Commit fa3ac825 authored by Alain Takoudjou's avatar Alain Takoudjou

Update Release Candidate

parents 09c128f3 af6d7045
...@@ -5,7 +5,7 @@ parts = ...@@ -5,7 +5,7 @@ parts =
[bzip2] [bzip2]
recipe = slapos.recipe.cmmi recipe = slapos.recipe.cmmi
shared = true shared = true
url = http://www.bzip.org/1.0.6/bzip2-1.0.6.tar.gz url = https://fossies.org/linux/misc/bzip2-1.0.6.tar.gz
md5sum = 00b516f4704d4a7cb50a1d97e6e8e15b md5sum = 00b516f4704d4a7cb50a1d97e6e8e15b
configure-command = true configure-command = true
make-options = make-options =
......
From 50ec7439e80bd6a77346dc6482895e481d8cd43a Mon Sep 17 00:00:00 2001
From: Antoine Catton <acatton@tiolive.com>
Date: Tue, 10 Jan 2012 18:30:20 +0100
Subject: [PATCH] Switch to IPv6
---
libhttp/http.h | 4 ++--
libhttp/httpconnection.c | 11 ++++++++++-
libhttp/server.c | 33 +++++++++++++++++++--------------
libhttp/server.h | 6 +++---
shellinabox/shellinaboxd.c | 14 +++++++-------
5 files changed, 41 insertions(+), 27 deletions(-)
diff --git a/libhttp/http.h b/libhttp/http.h
index e7840fa..5cd61e3 100644
--- a/libhttp/http.h
+++ b/libhttp/http.h
@@ -66,8 +66,8 @@ typedef struct ServerConnection ServerConnection;
typedef struct Server Server;
typedef struct URL URL;
-Server *newCGIServer(int localhostOnly, int portMin, int portMax, int timeout);
-Server *newServer(int localhostOnly, int port);
+Server *newCGIServer(char *ipv6, int portMin, int portMax, int timeout);
+Server *newServer(char *ipv6, int port);
void deleteServer(Server *server);
int serverGetListeningPort(Server *server);
int serverGetFd(Server *server);
diff --git a/libhttp/httpconnection.c b/libhttp/httpconnection.c
index c8e69f6..cae467f 100644
--- a/libhttp/httpconnection.c
+++ b/libhttp/httpconnection.c
@@ -823,8 +823,17 @@ static int httpHandleCommand(struct HttpConnection *http,
const char *host = getFromHashMap(&http->header,
"host");
if (host) {
+ int brackets = 0; // For IPv6 hosts
for (char ch; (ch = *host) != '\000'; host++) {
- if (ch == ':') {
+ if (ch == '[') {
+ brackets = 1;
+ break;
+ }
+ if (ch == ']') {
+ brackets = 0;
+ break;
+ }
+ if (!brackets && ch == ':') {
*(char *)host = '\000';
break;
}
diff --git a/libhttp/server.c b/libhttp/server.c
index f52a269..2c30bd8 100644
--- a/libhttp/server.c
+++ b/libhttp/server.c
@@ -170,19 +170,19 @@ static int serverQuitHandler(struct HttpConnection *http, void *arg) {
return HTTP_DONE;
}
-struct Server *newCGIServer(int localhostOnly, int portMin, int portMax,
+struct Server *newCGIServer(char *ipv6, int portMin, int portMax,
int timeout) {
struct Server *server;
check(server = malloc(sizeof(struct Server)));
- initServer(server, localhostOnly, portMin, portMax, timeout);
+ initServer(server, ipv6, portMin, portMax, timeout);
return server;
}
-struct Server *newServer(int localhostOnly, int port) {
- return newCGIServer(localhostOnly, port, port, -1);
+struct Server *newServer(char *ipv6, int port) {
+ return newCGIServer(ipv6, port, port, -1);
}
-void initServer(struct Server *server, int localhostOnly, int portMin,
+void initServer(struct Server *server, char *ipv6, int portMin,
int portMax, int timeout) {
server->looping = 0;
server->exitAll = 0;
@@ -192,14 +192,19 @@ void initServer(struct Server *server, int localhostOnly, int portMin,
server->numConnections = 0;
int true = 1;
- server->serverFd = socket(PF_INET, SOCK_STREAM, 0);
+ server->serverFd = socket(PF_INET6, SOCK_STREAM, 0);
check(server->serverFd >= 0);
check(!setsockopt(server->serverFd, SOL_SOCKET, SO_REUSEADDR,
&true, sizeof(true)));
- struct sockaddr_in serverAddr = { 0 };
- serverAddr.sin_family = AF_INET;
- serverAddr.sin_addr.s_addr = htonl(localhostOnly
- ? INADDR_LOOPBACK : INADDR_ANY);
+ struct sockaddr_in6 serverAddr = { 0 };
+ serverAddr.sin6_family = AF_INET6;
+ if (ipv6 != NULL) {
+ if (!inet_pton(AF_INET6, ipv6, serverAddr.sin6_addr.s6_addr)) {
+ fatal("Bad ipv6 address");
+ }
+ } else {
+ serverAddr.sin6_addr = in6addr_any;
+ }
// Linux unlike BSD does not have support for picking a local port range.
// So, we have to randomly pick a port from our allowed port range, and then
@@ -214,14 +219,14 @@ void initServer(struct Server *server, int localhostOnly, int portMin,
int portStart = rand() % (portMax - portMin + 1) + portMin;
for (int p = 0; p <= portMax-portMin; p++) {
int port = (p+portStart)%(portMax-portMin+1)+ portMin;
- serverAddr.sin_port = htons(port);
+ serverAddr.sin6_port = htons(port);
if (!bind(server->serverFd, (struct sockaddr *)&serverAddr,
sizeof(serverAddr))) {
break;
}
- serverAddr.sin_port = 0;
+ serverAddr.sin6_port = 0;
}
- if (!serverAddr.sin_port) {
+ if (!serverAddr.sin6_port) {
fatal("Failed to find any available port");
}
}
@@ -231,7 +236,7 @@ void initServer(struct Server *server, int localhostOnly, int portMin,
check(!getsockname(server->serverFd, (struct sockaddr *)&serverAddr,
&socklen));
check(socklen == sizeof(serverAddr));
- server->port = ntohs(serverAddr.sin_port);
+ server->port = ntohs(serverAddr.sin6_port);
info("Listening on port %d", server->port);
check(server->pollFds = malloc(sizeof(struct pollfd)));
diff --git a/libhttp/server.h b/libhttp/server.h
index bb879fb..5ffb698 100644
--- a/libhttp/server.h
+++ b/libhttp/server.h
@@ -78,10 +78,10 @@ struct Server {
struct SSLSupport ssl;
};
-struct Server *newCGIServer(int localhostOnly, int portMin, int portMax,
+struct Server *newCGIServer(char *ipv6, int portMin, int portMax,
int timeout);
-struct Server *newServer(int localhostOnly, int port);
-void initServer(struct Server *server, int localhostOnly, int portMin,
+struct Server *newServer(char *ipv6, int port);
+void initServer(struct Server *server, char *ipv6, int portMin,
int portMax, int timeout);
void destroyServer(struct Server *server);
void deleteServer(struct Server *server);
diff --git a/shellinabox/shellinaboxd.c b/shellinabox/shellinaboxd.c
index dcf05ff..2d1d758 100644
--- a/shellinabox/shellinaboxd.c
+++ b/shellinabox/shellinaboxd.c
@@ -80,7 +80,7 @@
static int port;
static int portMin;
static int portMax;
-static int localhostOnly = 0;
+static char *ipv6 = NULL;
static int noBeep = 0;
static int numericHosts = 0;
static int enableSSL = 1;
@@ -747,7 +747,7 @@ static void usage(void) {
" -g, --group=GID switch to this group (default: %s)\n"
" -h, --help print this message\n"
" --linkify=[none|normal|agressive] default is \"normal\"\n"
- " --localhost-only only listen on 127.0.0.1\n"
+ " --ipv6 listen on a specific ipv6\n"
" --no-beep suppress all audio output\n"
" -n, --numeric do not resolve hostnames\n"
" -p, --port=PORT select a port (default: %d)\n"
@@ -839,7 +839,7 @@ static void parseArgs(int argc, char * const argv[]) {
{ "static-file", 1, 0, 'f' },
{ "group", 1, 0, 'g' },
{ "linkify", 1, 0, 0 },
- { "localhost-only", 0, 0, 0 },
+ { "ipv6", 1, 0, 0 },
{ "no-beep", 0, 0, 0 },
{ "numeric", 0, 0, 'n' },
{ "port", 1, 0, 'p' },
@@ -1001,8 +1001,8 @@ static void parseArgs(int argc, char * const argv[]) {
"\"none\", \"normal\", or \"aggressive\".");
}
} else if (!idx--) {
- // Localhost Only
- localhostOnly = 1;
+ // IPv6
+ ipv6 = optarg;
} else if (!idx--) {
// No Beep
noBeep = 1;
@@ -1197,7 +1197,7 @@ int main(int argc, char * const argv[]) {
// Create a new web server
Server *server;
if (port) {
- check(server = newServer(localhostOnly, port));
+ check(server = newServer(ipv6, port));
dropPrivileges();
setUpSSL(server);
} else {
@@ -1217,7 +1217,7 @@ int main(int argc, char * const argv[]) {
_exit(0);
}
check(!NOINTR(close(fds[0])));
- check(server = newCGIServer(localhostOnly, portMin, portMax,
+ check(server = newCGIServer(ipv6, portMin, portMax,
AJAX_TIMEOUT));
cgiServer = server;
setUpSSL(server);
--
1.7.6.5
From eee6f7180dc5dd4523264e7ce0721945ab2b78a1 Mon Sep 17 00:00:00 2001
From: Antoine Catton <acatton@tiolive.com>
Date: Wed, 11 Jan 2012 17:32:15 +0100
Subject: [PATCH 2/2] Allow to run entire command path.
