Merge remote-tracking branch 'origin/master' into zimbra

CHANGES.txt

 Changes
 =======
 
+0.77.1 (2013-04-18)
+-------------------
+
+ * Re-release of 0.77.0.
+
+0.77.0 (2013-04-18)
+-------------------
+
+ * Allow to pass extra parameters when creating simple wrapper. [Sebastien Robin]
+ * Apache frontend: Append all rewrite module options to http as well. [Cedric de Saint Martin]
+ * Apache frontend: Add https-only support. [Cedric de Saint Martin]
+ * Apache frontend: make logrotate work by using "generic" component. [Cedric de Saint Martin]
+
 0.76.0 (2013-04-03)
 -------------------
 

component/noVNC/buildout.cfg

@@ -6,5 +6,5 @@ parts =
 recipe = hexagonit.recipe.download
 # Post-0.4 release from January 2013
 url = http://github.com/kanaka/noVNC/zipball/3b2acc2258d36137a37edfbe0f03a3099189c49d
-md5sum = 0d06abc20e59643e14fefe52b42daf60
+md5sum = a276be8fa193652bb5de8a271603f11f
 strip-top-level-dir = true

component/qemu-kvm/buildout.cfg

@@ -3,6 +3,7 @@ extends =
   ../../component/gnutls/buildout.cfg
   ../../component/libpng/buildout.cfg
   ../../component/libuuid/buildout.cfg
+  ../../component/xorg/buildout.cfg
   ../../component/zlib/buildout.cfg
 
 [kvm]
@@ -11,9 +12,11 @@ extends =
 
 [qemu-kvm]
 recipe = slapos.recipe.cmmi
-url = http://downloads.sourceforge.net/project/kvm/qemu-kvm/1.2.0/qemu-kvm-1.2.0.tar.gz
-md5sum = d7b18b673c48abfee65a9c0245df0415
+# qemu-kvm and qemu are now the same since 1.3.
+url = http://wiki.qemu-project.org/download/qemu-1.4.1.tar.bz2
+md5sum = eb2d696956324722b5ecfa46e41f9a75
 configure-options =
+  --target-list=""
   --disable-sdl
   --disable-xen
   --enable-vnc-tls
@@ -24,9 +27,11 @@ configure-options =
   --disable-docs
   --enable-vnc-png
   --disable-vnc-jpeg
+  --enable-vnc-ws
   --extra-cflags="-I${gnutls:location}/include -I${libuuid:location}/include -I${zlib:location}/include -I${libpng:location}/include"
   --extra-ldflags="-Wl,-rpath -Wl,${glib:location}/lib -L${glib:location}/lib -Wl,-rpath -Wl,${gnutls:location}/lib -L${gnutls:location}/lib -Wl,-rpath -Wl,${gpg-error:location}/lib -L${gpg-error:location}/lib -L${gettext:location}/lib -Wl,-rpath -Wl,${gettext:location}/lib -Wl,-rpath -Wl,${libpng:location}/lib -L${libpng:location}/lib -L${libuuid:location}/lib -Wl,-rpath -Wl,${libuuid:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -lpng -lz -lgnutls"
   --disable-werror
 environment =
   PATH=${pkgconfig:location}/bin:%(PATH)s
-  PKG_CONFIG_PATH=${gnutls:location}/lib/pkgconfig:${glib:location}/lib/pkgconfig
+  PKG_CONFIG_PATH=${gnutls:location}/lib/pkgconfig:${glib:location}/lib/pkgconfig:${pixman:location}/lib/pkgconfig
+

component/zabbix/buildout.cfg

@@ -4,8 +4,8 @@ parts =
 
 [zabbix-agent]
 recipe = slapos.recipe.cmmi
-url = http://prdownloads.sourceforge.net/zabbix/zabbix-2.0.1.tar.gz?download
-md5sum = 3b301aa4f2b7cb5ede46884b9c7873e1
+url = http://prdownloads.sourceforge.net/zabbix/zabbix-2.0.5.tar.gz?download
+md5sum = 0c0721c31889b63bce9aa556bcb927e8
 configure-options =
   --enable-agent
   --enable-ipv6

setup.py

@@ -28,7 +28,7 @@ from setuptools import setup, find_packages
 import glob
 import os
 
-version = '0.76.1.dev'
+version = '0.77.2.dev'
 name = 'slapos.cookbook'
 long_description = open("README.txt").read() + "\n" + \
     open("CHANGES.txt").read() + "\n"

slapos/recipe/apache_frontend/__init__.py

@@ -36,6 +36,7 @@ import ConfigParser
 import re
 import traceback
 
+TRUE_VALUES = ['y', 'yes', '1', 'true']
 
 class Recipe(BaseSlapRecipe):
 
@@ -65,13 +66,13 @@ class Recipe(BaseSlapRecipe):
 
     # self.cron_d is a directory, where cron jobs can be registered
     self.cron_d = self.installCrond()
-    self.logrotate_d, self.logrotate_backup = self.installLogrotate()
     self.killpidfromfile = zc.buildout.easy_install.scripts(
-        [('killpidfromfile', 'slapos.recipe.erp5.killpidfromfile',
+        [('killpidfromfile', 'slapos.toolbox.killpidfromfile',
           'killpidfromfile')], self.ws, sys.executable, self.bin_directory)[0]
     self.path_list.append(self.killpidfromfile)
 
     rewrite_rule_list = []
+    rewrite_rule_https_only_list = []
     rewrite_rule_zope_list = []
     rewrite_rule_zope_path_list = []
     slave_dict = {}
@@ -88,20 +89,16 @@ class Recipe(BaseSlapRecipe):
       # Sanitize inputs
       backend_url = slave_instance.get("url", None)
       reference = slave_instance.get("slave_reference")
+      enable_cache = slave_instance.get('enable_cache', '').lower() in TRUE_VALUES
+      slave_type = slave_instance.get('type', '').lower() or None
 
-      if slave_instance.haskey("enable_cache"):
-        enable_cache = slave_instance.get("enable_cache", "").upper() in ('1', 'TRUE')
-      else:
-        enable_cache = False
-
-      if slave_instance.haskey("type"):
-        slave_type = slave_instance.get("type", "").lower()
-      else:
-        slave_type = None
+      https_only = slave_instance.get('https-only', '').lower() in TRUE_VALUES
 
       # Set scheme (http? https?)
-      # Future work may allow to choose between http and https (or both?)
-      scheme = 'http://'
+      if https_only:
+        scheme = 'https://'
+      else:
+        scheme = 'http://'
 
       self.logger.info('Processing slave instance: %s' % reference)
 
@@ -143,6 +140,10 @@ class Recipe(BaseSlapRecipe):
       rewrite_rule = "%s %s" % (domain, backend_url)
 
       # Finally, if successful, we add the rewrite rule to our list of rules
+      # We have 4 RewriteMaps:
+      #  - One for generic (non-zope) websites, accepting both HTTP and HTTPS
+      #  - One for generic websites that only accept HTTPS
+      #  - Two for Zope-based websites
       if rewrite_rule:
         # We check if we have a zope slave. It requires different rewrite
         # rule structure.
@@ -154,7 +155,10 @@ class Recipe(BaseSlapRecipe):
           rewrite_rule_path = "%s %s" % (domain, slave_instance.get('path', ''))
           rewrite_rule_zope_path_list.append(rewrite_rule_path)
         else:
-          rewrite_rule_list.append(rewrite_rule)
+          if https_only:
+            rewrite_rule_https_only_list.append(rewrite_rule)
+          else:
+            rewrite_rule_list.append(rewrite_rule)
 
     # Certificate stuff
     valid_certificate_str = self.parameter_dict.get("domain_ssl_ca_cert")
@@ -186,6 +190,7 @@ class Recipe(BaseSlapRecipe):
         plain_http_port=frontend_plain_http_port_number,
         name=frontend_domain_name,
         rewrite_rule_list=rewrite_rule_list,
+        rewrite_rule_https_only_list=rewrite_rule_https_only_list,
         rewrite_rule_zope_list=rewrite_rule_zope_list,
         rewrite_rule_zope_path_list=rewrite_rule_zope_path_list,
         key=key, certificate=certificate)
@@ -279,29 +284,6 @@ class Recipe(BaseSlapRecipe):
     return "%s http://%s:%s" % \
         (domain, varnish_ip, base_varnish_port)
 
-  def installLogrotate(self):
-    """Installs logortate main configuration file and registers its to cron"""
-    logrotate_d = os.path.abspath(os.path.join(self.etc_directory,
-      'logrotate.d'))
-    self._createDirectory(logrotate_d)
-    logrotate_backup = self.createBackupDirectory('logrotate')
-    logrotate_conf = self.createConfigurationFile("logrotate.conf",
-        "include %s" % logrotate_d)
-    logrotate_cron = os.path.join(self.cron_d, 'logrotate')
-    state_file = os.path.join(self.data_root_directory, 'logrotate.status')
-    open(logrotate_cron, 'w').write('0 0 * * * %s -s %s %s' %
-        (self.options['logrotate_binary'], state_file, logrotate_conf))
-    self.path_list.extend([logrotate_d, logrotate_conf, logrotate_cron])
-    return logrotate_d, logrotate_backup
-
-  def registerLogRotation(self, name, log_file_list, postrotate_script):
-    """Register new log rotation requirement"""
-    open(os.path.join(self.logrotate_d, name), 'w').write(
-        self.substituteTemplate(self.getTemplateFilename(
-          'logrotate_entry.in'),
-          dict(file_list=' '.join(['"'+q+'"' for q in log_file_list]),
-            postrotate=postrotate_script, olddir=self.logrotate_backup)))
-
   def requestCertificate(self, name):
     hash = hashlib.sha512(name).hexdigest()
     key = os.path.join(self.ca_private, hash + self.ca_key_ext)
@@ -418,8 +400,7 @@ class Recipe(BaseSlapRecipe):
   def _getApacheConfigurationDict(self, name, ip_list, port):
     apache_conf = dict()
     apache_conf['server_name'] = name
-    apache_conf['pid_file'] = os.path.join(self.run_directory,
-        name + '.pid')
+    apache_conf['pid_file'] = self.options['pid-file']
     apache_conf['lock_file'] = os.path.join(self.run_directory,
         name + '.lock')
     apache_conf['document_root'] = os.path.join(self.data_root_directory,
@@ -429,13 +410,8 @@ class Recipe(BaseSlapRecipe):
     apache_conf['ip_list'] = ip_list
     apache_conf['port'] = port
     apache_conf['server_admin'] = 'admin@'
-    apache_conf['error_log'] = os.path.join(self.log_directory,
-        'frontend-apache-error.log')
-    apache_conf['access_log'] = os.path.join(self.log_directory,
-        'frontend-apache-access.log')
-    self.registerLogRotation(name, [apache_conf['error_log'],
-      apache_conf['access_log']], self.killpidfromfile + ' ' +
-      apache_conf['pid_file'] + ' SIGUSR1')
+    apache_conf['error_log'] = self.options['error-log']
+    apache_conf['access_log'] = self.options['access-log']
     return apache_conf
 
   def installVarnishCache(self, name, ip, port, control_port, backend_host,
@@ -517,10 +493,13 @@ class Recipe(BaseSlapRecipe):
                             port=4443, plain_http_port=8080,
                             rewrite_rule_list=None,
                             rewrite_rule_zope_list=None,
+                            rewrite_rule_https_only_list=None,
                             rewrite_rule_zope_path_list=None,
                             access_control_string=None):
     if rewrite_rule_list is None:
       rewrite_rule_list = []
+    if rewrite_rule_https_only_list is None:
+      rewrite_rule_zope_path_list = []
     if rewrite_rule_zope_list is None:
       rewrite_rule_zope_list = []
     if rewrite_rule_zope_path_list is None:
@@ -571,15 +550,22 @@ class Recipe(BaseSlapRecipe):
     self.path_list.append(backup_cron)
 
     # Create configuration file and rewritemaps
-    apachemap_name = "apachemap.txt"
-    apachemapzope_name = "apachemapzope.txt"
-    apachemapzopepath_name = "apachemapzopepath.txt"
-
-    self.createConfigurationFile(apachemap_name, "\n".join(rewrite_rule_list))
-    self.createConfigurationFile(apachemapzope_name,
-        "\n".join(rewrite_rule_zope_list))
-    self.createConfigurationFile(apachemapzopepath_name,
-        "\n".join(rewrite_rule_zope_path_list))
+    apachemap_path = self.createConfigurationFile(
+        "apache_rewritemap_generic.txt",
+        "\n".join(rewrite_rule_list)
+    )
+    apachemap_httpsonly_path = self.createConfigurationFile(
+        "apache_rewritemap_httpsonly.txt",
+        "\n".join(rewrite_rule_https_only_list)
+    )
+    apachemap_zope_path = self.createConfigurationFile(
+        "apache_rewritemap_zope.txt",
+        "\n".join(rewrite_rule_zope_list)
+    )
+    apachemap_zopepath_path = self.createConfigurationFile(
+        "apache_rewritemap_zopepath.txt",
+        "\n".join(rewrite_rule_zope_path_list)
+    )
 
     apache_conf = self._getApacheConfigurationDict(name, ip_list, port)
     apache_conf['ssl_snippet'] = self.substituteTemplate(
@@ -606,9 +592,10 @@ class Recipe(BaseSlapRecipe):
 
     apache_conf.update(**dict(
       path_enable=path,
-      apachemap_path=os.path.join(self.etc_directory, apachemap_name),
-      apachemapzope_path=os.path.join(self.etc_directory, apachemapzope_name),
-      apachemapzopepath_path=os.path.join(self.etc_directory, apachemapzopepath_name),
+      apachemap_path=apachemap_path,
+      apachemap_httpsonly_path=apachemap_httpsonly_path,
+      apachemapzope_path=apachemap_zope_path,
+      apachemapzopepath_path=apachemap_zopepath_path,
       apache_domain=name,
       https_port=port,
       plain_http_port=plain_http_port,

slapos/recipe/apache_frontend/template/apache.conf.in

@@ -60,8 +60,8 @@ BrowserMatch "RealPlayer 4\.0" force-response-1.0
 BrowserMatch "Java/1\.0" force-response-1.0
 BrowserMatch "JDK/1\.0" force-response-1.0
 # The following directive disables redirects on non-GET requests for
-# a directory that does not include the trailing slash.  This fixes a 
-# problem with Microsoft WebFolders which does not appropriately handle 
+# a directory that does not include the trailing slash.  This fixes a
+# problem with Microsoft WebFolders which does not appropriately handle
 # redirects for folders with DAV methods.
 # Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
 BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
@@ -84,7 +84,7 @@ MCacheRemovalAlgorithm LRU
 AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/x-javascript application/javascript
 BrowserMatch ^Mozilla/4 gzip-only-text/html
 BrowserMatch ^Mozilla/4\.0[678] no-gzip
-BrowserMatch \bMSIE !no-gzip !gzip-only-text/html 
+BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
 # Make sure proxies don't deliver the wrong content
 Header append Vary User-Agent
 
@@ -104,10 +104,12 @@ Header append Vary User-Agent
   # or changed when slapgrid is ran. It can be freely customized by node admin.
   Include %(custom_apache_virtualhost_conf)s
 
-  # Define the two RewriteMaps (key -> value store): one for Zope, one generic
+  # Define the 3 RewriteMaps (key -> value store): one for Zope, one generic,
+  # one generic https only,
   # containing: rewritten URL -> original URL (a.k.a VirtualHostBase in Zope)
   RewriteMap apachemapzope txt:%(apachemapzope_path)s
   RewriteMap apachemapgeneric txt:%(apachemap_path)s
+  RewriteMap apachemapgenerichttpsonly txt:%(apachemap_httpsonly_path)s
 
   # Define another RewriteMap for Zope, containing:
   # rewritten URL -> VirtualHostRoot
@@ -123,21 +125,32 @@ Header append Vary User-Agent
   RewriteCond ${apachemapgeneric:%%{SERVER_NAME}} >""
   # We suppose that Apache listens to 443 (even indirectly thanks to things like iptables)
   RewriteRule ^/(.*)$ ${apachemapgeneric:%%{SERVER_NAME}}/$1 [L,P]
+  # Same for https only server
+  RewriteCond ${apachemapgenerichttpsonly:%%{SERVER_NAME}} >""
+  # We suppose that Apache listens to 443 (even indirectly thanks to things like iptables)
+  RewriteRule ^/(.*)$ ${apachemapgenerichttpsonly:%%{SERVER_NAME}}/$1 [L,P]
 
   # If nothing exist : put a nice error
   ErrorDocument 404 /notfound.html
 </VirtualHost>
 
+
+# Only accept generic (i.e not Zope) backends on http
 <VirtualHost *:%(plain_http_port)s>
-  RewriteEngine On
   SSLProxyEngine on
+  # Rewrite part
+  ProxyVia On
   ProxyPreserveHost On
+  ProxyTimeout 600
+  RewriteEngine On
+
+  # Remove "Secure" from cookies, as backend may be https
+  Header edit Set-Cookie "(?i)^(.+);secure$" "$1"
 
   # Include configuration file not operated by slapos. This file won't be erased
   # or changed when slapgrid is ran. It can be freely customized by node admin.
   Include %(custom_apache_virtualhost_conf)s
 
-  # We accept generic (i.e not lamp) backends on http
   RewriteMap apachemapgeneric txt:%(apachemap_path)s
   RewriteCond ${apachemapgeneric:%%{SERVER_NAME}} >""
   RewriteRule ^/(.*)$ ${apachemapgeneric:%%{SERVER_NAME}}/$1 [L,P]
@@ -148,6 +161,7 @@ Header append Vary User-Agent
   RewriteRule ^/(.*)$ https://%%{SERVER_NAME}%%{REQUEST_URI}
 </VirtualHost>
 
+
 # Include configuration file not operated by slapos. This file won't be erased
 # or changed when slapgrid is ran. It can be freely customized by node admin.
 Include %(custom_apache_conf)s

slapos/recipe/kvm_frontend/__init__.py

@@ -107,7 +107,8 @@ class Recipe(GenericSlapRecipe):
       http_redirect_server = ''
 
     config = dict(
-      ip=self.options['ip'],
+      ipv6=self.options['ipv6'],
+      ipv4=self.options['ipv4'],
       port=self.options['port'],
       key=self.options['ssl-key-path'],
       certificate=self.options['ssl-cert-path'],

slapos/recipe/kvm_frontend/template/kvm-proxy.js

@@ -37,12 +37,13 @@ var fs = require('fs'),
     httpProxy = require('http-proxy'),
     proxyByUrl = require('proxy-by-url');
 
-var listenInterface = process.argv[2],
-    port = process.argv[3],
-    sslKeyFile = process.argv[4],
-    sslCertFile = process.argv[5],
-    proxyTable = process.argv[6],
-    redirect = process.argv[7] || false,
+var listenInterfacev6 = process.argv[2],
+    listenInterfacev4 = process.argv[3],
+    port = process.argv[4],
+    sslKeyFile = process.argv[5],
+    sslCertFile = process.argv[6],
+    proxyTable = process.argv[7],
+    redirect = process.argv[8] || false,
     isRawIPv6;
 
 if (process.argv.length < 7) {
@@ -50,11 +51,6 @@ if (process.argv.length < 7) {
   process.exit(1);
 }
 
-isRawIPv6 = function checkipv6(str) {
-  // Inspired by http://forums.intermapper.com/viewtopic.php?t=452
-  return (/^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?\s*$/.test(str));
-}(listenInterface);
-
 /**
  * Dummy middleware that throws 404 not found. Does not contain websocket
  * middleware.
@@ -69,7 +65,7 @@ var middlewareNotFound = function(req, res, proxy) {
 /**
  * Create server
  */
-var proxyServer = httpProxy.createServer(
+var proxyServerv6 = httpProxy.createServer(
   // We declare our proxyByUrl middleware
   proxyByUrl(proxyTable),
   // Then we add your dummy middleware, called when proxyByUrl doesn't find url.
@@ -87,42 +83,70 @@ var proxyServer = httpProxy.createServer(
       )
     },
     source: {
-    host: listenInterface,
+    host: listenInterfacev6,
     port: port
   }}
 );
 
+
+var proxyServerv4 = httpProxy.createServer(
+  // We declare our proxyByUrl middleware
+  proxyByUrl(proxyTable),
+  // Then we add your dummy middleware, called when proxyByUrl doesn't find url.
+  middlewareNotFound,
+  // And we set HTTPS options for server. HTTP will be forbidden.
+  {
+    https: {
+      key: fs.readFileSync(
+        sslKeyFile,
+        'utf8'
+      ),
+      cert: fs.readFileSync(
+        sslCertFile,
+        'utf8'
+      )
+    },
+    source: {
+    host: listenInterfacev4,
+    port: port
+  }}
+);
+
+
 console.log('HTTPS server starting and trying to listen on ' +
-            listenInterface + ':' + port);
+            listenInterfacev4 + ':' + port);
 // Release the beast.
-proxyServer.listen(port, listenInterface);
+proxyServerv6.listen(port, listenInterfacev6);
+proxyServerv4.listen(port, listenInterfacev4);
 
 // Dummy HTTP server redirecting to HTTPS. Only has sense if we can use port 80
 if (redirect === '1') {
   console.log('HTTP redirect server starting and trying to listen on ' +
               listenInterface + ':' + httpPort);
-  try {
-    var httpPort = 80;
-    http.createServer(function(req, res) {
-      var url;
-      if (isRawIPv6 === true) {
-        url = 'https://[' + listenInterface + ']';
-      } else {
-        url = 'https://' + listenInterface;
-      }
-      // If non standard port : need to specify it
-      if (port !== 443) {
-        url = url + ':' + port;
-      }
-      // Add last part of URL
-      url = url + req.url;
-      console.log(url);
-      // Anwser "permanently redirected"
-      res.statusCode = 301;
-      res.setHeader('Location', url);
-      res.end();
-    }).listen(httpPort, listenInterface);
-  } catch (error) {
-    console.log('Couldn\'t start plain HTTP redirection server : ' + error)
-  }
+/*   
+*try {
+*    var httpPort = 80;
+*    http.createServer(function(req, res) {
+*      var url;
+*      if (isRawIPv6 === true) {
+*        url = 'https://[' + listenInterface + ']';
+*      } else {
+*        url = 'https://' + listenInterface;
+*      }
+*      // If non standard port : need to specify it
+*      if (port !== 443) {
+*        url = url + ':' + port;
+*      }
+*      // Add last part of URL
+*      url = url + req.url;
+*      console.log(url);
+*      // Anwser "permanently redirected"
+*      res.statusCode = 301;
+*      res.setHeader('Location', url);
+*      res.end();
+*    }).listen(httpPort, listenInterface);
+*  } catch (error) {
+*    console.log('Couldn\'t start plain HTTP redirection server : ' + error)
+*  }
+*/
 }

slapos/recipe/kvm_frontend/template/nodejs_run.in

@@ -2,4 +2,4 @@
 # BEWARE: This file is operated by slapgrid
 # BEWARE: It will be overwritten automatically
 export NODE_PATH=%(node_env)s
-exec %(node_path)s %(conf_path)s %(ip)s %(port)s %(key)s %(certificate)s %(map_path)s %(plain_http)s
+exec %(node_path)s %(conf_path)s %(ipv6)s %(ipv4)s %(port)s %(key)s %(certificate)s %(map_path)s %(plain_http)s

slapos/recipe/zabbixagent/__init__.py

@@ -119,10 +119,13 @@ class Recipe(BaseSlapRecipe):
     # self.cron_d is a directory, where cron jobs can be registered
     self.cron_d = self.installCrond()
     self.logrotate_d, self.logrotate_backup = self.installLogrotate()
-    zabbix_agentd_conf = self.installZabbixAgentd(self.getGlobalIPv6Address(),
-                                                  10050,
-                                                  self.parameter_dict['hostname'],
-                                                  self.parameter_dict['server'])
+    zabbix_agentd_conf = self.installZabbixAgentd(
+        self.getGlobalIPv6Address(),
+        10050,
+        self.parameter_dict['hostname'],
+        self.parameter_dict['server'],
+        self.parameter_dict.get('custom-user-parameter', '')
+    )
     self.setConnectionDict(dict(ip=zabbix_agentd_conf['ip'],
       name=zabbix_agentd_conf['hostname'],
       port=str(zabbix_agentd_conf['port'])))

software/apache-frontend/README.apache_frontend.txt

@@ -118,6 +118,13 @@ Domain name to use as frontend. The frontend will be accessible from this domain
 [instancereference].[masterdomain].
 Example: www.mycustomdomain.com
 
+https-only
+~~~~~~~~~~
+Specify if website should be accessed using https only. If so, the frontend
+will redirect the user to https if accessed from http.
+Possible values: "true", "false".
+This is an optional parameter. Defaults to false.
+
 path
 ~~~~
 Only used if type is "zope".

software/apache-frontend/common.cfg

@@ -3,6 +3,7 @@ extends =
   ../../component/binutils/buildout.cfg
   ../../component/lxml-python/buildout.cfg
   ../../component/apache/buildout.cfg
+  ../../component/gzip/buildout.cfg
   ../../component/stunnel/buildout.cfg
   ../../component/varnish/buildout.cfg
   ../../component/dcron/buildout.cfg
@@ -38,14 +39,15 @@ recipe = zc.recipe.egg
 eggs = ${instance-recipe:egg}
 
 [eggs]
-recipe = zc.recipe.egg
+recipe = z3c.recipe.scripts
 eggs =
   ${lxml-python:egg}
+  slapos.toolbox
 
 [template]
 # Default template for apache instance.
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance.cfg
-md5sum = fea902a2b9dbf8c80ff201bcf73f9396
+md5sum = e7b9f57da7eb1450fc15789e239388d4
 output = ${buildout:directory}/template.cfg
-mode = 0644
\ No newline at end of file
+mode = 0644

software/apache-frontend/instance.cfg

 [buildout]
 parts =
   directory
-  instance
+  apache
   configtest
+  logrotate
+  logrotate-entry-apache
 
 eggs-directory = ${buildout:eggs-directory}
 develop-eggs-directory = ${buildout:develop-eggs-directory}
@@ -10,15 +12,23 @@ develop-eggs-directory = ${buildout:develop-eggs-directory}
 # Create all needed directories
 [directory]
 recipe = slapos.cookbook:mkdirectory
+
+bin = $${buildout:directory}/bin/
 etc = $${buildout:directory}/etc/
-var = $${buildout:directory}/var/
 srv = $${buildout:directory}/srv/
-bin = $${buildout:directory}/bin/
+var = $${buildout:directory}/var/
+
+backup = $${:srv}/backup
+log = $${:var}/log
+run = $${:var}/run
 service = $${:etc}/service
 
+logrotate-backup = $${:backup}/logrotate
+logrotate-entries = $${:etc}/logrotate.d
+
 
 # Deploy Apache (old way, with monolithic recipe)
-[instance]
+[apache]
 recipe = ${instance-recipe:egg}:${instance-recipe:module}
 httpd_home = ${apache-2.2:location}
 httpd_binary = ${apache-2.2:location}/bin/httpd
@@ -31,9 +41,40 @@ rdiff_backup_binary = ${buildout:bin-directory}/rdiff-backup
 gcc_binary = gcc
 binutils_directory = ${binutils:location}/bin/
 
+access-log = $${directory:log}/frontend-apache-access.log
+error-log = $${directory:log}/frontend-apache-error.log
+pid-file = $${directory:run}/httpd.pid
+
 
 # Create wrapper for "apachectl conftest" in bin
 [configtest]
 recipe = slapos.cookbook:wrapper
-command-line = $${instance:httpd_binary} -f $${directory:etc}/apache_frontend.conf -t
-output = $${directory:bin}/apache-configtest
+command-line = $${apache:httpd_binary} -f $${directory:etc}/apache_frontend.conf -t
+wrapper-path = $${directory:bin}/apache-configtest
+
+
+# Deploy Logrotate
+[logrotate]
+recipe = slapos.cookbook:logrotate
+# Binaries
+logrotate-binary = ${logrotate:location}/usr/sbin/logrotate
+gzip-binary = ${gzip:location}/bin/gzip
+gunzip-binary = ${gzip:location}/bin/gunzip
+# Directories
+wrapper = $${directory:bin}/logrotate
+conf = $${directory:etc}/logrotate.conf
+logrotate-entries = $${directory:logrotate-entries}
+backup = $${directory:logrotate-backup}
+state-file = $${directory:srv}/logrotate.status
+
+[logrotate-entry-apache]
+<= logrotate
+recipe = slapos.cookbook:logrotate.d
+name = apache
+log = $${apache:error-log} $${apache:access-log}
+frequency = daily
+rotate-num = 30
+post = ${buildout:bin-directory}/killpidfromfile $${apache:pid-file} SIGUSR1
+sharedscripts = true
+notifempty = true
+create = true

software/apache-frontend/software.cfg

@@ -4,67 +4,101 @@ extends = common.cfg
 [versions]
 Jinja2 = 2.6
 Werkzeug = 0.8.3
+apache-libcloud = 0.12.3
+async = 0.6.1
 buildout-versions = 1.7
-hexagonit.recipe.cmmi = 1.6
+gitdb = 0.5.4
+hexagonit.recipe.cmmi = 2.0
 meld3 = 0.6.10
+pycrypto = 2.6
 rdiff-backup = 1.0.5
-slapos.cookbook = 0.71.1
-slapos.recipe.build = 0.11.5
+slapos.recipe.build = 0.11.6
+slapos.recipe.cmmi = 0.1
 slapos.recipe.template = 2.4.2
+slapos.toolbox = 0.34.0
+smmap = 0.8.2
+z3c.recipe.scripts = 1.0.1
 
 # Required by:
-# slapos.core==0.33.1
+# slapos.core==0.35.1
+# slapos.toolbox==0.34.0
 Flask = 0.9
 
 # Required by:
-# hexagonit.recipe.cmmi==1.6
-hexagonit.recipe.download = 1.6nxd002
+# slapos.toolbox==0.34.0
+GitPython = 0.3.2.RC1
 
 # Required by:
-# slapos.cookbook==0.71.1
+# slapos.toolbox==0.34.0
+atomize = 0.1.1
+
+# Required by:
+# slapos.toolbox==0.34.0
+feedparser = 5.1.3
+
+# Required by:
+# slapos.cookbook==0.77.1
 inotifyx = 0.2.0
 
 # Required by:
-# slapos.cookbook==0.71.1
-# slapos.core==0.33.1
+# slapos.cookbook==0.77.1
+# slapos.core==0.35.1
 # xml-marshaller==0.9.7
-lxml = 3.0.2
+lxml = 3.1.2
 
 # Required by:
-# slapos.cookbook==0.71.1
+# slapos.cookbook==0.77.1
 netaddr = 0.7.10
 
 # Required by:
-# slapos.core==0.33.1
+# slapos.core==0.35.1
 netifaces = 0.8
 
 # Required by:
-# slapos.cookbook==0.71.1
-pytz = 2012j
+# slapos.toolbox==0.34.0
+paramiko = 1.10.1
 
 # Required by:
-# slapos.cookbook==0.71.1
-# slapos.core==0.33.1
+# slapos.toolbox==0.34.0
+psutil = 0.7.0
+
+# Required by:
+# slapos.core==0.35.1
+pyflakes = 0.7
+
+# Required by:
+# slapos.cookbook==0.77.1
+pytz = 2013b
+
+# Required by:
+# slapos.cookbook==0.77.1
+# slapos.core==0.35.1
+# slapos.toolbox==0.34.0
 # zc.buildout==1.6.0-dev-SlapOS-010
 # zc.recipe.egg==1.3.2
 setuptools = 0.6c12dev-r88846
 
 # Required by:
-# slapos.cookbook==0.71.1
-slapos.core = 0.33.1
+# slapos.cookbook==0.77.1
+# slapos.toolbox==0.34.0
+slapos.core = 0.35.1
 
 # Required by:
-# slapos.core==0.33.1
+# slapos.core==0.35.1
 supervisor = 3.0b1
 
 # Required by:
-# slapos.cookbook==0.71.1
-xml-marshaller = 0.9.7
+# slapos.core==0.35.1
+unittest2 = 0.5.1
 
 # Required by:
-# slapos.core==0.33.1
-zope.interface = 4.0.3
+# slapos.cookbook==0.77.1
+# slapos.toolbox==0.34.0
+xml-marshaller = 0.9.7
 
+# Required by:
+# slapos.core==0.35.1
+zope.interface = 4.0.5
 
 [networkcache]
 # signature certificates of the following uploaders.

software/kvm/common.cfg

@@ -56,6 +56,7 @@ recipe = plone.recipe.command
 destination = ${buildout:parts-directory}/${:_buildout_section_name_}
 location = ${buildout:parts-directory}/${:_buildout_section_name_}
 command =
+  export HOME=${:location};
   rm -fr ${:destination} &&
   mkdir -p ${:destination} &&
   cd ${:destination} &&
@@ -69,17 +70,10 @@ command =
 [template-kvm]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance-kvm.cfg.in
-md5sum = c0320447308299ec9caaeece4187bc1f
+md5sum = 87197471aa93863c310204e8865b5ac1
 output = ${buildout:directory}/template-kvm.cfg
 mode = 0644
 
-[template-kvmplus]
-recipe = slapos.recipe.template
-url = ${:_profile_base_location_}/instance-kvmplus.cfg.in
-md5sum = c8e92237eeda93caca1132b5202c3a02
-output = ${buildout:directory}/template-kvmplus.cfg
-mode = 0644
-
 [template-nbd]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance-nbd.cfg.in
@@ -90,13 +84,13 @@ mode = 0644
 [template-frontend]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance-frontend.cfg.in
-md5sum = 73359b52013b1b65f75005e8698ed180
+md5sum = cdb690495e9eb007d2b7d2f8e12f5c59
 output = ${buildout:directory}/template-frontend.cfg
 mode = 0644
 
 [template]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance.cfg.in
-md5sum = 68788763d23f70f24b9e575871c903a8
+md5sum = 0a98e34aaec7097a84066c0665e3a49a
 output = ${buildout:directory}/template.cfg
 mode = 0644

software/kvm/development.cfg

 [buildout]
 extends =
-  ../../git/buildout.cfg
+  ../../component/git/buildout.cfg
   common.cfg
 
 parts +=
   slapos.cookbook-repository
-  slapos.core-repository
   slapos.toolbox-repository
   check-recipe
 
 develop =
   ${:parts-directory}/slapos.cookbook-repository
+  ${:parts-directory}/slapos.toolbox-repository
 
 [slapos.cookbook-repository]
 recipe = slapos.recipe.build:gitclone
 repository = http://git.erp5.org/repos/slapos.git
-branch = slaprunner
+branch = kvm
+git-executable = ${git:location}/bin/git
+
+[slapos.toolbox-repository]
+recipe = slapos.recipe.build:gitclone
+repository = http://git.erp5.org/repos/slapos.toolbox.git
+branch = master
 git-executable = ${git:location}/bin/git
 
 [check-recipe]
@@ -24,3 +30,4 @@ stop-on-error = true
 update-command = ${:command}
 command =
   grep parts ${buildout:develop-eggs-directory}/slapos.cookbook.egg-link &&
+  grep parts ${buildout:develop-eggs-directory}/slapos.toolbox.egg-link

software/kvm/instance-frontend.cfg.in

@@ -11,7 +11,8 @@ parts =
   cron-entry-logrotate
   ca-frontend
   certificate-authority
-  frontend-promise
+  frontend-promise-ipv6
+  frontend-promise-ipv4
 
 eggs-directory = ${buildout:eggs-directory}
 develop-eggs-directory = ${buildout:develop-eggs-directory}
@@ -47,7 +48,8 @@ logrotate-entries = $${rootdirectory:etc}/logrotate.d
 recipe = slapos.cookbook:kvm.frontend
 domain = $${ca-frontend:name}
 # port = $${slap-parameter:port}
-ip = $${slap-network-information:local-ipv4}
+ipv6 = $${slap-network-information:global-ipv6}
+ipv4 = $${slap-network-information:local-ipv4}
 port = $${slap-parameter:port}
 http-redirection = $${slap-parameter:http-redirection}
 ssl-key-path = $${ca-frontend:key-file}
@@ -60,10 +62,16 @@ node-binary = ${nodejs:location}/bin/node
 node-env = ${buildout:parts-directory}:${npm-modules:location}/node_modules
 shell-path = ${dash:location}/bin/dash
 
-[frontend-promise]
+[frontend-promise-ipv6]
 recipe = slapos.cookbook:check_port_listening
 path = $${basedirectory:promises}/frontend_promise
-hostname = $${frontend-instance:ip}
+hostname = $${frontend-instance:ipv6}
+port = $${frontend-instance:port}
+
+[frontend-promise-ipv4]
+recipe = slapos.cookbook:check_port_listening
+path = $${basedirectory:promises}/frontend_promise
+hostname = $${frontend-instance:ipv4}
 port = $${frontend-instance:port}
 
 [certificate-authority]
@@ -133,6 +141,7 @@ state-file = $${rootdirectory:srv}/logrotate.status
 # Default value if no port is specified
 port = 4443
 http-redirection = 0
+slave_instance_list =
 
 # [logrotate-entry-frontend]
 # <= logrotate

software/kvm/instance-kvm.cfg.in

@@ -36,7 +36,7 @@ storage-path = $${directory:srv}/mac
 [gen-passwd]
 recipe = slapos.cookbook:generate.password
 storage-path = $${directory:srv}/passwd
-bytes = 4
+bytes = 8
 
 [kvm-instance]
 # XXX-Cedric: change "KVM" recipe to simple "create wrappers". No need for this
@@ -135,7 +135,7 @@ key-file = $${slap-connection:key-file}
 cert-file = $${slap-connection:cert-file}
 computer-id = $${slap-connection:computer-id}
 partition-id = $${slap-connection:partition-id}
-name = SlaveFrontend
+name = VNC Frontend
 software-type = $${slap-parameter:frontend-software-type}
 slave = true
 config = host port
@@ -162,7 +162,6 @@ curl_path = ${curl:location}/bin/curl
 
 [slap-parameter]
 # Default values if not specified
-frontend-instance-guid = SOFTINST-11031
 frontend-software-type = frontend
 frontend-software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/refs/tags/slapos-0.92:/software/kvm/software.cfg
 
@@ -175,4 +174,4 @@ ram-size = 1024
 disk-size = 10
 disk-type = virtio
 
-cpu-count = 1
\ No newline at end of file
+cpu-count = 1

software/kvm/instance-kvmplus.cfg.in

-#############################
-#
-# Instanciate kvm+
-#
-#############################
-
-# Deprecated. Just specify amount of RAM / disk you want in instance parameter.
-
-[buildout]
-extends = ${template-kvm:output}
-
-[slap-parameter]
-ram-size = 2048
-disk-size = 20
\ No newline at end of file

software/kvm/instance.cfg.in

@@ -10,7 +10,6 @@ offline = true
 recipe = slapos.cookbook:softwaretype
 default = ${template-kvm:output}
 kvm = ${template-kvm:output}
-kvm+ = ${template-kvmplus:output}
 nbd = ${template-nbd:output}
 frontend = ${template-frontend:output}
 

software/kvm/software.cfg

@@ -143,4 +143,4 @@ xml-marshaller = 0.9.7
 
 # Required by:
 # slapos.core==0.35.1
-zope.interface = 4.0.5
\ No newline at end of file
+zope.interface = 4.0.5