Commit d4d899f6 authored by isaak yansane-sisk's avatar isaak yansane-sisk

Merge remote-tracking branch 'upstream/master'

parents 0abe336d 1d3a86f4
include CHANGES.txt
include slapos/recipe/apache_frontend/template/notfound.html
include CHANGES.rst
recursive-include slapos/recipe *.in
recursive-include slapos/recipe *.bin
recursive-include slapos/recipe README.*.txt
recursive-include slapos/recipe README.*.rst
recursive-include slapos/recipe *.js
recursive-include slapos/recipe *.zcml
......@@ -10,7 +10,7 @@ recipe = rubygemsrecipe
url = https://rubygems.org/rubygems/rubygems-2.4.8.zip
ruby-executable = ${ruby:location}/bin/ruby
gems =
fluentd==0.12.23
fluentd==0.12.24
fluent-plugin-td==0.10.27
gem-options = --no-ri --no-rdoc --with-icu-lib=${icu:location}/lib/ --with-icu-dir=${icu:location}/
environment =
......
......@@ -30,10 +30,10 @@ import os
version = '1.0.31'
name = 'slapos.cookbook'
long_description = open("README.txt").read() + "\n" + \
open("CHANGES.txt").read() + "\n"
long_description = open("README.rst").read() + "\n" + \
open("CHANGES.rst").read() + "\n"
for f in sorted(glob.glob(os.path.join('slapos', 'recipe', 'README.*.txt'))):
for f in sorted(glob.glob(os.path.join('slapos', 'recipe', 'README.*.rst'))):
long_description += '\n' + open(f).read() + '\n'
# extras_requires are not used because of
......@@ -46,6 +46,9 @@ setup(name=name,
"Framework :: Buildout :: Recipe",
"Programming Language :: Python",
],
maintainer="Nexedi",
maintainer_email="info@nexedi.com",
url="https://lab.nexedi.com/nexedi/slapos",
keywords='slapos recipe',
license='GPLv3',
namespace_packages=['slapos', 'slapos.recipe'],
......@@ -91,23 +94,19 @@ setup(name=name,
'cloudooo.test = slapos.recipe.erp5_test:CloudoooRecipe',
'condor = slapos.recipe.condor:Recipe',
'condor.submit = slapos.recipe.condor:AppSubmit',
'configurationfile = slapos.recipe.configurationfile:Recipe',
'copyfilelist = slapos.recipe.copyfilelist:Recipe',
'cron = slapos.recipe.dcron:Recipe',
'cron.d = slapos.recipe.dcron:Part',
'davstorage = slapos.recipe.davstorage:Recipe',
'downloader = slapos.recipe.downloader:Recipe',
'dropbear = slapos.recipe.dropbear:Recipe',
'dropbear.add_authorized_key = slapos.recipe.dropbear:AddAuthorizedKey',
'dropbear.client = slapos.recipe.dropbear:Client',
'dumpmdb = slapos.recipe.dumpmdb:Recipe',
'duplicity = slapos.recipe.duplicity:Recipe',
'egg_test = slapos.recipe.erp5_test:EggTestRecipe',
'equeue = slapos.recipe.equeue:Recipe',
'erp5.bootstrap = slapos.recipe.erp5_bootstrap:Recipe',
'erp5.promise = slapos.recipe.erp5_promise:Recipe',
'erp5.test = slapos.recipe.erp5_test:Recipe',
'erp5.update = slapos.recipe.erp5_update:Recipe',
'erp5scalabilitytestbed = slapos.recipe.erp5scalabilitytestbed:Recipe',
'erp5testnode = slapos.recipe.erp5testnode:Recipe',
'firefox = slapos.recipe.firefox:Recipe',
......@@ -125,14 +124,10 @@ setup(name=name,
'generic.zope.zeo.client = slapos.recipe.generic_zope_zeo_client:Recipe',
'gitinit = slapos.recipe.gitinit:Recipe',
'haproxy = slapos.recipe.haproxy:Recipe',
'helloworld = slapos.recipe.helloworld:Recipe',
'importmdb = slapos.recipe.importmdb:Recipe',
'ipv4toipv6 = slapos.recipe.6tunnel:FourToSix',
'ipv6toipv4 = slapos.recipe.6tunnel:SixToFour',
'java = slapos.recipe.java:Recipe',
'jsondump = slapos.recipe.jsondump:Recipe',
'kumofs = slapos.recipe.kumofs:Recipe',
'kvm = slapos.recipe.kvm:Recipe',
'kvm.frontend = slapos.recipe.kvm_frontend:Recipe',
'lamp = slapos.recipe.lamp:Request',
'lamp.generic = slapos.recipe.lampgeneric:Recipe',
......@@ -189,9 +184,6 @@ setup(name=name,
'slapconfiguration.serialised = slapos.recipe.slapconfiguration:Serialised',
'slapconfiguration.jsondump = slapos.recipe.slapconfiguration:JsonDump',
'slapcontainer = slapos.recipe.container:Recipe',
'slapmonitor = slapos.recipe.slapmonitor:MonitorRecipe',
'slapmonitor-xml = slapos.recipe.slapmonitor:MonitorXMLRecipe',
'slapreport = slapos.recipe.slapreport:Recipe',
'softwaretype = slapos.recipe.softwaretype:Recipe', # BBB
'sphinx= slapos.recipe.sphinx:Recipe',
'squid = slapos.recipe.squid:Recipe',
......@@ -205,7 +197,6 @@ setup(name=name,
'urlparse = slapos.recipe._urlparse:Recipe',
'uuid = slapos.recipe._uuid:Recipe',
'userinfo = slapos.recipe.userinfo:Recipe',
'vifib = slapos.recipe.vifib:Recipe',
'waitfor = slapos.recipe.waitfor:Recipe',
'webchecker = slapos.recipe.web_checker:Recipe',
'wrapper = slapos.recipe.wrapper:Recipe',
......
cloudooo
=========
Instantiates CloudOOo instance.
erp5
====
Instantiates ERP5 instance.
generic_cloudooo
================
The generic_cloudooo recipe helps you to deploy cloudooo services with their configuration files.
How to use?
-----------
Here is an example of a section to add in your software.cfg :
.. code-block::
[cloudooo-configuration]
recipe = slapos.cookbook:generic_cloudooo
configuration-file = ${directory:etc}/cloudooo.cfg
wrapper = ${directory:services}/cloudooo
data-directory = ${directory:srv}/cloudooo
ip = 0.0.0.0
port = 1234
ooo-paster = ${directory:bin}/cloudooo_paster
mimetype_entry_addition =
text/html application/pdf wkhtmltopdf
openoffice-port = 1235
ooo-binary-path = ${directory:libreoffice-bin}/program
environment =
FONTCONFIG_FILE = ${fontconfig-instance:conf-path}
PATH = ${binary-link:target-directory}
ooo-uno-path = ${directory:libreoffice-bin}/basis-link/program
Where :
- `configuration-file` is the path where the put the configuration file;
- `wrapper` is the path where the put the final executable file;
- `data-directory` is the folder where cloudooo would put it's temporary files;
- `ip` and `port` is where cloudooo will listen to;
- `ooo-paster` is the path of the program that will load cloudooo configuration
and start the application;
- `mimetype_entry_addition` is additional entries to give to the default
mimetype registry. (see section below.) The mimetype entry list is sorted in
order to make the global mimetype at the bottom of the list.
(i.e. `* * ooo` > `text/* * ooo`)
.. code-block::
mimetype_entry_addition =
<input_format> <output_format> <handler>
- `openoffice-port` is the port where the internal OpenOffice.org service will
listen to;
- `ooo-binary-path` is the path of the openoffice service executable file;
- `environment` are environment vars to use with the openoffice binary;
- `ooo-uno-path` is the path where UNO library is installed.
Default mimetype registry
-------------------------
.. code-block::
application/vnd.oasis.opendocument* * ooo
application/vnd.sun.xml* * ooo
application/pdf text/* pdf
application/pdf * ooo
video/* * ffmpeg
audio/* * ffmpeg
application/x-shockwave-flash * ffmpeg
application/ogg * ffmpeg
application/ogv * ffmpeg
image/png image/jpeg imagemagick
image/png * ooo
image/* image/* imagemagick
text/* * ooo
application/zip * ooo
application/msword * ooo
application/vnd* * ooo
application/x-vnd* * ooo
application/postscript * ooo
application/wmf * ooo
application/csv * ooo
application/x-openoffice-gdimetafile * ooo
application/x-emf * ooo
application/emf * ooo
application/octet* * ooo
* application/vnd.oasis.opendocument* ooo
kumofs
=========
Instantiates KumoFS instance.
......@@ -11,18 +11,22 @@ How to use?
just add this part in your software.cfg to use the lamp.simple module
[instance-recipe]
egg = slapos.cookbook
module = lamp.simple
.. code-block::
[instance-recipe]
egg = slapos.cookbook
module = lamp.simple
you also need to extend lamp.cfg
extends =
.. code-block::
extends =
https://lab.nexedi.com/nexedi/slapos/raw/slapos-0.50/stack/lamp.cfg
lamp.runner
=====
===========
When you install some software (such as prestashop) you need to remove or rename folder, with slapos you can not
access to the www-data directory. to do this, you need to tell to lamp recipe to remove or/and it when software
......@@ -37,31 +41,35 @@ How to use?
this part of lamp recipe work with slapos.toolbox, Therefore you must add it to your recipe.
in software.cfg, replace instance-recipe-egg part by
[instance-recipe-egg]
recipe = zc.recipe.egg
eggs =
.. code-block::
[instance-recipe-egg]
recipe = zc.recipe.egg
eggs =
${python-mysqlclient:egg}
${instance-recipe:egg}
slapos.toolbox[lampconfigure]
and add into your instance.cfg
lampconfigure_directory = ${buildout:bin-directory}/lampconfigure
.. code-block::
lampconfigure_directory = ${buildout:bin-directory}/lampconfigure
CONDITION
--------
----------
the action (delete, rename, script, chmod) only starts when the condition is filled.
in instance.cfg, add
in instance.cfg, add::
file_token = path_of_file
file_token = path_of_file
and the action will begin when path_of_www-data/path_of_file will be created
you can also use database to check condition. add
you can also use database to check condition. add ::
table_name = name_of_table
constraint = sql_where_condition
table_name = name_of_table
constraint = sql_where_condition
name_of_table is the full or partial name(in some cases we can not know the prefix used to create tables) of table
into mariadb databse for example table_name = admin. if you use
......@@ -74,11 +82,12 @@ you can't use file_token and table_name at the same time, otherwise file_token w
ACTION
-------
The action starts when condition is true
1- delete file or folder
into instance.cfg, use
delete = file_or_folder1, file_or_folder2, file_or_folder3 ...
1- delete file or folder into instance.cfg, use::
delete = file_or_folder1, file_or_folder2, file_or_folder3 ...
for example delete = admin
......@@ -106,26 +115,30 @@ mode = mode_to_apply (ex= 0644)
use script = ${configure-script:location}/${configure-script:filename} into instance.cfg, add part configure-script
into software.cfg
parts = configure-script
.. code-block::
parts = configure-script
[configure-script]
recipe = hexagonit.recipe.download
ignore-existing = true
location = ${buildout:parts-directory}/${:_buildout_section_name_}
url = url_of_script_name.py
filename = script_name.py
download-only = True
[configure-script]
recipe = hexagonit.recipe.download
location = ${buildout:parts-directory}/${:_buildout_section_name_}
url = url_of_script_name.py
filename = script_name.py
download-only = True
The script_name.py should contain a main function, sys.argv is given to the main. you can write script_name.py like this
....
def setup(args):
The script_name.py should contain a main function, sys.argv is given to the main. you can write script_name.py like this::
...
def setup(args):
mysql_port, mysql_host, mysql_user, mysql_password, mysql_database, base_url, htdocs = args
.......
if __name__ == '__main__':
if __name__ == '__main__':
setup(sys.argv[1:])
base_url: is the url of php software
htdocs: is the path of www-data directory
mysql_user, mysql_password, mysql_database, mysql_host: is the mariadb parameters
- base_url: is the url of php software
- htdocs: is the path of www-data directory
- mysql_user, mysql_password, mysql_database, mysql_host: is the mariadb parameters
you can also use "import MySQLdb" if you want to access to database via your python script
\ No newline at end of file
memcached
=========
Instantiates Memcached instance.
mysql
=========
Instantiates MySQL instance.
proactive
=========
Instantiate an proactive environment.
seleniumrunner
==========
==============
Allows to run selenium tests through browser and xvfb. Posts the results on
Nexedi ERP5.
Parameters
=====
==========
* project : name of the project inside of ERP5 test result instance
* user : username to use in ERP5 instance to test
* password : password to use in ERP5 instance to test
......@@ -12,7 +14,8 @@ Parameters
* url : url to portal_test of ERP5 isntance to test
* test_report_instance_url : url of test_result_module to put results
* Example :
* Example::
<?xml version="1.0" encoding="utf-8"?>
<instance>
<parameter id="project">Vifib</parameter>
......
xwiki
=====
Instantiates an xwiki environment.
##############################################################################
#
# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
from slapos.recipe.librecipe import GenericBaseRecipe
class Recipe(GenericBaseRecipe):
def install(self):
configuration_file = self.createFile(
self.options['configuration-file-path'],
self.substituteTemplate(
self.options['configuration-template-path'],
self.options
)
)
return configuration_file
##############################################################################
#
# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
import os
import urllib
import hashlib
import tempfile
import shutil
import subprocess
from slapos.recipe.librecipe import GenericBaseRecipe
BUFFER_SIZE = 1024
# XXX-Cedric: For god's sake, why do we always reinvent the wheel???
# DON'T use this and use h.r.download, except if you need the "confirm" feature.
# XXX-Cedric: implement "confirm" feature in h.r.download
def service(args):
environ = os.environ.copy()
environ.update(PATH=args['path'])
if not os.path.exists(args['confirm']):
tmpdir = tempfile.mkdtemp()
try:
# XXX: Hardcoded path
tmpoutput = os.path.join(tmpdir, 'downloaded')
urllib.urlretrieve(args['url'], tmpoutput)
if args['md5'] is not None:
# XXX: we need to find a better way to do a md5sum
md5sum = hashlib.md5()
with open(args['output'], 'r') as output:
file_buffer = output.read(BUFFER_SIZE)
while len(file_buffer) > 0:
md5sum.update(file_buffer)
file_buffer = output.read(BUFFER_SIZE)
if args['md5'] != md5sum.hexdigest():
return 127 # Not-null return code
if not args['archive']:
shutil.move(tmpoutput, args['output'])
else:
# XXX: hardcoding path
extract_dir = os.path.join(tmpdir, 'extract')
os.mkdir(extract_dir)
subprocess.check_call(
['tar', '-x', '-f', tmpoutput,
'-C', extract_dir,
],
env=environ,
)
archive_content = os.listdir(extract_dir)
if len(archive_content) == 1 and \
os.path.isfile(os.path.join(extract_dir,
archive_content[0])):
shutil.move(os.path.join(extract_dir,
archive_content[0]),
args['output'])
else:
return 127 # Not-null return code
finally:
shutil.rmtree(tmpdir)
# Just a touch on args['confirm'] file
open(args['confirm'], 'w').close()
return 0
class Recipe(GenericBaseRecipe):
def install(self):
path_list = []
md5sum = self.options.get('md5sum', '')
if len(md5sum) == 0:
md5sum = None
keywords = {
'url': self.options['url'],
'md5': md5sum,
'output': self.options['downloaded-file'],
'confirm': self.options['downloaded-file-complete'],
'archive': self.optionIsTrue('archive', False),
}
if keywords['archive']:
keywords['path'] = self.options['path']
path_list.append(
self.createPythonScript(
self.options['binary'],
'slapos.recipe.downloader.service',
keywords,
)
)
return path_list
##############################################################################
#
# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
from slapos.recipe.librecipe import BaseSlapRecipe
import pkg_resources
import sys
import zc.buildout
import zc.recipe.egg
class Recipe(BaseSlapRecipe):
def _install(self):
raise NotImplementedError('Outdated.')
def installKeyAuthorisationApache(self, ipv6, port, backend, key, certificate,
ca_conf, key_auth_path='/'):
if ipv6:
ip = self.getGlobalIPv6Address()
else:
ip = self.getLocalIPv4Address()
ssl_template = """SSLEngine on
SSLVerifyClient require
RequestHeader set REMOTE_USER %%{SSL_CLIENT_S_DN_CN}s
SSLCertificateFile %(key_auth_certificate)s
SSLCertificateKeyFile %(key_auth_key)s
SSLCACertificateFile %(ca_certificate)s
SSLCARevocationPath %(ca_crl)s"""
apache_conf = self._getApacheConfigurationDict('key_auth_apache', ip, port)
apache_conf['ssl_snippet'] = ssl_template % dict(
key_auth_certificate=certificate,
key_auth_key=key,
ca_certificate=ca_conf['ca_certificate'],
ca_crl=ca_conf['ca_crl']
)
prefix = 'ssl_key_auth_apache'
rewrite_rule_template = \
"RewriteRule (.*) http://%(backend)s%(key_auth_path)s$1 [L,P]"
path_template = pkg_resources.resource_string('slapos.recipe.erp5',
'template/apache.zope.conf.path.in')
path = path_template % dict(path='/')
d = dict(
path=path,
backend=backend,
backend_path='/',
port=apache_conf['port'],
vhname=path.replace('/', ''),
key_auth_path=key_auth_path,
)
rewrite_rule = rewrite_rule_template % d
apache_conf.update(**dict(
path_enable=path,
rewrite_rule=rewrite_rule
))
apache_config_file = self.createConfigurationFile(prefix + '.conf',
pkg_resources.resource_string('slapos.recipe.erp5',
'template/apache.zope.conf.in') % apache_conf)
self.path_list.append(apache_config_file)
self.path_list.extend(zc.buildout.easy_install.scripts([(
'key_auth_apache',
'slapos.recipe.erp5.apache', 'runApache')], self.ws,
sys.executable, self.wrapper_directory, arguments=[
dict(
required_path_list=[certificate, key, ca_conf['ca_certificate'],
ca_conf['ca_crl']],
binary=self.options['httpd_binary'],
config=apache_config_file
)
]))
if ipv6:
return 'https://[%(ip)s:%(port)s]' % apache_conf
else:
return 'https://%(ip)s:%(port)s' % apache_conf
def _getApacheConfigurationDict(self, prefix, ip, port):
apache_conf = dict()
apache_conf['pid_file'] = os.path.join(self.run_directory,
prefix + '.pid')
apache_conf['lock_file'] = os.path.join(self.run_directory,
prefix + '.lock')
apache_conf['ip'] = ip
apache_conf['port'] = port
apache_conf['server_admin'] = 'admin@'
apache_conf['error_log'] = os.path.join(self.log_directory,
prefix + '-error.log')
apache_conf['access_log'] = os.path.join(self.log_directory,
prefix + '-access.log')
self.registerLogRotation(prefix, [apache_conf['error_log'],
apache_conf['access_log']], self.killpidfromfile + ' ' +
apache_conf['pid_file'] + ' SIGUSR1')
return apache_conf
def _writeApacheConfiguration(self, prefix, apache_conf, backend,
access_control_string=None):
rewrite_rule_template = \
"RewriteRule (.*) http://%(backend)s$1 [L,P]"
if access_control_string is None:
path_template = pkg_resources.resource_string(__name__,
'template/apache.zope.conf.path.in')
path = path_template % dict(path='/')
else:
path_template = pkg_resources.resource_string(__name__,
'template/apache.zope.conf.path-protected.in')
path = path_template % dict(path='/',
access_control_string=access_control_string)
d = dict(
path=path,
backend=backend,
backend_path='/',
port=apache_conf['port'],
vhname=path.replace('/', ''),
)
rewrite_rule = rewrite_rule_template % d
apache_conf.update(**dict(
path_enable=path,
rewrite_rule=rewrite_rule
))
apache_conf_string = pkg_resources.resource_string(__name__,
'template/apache.zope.conf.in') % apache_conf
return self.createConfigurationFile(prefix + '.conf', apache_conf_string)
def installFrontendZopeApache(self, ip, port, name, frontend_path, backend_url,
backend_path, key, certificate, access_control_string=None):
ident = 'frontend_' + name
apache_conf = self._getApacheConfigurationDict(ident, ip, port)
apache_conf['server_name'] = name
apache_conf['frontend_path'] = frontend_path
apache_conf['ssl_snippet'] = pkg_resources.resource_string(__name__,
'template/apache.ssl-snippet.conf.in') % dict(
login_certificate=certificate, login_key=key)
path = pkg_resources.resource_string(__name__,
'template/apache.zope.conf.path-protected.in') % \
dict(path='/', access_control_string='none')
if access_control_string is None:
path_template = pkg_resources.resource_string(__name__,
'template/apache.zope.conf.path.in')
path += path_template % dict(path=frontend_path)
else:
path_template = pkg_resources.resource_string(__name__,
'template/apache.zope.conf.path-protected.in')
path += path_template % dict(path=frontend_path,
access_control_string=access_control_string)
rewrite_rule_template = \
"RewriteRule ^%(path)s($|/.*) %(backend_url)s/VirtualHostBase/https/%(server_name)s:%(port)s%(backend_path)s/VirtualHostRoot/%(vhname)s$1 [L,P]\n"
if frontend_path not in ["", None, "/"]:
vhname = "_vh_%s" % frontend_path.replace('/', '')
else:
vhname = ""
frontend_path = ""
rewrite_rule = rewrite_rule_template % dict(
path=frontend_path,
backend_url=backend_url,
backend_path=backend_path,
port=apache_conf['port'],
vhname=vhname,
server_name=name)
apache_conf.update(**dict(
path_enable=path,
rewrite_rule=rewrite_rule
))
apache_conf_string = pkg_resources.resource_string(__name__,
'template/apache.zope.conf.in') % apache_conf
apache_config_file = self.createConfigurationFile(ident + '.conf',
apache_conf_string)
self.path_list.append(apache_config_file)
self.path_list.extend(zc.buildout.easy_install.scripts([(
ident, __name__ + '.apache', 'runApache')], self.ws,
sys.executable, self.wrapper_directory, arguments=[
dict(
required_path_list=[key, certificate],
binary=self.options['httpd_binary'],
config=apache_config_file
)
]))
# Note: IPv6 is assumed always
return 'https://%(server_name)s:%(port)s%(frontend_path)s' % (apache_conf)
import os
import sys
import time
def runApache(args):
sleep = 60
conf = args[0]
while True:
ready = True
for f in conf.get('required_path_list', []):
if not os.path.exists(f):
print 'File %r does not exists, sleeping for %s' % (f, sleep)
ready = False
if ready:
break
time.sleep(sleep)
apache_wrapper_list = [conf['binary'], '-f', conf['config'], '-DFOREGROUND']
apache_wrapper_list.extend(sys.argv[1:])
sys.stdout.flush()
sys.stderr.flush()
os.execl(apache_wrapper_list[0], *apache_wrapper_list)
<Location %(location)s>
Order Deny,Allow
Deny from all
Allow from %(allow_string)s
</Location>
SSLEngine on
SSLCertificateFile %(login_certificate)s
SSLCertificateKeyFile %(login_key)s
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
SSLHonorCipherOrder on
SSLProxyEngine On
# Apache configuration file for Zope
# Automatically generated
# List of modules
LoadModule unixd_module modules/mod_unixd.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule headers_module modules/mod_headers.so
LoadModule antiloris_module modules/mod_antiloris.so
# Basic server configuration
PidFile "%(pid_file)s"
Listen %(ip)s:%(port)s
ServerAdmin %(server_admin)s
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
ServerTokens Prod
ServerSignature Off
TraceEnable Off
# As backend is trusting REMOTE_USER header unset it always
RequestHeader unset REMOTE_USER
# SSL Configuration
%(ssl_snippet)s
# Log configuration
ErrorLog "%(error_log)s"
# Default apache log format with request time in microsecond at the end
LogFormat "%%h %%l %%u %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\" %%D" combined
CustomLog "%(access_log)s" combined
# Directory protection
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
%(path_enable)s
# Magic of Zope related rewrite
RewriteEngine On
%(rewrite_rule)s
# Path protected
<Location %(path)s>
Order Deny,Allow
Deny from all
Allow from %(access_control_string)s
</Location>
# Path enabled
<Location %(path)s>
Order Allow,Deny
Allow from all
</Location>
##############################################################################
#
# Copyright (c) 2011 Vifib SARL and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
import urlparse
from slapos.recipe.librecipe import GenericSlapRecipe
class Recipe(GenericSlapRecipe):
def _install(self):
self.logger.warn('DEPRECATED: Please update your configuration to use erp5.promise and erp5.bootstrap instead.')
conversion_server = None
if 'cloudooo-url' in self.options and self.options['cloudooo-url']:
parsed = urlparse.urlparse(self.options['cloudooo-url'])
conversion_server = "%s:%s" % (parsed.hostname, parsed.port)
memcached = None
if 'memcached-url' in self.options and self.options['memcached-url']:
parsed = urlparse.urlparse(self.options['memcached-url'])
memcached = "%s:%s" % (parsed.hostname, parsed.port)
kumofs = None
if 'kumofs-url' in self.options and self.options['kumofs-url']:
parsed = urlparse.urlparse(self.options['kumofs-url'])
kumofs = "%s:%s" % (parsed.hostname, parsed.port)
parsed = urlparse.urlparse(self.options['mysql-url'])
mysql_connection_string = "%(database)s@%(hostname)s:%(port)s "\
"%(username)s %(password)s" % dict(
database=parsed.path.split('/')[1],
hostname=parsed.hostname,
port=parsed.port,
username=parsed.username,
password=parsed.password
)
parsed = urlparse.urlparse(self.options['url'])
zope_user = parsed.username
zope_password = parsed.password
zope_host = '%s:%s' % (parsed.hostname, parsed.port)
bt5_list = []
if len(self.parameter_dict.get("bt5_list", "").strip()):
bt5_list = self.parameter_dict["bt5_list"].split()
elif self.parameter_dict.get("flavour", "default") == 'configurator':
bt5_list = self.options['configurator-bt5-list'].split()
bt5_repository_list = self.parameter_dict.get("bt5_repository_list",
"").split() or self.options['bt5-repository-list'].split()
script = self.createPythonScript(self.options['update-wrapper'],
__name__+'.erp5.updateERP5', [
self.options['site-id'], mysql_connection_string,
[zope_user, zope_password, zope_host],
memcached, conversion_server, kumofs, bt5_list, bt5_repository_list,
self.options['cadir-path'], self.options['openssl-binary']])
return [script]
##############################################################################
#
# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
import httplib
import json
import base64
import socket
import time
class ERP5Updater(object):
erp5_catalog_storage = "erp5_mysql_innodb_catalog"
header_dict = {}
sleeping_time = 300
short_sleeping_time = 60
def __init__(self, user, password, host,
site_id, mysql_url, memcached_address,
conversion_server_address, persistent_cache_address,
bt5_list, bt5_repository_list, certificate_authority_path,
openssl_binary):
authentication_string = '%s:%s' % (user, password)
base64string = base64.encodestring(authentication_string).strip()
self.header_dict['Authorization'] = 'Basic %s' % base64string
self.header_dict['Referer'] = 'http://%s/manage_addProduct/ERP5/addERP5Site' % host
self.host = host
self.site_id = site_id
self.business_template_repository_list = bt5_repository_list
self.business_template_list = bt5_list
self.memcached_address = memcached_address
self.persistent_cached_address = persistent_cache_address
self.mysql_url = mysql_url
host, port = conversion_server_address.split(":")
self.conversion_server_address = host
self.conversion_server_port = int(port)
# Certificate Authority Tool configuration
self.certificate_authority_path = certificate_authority_path
self.openssl_binary = openssl_binary
def log(self, level, message):
date = time.strftime("%a, %d %b %Y %H:%M:%S +0000")
print "%s - %s : %s" % (date, level, message)
def getConnectionToZope(self):
return httplib.HTTPConnection(self.host)
def GET(self, path):
zope_connection = self.getConnectionToZope()
self.log("INFO", "GET ZOPE: %s, PATH: %s" % (self.host, path))
try:
zope_connection.request('GET', path, headers=self.header_dict)
result = zope_connection.getresponse()
data = result.read()
status = result.status
except socket.error, e:
data = "Unable to connect to %s (socket.error: %s)" % (self.host, e)
self.log("ERROR", data)
status = 0
finally:
zope_connection.close()
return status, data
def POST(self, path, post_dict):
zope_connection = self.getConnectionToZope()
param_list = []
for item in post_dict:
value = post_dict[item]
if isinstance(value, type([])):
for v in value:
param_list.append("%s:list=%s" % (item, v))
else:
param_list.append("%s=%s" % (item, value))
params = "&".join(param_list)
self.log("INFO", "GET ZOPE: %s, PATH: %s, PARAMS: %s" % \
(self.host, path, params))
try:
zope_connection.request('POST', path, params, headers=self.header_dict)
result = zope_connection.getresponse()
data = result.read()
status = result.status
except socket.error, e:
data = "Unable to connect to %s (socket.error: %s)" % (self.host, e)
self.log("ERROR", data)
status = 0
finally:
zope_connection.close()
return status, data
def isERP5Present(self):
status, data = self.GET("/isERP5SitePresent")
self.log("DEBUG", "isERP5Present : %s, %s" % (status, data))
return status == 200 and not (data == "False")
def loadSystemSignatureDict(self):
base_path = \
"/%s/portal_introspections/getSystemSignatureAsJSON" % self.site_id
status, data = self.GET(base_path)
if status == 200:
data_dict = json.loads(data)
self.system_signature_dict = data_dict
elif status == 404:
# Unable to find portal_introspection, this means erp5_base is not
# installed yet.
self.system_signature_dict = None
self.log("DEBUG", "Unable to find portal_introspection, this means " + \
"erp5_base is not installed yet.")
else:
self.log("ERROR", "Unable to get SystemSignature to %s (status: %s, data: %s)" % \
(self.host, status, data))
def getSystemSignatureDict(self, item=None, default=None):
system_signature_dict = getattr(self, 'system_signature_dict', None)
if system_signature_dict is not None and item is not None:
return system_signature_dict.get(item, default)
return system_signature_dict
def getMissingBusinessTemplateRepositoryList(self):
found_list = self.getSystemSignatureDict(
"business_template_repository_list", [])
return [i for i in self.business_template_repository_list
if i not in found_list]
def getMissingBusinessTemplateSet(self):
found_dict = self.getSystemSignatureDict("business_template_dict", {})
return set(self.business_template_list).difference(found_dict)
def updateBusinessTemplateList(self):
""" Update Business Template Configuration, including the repositories
"""
missing_business_template_set = self.getMissingBusinessTemplateSet()
if missing_business_template_set:
# Before updating the business templates, it is required to make sure
# the repositories are updated, thus update them even if they are
# already present because there may be new business templates...
repository_list = self.getSystemSignatureDict(
"business_template_repository_list", [])
repository_list.extend(self.getMissingBusinessTemplateRepositoryList())
self._setRepositoryList(repository_list)
# Require to update Business template
self._installBusinessTemplateList(list(missing_business_template_set))
return True
return False
def _setRepositoryList(self, repository_list):
""" Set repository list on portal_templates """
set_path = "/%s/portal_templates/updateRepositoryBusinessTemplateList" % self.site_id
self.POST(set_path, {"repository_list": repository_list})
def _installBusinessTemplateList(self, name_list, update_catalog=False):
""" Install a Business Template on Remote ERP5 setup """
set_path = "/%s/portal_templates/installBusinessTemplateListFromRepository" % self.site_id
self.POST(set_path, {"template_list": name_list,
"only_newer": 1,
"update_catalog": int(update_catalog),
"activate": 1,
"install_dependency": 1})
def _createActiveSystemPreference(self, edit_kw={}):
""" Assert that at least one enabled System Preference is present on
the erp5 instance.
