Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Yusei Tahara
slapos
Commits
45ae3c3b
Commit
45ae3c3b
authored
Mar 28, 2013
by
Kazuhiko Shiozaki
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'master' into erp5-component
parents
eb79c1f2
3b43f325
Changes
19
Hide whitespace changes
Inline
Side-by-side
Showing
19 changed files
with
853 additions
and
19 deletions
+853
-19
component/nginx/buildout.cfg
component/nginx/buildout.cfg
+5
-10
setup.py
setup.py
+1
-1
slapos/recipe/reverse_proxy_nginx/__init__.py
slapos/recipe/reverse_proxy_nginx/__init__.py
+102
-0
slapos/recipe/reverse_proxy_nginx/template/nginx.conf.in
slapos/recipe/reverse_proxy_nginx/template/nginx.conf.in
+49
-0
software/apache-frontend/README.apache_frontend.txt
software/apache-frontend/README.apache_frontend.txt
+4
-4
software/helloworld/instance.cfg.in
software/helloworld/instance.cfg.in
+5
-3
software/hexaglobe-watermarking/common.cfg
software/hexaglobe-watermarking/common.cfg
+68
-0
software/hexaglobe-watermarking/development.cfg
software/hexaglobe-watermarking/development.cfg
+25
-0
software/hexaglobe-watermarking/instance-edge.cfg.in
software/hexaglobe-watermarking/instance-edge.cfg.in
+26
-0
software/hexaglobe-watermarking/instance-watermarking.cfg.in
software/hexaglobe-watermarking/instance-watermarking.cfg.in
+195
-0
software/hexaglobe-watermarking/instance.cfg.in
software/hexaglobe-watermarking/instance.cfg.in
+14
-0
software/hexaglobe-watermarking/template/nginx.conf.in
software/hexaglobe-watermarking/template/nginx.conf.in
+30
-0
software/hexaglobe-watermarking/template/watermarkadmin.ini.in
...are/hexaglobe-watermarking/template/watermarkadmin.ini.in
+20
-0
software/maarch/migration.txt
software/maarch/migration.txt
+54
-0
software/maarch/software.cfg
software/maarch/software.cfg
+1
-1
software/reverse-proxy-nginx/common.cfg
software/reverse-proxy-nginx/common.cfg
+29
-0
software/reverse-proxy-nginx/development.cfg
software/reverse-proxy-nginx/development.cfg
+24
-0
software/reverse-proxy-nginx/instance.cfg.in
software/reverse-proxy-nginx/instance.cfg.in
+188
-0
software/zimbra-kvm/instance-kvm.cfg.in
software/zimbra-kvm/instance-kvm.cfg.in
+13
-0
No files found.
component/nginx/buildout.cfg
View file @
45ae3c3b
...
...
@@ -11,20 +11,15 @@ md5sum = d252f5c689a14a668e241c744ccf5f06
configure-options=
--with-ipv6
--with-http_ssl_module
--with-mail
--with-mail_ssl_module
--with-ld-opt="-L ${zlib:location}/lib -L ${openssl:location}/lib -L ${pcre:location}/lib -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${openssl:location}/lib"
--with-cc-opt="-I ${pcre:location}/include -I ${openssl:location}/include -I ${zlib:location}/include"
[nginx-unstable]
recipe = hexagonit.recipe.cmmi
url = http://nginx.org/download/nginx-1.3.14.tar.gz
md5sum = 9b13753c88ea682fddd1495cb36e5d39
configure-options=
--with-ipv6
--with-http_ssl_module
--with-ld-opt="-L ${zlib:location}/lib -L ${openssl:location}/lib -L ${pcre:location}/lib -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${openssl:location}/lib"
--with-cc-opt="-I ${pcre:location}/include -I ${openssl:location}/include -I ${zlib:location}/include"
<= nginx
url = http://nginx.org/download/nginx-1.3.15.tar.gz
md5sum = ded252047393c79a31b0862e9166a065
[hexaglobe-nginx-module]
recipe = hexagonit.recipe.download
...
...
setup.py
View file @
45ae3c3b
...
...
@@ -162,6 +162,7 @@ setup(name=name,
'request.serialised = slapos.recipe.request:Serialised'
,
'request.edge = slapos.recipe.request:RequestEdge'
,
'requestoptional = slapos.recipe.request:RequestOptional'
,
'reverseproxy.nginx = slapos.recipe.reverse_proxy_nginx:Recipe'
,
'seleniumrunner = slapos.recipe.seleniumrunner:Recipe'
,
'sheepdogtestbed = slapos.recipe.sheepdogtestbed:SheepDogTestBed'
,
'shell = slapos.recipe.shell:Recipe'
,
...
