webrunner now use his own apache server

software/slaprunner/common.cfg

@@ -54,7 +54,7 @@ mode = 0644
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance-runner.cfg
 output = ${buildout:directory}/template-runner.cfg.in
-md5sum = 04f5cd311b452836b76808cf29f5a23d
+md5sum = c1c81a2042f262a52657da3d427222e4
 mode = 0644
 
 [template-runner-import-script]
@@ -84,7 +84,7 @@ mode = 0644
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance-runner-export.cfg.in
 output = ${buildout:directory}/instance-runner-export.cfg
-md5sum = d2c374858d421247dfabcf38589a904f
+md5sum = 8f4912ca04a650298c3c260689109c2e
 mode = 0644
 
 [template-resilient]
@@ -114,7 +114,7 @@ mode = 0644
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/httpd_conf.in
 download-only = true
-md5sum = 61ac2dd5aeb5af9745d4c72d2571df8a
+md5sum = 21009dac6e9868bed61a669632103830
 filename = httpd_conf.in
 mode = 0644
 
@@ -171,15 +171,6 @@ filename = listener_slapgrid.py.in
 download-only = true
 mode = 0644
 
-[cors-domain-cgi]
-recipe = hexagonit.recipe.download
-url = ${:_profile_base_location_}/template/${:filename}
-download-only = true
-md5sum = d4c564267dd98cd178a890158c52c384
-destination = ${buildout:parts-directory}/monitor-template-cors-domain-cgi
-filename = cors-domain.jinja
-mode = 0644
-
 [monitor-check-webrunner-internal-instance]
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/template/${:filename}
@@ -193,6 +184,7 @@ mode = 0644
 recipe = zc.recipe.egg
 eggs =
   collective.recipe.environment
+  collective.recipe.template
   cns.recipe.symlink
   erp5.util
   lock-file

software/slaprunner/httpd_conf.in

+PidFile "{{ parameters.path_pid }}"
+ServerName example.com
+ServerAdmin someone@email
+
+<IfDefine !HTTPDPort>
+  Listen [{{ parameters.global_ip }}]:{{ parameters.global_port }}
+  Define HTTPDPort
+</IfDefine>
+
+LoadModule unixd_module modules/mod_unixd.so
+LoadModule access_compat_module modules/mod_access_compat.so
+LoadModule auth_basic_module modules/mod_auth_basic.so
+LoadModule authz_core_module modules/mod_authz_core.so
+LoadModule authz_user_module modules/mod_authz_user.so
+LoadModule authz_host_module modules/mod_authz_host.so
+LoadModule authn_core_module modules/mod_authn_core.so
+LoadModule authn_file_module modules/mod_authn_file.so
+LoadModule mime_module modules/mod_mime.so
+#LoadModule cgid_module modules/mod_cgid.so
+LoadModule ssl_module modules/mod_ssl.so
+LoadModule alias_module modules/mod_alias.so
+LoadModule env_module modules/mod_env.so
+LoadModule rewrite_module modules/mod_rewrite.so
+LoadModule headers_module modules/mod_headers.so
 LoadModule log_config_module modules/mod_log_config.so
+LoadModule dav_module modules/mod_dav.so
+LoadModule dav_fs_module modules/mod_dav_fs.so
 LoadModule cache_module modules/mod_cache.so
 LoadModule file_cache_module modules/mod_file_cache.so
+LoadModule setenvif_module modules/mod_setenvif.so
+LoadModule dir_module modules/mod_dir.so
+LoadModule cgid_module modules/mod_cgid.so
+LoadModule autoindex_module modules/mod_autoindex.so
+
+ErrorLog "{{ parameters.path_error_log }}"
+LogFormat "%h %l %u %t \"%r\" %>s %b" common
+CustomLog "{{ parameters.path_access_log }}" common
+
+# SSL Configuration
+Define SSLConfigured
+SSLCertificateFile {{ parameters.cert_file }}
+SSLCertificateKeyFile {{ parameters.key_file }}
+SSLRandomSeed startup builtin
+SSLRandomSeed connect builtin
+SSLRandomSeed startup /dev/urandom 256
+SSLRandomSeed connect builtin
+SSLProtocol -ALL +SSLv3 +TLSv1
+SSLHonorCipherOrder On
+SSLCipherSuite RC4-SHA:HIGH:!ADH
+SSLEngine   On
+
+Include {{ parameters.httpd_cors_file }}
+Header set Access-Control-Allow-Credentials "true"
+Header set Access-Control-Allow-Methods "PROPFIND, PROPPATCH, COPY, MOVE, DELETE, MKCOL, LOCK, UNLOCK, PUT, GETLIB, VERSION-CONTROL, CHECKIN, CHECKOUT, UNCHECKOUT, REPORT, UPDATE, CANCELUPLOAD, HEAD, OPTIONS, GET, POST"
+Header set Access-Control-Allow-Headers "Overwrite, Destination, Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control, Authorization"
 
+DocumentRoot {{ parameters.runner_home }}/public
 
-Alias /web-public {{ parameters.runner_home }}/public
+# Directory protection
+<Directory />
+    Options FollowSymLinks
+    AllowOverride None
+    Require all denied
+</Directory>
+
+Alias /public {{ parameters.runner_home }}/public
 <Directory {{ parameters.runner_home }}/public>
     Order Allow,Deny
     Allow from all
@@ -17,20 +77,20 @@ Alias /web-public {{ parameters.runner_home }}/public
     </Files>
 </Directory>
 
-Alias /shared {{ parameters.runner_home }}
+DavLockDB {{ parameters.dav_lock }}
+Alias /share {{ parameters.runner_home }}
 <Directory {{ parameters.runner_home }}>
     DirectoryIndex disabled
     DAV On
     Options Indexes FollowSymLinks
     AuthType Basic
-    AuthName "webdav"
-    AuthUserFile "{{ parameters.etc_dir }}/monitor-htpasswd"
+    AuthName "Webrunner Dav"
+    AuthUserFile "{{ parameters.htpasswd_file }}"
     <LimitExcept OPTIONS>
         Require valid-user
     </LimitExcept>
 </Directory>
 
-
 SetEnv GIT_HTTP_EXPORT_ALL
 ScriptAlias /git/ {{ parameters.git_http_backend }}/
 ScriptAlias /git-public/ {{ parameters.git_http_backend }}/
@@ -45,7 +105,7 @@ RewriteCond %{REQUEST_URI} /git-receive-pack$
 
         AuthType Basic
         AuthName "Git Access"
-        AuthUserFile "{{ parameters.etc_dir }}/monitor-htpasswd"
+        AuthUserFile "{{ parameters.htpasswd_file }}"
         Require valid-user
 </LocationMatch>
 
@@ -56,8 +116,7 @@ RewriteCond %{REQUEST_URI} /git-receive-pack$
 
         AuthType Basic
         AuthName "Git Access"
-        AuthUserFile "{{ parameters.etc_dir }}/monitor-htpasswd"
+        AuthUserFile "{{ parameters.htpasswd_file }}"
         Require valid-user
         Satisfy any
 </LocationMatch>
-

software/slaprunner/instance-runner-export.cfg.in

@@ -15,6 +15,8 @@ parts +=
   publish-connection-information
   slaprunner-promise
   slaprunner-frontend-promise
+  apache-httpd-promise
+  httpd-frontend-promise
   slaprunner-supervisord-wrapper
   dropbear-promise
   runtestsuite
@@ -22,11 +24,15 @@ parts +=
   shellinabox
   slapos-cfg
   slapos-repo
-  cron-entry-backup
   cron-entry-prepare-software
   deploy-instance-parameters
+  instance-software
+  instance-software-type
   minishell-cwd
+  bash-profile
   supervisord-wrapper
+  supervisord-promise
+  httpd-graceful-wrapper
 ## Monitoring part
 ## Monitor for runner
   monitor-check-resilient-feed-file
@@ -50,6 +56,7 @@ monitor-httpd-port = 8437
 # Pass some parameter to dispay in monitoring interface
 instance-configuration =
   file recovery-code $${recovery-code:storage-path}
+  httpdcors cors-domain $${slaprunner-httpd-cors:location} $${httpd-graceful-wrapper:output}
   raw webrunner-url https://$${request-frontend:connection-domain}
 
 # Extends publish section with resilient parameters

software/slaprunner/instance-runner.cfg

@@ -12,6 +12,8 @@ parts =
   publish-connection-information
   slaprunner-promise
   slaprunner-frontend-promise
+  apache-httpd-promise
+  httpd-frontend-promise
   slaprunner-supervisord-wrapper
   dropbear-promise
   runtestsuite
@@ -27,6 +29,7 @@ parts =
   bash-profile
   supervisord-wrapper
   supervisord-promise
+  httpd-graceful-wrapper
 {% if slapparameter_dict.get('custom-frontend-backend-url') and slapparameter_dict.get('check-custom-frontend-promise', 'false') == 'true' %}
   custom-frontend-promise
 {% endif %}
@@ -298,39 +301,69 @@ context =
     section param_nginx_frontend nginx-frontend
 
 [httpd-parameters]
-#path_pid = $${directory:run}/httpd.pid
-#path_error_log = $${directory:log}/httpd-error.log
-#path_access_log = $${directory:log}/httpd-access.log
-#key_file = $${ca-httpd:key-file}
-#cert_file = $${ca-httpd:cert-file}
+path_pid = $${directory:run}/httpd.pid
+path_error_log = $${directory:log}/httpd-error.log
+path_access_log = $${directory:log}/httpd-access.log
+# XXX Use ca-nginx, no need to regenerate certificate
+cert_file = $${ca-nginx:cert-file}
+key_file = $${ca-nginx:key-file}
 global_ip = $${slap-network-information:global-ipv6}
-global_port = $${slaprunner:runner_port}
-monitor_port = $${monitor-parameters:port}
+global_port = 8386
+#httpd_port = $${monitor-parameters:port}
 #monitor_index = $${deploy-index:rendered}
-#working_directory = $${slaprunner:working-directory}
-#dav_lock = $${directory:var}/DavLock
+working_directory = $${slaprunner:working-directory}
+dav_lock = $${directory:var}/WebDavLock
+htpasswd_file = $${monitor-httpd-conf-parameter:htpasswd-file}
 etc_dir = $${directory:etc}
-#var_dir = $${directory:var}
-#project_folder = $${directory:project}
+var_dir = $${directory:var}
+project_folder = $${directory:project}
 project_private_folder = $${runnerdirectory:private-project}
 project_public_folder = $${runnerdirectory:public-project}
 runner_home = $${runnerdirectory:home}
 git_http_backend = ${git:location}/libexec/git-core/git-http-backend
 #cgi_httpd_conf = $${monitor-httpd-configuration-file:rendered}
-#httpd_cors_file = $${monitor-httpd-cors:location}
+httpd_cors_file = $${slaprunner-httpd-cors:location}
 
 [httpd-conf]
 recipe = slapos.recipe.template:jinja2
 template = ${template_httpd_conf:location}/${template_httpd_conf:filename}
-rendered = $${directory:etc}/httpd-part.conf
+rendered = $${directory:etc}/httpd.conf
 context =
     section parameters httpd-parameters
 
-#[cgi-httpd-wrapper]
-#recipe = slapos.cookbook:wrapper
-#apache-executable = ${apache:location}/bin/httpd
-#wrapper-path = $${ca-httpd:executable}
-#command-line = $${:apache-executable} -f $${httpd-conf:rendered} -DFOREGROUND
+[apache-httpd]
+recipe = slapos.cookbook:wrapper
+apache-executable = ${apache:location}/bin/httpd
+wrapper-path = $${directory:services}/slaprunner-httpd
+command-line = $${:apache-executable} -f $${httpd-conf:rendered} -DFOREGROUND
+access-url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global_port}
+wait-for-files =
+  $${ca-nginx:cert-file}
+  $${ca-nginx:key-file}
+
+[httpd-graceful-wrapper]
+recipe = collective.recipe.template
+input = inline:
+  #!/bin/sh
+  exec kill -USR1 $(cat $${httpd-parameters:path_pid})
+output = $${directory:scripts}/slaprunner-httpd-graceful
+mode = 700
+
+[apache-httpd-promise]
+recipe = slapos.cookbook:check_url_available
+path = $${directory:promises}/$${:filename}
+filename = apache-httpd-listening-on-tcp
+url = $${apache-httpd:access-url}
+check-secure = 1
+dash_path = {{ dash_executable_location }}
+curl_path = {{ curl_executable_location }}
+
+[slaprunner-httpd-cors]
+recipe = plone.recipe.command
+command = if [ ! -f $${:location} ]; then touch $${:location}; fi
+location = $${directory:etc}/$${:filename}
+filename = slaprunner-httpd-cors.cfg
+stop-on-error = true
 
 #--------------------
 #--
@@ -405,6 +438,25 @@ config-url = $${slaprunner:access-url}
 config-domain = $${slap-parameter:frontend-domain}
 return = site_url domain
 
+[request-httpd-frontend]
+<= slap-connection
+recipe = slapos.cookbook:requestoptional
+name = SlapRunner httpd Frontend
+# XXX We have hardcoded SR URL here.
+software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
+slave = true
+config-url = $${apache-httpd:access-url}
+config-domain = 
+return = secure_access domain
+
+[httpd-frontend-promise]
+recipe = slapos.cookbook:check_url_available
+path = $${directory:promises}/slaprunner-apache-http-frontend
+url = $${request-httpd-frontend:connection-secure_access}
+dash_path = {{ dash_executable_location }}
+curl_path = {{ curl_executable_location }}
+check-secure = 1
+
 #--------------------------------------
 #--
 #-- Send information to SlapOS Master
@@ -417,10 +469,10 @@ backend_url = $${slaprunner:access-url}
 access_url = $${:url}/login
 url =  https://$${request-frontend:connection-domain}
 ssh_command = ssh $${dropbear-runner-server:host} -p $${dropbear-runner-server:port}
-webdav_url = $${:monitor-base-url}/shared/
-public_url =  $${:monitor-base-url}/web-public/
-git_public_url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:monitor_port}/git-public/
-git_private_url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:monitor_port}/git/
+webdav_url = $${request-httpd-frontend:connection-secure_access}/shared/
+public_url =  $${request-httpd-frontend:connection-secure_access}/public/
+git_public_url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global_port}/git-public/
+git_private_url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global_port}/git/
 monitor-base-url = $${publish:monitor-base-url}
 monitor-url = $${publish:monitor-url}
 monitor-user = $${publish:monitor-user}
@@ -473,6 +525,8 @@ auto-deploy-instance = true
 autorun = false
 monitor-port = 9687
 instance-name =
+monitor-cors-domains = 
+monitor-interface-url = 
 
 [monitor-parameters]
 port = $${slap-parameter:monitor-port}
@@ -682,12 +736,11 @@ opml-url-list = {{ slapparameter_dict['monitor-url-list'] }}
 # Pass some parameter to dispay in monitoring interface
 instance-configuration =
   file recovery-code $${recovery-code:storage-path}
+  httpdcors cors-domain $${slaprunner-httpd-cors:location} $${httpd-graceful-wrapper:output}
+  raw webrunner-url https://$${request-frontend:connection-domain}
 {% endif -%}
 configuration-file-path = $${buildout:directory}/knowledge0.cfg
 
-[monitor-httpd-conf-parameter]
-httpd-include-file = $${httpd-conf:rendered}
-
 [monitor-check-webrunner-internal-instance]
 recipe = slapos.recipe.template:jinja2
 template = ${monitor-check-webrunner-internal-instance:location}/${monitor-check-webrunner-internal-instance:filename}
@@ -695,25 +748,3 @@ rendered = $${monitor-directory:promises}/$${:filename}
 filename = monitor-check-webrunner-internal-instance
 mode = 0744
 
-# XXX -not needed for monitor2
-[monitor-deploy-cors-domain-cgi]
-recipe = slapos.recipe.template:jinja2
-template = ${cors-domain-cgi:location}/${cors-domain-cgi:filename}
-rendered = $${monitor-directory:knowledge0-cgi}/$${:filename}
-filename = cors-domain.cgi
-mode = 0744
-context =
-  raw config_cfg $${buildout:directory}/knowledge0.cfg
-  raw timestamp $${buildout:directory}/.timestamp
-  raw python_executable ${buildout:executable}
-  key apache_file httpd-parameters:httpd_cors_file
-  key pwd monitor-directory:knowledge0-cgi
-  key this_file :filename
-  key httpd_graceful cgi-httpd-graceful-wrapper:rendered
-
-[monitor-httpd-cors-xx]
-recipe = plone.recipe.command
-command = if [ ! -f $${:location} ]; then touch $${:location}; fi
-location = $${directory:etc}/$${:filename}
-filename = httpd-cors.cfg
-stop-on-error = true