Merge branch 'kvm-cluster'

component/dtach/buildout.cfg

+[buildout]
+
+parts = dtach
+
+[dtach-build]
+recipe = slapos.recipe.cmmi
+version = 0.8
+url = http://freefr.dl.sourceforge.net/project/dtach/dtach/0.8/dtach-${:version}.tar.gz
+md5sum = ec5999f3b6bb67da19754fcb2e5221f3
+keep-compile-dir = true
+make-targets = 
+  
+[dtach]
+recipe = plone.recipe.command
+location = ${buildout:parts-directory}/${:_buildout_section_name_}
+dtach-bin = dtach
+command = 
+  mkdir -p ${:location}/bin
+  cp -rp ${dtach-build:compile-directory}/dtach-${dtach-build:version}/${:dtach-bin} ${:location}/bin
\ No newline at end of file

component/gateone/buildout.cfg

+[buildout]
+extends =
+  ../../stack/slapos.cfg
+  ../python-kerberos/buildout.cfg
+  ../git/buildout.cfg
+
+develop = 
+  gateone-repository
+
+parts = 
+  gateone-develop
+  gateone
+
+[gateone-repository]
+recipe = slapos.recipe.build:gitclone
+repository = https://github.com/liftoff/GateOne.git
+branch = master
+git-executable = ${git:location}/bin/git
+
+[gateone-develop]
+recipe = zc.recipe.egg:develop
+setup = ${gateone-repository:location}
+
+[gateone]
+recipe = zc.recipe.egg
+eggs =
+  ${lxml-python:egg}
+  ${python-kerberos:egg}
+  tornado
+  setuptools
+  pyOpenSSL
+  futures
+  PIL
+  gateone
+

component/python-kerberos/buildout.cfg

+[buildout]
+extends =
+#  ../openssl/buildout.cfg
+  ../kerberos/buildout.cfg
+#  ../pkgconfig/buildout.cfg
+
+parts =
+  python-kerberos
+
+[python-kerberos]
+recipe = zc.recipe.egg:custom
+egg = kerberos
+environment = python-kerberos-env
+#setup-eggs = ${python-cryptography-prep:eggs}
+
+[python-kerberos-env]
+PATH = ${kerberos:location}/bin:%(PATH)s
+#PKG_CONFIG_PATH = ${openssl:location}/lib/pkgconfig
+LD_LIBRARY_PATH = ${kerberos:location}/lib
+CPATH = ${kerberos:location}/include
+
+[python-cryptography-prep]
+recipe = zc.recipe.egg
+eggs =
+  ${python-cffi:egg}
+  enum34
+  pycparser
+  six

setup.py

@@ -182,6 +182,7 @@ setup(name=name,
           'shellinabox = slapos.recipe.shellinabox:Recipe',
           'signalwrapper= slapos.recipe.signal_wrapper:Recipe',
           'simplelogger = slapos.recipe.simplelogger:Recipe',
+          'simplehttpserver = slapos.recipe.simplehttpserver:Recipe',
           'siptester = slapos.recipe.siptester:SipTesterRecipe',
           'slapconfiguration = slapos.recipe.slapconfiguration:Recipe',
           'slapconfiguration.serialised = slapos.recipe.slapconfiguration:Serialised',

slapos/recipe/kvm/template/kvm_run.in

@@ -46,6 +46,8 @@ map_storage_list = []
 etc_directory = '%(etc-directory)s'.strip()
 httpd_port = %(httpd-port)s
 netcat_bin = '%(netcat-binary)s'.strip()
+cluster_doc_host = '%(cluster-doc-host)s'
+cluster_doc_port = %(cluster-doc-port)s
 
 def md5Checksum(file_path):
     with open(file_path, 'rb') as fh:
@@ -202,6 +204,9 @@ if use_nat == 'True':
   if httpd_port > 0:
     rules += ',guestfwd=tcp:10.0.2.100:80-cmd:%%s %%s %%s' %% (netcat_bin,
                                                         listen_ip, httpd_port)
+  if cluster_doc_host and cluster_doc_port > 0:
+    rules += ',guestfwd=tcp:10.0.2.101:443-cmd:%%s %%s %%s' %% (netcat_bin,
+                                           cluster_doc_host, cluster_doc_port)
   nat_network_parameter = ['-netdev', rules,
           '-device', 'e1000,netdev=lan%%s,mac=%%s' %% (number, mac_address)]
 if use_tap == 'True':

slapos/recipe/simplehttpserver/__init__.py

+##############################################################################
+#
+# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+from slapos.recipe.librecipe import GenericBaseRecipe
+import string, random
+import os
+
+class Recipe(GenericBaseRecipe):
+
+  def __init__(self, buildout, name, options):
+
+    base_path = options['base-path']
+    pool = string.letters + string.digits
+    hash_string = ''.join(random.choice(pool) for i in xrange(64))
+    path = os.path.join(base_path, hash_string)
+
+    if os.path.exists(base_path):
+      path_list = os.listdir(base_path)
+      if len(path_list) == 1:
+        hash_string = path_list[0]
+        path = os.path.join(base_path, hash_string)
+      elif len(path_list) > 1:
+        raise ValueError("Folder %s should contain 0 or 1 element." % base_path)
+
+    options['root-dir'] = path
+    options['path'] = hash_string
+    return GenericBaseRecipe.__init__(self, buildout, name, options)
+
+
+  def install(self):
+
+    if not os.path.exists(self.options['root-dir']):
+      os.mkdir( self.options['root-dir'] )
+    parameters = {
+      'host': self.options['host'],
+      'port': int(self.options['port']),
+      'cwd': self.options['base-path'],
+      'log-file': self.options['log-file'],
+      'cert-file': self.options['cert-file'],
+      'key-file': self.options['key-file']
+    }
+
+    server = self.createPythonScript(
+        self.options['wrapper'].strip(),
+        '%s.simplehttpserver.run' % __name__, parameters
+      )
+
+    return [server]

slapos/recipe/simplehttpserver/simplehttpserver.py

+from SimpleHTTPServer import SimpleHTTPRequestHandler
+from BaseHTTPServer import HTTPServer
+import ssl
+import os
+import logging
+from netaddr import valid_ipv4, valid_ipv6
+import socket
+
+class ServerHandler(SimpleHTTPRequestHandler):
+
+  def respond(self, code=200, type='text/plain'):
+    self.send_response(code)
+    self.send_header("Content-type", type)
+    self.end_headers()
+
+  def do_GET(self):
+    logging.info('%s - GET: %s \n%s' % (self.client_address[0], self.path, self.headers))
+    if not self.path or self.path == '/':
+      # no access to root path
+      self.respond(403)
+      self.wfile.write("Forbidden")
+      return
+    SimpleHTTPRequestHandler.do_GET(self)
+
+class HTTPServerV6(HTTPServer):
+  address_family = socket.AF_INET6
+  
+
+def run(args):
+  
+  # minimal web server.  serves files relative to the
+  # current directory.
+  logging.basicConfig(format="%(asctime)s - %(name)s - %(levelname)s - %(message)s",
+                            filename=args['log-file'] ,level=logging.INFO)
+  
+  port = args['port']
+  host = args['host']
+  os.chdir(args['cwd'])
+  
+  Handler = ServerHandler
+  
+  if valid_ipv6(host):
+    server = HTTPServerV6
+  else:
+    server = HTTPServer
+  
+  httpd = server((host, port), Handler)
+  if args.has_key('cert-file') and args.has_key('key-file'):
+    httpd.socket = ssl.wrap_socket (httpd.socket, 
+                                     server_side=True,
+                                     certfile=args['cert-file'],
+                                     keyfile=args['key-file'])
+
+  logging.info("Starting simple http server at https://%s:%s" % (host, port))
+  httpd.serve_forever()

software/gateone/instance-gateone.cfg.in

+
+{% set python_bin = parameter_dict['python-executable'] -%}
+{% set publish_dict = {} -%}
+{% set part_list = [] -%}
+{% set ipv6 = (ipv6_set | list)[0] -%}
+{% set ipv4 = (ipv4_set | list)[0] -%}
+{% macro section(name) %}{% do part_list.append(name) %}{{ name }}{% endmacro -%}
+
+[directory]
+recipe = slapos.cookbook:mkdirectory
+bin = ${buildout:directory}/bin
+etc = ${buildout:directory}/etc
+srv = ${buildout:directory}/srv
+var = ${buildout:directory}/var
+tmp = ${buildout:directory}/tmp
+log = ${:var}/log
+services = ${:etc}/service
+script = ${:etc}/run
+promises = ${:etc}/promise
+run = ${:var}/run
+ca-dir = ${:etc}/ssl
+requests = ${:ca-dir}/requests/
+private = ${:ca-dir}/private/
+certs = ${:ca-dir}/certs/
+newcerts = ${:ca-dir}/newcerts/
+crl = ${:ca-dir}/crl/
+
+[gateone-dir]
+gateone = ${directory:srv}/gateone
+log-prefix = ${directory:log}/gateone
+cache = ${:gateone}/cache
+sessions = ${:gateone}/sessions
+users = ${:gateone}/users
+conf = ${directory:etc}/gateone
+ssl = ${:conf}/ssl
+
+[gateone-configure]
+recipe = slapos.cookbook:wrapper
+port = 10443
+ipv6 = {{ ipv6 }}
+ipv4 = {{ ipv4 }}
+settings-dir = ${gateone-dir:conf}
+wrapper-path = ${directory:bin}/gateone-configure
+# XXX- issue with dtach=true, we set --dtach=false
+command = 
+    {{ parameter_dict['gateone-bin'] }} --address=${:ipv4} --port=${:port}  --certificate=${gateone-dir:ssl}/certificate.pem --keyfile=${gateone-dir:ssl}/keyfile.pem --cache_dir=${gateone-dir:cache} --pid_file=${directory:run}/gateone.pid --session_dir=${gateone-dir:sessions} --settings_dir=${:settings-dir} --user_dir=${gateone-dir:users} --log_file_prefix=${gateone-dir:log-prefix} --origins=${:ipv4} --logging=info --dtach=false
+#--gid=1012 --uid=987
+command-line = 
+  ${:command} --configure
+environment = 
+  PATH={{ bin_directory }}:{{ openssl_location }}/bin:{{ parameter_dict['dtach-location'] }}/bin:/usr/local/bin:/usr/bin:/bin
+  LD_LIBRARY_PATH={{ parameter_dict['readline-location'] }}/lib
+
+[gateone-run]
+recipe = slapos.cookbook:wrapper
+port = 10443
+ipv6 = {{ ipv6 }}
+ipv4 = {{ ipv4 }}
+wrapper-path = ${directory:services}/gateone
+command-line = ${gateone-configure:command}
+environment = 
+  PATH={{ bin_directory }}:{{ openssl_location }}/bin:{{ parameter_dict['dtach-location'] }}/bin:/usr/local/bin:/usr/bin:/bin
+  LD_LIBRARY_PATH={{ parameter_dict['readline-location'] }}/lib
+  HOME=${buildout:directory}
+  PWD=${gateone-dir:gateone}
+
+# --cookie_secret 45-characters
+# --uid needs to be set for slapos
+# --origins=${:ipv4};${:ipv6}
+
+[certificate-authority]
+recipe = slapos.cookbook:certificate_authority
+openssl-binary = {{ openssl_location }}/bin/openssl
+ca-dir = ${directory:ca-dir}
+requests-directory = ${directory:requests}
+wrapper = ${directory:services}/certificate_authority
+ca-private = ${directory:private}
+ca-certs = ${directory:certs}
+ca-newcerts = ${directory:newcerts}
+ca-crl = ${directory:crl}
+
+[ca-nginx]
+<= certificate-authority
+recipe = slapos.cookbook:certificate_authority.request
+key-file = ${directory:certs}/nginx.key
+cert-file = ${directory:certs}/nginx.crt
+executable = ${nginx-run:wrapper-path}
+wrapper = ${directory:services}/nginx-proxy
+
+[tempdirectory]
+recipe = slapos.cookbook:mkdirectory
+client_body_temp_path = ${directory:tmp}/client_body_temp_path
+proxy_temp_path = ${directory:tmp}/proxy_temp_path
+fastcgi_temp_path = ${directory:tmp}/fastcgi_temp_path
+uwsgi_temp_path = ${directory:tmp}/uwsgi_temp_path
+scgi_temp_path = ${directory:tmp}/scgi_temp_path
+
+[nginx-config-dict]
+nb_workers = 2
+ipv6 = {{ ipv6 }}
+ipv4 = {{ ipv4 }}
+port = 10443
+backend-url = https://${gateone-configure:ipv4}:${gateone-configure:port}
+ssl-certificate = ${ca-nginx:cert-file}
+ssl-key = ${ca-nginx:key-file}
+pid = ${directory:run}/nginx.pid
+log = ${directory:log}/nginx.log
+access-log = ${directory:log}/nginx.access.log
+error-log = ${directory:log}/nginx.error.log
+tmp = $${directory:tmp}/
+
+[nginx-conf]
+recipe = slapos.recipe.template:jinja2
+template = {{ parameter_dict['template-ngnix-conf'] }}
+rendered = ${directory:etc}/nginx.conf
+context =
+    section parameter_dict nginx-config-dict
+    section param_tempdir tempdirectory
+
+[nginx-run]
+recipe = slapos.cookbook:wrapper
+wrapper-path = ${directory:bin}/nginx_proxy
+command-line = {{ parameter_dict['nginx-location'] }}/sbin/nginx -p ${buildout:directory} -c ${nginx-conf:rendered}
+
+[logrotate-apache]
+< = logrotate-entry-base
+name = apache
+log = ${apache-conf:error-log} ${apache-conf:access-log}
+post = {{ parameter_dict['bin-directory'] }}/slapos-kill --pidfile ${apache-conf:pid-file} -s USR1
+
+[logrotate-entry-base]
+recipe = slapos.cookbook:logrotate.d
+logrotate-entries = ${logrotate:logrotate-entries}
+backup = ${logrotate:backup}
+
+[publish]
+recipe = slapos.cookbook:publish
+url = https://[${nginx-config-dict:ipv6}]:${gateone-run:port}
+
+[buildout]
+extends =
+  {{ logrotate_cfg }}
+
+parts = 
+  certificate-authority
+  ca-nginx
+  publish
+
+# Complete parts with sections
+  {{ part_list | join('\n  ') }}
+
+eggs-directory = {{ eggs_directory }}
+develop-eggs-directory = {{ develop_eggs_directory }}
+offline = true
+
+[slap-parameter]
+

software/gateone/instance-logrotate-base.cfg.in

+[buildout]
+parts =
+  cron-entry-logrotate
+
+[cron]
+recipe = slapos.cookbook:cron
+cron-entries = ${logrotate-directory:cron-entries}
+dcrond-binary = {{ dcron_location }}/sbin/crond
+crontabs = ${logrotate-directory:crontabs}
+cronstamps = ${logrotate-directory:cronstamps}
+catcher = ${cron-simplelogger:wrapper}
+binary = ${logrotate-directory:services}/crond
+
+[cron-simplelogger]
+recipe = slapos.cookbook:simplelogger
+wrapper = ${logrotate-directory:bin}/cron_simplelogger
+log = ${logrotate-directory:log}/cron.log
+
+[logrotate]
+recipe = slapos.cookbook:logrotate
+logrotate-entries = ${logrotate-directory:logrotate-entries}
+backup = ${logrotate-directory:logrotate-backup}
+logrotate-binary = {{ logrotate_location }}/usr/sbin/logrotate
+gzip-binary = {{ gzip_location }}/bin/gzip
+gunzip-binary = {{ gzip_location }}/bin/gunzip
+wrapper = ${logrotate-directory:bin}/logrotate
+conf = ${logrotate-directory:etc}/logrotate.conf
+state-file = ${logrotate-directory:srv}/logrotate.status
+
+[cron-entry-logrotate]
+recipe = slapos.cookbook:cron.d
+cron-entries = ${cron:cron-entries}
+name = logrotate
+frequency = 0 0 * * *
+command = ${logrotate:wrapper}
+
+[logrotate-directory]
+recipe = slapos.cookbook:mkdirectory
+cron-entries = ${:etc}/cron.d
+cronstamps = ${:etc}/cronstamps
+crontabs = ${:etc}/crontabs
+logrotate-backup = ${:backup}/logrotate
+logrotate-entries = ${:etc}/logrotate.d
+bin = ${buildout:directory}/bin
+srv = ${buildout:directory}/srv
+backup = ${:srv}/backup
+etc = ${buildout:directory}/etc
+services = ${:etc}/service
+log = ${buildout:directory}/var/log
+

software/gateone/instance.cfg.in

+[buildout]
+parts = switch-softwaretype
+eggs-directory = {{ eggs_directory }}
+develop-eggs-directory = {{ develop_eggs_directory }}
+
+[slap-configuration]
+recipe = slapos.cookbook:slapconfiguration.serialised
+computer = ${slap-connection:computer-id}
+partition = ${slap-connection:partition-id}
+url = ${slap-connection:server-url}
+key = ${slap-connection:key-file}
+cert = ${slap-connection:cert-file}
+
+[jinja2-template-base]
+recipe = slapos.recipe.template:jinja2
+rendered = ${buildout:parts-directory}/${:_buildout_section_name_}/${:filename}
+extra-context =
+context =
+    key develop_eggs_directory buildout:develop-eggs-directory
+    key eggs_directory buildout:eggs-directory
+    key ipv6_set slap-configuration:ipv6
+    key ipv4_set slap-configuration:ipv4
+    key slapparameter_dict slap-configuration:configuration
+    key computer_id slap-configuration:computer
+    raw logrotate_cfg {{ template_logrotate_base }}
+    raw dash_binary {{ dash_location }}/bin/dash
+    raw bin_directory {{ bin_directory }}
+    raw openssl_location {{ openssl_location }}
+    ${:extra-context}
+
+[dynamic-template-gateone-parameters]
+bin-directory = {{ bin_directory }}
+#python-executable  = 
+readline-location = {{ readline_location }}
+dtach-location = {{ dtach_location }}
+gateone-location = {{ gateone_location}}
+gateone-bin = {{ gateone_bin }}
+nginx-location = {{ nginx_location}}
+template-ngnix-conf = {{ template_nginx_conf }}
+
+[dynamic-template-gateone]
+< = jinja2-template-base
+template = {{ template_gateone }}
+filename = instance-gateone.cfg
+extensions = jinja2.ext.do
+extra-context =
+    section parameter_dict dynamic-template-gateone-parameters
+
+[switch-softwaretype]
+recipe = slapos.cookbook:softwaretype
+
+default = ${dynamic-template-gateone:rendered}
+gateone = ${:default}

software/gateone/software.cfg

+[buildout]
+
+extends =
+  ../../component/dash/buildout.cfg
+  ../../component/git/buildout.cfg
+  ../../component/dcron/buildout.cfg
+  ../../component/gzip/buildout.cfg
+  ../../component/openssl/buildout.cfg
+  ../../component/logrotate/buildout.cfg
+  ../../component/kerberos/buildout.cfg
+  ../../component/python-kerberos/buildout.cfg
+  ../../component/gateone/buildout.cfg
+  ../../component/dtach/buildout.cfg
+  ../../component/python-2.7/buildout.cfg
+  ../../component/nginx/buildout.cfg
+  ../../stack/slapos.cfg
+
+parts = 
+  slapos-cookbook
+  kerberos
+  eggs
+  gateone-develop
+  gateone
+  dash
+  check-recipe
+  template
+  
+
+[eggs]
+recipe = zc.recipe.egg
+eggs =
+  ${lxml-python:egg}
+  ${python-cryptography:egg}
+  ${python-kerberos:egg}
+  tornado
+scripts =
+  slapos-kill
+
+[extra-eggs]
+recipe = zc.recipe.egg
+interpreter = python
+eggs =
+  ${lxml-python:egg}
+  ${python-kerberos:egg}
+  tornado
+  gateone
+  setuptools
+  pyOpenSSL
+  futures
+
+
+[slapos.cookbook-repository]
+recipe = slapos.recipe.build:gitclone
+repository = http://git.erp5.org/repos/slapos.git
+branch = re6st-master
+git-executable = ${git:location}/bin/git
+
+[download-base]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/${:filename}
+mode = 644
+
+[template-jinja2-base]
+recipe = slapos.recipe.template:jinja2
+template = ${:_profile_base_location_}/${:filename}.in
+rendered = ${buildout:directory}/${:filename}
+# XXX: extra-context is needed because we cannot append to a key of an extended
+# section.
+extra-context =
+context =
+    key bin_directory buildout:bin-directory
+    key develop_eggs_directory buildout:develop-eggs-directory
+    key eggs_directory buildout:eggs-directory
+    ${:extra-context}
+
+
+[template]
+< = template-jinja2-base
+filename = template.cfg
+template = ${:_profile_base_location_}/instance.cfg.in
+md5sum = 428669a609aca3e0a7cae1387d332a75
+extra-context =
+    key dash_location dash:location
+    key dtach_location dtach:location
+    key gateone_location gateone-repository:location
+    key logrotate_location logrotate:location
+    key nginx_location nginx:location
+    key openssl_location openssl:location
+    key readline_location readline:location
+    key template_nginx_conf template-nginx-conf:target
+    key template_logrotate_base template-logrotate-base:rendered
+    key template_gateone template-gateone:target
+    raw gateone_bin ${buildout:bin-directory}/gateone
+    raw python_with_eggs ${buildout:directory}/bin/${extra-eggs:interpreter}
+
+[template-gateone]
+< = download-base
+filename = instance-gateone.cfg.in
+md5sum = e7096a17c36c3bd27a011de57b7abfc1
+
+[template-logrotate-base]
+< = template-jinja2-base
+filename = instance-logrotate-base.cfg
+md5sum = f28fbd310944f321ccb34b2a34c82005
+extra-context =
+    key dcron_location dcron:location
+    key gzip_location gzip:location
+    key logrotate_location logrotate:location
+
+[template-nginx-conf]
+< = download-base
+url = ${:_profile_base_location_}/templates/${:filename}.in
+filename = nginx.conf
+md5sum = 72f4cc110f618b317793e21124f45121
+
+[check-recipe]
+recipe = plone.recipe.command
+stop-on-error = true
+update-command = ${:command}
+command =
+  grep parts ${buildout:develop-eggs-directory}/gateone.egg-link
+
+[versions]
\ No newline at end of file

software/gateone/templates/nginx.conf.in

+worker_processes {{ parameter_dict['nb_workers'] }};
+
+pid {{ parameter_dict['pid'] }};
+error_log {{ parameter_dict['error-log'] }};
+
+daemon off;
+
+events {
+	worker_connections 1024;
+	accept_mutex off;
+}
+
+
+http {
+     default_type application/octet-stream;
+     access_log {{ parameter_dict['access-log'] }} combined;
+     client_max_body_size 10M;
+     map $http_upgrade $connection_upgrade {
+        default upgrade;
+        ''      close;
+     }
+     server {
+        listen [{{ parameter_dict['ipv6'] }}]:{{ parameter_dict['port'] }} ssl;
+        server_name _;
+        ssl_certificate     {{ parameter_dict['ssl-certificate'] }};
+        ssl_certificate_key {{ parameter_dict['ssl-key'] }};
+        ssl_protocols       SSLv3 TLSv1 TLSv1.1 TLSv1.2;
+        ssl_ciphers         HIGH:!aNULL:!MD5;
+        keepalive_timeout 90s;
+        client_body_temp_path {{ param_tempdir['client_body_temp_path'] }};
+        proxy_temp_path {{ param_tempdir['proxy_temp_path'] }};
+        fastcgi_temp_path {{ param_tempdir['fastcgi_temp_path'] }};
+        uwsgi_temp_path {{ param_tempdir['uwsgi_temp_path'] }};
+        scgi_temp_path {{ param_tempdir['scgi_temp_path'] }};
+	      error_page 401 /login;
+        location / {
+            proxy_pass_header Server;
+        		proxy_set_header Host $http_host;
+        		proxy_redirect off;
+        		proxy_set_header X-Real-IP $remote_addr;
+        		proxy_set_header X-Scheme $scheme;
+        		
+        		proxy_pass {{ parameter_dict['backend-url'] }};
+        		
+        		proxy_http_version 1.1;
+        		proxy_set_header Upgrade $http_upgrade;
+        		proxy_set_header Connection "upgrade";
+        }
+    }
+}
\ No newline at end of file

software/kvm/common.cfg

@@ -87,7 +87,7 @@ command =
 [template]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance.cfg.in
-md5sum = c5fd8ed5878901233d39d006093a6b17
+md5sum = cf67212d3155767d0d0d8a6d75d2d8ad
 output = ${buildout:directory}/template.cfg
 mode = 0644
 
@@ -95,7 +95,7 @@ mode = 0644
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/instance-kvm.cfg.jinja2
 mode = 644
-md5sum = 42763900fce72f13bf23341774e5d097
+md5sum = 3e3354844b2052609e3c49eca03b607e
 download-only = true
 on-update = true
 
@@ -103,7 +103,7 @@ on-update = true
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/instance-kvm-cluster.cfg.jinja2.in
 mode = 644
-md5sum = c20056662fe3aa0fa6ff7ae9a950f325
+md5sum = cc72d7b89d8b474d7b4f2c9319b385d5
 download-only = true
 on-update = true
 

software/kvm/instance-kvm-cluster-input-schema.json

@@ -43,7 +43,7 @@
           "title": "Frontend Software Type",
           "description": "Type of the frontend instance, like \"frontend\".",
           "type": "string",
-          "default": "default"
+          "default": "custom-personal"
         },
         "frontend-software-url": {
           "title": "Frontend Software URL",
@@ -95,7 +95,7 @@
                   "type": "boolean",
                   "default": false
                 },
-                "kvm-name": {
+                "kvm-partition-name": {
                   "title": "Reference name in kvm instance definition to get url from.",
                   "description": "Compose url from kvm definition. Only work if 'use-nat' is true and 'service-port' is set. This will allow to get URL from defined nat-rules. Play the same as url, but help if you don't know kvm ipv6 yet.",
                   "type": "string",

software/kvm/instance-kvm-cluster.cfg.jinja2.in

 {% set publish_dict = {} -%}
+{% set part_list = [] -%}
+{% set ipv6 = (ipv6 | list)[0] -%}
 {% set frontend_dict = slapparameter_dict.get('frontend', {}) -%}
 {% set slave_frontend_dict = slapparameter_dict.get('slave-frontend', {}) -%}
 {% set slave_frontend_sr = slave_frontend_dict.get('software-url', 'http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg') -%}
-{% set slave_frontend_stype = slave_frontend_dict.get('software-type', 'default') -%}
+{% set slave_frontend_stype = slave_frontend_dict.get('software-type', 'custom-personal') -%}
 {% set slave_frontend_iguid = slave_frontend_dict.get('instance-guid', '') -%}
 {% set kvm_instance_dict = {} -%}
+{% set kvm_hostname_list = [] -%}
 
 [request-common]
 recipe = slapos.cookbook:request
@@ -59,6 +62,11 @@ config-external-disk-format = {{ dumps(kvm_parameter_dict.get('external-disk-for
 config-enable-http-server = {{ dumps(kvm_parameter_dict.get('enable-http-server', True)) }}
 config-httpd-port = {{ dumps(kvm_parameter_dict.get('httpd-port', 8081)) }}
 
+# Enable simple http server on ipv6 so all VMs will access it
+config-document-host = ${http-server:host}
+config-document-port = ${http-server:port}
+config-document-path = ${http-server:path}
+
 return = 
   backend-url
   url
@@ -71,6 +79,7 @@ return =
 {{ '  ' }}tap-ipv4
 
 {% do publish_dict.__setitem__('lan-' ~ instance_name, '${' ~ section ~ ':connection-tap-ipv4}') -%}
+{% do kvm_hostname_list.append(instance_name ~ ' ' ~ '${' ~ section ~ ':connection-tap-ipv4}') -%}
 {% endif -%}
 {% do publish_dict.__setitem__(instance_name ~ '-backend-url', '${' ~ section ~ ':connection-backend-url}') -%}
 {% do publish_dict.__setitem__(instance_name ~ '-url', '${' ~ section ~ ':connection-url}') -%}
@@ -104,7 +113,7 @@ name = Frontend {{ name }}
 software-type = {{ slave_frontend_stype }}
 slave = true
 config-url = {{ url }}
-config-domain = {{ dumps(frontend_parameter_dict.get('domain', '')) }}
+config-custom_domain = {{ dumps(frontend_parameter_dict.get('domain', '')) }}
 config-enable_cache = {{ dumps(frontend_parameter_dict.get('enable-cache', False)) }}
 config-https-only = {{ dumps(frontend_parameter_dict.get('https-only', False)) }}
 {%  if frontend_parameter_dict.get('type', '') -%}
@@ -122,18 +131,59 @@ sla-instance_guid = {{ slave_frontend_iguid }}
 {%   endif -%}
 {% endfor %}
 
+# Enable simple http server on ipv6 so all VMs will access it
+[directory]
+recipe = slapos.cookbook:mkdirectory
+etc = ${buildout:directory}/etc
+bin = ${buildout:directory}/bin
+srv = ${buildout:directory}/srv
+var = ${buildout:directory}/var
+log = ${:var}/log
+scripts = ${:etc}/run
+services = ${:etc}/service
+document = ${:srv}/document
+ssl = ${:etc}/ssl
+
+[http-ssl]
+recipe = plone.recipe.command
+command = "{{ openssl_executable_location }}" req -newkey rsa -batch -new -x509 -days 3650 -nodes -keyout "${:key}" -out "${:cert}"
+key = ${directory:ssl}/key
+cert = ${directory:ssl}/cert
+update-command = 
+stop-on-error = true
+
+[http-server]
+recipe = slapos.cookbook:simplehttpserver
+host = {{ ipv6 }}
+port = 9002
+base-path = ${directory:document}
+wrapper = ${directory:services}/simple-http-server
+log-file = ${directory:log}/http.log
+cert-file = ${http-ssl:cert}
+key-file = ${http-ssl:key}
+
+[write-vm-hostname]
+recipe = slapos.recipe.template:jinja2
+template = {{ template_content }}
+filename = hosts
+rendered = ${http-server:root-dir}/${:filename}
+context =
+    raw content_list {{ kvm_hostname_list | join('#') }}
+    raw sep #
+
 [publish]
 recipe = slapos.cookbook:publish
 {% for name, value in publish_dict.items() -%}
 {{   name }} = {{ value }}
 {% endfor %}
-{% set disk_number = len(storage_dict) -%}
-{% if disk_number > 0 -%}
-1_info = It is possible to mount up to {{ disk_number }} external disk to your virtual machine. See parameter 'external-disk-number'
-{% endif %}
 [buildout]
-parts = publish
-
+parts = 
+  http-server
+  write-vm-hostname
+  publish
+# Complete parts with sections
+  {{ part_list | join('\n  ') }}
+ 
 eggs-directory = {{ eggs_directory }}
 develop-eggs-directory = {{ develop_eggs_directory }}
 offline = true
\ No newline at end of file

software/kvm/instance-kvm.cfg.jinja2

@@ -16,6 +16,9 @@ parts =
   cron
 #  cron-entry-monitor
   frontend-promise
+{% if slapparameter_dict.get('document-host', '') %}
+  cluster-url-path
+{% endif -%}
 {% if slapparameter_dict.get('enable-http-server', 'False') == 'True' %}
   httpd
   httpd-promise
@@ -129,6 +132,15 @@ httpd-port = ${slap-parameter:httpd-port}
 {% else -%}
 httpd-port = 0
 {% endif -%}
+
+# Main instance document server info
+{% if slapparameter_dict.get('document-host', '') and slapparameter_dict.get('document-port', '') -%}
+cluster-doc-host = ${tunnel-cluster-url:ipv4}
+cluster-doc-port = ${tunnel-cluster-url:ipv4-port}
+{% else -%}
+cluster-doc-host = 
+cluster-doc-port = 0
+{% endif -%}
 netcat-binary = {{ netcat_bin }}
 
 [kvm-vnc-promise]
@@ -257,6 +269,8 @@ recipe = slapos.cookbook:publish
 ipv6 = ${slap-network-information:global-ipv6}
 backend-url = https://[${novnc-instance:ip}]:${novnc-instance:port}/vnc_auto.html?host=[${novnc-instance:ip}]&port=${novnc-instance:port}&encrypt=1&password=${kvm-instance:vnc-passwd}
 url = ${request-slave-frontend:connection-url}/vnc_auto.html?host=${request-slave-frontend:connection-domainname}&port=${request-slave-frontend:connection-port}&encrypt=1&path=${request-slave-frontend:connection-resource}&password=${kvm-instance:vnc-passwd}
+{% set disk_number = len(storage_dict) -%}
+maximum-extra-disk-amount = {{ disk_number }}
 {% set iface = 'eth0' -%}
 {% if slapparameter_dict.get('use-nat', 'True') == 'True' -%}
 {%   set iface = 'eth1' -%}
@@ -345,6 +359,28 @@ command =
   echo "${:local-ipv4}" > ${:path-ip}
 update-command = ${:command}
 
+# To access documents of main instance (in case of kvm-cluster) through http
+[cluster-url-path]
+recipe = slapos.recipe.template:jinja2
+template = {{ template_content }}
+filename = cluster.hash
+rendered = ${directory:public}/${:filename}
+hash-url = https://10.0.2.101:443/{{ slapparameter_dict.get('document-path', '') }}
+context =
+    key content_list :hash-url
+    raw sep #
+
+# This 6to4 tunnel help to access document url in ipv4
+[tunnel-cluster-url]
+recipe = slapos.cookbook:ipv4toipv6
+ipv6 = {{ slapparameter_dict.get('document-host', '') }}
+ipv4 = ${slap-network-information:local-ipv4}
+ipv6-port = {{ slapparameter_dict.get('document-port', '') }}
+ipv4-port = 16936
+shell-path = {{ dash_executable_location }}
+6tunnel-path = {{ sixtunnel_executable_location }}
+runner-path = ${directory:services}/6tunnel-cluster
+
 [slap-parameter]
 # Default values if not specified
 frontend-software-type = frontend

software/kvm/instance.cfg.in

@@ -55,6 +55,7 @@ context =
     key storage_dict slap-configuration:storage-dict
     key slapparameter_dict slap-configuration:configuration
     key computer_id slap-configuration:computer
+    raw openssl_executable_location ${openssl:location}/bin/openssl
     $${:extra-context}
 
 [dynamic-template-kvm-cluster-parameters]
@@ -65,6 +66,7 @@ template = ${template-kvm-cluster:location}/instance-kvm-cluster.cfg.jinja2.in
 filename = template-kvm-cluster.cfg
 extra-context =
   section parameter_dict dynamic-template-kvm-cluster-parameters
+  raw template_content ${template-content:location}/${template-content:filename}
 
 [dynamic-template-kvm]
 recipe = slapos.recipe.template:jinja2