Commit 7ae111f1 authored by Łukasz Nowak's avatar Łukasz Nowak

- public version of recipe to instantiate ERP5 using slapos

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@43912 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent e93d48f7
Changelog
=========
1.0 (unreleased)
----------------
include CHANGES.txt
recursive-include src/slapos/recipe/erp5 *.in
The slapos.recipe.erp5 aims to instanciate an ERP5 environnment
===============================================================
SLAP parameters
---------------
zope_amount
~~~~~~~~~~~
:Optional: Yes
:Type: integer
:Default: None
:Description: If present switches to Zope/ZEO configuration and configures this amount of Zopes connected to ZEO. If not present only one Zope with own ZODB is created.
ca_*
~~~~
:Optional: Yes
:Name: ca_country_code, ca_email, ca_state, ca_city, ca_company
:Type: string
:Default: XX, xx@example.com, State, City, Company
:Description: Certificate Authority configuration.
key_auth_path
~~~~~~~~~~~~~
:Optional: Yes
:Type: string
:Default: /erp5/portal_slap
:Description: Path where connections using PKI authorisation will be directed.
[egg_info]
tag_build = .dev
tag_svn_revision = 1
from setuptools import setup, find_packages
name = "slapos.recipe.erp5"
version = '1.0'
def read(name):
return open(name).read()
long_description=( read('README.txt')
+ '\n' +
read('CHANGES.txt')
)
setup(
name = name,
version = version,
description = "ZC Buildout recipe for create an erp5 instance",
long_description=long_description,
license = "GPLv3",
keywords = "buildout slapos erp5",
classifiers=[
"Framework :: Buildout :: Recipe",
"Programming Language :: Python",
],
packages = find_packages('src'),
package_dir = {'': 'src'},
include_package_data=True,
install_requires = [
'zc.recipe.egg',
'setuptools',
'slapos.lib.recipe >= 1.0.dev-r4554',
],
namespace_packages = ['slapos', 'slapos.recipe'],
entry_points = {'zc.buildout': ['default = %s:Recipe' % name]},
)
# See http://peak.telecommunity.com/DevCenter/setuptools#namespace-packages
try:
__import__('pkg_resources').declare_namespace(__name__)
except ImportError:
from pkgutil import extend_path
__path__ = extend_path(__path__, __name__)
# See http://peak.telecommunity.com/DevCenter/setuptools#namespace-packages
try:
__import__('pkg_resources').declare_namespace(__name__)
except ImportError:
from pkgutil import extend_path
__path__ = extend_path(__path__, __name__)
This diff is collapsed.
import os
import sys
import time
def runApache(args):
sleep = 60
conf = args[0]
while True:
ready = True
for f in conf['required_path_list']:
if not os.path.exists(f):
print 'File %r does not exists, sleeping for %s' % (f, sleep)
ready = False
if ready:
break
time.sleep(sleep)
apache_wrapper_list = [conf['binary'], '-f', conf['config'], '-DFOREGROUND']
apache_wrapper_list.extend(sys.argv[1:])
sys.stdout.flush()
sys.stderr.flush()
os.execl(apache_wrapper_list[0], *apache_wrapper_list)
import os
import subprocess
import time
def popenCommunicate(command_list, input=None):
subprocess_kw = dict(stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
if input is not None:
subprocess_kw.update(stdin=subprocess.PIPE)
popen = subprocess.Popen(command_list, **subprocess_kw)
result = popen.communicate(input)[0]
if popen.returncode is None:
popen.kill()
if popen.returncode != 0:
raise ValueError('Issue during calling %r, result was:\n%s' % (command_list,
result))
return result
def checkCertificateAuthority(ca_conf):
file_list = [
ca_conf['ca_key'],
ca_conf['ca_certificate'],
]
ca_ready = True
for f in file_list:
if not os.path.exists(f):
ca_ready = False
break
if ca_ready:
return
for f in file_list:
if os.path.exists(f):
os.unlink(f)
try:
# no CA, let us create new one
popenCommunicate([ca_conf['openssl_binary'], 'req', '-nodes', '-config',
ca_conf['openssl_configuration'], '-new', '-x509', '-extensions',
'v3_ca', '-keyout', ca_conf['ca_key'], '-out',
ca_conf['ca_certificate'], '-days',
'10950'], 'Automatic Certificate Authority\n')
except:
try:
for f in file_list:
if os.path.exists(f):
os.unlink(f)
except:
# do not raise during cleanup
pass
raise
def checkCertificate(common_name, key, certificate, ca_conf):
file_list = [ key, certificate ]
ready = True
for f in file_list:
if not os.path.exists(f):
ready = False
break
if ready:
return
for f in file_list:
if os.path.exists(f):
os.unlink(f)
csr = certificate + '.csr'
try:
popenCommunicate([ca_conf['openssl_binary'], 'req', '-config',
ca_conf['openssl_configuration'], '-nodes', '-new', '-keyout',
key, '-out', csr, '-days', '3650'],
common_name + '\n')
try:
popenCommunicate([ca_conf['openssl_binary'], 'ca', '-batch', '-config',
ca_conf['openssl_configuration'], '-out', certificate,
'-infiles', csr])
finally:
if os.path.exists(csr):
os.unlink(csr)
except:
try:
for f in file_list:
if os.path.exists(f):
os.unlink(f)
except:
# do not raise during cleanup
pass
raise
def checkLoginCertificate(ca_conf):
checkCertificate('Login Based Access', ca_conf['login_key'],
ca_conf['login_certificate'], ca_conf)
def checkKeyAuthCertificate(ca_conf):
checkCertificate('Key Based Access', ca_conf['key_auth_key'],
ca_conf['key_auth_certificate'], ca_conf)
def runCertificateAuthority(args):
ca_conf = args[0]
while True:
checkCertificateAuthority(ca_conf)
checkLoginCertificate(ca_conf)
checkKeyAuthCertificate(ca_conf)
time.sleep(60)
import os
def execute(args):
"""Portable execution with process replacement"""
# Note: Candidate for slapos.lib.recipe
os.execv(args[0], args)
import os
import subprocess
import sys
import time
def runMysql(args):
sleep = 60
initialise_command_list = args[0]
mysql_conf = args[1]
mysql_wrapper_list = [mysql_conf['mysqld_binary'],
'--defaults-file=%s'%mysql_conf['configuration_file']]
while True:
# XXX: Protect with proper root password
popen = subprocess.Popen(initialise_command_list,
stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
result = popen.communicate()[0]
if popen.returncode is None or popen.returncode != 0:
print "Failed to initialise server.\nThe error was: %s" % result
print "Waiting for %ss and retrying" % sleep
time.sleep(sleep)
else:
print "Mysql properly initialised"
break
sys.stdout.flush()
sys.stderr.flush()
os.execl(mysql_wrapper_list[0], *mysql_wrapper_list)
def updateMysql(args):
mysql_command_list = args[0]
mysql_script = args[1]
sleep = 30
while True:
mysql = subprocess.Popen(mysql_command_list, stdin=subprocess.PIPE,
stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
result = mysql.communicate(mysql_script)[0]
if mysql.returncode is None:
mysql.kill()
if mysql.returncode != 0:
print 'Script failed with: %s' % result
print 'Sleeping for %ss and retrying' % sleep
else:
print 'Script succesfully run on database, exiting'
time.sleep(sleep)
# Apache configuration file for Zope
# Automatically generated
# Basic server configuration
PidFile "%(pid_file)s"
LockFile "%(lock_file)s"
Listen %(ip)s:%(port)s
ServerAdmin %(server_admin)s
DefaultType text/plain
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
# As backend is trusting REMOTE_USER header unset it always
RequestHeader unset REMOTE_USER
# SSL Configuration
%(ssl_snippet)s
# Log configuration
ErrorLog "%(error_log)s"
LogLevel warn
LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\"" combined
LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b" common
CustomLog "%(access_log)s" common
# Directory protection
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
%(path_enable)s
# Magic of Zope related rewrite
RewriteEngine On
%(rewrite_rule)s
# List of modules
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule headers_module modules/mod_headers.so
LoadModule antiloris_module modules/mod_antiloris.so
# Path enabled
<Location %(path)s>
Order Allow,Deny
Allow from all
</Location>
[app:main]
use = egg:cloudooo
#
## System config
#
debug_mode = True
# Folder where pid files, lock files and virtual frame buffer mappings
# are stored. In this folder is necessary create a folder tmp, because this
# folder is used to create all temporary documents.
working_path = %(working_path)s
# Folder where UNO library is installed
uno_path = %(uno_path)s
# Folder where soffice.bin is installed
office_binary_path = %(office_binary_path)s
#
## Monitor Settings
#
# Limit to use the Openoffice Instance. if pass of the limit, the instance is
# stopped and another is started.
limit_number_request = 100
# Interval to check the factory
monitor_interval = 10
timeout_response = 180
enable_memory_monitor = True
# Set the limit in MB
# e.g 1000 = 1 GB, 100 = 100 MB
limit_memory_used = 3000
#
## OOFactory Settings
#
# The pool consist of several OpenOffice.org instances
application_hostname = localhost
# OpenOffice Port
openoffice_port = %(openoffice_port)s
# LD_LIBRARY_PATH passed to OpenOffice
env-LD_LIBRARY_PATH = %(LD_LIBRARY_PATH)s
[server:main]
use = egg:PasteScript#wsgiutils
host = %(ip)s
port = %(port)s
# Apache configuration file for Zope
# Automatically generated
# Basic server configuration
PidFile "%(pid_file)s"
LockFile "%(lock_file)s"
Listen [%(ip)s]:%(port)s
ServerAdmin %(server_admin)s
ServerName %(server_name)s
DefaultType text/plain
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
SSLCertificateFile %(certificate)s
SSLCertificateKeyFile %(key)s
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
# Log configuration
ErrorLog "%(error_log)s"
LogLevel warn
LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\"" combined
LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b" common
CustomLog "%(access_log)s" common
# Directory protection
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
# Magic of Zope related rewrite
RewriteEngine On
%(rewrite_rule)s
# List of modules
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule headers_module modules/mod_headers.so
defaults
mode tcp
option redispatch
timeout server 3000s
timeout queue 5s
timeout connect 10s
timeout client 3600s
%(listen_list)s
CREATE DATABASE IF NOT EXISTS %(mysql_database)s;
GRANT ALL PRIVILEGES ON %(mysql_database)s.* TO %(mysql_user)s@'%%' IDENTIFIED BY '%(mysql_password)s';
CREATE DATABASE IF NOT EXISTS %(mysql_test_database)s;
GRANT ALL PRIVILEGES ON %(mysql_test_database)s.* TO %(mysql_test_user)s@'%%' IDENTIFIED BY '%(mysql_test_password)s';
EXIT
#!/bin/sh
exec %(kumo_gateway_binary)s -F -E -m %(kumo_manager_ip)s:%(kumo_manager_port)s -t %(kumo_gateway_ip)s:%(kumo_gateway_port)s -o %(kumo_gateway_log)s
#!/bin/sh
exec %(kumo_manager_binary)s -a -l %(kumo_manager_ip)s:%(kumo_manager_port)s -o %(kumo_manager_log)s
#!/bin/sh
exec %(kumo_server_binary)s -l %(kumo_server_ip)s:%(kumo_server_port)s -L %(kumo_server_listen_port)s -m %(kumo_manager_ip)s:%(kumo_manager_port)s -s %(kumo_server_storage)s -o %(kumo_server_log)s
#!/bin/sh
exec %(memcached_binary)s -p %(memcached_port)s -U %(memcached_port)s -l %(memcached_ip)s -m %(memcached_mem_limit)s
# ERP5 buildout my.cnf template based on my-huge.cnf shipped with mysql
# The MySQL server
[mysqld]
# ERP5 by default requires InnoDB storage. MySQL by default fallbacks to using
# different engine, like MyISAM. Such behaviour generates problems only, when
# tables requested as InnoDB are silently created with MyISAM engine.
#
# Loud fail is really required in such case.
sql-mode="NO_ENGINE_SUBSTITUTION"
skip-show-database
port = %(tcp_port)s
bind-address = %(ip)s
socket = %(socket)s
datadir = %(data_directory)s
pid-file = %(pid_file)s
log-error = %(error_log)s
log-slow-queries = %(slow_query_log)s
long_query_time = 5
max_allowed_packet = 128M
query_cache_size = 32M
plugin-load = ha_innodb_plugin.so
# The following are important to configure and depend a lot on to the size of
# your database and the available resources.
#innodb_buffer_pool_size = 4G
#innodb_log_file_size = 256M
#innodb_log_buffer_size = 8M
# Some dangerous settings you may want to uncomment if you only want
# performance or less disk access. Useful for unit tests.
#innodb_flush_log_at_trx_commit = 0
#innodb_flush_method = nosync
#innodb_doublewrite = 0
#sync_frm = 0
# Uncomment the following if you need binary logging, which is recommended
# on production instances (either for replication or incremental backups).
#log-bin=mysql-bin
# Force utf8 usage
collation_server = utf8_unicode_ci
character_set_server = utf8
default-character-set = utf8
skip-character-set-client-handshake
[mysql]
no-auto-rehash
socket = %(socket)s
[mysqlhotcopy]
interactive-timeout
####################################################################
[ req ]
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
string_mask = utf8only
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = XX
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Somewhere
localityName = Locality Name (eg, city)
0.organizationName = Organization Name (eg, company)
0.organizationName_default = erp5.recipe.apache autogeneration
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organization Unit Name
organizationalUnitName_default = Unknown
commonName = Common Name
commonName_default = %(server_name)s
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
# ZEO configuration file generated by SlapOS
<zeo>
address %(zeo_ip)s:%(zeo_port)s
read-only false
invalidation-queue-size 100
pid-filename %(zeo_pid)s
</zeo>
<filestorage %(zeo_storagename)s>
path %(zeo_zodb)s
</filestorage>
<eventlog>
<logfile>
path %(zeo_event_log)s
</logfile>
</eventlog>
## Zope 2 configuration file generated by SlapOS
# Some defines
%%define INSTANCE %(instance)s
instancehome $INSTANCE
# Used products
%(products)s
# Environment override
<environment>
TMP %(tmp_directory)s
TMPDIR %(tmp_directory)s
HOME %(tmp_directory)s
PATH %(path)s
</environment>
# No need to debug
debug-mode off
# One thread is safe enough
zserver-threads 1
# File location
pid-filename %(pid-filename)s
lock-filename %(lock-filename)s
# Logging configuration
<eventlog>
<logfile>
path %(event_log)s
</logfile>
</eventlog>
<logger access>
<logfile>
path %(z2_log)s
</logfile>
</logger>
# Serving configuration
<http-server>
address %(address)s
</http-server>
# ZODB configuration
<zodb_db main>
mount-point /
<zeoclient>
server %(zeo_ip)s:%(zeo_port)s
storage %(zeo_storagename)s
name %(zeo_storagename)s
</zeoclient>
</zodb_db>
<zoperunner>
program $INSTANCE/bin/runzope
</zoperunner>
# ERP5 Timer Service
%%import timerserver
<timer-server>
interval 5
</timer-server>
## Zope 2 configuration file generated by SlapOS
# Some defines
%%define INSTANCE %(instance)s
instancehome $INSTANCE
# Used products
%(products)s
# Environment override
<environment>
TMP %(tmp_directory)s
TMPDIR %(tmp_directory)s
HOME %(tmp_directory)s
PATH %(path)s
</environment>
# No need to debug
debug-mode off
# One thread is safe enough