Skip to content

GitLab

Commit 7dfe15ec authored by Romain Courteaud's avatar Romain Courteaud 🐙
Browse files

Merge remote-tracking branch 'origin/master' into kvm 

Conflicts:
	slapos/recipe/request.py
parents 3badc3b3 aeffed91
Hide whitespace changes
Inline Side-by-side
Showing with 667 additions and 190 deletions
CHANGES.txt
View file @ 7dfe15ec
Changes
=======
0.49 (Unreleased)
0.56 (Unreleased)
-----------------
* Slap Test Agent [Yingjie Xu]
0.55 (2012-06-18)
-----------------
* Add slapmonitor and slapreport recipes. [Mohamadou Mbengue]
0.54.1 (2012-06-18)
-----------------
* Fix 0.54 release containing wrong code in request.py.
0.54 (2012-06-18)
-----------------
* Apache frontend: won't block sending slave informations to SlapOS Master
in case of problem from one slave instance.[Cedric de Saint Martin]
* Apache frontend will send IP informations for slaves in case slave is about
custom domain. [Cedric de Saint Martin]
* Ability to use LAMP applications without configuration. [Cedric de Saint
Martin]
* Users can specify custom domain in LAMP applications. [Cedric de Saint
Martin]
0.53 (2012-06-07)
-----------------
* Switch slaprunner into generic recipe, and add cloud9 recipe. [Cedric de
Saint Martin]
0.52 (2012-05-16)
-----------------
* Request bugfix: Correct default software_type (was: RootInstanceSoftware).
[Cedric de Saint Martin]
* Request will raise again if requested instance is not ready
[Romain Courteaud]
* Apache Frontend: assume apache is available from standard ports.
Consequence: url connection parameter of slave instance doesn't contain
port. [Cedric de Saint Martin]
* Apache Frontend bugfix: correctly detect slave instance type (zope).
[Cedric de Saint Martin]
* Apache Frontend: "default" slave instances are available through http
in addition to https. [Cedric de Saint Martin]
* Apache Frontend: Configuration: Add mod_deflate and set ProxyPreserveHost
[Cedric de Saint Martin]
0.51 (2012-05-14)
-----------------
* LAMP stack bugfix: Users were losing data when slapgrid is ran (Don't
erase htdocs if it already exist). [Cedric de Saint Martin]
0.50 (2012-05-12)
-----------------
* LAMP stack bugfix: fix a crash where recipe was trying to restart
non-existent httpd process. [Cedric de Saint Martin]
* LAMP stack bugfix: don't erase htdocs at update [Cedric de Saint Martin]
* Apache Frontend: Improve Apache configuration, inspired by Nexedi
production frontend. [Cedric de Saint Martin]
* Allow sysadmin of node to customize frontend instance.
[Cedric de Saint Martin]
* Apache Frontend: Change 'zope=true' option to 'type=zope'.
[Cedric de Saint Martin]
* Apache Frontend: listens to plain http port as well to redirect to https.
[Cedric de Saint Martin]
0.49 (2012-05-10)
-----------------
* Apache Frontend supports Zope and Varnish. [Cedric de Saint Martin]
0.48 (2012-04-26)
-----------------
......
component/apache-php/buildout.cfg
View file @ 7dfe15ec
......@@ -20,8 +20,8 @@ extends =
[apache-php]
# Note: Shall react on each build of apache and reinstall itself
recipe = hexagonit.recipe.cmmi
url = http://fr2.php.net/distributions/php-5.3.10.tar.gz
md5sum = 2b3d2d0ff22175685978fb6a5cbcdc13
url = http://fr2.php.net/distributions/php-5.3.13.tar.gz
md5sum = 179c67ce347680f468edbfc3c425476a
configure-options =
--with-apxs2=${apache:location}/bin/apxs
--with-libxml-dir=${libxml2:location}
......
component/apache/buildout.cfg
View file @ 7dfe15ec
......@@ -45,6 +45,7 @@ configure-options = --prefix=${buildout:parts-directory}/${:_buildout_section_na
--enable-cgid
--enable-charset-lite
--enable-disk-cache
--enable-mem-cache
--enable-echo
--enable-exception-hook
--enable-mods-shared=all
......@@ -115,3 +116,73 @@ configure-options = -c mod_antiloris.c
make-binary = ${:configure-command}
make-options = -i -a -n antiloris mod_antiloris.la
make-targets =
[apache-2.2]
# inspired on http://old.aclark.net/team/aclark/blog/a-lamp-buildout-for-wordpress-and-other-php-apps/
recipe = hexagonit.recipe.cmmi
url = http://mir2.ovh.net/ftp.apache.org/dist//httpd/httpd-2.2.22.tar.gz
md5sum = d77fa5af23df96a8af68ea8114fa6ce1
patch-options = -p1
configure-options = --disable-static
--enable-authn-alias
--enable-bucketeer
--enable-cache
--enable-case-filter
--enable-case-filter-in
--enable-cgid
--enable-charset-lite
--enable-disk-cache
--enable-mem-cache
--enable-echo
--enable-exception-hook
--enable-mods-shared=all
--enable-optional-fn-export
--enable-optional-fn-import
--enable-optional-hook-export
--enable-optional-hook-import
--enable-proxy
--enable-proxy-ajp
--enable-proxy-balancer
--enable-proxy-connect
--enable-proxy-ftp
--enable-proxy-http
--enable-proxy-scgi
--enable-dav
--enable-dav-fs
--enable-so
--enable-ssl
--with-included-apr
--with-ssl=${openssl:location}
--with-z=${zlib:location}
--with-expat=${libexpat:location}
--with-pcre=${pcre:location}
--with-sqlite3=${sqlite3:location}
--with-gdbm=${gdbm:location}
--without-lber
--without-ldap
--without-ndbm
--without-berkeley-db
--without-pgsql
--without-mysql
--without-sqlite2
--without-oracle
--without-freedts
--without-odbc
--without-iconv
environment =
PATH=${pkgconfig:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${openssl:location}/lib/pkgconfig
CPPFLAGS =-I${libuuid:location}/include
LDFLAGS =-Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${openssl:location}/lib -L${libuuid:location}/lib -Wl,-rpath=${libuuid:location}/lib -Wl,-rpath=${libexpat:location}/lib -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${sqlite3:location}/lib -Wl,-rpath=${gdbm:location}/lib
[apache-antiloris-apache-2.2]
# Note: Shall react on each build of apache and reinstall itself
recipe = hexagonit.recipe.cmmi
url = http://sourceforge.net/projects/mod-antiloris/files/mod_antiloris-0.4.tar.bz2/download
md5sum = 66862bf10e9be3a023e475604a28a0b4
configure-command = ${apache-2.2:location}/bin/apxs
configure-options = -c mod_antiloris.c
make-binary = ${:configure-command}
make-options = -i -a -n antiloris mod_antiloris.la
make-targets =
component/cloud9/buildout.cfg
View file @ 7dfe15ec
......@@ -14,6 +14,13 @@ parts =
[cloud9]
<= cloud9-git
[node-sm]
recipe = slapos.recipe.build:npm
packages = sm
node = nodejs
environment =
PATH=${nodejs:location}/bin:%(PATH)s
[cloud9-git]
# Online IDE written in javascript/node.js
# URL : c9.io
......@@ -21,12 +28,13 @@ parts =
# NODE_PATH=${:destination}/node_modules ${nodejs:node_location} ${:cloud9_js_location}
recipe = plone.recipe.command
stop-on-error = true
commit = 97db1467c517d265438684bd2a70b0b76ee282f6
commit = 4bde3206ac0dc1e5736cb18a42851e203a6cc68f
repository = https://github.com/ajaxorg/cloud9.git
location = ${buildout:parts-directory}/${:_buildout_section_name_}
git-binary = ${git:location}/bin/git
npm-binary = ${nodejs-0.4:location}/bin/node ${npm:location}/bin/npm
command = export GIT_SSL_NO_VERIFY=true; (${:git-binary} clone --quiet ${:repository} ${:location} && cd ${:location} && ${:git-binary} reset --hard ${:commit} && ${:git-binary} submodule update --init && cd support/jsdav && PATH=${nodejs-0.4:location}/bin:$PATH LDFLAGS=-L${libxml2:location}/lib ${:npm-binary} install) || (rm -fr ${:location}; exit 1)
npm-binary = ${nodejs:location}/bin/node ${nodejs:location}/bin/npm
environment = export GIT_SSL_NO_VERIFY=true; export PATH=${nodejs:location}/bin:$PATH; export LDFLAGS=-L${libxml2:location}/lib;
command = ${:environment} (${:git-binary} clone --quiet ${:repository} ${:location} && cd ${:location} && ${:git-binary} reset --hard ${:commit} && ${node-sm:location}/node_modules/.bin/sm install && ${:npm-binary} install) || (rm -fr ${:location}; exit 1)
update-command =
[cloud9-npm]
......@@ -36,10 +44,10 @@ update-command =
# NODE_PATH=${:destination}/node_modules ${nodejs:node_location} ${:cloud9_js_location}
recipe = slapos.recipe.npm
# Node part has to be specified, otherwise system node is used.
node = nodejs-0.6
node = nodejs
# List of packages to install
packages =
cloud9
cloud9==0.7
# Specify environment jsDAV (dependency of cloud9) needs libxml2
environment =
LDFLAGS=-L${libxml2:location}/lib -Wl,-rpath=${libxml2:location}/lib
component/couchdb/buildout.cfg 0 → 100644
View file @ 7dfe15ec
[buildout]
extends =
../openssl/buildout.cfg
../curl/buildout.cfg
../erlang/buildout.cfg
../icu/buildout.cfg
../spidermonkey/buildout.cfg
parts = couchdb
[couchdb]
recipe = hexagonit.recipe.cmmi
url = http://mir2.ovh.net/ftp.apache.org/dist//couchdb/1.1.1/apache-couchdb-1.1.1.tar.gz
md5sum = cd126219b9cb69a4c521abd6960807a6
configure-options =
--with-erlang=${erlang:location}/lib/erlang/usr/include
--with-js-include=${spidermonkey-1.7:location}/include
--with-js-lib=${erlang:location}/lib
--enable-js-trunk
environment-section = couchdb-environ
[couchdb-environ]
PATH = ${erlang:location}/bin:${icu4c:location}/bin:${curl:location}/bin:%(PATH)s
# XXX: Gotta put everything on the same line. If not, it won't compile
CFLAGS = -I${icu4c:location}/include -I${spidermonkey-1.7:location}/include -I${curl:location}/include
LDFLAGS = -L${icu4c:location}/lib -Wl,-rpath=${icu4c:location}/lib -L${spidermonkey-1.7:location}/lib -Wl,-rpath=${spidermonkey-1.7:location}/lib -L${curl:location}/lib -Wl,-rpath=${curl:location}/lib
component/erlang/buildout.cfg
View file @ 7dfe15ec
[buildout]
parts =
erlang
extends =
../openssl/buildout.cfg
../ncurses/buildout.cfg
../zlib/buildout.cfg
../java/buildout.cfg
parts = erlang
[erlang]
recipe = hexagonit.recipe.cmmi
url = http://www.erlang.org/download/otp_src_R14B03.tar.gz
md5sum = 7979e662d11476b97c462feb7c132fb7
url = http://www.erlang.org/download/otp_src_R14B04.tar.gz
md5sum = 4b469729f103f52702bfb1fb24529dc0
configure-options =
--with-ssl=${openssl:location}
--with-java
--enable-dynamic-ssl-lib
--enable-shared-zlib
--enable-native-libs
environment=
PATH=${java-sdk-1.6.0:location}/bin:%(PATH)s
CFLAGS=-I${ncurses:location}/include -I${zlib:location}/include/
LDFLAGS=-L${ncurses:location}/lib/ -L${zlib:location}/lib/ -Wl,-rpath=${ncurses:location}/lib/ -Wl,-rpath=${zlib:location}/lib/
make-options =
-j1
component/git/buildout.cfg
View file @ 7dfe15ec
......@@ -6,25 +6,24 @@ extends =
../curl/buildout.cfg
../libexpat/buildout.cfg
../openssl/buildout.cfg
../perl/buildout.cfg
../zlib/buildout.cfg
parts =
git
[git]
recipe = hexagonit.recipe.cmmi
url = http://git-core.googlecode.com/files/git-1.7.8.4.tar.gz
md5sum = e6c3319d76d52a830af395046fc56143
url = http://git-core.googlecode.com/files/git-1.7.10.4.tar.gz
md5sum = 68319d593d051ef76c26e945bbd2d7ac
configure-options =
--with-curl=${curl:location}
--with-openssl=${openssl:location}
--with-zlib=${zlib:location}
--with-expat=${libexpat:location}
--with-perl=${perl:location}/bin/perl
--without-python
--without-tcltk
environment =
PATH=${curl:location}/bin:%(PATH)s
NO_PERL=y
PATH=${curl:location}/bin:${gettext:location}/bin:%(PATH)s
CPPFLAGS=-I${zlib:location}/include
LDFLAGS=-L${zlib:location}/lib -L${openssl:location}/lib -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${zlib:location}/lib
component/icu/buildout.cfg 0 → 100644
View file @ 7dfe15ec
[buildout]
parts = icu4c
[icu4c]
recipe = hexagonit.recipe.cmmi
location = ${buildout:parts-directory}/${:_buildout_section_name_}
url = http://download.icu-project.org/files/icu4c/4.8.1.1/icu4c-4_8_1_1-src.tgz
md5sum = ea93970a0275be6b42f56953cd332c17
configure-command = source/configure
configure-options = --prefix=${:location}
component/mariadb/buildout.cfg
View file @ 7dfe15ec
......@@ -23,6 +23,13 @@ md5sum = d65f61829cfbcd5062f49db2b00bd6fe
filename = mysql_create_system_tables__no_test.patch
download-only = true
[mariadb-handler_socket-patch]
recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/${:filename}
md5sum = be3bd5a5cc5fc56a398e6762494c8232
filename = plugin_handler_socket_libhsclient_fatal.patch
download-only = true
[mariadb]
recipe = hexagonit.recipe.cmmi
version = 5.3.5-ga
......@@ -57,6 +64,7 @@ configure-options =
patch-options = -p0
patches =
${mariadb-no_test-patch:location}/${mariadb-no_test-patch:filename}
${mariadb-handler_socket-patch:location}/${mariadb-handler_socket-patch:filename}
environment =
CPPFLAGS=-I${ncurses:location}/include -I${readline5:location}/include
LDFLAGS=-Wl,-rpath=${libevent:location}/lib -L${ncurses:location}/lib -Wl,-rpath=${ncurses:location}/lib -L${readline5:location}/lib -Wl,-rpath=${readline5:location}/lib -Wl,-rpath=${zlib:location}/lib
......
component/mariadb/plugin_handler_socket_libhsclient_fatal.patch 0 → 100644
View file @ 7dfe15ec
# inspired by handlersocket-1.0.6-80-g88bf1e0-1.1-nmu.diff by gregoa@debian.org
Description: add missing include to avoid FTBFS with gcc 4.7
bug-debian: http://bugs.debian.org/667198
More informations: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=667198
Author: gregor herrmann <gregoa@debian.org>
--- plugin/handler_socket/libhsclient/fatal.cpp
+++ plugin/handler_socket/libhsclient/fatal.cpp
@@ -9,6 +9,7 @@
#include <stdlib.h>
#include <stdio.h>
#include <syslog.h>
+#include <unistd.h>
#include "fatal.hpp"
component/nodejs/buildout.cfg
View file @ 7dfe15ec
......@@ -12,8 +12,8 @@ parts =
[nodejs]
# Server-side Javascript.
recipe = hexagonit.recipe.cmmi
url = http://nodejs.org/dist/v0.6.12/node-v0.6.12.tar.gz
md5sum = a12766ae4003c9712927d1fa134ed9f6
url = http://nodejs.org/dist/v0.6.19/node-v0.6.19.tar.gz
md5sum = f5669a9717422b811c6bad1cc961b1e5
configure-options =
--openssl-includes=${openssl:location}/include
--openssl-libpath=${openssl:location}/lib
......