...
@@ -195,7 +196,6 @@ setup(name=name,
'zabbixagent = slapos.recipe.zabbixagent:Recipe'
,
'zimbra.kvm = slapos.recipe.zimbra_kvm:Recipe'
,
'zeo = slapos.recipe.zeo:Recipe'
,
],
'slapos.recipe.nosqltestbed.plugin'
:
[
'kumo = slapos.recipe.nosqltestbed.kumo:KumoTestBed'
,
...
...
slapos/recipe/reverse_proxy_nginx/__init__.py
0 → 100644
View file @
45ae3c3b
##############################################################################
#
# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
import
operator
from
slapos.recipe.librecipe
import
GenericSlapRecipe
import
zc.buildout
class
Recipe
(
GenericSlapRecipe
):
def
_install
(
self
):
path_list
=
[]
# Check for mandatory arguments
domain_name
=
self
.
options
[
'domain'
]
if
not
domain_name
:
raise
zc
.
buildout
.
UserError
(
'No domain name specified. Please define '
'the "domain" instance parameter.'
)
# XXX: add HTTP support
#https_port_number = self.options['https-port']
#http_port_number = self.options['http-port']
# Parse list of slaves
slave_instance_list
=
sorted
(
self
.
options
[
'slave-instance-list'
],
key
=
operator
.
itemgetter
(
'slave_reference'
))
# Now, we only take first instance and only use this one.
# XXX: TODO real implementation of slaves
zimbra_slave_instance
=
slave_instance_list
[
0
]
# Generate Nginx configuration
nginx_configuration_dict
=
{
'listen-local-ipv4'
:
self
.
options
[
'ipv4'
],
'listen-global-ipv6'
:
'[%s]'
%
self
.
options
[
'ipv6'
],
'domain-name'
:
domain_name
,
'smtp-port-number'
:
self
.
options
[
'smtp-port'
],
'error-log'
:
self
.
options
[
'error-log'
],
'access-log'
:
self
.
options
[
'access-log'
],
'htdocs'
:
self
.
options
[
'htdocs'
],
'smtp-upstream-host'
:
zimbra_slave_instance
[
'smtp-upstream-host'
],
'smtp-upstream-port'
:
zimbra_slave_instance
[
'smtp-upstream-port'
],
}
nginx_configuration_file
=
self
.
createFile
(
self
.
options
[
'configuration-file'
],
self
.
substituteTemplate
(
self
.
getTemplateFilename
(
'nginx.conf.in'
),
nginx_configuration_dict
)
)
path_list
.
append
(
nginx_configuration_file
)
# Generate Nginx wrapper
wrapper
=
self
.
createWrapper
(
name
=
self
.
options
[
'wrapper'
],
command
=
self
.
options
[
'nginx-executable'
],
parameters
=
[
'-c'
,
self
.
options
[
'configuration-file'
],
'-p'
,
self
.
options
[
'home-directory'
]
]
)
# TODO: reload configuration or have feature like apache_map
# Send connection informations about each slave
for
slave_instance
in
slave_instance_list
:
reference
=
slave_instance
.
get
(
"slave_reference"
)
self
.
logger
.
debug
(
'Sending connection parameters of slave '
'instance: %s'
%
reference
)
try
:
connection_dict
=
{
'listening-ipv6'
:
self
.
options
[
'ipv6'
],
# Arbitrary, as the instance doesn't know its public IP.
'listening-ipv4'
:
self
.
options
[
'public-ipv4'
],
# XXX-TODO
#'site_url': url,
}
self
.
setConnectionDict
(
connection_dict
,
reference
)
except
:
self
.
logger
.
fatal
(
"Error while sending slave %s informations: %s"
,
reference
,
traceback
.
format_exc
())
return
path_list
slapos/recipe/reverse_proxy_nginx/template/nginx.conf.in
0 → 100644
View file @
45ae3c3b
daemon off;
worker_processes 1;
#XXX-Cedric: TODO separate the different logs
error_log %(error-log)s info;
events {
worker_connections 1024;
use epoll;
}
http {
log_format main
'$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$gzip_ratio"';
server {
listen %(listen-local-ipv4)s:8008;
server_name localhost;
access_log %(access-log)s main;
error_log %(error-log)s info;
root %(htdocs)s;
location ~ $ {
add_header Auth-Server %(smtp-upstream-host)s;
add_header Auth-Port %(smtp-upstream-port)s;
return 200;
}
}
}
mail {
server_name %(domain-name)s;
auth_http %(listen-local-ipv4)s:8008;
server {
listen %(listen-local-ipv4)s:%(smtp-port-number)s;
listen %(listen-global-ipv6)s:%(smtp-port-number)s;
protocol smtp;
timeout 5s;
proxy on;
xclient off;
smtp_auth none;
}
}
software/apache-frontend/README.apache_frontend.txt
View file @
45ae3c3b
...