"""
self.log("INFO", "Try to create New System Preference into ERP5!")
path = "/%s/portal_preferences/createActiveSystemPreference" % self.site_id
status, data = self.POST(path, edit_kw)
if status != 200:
self.log("ERROR", "Unable to create System Preference, an error ocurred %s." % data)
def updateConversionServer(self):
""" Update Conversion server Configuration """
external_connection_dict = self.getSystemSignatureDict("external_connection_dict")
host_key = None
port_key = None
for external_connection in external_connection_dict:
# Search for Configurated value for Conversion Server
if external_connection.endswith("getPreferredOoodocServerAddress"):
host_key = external_connection
elif external_connection.endswith("getPreferredOoodocServerPortNumber"):
port_key = external_connection
if None not in [host_key, port_key]:
break
if None in [host_key, port_key]:
self.log("ERROR", "Unable to find the Active System Preference to Update!")
self._createActiveSystemPreference(
{"preferred_ooodoc_server_address" : self.conversion_server_address,
"preferred_ooodoc_server_port_number": self.conversion_server_port })
return True
is_updated = self._assertAndUpdateDocument(host_key, self.conversion_server_address,
"setPreferredOoodocServerAddress")
is_updated = self._assertAndUpdateDocument(port_key,
self.conversion_server_port,
"setPreferredOoodocServerPortNumber") or is_updated
return is_updated
def updateCertificateAuthority(self):
""" Update the certificate authority only if is not configured yet """
if self.isCertificateAuthorityAvailable():
if self.isCertificateAuthorityConfigured():
return True
path = "/%s/portal_certificate_authority/" \
"manage_editCertificateAuthorityTool" % self.site_id
self.POST(path, {"certificate_authority_path": self.certificate_authority_path,
"openssl_binary": self.openssl_binary})
def isCertificateAuthorityAvailable(self):
""" Check if certificate Authority is available. """
external_connection_dict = self.system_signature_dict[
'external_connection_dict']
if 'portal_certificate_authority/certificate_authority_path' in \
external_connection_dict:
return True
return False
def isCertificateAuthorityConfigured(self):
""" Check if certificate Authority is configured correctly. """
external_connection_dict = self.system_signature_dict[
'external_connection_dict']
if self.certificate_authority_path == external_connection_dict.get(
'portal_certificate_authority/certificate_authority_path') and \
self.openssl_binary == external_connection_dict.get(
'portal_certificate_authority/openssl_binary'):
return True
return False
def updateMemcached(self):
# Assert Memcached configuration
self._assertAndUpdateDocument(
"portal_memcached/default_memcached_plugin/getUrlString",
self.memcached_address,
"setUrlString")
# Assert Persistent cache configuration (Kumofs)
self._assertAndUpdateDocument(
"portal_memcached/persistent_memcached_plugin/getUrlString",
self.persistent_cached_address,
"setUrlString")
def _assertAndUpdateDocument(self, key, expected_value, update_method):
external_connection_dict = self.getSystemSignatureDict("external_connection_dict")
# Assert Memcached configuration
found_address = external_connection_dict.get(key)
if found_address != expected_value:
document_path = "/".join(key.split("/")[:-1])
self.log("INFO",
"Document require update at %s (Found: %s, Expected: %s)" % \
(document_path, found_address, expected_value))
set_path = "/%s/%s/%s" % (self.site_id, document_path, update_method)
self.POST(set_path, {"value": expected_value})
return True
return False
def updateERP5Site(self):
if not self.isERP5Present():
self.log('INFO', 'No site present, adding new with id %r' % self.site_id)
self.POST('/manage_addProduct/ERP5/manage_addERP5Site', {
"id": self.site_id,
"erp5_catalog_storage": self.erp5_catalog_storage,
"erp5_sql_connection_string": self.mysql_url,
"cmf_activity_sql_connection_string": self.mysql_url})
return True
return False
def _hasActivityPresent(self):
activity_dict = self.getSystemSignatureDict("activity_dict")
if activity_dict["total"] > 0:
self.log("DEBUG", "Waiting for activities on ERP5...")
return True
return False
def _hasFailureActivity(self):
activity_dict = self.getSystemSignatureDict("activity_dict")
if activity_dict["failure"] > 0:
self.log("ERROR", "Update progress found Failure activities" +\
"and it will not be able to progress until" +\
" activites issue be solved")
return True
return False
def run(self):
""" Keep running until kill"""
while 1:
self.log('INFO', 'Sleeping for %s' % self.short_sleeping_time)
time.sleep(self.short_sleeping_time)
if not self.updateERP5Site():
self.loadSystemSignatureDict()
if self._hasFailureActivity():
time.sleep(self.sleeping_time)
continue
if self._hasActivityPresent():
continue
if self.updateBusinessTemplateList():
continue
self.updateMemcached()
if self.updateConversionServer():
continue
self.updateCertificateAuthority()
time.sleep(self.sleeping_time)
def updateERP5(argument_list):
site_id = argument_list[0]
mysql_url = argument_list[1]
user, password, host = argument_list[2]
memcached_address = argument_list[3]
conversion_server_address = argument_list[4]
persistent_cache_provider = argument_list[5]
bt5_list = argument_list[6]
certificate_authority_path = argument_list[8]
openssl_binary = argument_list[9]
bt5_repository_list = []
if len(argument_list) > 7:
bt5_repository_list = argument_list[7]
if len(bt5_list) > 0 and len(bt5_repository_list) == 0:
bt5_repository_list = ["http://www.erp5.org/dists/snapshot/bt5"]
erp5_upgrader = ERP5Updater(
user=user,
password=password,
host=host,
site_id=site_id,
mysql_url=mysql_url,
memcached_address=memcached_address,
conversion_server_address=conversion_server_address,
persistent_cache_address=persistent_cache_provider,
bt5_list=bt5_list,
bt5_repository_list=bt5_repository_list,
certificate_authority_path=certificate_authority_path,
openssl_binary=openssl_binary)
erp5_upgrader.run()
......@@ -27,6 +27,51 @@
import zc.buildout
from slapos.recipe.librecipe import GenericBaseRecipe
def compareMimetypeEntryPair(a, b):
"""
Like comparing strings, but here the star `*` is stronger than any other
character.
"""
i = 0
for i in range(min(len(a), len(b))):
if a[i] != b[i]:
if a[i] == "*": return 1
if b[i] == "*": return -1
if a[i] < b[i]: return -1
if a[i] > b[i]: return 1
return 0
if a[i:i+1]: return 1
if b[i:i+1]: return -1
return 0
default_mimetype_entry_list = [
"application/vnd.oasis.opendocument* * ooo",
"application/vnd.sun.xml* * ooo",
"application/pdf text/* pdf",
"application/pdf * ooo",
"video/* * ffmpeg",
"audio/* * ffmpeg",
"application/x-shockwave-flash * ffmpeg",
"application/ogg * ffmpeg",
"application/ogv * ffmpeg",
"image/png image/jpeg imagemagick",
"image/png * ooo",
"image/* image/* imagemagick",
"text/* * ooo",
"application/zip * ooo",
"application/msword * ooo",
"application/vnd* * ooo",
"application/x-vnd* * ooo",
"application/postscript * ooo",
"application/wmf * ooo",
"application/csv * ooo",
"application/x-openoffice-gdimetafile * ooo",
"application/x-emf * ooo",
"application/emf * ooo",
"application/octet* * ooo",
"* application/vnd.oasis.opendocument* ooo",
]
class Recipe(GenericBaseRecipe):
def install(self):
path_list = []
......@@ -52,6 +97,15 @@ class Recipe(GenericBaseRecipe):
conversion_server_dict['ENVIRONMENT_VARIABLE_LIST'] = '\n'.join(
['env-%s = %s' % (key, value) for key, value in environment_variable_list]
)
mimetype_entry_list = [
l.strip()
for l in self.options.get('mimetype_entry_addition', '').splitlines()
if l and not l.isspace()
]
mimetype_entry_list.extend(default_mimetype_entry_list)
mimetype_entry_list.sort(compareMimetypeEntryPair)
conversion_server_dict['MIMETYPE_ENTRY_LIST'] = \
"\n".join([" " + l for l in mimetype_entry_list])
config_file = self.createFile(self.options['configuration-file'],
self.substituteTemplate(self.getTemplateFilename('cloudooo.cfg.in'),
conversion_server_dict))
......
......@@ -42,31 +42,7 @@ openoffice_port = %(openoffice_port)s
# It is used to select the handler that will be used in conversion.
# Priority matters, first match take precedence on next lines.
mimetype_registry =
application/vnd.oasis.opendocument* * ooo
application/vnd.sun.xml* * ooo
application/pdf text/* pdf
application/pdf * ooo
video/* * ffmpeg
audio/* * ffmpeg
application/x-shockwave-flash * ffmpeg
application/ogg * ffmpeg
application/ogv * ffmpeg
image/png image/jpeg imagemagick
image/png * ooo
image/* image/* imagemagick
text/* * ooo
application/zip * ooo
application/msword * ooo
application/vnd* * ooo
application/x-vnd* * ooo
application/postscript * ooo
application/wmf * ooo
application/csv * ooo
application/x-openoffice-gdimetafile * ooo
application/x-emf * ooo
application/emf * ooo
application/octet* * ooo
* application/vnd.oasis.opendocument* ooo
%(MIMETYPE_ENTRY_LIST)s
[server:main]
use = egg:PasteScript#wsgiutils
......
##############################################################################
#
# Copyright (c) 2011 Vifib SARL and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
from slapos.recipe.librecipe import GenericBaseRecipe
import os
import sys
class Recipe(GenericBaseRecipe):
"""
kvm instance configuration.
"""
def install(self):
# Sanitize drive type parameter
self.options.setdefault('disk-type', 'virtio')
if not self.options.get('disk-type') in ['ide', 'scsi', 'sd',
'mtd', 'floppy', 'pflash', 'virtio']:
print 'Warning: "disk-type" parameter is not in allowed values. Using ' \
'"virtio" value.'
self.options['disk-type'] = 'virtio'
self.options['python-path'] = sys.executable
path_list = []
if self.isTrueValue(self.options.get('use-nat')):
# XXX This could be done using Jinja.
for port in self.options['nat-rules'].split():
tunnel_port = int(port) + 10000
tunnel_path = self.createExecutable(
'%s-%s' % (self.options['6tunnel-wrapper-path'], tunnel_port),
self.substituteTemplate(
self.getTemplateFilename('6to4.in'),
{
'ipv6': self.options['ipv6'],
'ipv6_port': tunnel_port,
'ipv4': self.options['ipv4'],
'ipv4_port': tunnel_port,
'shell_path': self.options['shell-path'],
'6tunnel_path': self.options['6tunnel-path'],
},
),
)
path_list.append(tunnel_path)
runner_path = self.createExecutable(
self.options['runner-path'],
self.substituteTemplate(self.getTemplateFilename('kvm_run.in'),
self.options))
path_list.append(runner_path)
controller_path = self.createExecutable(
self.options['controller-path'],
self.substituteTemplate(self.getTemplateFilename('kvm_controller_run.in'),
self.options))
return path_list
#!%(shell_path)s
# BEWARE: This file is operated by slapgrid
# BEWARE: It will be overwritten automatically
exec %(6tunnel_path)s -6 -4 -d -l %(ipv6)s %(ipv6_port)s %(ipv4)s %(ipv4_port)s
#!%(python-path)s
# BEWARE: This file is operated by slapgrid
# BEWARE: It will be overwritten automatically
# Echo client program
import socket
import time
# XXX: to be factored with slapos.toolbox qemu qmp wrapper.
socket_path = '%(socket-path)s'
vnc_password = '%(vnc-passwd)s'
# Connect to KVM qmp socket
so = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
connected = False
while not connected:
try:
so.connect(socket_path)
except socket.error:
time.sleep(1)
else:
connected = True
data = so.recv(1024)
# Enable qmp
so.send('{ "execute": "qmp_capabilities" }')
data = so.recv(1024)
# Set VNC password
so.send('{ "execute": "change", ' \
'"arguments": { "device": "vnc", "target": "password", ' \
' "arg": "' + vnc_password + '" } }')
data = so.recv(1024)
# Finish
so.close()
#!%(python-path)s
# BEWARE: This file is operated by slapgrid
# BEWARE: It will be overwritten automatically
import hashlib
import os
import socket
import subprocess
import urllib
import gzip
import shutil
from random import shuffle
import glob
import re
import ssl
opener = urllib.FancyURLopener(context=ssl._create_unverified_context())
# XXX: give all of this through parameter, don't use this as template, but as module
qemu_img_path = '%(qemu-img-path)s'
qemu_path = '%(qemu-path)s'
disk_size = '%(disk-size)s'
disk_type = '%(disk-type)s'
socket_path = '%(socket-path)s'
nbd_list = (('%(nbd-host)s', %(nbd-port)s), ('%(nbd2-host)s', %(nbd2-port)s))
default_disk_image = '%(default-disk-image)s'
disk_path = '%(disk-path)s'
virtual_hard_drive_url = '%(virtual-hard-drive-url)s'.strip()
virtual_hard_drive_md5sum = '%(virtual-hard-drive-md5sum)s'.strip()
virtual_hard_drive_gzipped = '%(virtual-hard-drive-gzipped)s'.strip().lower()
nat_rules = '%(nat-rules)s'.strip()
use_tap = '%(use-tap)s'.lower()
use_nat = '%(use-nat)s'.lower()
enable_vhost = '%(enable-vhost)s'.lower()
tap_interface = '%(tap-interface)s'
listen_ip = '%(ipv4)s'
mac_address = '%(mac-address)s'
tap_mac_address = '%(tap-mac-address)s'
smp_count = '%(smp-count)s'
smp_options = '%(smp-options)s'.strip()
numa_list = '%(numa)s'.split()
ram_size = '%(ram-size)s'
pid_file_path = '%(pid-file-path)s'
external_disk_number = %(external-disk-number)s
external_disk_size = '%(external-disk-size)s'
external_disk_format = '%(external-disk-format)s'
disk_storage_dict = {}
disk_storage_list = """%(disk-storage-list)s""".split('\n')
map_storage_list = []
etc_directory = '%(etc-directory)s'.strip()
httpd_port = %(httpd-port)s
netcat_bin = '%(netcat-binary)s'.strip()
cluster_doc_host = '%(cluster-doc-host)s'
cluster_doc_port = %(cluster-doc-port)s
language = '%(language)s'
language_list = ['ar', 'da', 'de', 'de-ch', 'en-gb', 'en-us', 'es', 'et', 'fi',
'fo', 'fr', 'fr-be', 'fr-ca', 'fr-ch', 'hr', 'hu', 'is', 'it', 'ja', 'lt',
'lv', 'mk', 'nl', 'nl-be', 'no', 'pl', 'pt', 'pt-br', 'ru', 'sl', 'sv',
'th', 'tr']
def md5Checksum(file_path):
with open(file_path, 'rb') as fh:
m = hashlib.md5()
while True:
data = fh.read(8192)
if not data:
break
m.update(data)
return m.hexdigest()
def getSocketStatus(host, port):
s = None
for res in socket.getaddrinfo(host, port,
socket.AF_UNSPEC, socket.SOCK_STREAM):
af, socktype, proto, canonname, sa = res
try:
s = socket.socket(af, socktype, proto)
except socket.error, msg:
s = None
continue
try:
s.connect(sa)
except socket.error, msg:
s.close()
s = None
continue
break
return s
def getMapStorageList(disk_storage_dict, external_disk_number):
map_disk_file = os.path.join(etc_directory, '.data-disk-ids')
last_disk_num_f = os.path.join(etc_directory, '.data-disk-amount')
id_list = []
last_amount = 0
map_f_exist = os.path.exists(map_disk_file)
if os.path.exists(last_disk_num_f):
with open(last_disk_num_f, 'r') as lf:
last_amount = int(lf.readline())
if map_f_exist:
with open(map_disk_file, 'r') as mf:
# ID are writen in one line: data1 data3 data2 ...
content = mf.readline()
for id in content.split(' '):
if disk_storage_dict.has_key(id):
id_list.append(id)
else:
# Mean that this disk path has been removed (disk unmounted)
last_amount -= 1
for key in disk_storage_dict:
if not key in id_list:
id_list.append(key)
if id_list:
if not map_f_exist:
# shuffle the list to not write disk in data1, data2, ... everytime
shuffle(id_list)
if external_disk_number < last_amount:
# Drop created disk is not allowed
external_disk_number = last_amount
with open(map_disk_file, 'w') as mf:
mf.write(' '.join(id_list))
with open(last_disk_num_f, 'w') as lf:
lf.write('%%s' %% external_disk_number)
return id_list, external_disk_number
# Download existing hard drive if needed at first boot
if not os.path.exists(disk_path) and virtual_hard_drive_url != '':
print('Downloading virtual hard drive...')
try:
downloaded_disk = disk_path
if virtual_hard_drive_gzipped == 'true':
downloaded_disk = '%%s.gz' %% disk_path
opener.retrieve(virtual_hard_drive_url, downloaded_disk)
except:
if os.path.exists(downloaded_disk):
os.remove(downloaded_disk)
raise
md5sum = virtual_hard_drive_md5sum.strip()
if md5sum:
print('Checking MD5 checksum...')
local_md5sum = md5Checksum(downloaded_disk)
if local_md5sum != md5sum:
os.remove(downloaded_disk)
raise Exception('MD5 mismatch. MD5 of local file is %%s, Specified MD5 is %%s.' %% (
local_md5sum, md5sum))
print('MD5sum check passed.')
else:
print('Warning: not checksum specified.')
if downloaded_disk.endswith('.gz'):
try:
with open(disk_path, 'w') as disk:
with gzip.open(downloaded_disk, 'rb') as disk_gz:
shutil.copyfileobj(disk_gz, disk)
except Exception:
if os.path.exists(disk_path):
os.remove(disk_path)
raise
os.remove(downloaded_disk)
# Create disk if doesn't exist
# XXX: move to Buildout profile
if not os.path.exists(disk_path):
print('Creating virtual hard drive...')
subprocess.check_call([qemu_img_path, 'create' ,'-f', 'qcow2',
disk_path, '%%sG' %% disk_size])
print('Done.')
# Check and create external disk
additional_disk_list = []
for storage in disk_storage_list:
if storage:
key, val = storage.split(' ')
disk_storage_dict[key.strip()] = val.strip()
if not external_disk_format in ['qcow2', 'raw', 'vdi', 'vmdk', 'cloop', 'qed']:
external_disk_format = 'qcow2'
map_storage_list, external_disk_number = getMapStorageList(disk_storage_dict,
int(external_disk_number))
assert len(map_storage_list) == len(disk_storage_dict)
if disk_storage_dict:
if external_disk_number > 0:
index = 0
while (index < len(disk_storage_dict)) and (index < external_disk_number):
path = disk_storage_dict[map_storage_list[index]]
if os.path.exists(path):
disk_filepath = os.path.join(path,
'kvm_virtual_disk.%%s' %% external_disk_format)
disk_list = glob.glob('%%s.*' %% os.path.join(path, 'kvm_virtual_disk'))
if disk_list == []:
print('Creating one additional virtual hard drive...')
process = subprocess.check_call([qemu_img_path, 'create' ,'-f', '%%s' %% external_disk_format,
disk_filepath, '%%sG' %% external_disk_size])
else:
# Cannot change or recreate if disk is exists
disk_filepath = disk_list[0]
additional_disk_list.append(disk_filepath)
else:
print('Data folder %%s was not used to create external disk %%r' %% (index +1))
index += 1
# Generate network parameters
# XXX: use_tap should be a boolean
tap_network_parameter = []
nat_network_parameter = []
numa_parameter = []
number = -1
if use_nat == 'true':
number += 1
rules = 'user,id=lan%%s,' %% number + ','.join('hostfwd=tcp:%%s:%%s-:%%s' %% (listen_ip,
int(port) + 10000, port) for port in nat_rules.split())
if httpd_port > 0:
rules += ',guestfwd=tcp:10.0.2.100:80-cmd:%%s %%s %%s' %% (netcat_bin,
listen_ip, httpd_port)
if cluster_doc_host and cluster_doc_port > 0:
rules += ',guestfwd=tcp:10.0.2.101:443-cmd:%%s %%s %%s' %% (netcat_bin,
cluster_doc_host, cluster_doc_port)
nat_network_parameter = ['-netdev', rules,
'-device', 'virtio-net-pci,netdev=lan%%s,mac=%%s' %% (number, mac_address)]
if use_tap == 'true':
number += 1
vhost = ''
if enable_vhost == 'true':
vhost = ',vhost=on'
tap_network_parameter = ['-netdev',
'tap,id=lan%%s,ifname=%%s,script=no,downscript=no%%s' %% (number,
tap_interface, vhost),
'-device', 'virtio-net-pci,netdev=lan%%s,mac=%%s' %% (number, tap_mac_address)]
smp = smp_count
if smp_options:
for option in smp_options.split(','):
key, val = option.split('=')
if key in ('cores', 'threads', 'sockets', 'maxcpus') and val.isdigit():
smp += ',%%s=%%s' %% (key, val)
kvm_argument_list = [qemu_path,
'-enable-kvm', '-smp', smp,
'-m', ram_size, '-vga', 'std',
'-drive', 'file=%%s,if=%%s' %% (disk_path, disk_type),
'-vnc', '%%s:1,ipv4,password' %% listen_ip,
'-boot', 'order=cd,menu=on',
'-qmp', 'unix:%%s,server' %% socket_path,
'-pidfile', pid_file_path,
]
rgx = re.compile('^[\w*\,][\=\d+\-\,\w]*$')
for numa in numa_list:
if rgx.match(numa):
numa_parameter.extend(['-numa', numa])
kvm_argument_list += numa_parameter
if tap_network_parameter == [] and nat_network_parameter == []:
print 'Warning : No network interface defined.'
else:
kvm_argument_list += nat_network_parameter + tap_network_parameter
if language in language_list:
kvm_argument_list.extend(['-k', language])
for disk in additional_disk_list:
kvm_argument_list.extend([
'-drive', 'file=%%s,if=%%s' %% (disk, disk_type)])
# Try to connect to NBD server (and second nbd if defined).
# If not available, don't even specify it in qemu command line parameters.
# Reason: if qemu starts with unavailable NBD drive, it will just crash.
for nbd_ip, nbd_port in nbd_list:
if nbd_ip and nbd_port:
s = getSocketStatus(nbd_ip, nbd_port)
if s is None:
# NBD is not available : launch kvm without it
print 'Warning : Nbd is not available.'
else:
# NBD is available
kvm_argument_list.extend([
'-drive',
'file=nbd:[%%s]:%%s,media=cdrom' %% (nbd_ip, nbd_port)])
# If no NBD is specified/available: use internal disk image
else:
kvm_argument_list.extend([
'-drive', 'file=%%s,media=cdrom' %% default_disk_image
])
print 'Starting KVM: \n %%s' %% ' '.join(kvm_argument_list)
os.execv(qemu_path, kvm_argument_list)
##############################################################################
#
# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
from slapos.recipe.librecipe import BaseSlapRecipe
import hashlib
import os
import pkg_resources
import sys
import zc.buildout
import ConfigParser
class Recipe(BaseSlapRecipe):
def getTemplateFilename(self, template_name):
return pkg_resources.resource_filename(__name__,
'template/%s' % template_name)
def _install(self):
# Apache
# TODO add in apache conf location of mmc.ini
document_root = self.createDataDirectory('htdocs')
self.createHtdocs(self.options['source'].strip(), document_root)
url = self.installApache(document_root)
# MySQL
mysql_conf = self.installMysqlServer(self.getLocalIPv4Address(), 45678)
# LDAP
ldap_port = dict()
# Pulse
mmc_core_conf = self.installPulse2(ip=self.getLocalIPv4Address(),
port=11000, ldap_host=ldap_conf['host'], ldap_port=ldap_conf['port'])
ca_conf = self.installCertificateAuthority()
key, certificate = self.requestCertificate('Pulse')
stunnel_conf = self.installStunnel(self.getGlobalIPv6Address(),
self.getLocalIPv4Address(), 12345, pulse_conf['inventory_port'],
certificate, key, ca_conf['ca_crl'],
ca_conf['certificate_authority_path'])
self.linkBinary()
self.setConnectionDict(dict(
stunnel_inventory_ip = stunnel_conf['public_ip'],
stunnel_inventory_port = stunnel_conf['public_port'],
url=url,
**mysql_conf
))
return self.path_list
def linkBinary(self):
"""Links binaries to instance's bin directory for easier exposal"""
for linkline in self.options.get('link_binary_list', '').splitlines():
if not linkline:
continue
target = linkline.split()
if len(target) == 1:
target = target[0]
path, linkname = os.path.split(target)
else:
linkname = target[1]
target = target[0]
link = os.path.join(self.bin_directory, linkname)
if os.path.lexists(link):
if not os.path.islink(link):
raise zc.buildout.UserError(
'Target link already %r exists but it is not link' % link)
os.unlink(link)
os.symlink(target, link)
self.logger.debug('Created link %r -> %r' % (link, target))
self.path_list.append(link)
def installCrond(self):
timestamps = self.createDataDirectory('cronstamps')
cron_output = os.path.join(self.log_directory, 'cron-output')
self._createDirectory(cron_output)
catcher = zc.buildout.easy_install.scripts([('catchcron',
__name__ + '.catdatefile', 'catdatefile')], self.ws, sys.executable,
self.bin_directory, arguments=[cron_output])[0]
self.path_list.append(catcher)
cron_d = os.path.join(self.etc_directory, 'cron.d')
crontabs = os.path.join(self.etc_directory, 'crontabs')
self._createDirectory(cron_d)
self._createDirectory(crontabs)
# Use execute from erp5.
wrapper = zc.buildout.easy_install.scripts([('crond',
'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
self.wrapper_directory, arguments=[
self.options['dcrond_binary'].strip(), '-s', cron_d, '-c', crontabs,
'-t', timestamps, '-f', '-l', '5', '-M', catcher]
)[0]
self.path_list.append(wrapper)
return cron_d
def installLogrotate(self):
"""Installs logortate main configuration file and registers its to cron"""
logrotate_d = os.path.abspath(os.path.join(self.etc_directory,
'logrotate.d'))
self._createDirectory(logrotate_d)
logrotate_backup = self.createBackupDirectory('logrotate')
logrotate_conf = self.createConfigurationFile("logrotate.conf",
"include %s" % logrotate_d)
logrotate_cron = os.path.join(self.cron_d, 'logrotate')
state_file = os.path.join(self.data_root_directory, 'logrotate.status')
open(logrotate_cron, 'w').write('0 0 * * * %s -s %s %s' %
(self.options['logrotate_binary'], state_file, logrotate_conf))
self.path_list.extend([logrotate_d, logrotate_conf, logrotate_cron])
return logrotate_d, logrotate_backup
def registerLogRotation(self, name, log_file_list, postrotate_script):
"""Register new log rotation requirement"""
open(os.path.join(self.logrotate_d, name), 'w').write(
self.substituteTemplate(self.getTemplateFilename(
'logrotate_entry.in'),
dict(file_list=' '.join(['"'+q+'"' for q in log_file_list]),
postrotate=postrotate_script, olddir=self.logrotate_backup)))
def installCertificateAuthority(self, ca_country_code='XX',
ca_email='xx@example.com', ca_state='State', ca_city='City',
ca_company='Company'):
backup_path = self.createBackupDirectory('ca')
self.ca_dir = os.path.join(self.data_root_directory, 'ca')
self._createDirectory(self.ca_dir)
self.ca_request_dir = os.path.join(self.ca_dir, 'requests')
self._createDirectory(self.ca_request_dir)
config = dict(ca_dir=self.ca_dir, request_dir=self.ca_request_dir)
self.ca_private = os.path.join(self.ca_dir, 'private')
self.ca_certs = os.path.join(self.ca_dir, 'certs')
self.ca_crl = os.path.join(self.ca_dir, 'crl')
self.ca_newcerts = os.path.join(self.ca_dir, 'newcerts')
self.ca_key_ext = '.key'
self.ca_crt_ext = '.crt'
for d in [self.ca_private, self.ca_crl, self.ca_newcerts, self.ca_certs]:
self._createDirectory(d)
for f in ['crlnumber', 'serial']:
if not os.path.exists(os.path.join(self.ca_dir, f)):
open(os.path.join(self.ca_dir, f), 'w').write('01')
if not os.path.exists(os.path.join(self.ca_dir, 'index.txt')):
open(os.path.join(self.ca_dir, 'index.txt'), 'w').write('')
openssl_configuration = os.path.join(self.ca_dir, 'openssl.cnf')
config.update(
working_directory=self.ca_dir,
country_code=ca_country_code,
state=ca_state,
city=ca_city,
company=ca_company,
email_address=ca_email,
)
self._writeFile(openssl_configuration, pkg_resources.resource_string(
__name__, 'template/openssl.cnf.ca.in') % config)
self.path_list.extend(zc.buildout.easy_install.scripts([
('certificate_authority',
__name__ + '.certificate_authority', 'runCertificateAuthority')],
self.ws, sys.executable, self.wrapper_directory, arguments=[dict(
openssl_configuration=openssl_configuration,
openssl_binary=self.options['openssl_binary'],
certificate=os.path.join(self.ca_dir, 'cacert.pem'),
key=os.path.join(self.ca_private, 'cakey.pem'),
crl=os.path.join(self.ca_crl),
request_dir=self.ca_request_dir
)]))
# configure backup
backup_cron = os.path.join(self.cron_d, 'ca_rdiff_backup')
open(backup_cron, 'w').write(
'''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''%dict(
rdiff_backup=self.options['rdiff_backup_binary'],
source=self.ca_dir,
destination=backup_path))
self.path_list.append(backup_cron)
return dict(
ca_certificate=os.path.join(config['ca_dir'], 'cacert.pem'),
ca_crl=os.path.join(config['ca_dir'], 'crl'),
certificate_authority_path=config['ca_dir']
)
def requestCertificate(self, name):
hash = hashlib.sha512(name).hexdigest()
key = os.path.join(self.ca_private, hash + self.ca_key_ext)
certificate = os.path.join(self.ca_certs, hash + self.ca_crt_ext)
parser = ConfigParser.RawConfigParser()
parser.add_section('certificate')
parser.set('certificate', 'name', name)
parser.set('certificate', 'key_file', key)
parser.set('certificate', 'certificate_file', certificate)
parser.write(open(os.path.join(self.ca_request_dir, hash), 'w'))
return key, certificate
def installStunnel(self, public_ip, private_ip, public_port, private_port,
ca_certificate, key, ca_crl, ca_path):
"""Installs stunnel"""
template_filename = self.getTemplateFilename('stunnel.conf.in')
log = os.path.join(self.log_directory, 'stunnel.log')
pid_file = os.path.join(self.run_directory, 'stunnel.pid')
stunnel_conf = dict(
public_ip=public_ip,
private_ip=private_ip,
public_port=public_port,
pid_file=pid_file,
log=log,
cert = ca_certificate,
key = key,
ca_crl = ca_crl,
ca_path = ca_path,
private_port = private_port,
)
stunnel_conf_path = self.createConfigurationFile("stunnel.conf",
self.substituteTemplate(template_filename,
stunnel_conf))
wrapper = zc.buildout.easy_install.scripts([('stunnel',
'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
self.wrapper_directory, arguments=[
self.options['stunnel_binary'].strip(), stunnel_conf_path]
)[0]
self.path_list.append(wrapper)
return stunnel_conf
def installPulse2(self, ip, port, ldap_host, ldap_port):
"""Installs both mmc_core and pulse2"""
config = dict(
ldap_host=ldap_host,
ldap_port=ldap_port,
memcached_port=port,
ldap_logfile_path= os.path.join(self.log_directory, 'ldap.log'),
mmc_core_binary=self.options['mmc_core_binary']
)
#TODO write function that takes all templates in subdir and creates conf
# files, keeping same dir structure.
mmc_conf_path = self.createConfigurationFile(os.path.join("mmc",
"agent", "config.ini"), self.substituteTemplate(
self.getTemplateFilename(os.path.join("mmc_conf",
"agent", "config.ini.in")), config))
config['mmc_core_config_file'] = mysql_conf_path
self.path_list.append(self.createRunningWrapper('mmc-core',
self.substituteTemplate(self.getTemplateFilename('mmc-core.in'),
config)))
return dict(memcached_url='%s:%s' %
(config['memcached_ip'], config['memcached_port']),
memcached_ip=config['memcached_ip'],
memcached_port=config['memcached_port'])
def createHtdocs(self, source, document_root):
source = self.options['source'].strip()
document_root = self.createDataDirectory('htdocs')
for p in os.listdir(document_root):
path = os.path.join(document_root, p)
if os.path.isdir(path):
shutil.rmtree(path)
else:
os.unlink(path)
for p in os.listdir(source):
path = os.path.join(source, p)
if os.path.isdir(path):
shutil.copytree(path, os.path.join(document_root, p))
else:
shutil.copy2(path, os.path.join(document_root, p))
def installApache(self, document_root, ip=None, port=None):
if ip is None:
ip=self.getGlobalIPv6Address()
if port is None:
port = '9080'
apache_config = dict(
pid_file=os.path.join(self.run_directory, 'httpd.pid'),
lock_file=os.path.join(self.run_directory, 'httpd.lock'),
ip=ip,
port=port,
error_log=os.path.join(self.log_directory, 'httpd-error.log'),
access_log=os.path.join(self.log_directory, 'httpd-access.log'),
document_root=document_root,
php_ini_dir=self.etc_directory
)
config_file = self.createConfigurationFile('httpd.conf',
self.substituteTemplate(pkg_resources.resource_filename(__name__,
'template/apache.in'), apache_config))
self.path_list.append(config_file)
self.path_list.append(self.createConfigurationFile('php.ini',
self.substituteTemplate(pkg_resources.resource_filename(__name__,
'template/php.ini.in'), {})))
self.path_list.extend(zc.buildout.easy_install.scripts([(
'httpd',
__name__ + '.apache', 'runApache')], self.ws,
sys.executable, self.wrapper_directory, arguments=[
dict(
required_path_list=[],
binary=self.options['httpd_binary'],
config=config_file
)
]))
return 'http://[%s]:%s' % (ip, port)
def installMysqlServer(self, ip, port, database='erp5', user='user',
test_database='test_erp5', test_user='test_user', template_filename=None,
parallel_test_database_amount=100, mysql_conf=None):
if mysql_conf is None:
mysql_conf = {}
backup_directory = self.createBackupDirectory('mysql')
if template_filename is None:
template_filename = self.getTemplateFilename('my.cnf.in')
error_log = os.path.join(self.log_directory, 'mysqld.log')
slow_query_log = os.path.join(self.log_directory, 'mysql-slow.log')
mysql_conf.update(
ip=ip,
data_directory=os.path.join(self.data_root_directory,
'mysql'),
tcp_port=port,
pid_file=os.path.join(self.run_directory, 'mysqld.pid'),
socket=os.path.join(self.run_directory, 'mysqld.sock'),
error_log=error_log,
slow_query_log=slow_query_log,
mysql_database=database,
mysql_user=user,
mysql_password=self.generatePassword(),
mysql_test_password=self.generatePassword(),
mysql_test_database=test_database,
mysql_test_user=test_user,
mysql_parallel_test_dict=[
('test_%i' % x,)*2 + (self.generatePassword(),) \
for x in xrange(0,parallel_test_database_amount)],
)
self.registerLogRotation('mysql', [error_log, slow_query_log],
'%(mysql_binary)s --no-defaults -B --user=root '
'--socket=%(mysql_socket)s -e "FLUSH LOGS"' % dict(
mysql_binary=self.options['mysql_binary'],
mysql_socket=mysql_conf['socket']))
self._createDirectory(mysql_conf['data_directory'])
mysql_conf_path = self.createConfigurationFile("my.cnf",
self.substituteTemplate(template_filename,
mysql_conf))
mysql_script_list = []
for x_database, x_user, x_password in \
[(mysql_conf['mysql_database'],
mysql_conf['mysql_user'],
mysql_conf['mysql_password']),
(mysql_conf['mysql_test_database'],
mysql_conf['mysql_test_user'],
mysql_conf['mysql_test_password']),
] + mysql_conf['mysql_parallel_test_dict']:
mysql_script_list.append(pkg_resources.resource_string(__name__,
'template/initmysql.sql.in') % {
'mysql_database': x_database,
'mysql_user': x_user,
'mysql_password': x_password})
mysql_script_list.append('EXIT')
mysql_script = '\n'.join(mysql_script_list)
self.path_list.extend(zc.buildout.easy_install.scripts([('mysql_update',
__name__ + '.mysql', 'updateMysql')], self.ws,
sys.executable, self.wrapper_directory, arguments=[dict(
mysql_script=mysql_script,
mysql_binary=self.options['mysql_binary'].strip(),
mysql_upgrade_binary=self.options['mysql_upgrade_binary'].strip(),
socket=mysql_conf['socket'],
)]))
self.path_list.extend(zc.buildout.easy_install.scripts([('mysqld',
__name__ + '.mysql', 'runMysql')], self.ws,
sys.executable, self.wrapper_directory, arguments=[dict(
mysql_install_binary=self.options['mysql_install_binary'].strip(),
mysqld_binary=self.options['mysqld_binary'].strip(),
data_directory=mysql_conf['data_directory'].strip(),
mysql_binary=self.options['mysql_binary'].strip(),
socket=mysql_conf['socket'].strip(),
configuration_file=mysql_conf_path,
)]))
self.path_list.extend([mysql_conf_path])
# backup configuration
backup_directory = self.createBackupDirectory('mysql')
full_backup = os.path.join(backup_directory, 'full')
incremental_backup = os.path.join(backup_directory, 'incremental')
self._createDirectory(full_backup)
self._createDirectory(incremental_backup)
innobackupex_argument_list = [self.options['perl_binary'],
self.options['innobackupex_binary'],
'--defaults-file=%s' % mysql_conf_path,
'--socket=%s' %mysql_conf['socket'].strip(), '--user=root',
'--ibbackup=%s'% self.options['xtrabackup_binary']]
environment = dict(PATH='%s' % self.bin_directory)
innobackupex_incremental = zc.buildout.easy_install.scripts([(
'innobackupex_incremental','slapos.recipe.librecipe.execute', 'executee')],
self.ws, sys.executable, self.bin_directory, arguments=[
innobackupex_argument_list + ['--incremental'],
environment])[0]
self.path_list.append(innobackupex_incremental)
innobackupex_full = zc.buildout.easy_install.scripts([('innobackupex_full',
'slapos.recipe.librecipe.execute', 'executee')], self.ws,
sys.executable, self.bin_directory, arguments=[
innobackupex_argument_list,
environment])[0]
self.path_list.append(innobackupex_full)
backup_controller = zc.buildout.easy_install.scripts([
('innobackupex_controller', __name__ + '.innobackupex', 'controller')],
self.ws, sys.executable, self.bin_directory,
arguments=[innobackupex_incremental, innobackupex_full, full_backup,
incremental_backup])[0]
self.path_list.append(backup_controller)
mysql_backup_cron = os.path.join(self.cron_d, 'mysql_backup')
open(mysql_backup_cron, 'w').write('0 0 * * * ' + backup_controller)
self.path_list.append(mysql_backup_cron)
# The return could be more explicit database, user ...
return mysql_conf
import os
import sys
import time
def runApache(args):
sleep = 60
conf = args[0]
while True:
ready = True
for f in conf.get('required_path_list', []):
if not os.path.exists(f):
print 'File %r does not exists, sleeping for %s' % (f, sleep)
ready = False
if ready:
break
time.sleep(sleep)
apache_wrapper_list = [conf['binary'], '-f', conf['config'], '-DFOREGROUND']
apache_wrapper_list.extend(sys.argv[1:])
sys.stdout.flush()
sys.stderr.flush()
os.execl(apache_wrapper_list[0], *apache_wrapper_list)
import os
import subprocess
import time
import ConfigParser
def popenCommunicate(command_list, input=None):
subprocess_kw = dict(stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
if input is not None:
subprocess_kw.update(stdin=subprocess.PIPE)
popen = subprocess.Popen(command_list, **subprocess_kw)
result = popen.communicate(input)[0]
if popen.returncode is None:
popen.kill()
if popen.returncode != 0:
raise ValueError('Issue during calling %r, result was:\n%s' % (
command_list, result))
return result
class CertificateAuthority:
def __init__(self, key, certificate, openssl_binary,
openssl_configuration, request_dir):
self.key = key
self.certificate = certificate
self.openssl_binary = openssl_binary
self.openssl_configuration = openssl_configuration
self.request_dir = request_dir
def checkAuthority(self):
file_list = [ self.key, self.certificate ]
ca_ready = True
for f in file_list:
if not os.path.exists(f):
ca_ready = False
break
if ca_ready:
return
for f in file_list:
if os.path.exists(f):
os.unlink(f)
try:
# no CA, let us create new one
popenCommunicate([self.openssl_binary, 'req', '-nodes', '-config',
self.openssl_configuration, '-new', '-x509', '-extensions',
'v3_ca', '-keyout', self.key, '-out', self.certificate,
'-days', '10950'], 'Automatic Certificate Authority\n')
except:
try:
for f in file_list:
if os.path.exists(f):
os.unlink(f)
except:
# do not raise during cleanup
pass
raise
def _checkCertificate(self, common_name, key, certificate):
file_list = [key, certificate]
ready = True
for f in file_list:
if not os.path.exists(f):
ready = False
break
if ready:
return False
for f in file_list:
if os.path.exists(f):
os.unlink(f)
csr = certificate + '.csr'
try:
popenCommunicate([self.openssl_binary, 'req', '-config',
self.openssl_configuration, '-nodes', '-new', '-keyout',
key, '-out', csr, '-days', '3650'],
common_name + '\n')
try:
popenCommunicate([self.openssl_binary, 'ca', '-batch', '-config',
self.openssl_configuration, '-out', certificate,
'-infiles', csr])
finally:
if os.path.exists(csr):
os.unlink(csr)
except:
try:
for f in file_list:
if os.path.exists(f):
os.unlink(f)
except:
# do not raise during cleanup
pass
raise
else:
return True
def checkRequestDir(self):
for request_file in os.listdir(self.request_dir):
parser = ConfigParser.RawConfigParser()
parser.readfp(open(os.path.join(self.request_dir, request_file), 'r'))
if self._checkCertificate(parser.get('certificate', 'name'),
parser.get('certificate', 'key_file'), parser.get('certificate',
'certificate_file')):
print 'Created certificate %r' % parser.get('certificate', 'name')
def runCertificateAuthority(args):
ca_conf = args[0]
ca = CertificateAuthority(ca_conf['key'], ca_conf['certificate'],
ca_conf['openssl_binary'], ca_conf['openssl_configuration'],
ca_conf['request_dir'])
while True:
ca.checkAuthority()
ca.checkRequestDir()
time.sleep(60)
import os
import glob
def controller(args):
"""Creates full or incremental backup
If no full backup is done, it is created
If full backup exists incremental backup is done starting with base
base is the newest (according to date) full or incremental backup
"""
innobackupex_incremental, innobackupex_full, full_backup, incremental_backup \
= args
if len(os.listdir(full_backup)) == 0:
print 'Doing full backup in %r' % full_backup
os.execv(innobackupex_full, [innobackupex_full, full_backup])
else:
backup_list = filter(os.path.isdir, glob.glob(full_backup + "/*") +
glob.glob(incremental_backup + "/*"))
backup_list.sort(key=lambda x: os.path.getmtime(x), reverse=True)
base = backup_list[0]
print 'Doing incremental backup in %r using %r as a base' % (
incremental_backup, base)
os.execv(innobackupex_incremental, [innobackupex_incremental,
'--incremental-basedir=%s'%base, incremental_backup])
import os
import subprocess
import time
import sys
def runMysql(args):
sleep = 60
conf = args[0]
mysqld_wrapper_list = [conf['mysqld_binary'], '--defaults-file=%s' %
conf['configuration_file']]
# we trust mysql_install that if mysql directory is available mysql was
# correctly initalised
if not os.path.isdir(os.path.join(conf['data_directory'], 'mysql')):
while True:
# XXX: Protect with proper root password
# XXX: Follow http://dev.mysql.com/doc/refman/5.0/en/default-privileges.html
popen = subprocess.Popen([conf['mysql_install_binary'],
'--skip-name-resolve', '--no-defaults', '--datadir=%s' %
conf['data_directory']],
stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
result = popen.communicate()[0]
if popen.returncode is None or popen.returncode != 0:
print "Failed to initialise server.\nThe error was: %s" % result
print "Waiting for %ss and retrying" % sleep
time.sleep(sleep)
else:
print "Mysql properly initialised"
break
else:
print "MySQL already initialised"
print "Starting %r" % mysqld_wrapper_list[0]
sys.stdout.flush()
sys.stderr.flush()
os.execl(mysqld_wrapper_list[0], *mysqld_wrapper_list)
def updateMysql(args):
conf = args[0]
sleep = 30
is_succeed = False
while True:
if not is_succeed:
mysql_upgrade_list = [conf['mysql_upgrade_binary'], '--no-defaults', '--user=root', '--socket=%s' % conf['socket']]
mysql_upgrade = subprocess.Popen(mysql_upgrade_list, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
result = mysql_upgrade.communicate()[0]
if mysql_upgrade.returncode is None:
mysql_upgrade.kill()
if mysql_upgrade.returncode != 0 and not 'is already upgraded' in result:
print "Command %r failed with result:\n%s" % (mysql_upgrade_list, result)
print 'Sleeping for %ss and retrying' % sleep
else:
if mysql_upgrade.returncode == 0:
print "MySQL database upgraded with result:\n%s" % result
else:
print "No need to upgrade MySQL database"
mysql_list = [conf['mysql_binary'].strip(), '--no-defaults', '-B', '--user=root', '--socket=%s' % conf['socket']]
mysql = subprocess.Popen(mysql_list, stdin=subprocess.PIPE,
stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
result = mysql.communicate(conf['mysql_script'])[0]
if mysql.returncode is None:
mysql.kill()
if mysql.returncode != 0:
print 'Command %r failed with:\n%s' % (mysql_list, result)
print 'Sleeping for %ss and retrying' % sleep
else:
is_succeed = True
print 'SlapOS initialisation script succesfully applied on database.'
sys.stdout.flush()
sys.stderr.flush()
time.sleep(sleep)
# Apache static configuration
# Automatically generated
# Basic server configuration
PidFile "%(pid_file)s"
Listen %(ip)s:%(port)s
PHPINIDir %(php_ini_dir)s
ServerAdmin someone@email
DefaultType text/plain
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-httpd-php .php .phtml .php5 .php4
AddType application/x-httpd-php-source .phps
# Log configuration
ErrorLog "%(error_log)s"
LogLevel warn
LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\"" combined
LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b" common
CustomLog "%(access_log)s" common
# Directory protection
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
Alias /mmc %(document_root)s
### Allow access to lmc web directory to everyone
<Directory %(document_root)s>
AllowOverride None
Order allow,deny
allow from all
php_flag short_open_tag on
php_flag magic_quotes_gpc on
</Directory>
DocumentRoot %(document_root)s
DirectoryIndex index.html index.php
# List of modules
LoadModule unixd_module modules/mod_unixd.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule headers_module modules/mod_headers.so
LoadModule dir_module modules/mod_dir.so
LoadModule php5_module modules/libphp5.so
%(file_list)s {
daily
dateext
rotate 30
compress
notifempty
sharedscripts
create
postrotate
%(postrotate)s
endscript
olddir %(olddir)s
}
#!/bin/sh
exec %(memcached_binary)s -p %(memcached_port)s -U %(memcached_port)s -l %(memcached_ip)s
#!/bin/sh
exec %(mmc_core_binary)s -f %(mmc_core_config_file)s
[main]
host = %(mmc_host)s
port = %(mmc_port)s
# Credentials for HTTP basic authentication
login = mmc
password = s3cr3t
# RPC Session timeout in seconds.
# If unset default to Twisted hardcoded 900 seconds.
#sessiontimeout = 900
# Multi-threading support (enabled by default)
#multithreading = 1
#maxthreads = 20
# SSL support
enablessl = 1
localcert = %(ssl_localcert)s
cacert = %(ssl_cacert)s
# Certificate check
# verifypeer = 0
# Path to the file containing the Certificate Authority (PEM format)
# cacert =
# Path to the file containing the local key and certificate (PEM format)
# localcert =
[daemon]
user = %(daemon_user)s
group = %(daemon_user)s
umask = 0077
pidfile= %(daemon_pidfile)s
# user = mmc
# group = mmc
# umask = 0007
# pidfile= /var/run/mmc-agent.pid
[loggers]
keys=root
[handlers]
keys=hand01,hand02
[formatters]
keys=form01
[logger_root]
level=NOTSET
handlers=hand01
[handler_hand01]
class=FileHandler
level=INFO
formatter=form01
args=("%s" % %(mmc_log)s,)
[handler_hand02]
class=StreamHandler
level=DEBUG
args=(sys.stderr,)
[formatter_form01]
format=%(asctime)s #%(thread)d %(levelname)s %(message)s
[main]
host = %(mmc_host)s
port = %(mmc_port)s
# Credentials for HTTP basic authentication
login = mmc
password = s3cr3t
# RPC Session timeout in seconds.
# If unset default to Twisted hardcoded 900 seconds.
#sessiontimeout = 900
# Multi-threading support (enabled by default)
#multithreading = 1
#maxthreads = 20
# SSL support
enablessl = 1
localcert = %(ssl_localcert)s
cacert = %(ssl_cacert)s
# Certificate check
# verifypeer = 0
# Path to the file containing the Certificate Authority (PEM format)
# cacert =
# Path to the file containing the local key and certificate (PEM format)
# localcert =
[daemon]
user = %(daemon_user)s
group = %(daemon_user)s
umask = 0077
pidfile= %(daemon_pidfile)s
# user = mmc
# group = mmc
# umask = 0007
# pidfile= /var/run/mmc-agent.pid
[loggers]
keys=root
[handlers]
keys=hand01,hand02
[formatters]
keys=form01
[logger_root]
level=NOTSET
handlers=hand01
[handler_hand01]
class=FileHandler
level=INFO
formatter=form01
args=("%s" % %(mmc_log)s,)
[handler_hand02]
class=StreamHandler
level=DEBUG
args=(sys.stderr,)
[formatter_form01]
format=%(asctime)s #%(thread)d %(levelname)s %(message)s
[global]
; RPC backend to use
backend = xmlrpc
; HTTP basic authentication credentials to use for XMLRPC communication
login = mmc
password = s3cr3t
; Root URL where the MMC web pages are installed
; root= /mmc/ for http://127.0.0.1/mmc/
root = /mmc/
; Filesystem path where the MMC web modules are installed
rootfsmodules = %(mmc_location)s/modules/
; Available pagination steps
pagination = 10 20 50 100
; Number of items to display in lists
maxperpage = 10
; Declare if this installation is a community version or not
; community can be yes or no
community = yes
; Debug section
[debug]
; 0 : no information
; 1 : XMLRPC calls and results are displayed by the web interface
level = 0
; Login page title
; UTF-8 strings must be used
[logintitle]
; Default page title for English and non-translated languages
C =
; French title
fr_FR =
; Spanish title
es_ES =
[server_01]
description = localhost
url = https://127.0.0.1:7080
; Timeout in seconds for all socket I/O operations
; Beware that timeout on a SSL socket only works with PHP >= 5.2.1
; timeout = 300
; SSL certificate check support
; verifypeer = 0
; Path to the file containing the Certificate Authority (PEM format)
; cacert =
; Path to the file containing the local key and certificate (PEM format)
; localcert =
[ldap]
# LDAP we are connected to
# If ldapurl starts with "ldaps://", use LDAP over SSL on the LDAPS port.
# LDAPS is deprecated, and you should use StartTLS.
# If ldapverifypeer = demand, always use the server hostname instead of its IP
# address in the LDAP URL. This hostname must match the CN field of the server
# certificate.
ldapurl = ldap://%(ldap_host)s:%(ldap_port)s
# Network timeout in seconds for LDAP operations. No default timeout set.
#network_timeout =
# TLS connection parameters when LDAPS is not used:
# off - never use TLS (default value)
# start_tls - Use the LDAPv3 StartTLS extended operation (better)
#start_tls = off
# If start_tls != off or LDAPS, specify check to perform on server certificate:
# never - don't ask certificate
# demand - request certificate. If none or bad certificate provided, stop the
# connection (recommended)
#ldapverifypeer = demand
# Client certicates to use (default are empty) for LDAPS or TLS connections:
# For example: /etc/ssl/certs
#cacertdir =
# For example: /etc/mmc/certs/demoCA/cacert.pem
#cacert =
# For example: /etc/mmc/certs/client.cert
#localcert =
# For example: /etc/mmc/certs/client.key
#localkey =
# Accepted ciphers
# Use this for more security: TLSv1+SHA1+AES+DH:CAMELLIA:!NULL:!ADH
#ciphersuites = TLSv1:!NULL
# LDAP debug level - set this to 255 to debug LDAP connection problems
#ldapdebuglevel = 0
# LDAP base DN
baseDN = dc=mandriva, dc=com
# Users location in the LDAP
baseUsersDN = ou=Users, %%(basedn)s
# Groups location in the LDAP
baseGroupsDN = ou=Groups, %%(basedn)s
# LDAP manager
rootName = cn=admin, %%(basedn)s
password = secret
# If enabled, the MMC will create/move/delete the home of the users
# Else will do nothing, but only write user informations into LDAP
userHomeAction = 1
# Skeleton directory to populate a new home directory
skelDir = /etc/skel
# If set, all new users will belong to this group when created
defaultUserGroup = Domain Users
# Default home directory for users
defaultHomeDir = /home
# user uid number start
uidStart = 10000
# group gid number start
gidStart = 10000
# LDAP log file path
logfile = %(ldap_logfile_path)s
# FDS log file path
# logfile = /opt/fedora-ds/slapd-hostname/logs/access
# you can specify here where you can authorized creation of your homedir
# default is your defaultHomeDir
# example:
# authorizedHomeDir = /home, /home2, /mnt/depot/newhome
# LDAP user password scheme to use
# Possible values are "ssha", "crypt" and "passmod"
# "passmod" uses the LDAP Password Modify Extended Operations to change
# password. The password encryption is done by the LDAP server.
passwordscheme = passmod
#[backup-tools]
## Path of the backup tools
#path = /usr/lib/mmc/backup-tools
## Where are put the archives
#destpath = /home/archives
# Computer inventory plugin to use (Pulse 2 related option)
# [computers]
# method = glpi
# method = inventory
# Audit system configuration
# If commented, the audit module will be disabled
# [audit]
# method = database
# dbhost = localhost
# MySQL and PostgreSQL backends are available
# dbdriver = postgres
# dbport = 5432
# dbdriver = mysql
# dbport = 3306
# dbuser = audit
# dbpassword = audit
# dbname = audit
# User authentication configuration
#[authentication]
# Authenticators chain
#method = baseldap externalldap
# baseldap authenticator configuration
#[authentication_baseldap]
# Set a list of login that will only be authentified using this authenticator
#authonly = root
# Externalldap authenticator configuration
#[authentication_externalldap]
# Login list that won't be authenticated with this authenticator.
#exclude =
# If set, only the speficied logins will be authenticated with this
# authenticator.
#authonly =
# Set whether this authenticator is mandatory. If it is mandatory and can't be
# validated during the mmc-agent activation phase, the mmc-agent exits with an
# error.
#mandatory = True
# LDAP server URLs. The LDAP server are selected in the given order when
# authenticating a user.
#ldapurl = ldap://192.168.0.1:389 ldap://192.168.0.2:389
# LDAP connection timeout in seconds. If the LDAP connection failed after this
# timeout, we try the next LDAP server in the list or give up if it the last.
#network_timeout =
# LDAP suffix where to search for user
#suffix = cn=Users,dc=mandriva,dc=com
# How to bind to the LDAP. Empty if anonymous
#bindname = cn=account, cn=Users, dc=linboxad, dc=com
#bindpasswd = s3cr3t
#bindname =
#bindpasswd =
# User filter
#filter = objectClass=*
# User attribute containing her/his login
#attr = cn
# User provisioning configuration
#[provisioning]
#method = externalldap
# externalldap provisioner configuration
#[provisioning_externalldap]
# Login list that won't be provisioned with this provisioner
#exclude = root
# These attributes are mandatory to create a user
#ldap_uid = cn
#ldap_givenName = sn
#ldap_sn = sn
# Other attributes to fill in
#ldap_mail = mail
#...
# We are able to fill the ACL fields the user logs in according to the value of
# an attribute from the external LDAP.
# What is the field name ?
#profile_attr =
# Here we define two profiles: profile1 and profile2
# profile1 allows the user to log in and change her/his password in the web
# interface
#profile_acl_profile1= :base#users#passwd/
# profile2 disallows the user to do anything (no ACL defined)
#profile_acl_profile2 =
# ... You can define as much profile_acl_* options as you need
# For each profile, we can create a group of user, and put users with a given
# profile in the corresponding group automatically when they log in.
# Set the next line to True to activate profile to group mapping
#profile_group_mapping = False
# A prefix for the created group can be set
#profile_group_prefix =
# Example userdefault settings to support Kerberos
# [userdefault]
# objectClass = +krb5KDCEntry,krb5Principal
# krb5KeyVersionNumber = 1
# krb5KDCFlags = 126
# krb5PrincipalName = %uid%@DOMAIN
# Subscription informations
# [subscription]
# product_name = MDS
# vendor_name = Mandriva
# vendor_mail = sales@mandriva.com
# customer_name =
# customer_mail =
# comment =
# users = 0
# computers = 0
# # Support informations
# support_mail = customer@customercare.mandriva.com
# support_phone = 0810 LINBOX
# support_comment =
[ldap]
# LDAP we are connected to
# If ldapurl starts with "ldaps://", use LDAP over SSL on the LDAPS port.
# LDAPS is deprecated, and you should use StartTLS.
# If ldapverifypeer = demand, always use the server hostname instead of its IP
# address in the LDAP URL. This hostname must match the CN field of the server
# certificate.
ldapurl = ldap://%(ldap_host)s:%(ldap_port)s
# Network timeout in seconds for LDAP operations. No default timeout set.
#network_timeout =
# TLS connection parameters when LDAPS is not used:
# off - never use TLS (default value)
# start_tls - Use the LDAPv3 StartTLS extended operation (better)
#start_tls = off
# If start_tls != off or LDAPS, specify check to perform on server certificate:
# never - don't ask certificate
# demand - request certificate. If none or bad certificate provided, stop the
# connection (recommended)
#ldapverifypeer = demand
# Client certicates to use (default are empty) for LDAPS or TLS connections:
# For example: /etc/ssl/certs
#cacertdir =
# For example: /etc/mmc/certs/demoCA/cacert.pem
#cacert =
# For example: /etc/mmc/certs/client.cert
#localcert =
# For example: /etc/mmc/certs/client.key
#localkey =
# Accepted ciphers
# Use this for more security: TLSv1+SHA1+AES+DH:CAMELLIA:!NULL:!ADH
#ciphersuites = TLSv1:!NULL
# LDAP debug level - set this to 255 to debug LDAP connection problems
#ldapdebuglevel = 0
# LDAP base DN
baseDN = dc=mandriva, dc=com
# Users location in the LDAP
baseUsersDN = ou=Users, %%(basedn)s
# Groups location in the LDAP
baseGroupsDN = ou=Groups, %%(basedn)s
# LDAP manager
rootName = cn=admin, %%(basedn)s
password = secret
# If enabled, the MMC will create/move/delete the home of the users
# Else will do nothing, but only write user informations into LDAP
userHomeAction = 1
# Skeleton directory to populate a new home directory
skelDir = /etc/skel
# If set, all new users will belong to this group when created
defaultUserGroup = Domain Users
# Default home directory for users
defaultHomeDir = /home
# user uid number start
uidStart = 10000
# group gid number start
gidStart = 10000
# LDAP log file path
logfile = %(ldap_logfile_path)s
# FDS log file path
# logfile = /opt/fedora-ds/slapd-hostname/logs/access
# you can specify here where you can authorized creation of your homedir
# default is your defaultHomeDir
# example:
# authorizedHomeDir = /home, /home2, /mnt/depot/newhome
# LDAP user password scheme to use
# Possible values are "ssha", "crypt" and "passmod"
# "passmod" uses the LDAP Password Modify Extended Operations to change
# password. The password encryption is done by the LDAP server.
passwordscheme = passmod
#[backup-tools]
## Path of the backup tools
#path = /usr/lib/mmc/backup-tools
## Where are put the archives
#destpath = /home/archives
# Computer inventory plugin to use (Pulse 2 related option)
# [computers]
# method = glpi
# method = inventory
# Audit system configuration
# If commented, the audit module will be disabled
# [audit]
# method = database
# dbhost = localhost
# MySQL and PostgreSQL backends are available
# dbdriver = postgres
# dbport = 5432
# dbdriver = mysql
# dbport = 3306
# dbuser = audit
# dbpassword = audit
# dbname = audit
# User authentication configuration
#[authentication]
# Authenticators chain
#method = baseldap externalldap
# baseldap authenticator configuration
#[authentication_baseldap]
# Set a list of login that will only be authentified using this authenticator
#authonly = root
# Externalldap authenticator configuration
#[authentication_externalldap]
# Login list that won't be authenticated with this authenticator.
#exclude =
# If set, only the speficied logins will be authenticated with this
# authenticator.
#authonly =
# Set whether this authenticator is mandatory. If it is mandatory and can't be
# validated during the mmc-agent activation phase, the mmc-agent exits with an
# error.
#mandatory = True
# LDAP server URLs. The LDAP server are selected in the given order when
# authenticating a user.
#ldapurl = ldap://192.168.0.1:389 ldap://192.168.0.2:389
# LDAP connection timeout in seconds. If the LDAP connection failed after this
# timeout, we try the next LDAP server in the list or give up if it the last.
#network_timeout =
# LDAP suffix where to search for user
#suffix = cn=Users,dc=mandriva,dc=com
# How to bind to the LDAP. Empty if anonymous
#bindname = cn=account, cn=Users, dc=linboxad, dc=com
#bindpasswd = s3cr3t
#bindname =
#bindpasswd =
# User filter
#filter = objectClass=*
# User attribute containing her/his login
#attr = cn
# User provisioning configuration
#[provisioning]
#method = externalldap
# externalldap provisioner configuration
#[provisioning_externalldap]
# Login list that won't be provisioned with this provisioner
#exclude = root
# These attributes are mandatory to create a user
#ldap_uid = cn
#ldap_givenName = sn
#ldap_sn = sn
# Other attributes to fill in
#ldap_mail = mail
#...
# We are able to fill the ACL fields the user logs in according to the value of
# an attribute from the external LDAP.
# What is the field name ?
#profile_attr =
# Here we define two profiles: profile1 and profile2
# profile1 allows the user to log in and change her/his password in the web
# interface
#profile_acl_profile1= :base#users#passwd/
# profile2 disallows the user to do anything (no ACL defined)
#profile_acl_profile2 =
# ... You can define as much profile_acl_* options as you need
# For each profile, we can create a group of user, and put users with a given
# profile in the corresponding group automatically when they log in.
# Set the next line to True to activate profile to group mapping
#profile_group_mapping = False
# A prefix for the created group can be set
#profile_group_prefix =
# Example userdefault settings to support Kerberos
# [userdefault]
# objectClass = +krb5KDCEntry,krb5Principal
# krb5KeyVersionNumber = 1
# krb5KDCFlags = 126
# krb5PrincipalName = %uid%@DOMAIN
# Subscription informations
# [subscription]
# product_name = MDS
# vendor_name = Mandriva
# vendor_mail = sales@mandriva.com
# customer_name =
# customer_mail =
# comment =
# users = 0
# computers = 0
# # Support informations
# support_mail = customer@customercare.mandriva.com
# support_phone = 0810 LINBOX
# support_comment =
[main]
disable = 1
[ppolicy]
# Branch where the password policies are stored
ppolicyDN = ou=Password Policies, %(baseDN)s
# Name of the default password policy
ppolicyDefault = default
# This options are used only once to create the default password policy entry
# into the LDAP
[ppolicyattributes]
pwdAttribute = userPassword
pwdLockout = True
pwdMaxFailure = 5
pwdLockoutDuration = 900
# Password can't be change if it not 7 days old
pwdMinAge = 25200
# Password expiration is 42 days
pwdMaxAge = 3628800
pwdMinLength = 8
pwdInHistory = 5
pwdMustChange = True
# To check password quality
pwdCheckModule = mmc-check-password.so
pwdCheckQuality = 2
# ERP5 buildout my.cnf template based on my-huge.cnf shipped with mysql
# The MySQL server
[mysqld]
# ERP5 by default requires InnoDB storage. MySQL by default fallbacks to using
# different engine, like MyISAM. Such behaviour generates problems only, when
# tables requested as InnoDB are silently created with MyISAM engine.
#
# Loud fail is really required in such case.
sql-mode="NO_ENGINE_SUBSTITUTION"
skip-show-database
port = %(tcp_port)s
bind-address = %(ip)s
socket = %(socket)s
datadir = %(data_directory)s
pid-file = %(pid_file)s
log-error = %(error_log)s
log-slow-file = %(slow_query_log)s
long_query_time = 5
max_allowed_packet = 128M
query_cache_size = 32M
plugin-load = ha_innodb_plugin.so
# The following are important to configure and depend a lot on to the size of
# your database and the available resources.
#innodb_buffer_pool_size = 4G
#innodb_log_file_size = 256M
#innodb_log_buffer_size = 8M
# Some dangerous settings you may want to uncomment if you only want
# performance or less disk access. Useful for unit tests.
#innodb_flush_log_at_trx_commit = 0
#innodb_flush_method = nosync
#innodb_doublewrite = 0
#sync_frm = 0
# Uncomment the following if you need binary logging, which is recommended
# on production instances (either for replication or incremental backups).
#log-bin=mysql-bin
# Force utf8 usage
collation_server = utf8_unicode_ci
character_set_server = utf8
skip-character-set-client-handshake
[mysql]
no-auto-rehash
socket = %(socket)s
[mysqlhotcopy]
interactive-timeout
CREATE DATABASE IF NOT EXISTS %(database)s;
GRANT ALL PRIVILEGES ON %(database)s.* TO %(user)s@localhost IDENTIFIED BY %(password)r;
GRANT ALL PRIVILEGES ON %(database)s.* TO %(user)s@'%%' IDENTIFIED BY %(password)r;
GRANT SHOW DATABASES ON *.* TO %(user)s@localhost IDENTIFIED BY %(password)r;
GRANT SHOW DATABASES ON *.* TO %(user)s@'%%' IDENTIFIED BY %(password)r;
FLUSH PRIVILEGES;
EXIT
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
# Policies used by the TSA examples.
tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = %(working_directory)s # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
#unique_subject = no # Set to 'no' to allow creation of
# several ctificates with same subject.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
crlnumber = $dir/crlnumber # the current crl number
# must be commented out to leave a V1 CRL
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem # The private key
RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Comment out the following two lines for the "traditional"
# (and highly broken) format.
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
# Extension copying option: use with caution.
# copy_extensions = copy
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crlnumber must also be commented out to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = default # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_match
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = 2048
default_md = sha1
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
#attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
string_mask = utf8only
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_value = %(country_code)s
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_value = %(state)s
localityName = Locality Name (eg, city)
localityName_value = %(city)s
0.organizationName = Organization Name (eg, company)
0.organizationName_value = %(company)s
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
emailAddress = Email Address
emailAddress_value = %(email_address)s
emailAddress_max = 64
# SET-ex3 = SET extension number 3
#[ req_attributes ]
#challengePassword = A challenge password
#challengePassword_min = 4
#challengePassword_max = 20
#
#unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
# This is required for TSA certificates.
# extendedKeyUsage = critical,timeStamping
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always
[ proxy_cert_ext ]
# These extensions should be added when creating a proxy certificate
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
# This really needs to be in place for it to be a proxy certificate.
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
####################################################################
[ tsa ]
default_tsa = tsa_config1 # the default TSA section
[ tsa_config1 ]
# These are used by the TSA reply generation only.
dir = /etc/pki/tls # TSA root directory
serial = $dir/tsaserial # The current serial number (mandatory)
crypto_device = builtin # OpenSSL engine to use for signing
signer_cert = $dir/tsacert.pem # The TSA signing certificate
# (optional)
certs = $dir/cacert.pem # Certificate chain to include in reply
# (optional)
signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
default_policy = tsa_policy1 # Policy if request did not specify it
# (optional)
other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
digests = md5, sha1 # Acceptable message digests (mandatory)
accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
clock_precision_digits = 0 # number of digits after dot. (optional)
ordering = yes # Is ordering defined for timestamps?
# (optional, default: no)
tsa_name = yes # Must the TSA name be included in the reply?
# (optional, default: no)
ess_cert_id_chain = no # Must the ESS cert id chain be included?
# (optional, default: no)
[PHP]
engine = On
safe_mode = Off
expose_php = On
error_reporting = E_ALL | E_STRICT
display_errors = On
display_startup_errors = On
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
[main]
# Is the plugin disable ?
disable = 0
# Are dynamic group enable ?
dynamic_enable = 1
# Are profiles enable ?
# profiles_enable = 0
# Preselected module in the dynamic group creation page
# default_module =
# Maximum number of elements in the static group creation list
# max_elements_for_static_list = 2000
[database]
dbdriver = mysql
dbhost = %(mysql_host)s
dbport = %(mysql_port)s
dbuser = %(mysql_user)s
dbpasswd = %(mysql_password)s
dbname = dyngroup
# dbsslenable = 0
# dbsslca =
# dbsslcert =
# dbsslkey =
# Database connection lifetime
# dbpoolrecycle = 60
# Database connection pool size
# dbpoolsize = 5
[querymanager]
# can we query on group names ?
activate = 0
[main]
disable = 0
dbdriver = mysql
dbhost = %(mysql_host)s
dbport = %(mysql_port)s
dbuser = %(mysql_user)s
dbpasswd = %(mysql_password)s
dbname = glpi
# dbsslenable = 0
# dbsslca =
# dbsslcert =
# dbsslkey =
# Database connection lifetime
# dbpoolrecycle = 60
# Database connection pool size
# dbpoolsize = 5
# Allow users to filter computers list using an entity selector
localisation = True
# Accepted GLPI profiles. A user must have her/his GLPI profile in this list
# else she/he can't display any computers from the GLPI inventory
# active_profiles = profile1 profile2 profile3
# Only display computers with the specified state
# filter_on = state=3
# Give the uri to link to for a computer inventory
# glpi_computer_uri =
# should be something like that :
# glpi_computer_uri = http://localhost/glpi/front/computer.form.php?ID=
# Tell whether the query manager of the dyngroup plugin can use this module
[querymanager]
activate = True
# GLPI authentication configuration
#[authentication_glpi]
# URL to connect to the GLPI HTTP interface ?
#baseurl = http://glpi-server/glpi/
# GLPI provisioning configuration
#[provisioning_glpi]
# Users that will never be provisioned
#exclude = root
# Before provisioning, should we perform a GLPI authentication to create or
# update the user informations in the GLPI database ?
#doauth = 1
# MMC web interface ACLs definition according to the user GLPI profile
#profile_acl_profile1 = :##:base#main#default
#profile_acl_profile2 =
#profile_acl_profile3 =
# If the user belong to more than one profile, the first profile of this list
# will be used
#profiles_order = profile1 profile2 profile3
[main]
disable = 0
[database]
# dbdriver = mysql
# dbhost = localhost
# dbport = 3306
# dbname = imaging
# dbuser = mmc
# dbpasswd = mmc
# dbsslenable = 0
# dbsslca = /etc/mmc/pulse2/imaging/cacert.pem
# dbsslcert = /etc/mmc/pulse2/imaging/cert.pem
# dbsslkey = /etc/mmc/pulse2/imaging/key.pem
# Database connection lifetime
# dbpoolrecycle = 60
# Database connection pool size
# dbpoolsize = 5
# [web]
# ##### Interface customization #####
# user may want to override the way dates are displayed (see http://www.php.net/date for more informations)
# web_def_date_fmt = "%Y-%m-%d %H:%M:%S"
# web_def_default_protocol = nfs
# Menu settings
# web_def_default_menu_name = Menu
# web_def_default_timeout = 60
# web_def_default_background_uri =
# web_def_default_message = Warning ! Your PC is being backed up or restored. Do not reboot !
# start options
# web_def_kernel_parameters = quiet
# backup/restore options
# web_def_image_parameters =
[main]
disable = 0
displayLocalisationBar = 0
# Example of software filter when querying a computer inventory.
# All softwares containing the KB string will be excluded
# software_filter = %KB%
[inventory]
dbdriver = mysql
dbhost = %(mysql_host)s
dbport = %(mysql_port)s
dbuser = %(mysql_user)s
dbpasswd = %(mysql_password)s
dbname = inventory
dbsslenable = 0
dbsslca = %(inventory_ssl_cacert)s
dbsslcert = %(inventory_ssl_cert)s
dbsslkey = %(inventory_ssl_key)s
# Database connection lifetime
# dbpoolrecycle = 60
# Database connection pool size
# dbpoolsize = 5
[computers]
# display = cn::Computer Name||displayName::Description
# content =
[expert_mode]
Bios = BiosVersion|ChipSerial|BiosVendor|SmbManufacturer|SmbProduct|SmbVersion|SmbSerial|SmbUUID|SmbType|DateFirstSwitchOn
Network = CardType|MIB|Bandwidth|NetworkType|SubnetMask|State
Hardware = Build|Version|ProcessorCount|SwapSpace|User|Date|Workgroup|RegisteredName|RegisteredCompany|OSSerialNumber|Type|OsSerialKey|ProcessorFrequency|Host
Software = ProductPath|Type|Icon|UninstallPath|ExecutableSize|Application
Controller = ExpandedType|HardwareVersion|StandardType
Drive = DriveType|FileCount|FileSystem
Input = StandardDescription|ExpandedDescription|Connector
Memory = ExtendedDescription|SlotCount
Monitor = Stamp|Type|Serial|Manuf
Pci =
Port = Stamp
Printer =
Slot =
Sound = Description
Storage = ExtendedType|VolumeName|Media
VideoCard =
[graph]
Network = Gateway
Hardware = OperatingSystem|ProcessorType
Memory = Size
# [querymanager]
# list = Entity/Label||Software/ProductName||Hardware/ProcessorType||Hardware/OperatingSystem||Drive/TotalSpace||Inventory/Date
# double = Software/Products::Software/ProductName##Software/ProductVersion
# halfstatic = Registry/Value/display name::Path##DisplayName
# extended = Inventory/Date||Drive/TotalSpace
# [provisioning_inventory]
# Users that will never be provisioned
# exclude = root
# A user can be automatically linked to a list of entities according to his
# profile.
# What is the LDAP field name that defines its profile name ?
# profile_attr =
# Here are the possible notations for profile to entities mapping:
# A simple list of the entities names
# profile_entity_profile1 = entityA entityB
# The dot char is the root entity
# profile_entity_profile2 = .
# In this example the content of the multi-valued 'pulse2entity' LDAP attribute
# will be used
# profile_entity_profile3 = %pulse2entity%
# Here the provisioning plugin 'network_to_entity' will be used
# profile_entity_profile4 = plugin:network_to_entity
[main]
disable = 0
[msc]
# repopath = /var/lib/pulse2/packages
# qactionspath = /var/lib/pulse2/qactions
# download_directory_path = /var/lib/pulse2/downloads
# dbdriver = mysql
# dbhost = localhost
# dbport = 3306
# dbname = msc
# dbuser = mmc
# dbpasswd = mmc
# dbdebug = ERROR
# Database connection lifetime
# dbpoolrecycle = 60
# Database connection pool size
# dbpoolsize = 5
# SSL support
# dbsslenable = 0
# dbsslca =
# dbsslcert =
# dbsslkey =
# Computer's IP addresses filtering
# ignore_non_rfc2780 = 1
# ignore_non_rfc1918 = 0
# Comma separated values of excluded or included IP addresses or ranges
# For example: exclude_ipaddr = 192.168.0.1,10.0.0.0/10.255.255.255
# Included addresses are never filtered.
# exclude_ipaddr =
# include_ipaddr =
# Computer's host name filtering
# ignore_non_fqdn = 0
# ignore_invalid_hostname = 0
# Space separated list regexp for rejected or accepted host name
# Host name matching the regexp in include_hostname are always accepted
# For example: exclude_hostname = ^computer[0-9]*$ ^server[0-9]*$
# exclude_hostname =
# include_hostname =
# Computer's MAC addresses filtering
# wol_macaddr_blacklist =
# default scheduler used by the msc
default_scheduler = scheduler_01
[scheduler_api]
host = %(ipv4)s
port = 9990
username =
password =
enablessl = 1
# verifypeer = 0
# cacert =
# localcert =
[scheduler_01]
host = %(ipv4)s
port = 8000
username = username
password = password
enablessl = 1
# verifypeer = 0
# cacert =
# localcert =
[web]
# ##### Interface customization #####
# user may want to override the way dates are displayed (see http://www.php.net/date for more informations)
# web_def_date_fmt = "%Y-%m-%d %H:%M:%S"
#
# ##### Deployment default settings #####
# pre-check the "awake" checkbox in 'standard' deploy mode
# web_def_awake = 1
# pre-check the "do inventory" checkbox in 'standard' deploy mode
# web_def_inventory = 1
# hidden option
# web_show_reboot = 0
# pre-select the following mode in 'advanced' deploy mode
# the two available modes are push and push_pull
# web_def_mode = push
# if set to False, the following setting allow the user to toggle between push and push/pull mode in advanced mode
# web_force_mode = True
# web_def_maxbw = 0
# web_def_delay = 60
# web_def_attempts = 3
# web_def_deployment_intervals =
# web_dlpath =
# Max bandwidth for file download in Kbit/s
# web_def_dlmaxbw = 0
#
# ##### Proxy default settings ####
# May the local proxy system be used ?
# web_allow_local_proxy = False
# default proxy mode, defaut "multiple", other possible value "single"
# web_def_local_proxy_mode = multiple
# Max number of clients per proxy in proxy mode
# web_def_max_clients_per_proxy = 10
# Number of auto-selected proxy in semi-auto mode
# web_def_proxy_number = 2
# default mode (semi_auto / manual)
# web_def_proxy_selection_mode = semi_auto
#
# ##### VNC Applet default settings ####
# Here we may define the VNC applet behavior (in some way)
# may the VNC applet used ? (this setting simply (en/dis)able the display of the VNC action button)
# vnc_show_icon = True
# allow user to interact with remote desktop ?
# vnc_view_only = True
# use the following VNC client pre-defined rules,
# currently available profiles:
# fiber: for high speed local networks (low latency, 10 Mb/s per connection)
# lan: for 100 Mb local networks (low latency, 3 Mb/s per connection)
# cable: for high-end broadband links (high latency, 400 kb/s per connection)
# dsl: for low-end broadband links (high latency, 120 kb/s per connection)
# isdn: (high latency, 75 kb/s)
# vnc_network_connectivity = lan
# display applet control to user
# vnc_allow_user_control = False
# the port to use to connect to a VNC
# vnc_port = 5900
#
# ##### Client probing behavior ####
# the LED which represents the client status can take four colors:
# black => no probe done
# red => all probe failed
# orange => minimal probe succedeed (ping), maximal probe failed (ssh)
# green => all probe succedeed
# available probes are: none (field is empty), ping, ssh, ping_ssh (ie. both)
# for networks where icmp is not allowed, ping may be disabled: probe_order=ssh
# to speed-up display, ssh may be disabled: probe_order=ping
# to fully disable probe: probe_order=
# default conf: ping_ssh, in other terms: ping = orange, ssh = green
# probe_order=ping_ssh
[package_api]
# mserver = 127.0.0.1
# mport = 9990
# mmountpoint = /rpc
# enablessl = 1
# verifypeer = 0
# localcert =
# cacert =
[main]
disable = 0
[user_package_api]
server = localhost
port = 9990
mountpoint = /upaa
username =
password =
enablessl = 1
# verifypeer = 0
# cacert =
# localcert =
[main]
disable = 0
# [database]
# dbdriver = mysql
# dbhost = localhost
# dbport = 3306
# dbname = pulse2
# dbuser = mmc
# dbpasswd = mmc
# dbsslenable = 0
# dbsslca =
# dbsslcert =
# dbsslkey =
^/tftpboot/revoboot/bin/revoboot.pxe$ bootloader/pxe_boot
^/bootloader/pxe_boot$ bootloader/pxe_boot
^/bootloader/bootsplash.xpm$ bootloader/bootsplash.xpm
^/bootmenus/default bootmenus/default
^/bootmenus/([0-9A-F]{12}) bootmenus/$1
^/bootmenus/([0-9A-F]{8}) bootmenus/$1
^/custom/(.+) custom/$1
^/diskless/kernel$ diskless/kernel
^/diskless/initrd$ diskless/initrd
^/diskless/memtest$ diskless/memtest
^/tools/memtest$ diskless/memtest
^/masters/(.+) masters/$1
^/(.*)$ ?
.* ?
[main]
# We will bind on this address ...
# host = 0.0.0.0
# ... and this UDP port
# port = 1001
# required password to record a client, not checked if empty
# adminpass =
[daemon]
# as we are a service, we need some info to be run, such as:
# - the identity we will run into
# user = root
# group = root
# - our umask
# umask = 0077
# and where to record our PID
# pidfile= /var/run/pulse2-imaging-server.pid
[package-server]
# here are described how to talk to our referent package server
#
# host = 127.0.0.1
# port = 9990
# mount_point = /imaging_api
# enablessl = True
# username = username
# password = password
# cacert = /etc/mmc/pulse2/imaging-server/keys/cacert.pem
# localcert = /etc/mmc/pulse2/imaging-server/keys/privkey.pem
# verifypeer = False
[hooks]
# hooks_dir = /usr/lib/pulse2/imaging-server/hooks
#
# 0xAD => "I'm new" action : menu creation request, triggered by the bootloader
# arg[1] = source MAC (short)
# arg[2] = given ID (short)
# arg[3] = given PASSWORD (optionnal)
# exit 0 on success
# create_client_path = create_client
#
# 0xAA => "I just booted" action : menu update request + inventory processing request, triggered by the bootloader
# arg[1] = source MAC (short)
# boot_client_path = boot_client
# arg[1] = source MAC (short)
# arg[2] = where the inventory is temporaly stored
# process_inventory_path = process_inventory
#
# 0xEC => "I just started a backup" : start a backup request, triggered by revoinc
# arg[1] = source MAC (short)
# arg[2] = kind of backup (L = image, B = Master)
# exit 0 on success
# start_image_path = start_image
#
# 0xED => "I just finished a backup" : end a backup request, triggered by revodoneimage
# end_image_path = end_image
#
# 0xCD => "Change my default menu" => change default menu request, triggered by revodefault
# arg[1] = source MAC (short)
# arg[2] = item to use
# exit 0 on success
# change_default_path = change_default
#
# 0x4C => log stuff
# arg[1] = source MAC (short)
# arg[2] = action :
# 0 => booted
# 1 => took item arg[3]
# 2 => starting restoration (more info in arg[3])
# 3 => finished restoration (more info in arg[3])
# 4 => starting backup (more info in arg[3])
# 5 => finished backup (more info in arg[3])
# 6 => started postinst
# 7 => finished postinst
# 8 => critical error
# arg[3] = optional, see upper
# exit 0 on success
# log_action_path = log_action
#
# 0x1A => asks for its UUID
# arg[1] = source MAC (short)
# exit 0 on success, UUID is the last line on stdout
# get_uuid_path = get_uuid
#
# 0x1B => asks for its Hostname
# arg[1] = source MAC (short)
# exit 0 on success, hostname is the last line on stdout
# get_hostname_path = get_hostname
#
# 0x54 => ask for time sync (for mtftp)
# arg[1] = source MAC (short)
# arg[2] = computed sync
# exit 0 on success
# mtftp_sync_path = mtftp_sync
[loggers]
keys = root
[handlers]
keys = hand01
[formatters]
keys = form01
[logger_root]
level = NOTSET
handlers = hand01
[handler_hand01]
class = FileHandler
level = INFO
formatter = form01
args = ("/var/log/mmc/pulse2-imaging-server.log",)
[formatter_form01]
format = %(asctime)s %(levelname)s %(message)s
[main]
# host =
# port = 9999
# ocsmapping = /etc/mmc/pulse2/inventory-server/OcsNGMap.xml
# enablessl = False
# verifypeer = False
# cacert = /etc/mmc/pulse2/inventory-server/keys/cacert.pem
# localcert = /etc/mmc/pulse2/inventory-server/keys/privkey.pem
# to put the data from the registry as hostname
# hostname = Hardware/Host # by default
# default_entity = .
# entities_rules_file =
[database]
# dbdriver = mysql
# dbhost = localhost
# dbport = 3306
# dbname = inventory
# dbuser = mmc
# dbpasswd = mmc
# dbpoolrecycle = 60
# dbsslenable = 0
# dbsslca = /etc/mmc/pulse2/inventory/cacert.pem
# dbsslcert = /etc/mmc/pulse2/inventory/cert.pem
# dbsslkey = /etc/mmc/pulse2/inventory/key.pem
[daemon]
# pidfile = /var/run/pulse2-inventory-server.pid
# user = root
# group = root
# umask = 0077
# Example of non-root execution settings:
# user = mmc
# group = mmc
# umask = 0007
# [option_01]
# NAME = REGISTRY
# PARAM_01 = NAME::srvcomment||REGKEY::SYSTEM\CurrentControlSet\Services\lanmanserver\parameters||REGTREE::2##srvcomment
# PARAM_02 = NAME::DisplayName||REGKEY::SYSTEM\CurrentControlSet\Services\lanmanserver||REGTREE::2##DisplayName
[loggers]
keys=root
[handlers]
keys=hand01,hand02
[formatters]
keys=form01
[logger_root]
level=NOTSET
handlers=hand01
[handler_hand01]
class=FileHandler
level=INFO
formatter=form01
args=("/var/log/mmc/pulse2-inventory-server.log",)
[handler_hand02]
class=StreamHandler
level=DEBUG
args=(sys.stderr,)
[formatter_form01]
format=%(asctime)s %(levelname)s %(message)s
[launchers]
# Pulse2 Launcher path
# launcher_path = /usr/sbin/pulse2-launcher
## Misc locations ##
# Source directory for push mode
# source_path = /var/lib/pulse2/packages
## Workflow-related commands ##
# global ping command
# ping_path = /usr/sbin/pulse2-ping
# global inventory command
# inventory_command = export P2SRV=`echo $SSH_CONNECTION | cut -f1 -d\ `; export P2PORT=9999; export http_proxy=""; export ftp_proxy=""; ( [ -x /cygdrive/c/Program\ Files/OCS\ Inventory\ Agent/OCSInventory.exe ] && /cygdrive/c/Program\ Files/OCS\ Inventory\ Agent/OCSInventory.exe /np /server:$P2SRV /pnum:$P2PORT ) || ( [ -x /usr/bin/ocsinventory-agent ] && /usr/bin/ocsinventory-agent --server=http://$P2SRV:$P2PORT ) || ( [ -x /usr/sbin/ocsinventory-agent ] && /usr/sbin/ocsinventory-agent --server=http://$P2SRV:$P2PORT ) || ( [ -x /usr/local/sbin/ocs_mac_agent.php ] && /usr/local/sbin/ocs_mac_agent.php )
# global reboot command
# reboot_command = /bin/shutdown.exe -f -r 1 || shutdown -r now
# global halt command
# halt_command = /bin/shutdown.exe -f -s 1 || shutdown -h now
## Target on client ##
# target directory on client
# target_path = /tmp
# temp folder name prefix on client
# temp_folder_prefix = MDVPLS
## Foll-proofing ##
# Above this amount of seconds the command will automatically be killed.
# max_command_age = 86400
# Above this amount of seconds a computer will be considered as
# unreachable.
# max_ping_time = 4
# Above this amount of seconds a computer will be considered as without
# ssh installed
# max_probe_time = 20
[daemon]
# the place were we put the daemons's PID files
# pidfile = /var/run/pulse2
# user = root
# group = root
# umask = 0077
# Example of non-root execution settings:
# user = mmc
# group = mmc
# umask = 0007
[wrapper]
# wrapper path
# path = /usr/sbin/pulse2-output-wrapper
# cap the amount of logs a wrapper can generate (in bytes)
# max_log_size = 512000
# wrapper will quit it process takes longer to complete (in seconds)
# max_exec_time = 21600
[ssh]
# defaultkey is the name of the default SSH key
# default_key = default
# openssl binaries path
# scp_path = /usr/bin/scp
# ssh_path = /usr/bin/ssh
# ssh_agent_path = /usr/bin/ssh-agent
# sshkey_default = /root/.ssh/id_dsa
# sshkey_mysecondkey = /somewhere/my_second_key
# options passed to SSH via "-o"
# ssh_options = LogLevel=ERROR UserKnownHostsFile=/dev/null StrictHostKeyChecking=no Batchmode=yes PasswordAuthentication=no ServerAliveInterval=10 CheckHostIP=no ConnectTimeout=10
# ssh's keyforwarding control: never, always, or let (aka 'let the scheduler decide')
# forward_key = let
[wget]
# wget binary path (on client)
# wget_path = /usr/bin/wget
# wget_options =
# check_certs = False
# resume = True
[rsync]
# rsync_path = /usr/bin/rsync
# resume = True
# set_executable can be yes, no or keep
# set_executable = yes
# set_access can be private, restricted or public
# set_access = private
[wol]
# Pulse2 WOL Path
# wol_path = /usr/sbin/pulse2-wol
# wol_port = 40000
# wol_bcast = 255.255.255.255
[tcp_sproxy]
# Pulse2 SSH Proxy path
# tcp_sproxy_path = /usr/sbin/pulse2-tcp-sproxy
# The "external" VNC IP adress
# tcp_sproxy_host =
# The TCP range to attribue to the proxy
# tcp_sproxy_port_range = 8100-8200
# the initial ssh connection to the client timeout
# tcp_sproxy_establish_delay = 20
# the initial VNC connection to the proxy timeout
# tcp_sproxy_connect_delay = 60
# the number of seconds a connection will stay open after the initial handshake
# tcp_sproxy_session_lenght = 3600
[smart_cleaner]
# Pulse2 Smart Cleaner path (on the target); if empty we do not use it
# smart_cleaner_path = /usr/bin/pulse2-smart-cleaner.sh
# cleaner options, space separated, see doc
# smart_cleaner_options =
[scheduler_01]
# host = 127.0.0.1
# port = 8000
# enablessl = True
# username = username
# password = password
# periodicaly talk to our referent scheduler
# awake_time = 600
# add some randomness in our wake-ups
# awake_incertitude_factor = .2
# if set to yes, do no send results directly after a command completion
# defer_results = no
# Launchers sections, one per launcher
[launcher_01]
# bind = 127.0.0.1
port = 8001
# slots = 300
# username = username
# password = password
# scheduler = scheduler_01
enablessl = True
cacert = /etc/mmc/pulse2/launchers/keys/cacert.pem
localcert = /etc/mmc/pulse2/launchers/keys/privkey.pem
verifypeer = False
# You can override the logger configuration of this launcher with the
# loggconffile option, else the logger configuration from the current file will
# be used.
# logconffile = /etc/mmc/pulse2/launchers/log_launcher_01.ini
[loggers]
keys = root
[handlers]
keys = hand01
[formatters]
keys = form01
[logger_root]
level = NOTSET
handlers = hand01
[handler_hand01]
class = FileHandler
level = INFO
formatter = form01
args = ("/var/log/mmc/pulse2-launchers.log",)
[formatter_form01]
format = %(asctime)s %(levelname)s %(message)s
[loggers]
keys = root
[handlers]
keys = hand01
[formatters]
keys = form01
[logger_root]
level = NOTSET
handlers = hand01
[handler_hand01]
class = FileHandler
level = INFO
formatter = form01
args = ("/var/log/mmc/pulse2-launcher-01.log",)
[formatter_form01]
format = %(asctime)s %(levelname)s %(message)s
[main]
server =
port = 9999
command_name = C:\Program Files\OCS Inventory Agent\OCSInventory.exe
command_attr = /SERVER:127.0.0.1 /PNUM:9999
enablessl = True
verifypeer = False
cacert = cacert.pem
localcert = privkey.pem
# [polling]
# activate = 0
# type = reg
# time = 600
# path = HKEY_LOCAL_MACHINE\Software\Mandriva\Inventory\Client\do_inventory
[loggers]
keys = root
[handlers]
keys = hand01
[formatters]
keys = form01
[logger_root]
level = NOTSET
handlers = hand01
[handler_hand01]
class = handlers.NTEventLogHandler
level = INFO
formatter = form01
args = ("Pulse 2 Proxy SSL",)
# [handler_hand01]
# class = handlers.RotatingFileHandler
# level = DEBUG
# formatter = form01
# args = ("C:\\Program Files\\Mandriva\\Pulse2 Inventory SSL Proxy\\log.txt", "a", 100*1024, 5)
[formatter_form01]
format = %(asctime)s %(levelname)s %(message)s
# Xml update add extra information to OCS XML output
[xmlupdate]
# execute the update
enable = False
# keep a local copy of the updated XML
keepxmlupdate = False
# notify software updates
updatedetection = False
# add software icons to XML output
addicon = False
# add OCS execution debug to OCS XML output
[ocsdebug]
enable = False
\ No newline at end of file
[main]
# server =
# port = 9999
# path = /
# tmpdirname = /tmp/Pulse2InventoryProxy
# command_name = /usr/local/bin/ocsinventory-agent
# command_attr = -l /tmp/Pulse2InventoryProxy
# enablessl = True
# key_file = conf/key/privkey.pem
# cert_file = conf/key/cacert.pem
[main]
# ----------
# NETWORKING
# ----------
# port = 9990
# host =
# The public IP send when a client agent is wondering how to reach this package server, set to the "host" parameter value if not defined
# public_ip =
#
# --------
# PACKAGES
# --------
# Is package autodetection activated ?
# package_detect_activate = 0
# Time between two loops of detection
# package_detect_loop = 60
# methods in none, last_time_modification, check_size
# for more than 1 method, separate with ","
# package_detect_smart_method = none
# package_detect_smart_time = 60
# Package api can synhronise package data to others servers
# package_mirror_loop = 5
# package synchronisation targets
# package_mirror_target =
# package synchronisation state file. used only if package_mirror_target is defined
# File where pending sync are written so that they can be finished on package server restart.
# package_mirror_status_file = /var/data/mmc/status
# package synchronisation command to use
# package_mirror_command = /usr/bin/rsync
# package synchronisation command options
# package_mirror_command_options = -ar --delete
# package synchronisation command on only one level options
# package_mirror_level0_command_options = -d --delete
# options passed to SSH via "-o" if specified --rsh is automatically added to package_mirror_command_options
# package_mirror_command_options_ssh_options =
# for example
# package_mirror_command_options_ssh_options = IdentityFile=/root/.ssh/id_dsa StrictHostKeyChecking=no Batchmode=yes PasswordAuthentication=no ServerAliveInterval=10 CheckHostIP=no ConnectTimeout=10
# loop for the sync of the whole package directory
# can only be activated when package_mirror_target is given
# package_global_mirror_activate = 1
# package_global_mirror_loop = 3600
# package_global_mirror_command_options = -ar --delete
# real package deletion
# real_package_deletion = 0
#
# ----------
# MISC STUFF
# ----------
# machine/mirror assign algo
# mm_assign_algo = default
# user/packageput assign algo
# up_assign_algo = default
# tmp_input_dir = /tmp/packages/default
[daemon]
# the place were we put the daemons's PID files
# pidfile = /var/run/pulse2-package-server.pid
# user = root
# group = root
# umask = 0022
# Example of non-root execution settings:
# user = mmc
# group = mmc
# umask = 0002
[ssl]
# enablessl = 1
# username =
# password =
# certfile = /etc/mmc/pulse2/package-server/keys/cacert.pem
# privkey = /etc/mmc/pulse2/package-server/keys/privkey.pem
# verifypeer = 0
[mmc_agent]
# We sometimes need to talk to our referent agent
# here are some key to speak with it
# host = 127.0.0.1
# port = 7080
# username = mmc
# password = s3cr3t
# enablessl = True
# verifypeer = False
# cacert = /etc/mmc/pulse2/package-server/keys/cacert.pem
# localcert = /etc/mmc/pulse2/package-server/keys/privkey.pem
[mirror_api]
# mount_point = /rpc
[user_packageapi_api]
# mount_point = /upaa
[scheduler_api]
# mount_point = /scheduler_api
# schedulers = scheduler_01
# [imaging_api]
# mount_point = /imaging_api
# uuid = PLEASE_PUT_A_UUID_FOR_THAT_SERVER
##################
# Some locations #
##################
### main tree
# base_folder = /var/lib/pulse2/imaging
### Bootloaders
# Where bootloader (and bootsplash) is stored, relative to "base_folder"
# bootloader_folder = bootloader # Where bootloader (and bootsplash) is stored, relative to "base_folder"
# pxe_bootloader = pxe_boot # the network bootloader
# cd_bootloader = cd_boot # the cdrom bootloader
# bootsplash_file = bootsplash.xpm # the bootloader splashscreen
### Bootmenus
# Where boot menus are generated / being served, relative to "base_folder"
# bootmenus_folder = bootmenus
### Diskless
# Where kernel, initrd and other official diskless tools are stored, relative to "base_folder"
# diskless_folder = diskless # Where kernel, initrd and other official diskless tools are stored, relative to "base_folder"
# diskless_kernel = kernel # Name of the diskless kernel to run
# diskless_initrd = initrd # Name of the diskless initrd to boot (core)
# diskless_initrdcd = initrdcd # Name of the diskless initrd to boot (addon to boot on CD)
# diskless_memtest = memtest # diskless memtest tool
### Inventories
# Where inventories are stored / retrieved, relative to "base_folder"
# inventories_folder = inventories
### NFS
# Where additionnal material (hdmap, exclude) are stored / retrieved, relative to "base_folder"
# (a.k.a. /revoinfo client side)
# computers_folder = computers
# Where images are stored, relative to "base_folder"
# (a.k.a. /revoinfo client side)
# masters_folder = masters
# Where postinst tools are stored, relative to "base_folder"
# (a.k.a. /opt client side)
# postinst_folder = postinst
# will contain archived computer imaging data
# archives_folder = archives
### ISO images generation
# isos_folder = /var/lib/pulse2/imaging/isos # will contain generated ISO images
# isogen_tool = /usr/bin/mkisofs # tool used to generate ISO file
### RPC offline mode
# RPC replay file name, relative to "base_folder"
# rpc_replay_file = rpc-replay.pck
# RPC replay loop timer in seconds
# rpc_loop_timer = 60
# RPC to replay at each loop
# rpc_count = 10
# Interval in seconds between two RPCs
# rpc_interval = 2
# Our UUID cache *inside* base_folder
# uuid_cache_file = uuid-cache.txt
# Our UUID cache lifetime
# uuid_cache_lifetime = 300
[mirror:01]
mount_point = /mirror1
src = /var/lib/pulse2/packages
[package_api_put:01]
mount_point = /package_api_get1
src = /var/lib/pulse2/packages
tmp_input_dir = /tmp/package_tmp/put1
# Logger configuration
[loggers]
keys = root,imaging
[handlers]
keys = hand01,hand_imaging
[formatters]
keys = form01,form_imaging
[logger_root]
level = NOTSET
handlers = hand01
[handler_hand01]
class = FileHandler
level = INFO
formatter = form01
args = ("%s" % %(pulse2_log_file_package_server)s,)
[formatter_form01]
format = %%(asctime)s %%(levelname)s %%(message)s
# Imaging API logger configuration
[logger_imaging]
level = NOTSET
handlers = hand_imaging
propagate = 0
qualname = imaging
[handler_hand_imaging]
class = FileHandler
level = INFO
formatter = form_imaging
args = ("%s" % %(pulse2_log_file_package_server)s,)
[formatter_form_imaging]
format = %%(asctime)s %%(levelname)s Imaging: %%(message)s
#[main]
#dbdriver = mysql
#dbhost = localhost
#dbname = inventory
#dbuser = mmc
#dbpasswd = mmc
#dbpoolrecycle =
#dbport =
#dbsslenable = 0
#dbsslca =
#dbsslcert =
#dbsslkey =
#[associations:XX]
# the mirror url you want to declare
#mirror = MIRROR_URL
# the type of terminal (SAGEM or )
#terminal_types = TERMINAL_TYPE
# the type of api it is (package_api or mirror)
#kind = KIND
[scheduler]
# This scheduler name
id = scheduler_01
## MANAGING ##
# scheduler_path = /usr/sbin/pulse2-scheduler
## NETWORK ##
# port = 8000
# host = 127.0.0.1
# username = username
# password = password
# enablessl = True
# If verifypeer is set, the scheduler will also connect to all the launchers
# using the following certificates.
# verifypeer = False
# cacert = /etc/mmc/pulse2/scheduler/keys/cacert.pem
# localcert = /etc/mmc/pulse2/scheduler/keys/privkey.pem
## SCHEDULING ##
# for some functions below, we add this factor, to prevent load peaks
# incertitude_factor = .2
#
# initial wait time, in seconds, to make stuff stabilize
# initial_wait = 2
#
# attempt to start (and stop) commands every n seconds
# awake_time = 600
#
# preemption settings : preempting every N second, run M commands
# preempt_amount = 50
# preempt_period = 1
#
# status settings : check every N second, +/- incertitude_factor %
# checkstatus_period = 900
#
# health logging : log some stats every N seconds, +/- incertitude_factor %
# loghealth_period = 60
#
# once per day, hour specified below (HH:MM:SS), the scheduler will
# analyse the database, looking to weird / broken commands;
# you should enable this if you see stalled commands in logs
# in this case, please specify an hour when the scheduler is
# not very used (8 pm can be a good choice: analyse_hour = 20:00:00)
# set to empty by default to disable analysis
# analyse_hour =
#
# attempt to clean states in commands every n seconds
# clean_states_time = 3600
# clean state that are going to be clean
# (from the launcher point of view, ie :
# * stop -> the command is not running on the launcher but it's state in the db say it is)
# * run -> the command
# possible states : run, stop
# active_clean_states =
#
# default database encoding (used to inject log files)
# dbencoding = utf-8
#
# scheduler mode, see doc !
# mode = async
#
# max number of slots to uses, for all launchers
# max_slots = 300
#
# locking system
# please use with caution: the only reason to activate this feature
# is for systems under heavy load; risk of double-preemption is
# drastically reduce using this, but your system will be even more slow
# lock_processed_commands = False
## Commands life ##
# Command max default authorized time (for each stage)
# max_command_time = 3600
#
# Command max upload time (aka 'upload' stage), override the previous one for looooong uploads
# max_upload_time = 21600
#
# Command max WOL wait-for-completion time: wait this ammount of second before going futher
# max_wol_time = 300
## NETWORKING ##
# prefered method to reach a client
# available:
# - fqdn: attempt to perform a DNS query on FQDN
# - hosts: same, no DNS query
# - ip: just try IP address
# - netbios: attempt to do a nmblookup on IP adress
# tests are performed using ping
# resolv_order = fqdn hosts netbios ip
## CHECKING ##
# in some situations itn may be useful to do some pre-checks on clients
# checks can be done against every information recorded into the "target" table
# the following informations are available:
# target_name => contain the target Hostname
# target_uuid => contain the target UUID
# target_ipaddr => contain the target IP addresses, only the first one is used
# target_macaddr => contain the target MAC adresses, only the first one is used
# The two following options are formated as follow:
# *_check = <data-to-ask>=<expected-value>,...
# for exemple:
# server_check = IP=ipaddr
# client_check = UUID=uuid,HOSTNAME=name
# => will ask to client if its UUID is 'target_uuid', HOSTNAME is 'target_name',
# and tell it to give us it's IP and check the IP's value is 'target_ipaddr'
# While checking things, we may also want to announce what we are currently try to
# do on client, for each stage, for example TRANFERT while transfering something:
# announce_check = transfert=TRANFERT (comma-separated list as for previous options)
# currently available keywords: transfert, execute, delete, inventory
# announce_check =
# server_check =
# client_check =
## Computer / Group assignment ##
# mg_assign_algo = default
[database]
# dbdriver = mysql
# dbhost = localhost
# dbport = 3306
# dbname = msc
# dbuser = mmc
# dbpasswd = mmc
# dbdebug = ERROR
# dbpoolrecycle = 60
# dbpooltimeout = 30
# SSL support
# dbsslenable = 0
# dbsslca =
# dbsslcert =
# dbsslkey =
[daemon]
# pidfile = /var/run/pulse2
# user = root
# group = root
# umask = 0077
# Example of non-root execution settings:
# user = mmc
# group = mmc
# umask = 0007
# setrlimit option allows to set process system resources usage. Syntax is:
# setrlimit = limit1 soft1 hard1 limit2 soft2 hard2 ...
# For example:
# setrlimit = RLIMIT_NOFILE 2048 2048 RLIMIT_CORE 0 0
# setrlimit =
# Our launchers
[launcher_01]
host=%(ipv4)s
port=8001
username = username
password = password
enablessl = True
[loggers]
keys=root
[handlers]
keys=hand01
[formatters]
keys=form01
[logger_root]
level=NOTSET
handlers=hand01
[handler_hand01]
class=FileHandler
level=INFO
formatter=form01
args=("%s" % %(pulse2_log_file_scheduler)s,)
[formatter_form01]
format=%%(asctime)s %%(levelname)s %%(message)s
foreground = yes
output = %(log)s
pid = %(pid_file)s
syslog = no
CApath = %(ca_path)s
key = %(key)s
CRLpath = %(ca_crl)s
cert = %(cert)s
[service]
accept = %(public_ip)s:%(public_port)s
connect = %(private_ip)s:%(private_port)s
##############################################################################
#
# Copyright (c) 2011 Vifib SARL and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
from slapos.recipe.librecipe import GenericBaseRecipe
class MonitorRecipe(GenericBaseRecipe):
def install(self):
options = self.options
script = self.createWrapper(name=options['path'],
command=options['slapmonitor-path'],
parameters=[
options['pid-file'],
options['database-path'],
])
return [script]
class MonitorXMLRecipe(GenericBaseRecipe):
def install(self):
options = self.options
script = self.createWrapper(name=options['path'],
command=options['slapmonitor-xml-path'],
parameters=[
options['database-path'],
],
parameters_extra=True)
return [script]
##############################################################################
#
# Copyright (c) 2011 Vifib SARL and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
from slapos.recipe.librecipe import GenericBaseRecipe
class Recipe(GenericBaseRecipe):
def install(self):
options = self.options
script = self.createWrapper(name=options['path'],
command=options['slapreport-path'],
parameters=[
options['pid-file'],
options['consumption-log-path'],
options['database-path'],
options['logbox-ip'],
options['logbox-port'],
options['logbox-user'],
options['logbox-passwd'],
])
return [script]
##############################################################################
#
# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
import slapos.recipe.erp5
import os
import pkg_resources
import zc.buildout
import sys
class Recipe(slapos.recipe.erp5.Recipe):
default_bt5_list = []
def _getZeoClusterDict(self):
site_path = '/erp5/'
return {
'/': (self._requestZeoFileStorage('Zeo Server 1', 'main'),
site_path + 'account_module'),
}
def installProduction(self):
ca_conf = self.installCertificateAuthority(
self.parameter_dict['ca_country_code'],
self.parameter_dict['ca_email'], self.parameter_dict['ca_state'],
self.parameter_dict['ca_city'], self.parameter_dict['ca_company'])
memcached_conf = self.installMemcached(ip=self.getLocalIPv4Address(),
port=11000)
conversion_server_conf = self.installConversionServer(
self.getLocalIPv4Address(), 23000, 23060)
mysql_conf = self.installMysqlServer(self.getLocalIPv4Address(), 45678)
user, password = self.installERP5()
zodb_dir = os.path.join(self.data_root_directory, 'zodb')
self._createDirectory(zodb_dir)
ip = self.getLocalIPv4Address()
mount_point_zeo_dict = self._getZeoClusterDict()
zeo_conf = self.installZeo(ip)
zodb_configuration_list = []
known_tid_storage_identifier_dict = {}
for mount_point, (storage_dict, check_path) in mount_point_zeo_dict.iteritems():
known_tid_storage_identifier_dict[
(((storage_dict['ip'],storage_dict['port']),), storage_dict['storage_name'])
] = (zeo_conf[storage_dict['storage_name']]['path'], check_path or mount_point)
zodb_configuration_list.append(self.substituteTemplate(
self.getTemplateFilename('zope-zeo-snippet.conf.in'), dict(
storage_name=storage_dict['storage_name'],
address='%s:%s' % (storage_dict['ip'], storage_dict['port']),
mount_point=mount_point, zodb_cache_size=self.zodb_cache_size,
zeo_client_cache_size=self.zeo_client_cache_size)))
tidstorage_config = dict(host=self.getLocalIPv4Address(), port='6001')
zodb_configuration_string = '\n'.join(zodb_configuration_list)
zope_port = 12000
# One Distribution Node
zope_port += 1
self.installZope(ip, zope_port, 'zope_distribution', with_timerservice=True,
zodb_configuration_string=zodb_configuration_string,
tidstorage_config=tidstorage_config)
# Two Activity Nodes
for i in (1, 2):
zope_port += 1
self.installZope(ip, zope_port, 'zope_activity_%s' % i,
with_timerservice=True,
zodb_configuration_string=zodb_configuration_string,
tidstorage_config=tidstorage_config)
# Four Web Page Nodes (Human access)
login_url_list = []
for i in (1, 2, 3, 4):
zope_port += 1
login_url_list.append(self.installZope(ip, zope_port,
'zope_login_%s' % i, with_timerservice=False,
zodb_configuration_string=zodb_configuration_string,
tidstorage_config=tidstorage_config))
backend_key, backend_certificate = self.requestCertificate(
'Login Based Access')
login_haproxy = self.installHaproxy(ip, 15001, 'login', self.site_check_path,
login_url_list)
apache_login = self.installBackendApache(self.getGlobalIPv6Address(), 15000,
login_haproxy, backend_key, backend_certificate)
# Install Frontend
frontend_domain_name = self.parameter_dict.get("domain_name", 'vifib')
frontend_key, frontend_certificate = \
self.requestCertificate(frontend_domain_name)
apache_frontend_login = self.installFrontendZopeApache(
self.getGlobalIPv6Address(), 4443, frontend_domain_name, '/',
apache_login, '', frontend_key, frontend_certificate)
# Four Web Service Nodes (Machine access)
service_url_list = []
for i in (1, 2, 3, 4):
zope_port += 1
service_url_list.append(self.installZope(ip, zope_port,
'zope_service_%s' % i, with_timerservice=False,
zodb_configuration_string=zodb_configuration_string,
tidstorage_config=tidstorage_config))
service_haproxy = self.installHaproxy(ip, 15000, 'service',
self.site_check_path, service_url_list)
key_auth_key, key_auth_certificate = self.requestCertificate(
'Key Based Access')
apache_keyauth = self.installKeyAuthorisationApache(False, 15500,
service_haproxy, key_auth_key, key_auth_certificate, ca_conf,
key_auth_path=self.key_auth_path)
memcached_conf = self.installMemcached(ip=self.getLocalIPv4Address(),
port=11000)
kumo_conf = self.installKumo(self.getLocalIPv4Address())
self.installTidStorage(tidstorage_config['host'], tidstorage_config['port'],
known_tid_storage_identifier_dict, 'http://'+login_haproxy)
self.linkBinary()
# Connect direct to Zope to create the instance.
self.installERP5Site(user, password, service_url_list[-1], mysql_conf,
conversion_server_conf, memcached_conf, kumo_conf,
self.site_id, self.default_bt5_list, ca_conf)
self.setConnectionDict(dict(
front_end_url=apache_frontend_login,
site_url=apache_login,
site_user=user,
site_password=password,
service_url=apache_keyauth,
memcached_url=memcached_conf['memcached_url'],
kumo_url=kumo_conf['kumo_address'],
conversion_server_url='%(conversion_server_ip)s:%(conversion_server_port)s' %
conversion_server_conf,
# as installERP5Site is not trusted (yet) and this recipe is production
# ready expose more information
# XXX Use socket access to prevent unwanted connections to original MySQL
# server when cloning an existing ERP5 instance.
# TCP will be required if MySQL is in a different partition/server.
mysql_url='%(mysql_database)s %(mysql_user)s %(mysql_password)s %(socket)s' % mysql_conf,
))
return self.path_list
def installDevelopment(self):
ca_conf = self.installCertificateAuthority()
memcached_conf = self.installMemcached(ip=self.getLocalIPv4Address(),
port=11000)
conversion_server_conf = self.installConversionServer(
self.getLocalIPv4Address(), 23000, 23060)
mysql_conf = self.installMysqlServer(self.getLocalIPv4Address(), 45678)
user, password = self.installERP5()
zodb_dir = os.path.join(self.data_root_directory, 'zodb')
self._createDirectory(zodb_dir)
zodb_root_path = os.path.join(zodb_dir, 'main.fs')
ip = self.getLocalIPv4Address()
zope_port = '18080'
zope_access = self.installZope(ip, zope_port, 'zope_development',
zodb_configuration_string=self.substituteTemplate(
self.getTemplateFilename('zope-zodb-snippet.conf.in'),
dict(zodb_root_path=zodb_root_path,
zodb_cache_size=self.zodb_cache_size)),
thread_amount=8, with_timerservice=True)
service_haproxy = self.installHaproxy(ip, 15000, 'service',
self.site_check_path, [zope_access])
key_auth_key, key_auth_certificate = self.requestCertificate(
'Key Based Access')
apache_keyauth = self.installKeyAuthorisationApache(
self.getLocalIPv4Address(), 15500, service_haproxy, key_auth_key,
key_auth_certificate, ca_conf, key_auth_path=self.key_auth_path)
memcached_conf = self.installMemcached(ip=self.getLocalIPv4Address(),
port=11000)
kumo_conf = self.installKumo(self.getLocalIPv4Address())
self.installTestRunner(ca_conf, mysql_conf, conversion_server_conf,
memcached_conf, kumo_conf)
self.installTestSuiteRunner(ca_conf, mysql_conf, conversion_server_conf,
memcached_conf, kumo_conf)
self.linkBinary()
self.installERP5Site(user, password, zope_access, mysql_conf,
conversion_server_conf, memcached_conf, kumo_conf,
self.site_id, self.default_bt5_list, ca_conf)
self.setConnectionDict(dict(
development_zope='http://%s:%s/' % (ip, zope_port),
site_user=user,
site_password=password,
service_url=apache_keyauth,
memcached_url=memcached_conf['memcached_url'],
kumo_url=kumo_conf['kumo_address'],
conversion_server_url='%(conversion_server_ip)s:%(conversion_server_port)s' %
conversion_server_conf,
# as installERP5Site is not trusted (yet) and this recipe is production
# ready expose more information
# XXX Use socket access to prevent unwanted connections to original MySQL
# server when cloning an existing ERP5 instance.
# TCP will be required if MySQL is in a different partition/server.
mysql_url='%(mysql_database)s %(mysql_user)s %(mysql_password)s %(socket)s' % mysql_conf,
))
return self.path_list
def _install(self):
self.site_check_path = '/%s/getId' % self.site_id
self.key_auth_path = '/%s/portal_slap' % self.site_id
self.path_list = []
self.requirements, self.ws = self.egg.working_set()
# self.cron_d is a directory, where cron jobs can be registered
self.zodb_cache_size = int(self.options.get('zodb_cache_size', 5000))
self.zeo_client_cache_size = self.options.get('zeo_client_cache_size',
'20MB')
self.cron_d = self.installCrond()
self.logrotate_d, self.logrotate_backup = self.installLogrotate()
self.killpidfromfile = zc.buildout.easy_install.scripts(
[('killpidfromfile', 'slapos.recipe.erp5.killpidfromfile',
'killpidfromfile')], self.ws, sys.executable, self.bin_directory)[0]
self.path_list.append(self.killpidfromfile)
if self.parameter_dict.get("flavour", "default") == 'configurator':
self.default_bt5_list = self.options.get("configurator_bt5_list", '').split()
if self.parameter_dict.get('production', 'false').lower() == 'true':
return self.installProduction()
return self.installDevelopment()
......@@ -286,24 +286,6 @@ return = site_url
config-custom_domain = $${slap-parameter:domain3}
#----------------
#--
#-- Deploy slapmonitor.
#[slapmonitor]
#recipe = slapos.cookbook:slapmonitor
#pid-file = $${basedirectory:run}/apache.pid
#database-path = $${basedirectory:log}/slapmonitor.db
#slapmonitor-path = ${buildout:bin-directory}/slapmonitor
#path = $${basedirectory:services}/slapmonitor
#
#[slapmonitor-xml]
#recipe = slapos.cookbook:slapmonitor-xml
#database-path = $${basedirectory:log}/slapmonitor.db
#slapmonitor-xml-path = ${buildout:bin-directory}/slapmonitor-xml
#path = $${directory:report}/slapmonitor-xml
#----------------
#--
#-- Publish instance parameters.
......
......@@ -35,7 +35,7 @@ md5sum = 4c7936accb3658871b635158198b7905
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-apachephp.cfg
output = ${buildout:directory}/template-apachephp.cfg
md5sum = 8be713bd2656e184651c8ec10579d668
md5sum = a1ddbb63ffa0041b27eaea6df85cbd00
mode = 0644
[instance-mariadb]
......
......@@ -14,13 +14,12 @@ Software type
Apache frontend is available in 3 software types:
* default : The standard way to use the apache frontend configuring everything with a few given parameters
* custom-personal : This software type allow each slave to edit its apache configuration file
* custom-group : This software type use a template given as a parameter on master instance to generate apache configuration for all slaves
* replicate : This software type is set to replicate any kind of apache
About replicate frontend
========================
Slaves of the root instance (type "replicate") are sent as a parameter to requested frontends which will process them. The only difference is that they will then return the « would-be published information » to the root instance instead of publishing it. The root instance will then do a synthesis and publish the information to its slaves. The replicate instance only use 5 type of parameters for itself and will transmit the rest to requested frontends.
About frontend replication
===========================
Slaves of the root instance are sent as a parameter to requested frontends which will process them. The only difference is that they will then return the « would-be published information » to the root instance instead of publishing it. The root instance will then do a synthesis and publish the information to its slaves. The replicate instance only use 5 type of parameters for itself and will transmit the rest to requested frontends.
These parameters are :
* "-frontend-type" : the type to deploy frontends with. (default to 2)
* "-frontend-quantity" : The quantity of frontends to request (default to "default")
......@@ -108,6 +107,10 @@ Instance Parameters
Master Instance Parameters
--------------------------
The parameters for instances are described at `instance-apache-input-schema.json <instance-apache-input-schema.json>`_.
Here some additional informations about the parameters listed, below:
domain
~~~~~~
name of the domain to be used (example: mydomain.com). Subdomains of this
......@@ -131,58 +134,13 @@ plain_http_port
Port used by apache to serve plain http (only used to redirect to https).
Optional parameter, defaults to 8080.
ip-read-limit
~~~~~~~~~~~~~
Use to set IPReadLimit Parameter for antiloris.
Optional parameter, defaults to 10.
apache_custom_http (custom-group)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jinja template for apache virtualhost http configuration. It will be used by all slaves
apache_custom_https (custom-group)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jinja template for apache virtualhost https configuration. It will be used by all slaves
Slave Instance Parameters (default)
-----------------------------------
url
~~~
url of backend to use.
"url" is a mandatory parameter.
Example: http://mybackend.com/myresource
enable_cache
~~~~~
Specify if slave instance should use a squid to connect to backend.
Possible values: "true", "false".
"enable_cache" is an optional parameter. Defaults to "false".
Example: true
type
~~~~
Specify if slave instance will redirect to a zope backend. If specified, Apache
RewriteRule will use Zope's Virtual Host Daemon.
Possible values: "zope", "default".
"type" is an optional parameter. Defaults to "default".
Example: zope
Slave Instance Parameters
-------------------------
domain (former custom_domain)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Domain name to use as frontend. The frontend will be accessible from this domain.
"domain" is an optional parameter. Defaults to
[instancereference].[masterdomain].
Example: www.mycustomdomain.com
The parameters for instances are described at `instance-slave-apache-input-schema.json <instance-slave-apache-input-schema.json>`_.
https-only
~~~~~~~~~~
Specify if website should be accessed using https only. If so, the frontend
will redirect the user to https if accessed from http.
Possible values: "true", "false".
"https-only" is an optional parameter. Defaults to "false".
Example: true
Here some additional informations about the parameters listed, below:
path
~~~~
......@@ -194,9 +152,6 @@ VirtualHostMonster.
"path" is an optional parameter, ignored if not specified.
Example of value: "/erp5/web_site_module/hosting/"
Slave Instance Parameters (custom-personal)
-------------------------------------------
apache_custom_https
~~~~~~~~~~~~~~~~~~~
Raw apache configuration in python template format (i.e. write "%%" for one "%") for the slave listening to the https port. Its content will be templatified in order to access functionalities such as cache access, ssl certificates... The list is available above.
......@@ -224,8 +179,8 @@ enable_cache
Necesarry to activate cache.
"enable_cache" is an optional parameter.
ssl_key, ssl_crt, ssl_ca_crt, ssl_crs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ssl_key, ssl_crt, ssl_ca_crt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SSL certificates of the slave.
They are optional.
......@@ -236,24 +191,6 @@ In the slave apache configuration you can use parameters that will be replaced d
* error_log : path of the slave access log in order to log in a deferenciated file.
* ssl_key, ssl_crt, ssl_ca_crt, ssl_crs : path of the certificates given in slave instance parameters
Slave Instance Parameters (custom-group)
----------------------------------------
url
~~~
Necesarry to activate cache. url of backend to use.
"url" is an optional parameter.
Example: http://mybackend.com/myresource
domain
~~~~~~
Domain name to use as frontend. The frontend will be accessible from this domain.
"domain" is an optional parameter necessary to activate cache. Defaults to
[instancereference].[masterdomain].
Example: www.mycustomdomain.com
The rest of the parameters are defined by templates given to the master and accessible by the slave_parameter dict in it.
Examples
========
......@@ -295,8 +232,8 @@ proxy::
)
Advanced example (default)
--------------------------
Advanced example
-----------------
Request slave frontend instance using a Zope backend, with Varnish activated,
listening to a custom domain and redirecting to /erp5/ so that
......@@ -316,8 +253,8 @@ the proxy::
}
)
Simple Example (custom-personal)
--------------------------------
Simple Example
---------------
Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be
instance = request(
......@@ -362,8 +299,8 @@ Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be
}
)
Simple Cache Example (custom-personal)
--------------------------------
Simple Cache Example
--------------------
Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be
instance = request(
......@@ -414,8 +351,8 @@ Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be
)
Advanced example (custom-personal)
----------------------------------
Advanced example
-----------------
Request slave frontend instance using custom apache configuration, willing to use cache and ssl certificates.
listening to a custom domain and redirecting to /erp5/ so that
......
......@@ -135,7 +135,7 @@ mode = 640
[template-default-slave-virtualhost]
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/templates/default-virtualhost.conf.in
md5sum = e7a13555b39b3004200b0e46738df8ab
md5sum = c22de91b25d0597fecc7082a153b87bc
mode = 640
[template-cached-slave-virtualhost]
......
......@@ -6,9 +6,15 @@
"properties": {
"public-ipv4": {
"title": "Public IPv4",
"description": "Public IPv4 that will be provided to Slaves to configure DNS.",
"description": "Public ipv4 of the frontend (the one Apache will be indirectly listening to).",
"type": "string"
},
"ip-read-limit": {
"title": "IPReadLimit",
"description": "Value used to set IPReadLimit Parameter for antiloris.",
"type": "integer",
"default": 10
},
"-frontend-authorized-slave-string": {
"title": "Authorized Slave String",
"description": "List of SOFTINST-XXX of Slaves, separated by space which is allowed to use custom configuration.",
......
......@@ -41,21 +41,21 @@
"default-path": {
"title": "Default Path",
"description": "Provide default path to redirect user to",
"description": "Provide default path to redirect user to when user access / (the site root)",
"type": "string",
"default": ""
},
"ssl_crt": {
"title": "SSL Certificate",
"description": "SSL Certificate",
"description": "Content of the SSL Certificate file",
"type": "string",
"textarea": true,
"default": ""
},
"ssl_key": {
"title": "SSL Key",
"description": "SSL Key",
"description": "Content of the SSL Key file",
"type": "string",
"textarea": true,
"default": ""
......@@ -63,14 +63,14 @@
"ssl_ca_crt": {
"title": "SSL Certificate Authority's Certificate",
"description": "SSL Key",
"description": "Content of the CA certificate file",
"type": "string",
"textarea": true,
"default": ""
},
"https-only": {
"title": "HTTPS Only",
"description": "If set to true, http request are redirect to https",
"description": "If set to true, http requests will be redirected to https",
"type": "string",
"default": "false",
"enum": ["false", "true"]
......@@ -78,7 +78,7 @@
"ssl-proxy-verify": {
"title": "Verify Backend Certificates",
"description": "If set to true, Backend Certificates are checked",
"description": "If set to true, Backend SSL Certificates will be checked and frontend will refuse to proxy if certificate is invalid",
"type": "string",
"default": "false",
"enum": ["false", "true"]
......@@ -86,14 +86,14 @@
"ssl_proxy_ca_crt": {
"title": "SSL Backend Authority's Certificate",
"description": "SSL Certificate Authority of the backen (to be used with ssl-proxy-verify)",
"description": "Content of the SSL Certificate Authority file of the backend (to be used with ssl-proxy-verify)",
"type": "string",
"default": ""
},
"enable_cache": {
"title": "Enable Cache",
"description": "If set to true, the cache is used",
"description": "If set to true, http caching server (Apache Traffic Server) will be used between frontend apache and backend",
"type": "string",
"default": "false",
"enum": ["false", "true"]
......@@ -101,7 +101,7 @@
"disable-no-cache-request": {
"title": "Disable 'no-cache' requests",
"description": "If set to true, no-cache control headers will be disabled",
"description": "If set to true, Cache-Control and Pragma requests headers will not be sent to cache and backend servers. This prevents clients from bypassing cache when enable_cache is true",
"type": "string",
"default": "false",
"enum": ["false", "true"]
......@@ -109,7 +109,7 @@
"disable-via-header": {
"title": "Disable 'Via' headers from cache",
"description": "If set to true, via headers will be disabled",
"description": "If set to true, Via response headers will not be sent to client",
"type": "string",
"default": "false",
"enum": ["false", "true"]
......@@ -117,7 +117,7 @@
"prefer-gzip-encoding-to-backend": {
"title": "Prefer gzip Encoding for Backend",
"description": "If set to true, if a request is made with accept encoding 'gzip', only that one will be transferred to the backend",
"description": "If set to true, frontend will rewrite Accept-Encoding request header to simply 'gzip' for all variants of Accept-Encoding containing 'gzip', in order to maximize cache hits for resources cached with Vary: Accept-Encoding when enable_cache is used",
"type": "string",
"default": "false",
"enum": ["false", "true"]
......@@ -125,21 +125,21 @@
"disabled-cookie-list": {
"title": "Disabled Cookies",
"description": "List of Cookies separated by space that will not be sent to the backend",
"description": "List of Cookies separated by space that will not be sent to cache and backend servers. This is especially useful to discard analytics tracking cookies when using Vary: Cookie cache headers",
"type": "string",
"default": ""
},
"apache_custom_http": {
"title": "HTTP configuration",
"description": "Raw http configuration in python template format. Your site will be rejected if you use it without notification and approval of the frontend adminastrator",
"description": "Raw http configuration in python template format. Your site will be rejected if you use it without notification and approval of frontend administrators",
"default": "",
"textarea": true,
"type": "string"
},
"apache_custom_https": {
"title": "HTTPS configuration",
"description": "Raw https configuration in python template format. Your site will be rejected if you use it without notification and approval of the frontend adminastrator",
"description": "Raw https configuration in python template format. Your site will be rejected if you use it without notification and approval of frontend administrators",
"default": "",
"textarea": true,
"type": "string"
......
......@@ -76,7 +76,7 @@
RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L]
{% endif -%}
# First, we check if we have a zope backend server
# If so, let's use Virtual Host Daemon rewrite
# If so, let's use Virtual Host Monster rewrite
# We suppose that Apache listens to 443 (even indirectly thanks to things like iptables)
RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/VirtualHostBase/https//%{SERVER_NAME}:443/{{ slave_parameter.get('path', '') }}/VirtualHostRoot/$1 [L,P]
{% elif slave_parameter.get('type', '') == 'redirect' -%}
......
......@@ -13,7 +13,6 @@ parts =
cron-entry-logrotate
cron-entry-boinc
promise
slapmonitor
frontend-promise
content-promise
publish-connection-informations
......
......@@ -46,7 +46,7 @@ recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-bonjourgrid.cfg
output = ${buildout:directory}/template-bonjourgrid.cfg
mode = 0644
md5sum = 59cc789d6ce765d3d25f9bd6f9659e55
md5sum = 877878217bd87e3b3e4f69d7bdbb5524
[bonjourgrid]
recipe = hexagonit.recipe.download
......
......@@ -6,6 +6,8 @@
parts =
publish-cloudooo-connection-information
cloudooo-test-runner
xvfb-instance
wkhtmltopdf-on-xvfb
eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}
......@@ -22,6 +24,8 @@ environment =
LD_LIBRARY_PATH = {{ parameter_dict['cairo'] }}/lib:{{ parameter_dict['cups'] }}/lib:{{ parameter_dict['cups'] }}/lib64:{{ parameter_dict['dbus'] }}/lib:{{ parameter_dict['dbus-glib'] }}/lib:{{ parameter_dict['file'] }}/lib:{{ parameter_dict['fontconfig'] }}/lib:{{ parameter_dict['freetype'] }}/lib:{{ parameter_dict['glib'] }}/lib:{{ parameter_dict['glu'] }}/lib:{{ parameter_dict['libICE'] }}/lib:{{ parameter_dict['libSM'] }}/lib:{{ parameter_dict['libX11'] }}/lib:{{ parameter_dict['libXau'] }}/lib:{{ parameter_dict['libXdmcp'] }}/lib:{{ parameter_dict['libXext'] }}/lib:{{ parameter_dict['libXrender'] }}/lib:{{ parameter_dict['libexpat'] }}/lib:{{ parameter_dict['libffi'] }}/lib:{{ parameter_dict['libffi'] }}/lib64:{{ parameter_dict['libpng12'] }}/lib:{{ parameter_dict['libxcb'] }}/lib:{{ parameter_dict['mesa'] }}/lib:{{ parameter_dict['pixman'] }}/lib:{{ parameter_dict['xdamage'] }}/lib:{{ parameter_dict['xfixes'] }}/lib:{{ parameter_dict['zlib'] }}/lib
FONTCONFIG_FILE = ${fontconfig-instance:conf-path}
PATH = ${binary-link:target-directory}
mimetype_entry_addition =
text/html application/pdf wkhtmltopdf
# Binary information
# cloudooo specific configuration
ooo-binary-path = {{ parameter_dict['libreoffice-bin'] }}/program
......@@ -93,12 +97,13 @@ link-binary =
{{ parameter_dict['coreutils'] }}/bin/tr
{{ parameter_dict['coreutils'] }}/bin/uname
{{ parameter_dict['coreutils'] }}/bin/dirname
# wrapper recipe needs the head command
{{ parameter_dict['coreutils'] }}/bin/head
{{ parameter_dict['imagemagick'] }}/bin/convert
{{ parameter_dict['imagemagick'] }}/bin/identify
{{ parameter_dict['poppler'] }}/bin/pdfinfo
{{ parameter_dict['poppler'] }}/bin/pdftotext
{{ parameter_dict['poppler'] }}/bin/pdftohtml
{{ parameter_dict['wkhtmltopdf'] }}/wkhtmltopdf
# rest of parts are candidates for some generic stuff
[directory]
......@@ -110,3 +115,21 @@ run = ${:var}/run
services = ${:etc}/run
srv = ${buildout:directory}/srv
var = ${buildout:directory}/var
framebuffer = ${:srv}/framebuffer
[xvfb-instance]
recipe = slapos.cookbook:xvfb
runner-path = ${directory:services}/xvfb
xvfb-path = {{ parameter_dict["xserver"] }}/bin/Xvfb
fbdir-path = ${directory:framebuffer}
tmp-path = ${directory:run}
shell-path = {{ parameter_dict["dash"] }}/bin/dash
[wkhtmltopdf-on-xvfb]
recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:bin}/wkhtmltopdf
environment =
DISPLAY=:0
TMPDIR=${directory:run}
command-line = {{ parameter_dict['wkhtmltopdf'] }}/wkhtmltopdf --use-xserver
parameters-extra = true
......@@ -29,6 +29,7 @@ buildout-bin-directory = {{ buildout_bin_directory }}
cairo = {{ cairo_location }}
coreutils = {{ coreutils_location }}
cups = {{ cups_location }}
dash = {{ dash_location }}
dbus = {{ dbus_location }}
dbus-glib = {{ dbus_glib_location }}
file = {{ file_location }}
......@@ -57,6 +58,7 @@ pixman = {{ pixman_location }}
wkhtmltopdf = {{ wkhtmltopdf_location }}
xdamage = {{ xdamage_location }}
xfixes = {{ xfixes_location }}
xserver = {{ xserver_location }}
zlib = {{ zlib_location }}
[dynamic-template-cloudooo]
......
......@@ -38,12 +38,13 @@ context =
# XXX: "template.cfg" is hardcoded in instanciation recipe
filename = template.cfg
template = ${:_profile_base_location_}/instance.cfg.in
md5sum = 9871d0f315e49da0571b8a02f38e53c3
md5sum = 6e215fc2969a5d3d653981371a3a952a
extra-context =
key buildout_bin_directory buildout:bin-directory
key coreutils_location coreutils:location
key cairo_location cairo:location
key cups_location cups:location
key dash_location dash:location
key dbus_glib_location dbus-glib:location
key dbus_location dbus:location
key dcron_location dcron:location
......@@ -76,10 +77,11 @@ extra-context =
key wkhtmltopdf_location wkhtmltopdf:location
key xdamage_location xdamage:location
key xfixes_location xfixes:location
key xserver_location xserver:location
key zlib_location zlib:location
[template-cloudooo]
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/instance-cloudoo.cfg.in
md5sum = 3172833bcb1bf532a2b34cdc381b83d6
md5sum = 2763ad422f2afb2edecd58e1933b7ae6
mode = 640
......@@ -533,7 +533,7 @@ command-line = {{ gitlab_workhorse }}
# - ruby to be available on path (gitlab-workhorse -> gitlab-shell -> hooks on push)
# - gitconfig be found from ~/.gitconfig
environment =
PATH={{ git_location }}/bin:{{ ruby_location }}/bin:%(PATH)s
PATH={{ git_location }}/bin:{{ ruby_location }}/bin:{{ gzip_location }}/bin:{{ bzip2_location}}/bin
HOME=${directory:home}
depend =
......
......@@ -31,6 +31,7 @@ context =
# program binaries
raw bash_bin ${bash:location}/bin/bash
raw bzip2_location ${bzip2:location}
raw bundler_4gitlab ${bundler-4gitlab:bundle}
raw curl_bin ${curl:location}/bin/curl
raw dcron_bin ${dcron-output:crond}
......@@ -39,6 +40,7 @@ context =
raw gitlab_workhorse ${gitlab-workhorse:location}/gitlab-workhorse
raw gunzip_bin ${gzip:location}/bin/gunzip
raw gzip_bin ${gzip:location}/bin/gzip
raw gzip_location ${gzip:location}
raw logrotate_bin ${logrotate:location}/usr/sbin/logrotate
raw nginx_bin ${nginx-output:nginx}
raw nginx_mime_types ${nginx-output:mime}
......
......@@ -15,6 +15,7 @@ extends =
# for instance
../../component/bash/buildout.cfg
../../component/bzip2/buildout.cfg
../../component/curl/buildout.cfg
../../component/gzip/buildout.cfg
../../component/dcron/buildout.cfg
......@@ -193,7 +194,7 @@ eggs =
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance.cfg.in
output = ${buildout:directory}/instance.cfg
md5sum = b40cd8824b978da867404d8955b06c18
md5sum = e5e7ddede71265987bb0c534b009aa45
[watcher-sigkill]
recipe = slapos.recipe.template:jinja2
......@@ -251,7 +252,7 @@ md5sum = 8f1c52ed223ee2c2d07c6c79bcd2f6c0
[instance-gitlab.cfg.in]
<= download-file
md5sum = 7a0ba60d09e6a62ffc1da34cf79737a0
md5sum = de4c2067597b39fb7db06c15ce6a1878
[macrolib.cfg.in]
<= download-file
......
......@@ -47,8 +47,8 @@ develop = true
[renderjs-install]
recipe = plone.recipe.command
stop-on-error = true
command = cd ${renderjs-repository.git:location} && PATH=${git:location}/bin/:${nodejs:location}/bin/:$PATH ${nodejs:location}/bin/npm install .
update_command = ${:command}
command = cd ${renderjs-repository.git:location} && PATH=${git:location}/bin/:${nodejs:location}/bin/:$PATH ${nodejs:location}/bin/npm install . && PATH=${git:location}/bin/:${nodejs:location}/bin/:$PATH ./node_modules/grunt-cli/bin/grunt
update-command = ${:command}
[jio-repository.git]
recipe = slapos.recipe.build:gitclone
......@@ -60,8 +60,8 @@ develop = true
[jio-install]
recipe = plone.recipe.command
stop-on-error = true
command = cd ${jio-repository.git:location} && PATH=${git:location}/bin/:${nodejs:location}/bin/:$PATH ${nodejs:location}/bin/npm install .
update_command = ${:command}
command = cd ${jio-repository.git:location} && PATH=${git:location}/bin/:${nodejs:location}/bin/:$PATH ${nodejs:location}/bin/npm install . && PATH=${git:location}/bin/:${nodejs:location}/bin/:$PATH ./node_modules/grunt-cli/bin/grunt
update-command = ${:command}
[rsvp-repository.git]
recipe = slapos.recipe.build:gitclone
......@@ -74,7 +74,7 @@ develop = true
recipe = plone.recipe.command
stop-on-error = true
command = cd ${rsvp-repository.git:location} && PATH=${git:location}/bin/:${nodejs:location}/bin/:$PATH ${nodejs:location}/bin/npm install .
update_command = ${:command}
update-command = ${:command}
[uritemplate-repository.git]
recipe = slapos.recipe.build:gitclone
......@@ -87,7 +87,7 @@ develop = true
recipe = plone.recipe.command
stop-on-error = true
command = cd ${uritemplate-repository.git:location} && PATH=${git:location}/bin/:${nodejs:location}/bin/:$PATH ${nodejs:location}/bin/npm install .
update_command = ${:command}
update-command = ${:command}
[template-nginx-service]
recipe = slapos.recipe.template
......
......@@ -92,7 +92,7 @@ command =
[template]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance.cfg.in
md5sum = 3950ee70a0a612d12b67e32854768af6
md5sum = 92c62e050aac47097f5ca81cb7f2acec
output = ${buildout:directory}/template.cfg
mode = 0644
......@@ -101,7 +101,7 @@ recipe = hexagonit.recipe.download
ignore-existing = true
url = ${:_profile_base_location_}/instance-kvm.cfg.jinja2
mode = 644
md5sum = 88d7622b207760f4c0bdb1b149730478
md5sum = 8b8d6410ca93314d5ee15d3db9f13aa5
download-only = true
on-update = true
......@@ -110,7 +110,7 @@ recipe = hexagonit.recipe.download
ignore-existing = true
url = ${:_profile_base_location_}/instance-kvm-cluster.cfg.jinja2.in
mode = 644
md5sum = d5c3728faa0972c55506b6cfc2359b59
md5sum = 51b5664e103e5c663895cb4d324719fd
download-only = true
on-update = true
......@@ -119,7 +119,7 @@ recipe = hexagonit.recipe.download
ignore-existing = true
url = ${:_profile_base_location_}/instance-kvm-resilient.cfg.jinja2
mode = 644
md5sum = e7c613f15fec8b440180d3c26476ed18
md5sum = c420aae56ecd64c94814647b74d9a4fb
download-only = true
on-update = true
......@@ -231,6 +231,16 @@ md5sum = 822737e483864bf255ad1259237bef2a
download-only = true
on-update = true
[file-download-script]
recipe = hexagonit.recipe.download
ignore-existing = true
url = ${:_profile_base_location_}/template/download_file.in
mode = 644
filename = download_file
md5sum = 599dbbbd438fe7801e3f8642ae9e9a78
download-only = true
on-update = true
[template-logrotate-base]
recipe = slapos.recipe.template:jinja2
filename = instance-logrotate-base.cfg
......
......@@ -55,6 +55,7 @@ context =
raw dash_executable_location ${dash:location}/bin/dash
raw dcron_executable_location ${dcron:location}/sbin/crond
raw debian_amd64_netinst_location ${debian-amd64-netinst.iso:location}/${debian-amd64-netinst.iso:filename}
raw file_download_script ${file-download-script:location}/${file-download-script:filename}
raw logrotate_cfg ${template-logrotate-base:rendered}
raw novnc_location ${noVNC:location}
raw netcat_bin ${netcat:location}/bin/netcat
......
......@@ -146,6 +146,11 @@
"description": "Set the list of public keys to add in your virtual machine. The public key file will be available in the VM via url http://10.0.2.100/authorized_keys if you keep the NAT interface enabled",
"type": "array"
},
"bootstrap-script-url": {
"title": "Virtual Machines bootstrap script URL.",
"description": "If dedicaced disk image is used, this script will be downloaded and run at first boot of the virtual machine. Set md5sum to URL like: http://example.com/file#MD5SUM. Get file in vm at http://10.0.2.100/vm-bootstrap.",
"type": "uri"
},
"cluster-data": {
"title": "Text content to share with virtual machines.",
"description": "Text content which will be written in a file data of cluster http server. All VM will be able to download that file via the static URL of cluster HTTP server: https://10.0.2.101/FOLDER_HASH/data.",
......@@ -322,7 +327,7 @@
"title": "Isolate the NAT Interface (No Internet access)",
"description": "If this option is enabled, the NAT interface will be isolated, i.e. it will not be able to contact the host and no guest IP packets will be routed over the host to the outside. This option does not affect any explicitly set nat rules.",
"type": "boolean",
"default": true
"default": false
},
"enable-vhost": {
"title": "Use vhost-net to improve network performance of tap interface",
......@@ -330,6 +335,11 @@
"type": "boolean",
"default": false
},
"bootstrap-script-url": {
"title": "VM bootstrap script URL.",
"description": "If dedicaced disk image is used, this script will be downloaded and run at first boot of the virtual machine. Set md5sum to URL like: http://example.com/file#MD5SUM. Get file in vm at http://10.0.2.100/vm-bootstrap.",
"type": "uri"
},
"data-to-vm": {
"title": "Text content to send to this virtual machine.",
"description": "Text content which will be written in a file 'data' of http server of this virtual machine instance. The file will be available via URL: http://10.0.2.100/data in the VM.",
......
......@@ -57,7 +57,7 @@ config-nat-rules = {{ nat_rules_list | join(' ') }}
config-publish-nat-url = True
config-use-nat = {{ use_nat }}
config-use-tap = {{ dumps(kvm_parameter_dict.get('use-tap', True)) }}
config-nat-restrict-mode = {{ dumps(kvm_parameter_dict.get('nat-restrict-mode', True)) }}
config-nat-restrict-mode = {{ dumps(kvm_parameter_dict.get('nat-restrict-mode', False)) }}
config-enable-vhost = {{ dumps(kvm_parameter_dict.get('enable-vhost', False)) }}
config-virtual-hard-drive-url = {{ dumps(kvm_parameter_dict.get('virtual-hard-drive-url', '')) }}
config-virtual-hard-drive-md5sum = {{ dumps(kvm_parameter_dict.get('virtual-hard-drive-md5sum', '')) }}
......@@ -83,6 +83,11 @@ config-document-path = ${hash-code:passwd}
config-keyboard-layout-language = {{ dumps(kvm_parameter_dict.get('keyboard-layout-language', 'fr')) }}
config-type = cluster
{% set bootstrap_script_url = slapparameter_dict.get('bootstrap-script-url', kvm_parameter_dict.get('bootstrap-script-url', '')) -%}
{% if bootstrap_script_url -%}
config-bootstrap-script-url = {{ bootstrap_script_url }}
{% endif -%}
{% set authorized_source_list = slapparameter_dict.get('fw-authorized-sources', []) -%}
{% set rejected_source_list = slapparameter_dict.get('fw-reject-sources', []) -%}
sla-fw_authorized_sources = {{ authorized_source_list | join(' ') }}
......@@ -223,7 +228,7 @@ username = admin
[monitor-instance-parameter]
monitor-httpd-port = 8060
monitor-title = KVM Cluster Main Instance
cors-domains = {{ slapparameter_dict.get('monitor-cors-domains', '') }}
cors-domains = {{ slapparameter_dict.get('monitor-cors-domains', 'monitor.app.officejs.com') }}
username = ${monitor-htpasswd:username}
password = ${monitor-htpasswd:passwd}
......@@ -235,15 +240,13 @@ monitor-url-list +=
private-path-list +=
${directory:webroot}/
[publish]
[publish-connection-information]
recipe = slapos.cookbook:publish
{% for name, value in publish_dict.items() -%}
{{ name }} = {{ value }}
{% endfor %}
{% set monitor_interface_url = slapparameter_dict.get('monitor-interface-url', 'https://monitor.app.officejs.com') -%}
{% if monitor_interface_url -%}
monitor-setup-url = {{ monitor_interface_url }}/#page=settings_configurator&url=${publish:monitor-url}
{% endif -%}
monitor-setup-url = {{ monitor_interface_url }}/#page=settings_configurator&url=${publish:monitor-url}&username=${publish:monitor-user}&password=${publish:monitor-password}
[buildout]
extends =
......@@ -254,18 +257,10 @@ parts =
httpd
httpd-graceful
httpd-promise
publish
publish-connection-information
directory-doc
monitor-base
cron-entry-logrotate
certificate-authority
monitor-conf
start-monitor
ca-httpd
monitor-httpd-promise
monitor-httpd-promise-conf
monitor-status2rss-cron-entry
# End monitor
# Complete parts with sections
......
......@@ -195,6 +195,11 @@
"description": "Set the public keys to add in your virtual machine. The public key file will be available in the VM via url http://10.0.2.100/authorized_keys if you keep the NAT interface enabled",
"type": "string"
},
"bootstrap-script-url": {
"title": "VM bootstrap script URL.",
"description": "If dedicaced disk image is used, this script will be downloaded and run at first boot of the virtual machine. Set md5sum to URL like: http://example.com/file#MD5SUM. Get file in vm at http://10.0.2.100/vm-bootstrap.",
"type": "uri"
},
"data-to-vm": {
"title": "Text content to send to this virtual machine.",
"description": "Text content which will be written in a file 'data' of http server of this virtual machine instance. The file will be available via URL: http://10.0.2.100/data in the VM.",
......
......@@ -7,7 +7,7 @@
{% set monitor_dict = {} -%}
{% if slapparameter_dict.get('enable-monitor', 'True').lower() == 'true' -%}
{% set monitor_return = ['monitor-base-url', 'monitor-url', 'monitor-user', 'monitor-password'] -%}
{% set monitor_return = ['monitor-base-url'] -%}
{% set monitor_parameter = {'monitor-cors-domains': slapparameter_dict.pop('monitor-cors-domains', "monitor.app.officejs.com")} -%}
{% set monitor_dict = {'parameter': monitor_parameter, 'return': monitor_return} -%}
{% endif -%}
......@@ -67,12 +67,7 @@ backend-url = ${request-kvm:connection-backend-url}
url = ${request-kvm:connection-url}
ipv6 = ${request-kvm:connection-ip}
monitor-base-url = ${publish:monitor-base-url}
monitor-url = ${publish:monitor-url}
monitor-user = ${publish:monitor-user}
monitor-password = ${publish:monitor-password}
{% if monitor_interface_url -%}
monitor-setup-url = {{ monitor_interface_url }}/#page=settings_configurator&url=${publish:monitor-url}
{% endif -%}
monitor-setup-url = {{ monitor_interface_url }}/#page=settings_configurator&url=${publish:monitor-url}&username=${publish:monitor-user}&password=${publish:monitor-password}
[kvm-frontend-url-promise]
# Check that url parameter is complete
......
......@@ -15,6 +15,14 @@
{% set monitor = False -%}
{% endif -%}
{% set bootstrap_url = '' -%}
{% set bootstrap_url_md5sum = '' -%}
{% if slapparameter_dict.get('bootstrap-script-url', '') -%}
{% set url_info_list = slapparameter_dict['bootstrap-script-url'].split('#') -%}
{% set bootstrap_url = url_info_list[0] -%}
{% set bootstrap_url_md5sum = url_info_list[1] -%}
{% endif -%}
{% if instance_type == 'cluster' -%}
{% set nat_rule_list = slapparameter_dict.get('nat-rules', '') %}
{% endif -%}
......@@ -366,12 +374,9 @@ tap-ipv4 = ${slap-network-information:tap-ipv4}
{% endif %}
{% if monitor -%}
monitor-base-url = ${publish:monitor-base-url}
monitor-url = ${publish:monitor-url}
monitor-user = ${publish:monitor-user}
monitor-password = ${publish:monitor-password}
{% set monitor_interface_url = slapparameter_dict.get('monitor-interface-url', 'https://monitor.app.officejs.com') -%}
{% if monitor_interface_url -%}
monitor-setup-url = {{ monitor_interface_url }}/#page=settings_configurator&url=${publish:monitor-url}
monitor-setup-url = {{ monitor_interface_url }}/#page=settings_configurator&url=${publish:monitor-url}&username=${publish:monitor-user}&password=${publish:monitor-password}
{% endif -%}
{% endif -%}
......@@ -496,6 +501,13 @@ context =
raw logs ${directory:public}/ansible
raw name {{ name }}
[download-bootstrap-script]
recipe = plone.recipe.command
file-location = ${directory:public}/vm-bootstrap
command = {{ python_executable }} {{ file_download_script }} {{ bootstrap_url }} {{ bootstrap_url_md5sum }} ${:file-location}
update-command =
stop-on-error = true
[cron-entry-logrotate]
<= cron
recipe = slapos.cookbook:cron.d
......@@ -584,6 +596,9 @@ keyboard-layout-language = fr
{% if slapparameter_dict.get('authorized-key', '') and slapparameter_dict.get('type', '') == 'cluster' %}
{% do part_list.append('get-authorized-key') -%}
{% endif -%}
{% if slapparameter_dict.get('bootstrap-script-url', '') -%}
{% do part_list.append('download-bootstrap-script') -%}
{% endif -%}
{% endif -%}
......@@ -605,14 +620,6 @@ parts =
{% if monitor -%}
# monitor parts
monitor-base
cron-entry-logrotate
certificate-authority
monitor-conf
start-monitor
ca-httpd
monitor-httpd-promise
monitor-httpd-promise-conf
monitor-status2rss-cron-entry
{% endif -%}
# Complete parts with sections
{{ part_list | join('\n ') }}
......
......@@ -88,6 +88,7 @@ context =
raw dash_executable_location ${dash:location}/bin/dash
raw dcron_executable_location ${dcron:location}/sbin/crond
raw debian_amd64_netinst_location ${debian-amd64-netinst.iso:location}/${debian-amd64-netinst.iso:filename}
raw file_download_script ${file-download-script:location}/${file-download-script:filename}
raw logrotate_cfg ${template-logrotate-base:rendered}
raw novnc_location ${noVNC:location}
raw netcat_bin ${netcat:location}/bin/netcat
......
......@@ -5,6 +5,6 @@ extends = development.cfg
[template]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-for-erp5testnode.cfg.in
md5sum = c528f36ffc119af457e318c5f1aec5b6
md5sum = 71b730997a6e3ce7f0579901401eab9c
output = ${buildout:directory}/template.cfg
mode = 0644
\ No newline at end of file
#!/usr/bin/env python
import os
import urllib
import hashlib
import sys
def md5Checksum(file_path):
with open(file_path, 'rb') as fh:
m = hashlib.md5()
while True:
data = fh.read(8192)
if not data:
break
m.update(data)
return m.hexdigest()
if __name__ == "__main__":
url, md5sum, destination_path = sys.argv[1:]
urllib.urlretrieve (url, destination_path)
computed_md5sum = md5Checksum(destination_path)
if computed_md5sum != md5sum:
os.remove(destination_path)
raise Exception('MD5 mismatch. MD5 of downloaded file is %s, Specified MD5 is %s.' % (
computed_md5sum, md5sum))
PidFile "{{ httpd_configuration.get('pid-file') }}"
ServerName example.com
ServerAdmin someone@email
<IfDefine !MonitorPort>
Listen [{{ httpd_configuration.get('listening-ip') }}]:{{ monitor_parameters.get('port') }}
Define MonitorPort
</IfDefine>
DocumentRoot "{{ directory.get('www') }}"
ErrorLog "{{ httpd_configuration.get('error-log') }}"
LoadModule unixd_module modules/mod_unixd.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule mime_module modules/mod_mime.so
LoadModule cgid_module modules/mod_cgid.so
LoadModule dir_module modules/mod_dir.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule alias_module modules/mod_alias.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule headers_module modules/mod_headers.so
LoadModule env_module modules/mod_env.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
SetEnvIf Origin "http(s)?://(www\.)?(.*)$" AccessControlAllowOrigin=$0
Header always set Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
Header set Access-Control-Allow-Credentials "true"
Header set Access-Control-Allow-Methods "PROPFIND, PROPPATCH, COPY, MOVE, DELETE, MKCOL, LOCK, UNLOCK, PUT, GETLIB, VERSION-CONTROL, CHECKIN, CHECKOUT, UNCHECKOUT, REPORT, UPDATE, CANCELUPLOAD, HEAD, OPTIONS, GET, POST"
Header set Access-Control-Allow-Headers "Overwrite, Destination, Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control, Authorization"
Header set Access-Control-Expose-Headers "Content-Disposition, Content-Type, Content-Length, WWW-Authenticate, WWW-Logout, Location, Date, Last-Modified, ETag, Accept-Ranges, Content-Range"
# SSL Configuration
<IfDefine !SSLConfigured>
Define SSLConfigured
SSLCertificateFile {{ httpd_configuration.get('certificate') }}
SSLCertificateKeyFile {{ httpd_configuration.get('key') }}
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLRandomSeed startup /dev/urandom 256
SSLRandomSeed connect builtin
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
SSLHonorCipherOrder on
SSLSessionCache shmcb:/{{ directory.get("mod-ssl") }}/ssl_scache(512000)
SSLSessionCacheTimeout 300
</IfDefine>
SSLEngine On
ScriptSock {{ httpd_configuration.get('cgid-pid-file') }}
<Directory {{ directory.get('www') }}>
SSLVerifyDepth 1
SSLRequireSSL
SSLOptions +StrictRequire
# XXX: security????
Options +ExecCGI
AddHandler cgi-script .cgi
DirectoryIndex {{ monitor_parameters.get('index-filename') }}
</Directory>
Alias /{{ monitor_private_hash }} {{ directory.get('private-directory') }}/
<Directory {{ directory.get('private-directory') }}>
Order Allow,Deny
Allow from all
AllowOverride All
Satisfy Any
Options Indexes FollowSymLinks
DirectoryIndex index.html
<Files .htaccess>
order allow,deny
deny from all
</Files>
</Directory>
{% set slave_list = json_module.loads(slave_information.get('slave_instance_list', '{}')) -%}
{% for slave_instance in slave_list -%}
alias /{{ slave_instance.get('slave_reference') }} {{ directory.get('private-directory') }}/network-user-logs/{{ slave_instance.get('slave_reference') }}
<Directory {{ directory.get('private-directory') }}/network-user-logs/{{ slave_instance.get('slave_reference') }}>
Order Allow,Deny
Allow from all
AllowOverride All
Satisfy Any
Options Indexes FollowSymLinks
DirectoryIndex index.html
<Files .htaccess>
order allow,deny
deny from all
</Files>
</Directory>
{% endfor -%}
<Location /rewrite>
AuthType Basic
AuthName "Private access"
AuthUserFile "{{ monitor_parameters.get('htaccess-file') }}"
Require valid-user
</Location>
ProxyVia On
RewriteEngine On
{% for key, value in monitor_rewrite_rule.iteritems() %}
RewriteRule ^/rewrite/{{ key }}($|/.*) {{ value }}/$1 [P,L]
{% endfor %}
......@@ -13,104 +13,135 @@
</secondary>
</match>
## match tag=debug.** and dump to console
<match debug.**>
type stdout
{% set wendelin_streamtool_uri = slapparameter_dict.get('wendelin-streamtool-uri', '') -%}
{% set wendelin_password = slapparameter_dict.get('wendelin-password', '') -%}
{% set wendelin_user = slapparameter_dict.get('wendelin-user', '') -%}
{% set wendelin_uid = slapparameter_dict.get('wendelin-uid', 'UNKNOWN') -%}
{% if wendelin_streamtool_uri and wendelin_password and wendelin_user -%}
<source>
type syslog
port 42185
bind 127.0.0.1
tag {{ wendelin_uid }}.system
</source>
<match {{ wendelin_uid }}.system.**>
@type wendelin
@id wendelin_out
streamtool_uri {{ wendelin_streamtool_uri }}_syslog
user {{ wendelin_user }}
password {{ wendelin_password }}
buffer_type memory
flush_interval 20s
</match>
<source>
type tail
path {{ crawl_log_directory }}/*/*ping.log.20*
pos_file {{ crawl_log_directory }}/tail_in_ping.pos
tag slapos.monitor.networktest.ping.ipv4
format /^(?<time>[^;]*);(?<computer_name>[^;]*);(?<type>[^;]*);(?<name_or_ip>[^;]*);(?<code>[^;]*);(?<average>[^;]*);(?<packet_lost>[^;]*);(?<extra>[^;]*)$/
path {{ fluentd_log_directory }}/consumption/*/dump_user.csv
pos_file {{ fluentd_log_directory }}/consumption/dump_user.pos
tag slapos.monitor.usage.user.{{ wendelin_uid }}
format /^(?<partition>[^,]*),(?<pid>[^,]*),(?<process>[^,]*),(?<cpu_percent>[^,]*),(?<cpu_time>[^,]*),(?<cpu_num_threads>[^,]*),(?<memory_percent>[^,]*),(?<memory_rss>[^,]*),(?<io_rw_counter>[^,]*),(?<io_cycles_counter>[^,]*),(?<date>[^,]*),(?<time>[^,]*),(?<reported>[^,]*)$/
read_from_head true
</source>
<match slapos.monitor.usage.user.{{ wendelin_uid }}>
@type wendelin
@id wendelin_out
streamtool_uri {{ wendelin_streamtool_uri }}_user
user {{ wendelin_user }}
password {{ wendelin_password }}
buffer_type memory
flush_interval 20s
</match>
<source>
type tail
path {{ crawl_log_directory }}/*/*ping6.log.20*
pos_file {{ crawl_log_directory }}/tail_in_ping6.pos
tag slapos.monitor.networktest.ping.ipv6
format /^(?<time>[^;]*);(?<computer_name>[^;]*);(?<type>[^;]*);(?<name_or_ip>[^;]*);(?<code>[^;]*);(?<average>[^;]*);(?<packet_lost>[^;]*);(?<extra>[^;]*)$/
path {{ fluentd_log_directory }}/consumption/*/dump_system.csv
pos_file {{ fluentd_log_directory }}/consumption/dump_system.pos
tag slapos.monitor.usage.system.{{ wendelin_uid }}
format /^(?<loadavg>[^,]*),(?<cpu_percent>[^,]*),(?<memory_used>[^,]*),(?<memory_free>[^,]*),(?<net_in_bytes>[^,]*),(?<net_in_errors>[^,]*),(?<net_in_dropped>[^,]*),(?<net_out_bytes>[^,]*),(?<net_out_errors>[^,]*),(?<net_out_dropped>[^,]*),(?<date>[^,]*),(?<time>[^,]*),(?<reported>[^,]*)$/
read_from_head true
</source>
<match slapos.monitor.networktest.ping.*>
type copy
{% for slave_instance in slave_instance_list -%}
{% if slave_instance.get("ping_ip_list") -%}
<store>
type grep
regexp1 name_or_ip ^{{ slave_instance.get("ping_ip_list") }}$
add_tag_prefix {{ slave_instance.get("slave_reference") }}
</store>
{% endif -%}
{% if slave_instance.get("ping6_ip_list") -%}
<store>
type grep
regexp1 name_or_ip ^{{ slave_instance.get("ping6_ip_list") }}$
add_tag_prefix {{ slave_instance.get("slave_reference") }}
</store>
{% endif -%}
{% endfor -%}
</match>
<match slapos.monitor.usage.system.{{ wendelin_uid }}>
@type wendelin
@id wendelin_out
{% for slave_instance in slave_instance_list -%}
<match {{ slave_instance.get("slave_reference") }}.slapos.monitor.networktest.ping.ipv6>
type file
path {{ network_user_logs }}/{{ slave_instance.get("slave_reference") }}/ping6/log
append true
include_time_key true
include_tag_key true
format json
</match>
<match {{ slave_instance.get("slave_reference") }}.slapos.monitor.networktest.ping.ipv4>
type file
path {{ network_user_logs }}/{{ slave_instance.get("slave_reference") }}/ping/log
append true
include_time_key true
include_tag_key true
format json
streamtool_uri {{ wendelin_streamtool_uri }}_system
user {{ wendelin_user }}
password {{ wendelin_password }}
buffer_type memory
flush_interval 20s
</match>
{% endfor -%}
<source>
type tail
path {{ network_user_logs }}/*/ping*/log/*.log
pos_file {{ crawl_log_directory }}/tail_in_ping6.pos
tag slapos.wendelin.networktest
format json
path {{ fluentd_log_directory }}/consumption/*/dump_computer.csv
pos_file {{ fluentd_log_directory }}/consumption/dump_computer.pos
tag slapos.monitor.usage.computer.{{ wendelin_uid }}
format /^(?<cpu_num_core>[^,]*),(?<cpu_frequency>[^,]*),(?<cpu_type>[^,]*),(?<memory_size>[^,]*),(?<memory_type>[^,]*),(?<partition_list>[^,]*),(?<date>[^,]*),(?<time>[^,]*),(?<reported>[^,]*)$/
read_from_head true
</source>
{% set wendelin_streamtool_uri = slapparameter_dict.get('wendelin-streamtool-uri', '') -%}
{% set wendelin_password = slapparameter_dict.get('wendelin-password', '') -%}
{% set wendelin_user = slapparameter_dict.get('wendelin-user', '') -%}
{% if wendelin_streamtool_uri and wendelin_password and wendelin_user -%}
<match slapos.wendelin.networktest>
<match slapos.monitor.usage.computer.{{ wendelin_uid }}>
@type wendelin
@id wendelin_out
streamtool_uri {{ wendelin_streamtool_uri }}
streamtool_uri {{ wendelin_streamtool_uri }}_computer
user {{ wendelin_user }}
password {{ wendelin_password }}
buffer_type memory
flush_interval 20s
</match>
{% endif -%}
## SOURCE
<source>
type forward
type tail
path {{ fluentd_log_directory }}/consumption/*/dump_disk.csv
pos_file {{ fluentd_log_directory }}/consumption/dump_disk.pos
tag slapos.monitor.usage.disk.{{ wendelin_uid }}
format /^(?<partition>[^,]*),(?<used>[^,]*),(?<free>[^,]*),(?<mountpoint>[^,]*),(?<date>[^,]*),(?<time>[^,]*),(?<reported>[^,]*)$/
read_from_head true
</source>
## live debugging agent
<match slapos.monitor.usage.disk.{{ wendelin_uid }}>
@type wendelin
@id wendelin_out
streamtool_uri {{ wendelin_streamtool_uri }}_disk
user {{ wendelin_user }}
password {{ wendelin_password }}
buffer_type memory
flush_interval 20s
</match>
<source>
type debug_agent
bind 127.0.0.1
port 24230
type tail
path {{ fluentd_log_directory }}/consumption/*/dump_temperature.csv
pos_file {{ fluentd_log_directory }}/consumption/dump_temperature.pos
tag slapos.monitor.usage.temperature.{{ wendelin_uid }}
format /^(?<sensor_id>[^,]*),(?<temperature>[^,]*),(?<alarm>[^,]*),(?<date>[^,]*),(?<time>[^,]*),(?<reported>[^,]*)$/
read_from_head true
</source>
<match slapos.monitor.usage.temperature.{{ wendelin_uid }}>
@type wendelin
@id wendelin_out
streamtool_uri {{ wendelin_streamtool_uri }}_temperature
user {{ wendelin_user }}
password {{ wendelin_password }}
buffer_type memory
flush_interval 20s
</match>
{% endif -%}
# DESTINATION
<match td.*.*>
type tdlog
apikey YOUR_API_KEY
auto_create_table
buffer_type file
buffer_path {{ fluentd_log_directory }}/td-agent/buffer/td
<secondary>
type file
path {{ fluentd_log_directory }}/failed_records
</secondary>
</match>
## match tag=debug.** and dump to console
<match debug.**>
type stdout
</match>
<source>
type tail
path {{ crawl_log_directory }}/*/*ping.log.20*
pos_file {{ crawl_log_directory }}/tail_in_ping.pos
tag slapos.monitor.networktest.ping.ipv4
format /^(?<time>[^;]*);(?<computer_name>[^;]*);(?<type>[^;]*);(?<name_or_ip>[^;]*);(?<code>[^;]*);(?<average>[^;]*);(?<packet_lost>[^;]*);(?<extra>[^;]*)$/
read_from_head true
</source>
<source>
type tail
path {{ crawl_log_directory }}/*/*ping6.log.20*
pos_file {{ crawl_log_directory }}/tail_in_ping6.pos
tag slapos.monitor.networktest.ping.ipv6
format /^(?<time>[^;]*);(?<computer_name>[^;]*);(?<type>[^;]*);(?<name_or_ip>[^;]*);(?<code>[^;]*);(?<average>[^;]*);(?<packet_lost>[^;]*);(?<extra>[^;]*)$/
read_from_head true
</source>
<match slapos.monitor.networktest.ping.*>
type copy
{% for slave_instance in slave_instance_list -%}
{% if slave_instance.get("ping_ip_list") -%}
<store>
type grep
regexp1 name_or_ip ^{{ slave_instance.get("ping_ip_list") }}$
add_tag_prefix {{ slave_instance.get("slave_reference") }}
</store>
{% endif -%}
{% if slave_instance.get("ping6_ip_list") -%}
<store>
type grep
regexp1 name_or_ip ^{{ slave_instance.get("ping6_ip_list") }}$
add_tag_prefix {{ slave_instance.get("slave_reference") }}
</store>
{% endif -%}
{% endfor -%}
</match>
{% for slave_instance in slave_instance_list -%}
<match {{ slave_instance.get("slave_reference") }}.slapos.monitor.networktest.ping.ipv6>
type file
path {{ network_user_logs }}/{{ slave_instance.get("slave_reference") }}/ping6/log
append true
include_time_key true
include_tag_key true
format json
</match>
<match {{ slave_instance.get("slave_reference") }}.slapos.monitor.networktest.ping.ipv4>
type file
path {{ network_user_logs }}/{{ slave_instance.get("slave_reference") }}/ping/log
append true
include_time_key true
include_tag_key true
format json
</match>
{% endfor -%}
<source>
type tail
path {{ network_user_logs }}/*/ping*/log/*.log
pos_file {{ crawl_log_directory }}/tail_in_ping6.pos
tag slapos.wendelin.networktest
format json
read_from_head true
</source>
{% set wendelin_streamtool_uri = slapparameter_dict.get('wendelin-streamtool-uri', '') -%}
{% set wendelin_password = slapparameter_dict.get('wendelin-password', '') -%}
{% set wendelin_user = slapparameter_dict.get('wendelin-user', '') -%}
{% if wendelin_streamtool_uri and wendelin_password and wendelin_user -%}
<match slapos.wendelin.networktest>
@type wendelin
@id wendelin_out
streamtool_uri {{ wendelin_streamtool_uri }}
user {{ wendelin_user }}
password {{ wendelin_password }}
buffer_type memory
flush_interval 20s
</match>
{% endif -%}
## SOURCE
<source>
type forward
</source>
## live debugging agent
<source>
type debug_agent
bind 127.0.0.1
port 24230
</source>
#!{{ extra_eggs_interpreter }}
# Beginning of response
print "Content-Type: text/plain"
print
print "OK"
......@@ -10,10 +10,10 @@ context =
[slave-test-configuration]
<=jinja2-template-base
template = {{ template_json_distributor_test }}
filename = srv/monitor-private/test.json
filename = srv/monitor/private/test.json
extensions = jinja2.ext.do
extra-context =
section slave_information slap-parameter
section slave_information slap-configuration
{% set part_list = [] -%}
# Publish information for each slave
......@@ -27,7 +27,7 @@ extra-context =
recipe = slapos.cookbook:publish
-slave-reference = {{ slave_instance.get('slave_reference') }}
log-access-url = ${monitor-frontend:connection-site_url}/{{ slave_instance.get('slave_reference') }}
log-access-url-v6 = ${monitor-parameters:url}/{{ slave_instance.get('slave_reference') }}
log-access-url-v6 = ${monitor-httpd-conf-parameter:url}/{{ slave_instance.get('slave_reference') }}
{% endfor %}
......@@ -49,13 +49,12 @@ command = cd ${monitor-directory:crawl-log}/{{ entry }} && ${crawler-bin:wrapper
{% endif %}
[monitor-directory]
fluentd-log = ${:log}/fluentd
crawl-log = ${:srv}/crawlog
network-user-logs = ${:private-directory}/network-user-logs/
network-user-logs = ${:private}/network-user-logs/
{% for slave_instance in slave_instance_list -%}
user-log-{{ slave_instance.get('slave_reference') }}-folder = ${:private-directory}/network-user-logs/{{ slave_instance.get('slave_reference') }}
user-log-{{ slave_instance.get('slave_reference') }}-ping-folder = ${:private-directory}/network-user-logs/{{ slave_instance.get('slave_reference') }}/ping
user-log-{{ slave_instance.get('slave_reference') }}-ping6-folder = ${:private-directory}/network-user-logs/{{ slave_instance.get('slave_reference') }}/ping6
user-log-{{ slave_instance.get('slave_reference') }}-folder = ${:private}/network-user-logs/{{ slave_instance.get('slave_reference') }}
user-log-{{ slave_instance.get('slave_reference') }}-ping-folder = ${:private}/network-user-logs/{{ slave_instance.get('slave_reference') }}/ping
user-log-{{ slave_instance.get('slave_reference') }}-ping6-folder = ${:private}/network-user-logs/{{ slave_instance.get('slave_reference') }}/ping6
{% endfor -%}
{% for directory in directory_list %}
......@@ -74,35 +73,26 @@ parameters-extra = true
extends = {{ instance_base_monitor }}
parts +=
slave-test-configuration
fluentd-wrapper
fluentd-distributor-wrapper
{% for part in part_list %}
{{ ' %s' % part }}
{% endfor %}
[fluentd-wrapper]
recipe = slapos.cookbook:wrapper
command-line = {{ fluentd_location }}/bin/fluentd -l ${monitor-directory:log}/fluend.log -c ${fluentd-conf-configuration:rendered}
wrapper-path = ${monitor-directory:service}/fluentd
environment =
GEM_PATH={{ fluentd_location }}/lib/ruby/gems/1.8/
[fluentd-distributor-wrapper]
<=fluentd-wrapper
command-line = {{ fluentd_location }}/bin/fluentd -l ${monitor-directory:log}/fluend-distributor.log -c ${fluentd-distributor-conf-configuration:rendered}
wrapper-path = ${monitor-directory:service}/fluentd-distributor
[fluentd-conf-configuration]
[fluentd-distributor-conf-configuration]
recipe = slapos.recipe.template:jinja2
template = {{ fluent_conf_output }}
rendered = ${monitor-directory:etc}/fluentd.cfg
template = {{ fluent_distributor_conf_output }}
rendered = ${monitor-directory:etc}/fluentd-distributor.cfg
mode = 0744
context =
key slapparameter_dict slap-configuration:configuration
key slave_instance_list slap-parameters:slave-instance-list
key slave_instance_list slap-configuration:slave-instance-list
key fluentd_log_directory monitor-directory:fluentd-log
key crawl_log_directory monitor-directory:crawl-log
key network_user_logs monitor-directory:network-user-logs
[slap-configuration]
recipe = slapos.cookbook:slapconfiguration.serialised
computer = ${slap-connection:computer-id}
partition = ${slap-connection:partition-id}
url = ${slap-connection:server-url}
key = ${slap-connection:key-file}
cert = ${slap-connection:cert-file}
key computer_id slap-configuration:computer
[buildout]
extends = {{ monitor_template_output }}
parts =
publish-connection-informations
cron
certificate-authority
cron-entry-monitor
cron-entry-rss
deploy-index
deploy-settings-cgi
deploy-status-cgi
deploy-status-history-cgi
setup-static-files
certificate-authority
zero-parameters
public-symlink
cgi-httpd-wrapper
cgi-httpd-graceful-wrapper
monitor-promise
monitor-instance-log-access
cron-network-bench
symlink-re6st-logs
symlink-collected-logs
extends = {{ monitor_template_output }}
monitor-collect-csv-wrapper
fluentd-wrapper
monitor-base
publish-connection-information
eggs-directory = {{ eggs_directory }}
......@@ -52,8 +40,7 @@ template = {{ network_benck_cfg_output }}
rendered = ${monitor-directory:etc}/network_bench.cfg
mode = 0744
context =
key slapparameter_dict slap-parameters:configuration
key slapparameter_dict slap-configuration:configuration
[pwgen]
recipe = slapos.cookbook:generate.password
......@@ -66,38 +53,16 @@ user = admin
bytes = 16
[monitor-directory]
server-log = ${:private-directory}/server-log
monitor-log = ${:private-directory}/monitor-log
service = ${buildout:directory}/etc/service
var = ${buildout:directory}/var
srv = ${buildout:directory}/srv
server-log = ${:private}/server-log
monitor-log = ${:private}/monitor-log
cache = ${:var}/cache
mod-ssl = ${:cache}/httpd_mod_ssl
system-log = ${:private-directory}/system-log
[slap-parameter]
private-hash = ${pwgen:passwd}${pwgen32:passwd}
frontend-domain =
[monitor-frontend]
recipe = slapos.cookbook:requestoptional
name = Monitor Frontend
# XXX We have hardcoded SR URL here.
software-url = product.frontend
software-type = custom-personal
slave = true
config-url = ${monitor-parameters:url}
config-domain = ${slap-parameter:frontend-domain}
return = site_url domain
server-url = ${slap-connection:server-url}
key-file = ${slap-connection:key-file}
cert-file = ${slap-connection:cert-file}
computer-id = ${slap-connection:computer-id}
partition-id = ${slap-connection:partition-id}
[publish-connection-informations]
recipe = slapos.cookbook:publish
monitor_url = ${monitor-parameters:url}
server_log_url = ${:url}${slap-parameter:private-hash}/
url = ${monitor-frontend:connection-site_url}
system-log = ${:private}/system-log
fluentd-log = ${:log}/fluentd
consumption = ${:fluentd-log}/consumption
[monitor-httpd-configuration-file]
context =
......@@ -106,6 +71,47 @@ context =
section monitor_parameters monitor-parameters
section httpd_configuration monitor-httpd-configuration
section monitor_rewrite_rule monitor-rewrite-rule
section slave_information slap-parameter
key monitor_private_hash slap-parameter:private-hash
section slave_information slap-configuration
key monitor_private_hash slap-configuration:private-hash
[fluentd-wrapper]
recipe = slapos.cookbook:wrapper
command-line = {{ fluentd_location }}/bin/fluentd -l ${monitor-directory:log}/fluend.log -c ${fluentd-conf-configuration:rendered}
wrapper-path = ${monitor-directory:service}/fluentd
environment =
GEM_PATH={{ fluentd_location }}/lib/ruby/gems/1.8/
[fluentd-conf-configuration]
recipe = slapos.recipe.template:jinja2
template = {{ fluent_conf_output }}
rendered = ${monitor-directory:etc}/fluentd.cfg
mode = 0744
context =
key slapparameter_dict slap-configuration:configuration
key slave_instance_list slap-configuration:slave-instance-list
key fluentd_log_directory monitor-directory:fluentd-log
key computer_id slap-connection:computer-id
[monitor-collect-csv-wrapper]
recipe = slapos.cookbook:wrapper
command-line =
${monitor-directory:bin}/python {{ monitor_collect_csv_dump }} --output_folder ${monitor-directory:fluentd-log}/consumption/
wrapper-path = ${monitor-directory:reports}/monitor-collect-csv-dump
parameters-extra = true
[publish-connection-information]
recipe = slapos.cookbook:publish
monitor-setup-url = https://monitor.app.officejs.com/#page=settings_configurator&url=${publish:monitor-url}&username=${publish:monitor-user}&password=${publish:monitor-password}
server_log_url = ${publish:monitor-base-url}/${slap-configuration:private-hash}/
[slap-configuration]
recipe = slapos.cookbook:slapconfiguration.serialised
computer = ${slap-connection:computer-id}
partition = ${slap-connection:partition-id}
url = ${slap-connection:server-url}
key = ${slap-connection:key-file}
cert = ${slap-connection:cert-file}
private-hash = ${pwgen:passwd}${pwgen32:passwd}
frontend-domain =
......@@ -13,7 +13,7 @@ distributor = $${instance-base-distributor:rendered}
[instance-base-monitor]
recipe = slapos.recipe.template:jinja2
template = ${template-monitor:destination}
rendered = $${buildout:directory}/template-monitor.cfg
rendered = $${buildout:directory}/template-base-monitor.cfg
extensions = jinja2.ext.do
context = key buildout buildout:bin-directory
key develop_eggs_directory buildout:develop-eggs-directory
......@@ -21,12 +21,15 @@ context = key buildout buildout:bin-directory
key slapparameter_dict slap-configuration:configuration
raw monitor_template_output ${monitor-template:output}
raw network_benck_cfg_output ${network-bench-cfg:output}
raw fluentd_location ${fluentd:location}
raw fluent_conf_output ${fluentd-agent-conf:output}
raw monitor_collect_csv_dump ${monitor-collect-csv-dump:output}
mode = 0644
[instance-base-distributor]
recipe = slapos.recipe.template:jinja2
template = ${template-monitor-distributor:destination}
rendered = $${buildout:directory}/template-monitor-distributor.cfg
rendered = $${buildout:directory}/template-monitor-base-distributor.cfg
extensions = jinja2.ext.do
context = import json_module json
key buildout buildout:bin-directory
......@@ -36,8 +39,8 @@ context = import json_module json
key instance_base_monitor instance-base-monitor:rendered
key slave_instance_list slap-configuration:slave-instance-list
raw template_json_distributor_test ${json-test-template:destination}
raw fluent_conf_output ${fluentd-agent-conf:output}
raw fluentd_location ${fluentd:location}
raw fluent_distributor_conf_output ${fluentd-agent-distributor-conf:output}
raw wget_bin ${wget:location}/bin/wget
mode = 0644
......@@ -48,3 +51,4 @@ partition = $${slap-connection:partition-id}
url = $${slap-connection:server-url}
key = $${slap-connection:key-file}
cert = $${slap-connection:cert-file}
# -*- coding: utf-8 -*-
##############################################################################
#
# Copyright (c) 2010-2016 Vifib SARL and Contributors.
# All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public License
# as published by the Free Software Foundation; either version 2.1
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
import os
import argparse
import csv
from slapos.util import mkdir_p
from slapos.collect.db import Database
def skip_bootstrap(self):
return
Database._bootstrap = skip_bootstrap
def parseArguments():
"""
Parse arguments for monitor collector instance.
"""
parser = argparse.ArgumentParser()
parser.add_argument('--output_folder',
help='Path of the folder where output files should be written.')
parser.add_argument('--collector_db',
default='/srv/slapgrid/var/data-log/',
help='The path of slapos collect database is located.')
return parser.parse_args()
def writeFile(name, folder, date_scope, rows):
if os.path.exists(
os.path.join(folder, "%s/dump_%s.csv" % (date_scope, name))):
# File already exists, no reason to recreate it.
return
mkdir_p(os.path.join(folder, date_scope), 0o755)
file_io = open(os.path.join(folder, "%s/dump_%s.csv" % (date_scope, name)), "w")
csv_output = csv.writer(file_io)
csv_output.writerows(rows)
file_io.close()
def dump_table_into_csv(db, folder):
db.connect()
table_list = db.getTableList()
# Save all dates first, as db.selector may switch the cursor
date_list = [(date_scope, _) \
for date_scope, _ in db.getDateScopeList(reported=1)]
for date_scope, amount in date_list:
for table in table_list:
if os.path.exists(
os.path.join(folder, "%s/dump_%s.csv" % (date_scope, table))):
# File already exists, no reason to recreate it.
continue
writeFile(table, folder, date_scope,
db.select(table, date_scope))
db.close()
if __name__ == "__main__":
parser = parseArguments()
if parser.output_folder is None:
raise Exception("Invalid ouput folder: %s" % parser.output_folder)
if parser.collector_db is None:
raise Exception("Invalid collector database folder: %s" % parser.collector_db)
if not os.path.exists(parser.output_folder) and \
os.path.isdir(parser.output_folder):
raise Exception("Invalid ouput folder: %s" % parser.output_folder)
if not os.path.exists(parser.collector_db):
print "Collector database not found..."
dump_table_into_csv(Database(parser.collector_db), parser.output_folder)
......@@ -11,35 +11,35 @@ extends =
parts =
wget
slapos-cookbook
slapos-toolbox
network-bench-cfg
json-test-template
template
template-monitor-distributor
template-monitor
eggs
fluentd
fluentd-agent-conf
fluentd-agent-distributor-conf
monitor-collect-csv-dump
[template]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance.cfg
output = ${buildout:directory}/template.cfg
md5sum = b38c5da7dd4165154a8817f76015e374
md5sum = 0c5e94beede86a91d7b01f61a7290f86
mode = 0644
[template-monitor]
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/instance-monitor.cfg.jinja2
destination = ${buildout:directory}/template-monitor.cfg
md5sum = 810ed8199682068e27b62659d7fa101f
destination = ${buildout:directory}/template-base-monitor.cfg
md5sum = 4649ce8bc496cf7560c2e994f0b332ee
mode = 0644
[template-monitor-distributor]
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/instance-monitor-distributor.cfg.jinja2
destination = ${buildout:directory}/template-monitor-distributor.cfg
md5sum = d1253cf11c2b335b8bec5807e821d537
destination = ${buildout:directory}/template-monitor-base-distributor.cfg
md5sum = f579fe67fa1670b46d522b1e5f35c49c
mode = 0644
[json-test-template]
......@@ -49,16 +49,6 @@ destination = ${buildout:directory}/json-test-template.json.in.jinja2
md5sum = 2eb5596544d9c341acf653d4f7ce2680
mode = 0644
# stupify index for now
[index]
url = ${:_profile_base_location_}/${:filename}
md5sum = 876f18b159fbd9325332d0f42e9172ac
[monitor-httpd-template]
url = ${:_profile_base_location_}/${:filename}
md5sum = e89b66a90409bb8e9099aa197803d337
[network-bench-cfg]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/network_bench.cfg.in
......@@ -69,17 +59,33 @@ mode = 0644
[fluentd-agent-conf]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/fluentd-agent.conf.jinja2.in
md5sum = 4b81ddcbe2f16d23013caac37151d396
md5sum = 3ea59906937eab7aeef78f46c4994ecd
output = ${buildout:directory}/fluentd-agent.conf.jinja2.in
mode = 0644
[slapos-toolbox]
recipe = zc.recipe.egg
eggs =
[fluentd-agent-distributor-conf]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/fluentd-distributor-agent.conf.jinja2.in
md5sum = 4b81ddcbe2f16d23013caac37151d396
output = ${buildout:directory}/fluentd-agent-distributor.conf.jinja2.in
mode = 0644
[monitor-collect-csv-dump]
<= monitor-template-script
url = ${:_profile_base_location_}/script/${:filename}
filename = collect_csv_dump.py
output = ${:destination}/${:filename}
md5sum = cad2402bbd21907cfed6bc5af8c5d3ab
[extra-eggs]
<= monitor-eggs
interpreter = pythonwitheggs
eggs +=
${lxml-python:egg}
${pycurl:egg}
${python-cryptography:egg}
slapos.toolbox
slapos.core
scripts =
networkbench
......@@ -89,43 +95,11 @@ scripts =
gems +=
fluent-plugin-wendelin==0.1.alpha1
fluent-plugin-grep==0.3.4
fluent-plugin-bin==0.1
[eggs]
recipe = zc.recipe.egg
eggs =
cns.recipe.symlink
[monitor-eggs]
eggs +=
slapos.cookbook
slapos.recipe.cmmi
hexagonit.recipe.download
plone.recipe.command
[versions]
PyRSS2Gen = 1.1
apache-libcloud = 1.0.0rc2
cns.recipe.symlink = 0.2.3
gitdb = 0.6.4
pycurl = 7.43.0
rubygemsrecipe = 0.2.2
slapos.recipe.template = 2.9
slapos.toolbox = 0.55
smmap = 0.9.0
# Required by:
# slapos.toolbox==0.55
GitPython = 2.0.5
# Required by:
# slapos.toolbox==0.55
atomize = 0.2.0
# Required by:
# slapos.toolbox==0.55
feedparser = 5.2.1
# Required by:
# slapos.toolbox==0.55
lockfile = 0.12.2
# Required by:
# slapos.toolbox==0.55
paramiko = 2.0.0
......@@ -54,7 +54,7 @@ mode = 0644
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-runner.cfg
output = ${buildout:directory}/template-runner.cfg.in
md5sum = 66dba3331f49492d317e9c14d68d1bcb
md5sum = f2d704c269244c4eb842aefbc9ff9201
mode = 0644
[template-runner-import-script]
......@@ -92,7 +92,7 @@ mode = 0644
[template-resilient]
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/instance-resilient.cfg.jinja2
md5sum = bf853ab13b564be991b42e74f631023a
md5sum = 7b3f74b6ab491e907bbdef2ff40a7791
filename = instance-resilient.cfg.jinja2
mode = 0644
......@@ -119,7 +119,7 @@ recipe = hexagonit.recipe.download
ignore-existing = true
url = ${:_profile_base_location_}/httpd_conf.in
download-only = true
md5sum = 505edf5a6a39edf0238bd42934503f1b
md5sum = 8067164fa87c7ca2c59d1625a34c5850
filename = httpd_conf.in
mode = 0644
......
......@@ -92,6 +92,7 @@ Alias /share {{ parameters.runner_home }}
</Directory>
SetEnv GIT_HTTP_EXPORT_ALL
ScriptSock {{ parameters.cgid_sock }}
ScriptAlias /git/ {{ parameters.git_http_backend }}/
ScriptAlias /git-public/ {{ parameters.git_http_backend }}/
......
......@@ -5,11 +5,13 @@
# set to false (else it could be dangerous)
{% do slapparameter_dict.__setitem__('auto-deploy', slapparameter_dict.get('auto-deploy', 'true')) %}
{% do slapparameter_dict.__setitem__('auto-deploy-instance', slapparameter_dict.get('auto-deploy-instance', 'false')) %}
{% do slapparameter_dict.__setitem__('instance-type', 'resilient') %}
# let decide the number of clones we want. We can't have more than 2 clones
{% set number_of_instances = slapparameter_dict.get('resilient-clone-number', 1)|int %}
{% if number_of_instances > 2 %}
{% set number_of_instances = 2 %}
{% endif %}
{% set slaprunner_return = ['url', 'ssh-public-key', 'ssh-url', 'notification-id', 'ip', 'backend_url', 'url', 'ssh_command', 'access_url', '1_info', '2_info', 'webdav_url', 'public_url', 'git_public_url', 'git_private_url'] -%}
{% set monitor_return = ['monitor-base-url', 'monitor-url', 'monitor-user', 'monitor-password'] -%}
{% set monitor_parameter = {'monitor-cors-domains': slapparameter_dict.pop('monitor-cors-domains', "monitor.app.officejs.com")} -%}
{% set monitor_dict = {'parameter': monitor_parameter, 'return': monitor_return, 'set-monitor-url': True} -%}
......@@ -46,7 +48,10 @@ etc = ${buildout:directory}/etc
# Bubble up the parameters
[request-runner]
return = url ssh-public-key ssh-url notification-id ip backend_url url ssh_command access_url 1_info 2_info webdav_url public_url git_public_url git_private_url {{ monitor_return | join(' ') }}
{% if slapparameter_dict.get('custom-frontend-backend-url') -%}
{% do slaprunner_return.append('custom-frontend-url') -%}
{% endif -%}
return = {{ slaprunner_return | join(' ')}} {{ monitor_return | join(' ') }}
[publish-connection-information]
recipe = slapos.cookbook:publish
......@@ -61,14 +66,10 @@ public_url = ${request-runner:connection-public_url}
git_public_url = ${request-runner:connection-git_public_url}
git_private_url = ${request-runner:connection-git_private_url}
{% if slapparameter_dict.get('custom-frontend-backend-url') -%}
custom-frontend-url = https://${request-custom-frontend:connection-domain}
custom-frontend-url = ${request-runner:connection-custom-frontend-url}
{% endif %}
{% for key in monitor_return -%}
{{ key }} = ${request-runner:connection-{{ key }}}
{% endfor -%}
{% if monitor_interface_url -%}
monitor_setup_url = {{ monitor_interface_url }}/#page=settings_configurator&url=${request-runner:connection-monitor-url}
{% endif -%}
monitor-base-url = ${request-runner:connection-monitor-base-url}
monitor_setup_url = {{ monitor_interface_url }}/#page=settings_configurator&url=${request-runner:connection-monitor-url}&username=${request-runner:connection-monitor-user}&password=${request-runner:connection-monitor-password}
[slap-parameter]
# Default parameters for distributed deployment
......
......@@ -319,6 +319,7 @@ project_private_folder = $${runnerdirectory:private-project}
project_public_folder = $${runnerdirectory:public-project}
runner_home = $${runnerdirectory:home}
git_http_backend = ${git:location}/libexec/git-core/git-http-backend
cgid_sock = $${directory:run}/cgid.sock
#cgi_httpd_conf = $${monitor-httpd-configuration-file:rendered}
httpd_cors_file = $${slaprunner-httpd-cors:location}
......@@ -464,7 +465,7 @@ check-secure = 1
[publish-connection-information]
recipe = slapos.cookbook:publish
1_info = On your first run, Use "access_url" to setup you account. Then you can use both "url" or "access_url". Or "backend_url" if you want to use ipv6. Set up your account in the webrunner in order to use webdav, and being able to clone your git repositories from the runner.
2_info = In order to set up your account, get the recovery-code from the monitoring interface. Before read the notification on monitor_info.
2_info = In order to set up your account, get the recovery-code from the monitoring interface. Use "monitor_setup_url" to configure monitor instance.
backend_url = $${slaprunner:access-url}
access_url = $${:url}/login
url = https://$${request-frontend:connection-domain}
......@@ -474,12 +475,13 @@ public_url = $${request-httpd-frontend:connection-secure_access}/public/
git_public_url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global_port}/git-public/
git_private_url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global_port}/git/
monitor-base-url = $${publish:monitor-base-url}
{% if slapparameter_dict.get('instance-type', '') != 'resilient' -%}
{% set monitor_interface_url = slapparameter_dict.get('monitor-interface-url', 'https://monitor.app.officejs.com') -%}
monitor_setup_url = {{ monitor_interface_url }}/#page=settings_configurator&url=$${publish:monitor-url}&username=$${publish:monitor-user}&password=$${publish:monitor-password}
{% else -%}
monitor-url = $${publish:monitor-url}
monitor-user = $${publish:monitor-user}
monitor-password = $${publish:monitor-password}
{% if not slapparameter_dict.get('authorized-key', '') -%}
{% set monitor_interface_url = slapparameter_dict.get('monitor-interface-url', 'https://monitor.app.officejs.com') -%}
monitor_setup_url = {{ monitor_interface_url }}/#page=settings_configurator&url=$${publish:monitor-url}
{% endif -%}
#---------------------------
#--
......@@ -734,7 +736,7 @@ username = {{ slapparameter_dict['monitor-username'] }}
password = {{ slapparameter_dict['monitor-password'] }}
{% endif -%}
{% if slapparameter_dict.get('monitor-url-list', '') -%}
opml-url-list = {{ slapparameter_dict['monitor-url-list'] }}
monitor-url-list = {{ slapparameter_dict['monitor-url-list'] }}
{% endif -%}
# check if not resilient runner
{% if not slapparameter_dict.get('authorized-key', '') -%}
......
......@@ -66,3 +66,8 @@ url = ${:_profile_base_location_}/instance-edge.cfg.in
output = ${buildout:directory}/instance-edge.cfg
#md5sum = 650cd2527158734fd6ccd9ec374b5e69
mode = 0644
[version]
# Pin version to 1.0.29 because more recently versions
# Don't support slapos.cookbook:configurationfile
slapos.cookbook = 1.0.31
......@@ -65,5 +65,8 @@ eggs =
slapos.toolbox
[versions]
# if you upgrade to >1.0.29 this recipe may break
# as slapos.cookbook:downloader was removed.
slapos.cookbook = 0.64.1
slapos.toolbox = 0.30
......@@ -11,8 +11,6 @@ parts =
logrotate-entry-cron
cron
cron-entry-logrotate
slapmonitor
slapreport
gzip-binary = ${gzip:location}/bin/gzip
......@@ -85,27 +83,6 @@ recipe = slapos.cookbook:generate.password
storage-path = $${rootdirectory:etc}/.passwd
bytes = 4
[slapmonitor]
recipe = slapos.cookbook:slapmonitor
pid-file = $${basedirectory:run}/mariadb.pid
database-path = $${basedirectory:log}/slapmonitor.db
shell-path = ${dash:location}/bin/dash
slapmonitor-path = ${buildout:bin-directory}/slapmonitor
path = $${basedirectory:scripts}/slapmonitor
[slapreport]
recipe = slapos.cookbook:slapreport
pid-file = $${basedirectory:run}/mariadb.pid
consumption-log-path = $${basedirectory:log}/instance_consumption.log
database-path = $${basedirectory:log}/slapmonitor.db
logbox-ip = 87.98.152.12
logbox-port = 5122
logbox-user = admin
logbox-passwd = passer
shell-path = ${dash:location}/bin/dash
slapreport-path = ${buildout:bin-directory}/slapreport
path = $${basedirectory:scripts}/slapreport
[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = ${openssl:location}/bin/openssl
......
......@@ -91,7 +91,7 @@ mode = 0644
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-mariadb.cfg
output = ${buildout:directory}/template-mariadb.cfg
md5sum = 4ea69039e41ff45bffe8f2620bdf187c
md5sum = 3b3f85a2554902a2b8b4b691407fbfbd
mode = 0644
[template-download]
......
[buildout]
extends =
../erp5/software.cfg
parts +=
vifib
check-slapos.core
develop +=
${:parts-directory}/vifib
[check-slapos.core]
recipe = plone.recipe.command
stop-on-error = true
update-command = ${:command}
command = grep parts ${buildout:develop-eggs-directory}/slapos.core.egg-link
[eggs]
dummy =
${vifib:location}
eggs +=
suds
slapos.core
[instance-recipe]
module = vifib
# Additional Configuration
configurator_bt5_list = erp5_core_proxy_field_legacy erp5_full_text_myisam_catalog erp5_base erp5_workflow erp5_configurator erp5_configurator_vifib
[erp5_repository_list]
repository_id_list += vifib/master
[erp5]
branch = interaction-drop
[vifib]
<= erp5
branch = master
repository = https://lab.nexedi.com/nexedi/slapos.core.git
revision =
[local-bt5-repository]
# XXX: workaround for zc.buildout bug, as list += ends up with adding new entry
# after newline
list = ${erp5:location}/bt5 ${erp5:location}/product/ERP5/bootstrap ${vifib:location}/master/bt5
[products]
# XXX: Lack of eggification workaround
# list of products, possible to extend, it is passed in reversed way
# to allow overriding during extending profile
list = ${products-deps:location} ${erp5:location}/product ${vifib:location}/master/product
[versions]
suds = 0.4
slapos.core =
......@@ -27,7 +27,7 @@ eggs =
[template-kvm]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-kvm.cfg.in
#md5sum = d4f7203365bacd70ad62f6b6de9f74d4
#md5sum = f36565408d3ed82d165727a7ba66bf4f
output = ${buildout:directory}/template-kvm.cfg
mode = 0644
......
......@@ -180,11 +180,6 @@ hostname = $${novnc-instance:ip}
port = $${novnc-instance:port}
[kvm-monitor]
recipe = slapos.cookbook:generic.slapmonitor
db-path = $${directory:srv}/slapmonitor_database
[request-slave-frontend]
recipe = slapos.cookbook:requestoptional
software-url = $${slap-parameter:frontend-software-url}
......
......@@ -45,4 +45,4 @@ branch = master
[versions]
scipy = 0.15.1
msgpack-python = 0.4.6
wendelin.core = 0.5
wendelin.core = 0.6
......@@ -34,7 +34,7 @@ eggs =
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-boinc.cfg
output = ${buildout:directory}/template-boinc.cfg
md5sum = 5eb6057311fb1f73a54b72a40ead47c2
md5sum = 35c1ecb06d81d6d491e17423f5743985
mode = 0644
#Template for deploying MySQL Database Server
......
......@@ -12,7 +12,6 @@ parts =
cron-entry-logrotate
cron-entry-boinc
promise
slapmonitor
frontend-promise
content-promise
publish-connection-informations
......@@ -307,16 +306,6 @@ return = site_url
config-custom_domain = $${slap-parameter:domain}
# Deploy slapmonitor
[slapmonitor]
recipe = slapos.cookbook:slapmonitor
pid-file = $${basedirectory:run}/apache.pid
database-path = $${basedirectory:log}/slapmonitor.db
shell-path = ${dash:location}/bin/dash
slapmonitor-path = ${buildout:bin-directory}/slapmonitor
path = $${basedirectory:scripts}/slapmonitor
# Publish all instance parameters (url of instance)
[publish-connection-informations]
recipe = slapos.cookbook:publish
......
......@@ -9,6 +9,7 @@ extends =
../component/cloudooo/buildout.cfg
../component/coreutils/buildout.cfg
../component/cups/buildout.cfg
../component/dash/buildout.cfg
../component/dbus/buildout.cfg
../component/dcron/buildout.cfg
../component/ffmpeg/buildout.cfg
......
......@@ -254,24 +254,6 @@ return = site_url
config-custom_domain = $${slap-parameter:domain}
#----------------
#--
#-- Deploy slapmonitor.
#[slapmonitor]
#recipe = slapos.cookbook:slapmonitor
#pid-file = $${basedirectory:run}/apache.pid
#database-path = $${basedirectory:log}/slapmonitor.db
#slapmonitor-path = ${buildout:bin-directory}/slapmonitor
#path = $${basedirectory:services}/slapmonitor
#
#[slapmonitor-xml]
#recipe = slapos.cookbook:slapmonitor-xml
#database-path = $${basedirectory:log}/slapmonitor.db
#slapmonitor-xml-path = ${buildout:bin-directory}/slapmonitor-xml
#path = $${directory:report}/slapmonitor-xml
#----------------
#--
#-- Publish instance parameters.
......
......@@ -75,7 +75,7 @@ mode = 0644
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/apache/instance-apache-php.cfg.in
output = ${buildout:directory}/instance-apache-php.cfg
md5sum = 963ec2e460b281405b9e0e2748a27e62
md5sum = 5800e365e200240e33defea9561c0b23
mode = 0644
[instance-apache-import]
......@@ -120,7 +120,7 @@ mode = 0644
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/mariadb/instance-mariadb.cfg.in
output = ${buildout:directory}/instance-mariadb.cfg
md5sum = c328d11f76373f8c5928afedf2178afd
md5sum = 1d3022164dd70efe374a179ef319e0eb
mode = 0644
[instance-mariadb-import]
......@@ -134,7 +134,7 @@ mode = 0644
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/mariadb/instance-mariadb-export.cfg.in
output = ${buildout:directory}/instance-mariadb-export.cfg
md5sum = 0352896921ca1766b64f0b54f0f8c27e
md5sum = d17228a2708cbb39dc00945a93e0740d
mode = 0644
......
......@@ -15,8 +15,6 @@ parts +=
logrotate-entry-cron
cron
cron-entry-logrotate
slapmonitor
slapmonitor-xml
# Define exporter strategy
[exporter]
......
......@@ -11,8 +11,6 @@ parts =
logrotate-entry-cron
cron
cron-entry-logrotate
slapmonitor
slapmonitor-xml
# Define egg directories to be the one from Software Release
# (/opt/slapgrid/...)
......@@ -223,24 +221,6 @@ storage-path = $${rootdirectory:etc}/.passwd
bytes = 4
#----------------
#--
#-- Deploy slapmonitor.
[slapmonitor]
recipe = slapos.cookbook:slapmonitor
pid-file = $${basedirectory:run}/mariadb.pid
database-path = $${basedirectory:log}/slapmonitor.db
slapmonitor-path = ${buildout:bin-directory}/slapmonitor
path = $${basedirectory:services}/slapmonitor
[slapmonitor-xml]
recipe = slapos.cookbook:slapmonitor-xml
database-path = $${basedirectory:log}/slapmonitor.db
slapmonitor-xml-path = ${buildout:bin-directory}/slapmonitor-xml
path = $${directory:report}/slapmonitor-xml
#----------------
#--
#-- Publish instance parameters.
......
......@@ -10,8 +10,6 @@ parts =
cron
cron-entry-logrotate
promise
slapmonitor
slapmonitor-xml
frontend-promise
content-promise
......@@ -239,24 +237,6 @@ return = site_url
config-custom_domain = $${slap-parameter:domain}
#----------------
#--
#-- Deploy slapmonitor.
[slapmonitor]
recipe = slapos.cookbook:slapmonitor
pid-file = $${basedirectory:run}/apache.pid
database-path = $${basedirectory:log}/slapmonitor.db
slapmonitor-path = ${buildout:bin-directory}/slapmonitor
path = $${basedirectory:services}/slapmonitor
[slapmonitor-xml]
recipe = slapos.cookbook:slapmonitor-xml
database-path = $${basedirectory:log}/slapmonitor.db
slapmonitor-xml-path = ${buildout:bin-directory}/slapmonitor-xml
path = $${directory:report}/slapmonitor-xml
#----------------
#--
#-- Publish instance parameters.
......
......@@ -63,7 +63,7 @@ mode = 0644
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/apache/instance-apache-php.cfg.in
output = ${buildout:directory}/instance-apache-php.cfg
md5sum = 8b9e7ac376cad5235e88a45ece817e6b
md5sum = f0f8ee964a43375000f1875e62140065
mode = 0644
[instance-apache-import]
......@@ -108,7 +108,7 @@ mode = 0644
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/postgres/instance-postgres.cfg.in
output = ${buildout:directory}/instance-postgres.cfg
md5sum = a2370d9a23e436166b20203f66412608
md5sum = 478970c13c1bb607d72e1f970555fe1d
mode = 0644
[instance-postgres-import]
......
......@@ -11,8 +11,6 @@ parts =
logrotate-entry-cron
cron
cron-entry-logrotate
slapmonitor
slapmonitor-xml
gzip-binary = ${gzip:location}/bin/gzip
......@@ -208,24 +206,6 @@ storage-path = $${rootdirectory:srv}/postgres_passwd
bytes = 16
#----------------
#--
#-- Deploy slapmonitor.
[slapmonitor]
recipe = slapos.cookbook:slapmonitor
pid-file = $${postgres-instance:pgdata-directory}/postmaster.pid
database-path = $${basedirectory:log}/slapmonitor.db
slapmonitor-path = ${buildout:bin-directory}/slapmonitor
path = $${basedirectory:services}/slapmonitor
[slapmonitor-xml]
recipe = slapos.cookbook:slapmonitor-xml
database-path = $${basedirectory:log}/slapmonitor.db
slapmonitor-xml-path = ${buildout:bin-directory}/slapmonitor-xml
path = $${directory:report}/slapmonitor-xml
#----------------
#--
#-- Deploy promise scripts.
......
Monitor
=======
Monitor stack
=============
This stack has for purpose to know if all promises went/are ok.
* This stack has for purpose to know if all promises, services, custom monitoring scripts went/are ok.
* It also provides a web interface, to see which promises, instance and hosting subscription status. It also provide a rss feed to easily know the actual state of your instance, and to know when it started to went bad. You can also add your own monitoring scripts.
It provides a web interface, to see which promises failed. It also provide a rss
feed to easily know the actual state of your instance, and to know when it
started to went bad.
THIS STACK IS A KIND OF FORK OF THE `stack/monitor`. THIS ONE WAS CREATED AS A
REDESIGNED ONE TO REMOVE UNWANTED FEATURES AND TO GO FURTHER TO THE GOOD DESIGN
DIRECTION. PLEASE, DO NOT USE THE OLD MONITORING INTERFACE OR ONLY FOR BACKWARD
COMPATIBILITY REASON.
Implementation :
----------------
Summary:
- Activate monitoring for you software
- Add a monitor promise
- Information about URL access
- Monitor promise configuration example
- Promise requirements
- monitor.haljson example
- monitor.conf example
Activate monitoring for your software
-------------------------------------
You just have to extend the monitor stack from your software.cfg.
You can also create a new buildout which extends your software, and the
monitoring stack:
1/ In your software.cfg, extends the stack:
[buildout]
extends =
monitor_url
my_software_url
In your instance.cfg, your publish section should be named `[publish]` in order
to extends the one of the monitoring stack.
../../stack/monitor/buildout.cfg
...
Then, in the same file you can configure the monitor by adding this section:
2/ In your instance.cfg file or instance template, override monitor configuration section to define your custom parameters.
[monitor-instance-parameter]
monitor-httpd-ipv6 = ...
monitor-title = ${slap-configuration:instance-title}
monitor-httpd-ipv6 = ${slap-configuration:ipv6-random}
monitor-httpd-port = ...
monitor-title = ...
monitor-base-url = ${monitor-frontend-promise:url}
root-instance-title = ${slap-configuration:root-instance-title}
opml-url-list =
cors-domains = monitor.app.officejs.com
collector-db = ...
password = ${monitor-htpasswd:passwd}
username = ${monitor-htpasswd:username}
instance-configuration = ...
configuration-file-path = ...
You don't need to define all parameters, you can only set what is required to be changed. ie:
[monitor-instance-parameter]
monitor-httpd-port = 8333
- monitor-title: is the title of the current software instance.
- root-instance-title: it the title of the hosting subscription.
- monitor-httpd-ipv6: is the ipv6 of the computer partition.
- monitor-httpd-port: the port to bind monitor httpd server on.
- monitor-base-url: this url that will be used/showed in monitor interface. This url is present in some monitor generated output files. There can be two value, the default: ${monitor-frontend-promise:url} which access monitor httpd server through the frontend and ${monitor-httpd-conf-parameter:url} which is the url with ipv6 (https://[IPv6]:port/).
- monitor-url-list: set list of Monitor Base URL of monitor sub-instances, if this is the root instance with at least one child.
- cors-domains: the domain used by the monitor web interface. The default is: monitor.app.officejs.com.
- username: monitor username, this should be the same in all sub-instances. Default is: admin.
- password: monitor password, this should be the same in all sub-instances. Default is generated (${monitor-htpasswd:username}).
- instance-configuration: instance custom information or configuration to show in monitor web interface. There is many possibility:
raw CONFIG_KEY VALUE => non editable configuration, ie: raw monitor-password resqdsdsd34
file CONFIG_KEY PATH_TO_RESULT_FILE => editable configuration.
httpdcors CONFIG_KEY PATH_TO_HTTP_CORS_CFG_FILE PATH_HTTPD_GRACEFUL_WRAPPER => show/edit cors domain in monitor
- configuration-file-path: path of knowledge0 cfg file where instance configuration will be written.
Example of custom monitor-instance-parameter: https://lab.nexedi.com/nexedi/slapos/blob/master/software/slaprunner/instance-runner.cfg#L726
Add a monitor promise
---------------------
For instance, we want to create a promise for KVM log parsing. Add these
sections in its instance.cfg:
By default, monitor stack will include slapos promise directory etc/promise to promise folder. All files in that directory will be considered as a promise.
[directory]
monitor-promise = ${:etc}/monitor-promise
[monitor-conf-parameters]
promise-folder-list =
${directory:promises}
${directory:monitor-promise}
[kvm-log-parser-promise]
recipe = ....
filename = kvm-log-parser
rendered = ${directory:monitor-promise}/${:filename}
mode = 0755
Monitor will run each promise every minutes and save the result in a json file. Here is an exemple of promise result:
[buildout]
parts += kvm-log-parser-promise
{"status": "ERROR", "change-time": 1466415901.53, "hosting_subscription": "XXXX", "title": "vnc_promise", "start-date": "2016-06-21 10:47:01", "instance": "XXXX-title", "_links": {"monitor": {"href": "MONITOR_PRIVATE_URL"}}, "message": "PROMISE_OUPT_MESSAGE", "type": "status"}
We can optionaly add promise title:
[kvm-log-parser-promise-parameter]
# fill with -> see "Service config example" below
title = Kvm log parse
Add log directory to monitor
----------------------------
[kvm-log-parser-promise-cfg]
recipe = slapos.recipe.template:jinja2
rendered = ${directory:monitor-promise}/${kvm-log-parser-promise:filename}.cfg
template = service.cfg
context = section parameter_dict kvm-log-parser-promise-parameter
Log or others files can be added in monitor public or private directory:
[buildout]
parts += kvm-log-parser-promise-cfg
[monitor-conf-parameters]
public-path-list =
...
private-path-list =
${directory:log}
... and optionaly a specific frequency:
files in public directory are accessible at MONITOR_BASE_URL/public, and for private directory: MONITOR_BASE_URL/private.
[kvm-log-parser-promise-parameter]
frequency = */5 * * * *
Optionaly, we also want a custom interface:
Add custom scripts to monitor
-----------------------------
[directory]
kvm-log-parser-promise-interface-dir = ....../interface
Custom script will be automatically run by the monitor and result will be reported in monitor private folder. To add your custom script in ${monitor-directory:reports} folder. Here is an example:
[kvm-log-parser-promise-parameter]
private-path-list += ${directory:kvm-log-parser-promise-interface-dir}
[monitor-check-webrunner-internal-instance]
recipe = slapos.recipe.template:jinja2
template = ${monitor-check-webrunner-internal-instance:location}/${monitor-check-webrunner-internal-instance:filename}
rendered = $${monitor-directory:reports}/$${:filename}
filename = monitor-check-webrunner-internal-instance
mode = 0744
[kvm-log-parser-promise-interface]
recipe = ....
rendered = ${directory:kvm-log-parser-interface-dir}/index.html
The script will be executed every minutes by default. To change, put periodicity in script name:
- monitor-check-webrunner-internal-instance_every_1_minute
- monitor-check-webrunner-internal-instance_every_5_minute
- monitor-check-webrunner-internal-instance_every_1_hour
- monitor-check-webrunner-internal-instance_every_3_hour
- ...
[buildout]
parts += kvm-log-parser-promise-interface
the script name should end with _every_XX_hour or _every_XX_minute. With this, we can set filename as:
service.cfg:
filename = monitor-check-webrunner-internal-instance_every_2_minute
[service]
{% for key, value in parameter_dict.items() -%}
{{ key }} = {{ value.strip().replace("\n", "\n ") }}
{% endfor -%}
You can get custom script results files at MONITOR_BASE_URL/private/FILE_NAME.
Access to Monitor
-----------------
Information about URL access
----------------------------
In monitor instance.cfg file, the section [publish] contain information about monitor access.
Usefull information are monitor-base-url, monitor-url, monitor-user and monitor-password.
Open HTTP GET on static files, open HTTP POST on cgi
- ${publish:monitor-base-url} is the url of monitor httpd server.
- ${publish:monitor-base-url}/public/feed is the RSS url of this monitor instance.
- ${publish:monitor-base-url}/public/feeds is the OPML URL of this monitor instance. To setup monitor instance in your monitoring interface, use OPML URL of the root instance. It should contain URL to others monitor instances.
- ${publish:monitor-base-url}/private is the monitor private directory. Username and password are reqired to connect.
GET <root_monitor>/ // classical monitoring interface
GET <root_monitor>/monitor.haljson // monitor conf
GET <root_monitor>/public/<service>.status.json // service status json
To publish configuration URL in your instance.cfg, you can do like this:
[publish-connection-information]
...
monitor-setup-url = https://monitor.app.officejs.com/#page=settings_configurator&url=${publish:monitor-url}&username=${publish:monitor-user}&password=${publish:monitor-password}
Example for KVM log parsing promise
GET <kvm_monitor>/monitor.haljson
GET <kvm_monitor>/public/kvm-log-parser.status.json
GET <kvm_monitor>/public/kvm-log-parser/index.html
POST <kvm_monitor>/cgi-bin/monitor-run-promise.cgi?service=kvm-log-parse // rerun the promise
Information about internal file tree
------------------------------------
Tree for monitor runtime:
etc/monitor.conf // generated by slapos
etc/cron.d/monitor // generated by slapos
bin/monitor.py // generated by slapos
srv/monitor/web/index.html // static
srv/monitor/web/monitor.css // static
srv/monitor/web/monitor.js // static
srv/monitor/web/monitor.haljson // generated by monitor.py
srv/monitor/public/.... // generated by monitor.py
srv/monitor/private/.... // generated by monitor.py
srv/monitor/cgi-bin/.... // generated by monitor.py
Example for KVM log parsing promise
etc/monitor-promise/kvm-log-parse.cfg // generated by slapos (kvm-log-parser-promise)
etc/monitor-promise/kvm-log-parse // generated by slapos (kvm-log-parser-promise)
var/kvm-log-parser-promise/interface/index.html // generated by slapos (kvm-log-parser-promise)
var/log/kvm.log // generated by kvm
var/log/kvm-log-parse-last-report.csv // generated by kvm-log-parse
srv/monitor/public/kvm-log-parse.status.json // generated by kvm-log-parse (indirectly by the monitor promise executor)
srv/monitor/public/kvm-log-parse/kvm.log -> var/log/kvm.log // generated by monitor.py
srv/monitor/public/kvm-log-parse/kvm-log-parse-last-report.csv -> var/log/kvm-log-parse-last-report.csv // genareted by monitor.py
srv/monitor/private/kvm-log-parse/interface -> var/kvm-log-parser-promise/interface // generated by monitor.py
srv/monitor/cgi-bin/kvm-log-parse/action.cgi -> var/kvm-log-parser-promise/action.cgi // generated by monitor.py
Monitor promise config example
------------------------------
Example for KVM log parsing promise
# etc/monitor-promise/kvm-log-parse.cfg
[service]
title = Kvm log parse
frequency = <Cron Syntax>
cgi-path-list = # automatically symlink to srv/monitor/cgi-bin/$service/
$instance/var/kvm-log-parser-promise/action.cgi
public-path-list = # automatically symlink to srv/monitor/public/$service/
$instance/var/log/kvm.log
private-path-list = # automatically symlink to srv/monitor/private/$service/
$instance/var/log
$instance/var/kvm-log-parser-promise/interface
On cron, the command will be something like:
${service:frequency} ${monitor:promise-executor-path} '${monitor:service-pid-folder}/${service:name}.pid' '${service:status-path}' '${promise_path}'
and "monitor:promise-executor-path" is a script that would run a promise if not
already on going (see `run-promise.py`).
TODO cron accepts 999 characters maximum for a command, so we should reduce the
size of the cron command
TODO put `run-promise.py` in the software
Promise requirements
--------------------
A promise should check something (like web page is well cached, there's not too
much slow queries, ...):
- MUST output the status.json in stdout
- SHOULD output on stdout
- MUST return 0 if status is good else != 0
- the status.json MUST contain "message" (string) which explains why the status is OK or bad
monitor.haljson example
-----------------------
{
"_links": {
"related_monitor": [
{ "href": "<url>/static" },
{ "href": "http://my.other.monitor" }
]
},
"_embedded": {
"service": [
{
"_links": {
"status": { "href": "<url>/kvm-log-parse/status.json" },
"interface": { "href": "<url>/kvm-log-parse/index.html" }
},
"title": "KVM log parse",
"id": "kvm-log-parse"
},
{
"_links": {
"status": { "href": "<url>/<service>/status.json" },
"interface": { "href": "<url>/<service>/index.html" }
},
"title": "Service name",
"id": "<service>"
}
]
},
"title": "KVM Monitoring interface"
}
monitor.conf example
--------------------
[monitor]
title = KVM Monitoring interface
monitor-hal-json = $instance/srv/monitor/web/monitor.haljson
public-folder = $instance/srv/monitor/public
private-folder = $instance/srv/monitor/private
web-folder = $instance/srv/monitor/web
cgi-folder = $instance/srv/monitor/cgi-bin
service-pid-folder = $instance/var/monitor/service-pid
public-path-list =
$instance/var/log
private-path-list =
$instance/srv/backup/log_rotate
monitor-url-list =
https://[...]/
https://[...]/
......@@ -61,7 +61,7 @@ eggs =
# Monitor templates files
[monitor-httpd-conf]
<= monitor-template-base
md5sum = e023ede69a0bfb59165c75b1c16719f7
md5sum = 65cf2c8f5cfffa509ec3fc06b37e7509
filename = monitor-httpd.conf.in
[monitor-service-conf-template]
......@@ -100,7 +100,7 @@ recipe = slapos.recipe.template:jinja2
filename = template-monitor.cfg
template = ${:_profile_base_location_}/instance-monitor.cfg.jinja2.in
rendered = ${buildout:directory}/template-monitor.cfg
md5sum = 354da434447697b8b4f503a62599cf32
md5sum = 9d6f50e616655c1ae11ace419ac2861e
context =
key apache_location apache:location
key gzip_location gzip:location
......@@ -131,13 +131,13 @@ depends =
[monitor2-bin]
<= monitor-template-script
filename = monitor.py
md5sum = 3166f5d110fda63aade1ca486dfb7996
md5sum = 280412f9024030c8cae343c2b07e5130
[run-promise-py]
recipe = slapos.recipe.template:jinja2
template = ${:_profile_base_location_}/scripts/run-promise.py
rendered = ${buildout:parts-directory}/monitor-scripts/run-promise.py
md5sum = 2570b11cd1f718f240a9c7a05ffa861d
md5sum = 641c6917bbd19a7abaebb120ccd4e713
mode = 0755
context =
raw python ${buildout:directory}/bin/${extra-eggs:interpreter}
......
......@@ -151,7 +151,7 @@ private-path-list =
${directory:log}
#
monitor-url-list =
${monitor-instance-parameter:opml-url-list}
${monitor-instance-parameter:monitor-url-list}
parameter-file-path = ${monitor-instance-parameter:configuration-file-path}
......@@ -364,8 +364,8 @@ mode = 0644
context = section parameter_dict monitor-password-promise-conf-parameter
[publish]
<= monitor-base
monitor-base-url = ${monitor-conf-parameters:base-url}
# XXX depends on monitor-base section
monitor-base-url = ${monitor-base:base-url}
monitor-url = ${:monitor-base-url}/public/feeds
monitor-user = ${monitor-instance-parameter:username}
monitor-password = ${monitor-instance-parameter:password}
......@@ -377,7 +377,7 @@ monitor-httpd-port = 8196
# XXX - Set monitor-base-url = ${monitor-httpd-conf-parameter:url} => https://[ipv6]:port
monitor-base-url = ${monitor-frontend-promise:url}
root-instance-title = ${slap-configuration:root-instance-title}
opml-url-list =
monitor-url-list =
cors-domains = monitor.app.officejs.com
# XXX Hard coded parameter
collector-db = /srv/slapgrid/var/data-log/collector.db
......@@ -415,6 +415,7 @@ check-secure = 1
recipe = plone.recipe.command
command = true
update-command =
base-url = ${monitor-conf-parameters:base-url}
depends =
${monitor-globalstate-cron-entry:name}
${monitor-configurator-cron-entry:name}
......
......@@ -245,6 +245,28 @@ class Monitoring(object):
print "Bad Json file at %s" % url
return 'Unknown Instance'
def getReportInfoFromFilename(self, filename):
splited_filename = filename.split('_every_')
possible_time_list = ['hour', 'minute']
if len(splited_filename) == 1:
return (filename, "* * * * *")
run_time = splited_filename[1].split('_')
report_name = splited_filename[0]
if len(run_time) != 2 or not run_time[1] in possible_time_list:
return (report_name, "* * * * *")
try:
value = int(run_time[0])
except ValueError:
print "Warning: Bad report filename: %s" % filename
return (report_name, "* * * * *")
if run_time[1] == 'hour':
return (report_name, "* */%s * * *" % value)
if run_time[1] == 'minute':
return (report_name, "*/%s * * * *" % value)
def configureFolders(self):
# configure public and private folder
self.createSymlinksFromConfig(self.webdav_folder, [self.public_folder])
......@@ -387,8 +409,6 @@ class Monitoring(object):
def generateReportCronEntries(self):
cron_line_list = []
# We should add the possibility to modify this parameter later from monitor interface
report_frequency = "*/20 * * * *"
report_name_list = [name.replace('.report.json', '')
for name in os.listdir(self.report_folder) if name.endswith('.report.json')]
......@@ -396,11 +416,12 @@ class Monitoring(object):
for filename in os.listdir(self.report_script_folder):
report_script = os.path.join(self.report_script_folder, filename)
if os.path.isfile(report_script) and os.access(report_script, os.X_OK):
report_name = os.path.splitext(filename)[0]
report_name, frequency = self.getReportInfoFromFilename(filename)
# report_name = os.path.splitext(filename)[0]
report_json_path = "%s.report.json" % report_name
report_cmd_line = [
report_frequency,
frequency,
self.promise_runner,
'--pid_path "%s"' % os.path.join(self.service_pid_folder,
"%s.pid" % filename),
......
......@@ -10,6 +10,7 @@ import time
from shutil import copyfile
import glob
import argparse
import traceback
def parseArguments():
"""
......@@ -71,9 +72,12 @@ def main():
status_json['change-time'] = ps_process.create_time()
if os.path.exists(parser.output):
with open(parser.output) as f:
try:
last_result = json.loads(f.read())
if status_json['status'] == last_result['status'] and last_result.has_key('change-time'):
status_json['change-time'] = last_result['change-time']
except ValueError:
pass
updateStatusHistoryFolder(
parser.promise_name,
......@@ -99,7 +103,11 @@ def updateStatusHistoryFolder(name, status_file, history_folder, promise_type):
pass
else: raise
with open(status_file, 'r') as sf:
try:
status_dict = json.loads(sf.read())
except ValueError:
traceback.print_exc()
return
if promise_type == 'status':
filename = '%s.history.json' % name
......
......@@ -54,6 +54,11 @@ AddType application/hal+json .haljson
SSLEngine On
Include {{ parameter_dict.get('httpd-cors-config-file') }}
Header set Vary Origin
Header set Cache-Control "private, max-age=0, must-revalidate"
Header set Access-Control-Max-Age "0"
Header unset ETag
Header set Pragma "no-cache"
Header set Access-Control-Allow-Credentials "true"
Header set Access-Control-Allow-Methods "PROPFIND, PROPPATCH, COPY, MOVE, DELETE, MKCOL, LOCK, UNLOCK, PUT, GETLIB, VERSION-CONTROL, CHECKIN, CHECKOUT, UNCHECKOUT, REPORT, UPDATE, CANCELUPLOAD, HEAD, OPTIONS, GET, POST"
Header set Access-Control-Allow-Headers "Overwrite, Destination, Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control, Authorization"
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment