Commit 970aedc0 by Cédric de Saint Martin

Merge branch 'master' into slaprunner

2 parents 4938f31c 029c69e9
Showing 192 changed files with 5646 additions and 667 deletions
Changes
=======
0.71.1 (2013-01-04)
-------------------
* Frontend: Sort instances by reference to avoid attacks. [Cedric de Saint
Martin]
* Frontend: Add public_ipv4 parameter support to ease deployment of slave
frontend. [Cedric de Saint Martin]
* Frontend: Move apache_frontend wrappers to watched directory (etc/service).
[Cedric de Saint Martin]
* Frontend: Add native path to varnish environment. [Cedric de Saint Martin]
0.71 (2012-12-20)
-----------------
* frontend: Add "path" parameter for Zope instances. [Cedric de Saint Martin]
0.70 (2012-11-05)
-----------------
......
......@@ -87,7 +87,7 @@ configure-options = --prefix=${buildout:parts-directory}/${:_buildout_section_na
environment =
PATH=${pkgconfig:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${openssl:location}/lib/pkgconfig
CPPFLAGS =-I${libuuid:location}/include
CPPFLAGS =-I${libuuid:location}/include -I${openssl:location}/include
LDFLAGS =-Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${openssl:location}/lib -L${libuuid:location}/lib -Wl,-rpath=${libuuid:location}/lib -Wl,-rpath=${libexpat:location}/lib -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${sqlite3:location}/lib -Wl,-rpath=${gdbm:location}/lib
[mod_antiloris-apache-2.4.patch]
......
......@@ -5,7 +5,7 @@ parts = busybox
[busybox]
recipe = slapos.recipe.build
url = http://git.busybox.net/busybox/snapshot/busybox-1_20_1.tar.gz
md5sum = 15758fc37ae8051d6def1b8afb691821
md5sum = 2dcfee8add6b9c52d6a91e97ba705b66
script =
extract_dir = self.extract(self.download(%(url)r, %(md5sum)r))
workdir = guessworkdir(extract_dir)
......
......@@ -10,10 +10,10 @@ parts =
cclient
[cclient-patch]
recipe = slapos.recipe.download
recipe = hexagonit.recipe.download
download-only = true
url = ${:_profile_base_location_}/imap-2007f.patch
md5sum = 42c77fdd5d7a976fc302b93aadb3da98
location = ${buildout:parts-directory}/${:_buildout_section_name_}
filename = imap-2007f.patch
[cclient]
......
......@@ -3,6 +3,7 @@ parts =
liberation-fonts
ipaex-fonts
ipa-fonts
ocrb-fonts
[fonts]
location = ${buildout:parts-directory}/${:_buildout_section_name_}
......@@ -32,3 +33,10 @@ strip-top-level-dir = true
url = http://info.openlab.ipa.go.jp/ipafont/fontdata/IPAfont00303.zip
md5sum = 39a828acf27790adbe4944dfb4d94bb1
destination = ${fonts:location}/${:_buildout_section_name_}
[ocrb-fonts]
recipe = hexagonit.recipe.download
strip-top-level-dir = true
url = http://sourceforge.jp/frs/redir.php?m=jaist&f=%2Ftsukurimashou%2F56948%2Focr-0.2.zip
md5sum = 9f2acd83291a31dbe053912f4115db75
destination = ${fonts:location}/${:_buildout_section_name_}
......@@ -28,9 +28,8 @@ filename = imagemagick-6.6.6-1-no-gsx-gsc-probe.patch
[imagemagick]
recipe = hexagonit.recipe.cmmi
#url = ftp://ftp.imagemagick.org/pub/ImageMagick/ImageMagick-6.7.8-8.tar.bz2
url = http://ftp.vim.org/ImageMagick/ImageMagick-6.7.8-8.tar.bz2
md5sum = 4e5c8f102f3e7401587c924f5b4bca15
url = http://ftp.vim.org/ImageMagick/ImageMagick-6.8.1-9.tar.bz2
md5sum = cde56988f9d2208d9d61815cc23665b4
depends =
${libtiff:version}
${librsvg:version}
......