...
@@ -195,8 +195,8 @@ Notes
It is not possible with slapos to listen to port <= 1024, because process are
not run as root.
Solution 1
----------
Solution 1
(IPv4 only)
----------
------------
It is a good idea then to go on the node where the instance is
and set some iptables rules like (if using default ports)::
...
...
@@ -207,8 +207,8 @@ and set some iptables rules like (if using default ports)::
Where {public ip} is the public IP of your server, or at least the LAN IP to where your NAT will forward to.
{listening ip} is the private ipv4 (like 10.0.34.123) that the instance is using and sending as connection parameter.
Solution 2
----------
Solution 2
(IPv6 only)
----------
------------
It is also possible to directly allow the service to listen on 80 and 443 ports using the following command:
...
...
software/helloworld/instance.cfg.in
View file @
45ae3c3b
...
...
@@ -29,7 +29,9 @@ cert = $${slap_connection:cert_file}
# Define default parameter(s) that will be used later, in case user didn't
# specify it
name = anonymous
# All parameters are available through the configuration.XX syntax.
# All possible parameters should have a default.
configuration.name = anonymous
# Create all needed directories, depending on your needs
...
...
@@ -52,7 +54,7 @@ promise = $${:etc}/promise/
# This recipe will try to "exec" the command-line after separating parameters.
recipe = slapos.cookbook:wrapper
# Notice that there is only one $ at ${dash:location}, it is because it comes from the Software Release buildout profile.
command-line = ${dash:location}/bin/dash -c 'echo "Hello $${instance-parameter:name}!"; sleep 100000;'
command-line = ${dash:location}/bin/dash -c 'echo "Hello $${instance-parameter:
configuration.
name}!"; sleep 100000;'
# Put this shell script in the "etc/service" directory. Every executable of this
# repository will be started and monitored by supervisord
wrapper-path = $${directory:service}/hello-world
...
...
@@ -63,4 +65,4 @@ wrapper-path = $${directory:service}/hello-world
# Here we'll just echo back the entered name as instance parameter
[publish-connection-parameter]
recipe = slapos.cookbook:publish
name = Hello $${instance-parameter:name}!
name = Hello $${instance-parameter:
configuration.
name}!
software/hexaglobe-watermarking/common.cfg
0 → 100644
View file @
45ae3c3b
[buildout]
extends =
../../component/dash/buildout.cfg
../../component/dcron/buildout.cfg
../../component/gzip/buildout.cfg
../../component/logrotate/buildout.cfg
../../component/nginx/buildout.cfg
../../component/openssl/buildout.cfg
../../stack/slapos.cfg
parts =
slapos-cookbook
watermarkingadmin
eggs
instance-profile
develop =
${buildout:directory}/parts/watermarkingadmin
[watermarkingadmin]
recipe = hexagonit.recipe.download
url = http://easicloud-p.cdn.hexaglobe.net/api10.tar.gz
#md5sum =
[eggs]
recipe = zc.recipe.egg
eggs =
watermarkingadmin
slapos.toolbox
[watermarkadmin.ini.in]
recipe = slapos.recipe.download
url = ${:_profile_base_location_}/template/${:_buildout_section_name_}
md5sum = 2edc2acd102a465a0f21d8cd982ba4bf
download-only = true
#filename = template.in
mode = 0644
location = ${buildout:parts-directory}/${:_buildout_section_name_}
[nginx.conf.in]
recipe = slapos.recipe.download
url = ${:_profile_base_location_}/template/${:_buildout_section_name_}
md5sum = 7e41dfcb633ce52be42457ffd5b123d8
download-only = true
#filename = template.in
mode = 0644
location = ${buildout:parts-directory}/${:_buildout_section_name_}
[instance-profile]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance.cfg.in
output = ${buildout:directory}/instance.cfg
#md5sum = 650cd2527158734fd6ccd9ec374b5e69
mode = 0644
