From d85dd4d5615c9758cf6efa2d64cd9e5fda7e83fc Mon Sep 17 00:00:00 2001
From: Alain Takoudjou <alain.takoudjou@nexedi.com>
Date: Tue, 19 May 2015 09:47:57 +0200
Subject: [PATCH] Introduce GateOne software release

---
 software/gateone/instance-gateone.cfg.in      | 157 ++++++++++++++++++
 .../gateone/instance-logrotate-base.cfg.in    |  50 ++++++
 software/gateone/instance.cfg.in              |  53 ++++++
 software/gateone/software.cfg                 | 123 ++++++++++++++
 software/gateone/templates/nginx.conf.in      |  50 ++++++
 5 files changed, 433 insertions(+)
 create mode 100644 software/gateone/instance-gateone.cfg.in
 create mode 100644 software/gateone/instance-logrotate-base.cfg.in
 create mode 100644 software/gateone/instance.cfg.in
 create mode 100644 software/gateone/software.cfg
 create mode 100644 software/gateone/templates/nginx.conf.in

diff --git a/software/gateone/instance-gateone.cfg.in b/software/gateone/instance-gateone.cfg.in
new file mode 100644
index 000000000..9903fec3a
--- /dev/null
+++ b/software/gateone/instance-gateone.cfg.in
@@ -0,0 +1,157 @@
+
+{% set python_bin = parameter_dict['python-executable'] -%}
+{% set publish_dict = {} -%}
+{% set part_list = [] -%}
+{% set ipv6 = (ipv6_set | list)[0] -%}
+{% set ipv4 = (ipv4_set | list)[0] -%}
+{% macro section(name) %}{% do part_list.append(name) %}{{ name }}{% endmacro -%}
+
+[directory]
+recipe = slapos.cookbook:mkdirectory
+bin = ${buildout:directory}/bin
+etc = ${buildout:directory}/etc
+srv = ${buildout:directory}/srv
+var = ${buildout:directory}/var
+tmp = ${buildout:directory}/tmp
+log = ${:var}/log
+services = ${:etc}/service
+script = ${:etc}/run
+promises = ${:etc}/promise
+run = ${:var}/run
+ca-dir = ${:etc}/ssl
+requests = ${:ca-dir}/requests/
+private = ${:ca-dir}/private/
+certs = ${:ca-dir}/certs/
+newcerts = ${:ca-dir}/newcerts/
+crl = ${:ca-dir}/crl/
+
+[gateone-dir]
+gateone = ${directory:srv}/gateone
+log-prefix = ${directory:log}/gateone
+cache = ${:gateone}/cache
+sessions = ${:gateone}/sessions
+users = ${:gateone}/users
+conf = ${directory:etc}/gateone
+ssl = ${:conf}/ssl
+
+[gateone-configure]
+recipe = slapos.cookbook:wrapper
+port = 10443
+ipv6 = {{ ipv6 }}
+ipv4 = {{ ipv4 }}
+settings-dir = ${gateone-dir:conf}
+wrapper-path = ${directory:bin}/gateone-configure
+# XXX- issue with dtach=true, we set --dtach=false
+command = 
+    {{ parameter_dict['gateone-bin'] }} --address=${:ipv4} --port=${:port}  --certificate=${gateone-dir:ssl}/certificate.pem --keyfile=${gateone-dir:ssl}/keyfile.pem --cache_dir=${gateone-dir:cache} --pid_file=${directory:run}/gateone.pid --session_dir=${gateone-dir:sessions} --settings_dir=${:settings-dir} --user_dir=${gateone-dir:users} --log_file_prefix=${gateone-dir:log-prefix} --origins=${:ipv4} --logging=info --dtach=false
+#--gid=1012 --uid=987
+command-line = 
+  ${:command} --configure
+environment = 
+  PATH={{ bin_directory }}:{{ openssl_location }}/bin:{{ parameter_dict['dtach-location'] }}/bin:/usr/local/bin:/usr/bin:/bin
+  LD_LIBRARY_PATH={{ parameter_dict['readline-location'] }}/lib
+
+[gateone-run]
+recipe = slapos.cookbook:wrapper
+port = 10443
+ipv6 = {{ ipv6 }}
+ipv4 = {{ ipv4 }}
+wrapper-path = ${directory:services}/gateone
+command-line = ${gateone-configure:command}
+environment = 
+  PATH={{ bin_directory }}:{{ openssl_location }}/bin:{{ parameter_dict['dtach-location'] }}/bin:/usr/local/bin:/usr/bin:/bin
+  LD_LIBRARY_PATH={{ parameter_dict['readline-location'] }}/lib
+  HOME=${buildout:directory}
+  PWD=${gateone-dir:gateone}
+
+# --cookie_secret 45-characters
+# --uid needs to be set for slapos
+# --origins=${:ipv4};${:ipv6}
+
+[certificate-authority]
+recipe = slapos.cookbook:certificate_authority
+openssl-binary = {{ openssl_location }}/bin/openssl
+ca-dir = ${directory:ca-dir}
+requests-directory = ${directory:requests}
+wrapper = ${directory:services}/certificate_authority
+ca-private = ${directory:private}
+ca-certs = ${directory:certs}
+ca-newcerts = ${directory:newcerts}
+ca-crl = ${directory:crl}
+
+[ca-nginx]
+<= certificate-authority
+recipe = slapos.cookbook:certificate_authority.request
+key-file = ${directory:certs}/nginx.key
+cert-file = ${directory:certs}/nginx.crt
+executable = ${nginx-run:wrapper-path}
+wrapper = ${directory:services}/nginx-proxy
+
+[tempdirectory]
+recipe = slapos.cookbook:mkdirectory
+client_body_temp_path = ${directory:tmp}/client_body_temp_path
+proxy_temp_path = ${directory:tmp}/proxy_temp_path
+fastcgi_temp_path = ${directory:tmp}/fastcgi_temp_path
+uwsgi_temp_path = ${directory:tmp}/uwsgi_temp_path
+scgi_temp_path = ${directory:tmp}/scgi_temp_path
+
+[nginx-config-dict]
+nb_workers = 2
+ipv6 = {{ ipv6 }}
+ipv4 = {{ ipv4 }}
+port = 10443
+backend-url = https://${gateone-configure:ipv4}:${gateone-configure:port}
+ssl-certificate = ${ca-nginx:cert-file}
+ssl-key = ${ca-nginx:key-file}
+pid = ${directory:run}/nginx.pid
+log = ${directory:log}/nginx.log
+access-log = ${directory:log}/nginx.access.log
+error-log = ${directory:log}/nginx.error.log
+tmp = $${directory:tmp}/
+
+[nginx-conf]
+recipe = slapos.recipe.template:jinja2
+template = {{ parameter_dict['template-ngnix-conf'] }}
+rendered = ${directory:etc}/nginx.conf
+context =
+    section parameter_dict nginx-config-dict
+    section param_tempdir tempdirectory
+
+[nginx-run]
+recipe = slapos.cookbook:wrapper
+wrapper-path = ${directory:bin}/nginx_proxy
+command-line = {{ parameter_dict['nginx-location'] }}/sbin/nginx -p ${buildout:directory} -c ${nginx-conf:rendered}
+
+[logrotate-apache]
+< = logrotate-entry-base
+name = apache
+log = ${apache-conf:error-log} ${apache-conf:access-log}
+post = {{ parameter_dict['bin-directory'] }}/slapos-kill --pidfile ${apache-conf:pid-file} -s USR1
+
+[logrotate-entry-base]
+recipe = slapos.cookbook:logrotate.d
+logrotate-entries = ${logrotate:logrotate-entries}
+backup = ${logrotate:backup}
+
+[publish]
+recipe = slapos.cookbook:publish
+url = https://[${nginx-config-dict:ipv6}]:${gateone-run:port}
+
+[buildout]
+extends =
+  {{ logrotate_cfg }}
+
+parts = 
+  certificate-authority
+  ca-nginx
+  publish
+
+# Complete parts with sections
+  {{ part_list | join('\n  ') }}
+
+eggs-directory = {{ eggs_directory }}
+develop-eggs-directory = {{ develop_eggs_directory }}
+offline = true
+
+[slap-parameter]
+
diff --git a/software/gateone/instance-logrotate-base.cfg.in b/software/gateone/instance-logrotate-base.cfg.in
new file mode 100644
index 000000000..542bee622
--- /dev/null
+++ b/software/gateone/instance-logrotate-base.cfg.in
@@ -0,0 +1,50 @@
+[buildout]
+parts =
+  cron-entry-logrotate
+
+[cron]
+recipe = slapos.cookbook:cron
+cron-entries = ${logrotate-directory:cron-entries}
+dcrond-binary = {{ dcron_location }}/sbin/crond
+crontabs = ${logrotate-directory:crontabs}
+cronstamps = ${logrotate-directory:cronstamps}
+catcher = ${cron-simplelogger:wrapper}
+binary = ${logrotate-directory:services}/crond
+
+[cron-simplelogger]
+recipe = slapos.cookbook:simplelogger
+wrapper = ${logrotate-directory:bin}/cron_simplelogger
+log = ${logrotate-directory:log}/cron.log
+
+[logrotate]
+recipe = slapos.cookbook:logrotate
+logrotate-entries = ${logrotate-directory:logrotate-entries}
+backup = ${logrotate-directory:logrotate-backup}
+logrotate-binary = {{ logrotate_location }}/usr/sbin/logrotate
+gzip-binary = {{ gzip_location }}/bin/gzip
+gunzip-binary = {{ gzip_location }}/bin/gunzip
+wrapper = ${logrotate-directory:bin}/logrotate
+conf = ${logrotate-directory:etc}/logrotate.conf
+state-file = ${logrotate-directory:srv}/logrotate.status
+
+[cron-entry-logrotate]
+recipe = slapos.cookbook:cron.d
+cron-entries = ${cron:cron-entries}
+name = logrotate
+frequency = 0 0 * * *
+command = ${logrotate:wrapper}
+
+[logrotate-directory]
+recipe = slapos.cookbook:mkdirectory
+cron-entries = ${:etc}/cron.d
+cronstamps = ${:etc}/cronstamps
+crontabs = ${:etc}/crontabs
+logrotate-backup = ${:backup}/logrotate
+logrotate-entries = ${:etc}/logrotate.d
+bin = ${buildout:directory}/bin
+srv = ${buildout:directory}/srv
+backup = ${:srv}/backup
+etc = ${buildout:directory}/etc
+services = ${:etc}/service
+log = ${buildout:directory}/var/log
+
diff --git a/software/gateone/instance.cfg.in b/software/gateone/instance.cfg.in
new file mode 100644
index 000000000..2843529c3
--- /dev/null
+++ b/software/gateone/instance.cfg.in
@@ -0,0 +1,53 @@
+[buildout]
+parts = switch-softwaretype
+eggs-directory = {{ eggs_directory }}
+develop-eggs-directory = {{ develop_eggs_directory }}
+
+[slap-configuration]
+recipe = slapos.cookbook:slapconfiguration.serialised
+computer = ${slap-connection:computer-id}
+partition = ${slap-connection:partition-id}
+url = ${slap-connection:server-url}
+key = ${slap-connection:key-file}
+cert = ${slap-connection:cert-file}
+
+[jinja2-template-base]
+recipe = slapos.recipe.template:jinja2
+rendered = ${buildout:parts-directory}/${:_buildout_section_name_}/${:filename}
+extra-context =
+context =
+    key develop_eggs_directory buildout:develop-eggs-directory
+    key eggs_directory buildout:eggs-directory
+    key ipv6_set slap-configuration:ipv6
+    key ipv4_set slap-configuration:ipv4
+    key slapparameter_dict slap-configuration:configuration
+    key computer_id slap-configuration:computer
+    raw logrotate_cfg {{ template_logrotate_base }}
+    raw dash_binary {{ dash_location }}/bin/dash
+    raw bin_directory {{ bin_directory }}
+    raw openssl_location {{ openssl_location }}
+    ${:extra-context}
+
+[dynamic-template-gateone-parameters]
+bin-directory = {{ bin_directory }}
+#python-executable  = 
+readline-location = {{ readline_location }}
+dtach-location = {{ dtach_location }}
+gateone-location = {{ gateone_location}}
+gateone-bin = {{ gateone_bin }}
+nginx-location = {{ nginx_location}}
+template-ngnix-conf = {{ template_nginx_conf }}
+
+[dynamic-template-gateone]
+< = jinja2-template-base
+template = {{ template_gateone }}
+filename = instance-gateone.cfg
+extensions = jinja2.ext.do
+extra-context =
+    section parameter_dict dynamic-template-gateone-parameters
+
+[switch-softwaretype]
+recipe = slapos.cookbook:softwaretype
+
+default = ${dynamic-template-gateone:rendered}
+gateone = ${:default}
diff --git a/software/gateone/software.cfg b/software/gateone/software.cfg
new file mode 100644
index 000000000..a602b49fc
--- /dev/null
+++ b/software/gateone/software.cfg
@@ -0,0 +1,123 @@
+[buildout]
+
+extends =
+  ../../component/dash/buildout.cfg
+  ../../component/git/buildout.cfg
+  ../../component/dcron/buildout.cfg
+  ../../component/gzip/buildout.cfg
+  ../../component/openssl/buildout.cfg
+  ../../component/logrotate/buildout.cfg
+  ../../component/kerberos/buildout.cfg
+  ../../component/python-kerberos/buildout.cfg
+  ../../component/gateone/buildout.cfg
+  ../../component/dtach/buildout.cfg
+  ../../component/python-2.7/buildout.cfg
+  ../../component/nginx/buildout.cfg
+  ../../stack/slapos.cfg
+
+parts = 
+  slapos-cookbook
+  kerberos
+  eggs
+  gateone-develop
+  gateone
+  dash
+  check-recipe
+  template
+  
+
+[eggs]
+recipe = zc.recipe.egg
+eggs =
+  ${lxml-python:egg}
+  ${python-cryptography:egg}
+  ${python-kerberos:egg}
+  tornado
+scripts =
+  slapos-kill
+
+[extra-eggs]
+recipe = zc.recipe.egg
+interpreter = python
+eggs =
+  ${lxml-python:egg}
+  ${python-kerberos:egg}
+  tornado
+  gateone
+  setuptools
+  pyOpenSSL
+  futures
+
+
+[slapos.cookbook-repository]
+recipe = slapos.recipe.build:gitclone
+repository = http://git.erp5.org/repos/slapos.git
+branch = re6st-master
+git-executable = ${git:location}/bin/git
+
+[download-base]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/${:filename}
+mode = 644
+
+[template-jinja2-base]
+recipe = slapos.recipe.template:jinja2
+template = ${:_profile_base_location_}/${:filename}.in
+rendered = ${buildout:directory}/${:filename}
+# XXX: extra-context is needed because we cannot append to a key of an extended
+# section.
+extra-context =
+context =
+    key bin_directory buildout:bin-directory
+    key develop_eggs_directory buildout:develop-eggs-directory
+    key eggs_directory buildout:eggs-directory
+    ${:extra-context}
+
+
+[template]
+< = template-jinja2-base
+filename = template.cfg
+template = ${:_profile_base_location_}/instance.cfg.in
+md5sum = 428669a609aca3e0a7cae1387d332a75
+extra-context =
+    key dash_location dash:location
+    key dtach_location dtach:location
+    key gateone_location gateone-repository:location
+    key logrotate_location logrotate:location
+    key nginx_location nginx:location
+    key openssl_location openssl:location
+    key readline_location readline:location
+    key template_nginx_conf template-nginx-conf:target
+    key template_logrotate_base template-logrotate-base:rendered
+    key template_gateone template-gateone:target
+    raw gateone_bin ${buildout:bin-directory}/gateone
+    raw python_with_eggs ${buildout:directory}/bin/${extra-eggs:interpreter}
+
+[template-gateone]
+< = download-base
+filename = instance-gateone.cfg.in
+md5sum = e7096a17c36c3bd27a011de57b7abfc1
+
+[template-logrotate-base]
+< = template-jinja2-base
+filename = instance-logrotate-base.cfg
+md5sum = f28fbd310944f321ccb34b2a34c82005
+extra-context =
+    key dcron_location dcron:location
+    key gzip_location gzip:location
+    key logrotate_location logrotate:location
+
+[template-nginx-conf]
+< = download-base
+url = ${:_profile_base_location_}/templates/${:filename}.in
+filename = nginx.conf
+md5sum = 72f4cc110f618b317793e21124f45121
+
+[check-recipe]
+recipe = plone.recipe.command
+stop-on-error = true
+update-command = ${:command}
+command =
+  grep parts ${buildout:develop-eggs-directory}/gateone.egg-link
+
+[versions]
\ No newline at end of file
diff --git a/software/gateone/templates/nginx.conf.in b/software/gateone/templates/nginx.conf.in
new file mode 100644
index 000000000..9745e3226
--- /dev/null
+++ b/software/gateone/templates/nginx.conf.in
@@ -0,0 +1,50 @@
+worker_processes {{ parameter_dict['nb_workers'] }};
+
+pid {{ parameter_dict['pid'] }};
+error_log {{ parameter_dict['error-log'] }};
+
+daemon off;
+
+events {
+	worker_connections 1024;
+	accept_mutex off;
+}
+
+
+http {
+     default_type application/octet-stream;
+     access_log {{ parameter_dict['access-log'] }} combined;
+     client_max_body_size 10M;
+     map $http_upgrade $connection_upgrade {
+        default upgrade;
+        ''      close;
+     }
+     server {
+        listen [{{ parameter_dict['ipv6'] }}]:{{ parameter_dict['port'] }} ssl;
+        server_name _;
+        ssl_certificate     {{ parameter_dict['ssl-certificate'] }};
+        ssl_certificate_key {{ parameter_dict['ssl-key'] }};
+        ssl_protocols       SSLv3 TLSv1 TLSv1.1 TLSv1.2;
+        ssl_ciphers         HIGH:!aNULL:!MD5;
+        keepalive_timeout 90s;
+        client_body_temp_path {{ param_tempdir['client_body_temp_path'] }};
+        proxy_temp_path {{ param_tempdir['proxy_temp_path'] }};
+        fastcgi_temp_path {{ param_tempdir['fastcgi_temp_path'] }};
+        uwsgi_temp_path {{ param_tempdir['uwsgi_temp_path'] }};
+        scgi_temp_path {{ param_tempdir['scgi_temp_path'] }};
+	      error_page 401 /login;
+        location / {
+            proxy_pass_header Server;
+        		proxy_set_header Host $http_host;
+        		proxy_redirect off;
+        		proxy_set_header X-Real-IP $remote_addr;
+        		proxy_set_header X-Scheme $scheme;
+        		
+        		proxy_pass {{ parameter_dict['backend-url'] }};
+        		
+        		proxy_http_version 1.1;
+        		proxy_set_header Upgrade $http_upgrade;
+        		proxy_set_header Connection "upgrade";
+        }
+    }
+}
\ No newline at end of file
-- 
2.30.9