......@@ -3,8 +3,10 @@
[buildout]
extends =
../bzip2/buildout.cfg
../imagemagick/buildout.cfg
../jbigkit/buildout.cfg
../zlib/buildout.cfg
parts =
libdmtx
dmtx-utils
......@@ -26,4 +28,4 @@ environment =
PATH=${pkgconfig:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${imagemagick:location}/lib/pkgconfig:${libdmtx:location}/lib/pkgconfig
CPPFLAGS=-I${libdmtx:location}/include
LDFLAGS=-Wl,-rpath=${jbigkit:location}/lib
LDFLAGS=-Wl,-rpath=${jbigkit:location}/lib -Wl,-rpath=${bzip2:location}/lib -Wl,-rpath=${zlib:location}/lib
......@@ -46,4 +46,4 @@ script =
# helper binaries
cpio = ${cpio:location}/bin/cpio
rpm2cpio = ${rpm2cpio:target}
rpm2cpio = ${rpm2cpio:destination}
......@@ -14,7 +14,8 @@ url = http://ftp.gnome.org/pub/gnome/sources/libcroco/0.6/libcroco-0.6.3.tar.bz2
md5sum = e1e93eeff4367c896f3959af34ba20eb
environment =
PATH=${pkgconfig:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${pkgconfig:location}/lib/pkgconfig:${libxml2:location}/lib/pkgconfig:${glib:location}/lib/pkgconfig
PKG_CONFIG_PATH=${pkgconfig:location}/lib/pkgconfig:${libxml2:location}/lib/pkgconfig:${glib:location}/lib/pkgconfig:${zlib:location}/lib/pkgconfig
LDFLAGS=-Wl,-rpath=${zlib:location}/lib
[librsvg]
recipe = hexagonit.recipe.cmmi
......@@ -36,4 +37,4 @@ configure-options =
environment =
PATH=${gdk-pixbuf:location}/bin:${glib:location}/bin:${libxml2:location}/bin:${pkgconfig:location}/bin:${pango:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${cairo:location}/lib/pkgconfig:${fontconfig:location}/lib/pkgconfig:${freetype:location}/lib/pkgconfig:${gdk-pixbuf:location}/lib/pkgconfig:${glib:location}/lib/pkgconfig:${kbproto:location}/lib/pkgconfig:${libX11:location}/lib/pkgconfig:${libpng:location}/lib/pkgconfig:${libXau:location}/lib/pkgconfig:${libXrender:location}/lib/pkgconfig:${libcroco:location}/lib/pkgconfig:${libxcb:location}/lib/pkgconfig:${libxml2:location}/lib/pkgconfig:${pango:location}/lib/pkgconfig:${pixman:location}/lib/pkgconfig:${zlib:location}/lib/pkgconfig:${xorg-libpthread-stubs:location}/lib/pkgconfig:${xproto:location}/lib/pkgconfig
LDFLAGS=-L${bzip2:location}/lib -Wl,-rpath=${bzip2:location}/lib
LDFLAGS=-L${bzip2:location}/lib -Wl,-rpath=${bzip2:location}/lib -Wl,-rpath=${zlib:location}/lib
......@@ -9,11 +9,9 @@ parts =
[libtiff]
recipe = hexagonit.recipe.cmmi
version = 4.0.2
version = 4.0.3
url = http://download.osgeo.org/libtiff/tiff-${:version}.tar.gz
# server is down - circumvent
#url = http://www.imagemagick.org/download/delegates/tiff-${:version}.tar.gz
md5sum = 04a08fa1e07e696e820a0c3f32465a13
md5sum = 051c1068e6a0627f461948c365290410
configure-options =
--disable-static
--without-x
......
......@@ -3,6 +3,7 @@
extends =
../cmake/buildout.cfg
../glib/buildout.cfg
../pkgconfig/buildout.cfg
../openssl/buildout.cfg
../pcre/buildout.cfg
../mariadb/buildout.cfg
......@@ -22,6 +23,7 @@ buildout-bin-dir = ${buildout:bin-directory}
cmake-command = ${cmake:location}/bin/cmake
mysql-config = ${mariadb:location}/bin/mysql_config
mysqllib = ${mariadb:location}/lib
path = ${pkgconfig:location}/bin
pkg-config-path = ${glib:location}/lib/pkgconfig/:${pcre:location}/lib/pkgconfig/:${openssl:location}/lib/pkgconfig/
libraries = ${zlib:location}/lib/:${glib:location}/lib/:${pcre:location}/lib/:${mariadb:location}/lib/:${openssl:location}/lib/
includes = ${zlib:location}/include/:${glib:location}/include/:${pcre:location}/include/:${mariadb:location}/include:${openssl:location}/include/
......@@ -39,7 +41,7 @@ script =
extract_dir = self.extract(url)
workdir = guessworkdir(extract_dir)
self.applyPatchList(self.options['mydumper-patches'], cwd=workdir)
env['PATH'] = self.options['buildout-bin-dir'] + ':' + env.get('PATH', '')
env['PATH'] = self.options['path'] + ':' + self.options['buildout-bin-dir'] + ':' + env.get('PATH', '')
env['PKG_CONFIG_PATH'] = self.options['pkg-config-path'] + ':' + \
env.get('PKG_CONFIG_PATH', '')
env['CMAKE_INCLUDE_PATH'] = self.options['includes']
......
......@@ -3,7 +3,7 @@ parts =
noVNC
[noVNC]
recipe = slapos.recipe.build:download-unpacked
recipe = hexagonit.recipe.download
url = http://cloud.github.com/downloads/kanaka/noVNC/novnc-0.4.tar.gz
md5sum = 5703d5d46022d8723796dcbbf821ee7f
strip-top-level-dir = true
......@@ -9,6 +9,9 @@ extends =
../glib/buildout.cfg
../popt/buildout.cfg
[pkg-config]
<= pkgconfig
[pkgconfig]
recipe = hexagonit.recipe.cmmi
url = ftp://mirror.ovh.net/gentoo-distfiles/distfiles/pkg-config-0.26.tar.gz
......
......@@ -5,12 +5,28 @@ extends =
../zlib/buildout.cfg
../ncurses/buildout.cfg
parts = postgresql
[postgresql]
<= postgresql92
[postgresql91]
recipe = hexagonit.recipe.cmmi
url = http://ftp.postgresql.org/pub/source/v9.1.6/postgresql-9.1.6.tar.bz2
md5sum = 000755f66c0de58bbd4cd2b89b45b8e2
url = http://ftp.postgresql.org/pub/source/v9.1.7/postgresql-9.1.7.tar.bz2
md5sum = eaf7b67493d59d1a60767ffdfbd65ce9
configure-options = --with-openssl
environment =
CPPFLAGS=-I${zlib:location}/include -I${readline:location}/include -I${openssl:location}/include -I${ncurses:location}/lib
LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${readline:location}/lib -Wl,-rpath=${readline:location}/lib -L${openssl:location}/lib -Wl,-rpath=${openssl:location}/lib -L${ncurses:location}/lib -Wl,-rpath=${ncurses:location}/lib
[postgresql92]
recipe = hexagonit.recipe.cmmi
url = http://ftp.postgresql.org/pub/source/v9.2.2/postgresql-9.2.2.tar.bz2
md5sum = 1cc388988e69bf75c6b55d59070100f6
configure-options = --with-openssl
environment =
CPPFLAGS=-I${zlib:location}/include -I${readline:location}/include -I${openssl:location}/include -I${ncurses:location}/lib
LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${readline:location}/lib -Wl,-rpath=${readline:location}/lib -L${openssl:location}/lib -Wl,-rpath=${openssl:location}/lib -L${ncurses:location}/lib -Wl,-rpath=${ncurses:location}/lib
......@@ -2,7 +2,8 @@
parts = python-setuptools
[setuptools-download]
recipe = slapos.recipe.build:download
recipe = hexagonit.recipe.download
download-only = true
filename = setuptools-0.6c11-py2.7.egg
url = http://pypi.python.org/packages/2.7/s/setuptools/${:filename}
md5sum = fe1f997bc722265116870bc7919059ea
......
......@@ -3,6 +3,7 @@ parts =
rpm2cpio
[rpm2cpio]
recipe = slapos.recipe.build:download
recipe = hexagonit.recipe.download
download-only = true
url = https://raw.github.com/ruda/rpm2cpio/e196173f1f6b746463b7398e381b94a42edfa345/rpm2cpio.py
md5sum = c5bb6227d99e1ff5df880f997cbed2e3
##############################################################################
#
# Copyright (c) 2010-2013 Vifib SARL and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
from setuptools import setup, find_packages
import glob
import os
version = '0.70.1-dev'
version = '0.71.2-dev'
name = 'slapos.cookbook'
long_description = open("README.txt").read() + "\n" + \
open("CHANGES.txt").read() + "\n"
......@@ -111,8 +137,8 @@ setup(name=name,
'onetimeupload = slapos.recipe.onetimeupload:Recipe',
'pbs = slapos.recipe.pbs:Recipe',
'postgres = slapos.recipe.postgres:Recipe',
'postgres.export = slapos.recipe.postgres:ExportRecipe',
'postgres.import = slapos.recipe.postgres:ImportRecipe',
'postgres.export = slapos.recipe.postgres.backup:ExportRecipe',
'postgres.import = slapos.recipe.postgres.backup:ImportRecipe',
'proactive = slapos.recipe.proactive:Recipe',
'publish = slapos.recipe.publish:Recipe',
'publishurl = slapos.recipe.publishurl:Recipe',
......
......@@ -25,65 +25,42 @@
#
#############################################################################
import os
import sys
import zc.buildout
import slapos.slap
from slapos.recipe.librecipe import BaseSlapRecipe
from slapos.recipe.librecipe import GenericSlapRecipe
import json
import ConfigParser
from slapos.recipe.librecipe import GenericBaseRecipe
import sys
# XXX: BaseSlapRecipe and GenericSlapRecipe are deprecated, use
# GenericBaseRecipe and move partition parameter fetching to software release.
class Recipe(BaseSlapRecipe, GenericSlapRecipe):
class Recipe(GenericBaseRecipe):
def install(self):
self.path_list = []
crond = self.installCrond()
path_list = []
configuration_path = self.options["config"]
header = """[DEFAULT]
master_url = %s
key = %s
slap = slapos.slap.slap()
slap.initializeConnection(self.server_url, self.key_file, self.cert_file)
parameter_dict = slap.registerComputerPartition(
self.computer_id,
self.computer_partition_id,
).getInstanceParameterDict()
cert = %s
max_install_duration = %s
max_uninstall_duration = %s
max_request_duration = %s
max_destroy_duration = %s
""" % (self.options["master-url"],
"\n ".join(self.options["key"].split("\n")),
"\n ".join(self.options["cert"].split("\n")),
self.options["default_max_install_duration"],
self.options["default_max_uninstall_duration"],
self.options["default_max_request_duration"],
self.options["default_max_destroy_duration"])
# XXX: should probably expect one more (SR-originating) parameter instead
# of using self.work_directory .
configuration_path = os.path.join(self.work_directory, "agent.cfg")
with open(configuration_path, "w") as configuration:
configuration.write(parameter_dict["configuration"])
agent_crond_path = os.path.join(crond, "agent")
with open(agent_crond_path, "w") as agent_crond:
agent_crond.write("*/5 * * * * %s -S %s --pidfile=%s --log=%s "
"%s 2>&1 > /dev/null\n" % (
self.options["python_binary"],
self.options["agent_binary"],
self.options["pidfile"],
self.options["log"],
configuration_path,
))
configuration.write(header + self.options["configuration"])
path_list.append(self.createPythonScript(
self.options['wrapper'],
'slapos.recipe.librecipe.execute.execute',
[self.options["agent_binary"], '--pidfile=%s' % self.options["pidfile"],
"--log=%s" % self.options["log"], configuration_path]))
return self.path_list + [configuration_path, agent_crond_path]
path_list.append(configuration_path)
def installCrond(self):
_, ws = self.egg.working_set()
timestamps = self.createDataDirectory('cronstamps')
cron_output = os.path.join(self.log_directory, 'cron-output')
self._createDirectory(cron_output)
catcher = zc.buildout.easy_install.scripts([('catchcron',
__name__ + '.catdatefile', 'catdatefile')], ws, sys.executable,
self.bin_directory, arguments=[cron_output])[0]
self.path_list.append(catcher)
cron_d = os.path.join(self.etc_directory, 'cron.d')
crontabs = os.path.join(self.etc_directory, 'crontabs')
self._createDirectory(cron_d)
self._createDirectory(crontabs)
wrapper = zc.buildout.easy_install.scripts([('crond',
'slapos.recipe.librecipe.execute', 'execute')], ws, sys.executable,
self.wrapper_directory, arguments=[
self.options['dcrond_binary'].strip(), '-s', cron_d, '-c', crontabs,
'-t', timestamps, '-f', '-l', '5', '-M', catcher]
)[0]
self.path_list.append(wrapper)
return cron_d
return path_list
......@@ -28,6 +28,7 @@ from slapos.recipe.librecipe import BaseSlapRecipe
import os
import pkg_resources
import hashlib
import operator
import sys
import zc.buildout
import zc.recipe.egg
......@@ -43,6 +44,9 @@ class Recipe(BaseSlapRecipe):
'template/%s' % template_name)
def _install(self):
# Define directory not defined in deprecated lib
self.service_directory = os.path.join(self.etc_directory, 'service')
# Check for mandatory arguments
frontend_domain_name = self.parameter_dict.get("domain")
if frontend_domain_name is None:
......@@ -69,9 +73,17 @@ class Recipe(BaseSlapRecipe):
rewrite_rule_list = []
rewrite_rule_zope_list = []
rewrite_rule_zope_path_list = []
slave_dict = {}
service_dict = {}
# Sort slave instance by reference to avoid most security issues
slave_instance_list = sorted(slave_instance_list,
key=operator.itemgetter('slave_reference'))
# dict of used domains, only used to track duplicates
domain_dict = {}
for slave_instance in slave_instance_list:
backend_url = slave_instance.get("url", None)
reference = slave_instance.get("slave_reference")
......@@ -97,6 +109,12 @@ class Recipe(BaseSlapRecipe):
domain = "%s.%s" % (reference.replace("-", "").lower(),
frontend_domain_name)
if domain_dict.get(domain):
# This domain already has been processed, skip this new one
continue
else:
domain_dict[domain] = True
# Define the URL where the instance will be available
# WARNING: we use default ports (443, 80) here.
slave_dict[reference] = "%s%s/" % (scheme, domain)
......@@ -118,6 +136,9 @@ class Recipe(BaseSlapRecipe):
# RewriteMap for Zope Virtual Host Monster websites.
if slave_instance.get("type", "").lower() in ['zope']:
rewrite_rule_zope_list.append(rewrite_rule)
# For Zope, we have another dict containing the path e.g '/erp5/...
rewrite_rule_path = "%s %s" % (domain, slave_instance.get('path', ''))
rewrite_rule_zope_path_list.append(rewrite_rule_path)
else:
rewrite_rule_list.append(rewrite_rule)
......@@ -152,6 +173,7 @@ class Recipe(BaseSlapRecipe):
name=frontend_domain_name,
rewrite_rule_list=rewrite_rule_list,
rewrite_rule_zope_list=rewrite_rule_zope_list,
rewrite_rule_zope_path_list=rewrite_rule_zope_path_list,
key=key, certificate=certificate)
# Send connection informations about each slave
......@@ -160,9 +182,12 @@ class Recipe(BaseSlapRecipe):
"instance: %s" % reference)
try:
connection_dict = {
'frontend_ipv6_address': self.getGlobalIPv6Address(),
'frontend_ipv4_address': self.getLocalIPv4Address(),
'site_url': url
# Send the public IPs (if possible) so that user knows what IP
# to bind to its domain name
'frontend_ipv6_address': self.getGlobalIPv6Address(),
'frontend_ipv4_address': self.parameter_dict.get("public-ipv4",
self.getLocalIPv4Address()),
'site_url': url,
}
self.setConnectionDict(connection_dict, reference)
except:
......@@ -289,7 +314,7 @@ class Recipe(BaseSlapRecipe):
self._createDirectory(crontabs)
wrapper = zc.buildout.easy_install.scripts([('crond',
'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
self.wrapper_directory, arguments=[
self.service_directory, arguments=[
self.options['dcrond_binary'].strip(), '-s', cron_d, '-c', crontabs,
'-t', timestamps, '-f', '-l', '5', '-M', catcher]
)[0]
......@@ -346,10 +371,13 @@ class Recipe(BaseSlapRecipe):
)
self._writeFile(openssl_configuration, pkg_resources.resource_string(
__name__, 'template/openssl.cnf.ca.in') % config)
# XXX-Cedric: Don't use this, but use slapos.recipe.certificate_authority
# from the instance profile.
self.path_list.extend(zc.buildout.easy_install.scripts([
('certificate_authority', __name__ + '.certificate_authority',
'runCertificateAuthority')],
self.ws, sys.executable, self.wrapper_directory, arguments=[dict(
self.ws, sys.executable, self.service_directory, arguments=[dict(
openssl_configuration=openssl_configuration,
openssl_binary=self.options['openssl_binary'],
certificate=os.path.join(self.ca_dir, 'cacert.pem'),
......@@ -382,6 +410,8 @@ class Recipe(BaseSlapRecipe):
name + '.lock')
apache_conf['document_root'] = os.path.join(self.data_root_directory,
'htdocs')
apache_conf['instance_home'] = os.path.join(self.work_directory)
apache_conf['httpd_home'] = self.options['httpd_home']
apache_conf['ip_list'] = ip_list
apache_conf['port'] = port
apache_conf['server_admin'] = 'admin@'
......@@ -419,10 +449,11 @@ class Recipe(BaseSlapRecipe):
"-f", config_file,
"-a", varnish_config["port"], "-T", varnish_config["control_port"],
"-s", varnish_config["storage"]]
environment = dict(PATH=self.options["binutils_directory"])
environment = dict(PATH="%s:%s" % (self.options["binutils_directory"],
os.environ.get('PATH')))
wrapper = zc.buildout.easy_install.scripts([(name,
'slapos.recipe.librecipe.execute', 'executee')], self.ws,
sys.executable, self.wrapper_directory, arguments=[varnish_argument_list,
sys.executable, self.service_directory, arguments=[varnish_argument_list,
environment])[0]
self.path_list.append(wrapper)
......@@ -461,7 +492,7 @@ class Recipe(BaseSlapRecipe):
stunnel_conf))
wrapper = zc.buildout.easy_install.scripts([('stunnel',
'slapos.recipe.librecipe.execute', 'execute_wait')], self.ws,
sys.executable, self.wrapper_directory, arguments=[
sys.executable, self.service_directory, arguments=[
[self.options['stunnel_binary'].strip(), stunnel_conf_path],
[certificate, key]]
)[0]
......@@ -470,8 +501,17 @@ class Recipe(BaseSlapRecipe):
def installFrontendApache(self, ip_list, key, certificate, name,
port=4443, plain_http_port=8080,
rewrite_rule_list=[], rewrite_rule_zope_list=[],
rewrite_rule_list=None,
rewrite_rule_zope_list=None,
rewrite_rule_zope_path_list=None,
access_control_string=None):
if rewrite_rule_list is None:
rewrite_rule_list = []
if rewrite_rule_zope_list is None:
rewrite_rule_zope_list = []
if rewrite_rule_zope_path_list is None:
rewrite_rule_zope_path_list = []
# Create htdocs, populate it with default 404 document
htdocs_location = os.path.join(self.data_root_directory, 'htdocs')
self._createDirectory(htdocs_location)
......@@ -488,16 +528,21 @@ class Recipe(BaseSlapRecipe):
self._createDirectory(cache_directory_location)
self._createDirectory(mod_ssl_cache_location)
# Create "custom" apache configuration file if it does not exist.
# Note : This file won't be erased or changed when slapgrid is ran.
# Create "custom" apache configuration files if it does not exist.
# Note : Those files won't be erased or changed when slapgrid is ran.
# It can be freely customized by node admin.
custom_apache_configuration_directory = os.path.join(
self.data_root_directory, 'apache-conf.d')
self._createDirectory(custom_apache_configuration_directory)
# First one is included in the end of the apache configuration file
custom_apache_configuration_file_location = os.path.join(
custom_apache_configuration_directory, 'apache_frontend.custom.conf')
f = open(custom_apache_configuration_file_location, 'a')
f.close()
open(custom_apache_configuration_file_location, 'a')
# Second one is included in the virtualhost of apache configuration file
custom_apache_virtual_configuration_file_location = os.path.join(
custom_apache_configuration_directory,
'apache_frontend.virtualhost.custom.conf')
open(custom_apache_virtual_configuration_file_location, 'a')
# Create backup of custom apache configuration
backup_path = self.createBackupDirectory('custom_apache_conf_backup')
......@@ -512,9 +557,14 @@ class Recipe(BaseSlapRecipe):
# Create configuration file and rewritemaps
apachemap_name = "apachemap.txt"
apachemapzope_name = "apachemapzope.txt"
apachemapzopepath_name = "apachemapzopepath.txt"
self.createConfigurationFile(apachemap_name, "\n".join(rewrite_rule_list))
self.createConfigurationFile(apachemapzope_name,
"\n".join(rewrite_rule_zope_list))
self.createConfigurationFile(apachemapzopepath_name,
"\n".join(rewrite_rule_zope_path_list))
apache_conf = self._getApacheConfigurationDict(name, ip_list, port)
apache_conf['ssl_snippet'] = self.substituteTemplate(
self.getTemplateFilename('apache.ssl-snippet.conf.in'),
......@@ -532,16 +582,22 @@ class Recipe(BaseSlapRecipe):
path = self.substituteTemplate(
self.getTemplateFilename('apache.conf.path-protected.in'),
dict(path='/', access_control_string='none'))
dict(path='/',
access_control_string='none',
document_root=apache_conf['document_root'],
)
)
apache_conf.update(**dict(
path_enable=path,
apachemap_path=os.path.join(self.etc_directory, apachemap_name),
apachemapzope_path=os.path.join(self.etc_directory, apachemapzope_name),
apachemapzopepath_path=os.path.join(self.etc_directory, apachemapzopepath_name),
apache_domain=name,
https_port=port,
plain_http_port=plain_http_port,
custom_apache_conf=custom_apache_configuration_file_location,
custom_apache_virtualhost_conf=custom_apache_virtual_configuration_file_location,
))
apache_conf_string = self.substituteTemplate(
......@@ -553,7 +609,7 @@ class Recipe(BaseSlapRecipe):
self.path_list.extend(zc.buildout.easy_install.scripts([(
'frontend_apache', 'slapos.recipe.erp5.apache', 'runApache')], self.ws,
sys.executable, self.wrapper_directory, arguments=[
sys.executable, self.service_directory, arguments=[
dict(
required_path_list=[key, certificate],
binary=self.options['httpd_binary'],
......
......@@ -5,12 +5,13 @@
PidFile "%(pid_file)s"
ServerName %(server_name)s
DocumentRoot %(document_root)s
ServerRoot %(instance_home)s
%(listen)s
ServerAdmin %(server_admin)s
DefaultType text/plain
TypesConfig conf/mime.types
TypesConfig %(httpd_home)s/conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
......@@ -22,8 +23,8 @@ ServerTokens Prod
# Log configuration
ErrorLog "%(error_log)s"
LogLevel warn
LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\"" combined
LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b" common
LogFormat "%%h %%{REMOTE_USER}i %%{Host}i %%l %%u %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\"" combined
LogFormat "%%h %%{REMOTE_USER}i %%{Host}i %%l %%u %%t \"%%r\" %%>s %%b" common
CustomLog "%(access_log)s" common
%(path_enable)s
......@@ -32,23 +33,23 @@ CustomLog "%(access_log)s" common
#LoadModule unixd_module modules/mod_unixd.so
#LoadModule access_compat_module modules/mod_access_compat.so
#LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule headers_module modules/mod_headers.so
LoadModule cache_module modules/mod_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule antiloris_module modules/mod_antiloris.so
LoadModule authz_host_module %(httpd_home)s/modules/mod_authz_host.so
LoadModule log_config_module %(httpd_home)s/modules/mod_log_config.so
LoadModule deflate_module %(httpd_home)s/modules/mod_deflate.so
LoadModule setenvif_module %(httpd_home)s/modules/mod_setenvif.so
LoadModule version_module %(httpd_home)s/modules/mod_version.so
LoadModule proxy_module %(httpd_home)s/modules/mod_proxy.so
LoadModule proxy_http_module %(httpd_home)s/modules/mod_proxy_http.so
LoadModule ssl_module %(httpd_home)s/modules/mod_ssl.so
LoadModule mime_module %(httpd_home)s/modules/mod_mime.so
LoadModule dav_module %(httpd_home)s/modules/mod_dav.so
LoadModule dav_fs_module %(httpd_home)s/modules/mod_dav_fs.so
LoadModule negotiation_module %(httpd_home)s/modules/mod_negotiation.so
LoadModule rewrite_module %(httpd_home)s/modules/mod_rewrite.so
LoadModule headers_module %(httpd_home)s/modules/mod_headers.so
LoadModule cache_module %(httpd_home)s/modules/mod_cache.so
LoadModule mem_cache_module %(httpd_home)s/modules/mod_mem_cache.so
LoadModule antiloris_module %(httpd_home)s/modules/mod_antiloris.so
# The following directives modify normal HTTP response behavior to
# handle known problems with browser implementations.
......@@ -99,17 +100,28 @@ Header append Vary User-Agent
ProxyTimeout 600
RewriteEngine On
# Define the two rewritemaps : one for zope, one generic
# Include configuration file not operated by slapos. This file won't be erased
# or changed when slapgrid is ran. It can be freely customized by node admin.
Include %(custom_apache_virtualhost_conf)s
# Define the two RewriteMaps (key -> value store): one for Zope, one generic
# containing: rewritten URL -> original URL (a.k.a VirtualHostBase in Zope)
RewriteMap apachemapzope txt:%(apachemapzope_path)s
RewriteMap apachemapgeneric txt:%(apachemap_path)s
# Define another RewriteMap for Zope, containing:
# rewritten URL -> VirtualHostRoot
RewriteMap apachemapzopepath txt:%(apachemapzopepath_path)s
# First, we check if we have a zope backend server
# If so, let's use Virtual Host Daemon rewrite
RewriteCond ${apachemapzope:%%{SERVER_NAME}} >""
RewriteRule ^/(.*)$ ${apachemapzope:%%{SERVER_NAME}}/VirtualHostBase/https/%%{SERVER_NAME}:%%{SERVER_PORT}/VirtualHostRoot/$1 [L,P]
# We suppose that Apache listens to 443 (even indirectly thanks to things like iptables)
RewriteRule ^/(.*)$ ${apachemapzope:%%{SERVER_NAME}}/VirtualHostBase/https/%%{SERVER_NAME}:443/${apachemapzopepath:%%{SERVER_NAME}}/VirtualHostRoot/$1 [L,P]
# If we have generic backend server, let's rewrite without virtual host daemon
RewriteCond ${apachemapgeneric:%%{SERVER_NAME}} >""
# We suppose that Apache listens to 443 (even indirectly thanks to things like iptables)
RewriteRule ^/(.*)$ ${apachemapgeneric:%%{SERVER_NAME}}/$1 [L,P]
# If nothing exist : put a nice error
......@@ -120,6 +132,10 @@ Header append Vary User-Agent
RewriteEngine On
ProxyPreserveHost On
# Include configuration file not operated by slapos. This file won't be erased
# or changed when slapgrid is ran. It can be freely customized by node admin.
Include %(custom_apache_virtualhost_conf)s
# We accept generic (i.e not lamp) backends on http
RewriteMap apachemapgeneric txt:%(apachemap_path)s
RewriteCond ${apachemapgeneric:%%{SERVER_NAME}} >""
......
# Path protected
<Location %(path)s>
<Directory %(path)s>
Order Deny,Allow
Allow from %(access_control_string)s
</Location>
</Directory>
<Directory %(document_root)s>
Order Allow,Deny
Allow from All
</Directory>
......@@ -24,13 +24,17 @@
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
import shutil
import os
import signal
import subprocess
from binascii import b2a_uu as uuencode
from slapos.recipe.librecipe import GenericBaseRecipe
class Recipe(GenericBaseRecipe):
def install(self):
......@@ -66,11 +70,13 @@ class Recipe(GenericBaseRecipe):
)
path_list.append(httpd_conf)
wrapper = self.createPythonScript(self.options['wrapper'],
'slapos.recipe.librecipe.execute.execute',
[self.options['httpd-binary'], '-f', self.options['httpd-conf'],
'-DFOREGROUND']
)
wrapper = self.createWrapper(name=self.options['wrapper'],
command=self.options['httpd-binary'],
parameters=[
'-f',
self.options['httpd-conf'],
'-DFOREGROUND'
])
path_list.append(wrapper)
secret_key_filename = os.path.join(self.buildout['buildout']['directory'],
......@@ -110,12 +116,16 @@ class Recipe(GenericBaseRecipe):
self.substituteTemplate(self.options['template'], application_conf))
path_list.append(config)
if os.path.exists(self.options['pid-file']):
# Reload apache configuration
with open(self.options['pid-file']) as pid_file:
pid = int(pid_file.read().strip(), 10)
try:
os.kill(pid, signal.SIGUSR1) # Graceful restart
except OSError:
pass
# Reload apache configuration.
# notez-bien: a graceful restart or a SIGUSR1 can somehow hang the apache threads.
subprocess.call([
self.options['httpd-binary'],
'-f',
self.options['httpd-conf'],
'-k',
'graceful'
])
return path_list
......@@ -24,8 +24,7 @@
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
import os
import signal
import subprocess
from slapos.recipe.librecipe import GenericBaseRecipe
......@@ -50,17 +49,23 @@ class Recipe(GenericBaseRecipe):
)
path_list.append(httpd_conf)
wrapper = self.createPythonScript(self.options['wrapper'],
'slapos.recipe.librecipe.execute.execute',
[self.options['httpd-binary'], '-f', self.options['httpd-conf'],
'-DFOREGROUND']
)
wrapper = self.createWrapper(name=self.options['wrapper'],
command=self.options['httpd-binary'],
parameters=[
'-f',
self.options['httpd-conf'],
'-DFOREGROUND',
])
path_list.append(wrapper)
if os.path.exists(self.options['pid-file']):
# Reload apache configuration
with open(self.options['pid-file']) as pid_file:
pid = int(pid_file.read().strip(), 10)
os.kill(pid, signal.SIGUSR1) # Graceful restart
subprocess.call([
self.options['httpd-binary'],
'-f',
self.options['httpd-conf'],
'-k',
'graceful',
])
return path_list
# vim: set et sts=2:
##############################################################################
#
# Copyright (c) 2011 Vifib SARL and Contributors. All Rights Reserved.
......
......@@ -7,15 +7,10 @@ import sys
hostname = "%(hostname)s"
port = %(port)s
connection_okay = False
try:
s = socket.create_connection((hostname, port))
connection_okay = True
s.close()
except (socket.error, socket.timeout):
connection_okay = False
if not connection_okay:
print >> sys.stderr, "%(port)s on %(hostname)s isn't listening"
sys.stderr.write("%(port)s on %(hostname)s isn't listening\n")
sys.exit(127)