Merge branch 'master' into erp5-component

component/nginx/buildout.cfg

@@ -11,20 +11,15 @@ md5sum = d252f5c689a14a668e241c744ccf5f06
 configure-options=
   --with-ipv6
   --with-http_ssl_module
+  --with-mail
+  --with-mail_ssl_module
   --with-ld-opt="-L ${zlib:location}/lib -L ${openssl:location}/lib -L ${pcre:location}/lib  -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${openssl:location}/lib"
   --with-cc-opt="-I ${pcre:location}/include -I ${openssl:location}/include -I ${zlib:location}/include"
 
 [nginx-unstable]
-recipe = hexagonit.recipe.cmmi
-url = http://nginx.org/download/nginx-1.3.14.tar.gz
-md5sum = 9b13753c88ea682fddd1495cb36e5d39
-configure-options=
-  --with-ipv6
-  --with-http_ssl_module
-  --with-ld-opt="-L ${zlib:location}/lib -L ${openssl:location}/lib -L ${pcre:location}/lib  -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${openssl:location}/lib"
-  --with-cc-opt="-I ${pcre:location}/include -I ${openssl:location}/include -I ${zlib:location}/include"
-
-
+<= nginx
+url = http://nginx.org/download/nginx-1.3.15.tar.gz
+md5sum = ded252047393c79a31b0862e9166a065
 
 [hexaglobe-nginx-module]
 recipe = hexagonit.recipe.download

setup.py

@@ -162,6 +162,7 @@ setup(name=name,
           'request.serialised = slapos.recipe.request:Serialised',
           'request.edge = slapos.recipe.request:RequestEdge',
           'requestoptional = slapos.recipe.request:RequestOptional',
+          'reverseproxy.nginx = slapos.recipe.reverse_proxy_nginx:Recipe',
           'seleniumrunner = slapos.recipe.seleniumrunner:Recipe',
           'sheepdogtestbed = slapos.recipe.sheepdogtestbed:SheepDogTestBed',
           'shell = slapos.recipe.shell:Recipe',
@@ -195,7 +196,6 @@ setup(name=name,
           'zabbixagent = slapos.recipe.zabbixagent:Recipe',
           'zimbra.kvm = slapos.recipe.zimbra_kvm:Recipe',
           'zeo = slapos.recipe.zeo:Recipe',
-
         ],
         'slapos.recipe.nosqltestbed.plugin': [
           'kumo = slapos.recipe.nosqltestbed.kumo:KumoTestBed',

slapos/recipe/reverse_proxy_nginx/__init__.py

+##############################################################################
+#
+# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+import operator
+from slapos.recipe.librecipe import GenericSlapRecipe
+import zc.buildout
+
+class Recipe(GenericSlapRecipe):
+  def _install(self):
+    path_list = []
+
+    # Check for mandatory arguments
+    domain_name = self.options['domain']
+    if not domain_name:
+      raise zc.buildout.UserError('No domain name specified. Please define '
+          'the "domain" instance parameter.')
+
+    # XXX: add HTTP support
+    #https_port_number = self.options['https-port']
+    #http_port_number = self.options['http-port']
+
+    # Parse list of slaves
+    slave_instance_list = sorted(self.options['slave-instance-list'],
+                                 key=operator.itemgetter('slave_reference'))
+
+    # Now, we only take first instance and only use this one.
+    # XXX: TODO real implementation of slaves
+    zimbra_slave_instance = slave_instance_list[0]
+
+    # Generate Nginx configuration
+    nginx_configuration_dict = {
+      'listen-local-ipv4': self.options['ipv4'],
+      'listen-global-ipv6': '[%s]' % self.options['ipv6'],
+      'domain-name': domain_name,
+      'smtp-port-number': self.options['smtp-port'],
+      'error-log': self.options['error-log'],
+      'access-log': self.options['access-log'],
+      'htdocs': self.options['htdocs'],
+      'smtp-upstream-host': zimbra_slave_instance['smtp-upstream-host'],
+      'smtp-upstream-port': zimbra_slave_instance['smtp-upstream-port'],
+    }
+    nginx_configuration_file = self.createFile(
+        self.options['configuration-file'],
+        self.substituteTemplate(self.getTemplateFilename('nginx.conf.in'),
+        nginx_configuration_dict)
+    )
+    path_list.append(nginx_configuration_file)
+    
+    # Generate Nginx wrapper
+    wrapper = self.createWrapper(
+        name=self.options['wrapper'],
+        command=self.options['nginx-executable'],
+        parameters=[
+            '-c', self.options['configuration-file'],
+            '-p', self.options['home-directory']
+        ]
+    )
+
+    # TODO: reload configuration or have feature like apache_map
+
+    # Send connection informations about each slave
+    for slave_instance in slave_instance_list:
+      reference = slave_instance.get("slave_reference")
+      self.logger.debug('Sending connection parameters of slave '
+          'instance: %s' % reference)
+      try:
+        connection_dict = {
+            'listening-ipv6': self.options['ipv6'],
+            # Arbitrary, as the instance doesn't know its public IP.
+            'listening-ipv4': self.options['public-ipv4'],
+            # XXX-TODO
+            #'site_url': url,
+        }
+        self.setConnectionDict(connection_dict, reference)
+      except:
+        self.logger.fatal("Error while sending slave %s informations: %s",
+            reference, traceback.format_exc())
+
+    return path_list

slapos/recipe/reverse_proxy_nginx/template/nginx.conf.in

+daemon off;
+worker_processes 1;
+
+#XXX-Cedric: TODO separate the different logs
+error_log %(error-log)s info;
+
+events {
+        worker_connections 1024;
+        use epoll;
+}
+
+http {
+        log_format main
+                '$remote_addr - $remote_user [$time_local] '
+                '"$request" $status $bytes_sent '
+                '"$http_referer" "$http_user_agent" '
+                '"$gzip_ratio"';
+
+        server {
+                listen %(listen-local-ipv4)s:8008;
+                server_name localhost;
+                access_log %(access-log)s main;
+                error_log %(error-log)s info;
+
+                root %(htdocs)s;
+
+                location ~ $ {
+                        add_header Auth-Server %(smtp-upstream-host)s;
+                        add_header Auth-Port %(smtp-upstream-port)s;
+                        return 200;
+                }
+        }
+}
+
+mail {
+        server_name %(domain-name)s;
+
+        auth_http %(listen-local-ipv4)s:8008;
+
+        server {
+                listen %(listen-local-ipv4)s:%(smtp-port-number)s;
+                listen %(listen-global-ipv6)s:%(smtp-port-number)s;
+                protocol smtp;
+                timeout 5s;
+                proxy on;
+                xclient off;
+                smtp_auth none;
+        }
+}

software/apache-frontend/README.apache_frontend.txt

@@ -195,8 +195,8 @@ Notes
 It is not possible with slapos to listen to port <= 1024, because process are
 not run as root.
 
-Solution 1
-----------
+Solution 1 (IPv4 only)
+----------------------
 
 It is a good idea then to go on the node where the instance is
 and set some iptables rules like (if using default ports)::
@@ -207,8 +207,8 @@ and set some iptables rules like (if using default ports)::
 Where {public ip} is the public IP of your server, or at least the LAN IP to where your NAT will forward to.
 {listening ip} is the private ipv4 (like 10.0.34.123) that the instance is using and sending as connection parameter.
 
-Solution 2
-----------
+Solution 2 (IPv6 only)
+----------------------
 
 It is also possible to directly allow the service to listen on 80 and 443 ports using the following command:
 

software/helloworld/instance.cfg.in

@@ -29,7 +29,9 @@ cert = $${slap_connection:cert_file}
 
 # Define default parameter(s) that will be used later, in case user didn't
 # specify it
-name = anonymous
+# All parameters are available through the configuration.XX syntax.
+# All possible parameters should have a default.
+configuration.name = anonymous
 
 
 # Create all needed directories, depending on your needs
@@ -52,7 +54,7 @@ promise = $${:etc}/promise/
 # This recipe will try to "exec" the command-line after separating parameters.
 recipe = slapos.cookbook:wrapper
 # Notice that there is only one $ at ${dash:location}, it is because it comes from the Software Release buildout profile.
-command-line = ${dash:location}/bin/dash -c 'echo "Hello $${instance-parameter:name}!"; sleep 100000;' 
+command-line = ${dash:location}/bin/dash -c 'echo "Hello $${instance-parameter:configuration.name}!"; sleep 100000;' 
 # Put this shell script in the "etc/service" directory. Every executable of this
 # repository will be started and monitored by supervisord
 wrapper-path = $${directory:service}/hello-world
@@ -63,4 +65,4 @@ wrapper-path = $${directory:service}/hello-world
 # Here we'll just echo back the entered name as instance parameter
 [publish-connection-parameter]
 recipe = slapos.cookbook:publish
-name = Hello $${instance-parameter:name}!
+name = Hello $${instance-parameter:configuration.name}!

software/hexaglobe-watermarking/common.cfg

+[buildout]
+extends =
+  ../../component/dash/buildout.cfg
+  ../../component/dcron/buildout.cfg
+  ../../component/gzip/buildout.cfg
+  ../../component/logrotate/buildout.cfg
+  ../../component/nginx/buildout.cfg
+  ../../component/openssl/buildout.cfg
+  ../../stack/slapos.cfg
+
+parts =
+  slapos-cookbook
+  watermarkingadmin
+  eggs
+  instance-profile
+
+develop =
+  ${buildout:directory}/parts/watermarkingadmin
+
+[watermarkingadmin]
+recipe = hexagonit.recipe.download
+url = http://easicloud-p.cdn.hexaglobe.net/api10.tar.gz
+#md5sum = 
+
+[eggs]
+recipe = zc.recipe.egg
+eggs =
+  watermarkingadmin
+  slapos.toolbox
+
+[watermarkadmin.ini.in]
+recipe = slapos.recipe.download
+url = ${:_profile_base_location_}/template/${:_buildout_section_name_}
+md5sum = 2edc2acd102a465a0f21d8cd982ba4bf
+download-only = true
+#filename = template.in
+mode = 0644
+location = ${buildout:parts-directory}/${:_buildout_section_name_}
+
+[nginx.conf.in]
+recipe = slapos.recipe.download
+url = ${:_profile_base_location_}/template/${:_buildout_section_name_}
+md5sum = 7e41dfcb633ce52be42457ffd5b123d8
+download-only = true
+#filename = template.in
+mode = 0644
+location = ${buildout:parts-directory}/${:_buildout_section_name_}
+
+[instance-profile]
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance.cfg.in
+output = ${buildout:directory}/instance.cfg
+#md5sum = 650cd2527158734fd6ccd9ec374b5e69
+mode = 0644
+
+[watermarking-instance-profile]
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance-watermarking.cfg.in
+output = ${buildout:directory}/instance-watermarking.cfg
+#md5sum = 76c88bfc59bc9c2d05fa13cc960349c7
+mode = 0644
+
+[edge-instance-profile]
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance-edge.cfg.in
+output = ${buildout:directory}/instance-edge.cfg
+#md5sum = 650cd2527158734fd6ccd9ec374b5e69
+mode = 0644

software/hexaglobe-watermarking/development.cfg

+[buildout]
+extends =
+  ../../component/git/buildout.cfg
+  common.cfg
+
+parts +=
+  slapos.cookbook-repository
+  check-recipe
+
+develop +=
+  ${:parts-directory}/slapos.cookbook-repository
+
+[slapos.cookbook-repository]
+recipe = slapos.recipe.build:gitclone
+repository = http://git.erp5.org/repos/slapos.git
+branch = hexaglobe-watermarking
+git-executable = ${git:location}/bin/git
+
+[check-recipe]
+recipe = plone.recipe.command
+stop-on-error = true
+update-command = ${:command}
+command =
+  grep parts ${buildout:develop-eggs-directory}/slapos.cookbook.egg-link
+

software/hexaglobe-watermarking/instance-edge.cfg.in

+# This instance will request other instances of lamp-generic depending on a
+# list of countries.
+
+[buildout]
+
+parts =
+  request-edge
+  publish-connection-parameter
+
+eggs-directory = ${buildout:eggs-directory}
+develop-eggs-directory = ${buildout:develop-eggs-directory}
+offline = true
+
+[request-edge]
+<= slap-connection
+recipe = slapos.cookbook:request.edge
+# This magic parameter triggers several requests, one request per country.
+name = watermark
+country-list = $${slap-parameter:country-list}
+software-url = $${slap-connection:software-release-url}
+software-type = default
+return = url admin-url admin-url-ipv6
+
+[publish-connection-parameter]
+recipe = slapos.cookbook:publishsection
+section-list = request-edge

software/hexaglobe-watermarking/instance-watermarking.cfg.in

+[buildout]
+parts =
+  directory
+  nginx
+  watermarkadmin
+  logrotate
+  logrotate-entry-nginx
+  cron
+  cron-entry-logrotate
+  watermarkadmin-promise
+  publish-connection-parameter
+
+# Define egg directories to be the one from Software Release
+# (/opt/slapgrid/...)
+eggs-directory = ${buildout:eggs-directory}
+develop-eggs-directory = ${buildout:develop-eggs-directory}
+offline = true
+
+# Fetch parameters defined in SlapOS Master for this instance
+[instance-parameter]
+recipe = slapos.cookbook:slapconfiguration
+computer = $${slap-connection:computer-id}
+partition = $${slap-connection:partition-id}
+url = $${slap-connection:server-url}
+key = $${slap-connection:key-file}
+cert = $${slap-connection:cert-file}
+
+# Set default parameters
+http-port = 8080
+administration-port = 5000
+
+
+# Create needed directories
+[directory]
+recipe = slapos.cookbook:mkdirectory
+home = $${buildout:directory}
+bin = $${:home}/bin
+etc = $${:home}/etc
+srv = $${:home}/srv
+service = $${:etc}/service
+promise = $${:etc}/promise
+var = $${:home}/var
+
+backup = $${:srv}/backup
+log = $${:var}/log
+run = $${:var}/run
+
+nginx-configuration = $${:etc}/nginx
+nginx-vhost-configuration = $${:nginx-configuration}/vhost
+nginx-log = $${:home}/logs
+nginx-cache = $${:var}/cache
+nginx-temp-path = $${:srv}/nginx-proxy
+
+cron-entries = $${:etc}/cron.d
+crontabs = $${:etc}/crontabs
+cronstamps = $${:etc}/cronstamps
+
+logrotate-entries = $${:etc}/logrotate.d
+logrotate-backup = $${:backup}/logrotate
+
+
+# Deploy nginx
+[nginx-configuration]
+recipe = slapos.cookbook:configurationfile
+configuration-template-path = ${nginx.conf.in:location}/nginx.conf.in
+configuration-file-path = $${directory:nginx-configuration}/nginx.conf
+
+vhost-configuration-directory-location = $${directory:nginx-vhost-configuration}
+nginx-prefix = ${nginx-enable-sub:location}
+nginx-temp-path = $${directory:nginx-temp-path}
+pid-file = $${directory:run}/nginx.pid
+home-directory = $${directory:home}
+
+
+[nginx]
+recipe = slapos.cookbook:wrapper
+nginx-executable = $${:nginx-prefix}/sbin/nginx
+nginx-prefix = ${nginx-enable-sub:location}
+command-line = $${:nginx-executable} -c $${nginx-configuration:configuration-file-path} -p $${directory:home}
+wrapper-path = $${directory:service}/nginx
+
+
+# Deploy administration API server
+[watermarkadmin-configuration]
+recipe = slapos.cookbook:configurationfile
+configuration-template-path = ${watermarkadmin.ini.in:location}/watermarkadmin.ini.in
+configuration-file-path = $${directory:etc}/watermarkadmin.ini
+
+flask-database-location = $${directory:srv}/flask.db
+
+nginx-prefix = $${directory:home}
+nginx-port = $${instance-parameter:http-port}
+nginx-configuration-file-location = $${nginx-configuration:configuration-file-path}
+nginx-executable-location = $${nginx:nginx-executable}
+nginx-pidfile-location = $${nginx-configuration:pid-file}
+nginx-vhost-configuration-directory-location = $${directory:nginx-vhost-configuration}
+nginx-log-directory-location = $${directory:nginx-log}
+nginx-cache-directory-location = $${directory:nginx-cache}
+global-ip = $${instance-parameter:ipv6-random}
+
+[watermarkadmin]
+recipe = slapos.cookbook:wrapper
+command-line =
+  ${buildout:directory}/bin/api $${watermarkadmin-configuration:configuration-file-path}
+wrapper-path = $${directory:service}/watermarkingadmin
+
+
+# Deploy logrotate
+[logrotate]
+recipe = slapos.cookbook:logrotate
+# Binaries
+logrotate-binary = ${logrotate:location}/usr/sbin/logrotate
+gzip-binary = ${gzip:location}/bin/gzip
+gunzip-binary = ${gzip:location}/bin/gunzip
+# Directories
+wrapper = $${directory:bin}/logrotate
+conf = $${directory:etc}/logrotate.conf
+logrotate-entries = $${directory:logrotate-entries}
+backup = $${directory:logrotate-backup}
+state-file = $${directory:srv}/logrotate.status
+
+[logrotate-entry-nginx]
+<= logrotate
+recipe = slapos.cookbook:logrotate.d
+name = nginx
+log = $${watermarkadmin-configuration:nginx-log-directory-location}/*.log
+frequency = daily
+rotate-num = 30
+post = ${buildout:bin-directory}/killpidfromfile $${nginx-configuration:pid-file} SIGUSR1
+sharedscripts = true
+notifempty = true
+create = true
+
+
+# Deploy cron and configure it
+[cron-simplelogger]
+recipe = slapos.cookbook:simplelogger
+wrapper = $${directory:bin}/cron_simplelogger
+log = $${directory:log}/crond.log
+
+[cron]
+recipe = slapos.cookbook:cron
+dcrond-binary = ${dcron:location}/sbin/crond
+cron-entries = $${directory:cron-entries}
+crontabs = $${directory:crontabs}
+cronstamps = $${directory:cronstamps}
+catcher = $${cron-simplelogger:wrapper}
+binary = $${directory:service}/crond
+
+[cron-entry-logrotate]
+<= cron
+recipe = slapos.cookbook:cron.d
+name = logrotate
+frequency = 0 0 * * *
+command = $${logrotate:wrapper}
+
+
+
+
+# Request frontend
+[request-frontend]
+<= slap-connection
+recipe = slapos.cookbook:requestoptional
+name = Frontend for $${slap-connection:computer-id} $${slap-connection:partition-id}
+# XXX We have hardcoded SR URL here.
+software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
+slave = true
+config = url
+config-url = http://[$${instance-parameter:ipv6-random}]:5000
+return = site_url
+
+
+# Check promises
+[watermarkadmin-promise]
+recipe = slapos.cookbook:check_port_listening
+path = $${directory:promise}/watermarkadmin-promise
+hostname = $${instance-parameter:ipv6-random}
+port = $${instance-parameter:administration-port}
+
+[watermarkadmin-promise-frontend]
+recipe = slapos.cookbook:check_page_content
+path = $${directory:promises}/watermarkadmin-frontend-promise
+url = $${request-frontend:connection-site_url}
+dash_path = ${dash:location}/bin/dash
+curl_path = ${curl:location}/bin/curl
+match = If you entered the URL manually please check your spelling and try again.
+
+# Publish instance connection parameters
+[publish-connection-parameter]
+recipe = slapos.cookbook:publish
+url = http://[$${instance-parameter:ipv6-random}]:$${instance-parameter:http-port}
+# XXX-Cedric: hardcoded
+admin-url-ipv6 = http://[$${instance-parameter:ipv6-random}]:5000
+admin-url = $${request-frontend:connection-site_url}
+

software/hexaglobe-watermarking/instance.cfg.in

+[buildout]
+parts =
+  switch-softwaretype
+
+eggs-directory = ${buildout:eggs-directory}
+develop-eggs-directory = ${buildout:develop-eggs-directory}
+offline = true
+
+[switch-softwaretype]
+recipe = slapos.cookbook:softwaretype
+default = ${watermarking-instance-profile:output}
+watermarking = ${watermarking-instance-profile:output}
+edge = ${edge-instance-profile:output}
+

software/hexaglobe-watermarking/template/nginx.conf.in

+daemon off;
+
+worker_processes  1;
+
+pid %(pid-file)s;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    log_format up_log '$remote_addr - $remote_user [$time_local]  $request '
+                  'upstream_response_time $upstream_response_time '
+                  'msec $msec request_time $request_time'
+                  'cache_status $upstream_cache_status';
+
+    log_format  sysl  '"$time_local", "$http_referer", "$host", "$request", '
+                  '"$status", "$http_user_agent", "$remote_addr", '
+                  '"$bytes_sent", "$request_time"';
+
+    proxy_temp_path   %(nginx-temp-path)s;
+
+    include       %(nginx-prefix)s/conf/mime.types;
+    default_type  application/octet-stream;
+    sendfile        on;
+
+    keepalive_timeout  65;
+
+    include %(vhost-configuration-directory-location)s/*.conf;
+}

software/hexaglobe-watermarking/template/watermarkadmin.ini.in

+[nginx]
+vhosts   = %(nginx-vhost-configuration-directory-location)s
+log      = %(nginx-log-directory-location)s
+data     = %(nginx-cache-directory-location)s
+max_size = 1024m
+inactive = 120m
+port     = %(nginx-port)s
+pidfile  = %(nginx-pidfile-location)s
+nginx_bin = %(nginx-executable-location)s
+conf     = %(nginx-configuration-file-location)s
+prefix   = %(nginx-prefix)s
+
+[flask]
+DATABASE = %(flask-database-location)s
+MAX_CONTENT_LENGTH = 4096
+
+[api]
+user = admin
+pass = 276eeed9056ac2486f9c0237bb0be227
+ip   = %(global-ip)s

software/maarch/migration.txt

+
+**************************************************************************
+This howto is for private networks only, in case the customer is migrating
+from a previously installed Maarch.
+**************************************************************************
+
+
+Hot to install Maarch with SlapOS
+=================================
+
+ 1) Require the right Software Release ({insert SR number/URL here})
+
+ 2) Request an instance of that Software Release.
+    Since we need to provide a parameter (type=resilient) that is not available through
+    the SlapOS web site, it must be done at command line.
+
+    If you are migrating data from an existing Maarch installation:
+
+    2.1) copy a 'data only' SQL dump - no schema - to the server that contains
+         the instance. Let's say it is /tmp/data.sql
+         The file must be readable by world, because we don't know yet the number
+         of the partition that will need to access it.
+         Remember to remove it afterwards.
+
+     The command line to request a partition is:
+
+     slapos request /etc/opt/slapos/slapos-client.cfg maarch-instance-name \
+            http://git.erp5.org/gitweb/slapos.git/blob_plain/refs/tags/slapos-0.159:/software/maarch/software.cfg \
+            --type=resilient --configuration maarch-sql-data-file=/tmp/data.sql
+
+     If you are not migrating data, don't provide the maarch-sql-data-file parameter.
+     A minimal working database will be created.
+
+ 3) deploy the instance.
+    You should be able to connect to both Maarch (user 'superadmin')
+    and Postgres (user 'postgres') with the (very long)
+    passport reported in the connection parameters of the partition 'apache0'.
+
+    NB: even if you copied the SQL data from a previous installation, the 'superadmin' password
+        is set from the published connection parameter. If there are other admin accounts,
+        their password is not changed.
+
+ 4) Again, only if you are migrating:
+    connect to the server, inside the partition of type apache-export
+    copy the docservers data inside the folders:
+        srv/docservers/ai
+        srv/docservers/manual
+        srv/docservers/OAIS_main
+        srv/docservers/OAIS_safe
+        srv/docservers/offline
+        srv/docservers/templates
+
+    also, change the owner and group of the copied files to the user that owns the partition.
+

software/maarch/software.cfg

@@ -27,7 +27,7 @@ extensions = buildout-versions
 [slapos.cookbook-repository]
 recipe = slapos.recipe.build:gitclone
 repository = http://git.erp5.org/repos/slapos.git
-revision = 7dce435eca6fe2eeff60c865d41ee40db59257fa
+revision = 7285bc913e6ea46a36ad2a887af6e9fab010ca74
 git-executable = ${git:location}/bin/git
 
 

software/reverse-proxy-nginx/common.cfg

+[buildout]
+
+# XXX-Cedric: cahnge name to reverse-proxy-nginx
+
+extends =
+  ../../component/dcron/buildout.cfg
+  ../../component/gzip/buildout.cfg
+  ../../component/logrotate/buildout.cfg
+  ../../component/nginx/buildout.cfg
+  ../../component/openssl/buildout.cfg
+  ../../stack/slapos.cfg
+
+parts =
+  slapos-cookbook
+  eggs
+  instance-profile
+
+[eggs]
+recipe = zc.recipe.egg
+eggs =
+  slapos.toolbox
+
+[instance-profile]
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance.cfg.in
+output = ${buildout:directory}/instance.cfg
+#md5sum = 650cd2527158734fd6ccd9ec374b5e69
+mode = 0644
+

software/reverse-proxy-nginx/development.cfg

+[buildout]
+extends =
+  ../../component/git/buildout.cfg
+  common.cfg
+
+parts +=
+  slapos.cookbook-repository
+  check-recipe
+
+develop =
+  ${:parts-directory}/slapos.cookbook-repository
+
+[slapos.cookbook-repository]
+recipe = slapos.recipe.build:gitclone
+repository = http://git.erp5.org/repos/slapos.git
+branch = slaprunner
+git-executable = ${git:location}/bin/git
+
+[check-recipe]
+recipe = plone.recipe.command
+stop-on-error = true
+update-command = ${:command}
+command =
+  grep parts ${buildout:develop-eggs-directory}/slapos.cookbook.egg-link

software/reverse-proxy-nginx/instance.cfg.in

+[buildout]
+parts =
+  directory
+  reverse-proxy
+  certificate-authority
+  ca-nginx
+  logrotate
+  logrotate-entry-nginx
+  cron
+  cron-entry-logrotate
+  smtp-port-promise
+  publish-connection-parameter
+
+# Define egg directories to be the one from Software Release
+# (/opt/slapgrid/...)
+eggs-directory = ${buildout:eggs-directory}
+develop-eggs-directory = ${buildout:develop-eggs-directory}
+offline = true
+
+# Fetch parameters defined in SlapOS Master for this instance
+[instance-parameter]
+recipe = slapos.cookbook:slapconfiguration
+computer = $${slap-connection:computer-id}
+partition = $${slap-connection:partition-id}
+url = $${slap-connection:server-url}
+key = $${slap-connection:key-file}
+cert = $${slap-connection:cert-file}
+
+# Set default parameters
+configuration.slave-instance-list =
+configuration.domain = un-hardcode-me
+#configuration.http-port = 80
+#configuration.https-port = 443
+configuration.smtp-port = 25
+configuration.public-ipv4 =
+
+# Create needed directories
+[directory]
+recipe = slapos.cookbook:mkdirectory
+home = $${buildout:directory}
+bin = $${:home}/bin
+etc = $${:home}/etc
+srv = $${:home}/srv
+var = $${:home}/var
+
+service = $${:etc}/service
+promise = $${:etc}/promise
+backup = $${:srv}/backup
+log = $${:var}/log
+run = $${:var}/run
+
+ca-dir = $${:srv}/ssl
+ca-requests = $${:ca-dir}/requests
+ca-private = $${:ca-dir}/private
+ca-certs = $${:ca-dir}/certs
+ca-newcerts = $${:ca-dir}/newcerts
+ca-crl = $${:ca-dir}/crl
+
+nginx-configuration = $${:etc}/nginx
+nginx-ssl = $${:ca-dir}/nginx
+nginx-log = $${:home}/logs
+nginx-htdocs = $${:srv}/www
+
+cron-entries = $${:etc}/cron.d
+crontabs = $${:etc}/crontabs
+cronstamps = $${:etc}/cronstamps
+
+logrotate-entries = $${:etc}/logrotate.d
+logrotate-backup = $${:backup}/logrotate
+
+
+# Deploy nginx and publish connection parameters inside of the recipe
+[reverse-proxy]
+recipe = slapos.cookbook:reverseproxy.nginx
+nginx-executable = ${nginx-unstable:location}/sbin/nginx
+wrapper = $${directory:bin}/nginx
+
+configuration-file = $${directory:nginx-configuration}/nginx.conf
+
+ipv6 = $${instance-parameter:ipv6-random}
+ipv4 = $${instance-parameter:ipv4-random}
+slave-instance-list = $${instance-parameter:slave-instance-list}
+#http-port = $${instance-parameter:http-port}
+#https-port = $${instance-parameter:https-port}
+smtp-port = $${instance-parameter:configuration.smtp-port}
+domain = $${instance-parameter:configuration.domain}
+
+access-log = $${directory:nginx-log}/access.log
+error-log = $${directory:nginx-log}/error.log
+
+key-file = $${directory:nginx-configuration}/nginx.key
+cert-file = $${directory:nginx-configuration}/nginx.crt
+
+pid-file = $${directory:run}/nginx
+
+htdocs = $${directory:nginx-htdocs}
+home-directory = $${directory:home}
+
+# Set the public IPs (if possible) as slave connection parameter so that user knows what IP
+# to bind to its domain name
+public-ipv4 = $${instance-parameter:configuration.public-ipv4}
+
+# Create and handle certificate related stuffs, including encapsulating run of nginx executable
+[certificate-authority]
+recipe = slapos.cookbook:certificate_authority
+openssl-binary = ${openssl:location}/bin/openssl
+ca-dir = $${directory:ca-dir}
+requests-directory = $${directory:ca-requests}
+wrapper = $${directory:service}/ca
+ca-private = $${directory:ca-private}
+ca-certs = $${directory:ca-certs}
+ca-newcerts = $${directory:ca-newcerts}
+ca-crl = $${directory:ca-crl}
+
+[ca-nginx]
+<= certificate-authority
+recipe = slapos.cookbook:certificate_authority.request
+executable = $${reverse-proxy:wrapper}
+wrapper = $${directory:service}/nginx
+key-file = $${reverse-proxy:key-file}
+cert-file = $${reverse-proxy:cert-file}
+
+
+# Deploy logrotate
+[logrotate]
+recipe = slapos.cookbook:logrotate
+# Binaries
+logrotate-binary = ${logrotate:location}/usr/sbin/logrotate
+gzip-binary = ${gzip:location}/bin/gzip
+gunzip-binary = ${gzip:location}/bin/gunzip
+# Directories
+wrapper = $${directory:bin}/logrotate
+conf = $${directory:etc}/logrotate.conf
+logrotate-entries = $${directory:logrotate-entries}
+backup = $${directory:logrotate-backup}
+state-file = $${directory:srv}/logrotate.status
+
+[logrotate-entry-nginx]
+<= logrotate
+recipe = slapos.cookbook:logrotate.d
+name = nginx
+log = $${reverse-proxy:access-log} $${reverse-proxy:error-log}
+frequency = daily
+rotate-num = 30
+post = ${buildout:bin-directory}/killpidfromfile $${reverse-proxy:pid-file} SIGUSR1
+sharedscripts = true
+notifempty = true
+create = true
+
+
+# Deploy cron and configure it
+[cron-simplelogger]
+recipe = slapos.cookbook:simplelogger
+wrapper = $${directory:bin}/cron_simplelogger
+log = $${directory:log}/crond.log
+
+[cron]
+recipe = slapos.cookbook:cron
+dcrond-binary = ${dcron:location}/sbin/crond
+cron-entries = $${directory:cron-entries}
+crontabs = $${directory:crontabs}
+cronstamps = $${directory:cronstamps}
+catcher = $${cron-simplelogger:wrapper}
+binary = $${directory:service}/crond
+
+[cron-entry-logrotate]
+<= cron
+recipe = slapos.cookbook:cron.d
+name = logrotate
+frequency = 0 0 * * *
+command = $${logrotate:wrapper}
+
+
+# Check promises
+[smtp-port-promise]
+recipe = slapos.cookbook:check_port_listening
+path = $${directory:promise}/smtp-port-promise
+hostname = $${instance-parameter:ipv6-random}
+port = $${instance-parameter:configuration.smtp-port}
+
+
+# Publish instance connection parameters
+# Note: Parameters of slaves are published in the reverse-proxy recipe
+[publish-connection-parameter]
+recipe = slapos.cookbook:publish
+ipv4 = $${instance-parameter:ipv4-random}
+ipv6 = $${instance-parameter:ipv6-random}
+

software/zimbra-kvm/instance-kvm.cfg.in

@@ -215,6 +215,18 @@ config-url = https://[$${tunnel-ipv6-kvm-https:ipv6}]:$${tunnel-ipv6-kvm-https:i
 return = site_url
 config-custom_domain = $${slap-parameter:domain}
 
+[request-smtp-frontend]
+<= slap-connection
+recipe = slapos.cookbook:requestoptional
+name = SMTP Frontend
+# XXX We have hardcoded SR URL here.
+#software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/zimbra-kvm:/software/reverse-proxy-nginx/development.cfg
+software-url = /opt/slapdev/software/reverse-proxy-nginx/development.cfg
+slave = true
+config = smtp-upstream-host smtp-upstream-port
+config-smtp-upstream-host = $${tunnel-ipv6-kvm-smtp:ipv6}
+config-smtp-upstream-port = $${tunnel-ipv6-kvm-smtp:port}
+return = listening-ipv4
 
 [publish-kvm-connection-information]
 recipe = slapos.cookbook:publish
@@ -224,6 +236,7 @@ vnc-backend-url = https://[$${novnc-instance:ip}]:$${novnc-instance:port}/vnc_au
 vnc-password = $${kvm-instance:passwd}
 vnc-url = $${request-slave-frontend:connection-url}/vnc_auto.html?host=$${request-slave-frontend:connection-domainname}&port=$${request-slave-frontend:connection-port}&encrypt=1&path=$${request-slave-frontend:connection-resource}
 ssh = ssh root@$${tunnel-ipv6-kvm-ssh:ipv6} -p $${tunnel-ipv6-kvm-ssh:ipv6-port}
+smtp-listening-ipv4 = $${request-smtp-frontend:connection-listening-ipv4}
 
 [slap-parameter]
 # Default values if not specified