Merge branch 'erp5-component' into erp5

CHANGES.txt

 Changes
 =======
 
+0.84.1 (2013-10-03)
+-------------------
+
+ * Resiliency: PBS: promise should NOT bang. [64886cd]
+
+0.84 (2013-09-30)
+-----------------
+
+ * Request.py: improve instance-state handling. [ba5f160]
+ * Resilient recipe: remove hashing of urls/names. [ee2aec8]
+ * Resilient pbs recipe: recover from rdiff-backup failures. [be7f2fc, 92ee0c3]
+ * Resilience: add pidfiles in PBS. [0b3ad5c]
+ * Resilient: don't hide exception, print it. [05b3d64, d2b0494]
+ * Resiliency: Only keep 10 increments of backup. [4e89e33]
+ * KVM SR: add fallback in case of download exception. [de8d796]
+ * slaprunner: don't check certificate for importer. [53dc772]
+
 0.83.1 (2013-09-10)
 ------------------
 

component/groonga/buildout.cfg

@@ -11,9 +11,9 @@ extends =
 
 [groonga]
 recipe = slapos.recipe.cmmi
-version = 3.0.5
+version = 3.0.8
 url = http://packages.groonga.org/source/groonga/groonga-${:version}.tar.gz
-md5sum = 2894bbdd2275cb3c62aea14446dc2561
+md5sum = cb32e16126d80ea22604eba4bfb07c9f
 configure-options =
   --disable-static
   --disable-glibtest

component/mariadb/buildout.cfg

@@ -62,8 +62,8 @@ environment =
 # mroonga - a storage engine for MySQL. It provides fast fulltext search feature to all MySQL users.
 # http://mroonga.github.com/
 recipe = slapos.recipe.cmmi
-url = http://packages.groonga.org/source/mroonga/mroonga-3.05.tar.gz
-md5sum = ba4cbd79274d832b9343a0b2fe7d0787
+url = http://packages.groonga.org/source/mroonga/mroonga-3.08.tar.gz
+md5sum = 7658b94965ae951949b472763d6c8d5a
 configure-options =
   --with-mysql-source=${mariadb:location}__compile__/mariadb-${mariadb:version}
   --with-mysql-config=${mariadb:location}/bin/mysql_config

component/slapos/buildout.cfg

@@ -17,6 +17,7 @@ extends =
   ../pkgconfig/buildout.cfg
   ../popt/buildout.cfg
   ../python-2.7/buildout.cfg
+  ../python-openssl/buildout.cfg
   ../readline/buildout.cfg
   ../sqlite3/buildout.cfg
   ../swig/buildout.cfg
@@ -90,10 +91,14 @@ output = ${buildout:directory}/environment.sh
 [lxml-python]
 python = python2.7
 
+[python-openssl]
+python = python2.7
+
 [slapos]
 recipe = z3c.recipe.scripts
 python = python2.7
 eggs =
+  ${python-openssl:egg}
   slapos.libnetworkcache
   zc.buildout
   ${lxml-python:egg}
@@ -131,46 +136,64 @@ scripts = py
 
 [versions]
 # Use our own buildout version
-zc.buildout = 1.6.0-dev-SlapOS-010
+zc.buildout = 1.6.0-dev-SlapOS-012
 
 # Force to use zc.recipe.egg 1.x
 zc.recipe.egg = 1.3.2
 
 # Use own version of h.r.download to be able to open archives not supported by python2.x: .xz
-hexagonit.recipe.download = 1.6nxd002
+hexagonit.recipe.download = 1.7nxd002
 
-Jinja2 = 2.7
+Jinja2 = 2.7.1
 MarkupSafe = 0.18
-Werkzeug = 0.8.3
+Pygments = 1.6
+Werkzeug = 0.9.4
 buildout-versions = 1.7
+cmd2 = 0.6.7
 collective.recipe.template = 1.10
-lxml = 3.1.2
+itsdangerous = 0.23
+lxml = 3.2.3
 meld3 = 0.6.10
 netaddr = 0.7.10
+prettytable = 0.7.2
+pyOpenSSL = 0.13.1
+pyparsing = 2.0.1
+setuptools = 1.1.6
+slapos.core = 1.0.0rc6
 slapos.libnetworkcache = 0.13.4
+slapos.recipe.cmmi = 0.1.1
 xml-marshaller = 0.9.7
 z3c.recipe.scripts = 1.0.1
 
 # Required by:
-# slapos.core==0.35.2-dev
-Flask = 0.9
+# slapos.core==1.0.0rc6
+Flask = 0.10.1
 
 # Required by:
-# slapos.core==0.35.2-dev
+# slapos.core==1.0.0rc6
+bpython = 0.12
+
+# Required by:
+# slapos.core==1.0.0rc6
+cliff = 1.4.5
+
+# Required by:
+# slapos.core==1.0.0rc6
+ipython = 1.1.0
+
+# Required by:
+# slapos.core==1.0.0rc6
 netifaces = 0.8
 
 # Required by:
-# slapos.core==0.35.2-dev
-# slapos.libnetworkcache==0.13.3
-# supervisor==3.0b1
-# zc.buildout==1.6.0-dev-SlapOS-010
-# zope.interface==4.0.5
-setuptools = 0.6c12dev-r88846
+# slapos.core==1.0.0rc6
+requests = 2.0.0
 
 # Required by:
-# slapos.core==0.35.2-dev
-supervisor = 3.0b2
+# slapos.core==1.0.0rc6
+supervisor = 3.0
 
 # Required by:
-# slapos.core==0.35.2-dev
+# slapos.core==1.0.0rc6
 zope.interface = 4.0.5
+

component/slapos/testing.cfg

+# This file is used to install testing, not-stable-yet, version of SlapOS Node
+[buildout]
+extends =
+  buildout.cfg
+
+# Add hosting location of testing version of slapos.core
+find-links +=
+  http://www.nexedi.org/static/packages/source/slapos.core-testing/
+
+[versions]
+slapos.core =

component/sqlite3/buildout.cfg

@@ -5,8 +5,8 @@ parts =
 
 [sqlite3]
 recipe = slapos.recipe.cmmi
-url = http://www.sqlite.org/2013/sqlite-autoconf-3071700.tar.gz
-md5sum = 18c285053e9562b848209cb0ee16d4ab
+url = http://www.sqlite.org/2013/sqlite-autoconf-3080002.tar.gz
+md5sum = 6d6cc639a4da04fbbdda7b1a1a01b386
 configure-options =
   --disable-static
   --enable-readline

setup.py

@@ -28,7 +28,7 @@ from setuptools import setup, find_packages
 import glob
 import os
 
-version = '0.83.1'
+version = '0.84.1'
 name = 'slapos.cookbook'
 long_description = open("README.txt").read() + "\n" + \
     open("CHANGES.txt").read() + "\n"

slapos/recipe/addresiliency/takeover.py

 # -*- coding: utf-8 -*-
 import logging
 import time
+import traceback
 
 import slapos
 from slapos.slap.slap import NotFoundError
@@ -65,6 +66,7 @@ def takeover(server_url, key_file, cert_file, computer_guid,
       cp_winner.rename(new_name=cp_exporter_ref)
       break
     except NotFoundError:
+      traceback.print_exc()
       log.warning('Impossible to rename. Retrying in a few seconds...')
   log.debug('Renamed.')
 

slapos/recipe/kvm/template/kvm_run.in

@@ -60,7 +60,11 @@ def getSocketStatus(host, port):
 # Download existing hard drive if needed at first boot
 if not os.path.exists(disk_path) and virtual_hard_drive_url != '':
   print('Downloading virtual hard drive...')
-  urllib.urlretrieve(virtual_hard_drive_url, disk_path)
+  try:
+    urllib.urlretrieve(virtual_hard_drive_url, disk_path)
+  except:
+    os.remove(disk_path)
+    raise
   md5sum = virtual_hard_drive_md5sum.strip()
   if md5sum:
     print('Checking MD5 checksum...')

slapos/recipe/notifier.py

@@ -50,6 +50,9 @@ class Recipe(GenericBaseRecipe):
 class Callback(GenericBaseRecipe):
 
   def createCallback(self, notification_id, callback):
+    # XXX: hashing the name here and in
+    # slapos.toolbox/slapos/pubsub/__init__.py is completely messed up and
+    # prevent any debug.
     callback_id = sha512(notification_id).hexdigest()
 
     filepath = os.path.join(self.options['callbacks'], callback_id)

slapos/recipe/request.py

@@ -119,8 +119,11 @@ class Recipe(object):
     ))
     slave = options.get('slave', 'false').lower() in \
       librecipe.GenericBaseRecipe.TRUE_VALUES
+
     # By default XXXX Way of doing it is ugly and dangerous
     requested_state = options.get('state', buildout['slap-connection'].get('requested','started'))
+    options['requested-state'] = requested_state
+
     slap = slapmodule.slap()
     slap.initializeConnection(
       options['server-url'],
@@ -134,6 +137,7 @@ class Recipe(object):
     self._raise_request_exception = None
     self._raise_request_exception_formatted = None
     self.instance = None
+
     # Try to do the request and fetch parameter dict...
     try:
       self.instance = request(software_url, software_type,
@@ -141,14 +145,17 @@ class Recipe(object):
           filter_kw=filter_kw, shared=slave, state=requested_state)
       return_parameter_dict = self._getReturnParameterDict(self.instance,
           return_parameters)
+      # Fetch the instance-guid and the instance-state
+      # Note: SlapOS Master does not support it for slave instances
       if not slave:
         try:
           options['instance-guid'] = self.instance.getInstanceGuid()
           # XXX: deprecated, to be removed
           options['instance_guid'] = self.instance.getInstanceGuid()
+          options['instance-state'] = self.instance.getState()
         except (slapmodule.ResourceNotReady, AttributeError):
           # Backward compatibility. Old SlapOS master and core don't know this.
-          self.logger.warning("Impossible to fetch instance GUID.")
+          self.logger.warning("Impossible to fetch instance GUID nor state.")
     except (slapmodule.NotFoundError, slapmodule.ServerError, slapmodule.ResourceNotReady) as exc:
       self._raise_request_exception = exc
       self._raise_request_exception_formatted = traceback.format_exc()
@@ -162,13 +169,6 @@ class Recipe(object):
       except KeyError:
         if self.failed is None:
           self.failed = param
-    options['requested-state'] = requested_state
-    try:
-      options['instance-state'] = self.instance.getState()
-    except slapmodule.ResourceNotReady:
-       # Odd case: SlapOS Master doesn't send the state of a slave partition.
-       # XXX Should be fixed in the SlapOS Master, we should not care here.
-       pass
 
   def _filterForStorage(self, partition_parameter_kw):
     return partition_parameter_kw

slapos/recipe/slaprunner/backup.py

@@ -124,8 +124,8 @@ class ImportRecipe(GenericBaseRecipe):
                 ifs=$IFS IFS=';'
                 read user pass remaining < %(etc-directory)s/.users
                 IFS=$ifs
-                %(curl-binary)s -vg6L -F clogin="$user" -F cpwd="$pass" --dump-header login_cookie  %(backend-url)s/doLogin;
-                %(curl-binary)s -vg6LX POST --cookie login_cookie --max-time 5  %(backend-url)s/runSoftwareProfile;
+                %(curl-binary)s --insecure -vg6L -F clogin="$user" -F cpwd="$pass" --dump-header login_cookie  %(backend-url)s/doLogin;
+                %(curl-binary)s --insecure -vg6LX POST --cookie login_cookie --max-time 5  %(backend-url)s/runSoftwareProfile;
                 rm -f login_cookie
                 """ % self.options)
         self.createExecutable(wrapper, content=content)

slapos/recipe/sshkeys_authority.py

@@ -113,11 +113,11 @@ class Request(GenericBaseRecipe):
       hashlib.sha256(options['name']).hexdigest())
     self.public_key = self.private_key + '.pub'
 
+    options['public-key-value'] = ''
     if os.path.exists(self.public_key):
-      with open(self.public_key) as key:
-        options['public-key-value'] = key.read()
-    else:
-      options['public-key-value'] = ''
+      key_content = open(self.public_key).read()
+      if key_content:
+        options['public-key-value'] = key_content
 
   def install(self):
     requests_directory = self.options['request-directory']

software/kvm/README.txt

@@ -16,7 +16,7 @@ The following examples list how to request different possible instances of KVM
 Software Release from slap console or command line.
 
 KVM instance (1GB of RAM, 10GB of SSD, one core)
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 Note that the KVM instance will try to request a frontend slave instance in order
 to be accessible from IPv4.
@@ -32,22 +32,51 @@ to be accessible from IPv4.
 
 See the instance-kvm-input-schema.json file for more instance parameters (cpu-count, ram-size, disk-size, etc).
 
-NBD instance
+
+KVM instance (1GB of RAM, 10GB of SSD, one core)
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-This type of instance will allow to host a disk image that will be used by
-any KVM instance.
+Note that the KVM instance will try to request a frontend slave instance in order
+to be accessible from IPv4.
 
 ::
-  mynbd = request(
+  myawesomekvm = request(
       software_release=kvm,
-      partition_reference="mynbd",
-      software_type="nbd",
+      partition_reference="My awesome KVM",
+      partition_parameter_kw={
+          "nbd-host":"ubuntu-1204.nbd.vifib.net",
+      }
   )
 
+See the instance-kvm-input-schema.json file for more instance parameters (cpu-count, ram-size, disk-size, etc).
+
+Resilient KVM instance
+~~~~~~~~~~~~~~~~~~~~~
+
+Like KVM instance, but backed-up (with history) in two places.
+
+::
+  kvm = 'http://git.erp5.org/gitweb/slapos.git/blob_plain/refs/tags/slapos-0.188:/software/kvm/software.cfg'
+  myresilientkvm = request(
+      software_release=kvm,
+      partition_reference="My resilient KVM",
+      software_type="kvm-resilient",
+      partition_parameter_kw={
+          "-sla-0-computer_guid": "COMP-1000", # Location of the main instance (KVM)
+          "-sla-1-computer_guid": "COMP-1001", # Location of the first clone
+          "-sla-2-computer_guid": "COMP-1002", # Location of the second clone
+      }
+  )
+
+See the instance-kvm-input-schema.json AND instance-kvm-resilient-input-schema.json AND /stack/resilient/README.txt
+files for more instance parameters (cpu-count, ram-size, disk-size, specific location of clones, etc).
+
+Then, if you want one of the two clones to takeover, you need to login into
+the hosting machine, go to the partition of the clone, and invoke bin/takeover.
+
 
 KVM Frontend Master Instance (will host all frontend Slave Instances)
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 This type of instance will allow to host any frontend slave instance requested
 by KVM instances. Slave instances (and thus KVM instance) will be accessible

software/kvm/common.cfg

@@ -94,15 +94,17 @@ mode = 0644
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/instance-kvm-resilient.cfg.jinja2
 mode = 644
-md5sum = 6753004b582c0470bd028253ce1964ad
+#md5sum = 6753004b582c0470bd028253ce1964ad
 download-only = true
+on-update = true
 
 [template-kvm-resilient-test]
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/instance-kvm-resilient-test.cfg.jinja2
-md5sum = 027d68d9decbc6aec59365fa723975d7
+#md5sum = 027d68d9decbc6aec59365fa723975d7
 mode = 0644
 download-only = true
+on-update = true
 
 [template-kvm-import]
 recipe = slapos.recipe.template
@@ -115,7 +117,7 @@ mode = 0644
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/template/kvm-import.sh.in
 filename = kvm-import.sh.in
-md5sum = a731372420dc59c0b5ba7bc5f39a14ad
+md5sum = e03ed049cddd8d157228b09e1ebc071a
 download-only = true
 mode = 0755
 

software/kvm/instance-kvm-input-schema.json

@@ -78,7 +78,6 @@
       "description": "MD5 checksum of virtual hard drive, used if virtual-hard-drive-url is specified.",
       "type": "string",
     },
-virtual-hard-drive-md5sum
 
     "use-tap": {
       "title": "Use QEMU TAP network interface",

software/kvm/instance-kvm-resilient-input-schema.json

+{
+  "type": "object",
+  "$schema": "http://json-schema.org/draft-04/schema",
+  "items": {
+      "allOf": [
+          {
+              "$ref": "instance-kvm-input-schema.json"
+          }
+      ],
+  "title": "Input Parameters",
+  "properties": {
+    "-sla-0-computer_guid": {
+      "title": "Target computer for main instance",
+      "description": "Target computer GUID for main instance.",
+      "type": "string"
+    },
+    "-sla-1-computer_guid": {
+      "title": "Target computer for first clone",
+      "description": "Target computer for first clone and PBS.",
+      "type": "string"
+    },
+    "-sla-2-computer_guid": {
+      "title": "Target computer for second clone",
+      "description": "Target computer for second clone and PBS.",
+      "type": "string"
+    },
+    "resiliency-backup-periodicity": {
+      "title": "Periodicity of backup",
+      "description": "Periodicity of backup, in cron format.",
+      "type": "string"
+    }
+  }
+}

software/kvm/instance-kvm-resilient-test.cfg.jinja2

@@ -42,15 +42,19 @@ recipe = slapos.cookbook:request
 software-url = ${slap-connection:software-release-url}
 software-type = kvm-resilient
 name = Resilient KVM (Root Instance)
-config = virtual-hard-drive-url virtual-hard-drive-md5sum resiliency-backup-periodicity
+{% set cluster_parameter_dict = slapparameter_dict.get('cluster', {}) -%}
+config = virtual-hard-drive-url virtual-hard-drive-md5sum resiliency-backup-periodicity {{ cluster_parameter_dict.keys() | join(' ') }}
+{% for key, value in cluster_parameter_dict.items() -%}
+config-{{ key }} = {{ dumps(value) }}
+{% endfor -%}
 config-virtual-hard-drive-url = ${slap-parameter:virtual-hard-drive-url}
 config-virtual-hard-drive-md5sum = ${slap-parameter:virtual-hard-drive-md5sum}
 config-resiliency-backup-periodicity = */5
 # We don't use url parameter, but we want it to be there to make sure root instance is ready.
 return = url
 # XXX What to do?
-#sla = instance_guid
-#sla-instance_guid = ${slap-parameter:frontend-instance-guid}
+sla = computer_guid
+sla-computer_guid = ${slap-connection:computer-id}
 
 [slap-parameter]
 virtual-hard-drive-url = https://softinst43236.host.vifib.net/data/public/8e2138.php?dl=true

software/kvm/instance-kvm-resilient.cfg.jinja2

@@ -13,7 +13,7 @@ parts +=
   {{ parts.replicate("kvm", "3") }}
   publish-connection-informations
 
-{{ replicated.replicate("kvm", "3", "kvm-export", "kvm-import") }}
+{{ replicated.replicate("kvm", "3", "kvm-export", "kvm-import", slapparameter_dict=slapparameter_dict) }}
 
 # Bubble down the parameters of the requested instance to the user
 [request-kvm]

software/kvm/instance.cfg.in

@@ -34,6 +34,7 @@ cert = $${slap-connection:cert-file}
 recipe = slapos.recipe.template:jinja2
 template = ${template-kvm-resilient:location}/instance-kvm-resilient.cfg.jinja2
 rendered = $${buildout:directory}/template-kvm-resilient.cfg
+extensions = jinja2.ext.do
 context =
     key develop_eggs_directory buildout:develop-eggs-directory
     key eggs_directory buildout:eggs-directory

software/kvm/software.cfg

@@ -4,8 +4,13 @@ extends = common.cfg
 [networkcache]
 # signature certificates of the following uploaders.
 #   Romain Courteaud
+#   Sebastien Robin
+#   Kazuhiko Shiozaki
 #   Cedric de Saint Martin
-#   Test Agent
+#   Yingjie Xu
+#   Gabriel Monnerat
+#   Test Agent (Automatic update from tests)
+#   Aurélien Calonne
 signature-certificate-list =
   -----BEGIN CERTIFICATE-----
   MIIB4DCCAUkCADANBgkqhkiG9w0BAQsFADA5MQswCQYDVQQGEwJGUjEZMBcGA1UE
@@ -21,6 +26,32 @@ signature-certificate-list =
   QUUGLQ==
   -----END CERTIFICATE-----
   -----BEGIN CERTIFICATE-----
+  MIIB8jCCAVugAwIBAgIJAPu2zchZ2BxoMA0GCSqGSIb3DQEBBQUAMBIxEDAOBgNV
+  BAMMB3RzeGRldjMwHhcNMTExMDE0MTIxNjIzWhcNMTIxMDEzMTIxNjIzWjASMRAw
+  DgYDVQQDDAd0c3hkZXYzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrPbh+
+  YGmo6mWmhVb1vTqX0BbeU0jCTB8TK3i6ep3tzSw2rkUGSx3niXn9LNTFNcIn3MZN
+  XHqbb4AS2Zxyk/2tr3939qqOrS4YRCtXBwTCuFY6r+a7pZsjiTNddPsEhuj4lEnR
+  L8Ax5mmzoi9nE+hiPSwqjRwWRU1+182rzXmN4QIDAQABo1AwTjAdBgNVHQ4EFgQU
+  /4XXREzqBbBNJvX5gU8tLWxZaeQwHwYDVR0jBBgwFoAU/4XXREzqBbBNJvX5gU8t
+  LWxZaeQwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA07q/rKoE7fAda
+  FED57/SR00OvY9wLlFEF2QJ5OLu+O33YUXDDbGpfUSF9R8l0g9dix1JbWK9nQ6Yd
+  R/KCo6D0sw0ZgeQv1aUXbl/xJ9k4jlTxmWbPeiiPZEqU1W9wN5lkGuLxV4CEGTKU
+  hJA/yXa1wbwIPGvX3tVKdOEWPRXZLg==
+  -----END CERTIFICATE-----
+  -----BEGIN CERTIFICATE-----
+  MIIB7jCCAVegAwIBAgIJAJWA0jQ4o9DGMA0GCSqGSIb3DQEBBQUAMA8xDTALBgNV
+  BAMMBHg2MXMwIBcNMTExMTI0MTAyNDQzWhgPMjExMTEwMzExMDI0NDNaMA8xDTAL
+  BgNVBAMMBHg2MXMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANdJNiFsRlkH
+  vq2kHP2zdxEyzPAWZH3CQ3Myb3F8hERXTIFSUqntPXDKXDb7Y/laqjMXdj+vptKk
+  3Q36J+8VnJbSwjGwmEG6tym9qMSGIPPNw1JXY1R29eF3o4aj21o7DHAkhuNc5Tso
+  67fUSKgvyVnyH4G6ShQUAtghPaAwS0KvAgMBAAGjUDBOMB0GA1UdDgQWBBSjxFUE
+  RfnTvABRLAa34Ytkhz5vPzAfBgNVHSMEGDAWgBSjxFUERfnTvABRLAa34Ytkhz5v
+  PzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAFLDS7zNhlrQYSQO5KIj
+  z2RJe3fj4rLPklo3TmP5KLvendG+LErE2cbKPqnhQ2oVoj6u9tWVwo/g03PMrrnL
+  KrDm39slYD/1KoE5kB4l/p6KVOdeJ4I6xcgu9rnkqqHzDwI4v7e8/D3WZbpiFUsY
+  vaZhjNYKWQf79l6zXfOvphzJ
+  -----END CERTIFICATE-----
+  -----BEGIN CERTIFICATE-----
   MIIB9jCCAV+gAwIBAgIJAO4V/jiMoICoMA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV
   BAMMCENPTVAtMjMyMCAXDTEyMDIxNjExMTAyM1oYDzIxMTIwMTIzMTExMDIzWjAT
   MREwDwYDVQQDDAhDT01QLTIzMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
@@ -34,6 +65,32 @@ signature-certificate-list =
   If1a2ZoqHRxoNo2yTmm7TSYRORWVS+vvfjY=
   -----END CERTIFICATE-----
   -----BEGIN CERTIFICATE-----
+  MIIB9jCCAV+gAwIBAgIJAIlBksrZVkK8MA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV
+  BAMMCENPTVAtMzU3MCAXDTEyMDEyNjEwNTUyOFoYDzIxMTIwMTAyMTA1NTI4WjAT
+  MREwDwYDVQQDDAhDT01QLTM1NzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+  ts+iGUwi44vtIfwXR8DCnLtHV4ydl0YTK2joJflj0/Ws7mz5BYkxIU4fea/6+VF3
+  i11nwBgYgxQyjNztgc9u9O71k1W5tU95yO7U7bFdYd5uxYA9/22fjObaTQoC4Nc9
+  mTu6r/VHyJ1yRsunBZXvnk/XaKp7gGE9vNEyJvPn2bkCAwEAAaNQME4wHQYDVR0O
+  BBYEFKuGIYu8+6aEkTVg62BRYaD11PILMB8GA1UdIwQYMBaAFKuGIYu8+6aEkTVg
+  62BRYaD11PILMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAMoTRpBxK
+  YLEZJbofF7gSrRIcrlUJYXfTfw1QUBOKkGFFDsiJpEg4y5pUk1s5Jq9K3SDzNq/W
+  it1oYjOhuGg3al8OOeKFrU6nvNTF1BAvJCl0tr3POai5yXyN5jlK/zPfypmQYxE+
+  TaqQSGBJPVXYt6lrq/PRD9ciZgKLOwEqK8w=
+  -----END CERTIFICATE-----
+  -----BEGIN CERTIFICATE-----
+  MIIB9jCCAV+gAwIBAgIJAPHoWu90gbsgMA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNV
+  BAMMCXZpZmlibm9kZTAeFw0xMjAzMTkyMzIwNTVaFw0xMzAzMTkyMzIwNTVaMBQx
+  EjAQBgNVBAMMCXZpZmlibm9kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+  ozBijpO8PS5RTeKTzA90vi9ezvv4vVjNaguqT4UwP9+O1+i6yq1Y2W5zZxw/Klbn
+  oudyNzie3/wqs9VfPmcyU9ajFzBv/Tobm3obmOqBN0GSYs5fyGw+O9G3//6ZEhf0
+  NinwdKmrRX+d0P5bHewadZWIvlmOupcnVJmkks852BECAwEAAaNQME4wHQYDVR0O
+  BBYEFF9EtgfZZs8L2ZxBJxSiY6eTsTEwMB8GA1UdIwQYMBaAFF9EtgfZZs8L2ZxB
+  JxSiY6eTsTEwMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAc43YTfc6
+  baSemaMAc/jz8LNLhRE5dLfLOcRSoHda8y0lOrfe4lHT6yP5l8uyWAzLW+g6s3DA
+  Yme/bhX0g51BmI6gjKJo5DoPtiXk/Y9lxwD3p7PWi+RhN+AZQ5rpo8UfwnnN059n
+  yDuimQfvJjBFMVrdn9iP6SfMjxKaGk6gVmI=
+  -----END CERTIFICATE-----
+  -----BEGIN CERTIFICATE-----
   MIIB9jCCAV+gAwIBAgIJAKRvzcy7OH0UMA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV
   BAMMCENPTVAtNzcyMCAXDTEyMDgxMDE1NDI1MVoYDzIxMTIwNzE3MTU0MjUxWjAT
   MREwDwYDVQQDDAhDT01QLTc3MjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
@@ -46,55 +103,73 @@ signature-certificate-list =
   5pW18Ry5Ie7iFK4cQMerZwWPxBodEbAteYlRsI6kePV7Gf735Y1RpuN8qZ2sYL6e
   x2IMeSwJ82BpdEI5niXxB+iT0HxhmR+XaMI=
   -----END CERTIFICATE-----
+  -----BEGIN CERTIFICATE-----
+  MIIB+DCCAWGgAwIBAgIJAKGd0vpks6T/MA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNV
+  BAMMCUNPTVAtMTU4NDAgFw0xMzA2MjAxMjE5MjBaGA8yMTEzMDUyNzEyMTkyMFow
+  FDESMBAGA1UEAwwJQ09NUC0xNTg0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+  gQDZTH9etPUC+wMZQ3UIiOwyyCfHsJ+7duCFYjuo1uZrhtDt/fp8qb8qK9ob+df3
+  EEYgA0IgI2j/9jNUEnKbc5+OrfKznzXjrlrH7zU8lKBVNCLzQuqBKRNajZ+UvO8R
+  nlqK2jZCXP/p3HXDYUTEwIR5W3tVCEn/Vda4upTLcPVE5wIDAQABo1AwTjAdBgNV
+  HQ4EFgQU7KXaNDheQWoy5uOU01tn1M5vNkEwHwYDVR0jBBgwFoAU7KXaNDheQWoy
+  5uOU01tn1M5vNkEwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQASmqCU
+  Znbvu6izdicvjuE3aKnBa7G++Fdp2bdne5VCwVbVLYCQWatB+n4crKqGdnVply/u
+  +uZ16u1DbO9rYoKgWqjLk1GfiLw5v86pd5+wZd5I9QJ0/Sbz2vZk5S4ciMIGwArc
+  m711+GzlW5xe6GyH9SZaGOPAdUbI6JTDwLzEgA==
+  -----END CERTIFICATE-----
 
 [versions]
-Werkzeug = 0.9.3
-apache-libcloud = 0.13.0
+Werkzeug = 0.9.4
+apache-libcloud = 0.13.2
 async = 0.6.1
 buildout-versions = 1.7
+erp5.util = 0.4.36
 gitdb = 0.5.4
-itsdangerous = 0.22
+itsdangerous = 0.23
 lxml = 3.2.3
 meld3 = 0.6.10
 plone.recipe.command = 1.1
+psutil = 1.1.0
 pycrypto = 2.6
 rdiff-backup = 1.0.5
-slapos.cookbook = 0.79
+slapos.cookbook = 0.84.1
 slapos.recipe.cmmi = 0.2
 slapos.recipe.download = 1.0.dev-r4053
-slapos.recipe.template = 2.4.2
-slapos.toolbox = 0.35.0
+slapos.toolbox = 0.37.1
 smmap = 0.8.2
 websockify = 0.5.1
 z3c.recipe.scripts = 1.0.1
 
 # Required by:
 # slapos.core==0.35.1
-# slapos.toolbox==0.35.0
+# slapos.toolbox==0.37.1
 Flask = 0.10.1
 
 # Required by:
-# slapos.toolbox==0.35.0
+# slapos.toolbox==0.37.1
 GitPython = 0.3.2.RC1
 
 # Required by:
-# slapos.toolbox==0.35.0
+# slapos.toolbox==0.37.1
 atomize = 0.1.1
 
 # Required by:
-# slapos.toolbox==0.35.0
+# paramiko==1.12.0
+ecdsa = 0.9
+
+# Required by:
+# slapos.toolbox==0.37.1
 feedparser = 5.1.3
 
 # Required by:
-# slapos.cookbook==0.79
+# slapos.cookbook==0.84.1
 inotifyx = 0.2.0-1
 
 # Required by:
-# slapos.cookbook==0.79
+# slapos.cookbook==0.84.1
 lock-file = 2.0
 
 # Required by:
-# slapos.cookbook==0.79
+# slapos.cookbook==0.84.1
 netaddr = 0.7.10
 
 # Required by:
@@ -105,40 +180,38 @@ netifaces = 0.8-1
 # websockify==0.5.1
 numpy = 1.7.1
 
-# Required by:
-# slapos.toolbox==0.35.0
-paramiko = 1.11.0
 
 # Required by:
-# slapos.toolbox==0.35.0
-psutil = 1.0.1
+# slapos.toolbox==0.37.1
+paramiko = 1.12.0
 
 # Required by:
 # slapos.core==0.35.1
 pyflakes = 0.7.3
 
 # Required by:
-# slapos.cookbook==0.79
-pytz = 2013b
+# slapos.cookbook==0.84.1
+pytz = 2013.7
 
 # Required by:
-# slapos.cookbook==0.79
-# slapos.toolbox==0.35.0
+# slapos.cookbook==0.84.1
+# slapos.toolbox==0.37.1
 slapos.core = 0.35.1
 
 # Required by:
 # slapos.core==0.35.1
-supervisor = 3.0b2
+supervisor = 3.0
 
 # Required by:
 # slapos.core==0.35.1
 unittest2 = 0.5.1
 
 # Required by:
-# slapos.cookbook==0.79
-# slapos.toolbox==0.35.0
+# slapos.cookbook==0.84.1
+# slapos.toolbox==0.37.1
 xml-marshaller = 0.9.7
 
 # Required by:
 # slapos.core==0.35.1
 zope.interface = 4.0.5
+

software/kvm/template/kvm-import.sh.in

@@ -3,5 +3,5 @@ DISK_PATH=${:disk-path}
 BACKUP_PATH=${:backup-disk-path}
 
 # TODO: Use rdiff
-rm $DISK_PATH && \
+rm $DISK_PATH
 cp $BACKUP_PATH $DISK_PATH

software/slaprunner/common.cfg

@@ -94,7 +94,7 @@ mode = 0644
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance-runner-export.cfg.in
 output = ${buildout:directory}/instance-runner-export.cfg
-md5sum = 7e71622c09271790b5cef21c8613b8ac
+md5sum = 9ce3482e64a0c957f7a5f25ad0dc03ae
 mode = 0644
 
 [template-resilient]
@@ -107,7 +107,7 @@ mode = 0644
 [template-resilient-test]
 recipe = slapos.recipe.download
 url = ${:_profile_base_location_}/instance-resilient-test.cfg.jinja2
-#md5sum = 0ee2cea5239278a8c1572d7a04798fdc
+md5sum = ac772d3a1cce4072acfabd563df449bb
 filename = instance-resilient-test.cfg.jinja2
 mode = 0644
 

software/slaprunner/development.cfg

@@ -39,8 +39,7 @@ git-executable = ${git:location}/bin/git
 [erp5.util-repository]
 recipe = slapos.recipe.build:gitclone
 repository = http://git.erp5.org/repos/erp5.git
-#branch = scalability-master2
-revision = f10da882ab5e1dc03a812f3d0e7390dc8da2b59
+branch = scalability-master2
 git-executable = ${git:location}/bin/git
 
 #[slapos.core-repository]

software/slaprunner/instance-resilient-test.cfg.jinja2

@@ -29,7 +29,7 @@ command-line = {{ bin_directory }}/runResiliencyTest ${:testnode-parameters} ${:
 wrapper-path = ${directory:scripts}/runResiliencyTestSuite
 
 [deploy-standalone-resiliency-test]
-# Used to manually run the KVM test if we don't have a running testnode.
+# Used to manually run the resilient test if we don't have a running testnode.
 recipe = slapos.cookbook:wrapper
 test-suite-title = slaprunner
 command-line = {{ bin_directory }}/runStandaloneResiliencyTest --test-suite-title=${:test-suite-title} ${deploy-resiliency-test:test-parameters}
@@ -41,7 +41,11 @@ recipe = slapos.cookbook:request
 software-url = ${slap-connection:software-release-url}
 software-type = resilient
 name = Resilient Instance (Root Instance)
-config = resiliency-backup-periodicity frontend-domain cloud9-frontend-domain
+{% set cluster_parameter_dict = slapparameter_dict.get('cluster', {}) -%}
+config = resiliency-backup-periodicity frontend-domain cloud9-frontend-domain {{ cluster_parameter_dict.keys() | join(' ') }}
+{% for key, value in cluster_parameter_dict.items() -%}
+config-{{ key }} = {{ dumps(value) }}
+{% endfor -%}
 config-resiliency-backup-periodicity = *
 # XXX hardcoded
 config-frontend-domain = google.com

software/slaprunner/instance-runner-export.cfg.in

@@ -22,7 +22,7 @@ parts +=
   symlinks
   node-frontend-promise
   nginx-promise
-  urls
+  publish-connection-informations
   cron-entry-backup
 
 [exporter]
@@ -36,11 +36,5 @@ rsync-binary = ${rsync:location}/bin/rsync
 
 
 # Extends publish section with resilient parameters
-[urls]
+[publish-connection-informations]
 <= resilient-publish-connection-parameter
-backend_url = $${slaprunner:access-url}
-url =  https://$${request-frontend:connection-domain}
-cloud9_backend_url = $${node-frontend:access-url}
-cloud9_url = https://$${request-cloud9-frontend:connection-domain}
-ssh_command = ssh $${dropbear-runner-server:host} -p $${dropbear-runner-server:port}
-password_recovery_code = $${recovery-code:passwd}

stack/resilient/TODO.txt

+* Report, from pbs and from clone, when a backup failed
+* Make sure, when a takeover is done, that "importer" script finishes to run while importer instance is changed into exporter.
+* Test that, after a successful backup/takeover, another backup is possible and will be successful.
+
 * PBSs and mirrors should monitor/replace themselves
 * Report errors from backup
 
 * If a PBS master is down and then back again, it might want to participate in the ongoing election, then.. what happens?
 * If the network is partitioned (the two backups don't see each other, but each can see the slapos master) there will be two concurrent elections taking place, with two winners and two renames.
 
-* How to know that a backup is working? define "check that it works". Does it deploys? But then, how to ensure data integrity? By application?
 * How to ensure "synchronization" between two main instances? example: Wordpress: mysql is down, then replaced, then inconsistency between apache and the new mysql
 * How to deal with big data? I.e how to have working backup/restore system of 1TB data with slow connection?
 * How to be sure that elected importer contains a/ the latest data and b/ has finished to pull. We should prevent importer not having a/ and b/ to become the main.
 
-* How to say "I don't want this instance to be here" + Be able to define "here". Allows to automate deployment of PBS and backup instances
-
 * Should we crypt backed up data?
 
 * If a PBS is lost, a new PBS should be created from another one, in order ot keep history

stack/resilient/buildout.cfg

@@ -30,7 +30,7 @@ parts =
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/pbsready.cfg.in
 output = ${buildout:directory}/pbsready.cfg
-md5sum = 9f4212a79f10bee8f6d75061943110e2
+md5sum = 570e0b54c97d510befa2ea981c1e90e0
 mode = 0644
 
 [pbsready-import]
@@ -39,7 +39,7 @@ mode = 0644
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/pbsready-import.cfg.in
 output = ${buildout:directory}/pbsready-import.cfg
-md5sum = 3c2e73f49abdc52282fc045e6d91f3e9
+md5sum = cc9c776500ccd07cb51969beb68ffcda
 mode = 0644
 
 [pbsready-export]
@@ -48,20 +48,20 @@ mode = 0644
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/pbsready-export.cfg.in
 output = ${buildout:directory}/pbsready-export.cfg
-md5sum = 5e27c391ceafb6a58032f1f87fba7826
+md5sum = 25d05b3929fb4c6cf275866bad678d6a
 mode = 0644
 
 [template-pull-backup]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance-pull-backup.cfg.in
 output = ${buildout:directory}/instance-pull-backup.cfg
-md5sum = c67a9dad66490ae264f9e7003521bf59
+md5sum = c49e5911b94078d87b94507fb4efc93b
 mode = 0644
 
 [template-replicated]
 recipe = slapos.recipe.download
 url = ${:_profile_base_location_}/template-replicated.cfg.in
-#md5sum = 9e20f283bf709c63c9c6692d5e1f8972
+md5sum = c762a625f65193bc8a570b4d56a0d08c
 mode = 0644
 destination = ${buildout:directory}/template-replicated.cfg.in
 

stack/resilient/instance-pull-backup.cfg.in

@@ -75,7 +75,7 @@ callbacks = $${directory:notifier-callbacks}
 id-file = $${rootdirectory:etc}/notifier.id
 equeue-socket = $${equeue:socket}
 host = $${slap-network-information:global-ipv6}
-port = 8080
+port = 8088
 wrapper = $${basedirectory:services}/notifier
 server-binary = ${buildout:bin-directory}/pubsubserver
 notifier-binary = ${buildout:bin-directory}/pubsubnotifier
@@ -105,6 +105,7 @@ promises-directory = $${basedirectory:promises}
 directory = $${directory:pbs-backup}
 cron-entries = $${cron:cron-entries}
 wrappers-directory = $${directory:pbs-wrappers}
+run-directory = $${basedirectory:run}
 # XXX: this should be named "notifier-host"
 notifier-url = http://[$${notifier:host}]:$${notifier:port}
 slave-instance-list = $${slap-parameter:slave_instance_list}

stack/resilient/pbsready-export.cfg.in

@@ -25,6 +25,12 @@ home = $${buildout:directory}
 var = $${:home}/var
 pid = $${:var}/pid
 
+# Define port of ssh server. It has to be different from import so that it
+# supports export/import using same IP (slaprunner, slapos-in-partition,
+# ipv4...)
+[dropbear-server]
+port = 22221
+
 [resilient-publish-connection-parameter]
 notification-id = http://[$${notifier:host}]:$${notifier:port}/get/$${notifier-exporter:name}
 

stack/resilient/pbsready-import.cfg.in

@@ -23,6 +23,12 @@ parts =
 [resilient-publish-connection-parameter]
 notification-url = http://[$${notifier:host}]:$${notifier:port}/notify
 
+# Define port of ssh server. It has to be different from import so that it
+# supports export/import using same IP (slaprunner, slapos-in-partition,
+# ipv4...)
+[dropbear-server]
+port = 22220
+
 [import-on-notification]
 # notifier.callback runs a script when a notification (sent by a parent PBS)
 # is received

stack/resilient/pbsready.cfg.in

@@ -213,7 +213,8 @@ wrapper = $${basedirectory:services}/sshd
 [dropbear-server]
 recipe = slapos.cookbook:dropbear
 host = $${slap-network-information:global-ipv6}
-port = 2222
+# Explicitely excludes to define "port" argument. It will be defined in
+# pbs-ready-import.cfg.in and pbs-ready-export.cfg.in
 home = $${directory:ssh}
 wrapper = $${rootdirectory:bin}/raw_sshd
 shell = $${rdiff-backup-server:wrapper}

stack/resilient/template-replicated.cfg.in

@@ -79,7 +79,7 @@ software-url = ${slap-connection:software-release-url}
 software-type = {{typeimport}}
 return = ssh-public-key ssh-url notification-url ip
 
-pbs-notification-id = ${slap-connection:computer-id}-${slap-connection:partition-id}-{{namebase}}-push
+pbs-notification-id = ${slap-connection:computer-id}-${slap-connection:partition-id}-{{namebase}}-{{id}}-push
 
 config = number authorized-key on-notification ip-list namebase
 config-number = {{id}}
@@ -133,8 +133,6 @@ config-ip-list = ${request-{{namebase}}:connection-ip}{% for j in range(1,nbback
 ## Having 3 backups pulling from the same PBS provides
 ##only availability, not resiliency
 
-## WARNING : SLAVES ARE ALLOCATED AT RANDOM, THIS NEEDS TO BE FIXED.
-
 [request-pbs-common]
 <= slap-connection
 recipe = slapos.cookbook:request
@@ -173,15 +171,16 @@ sla-{{ key }} = {{ value }}
 [request-pull-backup-server-{{namebase}}-{{id}}]
 <= request-pbs-common
 name = PBS {{id}} pulling from ${request-{{namebase}}:name}
-config = url name type server-key on-notification notify notification-id title
+config = url name type server-key on-notification notify notification-id title remove-backup-older-than
 config-url = ${request-{{namebase}}:connection-ssh-url}
-config-name = ${slap-connection:computer-id}-${slap-connection:partition-id}-{{namebase}}-{{id}}
 config-type = pull
 config-server-key = ${request-{{namebase}}:connection-ssh-public-key}
 config-on-notification = ${request-{{namebase}}:connection-notification-id}
 config-notify = ${request-pbs-{{namebase}}-{{id}}:connection-notification-url}
 config-notification-id = ${slap-connection:computer-id}-${slap-connection:partition-id}-{{namebase}}-{{id}}-pull
+config-name = ${slap-connection:computer-id}-${slap-connection:partition-id}-{{namebase}}-{{id}}
 config-title = Pulling from {{namebase}}
+config-remove-backup-older-than = {{ slapparameter_dict.get('remove-backup-older-than', '3B') }}
 slave = true
 sla = instance_guid
 sla-instance_guid = ${request-pbs-{{namebase}}-{{id}}:instance_guid}
@@ -191,12 +190,12 @@ sla-instance_guid = ${request-pbs-{{namebase}}-{{id}}:instance_guid}
 name = PBS pushing on ${request-{{namebase}}-pseudo-replicating-{{id}}:name}
 config = url name type server-key on-notification notify notification-id title
 config-url = ${request-{{namebase}}-pseudo-replicating-{{id}}:connection-ssh-url}
-config-name = ${request-pull-backup-server-{{namebase}}-{{id}}:config-name}
 config-type = push
 config-server-key = ${request-{{namebase}}-pseudo-replicating-{{id}}:connection-ssh-public-key}
 config-on-notification = ${request-pbs-{{namebase}}-{{id}}:connection-feeds-url}${request-pull-backup-server-{{namebase}}-{{id}}:config-notification-id}
 config-notify = ${request-{{namebase}}-pseudo-replicating-{{id}}:connection-notification-url}
 config-notification-id = ${request-{{namebase}}-pseudo-replicating-{{id}}:pbs-notification-id}
+config-name = ${slap-connection:computer-id}-${slap-connection:partition-id}-{{namebase}}-{{id}}
 config-title = Pushing to {{namebase}} backup {{id}}
 slave = true
 sla = instance_guid

stack/slapos.cfg

@@ -12,6 +12,7 @@ extensions +=
 # Use shacache and lxml
 extends =
   ../component/lxml-python/buildout.cfg
+  ../component/python-openssl/buildout.cfg
 
 # Separate from site eggs
 allowed-eggs-from-site-packages =
@@ -59,6 +60,7 @@ networkcache-section = networkcache
 recipe = zc.recipe.egg
 eggs =
   ${lxml-python:egg}
+  ${python-openssl:egg}
   slapos.cookbook
   cliff
   hexagonit.recipe.download