[watermarking-instance-profile]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-watermarking.cfg.in
output = ${buildout:directory}/instance-watermarking.cfg
#md5sum = 76c88bfc59bc9c2d05fa13cc960349c7
mode = 0644
[edge-instance-profile]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-edge.cfg.in
output = ${buildout:directory}/instance-edge.cfg
#md5sum = 650cd2527158734fd6ccd9ec374b5e69
mode = 0644
software/hexaglobe-watermarking/development.cfg
0 → 100644
View file @
45ae3c3b
[buildout]
extends =
../../component/git/buildout.cfg
common.cfg
parts +=
slapos.cookbook-repository
check-recipe
develop +=
${:parts-directory}/slapos.cookbook-repository
[slapos.cookbook-repository]
recipe = slapos.recipe.build:gitclone
repository = http://git.erp5.org/repos/slapos.git
branch = hexaglobe-watermarking
git-executable = ${git:location}/bin/git
[check-recipe]
recipe = plone.recipe.command
stop-on-error = true
update-command = ${:command}
command =
grep parts ${buildout:develop-eggs-directory}/slapos.cookbook.egg-link
software/hexaglobe-watermarking/instance-edge.cfg.in
0 → 100644
View file @
45ae3c3b
# This instance will request other instances of lamp-generic depending on a
# list of countries.
[buildout]
parts =
request-edge
publish-connection-parameter
eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true
[request-edge]
<= slap-connection
recipe = slapos.cookbook:request.edge
# This magic parameter triggers several requests, one request per country.
name = watermark
country-list = $${slap-parameter:country-list}
software-url = $${slap-connection:software-release-url}
software-type = default
return = url admin-url admin-url-ipv6
[publish-connection-parameter]
recipe = slapos.cookbook:publishsection
section-list = request-edge
software/hexaglobe-watermarking/instance-watermarking.cfg.in
0 → 100644
View file @
45ae3c3b
[buildout]
parts =
directory
nginx
watermarkadmin
logrotate
logrotate-entry-nginx
cron
cron-entry-logrotate
watermarkadmin-promise
publish-connection-parameter
# Define egg directories to be the one from Software Release
# (/opt/slapgrid/...)
eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true
# Fetch parameters defined in SlapOS Master for this instance
[instance-parameter]
recipe = slapos.cookbook:slapconfiguration
computer = $${slap-connection:computer-id}
partition = $${slap-connection:partition-id}
url = $${slap-connection:server-url}
key = $${slap-connection:key-file}
cert = $${slap-connection:cert-file}
# Set default parameters
http-port = 8080
administration-port = 5000
# Create needed directories
[directory]
recipe = slapos.cookbook:mkdirectory
home = $${buildout:directory}
bin = $${:home}/bin
etc = $${:home}/etc
srv = $${:home}/srv
service = $${:etc}/service
promise = $${:etc}/promise
var = $${:home}/var
backup = $${:srv}/backup
log = $${:var}/log
run = $${:var}/run
nginx-configuration = $${:etc}/nginx
nginx-vhost-configuration = $${:nginx-configuration}/vhost
nginx-log = $${:home}/logs
nginx-cache = $${:var}/cache
nginx-temp-path = $${:srv}/nginx-proxy
cron-entries = $${:etc}/cron.d
crontabs = $${:etc}/crontabs
cronstamps = $${:etc}/cronstamps
logrotate-entries = $${:etc}/logrotate.d
logrotate-backup = $${:backup}/logrotate
# Deploy nginx
[nginx-configuration]
recipe = slapos.cookbook:configurationfile
configuration-template-path = ${nginx.conf.in:location}/nginx.conf.in
configuration-file-path = $${directory:nginx-configuration}/nginx.conf
vhost-configuration-directory-location = $${directory:nginx-vhost-configuration}
nginx-prefix = ${nginx-enable-sub:location}
nginx-temp-path = $${directory:nginx-temp-path}
pid-file = $${directory:run}/nginx.pid
home-directory = $${directory:home}
[nginx]
recipe = slapos.cookbook:wrapper
nginx-executable = $${:nginx-prefix}/sbin/nginx
nginx-prefix = ${nginx-enable-sub:location}
command-line = $${:nginx-executable} -c $${nginx-configuration:configuration-file-path} -p $${directory:home}
wrapper-path = $${directory:service}/nginx
# Deploy administration API server
[watermarkadmin-configuration]
recipe = slapos.cookbook:configurationfile
configuration-template-path = ${watermarkadmin.ini.in:location}/watermarkadmin.ini.in
configuration-file-path = $${directory:etc}/watermarkadmin.ini
flask-database-location = $${directory:srv}/flask.db
nginx-prefix = $${directory:home}
nginx-port = $${instance-parameter:http-port}
nginx-configuration-file-location = $${nginx-configuration:configuration-file-path}
nginx-executable-location = $${nginx:nginx-executable}
nginx-pidfile-location = $${nginx-configuration:pid-file}
nginx-vhost-configuration-directory-location = $${directory:nginx-vhost-configuration}
nginx-log-directory-location = $${directory:nginx-log}
nginx-cache-directory-location = $${directory:nginx-cache}
global-ip = $${instance-parameter:ipv6-random}
[watermarkadmin]
recipe = slapos.cookbook:wrapper
command-line =
${buildout:directory}/bin/api $${watermarkadmin-configuration:configuration-file-path}
wrapper-path = $${directory:service}/watermarkingadmin
# Deploy logrotate
[logrotate]
recipe = slapos.cookbook:logrotate
# Binaries
logrotate-binary = ${logrotate:location}/usr/sbin/logrotate
gzip-binary = ${gzip:location}/bin/gzip
gunzip-binary = ${gzip:location}/bin/gunzip
# Directories
wrapper = $${directory:bin}/logrotate
conf = $${directory:etc}/logrotate.conf
logrotate-entries = $${directory:logrotate-entries}
backup = $${directory:logrotate-backup}
state-file = $${directory:srv}/logrotate.status
[logrotate-entry-nginx]
<= logrotate
recipe = slapos.cookbook:logrotate.d
name = nginx
log = $${watermarkadmin-configuration:nginx-log-directory-location}/*.log
frequency = daily
rotate-num = 30
post = ${buildout:bin-directory}/killpidfromfile $${nginx-configuration:pid-file} SIGUSR1
sharedscripts = true
notifempty = true
create = true
# Deploy cron and configure it
[cron-simplelogger]
recipe = slapos.cookbook:simplelogger
wrapper = $${directory:bin}/cron_simplelogger
log = $${directory:log}/crond.log
[cron]
recipe = slapos.cookbook:cron
dcrond-binary = ${dcron:location}/sbin/crond
cron-entries = $${directory:cron-entries}
crontabs = $${directory:crontabs}
cronstamps = $${directory:cronstamps}
catcher = $${cron-simplelogger:wrapper}
binary = $${directory:service}/crond
[cron-entry-logrotate]
<= cron
recipe = slapos.cookbook:cron.d
name = logrotate
frequency = 0 0 * * *
command = $${logrotate:wrapper}
# Request frontend
[request-frontend]
<= slap-connection
recipe = slapos.cookbook:requestoptional
name = Frontend for $${slap-connection:computer-id} $${slap-connection:partition-id}
# XXX We have hardcoded SR URL here.
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
slave = true
config = url
config-url = http://[$${instance-parameter:ipv6-random}]:5000
return = site_url
# Check promises
[watermarkadmin-promise]
recipe = slapos.cookbook:check_port_listening
path = $${directory:promise}/watermarkadmin-promise
hostname = $${instance-parameter:ipv6-random}
port = $${instance-parameter:administration-port}
[watermarkadmin-promise-frontend]
recipe = slapos.cookbook:check_page_content
path = $${directory:promises}/watermarkadmin-frontend-promise
url = $${request-frontend:connection-site_url}
dash_path = ${dash:location}/bin/dash
curl_path = ${curl:location}/bin/curl
match = If you entered the URL manually please check your spelling and try again.
# Publish instance connection parameters
[publish-connection-parameter]
recipe = slapos.cookbook:publish
url = http://[$${instance-parameter:ipv6-random}]:$${instance-parameter:http-port}
# XXX-Cedric: hardcoded
admin-url-ipv6 = http://[$${instance-parameter:ipv6-random}]:5000
admin-url = $${request-frontend:connection-site_url}
software/hexaglobe-watermarking/instance.cfg.in
0 → 100644
View file @
45ae3c3b
[buildout]
parts =
switch-softwaretype
eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true
[switch-softwaretype]
recipe = slapos.cookbook:softwaretype
default = ${watermarking-instance-profile:output}
watermarking = ${watermarking-instance-profile:output}
edge = ${edge-instance-profile:output}
software/hexaglobe-watermarking/template/nginx.conf.in
0 → 100644
View file @
45ae3c3b
daemon off;
worker_processes 1;
pid %(pid-file)s;
events {
worker_connections 1024;
}
http {
log_format up_log '$remote_addr - $remote_user [$time_local] $request '
'upstream_response_time $upstream_response_time '
'msec $msec request_time $request_time'
'cache_status $upstream_cache_status';
log_format sysl '"$time_local", "$http_referer", "$host", "$request", '
'"$status", "$http_user_agent", "$remote_addr", '
'"$bytes_sent", "$request_time"';
proxy_temp_path %(nginx-temp-path)s;
include %(nginx-prefix)s/conf/mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include %(vhost-configuration-directory-location)s/*.conf;
}
software/hexaglobe-watermarking/template/watermarkadmin.ini.in
0 → 100644
View file @
45ae3c3b
[nginx]
vhosts = %(nginx-vhost-configuration-directory-location)s
log = %(nginx-log-directory-location)s
data = %(nginx-cache-directory-location)s
max_size = 1024m
inactive = 120m
port = %(nginx-port)s
pidfile = %(nginx-pidfile-location)s
nginx_bin = %(nginx-executable-location)s
conf = %(nginx-configuration-file-location)s
prefix = %(nginx-prefix)s
[flask]
DATABASE = %(flask-database-location)s
MAX_CONTENT_LENGTH = 4096
[api]
user = admin
pass = 276eeed9056ac2486f9c0237bb0be227
ip = %(global-ip)s
software/maarch/migration.txt
0 → 100644
View file @
45ae3c3b
**************************************************************************
This howto is for private networks only, in case the customer is migrating
from a previously installed Maarch.
**************************************************************************
Hot to install Maarch with SlapOS
=================================
1) Require the right Software Release ({insert SR number/URL here})
2) Request an instance of that Software Release.
Since we need to provide a parameter (type=resilient) that is not available through
the SlapOS web site, it must be done at command line.
If you are migrating data from an existing Maarch installation:
2.1) copy a 'data only' SQL dump - no schema - to the server that contains
the instance. Let's say it is /tmp/data.sql
The file must be readable by world, because we don't know yet the number
of the partition that will need to access it.
Remember to remove it afterwards.
The command line to request a partition is:
slapos request /etc/opt/slapos/slapos-client.cfg maarch-instance-name \
http://git.erp5.org/gitweb/slapos.git/blob_plain/refs/tags/slapos-0.159:/software/maarch/software.cfg \
--type=resilient --configuration maarch-sql-data-file=/tmp/data.sql
If you are not migrating data, don't provide the maarch-sql-data-file parameter.
A minimal working database will be created.
3) deploy the instance.
You should be able to connect to both Maarch (user 'superadmin')
and Postgres (user 'postgres') with the (very long)
passport reported in the connection parameters of the partition 'apache0'.
NB: even if you copied the SQL data from a previous installation, the 'superadmin' password
is set from the published connection parameter. If there are other admin accounts,
their password is not changed.
4) Again, only if you are migrating:
connect to the server, inside the partition of type apache-export
copy the docservers data inside the folders:
srv/docservers/ai
srv/docservers/manual
srv/docservers/OAIS_main
srv/docservers/OAIS_safe
srv/docservers/offline
srv/docservers/templates
also, change the owner and group of the copied files to the user that owns the partition.
software/maarch/software.cfg
View file @
45ae3c3b
...
...
@@ -27,7 +27,7 @@ extensions = buildout-versions
[slapos.cookbook-repository]
recipe = slapos.recipe.build:gitclone
repository = http://git.erp5.org/repos/slapos.git
revision = 7
dce435eca6fe2eeff60c865d41ee40db59257fa
revision = 7
285bc913e6ea46a36ad2a887af6e9fab010ca74
git-executable = ${git:location}/bin/git
...
...
software/reverse-proxy-nginx/common.cfg
0 → 100644
View file @
45ae3c3b
[buildout]
# XXX-Cedric: cahnge name to reverse-proxy-nginx
extends =
../../component/dcron/buildout.cfg
../../component/gzip/buildout.cfg
../../component/logrotate/buildout.cfg
../../component/nginx/buildout.cfg
../../component/openssl/buildout.cfg
../../stack/slapos.cfg
parts =
slapos-cookbook
eggs
instance-profile
[eggs]
recipe = zc.recipe.egg
eggs =
slapos.toolbox
[instance-profile]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance.cfg.in
output = ${buildout:directory}/instance.cfg
#md5sum = 650cd2527158734fd6ccd9ec374b5e69
mode = 0644
software/reverse-proxy-nginx/development.cfg
0 → 100644
View file @
45ae3c3b
[buildout]
extends =
../../component/git/buildout.cfg
common.cfg
parts +=
slapos.cookbook-repository
check-recipe
develop =
${:parts-directory}/slapos.cookbook-repository
[slapos.cookbook-repository]
recipe = slapos.recipe.build:gitclone
repository = http://git.erp5.org/repos/slapos.git
branch = slaprunner
git-executable = ${git:location}/bin/git
[check-recipe]
recipe = plone.recipe.command
stop-on-error = true
update-command = ${:command}
command =
grep parts ${buildout:develop-eggs-directory}/slapos.cookbook.egg-link
software/reverse-proxy-nginx/instance.cfg.in
0 → 100644
View file @
45ae3c3b
[buildout]
parts =
directory
reverse-proxy
certificate-authority
ca-nginx
logrotate
logrotate-entry-nginx
cron
cron-entry-logrotate
smtp-port-promise
publish-connection-parameter
# Define egg directories to be the one from Software Release
# (/opt/slapgrid/...)
eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true
# Fetch parameters defined in SlapOS Master for this instance
[instance-parameter]
recipe = slapos.cookbook:slapconfiguration
computer = $${slap-connection:computer-id}
partition = $${slap-connection:partition-id}
url = $${slap-connection:server-url}
key = $${slap-connection:key-file}
cert = $${slap-connection:cert-file}
# Set default parameters
configuration.slave-instance-list =
configuration.domain = un-hardcode-me
#configuration.http-port = 80
#configuration.https-port = 443
configuration.smtp-port = 25
configuration.public-ipv4 =
# Create needed directories
[directory]
recipe = slapos.cookbook:mkdirectory
home = $${buildout:directory}
bin = $${:home}/bin
etc = $${:home}/etc
srv = $${:home}/srv
var = $${:home}/var
service = $${:etc}/service
promise = $${:etc}/promise
backup = $${:srv}/backup
log = $${:var}/log
run = $${:var}/run
ca-dir = $${:srv}/ssl
ca-requests = $${:ca-dir}/requests
ca-private = $${:ca-dir}/private
ca-certs = $${:ca-dir}/certs
ca-newcerts = $${:ca-dir}/newcerts
ca-crl = $${:ca-dir}/crl
nginx-configuration = $${:etc}/nginx
nginx-ssl = $${:ca-dir}/nginx
nginx-log = $${:home}/logs
nginx-htdocs = $${:srv}/www
cron-entries = $${:etc}/cron.d
crontabs = $${:etc}/crontabs
cronstamps = $${:etc}/cronstamps
logrotate-entries = $${:etc}/logrotate.d
logrotate-backup = $${:backup}/logrotate
# Deploy nginx and publish connection parameters inside of the recipe
[reverse-proxy]
recipe = slapos.cookbook:reverseproxy.nginx
nginx-executable = ${nginx-unstable:location}/sbin/nginx
wrapper = $${directory:bin}/nginx
configuration-file = $${directory:nginx-configuration}/nginx.conf
ipv6 = $${instance-parameter:ipv6-random}
ipv4 = $${instance-parameter:ipv4-random}
slave-instance-list = $${instance-parameter:slave-instance-list}
#http-port = $${instance-parameter:http-port}
#https-port = $${instance-parameter:https-port}
smtp-port = $${instance-parameter:configuration.smtp-port}
domain = $${instance-parameter:configuration.domain}
access-log = $${directory:nginx-log}/access.log
error-log = $${directory:nginx-log}/error.log
key-file = $${directory:nginx-configuration}/nginx.key
cert-file = $${directory:nginx-configuration}/nginx.crt
pid-file = $${directory:run}/nginx
htdocs = $${directory:nginx-htdocs}
home-directory = $${directory:home}
# Set the public IPs (if possible) as slave connection parameter so that user knows what IP
# to bind to its domain name
public-ipv4 = $${instance-parameter:configuration.public-ipv4}
# Create and handle certificate related stuffs, including encapsulating run of nginx executable
[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = ${openssl:location}/bin/openssl
ca-dir = $${directory:ca-dir}
requests-directory = $${directory:ca-requests}
wrapper = $${directory:service}/ca
ca-private = $${directory:ca-private}
ca-certs = $${directory:ca-certs}
ca-newcerts = $${directory:ca-newcerts}
ca-crl = $${directory:ca-crl}
[ca-nginx]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
executable = $${reverse-proxy:wrapper}
wrapper = $${directory:service}/nginx
key-file = $${reverse-proxy:key-file}
cert-file = $${reverse-proxy:cert-file}
# Deploy logrotate
[logrotate]
recipe = slapos.cookbook:logrotate
# Binaries
logrotate-binary = ${logrotate:location}/usr/sbin/logrotate
gzip-binary = ${gzip:location}/bin/gzip
gunzip-binary = ${gzip:location}/bin/gunzip
# Directories
wrapper = $${directory:bin}/logrotate
conf = $${directory:etc}/logrotate.conf
logrotate-entries = $${directory:logrotate-entries}
backup = $${directory:logrotate-backup}
state-file = $${directory:srv}/logrotate.status
[logrotate-entry-nginx]
<= logrotate
recipe = slapos.cookbook:logrotate.d
name = nginx
log = $${reverse-proxy:access-log} $${reverse-proxy:error-log}
frequency = daily
rotate-num = 30
post = ${buildout:bin-directory}/killpidfromfile $${reverse-proxy:pid-file} SIGUSR1
sharedscripts = true
notifempty = true
create = true
# Deploy cron and configure it
[cron-simplelogger]
recipe = slapos.cookbook:simplelogger
wrapper = $${directory:bin}/cron_simplelogger
log = $${directory:log}/crond.log
[cron]
recipe = slapos.cookbook:cron
dcrond-binary = ${dcron:location}/sbin/crond
cron-entries = $${directory:cron-entries}
crontabs = $${directory:crontabs}
cronstamps = $${directory:cronstamps}
catcher = $${cron-simplelogger:wrapper}
binary = $${directory:service}/crond
[cron-entry-logrotate]
<= cron
recipe = slapos.cookbook:cron.d
name = logrotate
frequency = 0 0 * * *
command = $${logrotate:wrapper}
# Check promises
[smtp-port-promise]
recipe = slapos.cookbook:check_port_listening
path = $${directory:promise}/smtp-port-promise
hostname = $${instance-parameter:ipv6-random}
port = $${instance-parameter:configuration.smtp-port}
# Publish instance connection parameters
# Note: Parameters of slaves are published in the reverse-proxy recipe
[publish-connection-parameter]
recipe = slapos.cookbook:publish
ipv4 = $${instance-parameter:ipv4-random}
ipv6 = $${instance-parameter:ipv6-random}
software/zimbra-kvm/instance-kvm.cfg.in
View file @
45ae3c3b
...
...
@@ -215,6 +215,18 @@ config-url = https://[$${tunnel-ipv6-kvm-https:ipv6}]:$${tunnel-ipv6-kvm-https:i
return = site_url
config-custom_domain = $${slap-parameter:domain}
[request-smtp-frontend]
<= slap-connection
recipe = slapos.cookbook:requestoptional
name = SMTP Frontend
# XXX We have hardcoded SR URL here.
#software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/zimbra-kvm:/software/reverse-proxy-nginx/development.cfg
software-url = /opt/slapdev/software/reverse-proxy-nginx/development.cfg
slave = true
config = smtp-upstream-host smtp-upstream-port
config-smtp-upstream-host = $${tunnel-ipv6-kvm-smtp:ipv6}
config-smtp-upstream-port = $${tunnel-ipv6-kvm-smtp:port}
return = listening-ipv4
[publish-kvm-connection-information]
recipe = slapos.cookbook:publish
...
...
@@ -224,6 +236,7 @@ vnc-backend-url = https://[$${novnc-instance:ip}]:$${novnc-instance:port}/vnc_au
vnc-password = $${kvm-instance:passwd}
vnc-url = $${request-slave-frontend:connection-url}/vnc_auto.html?host=$${request-slave-frontend:connection-domainname}&port=$${request-slave-frontend:connection-port}&encrypt=1&path=$${request-slave-frontend:connection-resource}
ssh = ssh root@$${tunnel-ipv6-kvm-ssh:ipv6} -p $${tunnel-ipv6-kvm-ssh:ipv6-port}
smtp-listening-ipv4 = $${request-smtp-frontend:connection-listening-ipv4}
[slap-parameter]
# Default values if not specified
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment