Merge branch 'kvm-cluster'

13ba9dbe · Alain Takoudjou · 1ddbb2be · 667bb8c4 · 13ba9dbe · 13ba9dbe
Commit 13ba9dbe authored Apr 29, 2015 by Alain Takoudjou
11 changed files
--- a/component/netcat/buildout.cfg
+++ b/component/netcat/buildout.cfg
+[buildout]
+
+parts = netcat
+
+[netcat]
+recipe = slapos.recipe.cmmi
+url = http://sourceforge.net/projects/netcat/files/netcat/0.7.1/netcat-0.7.1.tar.gz
+md5sum = 088def25efe04dcdd1f8369d8926ab34
\ No newline at end of file
--- a/component/qemu-kvm/buildout.cfg
+++ b/component/qemu-kvm/buildout.cfg
@@ -55,9 +55,9 @@ configure-options =
 [debian-amd64-netinst.iso]
 # Download the installer of Debian 7 (Wheezy)
 recipe = hexagonit.recipe.download
-url = http://cdimage.debian.org/debian-cd/7.8.0/amd64/iso-cd/debian-7.8.0-amd64-netinst.iso
+url = http://cdimage.debian.org/debian-cd/8.0.0/amd64/iso-cd/debian-8.0.0-amd64-netinst.iso
 filename = ${:_buildout_section_name_}
-md5sum = a91fba5001cf0fbccb44a7ae38c63b6e 
+md5sum = d9209f355449fe13db3963571b1f52d4 
 download-only = true
 mode = 0644
 location = ${buildout:parts-directory}/${:_buildout_section_name_}

--- a/slapos/recipe/kvm/template/kvm_run.in
+++ b/slapos/recipe/kvm/template/kvm_run.in
@@ -11,6 +11,7 @@ import gzip
 import shutil
 from random import shuffle
 import glob
+import re

 # XXX: give all of this through parameter, don't use this as template, but as module
 qemu_img_path = '%(qemu-img-path)s'
@@ -43,6 +44,8 @@ disk_storage_dict = {}
 disk_storage_list = """%(disk-storage-list)s""".split('\n')
 map_storage_list = []
 etc_directory = '%(etc-directory)s'.strip()
+httpd_port = %(httpd-port)s
+netcat_bin = '%(netcat-binary)s'.strip()

 def md5Checksum(file_path):
    with open(file_path, 'rb') as fh:
@@ -132,9 +135,14 @@ if not os.path.exists(disk_path) and virtual_hard_drive_url != '':
  else:
    print('Warning: not checksum specified.')
  if downloaded_disk.endswith('.gz'):
-    with open(disk_path, 'w') as disk:
-      with gzip.open(downloaded_disk, 'rb') as disk_gz:
-        shutil.copyfileobj(disk_gz, disk)
+    try:
+      with open(disk_path, 'w') as disk:
+        with gzip.open(downloaded_disk, 'rb') as disk_gz:
+          shutil.copyfileobj(disk_gz, disk)
+    except Exception:
+      if os.path.exists(disk_path):
+        os.remove(disk_path)
+      raise
    os.remove(downloaded_disk)

 # Create disk if doesn't exist
@@ -191,6 +199,9 @@ if use_nat == 'True':
  number += 1
  rules = 'user,id=lan%%s,' %% number + ','.join('hostfwd=tcp:%%s:%%s-:%%s' %% (listen_ip,
                        int(port) + 10000, port) for port in nat_rules.split())
+  if httpd_port > 0:
+    rules += ',guestfwd=tcp:10.0.2.100:80-cmd:%%s %%s %%s' %% (netcat_bin,
+                                                        listen_ip, httpd_port)
  nat_network_parameter = ['-netdev', rules,
          '-device', 'e1000,netdev=lan%%s,mac=%%s' %% (number, mac_address)]
 if use_tap == 'True':
@@ -202,7 +213,10 @@ if use_tap == 'True':

 smp = smp_count
 if smp_options:
-  smp += ',%%s' %% smp_options
+  for option in smp_options.split(','):
+    key, val = option.split('=')
+    if key in ('cores', 'threads', 'sockets', 'maxcpus') and val.isdigit():
+      smp += ',%%s=%%s' %% (key, val)
 kvm_argument_list = [qemu_path,
  '-enable-kvm', '-smp', smp,
  '-m', ram_size, '-vga', 'std',
@@ -213,8 +227,10 @@ kvm_argument_list = [qemu_path,
  '-pidfile', pid_file_path,
 ]

+rgx = re.compile('^[\w*\,][\=\d+\-\,\w]*$')
 for numa in numa_list:
-  numa_parameter.extend(['-numa', numa])
+  if rgx.match(numa):
+    numa_parameter.extend(['-numa', numa])
 kvm_argument_list += numa_parameter

 if tap_network_parameter == [] and nat_network_parameter == []:

--- a/slapos/recipe/softwaretype.py
+++ b/slapos/recipe/softwaretype.py
@@ -115,9 +115,13 @@ class Recipe:
    cert_file = slap_connection.get('cert_file')
    instance_root = self.buildout['buildout']['directory']
    storage_configuration_dict = self.buildout.get('storage-configuration')
+    network_dict = self.buildout.get('network-information')
    storage_home = ''
+    global_ipv4_network = ''
    if storage_configuration_dict:
      storage_home = storage_configuration_dict.get('storage-home')
+    if network_dict:
+      global_ipv4_network = network_dict.get('global-ipv4-network')
    slap.initializeConnection(server_url, key_file, cert_file)
    self.computer_partition = slap.registerComputerPartition(
      computer_id,
@@ -173,6 +177,8 @@ class Recipe:
    buildout.set('slap-network-information', 'tap-gateway', tap_gateway)
    buildout.set('slap-network-information', 'tap-netmask', tap_netmask)
    buildout.set('slap-network-information', 'tap-network', tap_network)
+    buildout.set('slap-network-information', 'global-ipv4-network',
+                                                          global_ipv4_network)

    # Copy/paste slap_connection
    buildout.add_section('slap-connection')

--- a/software/kvm/common.cfg
+++ b/software/kvm/common.cfg
@@ -11,6 +11,7 @@ extends =
  ../../component/noVNC/buildout.cfg
  ../../component/openssl/buildout.cfg
  ../../component/dcron/buildout.cfg
+  ../../component/netcat/buildout.cfg
  ../../stack/slapos.cfg
  ../../stack/nodejs.cfg
  ../../stack/resilient/buildout.cfg
@@ -85,7 +86,7 @@ command =
 [template]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance.cfg.in
-md5sum = d2413a9d4978092e939418748585bbb3
+md5sum = ba30f71c132c600d7d5a884d2090b36b
 output = ${buildout:directory}/template.cfg
 mode = 0644

@@ -93,7 +94,7 @@ mode = 0644
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/instance-kvm.cfg.jinja2
 mode = 644
-md5sum = c8f69039aff15e20447c6e522267c152
+md5sum = ba2be2e288c662b1566550132c0ca6a7
 download-only = true
 on-update = true

@@ -101,7 +102,7 @@ on-update = true
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/instance-kvm-cluster.cfg.jinja2.in
 mode = 644
-md5sum = a5c1f0620510a979daf8fd60120f6253
+md5sum = c0c839198bd4450885de865570b6f406
 download-only = true
 on-update = true

@@ -165,3 +166,24 @@ url = ${:_profile_base_location_}/instance-frontend.cfg.in
 md5sum = cdb690495e9eb007d2b7d2f8e12f5c59
 output = ${buildout:directory}/template-frontend.cfg
 mode = 0644
+
+[template-apache-conf]
+recipe = hexagonit.recipe.download
+url = ${:_profile_base_location_}/template/apache.conf.in
+mode = 644
+filename = apache.conf.in
+md5sum = 91f05377aff35ffbac7f2687e90b5dcc
+download-only = true
+on-update = true
+
+[template-httpd]
+recipe = slapos.recipe.template:jinja2
+filename = template-httpd.cfg
+template = ${:_profile_base_location_}/instance-kvm-http.cfg.in
+rendered = ${buildout:parts-directory}/${:_buildout_section_name_}/instance-kvm-http.cfg
+md5sum = 84b96dfc78e8d2611bf7210b8b6bb9c5
+context =
+    key apache_location apache:location
+    raw template_apache_conf ${template-apache-conf:location}/${template-apache-conf:filename}
+
+
--- a/software/kvm/instance-kvm-cluster-input-schema.json
+++ b/software/kvm/instance-kvm-cluster-input-schema.json
@@ -72,7 +72,7 @@
                  "default": ""
                },
                "enable-cache": {
-                  "title": "Specify if cached will be used for this slave frontend.",
+                  "title": "Use cache for this slave frontend.",
                  "description": "Specify if slave frontend should use a squid to connect to backend.",
                  "type": "boolean",
                  "default": false
@@ -84,32 +84,33 @@
                  "default": "default"
                },
                "zope-path": {
-                  "title": "Specify path to the VirtualHostRoot of the zope.",
+                  "title": "Path to the VirtualHostRoot of the zope.",
                  "description": "Only used if type is 'zope'. Will append the specified path to the VirtualHostRoot of the zope's VirtualHostMonster.",
                  "type": "string",
                  "default": ""
                },
                "https-only": {
-                  "title": "Specify if website should be accessed using https only.",
+                  "title": "Access website with https url only.",
                  "description": "Specify if website should be accessed using https only. If so, the frontend will redirect the user to https if accessed from http.",
                  "type": "boolean",
                  "default": false
                },
-                "kvm-partition-name": {
-                  "title": "Reference name in 'kvm-partition-dict' to get IPv6 for slave frontend from.",
-                  "description": "Only work if 'use-nat' is true and 'service-port' is set. This will allow to get URL from defined nat-rules. Play the same as url.",
+                "kvm-name": {
+                  "title": "Reference name in kvm instance definition to get url from.",
+                  "description": "Compose url from kvm definition. Only work if 'use-nat' is true and 'service-port' is set. This will allow to get URL from defined nat-rules. Play the same as url, but help if you don't know kvm ipv6 yet.",
                  "type": "string",
                  "default": ""
                },
                "service-port": {
-                  "title": "Specify the port of service to run in VM.",
-                  "description": "This will allow to get URL from defined nat-rules. The port should exist in nat-rules of KVM referenced by 'kvm-partition-name'",
+                  "title": "Port of service into the VM (require: kvm-name).",
+                  "description": "This will allow to get URL from defined nat-rules. The port should exist in nat-rules of KVM you have referenced by 'kvm-partition-name'",
                  "type": "number"
                },
                "url-scheme": {
-                  "title": "Say If HTTP service to run into the Virtual Machine will use http or https.",
-                  "description": "Say If HTTP service to run into the Virtual Machine will use http or https. Possible values: http, https",
+                  "title": "Scheme of HTTP service into the VM (require: kvm-name).",
+                  "description": "Say If HTTP service to run/or running into the Virtual Machine will use http or https. Possible values: http, https.",
                  "type": "string",
+                  "enum": ["http", "https"],
                  "default": "http"
                }
              },
@@ -127,6 +128,12 @@
      "patternProperties": {
        ".*": {
          "properties": {
+            "computer-guid": {
+              "title": "ID of the computer where to deploy this VM.",
+              "description": "Unique identifier of the computer, like \"COMP-1234\". By default, let Master choose a computer.",
+              "type": "string",
+              "default": ""
+            },
            "ram-size": {
              "title": "RAM size",
              "description": "RAM size, in MB.",
@@ -167,17 +174,17 @@
              "maximum": 8
            },
            "cpu-options": {
-              "title": "Additional options (cores, threads, sockets, maxcpus) to use with cpu-count.",
-              "description": "Additional options to use with cpu-count. Options are separated by coma: [cores=cores][,threads=threads][,sockets=sockets][,maxcpus=maxcpus]. Only set this option if you really know what you're doing.",
+              "title": "CPU Additional options: cores, threads, sockets, maxcpus.",
+              "description": "Additional options to use with cpu-count. Options are separated by coma: [cores=cores][,threads=threads][,sockets=sockets][,maxcpus=maxcpus]. Set this option if you know what you're doing.",
              "type": "string"
            },
            "numa": {
-              "title": "Simulate a multi node NUMA system. If mem and cpus are omitted, resources are split equally.",
-              "description": "Simulate a multi node NUMA system. If mem and cpus are omitted, resources are split equally. Each numa option are separated by space: node,nodeid=4,cpus=40-49,mem=64g node,nodeid=1,cpus=10-19,mem=128g. Only set this option if you really know what you're doing.",
+              "title": "Simulate a multi node NUMA system.",
+              "description": "Simulate a multi node NUMA system. If mem and cpus are omitted, resources are split equally. Each numa option are separated by space: node,nodeid=4,cpus=40-49,mem=64g node,nodeid=1,cpus=10-19,mem=128g. Set this option if you know what you're doing.",
              "type": "string"
            },
            "nbd-host": {
-              "title": "NBD hostname",
+              "title": "NBD hostname or IP",
              "description": "hostname (or IP) of the NBD server containing the boot image.",
              "type": "string",
              "format": [
@@ -196,7 +203,7 @@
              "maximum": 65535
            },
            "nbd2-host": {
-              "title": "Second NBD hostname",
+              "title": "Second NBD hostname or IP",
              "description": "hostname (or IP) of the second NBD server (containing drivers for example).",
              "type": "string",
              "format": [
@@ -224,7 +231,7 @@
              "type": "string"
            },
            "virtual-hard-drive-gzipped": {
-              "title": "Define if virtual hard drive to download is gzipped",
+              "title": "Virtual hard drive to download is gzipped",
              "description": "Define if virtual hard drive to download is gzipped using gzip. This help to reduce size of file to download.",
              "type": "boolean",
              "default": false
@@ -234,12 +241,11 @@
              "description": "Specify the number of additional disk to create for virtual machine in data folder of SlapOS Node. Requires instance_storage_home to be configured on SlapOS Node.",
              "type": "integer",
              "minimum": 0,
-              "maximum": 4,
              "default": 0
            },
            "external-disk-size": {
-              "title": "Number of additional disk to create for virtual machine, in Gigabytes",
-              "description": "Specify the number of additional disk to create for virtual machine in data folder of SlapOS Node. Requires instance_storage_home to be configured on SlapOS Node.",
+              "title": "Size of additional disk to create for virtual machine, in Gigabytes",
+              "description": "Specify the size of additional disk to create for virtual machine in data folder of SlapOS Node. Requires instance_storage_home to be configured on SlapOS Node.",
              "type": "integer",
              "minimum": 10,
              "maximum": 100,
@@ -256,7 +262,7 @@
              "title": "Use QEMU TAP network interface",
              "description": "Use QEMU TAP network interface, might require a bridge on SlapOS Node.",
              "type": "boolean",
-              "default": false
+              "default": true
            },
            "use-nat": {
              "title": "Use QEMU USER Mode networking",
@@ -266,7 +272,7 @@
            },
            "nat-rules": {
              "title": "List of rules for NAT of QEMU user mode network stack.",
-              "description": "List of rules for NAT of QEMU user mode network stack, as comma-separated list of ports. For each port specified, it will redirect port x of the VM (example: 80) to the port x + 10000 of the public IPv6 (example: 10080). Defaults to \"22 80 443\". Ignored if \"use-tap\" parameter is enabled.",
+              "description": "List of rules for NAT of QEMU user mode network stack, as comma-separated list of ports. For each port specified, it will redirect port x of the VM (example: 80) to the port x + 10000 of the public IPv6 (example: 10080). Defaults to \"22 80 443\".",
              "type": "array",
              "default": [
                22,

--- a/software/kvm/instance-kvm-cluster.cfg.jinja2.in
+++ b/software/kvm/instance-kvm-cluster.cfg.jinja2.in
@@ -24,7 +24,7 @@ config-use-ipv6 = {{ dumps(slapparameter_dict.get('use-ipv6', False)) }}
 <= request-common
 software-type = kvm
 name = {{ instance_name }}
-sla-computer_guid = {{ dumps(kvm_parameter_dict.get('computer-guid', computer_id)) }}
+sla-computer_guid = {{ dumps(kvm_parameter_dict.get('computer-guid', '')) }}

 config-frontend-instance-name = {{ instance_name ~ ' VNC Frontend' }}
 config-frontend-software-type = {{ dumps(frontend_dict.get('software-type', 'frontend')) }}
@@ -45,13 +45,16 @@ config-numa = {{ dumps(kvm_parameter_dict.get('numa', '')) }}
 config-nat-rules = {{ nat_rules_list | join(' ') }}
 config-publish-nat-url = True
 config-use-nat = {{ use_nat }}
-config-use-tap = {{ dumps(kvm_parameter_dict.get('use-tap', False)) }}
+config-use-tap = {{ dumps(kvm_parameter_dict.get('use-tap', True)) }}
 config-virtual-hard-drive-url = {{ dumps(kvm_parameter_dict.get('virtual-hard-drive-url', '')) }}
 config-virtual-hard-drive-md5sum = {{ dumps(kvm_parameter_dict.get('virtual-hard-drive-md5sum', '')) }}
 config-virtual-hard-drive-gzipped = {{ dumps(kvm_parameter_dict.get('virtual-hard-drive-gzipped', False)) }}
 config-external-disk-number = {{ dumps(kvm_parameter_dict.get('external-disk-number', 0)) }}
 config-external-disk-size = {{ dumps(kvm_parameter_dict.get('external-disk-size', 20)) }}
 config-external-disk-format = {{ dumps(kvm_parameter_dict.get('external-disk-format', 'qcow2')) }}
+config-enable-http-server = {{ dumps(kvm_parameter_dict.get('enable-http-server', True)) }}
+config-httpd-port = {{ dumps(kvm_parameter_dict.get('httpd-port', 8081)) }}
+
 return = 
  backend-url
  url
@@ -60,6 +63,11 @@ return =
 {{ '  ' }}nat-rule-url-{{ port }}
 {%   endfor -%}
 {% endif -%}
+{% if kvm_parameter_dict.get('use-tap', True) -%}
+{{ '  ' }}tap-ipv4
+
+{% do publish_dict.__setitem__('lan-' ~ instance_name, '${' ~ section ~ ':connection-tap-ipv4}') -%}
+{% endif -%}
 {% do publish_dict.__setitem__(instance_name ~ '-backend-url', '${' ~ section ~ ':connection-backend-url}') -%}
 {% do publish_dict.__setitem__(instance_name ~ '-url', '${' ~ section ~ ':connection-url}') -%}
 {% do kvm_instance_dict.__setitem__(instance_name, (kvm_parameter_dict.get('use-nat', True), nat_rules_list)) -%}
@@ -116,8 +124,9 @@ recipe = slapos.cookbook:publish
 {{   name }} = {{ value }}
 {% endfor %}
 {% set disk_number = len(storage_dict) -%}
+{% if disk_number > 0 -%}
 1_info = It is possible to mount up to {{ disk_number }} external disk to your virtual machine. See parameter 'external-disk-number'
-
+{% endif %}
 [buildout]
 parts = publish


--- a/software/kvm/instance-kvm-http.cfg.in
+++ b/software/kvm/instance-kvm-http.cfg.in
+[buildout]
+
+parts = 
+  httpd
+  httpd-promise
+
+[directory]
+recipe = slapos.cookbook:mkdirectory
+etc = ${buildout:directory}/etc
+bin = ${buildout:directory}/bin
+srv = ${buildout:directory}/srv
+public = ${:srv}/public/
+log = ${:var}/log
+services = ${:etc}/service
+promises = ${:etc}/promise
+run = ${:var}/run
+
+[apache-conf]
+recipe = slapos.recipe.template:jinja2
+template = {{ template_apache_conf }}
+rendered = ${directory:etc}/apache.conf
+#ipv6 = ${slap-network-information:global-ipv6}
+ipv4 = ${slap-network-information:local-ipv4}
+port = ${slap-parameter:httpd-port}
+error-log = ${directory:log}/apache-error.log
+access-log = ${directory:log}/apache-access.log
+pid-file = ${directory:run}/apache.pid
+index = ${directory:public}
+context = 
+  key port :port
+  key ip :ipv4
+  key access_log :access-log
+  key error_log :error-log
+  key pid_file :pid-file
+  key index_folder :index
+
+[httpd]
+recipe = slapos.cookbook:wrapper
+wrapper-path = ${directory:services}/httpd
+command-line = "{{ apache_location }}/bin/httpd" -f "${apache-conf:rendered}" -DFOREGROUND
+
+[httpd-promise]
+recipe = slapos.cookbook:check_port_listening
+path = ${directory:promises}/apache-httpd
+hostname = ${apache-conf:ipv4}
+port = ${apache-conf:port}
\ No newline at end of file
--- a/software/kvm/instance-kvm.cfg.jinja2
+++ b/software/kvm/instance-kvm.cfg.jinja2
@@ -15,6 +15,13 @@ parts =
  cron
 #  cron-entry-monitor
  frontend-promise
+{% if slapparameter_dict.get('enable-http-server', 'False') == 'True' %}
+  httpd
+  httpd-promise
+
+extends = 
+  {{ template_httpd_cfg }}
+{% endif -%}

 eggs-directory = {{ eggs_directory }}
 develop-eggs-directory = {{ develop_eggs_directory }}
@@ -33,6 +40,7 @@ promises = ${:etc}/promise
 novnc-conf = ${:etc}/novnc
 run = ${:var}/run
 ca-dir = ${:srv}/ssl
+public = ${:srv}/public/
 cron-entries = ${:etc}/cron.d
 crontabs = ${:etc}/crontabs
 cronstamps = ${:etc}/cronstamps
@@ -114,6 +122,13 @@ external-disk-number = ${slap-parameter:external-disk-number}
 external-disk-size = ${slap-parameter:external-disk-size}
 external-disk-format = ${slap-parameter:external-disk-format}

+{% if slapparameter_dict.get('enable-http-server', 'False') == 'True' or ( slapparameter_dict.get('use-tap', 'False') == 'True' and tap_network_dict.has_key('ipv4') ) -%}
+httpd-port = ${slap-parameter:httpd-port}
+{% else -%}
+httpd-port = 0
+{% endif -%}
+netcat-binary = {{ netcat_bin }}
+
 [kvm-vnc-promise]
 recipe = slapos.cookbook:check_port_listening
 path = ${directory:promises}/vnc_promise
@@ -254,11 +269,35 @@ nat-rule-url-{{port}} = [${slap-network-information:global-ipv6}]:{{external_por
 {%     endif -%}
 {%   endfor -%}
 {% endif -%}
+{% if slapparameter_dict.get('use-tap', 'False') == 'True' -%}
+tap-ipv4 = ${slap-network-information:tap-ipv4}
+{% endif -%}
 {% if slapparameter_dict.get('use-tap', 'False') == 'True' and tap_network_dict.has_key('ipv4') -%}
 1_info = Use these configurations below to configure interface {{ iface }} in your VM.
-2_info = ifconfig {{ iface }} ${slap-network-information:tap-ipv4} netmask ${slap-network-information:tap-netmask}
-3_info = route add -host ${slap-network-information:tap-gateway} dev {{ iface }}
-4_info = route add -net ${slap-network-information:tap-network} netmask ${slap-network-information:tap-netmask} gw ${slap-network-information:tap-gateway}
+2_info = ${network-config:ifconfig}
+3_info = ${network-config:route-iface}
+4_info = ${network-config:route-network}
+5_info = ${network-config:route-default}
+6_info = In your VM you can run the command: wget -O- http://10.0.2.100/netconfig.sh | /bin/sh -
+
+[network-config]
+recipe = plone.recipe.command
+path = ${directory:public}/netconfig.sh
+ifconfig = ifconfig {{ iface }} ${slap-network-information:tap-ipv4} netmask ${slap-network-information:tap-netmask}
+route-iface = route add ${slap-network-information:tap-gateway} dev {{ iface }}
+route-network = route add -net ${slap-network-information:tap-network} netmask ${slap-network-information:tap-netmask} gw ${slap-network-information:tap-gateway}
+{%   if iface == 'eth0' -%}
+route-default = route add default gw ${slap-network-information:tap-gateway}
+{%   elif global_ipv4_prefix -%}
+route-default = ip route add {{ global_ipv4_prefix }} via ${slap-network-information:tap-gateway} dev {{ iface }} src ${slap-network-information:tap-ipv4}
+{%   endif -%}
+command = 
+  echo "#!/bin/sh" > ${:path}
+  echo "" >> ${:path}
+  echo "${:ifconfig}" >> ${:path}
+  echo "${:route-iface}" >> ${:path}
+  echo "${:route-network}" >> ${:path}
+  echo "${:route-default}" >> ${:path}
 {% endif -%}


@@ -294,3 +333,6 @@ virtual-hard-drive-gzipped = False
 external-disk-number = 0
 external-disk-size = 20
 external-disk-format = qcow2
+
+enable-http-server = False
+httpd-port = 8081
--- a/software/kvm/instance.cfg.in
+++ b/software/kvm/instance.cfg.in
@@ -26,6 +26,9 @@ pull-backup = ${template-pull-backup:output}
 # XXX - If this configuration is not generated by slapgrid, use empty values
 [storage-configuration]
 storage-home = 
+  
+[network-information]
+global-ipv4-network = 

 [slap-configuration]
 recipe = slapos.cookbook:slapconfiguration.serialised
@@ -47,6 +50,7 @@ context =
    key eggs_directory buildout:eggs-directory
    key ipv4 slap-configuration:ipv4
    key ipv6 slap-configuration:ipv6
+    key global_ipv4_prefix network-information:global-ipv4-network
    key tap_network_dict slap-configuration:tap-network-information-dict
    key storage_dict slap-configuration:storage-dict
    key slapparameter_dict slap-configuration:configuration
@@ -70,6 +74,7 @@ extensions = jinja2.ext.do
 context =
    key develop_eggs_directory buildout:develop-eggs-directory
    key eggs_directory buildout:eggs-directory
+    key global_ipv4_prefix network-information:global-ipv4-network
    key slapparameter_dict slap-configuration:configuration
    key storage_dict slap-configuration:storage-dict
    key tap_network_dict slap-configuration:tap-network-information-dict
@@ -78,10 +83,12 @@ context =
    raw dcron_executable_location ${dcron:location}/sbin/crond
    raw debian_amd64_netinst_location ${debian-amd64-netinst.iso:location}/${debian-amd64-netinst.iso:filename}
    raw novnc_location ${noVNC:location}
+    raw netcat_bin ${netcat:location}/bin/netcat
    raw openssl_executable_location ${openssl:location}/bin/openssl
    raw qemu_executable_location ${kvm:location}/bin/qemu-system-x86_64
    raw qemu_img_executable_location ${kvm:location}/bin/qemu-img
    raw sixtunnel_executable_location ${6tunnel:location}/bin/6tunnel
+    raw template_httpd_cfg ${template-httpd:rendered}
    raw websockify_executable_location ${buildout:directory}/bin/websockify
 template-parts-destination = ${template-parts:destination}
 template-replicated-destination = ${template-replicated:destination}

--- a/software/kvm/template/apache.conf.in
+++ b/software/kvm/template/apache.conf.in
+ServerLimit 2
+StartServers 1
+MaxClients 2
+
+LoadModule unixd_module modules/mod_unixd.so
+LoadModule access_compat_module modules/mod_access_compat.so
+LoadModule authz_core_module modules/mod_authz_core.so
+LoadModule authz_host_module modules/mod_authz_host.so
+LoadModule log_config_module modules/mod_log_config.so
+LoadModule setenvif_module modules/mod_setenvif.so
+LoadModule version_module modules/mod_version.so
+LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
+LoadModule ssl_module modules/mod_ssl.so
+LoadModule mime_module modules/mod_mime.so
+LoadModule headers_module modules/mod_headers.so
+LoadModule autoindex_module modules/mod_autoindex.so
+
+Listen {{ ip }}:{{ port }}
+
+PidFile "{{ pid_file }}"
+ServerAdmin admin@
+TypesConfig conf/mime.types
+AddType application/x-compress .Z
+AddType application/x-gzip .gz .tgz
+
+ServerTokens Prod
+ServerSignature Off
+TraceEnable Off
+
+ErrorLog "{{ error_log }}"
+# Default apache log format with request time in microsecond at the end
+LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
+CustomLog "{{ access_log }}" combined
+SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
+
+# Directory protection
+<Directory />
+    Options FollowSymLinks
+    AllowOverride None
+    Require all denied
+</Directory>
+
+DocumentRoot {{ index_folder }}
+<Directory {{ index_folder }}>
+  Options Indexes FollowSymLinks
+  Require ip {{ ip }}
+  # Require env forwarded '{{ ip }}'
+  Require all denied
+</Directory>
\ No newline at end of file