component/slapos/buildout.cfg
View file @ 7dfe15ec
......@@ -123,14 +123,14 @@ hexagonit.recipe.cmmi = 1.5.0
lxml = 2.3.4
meld3 = 0.6.8
netaddr = 0.7.6
slapos.core = 0.24
slapos.core = 0.25
slapos.libnetworkcache = 0.12
xml-marshaller = 0.9.7
z3c.recipe.scripts = 1.0.1
zc.recipe.egg = 1.3.2
# Required by:
# slapos.core==0.24
# slapos.core==0.25
Flask = 0.8
# Required by:
......@@ -138,11 +138,11 @@ Flask = 0.8
hexagonit.recipe.download = 1.5.0
# Required by:
# slapos.core==0.24
# slapos.core==0.25
netifaces = 0.8
# Required by:
# slapos.core==0.24
# slapos.core==0.25
# slapos.libnetworkcache==0.12
# supervisor==3.0a12
# zc.buildout==1.6.0-dev-SlapOS-004
......@@ -150,9 +150,9 @@ netifaces = 0.8
setuptools = 0.6c12dev-r88846
# Required by:
# slapos.core==0.24
# slapos.core==0.25
supervisor = 3.0a12
# Required by:
# slapos.core==0.24
# slapos.core==0.25
zope.interface = 3.8.0
component/spidermonkey/buildout.cfg 0 → 100644
View file @ 7dfe15ec
[buildout]
parts = spidermonkey
[spidermonkey-1.7]
recipe = slapos.recipe.build
url = ftp://ftp.mozilla.org/pub/mozilla.org/js/js-1.7.0.tar.gz
md5sum = 5571134c3863686b623ebe4e6b1f6fe6
slapos_promise =
directory:include/
directory:bin/
file:bin/js
statlib:lib/libjs.a
file:lib/libjs.so
script =
url = self.download(self.options['url'], self.options['md5sum'])
extract_dir = self.extract(url)
workdir = os.path.join(guessworkdir(extract_dir), 'src')
env.update(JS_DIST=self.options['location'])
call(['make', '-f', 'Makefile.ref'], cwd=workdir, env=env)
call(['make', '-f', 'Makefile.ref', 'export'], cwd=workdir, env=env)
[spidermonkey]
<= spidermonkey-1.7
setup.py
View file @ 7dfe15ec
......@@ -2,7 +2,7 @@ from setuptools import setup, find_packages
import glob
import os
version = '0.49-dev'
version = '0.56-dev'
name = 'slapos.cookbook'
long_description = open("README.txt").read() + "\n" + \
open("CHANGES.txt").read() + "\n"
......@@ -49,6 +49,7 @@ setup(name=name,
'certificate_authority.request = slapos.recipe.certificate_authority:Request',
'check_port_listening = slapos.recipe.check_port_listening:Recipe',
'check_url_available = slapos.recipe.check_url_available:Recipe',
'cloud9 = slapos.recipe.cloud9:Recipe',
'cron = slapos.recipe.dcron:Recipe',
'cron.d = slapos.recipe.dcron:Part',
'davstorage = slapos.recipe.davstorage:Recipe',
......@@ -108,6 +109,8 @@ setup(name=name,
'siptester = slapos.recipe.siptester:SipTesterRecipe',
'simplelogger = slapos.recipe.simplelogger:Recipe',
'slaprunner = slapos.recipe.slaprunner:Recipe',
'slapmonitor = slapos.recipe.slapmonitor:Recipe',
'slapreport = slapos.recipe.slapreport:Recipe',
'sshkeys_authority = slapos.recipe.sshkeys_authority:Recipe',
'sshkeys_authority.request = slapos.recipe.sshkeys_authority:Request',
'sphinx= slapos.recipe.sphinx:Recipe',
......
slapos/recipe/README.apache_frontend.txt deleted 100644 → 0
View file @ 3badc3b3
apache_frontend
==========
Frontend using Apache, allowing to rewrite and proxy URLs like
myinstance.myfrontenddomainname.com to real IP/URL of myinstance.
apache_frontend works using the master instance / slave instance design.
It means that a single main instance of Apache will be used to act as frontend
for many slaves.
How to use
========
First, you will need to request a "master" instance of Apache Frontend with
"domain" parameter, like :
<?xml version='1.0' encoding='utf-8'?>
<instance>
<parameter id="domain">moulefrite.com</parameter>
<parameter id="port">443</parameter>
</instance>
Then, it is possible to request many slave instances
(currently only from slapconsole, UI doesn't work yet)
of Apache Frontend, like :
instance = request(
software_release=apache_frontend,
partition_reference='frontend2',
shared=True,
partition_parameter_kw={"url":"https://[1:2:3:4]:1234/someresource"}
)
Those slave instances will be redirected to the "master" instance,
and you will see on the "master" instance the associated RewriteRules of
all slave instances.
Finally, the slave instance will be accessible from :
https://someidentifier.moulefrite.com.
slapos/recipe/apache_frontend/__init__.py
View file @ 7dfe15ec
......@@ -33,6 +33,7 @@ import zc.buildout
import zc.recipe.egg
import ConfigParser
import re
import traceback
class Recipe(BaseSlapRecipe):
......@@ -42,6 +43,19 @@ class Recipe(BaseSlapRecipe):
'template/%s' % template_name)
def _install(self):
# Check for mandatory arguments
frontend_domain_name = self.parameter_dict.get("domain")
if frontend_domain_name is None:
raise zc.buildout.UserError('No domain name specified. Please define '
'the "domain" instance parameter.')
# Define optional arguments
frontend_port_number = self.parameter_dict.get("port", 4443)
frontend_plain_http_port_number = self.parameter_dict.get(
"plain_http_port", 8080)
base_varnish_port = 26009
slave_instance_list = self.parameter_dict.get("slave_instance_list", [])
self.path_list = []
self.requirements, self.ws = self.egg.working_set()
......@@ -51,72 +65,65 @@ class Recipe(BaseSlapRecipe):
self.killpidfromfile = zc.buildout.easy_install.scripts(
[('killpidfromfile', 'slapos.recipe.erp5.killpidfromfile',
'killpidfromfile')], self.ws, sys.executable, self.bin_directory)[0]
self.path_list.append(self.killpidfromfile)
frontend_port_number = self.parameter_dict.get("port", 4443)
frontend_domain_name = self.parameter_dict.get("domain",
"host.vifib.net")
base_varnish_port = 26009
slave_instance_list = self.parameter_dict.get("slave_instance_list", [])
rewrite_rule_list = []
rewrite_rule_zope_list = []
slave_dict = {}
service_dict = {}
if frontend_port_number is 443:
base_url = "%s/" % frontend_domain_name
else:
base_url = "%s:%s/" % (frontend_domain_name, frontend_port_number)
for slave_instance in slave_instance_list:
url = slave_instance.get("url")
if url is None:
continue
backend_url = slave_instance.get("url", None)
reference = slave_instance.get("slave_reference")
subdomain = reference.replace("-", "").lower()
slave_dict[reference] = "https://%s.%s" % (subdomain, base_url)
enable_cache = slave_instance.get("enable_cache", "")
if enable_cache.upper() in ('1', 'TRUE'):
# Varnish should use stunnel to connect to the backend
base_varnish_control_port = base_varnish_port
base_varnish_port += 1
# Use regex
host_regex = "((\[\w*|[0-9]+\.)(\:|)).*(\]|\.[0-9]+)"
slave_host = re.search(host_regex, url).group(0)
port_regex = "\w+(\/|)$"
matcher = re.search(port_regex, url)
if matcher is not None:
slave_port = matcher.group(0)
slave_port = slave_port.replace("/", "")
elif url.startswith("https://"):
slave_port = 443
else:
slave_port = 80
service_name = "varnish_%s" % reference
varnish_ip = self.getLocalIPv4Address()
stunnel_port = base_varnish_port + 1
self.installVarnishCache(service_name,
ip=varnish_ip,
port=base_varnish_port,
control_port=base_varnish_control_port,
backend_host=varnish_ip,
backend_port=stunnel_port,
size="1G")
service_dict[service_name] = dict(public_ip=varnish_ip,
public_port=stunnel_port,
private_ip=slave_host.replace("[", "").replace("]", ""),
private_port=slave_port)
rewrite_rule_list.append("%s.%s http://%s:%s" % \
(reference.replace("-", ""), frontend_domain_name,
varnish_ip, base_varnish_port))
# Set scheme (http? https?)
# Future work may allow to choose between http and https (or both?)
scheme = 'http://'
self.logger.info('Processing slave instance: %s' % reference)
# Check for mandatory slave fields
if backend_url is None:
self.logger.warn('No "url" parameter is defined for %s slave'\
'instance. Ignoring it.' % reference)
continue
# Check for custom domain (like mypersonaldomain.com)
# If no custom domain, use generated one.
# Note: if we get an empty custom_domain parameter, we ignore it
domain = slave_instance.get('custom_domain')
if isinstance(domain, basestring):
domain = domain.strip()
if domain is None or domain.strip() == '':
domain = "%s.%s" % (reference.replace("-", "").lower(),
frontend_domain_name)
# Define the URL where the instance will be available
# WARNING: we use default ports (443, 80) here.
slave_dict[reference] = "%s%s/" % (scheme, domain)
# Check if we want varnish+stunnel cache.
if slave_instance.get("enable_cache", "").upper() in ('1', 'TRUE'):
# XXX-Cedric : need to refactor to clean code? (to many variables)
rewrite_rule = self.configureVarnishSlave(
base_varnish_port, backend_url, reference, service_dict, domain)
base_varnish_port += 2
else:
rewrite_rule_list.append("%s.%s %s" % (subdomain, frontend_domain_name,
url))
rewrite_rule = "%s %s" % (domain, backend_url)
# Finally, if successful, we add the rewrite rule to our list of rules
if rewrite_rule:
# We check if we have a zope slave. It requires different rewrite
# rule structure.
# So we will have one RewriteMap for normal websites, and one
# RewriteMap for Zope Virtual Host Monster websites.
if slave_instance.get("type", "").lower() in ['zope']:
rewrite_rule_zope_list.append(rewrite_rule)
else:
rewrite_rule_list.append(rewrite_rule)
# Certificate stuff
valid_certificate_str = self.parameter_dict.get("domain_ssl_ca_cert")
valid_key_str = self.parameter_dict.get("domain_ssl_ca_key")
if valid_certificate_str is None and valid_key_str is None:
ca_conf = self.installCertificateAuthority()
key, certificate = self.requestCertificate(frontend_domain_name)
......@@ -125,14 +132,13 @@ class Recipe(BaseSlapRecipe):
frontend_domain_name, valid_certificate_str, valid_key_str)
key = ca_conf.pop("key")
certificate = ca_conf.pop("certificate")
if service_dict != {}:
if valid_certificate_str is not None and valid_key_str is not None:
self.installCertificateAuthority()
stunnel_key, stunnel_certificate = \
self.requestCertificate(frontend_domain_name)
else:
stunnel_key, stunnet_certificate = key, certificate
stunnel_key, stunnel_certificate = key, certificate
self.installStunnel(service_dict,
stunnel_certificate, stunnel_key,
ca_conf["ca_crl"],
......@@ -142,19 +148,98 @@ class Recipe(BaseSlapRecipe):
ip_list=["[%s]" % self.getGlobalIPv6Address(),
self.getLocalIPv4Address()],
port=frontend_port_number,
plain_http_port=frontend_plain_http_port_number,
name=frontend_domain_name,
rewrite_rule_list=rewrite_rule_list,
rewrite_rule_zope_list=rewrite_rule_zope_list,
key=key, certificate=certificate)
# Send connection informations about each slave
for reference, url in slave_dict.iteritems():
self.setConnectionDict(dict(site_url=url), reference)
self.logger.debug("Sending connection parameters of slave "
"instance: %s" % reference)
try:
connection_dict = {
'frontend_ipv6_address': self.getGlobalIPv6Address(),
'frontend_ipv4_address': self.getLocalIPv4Address(),
'site_url': url
}
self.setConnectionDict(connection_dict, reference)
except:
self.logger.fatal("Error while sending slave %s informations: %s",
reference, traceback.format_exc())
# Then set it for master instance
self.setConnectionDict(
dict(site_url=apache_parameter_dict["site_url"],
domain_ipv6_address=self.getGlobalIPv6Address(),
domain_ipv4_address=self.getLocalIPv4Address()))
frontend_ipv6_address=self.getGlobalIPv6Address(),
frontend_ipv4_address=self.getLocalIPv4Address()))
# Promises
promise_config = dict(
hostname=self.getGlobalIPv6Address(),
port=frontend_port_number,
python_path=sys.executable,
)
promise_v6 = self.createPromiseWrapper(
'apache_ipv6',
self.substituteTemplate(
pkg_resources.resource_filename(
'slapos.recipe.check_port_listening',
'template/socket_connection_attempt.py.in'),
promise_config))
self.path_list.append(promise_v6)
promise_config = dict(
hostname=self.getLocalIPv4Address(),
port=frontend_port_number,
python_path=sys.executable,
)
promise_v4 = self.createPromiseWrapper(
'apache_ipv4',
self.substituteTemplate(
pkg_resources.resource_filename(
'slapos.recipe.check_port_listening',
'template/socket_connection_attempt.py.in'),
promise_config))
self.path_list.append(promise_v4)
return self.path_list
def configureVarnishSlave(self, base_varnish_port, url, reference,
service_dict, domain):
# Varnish should use stunnel to connect to the backend
base_varnish_control_port = base_varnish_port
base_varnish_port += 1
# Use regex
host_regex = "((\[\w*|[0-9]+\.)(\:|)).*(\]|\.[0-9]+)"
slave_host = re.search(host_regex, url).group(0)
port_regex = "\w+(\/|)$"
matcher = re.search(port_regex, url)
if matcher is not None:
slave_port = matcher.group(0)
slave_port = slave_port.replace("/", "")
elif url.startswith("https://"):
slave_port = 443
else:
slave_port = 80
service_name = "varnish_%s" % reference
varnish_ip = self.getLocalIPv4Address()
stunnel_port = base_varnish_port + 1
self.installVarnishCache(service_name,
ip=varnish_ip,
port=base_varnish_port,
control_port=base_varnish_control_port,
backend_host=varnish_ip,
backend_port=stunnel_port,
size="1G")
service_dict[service_name] = dict(public_ip=varnish_ip,
public_port=stunnel_port,
private_ip=slave_host.replace("[", "").replace("]", ""),
private_port=slave_port)
return "%s http://%s:%s" % \
(domain, varnish_ip, base_varnish_port)
def installLogrotate(self):
"""Installs logortate main configuration file and registers its to cron"""
logrotate_d = os.path.abspath(os.path.join(self.etc_directory,
......@@ -301,9 +386,9 @@ class Recipe(BaseSlapRecipe):
apache_conf['port'] = port
apache_conf['server_admin'] = 'admin@'
apache_conf['error_log'] = os.path.join(self.log_directory,
name + '-error.log')
'frontend-apache-error.log')
apache_conf['access_log'] = os.path.join(self.log_directory,
name + '-access.log')
'frontend-apache-access.log')
self.registerLogRotation(name, [apache_conf['error_log'],
apache_conf['access_log']], self.killpidfromfile + ' ' +
apache_conf['pid_file'] + ' SIGUSR1')
......@@ -383,7 +468,8 @@ class Recipe(BaseSlapRecipe):
self.path_list.append(wrapper)
return stunnel_conf
def installFrontendApache(self, ip_list, port, key, certificate, name,
def installFrontendApache(self, ip_list, key, certificate, name,
port=4443, plain_http_port=8080,
rewrite_rule_list=[], rewrite_rule_zope_list=[],
access_control_string=None):
# Create htdocs, populate it with default 404 document
......@@ -395,10 +481,36 @@ class Recipe(BaseSlapRecipe):
notfound_file_content = open(notfound_template_file_location, 'r').read()
self._writeFile(notfound_file_location, notfound_file_content)
# Create mod_ssl cache directory
cache_directory_location = os.path.join(self.var_directory, 'cache')
mod_ssl_cache_location = os.path.join(cache_directory_location,
'httpd_mod_ssl')
self._createDirectory(cache_directory_location)
self._createDirectory(mod_ssl_cache_location)
# Create "custom" apache configuration file if it does not exist.
# Note : This file won't be erased or changed when slapgrid is ran.
# It can be freely customized by node admin.
custom_apache_configuration_directory = os.path.join(
self.data_root_directory, 'apache-conf.d')
self._createDirectory(custom_apache_configuration_directory)
custom_apache_configuration_file_location = os.path.join(
custom_apache_configuration_directory, 'apache_frontend.custom.conf')
f = open(custom_apache_configuration_file_location, 'a')
f.close()
# Create backup of custom apache configuration
backup_path = self.createBackupDirectory('custom_apache_conf_backup')
backup_cron = os.path.join(self.cron_d, 'custom_apache_conf_backup')
open(backup_cron, 'w').write(
'''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''%dict(
rdiff_backup=self.options['rdiff_backup_binary'],
source=custom_apache_configuration_directory,
destination=backup_path))
self.path_list.append(backup_cron)
# Create configuration file and rewritemaps
apachemap_name = "apachemap.txt"
# XXX-Cedric : implement zope specific rewrites list. Current apachemap is
# generic and does not use VirtualHost Monster.
apachemapzope_name = "apachemapzope.txt"
self.createConfigurationFile(apachemap_name, "\n".join(rewrite_rule_list))
self.createConfigurationFile(apachemapzope_name,
......@@ -406,9 +518,17 @@ class Recipe(BaseSlapRecipe):
apache_conf = self._getApacheConfigurationDict(name, ip_list, port)
apache_conf['ssl_snippet'] = self.substituteTemplate(
self.getTemplateFilename('apache.ssl-snippet.conf.in'),
dict(login_certificate=certificate, login_key=key))
dict(login_certificate=certificate,
login_key=key,
httpd_mod_ssl_cache_directory=mod_ssl_cache_location,
)
)
apache_conf["listen"] = "\n".join(["Listen %s:%s" % (ip, port) for ip in ip_list])
apache_conf["listen"] = "\n".join([
"Listen %s:%s" % (ip, port)
for port in (plain_http_port, port)
for ip in ip_list
])
path = self.substituteTemplate(
self.getTemplateFilename('apache.conf.path-protected.in'),
......@@ -419,7 +539,9 @@ class Recipe(BaseSlapRecipe):
apachemap_path=os.path.join(self.etc_directory, apachemap_name),
apachemapzope_path=os.path.join(self.etc_directory, apachemapzope_name),
apache_domain=name,
port=port,
https_port=port,
plain_http_port=plain_http_port,
custom_apache_conf=custom_apache_configuration_file_location,
))
apache_conf_string = self.substituteTemplate(
......@@ -427,11 +549,10 @@ class Recipe(BaseSlapRecipe):
apache_config_file = self.createConfigurationFile('apache_frontend.conf',
apache_conf_string)
self.path_list.append(apache_config_file)
self.path_list.extend(zc.buildout.easy_install.scripts([(
name, 'slapos.recipe.erp5.apache', 'runApache')], self.ws,
'frontend_apache', 'slapos.recipe.erp5.apache', 'runApache')], self.ws,
sys.executable, self.wrapper_directory, arguments=[
dict(
required_path_list=[key, certificate],
......
slapos/recipe/apache_frontend/template/apache.conf.in
View file @ 7dfe15ec
......@@ -3,7 +3,6 @@
# Basic server configuration
PidFile "%(pid_file)s"
LockFile "%(lock_file)s"
ServerName %(server_name)s
DocumentRoot %(document_root)s
......@@ -18,8 +17,7 @@ AddType application/x-gzip .gz .tgz
# As backend is trusting REMOTE_USER header unset it always
RequestHeader unset REMOTE_USER
# SSL Configuration
%(ssl_snippet)s
ServerTokens Prod
# Log configuration
ErrorLog "%(error_log)s"
......@@ -28,38 +26,15 @@ LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"
LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b" common
CustomLog "%(access_log)s" common
# Directory protection
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
%(path_enable)s
# Rewrite part
RewriteEngine On
# Define the two rewritemaps : one for zope, one generic
RewriteMap apachemapzope txt:%(apachemapzope_path)s
RewriteMap apachemapgeneric txt:%(apachemap_path)s
# First, we check if we have a zope backend server
# If so, let's use Virtual Host Daemon rewrite
#RewriteCond ${apachemapzope:%%{SERVER_NAME}} >""
#RewriteRule ^/(\w+)($|/.*) ${apachemapzope:$1}/VirtualHostBase/https/%(apache_domain)s:%(port)s/VirtualHostRoot/_vh_$1$2 [L,P]
# If we have generic backend server, let's rewrite without virtual host daemon
RewriteCond ${apachemapgeneric:%%{SERVER_NAME}} >""
RewriteRule ^/(.*)$ ${apachemapgeneric:%%{SERVER_NAME}}/$1 [L,P]
# If nothing exist : put a nice error
ErrorDocument 404 /notfound.html
# List of modules
#LoadModule unixd_module modules/mod_unixd.so
#LoadModule access_compat_module modules/mod_access_compat.so
#LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule proxy_module modules/mod_proxy.so
......@@ -71,4 +46,91 @@ LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule headers_module modules/mod_headers.so
LoadModule cache_module modules/mod_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule antiloris_module modules/mod_antiloris.so
# The following directives modify normal HTTP response behavior to
# handle known problems with browser implementations.
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
# The following directive disables redirects on non-GET requests for
# a directory that does not include the trailing slash. This fixes a
# problem with Microsoft WebFolders which does not appropriately handle
# redirects for folders with DAV methods.
# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
# Cache directives
CacheEnable mem /
CacheDefaultExpire 3600
MCacheSize 8192
MCacheMaxObjectCount 1000
MCacheMaxObjectSize 8192
MCacheRemovalAlgorithm LRU
# Deflate
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/x-javascript application/javascript
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# Make sure proxies don't deliver the wrong content
Header append Vary User-Agent
# SSL Configuration
%(ssl_snippet)s
<VirtualHost *:%(https_port)s>
SSLEngine on
SSLProxyEngine on
# Rewrite part
ProxyVia On
ProxyPreserveHost On
ProxyTimeout 600
RewriteEngine On
# Define the two rewritemaps : one for zope, one generic
RewriteMap apachemapzope txt:%(apachemapzope_path)s
RewriteMap apachemapgeneric txt:%(apachemap_path)s
# First, we check if we have a zope backend server
# If so, let's use Virtual Host Daemon rewrite
RewriteCond ${apachemapzope:%%{SERVER_NAME}} >""
RewriteRule ^/(.*)$ ${apachemapzope:%%{SERVER_NAME}}/VirtualHostBase/https/%%{SERVER_NAME}:%%{SERVER_PORT}/VirtualHostRoot/$1 [L,P]
# If we have generic backend server, let's rewrite without virtual host daemon
RewriteCond ${apachemapgeneric:%%{SERVER_NAME}} >""
RewriteRule ^/(.*)$ ${apachemapgeneric:%%{SERVER_NAME}}/$1 [L,P]
# If nothing exist : put a nice error
ErrorDocument 404 /notfound.html
</VirtualHost>
<VirtualHost *:%(plain_http_port)s>
RewriteEngine On
ProxyPreserveHost On
# We accept generic (i.e not lamp) backends on http
RewriteMap apachemapgeneric txt:%(apachemap_path)s
RewriteCond ${apachemapgeneric:%%{SERVER_NAME}} >""
RewriteRule ^/(.*)$ ${apachemapgeneric:%%{SERVER_NAME}}/$1 [L,P]
# Not using HTTPS? Ask that guy over there.
# Dummy redirection to https. Note: will work only if https listens
# on standard port (443).
RewriteRule ^/(.*)$ https://%%{SERVER_NAME}%%{REQUEST_URI}
</VirtualHost>
# Include configuration file not operated by slapos. This file won't be erased
# or changed when slapgrid is ran. It can be freely customized by node admin.
Include %(custom_apache_conf)s
slapos/recipe/apache_frontend/template/apache.ssl-snippet.conf.in
View file @ 7dfe15ec
SSLEngine on
SSLProxyEngine on
SSLCertificateFile %(login_certificate)s
SSLCertificateKeyFile %(login_key)s
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLSessionCache shmcb:/%(httpd_mod_ssl_cache_directory)s/ssl_scache(512000)
SSLSessionCacheTimeout 300
SSLRandomSeed startup /dev/urandom 256
SSLRandomSeed connect builtin
SSLProtocol -ALL +SSLv3 +TLSv1
SSLHonorCipherOrder On
SSLCipherSuite RC4-SHA:HIGH:!ADH
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
# Accept proxy to sites using self-signed SSL certificates
SSLProxyCheckPeerCN off
SSLProxyCheckPeerExpire off
slapos/recipe/apachephp/__init__.py
View file @ 7dfe15ec
......@@ -37,9 +37,9 @@ class Recipe(GenericBaseRecipe):
path_list = []
# Copy application
shutil.rmtree(self.options['htdocs'])
shutil.copytree(self.options['source'],
self.options['htdocs'])
if not os.path.exists(self.options['htdocs']):
shutil.copytree(self.options['source'],
self.options['htdocs'])
# Install php.ini
php_ini = self.createFile(os.path.join(self.options['php-ini-dir'],
......@@ -85,33 +85,37 @@ class Recipe(GenericBaseRecipe):
with open(secret_key_filename, 'r') as secret_key_file:
secret_key = secret_key_file.read()
application_conf = dict(mysql_database=self.options['mysql-database'],
mysql_user=self.options['mysql-username'],
mysql_password=self.options['mysql-password'],
mysql_host='%s:%s' % (self.options['mysql-host'],
self.options['mysql-port']),
secret_key=secret_key,
)
# Generate application configuration file
if self.options.get('template'):
application_conf = dict(mysql_database=self.options['mysql-database'],
mysql_user=self.options['mysql-username'],
mysql_password=self.options['mysql-password'],
mysql_host='%s:%s' % (self.options['mysql-host'],
self.options['mysql-port']),
secret_key=secret_key,
)
directory, file_ = os.path.split(self.options['configuration'])
directory, file_ = os.path.split(self.options['configuration'])
path = self.options['htdocs']
if directory:
path = os.path.join(path, directory)
if not os.path.exists(path):
os.makedirs(path)
if not os.path.isdir(path):
raise OSError("Cannot create %r." % path)
path = self.options['htdocs']
if directory:
path = os.path.join(path, directory)
if not os.path.exists(path):
os.makedirs(path)
if not os.path.isdir(path):
raise OSError("Cannot create %r." % path)
destination = os.path.join(path, file_)
config = self.createFile(destination,
self.substituteTemplate(self.options['template'], application_conf))
path_list.append(config)
destination = os.path.join(path, file_)
config = self.createFile(destination,
self.substituteTemplate(self.options['template'], application_conf))
path_list.append(config)
if os.path.exists(self.options['pid-file']):
# Reload apache configuration
with open(self.options['pid-file']) as pid_file:
pid = int(pid_file.read().strip(), 10)
os.kill(pid, signal.SIGUSR1) # Graceful restart
try:
os.kill(pid, signal.SIGUSR1) # Graceful restart
except OSError:
pass
return path_list
slapos/recipe/cloud9/__init__.py 0 → 100644
View file @ 7dfe15ec
##############################################################################
#
# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
from slapos.recipe.librecipe import GenericBaseRecipe
import os
class Recipe(GenericBaseRecipe):
"""Deploy a fully operational cloud9 service."""
def _options(self, options):
self.ip = options['ip'].strip()
self.port = options['port'].strip()
self.git = options['git-binary'].strip()
self.node_executable = options['node-binary'].strip()
self.cloud9 = options['cloud9'].strip()
self.workdir = options['working-directory'].strip()
self.wrapper = options['wrapper'].strip()
# Set cloud9 access URL
options['access-url'] = 'http://[%s]:%s' % (self.ip, self.port)
def install(self):
path_list = []
environment = {
'PATH': os.path.dirname(self.git) + ':' + os.environ['PATH'],
}
cloud9_args = [self.node_executable, self.cloud9, '-l', self.ip, '-p',
self.port, '-w', self.workdir]
wrapper = self.createPythonScript(self.wrapper,
'slapos.recipe.librecipe.execute.executee',
(cloud9_args, environment)
)
path_list.append(wrapper)
return path_list
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7