Apache recipe now works with the myinstance.myhostname schema

example : https://softinst118.host.vifib.net can redirect to any url specified in slave.

slapos/recipe/apache/__init__.py

@@ -69,8 +69,8 @@ class Recipe(BaseSlapRecipe):
       if url is None:
         continue
       reference = slave_instance.get("slave_reference")
-      slave_dict[reference] = "https://%s.%s" % (reference.replace("-", ""),
-          base_url)
+      subdomain = reference.replace("-", "").lower()
+      slave_dict[reference] = "https://%s.%s" % (subdomain, base_url)
 
       enable_cache = slave_instance.get("enable_cache", "")
       if enable_cache.upper() in ('1', 'TRUE'):
@@ -103,11 +103,13 @@ class Recipe(BaseSlapRecipe):
             public_port=stunnel_port,
             private_ip=slave_host.replace("[", "").replace("]", ""),
             private_port=slave_port)
-        rewrite_rule_list.append("%s http://%s:%s" % \
-            (reference.replace("-", ""), varnish_ip, base_varnish_port))
+        rewrite_rule_list.append("%s.%s http://%s:%s" % \
+            (reference.replace("-", ""), frontend_domain_name,
+            varnish_ip, base_varnish_port))
         base_varnish_port += 2
       else:
-        rewrite_rule_list.append("%s %s" % (reference.replace("-", ""), url))
+        rewrite_rule_list.append("%s.%s %s" % (subdomain, frontend_domain_name,
+            url))
 
     valid_certificate_str = self.parameter_dict.get("domain_ssl_ca_cert")
     valid_key_str = self.parameter_dict.get("domain_ssl_ca_key")
@@ -197,7 +199,6 @@ class Recipe(BaseSlapRecipe):
    crontabs = os.path.join(self.etc_directory, 'crontabs')
    self._createDirectory(cron_d)
    self._createDirectory(crontabs)
-   # Use execute from erp5.
    wrapper = zc.buildout.easy_install.scripts([('crond',
      'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
      self.wrapper_directory, arguments=[
@@ -258,7 +259,7 @@ class Recipe(BaseSlapRecipe):
     self._writeFile(openssl_configuration, pkg_resources.resource_string(
       __name__, 'template/openssl.cnf.ca.in') % config)
     self.path_list.extend(zc.buildout.easy_install.scripts([
-      ('certificate_authority', 'slapos.recipe.erp5.certificate_authority',
+      ('certificate_authority', 'slapos.recipe.apache.certificate_authority',
          'runCertificateAuthority')],
         self.ws, sys.executable, self.wrapper_directory, arguments=[dict(
           openssl_configuration=openssl_configuration,
@@ -291,6 +292,8 @@ class Recipe(BaseSlapRecipe):
         name + '.pid')
     apache_conf['lock_file'] = os.path.join(self.run_directory,
         name + '.lock')
+    apache_conf['document_root'] = os.path.join(self.data_root_directory,
+        'htdocs')
     apache_conf['ip_list'] = ip_list
     apache_conf['port'] = port
     apache_conf['server_admin'] = 'admin@'
@@ -377,15 +380,26 @@ class Recipe(BaseSlapRecipe):
     self.path_list.append(wrapper)
     return stunnel_conf
 
-  def installFrontendApache(self, ip_list, port, key, certificate,
-                            name, rewrite_rule_list, rewrite_rule_zope_list,
+  def installFrontendApache(self, ip_list, port, key, certificate, name,
+                            rewrite_rule_list=[], rewrite_rule_zope_list=[],
                             access_control_string=None):
+    # Create htdocs, populate it with default 404 document
+    htdocs_location = os.path.join(self.data_root_directory, 'htdocs')
+    self._createDirectory(htdocs_location)
+    notfound_file_location = os.path.join(htdocs_location, 'notfound.html')
+    notfound_template_file_location = self.getTemplateFilename(
+        'notfound.html')
+    notfound_file_content = open(notfound_template_file_location, 'r').read()
+    self._writeFile(notfound_file_location, notfound_file_content)
+
+    # Create configuration file and rewritemaps
     apachemap_name = "apachemap.txt"
     # XXX-Cedric : implement zope specific rewrites list. Current apachemap is
     #              generic and does not use VirtualHost Monster.
     apachemapzope_name = "apachemapzope.txt"
-
     self.createConfigurationFile(apachemap_name, "\n".join(rewrite_rule_list))
+    self.createConfigurationFile(apachemapzope_name,
+        "\n".join(rewrite_rule_zope_list))
     apache_conf = self._getApacheConfigurationDict(name, ip_list, port)
     apache_conf['ssl_snippet'] = self.substituteTemplate(
         self.getTemplateFilename('apache.ssl-snippet.conf.in'),
@@ -400,6 +414,7 @@ class Recipe(BaseSlapRecipe):
     apache_conf.update(**dict(
       path_enable=path,
       apachemap_path=os.path.join(self.etc_directory, apachemap_name),
+      apachemapzope_path=os.path.join(self.etc_directory, apachemapzope_name),
       apache_domain=name,
       port=port,
     ))
@@ -410,6 +425,7 @@ class Recipe(BaseSlapRecipe):
     apache_config_file = self.createConfigurationFile(name + '.conf',
         apache_conf_string)
 
+
     self.path_list.append(apache_config_file)
     self.path_list.extend(zc.buildout.easy_install.scripts([(
       name, 'slapos.recipe.erp5.apache', 'runApache')], self.ws,

slapos/recipe/apache/certificate_authority.py

+import os
+import subprocess
+import time
+import ConfigParser
+import uuid
+
+
+def popenCommunicate(command_list, input=None):
+  subprocess_kw = dict(stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+  if input is not None:
+    subprocess_kw.update(stdin=subprocess.PIPE)
+  popen = subprocess.Popen(command_list, **subprocess_kw)
+  result = popen.communicate(input)[0]
+  if popen.returncode is None:
+    popen.kill()
+  if popen.returncode != 0:
+    raise ValueError('Issue during calling %r, result was:\n%s' % (
+      command_list, result))
+  return result
+
+
+class CertificateAuthority:
+  def __init__(self, key, certificate, openssl_binary,
+      openssl_configuration, request_dir):
+    self.key = key
+    self.certificate = certificate
+    self.openssl_binary = openssl_binary
+    self.openssl_configuration = openssl_configuration
+    self.request_dir = request_dir
+
+  def checkAuthority(self):
+    file_list = [ self.key, self.certificate ]
+    ca_ready = True
+    for f in file_list:
+      if not os.path.exists(f):
+        ca_ready = False
+        break
+    if ca_ready:
+      return
+    for f in file_list:
+      if os.path.exists(f):
+        os.unlink(f)
+    try:
+      # no CA, let us create new one
+      popenCommunicate([self.openssl_binary, 'req', '-nodes', '-config',
+          self.openssl_configuration, '-new', '-x509', '-extensions', 'v3_ca',
+          '-keyout', self.key, '-out', self.certificate, '-days', '10950'],
+          # Authority name will be random, so no instance has the same issuer
+          'Certificate Authority %s\n' % uuid.uuid1())
+    except:
+      try:
+        for f in file_list:
+          if os.path.exists(f):
+            os.unlink(f)
+      except:
+        # do not raise during cleanup
+        pass
+      raise
+
+  def _checkCertificate(self, common_name, key, certificate):
+    file_list = [key, certificate]
+    ready = True
+    for f in file_list:
+      if not os.path.exists(f):
+        ready = False
+        break
+    if ready:
+      return False
+    for f in file_list:
+      if os.path.exists(f):
+        os.unlink(f)
+    csr = certificate + '.csr'
+    try:
+      popenCommunicate([self.openssl_binary, 'req', '-config',
+        self.openssl_configuration, '-nodes', '-new', '-keyout',
+        key, '-out', csr, '-days', '3650'],
+        common_name + '\n')
+      try:
+        popenCommunicate([self.openssl_binary, 'ca', '-batch', '-config',
+          self.openssl_configuration, '-out', certificate,
+          '-infiles', csr])
+      finally:
+        if os.path.exists(csr):
+          os.unlink(csr)
+    except:
+      try:
+        for f in file_list:
+          if os.path.exists(f):
+            os.unlink(f)
+      except:
+        # do not raise during cleanup
+        pass
+      raise
+    else:
+      return True
+
+  def checkRequestDir(self):
+    for request_file in os.listdir(self.request_dir):
+      parser = ConfigParser.RawConfigParser()
+      parser.readfp(open(os.path.join(self.request_dir, request_file), 'r'))
+      if self._checkCertificate(parser.get('certificate', 'name'),
+          parser.get('certificate', 'key_file'), parser.get('certificate',
+            'certificate_file')):
+        print 'Created certificate %r' % parser.get('certificate', 'name')
+
+def runCertificateAuthority(args):
+  ca_conf = args[0]
+  ca = CertificateAuthority(ca_conf['key'], ca_conf['certificate'],
+      ca_conf['openssl_binary'], ca_conf['openssl_configuration'],
+      ca_conf['request_dir'])
+  while True:
+    ca.checkAuthority()
+    ca.checkRequestDir()
+    time.sleep(60)

slapos/recipe/apache/template/apache.conf.in

@@ -5,6 +5,7 @@
 PidFile "%(pid_file)s"
 LockFile "%(lock_file)s"
 ServerName %(server_name)s
+DocumentRoot %(document_root)s
 
 %(listen)s
 
@@ -37,15 +38,24 @@ CustomLog "%(access_log)s" common
 
 %(path_enable)s
 
-# Magic of Zope related rewrite
-RewriteMap apachemapzope txt:%(apachemapzope_path)s
+# Rewrite part
 RewriteEngine On
-# XXX-Cedric : apply only known apachemapzope rules.
-RewriteRule ^/(\w+)($|/.*) ${apachemapzope:$1}/VirtualHostBase/https/%(apache_domain)s:%(port)s/VirtualHostRoot/_vh_$1$2 [L,P]
 
-# Sadly, Zope isn't used everywhere. So let's add a generic purpose rule
+# Define the two rewritemaps : one for zope, one generic
+RewriteMap apachemapzope txt:%(apachemapzope_path)s
 RewriteMap apachemapgeneric txt:%(apachemap_path)s
-RewriteRule ^/(\w+)($|/.*) ${apachemapgeneric:$1}/$2 [L,P]
+
+# First, we check if we have a zope backend server
+# If so, let's use Virtual Host Daemon rewrite
+#RewriteCond ${apachemapzope:%%{SERVER_NAME}} >""
+#RewriteRule ^/(\w+)($|/.*) ${apachemapzope:$1}/VirtualHostBase/https/%(apache_domain)s:%(port)s/VirtualHostRoot/_vh_$1$2 [L,P]
+
+# If we have generic backend server, let's rewrite without virtual host daemon
+RewriteCond ${apachemapgeneric:%%{SERVER_NAME}} >""
+RewriteRule ^/(.*)$ ${apachemapgeneric:%%{SERVER_NAME}}/$1 [L,P]
+
+# If nothing exist : put a nice error
+ErrorDocument 404 /notfound.html
 
 # List of modules
 LoadModule authz_host_module modules/mod_authz_host.so

slapos/recipe/apache/template/notfound.html

+<html>
+<head>
+  <title>Instance not found</title>
+</head>
+<body>
+<h1>This instance has not been found.</h1>
+<p>If this error persists, please check your instance URL and status on SlapOS Master.</p>
+</body>
+</html>