Pulse recipe : add base - not working - recipe and all needed templates

slapos/recipe/pulse2/__init__.py

@@ -38,27 +38,37 @@ class Recipe(BaseSlapRecipe):
         'template/%s' % template_name)
 
   def _install(self):
-    # LDAP
-    # MYSQL
     # Apache
-    # mmc (+pulse)
+    # TODO add in apache conf location of mmc.ini
+    document_root = self.createDataDirectory('htdocs')
+    self.createHtdocs(self.options['source'].strip(), document_root)
+    url = self.installApache(document_root)
+    
+    # MySQL
+    mysql_conf = self.installMysqlServer(self.getLocalIPv4Address(), 45678)
+    
+    # LDAP
+    ldap_port = dict()
+    
+    # Pulse
+    mmc_core_conf = self.installPulse2(ip=self.getLocalIPv4Address(),
+        port=11000, ldap_host=ldap_conf['host'], ldap_port=ldap_conf['port'])
+        
+    ca_conf = self.installCertificateAuthority()
+    key, certificate = self.requestCertificate('Pulse')
+
+    stunnel_conf = self.installStunnel(self.getGlobalIPv6Address(),
+        self.getLocalIPv4Address(), 12345, pulse_conf['inventory_port'],
+        certificate, key, ca_conf['ca_crl'],
+        ca_conf['certificate_authority_path'])
     
-    #pulse2_conf = self.installPulse2(ip=self.getLocalIPv4Address(),
-    #    port=11000)
-    #    
-    #ca_conf = self.installCertificateAuthority()
-    #key, certificate = self.requestCertificate('Memcached')
-    #
-    #stunnel_conf = self.installStunnel(self.getGlobalIPv6Address(),
-    #    self.getLocalIPv4Address(), 12345, memcached_conf['memcached_port'],
-    #    certificate, key, ca_conf['ca_crl'],
-    #    ca_conf['certificate_authority_path'])
-    #
-    #self.linkBinary()
-    #self.setConnectionDict(dict(
-    #  stunnel_ip = stunnel_conf['public_ip'],
-    #  stunnel_port = stunnel_conf['public_port'],
-    #))
+    self.linkBinary()
+    self.setConnectionDict(dict(
+      stunnel_inventory_ip = stunnel_conf['public_ip'],
+      stunnel_inventory_port = stunnel_conf['public_port'],
+      url=url,
+      **mysql_conf
+    ))
     return self.path_list
 
   def linkBinary(self):
@@ -228,16 +238,194 @@ class Recipe(BaseSlapRecipe):
     self.path_list.append(wrapper)
     return stunnel_conf
 
-  def installMemcached(self, ip, port):
+  def installPulse2(self, ip, port, ldap_host, ldap_port):
+    """Installs both mmc_core and pulse2"""
     config = dict(
-        memcached_binary=self.options['memcached_binary'],
-        memcached_ip=ip,
+        ldap_host=ldap_host,
+        ldap_port=ldap_port,
         memcached_port=port,
+        ldap_logfile_path= os.path.join(self.log_directory, 'ldap.log'),
+        mmc_core_binary=self.options['mmc_core_binary']
     )
-    self.path_list.append(self.createRunningWrapper('memcached',
-      self.substituteTemplate(self.getTemplateFilename('memcached.in'),
+    
+    #TODO write function that takes all templates in subdir and creates conf 
+    # files, keeping same dir structure.
+    mmc_conf_path = self.createConfigurationFile(os.path.join("mmc",
+        "agent", "config.ini"), self.substituteTemplate(
+        self.getTemplateFilename(os.path.join("mmc_conf",
+        "agent", "config.ini.in")), config))
+    config['mmc_core_config_file'] = mysql_conf_path
+    
+    self.path_list.append(self.createRunningWrapper('mmc-core',
+      self.substituteTemplate(self.getTemplateFilename('mmc-core.in'),
         config)))
+
+
+    
     return dict(memcached_url='%s:%s' %
         (config['memcached_ip'], config['memcached_port']),
         memcached_ip=config['memcached_ip'],
         memcached_port=config['memcached_port'])
+  
+    def createHtdocs(self, source, document_root):
+    source = self.options['source'].strip()
+    document_root = self.createDataDirectory('htdocs')
+    for p in os.listdir(document_root):
+      path = os.path.join(document_root, p)
+      if os.path.isdir(path):
+        shutil.rmtree(path)
+      else:
+        os.unlink(path)
+    for p in os.listdir(source):
+      path = os.path.join(source, p)
+      if os.path.isdir(path):
+        shutil.copytree(path, os.path.join(document_root, p))
+      else:
+        shutil.copy2(path, os.path.join(document_root, p))
+  
+  def installApache(self, document_root, ip=None, port=None):
+    if ip is None:
+      ip=self.getGlobalIPv6Address()
+    if port is None:
+      port = '9080'
+    apache_config = dict(
+        pid_file=os.path.join(self.run_directory, 'httpd.pid'),
+        lock_file=os.path.join(self.run_directory, 'httpd.lock'),
+        ip=ip,
+        port=port,
+        error_log=os.path.join(self.log_directory, 'httpd-error.log'),
+        access_log=os.path.join(self.log_directory, 'httpd-access.log'),
+        document_root=document_root,
+        php_ini_dir=self.etc_directory
+    )
+    config_file = self.createConfigurationFile('httpd.conf',
+        self.substituteTemplate(pkg_resources.resource_filename(__name__,
+          'template/apache.in'), apache_config))
+    self.path_list.append(config_file)
+    self.path_list.append(self.createConfigurationFile('php.ini',
+        self.substituteTemplate(pkg_resources.resource_filename(__name__,
+          'template/php.ini.in'), {})))
+    self.path_list.extend(zc.buildout.easy_install.scripts([(
+      'httpd',
+        __name__ + '.apache', 'runApache')], self.ws,
+          sys.executable, self.wrapper_directory, arguments=[
+            dict(
+              required_path_list=[],
+              binary=self.options['httpd_binary'],
+              config=config_file
+            )
+          ]))
+    return 'http://[%s]:%s' % (ip, port)
+
+  def installMysqlServer(self, ip, port, database='erp5', user='user',
+      test_database='test_erp5', test_user='test_user', template_filename=None,
+      parallel_test_database_amount=100, mysql_conf=None):
+    if mysql_conf is None:
+      mysql_conf = {}
+    backup_directory = self.createBackupDirectory('mysql')
+    if template_filename is None:
+      template_filename = self.getTemplateFilename('my.cnf.in')
+    error_log = os.path.join(self.log_directory, 'mysqld.log')
+    slow_query_log = os.path.join(self.log_directory, 'mysql-slow.log')
+    mysql_conf.update(
+        ip=ip,
+        data_directory=os.path.join(self.data_root_directory,
+          'mysql'),
+        tcp_port=port,
+        pid_file=os.path.join(self.run_directory, 'mysqld.pid'),
+        socket=os.path.join(self.run_directory, 'mysqld.sock'),
+        error_log=error_log,
+        slow_query_log=slow_query_log,
+        mysql_database=database,
+        mysql_user=user,
+        mysql_password=self.generatePassword(),
+        mysql_test_password=self.generatePassword(),
+        mysql_test_database=test_database,
+        mysql_test_user=test_user,
+        mysql_parallel_test_dict=[
+            ('test_%i' % x,)*2 + (self.generatePassword(),) \
+                 for x in xrange(0,parallel_test_database_amount)],
+    )
+    self.registerLogRotation('mysql', [error_log, slow_query_log],
+        '%(mysql_binary)s --no-defaults -B --user=root '
+        '--socket=%(mysql_socket)s -e "FLUSH LOGS"' % dict(
+          mysql_binary=self.options['mysql_binary'],
+          mysql_socket=mysql_conf['socket']))
+    self._createDirectory(mysql_conf['data_directory'])
+
+    mysql_conf_path = self.createConfigurationFile("my.cnf",
+        self.substituteTemplate(template_filename,
+          mysql_conf))
+
+    mysql_script_list = []
+    for x_database, x_user, x_password in \
+          [(mysql_conf['mysql_database'],
+            mysql_conf['mysql_user'],
+            mysql_conf['mysql_password']),
+           (mysql_conf['mysql_test_database'],
+            mysql_conf['mysql_test_user'],
+            mysql_conf['mysql_test_password']),
+          ] + mysql_conf['mysql_parallel_test_dict']:
+      mysql_script_list.append(pkg_resources.resource_string(__name__,
+                     'template/initmysql.sql.in') % {
+                        'mysql_database': x_database,
+                        'mysql_user': x_user,
+                        'mysql_password': x_password})
+    mysql_script_list.append('EXIT')
+    mysql_script = '\n'.join(mysql_script_list)
+    self.path_list.extend(zc.buildout.easy_install.scripts([('mysql_update',
+      __name__ + '.mysql', 'updateMysql')], self.ws,
+      sys.executable, self.wrapper_directory, arguments=[dict(
+        mysql_script=mysql_script,
+        mysql_binary=self.options['mysql_binary'].strip(),
+        mysql_upgrade_binary=self.options['mysql_upgrade_binary'].strip(),
+        socket=mysql_conf['socket'],
+        )]))
+    self.path_list.extend(zc.buildout.easy_install.scripts([('mysqld',
+      __name__ + '.mysql', 'runMysql')], self.ws,
+        sys.executable, self.wrapper_directory, arguments=[dict(
+        mysql_install_binary=self.options['mysql_install_binary'].strip(),
+        mysqld_binary=self.options['mysqld_binary'].strip(),
+        data_directory=mysql_conf['data_directory'].strip(),
+        mysql_binary=self.options['mysql_binary'].strip(),
+        socket=mysql_conf['socket'].strip(),
+        configuration_file=mysql_conf_path,
+       )]))
+    self.path_list.extend([mysql_conf_path])
+
+    # backup configuration
+    backup_directory = self.createBackupDirectory('mysql')
+    full_backup = os.path.join(backup_directory, 'full')
+    incremental_backup = os.path.join(backup_directory, 'incremental')
+    self._createDirectory(full_backup)
+    self._createDirectory(incremental_backup)
+    innobackupex_argument_list = [self.options['perl_binary'],
+        self.options['innobackupex_binary'],
+        '--defaults-file=%s' % mysql_conf_path,
+        '--socket=%s' %mysql_conf['socket'].strip(), '--user=root',
+        '--ibbackup=%s'% self.options['xtrabackup_binary']]
+    environment = dict(PATH='%s' % self.bin_directory)
+    innobackupex_incremental = zc.buildout.easy_install.scripts([(
+      'innobackupex_incremental','slapos.recipe.librecipe.execute', 'executee')],
+      self.ws, sys.executable, self.bin_directory, arguments=[
+        innobackupex_argument_list + ['--incremental'],
+        environment])[0]
+    self.path_list.append(innobackupex_incremental)
+    innobackupex_full = zc.buildout.easy_install.scripts([('innobackupex_full',
+     'slapos.recipe.librecipe.execute', 'executee')], self.ws,
+      sys.executable, self.bin_directory, arguments=[
+        innobackupex_argument_list,
+        environment])[0]
+    self.path_list.append(innobackupex_full)
+    backup_controller = zc.buildout.easy_install.scripts([
+      ('innobackupex_controller', __name__ + '.innobackupex', 'controller')],
+      self.ws, sys.executable, self.bin_directory,
+      arguments=[innobackupex_incremental, innobackupex_full, full_backup,
+        incremental_backup])[0]
+    self.path_list.append(backup_controller)
+    mysql_backup_cron = os.path.join(self.cron_d, 'mysql_backup')
+    open(mysql_backup_cron, 'w').write('0 0 * * * ' + backup_controller)
+    self.path_list.append(mysql_backup_cron)
+    # The return could be more explicit database, user ...
+    return mysql_conf
+

slapos/recipe/pulse2/apache.py

+import os
+import sys
+import time
+
+
+def runApache(args):
+  sleep = 60
+  conf = args[0]
+  while True:
+    ready = True
+    for f in conf.get('required_path_list', []):
+      if not os.path.exists(f):
+        print 'File %r does not exists, sleeping for %s' % (f, sleep)
+        ready = False
+    if ready:
+      break
+    time.sleep(sleep)
+  apache_wrapper_list = [conf['binary'], '-f', conf['config'], '-DFOREGROUND']
+  apache_wrapper_list.extend(sys.argv[1:])
+  sys.stdout.flush()
+  sys.stderr.flush()
+  os.execl(apache_wrapper_list[0], *apache_wrapper_list)

slapos/recipe/pulse2/innobackupex.py

+import os
+import glob
+def controller(args):
+  """Creates full or incremental backup
+
+  If no full backup is done, it is created
+
+  If full backup exists incremental backup is done starting with base
+
+  base is the newest (according to date) full or incremental backup
+  """
+  innobackupex_incremental, innobackupex_full, full_backup, incremental_backup \
+      = args
+  if len(os.listdir(full_backup)) == 0:
+    print 'Doing full backup in %r' % full_backup
+    os.execv(innobackupex_full, [innobackupex_full, full_backup])
+  else:
+    backup_list = filter(os.path.isdir, glob.glob(full_backup + "/*") +
+      glob.glob(incremental_backup + "/*"))
+    backup_list.sort(key=lambda x: os.path.getmtime(x), reverse=True)
+    base = backup_list[0]
+    print 'Doing incremental backup in %r using %r as a base' % (
+        incremental_backup, base)
+    os.execv(innobackupex_incremental, [innobackupex_incremental,
+      '--incremental-basedir=%s'%base, incremental_backup])

slapos/recipe/pulse2/mysql.py

+import os
+import subprocess
+import time
+import sys
+
+
+def runMysql(args):
+  sleep = 60
+  conf = args[0]
+  mysqld_wrapper_list = [conf['mysqld_binary'], '--defaults-file=%s' %
+      conf['configuration_file']]
+  # we trust mysql_install that if mysql directory is available mysql was
+  # correctly initalised
+  if not os.path.isdir(os.path.join(conf['data_directory'], 'mysql')):
+    while True:
+      # XXX: Protect with proper root password
+      # XXX: Follow http://dev.mysql.com/doc/refman/5.0/en/default-privileges.html
+      popen = subprocess.Popen([conf['mysql_install_binary'],
+        '--skip-name-resolve', '--no-defaults', '--datadir=%s' %
+        conf['data_directory']],
+        stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+      result = popen.communicate()[0]
+      if popen.returncode is None or popen.returncode != 0:
+        print "Failed to initialise server.\nThe error was: %s" % result
+        print "Waiting for %ss and retrying" % sleep
+        time.sleep(sleep)
+      else:
+        print "Mysql properly initialised"
+        break
+  else:
+    print "MySQL already initialised"
+  print "Starting %r" % mysqld_wrapper_list[0]
+  sys.stdout.flush()
+  sys.stderr.flush()
+  os.execl(mysqld_wrapper_list[0], *mysqld_wrapper_list)
+
+
+def updateMysql(args):
+  conf = args[0]
+  sleep = 30
+  is_succeed = False
+  while True:
+    if not is_succeed:
+      mysql_upgrade_list = [conf['mysql_upgrade_binary'], '--no-defaults', '--user=root', '--socket=%s' % conf['socket']]
+      mysql_upgrade = subprocess.Popen(mysql_upgrade_list, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+      result = mysql_upgrade.communicate()[0]
+      if mysql_upgrade.returncode is None:
+        mysql_upgrade.kill()
+      if mysql_upgrade.returncode != 0 and not 'is already upgraded' in result:
+        print "Command %r failed with result:\n%s" % (mysql_upgrade_list, result)
+        print 'Sleeping for %ss and retrying' % sleep
+      else:
+        if mysql_upgrade.returncode == 0:
+          print "MySQL database upgraded with result:\n%s" % result
+        else:
+          print "No need to upgrade MySQL database"
+        mysql_list = [conf['mysql_binary'].strip(), '--no-defaults', '-B', '--user=root', '--socket=%s' % conf['socket']]
+        mysql = subprocess.Popen(mysql_list, stdin=subprocess.PIPE,
+            stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+        result = mysql.communicate(conf['mysql_script'])[0]
+        if mysql.returncode is None:
+          mysql.kill()
+        if mysql.returncode != 0:
+          print 'Command %r failed with:\n%s' % (mysql_list, result)
+          print 'Sleeping for %ss and retrying' % sleep
+        else:
+          is_succeed = True
+          print 'SlapOS initialisation script succesfully applied on database.'
+    sys.stdout.flush()
+    sys.stderr.flush()
+    time.sleep(sleep)

slapos/recipe/pulse2/template/apache.in.in

+# Apache static configuration
+# Automatically generated
+
+# Basic server configuration
+PidFile "%(pid_file)s"
+LockFile "%(lock_file)s"
+Listen %(ip)s:%(port)s
+PHPINIDir %(php_ini_dir)s
+ServerAdmin someone@email
+DefaultType text/plain
+TypesConfig conf/mime.types
+AddType application/x-compress .Z
+AddType application/x-gzip .gz .tgz
+AddType application/x-httpd-php .php .phtml .php5 .php4
+AddType application/x-httpd-php-source .phps
+
+# Log configuration
+ErrorLog "%(error_log)s"
+LogLevel warn
+LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\"" combined
+LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b" common
+CustomLog "%(access_log)s" common
+
+# Directory protection
+<Directory />
+    Options FollowSymLinks
+    AllowOverride None
+    Order deny,allow
+    Deny from all
+</Directory>
+
+Alias /mmc %(document_root)s
+### Allow access to lmc web directory to everyone 
+<Directory %(document_root)s>
+  AllowOverride None
+  Order allow,deny
+  allow from all
+  php_flag short_open_tag on
+  php_flag magic_quotes_gpc on
+</Directory>
+DocumentRoot %(document_root)s
+DirectoryIndex index.html index.php
+
+# List of modules
+LoadModule authz_host_module modules/mod_authz_host.so
+LoadModule log_config_module modules/mod_log_config.so
+LoadModule setenvif_module modules/mod_setenvif.so
+LoadModule version_module modules/mod_version.so
+LoadModule proxy_module modules/mod_proxy.so
+LoadModule proxy_http_module modules/mod_proxy_http.so
+LoadModule mime_module modules/mod_mime.so
+LoadModule dav_module modules/mod_dav.so
+LoadModule dav_fs_module modules/mod_dav_fs.so
+LoadModule negotiation_module modules/mod_negotiation.so
+LoadModule rewrite_module modules/mod_rewrite.so
+LoadModule headers_module modules/mod_headers.so
+LoadModule dir_module modules/mod_dir.so
+LoadModule php5_module modules/libphp5.so

slapos/recipe/pulse2/template/logrotate_entry.in

+%(file_list)s {
+  daily
+  dateext
+  rotate 30
+  compress
+  notifempty
+  sharedscripts
+  create
+  postrotate
+    %(postrotate)s
+  endscript
+  olddir %(olddir)s
+}

slapos/recipe/pulse2/template/mmc-core.in

+#!/bin/sh
+exec %(mmc_core_binary)s -f %(mmc_core_config_file)s

slapos/recipe/pulse2/template/mmc_conf/agent/config.ini

+[main]
+host = %(mmc_host)s
+port = %(mmc_port)s
+# Credentials for HTTP basic authentication
+login = mmc
+password = s3cr3t
+# RPC Session timeout in seconds.
+# If unset default to Twisted hardcoded 900 seconds.
+#sessiontimeout = 900
+# Multi-threading support (enabled by default)
+#multithreading = 1
+#maxthreads = 20
+# SSL support
+enablessl = 1
+localcert = %(ssl_localcert)s
+cacert = %(ssl_cacert)s
+# Certificate check
+# verifypeer = 0
+# Path to the file containing the Certificate Authority (PEM format)
+# cacert =
+# Path to the file containing the local key and certificate (PEM format)
+# localcert =
+
+[daemon]
+user = %(daemon_user)s
+group = %(daemon_user)s
+umask = 0077
+pidfile= %(daemon_pidfile)s
+# user = mmc
+# group = mmc
+# umask = 0007
+# pidfile= /var/run/mmc-agent.pid
+
+[loggers]
+keys=root
+
+[handlers]
+keys=hand01,hand02
+
+[formatters]
+keys=form01
+
+[logger_root]
+level=NOTSET
+handlers=hand01
+
+[handler_hand01]
+class=FileHandler
+level=INFO
+formatter=form01
+args=("%s" % %(mmc_log)s,)
+
+[handler_hand02]
+class=StreamHandler
+level=DEBUG
+args=(sys.stderr,)
+
+[formatter_form01]
+format=%(asctime)s #%(thread)d %(levelname)s %(message)s

slapos/recipe/pulse2/template/mmc_conf/agent/config.ini.in

+[main]
+host = %(mmc_host)s
+port = %(mmc_port)s
+# Credentials for HTTP basic authentication
+login = mmc
+password = s3cr3t
+# RPC Session timeout in seconds.
+# If unset default to Twisted hardcoded 900 seconds.
+#sessiontimeout = 900
+# Multi-threading support (enabled by default)
+#multithreading = 1
+#maxthreads = 20
+# SSL support
+enablessl = 1
+localcert = %(ssl_localcert)s
+cacert = %(ssl_cacert)s
+# Certificate check
+# verifypeer = 0
+# Path to the file containing the Certificate Authority (PEM format)
+# cacert =
+# Path to the file containing the local key and certificate (PEM format)
+# localcert =
+
+[daemon]
+user = %(daemon_user)s
+group = %(daemon_user)s
+umask = 0077
+pidfile= %(daemon_pidfile)s
+# user = mmc
+# group = mmc
+# umask = 0007
+# pidfile= /var/run/mmc-agent.pid
+
+[loggers]
+keys=root
+
+[handlers]
+keys=hand01,hand02
+
+[formatters]
+keys=form01
+
+[logger_root]
+level=NOTSET
+handlers=hand01
+
+[handler_hand01]
+class=FileHandler
+level=INFO
+formatter=form01
+args=("%s" % %(mmc_log)s,)
+
+[handler_hand02]
+class=StreamHandler
+level=DEBUG
+args=(sys.stderr,)
+
+[formatter_form01]
+format=%(asctime)s #%(thread)d %(levelname)s %(message)s

slapos/recipe/pulse2/template/mmc_conf/agent/keys/cacert.pem

+-----BEGIN CERTIFICATE-----
+MIICmjCCAkSgAwIBAgIJALq48auj/cmmMA0GCSqGSIb3DQEBBAUAMGkxCzAJBgNV
+BAYTAkZSMQswCQYDVQQIEwJOQTENMAsGA1UEBxMETWV0ejEPMA0GA1UEChMGTGlu
+Ym94MQ0wCwYDVQQDEwRjZXJ0MR4wHAYJKoZIhvcNAQkBFg9pbmZvQGxpbmJveC5j
+b20wHhcNMDUwODAyMTI1NjA1WhcNMDgwNDI4MTI1NjA1WjBpMQswCQYDVQQGEwJG
+UjELMAkGA1UECBMCTkExDTALBgNVBAcTBE1ldHoxDzANBgNVBAoTBkxpbmJveDEN
+MAsGA1UEAxMEY2VydDEeMBwGCSqGSIb3DQEJARYPaW5mb0BsaW5ib3guY29tMFww
+DQYJKoZIhvcNAQEBBQADSwAwSAJBALsvk/6SKwimAloa2gitTn2AsUIZs0FT1XvM
+LYWiaqQe5XK5n08F9C3ClLU79UxEuh47su3mxKjakwZSDvptNU8CAwEAAaOBzjCB
+yzAdBgNVHQ4EFgQUJ8QwuXYP+uu6tWjtl4y6j/6CiR0wgZsGA1UdIwSBkzCBkIAU
+J8QwuXYP+uu6tWjtl4y6j/6CiR2hbaRrMGkxCzAJBgNVBAYTAkZSMQswCQYDVQQI
+EwJOQTENMAsGA1UEBxMETWV0ejEPMA0GA1UEChMGTGluYm94MQ0wCwYDVQQDEwRj
+ZXJ0MR4wHAYJKoZIhvcNAQkBFg9pbmZvQGxpbmJveC5jb22CCQC6uPGro/3JpjAM
+BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA0EAfKZ53wZqWetaf6XN06PdUUyb
+orjbJtFQJQYBoXpqfrTH78Sna+uaCRlC+4BBAPx6Tz7ZoWqHt84GBf1WIXOscA==
+-----END CERTIFICATE-----

slapos/recipe/pulse2/template/mmc_conf/agent/keys/localcert.pem

+-----BEGIN RSA PRIVATE KEY-----
+MIIBOwIBAAJBALsvk/6SKwimAloa2gitTn2AsUIZs0FT1XvMLYWiaqQe5XK5n08F
+9C3ClLU79UxEuh47su3mxKjakwZSDvptNU8CAwEAAQJAC+eSufYB1qL4M1LR2wtq
+moC8xT9tLxJt2Vm662zQ628PhbzdaJBFGlHpC5jdsw/J1r56D+eVTOiVrMKKd3Lk
+gQIhAPjir/qwx0ssVfiW1xioj33tR3Dxpd8pYPTKZBWuknXZAiEAwIlhZ1sSFulo
+eOTJgvhga3PClKI7qcRlUEVAkfzoQ2cCIGKWKO88pzT30vYtifaSjoRrQSlUD0he
+s7FDmnGcPRfBAiEAp39co4PQ6unHn1S6EhxuFUyxvIieiwR2dyyoDdkNXoUCIQCD
+KeWLYFVEXcNqdgC2tjIzbBR03UQXt3eFrovjeox1pA==
+-----END RSA PRIVATE KEY-----

slapos/recipe/pulse2/template/mmc_conf/mmc.ini.in

+[global]
+; RPC backend to use
+backend = xmlrpc
+
+; HTTP basic authentication credentials to use for XMLRPC communication
+login = mmc
+password = s3cr3t
+
+; Root URL where the MMC web pages are installed
+; root= /mmc/ for http://127.0.0.1/mmc/
+root = /mmc/
+
+; Filesystem path where the MMC web modules are installed
+rootfsmodules = %(mmc_location)s/modules/
+
+; Available pagination steps
+pagination = 10 20 50 100
+
+; Number of items to display in lists
+maxperpage = 10
+
+; Declare if this installation is a community version or not
+; community can be yes or no
+community = yes
+
+; Debug section
+[debug]
+; 0 : no information
+; 1 : XMLRPC calls and results are displayed by the web interface
+level = 0
+
+; Login page title
+; UTF-8 strings must be used
+[logintitle]
+; Default page title for English and non-translated languages
+C =
+; French title
+fr_FR =
+; Spanish title
+es_ES =
+
+[server_01]
+description = localhost
+url = https://127.0.0.1:7080
+; Timeout in seconds for all socket I/O operations
+; Beware that timeout on a SSL socket only works with PHP >= 5.2.1
+; timeout = 300
+; SSL certificate check support
+; verifypeer = 0
+; Path to the file containing the Certificate Authority (PEM format)
+; cacert =
+; Path to the file containing the local key and certificate (PEM format)
+; localcert =

slapos/recipe/pulse2/template/mmc_conf/plugins/base.ini

+[ldap]
+# LDAP we are connected to
+# If ldapurl starts with "ldaps://", use LDAP over SSL on the LDAPS port.
+# LDAPS is deprecated, and you should use StartTLS.
+# If ldapverifypeer = demand, always use the server hostname instead of its IP
+# address in the LDAP URL. This hostname must match the CN field of the server
+# certificate.
+ldapurl = ldap://%(ldap_host)s:%(ldap_port)s
+# Network timeout in seconds for LDAP operations. No default timeout set.
+#network_timeout =
+# TLS connection parameters when LDAPS is not used:
+#  off - never use TLS (default value)
+#  start_tls - Use the LDAPv3 StartTLS extended operation (better)
+#start_tls = off
+# If start_tls != off or LDAPS, specify check to perform on server certificate:
+#  never - don't ask certificate
+#  demand - request certificate. If none or bad certificate provided, stop the
+#           connection (recommended)
+#ldapverifypeer = demand
+# Client certicates to use (default are empty) for LDAPS or TLS connections:
+# For example: /etc/ssl/certs
+#cacertdir =
+# For example: /etc/mmc/certs/demoCA/cacert.pem
+#cacert =
+# For example: /etc/mmc/certs/client.cert
+#localcert =
+# For example: /etc/mmc/certs/client.key
+#localkey =
+# Accepted ciphers
+# Use this for more security: TLSv1+SHA1+AES+DH:CAMELLIA:!NULL:!ADH
+#ciphersuites = TLSv1:!NULL
+# LDAP debug level - set this to 255 to debug LDAP connection problems
+#ldapdebuglevel = 0
+# LDAP base DN
+baseDN = dc=mandriva, dc=com
+# Users location in the LDAP
+baseUsersDN = ou=Users, %%(basedn)s
+# Groups location in the LDAP
+baseGroupsDN = ou=Groups, %%(basedn)s
+# LDAP manager
+rootName = cn=admin, %%(basedn)s
+password = secret
+# If enabled, the MMC will create/move/delete the home of the users
+# Else will do nothing, but only write user informations into LDAP
+userHomeAction = 1
+# Skeleton directory to populate a new home directory
+skelDir = /etc/skel
+# If set, all new users will belong to this group when created
+defaultUserGroup = Domain Users
+# Default home directory for users
+defaultHomeDir = /home
+# user uid number start
+uidStart = 10000
+# group gid number start
+gidStart = 10000
+# LDAP log file path
+logfile = %(ldap_logfile_path)s
+# FDS log file path
+# logfile = /opt/fedora-ds/slapd-hostname/logs/access
+
+# you can specify here where you can authorized creation of your homedir
+# default is your defaultHomeDir
+# example:
+# authorizedHomeDir = /home, /home2, /mnt/depot/newhome
+
+# LDAP user password scheme to use
+# Possible values are "ssha", "crypt" and "passmod"
+# "passmod" uses the LDAP Password Modify Extended Operations to change
+# password. The password encryption is done by the LDAP server.
+passwordscheme = passmod
+
+#[backup-tools]
+## Path of the backup tools
+#path = /usr/lib/mmc/backup-tools
+## Where are put the archives
+#destpath = /home/archives
+
+# Computer inventory plugin to use (Pulse 2 related option)
+# [computers]
+# method = glpi
+# method = inventory
+
+# Audit system configuration
+# If commented, the audit module will be disabled
+# [audit]
+# method = database
+# dbhost = localhost
+# MySQL and PostgreSQL backends are available
+# dbdriver = postgres
+# dbport = 5432
+# dbdriver = mysql
+# dbport = 3306
+# dbuser = audit
+# dbpassword = audit
+# dbname = audit
+
+# User authentication configuration
+#[authentication]
+# Authenticators chain
+#method = baseldap externalldap
+
+# baseldap authenticator configuration
+#[authentication_baseldap]
+# Set a list of login that will only be authentified using this authenticator
+#authonly = root
+
+# Externalldap authenticator configuration
+#[authentication_externalldap]
+# Login list that won't be authenticated with this authenticator.
+#exclude =
+# If set, only the speficied logins will be authenticated with this
+# authenticator.
+#authonly =
+# Set whether this authenticator is mandatory. If it is mandatory and can't be
+# validated during the mmc-agent activation phase, the mmc-agent exits with an
+# error.
+#mandatory = True
+# LDAP server URLs. The LDAP server are selected in the given order when
+# authenticating a user.
+#ldapurl = ldap://192.168.0.1:389 ldap://192.168.0.2:389
+# LDAP connection timeout in seconds. If the LDAP connection failed after this
+# timeout, we try the next LDAP server in the list or give up if it the last.
+#network_timeout =
+# LDAP suffix where to search for user
+#suffix = cn=Users,dc=mandriva,dc=com
+# How to bind to the LDAP. Empty if anonymous
+#bindname = cn=account, cn=Users, dc=linboxad, dc=com
+#bindpasswd = s3cr3t
+#bindname =
+#bindpasswd =
+# User filter
+#filter = objectClass=*
+# User attribute containing her/his login
+#attr = cn
+
+# User provisioning configuration
+#[provisioning]
+#method = externalldap
+
+# externalldap provisioner configuration
+#[provisioning_externalldap]
+# Login list that won't be provisioned with this provisioner
+#exclude = root
+# These attributes are mandatory to create a user
+#ldap_uid = cn
+#ldap_givenName = sn
+#ldap_sn = sn
+# Other attributes to fill in
+#ldap_mail = mail
+#...
+# We are able to fill the ACL fields the user logs in according to the value of
+# an attribute from the external LDAP.
+# What is the field name ?
+#profile_attr =
+# Here we define two profiles: profile1 and profile2
+# profile1 allows the user to log in and change her/his password in the web
+# interface
+#profile_acl_profile1= :base#users#passwd/
+# profile2 disallows the user to do anything (no ACL defined)
+#profile_acl_profile2 =
+# ... You can define as much profile_acl_* options as you need
+# For each profile, we can create a group of user, and put users with a given
+# profile in the corresponding group automatically when they log in.
+# Set the next line to True to activate profile to group mapping
+#profile_group_mapping = False
+# A prefix for the created group can be set
+#profile_group_prefix =
+
+# Example userdefault settings to support Kerberos
+# [userdefault]
+# objectClass = +krb5KDCEntry,krb5Principal
+# krb5KeyVersionNumber = 1
+# krb5KDCFlags = 126
+# krb5PrincipalName = %uid%@DOMAIN
+
+# Subscription informations
+# [subscription]
+# product_name = MDS
+# vendor_name = Mandriva
+# vendor_mail = sales@mandriva.com
+# customer_name =
+# customer_mail =
+# comment =
+# users = 0
+# computers = 0
+# # Support informations
+# support_mail = customer@customercare.mandriva.com
+# support_phone = 0810 LINBOX
+# support_comment =
+

slapos/recipe/pulse2/template/mmc_conf/plugins/base.ini.in

+[ldap]
+# LDAP we are connected to
+# If ldapurl starts with "ldaps://", use LDAP over SSL on the LDAPS port.
+# LDAPS is deprecated, and you should use StartTLS.
+# If ldapverifypeer = demand, always use the server hostname instead of its IP
+# address in the LDAP URL. This hostname must match the CN field of the server
+# certificate.
+ldapurl = ldap://%(ldap_host)s:%(ldap_port)s
+# Network timeout in seconds for LDAP operations. No default timeout set.
+#network_timeout =
+# TLS connection parameters when LDAPS is not used:
+#  off - never use TLS (default value)
+#  start_tls - Use the LDAPv3 StartTLS extended operation (better)
+#start_tls = off
+# If start_tls != off or LDAPS, specify check to perform on server certificate:
+#  never - don't ask certificate
+#  demand - request certificate. If none or bad certificate provided, stop the
+#           connection (recommended)
+#ldapverifypeer = demand
+# Client certicates to use (default are empty) for LDAPS or TLS connections:
+# For example: /etc/ssl/certs
+#cacertdir =
+# For example: /etc/mmc/certs/demoCA/cacert.pem
+#cacert =
+# For example: /etc/mmc/certs/client.cert
+#localcert =
+# For example: /etc/mmc/certs/client.key
+#localkey =
+# Accepted ciphers
+# Use this for more security: TLSv1+SHA1+AES+DH:CAMELLIA:!NULL:!ADH
+#ciphersuites = TLSv1:!NULL
+# LDAP debug level - set this to 255 to debug LDAP connection problems
+#ldapdebuglevel = 0
+# LDAP base DN
+baseDN = dc=mandriva, dc=com
+# Users location in the LDAP
+baseUsersDN = ou=Users, %%(basedn)s
+# Groups location in the LDAP
+baseGroupsDN = ou=Groups, %%(basedn)s
+# LDAP manager
+rootName = cn=admin, %%(basedn)s
+password = secret
+# If enabled, the MMC will create/move/delete the home of the users
+# Else will do nothing, but only write user informations into LDAP
+userHomeAction = 1
+# Skeleton directory to populate a new home directory
+skelDir = /etc/skel
+# If set, all new users will belong to this group when created
+defaultUserGroup = Domain Users
+# Default home directory for users
+defaultHomeDir = /home
+# user uid number start
+uidStart = 10000
+# group gid number start
+gidStart = 10000
+# LDAP log file path
+logfile = %(ldap_logfile_path)s
+# FDS log file path
+# logfile = /opt/fedora-ds/slapd-hostname/logs/access
+
+# you can specify here where you can authorized creation of your homedir
+# default is your defaultHomeDir
+# example:
+# authorizedHomeDir = /home, /home2, /mnt/depot/newhome
+
+# LDAP user password scheme to use
+# Possible values are "ssha", "crypt" and "passmod"
+# "passmod" uses the LDAP Password Modify Extended Operations to change
+# password. The password encryption is done by the LDAP server.
+passwordscheme = passmod
+
+#[backup-tools]
+## Path of the backup tools
+#path = /usr/lib/mmc/backup-tools
+## Where are put the archives
+#destpath = /home/archives
+
+# Computer inventory plugin to use (Pulse 2 related option)
+# [computers]
+# method = glpi
+# method = inventory
+
+# Audit system configuration
+# If commented, the audit module will be disabled
+# [audit]
+# method = database
+# dbhost = localhost
+# MySQL and PostgreSQL backends are available
+# dbdriver = postgres
+# dbport = 5432
+# dbdriver = mysql
+# dbport = 3306
+# dbuser = audit
+# dbpassword = audit
+# dbname = audit
+
+# User authentication configuration
+#[authentication]
+# Authenticators chain
+#method = baseldap externalldap
+
+# baseldap authenticator configuration
+#[authentication_baseldap]
+# Set a list of login that will only be authentified using this authenticator
+#authonly = root
+
+# Externalldap authenticator configuration
+#[authentication_externalldap]
+# Login list that won't be authenticated with this authenticator.
+#exclude =
+# If set, only the speficied logins will be authenticated with this
+# authenticator.
+#authonly =
+# Set whether this authenticator is mandatory. If it is mandatory and can't be
+# validated during the mmc-agent activation phase, the mmc-agent exits with an
+# error.
+#mandatory = True
+# LDAP server URLs. The LDAP server are selected in the given order when
+# authenticating a user.
+#ldapurl = ldap://192.168.0.1:389 ldap://192.168.0.2:389
+# LDAP connection timeout in seconds. If the LDAP connection failed after this
+# timeout, we try the next LDAP server in the list or give up if it the last.
+#network_timeout =
+# LDAP suffix where to search for user
+#suffix = cn=Users,dc=mandriva,dc=com
+# How to bind to the LDAP. Empty if anonymous
+#bindname = cn=account, cn=Users, dc=linboxad, dc=com
+#bindpasswd = s3cr3t
+#bindname =
+#bindpasswd =
+# User filter
+#filter = objectClass=*
+# User attribute containing her/his login
+#attr = cn
+
+# User provisioning configuration
+#[provisioning]
+#method = externalldap
+
+# externalldap provisioner configuration
+#[provisioning_externalldap]
+# Login list that won't be provisioned with this provisioner
+#exclude = root
+# These attributes are mandatory to create a user
+#ldap_uid = cn
+#ldap_givenName = sn
+#ldap_sn = sn
+# Other attributes to fill in
+#ldap_mail = mail
+#...
+# We are able to fill the ACL fields the user logs in according to the value of
+# an attribute from the external LDAP.
+# What is the field name ?
+#profile_attr =
+# Here we define two profiles: profile1 and profile2
+# profile1 allows the user to log in and change her/his password in the web
+# interface
+#profile_acl_profile1= :base#users#passwd/
+# profile2 disallows the user to do anything (no ACL defined)
+#profile_acl_profile2 =
+# ... You can define as much profile_acl_* options as you need
+# For each profile, we can create a group of user, and put users with a given
+# profile in the corresponding group automatically when they log in.
+# Set the next line to True to activate profile to group mapping
+#profile_group_mapping = False
+# A prefix for the created group can be set
+#profile_group_prefix =
+
+# Example userdefault settings to support Kerberos
+# [userdefault]
+# objectClass = +krb5KDCEntry,krb5Principal
+# krb5KeyVersionNumber = 1
+# krb5KDCFlags = 126
+# krb5PrincipalName = %uid%@DOMAIN
+
+# Subscription informations
+# [subscription]
+# product_name = MDS
+# vendor_name = Mandriva
+# vendor_mail = sales@mandriva.com
+# customer_name =
+# customer_mail =
+# comment =
+# users = 0
+# computers = 0
+# # Support informations
+# support_mail = customer@customercare.mandriva.com
+# support_phone = 0810 LINBOX
+# support_comment =
+

slapos/recipe/pulse2/template/mmc_conf/plugins/ppolicy.ini.in

+[main]
+disable = 1
+
+[ppolicy]
+# Branch where the password policies are stored
+ppolicyDN = ou=Password Policies, %(baseDN)s
+# Name of the default password policy
+ppolicyDefault = default
+
+# This options are used only once to create the default password policy entry
+# into the LDAP
+[ppolicyattributes]
+pwdAttribute = userPassword
+pwdLockout = True
+pwdMaxFailure = 5
+pwdLockoutDuration = 900
+# Password can't be change if it not 7 days old
+pwdMinAge = 25200
+# Password expiration is 42 days
+pwdMaxAge = 3628800
+pwdMinLength = 8
+pwdInHistory = 5
+pwdMustChange = True
+# To check password quality
+pwdCheckModule = mmc-check-password.so
+pwdCheckQuality = 2

slapos/recipe/pulse2/template/my.cnf.in

+# ERP5 buildout my.cnf template based on my-huge.cnf shipped with mysql
+# The MySQL server
+[mysqld]
+# ERP5 by default requires InnoDB storage. MySQL by default fallbacks to using
+# different engine, like MyISAM. Such behaviour generates problems only, when
+# tables requested as InnoDB are silently created with MyISAM engine.
+#
+# Loud fail is really required in such case.
+sql-mode="NO_ENGINE_SUBSTITUTION"
+
+skip-show-database
+port = %(tcp_port)s
+bind-address = %(ip)s
+socket = %(socket)s
+datadir = %(data_directory)s
+pid-file = %(pid_file)s
+log-error = %(error_log)s
+log-slow-file = %(slow_query_log)s
+long_query_time = 5
+max_allowed_packet = 128M
+query_cache_size = 32M
+
+plugin-load = ha_innodb_plugin.so
+
+# The following are important to configure and depend a lot on to the size of
+# your database and the available resources.
+#innodb_buffer_pool_size = 4G
+#innodb_log_file_size = 256M
+#innodb_log_buffer_size = 8M
+
+# Some dangerous settings you may want to uncomment if you only want
+# performance or less disk access. Useful for unit tests.
+#innodb_flush_log_at_trx_commit = 0
+#innodb_flush_method = nosync
+#innodb_doublewrite = 0
+#sync_frm = 0
+
+# Uncomment the following if you need binary logging, which is recommended
+# on production instances (either for replication or incremental backups).
+#log-bin=mysql-bin
+
+# Force utf8 usage
+collation_server = utf8_unicode_ci
+character_set_server = utf8
+skip-character-set-client-handshake
+
+[mysql]
+no-auto-rehash
+socket = %(socket)s
+
+[mysqlhotcopy]
+interactive-timeout

slapos/recipe/pulse2/template/mysqlinit.sql.in

+CREATE DATABASE IF NOT EXISTS %(database)s;
+GRANT ALL PRIVILEGES ON %(database)s.* TO %(user)s@localhost IDENTIFIED BY %(password)r;
+GRANT ALL PRIVILEGES ON %(database)s.* TO %(user)s@'%%' IDENTIFIED BY %(password)r;
+GRANT SHOW DATABASES ON *.* TO %(user)s@localhost IDENTIFIED BY %(password)r;
+GRANT SHOW DATABASES ON *.* TO %(user)s@'%%' IDENTIFIED BY %(password)r;
+FLUSH PRIVILEGES;
+EXIT

slapos/recipe/pulse2/template/php.ini.in

+[PHP]
+engine = On
+safe_mode = Off
+expose_php = On
+error_reporting = E_ALL | E_STRICT
+display_errors = On
+display_startup_errors = On
+log_errors = On
+log_errors_max_len = 1024
+ignore_repeated_errors = Off
+ignore_repeated_source = Off

slapos/recipe/pulse2/template/pulse2_conf/plugins/dyngroup.ini.in

+[main]
+# Is the plugin disable ?
+disable = 0
+# Are dynamic group enable ?
+dynamic_enable = 1
+# Are profiles enable ?
+# profiles_enable = 0
+
+# Preselected module in the dynamic group creation page
+# default_module = 
+
+# Maximum number of elements in the static group creation list
+# max_elements_for_static_list = 2000
+
+[database]
+dbdriver = mysql
+dbhost = %(mysql_host)s
+dbport = %(mysql_port)s
+dbuser = %(mysql_user)s
+dbpasswd = %(mysql_password)s
+dbname = dyngroup
+# dbsslenable = 0
+# dbsslca =
+# dbsslcert =
+# dbsslkey =
+# Database connection lifetime
+# dbpoolrecycle = 60
+# Database connection pool size
+# dbpoolsize = 5
+
+[querymanager]
+# can we query on group names ?
+activate = 0
+                                                

slapos/recipe/pulse2/template/pulse2_conf/plugins/glpi.ini.in

+[main]
+disable = 0
+dbdriver = mysql
+dbhost = %(mysql_host)s
+dbport = %(mysql_port)s
+dbuser = %(mysql_user)s
+dbpasswd = %(mysql_password)s
+dbname = glpi
+# dbsslenable = 0
+# dbsslca =
+# dbsslcert =
+# dbsslkey =
+# Database connection lifetime
+# dbpoolrecycle = 60
+# Database connection pool size
+# dbpoolsize = 5
+
+# Allow users to filter computers list using an entity selector
+localisation = True
+# Accepted GLPI profiles. A user must have her/his GLPI profile in this list
+# else she/he can't display any computers from the GLPI inventory
+# active_profiles = profile1 profile2 profile3
+# Only display computers with the specified state
+# filter_on = state=3
+
+# Give the uri to link to for a computer inventory
+# glpi_computer_uri =
+# should be something like that :
+# glpi_computer_uri = http://localhost/glpi/front/computer.form.php?ID=
+
+# Tell whether the query manager of the dyngroup plugin can use this module
+[querymanager]
+activate = True
+
+# GLPI authentication configuration
+#[authentication_glpi]
+# URL to connect to the GLPI HTTP interface ?
+#baseurl = http://glpi-server/glpi/
+
+# GLPI provisioning configuration
+#[provisioning_glpi]
+# Users that will never be provisioned
+#exclude = root
+# Before provisioning, should we perform a GLPI authentication to create or
+# update the user informations in the GLPI database ?
+#doauth = 1
+# MMC web interface ACLs definition according to the user GLPI profile
+#profile_acl_profile1 = :##:base#main#default
+#profile_acl_profile2 =
+#profile_acl_profile3 =
+# If the user belong to more than one profile, the first profile of this list
+# will be used
+#profiles_order = profile1 profile2 profile3