Commit 6555caf4 authored by Kazuhiko Shiozaki's avatar Kazuhiko Shiozaki

Merge remote-tracking branch 'origin/master' into erp5-cluster

parents e20fb6ea 2f157b4b
Changes
=======
0.102 (2015-05-22)
------------------
* kvm-recipe: vm of kvm-cluster can get ipv4/hostname of all other vm in the same cluster
* simplehttpserver-recipe: simple http server to serve files
0.101 (2015-04-29)
------------------
* kvm recipe: new parameters: external-disk-format, numa and cpu-options.
* kvm recipe: allow guest VM to connect to host http service via a local predefined ipv4 address (guestfwd).
0.100 (2015-04-20)
------------------
* re6stnet recipe: re6st-registry log can now be reopened with SIGUSR1
* re6stnet recipe: re6st certificate generation is improved.
0.99 (2015-04-10)
-----------------
* re6stnet: new recipe to deploy re6st registry (re6st master) with slapos.
0.98 (2015-04-09)
-----------------
* shellinabox: do not run in debug mode, it is much slower !
0.97 (2015-03-26)
-----------------
......
......@@ -6,8 +6,8 @@ parts = babeld
[babeld]
recipe = slapos.recipe.cmmi
url = https://softinst51707.host.vifib.net/public/babel-nxd.tar.gz
md5sum = 5b4391addf42956a84f9ca2bb1cfd1f9
url = https://lab.nexedi.cn/rafael/babeld/repository/archive.tar.gz?ref=v1.6.0-nxd1
md5sum = 1f269d01321103873b8d245df19984f0
configure-command =
echo "No configure.."
......
......@@ -12,8 +12,8 @@ parts =
[curl]
recipe = slapos.recipe.cmmi
url = http://curl.haxx.se/download/curl-7.40.0.tar.bz2
md5sum = 8d30594212e65657a5c32030f0998fa9
url = http://curl.haxx.se/download/curl-7.42.1.tar.bz2
md5sum = 296945012ce647b94083ed427c1877a8
configure-options =
--disable-static
--disable-ldap
......
[buildout]
parts = dtach
[dtach-build]
recipe = slapos.recipe.cmmi
version = 0.8
url = http://freefr.dl.sourceforge.net/project/dtach/dtach/0.8/dtach-${:version}.tar.gz
md5sum = ec5999f3b6bb67da19754fcb2e5221f3
keep-compile-dir = true
make-targets =
[dtach]
recipe = plone.recipe.command
location = ${buildout:parts-directory}/${:_buildout_section_name_}
dtach-bin = dtach
command =
mkdir -p ${:location}/bin
cp -rp ${dtach-build:compile-directory}/dtach-${dtach-build:version}/${:dtach-bin} ${:location}/bin
\ No newline at end of file
[buildout]
extends =
../../component/git/buildout.cfg
../../component/ruby/buildout.cfg
../../component/icu/buildout.cfg
[fluentd]
recipe = rubygemsrecipe
ruby-executable = ${ruby:location}/bin/ruby
gems =
fluentd
gem-options = --with-icu-lib=${icu:location}/lib/ --with-icu-dir=${icu:location}/
environment =
LDFLAGS = -L${icu:location}/lib -Wl,-rpath=${icu:location}/lib
CFLAGS = -I${icu:location}/include
[buildout]
extends =
../../stack/slapos.cfg
../python-kerberos/buildout.cfg
../git/buildout.cfg
develop =
gateone-repository
parts =
gateone-develop
gateone
[gateone-repository]
recipe = slapos.recipe.build:gitclone
repository = https://github.com/liftoff/GateOne.git
branch = master
git-executable = ${git:location}/bin/git
[gateone-develop]
recipe = zc.recipe.egg:develop
setup = ${gateone-repository:location}
[gateone]
recipe = zc.recipe.egg
eggs =
${lxml-python:egg}
${python-kerberos:egg}
tornado
setuptools
pyOpenSSL
futures
PIL
gateone
......@@ -21,8 +21,8 @@ environment =
[mpc]
recipe = slapos.recipe.cmmi
url = http://ftp.gnu.org/gnu/mpc/mpc-1.0.2.tar.gz
md5sum = 68fadff3358fb3e7976c7a398a0af4c3
url = http://ftp.gnu.org/gnu/mpc/mpc-1.0.3.tar.gz
md5sum = d6a1d5f8ddea3abd2cc3e98f58352d26
configure-options =
--with-gmp=${gmp:location}
--with-mpfr=${mpfr:location}
......@@ -32,29 +32,18 @@ environment =
[isl]
recipe = slapos.recipe.cmmi
url = ftp://gcc.gnu.org/pub/gcc/infrastructure/isl-0.12.2.tar.bz2
md5sum = e039bfcfb6c2ab039b8ee69bf883e824
url = ftp://gcc.gnu.org/pub/gcc/infrastructure/isl-0.14.tar.bz2
md5sum = acd347243fca5609e3df37dba47fd0bb
configure-options =
--with-gmp-prefix=${gmp:location}
--disable-static
environment =
LDFLAGS=-Wl,-rpath=${gmp:location}/lib
[cloog]
recipe = slapos.recipe.cmmi
url = ftp://gcc.gnu.org/pub/gcc/infrastructure/cloog-0.18.1.tar.gz
md5sum = e34fca0540d840e5d0f6427e98c92252
configure-options =
--with-gmp-prefix=${gmp:location}
--with-isl-prefix=${isl:location}
--disable-static
environment =
LDFLAGS=-Wl,-rpath=${gmp:location}/lib -Wl,-rpath=${isl:location}/lib
[gcc-common]
recipe = slapos.recipe.cmmi
url = http://ftp.gnu.org/gnu/gcc/gcc-4.9.2/gcc-4.9.2.tar.bz2
md5sum = 4df8ee253b7f3863ad0b86359cd39c43
url = http://ftp.gnu.org/gnu/gcc/gcc-5.1.0/gcc-5.1.0.tar.bz2
md5sum = d5525b1127d07d215960e6051c5da35e
# make install does not work when several core are used
make-targets = install -j1
......@@ -68,9 +57,8 @@ configure-options =
--with-mpc=${mpc:location}
--enable-languages="c,c++"
--with-isl=${isl:location}
--with-cloog=${cloog:location}
environment =
LDFLAGS=-Wl,-rpath=${cloog:location}/lib -Wl,-rpath=${gmp:location}/lib -Wl,-rpath=${isl:location}/lib -Wl,-rpath=${mpc:location}/lib -Wl,-rpath=${mpfr:location}/lib
LDFLAGS=-Wl,-rpath=${gmp:location}/lib -Wl,-rpath=${isl:location}/lib -Wl,-rpath=${mpc:location}/lib -Wl,-rpath=${mpfr:location}/lib
[gcc-minimal]
<= gcc-common
......@@ -96,6 +84,5 @@ configure-options =
--with-mpc=${mpc:location}
--enable-languages="c,c++,fortran"
--with-isl=${isl:location}
--with-cloog=${cloog:location}
environment =
LDFLAGS=-Wl,-rpath=${cloog:location}/lib -Wl,-rpath=${gmp:location}/lib -Wl,-rpath=${isl:location}/lib -Wl,-rpath=${mpc:location}/lib -Wl,-rpath=${mpfr:location}/lib
LDFLAGS=-Wl,-rpath=${gmp:location}/lib -Wl,-rpath=${isl:location}/lib -Wl,-rpath=${mpc:location}/lib -Wl,-rpath=${mpfr:location}/lib
......@@ -32,8 +32,8 @@ environment =
[ghostscript-9]
<= ghostscript-common
url = http://downloads.ghostscript.com/public/ghostscript-9.15.tar.bz2
md5sum = 0ee21d975c67a4883ba66bcc332418f5
url = http://downloads.ghostscript.com/public/ghostscript-9.16.tar.bz2
md5sum = 21732fd6e39acc283bc623b8842cbfbb
[ghostscript-fonts]
recipe = hexagonit.recipe.download
......
[buildout]
parts =
glpk
[glpk]
recipe = slapos.recipe.cmmi
url = http://ftp.gnu.org/gnu/glpk/glpk-4.55.tar.gz
md5sum = c632a7a631b8aed02e28eafcd99477f7
......@@ -11,8 +11,8 @@ parts = gnutls
[gpg-error]
recipe = slapos.recipe.cmmi
url = ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.18.tar.bz2
md5sum = 12312802d2065774b787cbfc22cc04e9
url = ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.19.tar.bz2
md5sum = c04c16245b92829281f43b5bef7d16da
[gcrypt]
recipe = slapos.recipe.cmmi
......
......@@ -13,8 +13,8 @@ extends =
[groonga]
recipe = slapos.recipe.cmmi
url = http://packages.groonga.org/source/groonga/groonga-5.0.0.tar.gz
md5sum = a403fd685405fbdb424a3679082790d2
url = http://packages.groonga.org/source/groonga/groonga-5.0.4.tar.gz
md5sum = 4c83e9b12e9fad96a5b51874ddf66dc4
# temporary patch to respect more tokens in natural language mode.
patches =
${:_profile_base_location_}/groonga.patch#9ed02fbe8400402d3eab47eee149978b
......@@ -37,9 +37,8 @@ environment =
[groonga-normalizer-mysql]
recipe = slapos.recipe.cmmi
version = 1.0.8
url = http://packages.groonga.org/source/groonga-normalizer-mysql/groonga-normalizer-mysql-${:version}.tar.gz
md5sum = bcc01e8b715f0f9252effcf9d40338c1
url = http://packages.groonga.org/source/groonga-normalizer-mysql/groonga-normalizer-mysql-1.1.0.tar.gz
md5sum = 0a0b523547999f90d347982fe9d03c0e
location = ${groonga:location}
configure-options =
--disable-static
......
[buildout]
extends =
../numpy/buildout.cfg
../matplotlib/buildout.cfg
parts =
ipython
[ipython-env]
<= numpy-env
[ipython]
recipe = zc.recipe.egg:custom
egg = ipython
environment = ipython-env
setup-eggs = ${numpy:egg}
[ipython_notebook]
recipe = zc.recipe.egg:scripts
eggs = ipython[notebook]
${matplotlib:egg}
environment = ipython-env
setup-eggs = ${numpy:egg}
initialization =
# https://github.com/ipython/ipython/issues/5420
import os
os.environ['PYTHONPATH'] = ':'.join(sys.path)
......@@ -4,8 +4,8 @@ parts =
[libtasn1]
recipe = slapos.recipe.cmmi
url = http://ftp.gnu.org/gnu/libtasn1/libtasn1-4.2.tar.gz
md5sum = 414df906df421dee0a5cf7548788d153
url = http://ftp.gnu.org/gnu/libtasn1/libtasn1-4.5.tar.gz
md5sum = 81d272697545e82d39f6bd14854b68f0
configure-options =
--disable-static
--disable-gtk-doc-html
Index: tiff-4.0.3/tools/ppm2tiff.c
===================================================================
--- tiff-4.0.3.orig/tools/ppm2tiff.c 2013-06-23 10:36:50.779629492 -0400
+++ tiff-4.0.3/tools/ppm2tiff.c 2013-06-23 10:36:50.775629494 -0400
@@ -89,6 +89,7 @@
int c;
extern int optind;
extern char* optarg;
+ tmsize_t scanline_size;
if (argc < 2) {
fprintf(stderr, "%s: Too few arguments\n", argv[0]);
@@ -237,8 +238,16 @@
}
if (TIFFScanlineSize(out) > linebytes)
buf = (unsigned char *)_TIFFmalloc(linebytes);
- else
- buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
+ else {
+ scanline_size = TIFFScanlineSize(out);
+ if (scanline_size != 0)
+ buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
+ else {
+ fprintf(stderr, "%s: scanline size overflow\n",infile);
+ (void) TIFFClose(out);
+ exit(-2);
+ }
+ }
if (resolution > 0) {
TIFFSetField(out, TIFFTAG_XRESOLUTION, resolution);
TIFFSetField(out, TIFFTAG_YRESOLUTION, resolution);
Index: tiff-4.0.3/tools/tiff2pdf.c
===================================================================
--- tiff-4.0.3.orig/tools/tiff2pdf.c 2013-06-23 10:36:50.979629486 -0400
+++ tiff-4.0.3/tools/tiff2pdf.c 2013-06-23 10:36:50.975629486 -0400
@@ -3341,33 +3341,56 @@
uint32 height){
tsize_t i=0;
- uint16 ri =0;
- uint16 v_samp=1;
- uint16 h_samp=1;
- int j=0;
-
- i++;
-
- while(i<(*striplength)){
+
+ while (i < *striplength) {
+ tsize_t datalen;
+ uint16 ri;
+ uint16 v_samp;
+ uint16 h_samp;
+ int j;
+ int ncomp;
+
+ /* marker header: one or more FFs */
+ if (strip[i] != 0xff)
+ return(0);
+ i++;
+ while (i < *striplength && strip[i] == 0xff)
+ i++;
+ if (i >= *striplength)
+ return(0);
+ /* SOI is the only pre-SOS marker without a length word */
+ if (strip[i] == 0xd8)
+ datalen = 0;
+ else {
+ if ((*striplength - i) <= 2)
+ return(0);
+ datalen = (strip[i+1] << 8) | strip[i+2];
+ if (datalen < 2 || datalen >= (*striplength - i))
+ return(0);
+ }
switch( strip[i] ){
- case 0xd8:
- /* SOI - start of image */
+ case 0xd8: /* SOI - start of image */
_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), 2);
*bufferoffset+=2;
- i+=2;
break;
- case 0xc0:
- case 0xc1:
- case 0xc3:
- case 0xc9:
- case 0xca:
+ case 0xc0: /* SOF0 */
+ case 0xc1: /* SOF1 */
+ case 0xc3: /* SOF3 */
+ case 0xc9: /* SOF9 */
+ case 0xca: /* SOF10 */
if(no==0){
- _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2);
- for(j=0;j<buffer[*bufferoffset+9];j++){
- if( (buffer[*bufferoffset+11+(2*j)]>>4) > h_samp)
- h_samp = (buffer[*bufferoffset+11+(2*j)]>>4);
- if( (buffer[*bufferoffset+11+(2*j)] & 0x0f) > v_samp)
- v_samp = (buffer[*bufferoffset+11+(2*j)] & 0x0f);
+ _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2);
+ ncomp = buffer[*bufferoffset+9];
+ if (ncomp < 1 || ncomp > 4)
+ return(0);
+ v_samp=1;
+ h_samp=1;
+ for(j=0;j<ncomp;j++){
+ uint16 samp = buffer[*bufferoffset+11+(3*j)];
+ if( (samp>>4) > h_samp)
+ h_samp = (samp>>4);
+ if( (samp & 0x0f) > v_samp)
+ v_samp = (samp & 0x0f);
}
v_samp*=8;
h_samp*=8;
@@ -3381,45 +3404,43 @@
(unsigned char) ((height>>8) & 0xff);
buffer[*bufferoffset+6]=
(unsigned char) (height & 0xff);
- *bufferoffset+=strip[i+2]+2;
- i+=strip[i+2]+2;
-
+ *bufferoffset+=datalen+2;
+ /* insert a DRI marker */
buffer[(*bufferoffset)++]=0xff;
buffer[(*bufferoffset)++]=0xdd;
buffer[(*bufferoffset)++]=0x00;
buffer[(*bufferoffset)++]=0x04;
buffer[(*bufferoffset)++]=(ri >> 8) & 0xff;
buffer[(*bufferoffset)++]= ri & 0xff;
- } else {
- i+=strip[i+2]+2;
}
break;
- case 0xc4:
- case 0xdb:
- _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2);
- *bufferoffset+=strip[i+2]+2;
- i+=strip[i+2]+2;
+ case 0xc4: /* DHT */
+ case 0xdb: /* DQT */
+ _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2);
+ *bufferoffset+=datalen+2;
break;
- case 0xda:
+ case 0xda: /* SOS */
if(no==0){
- _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2);
- *bufferoffset+=strip[i+2]+2;
- i+=strip[i+2]+2;
+ _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2);
+ *bufferoffset+=datalen+2;
} else {
buffer[(*bufferoffset)++]=0xff;
buffer[(*bufferoffset)++]=
(unsigned char)(0xd0 | ((no-1)%8));
- i+=strip[i+2]+2;
}
- _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), (*striplength)-i-1);
- *bufferoffset+=(*striplength)-i-1;
+ i += datalen + 1;
+ /* copy remainder of strip */
+ _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i]), *striplength - i);
+ *bufferoffset+= *striplength - i;
return(1);
default:
- i+=strip[i+2]+2;
+ /* ignore any other marker */
+ break;
}
+ i += datalen + 1;
}
-
+ /* failed to find SOS marker */
return(0);
}
#endif
Description: Buffer overflow in gif2tiff
Bug: http://bugzilla.maptools.org/show_bug.cgi?id=2450
Bug-Debian: http://bugs.debian.org/719303
Index: tiff-4.0.3/tools/gif2tiff.c
===================================================================
--- tiff-4.0.3.orig/tools/gif2tiff.c 2013-08-22 11:46:11.960846910 -0400
+++ tiff-4.0.3/tools/gif2tiff.c 2013-08-22 11:46:11.956846910 -0400
@@ -333,6 +333,8 @@
int status = 1;
datasize = getc(infile);
+ if (datasize > 12)
+ return 0;
clear = 1 << datasize;
eoi = clear + 1;
avail = clear + 2;
Description: use after free in tiff2pdf
Bug: http://bugzilla.maptools.org/show_bug.cgi?id=2449
Bug-Debian: http://bugs.debian.org/719303
Index: tiff-4.0.3/tools/tiff2pdf.c
===================================================================
--- tiff-4.0.3.orig/tools/tiff2pdf.c 2013-08-22 11:46:37.292847242 -0400
+++ tiff-4.0.3/tools/tiff2pdf.c 2013-08-22 11:46:37.292847242 -0400
@@ -2461,7 +2461,8 @@
(unsigned long) t2p->tiff_datasize,
TIFFFileName(input));
t2p->t2p_error = T2P_ERR_ERROR;
- _TIFFfree(buffer);
+ _TIFFfree(buffer);
+ return(0);
} else {
buffer=samplebuffer;
t2p->tiff_datasize *= t2p->tiff_samplesperpixel;
Description: OOB write in gif2tiff
Bug-Redhat: https://bugzilla.redhat.com/show_bug.cgi?id=996468
Index: tiff-4.0.3/tools/gif2tiff.c
===================================================================
--- tiff-4.0.3.orig/tools/gif2tiff.c 2013-08-24 11:17:13.546447901 -0400
+++ tiff-4.0.3/tools/gif2tiff.c 2013-08-24 11:17:13.546447901 -0400
@@ -400,6 +400,10 @@
}
if (oldcode == -1) {
+ if (code >= clear) {
+ fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear);
+ return 0;
+ }
*(*fill)++ = suffix[code];
firstchar = oldcode = code;
return 1;
......@@ -14,12 +14,7 @@ url = http://www.imagemagick.org/download/delegates/tiff-${:version}.tar.gz
md5sum = 051c1068e6a0627f461948c365290410
patch-options = -p1
patches =
${:_profile_base_location_}/CVE-2012-4564.patch#45667ee618dbe78acce1129706556124
${:_profile_base_location_}/CVE-2013-1960.patch#21a3d119cd3eeadd35ccc355fbd748cf
${:_profile_base_location_}/CVE-2013-1961.patch#bb219740a815b9b47698b83d0ae9f82a
${:_profile_base_location_}/CVE-2013-4231.patch#f6ff024c8df861a6dbb5a0ecd8a0f853
${:_profile_base_location_}/CVE-2013-4232.patch#b439184b3a5f434a3e3235f611b54a89
${:_profile_base_location_}/CVE-2013-4244.patch#2acff059c6156953aadb436b475e5acb
${:_profile_base_location_}/tiff_4.0.3-12.3.debian.patch#c246dc095f57f869b35cf40a32aa8366
configure-options =
--disable-static
--without-x
......