---
shellinabox/launcher.c | 3 +--
1 files changed, 1 insertions(+), 2 deletions(-)
diff --git a/shellinabox/launcher.c b/shellinabox/launcher.c
index fb8a133..e116a75 100644
--- a/shellinabox/launcher.c
+++ b/shellinabox/launcher.c
@@ -1226,8 +1226,7 @@ static void execService(int width, int height, struct Service *service,
extern char **environ;
environ = environment;
- char *cmd = strrchr(argv[0], '/');
- execvp(cmd ? cmd + 1: argv[0], argv);
+ execvp(argv[0], argv);
}
void setWindowSize(int pty, int width, int height) {
--
1.7.6.5
...@@ -11,24 +11,6 @@ extends = ...@@ -11,24 +11,6 @@ extends =
parts = shellinabox parts = shellinabox
[shellinabox]
<= shellinabox-2.10
[shellinabox-2.10]
; This version is old, but we patch it for IPv6 support
recipe = slapos.recipe.cmmi
url = http://shellinabox.googlecode.com/files/shellinabox-2.10.tar.gz
md5sum = 0e144910d85d92edc54702ab9c46f032
patch-binary = ${patch:location}/bin/patch
patch-options = -p1
patches =
${:_profile_base_location_}/0001-Switch-to-IPv6.patch#b61cb099c00e15a5fcaf6c98134fff45
${:_profile_base_location_}/0002-Allow-to-run-entire-command-path.patch#a506b4d83021e24c830f767501c1d3fc
environment =
CFLAGS = -I${zlib:location}/include -I${openssl:location}/include
LDFLAGS = -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${openssl:location}/lib -Wl,-rpath=${openssl:location}/lib
PKG_CONFIG_PATH = ${openssl:location}/lib/pkgconfig/
[shellinabox-git-repository] [shellinabox-git-repository]
; This version has much more features, but does not support IPv6 (support unix domain though) ; This version has much more features, but does not support IPv6 (support unix domain though)
recipe = slapos.recipe.build:gitclone recipe = slapos.recipe.build:gitclone
...@@ -36,7 +18,7 @@ repository = https://github.com/shellinabox/shellinabox ...@@ -36,7 +18,7 @@ repository = https://github.com/shellinabox/shellinabox
revision = b8285748993c4c99e80793775f3d2a0a4e962d5a revision = b8285748993c4c99e80793775f3d2a0a4e962d5a
git-executable = ${git:location}/bin/git git-executable = ${git:location}/bin/git
[shellinabox-github] [shellinabox]
recipe = slapos.recipe.cmmi recipe = slapos.recipe.cmmi
path = ${shellinabox-git-repository:location} path = ${shellinabox-git-repository:location}
configure-command = configure-command =
......
...@@ -168,7 +168,6 @@ setup(name=name, ...@@ -168,7 +168,6 @@ setup(name=name,
'reverseproxy.nginx = slapos.recipe.reverse_proxy_nginx:Recipe', 'reverseproxy.nginx = slapos.recipe.reverse_proxy_nginx:Recipe',
'sheepdogtestbed = slapos.recipe.sheepdogtestbed:SheepDogTestBed', 'sheepdogtestbed = slapos.recipe.sheepdogtestbed:SheepDogTestBed',
'shell = slapos.recipe.shell:Recipe', 'shell = slapos.recipe.shell:Recipe',
'shellinabox = slapos.recipe.shellinabox:Recipe',
'signalwrapper= slapos.recipe.signal_wrapper:Recipe', 'signalwrapper= slapos.recipe.signal_wrapper:Recipe',
'simplelogger = slapos.recipe.simplelogger:Recipe', 'simplelogger = slapos.recipe.simplelogger:Recipe',
'simplehttpserver = slapos.recipe.simplehttpserver:Recipe', 'simplehttpserver = slapos.recipe.simplehttpserver:Recipe',
......
##############################################################################
#
# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
from getpass import getpass
import hmac
import pwd
import grp
import os
import shlex
from slapos.recipe.librecipe import GenericBaseRecipe
def login_shell(password_file, shell):
if password_file:
with open(password_file, 'r') as password_file:
password = password_file.read()
if not password or hmac.compare_digest(getpass(), password):
commandline = shlex.split(shell)
os.execv(commandline[0], commandline)
return 1
def shellinabox(args):
certificate_dir = args['certificate_dir']
certificate_path = os.path.join(certificate_dir, 'certificate.pem')
with open(certificate_path, 'w') as certificate_file:
with open(args['ssl_key'], 'r') as key_file:
# XXX: Dirty hack in order to make shellinabox work
print >> certificate_file, key_file.read().replace(' PRIVATE ',
' RSA PRIVATE ')
with open(args['ssl_certificate']) as public_key_file:
print >> certificate_file, public_key_file.read()
user = pwd.getpwuid(os.getuid()).pw_uid
group = grp.getgrgid(os.getgid()).gr_gid
service = '/:%(user)s:%(group)s:%(directory)s:%(command)s' % {
'user': user,
'group': group,
'directory': args['directory'],
'command': args['login_shell'],
}
command_line = [
args['shellinabox'],
'-c', certificate_dir,
'-s', service,
'--ipv6', args['ipv6'],
'-p', args['port'],
]
# XXX: By default shellinbox drop privileges
# switching to nobody:nogroup user.
# This force root.
if group == 'root':
command_line.extend(['-g', group])
if user == 'root':
command_line.extend(['-u', group])
os.execv(command_line[0], command_line)
class Recipe(GenericBaseRecipe):
def install(self):
login_shell_wrapper = self.createPythonScript(
self.options['login-shell'],
__name__ + '.login_shell',
(self.options['password-file'], self.options['shell'])
)
shellinabox_wrapper = self.createPythonScript(
self.options['wrapper'],
__name__ + '.shellinabox',
(dict(
certificate_dir=self.options['certificate-directory'],
ssl_key=self.options['key-file'],
ssl_certificate=self.options['cert-file'],
shellinabox=self.options['shellinabox-binary'],
directory=self.options['directory'],
ipv6=self.options['ipv6'],
port=self.options['port'],
login_shell=login_shell_wrapper,
),)
)
return login_shell_wrapper, shellinabox_wrapper
...@@ -58,6 +58,7 @@ Generally things to be done with ``caddy-frontend``: ...@@ -58,6 +58,7 @@ Generally things to be done with ``caddy-frontend``:
* drop ``6tunnel`` and use ``bind`` in Caddy configuration, as soon as multiple binds will be possible, tracked in upstream `bind: support multiple values <https://github.com/mholt/caddy/pull/2128>`_ and `ipv6: does not bind on ipv4 and ipv6 for sites that resolve to both <https://github.com/mholt/caddy/issues/864>`_ * drop ``6tunnel`` and use ``bind`` in Caddy configuration, as soon as multiple binds will be possible, tracked in upstream `bind: support multiple values <https://github.com/mholt/caddy/pull/2128>`_ and `ipv6: does not bind on ipv4 and ipv6 for sites that resolve to both <https://github.com/mholt/caddy/issues/864>`_
* use caddy-frontend in `standalone style playbooks <https://lab.nexedi.com/nexedi/slapos.package/tree/master/playbook/roles/standalone-shared>`_ * use caddy-frontend in `standalone style playbooks <https://lab.nexedi.com/nexedi/slapos.package/tree/master/playbook/roles/standalone-shared>`_
* in ``templates/apache-custom-slave-list.cfg.in`` avoid repetetive ``part_list.append`` and use macro like in ERP5 SR (cf `Vincent's comment <https://lab.nexedi.com/nexedi/slapos/merge_requests/373#note_64362>`_) * in ``templates/apache-custom-slave-list.cfg.in`` avoid repetetive ``part_list.append`` and use macro like in ERP5 SR (cf `Vincent's comment <https://lab.nexedi.com/nexedi/slapos/merge_requests/373#note_64362>`_)
* **Jérome Perrin**: consider privacy implications/GDPR compliance of https://caddyserver.com/docs/telemetry and decide if we should leave it enabled.
Things which can't be implemented: Things which can't be implemented:
......
...@@ -18,4 +18,4 @@ md5sum = 307663d73ef3ef94b02567ecd322252e ...@@ -18,4 +18,4 @@ md5sum = 307663d73ef3ef94b02567ecd322252e
[template-default] [template-default]
filename = instance-default.cfg filename = instance-default.cfg
md5sum = 555700e5d216ff32a981f4066791bdab md5sum = d5a4270e5e7827db2e6a19d2eedb570b
...@@ -9,8 +9,6 @@ extends = ${monitor2-template:rendered} ...@@ -9,8 +9,6 @@ extends = ${monitor2-template:rendered}
parts = parts =
testnode testnode
shell
shellinabox
certificate-authority certificate-authority
ca-shellinabox ca-shellinabox
ca-httpd-testnode ca-httpd-testnode
...@@ -18,11 +16,12 @@ parts = ...@@ -18,11 +16,12 @@ parts =
monitor-publish monitor-publish
testnode-frontend testnode-frontend
resiliency-exclude-file resiliency-exclude-file
shellinabox-frontend-reload
promises
[monitor-publish] [monitor-publish]
recipe = slapos.cookbook:publish recipe = slapos.cookbook:publish
url = https://[$${shellinabox:ipv6}]:$${shellinabox:port}/ url = $${shellinabox-frontend:url}
password = $${pwgen:passwd}
frontend-url = $${testnode-frontend:connection-secure_access} frontend-url = $${testnode-frontend:connection-secure_access}
[pwgen] [pwgen]
...@@ -73,34 +72,70 @@ apache-modules-dir = ${apache:location}/modules ...@@ -73,34 +72,70 @@ apache-modules-dir = ${apache:location}/modules
apache-mime-file = ${apache:location}/conf/mime.types apache-mime-file = ${apache:location}/conf/mime.types
apache-htpasswd = ${apache:location}/bin/htpasswd apache-htpasswd = ${apache:location}/bin/htpasswd
[shell]
recipe = slapos.cookbook:shell [shell-environment]
wrapper = $${rootdirectory:bin}/sh shell = ${bash:location}/bin/bash
shell = ${busybox:location}/bin/sh
home = $${buildout:directory}
ps1 = "\\w> "
path =
${busybox:location}/bin/
${busybox:location}/usr/bin/
${git:location}/bin/
${python2.7:location}/bin/
${buildout:bin-directory}/
${busybox:location}/sbin/
${busybox:location}/usr/sbin/
[shellinabox] [shellinabox]
recipe = slapos.cookbook:shellinabox recipe = slapos.recipe.template:jinja2
# We cannot use slapos.cookbook:wrapper here because this recipe escapes too much
socket = $${directory:run}/siab.sock
mode = 0700
rendered = $${basedirectory:services}/shellinaboxd
template = inline:
#!/bin/sh
exec ${shellinabox:location}/bin/shellinaboxd \
--disable-ssl \
--disable-ssl-menu \
--unixdomain-only=$${:socket}:$(id -u):$(id -g):0600 \
--service "/:$(id -u):$(id -g):HOME:$${shell-environment:shell} -l"
[shellinabox-frontend-config]
recipe = slapos.recipe.template:jinja2
rendered = $${directory:etc}/$${:_buildout_section_name_}
template = inline:
https://$${:hostname}:$${:port} {
bind $${:ipv6}
tls $${:cert-file} $${:key-file}
gzip
log stdout
errors stderr
proxy / unix:$${shellinabox:socket}
basicauth $${:username} $${:passwd} {
realm "Test Node $${testnode:test-node-title}"
/
}
}
ipv6 = $${slap-network-information:global-ipv6} ipv6 = $${slap-network-information:global-ipv6}
hostname = [$${:ipv6}]
port = 8080 port = 8080
shell = $${shell:wrapper} username = testnode
wrapper = $${rootdirectory:bin}/shellinaboxd passwd = $${pwgen:passwd}
shellinabox-binary = ${shellinabox:location}/bin/shellinaboxd
password-file = $${pwgen:storage-path}
directory = $${buildout:directory}/
login-shell = $${rootdirectory:bin}/login
certificate-directory = $${directory:shellinabox}
cert-file = $${directory:shellinabox}/public.crt cert-file = $${directory:shellinabox}/public.crt
key-file = $${directory:shellinabox}/private.key key-file = $${directory:shellinabox}/private.key
url = https://$${:username}:$${:passwd}@$${:hostname}:$${:port}
[shellinabox-frontend]
recipe = slapos.cookbook:wrapper
wrapper-path = $${rootdirectory:bin}/$${:_buildout_section_name_}
command-line =
${caddy:output} -conf $${shellinabox-frontend-config:rendered} -pidfile $${:pidfile}
url = $${shellinabox-frontend-config:url}
hostname = $${shellinabox-frontend-config:ipv6}
port = $${shellinabox-frontend-config:port}
pidfile = $${basedirectory:run}/$${:_buildout_section_name_}.pid
[shellinabox-frontend-reload]
recipe = slapos.cookbook:wrapper
wrapper-path = $${basedirectory:services}/$${:_buildout_section_name_}
command-line =
${bash:location}/bin/bash -c
"kill -s USR1 $$(${coreutils:location}/bin/cat $${shellinabox-frontend:pidfile}) \
&& ${coreutils:location}/bin/sleep infinity"
hash-files =
$${shellinabox-frontend-config:rendered}
$${shellinabox-frontend:wrapper-path}
[certificate-authority] [certificate-authority]
recipe = slapos.cookbook:certificate_authority recipe = slapos.cookbook:certificate_authority
...@@ -124,10 +159,10 @@ crl = $${directory:ca-dir}/crl/ ...@@ -124,10 +159,10 @@ crl = $${directory:ca-dir}/crl/
[ca-shellinabox] [ca-shellinabox]
<= certificate-authority <= certificate-authority
recipe = slapos.cookbook:certificate_authority.request recipe = slapos.cookbook:certificate_authority.request
executable = $${shellinabox:wrapper} executable = $${shellinabox-frontend:wrapper-path}
wrapper = $${basedirectory:services}/shellinaboxd wrapper = $${basedirectory:services}/shellinabox-frontend
key-file = $${shellinabox:key-file} key-file = $${shellinabox-frontend-config:key-file}
cert-file = $${shellinabox:cert-file} cert-file = $${shellinabox-frontend-config:cert-file}
[ca-httpd-testnode] [ca-httpd-testnode]
<= certificate-authority <= certificate-authority
...@@ -181,6 +216,21 @@ config-https-only = true ...@@ -181,6 +216,21 @@ config-https-only = true
#software-type = custom-personal #software-type = custom-personal
return = domain secure_access return = domain secure_access
[promises]
recipe =
instance-promises =
$${shellinabox-frontend-listen-promise:path}
[check-port-listening-promise]
recipe = slapos.cookbook:check_port_listening
path = $${directory:promises}/$${:_buildout_section_name_}
[shellinabox-frontend-listen-promise]
<= check-port-listening-promise
hostname= $${shellinabox-frontend:hostname}
port = $${shellinabox-frontend:port}
[slap-parameter] [slap-parameter]
node-quantity = 1 node-quantity = 1
test-suite-master-url = test-suite-master-url =
......
...@@ -5,7 +5,9 @@ extends = ...@@ -5,7 +5,9 @@ extends =
../../component/git/buildout.cfg ../../component/git/buildout.cfg
../../component/lxml-python/buildout.cfg ../../component/lxml-python/buildout.cfg
../../component/zip/buildout.cfg ../../component/zip/buildout.cfg
../../component/busybox/buildout.cfg ../../component/bash/buildout.cfg
../../component/caddy/buildout.cfg
../../component/coreutils/buildout.cfg
../../component/shellinabox/buildout.cfg ../../component/shellinabox/buildout.cfg
../../component/pwgen/buildout.cfg ../../component/pwgen/buildout.cfg
../../component/apache/buildout.cfg ../../component/apache/buildout.cfg
...@@ -27,6 +29,7 @@ eggs = ...@@ -27,6 +29,7 @@ eggs =
zc.buildout zc.buildout
slapos.libnetworkcache slapos.libnetworkcache
slapos.core slapos.core
slapos.recipe.template
supervisor supervisor
jsonschema jsonschema
hexagonit.recipe.download hexagonit.recipe.download
...@@ -58,7 +61,7 @@ output = ${buildout:directory}/template-default.cfg ...@@ -58,7 +61,7 @@ output = ${buildout:directory}/template-default.cfg
mode = 0644 mode = 0644
[versions] [versions]
erp5.util = 0.4.53 erp5.util = 0.4.56
slapos.recipe.template = 4.3 slapos.recipe.template = 4.3
dnspython = 1.15.0 dnspython = 1.15.0
PyXML = 0.8.5 PyXML = 0.8.5
......
...@@ -42,10 +42,22 @@ ...@@ -42,10 +42,22 @@
"default": "na", "default": "na",
"type": "string" "type": "string"
}, },
"china": { "china-telecom": {
"title": "China RR", "title": "China Telecom RR",
"description": "Records to use for China", "description": "Records to use for China Telecom",
"default": "cn", "default": "cn-t",
"type": "string"
},
"china-unicom": {
"title": "China Unicom RR",
"description": "Records to use for China Unicom",
"default": "cn-u",
"type": "string"
},
"china-mobile": {
"title": "China Mobile RR",
"description": "Records to use for China Mobile",
"default": "cn-m",
"type": "string" "type": "string"
}, },
"japan": { "japan": {
......
...@@ -45,7 +45,7 @@ mode = 0644 ...@@ -45,7 +45,7 @@ mode = 0644
recipe = hexagonit.recipe.download recipe = hexagonit.recipe.download
ignore-existing = true ignore-existing = true
url = ${:_profile_base_location_}/template/zz.countries.nexedi.dk.rbldnsd url = ${:_profile_base_location_}/template/zz.countries.nexedi.dk.rbldnsd
md5sum = 078bbe893aae7272270b4ec22505de33 md5sum = c4dc8c141d81b92d92cdb82ca67a13ee
location = ${buildout:parts-directory}/${:_buildout_section_name_} location = ${buildout:parts-directory}/${:_buildout_section_name_}
filename = zz.countries.nexedi.dk.rbldnsd filename = zz.countries.nexedi.dk.rbldnsd
download-only = true download-only = true
...@@ -55,7 +55,7 @@ mode = 0644 ...@@ -55,7 +55,7 @@ mode = 0644
recipe = hexagonit.recipe.download recipe = hexagonit.recipe.download
ignore-existing = true ignore-existing = true
url = ${:_profile_base_location_}/template/cdn.conf.in url = ${:_profile_base_location_}/template/cdn.conf.in
md5sum = 9d9b431d8373c2e1850f3cef5ae1898a md5sum = 29c29f93b3b0bd2f71f86f7b337e4543
location = ${buildout:parts-directory}/${:_buildout_section_name_} location = ${buildout:parts-directory}/${:_buildout_section_name_}
filename = cdn.conf.in filename = cdn.conf.in
download-only = true download-only = true
......
...@@ -93,8 +93,12 @@ $ORIGIN {{ cdn.get('origin') }} ...@@ -93,8 +93,12 @@ $ORIGIN {{ cdn.get('origin') }}
152 {{ cdn.get('south-america', 'sa') }} 152 {{ cdn.get('south-america', 'sa') }}
# Cameroon # Cameroon
120 {{ cdn.get('africa', 'af') }} 120 {{ cdn.get('africa', 'af') }}
# China # China telecom
156 {{ cdn.get('china', 'cn') }} 155 {{ cdn.get('china-telecom', 'cn-t') }}
#china unicom
156 {{ cdn.get('china-unicom', 'cn-u') }}
#china mobile
157 {{ cdn.get('china-mobile', 'cn-m') }}
# Colombia # Colombia
170 {{ cdn.get('south-america', 'sa') }} 170 {{ cdn.get('south-america', 'sa') }}
# Costa Rica # Costa Rica
......
This source diff could not be displayed because it is too large. You can view the blob instead.
...@@ -214,3 +214,7 @@ lockfile = 0.12.2 ...@@ -214,3 +214,7 @@ lockfile = 0.12.2
# Required by: # Required by:
# slapos.toolbox==0.76 # slapos.toolbox==0.76
passlib = 1.7.1 passlib = 1.7.1
# Required by:
# caucase
PyJWT = 1.6.4
...@@ -30,7 +30,7 @@ md5sum = 7a879739afe55320ee96409bcc8a52ab ...@@ -30,7 +30,7 @@ md5sum = 7a879739afe55320ee96409bcc8a52ab
[template-runner-export-script] [template-runner-export-script]
filename = template/runner-export.sh.jinja2 filename = template/runner-export.sh.jinja2
md5sum = 98ce179badc6af5979a64a7c3d0a2ceb md5sum = 5877e70b2bd5cfe06aff793125f65d6a
[instance-runner-export] [instance-runner-export]
filename = instance-runner-export.cfg.in filename = instance-runner-export.cfg.in
......
...@@ -43,10 +43,6 @@ common-parts = ...@@ -43,10 +43,6 @@ common-parts =
parts = parts =
${:common-parts} ${:common-parts}
# Use shellinabox from github with AF_UNIX support
[shellinabox]
<= shellinabox-github
[template-base] [template-base]
recipe = slapos.recipe.template recipe = slapos.recipe.template
url = ${:_profile_base_location_}/${:filename} url = ${:_profile_base_location_}/${:filename}
......
...@@ -113,16 +113,18 @@ trap remove_tmp_files EXIT ...@@ -113,16 +113,18 @@ trap remove_tmp_files EXIT
# Getting files from runner backup directory, as instance backup files may be # Getting files from runner backup directory, as instance backup files may be
# explicitely excluded from the backup, using the srv/exporter.exclude # explicitely excluded from the backup, using the srv/exporter.exclude
backup_directory_path="$tmp_directory/backup_files.txt"
cd {{ directory['backup'] }} cd {{ directory['backup'] }}
backup_directory_path=$(find . -path "./runner/instance/slappart*/srv/backup/*" -type f) find . -path "./runner/instance/slappart*/srv/backup/*" -type f -print0 > $backup_directory_path
# If no backup found, it's over # If no backup found, it's over
if [ -z "$backup_directory_path" ]; then if [ ! -s "$backup_directory_path" ]; then
exit 0 exit 0
fi fi
sleep 5 sleep 5
sha256sum $backup_directory_path | sort -k 66 > "$tmp_backup_sum" cat $backup_directory_path | xargs -0 sha256sum | sort -k 66 > "$tmp_backup_sum"
rm $backup_directory_path
egrep "instance/slappart.*/srv/backup/" "$backup_directory/backup.signature" > "$tmp_filtered_signature" egrep "instance/slappart.*/srv/backup/" "$backup_directory/backup.signature" > "$tmp_filtered_signature"
# If the diff fails, then the notifier will restart this script # If the diff fails, then the notifier will restart this script
......
...@@ -97,6 +97,7 @@ gunicorn = 19.7.1 ...@@ -97,6 +97,7 @@ gunicorn = 19.7.1
slapos.recipe.template = 4.3 slapos.recipe.template = 4.3
slapos.toolbox = 0.81 slapos.toolbox = 0.81
smmap2 = 2.0.3 smmap2 = 2.0.3
PyJWT = 1.6.4
# Required by: # Required by:
# caucase==0.1.4 # caucase==0.1.4
......
...@@ -712,7 +712,7 @@ oauth2client = 4.0.0 ...@@ -712,7 +712,7 @@ oauth2client = 4.0.0
objgraph = 3.1.0 objgraph = 3.1.0
ply = 3.10 ply = 3.10
polib = 1.0.8 polib = 1.0.8
pprofile = 1.10.0 pprofile = 2.0.0
pyasn1 = 0.2.3 pyasn1 = 0.2.3
pyasn1-modules = 0.0.8 pyasn1-modules = 0.0.8
pycountry = 17.1.8 pycountry = 17.1.8
......
[versions] [versions]
Zope2 = 2.13.28
AccessControl = 2.13.16 AccessControl = 2.13.16
Acquisition = 2.13.12 Acquisition = 2.13.12
DateTime = 2.12.8 DateTime = 2.12.8
...@@ -29,7 +30,6 @@ Sphinx = 1.0.8 ...@@ -29,7 +30,6 @@ Sphinx = 1.0.8
ZConfig = 2.9.3 ZConfig = 2.9.3
ZODB3 = 3.10.7 ZODB3 = 3.10.7
ZServer = 3.0 ZServer = 3.0
Zope2 = 2.13.27
ZopeUndo = 2.12.0 ZopeUndo = 2.12.0
docutils = 0.12 docutils = 0.12
initgroups = 2.13.0 initgroups = 2.13.0
...@@ -41,6 +41,7 @@ pytz = 2017.2 ...@@ -41,6 +41,7 @@ pytz = 2017.2
repoze.retry = 1.2 repoze.retry = 1.2
repoze.tm2 = 1.0 repoze.tm2 = 1.0
repoze.who = 2.0 repoze.who = 2.0
six = 1.11.0
tempstorage = 2.12.2 tempstorage = 2.12.2
tox = 2.9.1 tox = 2.9.1
transaction = 1.1.1 transaction = 1.1.1
......
...@@ -116,7 +116,7 @@ click = 6.7 ...@@ -116,7 +116,7 @@ click = 6.7
cliff = 2.4.0 cliff = 2.4.0
cmd2 = 0.7.0 cmd2 = 0.7.0
collective.recipe.template = 2.0 collective.recipe.template = 2.0
cryptography = 2.1.1 cryptography = 2.3.1
decorator = 4.0.11 decorator = 4.0.11
idna = 2.2 idna = 2.2
inotify-simple = 1.1.1 inotify-simple = 1.1.1
...@@ -129,13 +129,13 @@ pbr = 2.0.0 ...@@ -129,13 +129,13 @@ pbr = 2.0.0
plone.recipe.command = 1.1 plone.recipe.command = 1.1
prettytable = 0.7.2 prettytable = 0.7.2
psutil = 5.4.3 psutil = 5.4.3
pyOpenSSL = 17.2.0 pyOpenSSL = 18.0.0
pyparsing = 2.2.0 pyparsing = 2.2.0
pytz = 2016.10 pytz = 2016.10
requests = 2.13.0 requests = 2.13.0
six = 1.10.0 six = 1.10.0
slapos.cookbook = 1.0.75 slapos.cookbook = 1.0.75
slapos.core = 1.4.10 slapos.core = 1.4.11
slapos.extension.strip = 0.4 slapos.extension.strip = 0.4
slapos.extension.shared = 1.0 slapos.extension.shared = 1.0
slapos.libnetworkcache = 0.15 slapos.libnetworkcache = 0.15
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment