Merge branch 'erp5' into erp5-cluster

Conflicts:
	stack/erp5/buildout.cfg
	stack/erp5/instance-erp5-cluster.cfg.in
	stack/erp5/instance-erp5-single.cfg.in
	stack/erp5/instance-kumofs.cfg.in
	stack/erp5/instance-zope.cfg.in
	stack/erp5/instance.cfg.in

CHANGES.txt

 Changes
 =======
 
+0.85 (2013-12-03)
+-----------------
+
+ * Slaprunner: recipe replaced by a buildout profile [14fbcd92]
+ * Slaprunner: import instances can automatically deploy Software Releases [64c48388]
+ * Slaprunner: backup script passes basic authentification [8877615]
+ * Slaprunner: backup doesn't destroy symlinks for Software Releases [f519a078]
+ * Shellinabox: now uses uid and gid to start [e9349c65]
+ * Shellinabox: can do autoconnection [516e772]
+ * Librecipe-generic: correction of bash code for /bin/sh compatibility [bee8c9c8]
+
+0.84.2 (2013-10-04)
+-------------------
+
+ * sshkeys_authority: don't allow to return None as parameter. [9e340a0]
+
+0.84.1 (2013-10-03)
+-------------------
+
+ * Resiliency: PBS: promise should NOT bang. [64886cd]
+
+0.84 (2013-09-30)
+-----------------
+
+ * Request.py: improve instance-state handling. [ba5f160]
+ * Resilient recipe: remove hashing of urls/names. [ee2aec8]
+ * Resilient pbs recipe: recover from rdiff-backup failures. [be7f2fc, 92ee0c3]
+ * Resilience: add pidfiles in PBS. [0b3ad5c]
+ * Resilient: don't hide exception, print it. [05b3d64, d2b0494]
+ * Resiliency: Only keep 10 increments of backup. [4e89e33]
+ * KVM SR: add fallback in case of download exception. [de8d796]
+ * slaprunner: don't check certificate for importer. [53dc772]
+
+0.83.1 (2013-09-10)
+------------------
+
+ * slapconfiguration: fixes previous releasei (don't encode tap_set because it's not a string). [Cedric de Saint Martin]
+
+0.83 (2013-09-10)
+-----------------
+
+ * slaprunner recipe: remove trailing / from master_url. [Cedric de Saint Martin]
+ * librecipe: add pidfile option for singletons. [Cedric de Saint Martin]
+ * Resiliency: Use new pidfile option. [Cedric de Saint Martin]
+ * Fix request.py for slave instances. [Cedric de Saint Martin]
+ * slapconfiguration recipe: cast some parameters from unicode to str. [Cedric de Saint Martin]
+
+0.82 (2013-08-30)
+-----------------
+
+ * Certificate Authority: Can receice certificate to install. [Cedric Le Ninivin]
+ * Squid: Add squid recipe. [Romain Courteaud]
+ * Request: Trasmit instace state to requested instances. [Benjamin Blanc / Cédric Le Ninivin]
+ * Slapconfiguration: Now return instance state. [Cédric Le Ninivin]
+ * Apache Frontend: Remove recipe
+
 0.81 (2013-08-12)
 -----------------
 

component/apache/buildout.cfg

@@ -15,25 +15,25 @@ extends =
 
 [apr]
 recipe = hexagonit.recipe.download
-version = 1.4.6
+version = 1.5.0
 url = http://mir2.ovh.net/ftp.apache.org/dist/apr/apr-${:version}.tar.bz2
-md5sum = ffee70a111fd07372982b0550bbb14b7
+md5sum = cc93bd2c12d0d037f68e21cc6385dc31
 
 [apr-util]
 recipe = hexagonit.recipe.download
-version = 1.5.1
+version = 1.5.3
 url = http://mir2.ovh.net/ftp.apache.org/dist/apr/apr-util-${:version}.tar.bz2
-md5sum = 9c1db8606e520f201c451ec9a0b095f6
+md5sum = 6f3417691c7a27090f36e7cf4d94b36e
 
 [apache]
 # inspired on http://old.aclark.net/team/aclark/blog/a-lamp-buildout-for-wordpress-and-other-php-apps/
 recipe = slapos.recipe.cmmi
 depends =
   ${gdbm:version}
-version = 2.4.4
+version = 2.4.7
 revision = 1
 url = http://mir2.ovh.net/ftp.apache.org/dist/httpd/httpd-${:version}.tar.bz2
-md5sum = 0e712ee2119cd798c8ae39d5f11a9206
+md5sum = 170d7fb6fe5f28b87d1878020a9ab94e
 configure-command = cp -ar ${apr:location}/apr-${apr:version} srclib/apr/; cp -ar ${apr-util:location}/apr-util-${apr-util:version} srclib/apr-util; ./configure
 configure-options = --prefix=${buildout:parts-directory}/${:_buildout_section_name_}
                     --disable-static
@@ -120,9 +120,9 @@ make-targets =
 [apache-2.2]
 # inspired on http://old.aclark.net/team/aclark/blog/a-lamp-buildout-for-wordpress-and-other-php-apps/
 recipe = slapos.recipe.cmmi
-version = 2.2.25
+version = 2.2.26
 url = http://mir2.ovh.net/ftp.apache.org/dist/httpd/httpd-${:version}.tar.bz2
-md5sum = 9ebe3070c0bb4311f21a0cd0e34f0045
+md5sum = 254eda547f8d624604e4bf403241e617
 patch-options = -p1
 configure-options = --disable-static
                     --enable-authn-alias

component/cloud9/buildout.cfg

@@ -19,7 +19,7 @@ recipe = slapos.recipe.build:npm
 packages = sm@0.2.11
 node = nodejs
 environment =
-  PATH=${nodejs:location}/bin:%(PATH)s
+  PATH=${nodejs-0.6:location}/bin:%(PATH)s
 
 [cloud9-stable]
 # Online IDE written in javascript/node.js
@@ -49,7 +49,34 @@ recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/${:filename}
 filename = cloud9-socket.patch
 download-only = true
-#md5sum = 5dc8cc28447ed3747b8a53c768d872aa
+md5sum = c581456cb3a76841898f79f9600e3a1e
+
+[cloud9-file-already-exist.patch]
+# This patch prevents the error "File already exists"
+recipe = hexagonit.recipe.download
+url = ${:_profile_base_location_}/${:filename}
+filename = cloud9-file_already_exist.patch
+download-only = true
+md5sum = 0bc104af8176388d60cbf884b72c8318
+
+[cloud9-remove-all-listeners.patch]
+# This patch prevents cloud9 to die every
+# time a tab is closed
+recipe = hexagonit.recipe.download
+url = ${:_profile_base_location_}/${:filename}
+filename = cloud9-removeAllListeners.patch
+download-only = true
+md5sum = 357915330d677f4917140e02a55646b7
+
+[cloud9-git-download]
+recipe = slapos.recipe.build:gitclone
+repository = https://github.com/ajaxorg/cloud9.git
+revision = f7d102bc225c922f116d2cea52a746d64343ea59
+location = ${buildout:parts-directory}/cloud9
+git-executable = ${git:location}/bin/git
+develop = true
+use-cache = true
+ignore-ssl-certificate = true
 
 [cloud9-git]
 # Online IDE written in javascript/node.js
@@ -58,13 +85,10 @@ download-only = true
 # NODE_PATH=${:destination}/node_modules ${nodejs:node_location} ${:cloud9_js_location}
 recipe = plone.recipe.command
 stop-on-error = true
-commit = f7d102bc225c922f116d2cea52a746d64343ea59
-repository = https://github.com/ajaxorg/cloud9.git
-location = ${buildout:parts-directory}/${:_buildout_section_name_}
-environment = export GIT_SSL_NO_VERIFY=true; export PATH=${git:location}/bin:${nodejs:location}/bin:${node-sm:location}/node_modules/sm/bin:$PATH; export CPPFLAGS="-I${libxml2:location}/include -I${nodejs:location}/include"; export LDFLAGS="-L${libxml2:location}/lib -Wl,-rpath=${libxml2:location}/lib"; export HOME=${:location};
-command = ${:environment} (git clone --quiet ${:repository} ${:location} && cd ${:location} && git reset --hard ${:commit} && ${node-sm:location}/node_modules/.bin/sm install && patch -p1 < ${cloud9-session-directory.patch:location}/${cloud9-session-directory.patch:filename} && ${node-sm:location}/node_modules/.bin/sm install && patch -p1 < ${cloud9-socket.patch:location}/${cloud9-socket.patch:filename}) || (rm -fr ${:location}; exit 1)
-update-command =
-executable = ${:location}/server.js
+environment = export GIT_SSL_NO_VERIFY=true; export PATH=${git:location}/bin:${nodejs-0.6:location}/bin:${node-sm:location}/node_modules/.bin/:$PATH; export CPPFLAGS="-I${libxml2:location}/include -I${nodejs-0.6:location}/include"; export LDFLAGS="-L${libxml2:location}/lib -Wl,-rpath=${libxml2:location}/lib"; export HOME=${cloud9-git-download:location};
+command = ${:environment} (cd ${cloud9-git-download:location} && ${node-sm:location}/node_modules/.bin/sm install && patch -p1 < ${cloud9-session-directory.patch:location}/${cloud9-session-directory.patch:filename} && patch -p1 < ${cloud9-socket.patch:location}/${cloud9-socket.patch:filename} && patch -p1 < ${cloud9-file-already-exist.patch:location}/${cloud9-file-already-exist.patch:filename} && patch -p1 < ${cloud9-remove-all-listeners.patch:location}/${cloud9-remove-all-listeners.patch:filename}) || (rm -fr ${cloud9-git-download:location}; exit 1)
+update-command = true
+executable = ${cloud9-git-download:location}/server.js
 
 [cloud9-npm]
 # Online IDE written in javascript/node.js

component/cloud9/cloud9-file_already_exist.patch

+diff --git a/node_modules/vfs-local/localfs.js b/node_modules/vfs-local/localfs.js
+index 7ce9981..1dd07b7 100644
+--- a/node_modules/vfs-local/localfs.js
++++ b/node_modules/vfs-local/localfs.js
+@@ -677,7 +677,7 @@ module.exports = function setup(fsOptions) {
+                     else {
+                         var err = new Error("File already exists.");
+                         err.code = "EEXIST";
+-                        callback(err);
++                        //callback(err);
+                     }
+                 });
+             });

component/cloud9/cloud9-removeAllListeners.patch

+diff --git a/plugins-server/cloud9.ide.watcher/file_watcher.js b/plugins-server/cloud9.ide.watcher/file_watcher.
+index b7ed7da..36dcd05 100644
+--- a/plugins-server/cloud9.ide.watcher/file_watcher.js
++++ b/plugins-server/cloud9.ide.watcher/file_watcher.js
+@@ -69,11 +69,11 @@ util.inherits(FileWatcher, EventEmitter);
+ 
+     this.close = function() {
+         if (this.watcher) {
+-            this.watcher.removeAllListeners();
++            //this.watcher.removeAllListeners();
+             this.watcher.close();
+             this.emit("close");
+         }
+         this.watcher = null;
+     };
+ 
+-}).call(FileWatcher.prototype);
+\ No newline at end of file
++}).call(FileWatcher.prototype);
+

component/curl/buildout.cfg

@@ -11,8 +11,8 @@ parts =
 
 [curl]
 recipe = slapos.recipe.cmmi
-url = http://curl.haxx.se/download/curl-7.31.0.tar.bz2
-md5sum = b7bea20579ac2f696338ae03f2c19ba5
+url = http://curl.haxx.se/download/curl-7.34.0.tar.bz2
+md5sum = 88491df2bb32e9146e776ae6ac2f8327
 configure-options =
   --disable-static
   --disable-ldap
@@ -28,12 +28,15 @@ configure-options =
   --enable-ipv6
   --disable-sspi
   --without-gnutls
+  --without-spnego
   --with-ssl=${openssl:location}
   --with-zlib=${zlib:location}
   --without-nss
+  --without-libmetalink
   --without-libssh2
   --without-librtmp
   --without-libidn
+  --without-nghttp2
 
 environment =
   PATH=${pkgconfig:location}/bin:%(PATH)s

component/firefox/buildout.cfg

@@ -34,7 +34,7 @@ script =
   wrapper = open(wrapper_location, 'w')
   wrapper.write("""#!${dash:location}/bin/dash
   cd %(location)s
-  export LD_LIBRARY_PATH=%(location)s:${libXrender:location}/lib/:{dbus:location}/lib/:${dbus-glib:location}/lib/:${freetype:location}/lib/:${fontconfig:location}/lib/:${libX11:location}/lib/:${bzip2:location}/lib/:${libXext:location}/lib/:${libXt:location}/lib/:${zlib:location}/lib/:${libXcursor:location}/lib/:${gtk-2:location}/lib/:${cairo:location}/lib/:${pango:location}/lib/:${glib:location}/lib/:${atk:location}/lib/:${gdk-pixbuf:location}/lib/:${alsa:location}/lib/:${libpng15:location}/lib/:${libSM:location}/lib/:${libICE:location}/lib:${libxml2:location}/lib:${openssl:location}/lib
+  export LD_LIBRARY_PATH=%(location)s:${libXrender:location}/lib:${dbus:location}/lib:${dbus-glib:location}/lib:${freetype:location}/lib:${fontconfig:location}/lib:${libX11:location}/lib:${bzip2:location}/lib:${libXext:location}/lib:${libXt:location}/lib:${zlib:location}/lib:${libXcursor:location}/lib:${gtk-2:location}/lib:${cairo:location}/lib:${pango:location}/lib:${glib:location}/lib:${atk:location}/lib:${gdk-pixbuf:location}/lib:${alsa:location}/lib:${libpng15:location}/lib:${libSM:location}/lib:${libICE:location}/lib:${libxml2:location}/lib:${openssl:location}/lib
   export PATH=${fontconfig:location}/bin:$PATH
   exec %(location)s/firefox $*""")
   wrapper.close()

component/gettext/buildout.cfg

@@ -8,12 +8,13 @@ extends =
 
 [gettext]
 recipe = slapos.recipe.cmmi
-url = http://ftp.gnu.org/pub/gnu/gettext/gettext-0.18.2.1.tar.gz
-md5sum = 034c8103b14654ebd300fadac44d6f14
+url = http://ftp.gnu.org/pub/gnu/gettext/gettext-0.18.3.2.tar.gz
+md5sum = 241aba309d07aa428252c74b40a818ef
 
 configure-options =
   --disable-static
   --disable-java
+  --disable-native-java
   --disable-csharp
   --with-libncurses-prefix=${ncurses:location}
   --with-libxml2-prefix=${libxml2:location}
@@ -22,6 +23,8 @@ configure-options =
   --disable-acl
   --disable-openmp
   --without-git
+  --without-bz2
+  --without-xz
 
 environment =
   CPPFLAGS=-I${libxml2:location}/include -I${zlib:location}/include -I${ncurses:location}/include

component/grep/buildout.cfg

@@ -8,8 +8,8 @@ parts =
 
 [grep]
 recipe = slapos.recipe.cmmi
-url = http://ftp.gnu.org/gnu/grep/grep-2.14.tar.xz
-md5sum = d4a3f03849d1e17ce56ab76aa5a24cab
+url = http://ftp.gnu.org/gnu/grep/grep-2.16.tar.xz
+md5sum = 502350a6c8f7c2b12ee58829e760b44d
 environment =
   PATH=${xz-utils:location}/bin:%(PATH)s
   CPPFLAGS=-I${pcre:location}/include

component/groonga/buildout.cfg

@@ -11,9 +11,9 @@ extends =
 
 [groonga]
 recipe = slapos.recipe.cmmi
-version = 3.0.5
+version = 3.1.1
 url = http://packages.groonga.org/source/groonga/groonga-${:version}.tar.gz
-md5sum = 2894bbdd2275cb3c62aea14446dc2561
+md5sum = c8bae890be05b4226f095839a049823e
 configure-options =
   --disable-static
   --disable-glibtest

component/gtk-2/buildout.cfg

@@ -22,12 +22,12 @@ depends =
   ${libpng:so_version}
 configure-options = 
   --enable-tee=yes
-  --enable-xlib=no
+  --enable-xlib=yes
 environment = 
   PATH=${freetype:location}/bin:${pkgconfig:location}/bin:%(PATH)s
   PKG_CONFIG_PATH=${fontconfig:location}/lib/pkgconfig:${freetype:location}/lib/pkgconfig:${zlib:location}/lib/pkgconfig:${libpng:location}/lib/pkgconfig:${pixman:location}/lib/pkgconfig:${libX11:location}/lib/pkgconfig:${libXrender:location}/lib/pkgconfig
   CPPFLAGS=-I${libpng:location}/include/ -I${zlib:location}/include -I${libX11:location}/include/ -I${xproto:location}/include -I${kbproto:location}/include -I${libXrender:location}/include -I${render:location}/include
-  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${libXrender:location}/lib -Wl,-rpath=${libXrender:location}/lib
+  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${libXrender:location}/lib -Wl,-rpath=${libXrender:location}/lib -L${libX11:location}/lib
   LD_LIBRARY_PATH=${render:location}/lib:${libX11:location}/lib:${libXrender:location}/lib
 
 [pango]

component/libpng/buildout.cfg

@@ -28,6 +28,6 @@ md5sum = fd85af68f84cbdf549147811006488c1
 
 [libpng]
 <= libpng-common
-url = http://download.sourceforge.net/libpng/libpng-1.6.2.tar.xz
-md5sum = 9d838f6fca9948a9f360a0cc1b516d5f
+url = http://download.sourceforge.net/libpng/libpng-1.6.6.tar.xz
+md5sum = 3a41dcd58bcac7cc191c2ec80c7fb2ac
 so_version = 16

component/m4/buildout.cfg

 [buildout]
+extends =
+  ../xz-utils/buildout.cfg
 parts =
   m4
 
-[m4-drop.gets.patch]
-recipe = hexagonit.recipe.download
-url = ${:_profile_base_location_}/${:filename}
-md5sum = dc5f06fb42649e181c40177eb1edc333
-download-only = true
-filename = drop.gets.patch
-
 [m4]
-virtual-depends = ${m4-drop.gets.patch:md5sum}
-patch-options = -p1
-patches =
-  ${m4-drop.gets.patch:location}/${m4-drop.gets.patch:filename}
-
 recipe = slapos.recipe.cmmi
-url = http://ftp.gnu.org/gnu/m4/m4-1.4.16.tar.bz2
-md5sum = 8a7cef47fecab6272eb86a6be6363b2f
+url = http://ftp.gnu.org/gnu/m4/m4-1.4.17.tar.xz
+md5sum = 12a3c829301a4fd6586a57d3fcf196dc
+environment =
+  PATH=${xz-utils:location}/bin:%(PATH)s

component/make/buildout.cfg

+[buildout]
+extends =
+  ../autoconf/buildout.cfg
+  ../automake/buildout.cfg
+
+[make]
+# make 3.82 breaks too many things. Stick with 3.81.
+# See http://lists.gnu.org/archive/html/make-alpha/2010-07/msg00025.html
+# for all incompatible changes.
+# Moreover, vanilla 3.81 does some seg faults, so use Debian patched version.
+<= make3.81-debian
+
+[make-dfsg_3.81-8.2.diff]
+# Debian patch coming from:
+# http://ftp.de.debian.org/debian/pool/main/m/make-dfsg/make-dfsg_3.81-8.2.diff.gz
+recipe = hexagonit.recipe.download
+url = ${:_profile_base_location_}/${:_buildout_section_name_}
+md5sum = fa77bb989a096fafbe7c78582e9415e3
+download-only = true
+
+[make3.81-debian]
+recipe = slapos.recipe.cmmi
+url = http://ftp.de.debian.org/debian/pool/main/m/make-dfsg/make-dfsg_3.81.orig.tar.gz
+md5sum = 7c93b1ab4680eb21c2c13f4f47741e2d
+patches =
+  ${make-dfsg_3.81-8.2.diff:location}/make-dfsg_3.81-8.2.diff
+patch-options = -p1

component/mariadb/buildout.cfg

@@ -12,28 +12,29 @@ extends =
   ../openssl/buildout.cfg
   ../pkgconfig/buildout.cfg
   ../readline/buildout.cfg
+  ../libxml2/buildout.cfg
 
 parts =
   mariadb
 
-[mariadb-5.5-no_test-patch]
+[mariadb-10.0.5-no_test-patch]
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/${:filename}
-md5sum = 14e6d713c16298a10f40d29f2b799aca
-filename = mariadb_5.5_create_system_tables__no_test.patch
+md5sum = acc065292320f0c2805ce6bbdc3af0b5
+filename = mariadb_10.0.5_create_system_tables__no_test.patch
 download-only = true
 
 [mariadb]
 recipe = slapos.recipe.cmmi
-version = 5.5.32
+version = 10.0.7
 revision = 1
 url = http://downloads.askmonty.org/f/mariadb-${:version}/kvm-tarbake-jaunty-x86/mariadb-${:version}.tar.gz/from/http://ftp.osuosl.org/pub/mariadb
-md5sum = 565c2dce6a2fb027c9d0ffbae4934135
+md5sum = 46d341a6e76f3faf6891d3db45402862
 # compile directory is required to build mysql plugins.
 keep-compile-dir = true
 patch-options = -p0
 patches =
-  ${mariadb-5.5-no_test-patch:location}/${mariadb-5.5-no_test-patch:filename}
+  ${mariadb-10.0.5-no_test-patch:location}/${mariadb-10.0.5-no_test-patch:filename}
 configure-command = ${cmake:location}/bin/cmake
 configure-options =
   -DCMAKE_INSTALL_PREFIX=${buildout:parts-directory}/${:_buildout_section_name_}
@@ -49,21 +50,21 @@ configure-options =
   -DWITH_EMBEDDED_SERVER=0
   -DWITHOUT_EXAMPLE_STORAGE_ENGINE=1
   -DWITHOUT_DAEMON_EXAMPLE=1
-  -DCMAKE_C_FLAGS="-I${libaio:location}/include -I${ncurses:location}/include -I${openssl:location}/include -I${readline5:location}/include -I${zlib:location}/include"
-  -DCMAKE_CXX_FLAGS="-I${libaio:location}/include -I${ncurses:location}/include -I${openssl:location}/include -I${readline5:location}/include -I${zlib:location}/include"
-  -DCMAKE_INSTALL_RPATH=${libaio:location}/lib:${ncurses:location}/lib:${openssl:location}/lib:${readline5:location}/lib:${zlib:location}/lib
+  -DCMAKE_C_FLAGS="-I${libaio:location}/include -I${libxml2:location}/include -I${ncurses:location}/include -I${openssl:location}/include -I${readline5:location}/include -I${zlib:location}/include"
+  -DCMAKE_CXX_FLAGS="-I${libaio:location}/include -I${libxml2:location}/include -I${ncurses:location}/include -I${openssl:location}/include -I${readline5:location}/include -I${zlib:location}/include"
+  -DCMAKE_INSTALL_RPATH=${libaio:location}/lib:${libxml2:location}/lib:${ncurses:location}/lib:${openssl:location}/lib:${readline5:location}/lib:${zlib:location}/lib
 environment =
   CMAKE_PROGRAM_PATH=${cmake:location}/bin
-  CMAKE_INCLUDE_PATH=${libaio:location}/include:${ncurses:location}/include:${openssl:location}/include:${readline5:location}/include:${zlib:location}/include
-  CMAKE_LIBRARY_PATH=${libaio:location}/lib:${ncurses:location}/lib:${openssl:location}/lib:${readline5:location}/lib:${zlib:location}/lib
-  LDFLAGS=-L${libaio:location}/lib
+  CMAKE_INCLUDE_PATH=${libaio:location}/include:${libxml2:location}/include:${ncurses:location}/include:${openssl:location}/include:${readline5:location}/include:${zlib:location}/include
+  CMAKE_LIBRARY_PATH=${libaio:location}/lib:${libxml2:location}/lib:${ncurses:location}/lib:${openssl:location}/lib:${readline5:location}/lib:${zlib:location}/lib
+  LDFLAGS=-L${libaio:location}/lib -L${zlib:location}/lib
 
 [mroonga-mariadb]
 # mroonga - a storage engine for MySQL. It provides fast fulltext search feature to all MySQL users.
 # http://mroonga.github.com/
 recipe = slapos.recipe.cmmi
-url = http://packages.groonga.org/source/mroonga/mroonga-3.05.tar.gz
-md5sum = ba4cbd79274d832b9343a0b2fe7d0787
+url = http://packages.groonga.org/source/mroonga/mroonga-3.11.tar.gz
+md5sum = 3adfc67972b219586d0fdef9da25bc55
 configure-options =
   --with-mysql-source=${mariadb:location}__compile__/mariadb-${mariadb:version}
   --with-mysql-config=${mariadb:location}/bin/mysql_config

component/mariadb/mariadb_5.5_create_system_tables__no_test.patch → component/mariadb/mariadb_10.0.5_create_system_tables__no_test.patch

@@ -5,9 +5,9 @@ circumstances as it is checked first.
 See http://bugs.debian.org/301741
 and http://bugs.mysql.com/bug.php?id=6901
 
---- scripts/mysql_system_tables_data.sql	2008-12-04 22:59:44.000000000 +0100
-+++ scripts/mysql_system_tables_data.sql	2008-12-04 23:00:07.000000000 +0100
-@@ -27,8 +27,6 @@
+--- scripts/mysql_system_tables_data.sql.orig   2013-11-05 17:46:05.000000000 +0100
++++ scripts/mysql_system_tables_data.sql        2013-11-08 09:28:34.707291508 +0100
+@@ -31,8 +31,6 @@
  -- Fill "db" table with default grants for anyone to
  -- access database 'test' and 'test_%' if "db" table didn't exist
  CREATE TEMPORARY TABLE tmp_db LIKE db;
@@ -15,13 +15,13 @@ and http://bugs.mysql.com/bug.php?id=6901
 -INSERT INTO tmp_db VALUES ('%','test\_%','','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y','Y','Y','Y','N','N','Y','Y');
  INSERT INTO db SELECT * FROM tmp_db WHERE @had_db_table=0;
  DROP TABLE tmp_db;
- 
-@@ -41,8 +39,6 @@
- REPLACE INTO tmp_user SELECT @current_hostname,'root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'','' FROM dual WHERE LOWER( @current_hostname) != 'localhost';
- REPLACE INTO tmp_user VALUES ('127.0.0.1','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'','');
- REPLACE INTO tmp_user VALUES ('::1','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'','');
+
+@@ -44,8 +42,6 @@
+ REPLACE INTO tmp_user SELECT @current_hostname,'root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'','','N','N' FROM dual WHERE LOWER( @current_hostname) != 'localhost';
+ REPLACE INTO tmp_user VALUES ('127.0.0.1','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'','','N','N');
+ REPLACE INTO tmp_user VALUES ('::1','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'','','N','N');
 -INSERT INTO tmp_user (host,user) VALUES ('localhost','');
 -INSERT INTO tmp_user (host,user) SELECT @current_hostname,'' FROM dual WHERE LOWER(@current_hostname ) != 'localhost';
  INSERT INTO user SELECT * FROM tmp_user WHERE @had_user_table=0;
  DROP TABLE tmp_user;
- 
+

component/nano/buildout.cfg

+[buildout]
+parts =
+  nano
+  
+extends = 
+  ../ncurses/buildout.cfg
+
+[nano]
+recipe = slapos.recipe.cmmi
+version = 2.2.6
+url = http://www.nano-editor.org/dist/v2.2/nano-2.2.6.tar.gz
+md5sum = 03233ae480689a008eb98feb1b599807
+environment=
+    CFLAGS=-I${ncurses:location}/include
+    LDFLAGS=-L${ncurses:location}/lib/ -Wl,-rpath=${ncurses:location}/lib/
\ No newline at end of file

component/openssl/buildout.cfg

@@ -30,8 +30,8 @@ download-only = true
 
 [openssl]
 recipe = slapos.recipe.cmmi
-url = https://www.openssl.org/source/openssl-1.0.1e.tar.gz
-md5sum = 66bf6f10f060d561929de96f9dfe5b8c
+url = https://www.openssl.org/source/openssl-1.0.1f.tar.gz
+md5sum = f26b09c028a0541cab33da697d522b25
 patch-binary = ${patch:location}/bin/patch
 patches =
   ${openssl-nodoc.patch:location}/${openssl-nodoc.patch:filename}

component/percona-toolkit/buildout.cfg

@@ -10,8 +10,8 @@ parts =
 recipe = slapos.recipe.cmmi
 depends =
   ${perl:version}
-version = 2.1.9
+version = 2.2.6
 url = http://www.percona.com/redir/downloads/percona-toolkit/${:version}/percona-toolkit-${:version}.tar.gz
-md5sum = 94545d0fe6a4893dcad8a3411531107d
+md5sum = 2a008bccc3b62b5362d01a03c916e88d
 configure-command =
   ${perl:location}/bin/perl Makefile.PL

component/python-2.7/buildout.cfg

@@ -10,6 +10,7 @@ extends =
   ../sqlite3/buildout.cfg
   ../zlib/buildout.cfg
   ../file/buildout.cfg
+  ../xz-utils/buildout.cfg
 
 parts =
     python2.7
@@ -25,9 +26,9 @@ python = python2.7
 
 [python2.7]
 recipe = slapos.recipe.cmmi
-package_version = 2.7.5
+package_version = 2.7.6
 package_version_suffix =
-md5sum = 6334b666b7ff2038c761d7b27ba699c1
+md5sum = bcf93efa8eaf383c98ed3ce40b763497
 
 depends =
   ${gdbm:version}
@@ -38,7 +39,7 @@ version = 2.7
 executable = ${:prefix}/bin/python${:version}
 
 url =
-  http://python.org/ftp/python/${:package_version}/Python-${:package_version}${:package_version_suffix}.tar.bz2
+  http://python.org/ftp/python/${:package_version}/Python-${:package_version}${:package_version_suffix}.tar.xz
 configure-options =
   --enable-ipv6
   --enable-unicode=ucs4
@@ -51,5 +52,6 @@ make-targets = make profile-opt && make install
 # the entry "-Wl,-rpath=${file:location}/lib" below is needed by python-magic,
 # which would otherwise load the system libmagic.so with ctypes
 environment =
+  PATH=${xz-utils:location}/bin:%(PATH)s
   CPPFLAGS=-I${zlib:location}/include -I${readline:location}/include -I${libexpat:location}/include -I${ncurses:location}/include -I${ncurses:location}/include/ncursesw -I${bzip2:location}/include  -I${gdbm:location}/include -I${openssl:location}/include -I${sqlite3:location}/include -I${gettext:location}/include
   LDFLAGS=-L${zlib:location}/lib -L${readline:location}/lib -L${libexpat:location}/lib -L${ncurses:location}/lib -L${bzip2:location}/lib -L${gdbm:location}/lib -L${openssl:location}/lib -L${sqlite3:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${readline:location}/lib -Wl,-rpath=${libexpat:location}/lib -Wl,-rpath=${ncurses:location}/lib -Wl,-rpath=${bzip2:location}/lib -Wl,-rpath=${gdbm:location}/lib -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${sqlite3:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib -Wl,-rpath=${file:location}/lib

component/python-setuptools/buildout.cfg

@@ -4,9 +4,10 @@ parts = python-setuptools
 [setuptools-download]
 recipe = hexagonit.recipe.download
 download-only = true
-filename = setuptools-0.6c11-py2.7.egg
-url = http://pypi.python.org/packages/2.7/s/setuptools/${:filename}
-md5sum = fe1f997bc722265116870bc7919059ea
+package_suffix = setuptools-1.4.2
+filename = ${:package_suffix}.tar.gz
+url = https://pypi.python.org/packages/source/s/setuptools/${:filename}
+md5sum = 13951be6711438073fbe50843e7f141f
 mode = 0644
 
 [python-setuptools]
@@ -16,9 +17,10 @@ mode = 0644
 # To be able to use it, you should in your instance do an:
 # export PYTHONPATH=${:location} (defined in ${:environment})
 location = ${buildout:parts-directory}/${:_buildout_section_name_}
-environment = export PATH=${python2.7:location}/bin:$PATH; export PYTHONPATH=${:location};
+pythonpath = ${:location}/${setuptools-download:package_suffix}
+environment = export PATH=${python2.7:location}/bin:$PATH; export PYTHONPATH=${:pythonpath};
 stop-on-error = true
 recipe = plone.recipe.command
 update = true
 # chmod is a hack, but the mode of hexagonit.recipe.download above didn't worked yet (there was new version recently)
-command = ${:environment} (mkdir ${:location}; chmod 644 ${setuptools-download:location}/${setuptools-download:filename} ; sh ${setuptools-download:location}/${setuptools-download:filename} --install-dir ${:location}) || (rm -fr ${:location}; exit 1)
+command = ${:environment} (mkdir ${:location}; cd ${:location} && tar -xzvf ${setuptools-download:location}/${setuptools-download:filename} && cd ${:pythonpath} && ${buildout:executable} setup.py build) || (rm -fr ${:location}; exit 1)

component/qemu-kvm/buildout.cfg

@@ -15,8 +15,8 @@ extends =
 [kvm]
 recipe = slapos.recipe.cmmi
 # qemu-kvm and qemu are now the same since 1.3.
-url = http://wiki.qemu-project.org/download/qemu-1.5.1.tar.bz2
-md5sum = b56e73bdcfdb214d5c68e13111aca96f
+url = http://wiki.qemu-project.org/download/qemu-1.6.1.tar.bz2
+md5sum = 3a897d722457c5a895cd6ac79a28fda0
 depends =
   ${libpng:so_version}
 configure-options =
@@ -57,9 +57,9 @@ configure-options =
 [debian-amd64-netinst.iso]
 # Download the installer of Debian 7 (Wheezy)
 recipe = hexagonit.recipe.download
-url = http://cdimage.debian.org/debian-cd/7.1.0/amd64/iso-cd/debian-7.1.0-amd64-netinst.iso
+url = http://cdimage.debian.org/debian-cd/7.2.0/amd64/iso-cd/debian-7.2.0-amd64-netinst.iso 
 filename = ${:_buildout_section_name_}
-md5sum = 80f498a1f9daa76bc911ae13692e4495
+md5sum = b86774fe4de88be6378ba3d71b8029bd 
 download-only = true
 mode = 0644
 location = ${buildout:parts-directory}/${:_buildout_section_name_}

component/screen/buildout.cfg

+[buildout]
+parts =
+  screen
+
+extends =
+  ../ncurses/buildout.cfg
+
+[screen]
+recipe = slapos.recipe.cmmi
+version = 4.0.3
+url = http://ftp.gnu.org/gnu/screen/screen-4.0.3.tar.gz
+md5sum = 8506fd205028a96c741e4037de6e3c42
+environment=
+    CFLAGS=-I${ncurses:location}/include
+    LDFLAGS=-L${ncurses:location}/lib/ -Wl,-rpath=${ncurses:location}/lib/
\ No newline at end of file

component/slapos/buildout.cfg

@@ -17,6 +17,7 @@ extends =
   ../pkgconfig/buildout.cfg
   ../popt/buildout.cfg
   ../python-2.7/buildout.cfg
+  ../python-openssl/buildout.cfg
   ../readline/buildout.cfg
   ../sqlite3/buildout.cfg
   ../swig/buildout.cfg
@@ -90,10 +91,14 @@ output = ${buildout:directory}/environment.sh
 [lxml-python]
 python = python2.7
 
+[python-openssl]
+python = python2.7
+
 [slapos]
 recipe = z3c.recipe.scripts
 python = python2.7
 eggs =
+  ${python-openssl:egg}
   slapos.libnetworkcache
   zc.buildout
   ${lxml-python:egg}
@@ -131,46 +136,63 @@ scripts = py
 
 [versions]
 # Use our own buildout version
-zc.buildout = 1.6.0-dev-SlapOS-010
+zc.buildout = 1.6.0-dev-SlapOS-012
 
 # Force to use zc.recipe.egg 1.x
 zc.recipe.egg = 1.3.2
 
 # Use own version of h.r.download to be able to open archives not supported by python2.x: .xz
-hexagonit.recipe.download = 1.6nxd002
+hexagonit.recipe.download = 1.7nxd002
 
-Jinja2 = 2.7
+slapos.core = 1.0.0
+Jinja2 = 2.7.1
 MarkupSafe = 0.18
-Werkzeug = 0.8.3
+Pygments = 1.6
+Werkzeug = 0.9.4
 buildout-versions = 1.7
+cmd2 = 0.6.7
 collective.recipe.template = 1.10
-lxml = 3.1.2
+itsdangerous = 0.23
+lxml = 3.2.3
 meld3 = 0.6.10
 netaddr = 0.7.10
+prettytable = 0.7.2
+pyOpenSSL = 0.13.1
+pyparsing = 2.0.1
+setuptools = 1.1.6
 slapos.libnetworkcache = 0.13.4
+slapos.recipe.cmmi = 0.1.1
 xml-marshaller = 0.9.7
 z3c.recipe.scripts = 1.0.1
 
 # Required by:
-# slapos.core==0.35.2-dev
-Flask = 0.9
+# slapos.core==1.0.0
+Flask = 0.10.1
+
+# Required by:
+# slapos.core==1.0.0
+bpython = 0.12
+
+# Required by:
+# slapos.core==1.0.0
+cliff = 1.4.5
+
+# Required by:
+# slapos.core==1.0.0
+ipython = 1.1.0
 
 # Required by:
-# slapos.core==0.35.2-dev
+# slapos.core==1.0.0
 netifaces = 0.8
 
 # Required by:
-# slapos.core==0.35.2-dev
-# slapos.libnetworkcache==0.13.3
-# supervisor==3.0b1
-# zc.buildout==1.6.0-dev-SlapOS-010
-# zope.interface==4.0.5
-setuptools = 0.6c12dev-r88846
+# slapos.core==1.0.0
+requests = 2.1.0
 
 # Required by:
-# slapos.core==0.35.2-dev
-supervisor = 3.0b2
+# slapos.core==1.0.0
+supervisor = 3.0
 
 # Required by:
-# slapos.core==0.35.2-dev
+# slapos.core==1.0.0
 zope.interface = 4.0.5

component/slapos/testing.cfg

+# This file is used to install testing, not-stable-yet, version of SlapOS Node
+[buildout]
+extends =
+  buildout.cfg
+
+# Add hosting location of testing version of slapos.core
+find-links +=
+  http://www.nexedi.org/static/packages/source/slapos.core-testing/
+
+[versions]
+slapos.core = 1.0.0rc6

component/sqlite3/buildout.cfg

@@ -5,8 +5,8 @@ parts =
 
 [sqlite3]
 recipe = slapos.recipe.cmmi
-url = http://www.sqlite.org/2013/sqlite-autoconf-3071700.tar.gz
-md5sum = 18c285053e9562b848209cb0ee16d4ab
+url = http://www.sqlite.org/2013/sqlite-autoconf-3080100.tar.gz
+md5sum = 8b5a0a02dfcb0c7daf90856a5cfd485a
 configure-options =
   --disable-static
   --enable-readline

component/squid/buildout.cfg

+# Squid: Optimising Web Delivery
+# http://squid-cache.org
+
+[buildout]
+parts =
+  squid
+extends =
+  ../pkgconfig/buildout.cfg
+
+[squid]
+recipe = hexagonit.recipe.cmmi
+url = http://www.squid-cache.org/Versions/v3/3.2/squid-3.2.1.tar.gz
+md5sum = 3fb81acc6b70a432e3f0d8a0491056dc
+configure-options =
+  --disable-dependency-tracking
+  --disable-translation
+  --disable-htcp
+  --disable-snmp
+  --disable-loadable-modules
+  --disable-icmp
+  --disable-esi
+  --disable-icap-client
+  --disable-wccp
+  --disable-wccpv2
+  --disable-eui
+  --enable-http-violations
+  --disable-ipfw-transparent 
+  --disable-ipf-transparent
+  --disable-pf-transparent
+  --disable-linux-netfilter
+  --enable-follow-x-forwarded-for
+  --disable-auth
+  --disable-url-rewrite-helpers
+  --disable-auto-locale
+  --disable-kerberos
+  --enable-x-accelerator-vary
+  --disable-external-acl-helpers
+  --disable-auth-ntlm
+  --with-krb5-config=no
+Environment =
+  PATH=${pkgconfig:location}/bin:%(PATH)s

component/texinfo/buildout.cfg

+[buildout]
+extends =
+  ../ncurses/buildout.cfg
+
+[texinfo]
+# Most other components are not happy with texinfo 5, because it treats some
+# used-to-be-warnings as errors.
+<= texinfo4
+
+[texinfo4]
+recipe = slapos.recipe.cmmi
+url = http://ftp.gnu.org/gnu/texinfo/texinfo-4.13.tar.gz
+md5sum = 71ba711519209b5fb583fed2b3d86fcb
+configure-options =
+  --disable-static
+environment =
+  CFLAGS=-I${ncurses:location}/include
+  LDFLAGS=-L${ncurses:location}/lib -Wl,-rpath=${ncurses:location}/lib

component/varnish/buildout.cfg

@@ -41,5 +41,5 @@ environment =
 
 [varnish-3.0]
 <= varnish-2.1
-url = http://repo.varnish-cache.org/source/varnish-3.0.4.tar.gz
-md5sum = a130ce9c3504b9603a46542635e18701
+url = http://repo.varnish-cache.org/source/varnish-3.0.5.tar.gz
+md5sum = 674d44775cc927aee4601edb37f60198

component/vim/buildout.cfg

+[buildout]
+parts =
+  vim
+  
+extends = 
+  ../ncurses/buildout.cfg
+
+[vim]
+recipe = slapos.recipe.cmmi
+version = 7.4
+url = http://ftp.vim.org/pub/vim/unix/vim-7.4.tar.bz2
+md5sum = 607e135c559be642f210094ad023dc65
+environment=
+    CFLAGS=-I${ncurses:location}/include
+    LDFLAGS=-L${ncurses:location}/lib/ -Wl,-rpath=${ncurses:location}/lib/
\ No newline at end of file

component/zeromq/buildout.cfg

+[buildout]
+extends =
+  ../libtool/buildout.cfg
+  ../libuuid/buildout.cfg
+
+[zeromq]
+<= zeromq3
+
+[zeromq3]
+recipe = slapos.recipe.cmmi
+url = http://download.zeromq.org/zeromq-3.2.3.tar.gz
+md5sum = 1abf8246363249baf5931a065ee38203
+configure-options = --without-documentation
+environment =
+  PATH=${libtool:location}/bin:%(PATH)s
+  LDFLAGS=-L${libtool:location}/lib -Wl,-rpath -Wl,${libtool:location}/lib -L${libuuid:location}/lib -Wl,-rpath -Wl,${libuuid:location}/lib
+
+[zeromq2]
+recipe = slapos.recipe.cmmi
+url = http://download.zeromq.org/zeromq-2.2.0.tar.gz
+md5sum = 1b11aae09b19d18276d0717b2ea288f6
+configure-options =
+  --without-documentation
+environment =
+  PATH=${libtool:location}/bin:%(PATH)s
+  CXXFLAGS=-I${libuuid:location}/include
+  LDFLAGS=-L${libtool:location}/lib -Wl,-rpath -Wl,${libtool:location}/lib -L${libuuid:location}/lib -Wl,-rpath -Wl,${libuuid:location}/lib

setup.py

@@ -28,7 +28,7 @@ from setuptools import setup, find_packages
 import glob
 import os
 
-version = '0.82-dev'
+version = '0.85'
 name = 'slapos.cookbook'
 long_description = open("README.txt").read() + "\n" + \
     open("CHANGES.txt").read() + "\n"
@@ -70,7 +70,6 @@ setup(name=name,
         'zc.buildout': [
           'addresiliency = slapos.recipe.addresiliency:Recipe',
           'agent = slapos.recipe.agent:Recipe',
-          'apache.frontend = slapos.recipe.apache_frontend:Recipe',
           'apache.zope.backend = slapos.recipe.apache_zope_backend:Recipe',
           'apacheperl = slapos.recipe.apacheperl:Recipe',
           'apachephp = slapos.recipe.apachephp:Recipe',
@@ -185,12 +184,12 @@ setup(name=name,
           'slapmonitor = slapos.recipe.slapmonitor:MonitorRecipe',
           'slapmonitor-xml = slapos.recipe.slapmonitor:MonitorXMLRecipe',
           'slapreport = slapos.recipe.slapreport:Recipe',
-          'slaprunner = slapos.recipe.slaprunner:Recipe',
           'slaprunner.test = slapos.recipe.slaprunner:Test',
           'slaprunner.export = slapos.recipe.slaprunner.backup:ExportRecipe',
           'slaprunner.import = slapos.recipe.slaprunner.backup:ImportRecipe',
           'softwaretype = slapos.recipe.softwaretype:Recipe',
           'sphinx= slapos.recipe.sphinx:Recipe',
+          'squid = slapos.recipe.squid:Recipe',
           'sshkeys_authority = slapos.recipe.sshkeys_authority:Recipe',
           'sshkeys_authority.request = slapos.recipe.sshkeys_authority:Request',
           'stunnel = slapos.recipe.stunnel:Recipe',

slapos/recipe/addresiliency/takeover.py

 # -*- coding: utf-8 -*-
 import logging
 import time
+import traceback
 
 import slapos
 from slapos.slap.slap import NotFoundError
@@ -65,6 +66,7 @@ def takeover(server_url, key_file, cert_file, computer_guid,
       cp_winner.rename(new_name=cp_exporter_ref)
       break
     except NotFoundError:
+      traceback.print_exc()
       log.warning('Impossible to rename. Retrying in a few seconds...')
   log.debug('Renamed.')
 

slapos/recipe/apache_frontend/certificate_authority.py

-import os
-import subprocess
-import time
-import ConfigParser
-import uuid
-
-
-def popenCommunicate(command_list, input=None):
-  subprocess_kw = dict(stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
-  if input is not None:
-    subprocess_kw.update(stdin=subprocess.PIPE)
-  popen = subprocess.Popen(command_list, **subprocess_kw)
-  result = popen.communicate(input)[0]
-  if popen.returncode is None:
-    popen.kill()
-  if popen.returncode != 0:
-    raise ValueError('Issue during calling %r, result was:\n%s' % (
-      command_list, result))
-  return result
-
-
-class CertificateAuthority:
-  def __init__(self, key, certificate, openssl_binary,
-      openssl_configuration, request_dir):
-    self.key = key
-    self.certificate = certificate
-    self.openssl_binary = openssl_binary
-    self.openssl_configuration = openssl_configuration
-    self.request_dir = request_dir
-
-  def checkAuthority(self):
-    file_list = [ self.key, self.certificate ]
-    ca_ready = True
-    for f in file_list:
-      if not os.path.exists(f):
-        ca_ready = False
-        break
-    if ca_ready:
-      return
-    for f in file_list:
-      if os.path.exists(f):
-        os.unlink(f)
-    try:
-      # no CA, let us create new one
-      popenCommunicate([self.openssl_binary, 'req', '-nodes', '-config',
-          self.openssl_configuration, '-new', '-x509', '-extensions', 'v3_ca',
-          '-keyout', self.key, '-out', self.certificate, '-days', '10950'],
-          # Authority name will be random, so no instance has the same issuer
-          'Certificate Authority %s\n' % uuid.uuid1())
-    except:
-      try:
-        for f in file_list:
-          if os.path.exists(f):
-            os.unlink(f)
-      except:
-        # do not raise during cleanup
-        pass
-      raise
-
-  def _checkCertificate(self, common_name, key, certificate):
-    file_list = [key, certificate]
-    ready = True
-    for f in file_list:
-      if not os.path.exists(f):
-        ready = False
-        break
-    if ready:
-      return False
-    for f in file_list:
-      if os.path.exists(f):
-        os.unlink(f)
-    csr = certificate + '.csr'
-    try:
-      popenCommunicate([self.openssl_binary, 'req', '-config',
-        self.openssl_configuration, '-nodes', '-new', '-keyout',
-        key, '-out', csr, '-days', '3650'],
-        common_name + '\n')
-      try:
-        popenCommunicate([self.openssl_binary, 'ca', '-batch', '-config',
-          self.openssl_configuration, '-out', certificate,
-          '-infiles', csr])
-      finally:
-        if os.path.exists(csr):
-          os.unlink(csr)
-    except:
-      try:
-        for f in file_list:
-          if os.path.exists(f):
-            os.unlink(f)
-      except:
-        # do not raise during cleanup
-        pass
-      raise
-    else:
-      return True
-
-  def checkRequestDir(self):
-    for request_file in os.listdir(self.request_dir):
-      parser = ConfigParser.RawConfigParser()
-      parser.readfp(open(os.path.join(self.request_dir, request_file), 'r'))
-      if self._checkCertificate(parser.get('certificate', 'name'),
-          parser.get('certificate', 'key_file'), parser.get('certificate',
-            'certificate_file')):
-        print 'Created certificate %r' % parser.get('certificate', 'name')
-
-def runCertificateAuthority(args):
-  ca_conf = args[0]
-  ca = CertificateAuthority(ca_conf['key'], ca_conf['certificate'],
-      ca_conf['openssl_binary'], ca_conf['openssl_configuration'],
-      ca_conf['request_dir'])
-  while True:
-    ca.checkAuthority()
-    ca.checkRequestDir()
-    time.sleep(60)

slapos/recipe/apache_frontend/template/apache.conf.path-protected.in

-<Directory %(path)s>
-  Order Deny,Allow
-  Allow from %(access_control_string)s
-</Directory>
-
-<Directory %(document_root)s>
-  Order Allow,Deny
-  Allow from All
-</Directory>

slapos/recipe/apache_frontend/template/apache.location-snippet.conf.in

-<Location %(location)s>
-  Order Deny,Allow
-  Deny from all
-  Allow from %(allow_string)s
-</Location>

slapos/recipe/apache_frontend/template/apache.ssl-snippet.conf.in

-SSLCertificateFile %(login_certificate)s
-SSLCertificateKeyFile %(login_key)s
-SSLRandomSeed startup builtin
-SSLRandomSeed connect builtin
-SSLSessionCache shmcb:/%(httpd_mod_ssl_cache_directory)s/ssl_scache(512000)
-SSLSessionCacheTimeout  300
-SSLRandomSeed startup /dev/urandom 256
-SSLRandomSeed connect builtin
-SSLProtocol -ALL +SSLv3 +TLSv1
-SSLHonorCipherOrder On
-SSLCipherSuite RC4-SHA:HIGH:!ADH
-<FilesMatch "\.(cgi|shtml|phtml|php)$">
-      SSLOptions +StdEnvVars
-</FilesMatch>
-# Accept proxy to sites using self-signed SSL certificates
-SSLProxyCheckPeerCN off
-SSLProxyCheckPeerExpire off

slapos/recipe/apache_frontend/template/logrotate_entry.in

-%(file_list)s {
-  daily
-  dateext
-  rotate 30
-  compress
-  notifempty
-  sharedscripts
-  create
-  postrotate
-    %(postrotate)s
-  endscript
-  olddir %(olddir)s
-}

slapos/recipe/apache_frontend/template/stunnel.conf.entry.in

-[%(name)s]
-accept = %(public_ip)s:%(public_port)s
-connect = %(private_ip)s:%(private_port)s

slapos/recipe/apache_frontend/template/stunnel.conf.in

-foreground = yes
-output = %(log)s
-pid = %(pid_file)s
-syslog = no
-client = yes
-CApath = %(ca_path)s
-key = %(key)s
-CRLpath = %(ca_crl)s
-cert = %(cert)s
-sslVersion = SSLv3
-socket = l:TCP_NODELAY=1
-socket = r:TCP_NODELAY=1
-
-%(entry_str)s

slapos/recipe/apache_frontend/template/varnish.vcl.in

-# This is a basic VCL configuration file for varnish.  See the vcl(7)
-# man page for details on VCL syntax and semantics.
-# 
-# Default backend definition.  Set this to point to your content
-# server.
-# 
-backend default {
-    .host = "%(backend_host)s";
-    .port = "%(backend_port)s";
-    .probe = { 
-        .url = "/";
-        .timeout = 10s;
-        .interval = 10s;
-        .window = 4;
-        .threshold = 3;
-    }
-}
-# 
-# Below is a commented-out copy of the default VCL logic.  If you
-# redefine any of these subroutines, the built-in logic will be
-# appended to your code.
-# 
-# sub vcl_recv {
-#     if (req.http.x-forwarded-for) {
-#   set req.http.X-Forwarded-For =
-#       req.http.X-Forwarded-For ", " client.ip;
-#     } else {
-#   set req.http.X-Forwarded-For = client.ip;
-#     }
-#     if (req.request != "GET" &&
-#       req.request != "HEAD" &&
-#       req.request != "PUT" &&
-#       req.request != "POST" &&
-#       req.request != "TRACE" &&
-#       req.request != "OPTIONS" &&
-#       req.request != "DELETE") {
-#         /* Non-RFC2616 or CONNECT which is weird. */
-#         return (pipe);
-#     }
-#     if (req.request != "GET" && req.request != "HEAD") {
-#         /* We only deal with GET and HEAD by default */
-#         return (pass);
-#     }
-#     if (req.http.Authorization || req.http.Cookie) {
-#         /* Not cacheable by default */
-#         return (pass);
-#     }
-#     return (lookup);
-# }
-sub vcl_recv {
-    if (req.http.cache-control ~ "no-cache") {
-        purge_url(req.url);
-    }
-
-    if (req.url ~ "\.(css|js|ico)$") {
-        unset req.http.cookie;
-    }
-
-    # remove bogus cookies
-    if (req.http.Cookie) {
-        set req.http.Cookie = regsuball(req.http.Cookie, "(^|; ) *__utm.=[^;]+;? *", "\1");
-        set req.http.Cookie = regsuball(req.http.Cookie, "(^|; ) *__ac_name=\x22\x22;? *", "\1");
-        set req.http.Cookie = regsuball(req.http.Cookie, "(^|; ) *__ac=\x22Og.3D.3D\x22;? *", "\1");
-    }
-    if (req.http.Cookie == "") {
-        remove req.http.Cookie;
-    }
-
-    if (req.http.x-forwarded-for) {
-  set req.http.X-Forwarded-For =
-      req.http.X-Forwarded-For ", " client.ip;
-    } else {
-  set req.http.X-Forwarded-For = client.ip;
-    }
-    if (req.request != "GET" &&
-      req.request != "HEAD" &&
-      req.request != "PUT" &&
-      req.request != "POST" &&
-      req.request != "TRACE" &&
-      req.request != "OPTIONS" &&
-      req.request != "DELETE") {
-        /* Non-RFC2616 or CONNECT which is weird. */
-        return (pipe);
-    }
-    if (req.request != "GET" && req.request != "HEAD") {
-        /* We only deal with GET and HEAD by default */
-        return (pass);
-    }
-    if (req.http.Authorization) {
-        /* Not cacheable by default */
-        return (pass);
-    }
-    if (req.http.Cookie && req.http.Cookie ~ "(^|; ) *__ac=") {
-        /* Not cacheable for authorised users,
-     but KM images are cacheable */
-  if (!(req.url ~ "/km_img/.*\.(png|gif)$")) {
-    return (pass);
-  }
-    }
-    # XXX login form can defer based on __ac_name cookie value
-    if (req.url ~ "/(login_form|WebSite_viewLoginDialog)($|\?)") {
-        return (pass);
-    }
-    if (req.backend.healthy) {
-        set req.grace = 1h;
-    } else {
-        set req.grace = 1w;
-    }
-    return (lookup);
-}
-# 
-# sub vcl_pipe {
-#     # Note that only the first request to the backend will have
-#     # X-Forwarded-For set.  If you use X-Forwarded-For and want to
-#     # have it set for all requests, make sure to have:
-#     # set req.http.connection = "close";
-#     # here.  It is not set by default as it might break some broken web
-#     # applications, like IIS with NTLM authentication.
-#     return (pipe);
-# }
-# 
-# sub vcl_pass {
-#     return (pass);
-# }
-# 
-# sub vcl_hash {
-#     set req.hash += req.url;
-#     if (req.http.host) {
-#         set req.hash += req.http.host;
-#     } else {
-#         set req.hash += server.ip;
-#     }
-#     return (hash);
-# }
-# 
-# sub vcl_hit {
-#     if (!obj.cacheable) {
-#         return (pass);
-#     }
-#     return (deliver);
-# }
-# 
-# sub vcl_miss {
-#     return (fetch);
-# }
-# 
-# sub vcl_fetch {
-#     if (!beresp.cacheable) {
-#         return (pass);
-#     }
-#     if (beresp.http.Set-Cookie) {
-#         return (pass);
-#     }
-#     return (deliver);
-# }
-sub vcl_fetch {
-    # we only cache 200 (OK) and 304 (Not Modified) responses.
-    if (beresp.status != 200 && beresp.status != 304) {
-        set beresp.cacheable = false;
-    }
-
-    if (beresp.http.cache-control ~ "no-cache") {
-        set beresp.cacheable = false;
-    }
-
-    if (!beresp.cacheable) {
-        unset beresp.http.expires;
-        set beresp.http.cache-control = "no-cache";
-        return (pass);
-    }
-
-    # we don't care haproxy's cookie.
-    if (beresp.http.Set-Cookie && beresp.http.Set-Cookie !~ "^SERVERID=[^;]+; path=/$") {
-        return (pass);
-    }
-
-    if (req.url ~ "\.(css|js|ico)$") {
-        unset beresp.http.set-cookie;
-        set beresp.http.cache-control = regsub(beresp.http.cache-control, "^", "public,");
-        set beresp.http.cache-control = regsub(beresp.http.cache-control, ",$", "");
-    }
-
-    # remove some headers added by caching policy manager to avoid
-    # '304 Not Modified' in case of login <-> logout switching.
-    if (beresp.http.content-type ~ "^text/html") {
-  unset beresp.http.last-modified;
-    }
-
-    if (beresp.cacheable) {
-        /* Remove Expires from backend, it's not long enough */
-        unset beresp.http.expires;
-        /* Set the clients TTL on this object */
-        set beresp.http.cache-control = "max-age = 900";
-        /* Set how long Varnish will keep it */
-        set beresp.ttl = 1w;
-        /* marker for vcl_deliver to reset Age: */
-        set beresp.http.magicmarker = "1";
-    }
-
-    set beresp.grace = 1w;
-
-    return (deliver);
-}
-# 
-# sub vcl_deliver {
-#     return (deliver);
-# }
-sub vcl_deliver {
-    if (resp.http.magicmarker) {
-        /* Remove the magic marker */
-        unset resp.http.magicmarker;
-        /* By definition we have a fresh object */
-        set resp.http.age = "0";
-    }
-    if (obj.hits > 0) {
-        set resp.http.X-Cache = obj.hits;
-    } else {
-      set resp.http.X-Cache = "MISS";
-    }
-    return (deliver);
-}
-
-# 
-# sub vcl_error {
-#     set obj.http.Content-Type = "text/html; charset=utf-8";
-#     synthetic {"
-# <?xml version="1.0" encoding="utf-8"?>
-# <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-#  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-# <html>
-#   <head>
-#     <title>"} obj.status " " obj.response {"</title>
-#   </head>
-#   <body>
-#     <h1>Error "} obj.status " " obj.response {"</h1>
-#     <p>"} obj.response {"</p>
-#     <h3>Guru Meditation:</h3>
-#     <p>XID: "} req.xid {"</p>
-#     <hr>
-#     <p>Varnish cache server</p>
-#   </body>
-# </html>
-# "};
-#     return (deliver);
-# }

slapos/recipe/certificate_authority/__init__.py

@@ -103,16 +103,27 @@ class Request(Recipe):
     key_file = self.options['key-file']
     cert_file = self.options['cert-file']
 
+    key_content = self.options.get('key-content', None)
+    cert_content = self.options.get('cert-content', None)
+    request_needed = True
+
     name = self.options['name']
     hash_ = hashlib.sha512(name).hexdigest()
     key = os.path.join(self.ca_private, hash_ + self.ca_key_ext)
     certificate = os.path.join(self.ca_certs, hash_ + self.ca_crt_ext)
-    parser = ConfigParser.RawConfigParser()
-    parser.add_section('certificate')
-    parser.set('certificate', 'name', name)
-    parser.set('certificate', 'key_file', key)
-    parser.set('certificate', 'certificate_file', certificate)
-    parser.write(open(os.path.join(self.request_directory, hash_), 'w'))
+
+    # XXX Ugly hack to quickly provide custom certificate/key to everyone using the recipe
+    if key_content and cert_content:
+      open(key, 'w').write(key_content)
+      open(certificate, 'w').write(cert_content)
+      request_needed = False
+    else:
+      parser = ConfigParser.RawConfigParser()
+      parser.add_section('certificate')
+      parser.set('certificate', 'name', name)
+      parser.set('certificate', 'key_file', key)
+      parser.set('certificate', 'certificate_file', certificate)
+      parser.write(open(os.path.join(self.request_directory, hash_), 'w'))
 
     for link in [key_file, cert_file]:
       if os.path.islink(link):
@@ -123,11 +134,14 @@ class Request(Recipe):
     os.symlink(key, key_file)
     os.symlink(certificate, cert_file)
 
-    wrapper = self.createPythonScript(
-      self.options['wrapper'],
-      'slapos.recipe.librecipe.execute.execute_wait',
-      [ [self.options['executable']],
-        [certificate, key] ],
-    )
+    path_list = [key_file, cert_file]
+    if request_needed:
+      wrapper = self.createPythonScript(
+        self.options['wrapper'],
+        'slapos.recipe.librecipe.execute.execute_wait',
+        [ [self.options['executable']],
+          [certificate, key] ],
+      )
+      path_list.append(wrapper)
 
-    return [key_file, cert_file, wrapper]
+    return path_list

slapos/recipe/erp5_bootstrap/template/erp5_bootstrap.in

@@ -12,7 +12,8 @@ erp5_catalog_storage = 'erp5_mysql_innodb_catalog'
 mysql_url = "%(sql_connection_string)s"
 
 header_dict = {'Authorization': 'Basic %%s' %% \
-  base64.encodestring('%%s:%%s' %% (user, password)).strip()}
+  base64.encodestring('%%s:%%s' %% (user, password)).strip(),
+               'Referer':'http://%%s/manage_addProduct/ERP5/addERP5Site' %% host}
 zope_connection = httplib.HTTPConnection(host)
 
 # Check if an ERP5 site is already created, as ERP5 does support having

slapos/recipe/erp5_update/erp5.py

@@ -50,6 +50,7 @@ class ERP5Updater(object):
     base64string = base64.encodestring(authentication_string).strip()
 
     self.header_dict['Authorization'] = 'Basic %s' % base64string
+    self.header_dict['Referer'] = 'http://%s/manage_addProduct/ERP5/addERP5Site' % host
 
     self.host = host
     self.site_id = site_id

slapos/recipe/kvm/template/kvm_controller_run.in

@@ -6,6 +6,8 @@
 import socket
 import time
 
+# XXX: to be factored with slapos.toolbox qemu qmp wrapper.
+
 socket_path = '%(socket-path)s'
 vnc_password = '%(vnc-passwd)s'
 

slapos/recipe/kvm/template/kvm_run.in

@@ -60,7 +60,11 @@ def getSocketStatus(host, port):
 # Download existing hard drive if needed at first boot
 if not os.path.exists(disk_path) and virtual_hard_drive_url != '':
   print('Downloading virtual hard drive...')
-  urllib.urlretrieve(virtual_hard_drive_url, disk_path)
+  try:
+    urllib.urlretrieve(virtual_hard_drive_url, disk_path)
+  except:
+    os.remove(disk_path)
+    raise
   md5sum = virtual_hard_drive_md5sum.strip()
   if md5sum:
     print('Checking MD5 checksum...')

slapos/recipe/librecipe/generic.py

@@ -33,6 +33,7 @@ import sys
 import inspect
 import re
 import shutil
+from textwrap import dedent
 import urllib
 import urlparse
 
@@ -129,10 +130,14 @@ class GenericBaseRecipe(object):
     return script
 
   def createWrapper(self, name, command, parameters, comments=[],
-        parameters_extra=False, environment=None):
+      parameters_extra=False, environment=None,
+      pidfile=None
+  ):
     """
     Creates a very simple (one command) shell script for process replacement.
     Takes care of quoting.
+    if pidfile parameter is specified, then it will make the wrapper a singleton,
+    accepting to run only if no other instance is running.
     """
 
     lines = [ '#!/bin/sh' ]
@@ -144,6 +149,21 @@ class GenericBaseRecipe(object):
       for key in environment:
         lines.append('export %s=%s' % (key, environment[key]))
 
+    if pidfile:
+      lines.append(dedent("""\
+          # Check for other instances
+          pidfile=%s
+          if [ -e $pidfile ]; then
+            pid=$(cat $pidfile)
+            if [ ! -z $(ps -p "$pid" | grep $(basename %s)) ]; then
+              echo "Already running with pid $pid."
+              exit 1
+            else
+              rm $pidfile
+            fi
+          fi
+          echo $$ > $pidfile""" % (pidfile, command)))
+
     lines.append('exec %s' % shlex.quote(command))
 
     for param in parameters:

slapos/recipe/notifier.py

@@ -50,6 +50,9 @@ class Recipe(GenericBaseRecipe):
 class Callback(GenericBaseRecipe):
 
   def createCallback(self, notification_id, callback):
+    # XXX: hashing the name here and in
+    # slapos.toolbox/slapos/pubsub/__init__.py is completely messed up and
+    # prevent any debug.
     callback_id = sha512(notification_id).hexdigest()
 
     filepath = os.path.join(self.options['callbacks'], callback_id)
@@ -64,7 +67,7 @@ class Callback(GenericBaseRecipe):
 class Notify(GenericBaseRecipe):
 
   def createNotifier(self, notifier_binary, wrapper, executable,
-                     log, title, notification_url, feed_url):
+                     log, title, notification_url, feed_url, pidfile=None):
 
     if not os.path.exists(log):
       # Just a touch
@@ -82,6 +85,7 @@ class Notify(GenericBaseRecipe):
     return self.createWrapper(name=wrapper,
                               command=notifier_binary,
                               parameters=parameters,
+                              pidfile=pidfile,
                               comments=[
                                   '',
                                   'Call an executable and send notification(s).',
@@ -101,6 +105,7 @@ class Notify(GenericBaseRecipe):
                                  executable=options['executable'],
                                  log=log,
                                  title=options['title'],
+                                 pidfile=options['pidfile'],
                                  notification_url=options['notify'],
                                  feed_url=feed_url)
     return [script]

slapos/recipe/request.py

@@ -88,8 +88,15 @@ class Recipe(object):
       installation of request section will fail.
       Possible names depend on requested partition's software type.
 
+    state (optional)
+     Requested state, default value is the state of the requester.
+
     Output:
       See "return" input key.
+      "instance-state"
+          The current state of the instance.
+      "requested-state"
+          The requested state of the instance.
   """
   failed = None
 
@@ -112,6 +119,11 @@ class Recipe(object):
     ))
     slave = options.get('slave', 'false').lower() in \
       librecipe.GenericBaseRecipe.TRUE_VALUES
+
+    # By default XXXX Way of doing it is ugly and dangerous
+    requested_state = options.get('state', buildout['slap-connection'].get('requested','started'))
+    options['requested-state'] = requested_state
+
     slap = slapmodule.slap()
     slap.initializeConnection(
       options['server-url'],
@@ -125,21 +137,25 @@ class Recipe(object):
     self._raise_request_exception = None
     self._raise_request_exception_formatted = None
     self.instance = None
+
     # Try to do the request and fetch parameter dict...
     try:
       self.instance = request(software_url, software_type,
           name, partition_parameter_kw=partition_parameter_kw,
-          filter_kw=filter_kw, shared=slave)
+          filter_kw=filter_kw, shared=slave, state=requested_state)
       return_parameter_dict = self._getReturnParameterDict(self.instance,
           return_parameters)
+      # Fetch the instance-guid and the instance-state
+      # Note: SlapOS Master does not support it for slave instances
       if not slave:
         try:
           options['instance-guid'] = self.instance.getInstanceGuid()
           # XXX: deprecated, to be removed
           options['instance_guid'] = self.instance.getInstanceGuid()
+          options['instance-state'] = self.instance.getState()
         except (slapmodule.ResourceNotReady, AttributeError):
           # Backward compatibility. Old SlapOS master and core don't know this.
-          self.logger.warning("Impossible to fetch instance GUID.")
+          self.logger.warning("Impossible to fetch instance GUID nor state.")
     except (slapmodule.NotFoundError, slapmodule.ServerError, slapmodule.ResourceNotReady) as exc:
       self._raise_request_exception = exc
       self._raise_request_exception_formatted = traceback.format_exc()

slapos/recipe/shellinabox.py

@@ -34,7 +34,11 @@ from slapos.recipe.librecipe import GenericBaseRecipe
 
 def login_shell(args):
   password = args['password']
-  entered_password = getpass()
+  
+  if (password != ''):
+    entered_password = getpass()
+  else:
+    entered_password = ''
 
   if entered_password != password:
     return 1
@@ -54,11 +58,11 @@ def shellinabox(args):
     with open(args['ssl_certificate']) as public_key_file:
       print >> certificate_file, public_key_file.read()
 
-  user = pwd.getpwuid(os.getuid()).pw_name
-  group = grp.getgrgid(os.getgid()).gr_name
+  user = pwd.getpwuid(os.getuid()).pw_uid
+  group = grp.getgrgid(os.getgid()).gr_gid
   service = '/:%(user)s:%(group)s:%(directory)s:%(command)s' % {
-    'user': group,
-    'group': user,
+    'user': user,
+    'group': group,
     'directory': args['directory'],
     'command': args['login_shell'],
   }

slapos/recipe/slapconfiguration.py

@@ -78,6 +78,8 @@ class Recipe(object):
       Partition parameter whose name cannot be represented unambiguously in
       buildout syntax are ignored. They cannot be accessed from buildout syntax
       anyway, and are available through "configuration" output key.
+    instance-state
+      The instance state.
   """
 
   # XXX: used to detect if a configuration key is a valid section key. This
@@ -91,10 +93,12 @@ class Recipe(object):
           options.get('key'),
           options.get('cert'),
       )
-      parameter_dict = slap.registerComputerPartition(
+      computer_partition = slap.registerComputerPartition(
           options['computer'],
           options['partition'],
-      ).getInstanceParameterDict()
+      )
+      parameter_dict = computer_partition.getInstanceParameterDict()
+      options['instance-state'] = computer_partition.getState()
       # XXX: those are not partition parameters, strictly speaking.
       # Make them available as individual section keys.
       for his_key in (
@@ -129,9 +133,9 @@ class Recipe(object):
 
       # also export single ip values for those recipes that don't support sets.
       if ipv4_set:
-          options['ipv4-random'] = list(ipv4_set)[0]
+          options['ipv4-random'] = list(ipv4_set)[0].encode('UTF-8')
       if ipv6_set:
-          options['ipv6-random'] = list(ipv6_set)[0]
+          options['ipv6-random'] = list(ipv6_set)[0].encode('UTF-8')
 
       options['tap'] = tap_set
       parameter_dict = self._expandParameterDict(options, parameter_dict)

slapos/recipe/slaprunner/__init__.py

@@ -27,78 +27,8 @@
 from slapos.recipe.librecipe import GenericBaseRecipe
 import os
 
-class Recipe(GenericBaseRecipe):
-
-  def _options(self, options):
-    self.ipv4 = options['ipv4'].strip()
-    self.ipv6 = options['ipv6'].strip()
-    self.proxy_port = options['proxy_port'].strip()
-    self.runner_port = options['runner_port'].strip()
-    self.workdir = options['working-directory'].strip()
-    self.software_directory = options['software-directory'].strip()
-    self.instance_directory = options['instance-directory'].strip()
-    self.partition_amount = options['partition-amount'].strip()
-    self.cloud9_url = options.get('cloud9-url', '').strip()
-    self.log_file = os.path.join(options['log_dir'].strip(), 'slaprunner.log')
-    # Set slaprunner access URL, CLN Beware ipv6 access is made throught nginx
-    options['access-url'] = 'https://[%s]:%s' % (self.ipv6, self.runner_port)
-
-  def install(self):
-    path_list = []
-
-    configuration = dict(
-        software_root=self.software_directory,
-        instance_root=self.instance_directory,
-        master_url='http://%s:%s/' % (self.ipv4, self.proxy_port),
-        computer_id='slaprunner',
-        partition_amount=self.partition_amount,
-        slapgrid_sr=self.options['slapgrid_sr'],
-        slapgrid_cp=self.options['slapgrid_cp'],
-        slapproxy=self.options['slapproxy'],
-        supervisor=self.options['supervisor'],
-        supervisord_config=os.path.join(self.instance_directory, 'etc',
-          'supervisord.conf'),
-        runner_workdir=self.workdir,
-        etc_dir=self.options['etc_dir'],
-        run_dir=self.options['run_dir'],
-        log_dir=self.options['log_dir'],
-        runner_host=self.ipv4,
-        runner_port=self.runner_port,
-        ipv4_address=self.ipv4,
-        ipv6_address=self.ipv6,
-        proxy_host=self.ipv4,
-        proxy_port=self.proxy_port,
-        proxy_database=os.path.join(self.workdir, 'proxy.db'),
-        git=self.options['git-binary'],
-        ssh_client=self.options['ssh_client'],
-        public_key=self.options['public_key'],
-        private_key=self.options['private_key'],
-        cloud9_url=self.cloud9_url
-    )
-
-    config_file = self.createFile(self.options['slapos.cfg'],
-        self.substituteTemplate(self.getTemplateFilename('slapos.cfg.in'),
-        configuration))
-    path_list.append(config_file)
-
-    environment = dict(
-        PATH=os.path.dirname(
-            self.options['git-binary']) + ':' + os.environ['PATH'],
-        GIT_SSH=self.options['ssh_client']
-    )
-    launch_args = [self.options['slaprunner'].strip(), config_file,
-                   '--log_file', self.log_file]
-    if self.optionIsTrue('debug', default=False):
-      launch_args.append('--debug')
-
-    wrapper = self.createPythonScript(self.options['wrapper'],
-        'slapos.recipe.librecipe.execute.executee',
-        (launch_args, environment)
-    )
-    path_list.append(wrapper)
-
-    return path_list
-
+#XXX-Nicolas This recipe has to be deleted as soon as possible
+#No changes allowed, except full-replacement using buildout
 class Test(GenericBaseRecipe):
   def _options(self, options):
     self.ipv4 = options['ipv4'].strip()

slapos/recipe/slaprunner/backup.py

@@ -70,7 +70,7 @@ class ExportRecipe(GenericBaseRecipe):
                     fi
                   done
                 }
-                sync_element %(srv-directory)s/runner  %(backup-directory)s/runner/ instance project  proxy.db softwareLink
+                sync_element %(srv-directory)s/runner  %(backup-directory)s/runner/ instance project  proxy.db
                 sync_element %(etc-directory)s  %(backup-directory)s/etc/ .rcode .project .users .htpasswd ssh
                 if [ -d %(backup-directory)s/runner/software ]; then
                   rm %(backup-directory)s/runner/software/*
@@ -119,13 +119,14 @@ class ImportRecipe(GenericBaseRecipe):
                     fi
                   done
                 }
-                restore_element %(backup-directory)s/runner/ %(srv-directory)s/runner  instance project  proxy.db softwareLink
+                restore_element %(backup-directory)s/runner/ %(srv-directory)s/runner  instance project  proxy.db
                 restore_element  %(backup-directory)s/etc/ %(etc-directory)s .rcode .project .users .htpasswd ssh
                 ifs=$IFS IFS=';'
                 read user pass remaining < %(etc-directory)s/.users
                 IFS=$ifs
-                %(curl-binary)s -vg6L -F clogin="$user" -F cpwd="$pass" --dump-header login_cookie  %(backend-url)s/doLogin;
-                %(curl-binary)s -vg6LX POST --cookie login_cookie --max-time 5  %(backend-url)s/runSoftwareProfile;
+                %(curl-binary)s --insecure -vg6L -F clogin="$user" -F cpwd="$pass" --dump-header login_cookie  %(backend-url)s/doLogin;
+                %(curl-binary)s --insecure -vg6L --cookie login_cookie --max-time 5  %(backend-url)s/isSRReady;
+                %(curl-binary)s --insecure -vg6LX POST --cookie login_cookie --max-time 5  %(backend-url)s/runSoftwareProfile --user "$user":"$pass";
                 rm -f login_cookie
                 """ % self.options)
         self.createExecutable(wrapper, content=content)

slapos/recipe/squid/__init__.py

+##############################################################################
+#
+# Copyright (c) 2012 Vifib SARL and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+from slapos.recipe.librecipe import GenericBaseRecipe
+
+class Recipe(GenericBaseRecipe):
+  """
+  squid instance configuration.
+
+  wrapper-path -- location of the init script to generate
+
+  prepare-path -- location of the directory creation script to generate
+
+  binary-path -- location of the squid command
+
+  conf-path -- location of the configuration file
+
+  cache-path -- location of the cache directory
+
+  XXXX No good, specific...
+  open_port -- entrance port to the host and allowed to use cache
+
+  ip -- ip of the squid server
+
+  port -- port of the squid server
+
+  backend-ip -- ip of the service to cache
+
+  backend-port -- port of the service to cache
+
+  access-log-path -- location of the access log
+
+  cache-log-path -- location of the cache log
+
+  pid-filename-path -- location of the pid filename
+
+  """
+
+  def install(self):
+    config = dict(
+      ip=self.options['ip'], 
+      port=self.options['port'],
+      backend_ip=self.options['backend-ip'], 
+      backend_port=self.options['backend-port'],
+      cache_path=self.options['cache-path'],
+      access_log_path=self.options['access-log-path'],
+      cache_log_path=self.options['cache-log-path'],
+      pid_filename_path=self.options['pid-filename-path'],
+      open_port=self.options['open-port'],
+      )
+
+    template_filename = self.getTemplateFilename('squid.conf.in')
+    configuration_path = self.createFile(
+      self.options['conf-path'],
+      self.substituteTemplate(template_filename, config))
+
+    # Prepare directories
+    prepare_path = self.createPythonScript(
+      self.options['prepare-path'],
+      'slapos.recipe.librecipe.execute.execute',
+      arguments=[self.options['binary-path'].strip(), 
+                 '-z',
+                 '-f', configuration_path,
+                 ],)
+
+    # Create running wrapper
+    wrapper_path = self.createPythonScript(
+      self.options['wrapper-path'],
+      'slapos.recipe.librecipe.execute.execute',
+      arguments=[self.options['binary-path'].strip(), 
+                 '-N',
+                 '-f', configuration_path,
+                 ],)
+
+    return [configuration_path, wrapper_path, prepare_path]

slapos/recipe/squid/template/squid.conf.in

+refresh_pattern .   0 20%% 4320 max-stale=604800
+
+# Dissallow cachemgr access
+http_access deny manager
+
+# Squid service configuration
+http_port %(ip)s:%(port)s accel defaultsite=%(ip)s
+
+cache_peer %(backend_ip)s parent %(backend_port)s 0 no-query originserver name=backend
+
+acl our_sites port %(open_port)s
+http_access allow our_sites
+cache_peer_access backend allow our_sites
+cache_peer_access backend deny all
+
+# Drop squid headers
+# via off
+# reply_header_access X-Cache-Lookup deny all
+# reply_header_access X-Squid-Error deny all
+# reply_header_access X-Cache deny all
+
+header_replace X-Forwarded-For
+follow_x_forwarded_for allow all
+forwarded_for on
+
+# Use 1Go of RAM
+cache_mem 1024 MB
+# But do not keep big object in RAM
+maximum_object_size_in_memory 2048 KB
+
+# Log
+access_log %(access_log_path)s
+cache_log %(cache_log_path)s
+pid_filename %(pid_filename_path)s

slapos/recipe/sshkeys_authority.py

@@ -113,11 +113,11 @@ class Request(GenericBaseRecipe):
       hashlib.sha256(options['name']).hexdigest())
     self.public_key = self.private_key + '.pub'
 
+    options['public-key-value'] = ''
     if os.path.exists(self.public_key):
-      with open(self.public_key) as key:
-        options['public-key-value'] = key.read()
-    else:
-      options['public-key-value'] = ''
+      key_content = open(self.public_key).read()
+      if key_content:
+        options['public-key-value'] = key_content
 
   def install(self):
     requests_directory = self.options['request-directory']

software/apache-frontend/TODO.txt

+Apache:
+=======
+- set a redirection of / in option
+- Implement support of multiple ip (if possible) for multiple ssl (other solution is to ask master instance but quid to much apache process?)
+
+Squid:
+======
+- Only cache in ram. Problems with to much squid on the computer or too many slave?
+
+SlapOS:
+=======
+- Implement intelligent apache graceful -> Should check slave configuration and return error to slave if there is a problem (important but difficult)
+- useless srv/squid_cache directory so far

software/apache-frontend/common.cfg

 [buildout]
 extends =
+# dev Stuff
+  ../../component/git/buildout.cfg
+
+  ../../stack/slapos.cfg
   ../../component/binutils/buildout.cfg
   ../../component/lxml-python/buildout.cfg
   ../../component/apache/buildout.cfg
   ../../component/gzip/buildout.cfg
   ../../component/stunnel/buildout.cfg
-  ../../component/varnish/buildout.cfg
   ../../component/dcron/buildout.cfg
   ../../component/logrotate/buildout.cfg
   ../../component/rdiff-backup/buildout.cfg
-  ../../stack/slapos.cfg
+  ../../component/squid/buildout.cfg
 
-parts =
+parts +=
+  slapos-cookbook
+  slapos-toolbox
   template
+  template-apache-frontend
+  template-apache-replicate
   binutils
   apache-2.2
   apache-antiloris-apache-2.2
 
   stunnel
-  varnish-2.1
 
   dcron
   logrotate
   rdiff-backup
+  squid
 
-# Buildoutish
-  eggs
-  instance-recipe-egg
-
-[instance-recipe]
-# Note: In case if specific instantiation recipe is used this is the place to
-# put its name
-egg = slapos.cookbook
-module = apache.frontend
-
-[instance-recipe-egg]
+[slapos-toolbox]
 recipe = zc.recipe.egg
-eggs = ${instance-recipe:egg}
-
-[eggs]
-recipe = z3c.recipe.scripts
 eggs =
   ${lxml-python:egg}
   slapos.toolbox
 
+scripts =
+  killpidfromfile
+  onetimedownload
+
+[check-recipe]
+recipe = plone.recipe.command
+stop-on-error = true
+update-command = ${:command}
+command =
+  grep parts ${buildout:develop-eggs-directory}/slapos.cookbook.egg-link &&
+
 [template]
-# Default template for apache instance.
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance.cfg
-md5sum = e7b9f57da7eb1450fc15789e239388d4
+md5sum = 5c22b1e0fe601255ebf19adf6093489f
 output = ${buildout:directory}/template.cfg
 mode = 0644
+
+[template-apache-frontend]
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance-apache-frontend.cfg
+md5sum = 9f3eec91f43ae0730e9bba93f83572fc
+output = ${buildout:directory}/template-apache-frontend.cfg
+mode = 0644
+
+[template-apache-replicate]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/instance-apache-replicate.cfg.in
+md5sum = 02658d39fa429fef7faba9658e4f1474
+mode = 0644
+
+[template-slave-list]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/templates/apache-custom-slave-list.cfg.in
+md5sum = f5eef006211809669b12422240c6f436
+mode = 640
+
+[template-slave-configuration]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/templates/slave-virtualhost.conf.in
+md5sum = a7ad2e83b7f919fc45a7ef1e64344dcb
+mode = 640
+
+[template-replicate-publish-slave-information]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/templates/replicate-publish-slave-information.cfg.in
+md5sum = 61a14dff06718e3d90c346a0a7b20c5a
+mode = 640
+
+[template-apache-frontend-configuration]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/templates/apache.conf.in
+md5sum = b4d7461c29fb6c36f09e48fa5ad59fba
+mode = 640
+
+[template-apache-cached-configuration]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/templates/apache_cached.conf.in
+md5sum = 0c4393db80670daf18b432b7f07383e9
+mode = 640
+
+[template-rewrite-cached]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/templates/apache_cached_rewrite.txt.in
+md5sum = 2f30af4f9da340c2b0618599da03ed4b
+mode = 640
+
+[template-custom-slave-list]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/templates/apache-default-slave-list.cfg.in
+md5sum = 9362384cd80727987b34c7746a6de196
+mode = 640
+
+[template-not-found-html]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/templates/notfound.html
+filename = notfound.html
+md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
+mode = 640
+
+[template-default-virtualhost]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/templates/000.conf.in
+md5sum = c2bbf029e6adc432de0884fb5cf5d2ab
+mode = 640
+
+[template-default-slave-virtualhost]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/templates/default-virtualhost.conf.in
+md5sum = ac845c0fa3835832307a0e7323cb339d
+mode = 640
+
+[template-squid-configuration]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/templates/squid.conf.jinja2
+md5sum = 9f70474181372d34c8cd203f24ab546e
+mode = 640
+
+[template-empty]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/templates/empty.in
+md5sum = c2314c3a9c3412a38d14b312d3df83c1
+mode = 640
\ No newline at end of file

software/apache-frontend/instance-apache-replicate.cfg.in

+{% if slap_software_type in software_type -%}
+
+[jinja2-template-base]
+recipe = slapos.recipe.template:jinja2
+rendered = ${buildout:directory}/${:filename}
+extra-context =
+context =
+    import json_module json
+    key eggs_directory buildout:eggs-directory
+    key develop_eggs_directory buildout:develop-eggs-directory
+    key slap_software_type slap-parameter:slap_software_type
+    key slave_instance_list slap-parameter:slave_instance_list
+    ${:extra-context}
+
+{% set part_list = [] -%}
+{% set single_type_key = 'single-' %}
+{% if slap_software_type in ("replicate", "RootSoftwareInstance") %}
+{%   set frontend_type = slapparameter_dict.pop('-frontend-type', 'single-default') -%}
+{% else -%}
+{%   set frontend_type = "%s%s" % (single_type_key, slap_software_type) -%}
+{% endif -%}
+{% set frontend_quantity = slapparameter_dict.pop('-frontend-quantity', '1') | int -%}
+{% set slave_list_name = 'extra_slave_instance_list' -%}
+{% set frontend_list = [] %}
+{% set frontend_section_list = [] %}
+{% set namebase = 'apache-frontend' -%}
+# XXX Dirty hack, not possible to define default value before
+{% set sla_computer_apache_1_key = '-sla-1-computer_guid' -%}
+{% if not sla_computer_apache_1_key in slapparameter_dict -%}
+{%   do slapparameter_dict.__setitem__(sla_computer_apache_1_key, '${slap-connection:computer-id}') -%}
+{% endif -%}
+
+# Here we request individualy each frontend.
+# The presence of sla parameters is checked and added if found
+{% for i in range(1, frontend_quantity + 1) -%}
+{%   set frontend_name = "%s-%s" % (namebase, i) -%}
+{%   set request_section_title = 'request-%s' % frontend_name -%}
+{%   set sla_key = "-sla-%s-" % i -%}
+{%   set sla_key_length = sla_key | length %}
+{%   set sla_parameters = [] %}
+{%   for key in slapparameter_dict.keys() %}
+{%     if key.startswith(sla_key) %}
+{%       do sla_parameters.append(key[sla_key_length:]) %}
+{%     endif -%}
+{%   endfor -%}
+{%   do frontend_list.append(frontend_name) -%}
+{%   do frontend_section_list.append(request_section_title) -%}
+{%   do part_list.append(request_section_title) -%}
+[{{request_section_title}}]
+<= replicate
+name = {{frontend_name}}
+{%   if sla_parameters %}
+sla = {{ ' '.join(sla_parameters) }}
+{%     for parameter in sla_parameters -%}
+sla-{{ parameter }} = {{ slapparameter_dict.pop( sla_key + parameter ) }}
+{%     endfor -%}
+{%   endif -%}
+{% endfor -%}
+
+[replicate]
+<= slap-connection
+recipe = slapos.cookbook:request
+software-url = ${slap-connection:software-release-url}
+software-type = {{frontend_type}}
+return = private-ipv4 public-ipv4 slave-instance-information-list
+config = {{ ' '.join(slapparameter_dict.keys()) + ' ' + slave_list_name }}
+{% for parameter, value in slapparameter_dict.iteritems() -%}
+config-{{parameter}} = {{ value }}
+{% endfor -%}
+config-{{ slave_list_name }} = {{ json_module.dumps(slave_instance_list) }}
+
+[publish-information]
+recipe = slapos.cookbook:publish
+domain = {{ slapparameter_dict.get('domain') }}
+slave-amount = {{ slave_instance_list | length }}
+{% for frontend in frontend_list -%}
+#{{frontend}}-private-ipv4 = ${request-{{frontend}}:private-ipv4}
+{% endfor -%}
+
+
+#----------------------------
+#--
+#-- Publish slave information
+[publish-slave-information]
+recipe = slapos.cookbook:softwaretype
+default = ${dynamic-publish-slave-information:rendered}
+replicate = ${dynamic-publish-slave-information:rendered}
+custom-personal = ${dynamic-publish-slave-information:rendered}
+custom-group = ${dynamic-publish-slave-information:rendered}
+
+[slave-information]
+{% for frontend_section in frontend_section_list -%}
+{{ frontend_section }} = {{ "${%s:connection-slave-instance-information-list}" % frontend_section }}
+{% endfor -%}
+
+[dynamic-publish-slave-information]
+< = jinja2-template-base
+template = {{ template_publish_slave_information }}
+filename = dynamic-publish-slave-information.cfg
+extensions = jinja2.ext.do
+extra-context =
+    section slave_information slave-information
+
+[buildout]
+parts =
+  publish-slave-information
+  publish-information
+{% for part in part_list -%}
+{{ '  %s' % part }}
+{% endfor -%}
+#      publish-information
+
+eggs-directory = {{ eggs_directory }}
+develop-eggs-directory = {{ develop_eggs_directory }}
+offline = true
+
+
+[slap_connection]
+# Kept for backward compatiblity
+computer_id = ${slap-connection:computer-id}
+partition_id = ${slap-connection:partition-id}
+server_url = ${slap-connection:server-url}
+software_release_url = ${slap-connection:software-release-url}
+key_file = ${slap-connection:key-file}
+cert_file = ${slap-connection:cert-file}
+
+[slap-parameter]
+slave_instance_list =
+-frontend-quantity = 1
+-frontend-type = single-default
+{%- endif %}

software/apache-frontend/instance.cfg

 [buildout]
 parts =
-  directory
-  apache
-  configtest
-  logrotate
-  logrotate-entry-apache
+  dynamic-template-apache-replicate
+  switch-softwaretype
 
 eggs-directory = ${buildout:eggs-directory}
 develop-eggs-directory = ${buildout:develop-eggs-directory}
-
-# Create all needed directories
-[directory]
-recipe = slapos.cookbook:mkdirectory
-
-bin = $${buildout:directory}/bin/
-etc = $${buildout:directory}/etc/
-srv = $${buildout:directory}/srv/
-var = $${buildout:directory}/var/
-
-backup = $${:srv}/backup
-log = $${:var}/log
-run = $${:var}/run
-service = $${:etc}/service
-
-logrotate-backup = $${:backup}/logrotate
-logrotate-entries = $${:etc}/logrotate.d
-
-
-# Deploy Apache (old way, with monolithic recipe)
-[apache]
-recipe = ${instance-recipe:egg}:${instance-recipe:module}
-httpd_home = ${apache-2.2:location}
-httpd_binary = ${apache-2.2:location}/bin/httpd
-logrotate_binary = ${logrotate:location}/usr/sbin/logrotate
-openssl_binary = ${openssl:location}/bin/openssl
-dcrond_binary = ${dcron:location}/sbin/crond
-varnishd_binary = ${varnish-2.1:location}/sbin/varnishd
-stunnel_binary = ${stunnel:location}/bin/stunnel
-rdiff_backup_binary = ${buildout:bin-directory}/rdiff-backup
-gcc_binary = gcc
-binutils_directory = ${binutils:location}/bin/
-
-access-log = $${directory:log}/frontend-apache-access.log
-error-log = $${directory:log}/frontend-apache-error.log
-pid-file = $${directory:run}/httpd.pid
-
-
-# Create wrapper for "apachectl conftest" in bin
-[configtest]
-recipe = slapos.cookbook:wrapper
-command-line = $${apache:httpd_binary} -f $${directory:etc}/apache_frontend.conf -t
-wrapper-path = $${directory:bin}/apache-configtest
-
-
-# Deploy Logrotate
-[logrotate]
-recipe = slapos.cookbook:logrotate
-# Binaries
-logrotate-binary = ${logrotate:location}/usr/sbin/logrotate
-gzip-binary = ${gzip:location}/bin/gzip
-gunzip-binary = ${gzip:location}/bin/gunzip
-# Directories
-wrapper = $${directory:bin}/logrotate
-conf = $${directory:etc}/logrotate.conf
-logrotate-entries = $${directory:logrotate-entries}
-backup = $${directory:logrotate-backup}
-state-file = $${directory:srv}/logrotate.status
-
-[logrotate-entry-apache]
-<= logrotate
-recipe = slapos.cookbook:logrotate.d
-name = apache
-log = $${apache:error-log} $${apache:access-log}
-frequency = daily
-rotate-num = 30
-post = ${buildout:bin-directory}/killpidfromfile $${apache:pid-file} SIGUSR1
-sharedscripts = true
-notifempty = true
-create = true
+offline = true
+
+[slap-parameters]
+recipe = slapos.cookbook:slapconfiguration
+computer = $${slap-connection:computer-id}
+partition = $${slap-connection:partition-id}
+url = $${slap-connection:server-url}
+key = $${slap-connection:key-file}
+cert = $${slap-connection:cert-file}
+
+[jinja2-template-base]
+recipe = slapos.recipe.template:jinja2
+rendered = $${buildout:directory}/$${:filename}
+extra-context =
+context =
+    import json_module json
+    key eggs_directory buildout:eggs-directory
+    key develop_eggs_directory buildout:develop-eggs-directory
+    key slap_software_type slap-parameters:slap-software-type
+    key slapparameter_dict slap-parameters:configuration
+    key slave_instance_list slap-parameters:slave-instance-list
+    $${:extra-context}
+
+[switch-softwaretype]
+recipe = slapos.cookbook:softwaretype
+default = $${dynamic-template-apache-replicate:rendered}
+custom-personal = $${dynamic-template-apache-replicate:rendered}
+custom-group = $${dynamic-template-apache-replicate:rendered}
+single-default = ${template-apache-frontend:output}
+single-custom-personal = ${template-apache-frontend:output}
+single-custom-group = ${template-apache-frontend:output}
+replicate = $${dynamic-template-apache-replicate:rendered}
+
+[dynamic-template-apache-replicate]
+< = jinja2-template-base
+template = ${template-apache-replicate:target}
+filename = instance-apache-replicate.cfg
+extensions = jinja2.ext.do
+extra-context =
+    raw template_publish_slave_information ${template-replicate-publish-slave-information:target}
+# Must match the key id in [switch-softwaretype] which uses this section.
+    raw software_type RootSoftwareInstance-default-custom-personal-custom-group-replicate

software/apache-frontend/templates/000.conf.in

+<VirtualHost *:{{ https_port }}>
+  ServerName www.example.org
+  SSLEngine on
+  SSLProxyEngine on
+  SSLProtocol -ALL +SSLv3 +TLSv1
+  SSLHonorCipherOrder On
+  SSLCipherSuite RC4-SHA:HIGH:!ADH
+
+  # Rewrite part
+  ProxyVia On
+  ProxyPreserveHost On
+  ProxyTimeout 600
+  RewriteEngine On
+
+
+  ErrorDocument 404 /notfound.html
+
+</VirtualHost>
+
+<VirtualHost *:{{ http_port }}>
+
+  ServerName www.example.org
+  ErrorDocument 404 /notfound.html
+</VirtualHost>
\ No newline at end of file

software/apache-frontend/templates/apache_cached_rewrite.txt.in

+{% for server_tuple in server_dict.items() -%}
+{{ "%s %s" % server_tuple }}
+{% endfor -%}

software/apache-frontend/templates/default-virtualhost.conf.in

+{% set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
+ 
+<VirtualHost *:{{ https_port }}>
+  ServerName {{ slave_parameter.get('domain') }}
+  ServerAlias {{ slave_parameter.get('domain') }}
+
+  SSLEngine on
+  SSLProxyEngine on
+  SSLProtocol -ALL +SSLv3 +TLSv1
+  SSLHonorCipherOrder On
+  SSLCipherSuite RC4-SHA:HIGH:!ADH
+
+{% set ssl_configuration_list = [('SSLCertificateFile', 'path_to_ssl_crt'),
+       			      	 ('SSLCertificateKeyFile', 'path_to_ssl_key'),
+                                 ('SSLCACertificateFile', 'path_to_ssl_ca_crt'),
+                                 ('SSLCertificateChainFile', 'path_to_ssl_ca_crt')] -%}
+
+{% for key, value in ssl_configuration_list -%}
+{%   if value in slave_parameter -%}
+{{ '  %s' % key }} {{ slave_parameter.get(value) }}
+{% endif -%}
+{% endfor -%}
+
+
+  # One Slave two logs
+  ErrorLog "{{ error_log }}"
+  LogLevel info
+  LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
+  CustomLog "{{ access_log }}" combined
+
+  # Rewrite part
+  ProxyVia On
+  ProxyPreserveHost On
+  ProxyTimeout 600
+  RewriteEngine On
+
+{% if slave_parameter.get('type', '') ==  'zope' -%}
+  # First, we check if we have a zope backend server
+  # If so, let's use Virtual Host Daemon rewrite
+  # We suppose that Apache listens to 443 (even indirectly thanks to things like iptables)
+  RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/VirtualHostBase/https/{{ slave_parameter.get('domain', '') }}:443/{{ slave_parameter.get('path', '') }}/VirtualHostRoot/$1 [L,P]
+{% else -%}
+  RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/$1 [L,P]
+{% endif -%}
+</VirtualHost>
+
+<VirtualHost *:{{ http_port }}>
+  ServerName {{ slave_parameter.get('domain') }}
+  ServerAlias {{ slave_parameter.get('domain') }}
+  SSLProxyEngine on
+  # Rewrite part
+  ProxyVia On
+  ProxyPreserveHost On
+  ProxyTimeout 600
+  RewriteEngine On
+
+  # One Slave two logs
+  ErrorLog "{{ error_log }}"
+  LogLevel info
+  LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
+  CustomLog "{{ access_log }}" combined
+
+  # Remove "Secure" from cookies, as backend may be https
+  Header edit Set-Cookie "(?i)^(.+);secure$" "$1"
+
+# Next line is forbidden and people who copy it will be hanged short
+{% set https_only = ('' ~ slave_parameter.get('https-only', '')).lower() in TRUE_VALUES -%}
+{% if https_only -%}
+  # Not using HTTPS? Ask that guy over there.
+  # Dummy redirection to https. Note: will work only if https listens
+  # on standard port (443).
+  RewriteCond     %{SERVER_PORT}  !^{{ https_port }}$
+  RewriteRule     ^/(.*)          https://%{SERVER_NAME}/$1 [NC,R,L]
+{% elif slave_parameter.get('type', '') ==  'zope' -%}
+  # First, we check if we have a zope backend server
+  # If so, let's use Virtual Host Daemon rewrite
+  # We suppose that Apache listens to 80 (even indirectly thanks to things like iptables)
+  RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/VirtualHostBase/http/{{ slave_parameter.get('domain', '') }}:80/{{ slave_parameter.get('path', '') }}/VirtualHostRoot/$1 [L,P]
+{% else -%}
+  RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/$1 [L,P]
+{% endif -%}
+  # If nothing exist : put a nice error
+#  ErrorDocument 404 /notfound.html
+# Dadiboom
+
+</VirtualHost>

software/apache-frontend/templates/empty.in

+{{ content }}
\ No newline at end of file

software/apache-frontend/templates/slave-virtualhost.conf.in

+<VirtualHost *:{{ https_port }}>
+{{ apache_custom_https }}
+</VirtualHost>
+
+<VirtualHost *:{{ http_port }}>
+{{ apache_custom_http }}
+</VirtualHost>

software/erp5-util-testing/instance.cfg

@@ -39,7 +39,7 @@ environment = environment
 [environment]
 CPPFLAGS = -I${python2.7:location}/include/python2.7 -I${libxml2:location}/include -I${libxslt:location}/include
 LDFLAGS = -L${python2.7:location}/lib -L${libxml2:location}/lib -L${libxslt:location}/lib -L${zlib:location}/lib
-PYTHONPATH = ${python-setuptools:location}
+PYTHONPATH = ${buildout:eggs-directory}/setuptools-${versions:setuptools}-py2.7.egg
 LD_LIBRARY_PATH = ${libxslt:location}/lib:${libxml2:location}/lib:${zlib:location}/lib
 
 [sh-environment]

software/slapos-in-partition/README.txt

+XXX TODO