......@@ -5,5 +5,5 @@ parts =
[libyaml]
recipe = slapos.recipe.cmmi
url = http://pyyaml.org/download/libyaml/yaml-0.1.4.tar.gz
md5sum = 36c852831d02cf90508c29852361d01b
url = http://pyyaml.org/download/libyaml/yaml-0.1.6.tar.gz
md5sum = 5fe00cda18ca5daeb43762b80c38e06e
[buildout]
parts =
lzo
[lzo]
recipe = slapos.recipe.cmmi
url = http://www.oberhumer.com/opensource/lzo/download/lzo-2.09.tar.gz
md5sum = c7ffc9a103afe2d1bba0b015e7aa887f
......@@ -2,7 +2,9 @@
extends =
../scipy/buildout.cfg
../rpy2/buildout.cfg
../pulp/buildout.cfg
../git/buildout.cfg
../mysql-python/buildout.cfg
parts =
manpy
......@@ -30,8 +32,7 @@ eggs = dream
environment = manpy-env
setup-eggs =
${scipy:egg}
${rpy2:egg}
${mysql-python:egg}
initialization =
# rpy2 needs R in $PATH
import os
os.environ['PATH'] = '${r-language:location}/bin' + os.pathsep + os.environ.get('PATH', '')
${pulp:initialization}
${rpy2:initialization}
......@@ -20,9 +20,9 @@ parts =
[mariadb]
recipe = slapos.recipe.cmmi
version = 10.0.17
version = 10.0.19
url = https://downloads.mariadb.org/f/mariadb-${:version}/source/mariadb-${:version}.tar.gz/from/http:/ftp.osuosl.org/pub/mariadb
md5sum = 3101d1e79c1b04699cde10780f959625
md5sum = aeaf101c688515dc8f73a5250e6c1df9
patch-options = -p0
patches =
${:_profile_base_location_}/mariadb_10.0.8_create_system_tables__no_test.patch#a176d491cf45fccd53ee397c70393bc4
......@@ -57,8 +57,8 @@ environment =
# mroonga - a storage engine for MySQL. It provides fast fulltext search feature to all MySQL users.
# http://mroonga.github.com/
recipe = slapos.recipe.cmmi
url = http://packages.groonga.org/source/mroonga/mroonga-5.00.tar.gz
md5sum = c0d49ef2ca60b82cd40eb9a842460f55
url = http://packages.groonga.org/source/mroonga/mroonga-5.03.tar.gz
md5sum = 4f5413d5c94ebc44caeeb5cb62d346ed
configure-command = mkdir fake_mariadb_source && ln -s ${mariadb:location}/include/mysql/private fake_mariadb_source/sql && ./configure
configure-options =
--prefix=${buildout:parts-directory}/${:_buildout_section_name_}
......
[buildout]
extends =
../numpy/buildout.cfg
../pkgconfig/buildout.cfg
../libpng/buildout.cfg
../freetype/buildout.cfg
parts =
matplotlib
[matplotlib-env]
<= numpy-env
PATH = ${pkgconfig:location}/bin:%(PATH)s
PKG_CONFIG_PATH = ${libpng:location}/lib/pkgconfig:${freetype:location}/lib/pkgconfig:${zlib:location}/lib/pkgconfig
CFLAGS = -I${libpng:location}/include -I${freetype:location}/include
[matplotlib]
recipe = zc.recipe.egg:custom
egg = matplotlib
environment = matplotlib-env
setup-eggs = ${numpy:egg}
rpath =
${libpng:location}/lib
${freetype:location}/lib
[buildout]
parts =
msgpack-python
[msgpack-python]
recipe = zc.recipe.egg:custom
egg = msgpack-python
[buildout]
parts = netcat
[netcat]
recipe = slapos.recipe.cmmi
url = http://sourceforge.net/projects/netcat/files/netcat/0.7.1/netcat-0.7.1.tar.gz
md5sum = 088def25efe04dcdd1f8369d8926ab34
\ No newline at end of file
......@@ -8,8 +8,8 @@ extends =
[openldap]
recipe = slapos.recipe.cmmi
url = ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.33.tgz
md5sum = 5adae44897647c15ce5abbff313bc85a
url = ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.40.tgz
md5sum = 423c1f23d2a0cb96b3e9baf7e9d7dda7
configure-options =
--disable-static
--disable-slapd
......
......@@ -20,9 +20,10 @@ url = https://www.openssl.org/source/openssl-1.0.1m.tar.gz
md5sum = d143d1555d842a069cb7cc34ba745a06
patch-binary = ${patch:location}/bin/patch
patches =
${:_profile_base_location_}/openssl-nodoc.patch#b4887a7b4e18402447bc6227d2493b92
${:_profile_base_location_}/openssl-exlibs.patch#dfb8979460d6d75f2d23d1ea83bbb40a
patch-options = -p0
${:_profile_base_location_}/openssl-nodoc.patch#dd1345ae7ed18ccf176bc6b77c516f98
${:_profile_base_location_}/openssl-exlibs.patch#fba5c873cf974ba80a973be41da3c738
${:_profile_base_location_}/openssl-1.0.1m-parallel-build.patch#a1ddd93b5b296473c7446131deb31f93
patch-options = -p1
configure-command = ./config
configure-options =
-I${zlib:location}/include
......@@ -33,10 +34,6 @@ configure-options =
shared no-idea no-mdc2 no-rc5 zlib
-Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${buildout:parts-directory}/${:_buildout_section_name_}/lib
&& make depend
# it seems that parallel build sometimes fails for openssl.
make-options =
-j1
make-targets =
all install_sw && rm -f ${buildout:parts-directory}/${:_buildout_section_name_}/etc/ssl/certs/* && for i in ${ca-certificates:location}/certs/*/*.crt; do ln -sv $i ${buildout:parts-directory}/${:_buildout_section_name_}/etc/ssl/certs/`${buildout:parts-directory}/${:_buildout_section_name_}/bin/openssl x509 -hash -noout -in $i`.0; done; true
environment =
......
This diff is collapsed.
--- engines/ccgost/Makefile~ 2010-08-24 23:46:34.000000000 +0200
+++ engines/ccgost/Makefile 2012-03-14 10:11:46.826419864 +0100
--- a/engines/ccgost/Makefile~ 2010-08-24 23:46:34.000000000 +0200
+++ b/engines/ccgost/Makefile 2012-03-14 10:11:46.826419864 +0100
@@ -7,6 +7,7 @@
AR= ar r
CFLAGS= $(INCLUDES) $(CFLAG)
......
--- Makefile 2012-01-18 14:42:28.000000000 +0100
+++ Makefile 2012-01-24 17:43:40.000000000 +0100
--- a/Makefile 2012-01-18 14:42:28.000000000 +0100
+++ b/Makefile 2012-01-24 17:43:40.000000000 +0100
@@ -494,7 +494,7 @@
dist_pem_h:
(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
......
[buildout]
extends =
../lzo/buildout.cfg
../patch/buildout.cfg
../openssl/buildout.cfg
../flex/buildout.cfg
parts =
openvpn
[openvpn]
recipe = slapos.recipe.cmmi
url = http://swupdate.openvpn.org/community/releases/openvpn-2.3.6.tar.gz
md5sum = 6ca03fe0fd093e0d01601abee808835c
patch-binary = ${patch:location}/bin/patch
patches =
${:_profile_base_location_}/openvpn-ciphernone.patch#462b53a45da2fa686822618c4faafd19
patch-options = -p0
configure-options =
--disable-plugin-auth-pam
--enable-static
/bin/bash: q: command not found
environment =
LZO_LIBS=-L${lzo:location}/lib -llzo2
LZO_CFLAGS=-I${lzo:location}/include
OPENSSL_SSL_LIBS="-L${openssl:location}/lib -lssl"
OPENSSL_SSL_CFLAGS="-I${openssl:location}/include/"
OPENSSL_CRYPTO_LIBS="-L${openssl:location}/lib -lcrypto"
OPENSSL_CRYPTO_CFLAGS="-I${openssl:location}/include"
LDFLAGS =-Wl,-rpath=${lzo:location}/lib -Wl,-rpath=${flex:location}/lib -Wl,-rpath=${openssl:location}/lib
CPPFLAGS=-I${lzo:location}/include -I${flex:location}/include
--- src/openvpn/crypto_backend.h
+++ src/openvpn/crypto_backend.h
@@ -237,8 +237,7 @@
*
* @return true iff the cipher is a CBC mode cipher.
*/
-bool cipher_kt_mode_cbc(const cipher_kt_t *cipher)
- __attribute__((nonnull));
+bool cipher_kt_mode_cbc(const cipher_kt_t *cipher);
/**
* Check if the supplied cipher is a supported OFB or CFB mode cipher.
@@ -247,8 +246,7 @@
*
* @return true iff the cipher is a OFB or CFB mode cipher.
*/
-bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher)
- __attribute__((nonnull));
+bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher);
/**
[buildout]
extends =
../numpy/buildout.cfg
parts =
pandas
[pandas-env]
<= numpy-env
[pandas]
recipe = zc.recipe.egg:custom
egg = pandas
environment = pandas-env
setup-eggs = ${numpy:egg}
......@@ -7,9 +7,9 @@ parts =
[perl]
recipe = slapos.recipe.cmmi
version = 5.20.1
version = 5.20.2
url = http://www.cpan.org/src/5.0/perl-${:version}.tar.bz2
md5sum = ede5166f949d9a07163bc5b086be9759
md5sum = 21062666f1c627aeb6dbff3c6952738b
siteprefix = ${buildout:parts-directory}/site_${:_buildout_section_name_}
patch-options = -p1
patches =
......
[buildout]
extends =
../glpk/buildout.cfg
../numpy/buildout.cfg
parts =
pulp
# XXX patched pulp version that does not specify pyparsing version number
# because it conflicts with slapos version
[pulp-repository.git]
recipe = slapos.recipe.build:gitclone
repository = https://gitlab.com/jerome-nexedi/pulp-or.git
branch = master
git-executable = ${git:location}/bin/git
develop = true
[pulp-build]
recipe = zc.recipe.egg:develop
setup = ${pulp-repository.git:location}
[pulp-env]
<= numpy-env
PATH=${glpk:location}/bin
[pulp]
dependencies = ${pulp-build:setup}
recipe = zc.recipe.egg:custom
egg = pulp
environment = pulp-env
setup-eggs = ${numpy:egg}
initialization =
# pulp needs glpk in $PATH
import os
os.environ['PATH'] = '${glpk:location}/bin' + os.pathsep + os.environ.get('PATH', '')
......@@ -27,9 +27,9 @@ python = python2.7
[python2.7]
recipe = slapos.recipe.cmmi
package_version = 2.7.9
package_version = 2.7.10
package_version_suffix =
md5sum = 38d530f7efc373d64a8fb1637e3baaa7
md5sum = c685ef0b8e9f27b5e3db5db12b268ac6
# This is actually the default setting for prefix, but we can't use it in
# other settings in this part if we don't set it explicitly here.
......
[buildout]
extends =
# ../openssl/buildout.cfg
../kerberos/buildout.cfg
# ../pkgconfig/buildout.cfg
parts =
python-kerberos
[python-kerberos]
recipe = zc.recipe.egg:custom
egg = kerberos
environment = python-kerberos-env
#setup-eggs = ${python-cryptography-prep:eggs}
[python-kerberos-env]
PATH = ${kerberos:location}/bin:%(PATH)s
#PKG_CONFIG_PATH = ${openssl:location}/lib/pkgconfig
LD_LIBRARY_PATH = ${kerberos:location}/lib
CPATH = ${kerberos:location}/include
[python-cryptography-prep]
recipe = zc.recipe.egg
eggs =
${python-cffi:egg}
enum34
pycparser
six
......@@ -15,10 +15,10 @@ extends =
[kvm]
recipe = slapos.recipe.cmmi
# qemu-kvm and qemu are now the same since 1.3.
url = http://wiki.qemu-project.org/download/qemu-2.2.0.tar.bz2
md5sum = f7a5e2da22d057eb838a91da7aff43c8
url = http://wiki.qemu-project.org/download/qemu-2.2.1.tar.bz2
md5sum = 833ff4457062456d38d6567f802ffef4
configure-options =
--target-list=x86_64-softmmu
--target-list="$(uname -m 2>/dev/null|sed 's,^i[456]86$,i386,')-softmmu"
--enable-system
--with-system-pixman
--disable-sdl
......@@ -40,25 +40,12 @@ environment =
PKG_CONFIG_PATH=${gnutls:location}/lib/pkgconfig:${glib:location}/lib/pkgconfig:${pixman:location}/lib/pkgconfig
LDFLAGS=-L${pixman:location}/lib -Wl,-rpath=${pixman:location}/lib
# The following is only available in buildout2, which we don't use yet.
[kvm-bits64]
configure-options =
--target-list=x86_64-softmmu
${kvm:configure-options}
[kvm-bits32]
configure-options =
--target-list=i386-softmmu
${kvm:configure-options}
[debian-amd64-netinst.iso]
# Download the installer of Debian 7 (Wheezy)
# Download the installer of Debian 8 (Jessie)
recipe = hexagonit.recipe.download
url = http://cdimage.debian.org/debian-cd/7.8.0/amd64/iso-cd/debian-7.8.0-amd64-netinst.iso
url = http://cdimage.debian.org/debian-cd/8.0.0/amd64/iso-cd/debian-8.0.0-amd64-netinst.iso
filename = ${:_buildout_section_name_}
md5sum = a91fba5001cf0fbccb44a7ae38c63b6e
md5sum = d9209f355449fe13db3963571b1f52d4
download-only = true
mode = 0644
location = ${buildout:parts-directory}/${:_buildout_section_name_}
[buildout]
extends =
../readline/buildout.cfg
../bzip2/buildout.cfg
../gcc/buildout.cfg
../pcre/buildout.cfg
../readline/buildout.cfg
../xz-utils/buildout.cfg
../zlib/buildout.cfg
parts =
gcc-fortran
......@@ -9,14 +13,23 @@ parts =
[r-language]
recipe = slapos.recipe.cmmi
url = http://cran.irsn.fr/src/base/R-3/R-3.1.0.tar.gz
md5sum = a1ee52446bee81820409661e6d114ab1
url = http://cran.univ-paris1.fr/src/base/R-3/R-3.2.0.tar.gz
md5sum = 66fa17ad457d7e618191aa0f52fc402e
configure-options =
--with-readline=yes
--with-x=no
--enable-R-shlib
--with-readline=yes
--without-tcltk
--without-cairo
--without-libpng
--without-jpeglib
--without-libtiff
--with-system-zlib
--with-system-bzlib
--with-system-pcre
--with-system-xz
--without-ICU
--without-x
environment =
CC=${gcc-fortran:location}/bin/gcc
F77=${gcc-fortran:location}/bin/gfortran
CFLAGS=-I${readline:location}/include -I${ncurses:location}/include
LDFLAGS=-L${gcc-fortran:location}/lib64 -Wl,-rpath=${gcc-fortran:location}/lib64 -L${readline:location}/lib -Wl,-rpath=${readline:location}/lib -L${ncurses:location}/lib/ -Wl,-rpath=${ncurses:location}/lib/
PATH=${gcc-fortran:location}/bin:%(PATH)s
CPPFLAGS=-I${bzip2:location}/include -I${pcre:location}/include -I${readline:location}/include -I${ncurses:location}/include -I${xz-utils:location}/include -I${zlib:location}/include
LDFLAGS=-L${bzip2:location}/lib -Wl,-rpath=${bzip2:location}/lib -L${gcc-fortran:location}/lib -Wl,-rpath=${gcc-fortran:location}/lib -L${gcc-fortran:location}/lib64 -Wl,-rpath=${gcc-fortran:location}/lib64 -L${ncurses:location}/lib -Wl,-rpath=${ncurses:location}/lib -L${pcre:location}/lib -Wl,-rpath=${pcre:location}/lib -L${readline:location}/lib -Wl,-rpath=${readline:location}/lib -L${xz-utils:location}/lib -Wl,-rpath=${xz-utils:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
......@@ -3,6 +3,7 @@ extends =
../../stack/slapos.cfg
../git/buildout.cfg
../babeld/buildout.cfg
../openvpn/buildout.cfg
develop =
re6stnet-repository
......@@ -37,7 +38,7 @@ update-command = ${:command}
[environment]
# Note: For now original PATH is appended to the end, as not all tools are
# provided by SlapOS
PATH=${babeld:location}/bin:${bzip2:location}/bin:${gettext:location}/bin:${glib:location}/bin:${libxml2:location}/bin:${libxslt:location}/bin:${ncurses:location}/bin:${openssl:location}/bin:${pkgconfig:location}/bin:${python2.7:location}/bin:${readline:location}/bin:${sqlite3:location}/bin::${buildout:bin-directory}:${xz-utils:location}/bin:$PATH
PATH=${openvpn:location}/sbin:${babeld:location}/bin:${bzip2:location}/bin:${gettext:location}/bin:${glib:location}/bin:${libxml2:location}/bin:${libxslt:location}/bin:${ncurses:location}/bin:${openssl:location}/bin:${pkgconfig:location}/bin:${python2.7:location}/bin:${readline:location}/bin:${sqlite3:location}/bin::${buildout:bin-directory}:${xz-utils:location}/bin:$PATH
[re6stnet]
recipe = zc.recipe.egg
......
[buildout]
extends =
../ncurses/buildout.cfg
parts =
readline5
readline
......@@ -40,6 +43,10 @@ patches =
http://ftp.gnu.org/gnu/readline/readline-6.3-patches/readline63-006#71dc6ecce66d1489b96595f55d142a52
http://ftp.gnu.org/gnu/readline/readline-6.3-patches/readline63-007#062a08ed60679d3c4878710b3d595b65
http://ftp.gnu.org/gnu/readline/readline-6.3-patches/readline63-008#ee1c04072154826870848d8b218d7b04
${:_profile_base_location_}/configure-ncurses.diff#c2bf0d0cb0ccd3d3c078ba124fffb7d2
configure-options =
--enable-multibyte
--disable-static
environment =
CPPFLAGS=-I${ncurses:location}/include/ncurses
LDFLAGS=-L${ncurses:location}/lib -Wl,-rpath=${ncurses:location}/lib
diff -ur ../readline-6.3.orig/aclocal.m4 ./aclocal.m4
--- ../readline-6.3.orig/aclocal.m4 2013-10-21 00:37:50.000000000 +0200
+++ ./aclocal.m4 2015-05-21 11:04:20.243591527 +0200
@@ -958,10 +958,10 @@
fi
AC_CACHE_VAL(bash_cv_termcap_lib,
[AC_CHECK_FUNC(tgetent, bash_cv_termcap_lib=libc,
- [AC_CHECK_LIB(termcap, tgetent, bash_cv_termcap_lib=libtermcap,
- [AC_CHECK_LIB(tinfo, tgetent, bash_cv_termcap_lib=libtinfo,
+ [AC_CHECK_LIB(ncurses, tgetent, bash_cv_termcap_lib=libncurses,
+ [AC_CHECK_LIB(termcap, tgetent, bash_cv_termcap_lib=libtermcap,
+ [AC_CHECK_LIB(tinfo, tgetent, bash_cv_termcap_lib=libtinfo,
[AC_CHECK_LIB(curses, tgetent, bash_cv_termcap_lib=libcurses,
- [AC_CHECK_LIB(ncurses, tgetent, bash_cv_termcap_lib=libncurses,
bash_cv_termcap_lib=gnutermcap)])])])])])
if test "X$_bash_needmsg" = "Xyes"; then
AC_MSG_CHECKING(which library has the termcap functions)
Only in ./: aclocal.m4~
Only in ./: autom4te.cache
diff -ur ../readline-6.3.orig/configure ./configure
--- ../readline-6.3.orig/configure 2013-03-13 15:14:53.000000000 +0100
+++ ./configure 2015-05-21 11:29:48.157514191 +0200
@@ -5793,6 +5793,45 @@
if test "x$ac_cv_func_tgetent" = xyes; then :
bash_cv_termcap_lib=libc
else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for tgetent in -lncurses" >&5
+$as_echo_n "checking for tgetent in -lncurses... " >&6; }
+if ${ac_cv_lib_ncurses_tgetent+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lncurses $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char tgetent ();
+int
+main ()
+{
+return tgetent ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_ncurses_tgetent=yes
+else
+ ac_cv_lib_ncurses_tgetent=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ncurses_tgetent" >&5
+$as_echo "$ac_cv_lib_ncurses_tgetent" >&6; }
+if test "x$ac_cv_lib_ncurses_tgetent" = xyes; then :
+ bash_cv_termcap_lib=libncurses
+else
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for tgetent in -ltermcap" >&5
$as_echo_n "checking for tgetent in -ltermcap... " >&6; }
if ${ac_cv_lib_termcap_tgetent+:} false; then :
@@ -5910,45 +5949,6 @@
if test "x$ac_cv_lib_curses_tgetent" = xyes; then :
bash_cv_termcap_lib=libcurses
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for tgetent in -lncurses" >&5
-$as_echo_n "checking for tgetent in -lncurses... " >&6; }
-if ${ac_cv_lib_ncurses_tgetent+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lncurses $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char tgetent ();
-int
-main ()
-{
-return tgetent ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- ac_cv_lib_ncurses_tgetent=yes
-else
- ac_cv_lib_ncurses_tgetent=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ncurses_tgetent" >&5
-$as_echo "$ac_cv_lib_ncurses_tgetent" >&6; }
-if test "x$ac_cv_lib_ncurses_tgetent" = xyes; then :
- bash_cv_termcap_lib=libncurses
-else
bash_cv_termcap_lib=gnutermcap
fi
@@ -6322,10 +6322,7 @@
$as_echo_n "(cached) " >&6
else
if test "$cross_compiling" = yes; then :
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "cannot run test program while cross compiling
-See \`config.log' for more details" "$LINENO" 5; }
+ bash_cv_wcwidth_broken=no
else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
@@ -6409,6 +6406,7 @@
# *curses*|*termcap*|*termlib*) ;;
# *) SHLIB_LIBS="$SHLIB_LIBS $TERMCAP_LIB" ;;
# esac
+ SHLIB_LIBS="$SHLIB_LIBS $TERMCAP_LIB"
diff -ur ../readline-6.3.orig/configure.ac ./configure.ac
--- ../readline-6.3.orig/configure.ac 2014-02-11 23:12:39.000000000 +0100
+++ ./configure.ac 2015-05-21 11:25:26.164610769 +0200
@@ -222,6 +222,7 @@
# *curses*|*termcap*|*termlib*) ;;
# *) SHLIB_LIBS="$SHLIB_LIBS $TERMCAP_LIB" ;;
# esac
+ SHLIB_LIBS="$SHLIB_LIBS $TERMCAP_LIB"
AC_SUBST(SHOBJ_CC)
AC_SUBST(SHOBJ_CFLAGS)
Only in ./: configure.ac~
[buildout]
extends =
../gcc/buildout.cfg
../pcre/buildout.cfg
../r-language/buildout.cfg
../xz-utils/buildout.cfg
# rpy2 needs R in $PATH
# to use rpy2 you need a wrapper that sets ${r-language:location}/bin in PATH
# see ../manpy/buildout.cfg as an example
[rpy2_env]
PATH = ${r-language:location}/bin/:%(PATH)s
CFLAGS = -I${readline:location}/include
LDFLAGS = -L${readline:location}/lib -Wl,-rpath=${readline:location}/lib -L${r-language:location}/lib/R/lib -Wl,-rpath=${r-language:location}/lib/R/lib
PATH = ${gcc-fortran:location}/bin:${r-language:location}/bin:%(PATH)s
[rpy2]
recipe = zc.recipe.egg:custom
environment = rpy2_env
egg = rpy2
initialization =
# rpy2 needs R in $PATH
import os
os.environ['PATH'] = '${r-language:location}/bin' + os.pathsep + os.environ.get('PATH', '')
rpath =
${gcc-fortran:location}/lib
${gcc-fortran:location}/lib64
${pcre:location}/lib
${readline:location}/lib
${xz-utils:location}/lib
library-dirs =
${pcre:location}/lib
${readline:location}/lib
${xz-utils:location}/lib
include-dirs =
${readline:location}/include
......@@ -2,32 +2,39 @@
extends =
../gdbm/buildout.cfg
../openssl/buildout.cfg
../zlib/buildout.cfg
../readline/buildout.cfg
../ncurses/buildout.cfg
../libffi/buildout.cfg
../libyaml/buildout.cfg
../openssl/buildout.cfg
../ncurses/buildout.cfg
../openssl/buildout.cfg
../readline/buildout.cfg
../xz-utils/buildout.cfg
../zlib/buildout.cfg
parts = ruby
[ruby-1.9.3]
[ruby-common]
recipe = slapos.recipe.cmmi
url = http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.3-p194.tar.gz
md5sum = bc0c715c69da4d1d8bd57069c19f6c0e
configure-options =
--enable-shared --enable-rpath --disable-install-doc
--enable-pthread --enable-ipv6
--with-ext=bigdecimal,continuation,curses,date,digest,dl,etc,fcntl,iconv,io,json,nkf,openssl,pathname,psych,pty,racc,readline,ripper,sdbm,socket,stringio,strscan,syck,syslog,zlib
--with-out-ext=tk,tk/tkutil,win32,win32ole
environment =
CPPFLAGS=-I${zlib:location}/include -I${readline:location}/include -I${libyaml:location}/include -I${ncurses:location}/include -I${ncurses:location}/include/ncursesw -I${gdbm:location}/include -I${openssl:location}/include
LDFLAGS=-L${zlib:location}/lib -L${libyaml:location}/lib -L${readline:location}/lib -L${ncurses:location}/lib -L${gdbm:location}/lib -L${openssl:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${libyaml:location}/lib -Wl,-rpath=${ncurses:location}/lib -Wl,-rpath=${readline:location}/lib -Wl,-rpath=${gdbm:location}/lib -Wl,-rpath=${openssl:location}/lib
PATH=${xz-utils:location}/bin:%(PATH)s
CPPFLAGS=-I${gdbm:location}/include -I${libffi:location}/include -I${libyaml:location}/include -I${ncurses:location}/include -I${ncurses:location}/include/ncursesw -I${openssl:location}/include -I${readline:location}/include -I${zlib:location}/include
LDFLAGS=-L${gdbm:location}/lib -L${libffi:location}/lib -L${libyaml:location}/lib -L${ncurses:location}/lib -L${openssl:location}/lib -L${readline:location}/lib -L${zlib:location}/lib -Wl,-rpath=${gdbm:location}/lib -Wl,-rpath=${libffi:location}/lib -Wl,-rpath=${libyaml:location}/lib -Wl,-rpath=${ncurses:location}/lib -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${readline:location}/lib -Wl,-rpath=${zlib:location}/lib
PKG_CONFIG_PATH=${libyaml:location}/lib/
[ruby-1.9]
<= ruby-1.9.3
[ruby2.1]
<= ruby-common
url = http://ftp.ruby-lang.org/pub/ruby/2.1/ruby-2.1.6.tar.xz
md5sum = ec6f10ca331ce947802ede86259513a8
[ruby2.2]
<= ruby-common
url = http://ftp.ruby-lang.org/pub/ruby/2.2/ruby-2.2.2.tar.xz
md5sum = dbce9b9d79d90f213ba8d448b0b6ed86
[ruby]
<= ruby2.2
......@@ -13,3 +13,4 @@ recipe = zc.recipe.egg:custom
egg = scipy
environment = scipy-env
setup-eggs = ${numpy:egg}
rpath = ${numpy:rpath}
......@@ -114,7 +114,3 @@ eggs =
${slapos:eggs}
interpreter = py
scripts = py
[versions]
collective.recipe.template = 1.11
z3c.recipe.scripts = 1.0.1
......@@ -5,11 +5,14 @@ parts =
[sqlite3]
recipe = slapos.recipe.cmmi
url = http://sqlite.org/2015/sqlite-autoconf-3080801.tar.gz
md5sum = a6381941ffe8817ba19669ec0c0ede6f
url = http://sqlite.org/2015/sqlite-autoconf-3081002.tar.gz
md5sum = a18bfc015cd49a1e7a961b7b77bc3b37
configure-options =
--disable-static
--enable-readline
patch-options = -p1
patches =
${:_profile_base_location_}/dynamic_link.patch#328d3773b49151207d29a5a857f98337
environment =
CPPFLAGS=-I${readline:location}/include -I${ncurses:location}/include
LDFLAGS=-L${buildout:parts-directory}/${:_buildout_section_name_} -Wl,-rpath=${readline:location}/lib -Wl,-rpath=${ncurses:location}/lib -L${readline:location}/lib -L${ncurses:location}/lib
diff -ur sqlite-autoconf-3081002/Makefile.am sqlite-autoconf-3081002/Makefile.am
--- sqlite-autoconf-3081002/Makefile.am 2015-04-08 16:38:50.000000000 +0200
+++ sqlite-autoconf-3081002/Makefile.am 2015-05-09 14:23:20.000000000 +0200
@@ -7,7 +7,8 @@
bin_PROGRAMS = sqlite3
sqlite3_SOURCES = shell.c sqlite3.h
-sqlite3_LDADD = sqlite3.$(OBJEXT) @READLINE_LIBS@
+sqlite3_LDADD = $(top_builddir)/libsqlite3.la @READLINE_LIBS@
+sqlite3_DEPENDENCIES = $(top_builddir)/libsqlite3.la
include_HEADERS = sqlite3.h sqlite3ext.h
diff -ur sqlite-autoconf-3081002/Makefile.in sqlite-autoconf-3081002/Makefile.in
--- sqlite-autoconf-3081002/Makefile.in 2015-04-08 16:38:52.000000000 +0200
+++ sqlite-autoconf-3081002/Makefile.in 2015-05-09 14:23:23.000000000 +0200
@@ -109,7 +109,6 @@
PROGRAMS = $(bin_PROGRAMS)
am_sqlite3_OBJECTS = shell.$(OBJEXT)
sqlite3_OBJECTS = $(am_sqlite3_OBJECTS)
-sqlite3_DEPENDENCIES = sqlite3.$(OBJEXT)
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -274,7 +273,8 @@
libsqlite3_la_SOURCES = sqlite3.c
libsqlite3_la_LDFLAGS = -no-undefined -version-info 8:6:8
sqlite3_SOURCES = shell.c sqlite3.h
-sqlite3_LDADD = sqlite3.$(OBJEXT) @READLINE_LIBS@
+sqlite3_LDADD = $(top_builddir)/libsqlite3.la @READLINE_LIBS@
+sqlite3_DEPENDENCIES = $(top_builddir)/libsqlite3.la
include_HEADERS = sqlite3.h sqlite3ext.h
EXTRA_DIST = sqlite3.1 tea
pkgconfigdir = ${libdir}/pkgconfig
......@@ -6,13 +6,15 @@ parts =
squid
extends =
../pkgconfig/buildout.cfg
../xz-utils/buildout.cfg
[squid]
recipe = hexagonit.recipe.cmmi
url = http://www.squid-cache.org/Versions/v3/3.4/squid-3.4.7.tar.bz2
md5sum = 9951034b10f7ee0f45a95cfae61c57c2
recipe = slapos.recipe.cmmi
url = http://www.squid-cache.org/Versions/v3/3.4/squid-3.4.13.tar.xz
md5sum = a5f6c978b2d7a99b161c8275e1acb470
configure-options =
--disable-dependency-tracking
--disable-static
--disable-translation
--disable-htcp
--disable-snmp
......@@ -20,6 +22,7 @@ configure-options =
--disable-icmp
--disable-esi
--disable-icap-client
--disable-ecap
--disable-wccp
--disable-wccpv2
--disable-eui
......@@ -38,4 +41,4 @@ configure-options =
--disable-auth-ntlm
--with-krb5-config=no
Environment =
PATH=${pkgconfig:location}/bin:%(PATH)s
PATH=${pkgconfig:location}/bin:${xz-utils:location}/bin:%(PATH)s
......@@ -6,8 +6,8 @@ parts =
[stunnel]
recipe = slapos.recipe.cmmi
url = https://www.stunnel.org/downloads/archive/5.x/stunnel-5.12.tar.gz
md5sum = 43685457503bb24144d03dc307b3211b
url = https://www.stunnel.org/downloads/archive/5.x/stunnel-5.14.tar.gz
md5sum = e716501960dc6856d80f92547298f724
configure-options =
--enable-ipv6
--disable-libwrap
......
[buildout]
extends = ../git/buildout.cfg
parts =
wendelin.core
# wendelin.core installed from released egg from pypi
[wendelin.core]
recipe = zc.recipe.egg:custom
egg = wendelin.core
# wendelin.core installed from latest git version
[wendelin.core-dev]
recipe = zc.recipe.egg:develop
egg = wendelin.core
setup = ${wendelin.core-repository-submoduleinit:location}
[wendelin.core-repository]
recipe = slapos.recipe.build:gitclone
repository = https://lab.nexedi.cn/nexedi/wendelin.core.git
# dir is pretty name as top-level -dev recipe
location = ${buildout:parts-directory}/wendelin.core-dev
git-executable = ${git:location}/bin/git
# TODO add `git clone --recursive` to slapos.recipe.build:gitclone
# and this way merge this -submoduleinit into -repository part
[wendelin.core-repository-submoduleinit]
recipe = plone.recipe.command
command = cd "${wendelin.core-repository:location}" && ${git:location}/bin/git submodule update --init
stop-on-error = true
# propagate location of main repo
location= ${wendelin.core-repository:location}
......@@ -10,8 +10,8 @@ parts =
[wget]
recipe = slapos.recipe.cmmi
url = http://ftp.gnu.org/gnu/wget/wget-1.16.1.tar.xz
md5sum = 78942cc0cce0a23e18114d982789e360
url = http://ftp.gnu.org/gnu/wget/wget-1.16.3.tar.xz
md5sum = d2e4455781a70140ae83b54ca594ce21
configure-options =
--enable-ipv6
--enable-opie
......@@ -24,7 +24,7 @@ patch-options =
-p1
patches =
${:_profile_base_location_}/wget-doc.makefile.patch#aabcc1695c7fb65ac44f295e04a2db78
${:_profile_base_location_}/wget-doc.makefile.patch#0d23cf1ee81268a94699aebbb26058e6
environment =
PATH=${pkgconfig:location}/bin:${xz-utils:location}/bin:%(PATH)s
......
......@@ -7,16 +7,16 @@
-SUBDIRS = lib src doc po tests util testenv
+SUBDIRS = lib src po tests util testenv
EXTRA_DIST = ChangeLog.README MAILING-LIST \
msdos/ChangeLog msdos/config.h msdos/Makefile.DJ \
EXTRA_DIST = MAILING-LIST \
msdos/config.h msdos/Makefile.DJ \
--- a/Makefile.in 2012-08-05 22:17:17.000000000 +0200
+++ b/Makefile.in 2013-06-21 15:05:04.351269286 +0200
@@ -1195,7 +1195,7 @@
@@ -1322,7 +1322,7 @@
ACLOCAL_AMFLAGS = -I m4
# subdirectories in the distribution
-SUBDIRS = lib src doc po tests util testenv
+SUBDIRS = lib src po tests util testenv
EXTRA_DIST = ChangeLog.README MAILING-LIST \
msdos/ChangeLog msdos/config.h msdos/Makefile.DJ \
EXTRA_DIST = MAILING-LIST \
msdos/config.h msdos/Makefile.DJ \
msdos/Makefile.WC ABOUT-NLS \
......@@ -28,7 +28,7 @@ from setuptools import setup, find_packages
import glob
import os
version = '0.97.dev'
version = '0.102'
name = 'slapos.cookbook'
long_description = open("README.txt").read() + "\n" + \
open("CHANGES.txt").read() + "\n"
......@@ -182,6 +182,7 @@ setup(name=name,
'shellinabox = slapos.recipe.shellinabox:Recipe',
'signalwrapper= slapos.recipe.signal_wrapper:Recipe',
'simplelogger = slapos.recipe.simplelogger:Recipe',
'simplehttpserver = slapos.recipe.simplehttpserver:Recipe',
'siptester = slapos.recipe.siptester:SipTesterRecipe',
'slapconfiguration = slapos.recipe.slapconfiguration:Recipe',
'slapconfiguration.serialised = slapos.recipe.slapconfiguration:Serialised',
......
......@@ -9,6 +9,9 @@ import subprocess
import urllib
import gzip
import shutil
from random import shuffle
import glob
import re
# XXX: give all of this through parameter, don't use this as template, but as module
qemu_img_path = '%(qemu-img-path)s'
......@@ -30,14 +33,21 @@ listen_ip = '%(ipv4)s'
mac_address = '%(mac-address)s'
tap_mac_address = '%(tap-mac-address)s'
smp_count = '%(smp-count)s'
smp_options = '%(smp-options)s'.strip()
numa_list = '%(numa)s'.split()
ram_size = '%(ram-size)s'
pid_file_path = '%(pid-file-path)s'
external_disk_number = %(external-disk-number)s
external_disk_size = '%(external-disk-size)s'
external_disk_format = '%(external-disk-format)s'
disk_storage_dict = {}
disk_storage_list = """%(disk-storage-list)s""".split('\n')
map_storage_list = []
etc_directory = '%(etc-directory)s'.strip()
httpd_port = %(httpd-port)s
netcat_bin = '%(netcat-binary)s'.strip()
cluster_doc_host = '%(cluster-doc-host)s'
cluster_doc_port = %(cluster-doc-port)s
def md5Checksum(file_path):
with open(file_path, 'rb') as fh:
......@@ -68,21 +78,41 @@ def getSocketStatus(host, port):
break
return s
def getMapStorageList(disk_storage_dict):
def getMapStorageList(disk_storage_dict, external_disk_number):
map_disk_file = os.path.join(etc_directory, '.data-disk-ids')
last_disk_num_f = os.path.join(etc_directory, '.data-disk-amount')
id_list = []
if os.path.exists(map_disk_file):
last_amount = 0
map_f_exist = os.path.exists(map_disk_file)
if os.path.exists(last_disk_num_f):
with open(last_disk_num_f, 'r') as lf:
last_amount = int(lf.readline())
if map_f_exist:
with open(map_disk_file, 'r') as mf:
# ID are writen in one line: data1 data3 data2 ...
content = mf.readline()
if content:
id_list = [id for id in content.split(' ') if disk_storage_dict.has_key(id)]
for id in content.split(' '):
if disk_storage_dict.has_key(id):
id_list.append(id)
else:
# Mean that this disk path has been removed (disk unmounted)
last_amount -= 1
for key in disk_storage_dict:
if not key in id_list:
id_list.append(key)
if id_list:
if not map_f_exist:
# shuffle the list to not write disk in data1, data2, ... everytime
shuffle(id_list)
if external_disk_number < last_amount:
# Drop created disk is not allowed
external_disk_number = last_amount
with open(map_disk_file, 'w') as mf:
mf.write(' '.join(id_list))
return id_list
with open(last_disk_num_f, 'w') as lf:
lf.write('%%s' %% external_disk_number)
return id_list, external_disk_number
# Download existing hard drive if needed at first boot
if not os.path.exists(disk_path) and virtual_hard_drive_url != '':
......@@ -107,9 +137,14 @@ if not os.path.exists(disk_path) and virtual_hard_drive_url != '':
else:
print('Warning: not checksum specified.')
if downloaded_disk.endswith('.gz'):
try:
with open(disk_path, 'w') as disk:
with gzip.open(downloaded_disk, 'rb') as disk_gz:
shutil.copyfileobj(disk_gz, disk)
except Exception:
if os.path.exists(disk_path):
os.remove(disk_path)
raise
os.remove(downloaded_disk)
# Create disk if doesn't exist
......@@ -122,24 +157,34 @@ if not os.path.exists(disk_path):
# Check and create external disk
additional_disk_list = []
for storage in sorted(disk_storage_list):
for storage in disk_storage_list:
if storage:
key, val = storage.split(' ')
disk_storage_dict[key.strip()] = val.strip()
map_storage_list = getMapStorageList(disk_storage_dict)
if not external_disk_format in ['qcow2', 'raw', 'vdi', 'vmdk', 'cloop']:
external_disk_format = 'qcow2'
map_storage_list, external_disk_number = getMapStorageList(disk_storage_dict,
int(external_disk_number))
assert len(map_storage_list) == len(disk_storage_dict)
if disk_storage_dict:
if int(external_disk_number) > 0:
if external_disk_number > 0:
index = 0
while (index < len(disk_storage_dict)) and (index < external_disk_number):
path = disk_storage_dict[map_storage_list[index]]
if os.path.exists(path):
disk_filepath = os.path.join(path, 'kvm_virtual_disk.qcow2')
if not os.path.exists(disk_filepath):
disk_filepath = os.path.join(path,
'kvm_virtual_disk.%%s' %% external_disk_format)
disk_list = glob.glob('%%s.*' %% os.path.join(path, 'kvm_virtual_disk'))
if disk_list == []:
print('Creating one additional virtual hard drive...')
subprocess.Popen([qemu_img_path, 'create' ,'-f', 'qcow2',
subprocess.Popen([qemu_img_path, 'create' ,'-f', '%%s' %% external_disk_format,
disk_filepath, '%%sG' %% external_disk_size])
else:
# Cannot change or recreate if disk is exists
disk_filepath = disk_list[0]
additional_disk_list.append(disk_filepath)
else:
print('Data folder %%s was not used to create external disk %%r' %% (index +1))
......@@ -150,11 +195,18 @@ if disk_storage_dict:
# XXX: use_tap should be a boolean
tap_network_parameter = []
nat_network_parameter = []
numa_parameter = []
number = -1
if use_nat == 'True':
number += 1
rules = 'user,id=lan%%s,' %% number + ','.join('hostfwd=tcp:%%s:%%s-:%%s' %% (listen_ip,
int(port) + 10000, port) for port in nat_rules.split())
if httpd_port > 0:
rules += ',guestfwd=tcp:10.0.2.100:80-cmd:%%s %%s %%s' %% (netcat_bin,
listen_ip, httpd_port)
if cluster_doc_host and cluster_doc_port > 0:
rules += ',guestfwd=tcp:10.0.2.101:443-cmd:%%s %%s %%s' %% (netcat_bin,
cluster_doc_host, cluster_doc_port)
nat_network_parameter = ['-netdev', rules,
'-device', 'e1000,netdev=lan%%s,mac=%%s' %% (number, mac_address)]
if use_tap == 'True':
......@@ -164,8 +216,14 @@ if use_tap == 'True':
tap_interface),
'-device', 'e1000,netdev=lan%%s,mac=%%s' %% (number, tap_mac_address)]
smp = smp_count
if smp_options:
for option in smp_options.split(','):
key, val = option.split('=')
if key in ('cores', 'threads', 'sockets', 'maxcpus') and val.isdigit():
smp += ',%%s=%%s' %% (key, val)
kvm_argument_list = [qemu_path,
'-enable-kvm', '-smp', smp_count,
'-enable-kvm', '-smp', smp,
'-m', ram_size, '-vga', 'std',
'-drive', 'file=%%s,if=%%s' %% (disk_path, disk_type),
'-vnc', '%%s:1,ipv4,password' %% listen_ip,
......@@ -173,6 +231,13 @@ kvm_argument_list = [qemu_path,
'-qmp', 'unix:%%s,server' %% socket_path,
'-pidfile', pid_file_path,
]
rgx = re.compile('^[\w*\,][\=\d+\-\,\w]*$')
for numa in numa_list:
if rgx.match(numa):
numa_parameter.extend(['-numa', numa])
kvm_argument_list += numa_parameter
if tap_network_parameter == [] and nat_network_parameter == []:
print 'Warning : No network interface defined.'
else:
......@@ -201,4 +266,5 @@ else:
'-drive', 'file=%%s,media=cdrom' %% default_disk_image
])
print 'Starting KVM: \n %%s' %% ' '.join(kvm_argument_list)
os.execv(qemu_path, kvm_argument_list)
......@@ -29,7 +29,7 @@ import subprocess
from slapos.recipe.librecipe import GenericBaseRecipe
import socket
import struct
import os
import os, stat
import string, random
import json
import traceback
......@@ -49,7 +49,9 @@ class Recipe(GenericBaseRecipe):
self.software_release_url = slap_connection['software-release-url']
self.key_file = slap_connection.get('key-file')
self.cert_file = slap_connection.get('cert-file')
self.slave_list = json.loads(options['slave-instance-list'])
options['slave-amount'] = '%s' % len(self.slave_list)
return GenericBaseRecipe.__init__(self, buildout, name, options)
def getSerialFromIpv6(self, ipv6):
......@@ -71,9 +73,19 @@ class Recipe(GenericBaseRecipe):
def generateCertificate(self):
key_file = self.options['key-file'].strip()
cert_file = self.options['cert-file'].strip()
if not os.path.exists(key_file):
serial = self.getSerialFromIpv6(self.options['ipv6-prefix'].strip())
dh_file = self.options['dh-file'].strip()
if not os.path.exists(dh_file):
dh_command = [self.options['openssl-bin'], 'dhparam', '-out',
'%s' % dh_file, self.options['key-size']]
try:
subprocess.check_call(dh_command)
except Exception:
if os.path.exists(dh_file):
os.unlink(dh_file)
raise
if not os.path.exists(cert_file):
serial = self.getSerialFromIpv6(self.options['ipv6-prefix'].strip())
key_command = [self.options['openssl-bin'], 'genrsa', '-out',
'%s' % key_file, self.options['key-size']]
......@@ -82,8 +94,19 @@ class Recipe(GenericBaseRecipe):
'-x509', '-batch', '-key', '%s' % key_file, '-set_serial',
'%s' % serial, '-days', '3650', '-out', '%s' % cert_file]
try:
subprocess.check_call(key_command)
except Exception:
if os.path.exists(key_file):
os.unlink(key_file)
raise
try:
subprocess.check_call(cert_command)
except Exception:
if os.path.exists(cert_file):
os.unlink(cert_file)
raise
def generateSlaveTokenList(self, slave_instance_list, token_file):
to_remove_dict = {}
......@@ -96,7 +119,7 @@ class Recipe(GenericBaseRecipe):
if not reference in token_dict:
# we generate new token
number = reference.split('-')[1]
new_token = number + ''.join(random.sample(string.ascii_lowercase, 15))
new_token = number + ''.join(random.sample(string.ascii_lowercase, 20))
token_dict[reference] = new_token
to_add_dict[reference] = new_token
......@@ -127,6 +150,17 @@ class Recipe(GenericBaseRecipe):
return content
return ''
def genHash(self, length):
hash_path = os.path.join(self.options['conf-dir'], '%s-hash' % length)
if not os.path.exists(hash_path):
pool = string.letters + string.digits
hash_string = ''.join(random.choice(pool) for i in xrange(length))
self.writeFile(hash_path, hash_string)
else:
hash_string = self.readFile(hash_path)
return hash_string
def install(self):
path_list = []
token_save_path = os.path.join(self.options['conf-dir'], 'token.json')
......@@ -134,16 +168,21 @@ class Recipe(GenericBaseRecipe):
self.generateCertificate()
wrapper = self.createWrapper(name=self.options['wrapper'],
command=self.options['command'],
parameters=['@%s' % self.options['config-file']])
wrapper = self.createFile(self.options['wrapper'], self.substituteTemplate(
self.getTemplateFilename('registry-run.in'), dict(
parameter='@%s' % self.options['config-file'],
pid_file=self.options['pid-file'],
command=self.options['command']
)
)
)
os.chmod(self.options['wrapper'], stat.S_IRWXU)
path_list.append(wrapper)
slave_list = json.loads(self.options['slave-instance-list'])
registry_url = 'http://%s:%s/' % (self.options['ipv4'], self.options['port'])
token_dict, add_token_dict, rm_token_dict = self.generateSlaveTokenList(
slave_list, token_save_path)
self.slave_list, token_save_path)
# write request add token
for reference in add_token_dict:
......@@ -156,7 +195,7 @@ class Recipe(GenericBaseRecipe):
path = os.path.join(token_list_path, '%s.remove' % reference)
if not os.path.exists(path):
self.createFile(path, rm_token_dict[reference])
# remove request add file if exists
# remove request add token if exists
add_path = os.path.join(token_list_path, '%s.add' % reference)
if os.path.exists(add_path):
os.unlink(add_path)
......@@ -191,6 +230,12 @@ class Recipe(GenericBaseRecipe):
)
path_list.append(request_check)
revoke_check = self.createPythonScript(
self.options['revoke-service-wrapper'].strip(),
'%s.re6stnet.requestRevoqueCertificate' % __name__, service_dict
)
path_list.append(revoke_check)
# Send connection parameters of slave instances
if token_dict:
self.slap.initializeConnection(self.server_url, self.key_file,
......@@ -211,7 +256,7 @@ class Recipe(GenericBaseRecipe):
computer_partition.setConnectionDict(
{'token':token, '1_info':msg},
slave_reference)
except:
except Exception:
self.logger.fatal("Error while sending slave %s informations: %s",
slave_reference, traceback.format_exc())
......
......@@ -5,8 +5,10 @@ import os
import time
import sqlite3
import slapos
import traceback
from re6st import registry
from re6st import registry, x509
from OpenSSL import crypto
log = logging.getLogger('SLAPOS-RE6STNET')
logging.basicConfig(level=logging.DEBUG)
......@@ -50,6 +52,7 @@ def bang(args):
partition.bang(message='Published parameters changed!')
log.info("Bang with message 'parameters changed'...")
def requestAddToken(args, can_bang=True):
time.sleep(3)
......@@ -69,12 +72,13 @@ def requestAddToken(args, can_bang=True):
token = readFile(request_file)
if token :
reference = reference_key.split('.')[0]
# email is unique as reference is also unique
email = '%s@slapos' % reference.lower()
try:
result = client.requestAddToken(token, email)
except Exception, e:
except Exception:
log.debug('Request add token fail for %s... \n %s' % (request_file,
str(e)))
traceback.format_exc()))
continue
if result and result == token:
# update information
......@@ -106,23 +110,58 @@ def requestRemoveToken(args):
reference = reference_key.split('.')[0]
try:
result = client.requestDeleteToken(token)
except Exception, e:
except Exception:
log.debug('Request delete token fail for %s... \n %s' % (request_file,
str(e)))
traceback.format_exc()))
continue
else:
# certificate is invalidated, it will be revoked
writeFile(os.path.join(base_token_path, '%s.revoke' % reference), '')
if result == 'True':
# update information
log.info("Token deleted for slave instance %s. Clean up file status..." %
reference)
if result in ['True', 'False']:
os.unlink(request_file)
status_file = os.path.join(base_token_path, '%s.status' % reference)
if os.path.exists(status_file):
os.unlink(status_file)
else:
log.debug('Request delete token fail for %s...' % request_file)
else:
log.debug('Bad token. Request add token fail for %s...' % request_file)
def requestRevoqueCertificate(args):
base_token_path = args['token_base_path']
db = getDb(args['db'])
path_list = [x for x in os.listdir(base_token_path) if x.endswith('.revoke')]
client = registry.RegistryClient(args['registry_url'])
for reference_key in path_list:
reference = reference_key.split('.')[0]
# XXX - email is always unique
email = '%s@slapos' % reference.lower()
cert_string = ''
try:
cert_string, = db.execute("SELECT cert FROM cert WHERE email = ?",
(email,)).next()
except StopIteration:
# Certificate was not generated yet !!!
pass
try:
if cert_string:
cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_string)
cn = x509.subnetFromCert(cert)
result = client.revoke(str(cn))
time.sleep(2)
except Exception:
log.debug('Request revoke certificate fail for %s... \n %s' % (reference,
traceback.format_exc()))
continue
else:
os.unlink(os.path.join(base_token_path, reference_key))
log.info("Certificate revoked for slave instance %s." % reference)
def checkService(args, can_bang=True):
base_token_path = args['token_base_path']
token_dict = loadJsonFile(args['token_json'])
......@@ -164,7 +203,7 @@ def checkService(args, can_bang=True):
time.sleep(1)
writeFile(status_file, 'TOKEN_USED')
log.info("Token status of %s updated to 'used'." % slave_reference)
except IOError, e:
except IOError:
# XXX- this file should always exists
log.debug('Error when writing in file %s. Clould not update status of %s...' %
(status_file, slave_reference))
......@@ -181,3 +220,4 @@ def manage(args):
# check status of all token
checkService(args)
#!/bin/sh
echo $$ > %(pid_file)s
exec %(command)s \
%(parameter)s
\ No newline at end of file
##############################################################################
#
# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
from slapos.recipe.librecipe import GenericBaseRecipe
import string, random
import os
class Recipe(GenericBaseRecipe):
def __init__(self, buildout, name, options):
base_path = options['base-path']
pool = string.letters + string.digits
hash_string = ''.join(random.choice(pool) for i in xrange(64))
path = os.path.join(base_path, hash_string)
if os.path.exists(base_path):
path_list = os.listdir(base_path)
if len(path_list) == 1:
hash_string = path_list[0]
path = os.path.join(base_path, hash_string)
elif len(path_list) > 1:
raise ValueError("Folder %s should contain 0 or 1 element." % base_path)
options['root-dir'] = path
options['path'] = hash_string
return GenericBaseRecipe.__init__(self, buildout, name, options)
def install(self):
if not os.path.exists(self.options['root-dir']):
os.mkdir( self.options['root-dir'] )
parameters = {
'host': self.options['host'],
'port': int(self.options['port']),
'cwd': self.options['base-path'],
'log-file': self.options['log-file'],
'cert-file': self.options['cert-file'],
'key-file': self.options['key-file']
}
server = self.createPythonScript(
self.options['wrapper'].strip(),
'%s.simplehttpserver.run' % __name__, parameters
)
return [server]
from SimpleHTTPServer import SimpleHTTPRequestHandler
from BaseHTTPServer import HTTPServer
import ssl
import os
import logging
from netaddr import valid_ipv4, valid_ipv6
import socket
class ServerHandler(SimpleHTTPRequestHandler):
def respond(self, code=200, type='text/plain'):
self.send_response(code)
self.send_header("Content-type", type)
self.end_headers()
def do_GET(self):
logging.info('%s - GET: %s \n%s' % (self.client_address[0], self.path, self.headers))
if not self.path or self.path == '/':
# no access to root path
self.respond(403)
self.wfile.write("Forbidden")
return
SimpleHTTPRequestHandler.do_GET(self)
class HTTPServerV6(HTTPServer):
address_family = socket.AF_INET6
def run(args):
# minimal web server. serves files relative to the
# current directory.
logging.basicConfig(format="%(asctime)s - %(name)s - %(levelname)s - %(message)s",
filename=args['log-file'] ,level=logging.INFO)
port = args['port']
host = args['host']
os.chdir(args['cwd'])
Handler = ServerHandler
if valid_ipv6(host):
server = HTTPServerV6
else:
server = HTTPServer
httpd = server((host, port), Handler)
if args.has_key('cert-file') and args.has_key('key-file'):
httpd.socket = ssl.wrap_socket (httpd.socket,
server_side=True,
certfile=args['cert-file'],
keyfile=args['key-file'])
logging.info("Starting simple http server at https://%s:%s" % (host, port))
httpd.serve_forever()
......@@ -115,9 +115,13 @@ class Recipe:
cert_file = slap_connection.get('cert_file')
instance_root = self.buildout['buildout']['directory']
storage_configuration_dict = self.buildout.get('storage-configuration')
network_dict = self.buildout.get('network-information')
storage_home = ''
global_ipv4_network = ''
if storage_configuration_dict:
storage_home = storage_configuration_dict.get('storage-home')
if network_dict:
global_ipv4_network = network_dict.get('global-ipv4-network')
slap.initializeConnection(server_url, key_file, cert_file)
self.computer_partition = slap.registerComputerPartition(
computer_id,
......@@ -173,6 +177,8 @@ class Recipe:
buildout.set('slap-network-information', 'tap-gateway', tap_gateway)
buildout.set('slap-network-information', 'tap-netmask', tap_netmask)
buildout.set('slap-network-information', 'tap-network', tap_network)
buildout.set('slap-network-information', 'global-ipv4-network',
global_ipv4_network)
# Copy/paste slap_connection
buildout.add_section('slap-connection')
......
......@@ -24,6 +24,7 @@ class Re6stnetTest(unittest.TestCase):
'openssl-bin': '/usr/bin/openssl',
'key-file': os.path.join(self.ssl_dir, 'cert.key'),
'cert-file': os.path.join(self.ssl_dir, 'cert.crt'),
'dh-file': os.path.join(self.ssl_dir, 'dh.pem'),
'key-size': '2048',
'conf-dir': self.conf_dir,
'token-dir': self.token_dir,
......@@ -31,11 +32,13 @@ class Re6stnetTest(unittest.TestCase):
'config-file': config_file,
'ipv4': '127.0.0.1',
'port': '9201',
'pid-file': '/path/to/pid/file',
'db-path': '/path/to/db',
'command': '/path/to/command',
'manager-wrapper': os.path.join(self.base_dir, 'manager_wrapper'),
'drop-service-wrapper': os.path.join(self.base_dir, 'drop_wrapper'),
'check-service-wrapper': os.path.join(self.base_dir, 'check_wrapper'),
'revoke-service-wrapper': os.path.join(self.base_dir, 'revoke_wrapper'),
'slave-instance-list': '{}'
}
......@@ -96,6 +99,11 @@ class Re6stnetTest(unittest.TestCase):
with open(path, 'r') as f:
content = f.read()
self.assertIn("@%s" % config_file, content)
self.assertIn("/path/to/pid/file", content)
self.assertIn("/path/to/command", content)
def fake_generateCertificates(self):
return
def test_generateCertificates(self):
......@@ -106,8 +114,8 @@ class Re6stnetTest(unittest.TestCase):
recipe.generateCertificate()
self.assertTrue(os.path.exists(self.options['key-file']))
self.assertTrue(os.path.exists(self.options['cert-file']))
self.assertItemsEqual(os.listdir(self.ssl_dir),
['cert.key', 'cert.crt', 'dh.pem'])
last_time = time.ctime(os.stat(self.options['key-file'])[7])
......@@ -118,21 +126,22 @@ class Re6stnetTest(unittest.TestCase):
self.assertEqual(last_time, this_time)
def test_generateCertificates_other_ipv6(self):
def test_getSerialFromIpv6(self):
self.options['ipv6-prefix'] = 'be28:db8:fe6a:d85:4fe:54a:ae:aea/64'
ipv6 = 'be28:db8:fe6a:d85:4fe:54a:ae:aea/64'
recipe = self.new_recipe()
serial = recipe.getSerialFromIpv6(ipv6)
recipe.generateCertificate()
self.assertEqual(serial, '0x1be280db8fe6a0d8504fe054a00ae0aea')
self.assertTrue(os.path.exists(self.options['key-file']))
self.assertTrue(os.path.exists(self.options['cert-file']))
ipv6 = '2001:db8:24::/48'
serial = recipe.getSerialFromIpv6(ipv6)
def test_install(self):
recipe = self.new_recipe()
self.assertEqual(serial, '0x120010db80024')
recipe.options.update({
def test_install(self):
self.options.update({
'ipv6-prefix': '2001:db8:24::/48',
'slave-instance-list': '''[
{"slave_reference":"SOFTINST-58770"},
......@@ -141,15 +150,15 @@ class Re6stnetTest(unittest.TestCase):
'''
})
recipe = self.new_recipe()
recipe.generateCertificate = self.fake_generateCertificates
try:
recipe.install()
except (NotFoundError, ConnectionError):
# Recipe will raise not found error when trying to publish slave informations
pass
self.assertItemsEqual(os.listdir(self.ssl_dir),
['cert.key', 'cert.crt'])
token_file = os.path.join(self.options['conf-dir'], 'token.json')
self.assertTrue(os.path.exists(token_file))
......@@ -175,12 +184,16 @@ class Re6stnetTest(unittest.TestCase):
self.checkWrapper(os.path.join(self.base_dir, 'manager_wrapper'))
self.checkWrapper(os.path.join(self.base_dir, 'drop_wrapper'))
self.checkWrapper(os.path.join(self.base_dir, 'check_wrapper'))
self.checkWrapper(os.path.join(self.base_dir, 'revoke_wrapper'))
self.checkRegistryWrapper()
# Remove one element
recipe.options.update({
self.options.update({
"slave-instance-list": """[{"slave_reference":"SOFTINST-58770"}]"""
})
recipe = self.new_recipe()
recipe.generateCertificate = self.fake_generateCertificates
try:
recipe.install()
except (NotFoundError, ConnectionError):
......@@ -197,17 +210,14 @@ class Re6stnetTest(unittest.TestCase):
self.assertEqual(second_add, second_remove)
def test_install_empty_slave(self):
recipe = self.new_recipe()
recipe.options.update({
self.options.update({
'ipv6-prefix': '2001:db8:24::/48'
})
recipe = self.new_recipe()
recipe.generateCertificate = self.fake_generateCertificates
recipe.install()
self.assertItemsEqual(os.listdir(self.ssl_dir),
['cert.key', 'cert.crt'])
token_file = os.path.join(self.options['conf-dir'], 'token.json')
self.assertTrue(os.path.exists(token_file))
......@@ -218,5 +228,6 @@ class Re6stnetTest(unittest.TestCase):
self.checkWrapper(os.path.join(self.base_dir, 'manager_wrapper'))
self.checkWrapper(os.path.join(self.base_dir, 'drop_wrapper'))
self.checkWrapper(os.path.join(self.base_dir, 'check_wrapper'))
self.checkWrapper(os.path.join(self.base_dir, 'revoke_wrapper'))
self.checkRegistryWrapper()
......@@ -78,7 +78,7 @@ mode = 0644
[template-slave-list]
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/templates/apache-custom-slave-list.cfg.in
md5sum = bae669cdc917c68186a387903478a53d
md5sum = 1fe76dde85c488e94baf8510775ebcaf
mode = 640
[template-slave-configuration]
......@@ -96,7 +96,7 @@ mode = 640
[template-apache-frontend-configuration]
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/templates/apache.conf.in
md5sum = eb509d5b924464b08e28d296da93b58c
md5sum = 6c72015a9af4f1edab63712f5c6aec99
mode = 640
[template-apache-cached-configuration]
......@@ -133,7 +133,7 @@ mode = 640
[template-default-slave-virtualhost]
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/templates/default-virtualhost.conf.in
md5sum = 3671d13456cec8c3347e8a6ad0badbff
md5sum = 5463dd67f1b1bea0bee57a421e371dd0
mode = 640
[template-log-access]
......
......@@ -15,12 +15,20 @@
"type": "string",
"pattern": "^([a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?\\.)+[a-zA-Z]{2,6}$"
},
"server-alias": {
"title": "Server Alias",
"description": "Server Alias List separated by space",
"type": "string",
"default": ""
},
"type": {
"title": "Backend Type",
"description": "Type of the backend",
"description": "Type of slave. If redirect, the slave will redirect to the given url. If zope, the rewrite rules will be compatible with Virtual Host Monster",
"type": "string",
"default": "",
"enum": ["", "zope"]
"enum": ["", "zope", "redirect"]
},
"path": {
......@@ -71,6 +79,30 @@
"default": "false",
"enum": ["false", "true"]
},
"disable-no-cache-request": {
"title": "Disable 'no-cache' requests",
"description": "If set to true, no-cache control headers will be disabled",
"type": "string",
"default": "false",
"enum": ["false", "true"]
},
"prefer-gzip-encoding-to-backend": {
"title": "Prefer gzip Encoding for Backend",
"description": "If set to true, if a request is made with accept encoding 'gzip', only that one will be transferred to the backend",
"type": "string",
"default": "false",
"enum": ["false", "true"]
},
"disabled-cookie-list": {
"title": "Disabled Cookies",
"description": "List of Cookies separated by space that will not be sent to the backend",
"type": "string",
"default": ""
},
"apache_custom_http": {
"title": "HTTP configuration",
"description": "Raw http configuration in python template format. Your site will be rejected if you use it without notification and approval of the frontend adminastrator",
......
......@@ -12,7 +12,7 @@ gitdb = 0.5.4
plone.recipe.command = 1.1
pycrypto = 2.6.1
rdiff-backup = 1.0.5
slapos.recipe.template = 2.6
slapos.recipe.template = 2.7
slapos.toolbox = 0.40.4
smmap = 0.8.2
......
......@@ -163,7 +163,7 @@ apache_custom_https = {{ dumps(apache_custom_https) }}
# The slave use cache
# Next line is forbidden and people who copy it will be hanged short
{% set enable_cache = ('' ~ slave_instance.get('enable_cache', '')).lower() in TRUE_VALUES -%}
{% set enable_cache = (('' ~ slave_instance.get('enable_cache', '')).lower() in TRUE_VALUES and slave_instance.get('type', '') != 'redirect') -%}
{% if enable_cache -%}
{% do cached_server_dict.__setitem__(slave_instance.get('custom_domain'), slave_instance.get('url')) -%}
{% do slave_instance.__setitem__('url', cache_access) -%}
......
......@@ -41,6 +41,10 @@ CustomLog "{{ access_log }}" combined
<Directory {{ document_root }}>
Order Allow,Deny
Allow from All
Options -Indexes
ErrorDocument 404 /notfound.html
RewriteEngine on
RewriteRule ^/?$ notfound.html [R=404,L]
</Directory>
# List of modules
......@@ -129,3 +133,6 @@ include {{frontend_configuration.get('log-access-configuration')}}
NameVirtualHost *:{{ http_port }}
NameVirtualHost *:{{ https_port }}
include {{ slave_configuration_directory }}/*.conf
ErrorDocument 404 /notfound.html
RewriteRule (.*) /notfound.html [R=404,L]
{% set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
{% set disable_no_cache_header = ('' ~ slave_parameter.get('disable-no-cache-request', '')).lower() in TRUE_VALUES -%}
{%- set prefer_gzip = ('' ~ slave_parameter.get('prefer-gzip-encoding-to-backend', '')).lower() in TRUE_VALUES -%}
<VirtualHost *:{{ https_port }}>
ServerName {{ slave_parameter.get('custom_domain') }}
ServerAlias {{ slave_parameter.get('custom_domain') }}
{%- if 'server-alias' in slave_parameter -%}
{% set server_alias_list = slave_parameter.get('server-alias', '').split() %}
{%- for server_alias in server_alias_list %}
ServerAlias {{ server_alias }}
{% endfor %}
{%- endif %}
SSLEngine on
SSLProxyEngine on
SSLProtocol all -SSLv2 -SSLv3
......@@ -34,6 +43,22 @@
ProxyTimeout 600
RewriteEngine On
{% if disable_no_cache_header %}
RequestHeader unset Cache-Control
RequestHeader unset Pragma
{% endif -%}
{% if 'disabled-cookie-list' in slave_parameter -%}
{% set disabled_cookie_list = slave_parameter.get('disabled-cookie-list', '').split() %}
{%- for disabled_cookie in disabled_cookie_list %}
{{' RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie) }}
{% endfor -%}
{% endif %}
{%- if prefer_gzip %}
RequestHeader edit Accept-Encoding "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" "gzip"
{% endif %}
{% if slave_parameter.get('type', '') == 'zope' -%}
{% if 'default-path' in slave_parameter %}
RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L]
......@@ -42,6 +67,8 @@
# If so, let's use Virtual Host Daemon rewrite
# We suppose that Apache listens to 443 (even indirectly thanks to things like iptables)
RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/VirtualHostBase/https/{{ slave_parameter.get('custom_domain', '') }}:443/{{ slave_parameter.get('path', '') }}/VirtualHostRoot/$1 [L,P]
{% elif slave_parameter.get('type', '') == 'redirect' -%}
RewriteRule (.*) {{slave_parameter.get('url', '')}}$1 [R,L]
{% else -%}
{% if 'default-path' in slave_parameter %}
RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L]
......@@ -53,6 +80,14 @@
<VirtualHost *:{{ http_port }}>
ServerName {{ slave_parameter.get('custom_domain') }}
ServerAlias {{ slave_parameter.get('custom_domain') }}
{%- if 'server-alias' in slave_parameter %}
{% set server_alias_list = slave_parameter.get('server-alias', '').split() %}
{%- for server_alias in server_alias_list %}
ServerAlias {{ server_alias }}
{% endfor -%}
{% endif %}
SSLProxyEngine on
# Rewrite part
ProxyVia On
......@@ -69,6 +104,22 @@
# Remove "Secure" from cookies, as backend may be https
Header edit Set-Cookie "(?i)^(.+);secure$" "$1"
{% if disable_no_cache_header %}
RequestHeader unset Cache-Control
RequestHeader unset Pragma
{% endif -%}
{% if 'disabled-cookie-list' in slave_parameter -%}
{% set disabled_cookie_list = slave_parameter.get('disabled-cookie-list', '').split() %}
{%- for disabled_cookie in disabled_cookie_list %}
{{' RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie) }}
{% endfor -%}
{% endif %}
{%- if prefer_gzip %}
RequestHeader edit Accept-Encoding "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" "gzip"
{% endif %}
# Next line is forbidden and people who copy it will be hanged short
{% set https_only = ('' ~ slave_parameter.get('https-only', '')).lower() in TRUE_VALUES -%}
{% if https_only -%}
......@@ -77,6 +128,8 @@
# on standard port (443).
RewriteCond %{SERVER_PORT} !^{{ https_port }}$
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [NC,R,L]
{% elif slave_parameter.get('type', '') == 'redirect' -%}
RewriteRule (.*) {{slave_parameter.get('url', '')}}$1 [R,L]
{% elif slave_parameter.get('type', '') == 'zope' -%}
{% if 'default-path' in slave_parameter %}
RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L]
......
......@@ -80,7 +80,3 @@ recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/instance-cloudoo.cfg.in
md5sum = 4bede3be20dbc2ecfdb5d49b3184742e
mode = 640
[versions]
# use newest version of slapos.cookbook
slapos.cookbook =
......@@ -2,6 +2,9 @@
parts =
dream_simulation
dream_platform
dream_test_suite
dream_interpreter
grunt_watch
publish-connection-parameter
eggs-directory = ${buildout:eggs-directory}
......@@ -20,13 +23,25 @@ cert = $${slap_connection:cert_file}
port = 8080
host = $${instance-parameter:ipv6-random}
# interpreter
[dream_interpreter]
recipe = slapos.cookbook:wrapper
command-line = ${buildout:bin-directory}/dream_interpreter
wrapper-path = $${buildout:bin-directory}/dream_interpreter
parameters-extra = true
# service
[dream_platform]
recipe = slapos.cookbook:wrapper
command-line = ${buildout:bin-directory}/dream_platform --host $${dream_platform_parameter:host} --port $${dream_platform_parameter:port} --log $${directory:log}/dream_platform.log
command-line = ${buildout:bin-directory}/dream_platform --debug --host $${dream_platform_parameter:host} --port $${dream_platform_parameter:port} --log $${directory:log}/dream_platform.log
wrapper-path = $${directory:service}/dream_platform
parameters-extra = true
[grunt_watch]
recipe = slapos.cookbook:wrapper
command-line = bash -c 'cd ${dream-repository.git:location}; PATH=${nodejs:location}/bin/:$PATH ${dream-repository.git:location}/node_modules/grunt-cli/bin/grunt watch -f > $${directory:log}/grunt.log'
wrapper-path = $${directory:service}/dream_grunt_watch
# CLI
[dream_simulation]
recipe = slapos.cookbook:wrapper
......@@ -34,6 +49,12 @@ command-line = ${buildout:bin-directory}/dream_simulation
wrapper-path = $${directory:script}/dream_simulation
parameters-extra = true
[dream_test_suite]
recipe = slapos.cookbook:wrapper
command-line = ${dream_testrunner:script}
wrapper-path = $${directory:script}/dream_test_suite
parameters-extra = true
[directory]
recipe = slapos.cookbook:mkdirectory
home = $${buildout:directory}
......
......@@ -2,10 +2,14 @@
versions = versions
extends =
../../stack/slapos.cfg
../../stack/nodejs.cfg
../../component/manpy/buildout.cfg
parts =
slapos-cookbook
manpy
dream_testrunner
dream_interpreter
npm_install
instance
[instance]
......@@ -13,6 +17,26 @@ recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance.cfg
output = ${buildout:directory}/instance.cfg
[dream_testrunner]
recipe = zc.recipe.testrunner
eggs = dream
script = dream_testrunner
initialization =
${manpy:initialization}
[dream_interpreter]
recipe = z3c.recipe.scripts
eggs = ${manpy:eggs}
interpreter = dream_interpreter
initialization =
${manpy:initialization}
[npm_install]
recipe = plone.recipe.command
stop-on-error = true
command = cd ${dream-repository.git:location} && PATH=${git:location}/bin/:$PATH ${nodejs:location}/bin/npm install .
update_command = ${:command}
[versions]
rpy2 = 2.4.0
pydot = 1.0.28
......@@ -22,12 +46,17 @@ pyparsing = 2.0.3
numpy = 1.9.1
scipy = 0.13.3
simpy = 3.0.5
zope.dottedname = 4.1.0
tablib = 0.10.0
MySQL-python = 1.2.5
# indirect dependancies
collective.recipe.template = 1.11
cp.recipe.cmd = 0.5
plone.recipe.command = 1.1
slapos.recipe.template = 2.6
slapos.recipe.template = 2.7
zope.exceptions = 4.0.7
zope.testing = 4.1.3
zc.recipe.testrunner = 2.0.0
zope.testrunner = 4.4.6
z3c.recipe.scripts = 1.0.1
[buildout]
extends =
software.cfg
# nodejs installation script does not support too deep directory structure like
# we can have when installing testnode in a webrunner. Since we do not need
# nodejs for the simulation executor, we can simply disable this section
[nodejs]
recipe =
location =
[npm_install]
recipe =
......@@ -60,4 +60,4 @@ md5sum = 22ffc8e212dcf2db8ad94cf0e5ac4772
[versions]
PyXML = 0.8.5
erp5.util = 0.4.42
slapos.recipe.template = 2.6
slapos.recipe.template = 2.7
{% set python_bin = parameter_dict['python-executable'] -%}
{% set publish_dict = {} -%}
{% set part_list = [] -%}
{% set ipv6 = (ipv6_set | list)[0] -%}
{% set ipv4 = (ipv4_set | list)[0] -%}
{% macro section(name) %}{% do part_list.append(name) %}{{ name }}{% endmacro -%}
[directory]
recipe = slapos.cookbook:mkdirectory
bin = ${buildout:directory}/bin
etc = ${buildout:directory}/etc
srv = ${buildout:directory}/srv
var = ${buildout:directory}/var
tmp = ${buildout:directory}/tmp
log = ${:var}/log
services = ${:etc}/service
script = ${:etc}/run
promises = ${:etc}/promise
run = ${:var}/run
ca-dir = ${:etc}/ssl
requests = ${:ca-dir}/requests/
private = ${:ca-dir}/private/
certs = ${:ca-dir}/certs/
newcerts = ${:ca-dir}/newcerts/
crl = ${:ca-dir}/crl/
[gateone-dir]
gateone = ${directory:srv}/gateone
log-prefix = ${directory:log}/gateone
cache = ${:gateone}/cache
sessions = ${:gateone}/sessions
users = ${:gateone}/users
conf = ${directory:etc}/gateone
ssl = ${:conf}/ssl
[gateone-configure]
recipe = slapos.cookbook:wrapper
port = 10443
ipv6 = {{ ipv6 }}
ipv4 = {{ ipv4 }}
settings-dir = ${gateone-dir:conf}
wrapper-path = ${directory:bin}/gateone-configure
# XXX- issue with dtach=true, we set --dtach=false
command =
{{ parameter_dict['gateone-bin'] }} --address=${:ipv4} --port=${:port} --certificate=${gateone-dir:ssl}/certificate.pem --keyfile=${gateone-dir:ssl}/keyfile.pem --cache_dir=${gateone-dir:cache} --pid_file=${directory:run}/gateone.pid --session_dir=${gateone-dir:sessions} --settings_dir=${:settings-dir} --user_dir=${gateone-dir:users} --log_file_prefix=${gateone-dir:log-prefix} --origins=${:ipv4} --logging=info --dtach=false
#--gid=1012 --uid=987
command-line =
${:command} --configure
environment =
PATH={{ bin_directory }}:{{ openssl_location }}/bin:{{ parameter_dict['dtach-location'] }}/bin:/usr/local/bin:/usr/bin:/bin
LD_LIBRARY_PATH={{ parameter_dict['readline-location'] }}/lib
[gateone-run]
recipe = slapos.cookbook:wrapper
port = 10443
ipv6 = {{ ipv6 }}
ipv4 = {{ ipv4 }}
wrapper-path = ${directory:services}/gateone
command-line = ${gateone-configure:command}
environment =
PATH={{ bin_directory }}:{{ openssl_location }}/bin:{{ parameter_dict['dtach-location'] }}/bin:/usr/local/bin:/usr/bin:/bin
LD_LIBRARY_PATH={{ parameter_dict['readline-location'] }}/lib
HOME=${buildout:directory}
PWD=${gateone-dir:gateone}
# --cookie_secret 45-characters
# --uid needs to be set for slapos
# --origins=${:ipv4};${:ipv6}
[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = {{ openssl_location }}/bin/openssl
ca-dir = ${directory:ca-dir}
requests-directory = ${directory:requests}
wrapper = ${directory:services}/certificate_authority
ca-private = ${directory:private}
ca-certs = ${directory:certs}
ca-newcerts = ${directory:newcerts}
ca-crl = ${directory:crl}
[ca-nginx]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = ${directory:certs}/nginx.key
cert-file = ${directory:certs}/nginx.crt
executable = ${nginx-run:wrapper-path}
wrapper = ${directory:services}/nginx-proxy
[tempdirectory]
recipe = slapos.cookbook:mkdirectory
client_body_temp_path = ${directory:tmp}/client_body_temp_path
proxy_temp_path = ${directory:tmp}/proxy_temp_path
fastcgi_temp_path = ${directory:tmp}/fastcgi_temp_path
uwsgi_temp_path = ${directory:tmp}/uwsgi_temp_path
scgi_temp_path = ${directory:tmp}/scgi_temp_path
[nginx-config-dict]
nb_workers = 2
ipv6 = {{ ipv6 }}
ipv4 = {{ ipv4 }}
port = 10443
backend-url = https://${gateone-configure:ipv4}:${gateone-configure:port}
ssl-certificate = ${ca-nginx:cert-file}
ssl-key = ${ca-nginx:key-file}
pid = ${directory:run}/nginx.pid
log = ${directory:log}/nginx.log
access-log = ${directory:log}/nginx.access.log
error-log = ${directory:log}/nginx.error.log
tmp = $${directory:tmp}/
[nginx-conf]
recipe = slapos.recipe.template:jinja2
template = {{ parameter_dict['template-ngnix-conf'] }}
rendered = ${directory:etc}/nginx.conf
context =
section parameter_dict nginx-config-dict
section param_tempdir tempdirectory
[nginx-run]
recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:bin}/nginx_proxy
command-line = {{ parameter_dict['nginx-location'] }}/sbin/nginx -p ${buildout:directory} -c ${nginx-conf:rendered}
[logrotate-apache]
< = logrotate-entry-base
name = apache
log = ${apache-conf:error-log} ${apache-conf:access-log}
post = {{ parameter_dict['bin-directory'] }}/slapos-kill --pidfile ${apache-conf:pid-file} -s USR1
[logrotate-entry-base]
recipe = slapos.cookbook:logrotate.d
logrotate-entries = ${logrotate:logrotate-entries}
backup = ${logrotate:backup}
[publish]
recipe = slapos.cookbook:publish
url = https://[${nginx-config-dict:ipv6}]:${gateone-run:port}
[buildout]
extends =
{{ logrotate_cfg }}
parts =
certificate-authority
ca-nginx
publish
# Complete parts with sections
{{ part_list | join('\n ') }}
eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}
offline = true
[slap-parameter]
[buildout]
parts =
cron-entry-logrotate
[cron]
recipe = slapos.cookbook:cron
cron-entries = ${logrotate-directory:cron-entries}
dcrond-binary = {{ dcron_location }}/sbin/crond
crontabs = ${logrotate-directory:crontabs}
cronstamps = ${logrotate-directory:cronstamps}
catcher = ${cron-simplelogger:wrapper}
binary = ${logrotate-directory:services}/crond
[cron-simplelogger]
recipe = slapos.cookbook:simplelogger
wrapper = ${logrotate-directory:bin}/cron_simplelogger
log = ${logrotate-directory:log}/cron.log
[logrotate]
recipe = slapos.cookbook:logrotate
logrotate-entries = ${logrotate-directory:logrotate-entries}
backup = ${logrotate-directory:logrotate-backup}
logrotate-binary = {{ logrotate_location }}/usr/sbin/logrotate
gzip-binary = {{ gzip_location }}/bin/gzip
gunzip-binary = {{ gzip_location }}/bin/gunzip
wrapper = ${logrotate-directory:bin}/logrotate
conf = ${logrotate-directory:etc}/logrotate.conf
state-file = ${logrotate-directory:srv}/logrotate.status
[cron-entry-logrotate]
recipe = slapos.cookbook:cron.d
cron-entries = ${cron:cron-entries}
name = logrotate
frequency = 0 0 * * *
command = ${logrotate:wrapper}
[logrotate-directory]
recipe = slapos.cookbook:mkdirectory
cron-entries = ${:etc}/cron.d
cronstamps = ${:etc}/cronstamps
crontabs = ${:etc}/crontabs
logrotate-backup = ${:backup}/logrotate
logrotate-entries = ${:etc}/logrotate.d
bin = ${buildout:directory}/bin
srv = ${buildout:directory}/srv
backup = ${:srv}/backup
etc = ${buildout:directory}/etc
services = ${:etc}/service
log = ${buildout:directory}/var/log
[buildout]
parts = switch-softwaretype
eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}
[slap-configuration]
recipe = slapos.cookbook:slapconfiguration.serialised
computer = ${slap-connection:computer-id}
partition = ${slap-connection:partition-id}
url = ${slap-connection:server-url}
key = ${slap-connection:key-file}
cert = ${slap-connection:cert-file}
[jinja2-template-base]
recipe = slapos.recipe.template:jinja2
rendered = ${buildout:parts-directory}/${:_buildout_section_name_}/${:filename}
extra-context =
context =
key develop_eggs_directory buildout:develop-eggs-directory
key eggs_directory buildout:eggs-directory
key ipv6_set slap-configuration:ipv6
key ipv4_set slap-configuration:ipv4
key slapparameter_dict slap-configuration:configuration
key computer_id slap-configuration:computer
raw logrotate_cfg {{ template_logrotate_base }}
raw dash_binary {{ dash_location }}/bin/dash
raw bin_directory {{ bin_directory }}
raw openssl_location {{ openssl_location }}
${:extra-context}
[dynamic-template-gateone-parameters]
bin-directory = {{ bin_directory }}
#python-executable =
readline-location = {{ readline_location }}
dtach-location = {{ dtach_location }}
gateone-location = {{ gateone_location}}
gateone-bin = {{ gateone_bin }}
nginx-location = {{ nginx_location}}
template-ngnix-conf = {{ template_nginx_conf }}
[dynamic-template-gateone]
< = jinja2-template-base
template = {{ template_gateone }}
filename = instance-gateone.cfg
extensions = jinja2.ext.do
extra-context =
section parameter_dict dynamic-template-gateone-parameters
[switch-softwaretype]
recipe = slapos.cookbook:softwaretype
default = ${dynamic-template-gateone:rendered}
gateone = ${:default}
[buildout]
extends =
../../component/dash/buildout.cfg
../../component/git/buildout.cfg
../../component/dcron/buildout.cfg
../../component/gzip/buildout.cfg
../../component/openssl/buildout.cfg
../../component/logrotate/buildout.cfg
../../component/kerberos/buildout.cfg
../../component/python-kerberos/buildout.cfg
../../component/gateone/buildout.cfg
../../component/dtach/buildout.cfg
../../component/python-2.7/buildout.cfg
../../component/nginx/buildout.cfg
../../stack/slapos.cfg
parts =
slapos-cookbook
kerberos
eggs
gateone-develop
gateone
dash
check-recipe
template
[eggs]
recipe = zc.recipe.egg
eggs =
${lxml-python:egg}
${python-cryptography:egg}
${python-kerberos:egg}
tornado
scripts =
slapos-kill
[extra-eggs]
recipe = zc.recipe.egg
interpreter = python
eggs =
${lxml-python:egg}
${python-kerberos:egg}
tornado
gateone
setuptools
pyOpenSSL
futures
[slapos.cookbook-repository]
recipe = slapos.recipe.build:gitclone
repository = http://git.erp5.org/repos/slapos.git
branch = re6st-master
git-executable = ${git:location}/bin/git
[download-base]
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/${:filename}
mode = 644
[template-jinja2-base]
recipe = slapos.recipe.template:jinja2
template = ${:_profile_base_location_}/${:filename}.in
rendered = ${buildout:directory}/${:filename}
# XXX: extra-context is needed because we cannot append to a key of an extended
# section.
extra-context =
context =
key bin_directory buildout:bin-directory
key develop_eggs_directory buildout:develop-eggs-directory
key eggs_directory buildout:eggs-directory
${:extra-context}
[template]
< = template-jinja2-base
filename = template.cfg
template = ${:_profile_base_location_}/instance.cfg.in
md5sum = 428669a609aca3e0a7cae1387d332a75
extra-context =
key dash_location dash:location
key dtach_location dtach:location
key gateone_location gateone-repository:location
key logrotate_location logrotate:location
key nginx_location nginx:location
key openssl_location openssl:location
key readline_location readline:location
key template_nginx_conf template-nginx-conf:target
key template_logrotate_base template-logrotate-base:rendered
key template_gateone template-gateone:target
raw gateone_bin ${buildout:bin-directory}/gateone
raw python_with_eggs ${buildout:directory}/bin/${extra-eggs:interpreter}
[template-gateone]
< = download-base
filename = instance-gateone.cfg.in
md5sum = e7096a17c36c3bd27a011de57b7abfc1
[template-logrotate-base]
< = template-jinja2-base
filename = instance-logrotate-base.cfg
md5sum = f28fbd310944f321ccb34b2a34c82005
extra-context =
key dcron_location dcron:location
key gzip_location gzip:location
key logrotate_location logrotate:location
[template-nginx-conf]
< = download-base
url = ${:_profile_base_location_}/templates/${:filename}.in
filename = nginx.conf
md5sum = 72f4cc110f618b317793e21124f45121
[check-recipe]
recipe = plone.recipe.command
stop-on-error = true
update-command = ${:command}
command =
grep parts ${buildout:develop-eggs-directory}/gateone.egg-link
[versions]
\ No newline at end of file
worker_processes {{ parameter_dict['nb_workers'] }};
pid {{ parameter_dict['pid'] }};
error_log {{ parameter_dict['error-log'] }};
daemon off;
events {
worker_connections 1024;
accept_mutex off;
}
http {
default_type application/octet-stream;
access_log {{ parameter_dict['access-log'] }} combined;
client_max_body_size 10M;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen [{{ parameter_dict['ipv6'] }}]:{{ parameter_dict['port'] }} ssl;
server_name _;
ssl_certificate {{ parameter_dict['ssl-certificate'] }};
ssl_certificate_key {{ parameter_dict['ssl-key'] }};
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
keepalive_timeout 90s;
client_body_temp_path {{ param_tempdir['client_body_temp_path'] }};
proxy_temp_path {{ param_tempdir['proxy_temp_path'] }};
fastcgi_temp_path {{ param_tempdir['fastcgi_temp_path'] }};
uwsgi_temp_path {{ param_tempdir['uwsgi_temp_path'] }};
scgi_temp_path {{ param_tempdir['scgi_temp_path'] }};
error_page 401 /login;
location / {
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass {{ parameter_dict['backend-url'] }};
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
}
\ No newline at end of file
#!{{ python_executable }}
"""Simple web-server that says "Hello World" for every path
hello-web [--logfile <logfile>] <bind-ip> <bind-port> ...
"""
import sys
import time
import argparse
from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer
from socket import AF_INET6
class WebHello(BaseHTTPRequestHandler):
def do_GET(self):
self.send_response(200) # ok
self.send_header("Content-type", "text/plain")
self.end_headers()
print >>self.wfile, \
"Hello %s at `%s` ; %s" % (
' '.join(self.server.webhello_argv) or 'world',
self.path, time.asctime())
class HTTPServerV6(HTTPServer):
address_family = AF_INET6
def main():
parser = argparse.ArgumentParser()
parser.add_argument('--logfile', dest='logfile')
parser.add_argument('bind_ip')
parser.add_argument('bind_port', type=int)
parser.add_argument('argv_extra', metavar='...', nargs=argparse.REMAINDER)
args = parser.parse_args()
# HTTPServer logs to sys.stderr - override it if we have --logfile
if args.logfile:
f = open(args.logfile, 'a', buffering=1)
sys.stderr = f
print >>sys.stderr, '* %s Hello-Web starting at %s' % (
time.asctime(), (args.bind_ip, args.bind_port))
# TODO autodetect ipv6/ipv4
httpd = HTTPServerV6( (args.bind_ip, args.bind_port), WebHello)
httpd.webhello_argv = args.argv_extra
httpd.serve_forever()
if __name__ == '__main__':
main()
......@@ -7,6 +7,7 @@
parts =
directory
hello-world
hello-world-promise
publish-connection-parameter
# Define egg directories to be the one from Software Release
......@@ -58,23 +59,48 @@ promise = $${:etc}/promise/
# Path of the log directory used by our service (see [hello-world])
log = $${:var}/log
# Create a simple shell script that will only output your name if you
# specified it as instance parameter.
# Usually, of course, we use more useful commands, like web servers.
# Create a simple web server that says "hello <configuration.name>" to the web.
[hello-world]
# helloworld service is listening on:
# - global IPv6 address, and
# - fixed port
#
# NOTE because every computer partition is allocated its own global IPv6
# address, it is ok to fix the port - different hello-world instances will have
# different IPv6 addresses and they all will be accessible at the same time.
ipv6 = $${instance-parameter:ipv6-random}
port = 7777
# full URL - for convenience
url = http://[$${:ipv6}]:$${:port}
# the service will log here
logfile = $${directory:log}/hello-world.log
# Actual script that starts the service:
# This recipe will try to "exec" the command-line after separating parameters.
recipe = slapos.cookbook:wrapper
# Notice that there is only one $ at ${dash:location}, it is because it comes from the Software Release buildout profile.
command-line = ${dash:location}/bin/dash -c 'echo "Hello $${instance-parameter:configuration.name}, it is $(date). If I were a server application, you would reach me at $${instance-parameter:global-ipv6}" > $${directory:log}/log.log; sleep 1000000;'
command-line =
${hello-web-bin:rendered} --logfile $${hello-world:logfile}
$${:ipv6} $${:port} $${instance-parameter:configuration.name}
# Put this shell script in the "etc/service" directory. Each executable of this
# repository will be started and monitored by supervisord. If a service
# exits/crashes, it will trigger a "bang" and cause a re-run of the instance.
wrapper-path = $${directory:service}/hello-world
# promise, that checks that hello-world service is alive
[hello-world-promise]
recipe = slapos.cookbook:check_port_listening
path = $${directory:promise}/hello-world
hostname= $${hello-world:ipv6}
port = $${hello-world:port}
# Publish all the parameters needed for the user to connect to the instance.
# It can be anything: URL(s), password(s), or arbitrary parameters.
# Here we'll just echo back the entered name as instance parameter
[publish-connection-parameter]
recipe = slapos.cookbook:publish
name = Hello $${instance-parameter:configuration.name}!
url = $${hello-world:url}
......@@ -6,9 +6,10 @@ extends =
../../stack/slapos.cfg
# Extend here component profiles, like openssl, apache, mariadb, curl...
# Or/and extend a stack (lamp, tomcat) that does most of the work for you
# In this example we only need the dash binary to run a simple "hello world"
# shell script.
../../component/dash/buildout.cfg
# In this example we don't need anything more than python which is provided by
# above stack/slapos.cfg
# ../../component/component1/buildout.cfg
# ../../component/component2/buildout.cfg
parts =
# Call installation of slapos.cookbook egg defined in stack/slapos.cfg (needed
......@@ -18,6 +19,10 @@ parts =
# instance
instance-profile
# "build" python program (install + correct shebang for our python)
hello-web-bin
# Download instance.cfg.in (buildout profile used to deployment of instance),
# replace all ${foo:bar} parameters by real values, and change $${foo:bar} to
# ${foo:bar}
......@@ -26,5 +31,23 @@ recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance.cfg.in
output = ${buildout:directory}/instance.cfg
# MD5 checksum can be skipped for development (easier to develop), but must be filled for production
md5sum = 1fea8a474f3b2eb7847685659441a3f9
md5sum = 968bea0fc81dc604a874c53648b7d13f
mode = 0644
# install hello-web with correct python_executable
[hello-web-bin]
recipe = slapos.recipe.template:jinja2
filename = hello-web
md5sum = da4a93ff679d40c6682859476dcf4ce0
template = ${:_profile_base_location_}/${:filename}.in
rendered = ${buildout:bin-directory}/${:filename}
mode = 0755
# XXX python_executable should be ${${buildout:python}:executable}
# but buildout cannot support such indirection.
#
# in real-cases, python software is usually installed with zc.recipe.egg
# which cares about correctly specifiing python interpreter for
# entry-points automatically.
context =
raw python_executable ${buildout:executable}
......@@ -48,4 +48,4 @@ PyRSS2Gen = 1.1
cns.recipe.symlink = 0.2.3
collective.recipe.template = 1.11
plone.recipe.command = 1.1
slapos.recipe.template = 2.6
slapos.recipe.template = 2.7
[buildout]
parts =
instance
publish-connection-parameter
## Monitoring part XXX whe should not have to specify all parts like this
## Parts to add for monitoring
certificate-authority
cron
cron-entry-monitor
cron-entry-rss
deploy-index
deploy-settings-cgi
deploy-status-cgi
deploy-status-history-cgi
setup-static-files
certificate-authority
zero-parameters
public-symlink
cgi-httpd-wrapper
cgi-httpd-graceful-wrapper
monitor-promise
monitor-instance-log-access
## Monitor for ipython
monitor-current-log-access
monitor-deploy-set-password-cgi
extends = ${monitor-template:output}
eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true
[slapconfiguration]
recipe = slapos.cookbook:slapconfiguration
computer = $${slap_connection:computer_id}
partition = $${slap_connection:partition_id}
url = $${slap_connection:server_url}
key = $${slap_connection:key_file}
cert = $${slap_connection:cert_file}
[instance-parameter]
port = 8888
host = $${slapconfiguration:ipv6-random}
cert_file = $${generate-certificate:cert_file}
key_file = $${generate-certificate:key_file}
logfile = $${directory:log}/ipython_notebook.log
notebook_dir = $${directory:notebook_dir}
[generate-certificate]
; TODO: there is a slapos recipe to generate certificates. Use it instead
recipe = plone.recipe.command
command =
if [ ! -e $${instance-parameter:key_file} ]
then
${openssl-output:openssl} req -x509 -nodes -days 3650 \
-subj "/C=AA/ST=X/L=X/O=Dis/CN=$${instance-parameter:host}" \
-newkey rsa:1024 -keyout $${instance-parameter:key_file} \
-out $${instance-parameter:cert_file}
fi
update-command = $${:command}
cert_file = $${directory:etc}/ipython_notebook_cert.crt
key_file = $${directory:etc}/ipython_notebook_cert.key
[instance]
recipe = slapos.cookbook:wrapper
command-line =
${buildout:bin-directory}/ipython notebook
--no-browser
--matplotlib=inline
--ip=$${instance-parameter:host}
--port=$${instance-parameter:port}
--port-retries=0
--certfile=$${instance-parameter:cert_file}
--keyfile=$${instance-parameter:key_file}
--notebook-dir=$${instance-parameter:notebook_dir}
--logfile=$${instance-parameter:logfile}
--config=$${ipython_notebook_config:rendered}
wrapper-path = $${directory:service}/ipython_notebook
parameters-extra = true
[ipython_notebook_config]
recipe = slapos.recipe.template:jinja2
template = ${ipython_notebook_config:location}/${ipython_notebook_config:filename}
rendered = $${directory:etc}/ipython_notebook_config.py
mode = 0744
context =
raw config_cfg $${buildout:directory}/knowledge0.cfg
[monitor-current-log-access]
< = monitor-directory-access
source = $${instance-parameter:logfile}
[monitor-deploy-set-password-cgi]
recipe = slapos.recipe.template:jinja2
template = ${ipython_notebook_set_password:location}/${ipython_notebook_set_password:filename}
rendered = $${monitor-directory:knowledge0-cgi}/$${:filename}
filename = ipython-notebook-password.cgi
mode = 0744
context =
raw config_cfg $${buildout:directory}/knowledge0.cfg
raw python_executable ${buildout:bin-directory}/ipython
key pwd monitor-directory:knowledge0-cgi
key this_file :filename
key httpd_graceful cgi-httpd-graceful-wrapper:rendered
[directory]
recipe = slapos.cookbook:mkdirectory
home = $${buildout:directory}
etc = $${:home}/etc
var = $${:home}/var
script = $${:etc}/run/
service = $${:etc}/service
promise = $${:etc}/promise/
log = $${:var}/log
notebook_dir = $${:var}/notebooks
[publish-connection-parameter]
recipe = slapos.cookbook:publish
url = https://[$${instance-parameter:host}]:$${instance-parameter:port}
monitor_url = $${monitor-parameters:url}
[buildout]
versions = versions
extends =
../../stack/slapos.cfg
../../stack/monitor/buildout.cfg
../../component/ipython/buildout.cfg
../../component/scipy/buildout.cfg
../../component/scikit-learn/buildout.cfg
../../component/pandas/buildout.cfg
../../component/manpy/buildout.cfg
../../component/openssl/buildout.cfg
parts =
monitor-eggs
slapos-cookbook
ipython_notebook
ipython_notebook_set_password
instance
[ipython_notebook]
; In the ipython notebook software, we use more eggs than in the minimal
; ipython notebook component
eggs +=
${scipy:egg}
${pandas:egg}
${scikit-learn:egg}
${manpy:eggs}
initialization +=
${manpy:initialization}
[ipython_notebook_config]
recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/template/${:filename}
download-only = true
md5sum = a5bc4ee8539109d1de7ab33b4c2c97ea
destination = ${buildout:parts-directory}/${:_buildout_section_name_}
filename = ipython_notebook_config.jinja
mode = 0644
[ipython_notebook_set_password]
recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/template/${:filename}
download-only = true
md5sum = d7d4a7e19d55bf14007819258bf42100
destination = ${buildout:parts-directory}/${:_buildout_section_name_}
filename = ipython_set_password.jinja
mode = 0644
[instance]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance.cfg
output = ${buildout:directory}/instance.cfg
[versions]
PyRSS2Gen = 1.1
Pygments = 2.0.2
cns.recipe.symlink = 0.2.3
ipython = 3.1.0
matplotlib = 1.4.3
mistune = 0.5.1
nose = 1.3.6
pandas = 0.16.0
plone.recipe.command = 1.1
pyzmq = 14.6.0
scikit-learn = 0.16.1
scipy = 0.15.1
simpy = 3.0.7
slapos.recipe.template = 2.7
terminado = 0.5
tornado = 4.1
# Required by:
# dream==0.0.1
MySQL-python = 1.2.5
# Required by:
# tornado==4.1
backports.ssl-match-hostname = 3.4.0.2
# Required by:
# tornado==4.1
certifi = 2015.4.28
# Required by:
# matplotlib==1.4.3
mock = 1.0.1
# Required by:
# dream==0.0.1
numpy = 1.9.2
# Required by:
# terminado==0.5
ptyprocess = 0.4
# Required by:
# dream==0.0.1
pydot = 1.0.28
# Required by:
# matplotlib==1.4.3
# pandas==0.16.0
python-dateutil = 2.4.2
# Required by:
# dream==0.0.1
rpy2 = 2.5.6
# Required by:
# rpy2==2.5.6
singledispatch = 3.4.0.3
# Required by:
# dream==0.0.1
tablib = 0.10.0
# Required by:
# dream==0.0.1
xlrd = 0.9.3
# Required by:
# dream==0.0.1
xlwt = 1.0.0
# Required by:
# dream==0.0.1
zope.dottedname = 4.1.0
\ No newline at end of file
import ConfigParser
knowledge_0 = '{{ config_cfg }}'
c = get_config()
parser = ConfigParser.ConfigParser()
parser.read(knowledge_0)
if parser.has_option("ipython_notebook", "password"):
c.NotebookApp.password = parser.get("ipython_notebook", "password")
#!{{ python_executable }}
import cgi
import cgitb
import ConfigParser
import os
import re
import subprocess
from IPython.lib import passwd
#cgitb.enable(display=0, logdir="/tmp/cgi.log")
cgitb.enable()
form = cgi.FieldStorage()
config_file = "{{ config_cfg }}"
if not os.path.exists(config_file):
print "Your software does <b>not</b> embed 0-knowledge. \
This interface is useless in this case</body></html>"
exit(0)
parser = ConfigParser.ConfigParser()
parser.read(config_file)
if not parser.has_section("ipython_notebook"):
parser.add_section("ipython_notebook")
if not parser.has_option("ipython_notebook", "password"):
parser.set("ipython_notebook", "password", "")
if "password" in form:
parser.set("ipython_notebook", "password", passwd(form["password"].value))
# subprocess.call('{{ httpd_graceful }}')
# TODO: we should restart ipython
with open(config_file, 'w') as file:
parser.write(file)
# TODO cleanup
print "<html><head>"
print "<link rel=\"stylesheet\" href=\"static/pure-min.css\">"
print "<link rel=\"stylesheet\" href=\"static/style.css\">"
print "</head><body>"
print "<h1>IPython Notebook Password :</h1>"
print "<form action=\"/index.cgi\" method=\"post\" class=\"pure-form-aligned\">"
print "<input type=\"hidden\" name=\"posting-script\" value=\"{{ pwd }}/{{ this_file }}\">"
print """<div class="pure-control-group">
<label for="password">Password*:</label>
<input placeholder="Set your password" type="password" name="password" id="password"></br>
</div><div class="pure-control-group">
<label for="password">Verify Password*:</label>
<input placeholder="Verify password" type="password" name="password_2" id="password_2"></br>
</div><p id="validate-status" style="color:red"></p>
<div class="pure-controls">
<button id="register-button" type="submit" class="pure-button pure-button-primary" disabled>Access</button></div>
</form>
<script type="text/javascript" src="static/jquery-1.10.2.min.js"></script>
<script type="text/javascript" src="static/monitor-register.js"></script>
</body></html>
"""
......@@ -11,6 +11,7 @@ extends =
../../component/noVNC/buildout.cfg
../../component/openssl/buildout.cfg
../../component/dcron/buildout.cfg
../../component/netcat/buildout.cfg
../../stack/slapos.cfg
../../stack/nodejs.cfg
../../stack/resilient/buildout.cfg
......@@ -49,6 +50,7 @@ eggs =
erp5.util
cns.recipe.symlink
collective.recipe.template
plone.recipe.command
[http-proxy]
# https://github.com/nodejitsu/node-http-proxy
......@@ -85,7 +87,7 @@ command =
[template]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance.cfg.in
md5sum = d2413a9d4978092e939418748585bbb3
md5sum = cf67212d3155767d0d0d8a6d75d2d8ad
output = ${buildout:directory}/template.cfg
mode = 0644
......@@ -93,7 +95,7 @@ mode = 0644
recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/instance-kvm.cfg.jinja2
mode = 644
md5sum = 5506e1df6ba32c6ead647636ebece79e
md5sum = 3e3354844b2052609e3c49eca03b607e
download-only = true
on-update = true
......@@ -101,7 +103,7 @@ on-update = true
recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/instance-kvm-cluster.cfg.jinja2.in
mode = 644
md5sum = 214c46a9aa7605951b8a1f98572dac28
md5sum = cc72d7b89d8b474d7b4f2c9319b385d5
download-only = true
on-update = true
......@@ -165,3 +167,33 @@ url = ${:_profile_base_location_}/instance-frontend.cfg.in
md5sum = cdb690495e9eb007d2b7d2f8e12f5c59
output = ${buildout:directory}/template-frontend.cfg
mode = 0644
[template-apache-conf]
recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/template/apache.conf.in
mode = 644
filename = apache.conf.in
md5sum = 91f05377aff35ffbac7f2687e90b5dcc
download-only = true
on-update = true
[template-content]
recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/template/template-content.in
mode = 644
filename = template-content.in
md5sum = 47d492dafe5cb314bdc49bf013d21ead
download-only = true
on-update = true
[template-httpd]
recipe = slapos.recipe.template:jinja2
filename = template-httpd.cfg
template = ${:_profile_base_location_}/instance-kvm-http.cfg.in
rendered = ${buildout:parts-directory}/${:_buildout_section_name_}/instance-kvm-http.cfg
md5sum = 84b96dfc78e8d2611bf7210b8b6bb9c5
context =
key apache_location apache:location
raw template_apache_conf ${template-apache-conf:location}/${template-apache-conf:filename}
[buildout]
parts =
httpd
httpd-promise
[directory]
recipe = slapos.cookbook:mkdirectory
etc = ${buildout:directory}/etc
bin = ${buildout:directory}/bin
srv = ${buildout:directory}/srv
public = ${:srv}/public/
log = ${:var}/log
services = ${:etc}/service
promises = ${:etc}/promise
run = ${:var}/run
[apache-conf]
recipe = slapos.recipe.template:jinja2
template = {{ template_apache_conf }}
rendered = ${directory:etc}/apache.conf
#ipv6 = ${slap-network-information:global-ipv6}
ipv4 = ${slap-network-information:local-ipv4}
port = ${slap-parameter:httpd-port}
error-log = ${directory:log}/apache-error.log
access-log = ${directory:log}/apache-access.log
pid-file = ${directory:run}/apache.pid
index = ${directory:public}
context =
key port :port
key ip :ipv4
key access_log :access-log
key error_log :error-log
key pid_file :pid-file
key index_folder :index
[httpd]
recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:services}/httpd
command-line = "{{ apache_location }}/bin/httpd" -f "${apache-conf:rendered}" -DFOREGROUND
[httpd-promise]
recipe = slapos.cookbook:check_port_listening
path = ${directory:promises}/apache-httpd
hostname = ${apache-conf:ipv4}
port = ${apache-conf:port}
\ No newline at end of file
......@@ -19,7 +19,7 @@
"type": "integer",
"default": 10,
"minimum": 1,
"maximum": 80
"maximum": 1000
},
"disk-type": {
"title": "Disk type",
......@@ -36,6 +36,16 @@
"minimum": 1,
"maximum": 8
},
"cpu-options": {
"title": "Additional options (cores, threads, sockets, maxcpus) to use with cpu-count.",
"description": "Additional options to use with cpu-count. Options are separated by coma: [cores=cores][,threads=threads][,sockets=sockets][,maxcpus=maxcpus]. Only set this option if you really know what you're doing.",
"type": "string"
},
"numa": {
"title": "Simulate a multi node NUMA system. If mem and cpus are omitted, resources are split equally.",
"description": "Simulate a multi node NUMA system. If mem and cpus are omitted, resources are split equally. Each numa option are separated by space: node,nodeid=4,cpus=40-49,mem=64g node,nodeid=1,cpus=10-19,mem=128g. Only set this option if you really know what you're doing.",
"type": "string"
},
"nbd-host": {
"title": "NBD hostname",
......@@ -90,17 +100,23 @@
"description": "Specify the number of additional disk to create for virtual machine in data folder of SlapOS Node. Requires instance_storage_home to be configured on SlapOS Node.",
"type": "integer",
"minimum": 0,
"maximum": 4,
"default": 0
},
"external-disk-size": {
"title": "Number of additional disk to create for virtual machine, in Gigabytes",
"description": "Specify the number of additional disk to create for virtual machine in data folder of SlapOS Node. Requires instance_storage_home to be configured on SlapOS Node.",
"type": "integer",
"minimum": 10,
"maximum": 100,
"minimum": 5,
"maximum": 1000,
"default": 20
},
"external-disk-format": {
"title": "Type of external disk drive to create by QEMU.",
"description": "Type of QEMU disk drive, to create.",
"type": "string",
"default": "qcow2",
"enum": ["qcow2", "raw", "vdi", "vmdk", "cloop"]
},
"use-tap": {
"title": "Use QEMU TAP network interface",
......@@ -119,6 +135,11 @@
"description": "List of rules for NAT of QEMU user mode network stack, as comma-separated list of ports. For each port specified, it will redirect port x of the VM (example: 80) to the port x + 10000 of the public IPv6 (example: 10080). Defaults to \"22 80 443\". Ignored if \"use-tap\" parameter is enabled.",
"type": "string"
},
"authorized-key": {
"title": "Public keys to get from all virtual machines.",
"description": "Set the public keys to add in your virtual machine. Keys are separated with '##'. The public key file will be available in the VM via url http://10.0.2.100/authorized_keys if you keep the NAT interface enabled",
"type": "string"
},
"frontend-instance-guid": {
"title": "Frontend Instance ID",
"description": "Unique identifier of the frontend instance, like \"SOFTINST-11031\".",
......
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment