Merge remote-tracking branch 'origin/master' into erp5-cluster

component/kumo/buildout.cfg

@@ -22,12 +22,21 @@ filename = kumofs-0.4.13_ipv6support_multiiplistenfix.patch
 md5sum = 53af9f1f1375940841c589a6cbe11425
 download-only = true
 
+[kumo-gcc-4.9-ftbfs-download]
+recipe = hexagonit.recipe.download
+url = ${:_profile_base_location_}/${:filename}
+filename = kumofs-0.4.13_fix_gcc-4.9_ftbfs.patch
+md5sum = c09e04c620ce11c3fdd4afc3459cd355
+download-only = true
+
 [kumo]
 pre-configure-hook = ${kumo-hooks-download:location}/${kumo-hooks-download:filename}:pre_configure_hook
 recipe = erp5.recipe.cmmiforcei686
 url = https://github.com/downloads/etolabo/kumofs/kumofs-0.4.13.tar.gz
 md5sum = 46148e9536222d0ad2ef36777c55714d
-patches = ${kumo-ipv6-multiip-patch-download:location}/${kumo-ipv6-multiip-patch-download:filename}
+patches =
+  ${kumo-ipv6-multiip-patch-download:location}/${kumo-ipv6-multiip-patch-download:filename}
+  ${kumo-gcc-4.9-ftbfs-download:location}/${kumo-gcc-4.9-ftbfs-download:filename}
 patch-options = -p1
 configure-options =
   --enable-tcadb

component/kumo/kumofs-0.4.13_fix_gcc-4.9_ftbfs.patch

+--- kumofs-0.4.13/src/logic/gateway/mod_store.cc	2010-12-14 12:42:27.000000000 +0900
++++ kumofs-0.4.13/src/logic/gateway/mod_store.cc	2014-07-24 09:56:52.445251606 +0900
+@@ -262,19 +262,19 @@
+ #define GATEWAY_CATCH(NAME, response_type) \
+ catch (msgpack::type_error& e) { \
+ 	LOG_ERROR(#NAME " FAILED: type error"); \
+-	response_type res; \
+-	res.error = 1; \
+-	try { (*callback)(user, res, z); } catch (...) { } \
++	response_type r; \
++	r.error = 1; \
++	try { (*callback)(user, r, z); } catch (...) { } \
+ } catch (std::exception& e) { \
+ 	LOG_WARN(#NAME " FAILED: ",e.what()); \
+-	response_type res; \
+-	res.error = 1; \
+-	try { (*callback)(user, res, z); } catch (...) { } \
++	response_type r; \
++	r.error = 1; \
++	try { (*callback)(user, r, z); } catch (...) { } \
+ } catch (...) { \
+ 	LOG_WARN(#NAME " FAILED: unknown error"); \
+-	response_type res; \
+-	res.error = 1; \
+-	try { (*callback)(user, res, z); } catch (...) { } \
++	response_type r; \
++	r.error = 1; \
++	try { (*callback)(user, r, z); } catch (...) { } \
+ }
+ 
+ 

component/powerdns/buildout.cfg

+[buildout]
+extends =
+  ../autoconf/buildout.cfg
+  ../automake/buildout.cfg
+  ../bison/buildout.cfg
+  ../flex/buildout.cfg
+  ../gcc/buildout.cfg
+  ../git/buildout.cfg
+  ../boost-lib/buildout.cfg
+  ../libtool/buildout.cfg
+  ../make/buildout.cfg
+  ../mariadb/buildout.cfg
+  ../pkgconfig/buildout.cfg
+  ../ragel/buildout.cfg
+  ../zlib/buildout.cfg
+
+parts =
+  powerdns
+
+[powerdns]
+recipe = slapos.recipe.cmmi
+url = http://downloads.powerdns.com/releases/pdns-3.3.1.tar.gz
+md5sum = 074e2ff211fd12ecad25b5c1cc190dd4
+configure-options =
+  --prefix=${buildout:parts-directory}/${:_buildout_section_name_}
+  --with-modules="geo"
+  --with-dynmodules=""
+  --without-lua
+environment =
+  PATH=${make:location}/bin:${libtool:location}/bin:${pkgconfig:location}/bin:${bison:location}/bin:${flex:location}/bin:${git:location}/bin:${ragel:location}/bin:%(PATH)s
+  LDFLAGS = -L${boost-lib:location}/lib -Wl,-rpath=${boost-lib:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -lz
+  CPPFLAGS=-I${boost-lib:location}/include
+make-target =
+  install

component/ragel/buildout.cfg

+[buildout]
+extends =
+  ../../component/gcc/buildout.cfg
+  ../../component/make/buildout.cfg
+
+parts =
+  ragel
+
+[ragel]
+recipe = slapos.recipe.cmmi
+url = http://www.complang.org/ragel/ragel-6.8.tar.gz
+md5sum = 1bb39745ac23da449019f9f2cb4b0d01
+configure-options =
+  --prefix=${buildout:parts-directory}/${:_buildout_section_name_}
+environment =
+  PATH=${make:location}/bin:%(PATH)s
+make-target =
+  
+  install

slapos/recipe/erp5testnode/template/erp5testnode.cfg.in

@@ -21,9 +21,7 @@ server_url = %(server_url)s
 
 # Binaries
 git_binary = %(git_binary)s
-slapgrid_partition_binary = %(slapgrid_partition_binary)s
-slapgrid_software_binary = %(slapgrid_software_binary)s
-slapproxy_binary = %(slapproxy_binary)s
+slapos_binary = %(slapos_binary)s
 zip_binary = %(zip_binary)s
 
 [environment]

software/apache-frontend/common.cfg

@@ -67,7 +67,7 @@ mode = 0644
 [template-apache-frontend]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance-apache-frontend.cfg
-md5sum = 5388e77d520135b7491f1aeddac5f4e0
+md5sum = 986988ed3a357f87fc023e14d87dcc5c
 output = ${buildout:directory}/template-apache-frontend.cfg
 mode = 0644
 
@@ -80,7 +80,7 @@ mode = 0644
 [template-slave-list]
 recipe = slapos.recipe.build:download
 url = ${:_profile_base_location_}/templates/apache-custom-slave-list.cfg.in
-md5sum = c896e60c95ca387a75a163d817155d98
+md5sum = 1c2a47e7e2aa58b4f350ed29ab1a98fe
 mode = 640
 
 [template-slave-configuration]

software/apache-frontend/instance-apache-frontend.cfg

@@ -175,7 +175,7 @@ extra-context =
     section logrotate_dict logrotate
     section frontend_configuration frontend-configuration
     section apache_configuration apache-configuration
-    section connection_information_dict publish-connection-informations
+    key monitor_url monitor-parameters:url
 
 [dynamic-custom-group-template-slave-list]
 < = jinja2-template-base

software/apache-frontend/templates/apache-custom-slave-list.cfg.in

@@ -237,10 +237,7 @@ private-ipv4 = {{ local_ipv4 }}
 {% if extra_slave_instance_list -%}
 slave-instance-information-list = {{ json_module.dumps(slave_instance_information_list) }}
 {% endif -%}
-{% do connection_information_dict.pop('recipe') %}
-{% for key, value in connection_information_dict.iteritems() -%}
-{{ key }} = {{ value }}
-{% endfor %}
+monitor_url = {{ monitor_url }}
 
 {% do part_list.append('cached-rewrite-rules') -%}
 [cached-rewrite-rules]

software/erp5testnode/instance-default.cfg

@@ -41,9 +41,7 @@ test-suite-master-url = $${slap-parameter:test-suite-master-url}
 instance-dict = $${slap-parameter:instance-dict}
 software-path-list = $${slap-parameter:software-path-list}
 git-binary = ${git:location}/bin/git
-slapgrid-partition-binary = ${buildout:bin-directory}/slapgrid-cp
-slapgrid-software-binary = ${buildout:bin-directory}/slapgrid-sr
-slapproxy-binary = ${buildout:bin-directory}/slapproxy
+slapos-binary = ${buildout:bin-directory}/slapos
 testnode = ${buildout:bin-directory}/testnode
 zip-binary = ${zip:location}/bin/zip
 httpd-pid-file = $${basedirectory:run}/httpd.pid

software/erp5testnode/software.cfg

@@ -193,7 +193,7 @@ buildout-versions = 1.7
 cffi = 0.8.2
 cmd2 = 0.6.7
 cryptography = 0.4
-erp5.util = 0.4.38
+erp5.util = 0.4.39
 inotifyx = 0.2.0-1
 itsdangerous = 0.24
 lxml = 3.3.5
@@ -206,7 +206,7 @@ pyOpenSSL = 0.14
 pyparsing = 2.0.2
 pytz = 2014.2
 six = 1.7.3
-slapos.core = 1.0.5
+slapos.core = 1.1.2
 slapos.libnetworkcache = 0.14.1
 slapos.recipe.build = 0.12
 slapos.recipe.cmmi = 0.2

software/powerdns/instance-powerdns-input-schema.json

+{
+  "type": "object",
+  "$schema": "http://json-schema.org/draft-04/schema",
+
+  "title": "Input Parameters",
+  "properties": {
+
+    "-dns-type": {
+      "title": "DNS Software type",
+      "description": "Software type of DNS nodes",
+      "default": "single-default",
+      "type": "string"
+    },
+
+    "-dns-software-release-url": {
+      "title": "DNS Software Release",
+      "description": "Url of the software release to be used for the nodes",
+      "default": "",
+      "type": "string"
+    },
+
+    "-dns-quantity": {
+      "title": "DNS Quantity",
+      "description": "DNS Nodes Quantity",
+      "default": 1,
+      "type": "integer"
+    },
+
+    "-dns-i-state": {
+      "title": "Requested state of node i",
+      "description": "Requested State of node i of the replication. i must inferior or equal to '-dns-quantity'",
+      "default": "started",
+      "type": "string"
+    },
+
+    "-sla-i-sla_parameter": {
+      "title": "sla_parameter used to request node i",
+      "description": "Parameter used to provide sla parameter to request dns nodes",
+      "default": "",
+      "type": "string"
+    },
+
+    "zone": {
+      "title": "Zone",
+      "description": "Zone to be handled by the DNS cluster",
+      "type": "string",
+      "default": "domain.com",
+      "pattern": "^([a-zA-Z0-9]([a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,6}$"
+    },
+
+    "server-admin": {
+      "title": "Zone Administrator Email",
+      "description": "Email of the zone administrator, it is used to generate SOA value",
+      "type": "string",
+      "default": "admin@domain.com"
+    },
+
+    "dns-name-template-string": {
+      "title": "DNS domains template string",
+      "description": "Template used to generate DNS domain name",
+      "type": "string",
+      "default": "ns%s." + zone
+    }
+  }
+}

software/powerdns/instance-powerdns-replicate.cfg.jinja2

+{% if slap_software_type in software_type -%}
+
+[jinja2-template-base]
+recipe = slapos.recipe.template:jinja2
+rendered = ${buildout:directory}/${:filename}
+extra-context =
+context =
+    import json_module json
+    key eggs_directory buildout:eggs-directory
+    key develop_eggs_directory buildout:develop-eggs-directory
+    key slap_software_type slap-parameter:slap_software_type
+    key slave_instance_list slap-parameter:slave_instance_list
+    ${:extra-context}
+
+{% set part_list = [] -%}
+{% set single_type_key = 'single-' %}
+{% if slap_software_type in ("replicate", "RootSoftwareInstance") %}
+{%   set dns_type = slapparameter_dict.pop('-dns-type', 'single-default') -%}
+{% else -%}
+{%   set dns_type = "%s%s" % (single_type_key, slap_software_type) -%}
+{% endif -%}
+{% set dns_quantity = slapparameter_dict.pop('-dns-quantity', '1') | int -%}
+{% set slave_list_name = 'extra_slave_instance_list' -%}
+{% set dns_list = [] %}
+{% set dns_domain_list = [] %}
+{% set dns_section_list = [] %}
+{% set namebase = 'powerdns' -%}
+# XXX Dirty hack, not possible to define default value before
+{% set sla_computer_powerdns_1_key = '-sla-1-computer_guid' -%}
+{% if not sla_computer_powerdns_1_key in slapparameter_dict -%}
+{%   do slapparameter_dict.__setitem__(sla_computer_powerdns_1_key, '${slap-connection:computer-id}') -%}
+{% endif -%}
+
+## DNS set up
+{% set zone = slapparameter_dict.pop('zone', 'domain.com') %}
+{% set server_admin = slapparameter_dict.pop('server-admin', 'admin@domain.com') %}
+{% set dns_name_template_string = slapparameter_dict.pop('dns-name-template-string', 'ns%s.' + zone) %}
+
+# Here we request individualy each dns.
+# The presence of sla parameters is checked and added if found
+{% for i in range(1, dns_quantity + 1) -%}
+{%   set dns_name = 'ns%s' % i -%}
+{%   set dns_domain = dns_name_template_string % i %}
+{%   set request_section_title = 'request-%s' % dns_name -%}
+{%   set sla_key = "-sla-%s-" % i -%}
+{%   set sla_key_length = sla_key | length %}
+{%   set sla_parameters = [] %}
+{%   for key in slapparameter_dict.keys() %}
+{%     if key.startswith(sla_key) %}
+{%       do sla_parameters.append(key[sla_key_length:]) %}
+{%     endif -%}
+{%   endfor -%}
+{%   do dns_list.append(dns_name) -%}
+{%   do dns_domain_list.append(dns_domain) -%}
+{%   do dns_section_list.append(request_section_title) -%}
+{%   do part_list.append(request_section_title) -%}
+
+[{{request_section_title}}]
+<= replicate
+name = {{dns_name}}
+{%   set state_key = "-dns-%s-state" % i %}
+{%   if slapparameter_dict.has_key(state_key) %}
+state = {{ slapparameter_dict.pop(state_key) }}
+{%   endif%}
+config-zone = {{ zone }}
+config-soa = {{ "%s,%s" % (dns_domain, server_admin) }}
+{%   if sla_parameters %}
+sla = {{ ' '.join(sla_parameters) }}
+{%     for parameter in sla_parameters -%}
+sla-{{ parameter }} = {{ slapparameter_dict.pop( sla_key + parameter ) }}
+{%     endfor -%}
+{%   endif -%}
+{% endfor -%}
+
+
+
+{% set ns_record = slapparameter_dict.pop('ns-record', ','.join(dns_domain_list)) %}
+[replicate]
+<= slap-connection
+recipe = slapos.cookbook:requestoptional
+{% set dns_software_url_key = "-dns-software-release-url" %}
+{% if slapparameter_dict.has_key(dns_software_url_key) %}
+software-url = {{ slapparameter_dict.pop(dns_software_url_key) }}
+{% else %}
+software-url = ${slap-connection:software-release-url}
+{% endif %}
+software-type = {{dns_type}}
+return = private-ipv4 public-ipv4 slave-instance-information-list monitor_url
+config = {{ ' '.join(slapparameter_dict.keys()) + ' zone soa server-admin ns-record ' + slave_list_name }}
+config-server-admin = {{ server_admin }}
+config-ns-record = {{ ns_record }}
+{% for parameter, value in slapparameter_dict.iteritems() -%}
+config-{{parameter}} = {{ value }}
+{% endfor -%}
+config-{{ slave_list_name }} = {{ json_module.dumps(slave_instance_list) }}
+connection-monitor_url =
+
+[publish-information]
+recipe = slapos.cookbook:publish
+domain = {{ slapparameter_dict.get('domain') }}
+slave-amount = {{ slave_instance_list | length }}
+ns-record = {{ ns_record }}
+{% for dns in dns_section_list %}
+{{ dns }}-monitor-url = {{ '${' + dns + ':connection-monitor_url}' }}
+{% endfor -%}
+
+[buildout]
+parts =
+  publish-information
+{% for part in part_list -%}
+{{ '  %s' % part }}
+{% endfor -%}
+
+eggs-directory = {{ eggs_directory }}
+develop-eggs-directory = {{ develop_eggs_directory }}
+offline = true
+
+
+[slap_connection]
+# Kept for backward compatiblity
+computer_id = ${slap-connection:computer-id}
+partition_id = ${slap-connection:partition-id}
+server_url = ${slap-connection:server-url}
+software_release_url = ${slap-connection:software-release-url}
+key_file = ${slap-connection:key-file}
+cert_file = ${slap-connection:cert-file}
+
+[slap-parameter]
+slave_instance_list =
+-dns-quantity = 1
+-dns-type = single-default
+{%- endif %}
\ No newline at end of file

software/powerdns/instance-powerdns.cfg

+{% if slap_software_type in software_type -%}
+{% set part_list =  [] %}
+
+# Create all needed directories
+[directory]
+recipe = slapos.cookbook:mkdirectory
+
+bin = $${buildout:directory}/bin/
+etc = $${buildout:directory}/etc/
+srv = $${buildout:directory}/srv/
+var = $${buildout:directory}/var/
+template = $${buildout:directory}/template/
+
+backup = $${:srv}/backup
+log = $${:var}/log
+run = $${:var}/run
+service = $${:etc}/service
+etc-run = $${:etc}/run
+promise = $${:etc}/promise
+
+logrotate-backup = $${:backup}/logrotate
+logrotate-entries = $${:etc}/logrotate.d
+
+cron-entries = $${:etc}/cron.d
+crontabs = $${:etc}/crontabs
+cronstamps = $${:etc}/cronstamps
+ca-dir = $${:srv}/ssl
+
+# Instance parameters
+[instance-parameter]
+# Fetches parameters defined in SlapOS Master for this instance.
+# Always the same.
+recipe = slapos.cookbook:slapconfiguration.serialised
+computer = $${slap-connection:computer-id}
+partition = $${slap-connection:partition-id}
+url = $${slap-connection:server-url}
+key = $${slap-connection:key-file}
+cert = $${slap-connection:cert-file}
+
+
+# Generic jinja section to extend
+[jinja2-template-base]
+recipe = slapos.recipe.template:jinja2
+rendered = $${buildout:directory}/$${:filename}
+extra-context =
+context =
+    import json_module json
+    key eggs_directory buildout:eggs-directory
+    key develop_eggs_directory buildout:develop-eggs-directory
+    key slap_software_type instance-parameter:slap-software-type
+    key slapparameter_dict instance-parameter:configuration
+    section directory directory
+    $${:extra-context}
+
+####################
+# PowerDNS sections
+#
+[pdns]
+configuration = $${pdns-directory:configuration}/pdns.conf
+local-ipv4 = $${instance-parameter:ipv4-random}
+ipv6 = $${instance-parameter:ipv6-random}
+port = 5353
+socket-directory = $${pdns-directory:socket}
+webserver-port = 8088
+
+[geo]
+ip-map-zonefile = ${iso-list:location}/${iso-list:filename}
+geo-maps = $${pdns-directory:geo-maps}
+
+[pdns-directory]
+recipe = slapos.cookbook:mkdirectory
+configuration = $${directory:etc}/pdns
+geo-maps = $${:configuration}/geo-maps
+socket = $${directory:run}/pdns-socket
+
+[pdns-configuration-template]
+< = jinja2-template-base
+template = ${template-pdns-configuration:target}
+rendered = $${pdns:configuration}
+extra-context =
+  section pdns pdns
+  section geo geo
+
+# Executables
+[pdns-server]
+recipe = slapos.cookbook:wrapper
+command-line = ${powerdns:location}/sbin/pdns_server --config-dir=$${pdns-directory:configuration}
+wrapper-path = $${directory:service}/pdns
+
+[pdns-reload]
+recipe = slapos.cookbook:wrapper
+command-line = ${powerdns:location}/bin/pdns_control reload --config-dir=$${pdns-directory:configuration}
+wrapper-path = $${directory:etc-run}/pdns-reload
+
+# Promises
+[pdns-promise-listen-port]
+recipe = slapos.cookbook:check_port_listening
+path = $${directory:promise}/pdns-port-listening
+hostname = $${pdns:local-ipv4}
+port = $${pdns:port}
+
+#####################
+# Power DNS Slave configuration
+#
+{% set slave_instance_list = json_module.loads(slapparameter_dict.get('extra_slave_instance_list', '')) %}
+
+# Iter through slave list to prepare configuration
+{% for slave in slave_instance_list %}
+{%   if 'record' in slave and 'origin' in slave and 'default' in slave %}
+{%     set slave_reference = slave.get('slave_reference') %}
+{%     set slave_section_name = 'map-configuration-%s' % slave_reference  %}
+{%     do part_list.append(slave_section_name) %}
+[{{ slave_section_name }}]
+< = jinja2-template-base
+template = ${template-cdn-conf:location}/${template-cdn-conf:filename}
+rendered = $${geo:geo-maps}/{{ slave_reference }}
+configuration = {{ json_module.dumps(slave) }}
+extra-context =
+  key json_cdn :configuration
+{%   endif %}
+{% endfor %}
+
+####################
+# Monitoring
+[monitor-rewrite-rule]
+powerdns = http://$${pdns:local-ipv4}:$${pdns:webserver-port}/
+
+[buildout]
+parts =
+  pdns-configuration-template
+  pdns-server
+  pdns-reload
+  pdns-promise-listen-port
+  publish-connection-informations
+{% for part in part_list %}
+{{ '  %s' % part }}
+{% endfor %}
+## Monitoring part
+###Parts to add for monitoring
+  cron
+  certificate-authority
+  cron-entry-monitor
+  cron-entry-rss
+  deploy-index
+  deploy-settings-cgi
+  deploy-status-cgi
+  deploy-status-history-cgi
+  setup-static-files
+  certificate-authority
+  zero-parameters
+  public-symlink
+  cgi-httpd-wrapper
+  cgi-httpd-graceful-wrapper
+  monitor-promise
+  monitor-instance-log-access
+
+extends = ${monitor-template:output}
+
+eggs-directory = {{ eggs_directory }}
+develop-eggs-directory = {{ develop_eggs_directory }}
+offline = true
+{% endif%}
\ No newline at end of file

software/powerdns/instance.cfg

+[buildout]
+parts =
+  switch-softwaretype
+
+eggs-directory = ${buildout:eggs-directory}
+develop-eggs-directory = ${buildout:develop-eggs-directory}
+offline = true
+
+
+[switch-softwaretype]
+recipe = slapos.cookbook:softwaretype
+default = $${dynamic-powerdns-replicate:rendered}
+single-default = $${dynamic-template-powerdns:rendered}
+
+
+[jinja2-template-base]
+recipe = slapos.recipe.template:jinja2
+rendered = $${buildout:directory}/$${:filename}
+extra-context =
+context =
+    import json_module json
+    key eggs_directory buildout:eggs-directory
+    key develop_eggs_directory buildout:develop-eggs-directory
+    key slap_software_type slap-parameters:slap-software-type
+    key slapparameter_dict slap-parameters:configuration
+    key slave_instance_list slap-parameters:slave-instance-list
+    $${:extra-context}
+
+[dynamic-template-powerdns]
+< = jinja2-template-base
+template = ${template-powerdns:output}
+filename = instance-powerdns.cfg
+extensions = jinja2.ext.do
+extra-context =
+# Must match the key id in [switch-softwaretype] which uses this section.
+    raw software_type single-default
+
+[dynamic-powerdns-replicate]
+< = jinja2-template-base
+template = ${template-dns-replicate:target}
+filename = instance-apache-replicate.cfg
+extensions = jinja2.ext.do
+extra-context =
+# Must match the key id in [switch-softwaretype] which uses this section.
+    raw software_type RootSoftwareInstance-default
+
+
+[slap-parameters]
+recipe = slapos.cookbook:slapconfiguration
+computer = $${slap-connection:computer-id}
+partition = $${slap-connection:partition-id}
+url = $${slap-connection:server-url}
+key = $${slap-connection:key-file}
+cert = $${slap-connection:cert-file}
+slave-instance-list =
\ No newline at end of file

software/powerdns/slave-instance-powerdns-input-schema.json

+{
+  "type": "object",
+  "$schema": "http://json-schema.org/draft-04/schema",
+
+  "title": "Input Parameters",
+  "properties": {
+
+    "record": {
+      "title": "Record",
+      "description": "Record for the configuration",
+      "type": "string"
+    },
+
+    "origin": {
+      "title": "Origin",
+      "description": "Used to qualify RR in the configuration. i.e.: if your origin is a.example.com and the RR for Europe is 'eu' the european clients will use eu.a.exmple.com",
+      "type": "string"
+    },
+
+    "default": {
+      "title": "Default RR",
+      "description": "Defautl record to use when the ip is not regognized",
+      "type": "string"
+    },
+
+    "europe": {
+      "title": "Europe RR",
+      "description": "Records to use for Europe",
+      "default": "eu",
+      "type": "string"
+    },
+
+    "africa": {
+      "title": "Africa RR",
+      "description": "Records to use for Africa",
+      "default": "af",
+      "type": "string"
+    },
+
+    "south-america": {
+      "title": "South America RR",
+      "description": "Records to use for South America",
+      "default": "sa",
+      "type": "string"
+    },
+
+    "north-america": {
+      "title": "North America RR",
+      "description": "Records to use for North America",
+      "default": "na",
+      "type": "string"
+    },
+
+    "china": {
+      "title": "China RR",
+      "description": "Records to use for China",
+      "default": "cn",
+      "type": "string"
+    },
+
+    "japan": {
+      "title": "Japan RR",
+      "description": "Records to use for Japan",
+      "default": "jp",
+      "type": "string"
+    },
+
+    "hong-kong": {
+      "title": "Honk Kong RR",
+      "description": "Records to use for Hong Kong",
+      "default": "hk",
+      "type": "string"
+    },
+
+    "east-asia": {
+      "title": "East Asia RR",
+      "description": "Records to use for East Asia",
+      "default": "as",
+      "type": "string"
+    },
+
+    "west-asia": {
+      "title": "West Asia RR",
+      "description": "Records to use for West Asia",
+      "default": "eu",
+      "type": "string"
+    },
+
+    "oceania": {
+      "title": "Oceania RR",
+      "description": "Records to use for Oceania",
+      "default": "oc",
+      "type": "string"
+    }
+  }
+}

software/powerdns/software.cfg

+[buildout]
+extends =
+  ../../stack/slapos.cfg
+  ../../component/powerdns/buildout.cfg
+  ../../stack/monitor/buildout.cfg
+
+parts =
+  template
+  slapos-cookbook
+  monitor-eggs
+  eggs
+
+[eggs]
+recipe = zc.recipe.egg
+eggs =
+  plone.recipe.command
+
+[template]
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance.cfg
+md5sum = d2b12e0a1876849ed200ee5af6d1e618
+output = ${buildout:directory}/template.cfg
+mode = 0644
+
+[template-powerdns]
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance-powerdns.cfg
+md5sum = e90f6ac8e3b7fb1284c86565ffa146c6
+output = ${buildout:directory}/template-powerdns.cfg
+mode = 0644
+
+[template-pdns-configuration]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/template/pdns.conf.jinja2
+md5sum = 7934b7037344678eff3031e1e73e0bb2
+mode = 640
+
+[template-dns-replicate]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/instance-powerdns-replicate.cfg.jinja2
+md5sum = 7cfc55bfb9821aad44272153f60450ef
+mode = 0644
+
+[iso-list]
+recipe = hexagonit.recipe.download
+url = ${:_profile_base_location_}/template/zz.countries.nexedi.dk.rbldnsd
+md5sum = 078bbe893aae7272270b4ec22505de33
+location = ${buildout:parts-directory}/${:_buildout_section_name_}
+filename = zz.countries.nexedi.dk.rbldnsd
+download-only = true
+mode = 0644
+
+[template-cdn-conf]
+recipe = hexagonit.recipe.download
+url = ${:_profile_base_location_}/template/cdn.conf.in
+md5sum = 9d9b431d8373c2e1850f3cef5ae1898a
+location = ${buildout:parts-directory}/${:_buildout_section_name_}
+filename = cdn.conf.in
+download-only = true
+mode = 0644
+
+[versions]
+Jinja2 = 2.7.3
+MarkupSafe = 0.23
+PyRSS2Gen = 1.1
+Werkzeug = 0.9.6
+buildout-versions = 1.7
+cffi = 0.8.6
+cliff = 1.6.1
+cmd2 = 0.6.7
+cns.recipe.symlink = 0.2.3
+collective.recipe.template = 1.11
+cryptography = 0.5.2
+inotifyx = 0.2.0-1
+itsdangerous = 0.24
+lxml = 3.3.5
+meld3 = 1.0.0
+mr.developer = 1.30
+netaddr = 0.7.12
+netifaces = 0.10.4
+plone.recipe.command = 1.1
+pyOpenSSL = 0.14
+pyparsing = 2.0.2
+pytz = 2014.4
+requests = 2.3.0
+six = 1.7.3
+slapos.cookbook = 0.87
+slapos.core = 1.1.2
+slapos.recipe.build = 0.12
+slapos.recipe.cmmi = 0.2
+slapos.recipe.template = 2.5
+stevedore = 0.15
+supervisor = 3.0
+xml-marshaller = 0.9.7
+
+# Required by:
+# slapos.core==1.1.2
+Flask = 0.10.1
+
+# Required by:
+# slapos.cookbook==0.87
+lock-file = 2.0
+
+# Required by:
+# slapos.core==1.1.2
+psutil = 2.1.1
+
+# Required by:
+# cffi==0.8.6
+pycparser = 2.10
+
+# Required by:
+# slapos.core==1.1.2
+zope.interface = 4.1.1
\ No newline at end of file

software/powerdns/template/pdns.conf.jinja2

+# -------------------------------------------------------------------------
+
+# Configure ip/port binding
+local-address={{ pdns.get('local-ipv4') }}
+local-ipv6={{ pdns.get('ipv6') }}
+local-port={{ pdns.get('port') }}
+
+
+socket-dir={{ pdns.get('socket-directory') }}
+
+# Monitoring
+webserver=yes
+webserver-address={{ pdns.get('local-ipv4') }}
+webserver-port={{ pdns.get('webserver-port') }}
+
+# These totally disable query+packet caching for all zones.  This is necessary
+# because otherwise when the exact same question is asked twice in a short
+# period of time (by default, 10 seconds), the same response will be given
+# without any backends getting involved.
+#
+# This is bad for geobackend because obviously every question can potentially
+# require a new answer based only on the IP of the user's nameserver.  Now, it
+# should be noted that if you have other zones in PowerDNS then they will have
+# their query cache disabled as well.  That's not ideal, so you probably want
+# to run a separate instance of PowerDNS just for geobackend.  Maybe one day
+# there will be config options to set per-zone query caching time or something.
+query-cache-ttl=0
+cache-ttl=0
+
+# Log a lot of stuff.  Logging is slow.  We will disable this when we are happy
+# things are working. :)
+log-dns-details=yes
+log-dns-queries=yes
+log-failed-updates=yes
+loglevel=4
+
+# This disables wildcards which is more efficient.  geobackend doesn't use
+# them, so if none of your backends need them, set this, otherwise comment it
+# out.
+# wildcards=no
+
+# The geobackend
+launch=geo
+
+# The zone that your geo-balanced RR is inside of.  The whole zone has to be
+# delegated to the PowerDNS backend, so you will generally want to make up some
+# subzone of your main zone.  We chose "geo.blitzed.org".
+#
+geo-zone={{ slapparameter_dict.get('zone', 'example.com') }}
+
+# The only parts of the SOA for "geo.blitzed.org" that apply here are the
+# master server name and the contact address.
+geo-soa-values={{ slapparameter_dict.get('soa', 'ns0.example.com,admin@example.com') }}
+
+# List of NS records of the PowerDNS servers that are authoritative for your
+# GLB zone.
+geo-ns-records={{ slapparameter_dict.get('ns-record', 'ns0.example.com,ns1.example.com') }}
+
+# The TTL of the CNAME records that geobackend will return.  Since the same
+# resolver will always get the same CNAME (apart from if the director-map
+# changes) it is safe to return a reasonable TTL, so if you leave this
+# commented then a sane default will be chosen.
+#geo-ttl=3600
+
+# The TTL of the NS records that will be returned.  Leave this commented if you
+# don't understand.
+#geo-ns-ttl=86400
+
+# This is the real guts of the data that drives this backend.  This is a DNS
+# zone file for RBLDNSD, a nameserver specialised for running large DNS zones
+# typical of DNSBLs and such.  We choose it for our data because it is easier
+# to parse than the BIND-format one.
+#
+# Anyway, it comes from http://countries.nerd.dk/more.html - there are details
+# there for how to rsync your own copy.  You'll want to do that regularly,
+# every couple of days maybe.  We believe the nerd.dk guys take the netblock
+# info from Regional Internet Registries (RIRs) like RIPE, ARIN, APNIC.  From
+# that they build a big zonefile of IP/prefixlen -> ISO-country-code mappings.
+geo-ip-map-zonefile={{  geo.get('ip-map-zonefile') }}
+
+# And finally this last directive tells the geobackend where to find the map
+# files that say a) which RR to answer for, and b) what actual resource record
+# to return for each ISO country code.  The setting here is a comma-separated
+# list of paths, each of which may either be a single map file or a directory
+# that will contain map files.  If you are only ever going to serve one RR then
+# a single file is probably better, but if you're going to serve many then a
+# directory would probably be better.  The rest of this documentation will
+# assume you chose a directory.
+geo-maps={{  geo.get('geo-maps') }}
+
+# -------------------------------------------------------------------------
\ No newline at end of file

stack/monitor/buildout.cfg

@@ -41,7 +41,7 @@ recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/monitor.cfg.in
 output = ${buildout:directory}/monitor.cfg
 filename = monitor.cfg
-md5sum = fe76a9e0619f276e9de3dacf9e3e01ec
+md5sum = b330a6fbac771ef5db3e66933f6df8d0
 mode = 0644
 
 [monitor-bin]
@@ -53,11 +53,19 @@ destination = ${buildout:directory}/parts/monitor-template-monitor-bin
 filename = monitor.py.in
 mode = 0644
 
+[monitor-httpd-template]
+recipe = hexagonit.recipe.download
+url = ${:_profile_base_location_}/${:filename}
+download-only = true
+md5sum = 2d48f8b8e01fa0fdde964ed1c1547f05
+filename = cgi-httpd.conf.in
+mode = 0644
+
 [index]
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/webfile-directory/${:filename}
 download-only = true
-md5sum = af1adc107b73290afb98d011f7307de1
+md5sum = e759977b21c70213daa4c2701f2c2078
 destination = ${buildout:directory}/parts/monitor-index
 filename = index.cgi.in
 mode = 0644
@@ -67,7 +75,7 @@ recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/webfile-directory/${:filename}
 download-only = true
 destination = ${buildout:directory}/parts/monitor-template-index
-md5sum = 05051a2ff81ce7dc2eef3106d75b33f9
+md5sum = 7400c8cfa16a15a0d41f512b8bbb1581
 filename = index.html.jinja2
 mode = 0644
 
@@ -140,3 +148,10 @@ download-only = true
 destination = ${download-monitor-static:destination}
 filename = jquery-1.10.2.min.js
 mode = 0644
+
+[template-wrapper]
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/wrapper.in
+output = ${buildout:directory}/template-wrapper.cfg
+mode = 0644
+md5sum = 8cde04bfd0c0e9bd56744b988275cfd8

stack/monitor/cgi-httpd.conf.in

+PidFile "{{ httpd_configuration.get('pid-file') }}"
+ServerName example.com
+ServerAdmin someone@email
+<IfDefine !MonitorPort>
+Listen [{{ httpd_configuration.get('listening-ip') }}]:{{ monitor_parameters.get('port') }}
+Define MonitorPort
+</IfDefine>
+DocumentRoot "{{ directory.get('www') }}"
+ErrorLog "{{ httpd_configuration.get('error-log') }}"
+LoadModule unixd_module modules/mod_unixd.so
+LoadModule access_compat_module modules/mod_access_compat.so
+LoadModule authz_core_module modules/mod_authz_core.so
+LoadModule authn_core_module modules/mod_authn_core.so
+LoadModule authz_host_module modules/mod_authz_host.so
+LoadModule mime_module modules/mod_mime.so
+LoadModule cgid_module modules/mod_cgid.so
+LoadModule dir_module modules/mod_dir.so
+LoadModule ssl_module modules/mod_ssl.so
+LoadModule alias_module modules/mod_alias.so
+LoadModule autoindex_module modules/mod_autoindex.so
+LoadModule auth_basic_module modules/mod_auth_basic.so
+LoadModule authz_user_module modules/mod_authz_user.so
+LoadModule authn_file_module modules/mod_authn_file.so
+LoadModule proxy_module      modules/mod_proxy.so
+LoadModule proxy_http_module modules/mod_proxy_http.so
+LoadModule rewrite_module modules/mod_rewrite.so
+
+# SSL Configuration
+<IfDefine !SSLConfigured>
+Define SSLConfigured
+SSLCertificateFile {{ httpd_configuration.get('certificate') }}
+SSLCertificateKeyFile {{ httpd_configuration.get('key') }}
+SSLRandomSeed startup builtin
+SSLRandomSeed connect builtin
+SSLRandomSeed startup /dev/urandom 256
+SSLRandomSeed connect builtin
+SSLProtocol -ALL +SSLv3 +TLSv1
+SSLHonorCipherOrder On
+SSLCipherSuite RC4-SHA:HIGH:!ADH
+</IfDefine>
+SSLEngine   On
+ScriptSock {{ httpd_configuration.get('cgid-pid-file') }}
+<Directory {{ directory.get('www') }}>
+  SSLVerifyDepth    1
+  SSLRequireSSL
+  SSLOptions        +StrictRequire
+  # XXX: security????
+  Options +ExecCGI
+  AddHandler cgi-script .cgi
+  DirectoryIndex {{ monitor_parameters.get('index-filename') }}
+</Directory>
+Alias /private/ {{ directory.get('private-directory') }}/
+<Directory {{ directory.get('private-directory') }}>
+Order Deny,Allow
+Deny from env=AUTHREQUIRED
+<Files ".??*">
+  Order Allow,Deny
+  Deny from all
+</Files>
+AuthType Basic
+AuthName "Private access"
+AuthUserFile "{{ monitor_parameters.get('htaccess-file') }}"
+Require valid-user
+Options Indexes FollowSymLinks
+Satisfy all
+</Directory>
+
+<Location /rewrite>
+AuthType Basic
+AuthName "Private access"
+AuthUserFile "{{ monitor_parameters.get('htaccess-file') }}"
+Require valid-user
+</Location>
+
+ProxyVia On
+RewriteEngine On
+{% for key, value in monitor_rewrite_rule.iteritems() %}
+RewriteRule ^/rewrite/{{ key }}($|/.*) {{ value }}/$1 [P,L]
+{% endfor %}

stack/monitor/monitor.cfg.in

@@ -105,6 +105,7 @@ context =
   key apache_update_command :update-apache-access
   raw extra_eggs_interpreter ${buildout:directory}/bin/${extra-eggs:interpreter}
   raw default_page /static/welcome.html
+  section rewrite_element monitor-rewrite-rule
 
 [deploy-index-template]
 recipe = hexagonit.recipe.download
@@ -234,92 +235,43 @@ status-history-length = 5
 recipe = slapos.cookbook:zero-knowledge.read
 filename = $${public:filename}
 
+[monitor-rewrite-rule]
+
 # XXX could it be something lighter?
-[cgi-httpd-configuration-file]
-recipe = collective.recipe.template
-input = inline:
-  PidFile "$${:pid-file}"
-  ServerName example.com
-  ServerAdmin someone@email
-  <IfDefine !MonitorPort>
-  Listen [$${:listening-ip}]:$${monitor-parameters:port}
-  Define MonitorPort
-  </IfDefine>
-  DocumentRoot "$${:document-root}"
-  ErrorLog "$${:error-log}"
-  LoadModule unixd_module modules/mod_unixd.so
-  LoadModule access_compat_module modules/mod_access_compat.so
-  LoadModule authz_core_module modules/mod_authz_core.so
-  LoadModule authn_core_module modules/mod_authn_core.so
-  LoadModule authz_host_module modules/mod_authz_host.so
-  LoadModule mime_module modules/mod_mime.so
-  LoadModule cgid_module modules/mod_cgid.so
-  LoadModule dir_module modules/mod_dir.so
-  LoadModule ssl_module modules/mod_ssl.so
-  LoadModule alias_module modules/mod_alias.so
-  LoadModule autoindex_module modules/mod_autoindex.so
-  LoadModule auth_basic_module modules/mod_auth_basic.so
-  LoadModule authz_user_module modules/mod_authz_user.so
-  LoadModule authn_file_module modules/mod_authn_file.so
-
-  # SSL Configuration
-  <IfDefine !SSLConfigured>
-  Define SSLConfigured
-  SSLCertificateFile $${ca-httpd:cert-file}
-  SSLCertificateKeyFile $${ca-httpd:key-file}
-  SSLRandomSeed startup builtin
-  SSLRandomSeed connect builtin
-  SSLRandomSeed startup /dev/urandom 256
-  SSLRandomSeed connect builtin
-  SSLProtocol -ALL +SSLv3 +TLSv1
-  SSLHonorCipherOrder On
-  SSLCipherSuite RC4-SHA:HIGH:!ADH
-  </IfDefine>
-  SSLEngine   On
-  ScriptSock $${:cgid-pid-file}
-  <Directory $${:document-root}>
-    SSLVerifyDepth    1
-    SSLRequireSSL
-    SSLOptions        +StrictRequire
-    # XXX: security????
-    Options +ExecCGI
-    AddHandler cgi-script .cgi
-    DirectoryIndex $${monitor-parameters:index-filename}
-  </Directory>
-  Alias /private/ $${monitor-directory:private-directory}/
-  <Directory $${monitor-directory:private-directory}>
-  Order Deny,Allow
-  Deny from env=AUTHREQUIRED
-  <Files ".??*">
-    Order Allow,Deny
-    Deny from all
-  </Files>
-  AuthType Basic
-  AuthName "Private access"
-  AuthUserFile "$${monitor-parameters:htaccess-file}"
-  Require valid-user
-  Options Indexes FollowSymLinks
-  Satisfy all
-  </Directory>
-output = $${monitor-directory:etc}/cgi-httpd.conf
-listening-ip = $${slap-parameters:ipv6-random}
-# XXX: randomize-me
-htdocs = $${monitor-directory:www}
+[monitor-httpd-configuration]
 pid-file = $${monitor-directory:run}/cgi-httpd.pid
 cgid-pid-file = $${monitor-directory:run}/cgi-httpd-cgid.pid
-document-root = $${monitor-directory:www}
 error-log = $${monitor-directory:log}/cgi-httpd-error-log
+listening-ip = $${slap-parameters:ipv6-random}
+certificate = $${ca-httpd:cert-file}
+key = $${ca-httpd:key-file}
+
+[monitor-httpd-configuration-file]
+recipe = slapos.recipe.template:jinja2
+template = ${monitor-httpd-template:destination}/${monitor-httpd-template:filename}
+rendered = $${monitor-directory:etc}/cgi-httpd.conf
+mode = 0744
+context =
+  section directory monitor-directory
+  section monitor_parameters monitor-parameters
+  section httpd_configuration monitor-httpd-configuration
+  section monitor_rewrite_rule monitor-rewrite-rule
 
 [cgi-httpd-wrapper]
 recipe = slapos.cookbook:wrapper
 apache-executable = ${apache:location}/bin/httpd
-command-line = $${:apache-executable} -f $${cgi-httpd-configuration-file:output} -DFOREGROUND
+command-line = $${:apache-executable} -f $${monitor-httpd-configuration-file:rendered} -DFOREGROUND
 wrapper-path = $${ca-httpd:executable}
 
 [cgi-httpd-graceful-wrapper]
-recipe = slapos.cookbook:wrapper
-command-line = kill -USR1 $(cat $${cgi-httpd-configuration-file:pid-file})
-wrapper-path = $${monitor-directory:etc-run}/cgi-httpd-graceful
+recipe = slapos.recipe.template:jinja2
+template = ${template-wrapper:output}
+rendered = $${monitor-directory:etc-run}/cgi-httpd-graceful
+mode = 0700
+context =
+    key content :command
+command = kill -USR1 $(cat $${monitor-httpd-configuration:pid-file})
+
 
 [monitor-promise]
 recipe = slapos.cookbook:check_url_available

stack/monitor/webfile-directory/index.cgi.in

@@ -23,6 +23,8 @@ monitor_password_script_path = "{{ monitor_password_script_path }}"
 
 monitor_apache_password_command = "{{ apache_update_command }}"
 
+monitor_rewrite = "{{ ' '.join(rewrite_element.keys())  }}"
+
 ########
 # Password functions
 #######
@@ -185,4 +187,4 @@ else:
   else:
     html_base = jinja2.Template(open('{{ index_template }}').read())
     print
-    print html_base.render(tree=make_menu(), default_page="{{ default_page }}")
+    print html_base.render(tree=make_menu(), default_page="{{ default_page }}", monitor_rewrite=monitor_rewrite)

stack/monitor/webfile-directory/index.html.jinja2

@@ -19,6 +19,11 @@
    {% endfor %}
    <li class="pure-menu-heading category">Files</li>
    <li><a href="./private/" class="link">  User: admin</br>  Password is yours</a></li>
+   <li class="pure-menu-heading category">Local Service</li>
+   {% set rewrite_list = monitor_rewrite.split() %}
+   {% for path in rewrite_list %}
+   <li><a href="./rewrite/{{path}}/" class="link">{{path}}</a></li>
+   {% endfor %}
   </ul>
  </div>
  </div>

stack/monitor/wrapper.in

+#!${dash-output:dash}
+{{ content }}
\ No newline at end of file