recipe/kvm_frontend/__init__.py b/slapos/recipe/kvm_frontend/__init__.py new file mode 100644 index 0000000000000000000000000000000000000000..0da2573480b73e3aa0d0c62c739991a0ebc5cd87 --- /dev/null +++ b/slapos/recipe/kvm_frontend/__init__.py @@ -0,0 +1,137 @@ +############################################################################## +# +# Copyright (c) 2011 Vifib SARL and Contributors. All Rights Reserved. +# +# WARNING: This program as such is intended to be used by professional +# programmers who take the whole responsibility of assessing all potential +# consequences resulting from its eventual inadequacies and bugs +# End users who are looking for a ready-to-use solution with commercial +# guarantees and support are strongly adviced to contract a Free Software +# Service Company +# +# This program is Free Software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 3 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +############################################################################## +from slapos.recipe.librecipe import GenericBaseRecipe, GenericSlapRecipe +import json +import zc.buildout + +class Recipe(GenericSlapRecipe): + """ + kvm frontend instance configuration. + """ + + def _getRewriteRuleContent(self, slave_instance_list): + """Generate rewrite rules list from slaves list""" + rewrite_rule_list = [] + for slave_instance in slave_instance_list: + self.logger.info("Processing slave instance %s..." % + slave_instance['slave_reference']) + # Check for mandatory fields + if slave_instance.get('host', None) is None: + self.logger.warn('No "host" parameter is defined for %s slave'\ + 'instance. Ignoring it.' % slave_instance['slave_reference']) + continue + if slave_instance.get('port', None) is None: + self.logger.warn('No "host" parameter is defined for %s slave'\ + 'instance. Ignoring it.' % slave_instance['slave_reference']) + continue + + current_slave_dict = dict() + + # Get host, and if IPv6 address, remove "[" and "]" + current_slave_dict['host'] = slave_instance['host'].\ + replace('[', '').replace(']', '') + current_slave_dict['port'] = slave_instance['port'] + + # Check if target is https or http + current_slave_dict['https'] = slave_instance.get('https', 'true') + if current_slave_dict['https'] in GenericBaseRecipe.FALSE_VALUES: + current_slave_dict['https'] = 'false' + # Set reference and resource url + # Reference is raw reference from SlapOS Master, resource is + # URL-compatible name + reference = slave_instance.get('slave_reference') + current_slave_dict['reference'] = reference + current_slave_dict['resource'] = reference.replace('-', '') + rewrite_rule_list.append(current_slave_dict) + return rewrite_rule_list + + def _getProxyTableContent(self, rewrite_rule_list): + """Generate proxy table file content from rewrite rules list""" + proxy_table = dict() + for rewrite_rule in rewrite_rule_list: + proxy_table[rewrite_rule['resource']] = { + 'port': rewrite_rule['port'], + 'host': rewrite_rule['host'], + 'https': rewrite_rule['https'], + } + + proxy_table_content = json.dumps(proxy_table) + return proxy_table_content + + def _install(self): + # Check for mandatory field + if self.options.get('domain', None) is None: + raise zc.buildout.UserError('No domain name specified. Please define ' + 'the "domain" instance parameter.') + # Generate rewrite rules + rewrite_rule_list = self._getRewriteRuleContent( + json.loads(self.options['slave-instance-list'])) + # Create Map + map_content = self._getProxyTableContent(rewrite_rule_list) + map_file = self.createFile(self.options['map-path'], map_content) + + # Create configuration + conf = open(self.getTemplateFilename('kvm-proxy.js'), 'r') + conf_file = self.createFile(self.options['conf-path'], conf.read()) + conf.close() + + # Do we create http dummy server used to redirect to https? + if self.options['http-redirection'] in GenericBaseRecipe.TRUE_VALUES: + http_redirect_server = '1' + else: + http_redirect_server = '' + + config = dict( + ip=self.options['ip'], + port=self.options['port'], + key=self.options['ssl-key-path'], + certificate=self.options['ssl-cert-path'], + name=self.options['domain'], + shell_path=self.options['shell-path'], + node_path=self.options['node-binary'], + node_env=self.options['node-env'], + conf_path=conf_file, + map_path=map_file, + plain_http=http_redirect_server, + ) + + runner_path = self.createExecutable( + self.options['wrapper-path'], + self.substituteTemplate(self.getTemplateFilename('nodejs_run.in'), + config)) + + # Send connection parameters of slave instances + site_url = "https://%s:%s/" % (self.options['domain'], self.options['port']) + for slave in rewrite_rule_list: + self.setConnectionDict( + dict(url="%s%s" % (site_url, slave['resource']), + domainname=self.options['domain'], + port=self.options['port'], + resource=slave['resource']), + slave['reference']) + + return [map_file, conf_file, runner_path] diff --git a/slapos/recipe/kvm_frontend/template/kvm-proxy.js b/slapos/recipe/kvm_frontend/template/kvm-proxy.js new file mode 100644 index 0000000000000000000000000000000000000000..9c83d6930e1732ae9aa1efb75ecced8b93274004 --- /dev/null +++ b/slapos/recipe/kvm_frontend/template/kvm-proxy.js @@ -0,0 +1,128 @@ +/***************************************************************************** +* +* Copyright (c) 2012 Vifib SARL and Contributors. All Rights Reserved. +* +* WARNING: This program as such is intended to be used by professional +* programmers who take the whole responsibility of assessing all potential +* consequences resulting from its eventual inadequacies and bugs +* End users who are looking for a ready-to-use solution with commercial +* guarantees and support are strongly adviced to contract a Free Software +* Service Company +* +* This program is Free Software; you can redistribute it and/or +* modify it under the terms of the GNU General Public License +* as published by the Free Software Foundation; either version 3 +* of the License, or (at your option) any later version. +* +* This program is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +* GNU General Public License for more details. +* +* You should have received a copy of the GNU General Public License +* along with this program; if not, write to the Free Software +* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +* +*****************************************************************************/ + +/* Wrapper used to configure the httpproxy node package to proxy + http://myhost/myinstance + to real IP/URL of myinstance +*/ + +var fs = require('fs'), + util = require('util'), + colors = require('colors'), + http = require('http'), + httpProxy = require('http-proxy'), + proxyByUrl = require('proxy-by-url'); + +var listenInterface = process.argv[2], + port = process.argv[3], + sslKeyFile = process.argv[4], + sslCertFile = process.argv[5], + proxyTable = process.argv[6], + redirect = process.argv[7] || false, + isRawIPv6; + +if (process.argv.length < 7) { + console.error("Too few arguments. Exiting."); + process.exit(1); +} + +isRawIPv6 = function checkipv6(str) { + // Inspired by http://forums.intermapper.com/viewtopic.php?t=452 + return (/^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?\s*$/.test(str)); +}(listenInterface); + +/** + * Dummy middleware that throws 404 not found. Does not contain websocket + * middleware. + */ +var middlewareNotFound = function(req, res, proxy) { + res.statusCode = 404; + res.setHeader('Content-Type', 'text/plain'); + res.end('This URL is not known. Please check your URL or contact your ' + + 'SlapOS administrator.'); +}; + +/** + * Create server + */ +var proxyServer = httpProxy.createServer( + // We declare our proxyByUrl middleware + proxyByUrl(proxyTable), + // Then we add your dummy middleware, called when proxyByUrl doesn't find url. + middlewareNotFound, + // And we set HTTPS options for server. HTTP will be forbidden. + { + https: { + key: fs.readFileSync( + sslKeyFile, + 'utf8' + ), + cert: fs.readFileSync( + sslCertFile, + 'utf8' + ) + }, + source: { + host: listenInterface, + port: port + }} +); + +console.log('HTTPS server starting and trying to listen on ' + + listenInterface + ':' + port); +// Release the beast. +proxyServer.listen(port, listenInterface); + +// Dummy HTTP server redirecting to HTTPS. Only has sense if we can use port 80 +if (redirect === '1') { + console.log('HTTP redirect server starting and trying to listen on ' + + listenInterface + ':' + httpPort); + try { + var httpPort = 80; + http.createServer(function(req, res) { + var url; + if (isRawIPv6 === true) { + url = 'https://[' + listenInterface + ']'; + } else { + url = 'https://' + listenInterface; + } + // If non standard port : need to specify it + if (port !== 443) { + url = url + ':' + port; + } + // Add last part of URL + url = url + req.url; + console.log(url); + // Anwser "permanently redirected" + res.statusCode = 301; + res.setHeader('Location', url); + res.end(); + }).listen(httpPort, listenInterface); + } catch (error) { + console.log('Couldn\'t start plain HTTP redirection server : ' + error) + } +} diff --git a/slapos/recipe/kvm_frontend/template/nodejs_run.in b/slapos/recipe/kvm_frontend/template/nodejs_run.in new file mode 100644 index 0000000000000000000000000000000000000000..8384f05deba13f9e6be0a9417dd54a2b945a9eb9 --- /dev/null +++ b/slapos/recipe/kvm_frontend/template/nodejs_run.in @@ -0,0 +1,5 @@ +#!%(shell_path)s +# BEWARE: This file is operated by slapgrid +# BEWARE: It will be overwritten automatically +export NODE_PATH=%(node_env)s +exec %(node_path)s %(conf_path)s %(ip)s %(port)s %(key)s %(certificate)s %(map_path)s %(plain_http)s diff --git a/slapos/recipe/lamp/__init__.py b/slapos/recipe/lamp/__init__.py index 55ae815bcc6c859406b57b352b13c3c0eeef2bfa..710cc076032c2692df652dd9e354ef53695572b0 100644 --- a/slapos/recipe/lamp/__init__.py +++ b/slapos/recipe/lamp/__init__.py @@ -33,6 +33,8 @@ import sys import zc.recipe.egg import urlparse +# Warning : this recipe is deprecated and has been replaced by apachephp. + class BaseRecipe(BaseSlapRecipe): def getTemplateFilename(self, template_name): return pkg_resources.resource_filename(__name__, diff --git a/slapos/recipe/lamp/template/apache.in b/slapos/recipe/lamp/template/apache.in index 1d7d6a94d878c91a13533a3af66c426a2dde3490..b0b180872cc10068f3e43865f61bc78f4b7a2b11 100644 --- a/slapos/recipe/lamp/template/apache.in +++ b/slapos/recipe/lamp/template/apache.in @@ -3,7 +3,6 @@ # Basic server configuration PidFile "%(pid_file)s" -LockFile "%(lock_file)s" Listen %(ip)s:%(port)s PHPINIDir %(php_ini_dir)s ServerAdmin someone@email @@ -39,6 +38,9 @@ DocumentRoot %(document_root)s DirectoryIndex index.html index.php # List of modules +LoadModule unixd_module modules/mod_unixd.so +LoadModule access_compat_module modules/mod_access_compat.so +LoadModule authz_core_module modules/mod_authz_core.so LoadModule authz_host_module modules/mod_authz_host.so LoadModule log_config_module modules/mod_log_config.so LoadModule setenvif_module modules/mod_setenvif.so diff --git a/slapos/recipe/lamp/template/my.cnf.in b/slapos/recipe/lamp/template/my.cnf.in index 00eb280232a8e41206dccdca6be7fe15e58a1591..1466632e5b1af5a22713c563b012f9e85fbcca92 100644 --- a/slapos/recipe/lamp/template/my.cnf.in +++ b/slapos/recipe/lamp/template/my.cnf.in @@ -21,7 +21,7 @@ long_query_time = 5 max_allowed_packet = 128M query_cache_size = 32M -plugin-load = ha_groonga.so;ha_sphinx.so +plugin-load = ha_mroonga.so;ha_sphinx.so # The following are important to configure and depend a lot on to the size of # your database and the available resources. diff --git a/slapos/recipe/librecipe/generic.py b/slapos/recipe/librecipe/generic.py index 86829c378ceea8061730cf1add7811beff75173c..19729c6352d1018967c7c586c5999d9b646c5776 100644 --- a/slapos/recipe/librecipe/generic.py +++ b/slapos/recipe/librecipe/generic.py @@ -38,6 +38,7 @@ import zc.buildout class GenericBaseRecipe(object): TRUE_VALUES = ['y', 'yes', '1', 'true'] + FALSE_VALUES = ['n', 'no', '0', 'false'] def __init__(self, buildout, name, options): """Recipe initialisation""" diff --git a/slapos/recipe/logrotate.py b/slapos/recipe/logrotate.py index 42959a1c00f38372b45d6fa435e974d78c9d424e..06a455379e5b539600a3ea52f4c51f6bbca83e3c 100644 --- a/slapos/recipe/logrotate.py +++ b/slapos/recipe/logrotate.py @@ -31,23 +31,14 @@ from slapos.recipe.librecipe import GenericBaseRecipe class Recipe(GenericBaseRecipe): def install(self): - logrotate_backup = self.options['backup'] logrotate_d = self.options['logrotate-entries'] logrotate_conf_file = self.options['conf'] logrotate_conf = [ - 'daily', - 'dateext', - 'rotate 3650', - 'compress', 'compresscmd %s' % self.options['gzip-binary'], 'compressoptions -9', 'uncompresscmd %s' % self.options['gunzip-binary'], - 'notifempty', - 'sharedscripts', - 'create', 'include %s' % logrotate_d, - 'olddir %s' % logrotate_backup, ] logrotate_conf_file = self.createFile(logrotate_conf_file, @@ -69,7 +60,16 @@ class Part(GenericBaseRecipe): logrotate_d = self.options['logrotate-entries'] - conf = [] + conf = [ + 'daily', + 'dateext', + 'rotate 3650', + 'compress', + 'notifempty', + 'sharedscripts', + 'create', + 'olddir %s' % self.options['backup'], + ] if 'post' in self.options: conf.append("postrotate\n%s\nendscript" % self.options['post']) diff --git a/slapos/recipe/mkdirectory.py b/slapos/recipe/mkdirectory.py index 2eebf5579cf013267036fe13630061dd5b25f3cd..9ed44f14f5b572da0173a8351e7e824679cd2070 100644 --- a/slapos/recipe/mkdirectory.py +++ b/slapos/recipe/mkdirectory.py @@ -33,21 +33,12 @@ class Recipe(GenericBaseRecipe): def _options(self, options): self.directory = options.copy() del self.directory['recipe'] - - str_mode = '0700' - if 'mode' in self.directory: - str_mode = self.directory['mode'] - del self.directory['mode'] - self.mode = int(str_mode, 8) + self.mode = int(self.directory.pop('mode', '700'), 8) def install(self): - - for directory in sorted(self.directory.values()): - path = directory - + for path in sorted(self.directory.values()): if not os.path.exists(path): - os.mkdir(path, self.mode) + os.makedirs(path, self.mode) elif not os.path.isdir(path): raise OSError("%s path exits, but it's not a directory.") - return [] diff --git a/slapos/recipe/mysql/template/my.cnf.in b/slapos/recipe/mysql/template/my.cnf.in index f72db92443fd30d88a15a561d290945ade511608..5359785be61404413e73e2f1984a46f2614414ae 100644 --- a/slapos/recipe/mysql/template/my.cnf.in +++ b/slapos/recipe/mysql/template/my.cnf.in @@ -19,7 +19,7 @@ long_query_time = 5 max_allowed_packet = 128M query_cache_size = 32M -plugin-load = ha_groonga.so;ha_sphinx.so +plugin-load = ha_mroonga.so;ha_sphinx.so # The following are important to configure and depend a lot on to the size of # your database and the available resources. diff --git a/slapos/recipe/nbdserver/__init__.py b/slapos/recipe/nbdserver/__init__.py index 3b7e654b90dfa737f885b30c31c102b9ff068474..6f35add02be7a81cd558b7464ca6c125eb7469b0 100644 --- a/slapos/recipe/nbdserver/__init__.py +++ b/slapos/recipe/nbdserver/__init__.py @@ -1,6 +1,6 @@ ############################################################################## # -# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved. +# Copyright (c) 2011 Vifib SARL and Contributors. All Rights Reserved. # # WARNING: This program as such is intended to be used by professional # programmers who take the whole responsibility of assessing all potential @@ -24,59 +24,29 @@ # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # ############################################################################## -import os +from slapos.recipe.librecipe import GenericBaseRecipe import binascii -from slapos.recipe.librecipe import BaseSlapRecipe - -import pkg_resources - -class Recipe(BaseSlapRecipe): - - def _install(self): - - # Image path - cdrom_iso = os.path.join(self.data_root_directory, 'cdrom.iso') - - #Get the IP list - ip = self.getGlobalIPv6Address() - http_port = 9999 - nbd_port = 1024 - - # Instanciate onetimeupload - onetimeupload_config = {} - onetimeupload_config.update(self.options) - onetimeupload_config['port'] = http_port - onetimeupload_config['ip'] = ip - onetimeupload_config['image'] = cdrom_iso - onetimeupload_config['key'] = binascii.hexlify(os.urandom(24)) - onetimeupload_config['log_path'] = os.path.join(self.log_directory, - 'onetimeupload.log') - - wrapper_template_location = pkg_resources.resource_filename( - __name__, os.path.join( - 'template', 'onetimeupload_run.in')) - onetimeupload_runner_path = self.createRunningWrapper("onetimeupload", - self.substituteTemplate(wrapper_template_location, - onetimeupload_config)) - - # Instanciate qemu - qemu_config = {} - qemu_config.update(self.options) - qemu_config['ip'] = ip - qemu_config['port'] = nbd_port - qemu_config['image'] = cdrom_iso - - wrapper_template_location = pkg_resources.resource_filename( - __name__, os.path.join( - 'template', 'nbdserver_run.in')) - nbdserver_runner_path = self.createRunningWrapper("nbdserver", - self.substituteTemplate(wrapper_template_location, qemu_config)) - - # Publish connection dict - self.computer_partition.setConnectionDict(dict( - upload_connection_string="https://[%s]:%s/" % (ip, http_port), - upload_key=onetimeupload_config['key'], - nbd_connection_string="nbd:[%s]:%s" % (ip, nbd_port), - )) - - return [onetimeupload_runner_path, nbdserver_runner_path] +import os +import sys + +class Recipe(GenericBaseRecipe): + """ + nbd instance configuration. + """ + + def install(self): + config = dict( + ip=self.options['ip'], + port=self.options['port'], + image_path=self.options['image-path'], + qemu_path=self.options['qemu-path'], + shell_path=self.options['shell-path'], + ) + + # Runners + runner_path = self.createExecutable( + self.options['path'], + self.substituteTemplate(self.getTemplateFilename('nbdserver_run.in'), + config)) + + return [runner_path] diff --git a/slapos/recipe/nbdserver/template/nbdserver_run.in b/slapos/recipe/nbdserver/template/nbdserver_run.in index ca93f73b70fd273c59c559104e05eb7cdab3f968..dd7068a0e0e39f1f5e78e5f6fddb5fd5a9f76d48 100644 --- a/slapos/recipe/nbdserver/template/nbdserver_run.in +++ b/slapos/recipe/nbdserver/template/nbdserver_run.in @@ -1,6 +1,6 @@ -#!/bin/sh +#!%(shell_path)s # BEWARE: This file is operated by slapgrid # BEWARE: It will be overwritten automatically # 32767 is the maximum number of connections allowed by the nbd server -exec %(qemu_path)s -b %(ip)s %(image)s -r -t -p %(port)s -e 32767 +exec %(qemu_path)s -b %(ip)s %(image_path)s -r -t -p %(port)s -e 32767 diff --git a/slapos/recipe/novnc/__init__.py b/slapos/recipe/novnc/__init__.py new file mode 100644 index 0000000000000000000000000000000000000000..a24588d54c40e571e5c97ab508506356429f096f --- /dev/null +++ b/slapos/recipe/novnc/__init__.py @@ -0,0 +1,54 @@ +############################################################################## +# +# Copyright (c) 2011 Vifib SARL and Contributors. All Rights Reserved. +# +# WARNING: This program as such is intended to be used by professional +# programmers who take the whole responsibility of assessing all potential +# consequences resulting from its eventual inadequacies and bugs +# End users who are looking for a ready-to-use solution with commercial +# guarantees and support are strongly adviced to contract a Free Software +# Service Company +# +# This program is Free Software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 3 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +############################################################################## +from slapos.recipe.librecipe import GenericBaseRecipe +import binascii +import os +import sys + +class Recipe(GenericBaseRecipe): + """ + novnc instance configuration. + """ + + def install(self): + runner_path = self.createPythonScript( + self.options['path'], + 'slapos.recipe.librecipe.execute.execute_wait', + [[ + self.options['websockify-path'], + '--web', + self.options['novnc-location'], + '--key=%s' % self.options['ssl-key-path'], + '--cert=%s' % self.options['ssl-cert-path'], + '--ssl-only', + '%s:%s' % (self.options['ip'], self.options['port']), + '%s:%s' % (self.options['vnc-ip'], self.options['vnc-port']), + ], + [self.options['ssl-key-path'], self.options['ssl-cert-path']]], + ) + + return [runner_path] diff --git a/slapos/recipe/pulse2/template/apache.in.in b/slapos/recipe/pulse2/template/apache.in.in index 3a8a8c7f6b1dfbef5f6617ffaed3305351db6585..5bcaade54b55d0bb5831176c5d6c440f132e1f86 100644 --- a/slapos/recipe/pulse2/template/apache.in.in +++ b/slapos/recipe/pulse2/template/apache.in.in @@ -3,7 +3,6 @@ # Basic server configuration PidFile "%(pid_file)s" -LockFile "%(lock_file)s" Listen %(ip)s:%(port)s PHPINIDir %(php_ini_dir)s ServerAdmin someone@email @@ -42,6 +41,9 @@ DocumentRoot %(document_root)s DirectoryIndex index.html index.php # List of modules +LoadModule unixd_module modules/mod_unixd.so +LoadModule access_compat_module modules/mod_access_compat.so +LoadModule authz_core_module modules/mod_authz_core.so LoadModule authz_host_module modules/mod_authz_host.so LoadModule log_config_module modules/mod_log_config.so LoadModule setenvif_module modules/mod_setenvif.so diff --git a/slapos/recipe/request.py b/slapos/recipe/request.py index 46ca4d68272ef20d9db6c6159aae93c555c38d30..52c8454f9bb2fa9c836c30d7e12b31bf93204fac 100644 --- a/slapos/recipe/request.py +++ b/slapos/recipe/request.py @@ -54,7 +54,7 @@ class Recipe(object): self.return_parameters = [str(parameter).strip() for parameter in options['return'].split()] else: - self.logger.warning("No parameter to return to main instance." + self.logger.debug("No parameter to return to main instance." "Be careful about that...") software_type = 'RootInstanceSoftware' @@ -72,14 +72,15 @@ class Recipe(object): partition_parameter_kw[config_parameter] = \ options['config-%s' % config_parameter] - instance = self.request(options['software-url'], software_type, + self.instance = self.request(options['software-url'], software_type, options.get('name', name), partition_parameter_kw=partition_parameter_kw, filter_kw=filter_kw, shared=self.isSlave) self.failed = None for param in self.return_parameters: try: - options['connection-%s' % param] = str(instance.getConnectionParameter(param)) + options['connection-%s' % param] = str( + self.instance.getConnectionParameter(param)) except slapmodule.NotFoundError: options['connection-%s' % param] = '' if self.failed is None: @@ -87,7 +88,16 @@ class Recipe(object): def install(self): if self.failed is not None: - raise KeyError("Connection parameter %r not found." % self.failed) + # Check instance status to know if instance has been deployed + try: + status = self.instance.getState() + except slapmodule.NotFoundError: + status = "not ready yet, please try again" + # XXX-Cedric : currently raise an error. So swallow it... + except AttributeError: + status = "unknown" + raise KeyError("Connection parameter %s not found. " + "Status of requested instance is : %s." % (self.failed, status)) return [] update = install diff --git a/slapos/recipe/slaprunner/__init__.py b/slapos/recipe/slaprunner/__init__.py index 3c74cb5b21bde688d1163612fcff06280a629428..347c13ef9e06c238dc01e6ef326336a684ce4078 100644 --- a/slapos/recipe/slaprunner/__init__.py +++ b/slapos/recipe/slaprunner/__init__.py @@ -40,6 +40,7 @@ class Recipe(BaseSlapRecipe): ipv6 = self.getGlobalIPv6Address() proxy_port = '50000' runner_port = '50000' + cloud9_port = '30000' workdir = self.createDataDirectory('runner') software_root = os.path.join(workdir, 'software') instance_root = os.path.join(workdir, 'instance') @@ -48,7 +49,7 @@ class Recipe(BaseSlapRecipe): instance_root=instance_root, master_url='http://%s:%s/' % (ipv4, proxy_port), computer_id='slaprunner', - partition_amount=2, + partition_amount=7, slapgrid_sr=self.options['slapgrid_sr'], slapgrid_cp=self.options['slapgrid_cp'], slapproxy=self.options['slapproxy'], @@ -64,22 +65,33 @@ class Recipe(BaseSlapRecipe): proxy_port=proxy_port, proxy_database=os.path.join(workdir, 'proxy.db'), git=self.options['git'], + cloud9_url='http://[%s]:%s' % (ipv6, cloud9_port), ssh_client=self.options['ssh_client'], public_key=self.options['public_key'], - private_key=self.options['private_key'] + private_key=self.options['private_key'], + ) config_file = self.createConfigurationFile('slapos.cfg', self.substituteTemplate(pkg_resources.resource_filename(__name__, 'template/slapos.cfg.in'), configuration)) self.path_list.append(config_file) - + environment = dict( PATH=os.path.dirname(self.options['git']) + ':' + os.environ['PATH'], GIT_SSH=self.options['ssh_client'] ) + workdir = os.path.join(workdir, 'project') + if not os.path.exists(workdir): + os.mkdir(workdir) launch_args = [self.options['slaprunner'].strip(), config_file, '--debug'] + cloud9_args = [self.options['node-bin'].strip(), self.options['cloud9'].strip(), + '-l', ipv6, '-p', cloud9_port, '-w', workdir] self.path_list.extend(zc.buildout.easy_install.scripts([('slaprunner', 'slapos.recipe.librecipe.execute', 'executee')], self.ws, sys.executable, self.wrapper_directory, arguments=[launch_args, environment])) - self.setConnectionDict(dict(url='http://[%s]:%s' % (ipv6, runner_port))) + self.path_list.extend(zc.buildout.easy_install.scripts([('cloud9IDE', + 'slapos.recipe.librecipe.execute', 'executee')], self.ws, sys.executable, + self.wrapper_directory, arguments=[cloud9_args, environment])) + self.setConnectionDict(dict(slaprunner_url='http://[%s]:%s' % (ipv6, runner_port), + cloud9_url='http://[%s]:%s' % (ipv6, cloud9_port))) return self.path_list diff --git a/slapos/recipe/slaprunner/template/slapos.cfg.in b/slapos/recipe/slaprunner/template/slapos.cfg.in index 5dc00060eccae8c5842ae6500da3459e4bb9e200..a10da0cf5e11a414df22ed6f8dd6adb7955b6e4b 100644 --- a/slapos/recipe/slaprunner/template/slapos.cfg.in +++ b/slapos/recipe/slaprunner/template/slapos.cfg.in @@ -31,3 +31,6 @@ private_key = %(private_key)s [gitclient] git = %(git)s + +[cloud9_IDE] +cloud9 = %(cloud9_url)s \ No newline at end of file diff --git a/slapos/recipe/softwaretype.py b/slapos/recipe/softwaretype.py index 43ff451f1e8a30c1dfba1b107f22abdb8ed7d655..825a153f1a91a5a48729b6f76232e83a15a53ad0 100644 --- a/slapos/recipe/softwaretype.py +++ b/slapos/recipe/softwaretype.py @@ -64,6 +64,15 @@ class Recipe: # XXX: Lack checking for globality of address return self._getIpAddress(netaddr.valid_ipv6) + def getNetworkInterface(self): + """Returns the network interface available on partition""" + if not 'ip_list' in self.parameter_dict: + raise AttributeError + for name, ip in self.parameter_dict['ip_list']: + if name: + return name + raise AttributeError, "Not network interface found" + def install(self): slap = slapos.slap.slap() slap_connection = self.buildout['slap_connection'] @@ -111,6 +120,8 @@ class Recipe: self.getLocalIPv4Address()) buildout.set('slap-network-information', 'global-ipv6', self.getGlobalIPv6Address()) + buildout.set('slap-network-information', 'network-interface', + self.getNetworkInterface()) # Copy/paste slap_connection buildout.add_section('slap-connection') diff --git a/slapos/recipe/symbolic_link.py b/slapos/recipe/symbolic_link.py index 2bcc01d6fd6be7f54342ccc4f3360f7041684c5b..4e1d97e477c6abb5bf6fd382281fcca90636af3c 100644 --- a/slapos/recipe/symbolic_link.py +++ b/slapos/recipe/symbolic_link.py @@ -54,3 +54,5 @@ class Recipe: path_list.append(link) return path_list + + update = install diff --git a/slapos/recipe/web_checker/__init__.py b/slapos/recipe/web_checker/__init__.py new file mode 100644 index 0000000000000000000000000000000000000000..4101e5bf454e49e0485a3aa4d4eb0ad9660b2a66 --- /dev/null +++ b/slapos/recipe/web_checker/__init__.py @@ -0,0 +1,53 @@ +############################################################################## +# +# Copyright (c) 2012 Vifib SARL and Contributors. All Rights Reserved. +# +# WARNING: This program as such is intended to be used by professional +# programmers who take the whole responsibility of assessing all potential +# consequences resulting from its eventual inadequacies and bugs +# End users who are looking for a ready-to-use solution with commercial +# guarantees and support are strongly adviced to contract a Free Software +# Service Company +# +# This program is Free Software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 3 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +############################################################################## +import os +import re +from slapos.recipe.librecipe import GenericSlapRecipe + +class Recipe(GenericSlapRecipe): + """ + Create web checker configuration. + """ + def _install(self): + path_list = [] + web_checker_mail_address = self.parameter_dict['web-checker-mail-address'] + web_checker_smtp_host = self.parameter_dict['web-checker-smtp-host'] + web_checker_working_directory = \ + self.options['web-checker-working-directory'] + config = dict( + web_checker_mail_address = web_checker_mail_address, + web_checker_smtp_host = web_checker_smtp_host, + web_checker_working_directory = web_checker_working_directory, + frontend_url = self.options['frontend-url'], + wget_binary_path = self.options['wget-binary-path'], + varnishlog_binary_path = self.options['varnishlog-binary-path'], + web_checker_log = self.options['web-checker-log'], + ) + path_list.append(self.createFile(self.options['web-checker-config'], + self.substituteTemplate(self.getTemplateFilename('web_checker.cfg.in'), + config))) + return path_list diff --git a/slapos/recipe/web_checker/template/web_checker.cfg.in b/slapos/recipe/web_checker/template/web_checker.cfg.in new file mode 100644 index 0000000000000000000000000000000000000000..8ac98a61c16085b54245d3e453207d0d49cbd25d --- /dev/null +++ b/slapos/recipe/web_checker/template/web_checker.cfg.in @@ -0,0 +1,36 @@ +[web_checker] +url = %(frontend_url)s +working_directory = %(web_checker_working_directory)s +varnishlog_binary_path = %(varnishlog_binary_path)s +wget_binary_path = %(wget_binary_path)s +email_address = %(web_checker_mail_address)s +smtp_host = %(web_checker_smtp_host)s +debug_level = debug +file_log_path = %(web_checker_log)s + +[header_list] +Last-Modified = True +Expires = True +Vary = Accept-Language, Cookie, Accept-Encoding + Accept-Language, Cookie + Accept-Language,Cookie,Accept-Encoding + Accept-Language,Cookie + Accept-Encoding +Cache-Control = max-age=300 + max-age=3600 + +[header url=(.*_form)] +Vary = Accept-Encoding + +[header url=.*/favicon.ico] +Last-Modified = True + +[no_header content-type=(image/.*|text/css|.*/javascript)] +Vary = None + +[erp5_extension_list] +prohibited_folder_name_list = web_page_module + document_module +prohibited_file_name_list = WebSection_viewAsWeb + Base_viewHistory + list diff --git a/slapos/recipe/xwiki/template/my.cnf.in b/slapos/recipe/xwiki/template/my.cnf.in index 00eb280232a8e41206dccdca6be7fe15e58a1591..1466632e5b1af5a22713c563b012f9e85fbcca92 100644 --- a/slapos/recipe/xwiki/template/my.cnf.in +++ b/slapos/recipe/xwiki/template/my.cnf.in @@ -21,7 +21,7 @@ long_query_time = 5 max_allowed_packet = 128M query_cache_size = 32M -plugin-load = ha_groonga.so;ha_sphinx.so +plugin-load = ha_mroonga.so;ha_sphinx.so # The following are important to configure and depend a lot on to the size of # your database and the available resources. diff --git a/software/apache-frontend/instance.cfg b/software/apache-frontend/instance.cfg new file mode 100644 index 0000000000000000000000000000000000000000..fecc536ddae08643a9b55bb2f92277fb695321c9 --- /dev/null +++ b/software/apache-frontend/instance.cfg @@ -0,0 +1,18 @@ +[buildout] +parts = + instance + +eggs-directory = ${buildout:eggs-directory} +develop-eggs-directory = ${buildout:develop-eggs-directory} + +[instance] +recipe = ${instance-recipe:egg}:${instance-recipe:module} +httpd_binary = ${apache:location}/bin/httpd +logrotate_binary = ${logrotate:location}/usr/sbin/logrotate +openssl_binary = ${openssl:location}/bin/openssl +dcrond_binary = ${dcron:location}/sbin/crond +varnishd_binary = ${varnish-2.1:location}/sbin/varnishd +stunnel_binary = ${stunnel:location}/bin/stunnel +rdiff_backup_binary = ${buildout:bin-directory}/rdiff-backup +gcc_binary = ${gcc-java-minimal:location}/bin/gcc +binutils_directory = ${binutils:location}/bin/ diff --git a/software/apache-frontend/software.cfg b/software/apache-frontend/software.cfg new file mode 100644 index 0000000000000000000000000000000000000000..90df60953ac66f8b889e8196dadca64e940ff92e --- /dev/null +++ b/software/apache-frontend/software.cfg @@ -0,0 +1,141 @@ +[buildout] +versions = versions + +extends = + ../../component/binutils/buildout.cfg + ../../component/gcc/buildout.cfg + ../../component/lxml-python/buildout.cfg + ../../component/apache/buildout.cfg + ../../component/stunnel/buildout.cfg + ../../component/varnish/buildout.cfg + ../../component/dcron/buildout.cfg + ../../component/logrotate/buildout.cfg + ../../component/rdiff-backup/buildout.cfg + ../../stack/slapos.cfg + +parts = + template + binutils + gcc-java-minimal + apache + apache-antiloris + + stunnel + varnish-2.1 + + dcron + logrotate + rdiff-backup + +# Buildoutish + eggs + instance-recipe-egg + +[instance-recipe] +# Note: In case if specific instantiation recipe is used this is the place to +# put its name +egg = slapos.cookbook +module = apache.frontend + +[instance-recipe-egg] +recipe = zc.recipe.egg +eggs = ${instance-recipe:egg} + +[eggs] +recipe = zc.recipe.egg +eggs = + ${lxml-python:egg} + +[template] +# Default template for apache instance. +recipe = slapos.recipe.template +url = ${:_profile_base_location_}/instance.cfg +md5sum = 17180caef7d1c477fbb037d28b705e8b +output = ${buildout:directory}/template.cfg +mode = 0644 + +[versions] +# Use SlapOS patched zc.buildout +zc.buildout = 1.6.0-dev-SlapOS-004 +Jinja2 = 2.6 +Werkzeug = 0.8.3 +buildout-versions = 1.7 +hexagonit.recipe.cmmi = 1.5.0 +meld3 = 0.6.8 +rdiff-backup = 1.0.5 +slapos.recipe.template = 2.2 +slapos.cookbook = 0.40.1 + +# Required by: +# slapos.core==0.23 +Flask = 0.8 + +# Required by: +# slapos.cookbook==0.40.1 +PyXML = 0.8.4 + +# Required by: +# hexagonit.recipe.cmmi==1.5.0 +hexagonit.recipe.download = 1.5.0 + +# Required by: +# slapos.cookbook==0.40.1 +inotifyx = 0.2.0 + +# Required by: +# slapos.cookbook==0.40.1 +# slapos.core==0.23 +# xml-marshaller==0.9.7 +lxml = 2.3.3 + +# Required by: +# slapos.cookbook==0.40.1 +netaddr = 0.7.6 + +# Required by: +# slapos.core==0.23 +netifaces = 0.8 + +# Required by: +# slapos.cookbook==0.40.1 +# slapos.core==0.23 +# zc.buildout==1.6.0-dev-SlapOS-004 +# zc.recipe.egg==1.3.2 +setuptools = 0.6c12dev-r88846 + +# Required by: +# slapos.cookbook==0.40.1 +slapos.core = 0.23 + +# Required by: +# slapos.core==0.23 +supervisor = 3.0a12 + +# Required by: +# slapos.cookbook==0.40.1 +xml-marshaller = 0.9.7 + +# Required by: +# slapos.cookbook==0.40.1 +zc.recipe.egg = 1.3.2 + +# Required by: +# slapos.core==0.23 +zope.interface = 3.8.0 + +[networkcache] +# Cedric de Saint Martin signature certificate +signature-certificate-list = + -----BEGIN CERTIFICATE----- + MIIB9jCCAV+gAwIBAgIJAO4V/jiMoICoMA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV + BAMMCENPTVAtMjMyMCAXDTEyMDIxNjExMTAyM1oYDzIxMTIwMTIzMTExMDIzWjAT + MREwDwYDVQQDDAhDT01QLTIzMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA + wi/3Z8W9pUiegUXIk/AiFDQ0UJ4JFAwjqr+HSRUirlUsHHT+8DzH/hfcTDX1I5BB + D1ADk+ydXjMm3OZrQcXjn29OUfM5C+g+oqeMnYQImN0DDQIOcUyr7AJc4xhvuXQ1 + P2pJ5NOd3tbd0kexETa1LVhR6EgBC25LyRBRae76qosCAwEAAaNQME4wHQYDVR0O + BBYEFMDmW9aFy1sKTfCpcRkYnP6zUd1cMB8GA1UdIwQYMBaAFMDmW9aFy1sKTfCp + cRkYnP6zUd1cMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAskbFizHr + b6d3iIyN+wffxz/V9epbKIZVEGJd/6LrTdLiUfJPec7FaxVCWNyKBlCpINBM7cEV + Gn9t8mdVQflNqOlAMkOlUv1ZugCt9rXYQOV7rrEYJBWirn43BOMn9Flp2nibblby + If1a2ZoqHRxoNo2yTmm7TSYRORWVS+vvfjY= + -----END CERTIFICATE----- diff --git a/software/cloudooo/development.cfg b/software/cloudooo/development.cfg new file mode 100644 index 0000000000000000000000000000000000000000..d86faeff17d77fb80556ea3998c452fc2c3ebbcb --- /dev/null +++ b/software/cloudooo/development.cfg @@ -0,0 +1,3 @@ +[buildout] +extends = software.cfg +auto-checkout = cloudooo diff --git a/software/cloudooo/instance.cfg b/software/cloudooo/instance.cfg index 5d3da358eadd29c644a9b368b3ed41bb3b580c21..a1a1b42e20818b9c7c7a6cf2a2d062f4b47eedf6 100644 --- a/software/cloudooo/instance.cfg +++ b/software/cloudooo/instance.cfg @@ -23,4 +23,4 @@ link_binary_list = ${pdftk:location}/bin/pdftk environment = - LD_LIBRARY_PATH = ${file:location}/lib:${fontconfig:location}/lib:${freetype:location}/lib:${libICE:location}/lib:${libSM:location}/lib:${libX11:location}/lib:${libXau:location}/lib:${libXdmcp:location}/lib:${libXext:location}/lib:${libXinerama:location}/lib:${libxcb:location}/lib:${zlib:location}/lib + LD_LIBRARY_PATH = ${file:location}/lib:${fontconfig:location}/lib:${freetype:location}/lib:${libICE:location}/lib:${libpng12:location}/lib:${libSM:location}/lib:${libX11:location}/lib:${libXau:location}/lib:${libXdmcp:location}/lib:${libXext:location}/lib:${libxcb:location}/lib:${libXrender:location}/lib:${zlib:location}/lib diff --git a/software/cloudooo/software.cfg b/software/cloudooo/software.cfg index 879ef71da20891701d7a7da4cd7feb71d5bdeb63..7f8143fb47931371823ef29d1864358400d4f80a 100644 --- a/software/cloudooo/software.cfg +++ b/software/cloudooo/software.cfg @@ -33,6 +33,6 @@ module = cloudooo # Default template for erp5 instance. recipe = slapos.recipe.template url = ${:_profile_base_location_}/instance.cfg -md5sum = 2a38a928deb5870e02a8271b34341f5b +md5sum = 49da453a38dc5462c170747a029037b7 output = ${buildout:directory}/template.cfg mode = 0644 diff --git a/software/erp5/instance-cloudooo.cfg b/software/erp5/instance-cloudooo.cfg index 894530fedcc465a91daec84323bce93b42c57482..3428ecd13a81c40fd81878813c547620369db93a 100644 --- a/software/erp5/instance-cloudooo.cfg +++ b/software/erp5/instance-cloudooo.cfg @@ -27,7 +27,7 @@ wrapper = $${basedirectory:services}/cloudooo data-directory = $${directory:cloudooo-data} environment = - LD_LIBRARY_PATH = ${file:location}/lib:${fontconfig:location}/lib:${freetype:location}/lib:${libICE:location}/lib:${libSM:location}/lib:${libX11:location}/lib:${libXau:location}/lib:${libXdmcp:location}/lib:${libXext:location}/lib:${libXinerama:location}/lib:${libxcb:location}/lib:${zlib:location}/lib + LD_LIBRARY_PATH = ${file:location}/lib:${fontconfig:location}/lib:${freetype:location}/lib:${libICE:location}/lib:${libpng12:location}/lib:${libSM:location}/lib:${libX11:location}/lib:${libXau:location}/lib:${libXdmcp:location}/lib:${libXext:location}/lib:${libxcb:location}/lib:${libXrender:location}/lib:${zlib:location}/lib FONTCONFIG_FILE = $${fontconfig-instance:conf-path} # Binary information diff --git a/software/erp5/instance-erp5-development.cfg b/software/erp5/instance-erp5-development.cfg index 605342eb6a45dfb5b150b347c8fb7bdc7fcb1a6b..1664c2c1a01be81a117f6756daf56ec73701118b 100644 --- a/software/erp5/instance-erp5-development.cfg +++ b/software/erp5/instance-erp5-development.cfg @@ -54,11 +54,11 @@ ca-crl = $${test-cadirectory:crl} [test-cadirectory] recipe = slapos.cookbook:mkdirectory -requests = $${directory:test-ca-dir}/requests/ -private = $${directory:test-ca-dir}/private/ -certs = $${directory:test-ca-dir}/certs/ -newcerts = $${directory:test-ca-dir}/newcerts/ -crl = $${directory:test-ca-dir}/crl/ +requests = $${directory:test-ca-dir}/requests +private = $${directory:test-ca-dir}/private +certs = $${directory:test-ca-dir}/certs +newcerts = $${directory:test-ca-dir}/newcerts +crl = $${directory:test-ca-dir}/crl [erp5-update] recipe = slapos.cookbook:erp5.update @@ -117,13 +117,13 @@ software-type = kumofs # rest of parts are candidates for some generic stuff [basedirectory] recipe = slapos.cookbook:mkdirectory -services = $${rootdirectory:etc}/run/ +services = $${rootdirectory:etc}/run [rootdirectory] recipe = slapos.cookbook:mkdirectory -etc = $${buildout:directory}/etc/ +etc = $${buildout:directory}/etc [directory] -test-ca-dir = $${rootdirectory:srv}/test-ca/ -test-instance-path = $${rootdirectory:srv}/test-instance/ -unit-test-path = $${:test-instance-path}/unit_test/ +test-ca-dir = $${rootdirectory:srv}/test-ca +test-instance-path = $${rootdirectory:srv}/test-instance +unit-test-path = $${:test-instance-path}/unit_test diff --git a/software/erp5/instance-erp5-production.cfg b/software/erp5/instance-erp5-production.cfg index 5922f446021e05884ea1ad64369408e9ad27533f..50e0c606d8203dd2d19d8c38a6e17c35f0fe48a8 100644 --- a/software/erp5/instance-erp5-production.cfg +++ b/software/erp5/instance-erp5-production.cfg @@ -34,6 +34,7 @@ partition-id = $${slap-connection:partition-id} name = Sphinx Search Engine software-type = sphinx sla-computer_guid = $${slap-parameter:sphinx-computer-guid} +return = url-sphinx url-sphinx-sql [request-mariadb] <=request-common @@ -65,15 +66,30 @@ sla-computer_guid = $${slap-parameter:kumofs-computer-guid} <=request-common name = TidStorage return = url-login -config = json mysql-url memcached-url cloudooo-url kumofs-url +config = json mysql-url memcached-url cloudooo-url kumofs-url sphinx-url-sphinx sphinx-url-sphinx-sql smtp-url bt5 bt5-repository-url config-json = $${slap-parameter:json} config-mysql-url = $${request-mariadb:connection-url} config-memcached-url = $${request-memcached:connection-url} config-cloudooo-url = $${request-cloudooo:connection-url} config-kumofs-url = $${request-kumofs:connection-url} +config-sphinx-url-sphinx = $${request-sphinx:connection-url-sphinx} +config-sphinx-url-sphinx-sql = $${request-sphinx:connection-url-sphinx-sql} +config-bt5 = $${slap-parameter:bt5} +config-bt5-repository-url = $${slap-parameter:bt5-repository-url} +config-smtp-url = $${slap-parameter:smtp-url} software-type = tidstorage sla-computer_guid = $${slap-parameter:tidstorage-computer-guid} +[request-varnish] +<=request-common +name = Varnish +config = tidstorage-url +config-tidstorage-url = $${request-tidstorage:connection-url-login} +config-web-checker-mail-address = $${slap-parameter:web-checker-mail-address} +config-web-checker-smtp-host = $${slap-parameter:web-checker-smtp-host} +software-type = varnish +sla-computer_guid = $${slap-parameter:varnish-computer-guid} + [slap-parameter] # Default value if no computer_guid is specified for each type sphinx-computer-guid = $${slap-connection:computer-id} @@ -82,6 +98,15 @@ cloudooo-computer-guid = $${slap-connection:computer-id} memcached-computer-guid = $${slap-connection:computer-id} kumofs-computer-guid = $${slap-connection:computer-id} tidstorage-computer-guid = $${slap-connection:computer-id} +varnish-computer-guid = $${slap-connection:computer-id} +cloudooo-json = +bt5 = erp5_full_text_myisam_catalog + erp5_configurator_standard + erp5_configurator_maxma_demo + erp5_configurator_ung + erp5_configurator_run_my_doc +bt5-repository-url = ${local-bt5-repository:list} +smtp-url = smtp://localhost:25/ # rest of parts are candidates for some generic stuff [basedirectory] diff --git a/software/erp5/instance-kumofs.cfg b/software/erp5/instance-kumofs.cfg index b8b49dd4a64af53ee50e4d1e8922c3c8a5c5831c..4b1acb1b78edcbd3eebddc82afba7e91c6480024 100644 --- a/software/erp5/instance-kumofs.cfg +++ b/software/erp5/instance-kumofs.cfg @@ -42,6 +42,7 @@ kumo-server-log = $${basedirectory:log}/kumo-server.log kumo-gateway-binary = ${kumo:location}/bin/kumo-gateway kumo-manager-binary = ${kumo:location}/bin/kumo-manager kumo-server-binary = ${kumo:location}/bin/kumo-server +shell-path = ${dash:location}/bin/dash [logrotate-entry-kumofs] <= logrotate @@ -77,7 +78,6 @@ recipe = slapos.cookbook:mkdirectory cron-entries = $${rootdirectory:etc}/cron.d crontabs = $${rootdirectory:etc}/crontabs cronstamps = $${rootdirectory:etc}/cronstamps -cronoutput = $${basedirectory:log}/cron logrotate-backup = $${basedirectory:backup}/logrotate logrotate-entries = $${rootdirectory:etc}/logrotate.d kumofs-data = $${rootdirectory:srv}/kumofs @@ -95,13 +95,13 @@ dcrond-binary = ${dcron:location}/sbin/crond cron-entries = $${directory:cron-entries} crontabs = $${directory:crontabs} cronstamps = $${directory:cronstamps} -catcher = $${cron-simplelogger:binary} +catcher = $${cron-simplelogger:wrapper} binary = $${basedirectory:services}/crond [cron-simplelogger] recipe = slapos.cookbook:simplelogger -binary = $${rootdirectory:bin}/cron_simplelogger -output = $${directory:cronoutput} +wrapper = $${rootdirectory:bin}/cron_simplelogger +log = $${basedirectory:log}/cron.log [cron-entry-logrotate] <= cron diff --git a/software/erp5/instance-mariadb.cfg b/software/erp5/instance-mariadb.cfg index 119f138851ec956e98d34f29cdc9b2b5ffd4ef10..04ed909b6754096ef86a6a09664b0f5e9a348a08 100644 --- a/software/erp5/instance-mariadb.cfg +++ b/software/erp5/instance-mariadb.cfg @@ -115,13 +115,13 @@ dcrond-binary = ${dcron:location}/sbin/crond cron-entries = $${directory:cron-entries} crontabs = $${directory:crontabs} cronstamps = $${directory:cronstamps} -catcher = $${cron-simplelogger:binary} +catcher = $${cron-simplelogger:wrapper} binary = $${basedirectory:services}/crond [cron-simplelogger] recipe = slapos.cookbook:simplelogger -binary = $${rootdirectory:bin}/cron_simplelogger -output = $${directory:cronoutput} +wrapper = $${rootdirectory:bin}/cron_simplelogger +log = $${basedirectory:log}/cron.log [cron-entry-logrotate] <= cron @@ -164,7 +164,6 @@ recipe = slapos.cookbook:mkdirectory cron-entries = $${rootdirectory:etc}/cron.d crontabs = $${rootdirectory:etc}/crontabs cronstamps = $${rootdirectory:etc}/cronstamps -cronoutput = $${basedirectory:log}/cron ca-dir = $${rootdirectory:srv}/ssl mariadb-backup-full = $${basedirectory:backup}/mariadb-full mariadb-backup-incremental = $${basedirectory:backup}/mariadb-incremental diff --git a/software/erp5/instance-memcached.cfg b/software/erp5/instance-memcached.cfg index 4ec3390f9a6f162475d5767b66c8baf24723e1e0..4a90d757e47de4cdaa6f7f0cc982ac1ed52d3a87 100644 --- a/software/erp5/instance-memcached.cfg +++ b/software/erp5/instance-memcached.cfg @@ -27,6 +27,7 @@ services = $${rootdirectory:etc}/run recipe = slapos.cookbook:generic.memcached wrapper_path = $${basedirectory:services}/memcached binary_path = ${memcached:location}/bin/memcached +shell-path = ${dash:location}/bin/dash ip = $${slap-network-information:local-ipv4} port = 11000 diff --git a/software/erp5/instance-varnish.cfg b/software/erp5/instance-varnish.cfg new file mode 100644 index 0000000000000000000000000000000000000000..d08d9de18109ea0db2429576cd6337ab959a3e40 --- /dev/null +++ b/software/erp5/instance-varnish.cfg @@ -0,0 +1,118 @@ +[buildout] +parts = + publish-varnish-connection-information + varnish-instance + web-checker + cron + cron-entry-logrotate + cron-entry-web-checker + +eggs-directory = ${buildout:eggs-directory} +develop-eggs-directory = ${buildout:develop-eggs-directory} +offline = true + +[publish-varnish-connection-information] +recipe = slapos.cookbook:publishurl +url = http://$${varnish-instance:ip}:$${varnish-instance:server-port}/ + +[varnish-instance] +recipe = slapos.cookbook:generic.varnish + +# Network options +ip = $${slap-network-information:local-ipv4} +server-port = 6001 +manager-port = 6002 + +# Paths: Running wrappers +varnishd-wrapper = $${basedirectory:services}/varnishd +varnishlog-wrapper = $${rootdirectory:bin}/varnishlog + +# Binary information +varnishd-binary = ${varnish:location}/sbin/varnishd +varnishlog-binary = ${varnish:location}/bin/varnishlog +shell-path = ${dash:location}/bin/dash +# Configuration by VCL +vcl-file = $${rootdirectory:etc}/default.vcl +pid-file = $${basedirectory:run}/varnishd.pid +varnish-data = $${directory:varnish-data} +# this will pass at -n option +varnish-instance-name = $${directory:varnish-instance} +web-checker = ${buildout:bin-directory}/web_checker_utility + +[cron-entry-web-checker] +<= cron +recipe = slapos.cookbook:cron.d +name = web-checker +frequency = 0 0 * * * +command = $${varnish-instance:web-checker} $${web-checker:web-checker-config} + +[web-checker] +recipe = slapos.cookbook:webchecker +web-checker-config = $${rootdirectory:etc}/web_checker.cfg +web-checker-working-directory = $${directory:web-checker} +# for now frontend-url is varnish, it will replace with the real front-end one. +frontend-url = $${varnish-instance:ip}:$${varnish-instance:server-port} +wget-binary-path = ${wget:location}/bin/wget +varnishlog-binary-path = $${varnish-instance:varnishlog-wrapper} +web-checker-log = $${basedirectory:log}/web-checker.log + +[cron] +recipe = slapos.cookbook:cron +dcrond-binary = ${dcron:location}/sbin/crond +cron-entries = $${directory:cron-entries} +crontabs = $${directory:crontabs} +cronstamps = $${directory:cronstamps} +binary = $${basedirectory:services}/crond +catcher = $${cron-simplelogger:wrapper} + +[cron-simplelogger] +recipe = slapos.cookbook:simplelogger +wrapper = $${rootdirectory:bin}/cron_simplelogger +log = $${basedirectory:log}/cron.log + +[cron-entry-logrotate] +<= cron +recipe = slapos.cookbook:cron.d +name = logrotate +frequency = 0 0 * * * +command = $${logrotate:wrapper} + +[logrotate] +recipe = slapos.cookbook:logrotate +# Binaries +logrotate-binary = ${logrotate:location}/usr/sbin/logrotate +gzip-binary = ${gzip:location}/bin/gzip +gunzip-binary = ${gzip:location}/bin/gunzip +# Directories +wrapper = $${rootdirectory:bin}/logrotate +conf = $${rootdirectory:etc}/logrotate.conf +logrotate-entries = $${directory:logrotate-entries} +backup = $${directory:logrotate-backup} +state-file = $${rootdirectory:srv}/logrotate.status + +[basedirectory] +recipe = slapos.cookbook:mkdirectory +services = $${rootdirectory:etc}/run +run = $${rootdirectory:var}/run +backup = $${rootdirectory:srv}/backup +log = $${rootdirectory:var}/log +backup = $${rootdirectory:srv}/backup + +[directory] +recipe = slapos.cookbook:mkdirectory +varnish-data = $${rootdirectory:srv}/varnish +varnish-instance = $${directory:varnish-data}/instance +cron-entries = $${rootdirectory:etc}/cron.d +crontabs = $${rootdirectory:etc}/crontabs +cronstamps = $${rootdirectory:etc}/cronstamps +logrotate-backup = $${basedirectory:backup}/logrotate +logrotate-entries = $${rootdirectory:etc}/logrotate.d +web-checker = $${rootdirectory:srv}/web-checker + +[rootdirectory] +recipe = slapos.cookbook:mkdirectory +etc = $${buildout:directory}/etc +var = $${buildout:directory}/var +srv = $${buildout:directory}/srv +bin = $${buildout:directory}/bin + diff --git a/software/erp5/instance-zope.cfg b/software/erp5/instance-zope.cfg index 9a71a931db8bc2fcf784e113ed131082367e5d5f..9474818dbb6baffd9b29d9f846d74b450930157c 100644 --- a/software/erp5/instance-zope.cfg +++ b/software/erp5/instance-zope.cfg @@ -18,8 +18,8 @@ develop-eggs-directory = ${buildout:develop-eggs-directory} offline = true [slap-parameter] -# By default backend disallows the access -access-control-string = none +# By default, if no white list is specified, backend allows access to everyone +access-control-string = all [publish-apache-zope-backend-connection-string] recipe = slapos.cookbook:publish @@ -38,9 +38,11 @@ configuration-file = $${directory:apache-conf}/apache.conf access-control-string = $${slap-parameter:access-control-string} pid-file = $${basedirectory:run}/apache.pid lock-file = $${basedirectory:run}/apache.lock +ssl-session-cache = $${basedirectory:log}/apache-ssl-session-cache error-log = $${basedirectory:log}/apache-error.log access-log = $${basedirectory:log}/apache-access.log apache-binary = ${apache:location}/bin/httpd +scheme = https [ca-apache-zope-backend] <= certificate-authority @@ -132,13 +134,13 @@ dcrond-binary = ${dcron:location}/sbin/crond cron-entries = $${directory:cron-entries} crontabs = $${directory:crontabs} cronstamps = $${directory:cronstamps} -catcher = $${cron-simplelogger:binary} +catcher = $${cron-simplelogger:wrapper} binary = $${basedirectory:services}/crond [cron-simplelogger] recipe = slapos.cookbook:simplelogger -binary = $${rootdirectory:bin}/cron_simplelogger -output = $${directory:cronoutput} +wrapper = $${rootdirectory:bin}/cron_simplelogger +log = $${basedirectory:log}/cron.log [cron-entry-logrotate] <= cron @@ -226,11 +228,11 @@ ca-crl = $${erp5-cadirectory:crl} [erp5-cadirectory] recipe = slapos.cookbook:mkdirectory -requests = $${directory:erp5-ca-dir}/requests/ -private = $${directory:erp5-ca-dir}/private/ -certs = $${directory:erp5-ca-dir}/certs/ -newcerts = $${directory:erp5-ca-dir}/newcerts/ -crl = $${directory:erp5-ca-dir}/crl/ +requests = $${directory:erp5-ca-dir}/requests +private = $${directory:erp5-ca-dir}/private +certs = $${directory:erp5-ca-dir}/certs +newcerts = $${directory:erp5-ca-dir}/newcerts +crl = $${directory:erp5-ca-dir}/crl [directory] recipe = slapos.cookbook:mkdirectory @@ -248,11 +250,10 @@ instance-constraint = $${:instance}/Constraint instance-import = $${:instance}/import instance-lib = $${:instance}/lib instance-tests = $${:instance}/tests -erp5-ca-dir = $${rootdirectory:srv}/erp5-ca/ +erp5-ca-dir = $${rootdirectory:srv}/erp5-ca ca-dir = $${rootdirectory:srv}/ssl cron-entries = $${rootdirectory:etc}/cron.d crontabs = $${rootdirectory:etc}/crontabs cronstamps = $${rootdirectory:etc}/cronstamps -cronoutput = $${basedirectory:log}/cron logrotate-backup = $${basedirectory:backup}/logrotate logrotate-entries = $${rootdirectory:etc}/logrotate.d diff --git a/software/erp5/instance.cfg b/software/erp5/instance.cfg index 8abb090d57cd0b98e3504b2160b6050dcb789185..82d61d9e31ca06046b3f1ecbb91b549c2cdbc38e 100644 --- a/software/erp5/instance.cfg +++ b/software/erp5/instance.cfg @@ -33,6 +33,7 @@ zope = ${template-zope:output} mariadb = ${template-mariadb:output} sphinx = ${template-sphinx:output} tidstorage = $${dynamic-template-tidstorage:output} +varnish = ${template-varnish:output} [slap-connection] # part to migrate to new - separated words diff --git a/software/erp5/snippet-backend.cfg b/software/erp5/snippet-backend.cfg index b18a7f20881ce14477b30fecaac305e3300fe796..6effa6b4f55c83047d1db3b188a7c37e18b8c867 100644 --- a/software/erp5/snippet-backend.cfg +++ b/software/erp5/snippet-backend.cfg @@ -1,18 +1,40 @@ -[apache-%(backend_name)s] +[apache-public-%(backend_name)s] recipe = slapos.cookbook:apache.zope.backend backend = http://$${haproxy-%(backend_name)s:ip}:$${haproxy-%(backend_name)s:port}/ ip = $${slap-network-information:global-ipv6} +port = %(apache_public_port)s +scheme = http +wrapper = $${basedirectory:services}/apache-public-%(backend_name)s +configuration-file = $${directory:apache-conf}/apache-public-%(backend_name)s.conf +access-control-string = %(access_control_string)s +pid-file = $${basedirectory:run}/apache-public-%(backend_name)s.pid +lock-file = $${basedirectory:run}/apache-public-%(backend_name)s.lock +error-log = $${basedirectory:log}/apache-public-%(backend_name)s-error.log +access-log = $${basedirectory:log}/apache-public-%(backend_name)s-access.log +apache-binary = ${apache:location}/bin/httpd + +[apache-%(backend_name)s] +recipe = slapos.cookbook:apache.zope.backend +backend = http://$${haproxy-%(backend_name)s:ip}:$${haproxy-%(backend_name)s:port} +ip = $${slap-network-information:global-ipv6} port = %(apache_port)s wrapper = $${rootdirectory:bin}/apache-%(backend_name)s +scheme = https key-file = $${directory:apache-conf}/apache-%(backend_name)s.key cert-file = $${directory:apache-conf}/apache-%(backend_name)s.crt configuration-file = $${directory:apache-conf}/apache-%(backend_name)s.conf access-control-string = %(access_control_string)s pid-file = $${basedirectory:run}/apache-%(backend_name)s.pid lock-file = $${basedirectory:run}/apache-%(backend_name)s.lock +ssl-session-cache = $${basedirectory:log}/apache-ssl-session-cache error-log = $${basedirectory:log}/apache-%(backend_name)s-error.log access-log = $${basedirectory:log}/apache-%(backend_name)s-access.log apache-binary = ${apache:location}/bin/httpd +ssl-authentication = %(ssl_authentication)s +backend-path = %(backend_path)s +# Note: Without erp5-certificate-authority main certificate have to be hardcoded +ssl-authentication-certificate = $${erp5-certificate-authority:ca-dir}/cacert.pem +ssl-authentication-crl = $${erp5-certificate-authority:ca-crl} [ca-apache-%(backend_name)s] <= certificate-authority @@ -22,6 +44,13 @@ cert-file = $${apache-%(backend_name)s:cert-file} executable = $${apache-%(backend_name)s:wrapper} wrapper = $${basedirectory:services}/apache-%(backend_name)s +[logrotate-entry-apache-public-%(backend_name)s] +<= logrotate +recipe = slapos.cookbook:logrotate.d +name = apache-public-%(backend_name)s +log = $${apache-public-%(backend_name)s:error-log} $${apache-public-%(backend_name)s:access-log} +post = ${buildout:bin-directory}/killpidfromfile $${apache-public-%(backend_name)s:pid-file} SIGUSR1 + [logrotate-entry-apache-%(backend_name)s] <= logrotate recipe = slapos.cookbook:logrotate.d diff --git a/software/erp5/snippet-master.cfg b/software/erp5/snippet-master.cfg index 8c44deb8e0524939becf088938fe65884654530d..e0d52fe50b3fdd4762fbf489e5366a1273cd2af3 100644 --- a/software/erp5/snippet-master.cfg +++ b/software/erp5/snippet-master.cfg @@ -1,15 +1,3 @@ -############################# -# -# Instanciate zeo -# -# zeo-id -- local id of the requested zeo (1,2,3,...) -# -# zeo-port -- ip port to use to run the process -# -# storage_list -- string with list of all resquested storage -# Example: event_module person_module -# -############################# [buildout] parts = logrotate @@ -21,7 +9,8 @@ parts = cron-entry-tidstorage-backup logrotate-entry-tidstorage binary-link - erp5-update + erp5-promise + erp5-bootstrap %(part_list)s eggs-directory = ${buildout:eggs-directory} @@ -59,28 +48,19 @@ name = tidstorage log = $${tidstorage:logfile-name} post = ${buildout:bin-directory}/killpidfromfile $${tidstorage:pidfile-name} SIGHUP -[directory] -recipe = slapos.cookbook:mkdirectory -cron-entries = $${rootdirectory:etc}/cron.d/ -crontabs = $${rootdirectory:etc}/crontabs/ -cronstamps = $${rootdirectory:etc}/cronstamps/ -cronoutput = $${basedirectory:log}/cron/ -logrotate-backup = $${basedirectory:backup}/logrotate/ -logrotate-entries = $${rootdirectory:etc}/logrotate.d/ - [cron] recipe = slapos.cookbook:cron dcrond-binary = ${dcron:location}/sbin/crond cron-entries = $${directory:cron-entries} crontabs = $${directory:crontabs} cronstamps = $${directory:cronstamps} -catcher = $${cron-simplelogger:binary} +catcher = $${cron-simplelogger:wrapper} binary = $${basedirectory:services}/crond [cron-simplelogger] recipe = slapos.cookbook:simplelogger -binary = $${rootdirectory:bin}/cron_simplelogger -output = $${directory:cronoutput} +wrapper = $${rootdirectory:bin}/cron_simplelogger +log = $${basedirectory:log}/cron.log [cron-entry-logrotate] <= cron @@ -89,8 +69,6 @@ name = logrotate frequency = 0 0 * * * command = $${logrotate:wrapper} -# rest of parts are candidates for some generic stuff - [logrotate] recipe = slapos.cookbook:logrotate # Binaries @@ -119,14 +97,19 @@ ca-private = $${erp5-cadirectory:private} ca-certs = $${erp5-cadirectory:certs} ca-newcerts = $${erp5-cadirectory:newcerts} ca-crl = $${erp5-cadirectory:crl} +country-code = %(erp5_ca_country_code)s +email = %(erp5_ca_email)s +state = %(erp5_ca_state)s +city = %(erp5_ca_city)s +company = %(erp5_ca_company)s [erp5-cadirectory] recipe = slapos.cookbook:mkdirectory -requests = $${directory:erp5-ca-dir}/requests/ -private = $${directory:erp5-ca-dir}/private/ -certs = $${directory:erp5-ca-dir}/certs/ -newcerts = $${directory:erp5-ca-dir}/newcerts/ -crl = $${directory:erp5-ca-dir}/crl/ +requests = $${directory:erp5-ca-dir}/requests +private = $${directory:erp5-ca-dir}/private +certs = $${directory:erp5-ca-dir}/certs +newcerts = $${directory:erp5-ca-dir}/newcerts +crl = $${directory:erp5-ca-dir}/crl [certificate-authority] recipe = slapos.cookbook:certificate_authority @@ -141,33 +124,33 @@ ca-crl = $${cadirectory:crl} [cadirectory] recipe = slapos.cookbook:mkdirectory -requests = $${directory:ca-dir}/requests/ -private = $${directory:ca-dir}/private/ -certs = $${directory:ca-dir}/certs/ -newcerts = $${directory:ca-dir}/newcerts/ -crl = $${directory:ca-dir}/crl/ +requests = $${directory:ca-dir}/requests +private = $${directory:ca-dir}/private +certs = $${directory:ca-dir}/certs +newcerts = $${directory:ca-dir}/newcerts +crl = $${directory:ca-dir}/crl [rootdirectory] recipe = slapos.cookbook:mkdirectory -etc = $${buildout:directory}/etc/ -var = $${buildout:directory}/var/ -srv = $${buildout:directory}/srv/ -bin = $${buildout:directory}/bin/ -tmp = $${buildout:directory}/tmp/ +etc = $${buildout:directory}/etc +var = $${buildout:directory}/var +srv = $${buildout:directory}/srv +bin = $${buildout:directory}/bin +tmp = $${buildout:directory}/tmp [basedirectory] recipe = slapos.cookbook:mkdirectory -log = $${rootdirectory:var}/log/ -services = $${rootdirectory:etc}/run/ -run = $${rootdirectory:var}/run/ -backup = $${rootdirectory:srv}/backup/ +log = $${rootdirectory:var}/log +services = $${rootdirectory:etc}/run +run = $${rootdirectory:var}/run +backup = $${rootdirectory:srv}/backup [directory] recipe = slapos.cookbook:mkdirectory -tidstorage = $${rootdirectory:srv}/tidstorage/ -zodb = $${rootdirectory:srv}/zodb/ +tidstorage = $${rootdirectory:srv}/tidstorage +zodb = $${rootdirectory:srv}/zodb zodb-backup = $${basedirectory:backup}/zodb -instance = $${rootdirectory:srv}/erp5shared/ +instance = $${rootdirectory:srv}/erp5shared instance-etc = $${:instance}/etc apache-conf = $${rootdirectory:etc}/apache instance-etc-package-include = $${:instance}/etc/package-include @@ -180,14 +163,13 @@ instance-constraint = $${:instance}/Constraint instance-import = $${:instance}/import instance-lib = $${:instance}/lib instance-tests = $${:instance}/tests -erp5-ca-dir = $${rootdirectory:srv}/erp5-ssl/ -ca-dir = $${rootdirectory:srv}/ssl/ -cron-entries = $${rootdirectory:etc}/cron.d/ -crontabs = $${rootdirectory:etc}/crontabs/ -cronstamps = $${rootdirectory:etc}/cronstamps/ -cronoutput = $${basedirectory:log}/cron/ -logrotate-backup = $${basedirectory:backup}/logrotate/ -logrotate-entries = $${rootdirectory:etc}/logrotate.d/ +erp5-ca-dir = $${rootdirectory:srv}/erp5-ssl +ca-dir = $${rootdirectory:srv}/ssl +cron-entries = $${rootdirectory:etc}/cron.d +crontabs = $${rootdirectory:etc}/crontabs +cronstamps = $${rootdirectory:etc}/cronstamps +logrotate-backup = $${basedirectory:backup}/logrotate +logrotate-entries = $${rootdirectory:etc}/logrotate.d [binary-link] recipe = slapos.cookbook:symbolic.link @@ -214,22 +196,19 @@ link-binary = ${poppler:location}/bin/pdftotext ${poppler:location}/bin/pdftohtml -[erp5-update] -recipe = slapos.cookbook:erp5.update - -# Configuration -url = http://$${%(zope_section)s:user}:$${%(zope_section)s:password}@$${%(zope_section)s:ip}:$${%(zope_section)s:port}/ +[erp5-bootstrap] +recipe = slapos.cookbook:erp5.bootstrap +runner-path = $${basedirectory:services}/erp5-bootstrap mysql-url = %(mysql-url)s +zope-url = http://$${%(zope_section)s:user}:$${%(zope_section)s:password}@$${%(zope_section)s:ip}:$${%(zope_section)s:port}/%(site_id)s + +[erp5-promise] +recipe = slapos.cookbook:erp5.promise +promise-path = $${rootdirectory:etc}/erp5promise.cfg kumofs-url = %(kumofs-url)s memcached-url = %(memcached-url)s cloudooo-url = %(cloudooo-url)s -site-id = %(site_id)s -openssl-binary = ${openssl:location}/bin/openssl -cadir-path = $${erp5-certificate-authority:ca-dir} - -# Paths -update-wrapper = $${basedirectory:services}/erp5-update +smtp-url = $${slap-parameter:smtp-url} +bt5 = $${slap-parameter:bt5} +bt5-repository-url = $${slap-parameter:bt5-repository-url} -# Defaults -configurator-bt5-list = erp5_full_text_myisam_catalog erp5_configurator_standard erp5_configurator_maxma_demo erp5_configurator_ung erp5_configurator_ung erp5_configurator_run_my_doc -bt5-repository-list = $${%(zope_section)s:bt5-repository-list} diff --git a/software/erp5/snippet-zope.cfg b/software/erp5/snippet-zope.cfg index a4a9c581c9d310b1a9bdc39d4f25470d3a50df1e..b65c773ae3a122e0855a21c7413f4d74af8ea4b2 100644 --- a/software/erp5/snippet-zope.cfg +++ b/software/erp5/snippet-zope.cfg @@ -17,6 +17,8 @@ zeo-connection-string = %(zeo_connection_string)s timeserver = %(zope_timeserver)s +tidstorage-ip = $${tidstorage:ip} +tidstorage-port = $${tidstorage:port} # long request longrequest-logger-file = %(longrequest_logger_file)s @@ -44,6 +46,9 @@ runzope-binary = ${buildout:bin-directory}/runzope # BT5 Configuration bt5-repository-list = +promise-path = $${erp5-promise:promise-path} +site-id = %(site_id)s + [logrotate-entry-%(zope_id)s] <= logrotate recipe = slapos.cookbook:logrotate.d diff --git a/software/erp5/software.cfg b/software/erp5/software.cfg index 9e1f72f9e6b59accbbdb527f7c6c727a1388e900..9c75576e677f6afb69820af57ff3f20eb18eb4ba 100644 --- a/software/erp5/software.cfg +++ b/software/erp5/software.cfg @@ -28,7 +28,7 @@ recipe = plone.recipe.command stop-on-error = true location = ${buildout:parts-directory}/${:_buildout_section_name_} command = ${git:location}/bin/git clone --branch erp5 --quiet http://git.erp5.org/repos/slapos.git ${:location} -update-command = cd ${:location} && ${git:location}/bin/git pull --quiet +update-command = cd ${:location} && GIT_COMMITTER_EMAIL=nobody@example.com GIT_AUTHOR_NAME=Nobody GIT_AUTHOR_EMAIL=nobody@example.com ${git:location}/bin/git pull --quiet [check-recipe] recipe = plone.recipe.command @@ -41,11 +41,12 @@ recipe = zc.recipe.egg eggs = slapos.cookbook scripts = python = python2.6 +ugly-depend-on = ${slapos.cookbook-repository:command} ${slapos.cookbook-repository:update-command} [template-mariadb] recipe = slapos.recipe.template url = ${:_profile_base_location_}/instance-mariadb.cfg -md5sum = 3225a2ba7337505bdeb95867f5028891 +md5sum = 6580f1d431f65281c7aa1358a51cc292 output = ${buildout:directory}/template-mariadb.cfg mode = 0644 @@ -59,14 +60,14 @@ mode = 0644 [template-zope] recipe = slapos.recipe.template url = ${:_profile_base_location_}/instance-zope.cfg -md5sum = 769a7ba8e8c5865637e374376be8cbcd +md5sum = d3d221255f93a9ced82dcca9ca57f84e output = ${buildout:directory}/template-zope.cfg mode = 0644 [template-cloudooo] recipe = slapos.recipe.template url = ${:_profile_base_location_}/instance-cloudooo.cfg -md5sum = 8ea2839e951f26af2bc74b9a8c0fa5c2 +md5sum = e7698a0537785339e249bdc57f369e93 output = ${buildout:directory}/template-cloudooo.cfg mode = 0644 @@ -80,35 +81,35 @@ mode = 0644 [template-kumofs] recipe = slapos.recipe.template url = ${:_profile_base_location_}/instance-kumofs.cfg -md5sum = c12d8dc1925d16a75247971086734aa8 +md5sum = 9746823ccbbedf42b3e759c3e7150252 output = ${buildout:directory}/template-kumofs.cfg mode = 0644 [template] recipe = slapos.recipe.template url = ${:_profile_base_location_}/instance.cfg -md5sum = 961d404f5726fce7c4d8b34d7e120077 +md5sum = f3443d071d8d7330b3453583e096fef0 output = ${buildout:directory}/template.cfg mode = 0644 [template-memcached] recipe = slapos.recipe.template url = ${:_profile_base_location_}/instance-memcached.cfg -md5sum = 9a1462f3e34b99f384ae47b48a3a733c +md5sum = 7ed1d93dafa76adc025acb2f0e08c05f output = ${buildout:directory}/template-memcached.cfg mode = 0644 [template-erp5-development] recipe = slapos.recipe.template url = ${:_profile_base_location_}/instance-erp5-development.cfg -md5sum = 9af9db6f1220ffe42e030c81f9072669 +md5sum = 4bc5a2ec8c04b206dab8b98258a69efd output = ${buildout:directory}/template-erp5-development.cfg mode = 0644 [template-erp5-production] recipe = slapos.recipe.template url = ${:_profile_base_location_}/instance-erp5-production.cfg -md5sum = 32f6537110bbc29e7cc5613695863096 +md5sum = 54ad3c5e92af02d0db98d1085adf986d output = ${buildout:directory}/template-erp5-production.cfg mode = 0644 @@ -122,24 +123,31 @@ mode = 0644 [template-snippet-master] recipe = slapos.recipe.template url = ${:_profile_base_location_}/snippet-master.cfg -md5sum = c9bea484c2827954b9f9f728ce0342fb +md5sum = 14ffe48453a74190bdd289169220739f output = ${buildout:directory}/template-snippet-master.cfg mode = 0644 [template-snippet-zope] recipe = slapos.recipe.template url = ${:_profile_base_location_}/snippet-zope.cfg -md5sum = 99fcce6aa6120787870522898650800d +md5sum = bcc68c31a16b35bee7111f9c6e02b781 output = ${buildout:directory}/template-snippet-zope.cfg mode = 0644 [template-snippet-backend] recipe = slapos.recipe.template url = ${:_profile_base_location_}/snippet-backend.cfg -md5sum = e2b26547ba1435ec1b8e8cd1de89e2c6 +md5sum = 3a1b359b57bf21a226bb96c0c18f1924 output = ${buildout:directory}/template-snippet-backend.cfg mode = 0644 +[template-varnish] +recipe = slapos.recipe.template +url = ${:_profile_base_location_}/instance-varnish.cfg +md5sum = 70fb0ccadf0d6723ddb0fe55a1549ca5 +output = ${buildout:directory}/template-varnish.cfg +mode = 0644 + [validator] # Default json schema for instance parameters. recipe = slapos.recipe.template @@ -153,6 +161,9 @@ mode = 0644 # Romain Courteaud # Sebastien Robin # Kazuhiko Shiozaki +# Cedric de Saint Martin +# Yingjie Xu +# Gabriel Monnerat signature-certificate-list = -----BEGIN CERTIFICATE----- MIIB4DCCAUkCADANBgkqhkiG9w0BAQsFADA5MQswCQYDVQQGEwJGUjEZMBcGA1UE @@ -193,3 +204,42 @@ signature-certificate-list = KrDm39slYD/1KoE5kB4l/p6KVOdeJ4I6xcgu9rnkqqHzDwI4v7e8/D3WZbpiFUsY vaZhjNYKWQf79l6zXfOvphzJ -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + MIIB9jCCAV+gAwIBAgIJAO4V/jiMoICoMA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV + BAMMCENPTVAtMjMyMCAXDTEyMDIxNjExMTAyM1oYDzIxMTIwMTIzMTExMDIzWjAT + MREwDwYDVQQDDAhDT01QLTIzMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA + wi/3Z8W9pUiegUXIk/AiFDQ0UJ4JFAwjqr+HSRUirlUsHHT+8DzH/hfcTDX1I5BB + D1ADk+ydXjMm3OZrQcXjn29OUfM5C+g+oqeMnYQImN0DDQIOcUyr7AJc4xhvuXQ1 + P2pJ5NOd3tbd0kexETa1LVhR6EgBC25LyRBRae76qosCAwEAAaNQME4wHQYDVR0O + BBYEFMDmW9aFy1sKTfCpcRkYnP6zUd1cMB8GA1UdIwQYMBaAFMDmW9aFy1sKTfCp + cRkYnP6zUd1cMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAskbFizHr + b6d3iIyN+wffxz/V9epbKIZVEGJd/6LrTdLiUfJPec7FaxVCWNyKBlCpINBM7cEV + Gn9t8mdVQflNqOlAMkOlUv1ZugCt9rXYQOV7rrEYJBWirn43BOMn9Flp2nibblby + If1a2ZoqHRxoNo2yTmm7TSYRORWVS+vvfjY= + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + MIIB9jCCAV+gAwIBAgIJAIlBksrZVkK8MA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV + BAMMCENPTVAtMzU3MCAXDTEyMDEyNjEwNTUyOFoYDzIxMTIwMTAyMTA1NTI4WjAT + MREwDwYDVQQDDAhDT01QLTM1NzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA + ts+iGUwi44vtIfwXR8DCnLtHV4ydl0YTK2joJflj0/Ws7mz5BYkxIU4fea/6+VF3 + i11nwBgYgxQyjNztgc9u9O71k1W5tU95yO7U7bFdYd5uxYA9/22fjObaTQoC4Nc9 + mTu6r/VHyJ1yRsunBZXvnk/XaKp7gGE9vNEyJvPn2bkCAwEAAaNQME4wHQYDVR0O + BBYEFKuGIYu8+6aEkTVg62BRYaD11PILMB8GA1UdIwQYMBaAFKuGIYu8+6aEkTVg + 62BRYaD11PILMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAMoTRpBxK + YLEZJbofF7gSrRIcrlUJYXfTfw1QUBOKkGFFDsiJpEg4y5pUk1s5Jq9K3SDzNq/W + it1oYjOhuGg3al8OOeKFrU6nvNTF1BAvJCl0tr3POai5yXyN5jlK/zPfypmQYxE+ + TaqQSGBJPVXYt6lrq/PRD9ciZgKLOwEqK8w= + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + MIIB9jCCAV+gAwIBAgIJAPHoWu90gbsgMA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNV + BAMMCXZpZmlibm9kZTAeFw0xMjAzMTkyMzIwNTVaFw0xMzAzMTkyMzIwNTVaMBQx + EjAQBgNVBAMMCXZpZmlibm9kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA + ozBijpO8PS5RTeKTzA90vi9ezvv4vVjNaguqT4UwP9+O1+i6yq1Y2W5zZxw/Klbn + oudyNzie3/wqs9VfPmcyU9ajFzBv/Tobm3obmOqBN0GSYs5fyGw+O9G3//6ZEhf0 + NinwdKmrRX+d0P5bHewadZWIvlmOupcnVJmkks852BECAwEAAaNQME4wHQYDVR0O + BBYEFF9EtgfZZs8L2ZxBJxSiY6eTsTEwMB8GA1UdIwQYMBaAFF9EtgfZZs8L2ZxB + JxSiY6eTsTEwMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAc43YTfc6 + baSemaMAc/jz8LNLhRE5dLfLOcRSoHda8y0lOrfe4lHT6yP5l8uyWAzLW+g6s3DA + Yme/bhX0g51BmI6gjKJo5DoPtiXk/Y9lxwD3p7PWi+RhN+AZQ5rpo8UfwnnN059n + yDuimQfvJjBFMVrdn9iP6SfMjxKaGk6gVmI= + -----END CERTIFICATE----- diff --git a/software/erp5testnode/software.cfg b/software/erp5testnode/software.cfg index 2492dbef65effc42c1453aa8949bbce9e9405f58..b2451292acc5a68af8e1a475d9aed6a68ada47a4 100644 --- a/software/erp5testnode/software.cfg +++ b/software/erp5testnode/software.cfg @@ -36,11 +36,6 @@ parts = zip git -# Separate from site eggs -allowed-eggs-from-site-packages = -include-site-packages = false -exec-sitecustomize = false - # Use only quite well working sites. allow-hosts = *.nexedi.org @@ -159,7 +154,7 @@ zc.buildout = 1.6.0-dev-SlapOS-003 Jinja2 = 2.6 Werkzeug = 0.8.2 -erp5.util = 0.3 +erp5.util = 0.4.1 hexagonit.recipe.cmmi = 1.5.0 lxml = 2.3.2 meld3 = 0.6.7 diff --git a/software/kvm/README.txt b/software/kvm/README.txt new file mode 100644 index 0000000000000000000000000000000000000000..17e9a2cdf5ade017b1a82899e829168524d47291 --- /dev/null +++ b/software/kvm/README.txt @@ -0,0 +1,80 @@ +kvm +=== + +Introduction +------------ + +This software release is used to deploy KVM instances, NBD instances and +Frontend instances of KVM. + +Examples +-------- + +The following examples listhow to request different possible instances of KVM +Software Release from slap console or command line. + +KVM instance (1GB of RAM, 10GB of SSD, one core) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Note that the KVM instance will request a frontend slave instance in order +to be accessible from IPv4. + +KVM instance needs a NBD to fetch disk image at first boot. Working NBD IP/port +has to be specified. + +:: + myawesomekvm = request( + software_release=kvm, + partition_reference="myawesomekvm", + partition_parameter_kw={ + "ndb_ip":"2a01:e35:2e27:460:e2cb:4eff:fed9:48dc", + "ndb_port": 1024 + } + ) + + +KVM+ instance (2GB of RAM, 20GB of SSD, two cores) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +:: + myevenmoreawesomekvm = request( + software_release=kvm, + partition_reference="myevenmoreawesomekvm", + partition_parameter_kw={ + "ndb_ip":"2a01:e35:2e27:460:e2cb:4eff:fed9:48dc", + "ndb_port": 1024 + }, + software_type="kvm+", + ) + + +NBD instance +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This type of instance will allow to host a disk image that will be used by +any KVM instance. + +:: + mynbd = request( + software_release=kvm, + partition_reference="mynbd", + software_type="nbd", + ) + + +KVM Frontend Master Instance (will host all frontend Slave Instances) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This type of instance will allow to host any frontend slave instance requested +by KVM instances. Slave instances (and thus KVM instance) will be accessible +at : https://mydomain.com/instancereference . + +:: + mykvmfrontend = request( + software_release=kvm, + partition_reference="mykvmfrontend", + partition_parameter_kw={ + "domain":"mydomain.com" + }, + software_type="frontend", + ) diff --git a/software/kvm/instance-frontend.cfg b/software/kvm/instance-frontend.cfg new file mode 100644 index 0000000000000000000000000000000000000000..277674c850734d60e80fecbc604b724bf59aa44b --- /dev/null +++ b/software/kvm/instance-frontend.cfg @@ -0,0 +1,148 @@ +############################# +# +# Instanciate kvm frontend +# +############################# +[buildout] +parts = + logrotate +# logrotate-entry-frontend + cron + cron-entry-logrotate + ca-frontend + certificate-authority + frontend-promise + publish-kvm-frontend-connection-information + +eggs-directory = ${buildout:eggs-directory} +develop-eggs-directory = ${buildout:develop-eggs-directory} +offline = true + +[rootdirectory] +recipe = slapos.cookbook:mkdirectory +etc = $${buildout:directory}/etc +bin = $${buildout:directory}/bin +srv = $${buildout:directory}/srv +var = $${buildout:directory}/var + +[basedirectory] +recipe = slapos.cookbook:mkdirectory +services = $${rootdirectory:etc}/run +promises = $${rootdirectory:etc}/promise +nodejs-conf = $${rootdirectory:etc}/nodejs +run = $${rootdirectory:var}/run +log = $${rootdirectory:var}/log +ca-dir = $${rootdirectory:srv}/ssl +backup = $${rootdirectory:srv}/backup + +[directory] +recipe = slapos.cookbook:mkdirectory +cron-entries = $${rootdirectory:etc}/cron.d +crontabs = $${rootdirectory:etc}/crontabs +cronstamps = $${rootdirectory:etc}/cronstamps +ca-dir = $${rootdirectory:srv}/ssl +logrotate-backup = $${basedirectory:backup}/logrotate +logrotate-entries = $${rootdirectory:etc}/logrotate.d + +[frontend-instance] +recipe = slapos.cookbook:kvm.frontend +domain = $${ca-frontend:name} +# port = $${slap-parameter:port} +ip = $${slap-network-information:global-ipv6} +port = $${slap-parameter:port} +http-redirection = $${slap-parameter:http-redirection} +ssl-key-path = $${ca-frontend:key-file} +ssl-cert-path = $${ca-frontend:cert-file} +slave-instance-list = $${slap-parameter:slave_instance_list} +map-path = $${basedirectory:nodejs-conf}/proxy_table.json +conf-path = $${basedirectory:nodejs-conf}/kvm-proxy.js +wrapper-path = $${rootdirectory:bin}/kvm_frontend +node-binary = ${nodejs:location}/bin/node +node-env = ${buildout:parts-directory}:${npm-modules:location}/node_modules +shell-path = ${dash:location}/bin/dash + +[frontend-promise] +recipe = slapos.cookbook:check_port_listening +path = $${basedirectory:promises}/frontend_promise +hostname = $${frontend-instance:ip} +port = $${frontend-instance:port} + +[certificate-authority] +recipe = slapos.cookbook:certificate_authority +openssl-binary = ${openssl:location}/bin/openssl +ca-dir = $${basedirectory:ca-dir} +requests-directory = $${cadirectory:requests} +wrapper = $${basedirectory:services}/certificate_authority +ca-private = $${cadirectory:private} +ca-certs = $${cadirectory:certs} +ca-newcerts = $${cadirectory:newcerts} +ca-crl = $${cadirectory:crl} + +[cadirectory] +recipe = slapos.cookbook:mkdirectory +requests = $${basedirectory:ca-dir}/requests/ +private = $${basedirectory:ca-dir}/private/ +certs = $${basedirectory:ca-dir}/certs/ +newcerts = $${basedirectory:ca-dir}/newcerts/ +crl = $${basedirectory:ca-dir}/crl/ + +[ca-frontend] +<= certificate-authority +recipe = slapos.cookbook:certificate_authority.request +key-file = $${basedirectory:nodejs-conf}/nodejs.key +cert-file = $${basedirectory:nodejs-conf}/nodejs.crt +executable = $${frontend-instance:wrapper-path} +wrapper = $${basedirectory:services}/nodejs +# Put domain name +name = $${slap-parameter:domain} + +[cron] +recipe = slapos.cookbook:cron +dcrond-binary = ${dcron:location}/sbin/crond +cron-entries = $${directory:cron-entries} +crontabs = $${directory:crontabs} +cronstamps = $${directory:cronstamps} +catcher = $${cron-simplelogger:wrapper} +binary = $${basedirectory:services}/crond + +[cron-simplelogger] +recipe = slapos.cookbook:simplelogger +wrapper = $${rootdirectory:bin}/cron_simplelogger +log = $${basedirectory:log}/cron.log + +[cron-entry-logrotate] +<= cron +recipe = slapos.cookbook:cron.d +name = logrotate +frequency = 0 0 * * * +command = $${logrotate:wrapper} + +[logrotate] +recipe = slapos.cookbook:logrotate +# Binaries +logrotate-binary = ${logrotate:location}/usr/sbin/logrotate +gzip-binary = ${gzip:location}/bin/gzip +gunzip-binary = ${gzip:location}/bin/gunzip +# Directories +wrapper = $${rootdirectory:bin}/logrotate +conf = $${rootdirectory:etc}/logrotate.conf +logrotate-entries = $${directory:logrotate-entries} +backup = $${directory:logrotate-backup} +state-file = $${rootdirectory:srv}/logrotate.status + +[publish-kvm-frontend-connection-information] +recipe = slapos.cookbook:publish +ip = $${frontend-instance:ip} +port = $${frontend-instance:port} + +[slap-parameter] +# Default value if no port is specified +port = 4443 +http-redirection = 0 + +# [logrotate-entry-frontend] +# <= logrotate +# recipe = slapos.cookbook:logrotate.d +# name = frontend +# log = $${mariadb-instance:error-log} $${mariadb-instance:slow-query-log} +# post = $${mariadb-instance:mysql-binary} --no-defaults -B --socket=$${mariadb-instance:socket} -e "FLUSH LOGS" diff --git a/software/kvm/instance-kvm.cfg b/software/kvm/instance-kvm.cfg new file mode 100644 index 0000000000000000000000000000000000000000..bfd9715ba9cbaecca2f66a5bf87a8e699daa6ea8 --- /dev/null +++ b/software/kvm/instance-kvm.cfg @@ -0,0 +1,136 @@ +############################# +# +# Instanciate kvm +# +############################# +[buildout] +parts = + request-slave-frontend + certificate-authority + kvm-promise + novnc-promise + publish-kvm-connection-information + +eggs-directory = ${buildout:eggs-directory} +develop-eggs-directory = ${buildout:develop-eggs-directory} +offline = true + +[rootdirectory] +recipe = slapos.cookbook:mkdirectory +etc = $${buildout:directory}/etc +bin = $${buildout:directory}/bin +srv = $${buildout:directory}/srv +var = $${buildout:directory}/var + +[basedirectory] +recipe = slapos.cookbook:mkdirectory +services = $${rootdirectory:etc}/run +promises = $${rootdirectory:etc}/promise +novnc-conf = $${rootdirectory:etc}/novnc +run = $${rootdirectory:var}/run +ca-dir = $${rootdirectory:srv}/ssl + +[create-mac] +recipe = slapos.cookbook:generate.mac + +[kvm-instance] +recipe = slapos.cookbook:kvm +vnc-ip = $${slap-network-information:local-ipv4} +vnc-port = 5901 +nbd-ip = $${slap-parameter:nbd_ip} +nbd-port = $${slap-parameter:nbd_port} +tap = $${slap-network-information:network-interface} +disk-path = $${rootdirectory:srv}/virtual.qcow2 +disk-size = 10 +socket-path = $${rootdirectory:var}/qmp_socket +pid-path = $${basedirectory:run}/pid_file +smp-count = 1 +ram-size = 1024 +mac-address = $${create-mac:mac-address} +runner-path = $${basedirectory:services}/kvm +controller-path = $${basedirectory:services}/kvm_controller +shell-path = ${dash:location}/bin/dash +qemu-path = ${kvm:location}/bin/qemu-system-x86_64 +qemu-img-path = ${kvm:location}/bin/qemu-img + +[kvm-promise] +recipe = slapos.cookbook:check_port_listening +path = $${basedirectory:promises}/vnc_promise +hostname = $${kvm-instance:vnc-ip} +port = $${kvm-instance:vnc-port} + +[novnc-instance] +recipe = slapos.cookbook:novnc +path = $${ca-novnc:executable} +ip = $${slap-network-information:global-ipv6} +port = 6080 +vnc-ip = $${kvm-instance:vnc-ip} +vnc-port = $${kvm-instance:vnc-port} +novnc-location = ${noVNC:location} +websockify-path = ${buildout:directory}/bin/websockify +ssl-key-path = $${ca-novnc:key-file} +ssl-cert-path = $${ca-novnc:cert-file} + +[certificate-authority] +recipe = slapos.cookbook:certificate_authority +openssl-binary = ${openssl:location}/bin/openssl +ca-dir = $${basedirectory:ca-dir} +requests-directory = $${cadirectory:requests} +wrapper = $${basedirectory:services}/certificate_authority +ca-private = $${cadirectory:private} +ca-certs = $${cadirectory:certs} +ca-newcerts = $${cadirectory:newcerts} +ca-crl = $${cadirectory:crl} + +[cadirectory] +recipe = slapos.cookbook:mkdirectory +requests = $${basedirectory:ca-dir}/requests/ +private = $${basedirectory:ca-dir}/private/ +certs = $${basedirectory:ca-dir}/certs/ +newcerts = $${basedirectory:ca-dir}/newcerts/ +crl = $${basedirectory:ca-dir}/crl/ + +[ca-novnc] +<= certificate-authority +recipe = slapos.cookbook:certificate_authority.request +key-file = $${basedirectory:novnc-conf}/novnc.key +cert-file = $${basedirectory:novnc-conf}/novnc.crt +executable = $${rootdirectory:bin}/novnc +wrapper = $${basedirectory:services}/websockify + +[novnc-promise] +recipe = slapos.cookbook:check_port_listening +path = $${basedirectory:promises}/novnc_promise +hostname = $${novnc-instance:ip} +port = $${novnc-instance:port} + +[kvm-monitor] +recipe = slapos.cookbook:generic.slapmonitor +db-path = $${rootdirectory:srv}/slapmonitor_database + +[request-common] +recipe = slapos.cookbook:request +software-url = $${slap-connection:software-release-url} +sla = computer_guid +sla-computer_guid = $${slap-connection:computer-id} +server-url = $${slap-connection:server-url} +key-file = $${slap-connection:key-file} +cert-file = $${slap-connection:cert-file} +computer-id = $${slap-connection:computer-id} +partition-id = $${slap-connection:partition-id} + +[request-slave-frontend] +<=request-common +name = SlaveFrontend +software-type = frontend +slave = true +config = host port +config-host = $${novnc-instance:ip} +config-port = $${novnc-instance:port} +return = url resource port domainname + +[publish-kvm-connection-information] +recipe = slapos.cookbook:publish +backend_url = https://[$${novnc-instance:ip}]:$${novnc-instance:port}/vnc_auto.html?host=[$${novnc-instance:ip}]&port=$${novnc-instance:port}&encrypt=1 +url = $${request-slave-frontend:connection-url}/vnc_auto.html?host=$${request-slave-frontend:connection-domainname}&port=$${request-slave-frontend:connection-port}&encrypt=1&path=$${request-slave-frontend:connection-resource} +password = $${kvm-instance:passwd} diff --git a/software/kvm/instance-kvmplus.cfg b/software/kvm/instance-kvmplus.cfg new file mode 100644 index 0000000000000000000000000000000000000000..1babe8bf0c4de089a06c9505d9148b0bf03b4a87 --- /dev/null +++ b/software/kvm/instance-kvmplus.cfg @@ -0,0 +1,27 @@ +############################# +# +# Instanciate kvm+ +# +############################# +[buildout] +extends = instance-kvm.cfg + +[kvm-instance] +recipe = slapos.cookbook:kvm +vnc-ip = $${slap-network-information:local-ipv4} +vnc-port = 5901 +nbd-ip = $${slap-parameter:nbd_ip} +nbd-port = $${slap-parameter:nbd_port} +tap = $${slap-network-information:network-interface} +disk-path = $${rootdirectory:srv}/virtual.qcow2 +disk-size = 20 +socket-path = $${rootdirectory:var}/qmp_socket +pid-path = $${basedirectory:run}/pid_file +smp-count = 2 +ram-size = 2048 +mac-address = $${create-mac:mac-address} +runner-path = $${basedirectory:services}/kvm +controller-path = $${basedirectory:services}/kvm_controller +shell-path = ${dash:location}/bin/dash +qemu-path = ${kvm:location}/bin/qemu-system-x86_64 +qemu-img-path = ${kvm:location}/bin/qemu-img diff --git a/software/kvm/instance-nbd.cfg b/software/kvm/instance-nbd.cfg new file mode 100644 index 0000000000000000000000000000000000000000..9df5cfcf508fd4dab3bb10e32eadbc041979c748 --- /dev/null +++ b/software/kvm/instance-nbd.cfg @@ -0,0 +1,63 @@ +############################# +# +# Instanciate nbdserver +# +############################# +[buildout] +parts = + nbd-promise + onetimeupload-promise + publish-connection-information + +eggs-directory = ${buildout:eggs-directory} +develop-eggs-directory = ${buildout:develop-eggs-directory} +offline = true + +[rootdirectory] +recipe = slapos.cookbook:mkdirectory +etc = $${buildout:directory}/etc +srv = $${buildout:directory}/srv +log = $${buildout:directory}/log + +[basedirectory] +recipe = slapos.cookbook:mkdirectory +services = $${rootdirectory:etc}/run +promises = $${rootdirectory:etc}/promise + +[nbd-instance] +recipe = slapos.cookbook:nbdserver +ip = $${slap-network-information:global-ipv6} +port = 1024 +image-path = $${onetimeupload-instance:image-path} +qemu-path = ${kvm:location}/bin/qemu-nbd +shell-path = ${dash:location}/bin/dash +# XXX TODO: Wait for the iso to be uploaded (execute_wait) +path = $${basedirectory:services}/nbdserver + +[nbd-promise] +recipe = slapos.cookbook:check_port_listening +path = $${basedirectory:promises}/nbd_promise +hostname = $${nbd-instance:ip} +port = $${nbd-instance:port} + +[onetimeupload-instance] +recipe = slapos.cookbook:generic.onetimeupload +ip = $${slap-network-information:global-ipv6} +port = 9999 +image-path = $${rootdirectory:srv}/cdrom.iso +log-path = $${rootdirectory:log}/onetimeupload.log +shell-path = ${dash:location}/bin/dash +onetimeupload-path = ${buildout:bin-directory}/onetimeupload +path = $${basedirectory:services}/onetimeupload + +[onetimeupload-promise] +recipe = slapos.cookbook:check_port_listening +path = $${basedirectory:promises}/onetimeupload_promise +hostname = $${onetimeupload-instance:ip} +port = $${onetimeupload-instance:port} + +[publish-connection-information] +recipe = slapos.cookbook:publish +nbd_url = nbd://[$${nbd-instance:ip}]:$${nbd-instance:port} +upload_url = http://[$${onetimeupload-instance:ip}]:$${onetimeupload-instance:port}/ +upload_key = $${onetimeupload-instance:key} diff --git a/software/kvm/instance.cfg b/software/kvm/instance.cfg index 65041a3f9aff4c2f506ad283d6b5520aec5233ce..8d44ea5663dd9c71d101a97d0a149a16602a6964 100644 --- a/software/kvm/instance.cfg +++ b/software/kvm/instance.cfg @@ -1,22 +1,24 @@ [buildout] parts = - kvminstance + switch-softwaretype eggs-directory = ${buildout:eggs-directory} -develop-eggs-directory = ${buildout:develop-eggs-directory} +develop-eggs-directory = ${buildout:develop-eggs-directory} +offline = true -[kvminstance] -recipe = slapos.cookbook:kvm -qemu_path = ${kvm:location}/bin/qemu-system-x86_64 -qemu_img_path = ${kvm:location}/bin/qemu-img -#slapmonitor_path = ${buildout:bin-directory}/slapmonitor -#slapreport_path = ${buildout:bin-directory}/slapreport -websockify = ${buildout:directory}/bin/websockify -noVNC_location = ${noVNC:location} -openssl_binary = ${openssl:location}/bin/openssl -rdiff_backup_binary = ${buildout:bin-directory}/rdiff-backup -dcrond_binary = ${dcron:location}/sbin/crond +[switch-softwaretype] +recipe = slapos.cookbook:softwaretype +default = ${template-kvm:output} +kvm = ${template-kvm:output} +kvm+ = ${template-kvmplus:output} +nbd = ${template-nbd:output} +frontend = ${template-frontend:output} -smp_count = 1 -ram_size = 1024 -disk_size = 10 +[slap-connection] +# part to migrate to new - separated words +computer-id = $${slap_connection:computer_id} +partition-id = $${slap_connection:partition_id} +server-url = $${slap_connection:server_url} +software-release-url = $${slap_connection:software_release_url} +key-file = $${slap_connection:key_file} +cert-file = $${slap_connection:cert_file} diff --git a/software/kvm/software.cfg b/software/kvm/software.cfg index 541d80f78fdac489e51223edd05641e564ccdf69..5100d46b330b8ffff16631e5af90e1494637068a 100644 --- a/software/kvm/software.cfg +++ b/software/kvm/software.cfg @@ -3,46 +3,37 @@ extensions = buildout-versions extends = + ../../component/gzip/buildout.cfg ../../component/dcron/buildout.cfg + ../../component/logrotate/buildout.cfg ../../component/git/buildout.cfg ../../component/gnutls/buildout.cfg ../../component/libpng/buildout.cfg ../../component/libuuid/buildout.cfg - ../../component/lxml-python/buildout.cfg ../../component/noVNC/buildout.cfg ../../component/openssl/buildout.cfg - ../../component/python-2.7/buildout.cfg - ../../component/rdiff-backup/buildout.cfg - ../../stack/shacache-client.cfg + ../../component/dash/buildout.cfg + ../../component/lxml-python/buildout.cfg + ../../stack/nodejs.cfg develop = ${:parts-directory}/websockify parts = template + dash kvm eggs check-local-eggs - -find-links += - http://www.nexedi.org/static/packages/source/slapos.buildout/ + nodejs + http-proxy + proxy-by-url + npm-modules + dcron + logrotate versions = versions -# Use only quite well working sites. -allow-hosts = - *.nexedi.org - *.python.org - *.sourceforge.net - alastairs-place.net - dist.repoze.org - effbot.org - github.com - peak.telecommunity.com - psutil.googlecode.com - www.dabeaz.com - www.owlfish.com - #XXX-Cedric : Currently, one can only access to KVM using noVNC. # Ideally one should be able to access KVM by using either NoVNC or VNC. # Problem is : no native crypto support in web browsers. So we have to disable ssl @@ -54,15 +45,14 @@ allow-hosts = # Websockify (socket <-> websocket proxy server) when it is ready. # May solve previous XXX depending on the implementation. -#XXX-Cedric: Check status of -# https://www.tiolive.com/nexedi/bug_module/20110819-11F4F70 for -# Chrome >= 14 and Firefox >=7 can access to noVNC. (should be solved) - #XXX-Cedric : add list of keyboard layouts (azerty/us querty/...) parameter to qemu [kvm] recipe = hexagonit.recipe.cmmi url = http://downloads.sourceforge.net/project/kvm/qemu-kvm/0.15.1/qemu-kvm-0.15.1.tar.gz +# XXX-Cedric : Upgrade to 1.0 +# url = http://downloads.sourceforge.net/project/kvm/qemu-kvm/1.0/qemu-kvm-1.0.tar.gz +# md5sum = 00a825db46a70ba8ef9fc95da9cc7c1e md5sum = 8800a7d6b3aa4a168ea7f78dc66c0320 configure-options = --disable-sdl @@ -76,7 +66,7 @@ configure-options = --enable-vnc-png --disable-vnc-jpeg --extra-cflags="-I${gnutls:location}/include -I${libuuid:location}/include -I${zlib:location}/include -I${libpng:location}/include" - --extra-ldflags="-Wl,-rpath -Wl,${glib:location}/lib -L${glib:location}/lib -Wl,-rpath -Wl,${gnutls:location}/lib -L${gnutls:location}/lib -L${gettext:location}/lib -Wl,-rpath -Wl,${gettext:location}/lib -Wl,-rpath -Wl,${libpng:location}/lib -L${libpng:location}/lib -L${libuuid:location}/lib -Wl,-rpath -Wl,${libuuid:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -lpng -lz -lgnutls" + --extra-ldflags="-Wl,-rpath -Wl,${glib:location}/lib -L${glib:location}/lib -Wl,-rpath -Wl,${gnutls:location}/lib -L${gnutls:location}/lib -Wl,-rpath -Wl,${gpg-error:location}/lib -L${gpg-error:location}/lib -L${gettext:location}/lib -Wl,-rpath -Wl,${gettext:location}/lib -Wl,-rpath -Wl,${libpng:location}/lib -L${libpng:location}/lib -L${libuuid:location}/lib -Wl,-rpath -Wl,${libuuid:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -lpng -lz -lgnutls" --disable-werror environment = PATH=${pkgconfig:location}/bin:%(PATH)s @@ -86,8 +76,8 @@ environment = # XXX-Cedric : use official egg from pypi when it is released recipe = plone.recipe.command stop-on-error = true -commit = e7363f43443deb9982bdb5c3db50eec475584b06 -repository = https://github.com/desaintmartin/websockify.git +commit = 301f3ae580557da47fa5ea2050aa671ce9c5a1a0 +repository = https://github.com/SlapOS/websockify.git location = ${buildout:parts-directory}/${:_buildout_section_name_} git-binary = ${git:location}/bin/git command = export GIT_SSL_NO_VERIFY=true; (${:git-binary} clone --quiet ${:repository} ${:location} && cd ${:location} && ${:git-binary} reset --hard ${:commit}) || (rm -fr ${:location}; exit 1) @@ -101,83 +91,199 @@ command = grep parts ${buildout:develop-eggs-directory}/websockify.egg-link depends = ${eggs:dummy} [eggs] -python = python2.7 recipe = z3c.recipe.scripts dummy = ${websockify:location} eggs = ${lxml-python:egg} - slapos.cookbook websockify - + slapos.cookbook + slapos.toolbox + +[http-proxy] +# https://github.com/nodejitsu/node-http-proxy +recipe = slapos.recipe.build:download-unpacked +#XXX-Cedric : use upstream when merged +url = https://nodeload.github.com/desaintmartin/node-http-proxy/zipball/master +md5sum = 20204d0b29c2cef26e1c91e99eedca6b + +[proxy-by-url] +# https://github.com/dominictarr/proxy-by-url +recipe = slapos.recipe.build:download-unpacked +#XXX-Cedric : use upstream when merged +url = https://nodeload.github.com/desaintmartin/proxy-by-url/zipball/master +md5sum = c2609948aa708581f93b981b23880314 + +[npm-modules] +recipe = plone.recipe.command +destination = ${buildout:parts-directory}/${:_buildout_section_name_} +location = ${buildout:parts-directory}/${:_buildout_section_name_} +command = + rm -fr ${:destination} && + mkdir -p ${:destination} && + cd ${:destination} && + ${nodejs:location}/bin/node ${nodejs:location}/bin/npm install colors@0.6.0-1 && + ${nodejs:location}/bin/node ${nodejs:location}/bin/npm install socket.io@0.8.7 && + ${nodejs:location}/bin/node ${nodejs:location}/bin/npm install socket.io-client@0.8.7 && + ${nodejs:location}/bin/node ${nodejs:location}/bin/npm install optimist@0.3.1 && + ${nodejs:location}/bin/node ${nodejs:location}/bin/npm install pkginfo@0.2.3 + + +[template-kvm] +recipe = slapos.recipe.template +url = ${:_profile_base_location_}/instance-kvm.cfg +md5sum = b6572c018e44d4676e76805116bcade0 +output = ${buildout:directory}/template-kvm.cfg +mode = 0644 + +[template-kvmplus] +recipe = slapos.recipe.template +url = ${:_profile_base_location_}/instance-kvmplus.cfg +md5sum = 2e35c5b2ac9ee51d8f98fb1199f011c4 +output = ${buildout:directory}/template-kvmplus.cfg +mode = 0644 + +[template-nbd] +recipe = slapos.recipe.template +url = ${:_profile_base_location_}/instance-nbd.cfg +md5sum = 7691fadfc8d4392c58ac1bf0ebd5aaf2 +output = ${buildout:directory}/template-nbd.cfg +mode = 0644 + +[template-frontend] +recipe = slapos.recipe.template +url = ${:_profile_base_location_}/instance-frontend.cfg +md5sum = 123bf4e5bea9e86c03b62e9afb8ca04b +output = ${buildout:directory}/template-frontend.cfg +mode = 0644 + [template] recipe = slapos.recipe.template url = ${:_profile_base_location_}/instance.cfg -md5sum = 298b146e4efce41bfd58b3f85d064ff1 +md5sum = 68788763d23f70f24b9e575871c903a8 output = ${buildout:directory}/template.cfg mode = 0644 -[versions] -zc.buildout = 1.5.3-dev-SlapOS-010 +[networkcache] +# signature certificates of the following uploaders. +# Romain Courteaud +# Cedric de Saint Martin +signature-certificate-list = + -----BEGIN CERTIFICATE----- + MIIB4DCCAUkCADANBgkqhkiG9w0BAQsFADA5MQswCQYDVQQGEwJGUjEZMBcGA1UE + CBMQRGVmYXVsdCBQcm92aW5jZTEPMA0GA1UEChMGTmV4ZWRpMB4XDTExMDkxNTA5 + MDAwMloXDTEyMDkxNTA5MDAwMlowOTELMAkGA1UEBhMCRlIxGTAXBgNVBAgTEERl + ZmF1bHQgUHJvdmluY2UxDzANBgNVBAoTBk5leGVkaTCBnzANBgkqhkiG9w0BAQEF + AAOBjQAwgYkCgYEApYZv6OstoqNzxG1KI6iE5U4Ts2Xx9lgLeUGAMyfJLyMmRLhw + boKOyJ9Xke4dncoBAyNPokUR6iWOcnPHtMvNOsBFZ2f7VA28em3+E1JRYdeNUEtX + Z0s3HjcouaNAnPfjFTXHYj4um1wOw2cURSPuU5dpzKBbV+/QCb5DLheynisCAwEA + ATANBgkqhkiG9w0BAQsFAAOBgQBCZLbTVdrw3RZlVVMFezSHrhBYKAukTwZrNmJX + mHqi2tN8tNo6FX+wmxUUAf3e8R2Ymbdbn2bfbPpcKQ2fG7PuKGvhwMG3BlF9paEC + q7jdfWO18Zp/BG7tagz0jmmC4y/8akzHsVlruo2+2du2freE8dK746uoMlXlP93g + QUUGLQ== + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + MIIB9jCCAV+gAwIBAgIJAO4V/jiMoICoMA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV + BAMMCENPTVAtMjMyMCAXDTEyMDIxNjExMTAyM1oYDzIxMTIwMTIzMTExMDIzWjAT + MREwDwYDVQQDDAhDT01QLTIzMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA + wi/3Z8W9pUiegUXIk/AiFDQ0UJ4JFAwjqr+HSRUirlUsHHT+8DzH/hfcTDX1I5BB + D1ADk+ydXjMm3OZrQcXjn29OUfM5C+g+oqeMnYQImN0DDQIOcUyr7AJc4xhvuXQ1 + P2pJ5NOd3tbd0kexETa1LVhR6EgBC25LyRBRae76qosCAwEAAaNQME4wHQYDVR0O + BBYEFMDmW9aFy1sKTfCpcRkYnP6zUd1cMB8GA1UdIwQYMBaAFMDmW9aFy1sKTfCp + cRkYnP6zUd1cMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAskbFizHr + b6d3iIyN+wffxz/V9epbKIZVEGJd/6LrTdLiUfJPec7FaxVCWNyKBlCpINBM7cEV + Gn9t8mdVQflNqOlAMkOlUv1ZugCt9rXYQOV7rrEYJBWirn43BOMn9Flp2nibblby + If1a2ZoqHRxoNo2yTmm7TSYRORWVS+vvfjY= + -----END CERTIFICATE----- -slapos.cookbook = 0.37 +[versions] Jinja2 = 2.6 -Werkzeug = 0.8.1 +Werkzeug = 0.8.3 +apache-libcloud = 0.8.0 +async = 0.6.1 buildout-versions = 1.7 +gitdb = 0.5.4 hexagonit.recipe.cmmi = 1.5.0 -lxml = 2.3.2 -meld3 = 0.6.7 +lxml = 2.3.3 +meld3 = 0.6.8 plone.recipe.command = 1.1 +pycrypto = 2.5 +slapos.cookbook = 0.41 +slapos.recipe.build = 0.7 slapos.recipe.template = 2.2 +slapos.toolbox = 0.18 +smmap = 0.8.2 z3c.recipe.scripts = 1.0.1 # Required by: -# slapos.core==0.20 +# slapos.core==0.23 +# slapos.toolbox==0.18 Flask = 0.8 # Required by: -# slapos.cookbook==0.37 +# slapos.toolbox==0.18 +GitPython = 0.3.2.RC1 + +# Required by: +# slapos.cookbook==0.41 PyXML = 0.8.4 # Required by: -# hexagonit.recipe.cmmi==1.5.0 -hexagonit.recipe.download = 1.5.0 +# slapos.toolbox==0.18 +atomize = 0.1.1 + +# Required by: +# slapos.toolbox==0.18 +feedparser = 5.1.1 + +# Required by: +# slapos.cookbook==0.41 +inotifyx = 0.2.0 # Required by: -# slapos.cookbook==0.37 +# slapos.cookbook==0.41 netaddr = 0.7.6 # Required by: -# slapos.core==0.20 -netifaces = 0.6 +# slapos.core==0.23 +netifaces = 0.8 # Required by: # websockify==0.1-dev numpy = 1.6.1 # Required by: -# slapos.cookbook==0.37 -# slapos.core==0.20 -# zc.buildout==1.5.3-dev-SlapOS-010 -# zc.recipe.egg==1.3.2 +# slapos.toolbox==0.18 +paramiko = 1.7.7.1 + +# Required by: +# slapos.toolbox==0.18 +psutil = 0.4.1 + +# Required by: +# slapos.cookbook==0.41 +# slapos.core==0.23 +# slapos.toolbox==0.18 setuptools = 0.6c12dev-r88846 # Required by: -# slapos.cookbook==0.37 -slapos.core = 0.20 +# slapos.cookbook==0.41 +# slapos.toolbox==0.18 +slapos.core = 0.23 # Required by: -# slapos.core==0.20 -supervisor = 3.0a10 +# slapos.core==0.23 +supervisor = 3.0a12 # Required by: -# slapos.cookbook==0.37 +# slapos.cookbook==0.41 +# slapos.toolbox==0.18 xml-marshaller = 0.9.7 # Required by: -# slapos.cookbook==0.37 +# slapos.cookbook==0.41 zc.recipe.egg = 1.3.2 # Required by: -# slapos.core==0.20 +# slapos.core==0.23 zope.interface = 3.8.0 \ No newline at end of file diff --git a/software/lamp-template/software.cfg b/software/lamp-template/software.cfg index a27faf2786f1df777788547bae708982957b2e49..de0023c8ea855d2f7483b42d78bf67290025020d 100644 --- a/software/lamp-template/software.cfg +++ b/software/lamp-template/software.cfg @@ -7,7 +7,6 @@ parts = mariadb eggs instance-recipe-egg - downloadcache-workaround extends = ../../stack/lamp.cfg @@ -18,7 +17,6 @@ url = Student shall put here url of zipped or tarballed web page or application md5sum = Student may put here md5sum of this file, this is good idea #If provided tarball does not contain top directory, option shall be changed to false strip-top-level-dir = true -#extract-directory = [application-template] recipe = slapos.recipe.download @@ -43,91 +41,7 @@ url = ${:_profile_base_location_}/instance.cfg output = ${buildout:directory}/template.cfg mode = 0644 -[mariadb] -keep-compile-dir = false - [instance-recipe-egg] recipe = zc.recipe.egg eggs = ${instance-recipe:egg} - -[versions] -# Use SlapOS patched zc.buildout -zc.buildout = 1.6.0-dev-SlapOS-003 -# Generated by buildout-versions -Jinja2 = 2.6 -Werkzeug = 0.8.2 -buildout-versions = 1.7 -hexagonit.recipe.cmmi = 1.5.0 -meld3 = 0.6.8 -plone.recipe.command = 1.1 -slapos.cookbook = 0.20 -slapos.recipe.build = 0.7 -slapos.recipe.download = 1.0.dev-r4053 -slapos.recipe.template = 2.2 - -# Required by: -# slapos.core==0.21 -Flask = 0.8 - -# Required by: -# slapos.cookbook==0.38 -PyXML = 0.8.4 - -# Required by: -# hexagonit.recipe.cmmi==1.5.0 -hexagonit.recipe.download = 1.5.0 - -# Required by: -# slapos.cookbook==0.38 -# slapos.core==0.21 -# xml-marshaller==0.9.7 -lxml = 2.3.3 - -# Required by: -# slapos.cookbook==0.38 -netaddr = 0.7.6 - -# Required by: -# slapos.core==0.21 -netifaces = 0.6 - -# Required by: -# slapos.cookbook==0.38 -# slapos.core==0.21 -# zc.buildout==1.6.0-dev-SlapOS-003 -# zc.recipe.egg==1.3.2 -setuptools = 0.6c12dev-r88846 - -# Required by: -# slapos.cookbook==0.38 -slapos.core = 0.21 - -# Required by: -# slapos.core==0.21 -supervisor = 3.0a12 - -# Required by: -# slapos.cookbook==0.38 -xml-marshaller = 0.9.7 - -# Required by: -# slapos.cookbook==0.38 -zc.recipe.egg = 1.3.2 - -# Required by: -# slapos.core==0.21 -zope.interface = 3.8.0 - -[downloadcache-workaround] -# workaround irritating problem of hexagonit.recipe.cmmi which automatically -# creates download cache, which in turn switches builout to "semi-offline" mode -recipe = plone.recipe.command -# in hexagonit.recipe.cmmi if there is no ${buildout:download-cache} set it resolves -# to ${buildout:directory}/downloads but this variable is available late, that's -# why it is hardcoded only for required case -download-cache = ${buildout:directory}/downloads -command = [ -d ${:download-cache} ] && rm -fr ${:download-cache}/* || exit 0 -update-command = ${:command} -stop-on-error = True - diff --git a/software/nbd/instance.cfg b/software/nbd/instance.cfg deleted file mode 100644 index dcc2d0a62cecc520e7d3eb37c39af67d713d091e..0000000000000000000000000000000000000000 --- a/software/nbd/instance.cfg +++ /dev/null @@ -1,11 +0,0 @@ -[buildout] -parts = - nbdserverinstance - -eggs-directory = ${buildout:eggs-directory} -develop-eggs-directory = ${buildout:develop-eggs-directory} - -[nbdserverinstance] -recipe = ${instance-recipe:egg}:${instance-recipe:module} -qemu_path = ${nbdserver:location}/bin/qemu-nbd -onetimeupload_path = ${buildout:bin-directory}/onetimeupload diff --git a/software/nbd/software.cfg b/software/nbd/software.cfg deleted file mode 100644 index 2735046e37ff296efde2ea571b7584131d6fe314..0000000000000000000000000000000000000000 --- a/software/nbd/software.cfg +++ /dev/null @@ -1,20 +0,0 @@ -[buildout] - -extends = - ../../stack/nbd.cfg - ../../stack/shacache-client.cfg - -parts += - template - -[template] -recipe = slapos.recipe.template -url = ${:_profile_base_location_}/instance.cfg -md5sum = 82e948e1c0cb0d5540ef185edeef3ec3 -output = ${buildout:directory}/template.cfg -mode = 0644 - -[versions] -# XXX-CEDRIC Quick and dirty workaround to avoid m2crypto problems. -# should not be used elsewhere unless for urgent cases. -slapos.libnetworkcache = 0.2 diff --git a/software/slaprunner/instance.cfg b/software/slaprunner/instance.cfg index f9427ba5b784e6b1a80dd1c813a584f300376d98..182887a686342b03b7a68db2bd14de3dc3cf0242 100644 --- a/software/slaprunner/instance.cfg +++ b/software/slaprunner/instance.cfg @@ -16,6 +16,8 @@ slapgrid_cp = ${buildout:directory}/bin/slapgrid-cp slapproxy = ${buildout:directory}/bin/slapproxy supervisor = ${buildout:directory}/bin/slapgrid-supervisorctl git = ${git:location}/bin/git +node-bin = ${nodejs-0.4:location}/bin/node +cloud9 = ${cloud9:location}/bin/cloud9.js ssh_client = $${sshkeys-dropbear:wrapper} public_key = $${sshkeys-dropbear:public-key} private_key = $${sshkeys-dropbear:private-key} @@ -62,4 +64,4 @@ bin = $${buildout:directory}/bin/ recipe = slapos.cookbook:mkdirectory sshkeys = $${rootdirectory:srv}/sshkeys services = $${rootdirectory:etc}/run/ -ssh = $${rootdirectory:etc}/ssh/ +ssh = $${rootdirectory:etc}/ssh/ \ No newline at end of file diff --git a/software/slaprunner/software.cfg b/software/slaprunner/software.cfg index 8a2e90bb72e9f594dcafa5111ebc8b20e8f445e2..e6ee0edd7a7d68ece8108b9dee768aeca0d2030e 100644 --- a/software/slaprunner/software.cfg +++ b/software/slaprunner/software.cfg @@ -1,4 +1,5 @@ [buildout] + extensions = buildout-versions @@ -8,6 +9,7 @@ extends = ../../stack/shacache-client.cfg ../../component/dropbear/buildout.cfg ../../component/git/buildout.cfg + ../../component/cloud9/buildout.cfg parts = template @@ -31,7 +33,7 @@ recipe = slapos.recipe.template url = ${:_profile_base_location_}/instance.cfg output = ${buildout:directory}/template.cfg mode = 0644 -md5sum = cd69efd5c3a7e9adca7387b9a401590a +md5sum = 7cfd248cdc6fa6cbb4957d25a0aed884 [eggs] eggs += @@ -60,6 +62,7 @@ signature-certificate-list = [versions] # Use SlapOS patched zc.buildout zc.buildout = 1.6.0-dev-SlapOS-003 + Jinja2 = 2.6 Werkzeug = 0.8.3 apache-libcloud = 0.8.0 @@ -68,68 +71,65 @@ buildout-versions = 1.7 gitdb = 0.5.4 hexagonit.recipe.cmmi = 1.5.0 meld3 = 0.6.8 +plone.recipe.command = 1.1 pycrypto = 2.5 -slapos.cookbook = 0.39 +slapos.cookbook = 0.45 slapos.libnetworkcache = 0.12 -slapos.recipe.template = 2.2 -slapos.toolbox = 0.18 +slapos.recipe.template = 2.3 +slapos.toolbox = 0.20 smmap = 0.8.2 # Required by: -# slapos.core==0.22 +# slapos.core==0.24 Flask = 0.8 # Required by: -# slapos.toolbox==0.18 +# slapos.toolbox==0.20 GitPython = 0.3.2.RC1 # Required by: -# slapos.cookbook==0.39 +# slapos.cookbook==0.45 PyXML = 0.8.4 # Required by: -# slapos.toolbox==0.18 +# slapos.toolbox==0.20 atomize = 0.1.1 # Required by: -# slapos.toolbox==0.18 -feedparser = 5.1 - -# Required by: -# hexagonit.recipe.cmmi==1.5.0 -hexagonit.recipe.download = 1.5.0 +# slapos.toolbox==0.20 +feedparser = 5.1.1 # Required by: -# slapos.cookbook==0.39 +# slapos.cookbook==0.45 inotifyx = 0.2.0 # Required by: -# slapos.cookbook==0.39 -# slapos.core==0.22 +# slapos.cookbook==0.45 +# slapos.core==0.24 # xml-marshaller==0.9.7 -lxml = 2.3.3 +lxml = 2.3.4 # Required by: -# slapos.cookbook==0.39 +# slapos.cookbook==0.45 netaddr = 0.7.6 # Required by: -# slapos.core==0.22 +# slapos.core==0.24 netifaces = 0.8 # Required by: -# slapos.toolbox==0.18 +# slapos.toolbox==0.20 paramiko = 1.7.7.1 # Required by: -# slapos.toolbox==0.18 +# slapos.toolbox==0.20 psutil = 0.4.1 # Required by: -# slapos.cookbook==0.39 -# slapos.core==0.22 +# slapos.cookbook==0.45 +# slapos.core==0.24 # slapos.libnetworkcache==0.12 -# slapos.toolbox==0.18 +# slapos.toolbox==0.20 # supervisor==3.0a12 # zc.buildout==1.6.0-dev-SlapOS-003 # zc.recipe.egg==1.3.2 @@ -137,21 +137,21 @@ psutil = 0.4.1 setuptools = 0.6c12dev-r88846 # Required by: -# slapos.cookbook==0.39 -slapos.core = 0.22 +# slapos.cookbook==0.45 +slapos.core = 0.24 # Required by: -# slapos.core==0.22 +# slapos.core==0.24 supervisor = 3.0a12 # Required by: -# slapos.cookbook==0.39 +# slapos.cookbook==0.45 xml-marshaller = 0.9.7 # Required by: -# slapos.cookbook==0.39 +# slapos.cookbook==0.45 zc.recipe.egg = 1.3.2 # Required by: -# slapos.core==0.22 -zope.interface = 3.8.0 +# slapos.core==0.24 +zope.interface = 3.8.0 \ No newline at end of file diff --git a/software/vifib/software.cfg b/software/vifib/software.cfg index a4c0e306dba32aa7506d0724d1488a1ae80a64ca..48dd29ac06d72557637e93fc55dae4f49ed83542 100644 --- a/software/vifib/software.cfg +++ b/software/vifib/software.cfg @@ -31,8 +31,12 @@ configurator_bt5_list = erp5_core_proxy_field_legacy erp5_full_text_myisam_catal [erp5_repository_list] repository_id_list += vifib/master +[erp5] +branch = interaction-drop + [vifib] <= erp5 +branch = master repository = http://git.erp5.org/repos/slapos.core.git revision = diff --git a/stack/cloudooo.cfg b/stack/cloudooo.cfg index 207d4cefdd8ad501f7cd37fbaa414b0088dbbc7c..00456586c2e6390856a7f9348e82c7b0561fa052 100644 --- a/stack/cloudooo.cfg +++ b/stack/cloudooo.cfg @@ -9,7 +9,8 @@ find-links = http://www.nexedi.org/static/packages/source/slapos.buildout/ http://www.nexedi.org/static/packages/source/ extends = - ../component/openoffice-bin/buildout.cfg + ../component/libreoffice-bin/buildout.cfg + ../component/libpng/buildout.cfg ../component/lxml-python/buildout.cfg ../component/python-2.6/buildout.cfg ../component/python-2.7/buildout.cfg @@ -20,24 +21,26 @@ extends = ../component/pdftk/buildout.cfg ../component/ffmpeg/buildout.cfg ../component/file/buildout.cfg + ../component/cloudooo/buildout.cfg versions = versions parts = - openoffice-bin + libreoffice-bin # basic Xorg libXdmcp libXext libXau - libXinerama libSM + libXrender # fonts liberation-fonts ipaex-fonts # Dependencies + libpng12 imagemagick file xpdf @@ -64,19 +67,6 @@ python = python2.6 version = 2 section = python2.7 -[lxml-python] -python = python2.6 - -[cloudooo] -recipe = zc.recipe.egg -python = python2.6 -eggs = - ${lxml-python:egg} - cloudooo - PasteScript -scripts = - paster=cloudooo_paster - [versions] # Use SlapOS patched zc.buildout zc.buildout = 1.5.3-dev-SlapOS-001 diff --git a/stack/erp5.cfg b/stack/erp5.cfg index 67a53a4e84fea7b3a0535fce61589d0b81b3e51a..bba2bcb1e72b45a7cd0d79f63ee4fcc8a5d6841b 100644 --- a/stack/erp5.cfg +++ b/stack/erp5.cfg @@ -28,10 +28,11 @@ allow-hosts = psutil.googlecode.com www.dabeaz.com www.owlfish.com + launchpad.net extends = # Exact version of Zope - http://svn.zope.org/repos/main/Zope/tags/2.12.21/versions.cfg + http://svn.zope.org/repos/main/Zope/tags/2.12.22/versions.cfg ../component/logrotate/buildout.cfg ../component/dcron/buildout.cfg ../component/file/buildout.cfg @@ -45,6 +46,7 @@ extends = ../component/hookbox/buildout.cfg ../component/imagemagick/buildout.cfg ../component/kumo/buildout.cfg + ../component/libpng/buildout.cfg ../component/libreoffice-bin/buildout.cfg ../component/lxml-python/buildout.cfg ../component/percona-toolkit/buildout.cfg @@ -72,12 +74,16 @@ extends = ../component/sed/buildout.cfg ../component/coreutils/buildout.cfg ../component/grep/buildout.cfg + ../component/dash/buildout.cfg + ../component/wget/buildout.cfg + ../component/aspell/buildout.cfg versions = versions parts = itools-build rdiff-backup + aspell apache apache-antiloris file @@ -88,6 +94,7 @@ parts = stunnel w3m poppler + libpng12 libpng ghostscript mariadb @@ -107,6 +114,8 @@ parts = zabbix-agent pdftk dcron + dash + wget # Buildoutish eggs @@ -117,8 +126,8 @@ parts = libXdmcp libXext libXau - libXinerama libSM + libXrender # fonts liberation-fonts @@ -226,8 +235,8 @@ stop-on-error = true repository = http://git.erp5.org/repos/erp5.git branch = master revision = -command = ${git:location}/bin/git clone --quiet -b ${:branch} ${:repository} ${:location} && if [ -n "${:revision}" ]; then cd ${:location} && ${git:location}/bin/git reset --quiet --hard ${:revision} ; fi -update-command = cd ${:location} && ${git:location}/bin/git pull --quiet && if [ -n "${:revision}" ]; then cd ${:location} && ${git:location}/bin/git reset --quiet --hard ${:revision} ; fi +command = ${git:location}/bin/git clone --quiet --branch ${:branch} ${:repository} ${:location} && if [ -n "${:revision}" ]; then cd ${:location} && ${git:location}/bin/git reset --quiet --hard ${:revision} ; fi +update-command = cd ${:location} && GIT_COMMITTER_EMAIL=nobody@example.com GIT_AUTHOR_NAME=Nobody GIT_AUTHOR_EMAIL=nobody@example.com ${git:location}/bin/git pull && if [ -n "${:revision}" ]; then echo "Resetting." ; cd ${:location} && ${git:location}/bin/git reset --hard ${:revision} ; fi [products] # XXX: ERP5 related products are not defined as python distributions, so it is @@ -268,11 +277,15 @@ initialization = [bt5_path, os.path.join(bt5_path, '*')] for bt5_path in (os.path.join(parts_directory, x, 'bt5') for x in repository_id_list)), [])) - sys.path[:0] = [os.path.join(parts_directory, x, 'tests') - for x in repository_id_list] + sys.path[:0] = sum(( + glob.glob(os.path.join(parts_directory, x, 'tests')) + for x in repository_id_list), []) sys.path[:0] = sum(( glob.glob(os.path.join(parts_directory, x, 'product', '*', 'tests')) for x in repository_id_list), []) + sys.path[:0] = sum(( + glob.glob(os.path.join(x, '*', 'tests')) + for x in reversed('''${products:list}'''.split())), []) [test_suite_runner] # XXX: Workaround for fact ERP5Type is not an distribution and does not @@ -312,6 +325,7 @@ eggs = coverage elementtree erp5diff + inotifyx ipdb mechanize numpy @@ -330,6 +344,7 @@ eggs = feedparser argparse validictory + erp5.util # Zope 2.12 with patched acquisition ZODB3 @@ -356,7 +371,6 @@ eggs = Products.MimetypesRegistry Products.ExternalEditor Products.TIDStorage - Products.Zelenium # Currently forked in our repository # Products.PortalTransforms @@ -373,6 +387,7 @@ scripts = runzeo tidstoraged tidstorage_repozo + web_checker_utility = erp5.util.webchecker:web_checker_utility extra-paths = ${itools:location}/lib @@ -418,7 +433,7 @@ scripts = [versions] # Use SlapOS patched zc.buildout -zc.buildout = 1.6.0-dev-SlapOS-003 +zc.buildout = 1.6.0-dev-SlapOS-004 # pin Acquisition and Products.DCWorkflow to Nexedi flavour of eggs Acquisition = 2.13.7nxd001 @@ -442,3 +457,10 @@ setuptools = # official pysvn egg does not supports --include-dirs and # --library-dirs, so we use our modified version pysvn = 1.7.4nxd006 + +# CMF 2.3 requries Zope 2.13. +Products.CMFCalendar = 2.2.2 +Products.CMFCore = 2.2.5 +Products.CMFDefault = 2.2.2 +Products.CMFTopic = 2.2.1 +Products.CMFUid = 2.2.1 diff --git a/stack/lamp.cfg b/stack/lamp.cfg index 4545904a48d9bc3a5edeb81d4122a924ba7110b5..54d421ce34fe008586729e03e4407c63fbf40a70 100644 --- a/stack/lamp.cfg +++ b/stack/lamp.cfg @@ -1,23 +1,4 @@ [buildout] -extensions = buildout-versions - -find-links += - http://www.nexedi.org/static/packages/source/slapos.buildout/ - -# Use only quite well working sites. -allow-hosts = - *.nexedi.org - *.python.org - *.sourceforge.net - alastairs-place.net - dist.repoze.org - effbot.org - github.com - launchpad.net - peak.telecommunity.com - psutil.googlecode.com - www.dabeaz.com - parts = template apache-php @@ -38,7 +19,7 @@ extends = ../component/stunnel/buildout.cfg ../component/pycrypto-python/buildout.cfg ../component/mysql-python/buildout.cfg - shacache-client.cfg + ../stack/slapos.cfg ../component/python-2.7/buildout.cfg # python-2.7 component is here only for compatibility with old software.cfg. # It is not needed and should not be used in LAMP-based software.cfg @@ -52,14 +33,6 @@ eggs = [mariadb] keep-compile-dir = false -[application] -#XXX-Cedric : ugly hack to work around h.r.cmmi unrespectful behavior, so that -# a cmmi Executes before application but after template downloading. -# Useful when [application] uses slapos.recipe.build or -# slapos.recipe.download rather than h.r.download. -depends = ${apache-php:location} - - [networkcache] # Romain Courteaud + Sebastien Robin + Alain Takoudjou signature certificate signature-certificate-list = diff --git a/stack/lamp/buildout.cfg b/stack/lamp/buildout.cfg index b17f8a7b38267a00e274c9e55d7fd8479a80a20f..f638f55d57efeb23bf0cb70aada7765daecda693 100644 --- a/stack/lamp/buildout.cfg +++ b/stack/lamp/buildout.cfg @@ -1,7 +1,4 @@ [buildout] -find-links += - http://www.nexedi.org/static/packages/source/slapos.buildout/ - parts = apache-php mariadb @@ -18,21 +15,7 @@ parts = template-mariadb-pbsready-import template-mariadb-pbsready-export -allow-hosts = - *.nexedi.org - *.python.org - *.sourceforge.net - alastairs-place.net - dist.repoze.org - effbot.org - github.com - peak.telecommunity.com - psutil.googlecode.com - www.dabeaz.com - launchpad.net - extends = - ../shacache-client.cfg ../../component/mariadb/buildout.cfg ../../component/apache/buildout.cfg ../../component/apache-php/buildout.cfg @@ -40,7 +23,6 @@ extends = ../../component/git/buildout.cfg ../../component/glib/buildout.cfg ../../component/logrotate/buildout.cfg - ../../component/python-2.7/buildout.cfg ../../component/perl/buildout.cfg ../../component/sqlite3/buildout.cfg ../../component/lxml-python/buildout.cfg @@ -51,6 +33,10 @@ extends = ../../component/mydumper/buildout.cfg ../../component/mysql-python/buildout.cfg ../../component/dropbear/buildout.cfg + ../slapos.cfg + ../../component/python-2.7/buildout.cfg +# python-2.7 component is here only for compatibility with old software.cfg. +# It is not needed and should not be used in LAMP-based software.cfg versions = versions @@ -64,7 +50,6 @@ module = lamp.request [instance-recipe-egg] recipe = zc.recipe.egg -#python = python2.7 eggs = ${instance-recipe:egg} [application] @@ -83,7 +68,7 @@ mode = 0644 recipe = slapos.recipe.template url = ${:_profile_base_location_}/instance-apache-php.cfg output = ${buildout:directory}/template-apache-php.cfg -md5sum = 45bc82dc468e7f418d95c846d1a33d74 +md5sum = 8ebed1e26127c066e5b69372e69e6c38 mode = 0644 [template-apache-backup] diff --git a/stack/lamp/instance-apache-php.cfg b/stack/lamp/instance-apache-php.cfg index 77e266f21def3d68a1ee1cfbe374e9eb4bb86ea6..d77125de685bf8ea09133792e50442de11f4489a 100644 --- a/stack/lamp/instance-apache-php.cfg +++ b/stack/lamp/instance-apache-php.cfg @@ -12,6 +12,7 @@ parts = logrotate-entry-stunnel cron cron-entry-logrotate + promise eggs-directory = ${buildout:eggs-directory} develop-eggs-directory = ${buildout:develop-eggs-directory} @@ -21,6 +22,12 @@ offline = true recipe = slapos.cookbook:publishurl url = http://[$${apache-php:ip}]:$${apache-php:port}/ +[promise] +recipe = slapos.cookbook:check_port_listening +path = $${basedirectory:promises}/apache +hostname = $${apache-php:ip} +port = $${apache-php:port} + [mariadb-urlparse] recipe = slapos.cookbook:urlparse url = $${request-mariadb:connection-url} @@ -43,8 +50,6 @@ tmp-dir = $${directory:tmp-php} httpd-conf = $${rootdirectory:etc}/apache.conf wrapper = $${basedirectory:services}/apache -promise = $${basedirectory:promises}/apache - httpd-binary = ${apache:location}/bin/httpd mysql-username = $${mariadb-urlparse:username} diff --git a/stack/nodejs.cfg b/stack/nodejs.cfg new file mode 100644 index 0000000000000000000000000000000000000000..04b47bc9b8947ab717c769451a4d73c8178613cd --- /dev/null +++ b/stack/nodejs.cfg @@ -0,0 +1,18 @@ +[buildout] +extends = + ../component/nodejs/buildout.cfg + ../component/lxml-python/buildout.cfg + ../stack/slapos.cfg + +versions = versions + +parts = + eggs + nodejs + npm + +[eggs] +recipe = zc.recipe.egg +eggs = + slapos.cookbook + ${lxml-python:egg} diff --git a/stack/slapos.cfg b/stack/slapos.cfg index 83267a377f3333aa6929e326378a7f406c737f63..2054ec53eaaea2f8c5b4eb9f70eb57f1bb43fe1f 100644 --- a/stack/slapos.cfg +++ b/stack/slapos.cfg @@ -18,6 +18,7 @@ exec-sitecustomize = false # Add location for modified non-official slapos.buildout find-links += http://www.nexedi.org/static/packages/source/slapos.buildout/ + http://www.nexedi.org/static/packages/source/hexagonit.recipe.download/ # Use only quite well working sites. allow-hosts += @@ -38,3 +39,12 @@ allow-hosts += # Unzippig of eggs is required, as SlapOS do not yet provide nicely working # development / fast switching environment for whole software unzip = true + +versions = versions + +[versions] +# Use patched hexagonit.recipe.download from +# https://github.com/SlapOS/hexagonit.recipe.download +hexagonit.recipe.download = 1.5.1-dev-slapos-001 +# Use SlapOS patched zc.buildout +zc.buildout = 1.6.0-dev-SlapOS-004 diff --git a/stack/tomcat.cfg b/stack/tomcat.cfg index ee714f3a3c95aaea7f3af4bd1a72a7ee268deda1..cd3752066edcdba5e1de339966adaf72cd67839c 100644 --- a/stack/tomcat.cfg +++ b/stack/tomcat.cfg @@ -4,6 +4,7 @@ extends = ../component/java/buildout.cfg ../component/mysql-5.1/buildout.cfg ../component/python-2.7/buildout.cfg + ../component/tomcat/buildout.cfg ../stack/shacache-client.cfg find-links += @@ -42,12 +43,6 @@ recipe = hexagonit.recipe.download url = http://download.softagency.net/mysql/Downloads/Connector-J/mysql-connector-java-5.1.17.zip md5sum = 22e1aff6104bb9006f8744a02bf73124 -[tomcat] -recipe = hexagonit.recipe.download -strip-top-level-dir = true -url = http://apache.multidist.com/tomcat/tomcat-6/v6.0.32/bin/apache-tomcat-6.0.32.zip -md5sum = 082a0707985b6c029920d4d6d5ec11cd - [eggs] recipe = zc.recipe.egg python = python2.7