Merge branch 'master' into xwiki

.gitignore

 *pyc
+.installed.cfg
+bin/
 build
+develop-eggs/
 dist
+downloads/
+eggs/
+parts/
 slapos.cookbook.egg-info

CHANGES.txt

-0.2 (unreleased)
-================
+Changes
+=======
 
-  * No changes yet.
+0.17 (unreleased)
+-----------------
+
+ * No changes yet.
+
+0.16 (2011-07-15)
+-----------------
+
+ * Improve Vifib and pure ERP5 instantiation [Rafael Monnerat]
+ * Use configurator for Vifib [Rafael Monnerat]
+
+0.15 (2011-07-13)
+-----------------
+
+ * Encrypt connection by default. [Vivien Alger]
+
+0.14 (2011-07-13)
+-----------------
+
+ * Provide new way to instantiate kvm. [Cedric de Saint Martin, Vivien Alger]
+
+0.13 (2011-07-13)
+-----------------
+
+ * Implement generic execute_wait wrapper, which allows to wait for some files
+   to appear before starting service depending on it. [Łukasz Nowak]
+
+0.12 (2011-07-11)
+-----------------
+
+ * Fix slaprunner, phpmyadmin software releases, added
+   wordpress software release. [Cedric de Saint Martin]
+
+0.11 (2011-07-07)
+-----------------
+
+ * Enable test suite runner for vifib.
+
+0.10 (2011-07-01)
+-----------------
+
+ * Add PHPMyAdmin software release used in SlapOS tutorials
+   [Cedric de Saint Martin]
+ * Add slaprunner software release [Cedric de Saint Martin]
+
+0.9 (2011-06-24)
+----------------
+
+ * mysql recipe : Changing slapos.recipe.erp5.execute to
+   slapos.recipe.librecipe.execute [Cedric de Saint Martin]
+
+0.8 (2011-06-15)
+----------------
+
+ * Add MySQL and MariaDB standalone software release and recipe
+   [Cedric de Saint Martin]
+ * Fixed slapos.recipe.erp5testnode instantiation [Sebastien Robin]
+
+0.7 (2011-06-14)
+----------------
+
+ * Fix slapos.recipe.erp5 package by providing site.zcml in it. [Łukasz Nowak]
+ * Improve slapos.recipe.erp5testnode partition instantiation error reporting
+   [Sebastien Robin]
+
+0.6 (2011-06-13)
+----------------
+
+ * Fixed slapos.recipe.erp5 instantiation. [Łukasz Nowak]
+
+0.5 (2011-06-13)
+----------------
+
+ * Implement zabbix agent instantiation. [Łukasz Nowak]
+ * Drop dependency on Zope2. [Łukasz Nowak]
+ * Share more in slapos.recipe.librecipe module. [Łukasz Nowak]
+
+0.4 (2011-06-09)
+----------------
+
+ * Remove reference to slapos.tool.networkcache as it was removed from pypi. [Łukasz Nowak]
+ * Add Kumofs standalone software release and recipe [Cedric de Saint Martin]
+ * Add Memcached standalone software release and recipe [Cedric de Saint Martin]
+
+0.3 (2011-06-09)
+----------------
+
+ * Moved out template and build to separate distributions [Łukasz Nowak]
+ * Depend on slapos.core instead of depracated slapos.slap [Romain Courteaud]
+ * Fix apache module configuration [Kazuhiko Shiozaki]
+ * Allow to control full environment in erp5 module [Łukasz Nowak]
+
+0.2 (2011-05-30)
+----------------
+
+  * Allow to pass zope_environment in erp5 entry point [Łukasz Nowak]
 
 0.1 (2011-05-27)
-================
+----------------
 
   * All slapos.recipe.* became slapos.cookbook:* [Łukasz Nowak]

MANIFEST.in

 include CHANGES.txt
+include slapos/recipe/erp5/template/site.zcml
 recursive-include slapos/recipe *.in
 recursive-include slapos/recipe README.*.txt

README.txt

 slapos.cookbook
 ===============
+
+Cookbook of SlapOS recipes.

component/apache-php/buildout.cfg

+[buildout]
+parts = apache-php
+
+extends = 
+  ../apache/buildout.cfg
+
+[apache-php]
+# Note: Shall react on each build of apache and reinstall itself
+recipe = hexagonit.recipe.cmmi
+url = http://fr2.php.net/get/php-5.3.6.tar.bz2/from/this/mirror
+md5sum = 2286f5a82a6e8397955a0025c1c2ad98
+configure-options =
+  --with-apxs2=${apache:location}/bin/apxs
+  --with-libxml-dir=${libxml2:location}
+  --with-mysql=${mariadb:location}
+  --with-zlib-dir=${zlib:location}
+  --with-mcrypt=${libmcrypt:location}
+  --enable-mbstring
+  --enable-session
+  --disable-all
+
+environment =
+  PKG_CONFIG_PATH=${libxml2:location}/lib/pkgconfig
+  PATH=${libxml2:location}/bin:%(PATH)s
+  LDFLAGS =-L${libtool:location}/lib -Wl,-rpath -Wl,${libtool:location}/lib -L${mariadb:location}/lib -Wl,-rpath -Wl,${mariadb:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -L${libmcrypt:location}/lib -Wl,-rpath -Wl,${libmcrypt:location}/lib
+
+[apache-php-xmlrpc-gd]
+# Note: Shall react on each build of apache and reinstall itself
+recipe = hexagonit.recipe.cmmi
+url = http://fr2.php.net/get/php-5.3.6.tar.bz2/from/this/mirror
+md5sum = 2286f5a82a6e8397955a0025c1c2ad98
+configure-options =
+  --with-apxs2=${apache:location}/bin/apxs
+  --with-libxml-dir=${libxml2:location}
+  --with-gd
+  --with-zlib-dir=${zlib:location}
+  --with-mcrypt=${libmcrypt:location}
+  --with-xmlrpc=${xml-rpc:location}
+  --enable-mbstring
+  --enable-session
+  --disable-all
+
+environment =
+  PKG_CONFIG_PATH=${libxml2:location}/lib/pkgconfig
+  PATH=${libxml2:location}/bin:%(PATH)s
+  LDFLAGS =-L${xml-rpc:location}/lib -Wl,-rpath -Wl,${xml-rpc:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -L${libmcrypt:location}/lib -Wl,-rpath -Wl,${libmcrypt:location}/lib
+
+
+[libmcrypt]
+recipe = hexagonit.recipe.cmmi
+url = http://sourceforge.net/projects/mcrypt/files/Libmcrypt/2.5.8/libmcrypt-2.5.8.tar.bz2/download
+md5sum = c4f491dd411a09e9de3b8702ea6f73eb
+
+[xml-rpc]
+recipe = hexagonit.recipe.cmmi
+url = http://downloads.sourceforge.net/project/phpxmlrpc/phpxmlrpc/2.2.2/xmlrpc-2.2.2.tar.gz
+md5sum = 59a644c636c6d98267d0c99b406ae9e8
\ No newline at end of file

component/apache/buildout.cfg

@@ -13,6 +13,55 @@ extends =
   ../sqlite3/buildout.cfg
   ../zlib/buildout.cfg
 
+[apache-no-ssl]
+# inspired on http://old.aclark.net/team/aclark/blog/a-lamp-buildout-for-wordpress-and-other-php-apps/
+recipe = hexagonit.recipe.cmmi
+url = http://mir2.ovh.net/ftp.apache.org/dist//httpd/httpd-2.2.19.tar.bz2
+md5sum = 832f96a6ec4b8fc7cf49b9efd4e89060
+configure-options = --enable-authn-alias
+                    --enable-bucketeer
+                    --enable-cache
+                    --enable-case-filter
+                    --enable-case-filter-in
+                    --enable-cgid
+                    --enable-charset-lite
+                    --enable-disk-cache
+                    --enable-echo
+                    --enable-exception-hook
+                    --enable-mods-shared=all
+                    --enable-optional-fn-export
+                    --enable-optional-fn-import
+                    --enable-optional-hook-export
+                    --enable-optional-hook-import
+                    --enable-proxy
+                    --enable-proxy-ajp
+                    --enable-proxy-balancer
+                    --enable-proxy-connect
+                    --enable-proxy-ftp
+                    --enable-proxy-http
+                    --enable-proxy-scgi
+                    --enable-so
+                    --disable-ssl
+                    --with-included-apr
+                    --with-z=${zlib:location}
+                    --with-expat=${libexpat:location}
+                    --with-pcre=${pcre:location}
+                    --with-sqlite3=${sqlite3:location}
+                    --with-dbm=gdbm
+                    --with-gdm=${gdbm:location}
+                    --without-ssl
+                    --without-lber
+                    --without-ldap
+                    --without-ndbm
+                    --without-berkeley-db
+                    --without-pgsql
+                    --without-mysql
+                    --without-sqlite2
+                    --without-oracle
+                    --without-freedts
+                    --without-odbc
+                    --without-iconv
+
 [apache]
 # inspired on http://old.aclark.net/team/aclark/blog/a-lamp-buildout-for-wordpress-and-other-php-apps/
 recipe = hexagonit.recipe.cmmi
@@ -67,7 +116,7 @@ environment =
   PATH=${pkgconfig:location}/bin:%(PATH)s
   PKG_CONFIG_PATH=${openssl:location}/lib/pkgconfig
   CPPFLAGS =-I${libuuid:location}/include
-  LDFLAGS =-Wl,-rpath -Wl,${zlib:location}/lib -Wl,-rpath -Wl,${openssl:location}/lib -L${libuuid:location}/lib -Wl,-rpath -Wl,${libuuid:location}/lib -Wl,-rpath -Wl,${libexpat:location}/lib -Wl,-rpath -Wl,${pcre:location}/lib -Wl,-rpath -Wl,${sqlite3:location}/lib -Wl,-rpath -Wl,${gdbm:location}/lib
+  LDFLAGS =-Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${openssl:location}/lib -L${libuuid:location}/lib -Wl,-rpath=${libuuid:location}/lib -Wl,-rpath=${libexpat:location}/lib -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${sqlite3:location}/lib -Wl,-rpath=${gdbm:location}/lib
 
 [apache-antiloris]
 # Note: Shall react on each build of apache and reinstall itself

component/bison/buildout.cfg

@@ -6,7 +6,7 @@ parts =
 
 [bison]
 recipe = hexagonit.recipe.cmmi
-url = http://ftp.gnu.org/gnu/bison/bison-2.4.3.tar.gz
-md5sum = ea45c778b36bdc7a720096819e292a73
+url = http://ftp.gnu.org/gnu/bison/bison-2.5.tar.bz2
+md5sum = 9dba20116b13fc61a0846b0058fbe004
 environment =
   M4=${m4:location}/bin/m4

component/cloudooo-development/buildout.cfg

-[buildout]
-
-extends =
-  ../cloudooo/buildout.cfg
-
-extensions = mr.developer
-sources = sources
-auto-checkout = ${buildout:cloudooo-packages}
-
-[sources]
-cloudooo = svn https://svn.erp5.org/repos/public/erp5/trunk/utils/cloudooo
-cloudooo.handler.pdf = svn https://svn.erp5.org/repos/public/erp5/trunk/utils/cloudooo.handler.pdf/
-cloudooo.handler.ffmpeg = svn https://svn.erp5.org/repos/public/erp5/trunk/utils/cloudooo.handler.ffmpeg/
-cloudooo.handler.imagemagick = svn https://svn.erp5.org/repos/public/erp5/trunk/utils/cloudooo.handler.imagemagick/
-cloudooo.handler.ooo = svn https://svn.erp5.org/repos/public/erp5/trunk/utils/cloudooo.handler.ooo/

component/coreutils/buildout.cfg

@@ -4,8 +4,8 @@ parts =
 
 [coreutils]
 recipe = hexagonit.recipe.cmmi
-url = http://ftp.gnu.org/gnu/coreutils/coreutils-8.9.tar.gz
-md5sum = 36909ae68840d73a800120cf74af794a
+url = http://ftp.gnu.org/gnu/coreutils/coreutils-8.12.tar.gz
+md5sum = fce7999953a67243d00d75cc86dbcaa6
 configure-options =
   --prefix=${buildout:parts-directory}/${:_buildout_section_name_} --enable-install-program=tr,basename,uname,cat,cp,ls
 environment =

component/curl/buildout.cfg

@@ -11,14 +11,13 @@ parts =
 
 [curl]
 recipe = hexagonit.recipe.cmmi
-url = http://curl.haxx.se/download/curl-7.21.3.tar.bz2
-md5sum = 5b57fee22090b5c43a6886fdd35af2ce
+url = http://curl.haxx.se/download/curl-7.21.7.tar.bz2
+md5sum = 5f6d50c4d4ee38c57fe37e3cff75adbd
 configure-options =
   --disable-static
   --disable-ldap
   --disable-ldaps
   --disable-rtsp
-  --disable-proxy
   --disable-dict
   --disable-telnet
   --disable-tftp
@@ -37,4 +36,4 @@ configure-options =
 environment =
   PATH=${pkgconfig:location}/bin:%(PATH)s
   PKG_CONFIG_PATH=${openssl:location}/lib/pkgconfig
-  LDFLAGS=-Wl,-rpath -Wl,${zlib:location}/lib -Wl,-rpath -Wl,${openssl:location}/lib
+  LDFLAGS=-Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${openssl:location}/lib

component/cyrus-sasl/buildout.cfg

@@ -38,4 +38,4 @@ make-options =
 
 environment =
   CPPFLAGS=-I${zlib:location}/include
-  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib
+  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib

component/erp5/buildout.cfg

-[buildout]
-extends =
-  ../mysql-tritonn-5.0/buildout.cfg
-  ../python-2.4/buildout.cfg
-  ../lxml-python/buildout.cfg
-  ../mysql-python/buildout.cfg
-  ../subversion/buildout.cfg
-  ../pysvn-python/buildout.cfg
-  ../python-ldap-python/buildout.cfg
-  ../glib/buildout.cfg
-
-parts =
-  cmf15
-  itools
-  mysql-python
-  products-other
-  products-deps
-  products-erp5
-
-[cmf15]
-recipe = plone.recipe.distros
-urls =
-    http://www.zope.org/Products/CMF/CMF-1.5.4/CMF-1.5.4.tar.gz
-nested-packages =
-  CMF-1.5.4.tar.gz
-version-suffix-packages =
-  CMF-1.5.4.tar.gz
-
-[itools]
-# use a custom build for itools, to add lib64 to the include path
-recipe = zc.recipe.egg:custom
-python = python2.4
-egg = itools
-find-links =
-  http://download.hforge.org/itools/0.20/
-include-dirs =
-  ${glib:location}/include/glib-2.0
-  ${glib:location}/lib/glib-2.0/include
-library-dirs =
-  ${glib:location}/lib
-rpath =
-  ${glib:location}/lib
-
-[products-deps]
-recipe = plone.recipe.distros
-urls =
-    http://www.zope.org/Members/shh/ExtFile/1.4.4/ExtFile-1.4.4.tar.gz
-    http://www.zope.org/Members/NIP/ZMailIn/1.0.1/ZMailIn-1-0-1.tgz
-    http://www.zope.org/Members/NIP/ZMailIn/1.0.0/CMFMailIn-1.0.0
-    http://www.zope.org/Products/PluggableAuthService/PluggableAuthService-1.1b2/PluggableAuthService-1.1b2.tar.gz
-    http://download.hforge.org/localizer/Localizer-1.2.3.tar.gz
-version-suffix-packages =
-    Localizer-1.2.3.tar.gz
-
-[products-ldap]
-recipe = plone.recipe.distros
-
-urls =
-  http://www.dataflake.org/software/ldapmultiplugins/ldapmultiplugins_1.1/LDAPMultiPlugins-1_1.tgz
-  http://www.dataflake.org/software/ldapuserfolder/ldapuserfolder_2.6/LDAPUserFolder-2_6.tgz
-
-[products-other]
-# Recipe infrae.subversion is using svn command under the hood, but there is
-# no way to pass --trust-server-cert --non-interactive --no-auth-cache, so in 2.12 falvour
-# it is better to evaluate usage of provided subversion command
-recipe = plone.recipe.command
-svn_param =--trust-server-cert --non-interactive --no-auth-cache --quiet
-# dircty hack to support PluginRegistry/utils.py:17 assumption that products
-# are in Products folder
-# XXX: Zelenium was eggfied for recent zope versions (2.12) and are available at Bazaar.
-#      some better alternative should be used in future.
-location = ${buildout:parts-directory}/${:_buildout_section_name_}
-destination = ${:location}/Products
-stop-on-error = true
-update-command = ${:command}
-command = ${subversion:location}/bin/svn checkout ${:svn_param} http://svn.plone.org/svn/collective/DCWorkflowGraph/tags/release-0_3/ ${:destination}/DCWorkflowGraph &&
-  ${subversion:location}/bin/svn checkout ${:svn_param} svn://svn.zope.org/repos/main/Zelenium/trunk/@110603 ${:destination}/Zelenium &&
-  ${subversion:location}/bin/svn checkout ${:svn_param} svn://svn.zope.org/repos/main/PluginRegistry/tags/1.0 ${:destination}/PluginRegistry &&
-  ${subversion:location}/bin/svn checkout ${:svn_param} http://svn.plone.org/svn/archetypes/MimetypesRegistry/tags/Archetypes-1.4.0-final ${:destination}/MimetypesRegistry
-
-[eggs]
-recipe = zc.recipe.egg
-python = python2.4
-eggs =
-  ${itools:egg}
-  ${mysql-python:egg}
-  ${lxml-python:egg}
-  ${pysvn-python:egg}
-  ${python-ldap-python:egg}
-  PyXML
-  ClientForm
-  SOAPpy
-  cElementTree
-  chardet
-  ctypes
-  elementtree
-  erp5.recipe.mysqldatabase
-  erp5diff
-  ipdb
-  mechanize
-  numpy
-  ordereddict
-  pycrypto
-  paramiko
-  ply
-  python-ldap
-  python-magic
-  python-memcached
-  pytz
-  simplejson
-  threadframe
-  timerserver
-  urlnorm
-  uuid
-  xml_marshaller
-  xupdate_processor
-  feedparser
-
-extra-paths =
-  ${zope-2.8:location}/lib/python
-# shut down script generation. Other parts can generate scripts as needed by
-# reusing ${eggs:eggs}
-
-# parameterizing the version of the generated python interpreter name by the
-# python section version causes dependency between this egg section and the
-# installation of python, which we don't want on an instance
-interpreter = python2.4
-scripts =
-        python=${:interpreter}
-        ipython=i${:interpreter}
-
-[mysql-python]
-python = python2.4
-
-[lxml-python]
-python = python2.4
-
-[python-ldap-python]
-python = python2.4
-
-[pysvn-python]
-python = python2.4
-
-[omelette]
-# XXX don't use this part until this omelette bug is fixed:
-# https://bugs.launchpad.net/collective.buildout/+bug/553005
-recipe = collective.recipe.omelette
-eggs = ${eggs:eggs}
-packages =
-      ${itools:lib} .
-
-[precache-eggs]
-python = python2.4
-eggs +=
-  plone.recipe.zope2zeoserver

component/fastjar/buildout.cfg

@@ -9,4 +9,4 @@ url = http://sourceforge.net/projects/fastjar/files/fastjar/0.94/fastjar-0.94.ta
 md5sum = 14d4bdfac236e347d806c6743dba48c6
 environment =
   CPPFLAGS=-I${zlib:location}/include
-  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib
+  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib

component/ffmpeg/buildout.cfg

@@ -95,8 +95,8 @@ configure-options =
  --enable-shared
  --enable-zlib
  --disable-static
- --extra-ldflags="-Wl,-rpath -Wl,${buildout:parts-directory}/${:_buildout_section_name_}/lib"
+ --extra-ldflags="-Wl,-rpath=${buildout:parts-directory}/${:_buildout_section_name_}/lib"
 environment = 
   CPPFLAGS=-I${bzip2:location}/include -I${libogg:location}/include -I${libvorbis:location}/include -I${libtheora:location}/include -I${libvpx:location}/include -I${libx264:location}/include -I${lame:location}/include -I${opencore-amr:location}/include -I${zlib:location}/include
-  LDFLAGS=-L${bzip2:location}/lib -Wl,-rpath -Wl,${bzip2:location}/lib -L${libogg:location}/lib -Wl,-rpath -Wl,${libogg:location}/lib -L${libvorbis:location}/lib -Wl,-rpath -Wl,${libvorbis:location}/lib -L${libtheora:location}/lib -Wl,-rpath -Wl,${libtheora:location}/lib -L${libvpx:location}/lib -Wl,-rpath -Wl,${libvpx:location}/lib -L${libx264:location}/lib -Wl,-rpath -Wl,${libx264:location}/lib -L${lame:location}/lib -Wl,-rpath -Wl,${lame:location}/lib -L${opencore-amr:location}/lib -Wl,-rpath -Wl,${opencore-amr:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib
+  LDFLAGS=-L${bzip2:location}/lib -Wl,-rpath=${bzip2:location}/lib -L${libogg:location}/lib -Wl,-rpath=${libogg:location}/lib -L${libvorbis:location}/lib -Wl,-rpath=${libvorbis:location}/lib -L${libtheora:location}/lib -Wl,-rpath=${libtheora:location}/lib -L${libvpx:location}/lib -Wl,-rpath=${libvpx:location}/lib -L${libx264:location}/lib -Wl,-rpath=${libx264:location}/lib -L${lame:location}/lib -Wl,-rpath=${lame:location}/lib -L${opencore-amr:location}/lib -Wl,-rpath=${opencore-amr:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
   PATH=${yasm:location}/bin:%(PATH)s

component/file/buildout.cfg

@@ -12,4 +12,4 @@ configure-options =
   --disable-static
 environment =
   CPPFLAGS=-I${zlib:location}/include
-  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib
+  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib

component/flare/buildout.cfg

@@ -14,5 +14,5 @@ configure-options =
   --with-tokyocabinet=${tokyocabinet:location}
   --with-boost=${boost-lib:location}
 environment =
-  LDFLAGS =-Wl,-rpath -Wl,${tokyocabinet:location}/lib -Wl,-rpath -Wl,${boost-lib:location}/lib
+  LDFLAGS =-Wl,-rpath=${tokyocabinet:location}/lib -Wl,-rpath=${boost-lib:location}/lib
 

component/fontconfig/buildout.cfg

@@ -23,4 +23,4 @@ environment =
   PATH=${pkgconfig:location}/bin:%(PATH)s
   PKG_CONFIG_PATH=${libxml2:location}/lib/pkgconfig
   CPPFLAGS=-I${zlib:location}/include
-  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib
+  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib

component/freetype/buildout.cfg

@@ -10,10 +10,10 @@ parts =
 
 [freetype]
 recipe = hexagonit.recipe.cmmi
-url = http://download.savannah.gnu.org/releases/freetype/freetype-2.4.4.tar.gz
-md5sum = 9273efacffb683483e58a9e113efae9f
+url = http://download.savannah.gnu.org/releases/freetype/freetype-2.4.5.tar.bz2
+md5sum = 90428a6d8ec4876cd1eb94858c2a59b0
 configure-options =
   --disable-static
 environment =
   CPPFLAGS=-I${zlib:location}/include
-  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib
+  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib

component/gcc/buildout.cfg

@@ -10,8 +10,8 @@ parts =
 
 [gmp]
 recipe = hexagonit.recipe.cmmi
-url = ftp://ftp.gmplib.org/pub/gmp-4.3.2/gmp-4.3.2.tar.bz2
-md5sum = dd60683d7057917e34630b4a787932e8
+url = ftp://ftp.gmplib.org/pub/gmp-5.0.2/gmp-5.0.2.tar.bz2
+md5sum = 0bbaedc82fb30315b06b1588b9077cd3
 # GMP does not correctly detect achitecture so it have to be given
 # as hexagonit.recipe.cmmi is using shell expansion in subproceses
 # backticks are working
@@ -22,13 +22,13 @@ environment =
 
 [mpfr]
 recipe = hexagonit.recipe.cmmi
-url = http://www.mpfr.org/mpfr-3.0.0/mpfr-3.0.0.tar.bz2
-md5sum = f45bac3584922c8004a10060ab1a8f9f
+url = http://www.mpfr.org/mpfr-3.0.1/mpfr-3.0.1.tar.bz2
+md5sum = bfbecb2eacb6d48432ead5cfc3f7390a
 configure-options =
   --with-gmp=${gmp:location}
 environment =
   CPPFLAGS =-I${gmp:location}/include
-  LDFLAGS =-L${gmp:location}/lib -Wl,-rpath -Wl,${gmp:location}/lib
+  LDFLAGS =-L${gmp:location}/lib -Wl,-rpath=${gmp:location}/lib
 
 [mpc]
 recipe = hexagonit.recipe.cmmi
@@ -39,7 +39,7 @@ configure-options =
   --with-mpfr=${mpfr:location}
 environment =
   CPPFLAGS =-I${mpfr:location}/include -I${gmp:location}/include
-  LDFLAGS =-L${mpfr:location}/lib -Wl,-rpath -Wl,${mpfr:location}/lib -L${gmp:location}/lib -Wl,-rpath -Wl,${gmp:location}/lib
+  LDFLAGS =-L${mpfr:location}/lib -Wl,-rpath=${mpfr:location}/lib -L${gmp:location}/lib -Wl,-rpath=${gmp:location}/lib
 
 [ecj]
 recipe = hexagonit.recipe.download
@@ -50,15 +50,15 @@ filename = ecj.jar
 
 [gcc-download]
 recipe = hexagonit.recipe.download
-url = http://www.mirrorservice.org/sites/sourceware.org/pub/gcc/releases/gcc-4.5.2/gcc-4.5.2.tar.bz2
-md5sum = d6559145853fbaaa0fd7556ed93bce9a
+url = http://www.mirrorservice.org/sites/sourceware.org/pub/gcc/releases/gcc-4.5.3/gcc-4.5.3.tar.bz2
+md5sum = 8e0b5c12212e185f3e4383106bfa9cc6
 strip-top-level-dir = True
 destination = ${gcc-java-source:location}
 
 [gcc-java-download]
 recipe = hexagonit.recipe.download
-url = http://www.mirrorservice.org/sites/sourceware.org/pub/gcc/releases/gcc-4.5.2/gcc-java-4.5.2.tar.bz2
-md5sum = fe2b647bace18dc7867a4192def46e2c
+url = http://www.mirrorservice.org/sites/sourceware.org/pub/gcc/releases/gcc-4.5.3/gcc-java-4.5.3.tar.bz2
+md5sum = 08e045fdbdc22ac9af3aec3b8d16dbab
 strip-top-level-dir = True
 destination = ${gcc-java-source:location}
 ignore-existing = true
@@ -90,7 +90,7 @@ configure-options =
 
 environment =
   CPPFLAGS =-I${mpfr:location}/include -I${gmp:location}/include -I${mpc:location}/include
-  LDFLAGS =-L${mpfr:location}/lib -Wl,-rpath -Wl,${mpfr:location}/lib -L${gmp:location}/lib -Wl,-rpath -Wl,${gmp:location}/lib -Wl,-rpath -Wl,${mpc:location}/lib
+  LDFLAGS =-L${mpfr:location}/lib -Wl,-rpath=${mpfr:location}/lib -L${gmp:location}/lib -Wl,-rpath=${gmp:location}/lib -Wl,-rpath=${mpc:location}/lib
   PATH=${zip:location}/bin:%(PATH)s
 # make install does not work when several core are used
 make-targets = install -j1

component/gettext/buildout.cfg

@@ -23,4 +23,4 @@ configure-options =
 
 environment =
   CPPFLAGS=-I${libxml2:location}/include -I${zlib:location}/include -I${ncurses:location}/include
-  LDFLAGS=-L${libxml2:location}/lib -Wl,-rpath -Wl,${libxml2:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -L${ncurses:location}/lib -Wl,-rpath -Wl,${ncurses:location}/lib
+  LDFLAGS=-L${libxml2:location}/lib -Wl,-rpath=${libxml2:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${ncurses:location}/lib -Wl,-rpath=${ncurses:location}/lib

component/ghostscript/buildout.cfg

@@ -28,7 +28,7 @@ environment =
   PATH=${pkgconfig:location}/bin:%(PATH)s
   PKG_CONFIG_PATH=${fontconfig:location}/lib/pkgconfig
   CPPFLAGS=-I${libtiff:location}/include
-  LDFLAGS=-Wl,-rpath -Wl,${fontconfig:location}/lib -L${libjpeg:location}/lib -Wl,-rpath -Wl,${libjpeg:location}/lib -L${libtiff:location}/lib -Wl,-rpath -Wl,${libtiff:location}/lib
+  LDFLAGS=-Wl,-rpath=${fontconfig:location}/lib -L${libjpeg:location}/lib -Wl,-rpath=${libjpeg:location}/lib -L${libtiff:location}/lib -Wl,-rpath=${libtiff:location}/lib
   LD_LIBRARY_PATH=${fontconfig:location}/lib
 
 [ghostscript]

component/git/buildout.cfg

@@ -13,8 +13,8 @@ parts =
 
 [git]
 recipe = hexagonit.recipe.cmmi
-url = http://kernel.org/pub/software/scm/git/git-1.7.3.4.tar.bz2
-md5sum = 3a2602016f98c529cda7b9fad1a6e216
+url = http://kernel.org/pub/software/scm/git/git-1.7.4.5.tar.bz2
+md5sum = 2fa6c4c847ed87523cf55de54af457eb
 configure-options =
   --with-curl=${curl:location}
   --with-openssl=${openssl:location}
@@ -27,4 +27,4 @@ configure-options =
 environment =
   PATH=${curl:location}/bin:%(PATH)s
   CPPFLAGS=-I${zlib:location}/include
-  LDFLAGS=-L${zlib:location}/lib -L${openssl:location}/lib -Wl,-rpath -Wl,${openssl:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib
+  LDFLAGS=-L${zlib:location}/lib -L${openssl:location}/lib -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${zlib:location}/lib

component/glib/buildout.cfg

@@ -5,8 +5,8 @@ extends =
 
 [glib]
 recipe = hexagonit.recipe.cmmi
-url = http://ftp.gnome.org/pub/gnome/sources/glib/2.28/glib-2.28.6.tar.bz2
-md5sum = 7d8fc15ae70d5111c0cf2a79d50ef717
+url = http://ftp.gnome.org/pub/gnome/sources/glib/2.28/glib-2.28.8.tar.bz2
+md5sum = 789e7520f71c6a4bf08bc683ec764d24
 configure-options =
   --disable-static
   --disable-selinux
@@ -15,5 +15,5 @@ configure-options =
 
 environment =
   CPPFLAGS=-I${zlib:location}/include -I${gettext:location}/include
-  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -L${gettext:location}/lib -Wl,-rpath -Wl,${gettext:location}/lib
+  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib
   PATH=${gettext:location}/bin:%(PATH)s

component/graphviz/buildout.cfg

@@ -53,4 +53,4 @@ environment =
   PATH=${pkgconfig:location}/bin:%(PATH)s
   PKG_CONFIG_PATH=${fontconfig:location}/lib/pkgconfig:${freetype:location}/lib/pkgconfig
   CPPFLAGS=-I${zlib:location}/include
-  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib
+  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib

component/grep/buildout.cfg

@@ -10,4 +10,4 @@ url = http://ftp.gnu.org/gnu/grep/grep-2.8.tar.gz
 md5sum = cb2dfc502c5afc7a4a6e5f6cefd6850e
 environment =
   PKG_CONFIG_PATH=${pcre:location}/lib/pkgconfig
-  LDFLAGS =-Wl,--as-needed -Wl,-rpath -Wl,${pcre:location}/lib
+  LDFLAGS =-Wl,--as-needed -Wl,-rpath=${pcre:location}/lib

component/gzip/buildout.cfg

+[buildout]
+parts =
+  gzip
+
+[gzip]
+recipe = hexagonit.recipe.cmmi
+url = ftp://ftp.gnu.org/pub/gnu/gzip/gzip-1.4.tar.gz
+md5sum = e381b8506210c794278f5527cba0e765

component/imagemagick/buildout.cfg

@@ -71,4 +71,4 @@ environment =
   PATH=${freetype:location}/bin:${ghostscript:location}/bin:${pkgconfig:location}/bin:%(PATH)s
   PKG_CONFIG_PATH=${fontconfig:location}/lib/pkgconfig
   CPPFLAGS=-I${bzip2:location}/include -I${zlib:location}/include -I${jbigkit:location}/include -I${libjpeg:location}/include -I${libtiff:location}/include -I${libpng:location}/include -I${jasper:location}/include -I${freetype:location}/include
-  LDFLAGS =-L${bzip2:location}/lib -Wl,-rpath -Wl,${bzip2:location}/lib -Wl,-rpath -L${zlib:location}/lib -Wl,${zlib:location}/lib -L${jbigkit:location}/lib -Wl,-rpath -Wl,${jbigkit:location}/lib -L${libjpeg:location}/lib -Wl,-rpath -Wl,${libjpeg:location}/lib -L${libtiff:location}/lib -Wl,-rpath -Wl,${libtiff:location}/lib -L${libpng:location}/lib -Wl,-rpath -Wl,${libpng:location}/lib -L${jasper:location}/lib -Wl,-rpath -Wl,${jasper:location}/lib -L${freetype:location}/lib -Wl,-rpath -Wl,${freetype:location}/lib
+  LDFLAGS=-L${bzip2:location}/lib -Wl,-rpath=${bzip2:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${jbigkit:location}/lib -Wl,-rpath=${jbigkit:location}/lib -L${libjpeg:location}/lib -Wl,-rpath=${libjpeg:location}/lib -L${libtiff:location}/lib -Wl,-rpath=${libtiff:location}/lib -L${libpng:location}/lib -Wl,-rpath=${libpng:location}/lib -L${jasper:location}/lib -Wl,-rpath=${jasper:location}/lib -L${freetype:location}/lib -Wl,-rpath=${freetype:location}/lib

component/jasper/buildout.cfg

@@ -13,4 +13,4 @@ configure-command =
   /bin/sh ./configure --prefix=${buildout:parts-directory}/${:_buildout_section_name_} --disable-static --enable-shared --disable-opengl
 environment =
   CPPFLAGS=-I${libjpeg:location}/include
-  LDFLAGS=-L${libjpeg:location}/lib -Wl,-rpath -Wl,${libjpeg:location}/lib
+  LDFLAGS=-L${libjpeg:location}/lib -Wl,-rpath=${libjpeg:location}/lib

component/kumo/buildout.cfg

@@ -35,4 +35,4 @@ configure-options =
 
 environment =
   CPPFLAGS=-I${zlib:location}/include -I${openssl:location}/include
-  LDFLAGS=-L${zlib:location}/lib -L${openssl:location}/lib -Wl,-rpath -Wl,${tokyocabinet:location}/lib -Wl,-rpath -Wl,${messagepack:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -Wl,-rpath -Wl,${openssl:location}/lib
+  LDFLAGS=-L${zlib:location}/lib -L${openssl:location}/lib -Wl,-rpath=${tokyocabinet:location}/lib -Wl,-rpath=${messagepack:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${openssl:location}/lib

component/libpng/buildout.cfg

@@ -3,7 +3,6 @@ extends =
   ../zlib/buildout.cfg
 
 parts =
-  libpng12
   libpng
 
 [libpng-common]
@@ -12,14 +11,9 @@ configure-options =
   --disable-static
 environment =
   CPPFLAGS =-I${zlib:location}/include
-  LDFLAGS =-L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib
-
-[libpng12]
-<= libpng-common
-url = http://download.sourceforge.net/libpng/libpng-1.2.44.tar.bz2
-md5sum = e3ac7879d62ad166a6f0c7441390d12b
+  LDFLAGS =-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
 
 [libpng]
 <= libpng-common
-url = http://download.sourceforge.net/libpng/libpng-1.5.1.tar.bz2
-md5sum = 8fdcb7c0e78d54ff0362a800cbe3bc31
+url = http://download.sourceforge.net/libpng/libpng-1.5.4.tar.bz2
+md5sum = b43afe39237b69859522455b215f9e85

component/libreoffice-bin/buildout.cfg

@@ -10,7 +10,7 @@ versions = versions
 
 [versions]
 # special version of z3c.recipe.openoffice with architecture autodetection
-z3c.recipe.openoffice = 0.3.1dev7
+z3c.recipe.openoffice = 0.3.1dev8
 
 [libreoffice-bin]
 recipe = z3c.recipe.openoffice

component/librsync/buildout.cfg

@@ -15,4 +15,4 @@ configure-options =
   --enable-shared
 environment =
   CPPFLAGS=-I${zlib:location}/include -I${bzip2:location}/include -I${popt:location}/include
-  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -L${bzip2:location}/lib -Wl,-rpath -Wl,${bzip2:location}/lib -L${popt:location}/lib -Wl,-rpath -Wl,${popt:location}/lib
+  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${bzip2:location}/lib -Wl,-rpath=${bzip2:location}/lib -L${popt:location}/lib -Wl,-rpath=${popt:location}/lib

component/libtiff/buildout.cfg

@@ -16,4 +16,4 @@ configure-options =
   --without-x
 environment =
   CPPFLAGS=-I${libjpeg:location}/include -I${jbigkit:location}/include -I${zlib:location}/include
-  LDFLAGS=-L${libjpeg:location}/lib -Wl,-rpath -Wl,${libjpeg:location}/lib -L${jbigkit:location}/lib -Wl,-rpath -Wl,${jbigkit:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib
+  LDFLAGS=-L${libjpeg:location}/lib -Wl,-rpath=${libjpeg:location}/lib -L${jbigkit:location}/lib -Wl,-rpath=${jbigkit:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib

component/libxml2/buildout.cfg

@@ -15,4 +15,4 @@ configure-options =
   --without-python
   --with-zlib=${zlib:location}
 environment =
-    LDFLAGS = -Wl,-rpath -Wl,${zlib:location}/lib
+    LDFLAGS = -Wl,-rpath=${zlib:location}/lib

component/libxslt/buildout.cfg

@@ -16,8 +16,10 @@ configure-options =
   --with-libxml-prefix=${libxml2:location}
   --without-crypto
   --without-python
+  --without-debug
+  --without-debugger
 environment =
   PATH=${pkgconfig:location}/bin:%(PATH)s
   CPPFLAGS=-I${zlib:location}/include
-  LDFLAGS=-Wl,-rpath -Wl,${zlib:location}/lib
+  LDFLAGS=-Wl,-rpath=${zlib:location}/lib
   PKG_CONFIG_PATH=${libxml2:location}/lib/pkgconfig:${zlib:location}/lib/pkgconfig

component/logrotate/buildout.cfg

@@ -3,11 +3,21 @@ extends =
   ../popt/buildout.cfg
 parts = logrotate
 
+[logrotate-3.7.9-O_CLOEXEC.optional.patch]
+recipe = hexagonit.recipe.download
+url = ${:_profile_base_location_}/${:filename}
+download-only = true
+md5sum = 6beac248c978b767d4bccc1b7eebe6bd
+filename = ${:_buildout_section_name_}
+
 [logrotate]
 recipe = hexagonit.recipe.cmmi
 url = https://fedorahosted.org/releases/l/o/logrotate/logrotate-3.7.9.tar.gz
 md5sum = eeba9dbca62a9210236f4b83195e4ea5
+patch-options = -p1
+patches =
+  ${logrotate-3.7.9-O_CLOEXEC.optional.patch:location}/${logrotate-3.7.9-O_CLOEXEC.optional.patch:filename}
 configure-command = true
 make-options = PREFIX=${buildout:parts-directory}/${:_buildout_section_name_} 
 environment =
-  POPT_DIR=${popt:location}/include -L${popt:location}/lib -Wl,-rpath -Wl,${popt:location}/lib
+  POPT_DIR=${popt:location}/include -L${popt:location}/lib -Wl,-rpath=${popt:location}/lib

component/logrotate/logrotate-3.7.9-O_CLOEXEC.optional.patch

+diff --git a/config.c b/config.c
+index e6d5d1d..dd004a9 100644
+--- a/config.c
++++ b/config.c
+@@ -519,7 +519,11 @@ static int readConfigFile(const char *configFile, struct logInfo *defConfig)
+        length arrays -- of course, if we aren't run setuid it doesn't
+        matter much */
+ 
++#ifdef O_CLOEXEC
+     fd = open(configFile, O_RDONLY | O_CLOEXEC);
++#else
++    fd = open(configFile, O_RDONLY);
++#endif
+     if (fd < 0) {
+ 	message(MESS_ERROR, "failed to open config file %s: %s\n",
+ 		configFile, strerror(errno));

component/lxml-python/buildout.cfg

@@ -13,6 +13,18 @@ PATH = ${libxslt:location}/bin:%(PATH)s
 [lxml-python]
 recipe = zc.recipe.egg:custom
 egg = lxml
+
+# Note: Workaround lxml.de issues blocking buildout runs
+# Empty index makes setuptools NOT trying to find any meta information about
+# lxml...
+index =
+# ...so it is wise to tell where lxml can be found
+find-links =
+  http://pypi.python.org/pypi/lxml/2.2.8
+  http://pypi.python.org/pypi/lxml/2.3
+# Note: Whenever someone is going to remove it, one shall check, that buildout
+# can run in newest mode, without any locally downloaded cache
+
 rpath =
   ${libxml2:location}/lib/
   ${libxslt:location}/lib/

component/m4/buildout.cfg

@@ -4,5 +4,5 @@ parts =
 
 [m4]
 recipe = hexagonit.recipe.cmmi
-url = http://ftp.gnu.org/gnu/m4/m4-1.4.15.tar.gz
-md5sum = 5649a2e593b6c639deae9e72ede777dd
+url = http://ftp.gnu.org/gnu/m4/m4-1.4.16.tar.bz2
+md5sum = 8a7cef47fecab6272eb86a6be6363b2f

component/maatkit/buildout.cfg

+[buildout]
+extends =
+  ../perl/buildout.cfg
+  ../perl-DBI/buildout.cfg
+  ../perl-DBD-MySQL/buildout.cfg
+parts =
+  maatkit
+
+[maatkit]
+recipe = hexagonit.recipe.cmmi
+depends =
+  ${perl:version}
+  ${perl-DBI:version}
+  ${perl-DBD-MySQL:version}
+url = http://maatkit.googlecode.com/files/maatkit-7540.tar.gz
+md5sum = 55457f98500b096a6bf549356d3445fe
+configure-command =
+  ${perl:location}/bin/perl Makefile.PL

component/mariadb/buildout.cfg

@@ -12,9 +12,9 @@ parts =
 
 [mariadb]
 recipe = hexagonit.recipe.cmmi
-version = 5.2.6
+version = 5.2.7
 url = http://www.percona.com/downloads/MariaDB/mariadb-${:version}/kvm-tarbake-jaunty-x86/mariadb-${:version}.tar.gz
-md5sum = e562aca71ae16b490196f99aa7e64b55
+md5sum = 06b9b102946a3606b38348c0ebf18367
 # compile directory is required to build mysql plugins.
 keep-compile-dir = true
 # configure: how to avoid searching for my.cnf?
@@ -35,4 +35,4 @@ configure-options =
 
 environment =
   CPPFLAGS =-I${ncurses:location}/include -I${readline:location}/include
-  LDFLAGS =-L${readline:location}/lib -L${ncurses:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -Wl,-rpath -Wl,${ncurses:location}/lib -Wl,-rpath -Wl,${readline:location}/lib
+  LDFLAGS =-L${readline:location}/lib -L${ncurses:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${ncurses:location}/lib -Wl,-rpath=${readline:location}/lib

component/memcached/buildout.cfg

@@ -49,5 +49,5 @@ patches =
   ${memcached-gcc4.6.patch:location}/${memcached-gcc4.6.patch:filename}
 patch-options = -p1
 environment =
-    LDFLAGS =-Wl,-rpath ${libevent:location}/lib
+    LDFLAGS =-Wl,-rpath=${libevent:location}/lib
 

component/mysql-5.1/buildout.cfg

@@ -21,9 +21,9 @@ download-only = true
 
 [mysql-5.1]
 recipe = hexagonit.recipe.cmmi
-version = 5.1.54
+version = 5.1.57
 url = http://mysql.he.net/Downloads/MySQL-5.1/mysql-${:version}.tar.gz
-md5sum = 2a0f45a2f8b5a043b95ce7575796a30b
+md5sum = 8d6998ef0f2e2d1dac2a761348c71c21
 # compile directory is required to build mysql plugins.
 keep-compile-dir = true
 # configure: how to avoid searching for my.cnf?
@@ -60,4 +60,4 @@ patches =
 environment =
   PATH =${autoconf:location}/bin:${automake-1.11:location}/bin:${libtool:location}/bin:${bison:location}/bin:${flex:location}/bin:%(PATH)s
   CPPFLAGS =-I${ncurses:location}/include -I${readline:location}/include
-  LDFLAGS =-L${readline:location}/lib -L${ncurses:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -Wl,-rpath -Wl,${ncurses:location}/lib -Wl,-rpath -Wl,${readline:location}/lib
+  LDFLAGS =-L${readline:location}/lib -L${ncurses:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${ncurses:location}/lib -Wl,-rpath=${readline:location}/lib

component/mysql-tritonn-5.0/buildout.cfg

@@ -90,4 +90,4 @@ patches =
 environment =
     PATH=${senna:location}/bin:${autoconf:location}/bin:${automake-1.11:location}/bin:${libtool:location}/bin:${bison:location}/bin:${flex:location}/bin:%(PATH)s
     CPPFLAGS=-I${senna:location}/include/senna -I${ncurses:location}/include -I${readline:location}/include
-    LDFLAGS=-L${senna:location}/lib -L${readline:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -Wl,-rpath -Wl,${openssl:location}/lib -Wl,-rpath -Wl,${ncurses:location}/lib -Wl,-rpath -Wl,${readline:location}/lib
+    LDFLAGS=-L${senna:location}/lib -L${readline:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${ncurses:location}/lib -Wl,-rpath=${readline:location}/lib

component/neon/buildout.cfg

@@ -25,4 +25,4 @@ environment =
   PATH=${libxml2:location}/bin:${pkgconfig:location}/bin:%(PATH)s
   PKG_CONFIG_PATH=${openssl:location}/lib/pkgconfig:${libxml2:location}/lib/pkgconfig
   CPPFLAGS=-I${openssl:location}/include -I${zlib:location}/include
-  LDFLAGS=-L${openssl:location}/lib -Wl,-rpath -Wl,${openssl:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -Wl,-rpath -Wl,${libxml2:location}/lib
+  LDFLAGS=-L${openssl:location}/lib -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${libxml2:location}/lib

component/noVNC/buildout.cfg

+[buildout]
+parts =
+  noVNC
+
+[noVNC]
+recipe = hexagonit.recipe.download
+url = https://github.com/kanaka/noVNC/tarball/v0.1
+strip-top-level-dir = true

component/openldap/buildout.cfg

@@ -23,4 +23,4 @@ configure-options =
 
 environment =
   CPPFLAGS=-I${openssl:location}/include -I${cyrus-sasl:location}/include
-  LDFLAGS=-L${openssl:location}/lib -Wl,-rpath -Wl,${openssl:location}/lib -L${cyrus-sasl:location}/lib -Wl,-rpath -Wl,${cyrus-sasl:location}/lib
+  LDFLAGS=-L${openssl:location}/lib -Wl,-rpath=${openssl:location}/lib -L${cyrus-sasl:location}/lib -Wl,-rpath=${cyrus-sasl:location}/lib

component/openssl/buildout.cfg

@@ -27,5 +27,5 @@ configure-options =
 # it seems that parallel build sometimes fails for openssl.
 make-options =
   -j1
-  LDFLAGS="-Wl,-rpath -Wl,${zlib:location}/lib -Wl,-rpath -Wl,${buildout:parts-directory}/${:_buildout_section_name_}/lib"
-  SHARED_LDFLAGS="-Wl,-rpath -Wl,${zlib:location}/lib -Wl,-rpath -Wl,${buildout:parts-directory}/${:_buildout_section_name_}/lib"
+  LDFLAGS="-Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${buildout:parts-directory}/${:_buildout_section_name_}/lib"
+  SHARED_LDFLAGS="-Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${buildout:parts-directory}/${:_buildout_section_name_}/lib"

component/pdftk/buildout.cfg

@@ -40,5 +40,5 @@ make-options =
 pre-make-hook = ${pdftk-hooks-download:location}/${pdftk-hooks-download:filename}:pre_make_hook
 environment =
   PATH=${gcc-java:location}/bin:${fastjar:location}/bin:%(PATH)s
-  LDFLAGS=-L${gcc-java:location}/lib -Wl,-rpath -Wl,${gcc-java:location}/lib -L${gcc-java:location}/lib64 -Wl,-rpath -Wl,${gcc-java:location}/lib64
+  LDFLAGS=-L${gcc-java:location}/lib -Wl,-rpath=${gcc-java:location}/lib -L${gcc-java:location}/lib64 -Wl,-rpath=${gcc-java:location}/lib64
   LD_LIBRARY_PATH=${gcc-java:location}/lib:${gcc-java:location}/lib64

component/perl-DBD-MySQL/DBD-mysql-4.019.rpathsupport.patch

+--- DBD-mysql-4.019.back/Makefile.PL    2011-05-09 03:12:07.000000000 +0200
++++ DBD-mysql-4.019/Makefile.PL 2011-06-22 11:44:06.478371893 +0200
+@@ -358,7 +358,14 @@  
+                      'Data::Dumper' => 0 };
+ }
+
+-ExtUtils::MakeMaker::WriteMakefile(%o);
++
++my %config;
++if (defined($ENV{'OTHERLDFLAGS'})) {
++    $config{dynamic_lib} = { OTHERLDFLAGS => " $ENV{'OTHERLDFLAGS'} " };
++}
++
++
++ExtUtils::MakeMaker::WriteMakefile(%o, %config);
+ exit 0;
+
+
+

component/perl-DBD-MySQL/buildout.cfg

+[buildout]
+extends =
+  ../perl/buildout.cfg
+  ../perl-DBI/buildout.cfg
+  ../mysql-tritonn-5.0/buildout.cfg
+  ../zlib/buildout.cfg
+  ../openssl/buildout.cfg
+parts =
+  perl-DBD-MySQL
+
+[perl-DBD-MySQL-patch]
+recipe = hexagonit.recipe.download
+md5sum = e12e9233f20b0370cfcf5228ea767fbc
+url = ${:_profile_base_location_}/${:filename}
+filename = DBD-mysql-4.019.rpathsupport.patch
+download-only = true
+
+[perl-DBD-MySQL]
+recipe = hexagonit.recipe.cmmi
+version = 4.019
+depends =
+  ${perl:version}
+  ${perl-DBI:version}
+url = http://search.cpan.org/CPAN/authors/id/C/CA/CAPTTOFU/DBD-mysql-4.019.tar.gz
+md5sum = 566d98ab8ffac9626a31f6f6d455558e
+patches =
+  ${perl-DBD-MySQL-patch:location}/${perl-DBD-MySQL-patch:filename}
+patch-options = -p1
+configure-command =
+  ${perl:location}/bin/perl Makefile.PL --mysql_config=${mysql-tritonn-5.0:location}/bin/mysql_config
+environment =
+  OTHERLDFLAGS=-Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${mysql-tritonn-5.0:location}/lib/mysql -Wl,-rpath=${openssl:location}/lib

component/perl-DBI/buildout.cfg

+[buildout]
+extends =
+  ../perl/buildout.cfg
+parts =
+  perl-DBI
+
+[perl-DBI]
+recipe = hexagonit.recipe.cmmi
+version = 1.616
+depends =
+  ${perl:version}
+url = http://search.cpan.org/CPAN/authors/id/T/TI/TIMB/DBI-1.616.tar.gz
+md5sum = 799313e54a693beb635b47918458f7c4
+configure-command =
+  ${perl:location}/bin/perl Makefile.PL

component/perl-SGML-Parser-OpenSP/buildout.cfg

@@ -17,4 +17,4 @@ configure-command =
   ${perl:location}/bin/perl Makefile.PL
 make-options =
   INC=-I${opensp:location}/include
-  OTHERLDFLAGS="-L${opensp:location}/lib -Wl,-rpath -Wl,${opensp:location}/lib"
+  OTHERLDFLAGS="-L${opensp:location}/lib -Wl,-rpath=${opensp:location}/lib"

component/perl-XML-LibXML/buildout.cfg

@@ -23,7 +23,7 @@ configure-command =
 # Parallel make does not work for this package on fast machines
 # with many cores
 make-options =
-  OTHERLDFLAGS=" -Wl,-rpath -Wl,${libxml2:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib" -j1
+  OTHERLDFLAGS=" -Wl,-rpath=${libxml2:location}/lib -Wl,-rpath=${zlib:location}/lib" -j1
 environment =
   LD_LIBRARY_PATH=${libxml2:location}/lib:${zlib:location}/lib
   PERLLIB=blib/lib

component/perl-XML-SAX/buildout.cfg

@@ -12,7 +12,8 @@ depends =
   ${perl-XML-NamespaceSupport:location}
 url = http://search.cpan.org/CPAN/authors/id/G/GR/GRANTM/XML-SAX-0.96.tar.gz
 md5sum = bdcd4119a62505184e211e9dfaef0ab1
+# say 'y' for 'Do you want XML::SAX to alter ParserDetails.ini? [Y]' question.
 configure-command =
-  ${perl:location}/bin/perl Makefile.PL
+  echo y | ${perl:location}/bin/perl Makefile.PL
 environment =
   PERLLIB=blib/lib

component/perl/buildout.cfg

@@ -14,18 +14,19 @@ filename = ${:_buildout_section_name_}
 
 [perl]
 recipe = hexagonit.recipe.cmmi
-version = 5.14.0
+version = 5.14.1
 url = http://www.cpan.org/src/5.0/perl-${:version}.tar.bz2
-md5sum = e7457deea78330c5f8eebb2fd2a45479
+md5sum = 97cd306a2c22929cc141a09568f43bb0
+siteprefix = ${buildout:parts-directory}/site_${:_buildout_section_name_}
 patch-options = -p1
 patches =
   ${perl-keep-linker-flags-in-ldflags.patch:location}/${perl-keep-linker-flags-in-ldflags.patch:filename}
 configure-command =
   sh Configure -des \
     -Dprefix=${buildout:parts-directory}/${:_buildout_section_name_} \
-    -Dsiteprefix=${buildout:parts-directory}/site_${:_buildout_section_name_} \
+    -Dsiteprefix=${:siteprefix} \
     -Dcflags=-I${gdbm:location}/include \
-    -Dldflags="-L${gdbm:location}/lib -Wl,-rpath -Wl,${gdbm:location}/lib" \
+    -Dldflags="-L${gdbm:location}/lib -Wl,-rpath=${gdbm:location}/lib" \
     -Ui_db \
     -Dnoextensions=ODBM_File
 environment =

component/pkgconfig/buildout.cfg

@@ -26,4 +26,4 @@ environment =
   PATH=${:location}/bin:%(PATH)s
   PKG_CONFIG_PATH=${glib:location}/lib/pkgconfig
   CPPFLAGS=-I${glib:location}/include -I${popt:location}/include
-  LDFLAGS=-L${gettext:location}/lib -Wl,-rpath -Wl,${gettext:location}/lib -L${glib:location}/lib -Wl,-rpath -Wl,${glib:location}/lib -L${popt:location}/lib -Wl,-rpath -Wl,${popt:location}/lib
+  LDFLAGS=-L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib -L${glib:location}/lib -Wl,-rpath=${glib:location}/lib -L${popt:location}/lib -Wl,-rpath=${popt:location}/lib

component/poppler/buildout.cfg

+[buildout]
+parts = poppler
+extends =
+  ../fontconfig/buildout.cfg
+  ../freetype/buildout.cfg
+  ../jbigkit/buildout.cfg
+  ../libjpeg/buildout.cfg
+  ../libpng/buildout.cfg
+  ../libtiff/buildout.cfg
+  ../pkgconfig/buildout.cfg
+  ../zlib/buildout.cfg
+
+[poppler]
+<= poppler-0.17.1
+
+[poppler-0.17.1]
+recipe = hexagonit.recipe.cmmi
+md5sum = 8d7276d1943078c76aabe9f2ec52d50b
+url = http://poppler.freedesktop.org/poppler-0.17.1.tar.gz
+configure-options =
+  --disable-cairo-output
+  --disable-cms
+  --disable-curl
+  --disable-gtk-doc-html
+  --disable-gtk-test
+  --disable-poppler-cpp
+  --disable-poppler-glib
+  --disable-poppler-qt4
+  --enable-zlib
+environment =
+  PATH=${pkgconfig:location}/bin:%(PATH)s
+  PKG_CONFIG_PATH=${fontconfig:location}/lib/pkgconfig:${freetype:location}/lib/pkgconfig:${libpng:location}/lib/pkgconfig
+  CPPFLAGS=-I${libjpeg:location}/include -I${libpng:location}/include -I${libtiff:location}/include -I${zlib:location}/include
+  LDFLAGS=-L${jbigkit:location}/lib -Wl,-rpath=${jbigkit:location}/lib -L${libjpeg:location}/lib -Wl,-rpath=${libjpeg:location}/lib -L${libtiff:location}/lib -Wl,-rpath=${libtiff:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib

component/postfix/buildout.cfg

@@ -15,5 +15,5 @@ url = ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.8.3.tar
 md5sum = b3922ededd3fd6051f759e58a4ada3ae
 location = ${buildout:parts-directory}/${:_buildout_section_name_}
 configure-command = make
-configure-options = makefiles CCARGS='-DUSE_TLS -DHAS_PCRE -DHAS_DB -I${libdb:location}/include -I${pcre:location}/include -I${openssl:location}/include' AUXLIBS='-L${openssl:location}/lib -L${pcre:location}/lib -L${libdb:location}/lib -lssl -lpcre -ldb -lcrypto -Wl,-rpath -Wl,${openssl:location}/lib -Wl,-rpath -Wl,${pcre:location}/lib -Wl,-rpath -Wl,${libdb:location}/lib'
+configure-options = makefiles CCARGS='-DUSE_TLS -DHAS_PCRE -DHAS_DB -I${libdb:location}/include -I${pcre:location}/include -I${openssl:location}/include' AUXLIBS='-L${openssl:location}/lib -L${pcre:location}/lib -L${libdb:location}/lib -lssl -lpcre -ldb -lcrypto -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${libdb:location}/lib'
 make-targets = non-interactive-package install_root=${:location}

component/python-2.4/buildout.cfg

@@ -59,7 +59,7 @@ configure-options =
 
 environment =
   CPPFLAGS=-I${zlib:location}/include -I${readline:location}/include -I${ncurses:location}/include/ -I${ncurses:location}/include/ncursesw/ -I${bzip2:location}/include  -I${gdbm:location}/include -I${openssl:location}/include -I${sqlite3:location}/include -I${gettext:location}/include
-  LDFLAGS=-L${zlib:location}/lib -L${readline:location}/lib -L${ncurses:location}/lib -L${bzip2:location}/lib -L${gdbm:location}/lib -L${openssl:location}/lib -L${sqlite3:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -Wl,-rpath -Wl,${readline:location}/lib -Wl,-rpath -Wl,${ncurses:location}/lib -Wl,-rpath -Wl,${bzip2:location}/lib -Wl,-rpath -Wl,${gdbm:location}/lib -Wl,-rpath -Wl,${openssl:location}/lib -Wl,-rpath -Wl,${sqlite3:location}/lib -L${gettext:location}/lib -Wl,-rpath -Wl,${gettext:location}/lib
+  LDFLAGS=-L${zlib:location}/lib -L${readline:location}/lib -L${ncurses:location}/lib -L${bzip2:location}/lib -L${gdbm:location}/lib -L${openssl:location}/lib -L${sqlite3:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${readline:location}/lib -Wl,-rpath=${ncurses:location}/lib -Wl,-rpath=${bzip2:location}/lib -Wl,-rpath=${gdbm:location}/lib -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${sqlite3:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib
 
 [pythonbin2.4]
 # XXX/Note: This is hackish way to have fully featured python interpreter

component/python-2.6/buildout.cfg

+
 [buildout]
 # XXX: Extends shall not jump out of software
 extends =
@@ -27,12 +28,12 @@ recipe = hexagonit.recipe.cmmi
 # other settings in this part if we don't set it explicitly here.
 prefix = ${buildout:parts-directory}/${:_buildout_section_name_}
 version = 2.6
-package_version = ${:version}.6
+package_version = ${:version}.7
 executable = ${:prefix}/bin/python${:version}
 
 url =
-  http://python.org/ftp/python/${:package_version}/Python-${:package_version}.tgz
-md5sum = b2f209df270a33315e62c1ffac1937f0
+  http://python.org/ftp/python/${:package_version}/Python-${:package_version}.tar.bz2
+md5sum = d40ef58ed88438a870bbeb0ac5d4217b
 patch-options = -p1
 patches =
   ${python-2.6.6-no_system_inc_dirs.patch:location}/${python-2.6.6-no_system_inc_dirs.patch:filename}
@@ -42,7 +43,7 @@ configure-options =
 
 environment =
   CPPFLAGS=-I${zlib:location}/include -I${readline:location}/include -I${ncurses:location}/include/ -I${ncurses:location}/include/ncursesw/ -I${bzip2:location}/include  -I${gdbm:location}/include -I${openssl:location}/include -I${sqlite3:location}/include -I${gettext:location}/include
-  LDFLAGS=-L${zlib:location}/lib -L${readline:location}/lib -L${ncurses:location}/lib -L${bzip2:location}/lib -L${gdbm:location}/lib -L${openssl:location}/lib -L${sqlite3:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -Wl,-rpath -Wl,${readline:location}/lib -Wl,-rpath -Wl,${ncurses:location}/lib -Wl,-rpath -Wl,${bzip2:location}/lib -Wl,-rpath -Wl,${gdbm:location}/lib -Wl,-rpath -Wl,${openssl:location}/lib -Wl,-rpath -Wl,${sqlite3:location}/lib -L${gettext:location}/lib -Wl,-rpath -Wl,${gettext:location}/lib
+  LDFLAGS=-L${zlib:location}/lib -L${readline:location}/lib -L${ncurses:location}/lib -L${bzip2:location}/lib -L${gdbm:location}/lib -L${openssl:location}/lib -L${sqlite3:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${readline:location}/lib -Wl,-rpath=${ncurses:location}/lib -Wl,-rpath=${bzip2:location}/lib -Wl,-rpath=${gdbm:location}/lib -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${sqlite3:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib
 
 [bootstrap2.6]
 recipe = zc.recipe.egg

component/python-2.7/buildout.cfg

@@ -13,18 +13,18 @@ parts =
     python2.7
 
 [python2.7]
-<= python2.7.1
+<= python2.7.2
 
-[python2.7.0]
+[python2.7.1]
 <= python2.7common
-package_version = 2.7
-md5sum = 35f56b092ecf39a6bd59d64f142aae0f
+package_version = 2.7.1
+md5sum = aa27bc25725137ba155910bd8e5ddc4f
 package_version_suffix =
 
-[python2.7.1]
+[python2.7.2]
 <= python2.7common
-package_version = 2.7.1
-md5sum = 15ed56733655e3fab785e49a7278d2fb
+package_version = 2.7.2
+md5sum = ba7b2f11ffdbf195ee0d111b9455a5bd
 package_version_suffix =
 
 [bootstrap2.7]
@@ -45,11 +45,11 @@ version = 2.7
 executable = ${:prefix}/bin/python${:version}
 
 url =
-  http://python.org/ftp/python/${:package_version}/Python-${:package_version}${:package_version_suffix}.tgz
+  http://python.org/ftp/python/${:package_version}/Python-${:package_version}${:package_version_suffix}.tar.bz2
 configure-options =
   --enable-unicode=ucs4
   --with-threads
 
 environment =
   CPPFLAGS=-I${zlib:location}/include -I${readline:location}/include -I${ncurses:location}/include/ -I${ncurses:location}/include/ncursesw/ -I${bzip2:location}/include  -I${gdbm:location}/include -I${openssl:location}/include -I${sqlite3:location}/include -I${gettext:location}/include
-  LDFLAGS=-L${zlib:location}/lib -L${readline:location}/lib -L${ncurses:location}/lib -L${bzip2:location}/lib -L${gdbm:location}/lib -L${openssl:location}/lib -L${sqlite3:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -Wl,-rpath -Wl,${readline:location}/lib -Wl,-rpath -Wl,${ncurses:location}/lib -Wl,-rpath -Wl,${bzip2:location}/lib -Wl,-rpath -Wl,${gdbm:location}/lib -Wl,-rpath -Wl,${openssl:location}/lib -Wl,-rpath -Wl,${sqlite3:location}/lib -L${gettext:location}/lib -Wl,-rpath -Wl,${gettext:location}/lib
+  LDFLAGS=-L${zlib:location}/lib -L${readline:location}/lib -L${ncurses:location}/lib -L${bzip2:location}/lib -L${gdbm:location}/lib -L${openssl:location}/lib -L${sqlite3:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${readline:location}/lib -Wl,-rpath=${ncurses:location}/lib -Wl,-rpath=${bzip2:location}/lib -Wl,-rpath=${gdbm:location}/lib -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${sqlite3:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib

component/readline/buildout.cfg

@@ -6,10 +6,10 @@ extends =
 
 [readline]
 recipe = hexagonit.recipe.cmmi
-url = http://ftp.gnu.org/gnu/readline/readline-6.1.tar.gz
-md5sum = fc2f7e714fe792db1ce6ddc4c9fb4ef3
+url = http://ftp.gnu.org/gnu/readline/readline-6.2.tar.gz
+md5sum = 67948acb2ca081f23359d0256e9a271c
 configure-options =
   --disable-static
   --with-ncurses=${ncurses:location}
 environment =
-    LDFLAGS =-Wl,-rpath ${ncurses:location}/lib
+    LDFLAGS =-Wl,-rpath=${ncurses:location}/lib

component/serf/buildout.cfg

@@ -17,4 +17,4 @@ configure-options =
   --with-openssl=${openssl:location}
 environment =
   CFLAGS=-I${zlib:location}/include -I${libuuid:location}/include
-  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -L${libuuid:location}/lib -Wl,-rpath -Wl,${libuuid:location}/lib
+  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${libuuid:location}/lib -Wl,-rpath=${libuuid:location}/lib

component/slapos/buildout.cfg

+[buildout]
+extends =
+  ../../stack/shacache-client.cfg
+  ../m2crypto/buildout.cfg
+  ../lxml-python/buildout.cfg
+  ../python-2.7/buildout.cfg
+
+parts =
+  slapos
+
+find-links =
+  http://www.nexedi.org/static/packages/source/slapos.buildout/
+
+versions = versions
+
+allow-hosts =
+  *.googlecode.com
+  *.nexedi.org
+  *.python.org
+  alastairs-place.net
+  code.google.com
+  github.com
+  peak.telecommunity.com
+
+# separate from system python
+include-site-packages = false
+exec-sitecustomize = false
+allowed-eggs-from-site-packages =
+
+[lxml-python]
+python = python2.7
+
+[M2Crypto]
+python = python2.7
+
+[slapos]
+recipe = z3c.recipe.scripts
+python = python2.7
+eggs =
+  ${M2Crypto:egg}
+  slapos.libnetworkcache
+  zc.buildout
+  ${lxml-python:egg}
+  slapos.core
+
+# control scripts generation in order to avoid reinstalling bin/buildout
+scripts =
+  generate-signature-key = slapos.signature:run
+  slapconsole = slapos.console:run
+  slapos-request = slapos.console:request
+  slapformat = slapos.format:main
+  slapgrid = slapos.grid.slapgrid:run
+  slapgrid-sr = slapos.grid.slapgrid:runSoftwareRelease
+  slapgrid-cp = slapos.grid.slapgrid:runComputerPartition
+  slapgrid-ur = slapos.grid.slapgrid:runUsageReport
+  slapgrid-supervisorctl = slapos.grid.svcbackend:supervisorctl
+  slapgrid-supervisord = slapos.grid.svcbackend:supervisord
+  slapproxy = slapos.proxy:main
+
+[versions]
+zc.buildout = 1.5.3-dev-SlapOS-005
+Jinja2 = 2.6
+M2Crypto = 0.21.1
+Werkzeug = 0.7.1
+buildout-versions = 1.6
+hexagonit.recipe.cmmi = 1.5.0
+lxml = 2.3
+meld3 = 0.6.7
+netaddr = 0.7.5
+setuptools = 0.6c12dev-r88846
+slapos.core = 0.12
+slapos.libnetworkcache = 0.4
+xml-marshaller = 0.9.7
+z3c.recipe.scripts = 1.0.1
+zc.recipe.egg = 1.3.2
+
+# Required by:
+# slapos.core==0.12
+Flask = 0.7.2
+
+# Required by:
+# hexagonit.recipe.cmmi==1.5.0
+hexagonit.recipe.download = 1.5.0
+
+# Required by:
+# slapos.core==0.12
+netifaces = 0.5
+
+# Required by:
+# slapos.core==0.12
+supervisor = 3.0a10
+
+# Required by:
+# slapos.core==0.12
+zope.interface = 3.7.0

component/sphinx/buildout.cfg

+# Sphinx - Open Source Search Server
+# http://sphinxsearch.com/
+
 [buildout]
 parts = sphinx
 extends =
@@ -5,13 +8,6 @@ extends =
   ../mariadb/buildout.cfg
   ../zlib/buildout.cfg
 
-[sphinx-1.10-fix_nosigpipe.patch]
-recipe = hexagonit.recipe.download
-url = ${:_profile_base_location_}/${:filename}
-md5sum = b606b2a267ebfbd009bb1e72e7a29462
-download-only = true
-filename = sphinx-1.10-fix_nosigpipe.patch
-
 [sphinx-1.10-beta-snowball.patch]
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/${:filename}
@@ -22,8 +18,8 @@ filename = sphinx-1.10-beta-snowball.patch
 
 [sphinx]
 recipe = hexagonit.recipe.cmmi
-url = http://www.sphinxsearch.com/files/sphinx-1.10-beta.tar.gz
-md5sum = 5b52ce9e93a73c66d37bc3a2402f14fa
+url = http://sphinxsearch.com/files/sphinx-2.0.1-beta.tar.gz
+md5sum = 95c217d81d0b7a4ff73d5297318c3481
 configure-options =
   --with-mysql
   --with-mysql-includes=${mariadb:location}/include/mysql
@@ -34,8 +30,7 @@ configure-options =
   --without-unixodbc
 patch-options = -p1
 patches =
-  ${sphinx-1.10-fix_nosigpipe.patch:location}/${sphinx-1.10-fix_nosigpipe.patch:filename}
   ${sphinx-1.10-beta-snowball.patch:location}/${sphinx-1.10-beta-snowball.patch:filename}
 environment =
   CPPFLAGS=-I${zlib:location}/include -I${libexpat:location}/include
-  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -Wl,-rpath ${mariadb:location}/lib/mysql -L${libexpat:location}/lib -Wl,-rpath ${libexpat:location}/lib
+  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${mariadb:location}/lib/mysql -L${libexpat:location}/lib -Wl,-rpath=${libexpat:location}/lib

component/sqlite3/buildout.cfg

@@ -5,11 +5,11 @@ parts =
 
 [sqlite3]
 recipe = hexagonit.recipe.cmmi
-url = http://www.sqlite.org/sqlite-autoconf-3070602.tar.gz
-md5sum = f16c08617968b4087b3d591fd575f59f
+url = http://www.sqlite.org/sqlite-autoconf-3070701.tar.gz
+md5sum = 554026fe7fac47b1cf61c18d5fe43419
 configure-options =
   --disable-static
   --enable-readline
 environment =
   CPPFLAGS=-I${readline:location}/include -I${ncurses:location}/include
-  LDFLAGS=-L${buildout:parts-directory}/${:_buildout_section_name_} -Wl,-rpath -Wl,${readline:location}/lib -Wl,-rpath -Wl,${ncurses:location}/lib -L${readline:location}/lib -L${ncurses:location}/lib
+  LDFLAGS=-L${buildout:parts-directory}/${:_buildout_section_name_} -Wl,-rpath=${readline:location}/lib -Wl,-rpath=${ncurses:location}/lib -L${readline:location}/lib -L${ncurses:location}/lib

component/stunnel/buildout.cfg

@@ -17,8 +17,8 @@ filename = stunnel-4-hooks.py
 
 [stunnel-4]
 recipe = hexagonit.recipe.cmmi
-url = ftp://ftp.stunnel.org/stunnel/stunnel-4.36.tar.gz
-md5sum = 600a09b03798424842b24548ca1e4235
+url = ftp://ftp.stunnel.org/stunnel/stunnel-4.39.tar.gz
+md5sum = 853739119a8364daea750154af6d7e79
 pre-configure-hook = ${stunnel-4-hook-download:location}/${stunnel-4-hook-download:filename}:pre_configure_hook
 configure-options =
   --enable-ipv6
@@ -26,4 +26,4 @@ configure-options =
   --with-ssl=${openssl:location}
 environment =
   CPPFLAGS=-I${zlib:location}/include
-  LDFLAGS=-Wl,-rpath -Wl,${openssl:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib
+  LDFLAGS=-Wl,-rpath=${openssl:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib

component/subversion/buildout.cfg

@@ -24,8 +24,8 @@ md5sum = 8d911ec2422dc4c08a00693ac915a07a
 
 [subversion]
 recipe = hexagonit.recipe.cmmi
-url = http://subversion.tigris.org/downloads/subversion-1.6.16.tar.bz2
-md5sum = 32f25a6724559fe8691d1f57a63f636e
+url = http://subversion.tigris.org/downloads/subversion-1.6.17.tar.bz2
+md5sum = 81e5dc5beee4b3fc025ac70c0b6caa14
 patches =
   ${subversion-1.6.0-disable_linking_against_unneeded_libraries:location}/${subversion-1.6.0-disable_linking_against_unneeded_libraries:filename}
 configure-options =
@@ -58,4 +58,4 @@ environment =
   PATH=${pkgconfig:location}/bin:${neon:location}/bin:%(PATH)s
   PKG_CONFIG_PATH=${apache:location}/lib/pkgconfig:${sqlite3:location}/lib/pkgconfig:${openssl:location}/lib/pkgconfig:${neon:location}/lib/pkgconfig
   CPPFLAGS=-I${libexpat:location}/include -I${libuuid:location}/include
-  LDFLAGS=-L${libexpat:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -Wl,-rpath -Wl,${sqlite3:location}/lib -Wl,-rpath -Wl,${neon:location}/lib -Wl,-rpath -Wl,${apache:location}/lib -L${libuuid:location}/lib -Wl,-rpath -Wl,${libuuid:location}/lib
+  LDFLAGS=-L${libexpat:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${sqlite3:location}/lib -Wl,-rpath=${neon:location}/lib -Wl,-rpath=${apache:location}/lib -L${libuuid:location}/lib -Wl,-rpath=${libuuid:location}/lib

component/tesseract/buildout.cfg

@@ -28,7 +28,7 @@ configure-options =
   --datarootdir=${tesseract-share:location}
 environment =
   CPPFLAGS=-I${zlib:location}/include -I${jbigkit:location}/include -I${libjpeg:location}/include -I${libtiff:location}/include -I${libpng:location}/include
-  LDFLAGS =-Wl,-rpath -L${zlib:location}/lib -Wl,${zlib:location}/lib -L${jbigkit:location}/lib -Wl,-rpath -Wl,${jbigkit:location}/lib -L${libjpeg:location}/lib -Wl,-rpath -Wl,${libjpeg:location}/lib -L${libtiff:location}/lib -Wl,-rpath -Wl,${libtiff:location}/lib -L${libpng:location}/lib -Wl,-rpath -Wl,${libpng:location}/lib
+  LDFLAGS =-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${jbigkit:location}/lib -Wl,-rpath=${jbigkit:location}/lib -L${libjpeg:location}/lib -Wl,-rpath=${libjpeg:location}/lib -L${libtiff:location}/lib -Wl,-rpath=${libtiff:location}/lib -L${libpng:location}/lib -Wl,-rpath=${libpng:location}/lib
 
 [tesseract-eng-traineddata]
 recipe = hexagonit.recipe.download

component/tokyocabinet/buildout.cfg

@@ -14,4 +14,4 @@ configure-options =
   --with-bzip=${bzip2:location}
 
 environment =
-  LDFLAGS =-Wl,-rpath -Wl,${zlib:location}/lib -Wl,-rpath -Wl,${bzip2:location}/lib -Wl,-rpath=${buildout:parts-directory}/${:_buildout_section_name_}/lib
+  LDFLAGS =-Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${bzip2:location}/lib -Wl,-rpath=${buildout:parts-directory}/${:_buildout_section_name_}/lib

component/varnish/buildout.cfg

@@ -22,7 +22,7 @@ configure-options =
   --disable-static
 environment =
   CPPFLAGS=-I${ncurses:location}/include
-  LDFLAGS=-L${ncurses:location}/lib -Wl,-rpath -Wl,${ncurses:location}/lib
+  LDFLAGS=-L${ncurses:location}/lib -Wl,-rpath=${ncurses:location}/lib
 
 [varnish-2.1]
 recipe = hexagonit.recipe.cmmi
@@ -34,4 +34,4 @@ environment =
   PATH=${pkgconfig:location}/bin:%(PATH)s
   PKG_CONFIG_PATH=${pcre:location}/lib/pkgconfig
   CPPFLAGS=-I${ncurses:location}/include
-  LDFLAGS=-L${ncurses:location}/lib -Wl,-rpath -Wl,${ncurses:location}/lib
+  LDFLAGS=-L${ncurses:location}/lib -Wl,-rpath=${ncurses:location}/lib

component/w3m/buildout.cfg

@@ -9,6 +9,18 @@ extends =
 parts =
   w3m
 
+versions = versions
+
+find-links =
+    http://www.nexedi.org/static/packages/source/slapos.buildout/
+
+[w3m-w3m.gcc.forward.compat.patch]
+recipe = hexagonit.recipe.download
+url =${:_profile_base_location_}/${:filename}
+filename = w3m.gcc.forward.compat.patch
+download-only = true
+md5sum = 75422a6f7f671b3a6d9add6724cc0945
+
 [w3m]
 recipe = hexagonit.recipe.cmmi
 md5sum = 1b845a983a50b8dec0169ac48479eacc
@@ -27,8 +39,18 @@ configure-options =
   --disable-external-uri-loader
   --disable-w3mmailer
 
+patch-options =
+  -p1
+
+patches =
+  ${w3m-w3m.gcc.forward.compat.patch:location}/${w3m-w3m.gcc.forward.compat.patch:filename}
+
 environment =
   PATH=${pkgconfig:location}/bin:%(PATH)s
   PKG_CONFIG_PATH=${openssl:location}/lib/pkgconfig
   CPPFLAGS=-I${ncurses:location}/include/ -I${zlib:location}/include/
-  LDFLAGS=-Wl,--as-needed -L${garbage-collector:location}/lib -Wl,-rpath -Wl,${garbage-collector:location}/lib -L${ncurses:location}/lib -Wl,-rpath -Wl,${ncurses:location}/lib -L${openssl:location}/lib -Wl,-rpath -Wl,${openssl:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib
+  LDFLAGS=-Wl,--as-needed -L${garbage-collector:location}/lib -Wl,-rpath=${garbage-collector:location}/lib -L${ncurses:location}/lib -Wl,-rpath=${ncurses:location}/lib -L${openssl:location}/lib -Wl,-rpath=${openssl:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
+
+[versions]
+# Use SlapOS patched zc.buildout
+zc.buildout = 1.5.3-dev-SlapOS-005

component/w3m/w3m.gcc.forward.compat.patch

+diff --git a/istream.c b/istream.c
+index 8967280..d4c788a 100644
+--- a/istream.c
++++ b/istream.c
+@@ -22,8 +22,8 @@
+ static void basic_close(int *handle);
+ static int basic_read(int *handle, char *buf, int len);
+ 
+-static void file_close(struct file_handle *handle);
+-static int file_read(struct file_handle *handle, char *buf, int len);
++static void file_close(struct w3m_file_handle *handle);
++static int file_read(struct w3m_file_handle *handle, char *buf, int len);
+ 
+ static int str_read(Str handle, char *buf, int len);
+ 
+@@ -114,7 +114,7 @@ newFileStream(FILE * f, void (*closep) ())
+     stream = New(union input_stream);
+     init_base_stream(&stream->base, STREAM_BUF_SIZE);
+     stream->file.type = IST_FILE;
+-    stream->file.handle = New(struct file_handle);
++    stream->file.handle = New(struct w3m_file_handle);
+     stream->file.handle->f = f;
+     if (closep)
+ 	stream->file.handle->close = closep;
+@@ -658,13 +658,13 @@ basic_read(int *handle, char *buf, int len)
+ }
+ 
+ static void
+-file_close(struct file_handle *handle)
++file_close(struct w3m_file_handle *handle)
+ {
+     handle->close(handle->f);
+ }
+ 
+ static int
+-file_read(struct file_handle *handle, char *buf, int len)
++file_read(struct w3m_file_handle *handle, char *buf, int len)
+ {
+     return fread(buf, 1, len, handle->f);
+ }
+diff --git a/istream.h b/istream.h
+index a220d8b..6d9736d 100644
+--- a/istream.h
++++ b/istream.h
+@@ -20,7 +20,7 @@ struct stream_buffer {
+ 
+ typedef struct stream_buffer *StreamBuffer;
+ 
+-struct file_handle {
++struct w3m_file_handle {
+     FILE *f;
+     void (*close) ();
+ };
+@@ -53,7 +53,7 @@ struct base_stream {
+ 
+ struct file_stream {
+     struct stream_buffer stream;
+-    struct file_handle *handle;
++    struct w3m_file_handle *handle;
+     char type;
+     char iseos;
+     int (*read) ();

component/xtrabackup/allow_force_ibbackup.patch

+commit c052380cf84e33b32268af97a7c1539c8a6771e5
+Author: Łukasz Nowak <luke@nexedi.com>
+Date:   Mon Jun 6 13:29:32 2011 +0200
+
+    Really use option_ibbackup_binary.
+
+diff --git a/innobackupex b/innobackupex
+index 67d0d44..ed06294 100755
+--- a/innobackupex
++++ b/innobackupex
+@@ -214,6 +214,7 @@ check_args();
+ print_version();
+ 
+ # initialize global variables and perform some checks
++if ( $option_ibbackup_binary eq "autodetect" ){
+ if ($option_copy_back) {
+     $option_ibbackup_binary = 'xtrabackup_51';
+ } elsif ($option_apply_log) {
+@@ -250,6 +251,7 @@ if ($option_copy_back) {
+ } else {
+     $option_ibbackup_binary = set_xtrabackup_version();
+ }
++}
+ init();
+ 
+ my $ibbackup_exit_code = 0;

component/xtrabackup/buildout.cfg

 # xtrabackup: hot backup utility for MySQL
 # http://www.percona.com/
-
+# Depends on SlapOS patched buildout for _profile_base_location_ functionality
 [buildout]
 extends =
   ../autoconf/buildout.cfg
@@ -15,6 +15,11 @@ extends =
 parts =
   xtrabackup
 
+find-links =
+    http://www.nexedi.org/static/packages/source/slapos.buildout/
+
+versions = versions
+
 [xtrabackup-build-patch-download]
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/${:filename}
@@ -22,18 +27,31 @@ md5sum = e018df8bb3ed672891388556b8e91e35
 download-only = true
 filename = xtrabackup_build.patch
 
+[allow_force_ibbackup.patch]
+recipe = hexagonit.recipe.download
+url = ${:_profile_base_location_}/${:filename}
+md5sum = d642ea7b30d1322a516fbece4ee100e0
+download-only = true
+filename = ${:_buildout_section_name_}
+
 [xtrabackup]
 recipe = hexagonit.recipe.cmmi
 url = http://www.percona.com/redir/downloads/XtraBackup/XtraBackup-1.6/source/xtrabackup-1.6.tar.gz
 md5sum = 7c263723312cba36539df4cd7a119744
 make-binary = true
-patches = ${xtrabackup-build-patch-download:location}/${xtrabackup-build-patch-download:filename}
+patches =
+  ${xtrabackup-build-patch-download:location}/${xtrabackup-build-patch-download:filename}
+  ${allow_force_ibbackup.patch:location}/${allow_force_ibbackup.patch:filename}
 patch-options = -p1
 location = ${buildout:parts-directory}/${:_buildout_section_name_}
 configure-command = utils/build.sh innodb51_builtin ${:location} ${libtool:location}
 environment =
   CPPFLAGS =-I${zlib:location}/include -I${ncurses:location}/include -I${readline:location}/include
-  LDFLAGS =-L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -L${ncurses:location}/lib -Wl,-rpath -Wl,${ncurses:location}/lib -L${readline:location}/lib -Wl,-rpath -Wl,${readline:location}/lib
+  LDFLAGS =-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${ncurses:location}/lib -Wl,-rpath=${ncurses:location}/lib -L${readline:location}/lib -Wl,-rpath=${readline:location}/lib
   PATH=${autoconf:location}/bin:${automake-1.11:location}/bin:${libtool:location}/bin:${flex:location}/bin:%(PATH)s:${bison:location}/bin
 make-options =
   -j1
+
+[versions]
+# Use SlapOS patched zc.buildout
+zc.buildout = 1.5.3-dev-SlapOS-001

component/zabbix/buildout.cfg

@@ -4,8 +4,8 @@ parts =
 
 [zabbix-agent]
 recipe = hexagonit.recipe.cmmi
-url = http://prdownloads.sourceforge.net/zabbix/zabbix-1.8.4.tar.gz?download
-md5sum = 969ce09317c98b205bc96157e16f5c8c
+url = http://prdownloads.sourceforge.net/zabbix/zabbix-1.8.5.tar.gz?download
+md5sum = 58b9253fb0eace1e20b2fe5c1fce32a3
 configure-options =
   --enable-agent
   --enable-ipv6

setup.py

@@ -2,7 +2,7 @@ from setuptools import setup, find_packages
 import glob
 import os
 
-version = '0.2-dev'
+version = '0.17-dev'
 name = 'slapos.cookbook'
 long_description = open("README.txt").read() + "\n" + \
     open("CHANGES.txt").read() + "\n"
@@ -27,12 +27,10 @@ setup(name=name,
       include_package_data=True,
       install_requires=[
         'PyXML', # for full blown python interpreter
-        'Zope2', # some recipes like to play with zope
-        'collective.recipe.template', # needed by template recipe
         'lxml', # for full blown python interpreter
         'netaddr', # to manipulate on IP addresses
         'setuptools', # namespaces
-        'slapos.slap', # uses internally
+        'slapos.core', # uses internally
 #        'slapos.toolbox', # needed for libcloud, cloudmgr, disabled for now
         'xml_marshaller', # need to communication with slapgrid
         'zc.buildout', # plays with buildout
@@ -41,25 +39,30 @@ setup(name=name,
       zip_safe=True,
       entry_points={
         'zc.buildout': [
-          'build = slapos.recipe.build:Script',
-          'buildcmmi = slapos.recipe.build:Cmmi',
           'download = slapos.recipe.download:Recipe',
           'erp5 = slapos.recipe.erp5:Recipe',
           'erp5testnode = slapos.recipe.erp5testnode:Recipe',
           'helloworld = slapos.recipe.helloworld:Recipe',
           'java = slapos.recipe.java:Recipe',
+          'kumofs = slapos.recipe.kumofs:Recipe',
           'kvm = slapos.recipe.kvm:Recipe',
           'libcloud = slapos.recipe.libcloud:Recipe',
           'libcloudrequest = slapos.recipe.libcloudrequest:Recipe',
+          'memcached = slapos.recipe.memcached:Recipe',
+          'mysql = slapos.recipe.mysql:Recipe',
           'nbdserver = slapos.recipe.nbdserver:Recipe',
           'nosqltestbed = slapos.recipe.nosqltestbed:NoSQLTestBed',
+          'osoeslaptraining = slapos.recipe.osoeslaptraining:Request',
+          'osoeslaptraining.request = slapos.recipe.osoeslaptraining:Request',
+          'osoeslaptraining.static = slapos.recipe.osoeslaptraining:Static',
+          'osoeslaptraining.simple = slapos.recipe.osoeslaptraining:Simple',
           'proactive = slapos.recipe.proactive:Recipe',
           'sheepdogtestbed = slapos.recipe.sheepdogtestbed:SheepDogTestBed',
           'siptester = slapos.recipe.siptester:SipTesterRecipe',
           'slaprunner = slapos.recipe.slaprunner:Recipe',
-          'template = slapos.recipe.template:Recipe',
           'testnode = slapos.recipe.testnode:Recipe',
           'vifib = slapos.recipe.vifib:Recipe',
           'xwiki = slapos.recipe.xwiki:Recipe',
+          'zabbixagent = slapos.recipe.zabbixagent:Recipe',
       ]},
     )

slapos/recipe/README.build.txt

-build
-=====
-
-Recipe to build the software.
-
-Example buildout::
-
-  [buildout]
-  parts =
-    file
-
-  [zlib]
-  # Use standard configure, make, make install way
-  recipe = slapos.cookbook:build
-  url = http://prdownloads.sourceforge.net/libpng/zlib-1.2.5.tar.gz?download
-  md5sum = c735eab2d659a96e5a594c9e8541ad63
-  slapos_promisee =
-    directory:include
-    file:include/zconf.h
-    file:include/zlib.h
-    directory:lib
-    statlib:lib/libz.a
-    dynlib:lib/libz.so linked:libc.so.6 rpath:
-    dynlib:lib/libz.so.1 linked:libc.so.6 rpath:
-    dynlib:lib/libz.so.1.2.5 linked:libc.so.6
-    directory:lib/pkgconfig
-    file:lib/pkgconfig/zlib.pc
-    directory:share
-    directory:share/man
-    directory:share/man/man3
-    file:share/man/man3/zlib.3
-
-  [file]
-  recipe = slapos.cookbook:buildcmmi
-  url = ftp://ftp.astron.com/pub/file/file-5.04.tar.gz
-  md5sum = accade81ff1cc774904b47c72c8aeea0
-  environment =
-    CPPFLAGS=-I${zlib:location}/include
-    LDFLAGS=-L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib
-  slapos_promisee =
-    directory:bin
-    dynlib:bin/file linked:libz.so.1,libc.so.6,libmagic.so.1 rpath:${zlib:location}/lib,!/lib
-    directory:include
-    file:include/magic.h
-    directory:lib
-    statlib:lib/libmagic.a
-    statlib:lib/libmagic.la
-    dynlib:lib/libmagic.so linked:libz.so.1,libc.so.6 rpath:${zlib:location}/lib
-    dynlib:lib/libmagic.so.1 linked:libz.so.1,libc.so.6 rpath:${zlib:location}/lib
-    dynlib:lib/libmagic.so.1.0.0 linked:libz.so.1,libc.so.6 rpath:${zlib:location}/lib
-    directory:share
-    directory:share/man
-    directory:share/man/man1
-    file:share/man/man1/file.1
-    directory:share/man/man3
-    file:share/man/man3/libmagic.3
-    directory:share/man/man4
-    file:share/man/man4/magic.4
-    directory:share/man/man5
-    directory:share/misc
-    file:share/misc/magic.mgc
-
-  [somethingelse]
-  # default way with using script
-  recipe = slapos.cookbook:build
-  url_0 = http://host/path/file.tar.gz
-  md5sum = 9631070eac74f92a812d4785a84d1b4e
-  script =
-    import os
-    os.chdir(%(work_directory)s)
-    unpack(%(url_0), strip_path=True)
-    execute('make')
-    execute('make install DEST=%(location)s')
-  slapos_promisee =
-    ...
-
-TODO:
-
- * add linking suport, buildout definition:
-
-slapos_link = <relative/path> [optional-path
-
-can be used as::
-
-  [file]
-  slapos_link =
-    bin/file
-    bin/file ${buildout:bin-directory}/bin/anotherfile
-
-Which will link ${file:location}/bin/file to ${buildout:bin-directory}/bin/file
-and ${file:location}/bin/file to ${buildout:bin-directory}/bin/anotherfile

slapos/recipe/README.cloudooo.txt

+cloudooo
+=========
+
+Instantiates CloudOOo instance.

slapos/recipe/README.kumofs.txt

+kumofs
+=========
+
+Instantiates KumoFS instance.

slapos/recipe/README.memcached.txt

+memcached
+=========
+
+Instantiates Memcached instance.

slapos/recipe/README.mysql.txt

+mysql
+=========
+
+Instantiates MySQL instance.

slapos/recipe/README.template.txt

-template
-========
-
-Fully networked template recipe, reusing collective.recipe.template with
-ability to download template over the network
-
-Usage
------
-
-::
-
-  [buildout]
-  parts = template
-
-  [template]
-  recipe = slapos.cookbook:template
-  url = http://server/with/template
-  # optional md5sum
-  md5sum = 1234567890
-  output = ${buildout:directory}/result
-
-All parameters except url and md5sum will be passed to
-collective.recipe.template, so please visit
-http://pypi.python.org/pypi/collective.recipe.template for full information.

slapos/recipe/README.zabbixagent.txt

+zabbixagent
+===========

slapos/recipe/build.py

-##############################################################################
-#
-# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
-#
-# WARNING: This program as such is intended to be used by professional
-# programmers who take the whole responsibility of assessing all potential
-# consequences resulting from its eventual inadequacies and bugs
-# End users who are looking for a ready-to-use solution with commercial
-# guarantees and support are strongly adviced to contract a Free Software
-# Service Company
-#
-# This program is Free Software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 3
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
-#
-##############################################################################
-import logging
-import os
-import setuptools
-import shutil
-import subprocess
-import tempfile
-import zc.buildout
-
-def readElfAsDict(f):
-  """Reads ELF information from file"""
-  popen = subprocess.Popen(['readelf', '-d', f],
-      stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
-  result = popen.communicate()[0]
-  if popen.returncode != 0:
-    raise AssertionError(result)
-  library_list = []
-  rpath_list = []
-  runpath_list = []
-  for l in result.split('\n'):
-    if '(NEEDED)' in l:
-      library_list.append(l.split(':')[1].strip(' []'))
-    elif '(RPATH)' in l:
-      rpath_list = [q.rstrip('/') for q in l.split(':',1)[1].strip(' []').split(':')]
-    elif '(RUNPATH)' in l:
-      runpath_list = [q.rstrip('/') for q in l.split(':',1)[1].strip(' []').split(':')]
-  if len(runpath_list) == 0:
-    runpath_list = rpath_list
-  elif len(rpath_list) != 0 and runpath_list != rpath_list:
-    raise ValueError('RPATH and RUNPATH are different.')
-  return dict(
-    library_list=sorted(library_list),
-    runpath_list=sorted(runpath_list)
-  )
-
-def call(*args, **kwargs):
-  """Subprocess call with closed file descriptors and stdin"""
-  kwargs.update(
-    stdin=subprocess.PIPE,
-    close_fds=True)
-  popen = subprocess.Popen(*args, **kwargs)
-  popen.stdin.flush()
-  popen.stdin.close()
-  popen.stdin = None
-  popen.communicate()
-  if popen.returncode != 0:
-    raise subprocess.CalledProcessError(popen.returncode, ' '.join(args[0]))
-
-def calls(call_string, **kwargs):
-  """Subprocesser caller which allows to pass arguments as string"""
-  call(call_string.split(), **kwargs)
-
-def guessworkdir(path):
-  if len(os.listdir(path)) == 1:
-    return os.path.join(path, os.listdir(path)[0])
-  return path
-
-class Script:
-  """Free script building system"""
-  def _checkPromisee(self, location):
-    promisee_problem_list = []
-    a = promisee_problem_list.append
-    for promisee in self.options['slapos_promisee'].split('\n'):
-      promisee = promisee.strip()
-      if not promisee:
-        continue
-      if promisee.startswith('file:') or promisee.startswith('statlib'):
-        s, path = promisee.split(':')
-        if not os.path.exists(os.path.join(location, path)):
-          a('File promisee not met for %r' % path)
-      elif promisee.startswith('directory'):
-        s, path = promisee.split(':')
-        if not os.path.isdir(os.path.join(location, path)):
-          a('Directory promisee not met for %r' %
-              path)
-      elif promisee.startswith('dynlib:'):
-        if 'linked:' not in promisee:
-          raise zc.buildout.UserError('dynlib promisee requires \'linked:\' '
-            'parameter.')
-        if 'rpath:' not in promisee:
-          rpath_list = []
-        for promisee_part in promisee.split():
-          if promisee_part.startswith('dynlib:'):
-            s, path = promisee_part.split(':')
-          elif promisee_part.startswith('linked:'):
-            s, link_list = promisee_part.split(':')
-            link_list = link_list.split(',')
-          elif promisee_part.startswith('rpath:'):
-            s, rpath_list = promisee_part.split(':')
-            if rpath_list:
-              r = rpath_list
-              rpath_list = []
-              for q in r.split(','):
-                if q.startswith('!'):
-                  q = q.replace('!', location)
-                rpath_list.append(q)
-            else:
-              rpath_list = []
-        if not os.path.exists(os.path.join(location, path)):
-          a('Dynlib promisee file not met %r' % promisee)
-        else:
-          elf_dict = readElfAsDict(os.path.join(location, path))
-          if sorted(link_list) != sorted(elf_dict['library_list']):
-            a('Promisee library list not met (wanted: %r, found: %r)'%(
-              link_list, elf_dict['library_list']))
-          if sorted(rpath_list) != sorted(elf_dict['runpath_list']):
-            a('Promisee rpath list not met (wanted: %r, found: %r)'%(
-              rpath_list, elf_dict['runpath_list']))
-      else:
-        raise zc.buildout.UserError('Unknown promisee %r' % promisee)
-    if len(promisee_problem_list):
-      raise zc.buildout.UserError('Promisee not met, found issues:\n  %s' %
-          '  '.join([q+'\n' for q in promisee_problem_list]))
-
-  def download(self, url, md5sum):
-    download = zc.buildout.download.Download(self.buildout['buildout'],
-        hash_name=True)
-    path, is_temp = download(url, md5sum=self.options.get('md5sum'))
-    return path
-
-  def extract(self, path):
-    extract_dir = tempfile.mkdtemp(self.name)
-    self.logger.debug('Created working directory %r' % extract_dir)
-    setuptools.archive_util.unpack_archive(path, extract_dir)
-    self.cleanup_dir_list.append(extract_dir)
-    return extract_dir
-
-  script = 'raise NotImplementedError'
-  def __init__(self, buildout, name, options):
-    self.cleanup_dir_list = []
-    self.options = options
-    self.buildout = buildout
-    self.name = name
-    self.logger = logging.getLogger('SlapOS build of %s' % self.name)
-
-    self.options.setdefault('location',
-        os.path.join(buildout['buildout']['parts-directory'], self.name))
-
-    # cleanup some variables
-    for k in ['location', 'url', 'md5sum']:
-      self.options[k] = self.options.get(k, '').strip()
-    self.options['script'] = self.options.get('script', self.script) % self.options
-
-  def getEnvironment(self):
-    # prepare cool dictionary
-    wanted_env = {}
-    for line in self.options.get('environment', '').splitlines():
-      line = line.strip()
-      if not line:
-        continue
-      if not '=' in line:
-        raise zc.buildout.UserError('Line %r in environment is incorrect' % line)
-
-      key, value = line.split('=')
-      key = key.strip()
-      value = value.strip()
-      if key in wanted_env:
-        raise zc.buildout.UserError('Key %r is repeated' % key)
-      wanted_env[key] = value
-    env = {}
-    for k,v in os.environ.iteritems():
-      change = wanted_env.pop(k, None)
-      if change is not None:
-        env[k] = change % os.environ
-        self.logger.info('Environment %r setup to %r' % (k, env[k]))
-      else:
-        env[k] =v
-    for k,v in wanted_env.iteritems():
-      self.logger.info('Environment %r added with %r' % (k, v))
-      env[k] = v
-    return env
-
-  def install(self):
-    try:
-      env = self.getEnvironment()
-      exec self.options['script']
-      try:
-        self._checkPromisee(self.options['location'])
-      except Exception:
-        if os.path.exists(self.options['location']):
-          self.logger.info('Removing location %r because of error' % self.options['location'])
-          shutil.rmtree(self.options['location'])
-        raise
-    finally:
-      for d in self.cleanup_dir_list:
-        if os.path.exists(d):
-          self.logger.debug('Cleanup directory %r' % d)
-          shutil.rmtree(d)
-
-    return [self.options['location']]
-
-  def update(self):
-    pass
-
-class Cmmi(Script):
-  """Simple configure-make-make-insall compatible with hexagonit.recipe.cmmi
-
-  Compatibility on parameter level, without bug-to-bug, hack-to-hack"""
-
-  script = """
-extract_dir = self.extract(self.download(self.options['url'], self.options.get('md5sum')))
-workdir = guessworkdir(extract_dir)
-configure_command = ["./configure", "--prefix=%(location)s"]
-configure_command.extend(%(configure-options)r.split())
-self.logger.info('Configuring with: %%s' %% configure_command)
-call(configure_command, cwd=workdir, env=env)
-self.logger.info('Building')
-call("make", cwd=workdir, env=env)
-self.logger.info('Installing')
-call(["make", "install"], cwd=workdir, env=env)
-"""
-
-  def __init__(self, buildout, name, options):
-    options['configure-options'] = ' '.join(options.get('configure-options', '').strip().splitlines())
-    Script.__init__(self, buildout, name, options)

slapos/recipe/cloudooo/__init__.py

+##############################################################################
+#
+# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+from slapos.lib.recipe.BaseSlapRecipe import BaseSlapRecipe
+import os
+import pkg_resources
+import sys
+import zc.buildout
+import zc.recipe.egg
+
+class Recipe(BaseSlapRecipe):
+  def getTemplateFilename(self, template_name):
+    return pkg_resources.resource_filename(__name__,
+        'template/%s' % template_name)
+
+  def _install(self):
+    self.path_list = []
+    self.requirements, self.ws = self.egg.working_set([__name__])
+    # Use killpidfromfile from ERP5.
+    self.killpidfromfile = zc.buildout.easy_install.scripts(
+        [('killpidfromfile', __name__ + 'slapos.recipe.erp5.killpidfromfile',
+          'killpidfromfile')], self.ws, sys.executable, self.bin_directory)[0]
+    self.path_list.append(self.killpidfromfile)
+    conversion_server_conf = self.installConversionServer(
+        self.getLocalIPv4Address(), 23000, 23060)
+
+    self.linkBinary()
+    self.setConnectionDict(dict(
+      site_url="http://%s:%s/" % (self.getLocalIPv4Address(), 23000),
+    ))
+    return self.path_list
+
+  def linkBinary(self):
+    """Links binaries to instance's bin directory for easier exposal"""
+    for linkline in self.options.get('link_binary_list', '').splitlines():
+      if not linkline:
+        continue
+      target = linkline.split()
+      if len(target) == 1:
+        target = target[0]
+        path, linkname = os.path.split(target)
+      else:
+        linkname = target[1]
+        target = target[0]
+      link = os.path.join(self.bin_directory, linkname)
+      if os.path.lexists(link):
+        if not os.path.islink(link):
+          raise zc.buildout.UserError(
+              'Target link already %r exists but it is not link' % link)
+        os.unlink(link)
+      os.symlink(target, link)
+      self.logger.debug('Created link %r -> %r' % (link, target))
+      self.path_list.append(link)
+
+  def installConversionServer(self, ip, port, openoffice_port):
+    name = 'conversion_server'
+    working_directory = self.createDataDirectory(name)
+    conversion_server_dict = dict(
+      working_path=working_directory,
+      uno_path=self.options['ooo_uno_path'],
+      office_binary_path=self.options['ooo_binary_path'],
+      ip=ip,
+      port=port,
+      openoffice_port=openoffice_port,
+    )
+    for env_line in self.options['environment'].splitlines():
+      env_line = env_line.strip()
+      if not env_line:
+        continue
+      if '=' in env_line:
+        env_key, env_value = env_line.split('=')
+        conversion_server_dict[env_key.strip()] = env_value.strip()
+      else:
+        raise zc.buildout.UserError('Line %r in environment parameter is '
+            'incorrect' % env_line)
+    config_file = self.createConfigurationFile(name + '.cfg',
+        self.substituteTemplate(self.getTemplateFilename('cloudooo.cfg.in'),
+          conversion_server_dict))
+    self.path_list.append(config_file)
+    # Use execute from erp5.
+    self.path_list.extend(zc.buildout.easy_install.scripts([(name,
+      __name__ + 'slapos.recipe.librecipe.execute',
+      'execute_with_signal_translation')], self.ws,
+      sys.executable, self.wrapper_directory,
+      arguments=[self.options['ooo_paster'].strip(), 'serve', config_file]))
+    return {
+      name + '_port': conversion_server_dict['port'],
+      name + '_ip': conversion_server_dict['ip']
+      }

slapos/recipe/cloudooo/template/cloudooo.cfg.in

+[app:main]
+use = egg:cloudooo
+#
+## System config
+#
+debug_mode = True
+# Folder where pid files, lock files and virtual frame buffer mappings
+# are stored. In this folder is necessary create a folder tmp, because this
+# folder is used to create all temporary documents.
+working_path = %(working_path)s
+# Folder where UNO library is installed
+uno_path = %(uno_path)s
+# Folder where soffice.bin is installed
+office_binary_path = %(office_binary_path)s
+#
+## Monitor Settings
+#
+# Limit to use the Openoffice Instance. if pass of the limit, the instance is
+# stopped and another is started.
+limit_number_request = 100
+# Interval to check the factory
+monitor_interval = 10
+timeout_response = 180
+enable_memory_monitor = True
+# Set the limit in MB
+# e.g 1000 = 1 GB, 100 = 100 MB
+limit_memory_used = 3000
+#
+## OOFactory Settings
+#
+# The pool consist of several OpenOffice.org instances
+application_hostname = %(ip)s
+# OpenOffice Port
+openoffice_port = %(openoffice_port)s
+# LD_LIBRARY_PATH passed to OpenOffice
+env-LD_LIBRARY_PATH = %(LD_LIBRARY_PATH)s
+
+#
+# Mimetype Registry
+# It is used to select the handler that will be used in conversion.
+# Priority matters, first match take precedence on next lines.
+mimetype_registry =
+  application/pdf * ooo
+  video/* * ffmpeg
+  audio/* * ffmpeg
+  application/x-shockwave-flash * ffmpeg
+  application/ogg * ffmpeg
+  application/ogv * ffmpeg
+  image/* * ooo
+  text/* * ooo
+  application/zip * ooo
+  application/msword * ooo
+  application/vnd* * ooo
+  application/x-vnd* * ooo
+  application/postscript * ooo
+  application/wmf * ooo
+  application/csv * ooo
+  application/x-openoffice-gdimetafile * ooo
+  application/x-emf * ooo
+  application/emf * ooo
+  application/octet* * ooo
+  * application/vnd.oasis.opendocument* ooo
+
+[server:main]
+use = egg:PasteScript#wsgiutils
+host = %(ip)s
+port = %(port)s

slapos/recipe/erp5/__init__.py

@@ -34,8 +34,16 @@ import sys
 import zc.buildout
 import zc.recipe.egg
 import ConfigParser
-from Zope2.utilities.mkzopeinstance import write_inituser
+import re
 
+_isurl = re.compile('([a-zA-Z0-9+.-]+)://').match
+
+# based on Zope2.utilities.mkzopeinstance.write_inituser
+def Zope2InitUser(path, username, password):
+  open(path, 'w').write('')
+  os.chmod(path, 0600)
+  open(path, "w").write('%s:{SHA}%s\n' % (
+    username,binascii.b2a_base64(hashlib.sha1(password).digest())[:-1]))
 
 class Recipe(BaseSlapRecipe):
   def getTemplateFilename(self, template_name):
@@ -63,34 +71,144 @@ class Recipe(BaseSlapRecipe):
         self.getLocalIPv4Address(), 23000, 23060)
     mysql_conf = self.installMysqlServer(self.getLocalIPv4Address(), 45678)
     user, password = self.installERP5()
-    zodb_dir = os.path.join(self.data_root_directory, 'zodb')
-    self._createDirectory(zodb_dir)
-    zodb_root_path = os.path.join(zodb_dir, 'root.fs')
-    zope_access = self.installZope(ip=self.getLocalIPv4Address(),
-          port=12000 + 1, name='zope_%s' % 1,
-          zodb_configuration_string=self.substituteTemplate(
-            self.getTemplateFilename('zope-zodb-snippet.conf.in'),
-            dict(zodb_root_path=zodb_root_path)), with_timerservice=True)
+
+    if self.parameter_dict.get("slap_software_type", "").lower() == "cluster":
+      # Site access is done by HAProxy
+      zope_access, site_access = self.installZopeCluster()
+    else:
+      zope_access = self.installZopeStandalone()
+      site_access = zope_access
+
     key, certificate = self.requestCertificate('Login Based Access')
     apache_conf = dict(
-        apache_login=self.installBackendApache(ip=self.getGlobalIPv6Address(),
-          port=13000, backend=zope_access, key=key, certificate=certificate))
-    self.installERP5Site(user, password, zope_access, mysql_conf, 
-             conversion_server_conf, memcached_conf, kumo_conf, self.site_id)
+         apache_login=self.installBackendApache(ip=self.getGlobalIPv6Address(),
+         port=13000, backend=site_access, key=key, certificate=certificate))
+
+    connection_dict = dict(site_url=apache_conf['apache_login'])
+
+    if self.parameter_dict.get("domain_name") is not None:
+      connection_dict["backend_url"] = apache_conf['apache_login']
+      connection_dict["domain_ip"] = self.getGlobalIPv6Address()
+
+      # XXX Define a fake domain_name for now.
+      frontend_name = self.parameter_dict.get("domain_name")
+      frontend_key, frontend_certificate = \
+             self.requestCertificate(frontend_name)
+
+      connection_dict["site_url"] = self.installFrontendZopeApache(
+        ip=self.getGlobalIPv6Address(), port=13001, name=frontend_name,
+        frontend_path='/%s' % self.site_id, backend_path='/%s' % self.site_id,
+        backend_url="http://%s" % site_access, key=frontend_key,
+        certificate=frontend_certificate)
+
+    default_bt5_list = []
+    if self.parameter_dict.get("flavour", "default") == 'configurator':
+      default_bt5_list = self.options.get("configurator_bt5_list", '').split()
+
+    self.installERP5Site(user, password, zope_access, mysql_conf,
+             conversion_server_conf, memcached_conf, kumo_conf,
+             self.site_id, default_bt5_list)
+
     self.installTestRunner(ca_conf, mysql_conf, conversion_server_conf,
                            memcached_conf, kumo_conf)
     self.installTestSuiteRunner(ca_conf, mysql_conf, conversion_server_conf,
                            memcached_conf, kumo_conf)
     self.linkBinary()
-    self.setConnectionDict(dict(
-      site_url=apache_conf['apache_login'],
+    connection_dict.update(**dict(
       site_user=user,
       site_password=password,
       memcached_url=memcached_conf['memcached_url'],
       kumo_url=kumo_conf['kumo_address']
     ))
+    self.setConnectionDict(connection_dict)
     return self.path_list
 
+  def installZopeStandalone(self):
+    """ Install a single Zope instance without ZEO Server.
+    """
+    zodb_dir = os.path.join(self.data_root_directory, 'zodb')
+    self._createDirectory(zodb_dir)
+    zodb_root_path = os.path.join(zodb_dir, 'root.fs')
+
+    thread_amount_per_zope = int(self.options.get(
+                                 'single_zope_thread_amount', 4))
+
+    return self.installZope(ip=self.getLocalIPv4Address(),
+          port=12000 + 1, name='zope_%s' % 1,
+          zodb_configuration_string=self.substituteTemplate(
+            self.getTemplateFilename('zope-zodb-snippet.conf.in'),
+            dict(zodb_root_path=zodb_root_path)), with_timerservice=True,
+            thread_amount=thread_amount_per_zope)
+
+  def installZopeCluster(self):
+    """ Install ERP5 using ZEO Cluster
+    """
+    site_check_path = '/%s/getId' % self.site_id
+    thread_amount_per_zope = int(self.options.get(
+                                'cluster_zope_thread_amount', 1))
+
+    activity_node_amount = int(self.options.get(
+                   "cluster_activity_node_amount", 2))
+
+    user_node_amount = int(self.options.get(
+                   "cluster_user_node_amount", 2))
+
+    ip = self.getLocalIPv4Address()
+    storage_dict = self._requestZeoFileStorage('Zeo Server 1', 'main')
+
+    zeo_conf = self.installZeo(ip)
+    tidstorage_config = dict(host=ip, port='6001')
+
+    # XXX How to define good values for this?
+    mount_point = '/'
+    check_path = '/erp5/account_module'
+
+    known_tid_storage_identifier_dict = {}
+    known_tid_storage_identifier_dict[
+      (((storage_dict['ip'],storage_dict['port']),), storage_dict['storage_name'])
+        ] = (zeo_conf[storage_dict['storage_name']]['path'], check_path or mount_point)
+
+    zodb_configuration_string = self.substituteTemplate(
+        self.getTemplateFilename('zope-zeo-snippet.conf.in'), dict(
+        storage_name=storage_dict['storage_name'],
+        address='%s:%s' % (storage_dict['ip'], storage_dict['port']),
+        mount_point=mount_point
+        ))
+
+    zope_port = 12000
+    # One Distribution Node (Single Thread Always)
+    zope_port += 1
+    self.installZope(ip, zope_port, 'zope_distribution', with_timerservice=True,
+        zodb_configuration_string=zodb_configuration_string,
+        tidstorage_config=tidstorage_config)
+
+    # Activity Nodes (Single Thread Always)
+    for i in range(activity_node_amount):
+      zope_port += 1
+      self.installZope(ip, zope_port, 'zope_activity_%s' % i,
+          with_timerservice=True,
+          zodb_configuration_string=zodb_configuration_string,
+          tidstorage_config=tidstorage_config)
+
+    # Four Web Page Nodes (Human access)
+    login_url_list = []
+    for i in range(user_node_amount):
+      zope_port += 1
+      login_url_list.append(self.installZope(ip, zope_port,
+        'zope_login_%s' % i, with_timerservice=False,
+        zodb_configuration_string=zodb_configuration_string,
+        tidstorage_config=tidstorage_config,
+        thread_amount=thread_amount_per_zope))
+
+    login_haproxy = self.installHaproxy(ip, 15001, 'login',
+                               site_check_path, login_url_list)
+
+    self.installTidStorage(tidstorage_config['host'],
+                           tidstorage_config['port'],
+            known_tid_storage_identifier_dict, 'http://' + login_haproxy)
+
+    return login_url_list[-1], login_haproxy
+
   def _requestZeoFileStorage(self, server_name, storage_name):
     """Local, slap.request compatible, call to ask for filestorage on Zeo
 
@@ -232,6 +350,12 @@ class Recipe(BaseSlapRecipe):
     # workaround wrong assumptions of ERP5Type.tests.runUnitTest about
     # directory existence
     unit_test = os.path.join(testinstance, 'unit_test')
+    connection_string_list = []
+    for test_database, test_user, test_password in \
+          mysql_conf['mysql_parallel_test_dict'][-4:]:
+      connection_string_list.append(
+          '%s@%s:%s %s %s' % (test_database, mysql_conf['ip'],
+                            mysql_conf['tcp_port'], test_user, test_password))
     if not os.path.isdir(unit_test):
       os.mkdir(unit_test)
     runUnitTest = zc.buildout.easy_install.scripts([
@@ -245,6 +369,7 @@ class Recipe(BaseSlapRecipe):
           '--erp5_sql_connection_string', '%(mysql_test_database)s@%'
           '(ip)s:%(tcp_port)s %(mysql_test_user)s '
           '%(mysql_test_password)s' % mysql_conf,
+          '--extra_sql_connection_string_list',','.join(connection_string_list),
           '--conversion_server_hostname=%(conversion_server_ip)s' % \
                                                          conversion_server_conf,
           '--conversion_server_port=%(conversion_server_port)s' % \
@@ -307,7 +432,7 @@ class Recipe(BaseSlapRecipe):
     self._createDirectory(cron_d)
     self._createDirectory(crontabs)
     wrapper = zc.buildout.easy_install.scripts([('crond',
-      __name__ + '.execute', 'execute')], self.ws, sys.executable,
+     'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
       self.wrapper_directory, arguments=[
         self.options['dcrond_binary'].strip(), '-s', cron_d, '-c', crontabs,
         '-t', timestamps, '-f', '-l', '5', '-M', catcher]
@@ -412,7 +537,7 @@ class Recipe(BaseSlapRecipe):
           conversion_server_dict))
     self.path_list.append(config_file)
     self.path_list.extend(zc.buildout.easy_install.scripts([(name,
-      __name__ + '.execute', 'execute_with_signal_translation')], self.ws,
+     'slapos.recipe.librecipe.execute', 'execute_with_signal_translation')], self.ws,
       sys.executable, self.wrapper_directory,
       arguments=[self.options['ooo_paster'].strip(), 'serve', config_file]))
     return {
@@ -436,7 +561,7 @@ class Recipe(BaseSlapRecipe):
         config))
     self.path_list.append(haproxy_conf_path)
     wrapper = zc.buildout.easy_install.scripts([('haproxy_%s' % name,
-      __name__ + '.execute', 'execute')], self.ws, sys.executable,
+     'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
       self.wrapper_directory, arguments=[
         self.options['haproxy_binary'].strip(), '-f', haproxy_conf_path]
       )[0]
@@ -455,7 +580,7 @@ class Recipe(BaseSlapRecipe):
     password = self.generatePassword()
     # XXX Unhardcoded me please
     user = 'zope'
-    write_inituser(
+    Zope2InitUser(
         os.path.join(self.erp5_directory, "inituser"), user, password)
 
     self._createDirectory(self.erp5_directory)
@@ -473,10 +598,50 @@ class Recipe(BaseSlapRecipe):
       self._createDirectory(os.path.join(self.erp5_directory, directory))
     self._createDirectory(os.path.join(self.erp5_directory, 'etc',
       'package-includes'))
+
+    # Symlink to BT5 repositories defined in instance config.
+    # Those paths will eventually end up in the ZODB, and having symlinks
+    # inside the XXX makes it possible to reuse such ZODB with another software
+    # release[ version].
+    # Note: this path cannot be used for development, it's really just a
+    # read-only repository.
+    repository_path = os.path.join(self.var_directory, "bt5_repository")
+    if not os.path.isdir(repository_path):
+      os.mkdir(repository_path)
+    self.path_list.append(repository_path)
+    self.bt5_repository_list = []
+    append = self.bt5_repository_list.append
+    for repository in self.options.get('bt5_repository_list', '').split():
+      repository = repository.strip()
+      if not repository:
+        continue
+
+      if _isurl(repository) and not repository.startswith("file://"):
+        # XXX: assume it's a valid URL
+        append(repository)
+        continue
+
+      if repository.startswith('file://'):
+        repository = repository.replace('file://', '', '')
+
+      if os.path.isabs(repository):
+        repo_id = hashlib.sha1(repository).hexdigest()
+        link = os.path.join(repository_path, repo_id)
+        if os.path.lexists(link):
+          if not os.path.islink(link):
+            raise zc.buildout.UserError(
+              'Target link already %r exists but it is not link' % link)
+          os.unlink(link)
+        os.symlink(repository, link)
+        self.logger.debug('Created link %r -> %r' % (link, repository_path))
+        # Always provide a URL-Type
+        append("file://" + link)
+
     return user, password
 
   def installERP5Site(self, user, password, zope_access, mysql_conf,
-          conversion_server_conf=None, memcached_conf=None, kumo_conf=None, erp5_site_id='erp5'):
+          conversion_server_conf=None, memcached_conf=None, kumo_conf=None,
+          erp5_site_id='erp5', default_bt5_list=[]):
     """ Create a script controlled by supervisor, which creates a erp5
     site on current available zope and mysql environment"""
     conversion_server = None
@@ -489,19 +654,18 @@ class Recipe(BaseSlapRecipe):
       kumo_conf = {}
     # XXX Conversion server and memcache server coordinates are not relevant
     # for pure site creation.
-    https_connection_url = "http://%s:%s@%s/" % (user, password, zope_access)
     mysql_connection_string = "%(mysql_database)s@%(ip)s:%(tcp_port)s %(mysql_user)s %(mysql_password)s" % mysql_conf
 
-    # XXX URL list vs. repository + list of bt5 names?
-    bt5_list = self.parameter_dict.get("bt5_list", "").split()
-    bt5_repository_list = self.parameter_dict.get("bt5_repository_list", "").split()
+    bt5_list = self.parameter_dict.get("bt5_list", "").split() or default_bt5_list
+    bt5_repository_list = self.parameter_dict.get("bt5_repository_list", "").split() \
+      or getattr(self, 'bt5_repository_list', [])
 
     self.path_list.extend(zc.buildout.easy_install.scripts([('erp5_update',
             __name__ + '.erp5', 'updateERP5')], self.ws,
                   sys.executable, self.wrapper_directory,
                   arguments=[erp5_site_id,
                              mysql_connection_string,
-                             https_connection_url,
+                             [user, password, zope_access],
                              memcached_conf.get('memcached_url'),
                              conversion_server,
                              kumo_conf.get("kumo_address"),
@@ -542,7 +706,7 @@ class Recipe(BaseSlapRecipe):
         self.substituteTemplate(self.getTemplateFilename('zeo.conf.in'), config))
       self.path_list.append(zeo_conf_path)
       wrapper = zc.buildout.easy_install.scripts([('zeo_%s' % zeo_number,
-        __name__ + '.execute', 'execute')], self.ws, sys.executable,
+       'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
         self.wrapper_directory, arguments=[
           self.options['runzeo_binary'].strip(), '-C', zeo_conf_path]
         )[0]
@@ -588,7 +752,7 @@ class Recipe(BaseSlapRecipe):
       )))
     # TID server
     tidstorage_server = zc.buildout.easy_install.scripts([('tidstoraged',
-      __name__ + '.execute', 'execute')], self.ws, sys.executable,
+     'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
       self.wrapper_directory, arguments=[
         self.options['tidstoraged_binary'], '--nofork', '--config',
         tidstorage_config])[0]
@@ -599,7 +763,7 @@ class Recipe(BaseSlapRecipe):
 
     # repozo wrapper
     tidstorage_repozo = zc.buildout.easy_install.scripts([('tidstorage_repozo',
-      __name__ + '.execute', 'execute')], self.ws, sys.executable,
+     'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
       self.bin_directory, arguments=[
         self.options['tidstorage_repozo_binary'], '--config', tidstorage_config,
       '--repozo', self.options['repozo_binary'], '-z'])[0]
@@ -617,7 +781,19 @@ class Recipe(BaseSlapRecipe):
 
   def installZope(self, ip, port, name, zodb_configuration_string,
       with_timerservice=False, tidstorage_config=None, thread_amount=1,
-      with_deadlockdebugger=True):
+      with_deadlockdebugger=True, zope_environment=None):
+    default_zope_environment = dict(
+      TMP=self.tmp_directory,
+      TMPDIR=self.tmp_directory,
+      HOME=self.tmp_directory,
+      PATH=self.bin_directory
+    )
+    if zope_environment is None:
+      zope_environment = default_zope_environment.copy()
+    else:
+      for envk, envv in default_zope_environment.iteritems():
+        if envk not in zope_environment:
+          zope_environment[envk] = envv
     # Create zope configuration file
     zope_config = dict(
         products=self.options['products'],
@@ -625,7 +801,7 @@ class Recipe(BaseSlapRecipe):
     )
     # configure default Zope2 zcml
     open(os.path.join(self.erp5_directory, 'etc', 'site.zcml'), 'w').write(
-        pkg_resources.resource_string('Zope2', 'utilities/skel/etc/site.zcml'))
+        pkg_resources.resource_string(__name__, 'template/site.zcml'))
     zope_config['zodb_configuration_string'] = zodb_configuration_string
     zope_config['instance'] = self.erp5_directory
     zope_config['event_log'] = os.path.join(self.log_directory,
@@ -649,8 +825,10 @@ class Recipe(BaseSlapRecipe):
                              self.erp5_directory, 'Products'))
     zope_config['products'] = '\n'.join(prefixed_products)
     zope_config['address'] = '%s:%s' % (ip, port)
-    zope_config['tmp_directory'] = self.tmp_directory
-    zope_config['path'] = self.bin_directory
+    zope_environment_list = []
+    for envk, envv in zope_environment.iteritems():
+      zope_environment_list.append('%s %s' % (envk, envv))
+    zope_config['environment'] = "\n".join(zope_environment_list)
 
     zope_wrapper_template_location = self.getTemplateFilename('zope.conf.in')
     zope_conf_content = self.substituteTemplate(
@@ -673,7 +851,7 @@ class Recipe(BaseSlapRecipe):
     self.path_list.append(zope_conf_path)
     # Create init script
     wrapper = zc.buildout.easy_install.scripts([(name,
-      __name__ + '.execute', 'execute')], self.ws, sys.executable,
+     'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
       self.wrapper_directory, arguments=[
         self.options['runzope_binary'].strip(), '-C', zope_conf_path]
       )[0]
@@ -732,13 +910,18 @@ class Recipe(BaseSlapRecipe):
     ident = 'frontend_' + name
     apache_conf = self._getApacheConfigurationDict(ident, ip, port)
     apache_conf['server_name'] = name
+    apache_conf['frontend_path'] = frontend_path
     apache_conf['ssl_snippet'] = pkg_resources.resource_string(__name__,
         'template/apache.ssl-snippet.conf.in') % dict(
         login_certificate=certificate, login_key=key)
 
     rewrite_rule_template = \
         "RewriteRule ^%(path)s($|/.*) %(backend_url)s/VirtualHostBase/https/%(server_name)s:%(port)s%(backend_path)s/VirtualHostRoot/_vh_%(vhname)s$1 [L,P]\n"
-    path = pkg_resources.resource_string(__name__, 'template/apache.zope.conf.path-protected.in') % dict(path='/', access_control_string='none')
+
+    path = pkg_resources.resource_string(__name__,
+           'template/apache.zope.conf.path-protected.in') % \
+              dict(path='/', access_control_string='none')
+
     if access_control_string is None:
       path_template = pkg_resources.resource_string(__name__,
         'template/apache.zope.conf.path.in')
@@ -754,8 +937,7 @@ class Recipe(BaseSlapRecipe):
           backend_path=backend_path,
           port=apache_conf['port'],
           vhname=frontend_path.replace('/', ''),
-          server_name=name
-    )
+          server_name=name)
     rewrite_rule = rewrite_rule_template % d
     apache_conf.update(**dict(
       path_enable=path,
@@ -775,6 +957,8 @@ class Recipe(BaseSlapRecipe):
               config=apache_config_file
             )
           ]))
+    # Note: IPv6 is assumed always
+    return 'https://%(server_name)s:%(port)s%(frontend_path)s' % (apache_conf)
 
   def installBackendApache(self, ip, port, backend, key, certificate,
       suffix='', access_control_string=None):
@@ -802,7 +986,8 @@ class Recipe(BaseSlapRecipe):
 
   def installMysqlServer(self, ip, port, database='erp5', user='user',
       test_database='test_erp5', test_user='test_user', template_filename=None,
-      parallel_test_database_amount=100, mysql_conf=None):
+      parallel_test_database_amount=100, mysql_conf=None, with_backup=True,
+      with_maatkit=True):
     if mysql_conf is None:
       mysql_conf = {}
     backup_directory = self.createBackupDirectory('mysql')
@@ -876,37 +1061,64 @@ class Recipe(BaseSlapRecipe):
        )]))
     self.path_list.extend([mysql_conf_path])
 
-    # backup configuration
-    backup_directory = self.createBackupDirectory('mysql')
-    full_backup = os.path.join(backup_directory, 'full')
-    incremental_backup = os.path.join(backup_directory, 'incremental')
-    self._createDirectory(full_backup)
-    self._createDirectory(incremental_backup)
-    innobackupex_argument_list = [self.options['perl_binary'],
-        self.options['innobackupex_binary'],
-        '--defaults-file=%s' % mysql_conf_path,
-        '--socket=%s' %mysql_conf['socket'].strip(), '--user=root']
-    environment = dict(PATH='%s' % self.bin_directory)
-    innobackupex_incremental = zc.buildout.easy_install.scripts([(
-      'innobackupex_incremental', __name__ + '.execute', 'executee')],
-      self.ws, sys.executable, self.bin_directory, arguments=[
-        innobackupex_argument_list + ['--incremental'],
-        environment])[0]
-    self.path_list.append(innobackupex_incremental)
-    innobackupex_full = zc.buildout.easy_install.scripts([('innobackupex_full',
-      __name__ + '.execute', 'executee')], self.ws,
-      sys.executable, self.bin_directory, arguments=[
-        innobackupex_argument_list,
-        environment])[0]
-    self.path_list.append(innobackupex_full)
-    backup_controller = zc.buildout.easy_install.scripts([
-      ('innobackupex_controller', __name__ + '.innobackupex', 'controller')],
-      self.ws, sys.executable, self.bin_directory,
-      arguments=[innobackupex_incremental, innobackupex_full, full_backup,
-        incremental_backup])[0]
-    self.path_list.append(backup_controller)
-    mysql_backup_cron = os.path.join(self.cron_d, 'mysql_backup')
-    open(mysql_backup_cron, 'w').write('0 0 * * * ' + backup_controller)
-    self.path_list.append(mysql_backup_cron)
+    if with_backup:
+      # backup configuration
+      backup_directory = self.createBackupDirectory('mysql')
+      full_backup = os.path.join(backup_directory, 'full')
+      incremental_backup = os.path.join(backup_directory, 'incremental')
+      self._createDirectory(full_backup)
+      self._createDirectory(incremental_backup)
+      innobackupex_argument_list = [self.options['perl_binary'],
+          self.options['innobackupex_binary'],
+          '--defaults-file=%s' % mysql_conf_path,
+          '--socket=%s' %mysql_conf['socket'].strip(), '--user=root',
+          '--ibbackup=%s'% self.options['xtrabackup_binary']]
+      environment = dict(PATH='%s' % self.bin_directory)
+      innobackupex_incremental = zc.buildout.easy_install.scripts([(
+        'innobackupex_incremental','slapos.recipe.librecipe.execute', 'executee')],
+        self.ws, sys.executable, self.bin_directory, arguments=[
+          innobackupex_argument_list + ['--incremental'],
+          environment])[0]
+      self.path_list.append(innobackupex_incremental)
+      innobackupex_full = zc.buildout.easy_install.scripts([('innobackupex_full',
+       'slapos.recipe.librecipe.execute', 'executee')], self.ws,
+        sys.executable, self.bin_directory, arguments=[
+          innobackupex_argument_list,
+          environment])[0]
+      self.path_list.append(innobackupex_full)
+      backup_controller = zc.buildout.easy_install.scripts([
+        ('innobackupex_controller', __name__ + '.innobackupex', 'controller')],
+        self.ws, sys.executable, self.bin_directory,
+        arguments=[innobackupex_incremental, innobackupex_full, full_backup,
+          incremental_backup])[0]
+      self.path_list.append(backup_controller)
+      mysql_backup_cron = os.path.join(self.cron_d, 'mysql_backup')
+      open(mysql_backup_cron, 'w').write('0 0 * * * ' + backup_controller)
+      self.path_list.append(mysql_backup_cron)
+
+    if with_maatkit:
+      # maatkit installation
+      for mk_script_name in (
+          'mk-variable-advisor',
+          'mk-table-usage',
+          'mk-visual-explain',
+          'mk-config-diff',
+          'mk-deadlock-logger',
+          'mk-error-log',
+          'mk-index-usage',
+          'mk-query-advisor',
+          ):
+        mk_argument_list = [self.options['perl_binary'],
+            self.options['%s_binary' % mk_script_name],
+            '--defaults-file=%s' % mysql_conf_path,
+            '--socket=%s' %mysql_conf['socket'].strip(), '--user=root',
+            ]
+        environment = dict(PATH='%s' % self.bin_directory)
+        mk_exe = zc.buildout.easy_install.scripts([(
+          mk_script_name,'slapos.recipe.librecipe.execute', 'executee')],
+          self.ws, sys.executable, self.bin_directory, arguments=[
+            mk_argument_list, environment])[0]
+        self.path_list.append(mk_exe)
+
     # The return could be more explicit database, user ...
     return mysql_conf

slapos/recipe/erp5/erp5.py

@@ -24,84 +24,356 @@
 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 #
 ##############################################################################
-import time
-import urllib
-import xmlrpclib
+
+import httplib
+import json
+import base64
 import socket
+import time
 
-def updateERP5(args):
-  # FIXME Use a dict
-  site_id = args[0]
-  mysql_string = args[1]
-  base_url = args[2]
-  memcached_provider = args[3]
-  conversion_server = args[4]
-  kumo_provider = args[5]
-  bt5_list = args[6]
-  bt5_repository_list = []
-  if len(args) > 7:
-    bt5_repository_list = args[7]
 
-  if len(bt5_list) > 0 and len(bt5_repository_list) == 0:
-    bt5_repository_list = ["http://www.erp5.org/dists/snapshot/bt5"]
+class ERP5Updater(object):
+
   erp5_catalog_storage = "erp5_mysql_innodb_catalog"
-  business_template_setup_finished = 0
-  external_service_assertion = 1
-  update_script_id = "ERP5Site_assertExternalServiceList"
-  sleep = 120
-  while True:
+  header_dict = {}
+
+  sleeping_time = 120
+
+  def __init__(self, user, password, host,
+      site_id, mysql_url, memcached_address,
+      conversion_server_address, persistent_cache_address,
+      bt5_list, bt5_repository_list):
+
+    authentication_string = '%s:%s' % (user, password)
+    base64string = base64.encodestring(authentication_string).strip()
+
+    self.header_dict['Authorization'] = 'Basic %s' % base64string
+
+    self.host = host
+    self.site_id = site_id
+    self.business_template_repository_list = bt5_repository_list
+    self.business_template_list = bt5_list
+    self.memcached_address = memcached_address
+    self.persintent_cached_address = persistent_cache_address
+    self.mysql_url = mysql_url
+
+    host, port = conversion_server_address.split(":")
+    self.conversion_server_address = host
+    self.conversion_server_port = int(port)
+
+  def log(self, level, message):
+    date = time.strftime("%a, %d %b %Y %H:%M:%S +0000")
+    print "%s - %s : %s" % (date, level, message)
+
+  def getConnectionToZope(self):
+    return httplib.HTTPConnection(self.host)
+
+  def GET(self, path):
+    zope_connection = self.getConnectionToZope()
+    self.log("INFO", "GET ZOPE: %s, PATH: %s" % (self.host, path))
     try:
-      proxy = xmlrpclib.ServerProxy(base_url)
-      print "Adding site at %r" % base_url
-      if proxy.isERP5SitePresent() == False:
-        url = '%s/manage_addProduct/ERP5/manage_addERP5Site' % base_url
-        result = urllib.urlopen(url, urllib.urlencode({
-          "id": site_id,
-          "erp5_catalog_storage": erp5_catalog_storage,
-          "erp5_sql_connection_string": mysql_string,
-          "cmf_activity_sql_connection_string": mysql_string, }))
-        print "ERP5 Site creation output: %s" % result.read()
-
-      if not business_template_setup_finished:
-        if proxy.isERP5SitePresent() == True:
-          print "Start to set initial business template setup."
-          # Update URL to ERP5 Site
-          erp5 = xmlrpclib.ServerProxy("%s/%s" % (base_url, site_id),
-                                       allow_none=1)
-
-          repository_list = erp5.portal_templates.getRepositoryList()
-          if len(bt5_repository_list) > 0 and \
-             set(bt5_repository_list) != set(repository_list):
-            erp5.portal_templates.\
-                updateRepositoryBusinessTemplateList(bt5_repository_list, None)
-
-          installed_bt5_list =\
-            erp5.portal_templates.getInstalledBusinessTemplateTitleList()
-          for bt5 in bt5_list:
-            if bt5 not in installed_bt5_list:
-              erp5.portal_templates.\
-                installBusinessTemplatesFromRepositories([bt5])
-
-          repository_set = set(erp5.portal_templates.getRepositoryList())
-          installed_bt5_list = erp5.portal_templates.\
-               getInstalledBusinessTemplateTitleList()
-          if (set(repository_set) == set(bt5_repository_list)) and \
-              len([i for i in bt5_list if i not in installed_bt5_list]) == 0:
-            print "Repositories updated and business templates installed."
-            business_template_setup_finished = 1
-
-      if external_service_assertion:
-        url = "%s/%s/%s" % (base_url, site_id, update_script_id)
-        result = urllib.urlopen(url, urllib.urlencode({
-          "memcached" : memcached_provider,
-          "kumo" : kumo_provider,
-          "conversion_server" : conversion_server,})).read()
-        external_service_assertion = not (result == "True")
-
-    except IOError:
-      print "Unable to create the ERP5 Site!"
+      zope_connection.request('GET', path, headers=self.header_dict)
+      result = zope_connection.getresponse()
+      data = result.read()
+      status = result.status
     except socket.error, e:
-      print "Unable to connect to ZOPE! %s" % e
-    except xmlrpclib.Fault, e:
-      print "XMLRPC Fault: %s" % e
-    time.sleep(sleep)
+      data = "Unable to connect to %s (socket.error: %s)" % (self.host, e)
+      self.log("ERROR", data)
+      status = 0
+    finally:
+      zope_connection.close()
+
+    return status, data
+
+  def POST(self, path, post_dict):
+    zope_connection = self.getConnectionToZope()
+    param_list = []
+    for item in post_dict:
+      value = post_dict[item]
+      if isinstance(value, type([])):
+        for v in value:
+          param_list.append("%s:list=%s" % (item, v))
+      else:
+        param_list.append("%s=%s" % (item, value))
+
+    params = "&".join(param_list)
+    self.log("INFO", "GET ZOPE: %s, PATH: %s, PARAMS: %s" % \
+                     (self.host, path, params))
+    try:
+      zope_connection.request('POST', path, params, headers=self.header_dict)
+      result = zope_connection.getresponse()
+      data = result.read()
+      status = result.status
+    except socket.error, e:
+      data = "Unable to connect to %s (socket.error: %s)" % (self.host, e)
+      self.log("ERROR", data)
+      status = 0
+    finally:
+      zope_connection.close()
+
+    return status, data
+
+  def isERP5Present(self):
+    status, data = self.GET("/isERP5SitePresent")
+    self.log("DEBUG", "isERP5Present : %s, %s" % (status, data))
+    return status == 200 and not (data == "False")
+
+  def loadSystemSignatureDict(self):
+    base_path = \
+        "/%s/portal_introspections/getSystemSignatureAsJSON" % self.site_id
+    status, data = self.GET(base_path)
+    if status == 200:
+      data_dict = json.loads(data)
+      self.system_signature_dict = data_dict
+    elif status == 404:
+      # Unable to find portal_introspection, this means erp5_base is not
+      # installed yet.
+      self.system_signature_dict = None
+      self.log("DEBUG", "Unable to find portal_introspection, this means " + \
+                        "erp5_base is not installed yet.")
+    else:
+      self.log("ERROR", "Unable to get SystemSignature to %s (status: %s, data: %s)" % \
+          (self.host, status, data))
+
+  def getSystemSignatureDict(self, item=None, default=None):
+    system_signature_dict = getattr(self, 'system_signature_dict', None)
+    if system_signature_dict is not None and item is not None:
+        return system_signature_dict.get(item, default)
+    return system_signature_dict
+
+  def getMissingBusinessTemplateRepositoryList(self):
+    found_list = self.getSystemSignatureDict(
+                "business_template_repository_list", [])
+    return [i for i in self.business_template_repository_list
+                    if i not in found_list]
+
+  def getMissingBusinessTemplateList(self):
+    bt5_dict = self.getSystemSignatureDict("business_template_dict", [])
+    found_bt5_list = bt5_dict.keys()
+    return [bt for bt in self.business_template_list\
+                          if bt not in found_bt5_list]
+
+  def isBusinessTemplateUpdated(self):
+    return len(self.getMissingBusinessTemplateList()) == 0
+
+  def isBusinessTemplateRepositoryUpdated(self):
+    return len(self.getMissingBusinessTemplateRepositoryList()) == 0
+
+  def updateBusinessTemplateList(self):
+    """ Update Business Template Configuration, including the repositories
+    """
+    if not self.isBusinessTemplateUpdated():
+      # Before update the business templates, it is required to make
+      # sure the repositories are updated.
+      if not self.isBusinessTemplateRepositoryUpdated():
+        # Require to update Business template Repository
+        repository_list = self.getSystemSignatureDict(
+           "business_template_repository_list", [])
+        repository_list.extend(self.getMissingBusinessTemplateRepositoryList())
+        self._setRepositoryList(repository_list)
+
+      # Require to update Business template
+      for bt in self.getMissingBusinessTemplateList():
+        self._installBusinessTemplateList([bt])
+      return True
+
+    return False
+
+  def _setRepositoryList(self, repository_list):
+    """ Set repository list on portal_templates """
+    set_path = "/%s/portal_templates/updateRepositoryBusinessTemplateList" % self.site_id
+    self.POST(set_path, {"repository_list": repository_list})
+
+  def _installBusinessTemplateList(self, name_list, update_catalog=False):
+    """ Install a Business Template on Remote ERP5 setup """
+    set_path = "/%s/portal_templates/installBusinessTemplatesFromRepositories" % self.site_id
+    self.POST(set_path, {"template_list": name_list,
+                         "only_newer": 1,
+                         "update_catalog": int(update_catalog)})
+
+  def _createActiveSystemPreference(self):
+    """ Assert that at least one enabled System Preference is present on
+        the erp5 instance.
+    """
+    self.log("INFO", "Try to create New System Preference into ERP5!")
+    path = "/%s/portal_preferences/createActiveSystemPreference" % self.site_id
+    status, data = self.POST(path, {})
+    if status != 200:
+      self.log("ERROR", "Unable to create System Preference, an error ocurred %s." % data)
+
+  def updateConversionServer(self):
+    """ Update Conversion server Configuration """
+    external_connection_dict = self.getSystemSignatureDict("external_connection_dict")
+    host_key = None
+    port_key = None
+    for external_connection in external_connection_dict:
+      # Search for Configurated value for Conversion Server
+      if external_connection.endswith("getPreferredOoodocServerAddress"):
+         host_key = external_connection
+      elif external_connection.endswith("getPreferredOoodocServerPortNumber"):
+         port_key = external_connection
+      if None not in [host_key, port_key]:
+        break
+
+    if None in [host_key, port_key]:
+      self.log("ERROR", "Unable to find the Active System Preference to Update!")
+      self._createActiveSystemPreference()
+      return True
+
+    is_updated = self._assertAndUpdateDocument(host_key, self.conversion_server_address,
+         "setPreferredOoodocServerAddress")
+
+    is_updated = is_updated or self._assertAndUpdateDocument(port_key,
+         self.conversion_server_port,
+         "setPreferredOoodocServerPortNumber")
+
+    return is_updated
+
+  def updateMemcached(self):
+    # Assert Memcached configuration
+    self._assertAndUpdateDocument(
+       "portal_memcached/default_memcached_plugin/getUrlString",
+       self.memcached_address,
+       "setUrlString")
+
+    # Assert Persistent cache configuration (Kumofs)
+    self._assertAndUpdateDocument(
+      "portal_memcached/persistent_memcached_plugin/getUrlString",
+      self.persintent_cached_address,
+      "setUrlString")
+
+  def _assertAndUpdateDocument(self, key, expected_value, update_method):
+    external_connection_dict = self.getSystemSignatureDict("external_connection_dict")
+
+    # Assert Memcached configuration
+    found_address = external_connection_dict.get(key)
+    if found_address != expected_value:
+      document_path = "/".join(key.split("/")[:-1])
+      self.log("INFO",
+               "Document require update at %s (Found: %s, Expected: %s)" % \
+                            (document_path, found_address, expected_value))
+
+      set_path = "/%s/%s/%s" % (self.site_id, document_path, update_method)
+      self.POST(set_path, {"value": expected_value})
+      return True
+    return False
+
+  def updateMysql(self):
+    """ This API is not implemented yet, because it is not needed to
+    update Mysql Connection on ERP5 Sites.
+    """
+    pass
+
+  def updatePortalActivities(self):
+    """ This API is not implemented yet, because it is not needed for
+        a single instance configuration. This method should define which
+        instances will handle activities, which one will distribute
+        activities
+    """
+    pass
+
+  def updateERP5Site(self):
+    if not self.isERP5Present():
+      url = '/manage_addProduct/ERP5/manage_addERP5Site'
+      self.POST(url, {
+          "id": self.site_id,
+          "erp5_catalog_storage": self.erp5_catalog_storage,
+          "erp5_sql_connection_string": self.mysql_url,
+          "cmf_activity_sql_connection_string": self.mysql_url})
+      return True
+    return False
+
+  def _hasActivityPresent(self):
+    activity_dict = self.getSystemSignatureDict("activity_dict")
+    if activity_dict["total"] > 0:
+      return True
+
+  def _hasFailureActivity(self):
+    activity_dict = self.getSystemSignatureDict("activity_dict")
+    if activity_dict["failure"] > 0:
+       return True
+
+  def _updatePreRequiredBusinessTemplateList(self):
+    """ Update only the first part of bt5."""
+
+    # This list contains the minimal set of bt5 required to install
+    # portal_introspections. Move portal_introspection to erp5_core
+    # can remove this set.
+    pre_required_business_template_list = [i for i in self.business_template_list\
+                if i.startswith("erp5_full_text") or i == "erp5_base"]
+
+    if len(self.business_template_repository_list) > 0 and \
+         len(pre_required_business_template_list):
+      pre_required_business_template_list.insert(0, "erp5_core_proxy_field_legacy")
+      self._setRepositoryList(self.business_template_repository_list)
+      time.sleep(30)
+      for bt in pre_required_business_template_list:
+        update_catalog = bt.endswith("_catalog")
+        self._installBusinessTemplateList([bt], update_catalog)
+    else:
+      self.log("ERROR", "Unable to install erp5_base, it is not on your " +\
+               "requested business templates list. Once it is installed " +\
+               "setup will continue")
+
+  def run(self):
+    """ Keep running until kill"""
+    while 1:
+      time.sleep(30)
+      if not self.updateERP5Site():
+        self.loadSystemSignatureDict()
+        if self.getSystemSignatureDict() is None:
+          self.log("INFO", "The erp5_base is not installed yet, trying to " +\
+                           "install it before continue.")
+          self._updatePreRequiredBusinessTemplateList()
+          time.sleep(60)
+          continue
+
+        if self._hasActivityPresent():
+          self.log("DEBUG", "Waiting for activities on ERP5...")
+          if self._hasFailureActivity():
+            self.log("ERROR", "Update progress found " +\
+                     "Failure activities and it will not progress until " +\
+                     " activites issue be solved")
+          continue
+
+        if self.updateBusinessTemplateList():
+          continue
+
+        self.updateMemcached()
+        if self.updateConversionServer():
+          # If update Conversion Server adds a bit more delay to continue
+          # To wait for activiies.
+          time.sleep(60)
+          continue
+
+        time.sleep(self.sleeping_time)
+
+def updateERP5(argument_list):
+  site_id = argument_list[0]
+  mysql_url = argument_list[1]
+  user, password, host = argument_list[2]
+  memcached_address = argument_list[3]
+  conversion_server_address = argument_list[4]
+  persistent_cache_provider = argument_list[5]
+  bt5_list = argument_list[6]
+  bt5_repository_list = []
+
+  if len(argument_list) > 7:
+    bt5_repository_list = argument_list[7]
+
+  if len(bt5_list) > 0 and len(bt5_repository_list) == 0:
+    bt5_repository_list = ["http://www.erp5.org/dists/snapshot/bt5"]
+
+  erp5_upgrader = ERP5Updater(
+    user=user,
+    password=password,
+    host=host,
+    site_id=site_id,
+    mysql_url=mysql_url,
+    memcached_address=memcached_address,
+    conversion_server_address=conversion_server_address,
+    persistent_cache_address=persistent_cache_provider,
+    bt5_list=bt5_list,
+    bt5_repository_list=bt5_repository_list)
+
+  erp5_upgrader.run()

slapos/recipe/erp5/template/apache.zope.conf.in

 # Apache configuration file for Zope
 # Automatically generated
 
+# List of modules
+LoadModule authz_host_module modules/mod_authz_host.so
+LoadModule log_config_module modules/mod_log_config.so
+LoadModule setenvif_module modules/mod_setenvif.so
+LoadModule version_module modules/mod_version.so
+LoadModule proxy_module modules/mod_proxy.so
+LoadModule proxy_http_module modules/mod_proxy_http.so
+LoadModule ssl_module modules/mod_ssl.so
+LoadModule mime_module modules/mod_mime.so
+LoadModule dav_module modules/mod_dav.so
+LoadModule dav_fs_module modules/mod_dav_fs.so
+LoadModule negotiation_module modules/mod_negotiation.so
+LoadModule rewrite_module modules/mod_rewrite.so
+LoadModule headers_module modules/mod_headers.so
+LoadModule antiloris_module modules/mod_antiloris.so
+
 # Basic server configuration
 PidFile "%(pid_file)s"
 LockFile "%(lock_file)s"
 Listen %(ip)s:%(port)s
 ServerAdmin %(server_admin)s
-DefaultType text/plain
 TypesConfig conf/mime.types
 AddType application/x-compress .Z
 AddType application/x-gzip .gz .tgz
@@ -19,7 +34,6 @@ RequestHeader unset REMOTE_USER
 
 # Log configuration
 ErrorLog "%(error_log)s"
-LogLevel warn
 LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\"" combined
 LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b" common
 CustomLog "%(access_log)s" common
@@ -37,19 +51,3 @@ CustomLog "%(access_log)s" common
 # Magic of Zope related rewrite
 RewriteEngine On
 %(rewrite_rule)s
-
-# List of modules
-LoadModule authz_host_module modules/mod_authz_host.so
-LoadModule log_config_module modules/mod_log_config.so
-LoadModule setenvif_module modules/mod_setenvif.so
-LoadModule version_module modules/mod_version.so
-LoadModule proxy_module modules/mod_proxy.so
-LoadModule proxy_http_module modules/mod_proxy_http.so
-LoadModule ssl_module modules/mod_ssl.so
-LoadModule mime_module modules/mod_mime.so
-LoadModule dav_module modules/mod_dav.so
-LoadModule dav_fs_module modules/mod_dav_fs.so
-LoadModule negotiation_module modules/mod_negotiation.so
-LoadModule rewrite_module modules/mod_rewrite.so
-LoadModule headers_module modules/mod_headers.so
-LoadModule antiloris_module modules/mod_antiloris.so

slapos/recipe/erp5/template/my.cnf.in

@@ -28,6 +28,9 @@ plugin-load = ha_innodb_plugin.so
 #innodb_log_file_size = 256M
 #innodb_log_buffer_size = 8M
 
+# very important to allow parallel indexing
+innodb_locks_unsafe_for_binlog = 1
+
 # Some dangerous settings you may want to uncomment if you only want
 # performance or less disk access. Useful for unit tests.
 #innodb_flush_log_at_trx_commit = 0

slapos/recipe/erp5/template/site.zcml

+<configure
+    xmlns="http://namespaces.zope.org/zope"
+    xmlns:meta="http://namespaces.zope.org/meta"
+    xmlns:five="http://namespaces.zope.org/five">
+
+  <include package="Products.Five" />
+  <meta:redefinePermission from="zope2.Public" to="zope.Public" />
+
+
+  <!-- Load the meta -->
+  <include files="package-includes/*-meta.zcml" />
+  <five:loadProducts file="meta.zcml"/>
+
+  <!-- Load the configuration -->
+  <include files="package-includes/*-configure.zcml" />
+  <five:loadProducts />
+
+  <!-- Load the configuration overrides-->
+  <includeOverrides files="package-includes/*-overrides.zcml" />
+  <five:loadProductsOverrides />
+
+
+  <securityPolicy
+      component="Products.Five.security.FiveSecurityPolicy" />
+
+</configure>

slapos/recipe/erp5/template/zope.conf.in

@@ -9,10 +9,7 @@ instancehome $INSTANCE
 
 # Environment override
 <environment>
-  TMP %(tmp_directory)s
-  TMPDIR %(tmp_directory)s
-  HOME %(tmp_directory)s
-  PATH %(path)s
+%(environment)s
 </environment>
 
 # No need to debug

slapos/recipe/erp5testnode/SlapOSControler.py

@@ -46,45 +46,49 @@ class SlapOSControler(object):
  'reference': config['computer_id'],
  'software_root': config['software_root']}))
 
-  def runSoftwareRelease(self, config, environment, process_group_pid_set=None):
+  def runSoftwareRelease(self, config, environment, process_group_pid_set=None,
+                         stdout=None, stderr=None):
     print "SlapOSControler.runSoftwareRelease"
-    while True:
-      cpu_count = os.sysconf("SC_NPROCESSORS_ONLN")
-      os.putenv('MAKEFLAGS', '-j%s' % cpu_count)
-      os.environ['PATH'] = environment['PATH']
-      stdout = open(os.path.join(
-                    config['instance_root'],'.runSoftwareRelease_out'),
-                    'w+')
-      stderr = open(os.path.join(
-                    config['instance_root'],'.runSoftwareRelease_err'),
-                    'w+')
-      slapgrid = subprocess.Popen([config['slapgrid_software_binary'], '-v', '-c',
-        #'--buildout-parameter',"'-U -N' -o",
-        config['slapos_config']],
-        stdout=stdout, stderr=stderr,
-        close_fds=True, preexec_fn=os.setsid)
-      process_group_pid_set.add(slapgrid.pid)
-      slapgrid.wait()
-      stdout.seek(0)
-      stderr.seek(0)
-      process_group_pid_set.remove(slapgrid.pid)
-      status_dict = {'status_code':slapgrid.returncode,
-                     'stdout':stdout.read(),
-                     'stderr':stderr.read()}
-      stdout.close()
-      stderr.close()
-      return status_dict
+    cpu_count = os.sysconf("SC_NPROCESSORS_ONLN")
+    os.putenv('MAKEFLAGS', '-j%s' % cpu_count)
+    os.environ['PATH'] = environment['PATH']
+    slapgrid = subprocess.Popen([config['slapgrid_software_binary'], '-v', '-c',
+      #'--buildout-parameter',"'-U -N' -o",
+      config['slapos_config']],
+      stdout=stdout, stderr=stderr,
+      close_fds=True, preexec_fn=os.setsid)
+    process_group_pid_set.add(slapgrid.pid)
+    slapgrid.wait()
+    stdout.seek(0)
+    stderr.seek(0)
+    process_group_pid_set.remove(slapgrid.pid)
+    status_dict = {'status_code':slapgrid.returncode,
+                    'stdout':stdout.read(),
+                    'stderr':stderr.read()}
+    stdout.close()
+    stderr.close()
+    return status_dict
 
-  def runComputerPartition(self, config, process_group_pid_set=None):
+  def runComputerPartition(self, config, environment,
+                           process_group_pid_set=None,
+                           stdout=None, stderr=None):
     print "SlapOSControler.runSoftwareRelease"
     slap = slapos.slap.slap()
     slap.registerOpenOrder().request(self.software_profile,
         partition_reference='testing partition',
         partition_parameter_kw=config['instance_dict'])
     slapgrid = subprocess.Popen([config['slapgrid_partition_binary'],
-      config['slapos_config'], '-c', '-v'], close_fds=True, preexec_fn=os.setsid)
+      config['slapos_config'], '-c', '-v'],
+      stdout=stdout, stderr=stderr,
+      close_fds=True, preexec_fn=os.setsid)
     process_group_pid_set.add(slapgrid.pid)
     slapgrid.wait()
+    stdout.seek(0)
+    stderr.seek(0)
     process_group_pid_set.remove(slapgrid.pid)
-    if slapgrid.returncode != 0:
-      raise ValueError('Slapgrid instance failed')
+    status_dict = {'status_code':slapgrid.returncode,
+                    'stdout':stdout.read(),
+                    'stderr':stderr.read()}
+    stdout.close()
+    stderr.close()
+    return status_dict

slapos/recipe/erp5testnode/Updater.py

@@ -147,7 +147,7 @@ class Updater(object):
       # edit .git/info/sparse-checkout if you want sparse checkout
       if revision:
         if type(revision) is str:
-          h = self._git_find_rev('r' + revision)
+          h = revision
         else:
           h = revision[1]
         if h != self._git('rev-parse', 'HEAD'):

slapos/recipe/erp5testnode/__init__.py

@@ -83,36 +83,25 @@ class Recipe(BaseSlapRecipe):
               git_binary=self.options['git_binary'],
               software_root=CONFIG['software_root'],
               working_directory=CONFIG['working_directory'],
-              vcs_repository=self.parameter_dict.get('vcs_repository'),
+              vcs_repository_list=eval(self.parameter_dict.get('vcs_repository_list'),),
               node_quantity=self.parameter_dict.get('node_quantity', '1'),
-              branch=self.parameter_dict.get('branch', None),
               test_suite_master_url=self.parameter_dict.get(
                                 'test_suite_master_url', None),
-              test_suite_name=self.parameter_dict.get('test_suite_name'),
+              test_suite=self.parameter_dict.get('test_suite'),
               test_suite_title=self.parameter_dict.get('test_suite_title'),
+              test_node_title=self.parameter_dict.get('test_node_title'),
+              project_title=self.parameter_dict.get('project_title'),
               bin_directory=self.bin_directory,
-              foo='bar',
               # botenvironemnt is splittable string of key=value to substitute
               # environment of running bot
               bot_environment=self.parameter_dict.get('bot_environment', ''),
               partition_reference=CONFIG['partition_reference'],
               environment=dict(PATH=os.environ['PATH']),
+              vcs_authentication_list=eval(self.parameter_dict.get(
+                     'vcs_authentication_list', 'None')),
             )
           ]))
 
-  def installLocalSvn(self):
-    svn_dict = dict(svn_binary = self.options['svn_binary'])
-    svn_dict.update(self.parameter_dict)
-    self._writeExecutable(os.path.join(self.bin_directory, 'svn'), """\
-#!/bin/sh
-%(svn_binary)s --username %(svn_username)s --password %(svn_password)s \
---non-interactive --trust-server-cert --no-auth-cache "$@" """% svn_dict)
-
-    svnversion = os.path.join(self.bin_directory, 'svnversion')
-    if os.path.lexists(svnversion):
-      os.unlink(svnversion)
-    os.symlink(self.options['svnversion_binary'], svnversion)
-
   def installLocalGit(self):
     git_dict = dict(git_binary = self.options['git_binary'])
     git_dict.update(self.parameter_dict)
@@ -122,19 +111,19 @@ class Recipe(BaseSlapRecipe):
     home_directory = os.path.join(*os.path.split(self.bin_directory)[0:-1])
     print "home_directory : %r" % home_directory
     git_dict.setdefault("git_server_name", "git.erp5.org")
-    if git_dict.get('vcs_username', None) is not None:
+    if git_dict.get('vcs_authentication_list', None) is not None:
+      vcs_authentication_list = eval(git_dict['vcs_authentication_list'])
       netrc_file = open(os.path.join(home_directory, '.netrc'), 'w')
-      netrc_file.write("""
-  machine %(git_server_name)s
-  login %(vcs_username)s
-  password %(vcs_password)s""" % git_dict)
+      for vcs_authentication_dict in vcs_authentication_list:
+        netrc_file.write("""
+machine %(host)s
+login %(user_name)s
+password %(password)s
+""" % vcs_authentication_dict)
       netrc_file.close()
 
   def installLocalRepository(self):
-    if self.parameter_dict.get('vcs_repository').endswith('git'):
-      self.installLocalGit()
-    else:
-      self.installLocalSvn()
+    self.installLocalGit()
 
   def installLocalZip(self):
     zip = os.path.join(self.bin_directory, 'zip')

slapos/recipe/erp5testnode/testnode.py

@@ -55,44 +55,64 @@ def safeRpcCall(function, *args):
       time.sleep(retry)
       retry += retry >> 1
 
+def getInputOutputFileList(config, command_name):
+  stdout = open(os.path.join(
+                config['instance_root'],'.%s_out' % command_name),
+                'w+')
+  stdout.write("%s\n" % command_name)
+  stderr = open(os.path.join(
+                config['instance_root'],'.%s_err' % command_name),
+                'w+')
+  return (stdout, stderr)
+
 slapos_controler = None
 
 def run(args):
   config = args[0]
   slapgrid = None
-  branch = config.get('branch', None)
   supervisord_pid_file = os.path.join(config['instance_root'], 'var', 'run',
         'supervisord.pid')
   subprocess.check_call([config['git_binary'],
                 "config", "--global", "http.sslVerify", "false"])
   previous_revision = None
-  run_software = True
-  # find what will be the path of the repository
-  repository_name = config['vcs_repository'].split('/')[-1].split('.')[0]
-  repository_path = os.path.join(config['working_directory'],repository_name)
-  config['repository_path'] = repository_path
-  sys.path.append(repository_path)
 
+  run_software = True
   # Write our own software.cfg to use the local repository
   custom_profile_path = os.path.join(config['working_directory'], 'software.cfg')
   config['custom_profile_path'] = custom_profile_path
-  
-  # create a profile in order to use the repository we already have
-  custom_profile = open(custom_profile_path, 'w')
-  profile_content = """
+  vcs_repository_list = config['vcs_repository_list']
+  profile_content = None
+  assert len(vcs_repository_list), "we must have at least one repository"
+  for vcs_repository in vcs_repository_list:
+    url = vcs_repository['url']
+    buildout_section_id = vcs_repository.get('buildout_section_id', None)
+    repository_id = buildout_section_id or \
+                                  url.split('/')[-1].split('.')[0]
+    repository_path = os.path.join(config['working_directory'],repository_id)
+    vcs_repository['repository_id'] = repository_id
+    vcs_repository['repository_path'] = repository_path
+    if profile_content is None:
+      profile_content = """
 [buildout]
 extends = %(software_config_path)s
-
-[%(repository_name)s]
+""" %  {'software_config_path': os.path.join(repository_path,
+                                          config['profile_path'])}
+    if not(buildout_section_id is None):
+      profile_content += """
+[%(buildout_section_id)s]
 repository = %(repository_path)s
-""" %     {'software_config_path': os.path.join(repository_path,
-                                          config['profile_path']),
-    'repository_name': repository_name,
-    'repository_path' : repository_path}
-  if branch is not None:
-    profile_content += "\nbranch = %s" % branch
+branch = %(branch)s
+""" %  {'buildout_section_id': buildout_section_id,
+        'repository_path' : repository_path,
+        'branch' : vcs_repository.get('branch','master')}
+
+  custom_profile = open(custom_profile_path, 'w')
   custom_profile.write(profile_content)
   custom_profile.close()
+  config['repository_path'] = repository_path
+  sys.path.append(repository_path)
+  test_suite_title = config['test_suite_title'] or config['test_suite']
+
   retry_software = False
   try:
     while True:
@@ -104,19 +124,24 @@ repository = %(repository_path)s
           except:
             pass
         process_group_pid_set.clear()
+        full_revision_list = []
         # Make sure we have local repository
-        if not os.path.exists(repository_path):
-          parameter_list = [config['git_binary'], 'clone',
-                            config['vcs_repository']]
-          if branch is not None:
-            parameter_list.extend(['-b',branch])
-          parameter_list.append(repository_path)
-          subprocess.check_call(parameter_list)
-          # XXX this looks like to not wait the end of the command
-        # Make sure we have local repository
-        updater = Updater(repository_path, git_binary=config['git_binary'])
-        updater.checkout()
-        revision = updater.getRevision()
+        for vcs_repository in vcs_repository_list:
+          repository_path = vcs_repository['repository_path']
+          repository_id = vcs_repository['repository_id']
+          if not os.path.exists(repository_path):
+            parameter_list = [config['git_binary'], 'clone',
+                              vcs_repository['url']]
+            if vcs_repository.get('branch') is not None:
+              parameter_list.extend(['-b',vcs_repository.get('branch')])
+            parameter_list.append(repository_path)
+            subprocess.check_call(parameter_list)
+          # Make sure we have local repository
+          updater = Updater(repository_path, git_binary=config['git_binary'])
+          updater.checkout()
+          revision = "-".join(updater.getRevision())
+          full_revision_list.append('%s=%s' % (repository_id, revision))
+        revision = ','.join(full_revision_list)
         if previous_revision == revision:
           time.sleep(120)
           if not(retry_software):
@@ -137,57 +162,41 @@ repository = %(repository_path)s
           master = portal.portal_task_distribution
           assert master.getProtocolRevision() == 1
           test_result = safeRpcCall(master.createTestResult,
-            config['test_suite_name'], revision, [],
-            False, config['test_suite_title'])
+            config['test_suite'], revision, [],
+            False, test_suite_title,
+            config['test_node_title'], config['project_title'])
         print "testnode, test_result : %r" % (test_result,)
         if test_result:
           test_result_path, test_revision = test_result
           if revision != test_revision:
-            # other testnodes on other boxes are already ready to test another
-            # revision
-            updater = Updater(repository_path, git_binary=config['git_binary'],
-                              revision=test_revision)
-            updater.checkout()
+            for i, repository_revision in enumerate(test_revision.split(',')):
+              vcs_repository = vcs_repository_list[i]
+              repository_path = vcs_repository['repository_path']
+              # other testnodes on other boxes are already ready to test another
+              # revision
+              updater = Updater(repository_path, git_binary=config['git_binary'],
+                                revision=repository_revision.split('-')[1])
+              updater.checkout()
 
-          # Now prepare the installation of SlapOS
+          # Now prepare the installation of SlapOS and create instance
           slapos_controler = SlapOSControler(config,
             process_group_pid_set=process_group_pid_set)
-          # this should be always true later, but it is too slow for now
-          status_dict = slapos_controler.runSoftwareRelease(config,
-            environment=config['environment'],
-            process_group_pid_set=process_group_pid_set,
-            )
+          for method_name in ("runSoftwareRelease", "runComputerPartition"):
+            stdout, stderr = getInputOutputFileList(config, method_name)
+            slapos_method = getattr(slapos_controler, method_name)
+            status_dict = slapos_method(config,
+              environment=config['environment'],
+              process_group_pid_set=process_group_pid_set,
+              stdout=stdout, stderr=stderr
+              )
+            if status_dict['status_code'] != 0:
+              break
           if status_dict['status_code'] != 0:
             safeRpcCall(master.reportTaskFailure,
-              test_result_path, status_dict, config['test_suite_title'])
+              test_result_path, status_dict, config['test_node_title'])
             retry_software = True
             continue
 
-          # create instances, it should take some seconds only
-          slapos_controler.runComputerPartition(config,
-                  process_group_pid_set=process_group_pid_set)
-
-          # update repositories downloaded by buildout. Later we should get
-          # from master a list of repositories
-          repository_path_list = glob(os.path.join(config['software_root'],
-                                  '*', 'parts', 'git_repository', '*'))
-          assert len(repository_path_list) >= 0
-          for repository_path in repository_path_list:
-            updater = Updater(repository_path, git_binary=config['git_binary'])
-            updater.checkout()
-            if os.path.split(repository_path)[-1] == repository_name:
-              # redo checkout with good revision, the previous one is used
-              # to pull last code
-              updater = Updater(repository_path, git_binary=config['git_binary'],
-                                revision=revision)
-              updater.checkout()
-            # calling dist/externals is only there for backward compatibility,
-            # the code will be removed soon
-            if os.path.exists(os.path.join(repository_path, 'dist/externals.py')):
-              process = subprocess.Popen(['dist/externals.py'],
-                        cwd=repository_path)
-              process.wait()
-
           partition_path = os.path.join(config['instance_root'],
                                         config['partition_reference'])
           run_test_suite_path = os.path.join(partition_path, 'bin',
@@ -206,8 +215,9 @@ repository = %(repository_path)s
           if line[:2] == '#!':
             invocation_list = line[2:].split()
           invocation_list.extend([run_test_suite_path,
-                                  '--test_suite', config['test_suite_name'],
+                                  '--test_suite', config['test_suite'],
                                   '--revision', revision,
+                                  '--test_suite_title', test_suite_title,
                                   '--node_quantity', config['node_quantity'],
                                   '--master_url', config['test_suite_master_url']])
           run_test_suite = subprocess.Popen(invocation_list)
@@ -232,5 +242,4 @@ repository = %(repository_path)s
       if os.path.exists(supervisord_pid_file):
         os.kill(int(open(supervisord_pid_file).read().strip()), signal.SIGTERM)
     except:
-      pass
-
+      pass
\ No newline at end of file

slapos/recipe/kumofs/__init__.py

+##############################################################################
+#
+# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+from slapos.recipe.librecipe import BaseSlapRecipe
+import hashlib
+import os
+import pkg_resources
+import sys
+import zc.buildout
+import ConfigParser
+
+class Recipe(BaseSlapRecipe):
+  def getTemplateFilename(self, template_name):
+    return pkg_resources.resource_filename(__name__,
+        'template/%s' % template_name)
+
+  def _install(self):
+    self.path_list = []
+    self.requirements, self.ws = self.egg.working_set()
+    # XXX-Cedric : add logrotate?
+    self.cron_d = self.installCrond()
+    kumo_conf = self.installKumo(self.getLocalIPv4Address())
+    
+    ca_conf = self.installCertificateAuthority()
+    key, certificate = self.requestCertificate('Login Based Access')
+    
+    stunnel_conf = self.installStunnel(self.getGlobalIPv6Address(),
+        self.getLocalIPv4Address(), 12345, kumo_conf['kumo_gateway_port'],
+        certificate, key, ca_conf['ca_crl'],
+        ca_conf['certificate_authority_path'])
+    
+    self.linkBinary()
+    self.setConnectionDict(dict(
+      stunnel_ip = stunnel_conf['public_ip'],
+      stunnel_port = stunnel_conf['public_port'],
+    ))
+    return self.path_list
+
+  def linkBinary(self):
+    """Links binaries to instance's bin directory for easier exposal"""
+    for linkline in self.options.get('link_binary_list', '').splitlines():
+      if not linkline:
+        continue
+      target = linkline.split()
+      if len(target) == 1:
+        target = target[0]
+        path, linkname = os.path.split(target)
+      else:
+        linkname = target[1]
+        target = target[0]
+      link = os.path.join(self.bin_directory, linkname)
+      if os.path.lexists(link):
+        if not os.path.islink(link):
+          raise zc.buildout.UserError(
+              'Target link already %r exists but it is not link' % link)
+        os.unlink(link)
+      os.symlink(target, link)
+      self.logger.debug('Created link %r -> %r' % (link, target))
+      self.path_list.append(link)
+  
+
+  def installCrond(self):
+    timestamps = self.createDataDirectory('cronstamps')
+    cron_output = os.path.join(self.log_directory, 'cron-output')
+    self._createDirectory(cron_output)
+    catcher = zc.buildout.easy_install.scripts([('catchcron',
+      __name__ + '.catdatefile', 'catdatefile')], self.ws, sys.executable,
+      self.bin_directory, arguments=[cron_output])[0]
+    self.path_list.append(catcher)
+    cron_d = os.path.join(self.etc_directory, 'cron.d')
+    crontabs = os.path.join(self.etc_directory, 'crontabs')
+    self._createDirectory(cron_d)
+    self._createDirectory(crontabs)
+    # Use execute from erp5.
+    wrapper = zc.buildout.easy_install.scripts([('crond',
+      'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
+      self.wrapper_directory, arguments=[
+        self.options['dcrond_binary'].strip(), '-s', cron_d, '-c', crontabs,
+        '-t', timestamps, '-f', '-l', '5', '-M', catcher]
+      )[0]
+    self.path_list.append(wrapper)
+    return cron_d
+  
+  def installLogrotate(self):
+    """Installs logortate main configuration file and registers its to cron"""
+    logrotate_d = os.path.abspath(os.path.join(self.etc_directory,
+      'logrotate.d'))
+    self._createDirectory(logrotate_d)
+    logrotate_backup = self.createBackupDirectory('logrotate')
+    logrotate_conf = self.createConfigurationFile("logrotate.conf",
+        "include %s" % logrotate_d)
+    logrotate_cron = os.path.join(self.cron_d, 'logrotate')
+    state_file = os.path.join(self.data_root_directory, 'logrotate.status')
+    open(logrotate_cron, 'w').write('0 0 * * * %s -s %s %s' %
+        (self.options['logrotate_binary'], state_file, logrotate_conf))
+    self.path_list.extend([logrotate_d, logrotate_conf, logrotate_cron])
+    return logrotate_d, logrotate_backup
+
+  def registerLogRotation(self, name, log_file_list, postrotate_script):
+    """Register new log rotation requirement"""
+    open(os.path.join(self.logrotate_d, name), 'w').write(
+        self.substituteTemplate(self.getTemplateFilename(
+          'logrotate_entry.in'),
+          dict(file_list=' '.join(['"'+q+'"' for q in log_file_list]),
+            postrotate=postrotate_script, olddir=self.logrotate_backup)))
+
+  def installCertificateAuthority(self, ca_country_code='XX',
+      ca_email='xx@example.com', ca_state='State', ca_city='City',
+      ca_company='Company'):
+    backup_path = self.createBackupDirectory('ca')
+    self.ca_dir = os.path.join(self.data_root_directory, 'ca')
+    self._createDirectory(self.ca_dir)
+    self.ca_request_dir = os.path.join(self.ca_dir, 'requests')
+    self._createDirectory(self.ca_request_dir)
+    config = dict(ca_dir=self.ca_dir, request_dir=self.ca_request_dir)
+    self.ca_private = os.path.join(self.ca_dir, 'private')
+    self.ca_certs = os.path.join(self.ca_dir, 'certs')
+    self.ca_crl = os.path.join(self.ca_dir, 'crl')
+    self.ca_newcerts = os.path.join(self.ca_dir, 'newcerts')
+    self.ca_key_ext = '.key'
+    self.ca_crt_ext = '.crt'
+    for d in [self.ca_private, self.ca_crl, self.ca_newcerts, self.ca_certs]:
+      self._createDirectory(d)
+    for f in ['crlnumber', 'serial']:
+      if not os.path.exists(os.path.join(self.ca_dir, f)):
+        open(os.path.join(self.ca_dir, f), 'w').write('01')
+    if not os.path.exists(os.path.join(self.ca_dir, 'index.txt')):
+      open(os.path.join(self.ca_dir, 'index.txt'), 'w').write('')
+    openssl_configuration = os.path.join(self.ca_dir, 'openssl.cnf')
+    config.update(
+        working_directory=self.ca_dir,
+        country_code=ca_country_code,
+        state=ca_state,
+        city=ca_city,
+        company=ca_company,
+        email_address=ca_email,
+    )
+    self._writeFile(openssl_configuration, pkg_resources.resource_string(
+      __name__, 'template/openssl.cnf.ca.in') % config)
+    self.path_list.extend(zc.buildout.easy_install.scripts([
+      ('certificate_authority',
+        __name__ + '.certificate_authority', 'runCertificateAuthority')],
+        self.ws, sys.executable, self.wrapper_directory, arguments=[dict(
+          openssl_configuration=openssl_configuration,
+          openssl_binary=self.options['openssl_binary'],
+          certificate=os.path.join(self.ca_dir, 'cacert.pem'),
+          key=os.path.join(self.ca_private, 'cakey.pem'),
+          crl=os.path.join(self.ca_crl),
+          request_dir=self.ca_request_dir
+          )]))
+    # configure backup
+    backup_cron = os.path.join(self.cron_d, 'ca_rdiff_backup')
+    open(backup_cron, 'w').write(
+        '''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''%dict(
+          rdiff_backup=self.options['rdiff_backup_binary'],
+          source=self.ca_dir,
+          destination=backup_path))
+    self.path_list.append(backup_cron)
+
+    return dict(
+      ca_certificate=os.path.join(config['ca_dir'], 'cacert.pem'),
+      ca_crl=os.path.join(config['ca_dir'], 'crl'),
+      certificate_authority_path=config['ca_dir']
+    )
+
+  def requestCertificate(self, name):
+    hash = hashlib.sha512(name).hexdigest()
+    key = os.path.join(self.ca_private, hash + self.ca_key_ext)
+    certificate = os.path.join(self.ca_certs, hash + self.ca_crt_ext)
+    parser = ConfigParser.RawConfigParser()
+    parser.add_section('certificate')
+    parser.set('certificate', 'name', name)
+    parser.set('certificate', 'key_file', key)
+    parser.set('certificate', 'certificate_file', certificate)
+    parser.write(open(os.path.join(self.ca_request_dir, hash), 'w'))
+    return key, certificate
+
+  def installStunnel(self, public_ip, private_ip, public_port, private_port,
+      ca_certificate, key, ca_crl, ca_path):
+    """Installs stunnel"""
+    template_filename = self.getTemplateFilename('stunnel.conf.in')
+    log = os.path.join(self.log_directory, 'stunnel.log')
+    pid_file = os.path.join(self.run_directory, 'stunnel.pid')
+    stunnel_conf = dict(
+        public_ip=public_ip,
+        private_ip=private_ip,
+        public_port=public_port,
+        pid_file=pid_file,
+        log=log,
+        cert = ca_certificate,
+        key = key,
+        ca_crl = ca_crl,
+        ca_path = ca_path,
+        private_port = private_port,
+    )
+    stunnel_conf_path = self.createConfigurationFile("stunnel.conf",
+        self.substituteTemplate(template_filename,
+          stunnel_conf))
+    wrapper = zc.buildout.easy_install.scripts([('stunnel',
+      'slapos.recipe.librecipe.execute', 'execute_wait')], self.ws,
+      sys.executable, self.wrapper_directory, arguments=[
+        [self.options['stunnel_binary'].strip(), stunnel_conf_path],
+        [ca_certificate, key]]
+      )[0]
+    self.path_list.append(wrapper)
+
+    return stunnel_conf
+
+  def installKumo(self, ip, kumo_manager_port=13101, kumo_server_port=13201,
+      kumo_server_listen_port=13202, kumo_gateway_port=13301):
+    # XXX: kumo is not storing pid in file, unless it is not running as daemon
+    #      but running daemons is incompatible with SlapOS, so there is currently
+    #      no way to have Kumo's pid files to rotate logs and send signals to them
+    config = dict(
+      kumo_gateway_binary=self.options['kumo_gateway_binary'],
+      kumo_gateway_ip=ip,
+      kumo_gateway_log=os.path.join(self.log_directory, "kumo-gateway.log"),
+      kumo_manager_binary=self.options['kumo_manager_binary'],
+      kumo_manager_ip=ip,
+      kumo_manager_log=os.path.join(self.log_directory, "kumo-manager.log"),
+      kumo_server_binary=self.options['kumo_server_binary'],
+      kumo_server_ip=ip,
+      kumo_server_log=os.path.join(self.log_directory, "kumo-server.log"),
+      kumo_server_storage=os.path.join(self.data_root_directory, "kumodb.tch"),
+      kumo_manager_port=kumo_manager_port,
+      kumo_server_port=kumo_server_port,
+      kumo_server_listen_port=kumo_server_listen_port,
+      kumo_gateway_port=kumo_gateway_port
+    )
+
+    self.path_list.append(self.createRunningWrapper('kumo_gateway',
+      self.substituteTemplate(self.getTemplateFilename('kumo_gateway.in'),
+        config)))
+
+    self.path_list.append(self.createRunningWrapper('kumo_manager',
+      self.substituteTemplate(self.getTemplateFilename('kumo_manager.in'),
+        config)))
+
+    self.path_list.append(self.createRunningWrapper('kumo_server',
+      self.substituteTemplate(self.getTemplateFilename('kumo_server.in'),
+        config)))
+
+    return dict(
+      kumo_address = '%s:%s' % (config['kumo_gateway_ip'],
+        config['kumo_gateway_port']),
+      kumo_gateway_ip=config['kumo_gateway_ip'],
+      kumo_gateway_port=config['kumo_gateway_port'],
+    )

slapos/recipe/kumofs/certificate_authority.py

+import os
+import subprocess
+import time
+import ConfigParser
+
+
+def popenCommunicate(command_list, input=None):
+  subprocess_kw = dict(stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+  if input is not None:
+    subprocess_kw.update(stdin=subprocess.PIPE)
+  popen = subprocess.Popen(command_list, **subprocess_kw)
+  result = popen.communicate(input)[0]
+  if popen.returncode is None:
+    popen.kill()
+  if popen.returncode != 0:
+    raise ValueError('Issue during calling %r, result was:\n%s' % (
+      command_list, result))
+  return result
+
+
+class CertificateAuthority:
+  def __init__(self, key, certificate, openssl_binary,
+      openssl_configuration, request_dir):
+    self.key = key
+    self.certificate = certificate
+    self.openssl_binary = openssl_binary
+    self.openssl_configuration = openssl_configuration
+    self.request_dir = request_dir
+
+  def checkAuthority(self):
+    file_list = [ self.key, self.certificate ]
+    ca_ready = True
+    for f in file_list:
+      if not os.path.exists(f):
+        ca_ready = False
+        break
+    if ca_ready:
+      return
+    for f in file_list:
+      if os.path.exists(f):
+        os.unlink(f)
+    try:
+      # no CA, let us create new one
+      popenCommunicate([self.openssl_binary, 'req', '-nodes', '-config',
+          self.openssl_configuration, '-new', '-x509', '-extensions',
+          'v3_ca', '-keyout', self.key, '-out', self.certificate,
+          '-days', '10950'], 'Automatic Certificate Authority\n')
+    except:
+      try:
+        for f in file_list:
+          if os.path.exists(f):
+            os.unlink(f)
+      except:
+        # do not raise during cleanup
+        pass
+      raise
+
+  def _checkCertificate(self, common_name, key, certificate):
+    file_list = [key, certificate]
+    ready = True
+    for f in file_list:
+      if not os.path.exists(f):
+        ready = False
+        break
+    if ready:
+      return False
+    for f in file_list:
+      if os.path.exists(f):
+        os.unlink(f)
+    csr = certificate + '.csr'
+    try:
+      popenCommunicate([self.openssl_binary, 'req', '-config',
+        self.openssl_configuration, '-nodes', '-new', '-keyout',
+        key, '-out', csr, '-days', '3650'],
+        common_name + '\n')
+      try:
+        popenCommunicate([self.openssl_binary, 'ca', '-batch', '-config',
+          self.openssl_configuration, '-out', certificate,
+          '-infiles', csr])
+      finally:
+        if os.path.exists(csr):
+          os.unlink(csr)
+    except:
+      try:
+        for f in file_list:
+          if os.path.exists(f):
+            os.unlink(f)
+      except:
+        # do not raise during cleanup
+        pass
+      raise
+    else:
+      return True
+
+  def checkRequestDir(self):
+    for request_file in os.listdir(self.request_dir):
+      parser = ConfigParser.RawConfigParser()
+      parser.readfp(open(os.path.join(self.request_dir, request_file), 'r'))
+      if self._checkCertificate(parser.get('certificate', 'name'),
+          parser.get('certificate', 'key_file'), parser.get('certificate',
+            'certificate_file')):
+        print 'Created certificate %r' % parser.get('certificate', 'name')
+
+def runCertificateAuthority(args):
+  ca_conf = args[0]
+  ca = CertificateAuthority(ca_conf['key'], ca_conf['certificate'],
+      ca_conf['openssl_binary'], ca_conf['openssl_configuration'],
+      ca_conf['request_dir'])
+  while True:
+    ca.checkAuthority()
+    ca.checkRequestDir()
+    time.sleep(60)

slapos/recipe/kumofs/template/kumo_gateway.in

+#!/bin/sh
+exec %(kumo_gateway_binary)s -F -E -m %(kumo_manager_ip)s:%(kumo_manager_port)s -t %(kumo_gateway_ip)s:%(kumo_gateway_port)s -o %(kumo_gateway_log)s

slapos/recipe/kumofs/template/kumo_manager.in

+#!/bin/sh
+exec %(kumo_manager_binary)s -a -l %(kumo_manager_ip)s:%(kumo_manager_port)s -o %(kumo_manager_log)s

slapos/recipe/kumofs/template/kumo_server.in

+#!/bin/sh
+exec %(kumo_server_binary)s -l %(kumo_server_ip)s:%(kumo_server_port)s -L %(kumo_server_listen_port)s -m %(kumo_manager_ip)s:%(kumo_manager_port)s -s %(kumo_server_storage)s -o %(kumo_server_log)s

slapos/recipe/kumofs/template/openssl.cnf.ca.in

+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+# Policies used by the TSA examples.
+tsa_policy1 = 1.2.3.4.1
+tsa_policy2 = 1.2.3.4.5.6
+tsa_policy3 = 1.2.3.4.5.7
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= %(working_directory)s		# Where everything is kept
+certs		= $dir/certs		# Where the issued certs are kept
+crl_dir		= $dir/crl		# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+#unique_subject	= no			# Set to 'no' to allow creation of
+					# several ctificates with same subject.
+new_certs_dir	= $dir/newcerts		# default place for new certs.
+
+certificate	= $dir/cacert.pem 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crlnumber	= $dir/crlnumber	# the current crl number
+					# must be commented out to leave a V1 CRL
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/private/cakey.pem # The private key
+RANDFILE	= $dir/private/.rand	# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt 	= ca_default		# Subject Name options
+cert_opt 	= ca_default		# Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= default		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= 2048
+default_md		= sha1
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+#attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation before 2004)
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
+string_mask = utf8only
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_value		= %(country_code)s
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_value	= %(state)s
+
+localityName			= Locality Name (eg, city)
+localityName_value		= %(city)s
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_value	= %(company)s
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_value = %(email_address)s
+emailAddress_max		= 64
+
+# SET-ex3			= SET extension number 3
+
+#[ req_attributes ]
+#challengePassword		= A challenge password
+#challengePassword_min		= 4
+#challengePassword_max		= 20
+#
+#unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This is required for TSA certificates.
+# extendedKeyUsage = critical,timeStamping
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+
+####################################################################
+[ tsa ]
+
+default_tsa = tsa_config1	# the default TSA section
+
+[ tsa_config1 ]
+
+# These are used by the TSA reply generation only.
+dir		= /etc/pki/tls		# TSA root directory
+serial		= $dir/tsaserial	# The current serial number (mandatory)
+crypto_device	= builtin		# OpenSSL engine to use for signing
+signer_cert	= $dir/tsacert.pem 	# The TSA signing certificate
+					# (optional)
+certs		= $dir/cacert.pem	# Certificate chain to include in reply
+					# (optional)
+signer_key	= $dir/private/tsakey.pem # The TSA private key (optional)
+
+default_policy	= tsa_policy1		# Policy if request did not specify it
+					# (optional)
+other_policies	= tsa_policy2, tsa_policy3	# acceptable policies (optional)
+digests		= md5, sha1		# Acceptable message digests (mandatory)
+accuracy	= secs:1, millisecs:500, microsecs:100	# (optional)
+clock_precision_digits  = 0	# number of digits after dot. (optional)
+ordering		= yes	# Is ordering defined for timestamps?
+				# (optional, default: no)
+tsa_name		= yes	# Must the TSA name be included in the reply?
+				# (optional, default: no)
+ess_cert_id_chain	= no	# Must the ESS cert id chain be included?
+				# (optional, default: no)

slapos/recipe/kumofs/template/stunnel.conf.in

+foreground = yes
+output = %(log)s
+pid = %(pid_file)s
+syslog = no
+CApath = %(ca_path)s
+key = %(key)s
+CRLpath = %(ca_crl)s
+cert = %(cert)s
+
+[service]
+accept = %(public_ip)s:%(public_port)s
+connect = %(private_ip)s:%(private_port)s

slapos/recipe/kvm/__init__.py

@@ -30,113 +30,291 @@ from slapos.recipe.librecipe import BaseSlapRecipe
 import subprocess
 import binascii
 import random
-
+import zc.buildout
 import pkg_resources
-
+import ConfigParser
+import hashlib
 
 class Recipe(BaseSlapRecipe):
 
   def _install(self):
+    """
+    Set the connection dictionnary for the computer partition and create a list
+    of paths to the different wrappers
+
+    Parameters : none
+
+    Returns    : List path_list
+    """
+    self.path_list = []
+
+    self.requirements, self.ws           = self.egg.working_set()
+    self.cron_d                          = self.installCrond()    
+
+    self.ca_conf                         = self.installCertificateAuthority()
+    self.key_path, self.certificate_path = self.requestCertificate('noVNC')
+     
+    kvm_conf = self.installKvm(vnc_ip = self.getLocalIPv4Address())
+    
+    vnc_port = 5900 + kvm_conf['vnc_display']
+    
+    noVNC_conf = self.installNoVnc(source_ip   = self.getGlobalIPv6Address(),
+                                   source_port = 6080,
+                                   target_ip   = kvm_conf['vnc_ip'],
+                                   target_port = vnc_port,
+                                   python_path = kvm_conf['python_path'])
+    
+    self.linkBinary()
+    self.computer_partition.setConnectionDict(dict(
+        url = "https://[%s]:%s/vnc.html?host=[%s]&port=%s&encrypt=1" % (noVNC_conf['source_ip'],
+                                                     noVNC_conf['source_port'],
+                                                     noVNC_conf['source_ip'],
+                                                     noVNC_conf['source_port']
+                                                     ), 
+        password = kvm_conf['vnc_passwd']))
+    
+    return self.path_list
 
-    #Get the IP list
+  def installKvm(self, vnc_ip):
+    """
+    Create kvm configuration dictionnary and instanciate a wrapper for kvm and 
+    kvm controller 
+
+    Parameters : IP the vnc server is listening on
+
+    Returns    : Dictionnary kvm_conf
+    """
+    kvm_conf = dict(vnc_ip = vnc_ip)
+    
     connection_found = False
-    ip = self.getGlobalIPv6Address()
-    for tap, dummy in self.parameter_dict['ip_list']:
+    for tap_interface, dummy in self.parameter_dict['ip_list']:
       # Get an ip associated to a tap interface
-      if tap:
+      if tap_interface:
         connection_found = True
     if not connection_found:
       raise NotImplementedError("Do not support ip without tap interface")
 
+    kvm_conf['tap_interface'] = tap_interface
+    
     # Disk path
-    disk_path = os.path.join(self.data_root_directory, 'virtual.qcow2')
-    socket_path = os.path.join(self.var_directory, 'qmp_socket')
+    kvm_conf['disk_path'] = os.path.join(self.data_root_directory,
+        'virtual.qcow2')
+    kvm_conf['socket_path'] = os.path.join(self.var_directory, 'qmp_socket')
     # XXX Weak password
-    vnc_passwd = binascii.hexlify(os.urandom(4))
+    ##XXX -Vivien: add an option to generate one password for all instances 
+    # and/or to input it yourself
+    kvm_conf['vnc_passwd'] = binascii.hexlify(os.urandom(4))
 
-    #XXX pid_file path, database_path and xml path
-    pid_file_path = os.path.join(self.run_directory, 'pid_file')
-    database_path = os.path.join(self.data_root_directory, 'slapmonitor_database')
+    #XXX pid_file path, database_path, path to python binary and xml path
+    kvm_conf['pid_file_path'] = os.path.join(self.run_directory, 'pid_file')
+    kvm_conf['database_path'] = os.path.join(self.data_root_directory,
+        'slapmonitor_database')
+    kvm_conf['python_path']   = sys.executable
+    kvm_conf['qemu_path']     = self.options['qemu_path']
     #xml_path = os.path.join(self.var_directory, 'slapreport.xml' )
 
     # Create disk if needed
-    if not os.path.exists(disk_path):
+    if not os.path.exists(kvm_conf['disk_path']):
       retcode = subprocess.call(["%s create -f qcow2 %s %iG" % (
-          self.options['qemu_img_path'], disk_path,
+          self.options['qemu_img_path'], kvm_conf['disk_path'],
           int(self.options['disk_size']))], shell=True)
       if retcode != 0:
         raise OSError, "Disk creation failed!"
-
-    # Instanciate KVM
-    kvm_config = {}
+    
     # Options nbd_ip and nbd_port are provided by slapos master
-    kvm_config.update(self.options)
-    #raise NotImplementedError("%s" % self.parameter_dict)
-    kvm_config['vnc_ip'] = ip
-    kvm_config['tap_interface'] = tap
-    kvm_config['nbd_ip'] = self.parameter_dict['nbd_ip']
-    kvm_config['nbd_port'] = self.parameter_dict['nbd_port']
-    #XXX
-    kvm_config['pid_file'] = pid_file_path 
-    kvm_config['image'] = disk_path
+    kvm_conf['nbd_ip']   = self.parameter_dict['nbd_ip']
+    kvm_conf['nbd_port'] = self.parameter_dict['nbd_port']
+
     # First octet has to represent a locally administered address
-    octet_list = [254] + [random.randint(0x00, 0xff) for x in range(5)]
-    kvm_config['mac_address'] = ':'.join(['%02x' % x for x in octet_list])
-    kvm_config['qmp_socket'] = socket_path
-    kvm_config['hostname'] = "slaposkvm"
+    octet_list         = [254] + [random.randint(0x00, 0xff) for x in range(5)]
+    kvm_conf['mac_address'] = ':'.join(['%02x' % x for x in octet_list])
 
-    kvm_wrapper_template_location = pkg_resources.resource_filename(
-                                             __name__, os.path.join(
-                                             'template', 'kvm_run.in'))
-    kvm_runner_path = self.createRunningWrapper("kvm",
-          self.substituteTemplate(kvm_wrapper_template_location, kvm_config))
+    kvm_conf['hostname']    = "slaposkvm"
+    kvm_conf['smp_count']   = self.options['smp_count']
+    kvm_conf['ram_size']    = self.options['ram_size']
 
+    kvm_conf['vnc_display'] = 1
+    
+    # Instanciate KVM
+    kvm_template_location = pkg_resources.resource_filename(          
+                                             __name__, os.path.join(         
+                                             'template', 'kvm_run.in'))     
+    
+    kvm_runner_path = self.createRunningWrapper("kvm",                        
+          self.substituteTemplate(kvm_template_location,
+                                  kvm_conf))
+   
+    self.path_list.append(kvm_runner_path)
 
     # Instanciate KVM controller
-    controller_config = {}
-    # Options nbd_ip and nbd_port are provided by slapos master
-    controller_config.update(self.options)
-    controller_config['qmp_socket'] = socket_path
-    controller_config['vnc_passwd'] = vnc_passwd
-    controller_config['python_path'] = sys.executable
-
-    controller_wrapper_template_location = pkg_resources.resource_filename(
-                                             __name__, os.path.join(
-                                             'template', 'kvm_controller_run.in'))
-    controller_runner_path = self.createRunningWrapper("kvm_controller",
-          self.substituteTemplate(controller_wrapper_template_location, controller_config))
-
-    #XXX Instanciate Slapmonitor
-    slapmonitor_config={}
-    slapmonitor_config.update(self.options)
-    slapmonitor_config['database_path'] = database_path 
-    slapmonitor_config['pid_file'] = pid_file_path
-    slapmonitor_config['python_path'] = sys.executable
-    slapmonitor_wrapper_template_location = pkg_resources.resource_filename(
-                                             __name__, os.path.join(
-                                             'template', 'slapmonitor_run.in'))
-    slapmonitor_runner_path = self.createRunningWrapper("slapmonitor",
-          self.substituteTemplate(slapmonitor_wrapper_template_location, slapmonitor_config))
-
-
-    #XXX Instanciate Slapreport
-    slapreport_config={}
-    slapreport_config.update(self.options)
-    slapreport_config['database_path'] = database_path 
-    slapreport_config['python_path'] = sys.executable
-    slapreport_wrapper_template_location = pkg_resources.resource_filename(
-                                             __name__, os.path.join(
-                                             'template', 'slapreport_run.in'))
-    slapreport_runner_path = self.createReportRunningWrapper(self.substituteTemplate(
-                      slapreport_wrapper_template_location, slapreport_config))
+    kvm_controller_template_location = pkg_resources.resource_filename(          
+                                             __name__, os.path.join(         
+                                             'template',
+                                             'kvm_controller_run.in' ))     
     
+    kvm_controller_runner_path = self.createRunningWrapper("kvm_controller",                        
+          self.substituteTemplate(kvm_controller_template_location,
+                                  kvm_conf))
+   
+    self.path_list.append(kvm_controller_runner_path)
+   
+    # Instanciate Slapmonitor
+    ##slapmonitor_runner_path = self.instanciate_wrapper("slapmonitor",
+    #    [database_path, pid_file_path, python_path])
+    # Instanciate Slapreport
+    ##slapreport_runner_path = self.instanciate_wrapper("slapreport",
+    #    [database_path, python_path])
+    
+    return kvm_conf
 
+  def installNoVnc(self, source_ip, source_port, target_ip, target_port, 
+                   python_path):
+    """
+    Create noVNC configuration dictionnary and instanciate Websockify proxy
 
+    Parameters : IP of the proxy, port on which is situated the proxy,
+                 IP of the vnc server, port on which is situated the vnc server,
+                 path to python binary
 
-    self.computer_partition.setConnectionDict(dict(
-      vnc_connection_string="vnc://[%s]:1" % ip,
-      vnc_password=vnc_passwd,
-    ))
+    Returns    : noVNC configuration dictionnary
+    """
+
+    noVNC_conf = {}
+   
+    noVNC_conf['source_ip']   = source_ip                                          
+    noVNC_conf['source_port'] = source_port
+    
+    # Instanciate Websockify
+    websockify_runner_path = zc.buildout.easy_install.scripts([('websockify',
+      'slapos.recipe.librecipe.execute', 'execute_wait')], self.ws,
+      sys.executable, self.wrapper_directory, arguments=[
+        [python_path.strip(),
+         self.options['websockify_path'],
+         '--web',
+         self.options['noVNC_location'],
+         '--key=%s' % (self.key_path),
+         '--cert=%s' % (self.certificate_path),
+         '--ssl-only',
+         '%s:%s' % (source_ip, source_port),
+         '%s:%s' % (target_ip, target_port)],
+        [self.certificate_path, self.key_path]]
+       )[0]
+    
+    self.path_list.append(websockify_runner_path)
+  
+    return noVNC_conf
 
-    return [kvm_runner_path, controller_runner_path]
+  def linkBinary(self):
+    """Links binaries to instance's bin directory for easier exposal"""
+    for linkline in self.options.get('link_binary_list', '').splitlines():
+      if not linkline:
+        continue
+      target = linkline.split()
+      if len(target) == 1:
+        target = target[0]
+        path, linkname = os.path.split(target)
+      else:
+        linkname = target[1]
+        target = target[0]
+      link = os.path.join(self.bin_directory, linkname)
+      if os.path.lexists(link):
+        if not os.path.islink(link):
+          raise zc.buildout.UserError(
+              'Target link already %r exists but it is not link' % link)
+        os.unlink(link)
+      os.symlink(target, link)
+      self.logger.debug('Created link %r -> %r' % (link, target))
+      self.path_list.append(link)
+      
+  def installCertificateAuthority(self, ca_country_code='XX',
+      ca_email='xx@example.com', ca_state='State', ca_city='City',
+      ca_company='Company'):
+    backup_path = self.createBackupDirectory('ca')
+    self.ca_dir = os.path.join(self.data_root_directory, 'ca')
+    self._createDirectory(self.ca_dir)
+    self.ca_request_dir = os.path.join(self.ca_dir, 'requests')
+    self._createDirectory(self.ca_request_dir)
+    config = dict(ca_dir=self.ca_dir, request_dir=self.ca_request_dir)
+    self.ca_private = os.path.join(self.ca_dir, 'private')
+    self.ca_certs = os.path.join(self.ca_dir, 'certs')
+    self.ca_crl = os.path.join(self.ca_dir, 'crl')
+    self.ca_newcerts = os.path.join(self.ca_dir, 'newcerts')
+    self.ca_key_ext = '.key'
+    self.ca_crt_ext = '.crt'
+    for d in [self.ca_private, self.ca_crl, self.ca_newcerts, self.ca_certs]:
+      self._createDirectory(d)
+    for f in ['crlnumber', 'serial']:
+      if not os.path.exists(os.path.join(self.ca_dir, f)):
+        open(os.path.join(self.ca_dir, f), 'w').write('01')
+    if not os.path.exists(os.path.join(self.ca_dir, 'index.txt')):
+      open(os.path.join(self.ca_dir, 'index.txt'), 'w').write('')
+    openssl_configuration = os.path.join(self.ca_dir, 'openssl.cnf')
+    config.update(
+        working_directory=self.ca_dir,
+        country_code=ca_country_code,
+        state=ca_state,
+        city=ca_city,
+        company=ca_company,
+        email_address=ca_email,
+    )
+    self._writeFile(openssl_configuration, pkg_resources.resource_string(
+      __name__, 'template/openssl.cnf.ca.in') % config)
+    self.path_list.extend(zc.buildout.easy_install.scripts([
+      ('certificate_authority',
+        __name__ + '.certificate_authority', 'runCertificateAuthority')],
+        self.ws, sys.executable, self.wrapper_directory, arguments=[dict(
+          openssl_configuration=openssl_configuration,
+          openssl_binary=self.options['openssl_binary'],
+          certificate=os.path.join(self.ca_dir, 'cacert.pem'),
+          key=os.path.join(self.ca_private, 'cakey.pem'),
+          crl=os.path.join(self.ca_crl),
+          request_dir=self.ca_request_dir
+          )]))
+    # configure backup
+    backup_cron = os.path.join(self.cron_d, 'ca_rdiff_backup')
+    open(backup_cron, 'w').write(
+        '''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''%dict(
+          rdiff_backup=self.options['rdiff_backup_binary'],
+          source=self.ca_dir,
+          destination=backup_path))
+    self.path_list.append(backup_cron)
 
+    return dict(
+      ca_certificate=os.path.join(config['ca_dir'], 'cacert.pem'),
+      ca_crl=os.path.join(config['ca_dir'], 'crl'),
+      certificate_authority_path=config['ca_dir']
+    )
+  
+  def requestCertificate(self, name):
+    hash = hashlib.sha512(name).hexdigest()
+    key = os.path.join(self.ca_private, hash + self.ca_key_ext)
+    certificate = os.path.join(self.ca_certs, hash + self.ca_crt_ext)
+    parser = ConfigParser.RawConfigParser()
+    parser.add_section('certificate')
+    parser.set('certificate', 'name', name)
+    parser.set('certificate', 'key_file', key)
+    parser.set('certificate', 'certificate_file', certificate)
+    parser.write(open(os.path.join(self.ca_request_dir, hash), 'w'))
+    return key, certificate
+  
+  def installCrond(self):
+    timestamps = self.createDataDirectory('cronstamps')
+    cron_output = os.path.join(self.log_directory, 'cron-output')
+    self._createDirectory(cron_output)
+    catcher = zc.buildout.easy_install.scripts([('catchcron',
+      __name__ + '.catdatefile', 'catdatefile')], self.ws, sys.executable,
+      self.bin_directory, arguments=[cron_output])[0]
+    self.path_list.append(catcher)
+    cron_d = os.path.join(self.etc_directory, 'cron.d')
+    crontabs = os.path.join(self.etc_directory, 'crontabs')
+    self._createDirectory(cron_d)
+    self._createDirectory(crontabs)
+    # Use execute from erp5.
+    wrapper = zc.buildout.easy_install.scripts([('crond',
+      'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
+      self.wrapper_directory, arguments=[
+        self.options['dcrond_binary'].strip(), '-s', cron_d, '-c', crontabs,
+        '-t', timestamps, '-f', '-l', '5', '-M', catcher]
+      )[0]
+    self.path_list.append(wrapper)
+    return cron_d

slapos/recipe/kvm/certificate_authority.py

+import os
+import subprocess
+import time
+import ConfigParser
+
+
+def popenCommunicate(command_list, input=None):
+  subprocess_kw = dict(stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+  if input is not None:
+    subprocess_kw.update(stdin=subprocess.PIPE)
+  popen = subprocess.Popen(command_list, **subprocess_kw)
+  result = popen.communicate(input)[0]
+  if popen.returncode is None:
+    popen.kill()
+  if popen.returncode != 0:
+    raise ValueError('Issue during calling %r, result was:\n%s' % (
+      command_list, result))
+  return result
+
+
+class CertificateAuthority:
+  def __init__(self, key, certificate, openssl_binary,
+      openssl_configuration, request_dir):
+    self.key = key
+    self.certificate = certificate
+    self.openssl_binary = openssl_binary
+    self.openssl_configuration = openssl_configuration
+    self.request_dir = request_dir
+
+  def checkAuthority(self):
+    file_list = [ self.key, self.certificate ]
+    ca_ready = True
+    for f in file_list:
+      if not os.path.exists(f):
+        ca_ready = False
+        break
+    if ca_ready:
+      return
+    for f in file_list:
+      if os.path.exists(f):
+        os.unlink(f)
+    try:
+      # no CA, let us create new one
+      popenCommunicate([self.openssl_binary, 'req', '-nodes', '-config',
+          self.openssl_configuration, '-new', '-x509', '-extensions',
+          'v3_ca', '-keyout', self.key, '-out', self.certificate,
+          '-days', '10950'], 'Automatic Certificate Authority\n')
+    except:
+      try:
+        for f in file_list:
+          if os.path.exists(f):
+            os.unlink(f)
+      except:
+        # do not raise during cleanup
+        pass
+      raise
+
+  def _checkCertificate(self, common_name, key, certificate):
+    file_list = [key, certificate]
+    ready = True
+    for f in file_list:
+      if not os.path.exists(f):
+        ready = False
+        break
+    if ready:
+      return False
+    for f in file_list:
+      if os.path.exists(f):
+        os.unlink(f)
+    csr = certificate + '.csr'
+    try:
+      popenCommunicate([self.openssl_binary, 'req', '-config',
+        self.openssl_configuration, '-nodes', '-new', '-keyout',
+        key, '-out', csr, '-days', '3650'],
+        common_name + '\n')
+      try:
+        popenCommunicate([self.openssl_binary, 'ca', '-batch', '-config',
+          self.openssl_configuration, '-out', certificate,
+          '-infiles', csr])
+      finally:
+        if os.path.exists(csr):
+          os.unlink(csr)
+    except:
+      try:
+        for f in file_list:
+          if os.path.exists(f):
+            os.unlink(f)
+      except:
+        # do not raise during cleanup
+        pass
+      raise
+    else:
+      return True
+
+  def checkRequestDir(self):
+    for request_file in os.listdir(self.request_dir):
+      parser = ConfigParser.RawConfigParser()
+      parser.readfp(open(os.path.join(self.request_dir, request_file), 'r'))
+      if self._checkCertificate(parser.get('certificate', 'name'),
+          parser.get('certificate', 'key_file'), parser.get('certificate',
+            'certificate_file')):
+        print 'Created certificate %r' % parser.get('certificate', 'name')
+
+def runCertificateAuthority(args):
+  ca_conf = args[0]
+  ca = CertificateAuthority(ca_conf['key'], ca_conf['certificate'],
+      ca_conf['openssl_binary'], ca_conf['openssl_configuration'],
+      ca_conf['request_dir'])
+  while True:
+    ca.checkAuthority()
+    ca.checkRequestDir()
+    time.sleep(60)

slapos/recipe/kvm/template/kvm_controller_run.in

@@ -11,7 +11,7 @@ so = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
 connected = False
 while not connected:
   try:
-    so.connect('%(qmp_socket)s')
+    so.connect('%(socket_path)s')
   except socket.error:
     time.sleep(1)
   else:

slapos/recipe/kvm/template/kvm_run.in

@@ -10,8 +10,8 @@ exec %(qemu_path)s \
   -smp %(smp_count)s \
   -m %(ram_size)s \
   -cdrom nbd:[%(nbd_ip)s]:%(nbd_port)s \
-  -drive file=%(image)s,if=virtio,boot=on \
-  -vnc [%(vnc_ip)s]:1,ipv6,tls,password \
+  -drive file=%(disk_path)s,if=virtio,boot=on \
+  -vnc %(vnc_ip)s:1,ipv4,password \
   -boot menu=on \
-  -qmp unix:%(qmp_socket)s,server \
-  -pidfile %(pid_file)s
+  -qmp unix:%(socket_path)s,server \
+  -pidfile %(pid_file_path)s

slapos/recipe/kvm/template/openssl.cnf.ca.in

+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		  = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file      		  = $ENV::HOME/.oid
+oid_section		    = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions	     	= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+# Policies used by the TSA examples.
+tsa_policy1 = 1.2.3.4.1
+tsa_policy2 = 1.2.3.4.5.6
+tsa_policy3 = 1.2.3.4.5.7
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= %(working_directory)s		# Where everything is kept
+certs		= $dir/certs			  # Where the issued certs are kept
+crl_dir		= $dir/crl			    # Where the issued crl are kept
+database	= $dir/index.txt		    # database index file.
+#unique_subject	= no			      	       # Set to 'no' to allow creation of
+		      					       	     # several ctificates with same subject.
+new_certs_dir	= $dir/newcerts	       # default place for new certs.
+
+certificate	= $dir/cacert.pem 	       # The CA certificate
+serial		= $dir/serial 	       	 # The current serial number
+crlnumber	= $dir/crlnumber		 # the current crl number
+				       # must be commented out to leave a V1 CRL
+crl		= $dir/crl.pem        # The current CRL
+private_key	= $dir/private/cakey.pem # The private key
+RANDFILE	= $dir/private/.rand	  # private random number file
+
+x509_extensions	= usr_cert		    # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt      = ca_default		# Subject Name options
+cert_opt      = ca_default		  # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days	 = 3650			# how long to certify for
+default_crl_days = 30			      # how long before next CRL
+default_md	 = default		      	# use public key default MD
+preserve	 = no				      # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy	       	      = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName	= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= 2048
+default_md		= sha1
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+#attributes		= req_attributes
+x509_extensions		= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	    : PrintableString, BMPString (PKIX recommendation before 2004)
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
+string_mask = utf8only
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName				= Country Name (2 letter code)
+countryName_value			= %(country_code)s
+countryName_min				= 2
+countryName_max				= 2
+
+stateOrProvinceName			= State or Province Name (full name)
+stateOrProvinceName_value		= %(state)s
+
+localityName				= Locality Name (eg, city)
+localityName_value			= %(city)s
+
+0.organizationName			= Organization Name (eg, company)
+0.organizationName_value		= %(company)s
+
+# we can do this but it is not needed normally :-)
+#1.organizationName  	= Second Organization Name (eg, company)
+#1.organizationName_default	 = World Wide Web Pty Ltd
+
+commonName	   = Common Name (eg, your name or your server\'s hostname)
+commonName_max	   = 64
+
+emailAddress	   = Email Address
+emailAddress_value = %(email_address)s
+emailAddress_max   = 64
+
+# SET-ex3	   = SET extension number 3
+
+#[ req_attributes ]
+#challengePassword	= A challenge password
+#challengePassword_min	= 4
+#challengePassword_max	= 20
+#
+#unstructuredName	= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType 	    = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment      		 = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This is required for TSA certificates.
+# extendedKeyUsage = critical,timeStamping
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType 	    = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment      		 = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+
+####################################################################
+[ tsa ]
+
+default_tsa = tsa_config1	# the default TSA section
+
+[ tsa_config1 ]
+
+# These are used by the TSA reply generation only.
+dir	                = /etc/pki/tls  	  # TSA root directory
+serial	                = $dir/tsaserial	  # The current serial number (mandatory)
+crypto_device           = builtin		    # OpenSSL engine to use for signing
+signer_cert             = $dir/tsacert.pem    # The TSA signing certificate
+	      		      	  # (optional)
+certs	                = $dir/cacert.pem	# Certificate chain to include in reply
+		  	      # (optional)
+signer_key              = $dir/private/tsakey.pem # The TSA private key (optional)
+
+default_policy          = tsa_policy1		  # Policy if request did not specify it
+					    	   # (optional)
+other_policies          = tsa_policy2, tsa_policy3 # acceptable policies (optional)
+digests	                = md5, sha1  	      # Acceptable message digests (mandatory)
+accuracy                = secs:1, millisecs:500, microsecs:100	   # (optional)
+clock_precision_digits  = 0	    # number of digits after dot. (optional)
+ordering		= yes	    # Is ordering defined for timestamps?
+			  	       # (optional, default: no)
+tsa_name		= yes	    # Must the TSA name be included in the reply?
+			  	      # (optional, default: no)
+ess_cert_id_chain	= no	   # Must the ESS cert id chain be included?
+				     # (optional, default: no)

slapos/recipe/kvm/template/slapmonitor_run.in

 #!/bin/sh
 # BEWARE: This file is operated by slapgrid
 # BEWARE: It will be overwritten automatically
-exec %(python_path)s %(slapmonitor_path)s %(pid_file)s %(database_path)s
+exec %(python_path)s %(slapmonitor_path)s %(pid_file_path)s %(database_path)s

slapos/recipe/erp5/execute.py → slapos/recipe/librecipe/execute.py

@@ -10,6 +10,23 @@ def execute(args):
   # Note: Candidate for slapos.lib.recipe
   os.execv(args[0], args + sys.argv[1:])
 
+def execute_wait(args):
+  """Execution but after all files in args[1] exists"""
+  exec_list = list(args[0])
+  file_list = list(args[1])
+  sleep = 60
+  while True:
+    ready = True
+    for f in file_list:
+      if not os.path.exists(f):
+        print 'File %r does not exists, sleeping for %s' % (f, sleep)
+        ready = False
+    if ready:
+      break
+    time.sleep(sleep)
+  os.execv(exec_list[0], exec_list + sys.argv[1:])
+
+
 child_pg = None
 
 

slapos/recipe/memcached/__init__.py

+##############################################################################
+#
+# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+from slapos.recipe.librecipe import BaseSlapRecipe
+import hashlib
+import os
+import pkg_resources
+import sys
+import zc.buildout
+import ConfigParser
+
+class Recipe(BaseSlapRecipe):
+  def getTemplateFilename(self, template_name):
+    return pkg_resources.resource_filename(__name__,
+        'template/%s' % template_name)
+
+  def _install(self):
+    self.path_list = []
+    self.requirements, self.ws = self.egg.working_set()
+    # XXX-Cedric : add logrotate?
+    self.cron_d = self.installCrond()
+    memcached_conf = self.installMemcached(ip=self.getLocalIPv4Address(),
+        port=11000)
+        
+    ca_conf = self.installCertificateAuthority()
+    key, certificate = self.requestCertificate('Memcached')
+
+    stunnel_conf = self.installStunnel(self.getGlobalIPv6Address(),
+        self.getLocalIPv4Address(), 12345, memcached_conf['memcached_port'],
+        certificate, key, ca_conf['ca_crl'],
+        ca_conf['certificate_authority_path'])
+    
+    self.linkBinary()
+    self.setConnectionDict(dict(
+      stunnel_ip = stunnel_conf['public_ip'],
+      stunnel_port = stunnel_conf['public_port'],
+    ))
+    return self.path_list
+
+  def linkBinary(self):
+    """Links binaries to instance's bin directory for easier exposal"""
+    for linkline in self.options.get('link_binary_list', '').splitlines():
+      if not linkline:
+        continue
+      target = linkline.split()
+      if len(target) == 1:
+        target = target[0]
+        path, linkname = os.path.split(target)
+      else:
+        linkname = target[1]
+        target = target[0]
+      link = os.path.join(self.bin_directory, linkname)
+      if os.path.lexists(link):
+        if not os.path.islink(link):
+          raise zc.buildout.UserError(
+              'Target link already %r exists but it is not link' % link)
+        os.unlink(link)
+      os.symlink(target, link)
+      self.logger.debug('Created link %r -> %r' % (link, target))
+      self.path_list.append(link)
+  
+  def installCrond(self):
+    timestamps = self.createDataDirectory('cronstamps')
+    cron_output = os.path.join(self.log_directory, 'cron-output')
+    self._createDirectory(cron_output)
+    catcher = zc.buildout.easy_install.scripts([('catchcron',
+      __name__ + '.catdatefile', 'catdatefile')], self.ws, sys.executable,
+      self.bin_directory, arguments=[cron_output])[0]
+    self.path_list.append(catcher)
+    cron_d = os.path.join(self.etc_directory, 'cron.d')
+    crontabs = os.path.join(self.etc_directory, 'crontabs')
+    self._createDirectory(cron_d)
+    self._createDirectory(crontabs)
+    # Use execute from erp5.
+    wrapper = zc.buildout.easy_install.scripts([('crond',
+      'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
+      self.wrapper_directory, arguments=[
+        self.options['dcrond_binary'].strip(), '-s', cron_d, '-c', crontabs,
+        '-t', timestamps, '-f', '-l', '5', '-M', catcher]
+      )[0]
+    self.path_list.append(wrapper)
+    return cron_d
+  
+  def installLogrotate(self):
+    """Installs logortate main configuration file and registers its to cron"""
+    logrotate_d = os.path.abspath(os.path.join(self.etc_directory,
+      'logrotate.d'))
+    self._createDirectory(logrotate_d)
+    logrotate_backup = self.createBackupDirectory('logrotate')
+    logrotate_conf = self.createConfigurationFile("logrotate.conf",
+        "include %s" % logrotate_d)
+    logrotate_cron = os.path.join(self.cron_d, 'logrotate')
+    state_file = os.path.join(self.data_root_directory, 'logrotate.status')
+    open(logrotate_cron, 'w').write('0 0 * * * %s -s %s %s' %
+        (self.options['logrotate_binary'], state_file, logrotate_conf))
+    self.path_list.extend([logrotate_d, logrotate_conf, logrotate_cron])
+    return logrotate_d, logrotate_backup
+
+  def registerLogRotation(self, name, log_file_list, postrotate_script):
+    """Register new log rotation requirement"""
+    open(os.path.join(self.logrotate_d, name), 'w').write(
+        self.substituteTemplate(self.getTemplateFilename(
+          'logrotate_entry.in'),
+          dict(file_list=' '.join(['"'+q+'"' for q in log_file_list]),
+            postrotate=postrotate_script, olddir=self.logrotate_backup)))
+
+  def installCertificateAuthority(self, ca_country_code='XX',
+      ca_email='xx@example.com', ca_state='State', ca_city='City',
+      ca_company='Company'):
+    backup_path = self.createBackupDirectory('ca')
+    self.ca_dir = os.path.join(self.data_root_directory, 'ca')
+    self._createDirectory(self.ca_dir)
+    self.ca_request_dir = os.path.join(self.ca_dir, 'requests')
+    self._createDirectory(self.ca_request_dir)
+    config = dict(ca_dir=self.ca_dir, request_dir=self.ca_request_dir)
+    self.ca_private = os.path.join(self.ca_dir, 'private')
+    self.ca_certs = os.path.join(self.ca_dir, 'certs')
+    self.ca_crl = os.path.join(self.ca_dir, 'crl')
+    self.ca_newcerts = os.path.join(self.ca_dir, 'newcerts')
+    self.ca_key_ext = '.key'
+    self.ca_crt_ext = '.crt'
+    for d in [self.ca_private, self.ca_crl, self.ca_newcerts, self.ca_certs]:
+      self._createDirectory(d)
+    for f in ['crlnumber', 'serial']:
+      if not os.path.exists(os.path.join(self.ca_dir, f)):
+        open(os.path.join(self.ca_dir, f), 'w').write('01')
+    if not os.path.exists(os.path.join(self.ca_dir, 'index.txt')):
+      open(os.path.join(self.ca_dir, 'index.txt'), 'w').write('')
+    openssl_configuration = os.path.join(self.ca_dir, 'openssl.cnf')
+    config.update(
+        working_directory=self.ca_dir,
+        country_code=ca_country_code,
+        state=ca_state,
+        city=ca_city,
+        company=ca_company,
+        email_address=ca_email,
+    )
+    self._writeFile(openssl_configuration, pkg_resources.resource_string(
+      __name__, 'template/openssl.cnf.ca.in') % config)
+    self.path_list.extend(zc.buildout.easy_install.scripts([
+      ('certificate_authority',
+        __name__ + '.certificate_authority', 'runCertificateAuthority')],
+        self.ws, sys.executable, self.wrapper_directory, arguments=[dict(
+          openssl_configuration=openssl_configuration,
+          openssl_binary=self.options['openssl_binary'],
+          certificate=os.path.join(self.ca_dir, 'cacert.pem'),
+          key=os.path.join(self.ca_private, 'cakey.pem'),
+          crl=os.path.join(self.ca_crl),
+          request_dir=self.ca_request_dir
+          )]))
+    # configure backup
+    backup_cron = os.path.join(self.cron_d, 'ca_rdiff_backup')
+    open(backup_cron, 'w').write(
+        '''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''%dict(
+          rdiff_backup=self.options['rdiff_backup_binary'],
+          source=self.ca_dir,
+          destination=backup_path))
+    self.path_list.append(backup_cron)
+
+    return dict(
+      ca_certificate=os.path.join(config['ca_dir'], 'cacert.pem'),
+      ca_crl=os.path.join(config['ca_dir'], 'crl'),
+      certificate_authority_path=config['ca_dir']
+    )
+
+  def requestCertificate(self, name):
+    hash = hashlib.sha512(name).hexdigest()
+    key = os.path.join(self.ca_private, hash + self.ca_key_ext)
+    certificate = os.path.join(self.ca_certs, hash + self.ca_crt_ext)
+    parser = ConfigParser.RawConfigParser()
+    parser.add_section('certificate')
+    parser.set('certificate', 'name', name)
+    parser.set('certificate', 'key_file', key)
+    parser.set('certificate', 'certificate_file', certificate)
+    parser.write(open(os.path.join(self.ca_request_dir, hash), 'w'))
+    return key, certificate
+
+  def installStunnel(self, public_ip, private_ip, public_port, private_port,
+      ca_certificate, key, ca_crl, ca_path):
+    """Installs stunnel"""
+    template_filename = self.getTemplateFilename('stunnel.conf.in')
+    log = os.path.join(self.log_directory, 'stunnel.log')
+    pid_file = os.path.join(self.run_directory, 'stunnel.pid')
+    stunnel_conf = dict(
+        public_ip=public_ip,
+        private_ip=private_ip,
+        public_port=public_port,
+        pid_file=pid_file,
+        log=log,
+        cert = ca_certificate,
+        key = key,
+        ca_crl = ca_crl,
+        ca_path = ca_path,
+        private_port = private_port,
+    )
+    stunnel_conf_path = self.createConfigurationFile("stunnel.conf",
+        self.substituteTemplate(template_filename,
+          stunnel_conf))
+    wrapper = zc.buildout.easy_install.scripts([('stunnel',
+      'slapos.recipe.librecipe.execute', 'execute_wait')], self.ws,
+      sys.executable, self.wrapper_directory, arguments=[
+        [self.options['stunnel_binary'].strip(), stunnel_conf_path],
+        [ca_certificate, key]]
+      )[0]
+    self.path_list.append(wrapper)
+    return stunnel_conf
+
+  def installMemcached(self, ip, port):
+    config = dict(
+        memcached_binary=self.options['memcached_binary'],
+        memcached_ip=ip,
+        memcached_port=port,
+    )
+    self.path_list.append(self.createRunningWrapper('memcached',
+      self.substituteTemplate(self.getTemplateFilename('memcached.in'),
+        config)))
+    return dict(memcached_url='%s:%s' %
+        (config['memcached_ip'], config['memcached_port']),
+        memcached_ip=config['memcached_ip'],
+        memcached_port=config['memcached_port'])

slapos/recipe/memcached/certificate_authority.py

+import os
+import subprocess
+import time
+import ConfigParser
+
+
+def popenCommunicate(command_list, input=None):
+  subprocess_kw = dict(stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+  if input is not None:
+    subprocess_kw.update(stdin=subprocess.PIPE)
+  popen = subprocess.Popen(command_list, **subprocess_kw)
+  result = popen.communicate(input)[0]
+  if popen.returncode is None:
+    popen.kill()
+  if popen.returncode != 0:
+    raise ValueError('Issue during calling %r, result was:\n%s' % (
+      command_list, result))
+  return result
+
+
+class CertificateAuthority:
+  def __init__(self, key, certificate, openssl_binary,
+      openssl_configuration, request_dir):
+    self.key = key
+    self.certificate = certificate
+    self.openssl_binary = openssl_binary
+    self.openssl_configuration = openssl_configuration
+    self.request_dir = request_dir
+
+  def checkAuthority(self):
+    file_list = [ self.key, self.certificate ]
+    ca_ready = True
+    for f in file_list:
+      if not os.path.exists(f):
+        ca_ready = False
+        break
+    if ca_ready:
+      return
+    for f in file_list:
+      if os.path.exists(f):
+        os.unlink(f)
+    try:
+      # no CA, let us create new one
+      popenCommunicate([self.openssl_binary, 'req', '-nodes', '-config',
+          self.openssl_configuration, '-new', '-x509', '-extensions',
+          'v3_ca', '-keyout', self.key, '-out', self.certificate,
+          '-days', '10950'], 'Automatic Certificate Authority\n')
+    except:
+      try:
+        for f in file_list:
+          if os.path.exists(f):
+            os.unlink(f)
+      except:
+        # do not raise during cleanup
+        pass
+      raise
+
+  def _checkCertificate(self, common_name, key, certificate):
+    file_list = [key, certificate]
+    ready = True
+    for f in file_list:
+      if not os.path.exists(f):
+        ready = False
+        break
+    if ready:
+      return False
+    for f in file_list:
+      if os.path.exists(f):
+        os.unlink(f)
+    csr = certificate + '.csr'
+    try:
+      popenCommunicate([self.openssl_binary, 'req', '-config',
+        self.openssl_configuration, '-nodes', '-new', '-keyout',
+        key, '-out', csr, '-days', '3650'],
+        common_name + '\n')
+      try:
+        popenCommunicate([self.openssl_binary, 'ca', '-batch', '-config',
+          self.openssl_configuration, '-out', certificate,
+          '-infiles', csr])
+      finally:
+        if os.path.exists(csr):
+          os.unlink(csr)
+    except:
+      try:
+        for f in file_list:
+          if os.path.exists(f):
+            os.unlink(f)
+      except:
+        # do not raise during cleanup
+        pass
+      raise
+    else:
+      return True
+
+  def checkRequestDir(self):
+    for request_file in os.listdir(self.request_dir):
+      parser = ConfigParser.RawConfigParser()
+      parser.readfp(open(os.path.join(self.request_dir, request_file), 'r'))
+      if self._checkCertificate(parser.get('certificate', 'name'),
+          parser.get('certificate', 'key_file'), parser.get('certificate',
+            'certificate_file')):
+        print 'Created certificate %r' % parser.get('certificate', 'name')
+
+def runCertificateAuthority(args):
+  ca_conf = args[0]
+  ca = CertificateAuthority(ca_conf['key'], ca_conf['certificate'],
+      ca_conf['openssl_binary'], ca_conf['openssl_configuration'],
+      ca_conf['request_dir'])
+  while True:
+    ca.checkAuthority()
+    ca.checkRequestDir()
+    time.sleep(60)

slapos/recipe/memcached/template/memcached.in

+#!/bin/sh
+exec %(memcached_binary)s -p %(memcached_port)s -U %(memcached_port)s -l %(memcached_ip)s

slapos/recipe/memcached/template/openssl.cnf.ca.in

+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+# Policies used by the TSA examples.
+tsa_policy1 = 1.2.3.4.1
+tsa_policy2 = 1.2.3.4.5.6
+tsa_policy3 = 1.2.3.4.5.7
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= %(working_directory)s		# Where everything is kept
+certs		= $dir/certs		# Where the issued certs are kept
+crl_dir		= $dir/crl		# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+#unique_subject	= no			# Set to 'no' to allow creation of
+					# several ctificates with same subject.
+new_certs_dir	= $dir/newcerts		# default place for new certs.
+
+certificate	= $dir/cacert.pem 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crlnumber	= $dir/crlnumber	# the current crl number
+					# must be commented out to leave a V1 CRL
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/private/cakey.pem # The private key
+RANDFILE	= $dir/private/.rand	# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt 	= ca_default		# Subject Name options
+cert_opt 	= ca_default		# Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= default		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= 2048
+default_md		= sha1
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+#attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation before 2004)
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
+string_mask = utf8only
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_value		= %(country_code)s
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_value	= %(state)s
+
+localityName			= Locality Name (eg, city)
+localityName_value		= %(city)s
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_value	= %(company)s
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_value = %(email_address)s
+emailAddress_max		= 64
+
+# SET-ex3			= SET extension number 3
+
+#[ req_attributes ]
+#challengePassword		= A challenge password
+#challengePassword_min		= 4
+#challengePassword_max		= 20
+#
+#unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This is required for TSA certificates.
+# extendedKeyUsage = critical,timeStamping
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+
+####################################################################
+[ tsa ]
+
+default_tsa = tsa_config1	# the default TSA section
+
+[ tsa_config1 ]
+
+# These are used by the TSA reply generation only.
+dir		= /etc/pki/tls		# TSA root directory
+serial		= $dir/tsaserial	# The current serial number (mandatory)
+crypto_device	= builtin		# OpenSSL engine to use for signing
+signer_cert	= $dir/tsacert.pem 	# The TSA signing certificate
+					# (optional)
+certs		= $dir/cacert.pem	# Certificate chain to include in reply
+					# (optional)
+signer_key	= $dir/private/tsakey.pem # The TSA private key (optional)
+
+default_policy	= tsa_policy1		# Policy if request did not specify it
+					# (optional)
+other_policies	= tsa_policy2, tsa_policy3	# acceptable policies (optional)
+digests		= md5, sha1		# Acceptable message digests (mandatory)
+accuracy	= secs:1, millisecs:500, microsecs:100	# (optional)
+clock_precision_digits  = 0	# number of digits after dot. (optional)
+ordering		= yes	# Is ordering defined for timestamps?
+				# (optional, default: no)
+tsa_name		= yes	# Must the TSA name be included in the reply?
+				# (optional, default: no)
+ess_cert_id_chain	= no	# Must the ESS cert id chain be included?
+				# (optional, default: no)

slapos/recipe/memcached/template/stunnel.conf.in

+foreground = yes
+output = %(log)s
+pid = %(pid_file)s
+syslog = no
+CApath = %(ca_path)s
+key = %(key)s
+CRLpath = %(ca_crl)s
+cert = %(cert)s
+
+[service]
+accept = %(public_ip)s:%(public_port)s
+connect = %(private_ip)s:%(private_port)s

slapos/recipe/mysql/__init__.py

+##############################################################################
+#
+# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+from slapos.recipe.librecipe import BaseSlapRecipe
+import hashlib
+import os
+import pkg_resources
+import sys
+import zc.buildout
+import ConfigParser
+
+class Recipe(BaseSlapRecipe):
+  def getTemplateFilename(self, template_name):
+    return pkg_resources.resource_filename(__name__,
+        'template/%s' % template_name)
+
+  def _install(self):
+    self.path_list = []
+
+    self.requirements, self.ws = self.egg.working_set()
+    # self.cron_d is a directory, where cron jobs can be registered
+    self.cron_d = self.installCrond()
+    self.logrotate_d, self.logrotate_backup = self.installLogrotate()
+    
+    mysql_conf = self.installMysqlServer(self.getLocalIPv4Address(), 45678)
+      
+    ca_conf = self.installCertificateAuthority()
+    key, certificate = self.requestCertificate('MySQL')
+    
+    stunnel_conf = self.installStunnel(self.getGlobalIPv6Address(),
+        self.getLocalIPv4Address(), 12345, mysql_conf['tcp_port'],
+        certificate, key, ca_conf['ca_crl'],
+        ca_conf['certificate_authority_path'])
+    
+    self.linkBinary()
+    self.setConnectionDict(dict(
+      stunnel_ip = stunnel_conf['public_ip'],
+      stunnel_port = stunnel_conf['public_port'],
+      mysql_database = mysql_conf['mysql_database'],
+      mysql_user = mysql_conf['mysql_user'],
+      mysql_password = mysql_conf['mysql_password'],
+    ))
+    return self.path_list
+
+  def linkBinary(self):
+    """Links binaries to instance's bin directory for easier exposal"""
+    for linkline in self.options.get('link_binary_list', '').splitlines():
+      if not linkline:
+        continue
+      target = linkline.split()
+      if len(target) == 1:
+        target = target[0]
+        path, linkname = os.path.split(target)
+      else:
+        linkname = target[1]
+        target = target[0]
+      link = os.path.join(self.bin_directory, linkname)
+      if os.path.lexists(link):
+        if not os.path.islink(link):
+          raise zc.buildout.UserError(
+              'Target link already %r exists but it is not link' % link)
+        os.unlink(link)
+      os.symlink(target, link)
+      self.logger.debug('Created link %r -> %r' % (link, target))
+      self.path_list.append(link)
+
+  def installCrond(self):
+    timestamps = self.createDataDirectory('cronstamps')
+    cron_output = os.path.join(self.log_directory, 'cron-output')
+    self._createDirectory(cron_output)
+    catcher = zc.buildout.easy_install.scripts([('catchcron',
+      __name__ + '.catdatefile', 'catdatefile')], self.ws, sys.executable,
+      self.bin_directory, arguments=[cron_output])[0]
+    self.path_list.append(catcher)
+    cron_d = os.path.join(self.etc_directory, 'cron.d')
+    crontabs = os.path.join(self.etc_directory, 'crontabs')
+    self._createDirectory(cron_d)
+    self._createDirectory(crontabs)
+    wrapper = zc.buildout.easy_install.scripts([('crond',
+      'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
+      self.wrapper_directory, arguments=[
+        self.options['dcrond_binary'].strip(), '-s', cron_d, '-c', crontabs,
+        '-t', timestamps, '-f', '-l', '5', '-M', catcher]
+      )[0]
+    self.path_list.append(wrapper)
+    return cron_d
+  
+  def installLogrotate(self):
+    """Installs logortate main configuration file and registers its to cron"""
+    logrotate_d = os.path.abspath(os.path.join(self.etc_directory,
+      'logrotate.d'))
+    self._createDirectory(logrotate_d)
+    logrotate_backup = self.createBackupDirectory('logrotate')
+    logrotate_conf = self.createConfigurationFile("logrotate.conf",
+        "include %s" % logrotate_d)
+    logrotate_cron = os.path.join(self.cron_d, 'logrotate')
+    state_file = os.path.join(self.data_root_directory, 'logrotate.status')
+    open(logrotate_cron, 'w').write('0 0 * * * %s -s %s %s' %
+        (self.options['logrotate_binary'], state_file, logrotate_conf))
+    self.path_list.extend([logrotate_d, logrotate_conf, logrotate_cron])
+    return logrotate_d, logrotate_backup
+
+  def registerLogRotation(self, name, log_file_list, postrotate_script):
+    """Register new log rotation requirement"""
+    open(os.path.join(self.logrotate_d, name), 'w').write(
+        self.substituteTemplate(self.getTemplateFilename(
+          'logrotate_entry.in'),
+          dict(file_list=' '.join(['"'+q+'"' for q in log_file_list]),
+            postrotate=postrotate_script, olddir=self.logrotate_backup)))
+
+  def installCertificateAuthority(self, ca_country_code='XX',
+      ca_email='xx@example.com', ca_state='State', ca_city='City',
+      ca_company='Company'):
+    backup_path = self.createBackupDirectory('ca')
+    self.ca_dir = os.path.join(self.data_root_directory, 'ca')
+    self._createDirectory(self.ca_dir)
+    self.ca_request_dir = os.path.join(self.ca_dir, 'requests')
+    self._createDirectory(self.ca_request_dir)
+    config = dict(ca_dir=self.ca_dir, request_dir=self.ca_request_dir)
+    self.ca_private = os.path.join(self.ca_dir, 'private')
+    self.ca_certs = os.path.join(self.ca_dir, 'certs')
+    self.ca_crl = os.path.join(self.ca_dir, 'crl')
+    self.ca_newcerts = os.path.join(self.ca_dir, 'newcerts')
+    self.ca_key_ext = '.key'
+    self.ca_crt_ext = '.crt'
+    for d in [self.ca_private, self.ca_crl, self.ca_newcerts, self.ca_certs]:
+      self._createDirectory(d)
+    for f in ['crlnumber', 'serial']:
+      if not os.path.exists(os.path.join(self.ca_dir, f)):
+        open(os.path.join(self.ca_dir, f), 'w').write('01')
+    if not os.path.exists(os.path.join(self.ca_dir, 'index.txt')):
+      open(os.path.join(self.ca_dir, 'index.txt'), 'w').write('')
+    openssl_configuration = os.path.join(self.ca_dir, 'openssl.cnf')
+    config.update(
+        working_directory=self.ca_dir,
+        country_code=ca_country_code,
+        state=ca_state,
+        city=ca_city,
+        company=ca_company,
+        email_address=ca_email,
+    )
+    self._writeFile(openssl_configuration, pkg_resources.resource_string(
+      __name__, 'template/openssl.cnf.ca.in') % config)
+    self.path_list.extend(zc.buildout.easy_install.scripts([
+      ('certificate_authority',
+        __name__ + '.certificate_authority', 'runCertificateAuthority')],
+        self.ws, sys.executable, self.wrapper_directory, arguments=[dict(
+          openssl_configuration=openssl_configuration,
+          openssl_binary=self.options['openssl_binary'],
+          certificate=os.path.join(self.ca_dir, 'cacert.pem'),
+          key=os.path.join(self.ca_private, 'cakey.pem'),
+          crl=os.path.join(self.ca_crl),
+          request_dir=self.ca_request_dir
+          )]))
+    # configure backup
+    backup_cron = os.path.join(self.cron_d, 'ca_rdiff_backup')
+    open(backup_cron, 'w').write(
+        '''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''%dict(
+          rdiff_backup=self.options['rdiff_backup_binary'],
+          source=self.ca_dir,
+          destination=backup_path))
+    self.path_list.append(backup_cron)
+
+    return dict(
+      ca_certificate=os.path.join(config['ca_dir'], 'cacert.pem'),
+      ca_crl=os.path.join(config['ca_dir'], 'crl'),
+      certificate_authority_path=config['ca_dir']
+    )
+
+  def requestCertificate(self, name):
+    hash = hashlib.sha512(name).hexdigest()
+    key = os.path.join(self.ca_private, hash + self.ca_key_ext)
+    certificate = os.path.join(self.ca_certs, hash + self.ca_crt_ext)
+    parser = ConfigParser.RawConfigParser()
+    parser.add_section('certificate')
+    parser.set('certificate', 'name', name)
+    parser.set('certificate', 'key_file', key)
+    parser.set('certificate', 'certificate_file', certificate)
+    parser.write(open(os.path.join(self.ca_request_dir, hash), 'w'))
+    return key, certificate
+
+  def installStunnel(self, public_ip, private_ip, public_port, private_port,
+      ca_certificate, key, ca_crl, ca_path):
+    """Installs stunnel"""
+    template_filename = self.getTemplateFilename('stunnel.conf.in')
+    log = os.path.join(self.log_directory, 'stunnel.log')
+    pid_file = os.path.join(self.run_directory, 'stunnel.pid')
+    stunnel_conf = dict(
+        public_ip=public_ip,
+        private_ip=private_ip,
+        public_port=public_port,
+        pid_file=pid_file,
+        log=log,
+        cert = ca_certificate,
+        key = key,
+        ca_crl = ca_crl,
+        ca_path = ca_path,
+        private_port = private_port,
+    )
+    stunnel_conf_path = self.createConfigurationFile("stunnel.conf",
+        self.substituteTemplate(template_filename,
+          stunnel_conf))
+    wrapper = zc.buildout.easy_install.scripts([('stunnel',
+      'slapos.recipe.librecipe.execute', 'execute_wait')], self.ws,
+      sys.executable, self.wrapper_directory, arguments=[
+        [self.options['stunnel_binary'].strip(), stunnel_conf_path],
+        [ca_certificate, key]]
+      )[0]
+    self.path_list.append(wrapper)
+    return stunnel_conf
+
+    
+  def installMysqlServer(self, ip, port, database='db', user='user',
+      template_filename=None, mysql_conf=None):
+    if mysql_conf is None:
+      mysql_conf = {}
+    backup_directory = self.createBackupDirectory('mysql')
+    if template_filename is None:
+      template_filename = self.getTemplateFilename('my.cnf.in')
+    error_log = os.path.join(self.log_directory, 'mysqld.log')
+    slow_query_log = os.path.join(self.log_directory, 'mysql-slow.log')
+    mysql_conf.update(
+        ip=ip,
+        data_directory=os.path.join(self.data_root_directory,
+          'mysql'),
+        tcp_port=port,
+        pid_file=os.path.join(self.run_directory, 'mysqld.pid'),
+        socket=os.path.join(self.run_directory, 'mysqld.sock'),
+        error_log=error_log,
+        slow_query_log=slow_query_log,
+        mysql_database=database,
+        mysql_user=user,
+        mysql_password=self.generatePassword(),
+    )
+    self.registerLogRotation('mysql', [error_log, slow_query_log],
+        '%(mysql_binary)s --no-defaults -B --user=root '
+        '--socket=%(mysql_socket)s -e "FLUSH LOGS"' % dict(
+          mysql_binary=self.options['mysql_binary'],
+          mysql_socket=mysql_conf['socket']))
+    self._createDirectory(mysql_conf['data_directory'])
+
+    mysql_conf_path = self.createConfigurationFile("my.cnf",
+        self.substituteTemplate(template_filename,
+          mysql_conf))
+
+    mysql_script_list = []
+    for x_database, x_user, x_password in \
+          [(mysql_conf['mysql_database'],
+            mysql_conf['mysql_user'],
+            mysql_conf['mysql_password']),
+          ]:
+      mysql_script_list.append(pkg_resources.resource_string(__name__,
+                     'template/initmysql.sql.in') % {
+                        'mysql_database': x_database,
+                        'mysql_user': x_user,
+                        'mysql_password': x_password})
+    mysql_script_list.append('EXIT')
+    mysql_script = '\n'.join(mysql_script_list)
+    self.path_list.extend(zc.buildout.easy_install.scripts([('mysql_update',
+      __name__ + '.mysql', 'updateMysql')], self.ws,
+      sys.executable, self.wrapper_directory, arguments=[dict(
+        mysql_script=mysql_script,
+        mysql_binary=self.options['mysql_binary'].strip(),
+        mysql_upgrade_binary=self.options['mysql_upgrade_binary'].strip(),
+        socket=mysql_conf['socket'],
+        )]))
+    self.path_list.extend(zc.buildout.easy_install.scripts([('mysqld',
+      __name__ + '.mysql', 'runMysql')], self.ws,
+        sys.executable, self.wrapper_directory, arguments=[dict(
+        mysql_install_binary=self.options['mysql_install_binary'].strip(),
+        mysqld_binary=self.options['mysqld_binary'].strip(),
+        data_directory=mysql_conf['data_directory'].strip(),
+        mysql_binary=self.options['mysql_binary'].strip(),
+        socket=mysql_conf['socket'].strip(),
+        configuration_file=mysql_conf_path,
+       )]))
+    self.path_list.extend([mysql_conf_path])
+
+    # backup configuration
+    backup_directory = self.createBackupDirectory('mysql')
+    full_backup = os.path.join(backup_directory, 'full')
+    incremental_backup = os.path.join(backup_directory, 'incremental')
+    self._createDirectory(full_backup)
+    self._createDirectory(incremental_backup)
+    innobackupex_argument_list = [self.options['perl_binary'],
+        self.options['innobackupex_binary'],
+        '--defaults-file=%s' % mysql_conf_path,
+        '--socket=%s' %mysql_conf['socket'].strip(), '--user=root']
+    environment = dict(PATH='%s' % self.bin_directory)
+    innobackupex_incremental = zc.buildout.easy_install.scripts([(
+      'innobackupex_incremental', 'slapos.recipe.librecipe.execute', 'executee')],
+      self.ws, sys.executable, self.bin_directory, arguments=[
+        innobackupex_argument_list + ['--incremental'],
+        environment])[0]
+    self.path_list.append(innobackupex_incremental)
+    innobackupex_full = zc.buildout.easy_install.scripts([('innobackupex_full',
+      'slapos.recipe.librecipe.execute', 'executee')], self.ws,
+      sys.executable, self.bin_directory, arguments=[
+        innobackupex_argument_list,
+        environment])[0]
+    self.path_list.append(innobackupex_full)
+    backup_controller = zc.buildout.easy_install.scripts([
+      ('innobackupex_controller', __name__ + '.innobackupex', 'controller')],
+      self.ws, sys.executable, self.bin_directory,
+      arguments=[innobackupex_incremental, innobackupex_full, full_backup,
+        incremental_backup])[0]
+    self.path_list.append(backup_controller)
+    mysql_backup_cron = os.path.join(self.cron_d, 'mysql_backup')
+    open(mysql_backup_cron, 'w').write('0 0 * * * ' + backup_controller)
+    self.path_list.append(mysql_backup_cron)
+    # The return could be more explicit database, user ...
+    return mysql_conf

slapos/recipe/mysql/certificate_authority.py

+import os
+import subprocess
+import time
+import ConfigParser
+
+
+def popenCommunicate(command_list, input=None):
+  subprocess_kw = dict(stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+  if input is not None:
+    subprocess_kw.update(stdin=subprocess.PIPE)
+  popen = subprocess.Popen(command_list, **subprocess_kw)
+  result = popen.communicate(input)[0]
+  if popen.returncode is None:
+    popen.kill()
+  if popen.returncode != 0:
+    raise ValueError('Issue during calling %r, result was:\n%s' % (
+      command_list, result))
+  return result
+
+
+class CertificateAuthority:
+  def __init__(self, key, certificate, openssl_binary,
+      openssl_configuration, request_dir):
+    self.key = key
+    self.certificate = certificate
+    self.openssl_binary = openssl_binary
+    self.openssl_configuration = openssl_configuration
+    self.request_dir = request_dir
+
+  def checkAuthority(self):
+    file_list = [ self.key, self.certificate ]
+    ca_ready = True
+    for f in file_list:
+      if not os.path.exists(f):
+        ca_ready = False
+        break
+    if ca_ready:
+      return
+    for f in file_list:
+      if os.path.exists(f):
+        os.unlink(f)
+    try:
+      # no CA, let us create new one
+      popenCommunicate([self.openssl_binary, 'req', '-nodes', '-config',
+          self.openssl_configuration, '-new', '-x509', '-extensions',
+          'v3_ca', '-keyout', self.key, '-out', self.certificate,
+          '-days', '10950'], 'Automatic Certificate Authority\n')
+    except:
+      try:
+        for f in file_list:
+          if os.path.exists(f):
+            os.unlink(f)
+      except:
+        # do not raise during cleanup
+        pass
+      raise
+
+  def _checkCertificate(self, common_name, key, certificate):
+    file_list = [key, certificate]
+    ready = True
+    for f in file_list:
+      if not os.path.exists(f):
+        ready = False
+        break
+    if ready:
+      return False
+    for f in file_list:
+      if os.path.exists(f):
+        os.unlink(f)
+    csr = certificate + '.csr'
+    try:
+      popenCommunicate([self.openssl_binary, 'req', '-config',
+        self.openssl_configuration, '-nodes', '-new', '-keyout',
+        key, '-out', csr, '-days', '3650'],
+        common_name + '\n')
+      try:
+        popenCommunicate([self.openssl_binary, 'ca', '-batch', '-config',
+          self.openssl_configuration, '-out', certificate,
+          '-infiles', csr])
+      finally:
+        if os.path.exists(csr):
+          os.unlink(csr)
+    except:
+      try:
+        for f in file_list:
+          if os.path.exists(f):
+            os.unlink(f)
+      except:
+        # do not raise during cleanup
+        pass
+      raise
+    else:
+      return True
+
+  def checkRequestDir(self):
+    for request_file in os.listdir(self.request_dir):
+      parser = ConfigParser.RawConfigParser()
+      parser.readfp(open(os.path.join(self.request_dir, request_file), 'r'))
+      if self._checkCertificate(parser.get('certificate', 'name'),
+          parser.get('certificate', 'key_file'), parser.get('certificate',
+            'certificate_file')):
+        print 'Created certificate %r' % parser.get('certificate', 'name')
+
+def runCertificateAuthority(args):
+  ca_conf = args[0]
+  ca = CertificateAuthority(ca_conf['key'], ca_conf['certificate'],
+      ca_conf['openssl_binary'], ca_conf['openssl_configuration'],
+      ca_conf['request_dir'])
+  while True:
+    ca.checkAuthority()
+    ca.checkRequestDir()
+    time.sleep(60)

slapos/recipe/mysql/mysql.py

+import os
+import subprocess
+import time
+import sys
+
+
+def runMysql(args):
+  sleep = 60
+  conf = args[0]
+  mysqld_wrapper_list = [conf['mysqld_binary'], '--defaults-file=%s' %
+      conf['configuration_file']]
+  # we trust mysql_install that if mysql directory is available mysql was
+  # correctly initalised
+  if not os.path.isdir(os.path.join(conf['data_directory'], 'mysql')):
+    while True:
+      # XXX: Protect with proper root password
+      # XXX: Follow http://dev.mysql.com/doc/refman/5.0/en/default-privileges.html
+      popen = subprocess.Popen([conf['mysql_install_binary'],
+        '--skip-name-resolve', '--no-defaults', '--datadir=%s' %
+        conf['data_directory']],
+        stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+      result = popen.communicate()[0]
+      if popen.returncode is None or popen.returncode != 0:
+        print "Failed to initialise server.\nThe error was: %s" % result
+        print "Waiting for %ss and retrying" % sleep
+        time.sleep(sleep)
+      else:
+        print "Mysql properly initialised"
+        break
+  else:
+    print "MySQL already initialised"
+  print "Starting %r" % mysqld_wrapper_list[0]
+  sys.stdout.flush()
+  sys.stderr.flush()
+  os.execl(mysqld_wrapper_list[0], *mysqld_wrapper_list)
+
+
+def updateMysql(args):
+  conf = args[0]
+  sleep = 30
+  is_succeed = False
+  while True:
+    if not is_succeed:
+      mysql_upgrade_list = [conf['mysql_upgrade_binary'], '--no-defaults', '--user=root', '--socket=%s' % conf['socket']]
+      mysql_upgrade = subprocess.Popen(mysql_upgrade_list, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+      result = mysql_upgrade.communicate()[0]
+      if mysql_upgrade.returncode is None:
+        mysql_upgrade.kill()
+      if mysql_upgrade.returncode != 0 and not 'is already upgraded' in result:
+        print "Command %r failed with result:\n%s" % (mysql_upgrade_list, result)
+        print 'Sleeping for %ss and retrying' % sleep
+      else:
+        if mysql_upgrade.returncode == 0:
+          print "MySQL database upgraded with result:\n%s" % result
+        else:
+          print "No need to upgrade MySQL database"
+        mysql_list = [conf['mysql_binary'].strip(), '--no-defaults', '-B', '--user=root', '--socket=%s' % conf['socket']]
+        mysql = subprocess.Popen(mysql_list, stdin=subprocess.PIPE,
+            stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+        result = mysql.communicate(conf['mysql_script'])[0]
+        if mysql.returncode is None:
+          mysql.kill()
+        if mysql.returncode != 0:
+          print 'Command %r failed with:\n%s' % (mysql_list, result)
+          print 'Sleeping for %ss and retrying' % sleep
+        else:
+          is_succeed = True
+          print 'SlapOS initialisation script succesfully applied on database.'
+    sys.stdout.flush()
+    sys.stderr.flush()
+    time.sleep(sleep)

slapos/recipe/mysql/template/initmysql.sql.in

+CREATE DATABASE IF NOT EXISTS %(mysql_database)s;
+GRANT ALL PRIVILEGES ON %(mysql_database)s.* TO %(mysql_user)s@'%%' IDENTIFIED BY '%(mysql_password)s';
+#GRANT ALL PRIVILEGES ON %(mysql_database)s.* TO %(mysql_user)s@* IDENTIFIED BY '%(mysql_password)s';

slapos/recipe/mysql/template/logrotate_entry.in

+%(file_list)s {
+  daily
+  dateext
+  rotate 30
+  compress
+  notifempty
+  sharedscripts
+  create
+  postrotate
+    %(postrotate)s
+  endscript
+  olddir %(olddir)s
+}

slapos/recipe/mysql/template/my.cnf.in

+# ERP5 buildout my.cnf template based on my-huge.cnf shipped with mysql
+# The MySQL server
+[mysqld]
+# ERP5 by default requires InnoDB storage. MySQL by default fallbacks to using
+# different engine, like MyISAM. Such behaviour generates problems only, when
+# tables requested as InnoDB are silently created with MyISAM engine.
+#
+# Loud fail is really required in such case.
+sql-mode="NO_ENGINE_SUBSTITUTION"
+
+skip-show-database
+port = %(tcp_port)s
+bind-address = %(ip)s
+socket = %(socket)s
+datadir = %(data_directory)s
+pid-file = %(pid_file)s
+log-error = %(error_log)s
+#log-slow-file = %(slow_query_log)s
+long_query_time = 5
+max_allowed_packet = 128M
+query_cache_size = 32M
+
+plugin-load = ha_innodb_plugin.so
+
+# The following are important to configure and depend a lot on to the size of
+# your database and the available resources.
+#innodb_buffer_pool_size = 4G
+#innodb_log_file_size = 256M
+#innodb_log_buffer_size = 8M
+
+# Some dangerous settings you may want to uncomment if you only want
+# performance or less disk access. Useful for unit tests.
+#innodb_flush_log_at_trx_commit = 0
+#innodb_flush_method = nosync
+#innodb_doublewrite = 0
+#sync_frm = 0
+
+# Uncomment the following if you need binary logging, which is recommended
+# on production instances (either for replication or incremental backups).
+#log-bin=mysql-bin
+
+# Force utf8 usage
+collation_server = utf8_unicode_ci
+character_set_server = utf8
+skip-character-set-client-handshake
+
+[mysql]
+no-auto-rehash
+socket = %(socket)s
+
+[mysqlhotcopy]
+interactive-timeout

slapos/recipe/mysql/template/openssl.cnf.ca.in

+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+# Policies used by the TSA examples.
+tsa_policy1 = 1.2.3.4.1
+tsa_policy2 = 1.2.3.4.5.6
+tsa_policy3 = 1.2.3.4.5.7
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= %(working_directory)s		# Where everything is kept
+certs		= $dir/certs		# Where the issued certs are kept
+crl_dir		= $dir/crl		# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+#unique_subject	= no			# Set to 'no' to allow creation of
+					# several ctificates with same subject.
+new_certs_dir	= $dir/newcerts		# default place for new certs.
+
+certificate	= $dir/cacert.pem 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crlnumber	= $dir/crlnumber	# the current crl number
+					# must be commented out to leave a V1 CRL
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/private/cakey.pem # The private key
+RANDFILE	= $dir/private/.rand	# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt 	= ca_default		# Subject Name options
+cert_opt 	= ca_default		# Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= default		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= 2048
+default_md		= sha1
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+#attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation before 2004)
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
+string_mask = utf8only
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_value		= %(country_code)s
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_value	= %(state)s
+
+localityName			= Locality Name (eg, city)
+localityName_value		= %(city)s
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_value	= %(company)s
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_value = %(email_address)s
+emailAddress_max		= 64
+
+# SET-ex3			= SET extension number 3
+
+#[ req_attributes ]
+#challengePassword		= A challenge password
+#challengePassword_min		= 4
+#challengePassword_max		= 20
+#
+#unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This is required for TSA certificates.
+# extendedKeyUsage = critical,timeStamping
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+
+####################################################################
+[ tsa ]
+
+default_tsa = tsa_config1	# the default TSA section
+
+[ tsa_config1 ]
+
+# These are used by the TSA reply generation only.
+dir		= /etc/pki/tls		# TSA root directory
+serial		= $dir/tsaserial	# The current serial number (mandatory)
+crypto_device	= builtin		# OpenSSL engine to use for signing
+signer_cert	= $dir/tsacert.pem 	# The TSA signing certificate
+					# (optional)
+certs		= $dir/cacert.pem	# Certificate chain to include in reply
+					# (optional)
+signer_key	= $dir/private/tsakey.pem # The TSA private key (optional)
+
+default_policy	= tsa_policy1		# Policy if request did not specify it
+					# (optional)
+other_policies	= tsa_policy2, tsa_policy3	# acceptable policies (optional)
+digests		= md5, sha1		# Acceptable message digests (mandatory)
+accuracy	= secs:1, millisecs:500, microsecs:100	# (optional)
+clock_precision_digits  = 0	# number of digits after dot. (optional)
+ordering		= yes	# Is ordering defined for timestamps?
+				# (optional, default: no)
+tsa_name		= yes	# Must the TSA name be included in the reply?
+				# (optional, default: no)
+ess_cert_id_chain	= no	# Must the ESS cert id chain be included?
+				# (optional, default: no)

slapos/recipe/mysql/template/stunnel.conf.in

+foreground = yes
+output = %(log)s
+pid = %(pid_file)s
+syslog = no
+CApath = %(ca_path)s
+key = %(key)s
+CRLpath = %(ca_crl)s
+cert = %(cert)s
+
+[service]
+accept = %(public_ip)s:%(public_port)s
+connect = %(private_ip)s:%(private_port)s

slapos/recipe/osoeslaptraining/__init__.py

+##############################################################################
+#
+# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+from slapos.recipe.librecipe import BaseSlapRecipe
+import os
+import shutil
+import pkg_resources
+import zc.buildout
+import sys
+import zc.recipe.egg
+
+class BaseRecipe(BaseSlapRecipe):
+  def installMysqlServer(self, ip=None, port=None):
+    if ip is None:
+      ip = self.getLocalIPv4Address()
+    if port is None:
+      port = '3306'
+    mysql_conf = dict(
+        ip=ip,
+        data_directory=os.path.join(self.data_root_directory,
+          'mysql'),
+        tcp_port=port,
+        pid_file=os.path.join(self.run_directory, 'mysqld.pid'),
+        socket=os.path.join(self.run_directory, 'mysqld.sock'),
+        error_log=os.path.join(self.log_directory, 'mysqld.log'),
+        slow_query_log=os.path.join(self.log_directory,
+        'mysql-slow.log'),
+        database='appdb',
+        user='appuser',
+        password=self.generatePassword(),
+    )
+    self._createDirectory(mysql_conf['data_directory'])
+
+    mysql_conf_path = self.createConfigurationFile("my.cnf",
+        self.substituteTemplate(pkg_resources.resource_filename(__name__, 'template/my.cnf.in'),
+          mysql_conf))
+
+    mysql_script = pkg_resources.resource_string(__name__,
+        'template/mysqlinit.sql.in') % mysql_conf
+    self.path_list.extend(zc.buildout.easy_install.scripts([('mysql_update',
+      __name__ + '.mysql', 'updateMysql')], self.ws,
+      sys.executable, self.wrapper_directory, arguments=[dict(
+        mysql_script=mysql_script,
+        mysql_binary=self.options['mysql_binary'].strip(),
+        mysql_upgrade_binary=self.options['mysql_upgrade_binary'].strip(),
+        socket=mysql_conf['socket'],
+        )]))
+    self.path_list.extend(zc.buildout.easy_install.scripts([('mysqld',
+      __name__ + '.mysql', 'runMysql')], self.ws,
+        sys.executable, self.wrapper_directory, arguments=[dict(
+        mysql_install_binary=self.options['mysql_install_binary'].strip(),
+        mysqld_binary=self.options['mysqld_binary'].strip(),
+        data_directory=mysql_conf['data_directory'].strip(),
+        mysql_binary=self.options['mysql_binary'].strip(),
+        socket=mysql_conf['socket'].strip(),
+        configuration_file=mysql_conf_path,
+       )]))
+    self.path_list.extend([mysql_conf_path])
+    return dict(
+      mysql_host=mysql_conf['ip'],
+      mysql_port=mysql_conf['tcp_port'],
+      mysql_user=mysql_conf['user'],
+      mysql_password=mysql_conf['password'],
+      mysql_database=mysql_conf['database'],
+    )
+
+  def createHtdocs(self, source, document_root):
+    source = self.options['source'].strip()
+    document_root = self.createDataDirectory('htdocs')
+    for p in os.listdir(document_root):
+      path = os.path.join(document_root, p)
+      if os.path.isdir(path):
+        shutil.rmtree(path)
+      else:
+        os.unlink(path)
+    for p in os.listdir(source):
+      path = os.path.join(source, p)
+      if os.path.isdir(path):
+        shutil.copytree(path, os.path.join(document_root, p))
+      else:
+        shutil.copy2(path, os.path.join(document_root, p))
+
+  def installApache(self, document_root, ip=None, port=None):
+    if ip is None:
+      ip=self.getGlobalIPv6Address()
+    if port is None:
+      port = '9080'
+    apache_config = dict(
+        pid_file=os.path.join(self.run_directory, 'httpd.pid'),
+        lock_file=os.path.join(self.run_directory, 'httpd.lock'),
+        ip=ip,
+        port=port,
+        error_log=os.path.join(self.log_directory, 'httpd-error.log'),
+        access_log=os.path.join(self.log_directory, 'httpd-access.log'),
+        document_root=document_root,
+        php_ini_dir=self.etc_directory
+    )
+    config_file = self.createConfigurationFile('httpd.conf',
+        self.substituteTemplate(pkg_resources.resource_filename(__name__,
+          'template/apache.in'), apache_config))
+    self.path_list.append(config_file)
+    self.path_list.append(self.createConfigurationFile('php.ini',
+        self.substituteTemplate(pkg_resources.resource_filename(__name__,
+          'template/php.ini.in'), {})))
+    self.path_list.extend(zc.buildout.easy_install.scripts([(
+      'httpd',
+        __name__ + '.apache', 'runApache')], self.ws,
+          sys.executable, self.wrapper_directory, arguments=[
+            dict(
+              required_path_list=[],
+              binary=self.options['httpd_binary'],
+              config=config_file
+            )
+          ]))
+    return 'http://[%s]:%s' % (ip, port)
+
+  def createConfiguration(self, template, document_root, destination, d):
+    directory = os.path.dirname(destination)
+    file = os.path.basename(destination)
+    path = document_root
+    if directory:
+      path = os.path.join(document_root, directory)
+      if not os.path.exists(path):
+        os.makedirs(path)
+    destination = os.path.join(path, file)
+    open(destination, 'w').write(open(template, 'r').read() % d)
+
+class Static(BaseRecipe):
+  def _install(self):
+    self.path_list = []
+    self.requirements, self.ws = self.egg.working_set()
+    document_root = self.createDataDirectory('htdocs')
+    self.createHtdocs(self.options['source'].strip(), document_root)
+    url = self.installApache(document_root)
+    self.setConnectionDict(dict(url = url))
+    return self.path_list
+
+class Simple(BaseRecipe):
+  def _install(self):
+    self.path_list = []
+    self.requirements, self.ws = self.egg.working_set()
+    document_root = self.createDataDirectory('htdocs')
+    self.createHtdocs(self.options['source'].strip(), document_root)
+    mysql_conf = self.installMysqlServer()
+    url = self.installApache(document_root)
+    self.setConnectionDict(dict(
+      url=url,
+      **mysql_conf
+    ))
+    self.createConfiguration(self.options['template'], document_root,
+        self.options['configuration'], mysql_conf)
+    return self.path_list
+
+class Request(BaseRecipe):
+  def _install(self):
+    self.path_list = []
+    self.requirements, self.ws = self.egg.working_set()
+    software_type = self.parameter_dict['slap_software_type']
+    if software_type == 'RootSoftwareInstance':
+      document_root = self.createDataDirectory('htdocs')
+      self.createHtdocs(self.options['source'].strip(), document_root)
+      mysql = self.request(self.software_release_url, 'MySQL Server', 'mysql')
+      mysql_conf = dict(
+        mysql_host=mysql.getConnectionParameter('mysql_host'),
+        mysql_port=mysql.getConnectionParameter('mysql_port'),
+        mysql_user=mysql.getConnectionParameter('mysql_user'),
+        mysql_password=mysql.getConnectionParameter('mysql_password'),
+        mysql_database=mysql.getConnectionParameter('mysql_database'),
+      )
+      url = self.installApache(document_root)
+      self.setConnectionDict(dict(
+        url=url,
+      ))
+      self.createConfiguration(self.options['template'], document_root,
+          self.options['configuration'], mysql_conf)
+    elif software_type == 'MySQL Server':
+      mysql_conf = self.installMysqlServer()
+      self.setConnectionDict(dict(
+        **mysql_conf
+      ))
+    else:
+      raise zc.buildout.UserError('Uknown software type %r' % software_type)
+    return self.path_list

slapos/recipe/osoeslaptraining/apache.py

+import os
+import sys
+import time
+
+
+def runApache(args):
+  sleep = 60
+  conf = args[0]
+  while True:
+    ready = True
+    for f in conf.get('required_path_list', []):
+      if not os.path.exists(f):
+        print 'File %r does not exists, sleeping for %s' % (f, sleep)
+        ready = False
+    if ready:
+      break
+    time.sleep(sleep)
+  apache_wrapper_list = [conf['binary'], '-f', conf['config'], '-DFOREGROUND']
+  apache_wrapper_list.extend(sys.argv[1:])
+  sys.stdout.flush()
+  sys.stderr.flush()
+  os.execl(apache_wrapper_list[0], *apache_wrapper_list)

slapos/recipe/osoeslaptraining/mysql.py

+import os
+import subprocess
+import time
+import sys
+
+
+def runMysql(args):
+  sleep = 60
+  conf = args[0]
+  mysqld_wrapper_list = [conf['mysqld_binary'], '--defaults-file=%s' %
+      conf['configuration_file']]
+  # we trust mysql_install that if mysql directory is available mysql was
+  # correctly initalised
+  if not os.path.isdir(os.path.join(conf['data_directory'], 'mysql')):
+    while True:
+      # XXX: Protect with proper root password
+      popen = subprocess.Popen([conf['mysql_install_binary'],
+        '--skip-name-resolve', '--no-defaults', '--datadir=%s' %
+        conf['data_directory']],
+        stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+      result = popen.communicate()[0]
+      if popen.returncode is None or popen.returncode != 0:
+        print "Failed to initialise server.\nThe error was: %s" % result
+        print "Waiting for %ss and retrying" % sleep
+        time.sleep(sleep)
+      else:
+        print "Mysql properly initialised"
+        break
+  else:
+    print "MySQL already initialised"
+  print "Starting %r" % mysqld_wrapper_list[0]
+  sys.stdout.flush()
+  sys.stderr.flush()
+  os.execl(mysqld_wrapper_list[0], *mysqld_wrapper_list)
+
+
+def updateMysql(args):
+  conf = args[0]
+  sleep = 30
+  is_succeed = False
+  while True:
+    if not is_succeed:
+      mysql_upgrade_list = [conf['mysql_upgrade_binary'], '--no-defaults', '--user=root', '--socket=%s' % conf['socket']]
+      mysql_upgrade = subprocess.Popen(mysql_upgrade_list, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+      result = mysql_upgrade.communicate()[0]
+      if mysql_upgrade.returncode is None:
+        mysql_upgrade.kill()
+      if mysql_upgrade.returncode != 0 and not 'is already upgraded' in result:
+        print "Command %r failed with result:\n%s" % (mysql_upgrade_list, result)
+        print 'Sleeping for %ss and retrying' % sleep
+      else:
+        if mysql_upgrade.returncode == 0:
+          print "MySQL database upgraded with result:\n%s" % result
+        else:
+          print "No need to upgrade MySQL database"
+        mysql_script = conf.get('mysql_script')
+        if mysql_script:
+          mysql_list = [conf['mysql_binary'].strip(), '--no-defaults', '-B', '--user=root', '--socket=%s' % conf['socket']]
+          mysql = subprocess.Popen(mysql_list, stdin=subprocess.PIPE,
+              stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+          result = mysql.communicate(conf['mysql_script'])[0]
+          if mysql.returncode is None:
+            mysql.kill()
+          if mysql.returncode != 0:
+            print 'Command %r failed with:\n%s' % (mysql_list, result)
+            print 'Sleeping for %ss and retrying' % sleep
+          else:
+            is_succeed = True
+            print 'SlapOS initialisation script succesfully applied on database.'
+    sys.stdout.flush()
+    sys.stderr.flush()
+    time.sleep(sleep)

slapos/recipe/osoeslaptraining/template/apache.in

+# Apache static configuration
+# Automatically generated
+
+# Basic server configuration
+PidFile "%(pid_file)s"
+LockFile "%(lock_file)s"
+Listen %(ip)s:%(port)s
+PHPINIDir %(php_ini_dir)s
+ServerAdmin someone@email
+DefaultType text/plain
+TypesConfig conf/mime.types
+AddType application/x-compress .Z
+AddType application/x-gzip .gz .tgz
+AddType application/x-httpd-php .php .phtml .php5 .php4
+AddType application/x-httpd-php-source .phps
+
+# Log configuration
+ErrorLog "%(error_log)s"
+LogLevel warn
+LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\"" combined
+LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b" common
+CustomLog "%(access_log)s" common
+
+# Directory protection
+<Directory />
+    Options FollowSymLinks
+    AllowOverride None
+    Order deny,allow
+    Deny from all
+</Directory>
+
+<Directory %(document_root)s>
+  Options FollowSymLinks
+  AllowOverride All
+  Order allow,deny
+  Allow from all
+</Directory>
+DocumentRoot %(document_root)s
+DirectoryIndex index.html index.php
+
+# List of modules
+LoadModule authz_host_module modules/mod_authz_host.so
+LoadModule log_config_module modules/mod_log_config.so
+LoadModule setenvif_module modules/mod_setenvif.so
+LoadModule version_module modules/mod_version.so
+LoadModule proxy_module modules/mod_proxy.so
+LoadModule proxy_http_module modules/mod_proxy_http.so
+LoadModule mime_module modules/mod_mime.so
+LoadModule dav_module modules/mod_dav.so
+LoadModule dav_fs_module modules/mod_dav_fs.so
+LoadModule negotiation_module modules/mod_negotiation.so
+LoadModule rewrite_module modules/mod_rewrite.so
+LoadModule headers_module modules/mod_headers.so
+LoadModule dir_module modules/mod_dir.so
+LoadModule php5_module modules/libphp5.so

slapos/recipe/osoeslaptraining/template/my.cnf.in

+# ERP5 buildout my.cnf template based on my-huge.cnf shipped with mysql
+# The MySQL server
+[mysqld]
+# ERP5 by default requires InnoDB storage. MySQL by default fallbacks to using
+# different engine, like MyISAM. Such behaviour generates problems only, when
+# tables requested as InnoDB are silently created with MyISAM engine.
+#
+# Loud fail is really required in such case.
+sql-mode="NO_ENGINE_SUBSTITUTION"
+
+skip-show-database
+port = %(tcp_port)s
+bind-address = %(ip)s
+socket = %(socket)s
+datadir = %(data_directory)s
+pid-file = %(pid_file)s
+log-error = %(error_log)s
+log-slow-file = %(slow_query_log)s
+long_query_time = 5
+max_allowed_packet = 128M
+query_cache_size = 32M
+
+plugin-load = ha_innodb_plugin.so
+
+# The following are important to configure and depend a lot on to the size of
+# your database and the available resources.
+#innodb_buffer_pool_size = 4G
+#innodb_log_file_size = 256M
+#innodb_log_buffer_size = 8M
+
+# Some dangerous settings you may want to uncomment if you only want
+# performance or less disk access. Useful for unit tests.
+#innodb_flush_log_at_trx_commit = 0
+#innodb_flush_method = nosync
+#innodb_doublewrite = 0
+#sync_frm = 0
+
+# Uncomment the following if you need binary logging, which is recommended
+# on production instances (either for replication or incremental backups).
+#log-bin=mysql-bin
+
+# Force utf8 usage
+collation_server = utf8_unicode_ci
+character_set_server = utf8
+skip-character-set-client-handshake
+
+[mysql]
+no-auto-rehash
+socket = %(socket)s
+
+[mysqlhotcopy]
+interactive-timeout

slapos/recipe/osoeslaptraining/template/mysqlinit.sql.in

+CREATE DATABASE IF NOT EXISTS %(database)s;
+GRANT ALL PRIVILEGES ON %(database)s.* TO %(user)s@localhost IDENTIFIED BY %(password)r;
+GRANT ALL PRIVILEGES ON %(database)s.* TO %(user)s@'%%' IDENTIFIED BY %(password)r;
+GRANT SHOW DATABASES ON *.* TO %(user)s@localhost IDENTIFIED BY %(password)r;
+GRANT SHOW DATABASES ON *.* TO %(user)s@'%%' IDENTIFIED BY %(password)r;
+FLUSH PRIVILEGES;
+EXIT

slapos/recipe/osoeslaptraining/template/php.ini.in

+[PHP]
+engine = On
+safe_mode = Off
+expose_php = On
+error_reporting = E_ALL | E_STRICT
+display_errors = On
+display_startup_errors = On
+log_errors = On
+log_errors_max_len = 1024
+ignore_repeated_errors = Off
+ignore_repeated_source = Off

slapos/recipe/slaprunner/__init__.py

@@ -68,9 +68,11 @@ class Recipe(BaseSlapRecipe):
         self.substituteTemplate(pkg_resources.resource_filename(__name__,
           'template/slapos.cfg.in'), configuration))
     self.path_list.append(config_file)
+    
+    execute_arguments = dict(path = os.environ['PATH'],
+        launch_args = [self.options['slaprunner'].strip(), config_file])
     self.path_list.extend(zc.buildout.easy_install.scripts([('slaprunner',
       'slapos.recipe.slaprunner.execute', 'execute')], self.ws, sys.executable,
-      self.wrapper_directory, arguments=[self.options['slaprunner'].strip(),
-        config_file]))
+      self.wrapper_directory, arguments=execute_arguments))
     self.setConnectionDict(dict(url='http://[%s]:%s' % (ipv6, runner_port)))
     return self.path_list

slapos/recipe/slaprunner/execute.py

@@ -3,4 +3,6 @@ import os
 
 def execute(args):
   """Portable execution with process replacement"""
-  os.execv(args[0], args)
+  if args.get("path", None):
+    os.environ['PATH'] = args["path"]
+  os.execv(args["launch_args"][0], args["launch_args"])

slapos/recipe/template.py

-##############################################################################
-#
-# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
-#
-# WARNING: This program as such is intended to be used by professional
-# programmers who take the whole responsibility of assessing all potential
-# consequences resulting from its eventual inadequacies and bugs
-# End users who are looking for a ready-to-use solution with commercial
-# guarantees and support are strongly adviced to contract a Free Software
-# Service Company
-#
-# This program is Free Software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 3
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
-#
-##############################################################################
-
-import collective.recipe.template
-import zc.buildout
-class Recipe(collective.recipe.template.Recipe):
-  def __init__(self, buildout, name, options):
-    download = zc.buildout.download.Download(buildout['buildout'],
-                hash_name=True)
-    path, is_temp = download(options.pop('url'),
-        md5sum=options.get('md5sum'))
-    options['input'] = path
-    collective.recipe.template.Recipe.__init__(self, buildout, name, options)

slapos/recipe/vifib.py

@@ -31,6 +31,9 @@ import zc.buildout
 import sys
 
 class Recipe(slapos.recipe.erp5.Recipe):
+  
+  default_bt5_list = []
+
   def installKeyAuthorisationApache(self, ip, port, backend, key, certificate,
       ca_conf, key_auth_path='/erp5/portal_slap'):
     ssl_template = """SSLEngine on
@@ -122,7 +125,7 @@ SSLCARevocationPath %(ca_crl)s"""
     zodb_configuration_string = '\n'.join(zodb_configuration_list)
     zope_port = 12000
     # One Distribution Node
-    zope_port +=1
+    zope_port += 1
     self.installZope(ip, zope_port, 'zope_distribution', with_timerservice=True,
         zodb_configuration_string=zodb_configuration_string,
         tidstorage_config=tidstorage_config)
@@ -147,6 +150,9 @@ SSLCARevocationPath %(ca_crl)s"""
         login_url_list)
     apache_login = self.installBackendApache(self.getGlobalIPv6Address(), 15000,
         login_haproxy, backend_key, backend_certificate)
+    apache_frontend_login = self.installFrontendZopeApache(
+        self.getGlobalIPv6Address(), 4443, 'vifib', '/',
+        apache_login, '/', backend_key, backend_certificate)
     # Four Web Service Nodes (Machine access)
     service_url_list = []
     for i in (1, 2, 3, 4):
@@ -169,7 +175,14 @@ SSLCARevocationPath %(ca_crl)s"""
     self.installTidStorage(tidstorage_config['host'], tidstorage_config['port'],
         known_tid_storage_identifier_dict, 'http://'+login_haproxy)
     self.linkBinary()
+
+    # Connect direct to Zope to create the instance.
+    self.installERP5Site(user, password, service_url_list[-1], mysql_conf,
+             conversion_server_conf, memcached_conf, kumo_conf,
+             self.site_id, self.default_bt5_list)
+
     self.setConnectionDict(dict(
+      front_end_url=apache_frontend_login,
       site_url=apache_login,
       site_user=user,
       site_password=password,
@@ -220,7 +233,13 @@ SSLCARevocationPath %(ca_crl)s"""
     kumo_conf = self.installKumo(self.getLocalIPv4Address())
     self.installTestRunner(ca_conf, mysql_conf, conversion_server_conf,
         memcached_conf, kumo_conf)
+    self.installTestSuiteRunner(ca_conf, mysql_conf, conversion_server_conf,
+                           memcached_conf, kumo_conf)
     self.linkBinary()
+    self.installERP5Site(user, password, zope_access, mysql_conf,
+             conversion_server_conf, memcached_conf, kumo_conf,
+             self.site_id, self.default_bt5_list)
+
     self.setConnectionDict(dict(
       development_zope='http://%s:%s/' % (ip, zope_port),
       site_user=user,
@@ -254,6 +273,9 @@ SSLCARevocationPath %(ca_crl)s"""
         [('killpidfromfile', 'slapos.recipe.erp5.killpidfromfile',
           'killpidfromfile')], self.ws, sys.executable, self.bin_directory)[0]
     self.path_list.append(self.killpidfromfile)
+    if self.parameter_dict.get("flavour", "default") == 'configurator':
+      self.default_bt5_list = self.options.get("configurator_bt5_list", '').split()
+
     if self.parameter_dict.get('development', 'false').lower() == 'true':
       return self.installDevelopment()
     if self.parameter_dict.get('production', 'false').lower() == 'true':

slapos/recipe/zabbixagent/__init__.py

+##############################################################################
+#
+# Copyright (c) 2011 Vifib SARL and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+from slapos.recipe.librecipe import BaseSlapRecipe
+import binascii
+import os
+import pkg_resources
+import pprint
+import hashlib
+import sys
+import zc.buildout
+import zc.recipe.egg
+import ConfigParser
+
+class Recipe(BaseSlapRecipe):
+  def installLogrotate(self):
+    """Installs logortate main configuration file and registers its to cron"""
+    logrotate_d = os.path.abspath(os.path.join(self.etc_directory,
+      'logrotate.d'))
+    self._createDirectory(logrotate_d)
+    logrotate_backup = self.createBackupDirectory('logrotate')
+    logrotate_conf = self.createConfigurationFile("logrotate.conf",
+        "include %s" % logrotate_d)
+    logrotate_cron = os.path.join(self.cron_d, 'logrotate')
+    state_file = os.path.join(self.data_root_directory, 'logrotate.status')
+    open(logrotate_cron, 'w').write('0 0 * * * %s -s %s %s' %
+        (self.options['logrotate_binary'], state_file, logrotate_conf))
+    self.path_list.extend([logrotate_d, logrotate_conf, logrotate_cron])
+    return logrotate_d, logrotate_backup
+
+  def registerLogRotation(self, name, log_file_list):
+    """Register new log rotation requirement"""
+    open(os.path.join(self.logrotate_d, name), 'w').write(
+        pkg_resources.resource_string(__name__, 'template/logrotate_entry.in')%
+          dict(file_list=' '.join(['"'+q+'"' for q in log_file_list]),
+          olddir=self.logrotate_backup))
+
+  def installCrond(self):
+    timestamps = self.createDataDirectory('cronstamps')
+    cron_output = os.path.join(self.log_directory, 'cron-output')
+    self._createDirectory(cron_output)
+    catcher = zc.buildout.easy_install.scripts([('catchcron',
+      __name__ + '.catdatefile', 'catdatefile')], self.ws, sys.executable,
+      self.bin_directory, arguments=[cron_output])[0]
+    self.path_list.append(catcher)
+    cron_d = os.path.join(self.etc_directory, 'cron.d')
+    crontabs = os.path.join(self.etc_directory, 'crontabs')
+    self._createDirectory(cron_d)
+    self._createDirectory(crontabs)
+    wrapper = zc.buildout.easy_install.scripts([('crond',
+      'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
+      self.wrapper_directory, arguments=[
+        self.options['dcrond_binary'].strip(), '-s', cron_d, '-c', crontabs,
+        '-t', timestamps, '-f', '-l', '5', '-M', catcher]
+      )[0]
+    self.path_list.append(wrapper)
+    return cron_d
+
+  def _install(self):
+    self.path_list = []
+    self.requirements, self.ws = self.egg.working_set()
+    # self.cron_d is a directory, where cron jobs can be registered
+    self.cron_d = self.installCrond()
+    self.logrotate_d, self.logrotate_backup = self.installLogrotate()
+    zabbix_log_file = os.path.join(self.log_directory, 'zabbix_agentd.log')
+    self.registerLogRotation('zabbix_agentd', [zabbix_log_file])
+    zabbix_agentd = dict(
+      pid_file=os.path.join(self.run_directory, "zabbix_agentd.pid"),
+      log_file=zabbix_log_file,
+      ip=self.getGlobalIPv6Address(),
+      server=self.parameter_dict['server'],
+      hostname=self.parameter_dict['hostname'],
+      port='10050'
+    )
+    zabbix_agentd_conf = self.createConfigurationFile("zabbix_agentd.conf",
+         pkg_resources.resource_string(__name__,
+         'template/zabbix_agentd.conf.in') % zabbix_agentd)
+    self.path_list.append(zabbix_agentd_conf)
+    wrapper = zc.buildout.easy_install.scripts([('zabbixagentd',
+      'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
+      self.bin_directory, arguments=[
+        self.options['zabbix_agentd_binary'].strip(), '-c',
+        zabbix_agentd_conf])[0]
+    self.path_list.extend(zc.buildout.easy_install.scripts([
+      ('zabbixagentd', __name__ + '.svcdaemon', 'svcdaemon')],
+      self.ws, sys.executable, self.wrapper_directory, arguments=[dict(
+        real_binary=wrapper, pid_file=zabbix_agentd['pid_file'])]))
+    self.setConnectionDict(dict(ip=zabbix_agentd['ip'],
+      name=zabbix_agentd['hostname'], port=zabbix_agentd['port']))
+    return self.path_list

slapos/recipe/zabbixagent/catdatefile.py

+import os
+import sys
+import time
+def catdatefile(args):
+  directory = args[0]
+  try:
+    suffix = args[1]
+  except IndexError:
+    suffix = '.log'
+  f = open(os.path.join(directory,
+    time.strftime('%Y-%m-%d.%H:%M.%s') + suffix), 'aw')
+  for line in sys.stdin.read():
+    f.write(line)
+  f.close()

slapos/recipe/zabbixagent/svcdaemon.py

+import os
+import subprocess
+import time
+import signal
+import sys
+
+def get_pid(filename):
+  pid = None
+  if os.path.exists(filename):
+    data = open(pid_file).read()
+    try:
+      pid = int(data)
+    except ValueError:
+      pass
+  return pid
+
+pid_file = None
+def sig_handler(s, frame):
+  print "Killing on signal %s:" % s,
+  global pid_file
+  if pid_file is not None:
+    pid = get_pid(pid_file)
+    if pid is not None:
+      os.kill(pid, signal.SIGTERM)
+      try:
+        os.kill(pid, 0)
+      except Exception:
+        pass
+      else:
+        time.sleep(5)
+        try:
+          os.kill(pid, 0)
+        except Exception:
+          pass
+        else:
+          print 'with SIGKILL...',
+          os.kill(pid, signal.SIGKILL)
+    else:
+      raise ValueError('Pid is none.')
+  print 'done.'
+  sys.exit(0)
+
+signal.signal(signal.SIGINT, sig_handler)
+signal.signal(signal.SIGQUIT, sig_handler)
+signal.signal(signal.SIGTERM, sig_handler)
+
+
+def svcdaemon(args):
+  """Utility script to run daemons in supervisord"""
+  real_binary = args[0]['real_binary']
+  global pid_file
+  pid_file = args[0]['pid_file']
+  subprocess.check_call(real_binary)
+  print 'Started %r' % real_binary
+  while True:
+    time.sleep(5)
+    pid = get_pid(pid_file)
+    if pid is None:
+      raise ValueError('Pid is none')
+    os.kill(pid, 0)

slapos/recipe/zabbixagent/template/logrotate_entry.in

+%(file_list)s {
+  daily
+  dateext
+  rotate 30
+  compress
+  notifempty
+  sharedscripts
+  create
+  olddir %(olddir)s
+}

slapos/recipe/zabbixagent/template/zabbix_agentd.conf.in

+# This is a config file for Zabbix Agent (Unix)
+# To get more information about Zabbix, visit http://www.zabbix.com
+
+############ GENERAL PARAMETERS #################
+
+### Option: PidFile
+#	Name of PID file.
+#
+# Mandatory: no
+# Default:
+# PidFile=/tmp/zabbix_agentd.pid
+PidFile=%(pid_file)s
+
+### Option: LogFile
+#	Name of log file.
+#	If not set, syslog is used.
+#
+# Mandatory: no
+# Default:
+# LogFile=
+
+LogFile=%(log_file)s
+
+### Option: LogFileSize
+#	Maximum size of log file in MB.
+#	0 - disable automatic log rotation.
+#
+# Mandatory: no
+# Range: 0-1024
+# Default:
+# LogFileSize=1
+LogFileSize=0
+
+### Option: DebugLevel
+#	Specifies debug level
+#	0 - no debug
+#	1 - critical information
+#	2 - error information
+#	3 - warnings
+#	4 - for debugging (produces lots of information)
+#
+# Mandatory: no
+# Range: 0-4
+# Default:
+# DebugLevel=3
+
+### Option: SourceIP
+#	Source IP address for outgoing connections.
+#
+# Mandatory: no
+# Default:
+# SourceIP=
+SourceIP=%(ip)s
+
+### Option: EnableRemoteCommands
+#	Whether remote commands from Zabbix server are allowed.
+#	0 - not allowed
+#	1 - allowed
+#
+# Mandatory: no
+# Default:
+# EnableRemoteCommands=0
+
+### Option: LogRemoteCommands
+#	Enable logging of executed shell commands as warnings.
+#	0 - disabled
+#	1 - enabled
+#
+# Mandatory: no
+# Default:
+# LogRemoteCommands=0
+
+##### Passive checks related
+
+### Option: Server
+#	List of comma delimited IP addresses (or hostnames) of Zabbix servers.
+#	No spaces allowed. First entry is used for receiving list of and sending active checks.
+#	If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally.
+#
+# Mandatory: yes
+# Default:
+# Server=
+Server=%(server)s
+
+### Option: Hostname
+#	Unique, case sensitive hostname.
+#	Required for active checks and must match hostname as configured on the server.
+#	System hostname is used if undefined.
+#
+# Default:
+# Hostname=system.hostname
+Hostname=%(hostname)s
+
+### Option: ListenPort
+#	Agent will listen on this port for connections from the server.
+#
+# Mandatory: no
+# Range: 1024-32767
+# Default:
+# ListenPort=10050
+ListenPort=%(port)s
+
+### Option: ListenIP
+#	List of comma delimited IP addresses that the agent should listen on.
+#
+# Mandatory: no
+# Default:
+# ListenIP=0.0.0.0
+ListenIP=%(ip)s
+
+### Option: DisablePassive
+#	Disable passive checks. The agent will not listen on any TCP port.
+#	Only active checks will be processed.
+#	0 - do not disable
+#	1 - disable
+#
+# Mandatory: no
+# Default:
+# DisablePassive=0
+
+##### Active checks related
+
+### Option: DisableActive
+#	Disable active checks. The agent will work in passive mode listening for server.
+#
+# Mandatory: no
+# Default:
+# DisableActive=0
+
+### Option: ServerPort
+#	Server port for retrieving list of and sending active checks.
+#
+# Mandatory: no
+# Default:
+# ServerPort=10051
+
+### Option: RefreshActiveChecks
+#	How often list of active checks is refreshed, in seconds.
+#
+# Mandatory: no
+# Range: 60-3600
+# Default:
+# RefreshActiveChecks=120
+
+### Option: BufferSend
+#	Do not keep data longer than N seconds in buffer.
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# BufferSend=5
+
+### Option: BufferSize
+#	Maximum number of values in a memory buffer. The agent will send
+#	all collected data to Zabbix Server or Proxy if the buffer is full.
+#
+# Mandatory: no
+# Range: 2-65535
+# Default:
+# BufferSize=100
+
+### Option: MaxLinesPerSecond
+#	Maximum number of new lines the agent will send per second to Zabbix Server
+#	or Proxy processing 'log' and 'logrt' active checks.
+#	The provided value will be overridden by the parameter 'maxlines',
+#	provided in 'log' or 'logrt' item keys.
+#
+# Mandatory: no
+# Range: 1-1000
+# Default:
+# MaxLinesPerSecond=100
+
+### Option: AllowRoot
+#	Allow the agent to run as 'root'. If disabled and the agent is started by 'root', the agent
+#       will try to switch to user 'zabbix' instead. Has no effect if started under a regular user.
+#	0 - do not allow
+#	1 - allow
+#
+# Mandatory: no
+# Default:
+# AllowRoot=0
+
+############ ADVANCED PARAMETERS #################
+
+### Option: StartAgents
+#	Number of pre-forked instances of zabbix_agentd that process passive checks.
+#
+# Mandatory: no
+# Range: 1-100
+# Default:
+# StartAgents=3
+
+### Option: Timeout
+#	Spend no more than Timeout seconds on processing
+#
+# Mandatory: no
+# Range: 1-30
+# Default:
+# Timeout=3
+
+### Option: Include
+#	You may include individual files or all files in a directory in the configuration file.
+#
+# Mandatory: no
+# Default:
+# Include=
+
+# Include=/etc/zabbix/zabbix_agentd.userparams.conf
+# Include=/etc/zabbix/zabbix_agentd/
+
+####### USER-DEFINED MONITORED PARAMETERS #######
+
+### Option: UnsafeUserParameters
+#	Allow all characters to be passed in arguments to user-defined parameters.
+#	0 - do not allow
+#	1 - allow
+#
+# Mandatory: no
+# Range: 0-1
+# Default:
+# UnsafeUserParameters=0
+
+### Option: UserParameter
+#	User-defined parameter to monitor. There can be several user-defined parameters.
+#	Format: UserParameter=<key>,<shell command>
+#	Note that shell command must not return empty string or EOL only.
+#	See 'zabbix_agentd' directory for examples.
+#
+# Mandatory: no
+# Default:
+# UserParameter=

software/cloudooo/instance.cfg

+[buildout]
+parts =
+  instance
+
+eggs-directory = ${buildout:eggs-directory}
+develop-eggs-directory = ${buildout:develop-eggs-directory}
+
+[instance]
+recipe = ${instance-recipe:egg}:${instance-recipe:module}
+
+# cloudooo specific configuration
+ooo_binary_path = ${libreoffice-bin:location}/program
+ooo_paster = ${buildout:bin-directory}/cloudooo_paster
+ooo_uno_path = ${libreoffice-bin:location}/basis-link/program
+
+link_binary_list =
+  ${xpdf:location}/bin/pdfinfo
+  ${xpdf:location}/bin/pdftotext
+  ${ffmpeg:location}/bin/ffmpeg
+  ${ffmpeg:location}/bin/ffprobe
+  ${imagemagick:location}/bin/convert
+  ${imagemagick:location}/bin/identify
+  ${pdftk:location}/bin/pdftk
+
+environment =
+  LD_LIBRARY_PATH = ${file:location}/lib:${zlib:location}/lib:${freetype:location}/lib:${libXext:location}/lib:${libXau:location}/lib:${libX11:location}/lib:${libXdmcp:location}/lib:${libxcb:location}/lib

software/cloudooo/software.cfg

+[buildout]
+extensions =
+  slapos.rebootstrap
+  slapos.zcbworkarounds
+  mr.developer
+
+find-links =
+    http://www.nexedi.org/static/packages/source/slapos.buildout/
+    http://dist.repoze.org
+    http://www.nexedi.org/static/packages/source/
+
+extends =
+  ../../stack/cloudooo.cfg
+
+versions = versions
+
+parts +=
+# Create instance template
+  template
+
+# XXX: Workaround of SlapOS limitation
+# Unzippig of eggs is required, as SlapOS do not yet provide nicely working
+# development / fast switching environment for whole software
+unzip = true
+
+[instance-recipe]
+# Note: In case if specific instantiation recipe is used this is the place to
+# put its name
+egg = slapos.cookbook
+module = cloudooo
+
+[template]
+# Default template for erp5 instance.
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance.cfg
+md5sum = 45d8de2ca15f126506ad5c08357c5a26
+output = ${buildout:directory}/template.cfg
+mode = 0644

software/erp5/configuration.json

+{
+  "name":"Parameter",
+  "title": "Default parameter schema for ERP5 Software Release.",
+  "type": "object",
+  "additionalProperties": false,
+  "properties": {
+    "flavour" : {
+        "type" : "string",
+        "title" : "Sofware Release Flavour",
+        "optional": true,
+        "default" : "default",
+        "enum" : ["default", "configurator"]
+      },
+
+    "bt5_list": {
+       "type":"array",
+       "title" : "Business Template List",
+       "items" : {"type": "string"},
+       "optional" : true
+      },
+
+    "bt5_repository_list": {
+       "type" : "array",
+       "title" : "Business Template Repository List",
+       "items" : {"type": "string"},
+       "optional" : true
+     }
+  }
+}

software/erp5/instance.cfg

@@ -9,6 +9,7 @@ develop-eggs-directory = ${buildout:develop-eggs-directory}
 recipe = ${instance-recipe:egg}:${instance-recipe:module}
 dcrond_binary = ${dcron:location}/sbin/crond
 haproxy_binary = ${haproxy:location}/sbin/haproxy
+gzip_binary = ${gzip:location}/bin/gzip
 httpd_binary = ${apache:location}/bin/httpd
 innobackupex_binary = ${xtrabackup:location}/bin/innobackupex
 kumo_gateway_binary = ${kumo:location}/bin/kumo-gateway
@@ -30,7 +31,16 @@ runzeo_binary = ${buildout:bin-directory}/runzeo
 runzope_binary = ${buildout:bin-directory}/runzope
 tidstorage_repozo_binary = ${buildout:bin-directory}/tidstorage_repozo
 tidstoraged_binary = ${buildout:bin-directory}/tidstoraged
+xtrabackup_binary = ${xtrabackup:location}/bin/xtrabackup_51
 zabbix_agent_binary = ${zabbix-agent:location}/sbin/zabbix_agent
+mk-variable-advisor_binary = ${perl:siteprefix}/bin/mk-variable-advisor
+mk-table-usage_binary = ${perl:siteprefix}/bin/mk-table-usage
+mk-visual-explain_binary = ${perl:siteprefix}/bin/mk-visual-explain
+mk-config-diff_binary = ${perl:siteprefix}/bin/mk-config-diff
+mk-deadlock-logger_binary = ${perl:siteprefix}/bin/mk-deadlock-logger
+mk-error-log_binary = ${perl:siteprefix}/bin/mk-error-log
+mk-index-usage_binary = ${perl:siteprefix}/bin/mk-index-usage
+mk-query-advisor_binary = ${perl:siteprefix}/bin/mk-query-advisor
 
 # cloudooo specific configuration
 ooo_binary_path = ${libreoffice-bin:location}/program
@@ -48,15 +58,16 @@ link_binary_list =
   ${graphviz:location}/bin/dot
   ${grep:location}/bin/grep
   ${imagemagick:location}/bin/convert
+  ${imagemagick:location}/bin/identify
   ${mariadb:location}/bin/mysql
   ${mariadb:location}/bin/mysqldump
   ${pdftk:location}/bin/pdftk
   ${sed:location}/bin/sed
   ${tesseract:location}/bin/tesseract
   ${w3m:location}/bin/w3m
-  ${xpdf:location}/bin/pdfinfo
-  ${xpdf:location}/bin/pdftotext
-  ${xtrabackup:location}/bin/xtrabackup_51
+  ${poppler:location}/bin/pdfinfo
+  ${poppler:location}/bin/pdftotext
+  ${poppler:location}/bin/pdftohtml
 
 # XXX: products won't be needed as soon as all ERP5 (and products-deps)
 # products will be eggified so then it will be possible to use them thanks to
@@ -64,3 +75,7 @@ link_binary_list =
 products = ${products:list}
 environment =
   LD_LIBRARY_PATH = ${file:location}/lib:${zlib:location}/lib:${freetype:location}/lib:${libXext:location}/lib:${libXau:location}/lib:${libX11:location}/lib:${libXdmcp:location}/lib:${libxcb:location}/lib
+
+bt5_repository_list = ${bt5-repository:list}
+
+configurator_bt5_list = ${instance-recipe:configurator_bt5_list}

software/erp5/software.cfg

 [buildout]
-extensions =
-  slapos.rebootstrap
-  slapos.zcbworkarounds
-  mr.developer
-
-find-links =
-    http://www.nexedi.org/static/packages/source/slapos.buildout/
-    http://dist.repoze.org
-    http://www.nexedi.org/static/packages/source/
-
 extends =
+  ../../stack/shacache-client.cfg
   ../../stack/erp5.cfg
 
 versions = versions
@@ -17,6 +8,7 @@ versions = versions
 parts +=
 # Create instance template
   template
+  validator
 
 # XXX: Workaround of SlapOS limitation
 # Unzippig of eggs is required, as SlapOS do not yet provide nicely working
@@ -29,41 +21,24 @@ unzip = true
 egg = slapos.cookbook
 module = erp5
 
+# Additional Configuration
+configurator_bt5_list = erp5_core_proxy_field_legacy erp5_full_text_myisam_catalog erp5_base erp5_workflow erp5_configurator erp5_configurator_standard erp5_configurator_maxma_demo erp5_configurator_ung
+
 [template]
 # Default template for erp5 instance.
-recipe = slapos.cookbook:template
+recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance.cfg
-md5sum = 1b29b27aedcc7fa5f30f1053e8eab13f
+md5sum = 77062d472e88aca0fe632bdee4f9bb21
 output = ${buildout:directory}/template.cfg
 mode = 0644
 
-# Release stabilisation
-[products-deps]
-# Recipe minitage.recipe.fetch is disabled, as it uses PATH variable, but it
-# is not possible to change its environment to use localy delivered subversion
-# nor git. plone.recipe.command can do same job, but it is controllable which
-# binary will be used
-recipe = plone.recipe.command
-svn_param =--trust-server-cert --non-interactive --quiet
-location = ${buildout:parts-directory}/${:_buildout_section_name_}
-stop-on-error = true
-command =
-  ${subversion:location}/bin/svn checkout ${:svn_param} -r 98997 https://svn.plone.org/svn/collective/ExtFile/trunk ${:location}/ExtFile &&
-  ${git:location}/bin/git clone --quiet git://git.hforge.org/Localizer.git ${:location}/Localizer && cd ${:location}/Localizer && ${git:location}/bin/git reset --quiet --hard dacb6ba0ae559cd9bdb8822812d24a12a21e9e37
-update-command =
-
-[erp5]
-# Recipe zerokspot.recipe.git is disabled, as is not possible to change its
-# environment to use localy delivered git.
-# plone.recipe.command can do same job, but it is controllable which binary
-# will be used
-recipe = plone.recipe.command
-location = ${buildout:parts-directory}/${:_buildout_section_name_}
-stop-on-error = true
-repository = http://git.erp5.org/repos/erp5.git
-branch = master
-command = ${git:location}/bin/git clone --quiet -b ${:branch} ${:repository} ${:location} && cd ${:location} && ${git:location}/bin/git reset --quiet --hard 0eba9830dae07dbf5319f218989b79ddd5eb11b1
-update-command =
+[validator]
+# Default json schema for instance parameters.
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/configuration.json
+md5sum = cbe1d75339c6cb20e1aef818797face1 
+output = ${buildout:directory}/schema.json
+mode = 0644
 
 [versions]
 MySQL-python = 1.2.3
@@ -79,11 +54,13 @@ Products.DCWorkflowGraph = 0.4nxd001
 Products.ExternalEditor = 1.1.0
 Products.GenericSetup = 1.6.3
 Products.MimetypesRegistry = 2.0.2
-Products.PluggableAuthService = 1.7.4
+Products.PluggableAuthService = 1.7.5
 Products.PluginRegistry = 1.3b1
 Products.TIDStorage = 5.4.7.dev-r45842
 Products.Zelenium = 1.0.3
 StructuredText = 2.11.1
+Werkzeug = 0.6.2
+buildout-versions = 1.6
 cElementTree = 1.0.5-20051216
 chardet = 1.0.1
 cloudooo = 1.2.3
@@ -94,33 +71,41 @@ cloudooo.handler.pdf = 0.1
 csp-eventlet = 0.6.0
 elementtree = 1.2.7-20070827-preview
 erp5.conflictresolver = 0.3
-erp5.recipe.cmmiforcei686 = 0.1.1
+erp5.recipe.cmmiforcei686 = 0.1.3
 erp5diff = 0.8.1.3
-eventlet = 0.9.15
+eventlet = 0.9.16
 feedparser = 5.0.1
 five.localsitemanager = 2.0.5
 greenlet = 0.3.1
 hexagonit.recipe.cmmi = 1.5.0
 hexagonit.recipe.download = 1.5.0
-ipdb = 0.3
+http-parser = 0.6.2
+ipdb = 0.4
+meld3 = 0.6.7
 mr.developer = 1.17
 ordereddict = 1.1
 paramiko = 1.7.7.1
 plone.recipe.command = 1.1
 ply = 3.4
-psutil = 0.2.1
+psutil = 0.3.0
 pycrypto = 2.3
-python-ldap = 2.3.13
-python-memcached = 1.47
-restkit = 3.2.3
+python-ldap = 2.4.1
+python-memcached = 1.45
+restkit = 3.3.0
 rtjp-eventlet = 0.3.2
-slapos.cookbook = 0.1
+slapos.cookbook = 0.16
+slapos.recipe.template = 1.1
 threadframe = 0.2
 timerserver = 2.0.2
 urlnorm = 1.1.2
 uuid = 1.30
+validictory = 0.7.1
 xupdate-processor = 0.4
 
+# Required by:
+# slapos.core==0.12
+Flask = 0.7.2
+
 # Required by:
 # PasteScript==1.7.3
 # cloudooo==1.2.3
@@ -132,10 +117,11 @@ WSGIUtils = 0.7
 
 # Required by:
 # cloudooo==1.2.3
-argparse = 1.2.1
+# slapos.core==0.12
+argparse = 1.1
 
 # Required by:
-# slapos.cookbook==0.1
+# slapos.recipe.template==1.1
 collective.recipe.template = 1.8
 
 # Required by:
@@ -143,13 +129,17 @@ collective.recipe.template = 1.8
 fpconst = 0.7.2
 
 # Required by:
-# ipdb==0.3
+# ipdb==0.4
 ipython = 0.10.2
 
 # Required by:
-# slapos.cookbook==0.1
+# slapos.cookbook==0.16
 netaddr = 0.7.5
 
+# Required by:
+# slapos.core==0.12
+netifaces = 0.4
+
 # Required by:
 # cloudooo==1.2.3
 python-magic = 0.4.0.1
@@ -166,23 +156,27 @@ python-magic = 0.4.0.1
 # Products.ExternalEditor==1.1.0
 # Products.GenericSetup==1.6.3
 # Products.MimetypesRegistry==2.0.2
-# Products.PluggableAuthService==1.7.4
+# Products.PluggableAuthService==1.7.5
 # Products.PluginRegistry==1.3b1
 # Products.TIDStorage==5.4.7.dev-r45842
 # Products.Zelenium==1.0.3
-# Zope2==2.12.18
+# Zope2==2.12.19
 # five.localsitemanager==2.0.5
 # mr.developer==1.17
-# python-ldap==2.3.13
-# zc.buildout==1.5.3-dev-SlapOS-001
+# python-ldap==2.4.1
+# zc.buildout==1.5.3-dev-SlapOS-005
 # zope.deprecation==3.4.0
 # zope.structuredtext==3.4.0
-setuptools = 0.6c12dev-r88795
+setuptools = 0.6c12dev-r88846
+
+# Required by:
+# slapos.cookbook==0.16
+slapos.core = 0.12
 
 # Required by:
-# slapos.cookbook==0.1
-slapos.slap = 1.2.dev-r4679
+# slapos.core==0.12
+supervisor = 3.0a10
 
 # Required by:
-# slapos.cookbook==0.1
+# slapos.cookbook==0.16
 xml-marshaller = 0.9.7

software/erp5testnode/instance.cfg

@@ -6,7 +6,7 @@ eggs-directory = ${buildout:eggs-directory}
 develop-eggs-directory = ${buildout:develop-eggs-directory}
 
 [testnode]
-recipe = erp5.recipe.testnode
+recipe = slapos.cookbook:erp5testnode
 
 buildbot_binary = ${buildout:bin-directory}/buildbot
 slapgrid_partition_binary = ${buildout:bin-directory}/slapgrid-cp

software/erp5testnode/software.cfg

@@ -8,14 +8,20 @@ find-links = http://www.nexedi.org/static/packages/source/slapos.buildout/
     http://dist.repoze.org
     http://www.nexedi.org/static/packages/source/
 
+# Separate from site eggs
+allowed-eggs-from-site-packages =
+include-site-packages = false
+exec-sitecustomize = false
+
 versions = versions
 rebootstrap-section = python2.6
+
 extends =
-  profile/python-2.6.cfg
-  profile/subversion.cfg
-  profile/git.cfg
-  profile/lxml-python.cfg
-  profile/zip.cfg
+  ../../component/python-2.6/buildout.cfg
+  ../../component/subversion/buildout.cfg
+  ../../component/git/buildout.cfg
+  ../../component/lxml-python/buildout.cfg
+  ../../component/zip/buildout.cfg
 
 parts =
   template
@@ -45,12 +51,11 @@ zc.buildout = 1.5.3-dev-SlapOS-001
 recipe = zc.recipe.egg
 eggs =
   ${lxml-python:egg}
-  erp5.recipe.testnode
-  slapos.toolbox
+  slapos.core
+  slapos.cookbook
 
 [template]
-recipe = slapos.cookbook:template
-url = ${:_profile_base_location_}/testnode-instance.cfg
-md5sum = 0b44b72c9e21d760f7e27a89e9d10187
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance.cfg
 output = ${buildout:directory}/template.cfg
 mode = 0644

software/kumofs/instance.cfg

+[buildout]
+parts =
+  instance
+
+eggs-directory = ${buildout:eggs-directory}
+develop-eggs-directory = ${buildout:develop-eggs-directory}
+
+[instance]
+recipe = ${instance-recipe:egg}:${instance-recipe:module}
+kumo_gateway_binary = ${kumo:location}/bin/kumo-gateway
+kumo_manager_binary = ${kumo:location}/bin/kumo-manager
+kumo_server_binary = ${kumo:location}/bin/kumo-server
+dcrond_binary = ${dcron:location}/sbin/crond
+openssl_binary = ${openssl:location}/bin/openssl
+rdiff_backup_binary = ${buildout:bin-directory}/rdiff-backup
+stunnel_binary = ${stunnel:location}/bin/stunnel

software/kumofs/software.cfg

+[buildout]
+find-links +=
+    http://www.nexedi.org/static/packages/source/slapos.buildout/
+
+extends =
+  ../../component/git/buildout.cfg
+  ../../component/kumo/buildout.cfg
+  ../../component/python-2.7/buildout.cfg
+  ../../component/dcron/buildout.cfg
+  ../../component/stunnel/buildout.cfg
+  ../../component/rdiff-backup/buildout.cfg
+  ../../component/lxml-python/buildout.cfg
+  ../../stack/shacache-client.cfg
+
+# Use only quite well working sites.
+allow-hosts =
+  *.nexedi.org
+  *.python.org
+  *.sourceforge.net
+  dist.repoze.org
+  effbot.org
+  github.com
+  peak.telecommunity.com
+  psutil.googlecode.com
+  www.dabeaz.com
+
+versions = versions
+
+parts +=
+# Create instance template
+#TODO : list here all parts.
+  template
+  libxslt
+  eggs
+  instance-recipe-egg
+
+# XXX: Workaround of SlapOS limitation
+# Unzippig of eggs is required, as SlapOS do not yet provide nicely working
+# development / fast switching environment for whole software
+unzip = true
+
+[instance-recipe]
+egg = slapos.cookbook
+module = kumofs
+
+[instance-recipe-egg]
+recipe = zc.recipe.egg
+python = python2.7
+eggs = ${instance-recipe:egg}
+
+[eggs]
+recipe = zc.recipe.egg
+python = python2.7
+eggs =
+  ${lxml-python:egg}
+
+[template]
+# Default template for the instance.
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance.cfg
+md5sum = 056a4af7128fd9e31da42c85cc039420
+output = ${buildout:directory}/template.cfg
+mode = 0644
+
+[versions]
+slapos.cookbook = 0.13
+
+erp5.recipe.cmmiforcei686 = 0.1.1
+hexagonit.recipe.cmmi = 1.5.0
+hexagonit.recipe.download = 1.5.0
+
+# Required by slapos.cookbook==0.13
+slapos.core = 0.2
+collective.recipe.template = 1.8
+netaddr = 0.7.5
+xml-marshaller = 0.9.7
+setuptools = 0.6c12dev-r88795
+
+# Use SlapOS patched zc.buildout
+zc.buildout = 1.5.3-dev-SlapOS-005

software/kvm/instance.cfg

+[buildout]
+parts =
+  kvminstance
+
+eggs-directory = ${buildout:eggs-directory}
+develop-eggs-directory = ${buildout:develop-eggs-directory} 
+
+[kvminstance]
+recipe = slapos.cookbook:kvm
+qemu_path = ${kvm:location}/bin/qemu-system-x86_64
+qemu_img_path = ${kvm:location}/bin/qemu-img
+#slapmonitor_path = ${buildout:bin-directory}/slapmonitor
+#slapreport_path = ${buildout:bin-directory}/slapreport
+websockify_path = ${noVNC:location}/utils/wsproxy.py
+noVNC_location = ${noVNC:location}
+openssl_binary = ${openssl:location}/bin/openssl
+rdiff_backup_binary = ${buildout:bin-directory}/rdiff-backup
+dcrond_binary = ${dcron:location}/sbin/crond
+
+smp_count = 1
+ram_size = 1024
+disk_size = 10

software/kvm/software.cfg

+[buildout]
+extends =
+  ../../stack/kvm.cfg
+
+[template]
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance.cfg
+md5sum = d899f2111aab18ad25776f35ed49a91b
+output = ${buildout:directory}/template.cfg
+mode = 0644
+
+[kvmsource]
+command =
+  (${git:location}/bin/git clone --quiet http://git.erp5.org/repos/slapos.kvm.git ${:location} && cd ${:location} && ${git:location}/bin/git reset --hard 94ee45cc02e69798cac8209d2296fd1751125018) || (rm -fr ${:location} ; exit 1)
+update-command =
+
+[versions]
+Jinja2 = 2.5.5
+Werkzeug = 0.6.2
+hexagonit.recipe.cmmi = 1.5.0
+lxml = 2.3
+meld3 = 0.6.7
+plone.recipe.command = 1.1
+slapos.cookbook = 0.15
+slapos.recipe.template = 1.1
+z3c.recipe.scripts = 1.0.1
+
+# Required by:
+# slapos.core==0.9
+Flask = 0.7.2
+
+# Required by:
+# slapos.cookbook==0.15
+PyXML = 0.8.4
+
+# Required by:
+# slapos.recipe.template==1.1
+collective.recipe.template = 1.8
+
+# Required by:
+# hexagonit.recipe.cmmi==1.5.0
+hexagonit.recipe.download = 1.5.0
+
+# Required by:
+# slapos.cookbook==0.15
+netaddr = 0.7.5
+
+# Required by:
+# slapos.core==0.9
+netifaces = 0.5
+
+# Required by:
+# slapos.cookbook==0.15
+# slapos.core==0.9
+# zc.buildout==1.5.3-dev-SlapOS-005
+# zc.recipe.egg==1.3.2
+setuptools = 0.6c12dev-r88846
+
+# Required by:
+# slapos.cookbook==0.15
+slapos.core = 0.9
+
+# Required by:
+# slapos.core==0.9
+supervisor = 3.0a10
+
+# Required by:
+# slapos.cookbook==0.15
+xml-marshaller = 0.9.7
+
+# Required by:
+# slapos.cookbook==0.15
+zc.recipe.egg = 1.3.2
+
+# Required by:
+# slapos.core==0.9
+zope.interface = 3.6.4
+
+# Required by:
+# novnc==0.1
+numpy = 1.6.1
+
+# XXX-CEDRIC Quick and dirty workaround to avoid m2crypto problems.
+# should not be used elsewhere unless for urgent cases. 
+slapos.libnetworkcache = 0.2

software/lamp-template-static/instance.cfg

+[buildout]
+eggs-directory = ${buildout:eggs-directory}
+develop-eggs-directory = ${buildout:develop-eggs-directory}
+
+parts = instance
+
+[instance]
+recipe = ${instance-recipe:egg}:${instance-recipe:module}
+source = ${application:location}
+httpd_binary = ${apache:location}/bin/httpd

software/lamp-template-static/software.cfg

+[buildout]
+versions = versions
+
+parts =
+  template
+  apache
+  eggs
+  instance-recipe-egg
+  downloadcache-workaround
+
+extends =
+  http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/stack/lamp.cfg
+  http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/component/apache/buildout.cfg
+  http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/stack/shacache-client.cfg
+
+[application]
+recipe = hexagonit.recipe.download
+url = Student shall put here url of zipped or tarballed web page or application
+#md5sum = Student may put here md5sum of this file, this is good idea
+#If provided tarball does not contain top directory, option shall be changed to false
+#strip-top-level-dir = true
+
+[instance-recipe]
+egg = slapos.cookbook
+module = osoeslaptraining.static
+
+[template]
+# Default template for the instance.
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance.cfg
+#md5sum = Student shall put md5 of instance.cfg here
+output = ${buildout:directory}/template.cfg
+mode = 0644
+
+[instance-recipe-egg]
+recipe = zc.recipe.egg
+python = python2.7
+eggs = ${instance-recipe:egg}
+
+[versions]
+# Use SlapOS patched zc.buildout
+zc.buildout = 1.5.3-dev-SlapOS-005
+
+[downloadcache-workaround]
+# workaround irritating problem of hexagonit.recipe.cmmi which automatically
+# creates download cache, which in turn switches builout to "semi-offline" mode
+recipe = plone.recipe.command
+# in hexagonit.recipe.cmmi if there is no ${buildout:download-cache} set it resolves
+# to ${buildout:directory}/downloads but this variable is available late, that's
+# why it is hardcoded only for required case
+download-cache = ${buildout:directory}/downloads
+command = [ -d ${:download-cache} ] && rm -fr ${:download-cache}/* || exit 0
+update-command = ${:command}
+stop-on-error = True
+

software/lamp-template/instance.cfg

+[buildout]
+eggs-directory = ${buildout:eggs-directory}
+develop-eggs-directory = ${buildout:develop-eggs-directory}
+
+parts = instance
+
+[instance]
+recipe = ${instance-recipe:egg}:${instance-recipe:module}
+source = ${application:location}
+template = ${application-template:location}/${application-template:filename}
+configuration = ${application-configuration:location}
+
+httpd_binary = ${apache:location}/bin/httpd
+mysql_binary = ${mariadb:location}/bin/mysql
+mysql_install_binary = ${mariadb:location}/bin/mysql_install_db
+mysql_upgrade_binary = ${mariadb:location}/bin/mysql_upgrade
+mysqld_binary = ${mariadb:location}/libexec/mysqld

software/lamp-template/software.cfg

+[buildout]
+versions = versions
+
+parts =
+  template
+  apache-php
+  mariadb
+  eggs
+  instance-recipe-egg
+  downloadcache-workaround
+  
+extends =
+  http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/stack/lamp.cfg
+  http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/stack/shacache-client.cfg
+
+[application]
+recipe = hexagonit.recipe.download
+url = Student shall put here url of zipped or tarballed web page or application
+#md5sum = Student may put here md5sum of this file, this is good idea
+#If provided tarball does not contain top directory, option shall be changed to false
+#strip-top-level-dir = true
+
+[application-template]
+recipe = slapos.recipe.download
+url = Student shall put here url to template file for application
+#md5sum = Student may put here md5sum of this file, this is good idea
+download-only = True
+filename = template.in
+mode = 0644
+location = ${buildout:parts-directory}/${:_buildout_section_name_}
+
+[application-configuration]
+location = Student shall put here relative path to application top level directory where configuration shall be created
+  
+[instance-recipe]
+egg = slapos.cookbook
+module = osoeslaptraining.simple
+
+[template]
+# Default template for the instance.
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance.cfg
+#md5sum = Student shall put md5 of instance.cfg here
+output = ${buildout:directory}/template.cfg
+mode = 0644
+
+[instance-recipe-egg]
+recipe = zc.recipe.egg
+python = python2.7
+eggs = ${instance-recipe:egg}
+
+[versions]
+# Use SlapOS patched zc.buildout
+zc.buildout = 1.5.3-dev-SlapOS-005
+
+[downloadcache-workaround]
+# workaround irritating problem of hexagonit.recipe.cmmi which automatically
+# creates download cache, which in turn switches builout to "semi-offline" mode
+recipe = plone.recipe.command
+# in hexagonit.recipe.cmmi if there is no ${buildout:download-cache} set it resolves
+# to ${buildout:directory}/downloads but this variable is available late, that's
+# why it is hardcoded only for required case
+download-cache = ${buildout:directory}/downloads
+command = [ -d ${:download-cache} ] && rm -fr ${:download-cache}/* || exit 0
+update-command = ${:command}
+stop-on-error = True
+

software/lamp-template/template/phpmyadmin.inc.php.in

+<?php
+$cfg['blowfish_secret'] = ''; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
+$i = 0;
+$i++;
+/* Server parameters */
+$cfg['Servers'][$i]['host'] = 'Put here mysql host template key';
+$cfg['Servers'][$i]['port'] = 'Put here mysql port template key';
+/* Authentication type */
+$cfg['Servers'][$i]['auth_type'] = 'cookie';
+$cfg['Servers'][$i]['user'] = '';
+$cfg['Servers'][$i]['connect_type'] = 'tcp';
+$cfg['Servers'][$i]['compress'] = false;
+/* Select mysqli if your server has it */
+$cfg['Servers'][$i]['extension'] = 'mysql';
+$cfg['Servers'][$i]['AllowNoPassword'] = false;
+
+/* rajk - for blobstreaming */
+$cfg['Servers'][$i]['bs_garbage_threshold'] = 50;
+$cfg['Servers'][$i]['bs_repository_threshold'] = '32M';
+$cfg['Servers'][$i]['bs_temp_blob_timeout'] = 600;
+$cfg['Servers'][$i]['bs_temp_log_threshold'] = '32M';
+$cfg['UploadDir'] = '';
+$cfg['SaveDir'] = '';
+
+?>

software/lamp-template/template/wp-config.php.in

+<?php
+/**
+ * The base configurations of the WordPress.
+ *
+ * This file has the following configurations: MySQL settings, Table Prefix,
+ * Secret Keys, WordPress Language, and ABSPATH. You can find more information
+ * by visiting {@link http://codex.wordpress.org/Editing_wp-config.php Editing
+ * wp-config.php} Codex page. You can get the MySQL settings from your web host.
+ *
+ * This file is used by the wp-config.php creation script during the
+ * installation. You don't have to use the web site, you can just copy this file
+ * to "wp-config.php" and fill in the values.
+ *
+ * @package WordPress
+ */
+
+// ** MySQL settings - You can get this info from your web host ** //
+/** The name of the database for WordPress */
+define('DB_NAME', 'Put here mysql database name template key');
+
+/** MySQL database username */
+define('DB_USER', 'Put here mysql user template key');
+
+/** MySQL database password */
+define('DB_PASSWORD', 'Put here mysql password template key');
+
+/** MySQL hostname */
+define('DB_HOST', 'Put here mysql host template key');
+
+/** Database Charset to use in creating database tables. */
+define('DB_CHARSET', 'utf8');
+
+/** The Database Collate type. Don't change this if in doubt. */
+define('DB_COLLATE', '');
+
+/**#@+
+ * Authentication Unique Keys and Salts.
+ *
+ * Change these to different unique phrases!
+ * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
+ * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
+ *
+ * @since 2.6.0
+ */
+define('AUTH_KEY',         'put your unique phrase here');
+define('SECURE_AUTH_KEY',  'put your unique phrase here');
+define('LOGGED_IN_KEY',    'put your unique phrase here');
+define('NONCE_KEY',        'put your unique phrase here');
+define('AUTH_SALT',        'put your unique phrase here');
+define('SECURE_AUTH_SALT', 'put your unique phrase here');
+define('LOGGED_IN_SALT',   'put your unique phrase here');
+define('NONCE_SALT',       'put your unique phrase here');
+
+/**#@-*/
+
+/**
+ * WordPress Database Table prefix.
+ *
+ * You can have multiple installations in one database if you give each a unique
+ * prefix. Only numbers, letters, and underscores please!
+ */
+$table_prefix  = 'wp_';
+
+/**
+ * WordPress Localized Language, defaults to English.
+ *
+ * Change this to localize WordPress. A corresponding MO file for the chosen
+ * language must be installed to wp-content/languages. For example, install
+ * de_DE.mo to wp-content/languages and set WPLANG to 'de_DE' to enable German
+ * language support.
+ */
+define('WPLANG', '');
+
+/**
+ * For developers: WordPress debugging mode.
+ *
+ * Change this to true to enable the display of notices during development.
+ * It is strongly recommended that plugin and theme developers use WP_DEBUG
+ * in their development environments.
+ */
+define('WP_DEBUG', false);
+
+/* That's all, stop editing! Happy blogging. */
+
+/** Absolute path to the WordPress directory. */
+if ( !defined('ABSPATH') )
+	define('ABSPATH', dirname(__FILE__) . '/');
+
+/** Sets up WordPress vars and included files. */
+require_once(ABSPATH . 'wp-settings.php');

software/mariadb/instance.cfg

+[buildout]
+parts =
+  instance
+
+eggs-directory = ${buildout:eggs-directory}
+develop-eggs-directory = ${buildout:develop-eggs-directory}
+
+[instance]
+recipe = ${instance-recipe:egg}:${instance-recipe:module}
+dcrond_binary = ${dcron:location}/sbin/crond
+innobackupex_binary = ${xtrabackup:location}/bin/innobackupex
+logrotate_binary = ${logrotate:location}/usr/sbin/logrotate
+mysql_binary = ${mariadb:location}/bin/mysql
+mysql_install_binary = ${mariadb:location}/bin/mysql_install_db
+mysql_upgrade_binary = ${mariadb:location}/bin/mysql_upgrade
+mysqld_binary = ${mariadb:location}/libexec/mysqld
+openssl_binary = ${openssl:location}/bin/openssl
+perl_binary = ${perl:location}/bin/perl
+rdiff_backup_binary = ${buildout:bin-directory}/rdiff-backup
+stunnel_binary = ${stunnel:location}/bin/stunnel

software/mariadb/software.cfg

+[buildout]
+
+extensions =
+  slapos.zcbworkarounds
+  slapos.rebootstrap
+
+find-links +=
+    http://www.nexedi.org/static/packages/source/slapos.buildout/
+
+extends =
+  ../../component/mariadb/buildout.cfg
+  ../../component/dcron/buildout.cfg
+  ../../component/logrotate/buildout.cfg
+  ../../component/stunnel/buildout.cfg
+  ../../component/python-2.7/buildout.cfg
+  ../../component/perl/buildout.cfg
+  ../../component/xtrabackup/buildout.cfg
+  ../../component/rdiff-backup/buildout.cfg
+  ../../component/lxml-python/buildout.cfg
+  ../../stack/shacache-client.cfg
+
+# Use only quite well working sites.
+allow-hosts =
+  *.nexedi.org
+  *.python.org
+  *.sourceforge.net
+  dist.repoze.org
+  effbot.org
+  github.com
+  peak.telecommunity.com
+  psutil.googlecode.com
+  www.dabeaz.com
+
+versions = versions
+
+parts +=
+# Create instance template
+#TODO : list here all parts.
+  template
+  libxslt
+  eggs
+  instance-recipe-egg
+
+# XXX: Workaround of SlapOS limitation
+# Unzippig of eggs is required, as SlapOS do not yet provide nicely working
+# development / fast switching environment for whole software
+unzip = true
+
+[rebootstrap]
+# Default first version of rebootstrapped python
+version = 2
+section = python2.7
+
+[instance-recipe]
+egg = slapos.cookbook
+module = mysql
+
+[instance-recipe-egg]
+recipe = zc.recipe.egg
+python = python2.7
+eggs = ${instance-recipe:egg}
+
+[eggs]
+recipe = zc.recipe.egg
+python = python2.7
+eggs =
+  ${lxml-python:egg}
+
+[template]
+# Default template for the instance.
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance.cfg
+md5sum = 69c32a67c5640d36ee042d2cfc35843d
+output = ${buildout:directory}/template.cfg
+mode = 0644
+
+[versions]
+slapos.cookbook = 0.9
+
+# Required by slapos.cookbook==0.9
+slapos.core = 0.4
+collective.recipe.template = 1.8
+netaddr = 0.7.5
+xml-marshaller = 0.9.7
+setuptools = 0.6c12dev-r88795
+
+hexagonit.recipe.cmmi = 1.5.0
+hexagonit.recipe.download = 1.5.0
+plone.recipe.command = 1.1
+
+# Use SlapOS patched zc.buildout
+zc.buildout = 1.5.3-dev-SlapOS-005

software/memcached/instance.cfg

+[buildout]
+parts =
+  instance
+
+eggs-directory = ${buildout:eggs-directory}
+develop-eggs-directory = ${buildout:develop-eggs-directory}
+
+[instance]
+recipe = ${instance-recipe:egg}:${instance-recipe:module}
+dcrond_binary = ${dcron:location}/sbin/crond
+memcached_binary = ${memcached:location}/bin/memcached
+openssl_binary = ${openssl:location}/bin/openssl
+rdiff_backup_binary = ${buildout:bin-directory}/rdiff-backup
+stunnel_binary = ${stunnel:location}/bin/stunnel

software/memcached/software.cfg

+[buildout]
+
+extensions =
+  slapos.zcbworkarounds
+  slapos.rebootstrap
+
+find-links +=
+    http://www.nexedi.org/static/packages/source/slapos.buildout/
+
+extends =
+  ../../component/memcached/buildout.cfg
+  ../../component/python-2.7/buildout.cfg
+  ../../component/dcron/buildout.cfg
+  ../../component/stunnel/buildout.cfg
+  ../../component/rdiff-backup/buildout.cfg
+  ../../component/lxml-python/buildout.cfg
+  ../../stack/shacache-client.cfg
+
+# Use only quite well working sites.
+allow-hosts =
+  *.nexedi.org
+  *.python.org
+  *.sourceforge.net
+  dist.repoze.org
+  effbot.org
+  github.com
+  peak.telecommunity.com
+  psutil.googlecode.com
+  www.dabeaz.com
+
+versions = versions
+
+parts =
+# Create instance template
+#TODO : list here all parts.
+  template
+  libxslt
+  eggs
+  instance-recipe-egg
+
+# XXX: Workaround of SlapOS limitation
+# Unzippig of eggs is required, as SlapOS do not yet provide nicely working
+# development / fast switching environment for whole software
+unzip = true
+
+[rebootstrap]
+# Default first version of rebootstrapped python
+version = 2
+section = python2.7
+
+[instance-recipe]
+egg = slapos.cookbook
+module = memcached
+
+[instance-recipe-egg]
+recipe = zc.recipe.egg
+python = python2.7
+eggs = ${instance-recipe:egg}
+
+[eggs]
+recipe = zc.recipe.egg
+python = python2.7
+eggs =
+  ${lxml-python:egg}
+
+[template]
+# Default template for the instance.
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance.cfg
+md5sum = 837caf9897332a5f70c72438f1dc5bae
+output = ${buildout:directory}/template.cfg
+mode = 0644
+
+[versions]
+slapos.cookbook = 0.7
+
+# Required by slapos.cookbook==0.7
+slapos.core = 0.2
+collective.recipe.template = 1.8
+netaddr = 0.7.5
+xml-marshaller = 0.9.7
+setuptools = 0.6c12dev-r88795
+
+hexagonit.recipe.cmmi = 1.5.0
+hexagonit.recipe.download = 1.5.0
+plone.recipe.command = 1.1
+
+# Use SlapOS patched zc.buildout
+zc.buildout = 1.5.3-dev-SlapOS-005

software/mysql-5.1/instance.cfg

+[buildout]
+parts =
+  instance
+
+eggs-directory = ${buildout:eggs-directory}
+develop-eggs-directory = ${buildout:develop-eggs-directory}
+
+[instance]
+recipe = ${instance-recipe:egg}:${instance-recipe:module}
+dcrond_binary = ${dcron:location}/sbin/crond
+innobackupex_binary = ${xtrabackup:location}/bin/innobackupex
+logrotate_binary = ${logrotate:location}/usr/sbin/logrotate
+mysql_binary = ${mysql-5.1:location}/bin/mysql
+mysql_install_binary = ${mysql-5.1:location}/bin/mysql_install_db
+mysql_upgrade_binary = ${mysql-5.1:location}/bin/mysql_upgrade
+mysqld_binary = ${mysql-5.1:location}/libexec/mysqld
+openssl_binary = ${openssl:location}/bin/openssl
+perl_binary = ${perl:location}/bin/perl
+rdiff_backup_binary = ${buildout:bin-directory}/rdiff-backup
+stunnel_binary = ${stunnel:location}/bin/stunnel

software/mysql-5.1/software.cfg

+[buildout]
+find-links +=
+    http://www.nexedi.org/static/packages/source/slapos.buildout/
+
+extends =
+  ../../component/mysql-5.1/buildout.cfg
+  ../../component/dcron/buildout.cfg
+  ../../component/logrotate/buildout.cfg
+  ../../component/stunnel/buildout.cfg
+  ../../component/python-2.7/buildout.cfg
+  ../../component/perl/buildout.cfg
+  ../../component/xtrabackup/buildout.cfg
+  ../../component/rdiff-backup/buildout.cfg
+  ../../component/lxml-python/buildout.cfg
+  ../../stack/shacache-client.cfg
+
+# Use only quite well working sites.
+allow-hosts =
+  *.nexedi.org
+  *.python.org
+  *.sourceforge.net
+  dist.repoze.org
+  effbot.org
+  github.com
+  peak.telecommunity.com
+  psutil.googlecode.com
+  www.dabeaz.com
+
+versions = versions
+
+parts +=
+#TODO : list here all parts.
+# Create instance template
+  template
+  libxslt
+  eggs
+  instance-recipe-egg
+  rdiff-backup
+
+# XXX: Workaround of SlapOS limitation
+# Unzippig of eggs is required, as SlapOS do not yet provide nicely working
+# development / fast switching environment for whole software
+unzip = true
+
+[instance-recipe]
+egg = slapos.cookbook
+module = mysql
+
+[instance-recipe-egg]
+recipe = zc.recipe.egg
+python = python2.7
+eggs = ${instance-recipe:egg}
+
+[eggs]
+recipe = zc.recipe.egg
+python = python2.7
+eggs =
+  ${lxml-python:egg}
+
+[template]
+# Default template for the instance.
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance.cfg
+md5sum = 2764597a6e4fe243cdf6e37b6535e767
+output = ${buildout:directory}/template.cfg
+mode = 0644
+
+[versions]
+slapos.cookbook = 0.13
+
+# Required by slapos.cookbook==0.13
+slapos.core = 0.4
+collective.recipe.template = 1.8
+netaddr = 0.7.5
+xml-marshaller = 0.9.7
+setuptools = 0.6c12dev-r88795
+
+hexagonit.recipe.cmmi = 1.5.0
+hexagonit.recipe.download = 1.5.0
+plone.recipe.command = 1.1
+
+# Use SlapOS patched zc.buildout
+zc.buildout = 1.5.3-dev-SlapOS-005

software/nbd/instance.cfg

+[buildout]
+parts =
+  nbdserverinstance
+
+eggs-directory = ${buildout:eggs-directory}
+develop-eggs-directory = ${buildout:develop-eggs-directory} 
+
+[nbdserverinstance]
+recipe = ${instance-recipe:egg}:${instance-recipe:module}
+qemu_path = ${nbdserver:location}/bin/qemu-nbd
+onetimeupload_path = ${buildout:bin-directory}/onetimeupload

software/nbd/software.cfg

+[buildout]
+
+extends =
+  ../../stack/nbd.cfg
+  ../../stack/shacache-client.cfg
+
+parts +=
+  template
+
+[template]
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance.cfg
+md5sum = 82e948e1c0cb0d5540ef185edeef3ec3
+output = ${buildout:directory}/template.cfg
+mode = 0644
+
+[versions]
+# XXX-CEDRIC Quick and dirty workaround to avoid m2crypto problems.
+# should not be used elsewhere unless for urgent cases. 
+slapos.libnetworkcache = 0.2

software/phpmyadmin/instance.cfg

+[buildout]
+eggs-directory = ${buildout:eggs-directory}
+develop-eggs-directory = ${buildout:develop-eggs-directory}
+
+parts = instance
+
+[instance]
+recipe = ${instance-recipe:egg}:${instance-recipe:module}
+source = ${application:location}
+template = ${application-template:location}/${application-template:filename}
+configuration = ${application-configuration:location}
+
+httpd_binary = ${apache:location}/bin/httpd
+mysql_binary = ${mariadb:location}/bin/mysql
+mysql_install_binary = ${mariadb:location}/bin/mysql_install_db
+mysql_upgrade_binary = ${mariadb:location}/bin/mysql_upgrade
+mysqld_binary = ${mariadb:location}/libexec/mysqld

software/phpmyadmin/phpmyadmin.inc.php.in

+<?php
+$cfg['blowfish_secret'] = ''; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
+$i = 0;
+$i++;
+/* Server parameters */
+$cfg['Servers'][$i]['host'] = '%(mysql_host)s';
+$cfg['Servers'][$i]['port'] = '%(mysql_port)s';
+/* Authentication type */
+$cfg['Servers'][$i]['auth_type'] = 'cookie';
+$cfg['Servers'][$i]['user'] = '';
+$cfg['Servers'][$i]['connect_type'] = 'tcp';
+$cfg['Servers'][$i]['compress'] = false;
+/* Select mysqli if your server has it */
+$cfg['Servers'][$i]['extension'] = 'mysql';
+$cfg['Servers'][$i]['AllowNoPassword'] = false;
+
+/* rajk - for blobstreaming */
+$cfg['Servers'][$i]['bs_garbage_threshold'] = 50;
+$cfg['Servers'][$i]['bs_repository_threshold'] = '32M';
+$cfg['Servers'][$i]['bs_temp_blob_timeout'] = 600;
+$cfg['Servers'][$i]['bs_temp_log_threshold'] = '32M';
+$cfg['UploadDir'] = '';
+$cfg['SaveDir'] = '';
+
+?>
\ No newline at end of file

software/phpmyadmin/software.cfg

+[buildout]
+versions = versions
+
+parts =
+  template
+  apache-php
+  mariadb
+  eggs
+  instance-recipe-egg
+  
+extends =
+  ../../stack/lamp.cfg
+  ../../stack/shacache-client.cfg
+  
+[template]
+# Default template for the instance.
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance.cfg
+md5sum = efdb8509f40c86b1b73924fc1ce92f13
+output = ${buildout:directory}/template.cfg
+mode = 0644
+
+[application]
+recipe = hexagonit.recipe.download
+url = http://downloads.sourceforge.net/project/phpmyadmin/phpMyAdmin/3.3.10/phpMyAdmin-3.3.10-all-languages.tar.bz2?r=http%3A%2F%2Fwww.phpmyadmin.net%2Fhome_page%2Fdownloads.php&ts=1300959842&use_mirror=sunet
+#md5sum = Student may put here md5sum of this file, this is good idea
+
+[application-template]
+recipe = slapos.recipe.download
+url = ${:_profile_base_location_}/phpmyadmin.inc.php.in
+md5sum = caab45c34c75661c214f4628ff545bb4
+download-only = True
+filename = template.in
+mode = 0644
+location = ${buildout:parts-directory}/${:_buildout_section_name_}
+
+[application-configuration]
+location = config.inc.php
+
+[instance-recipe]
+egg = slapos.cookbook
+module = osoeslaptraining.simple
+
+[instance-recipe-egg]
+recipe = zc.recipe.egg
+python = python2.7
+eggs = ${instance-recipe:egg}
+
+[versions]
+slapos.cookbook = 0.12
+
+# Required by slapos.cookbook==0.12
+slapos.core = 0.8
+collective.recipe.template = 1.8
+netaddr = 0.7.5
+xml-marshaller = 0.9.7
+setuptools = 0.6c12dev-r88795
+
+hexagonit.recipe.cmmi = 1.5.0
+hexagonit.recipe.download = 1.5.0
+plone.recipe.command = 1.1
+
+# Use SlapOS patched zc.buildout
+zc.buildout = 1.5.3-dev-SlapOS-005

software/slaprunner/instance.cfg

+[buildout]
+parts =
+  instance
+
+eggs-directory = ${buildout:eggs-directory}
+develop-eggs-directory = ${buildout:develop-eggs-directory}
+
+[instance]
+recipe = ${instance-recipe:egg}:${instance-recipe:module}
+slaprunner = ${buildout:directory}/bin/slaprunner
+slapgrid_sr = ${buildout:directory}/bin/slapgrid-sr
+slapgrid_cp = ${buildout:directory}/bin/slapgrid-cp
+slapproxy = ${buildout:directory}/bin/slapproxy
+supervisor = ${buildout:directory}/bin/slapgrid-supervisorctl
+

software/slaprunner/software.cfg

+[buildout]
+extends =
+  ../../stack/flask.cfg
+  ../../stack/shacache-client.cfg
+
+parts =
+  template
+  eggs
+  instance-recipe-egg
+
+find-links +=
+  http://www.nexedi.org/static/packages/source/slapos.buildout/
+
+versions = versions
+
+[instance-recipe]
+egg = slapos.cookbook
+module = slaprunner
+
+[instance-recipe-egg]
+recipe = zc.recipe.egg
+python = python2.7
+eggs = ${instance-recipe:egg}
+
+[template]
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance.cfg
+output = ${buildout:directory}/template.cfg
+mode = 0644
+md5sum = e2cbd8fe7b8e4c7e92a19cd775de0aa6
+
+[eggs]
+eggs +=
+  slapos.libnetworkcache
+  slapos.toolbox
+  slapos.core
+
+[versions]
+slapos.cookbook = 0.12
+
+# Required by slapos.cookbook==0.12
+slapos.core = 0.8
+collective.recipe.template = 1.8
+netaddr = 0.7.5
+xml-marshaller = 0.9.7
+setuptools = 0.6c12dev-r88795
+
+hexagonit.recipe.cmmi = 1.5.0
+hexagonit.recipe.download = 1.5.0
+plone.recipe.command = 1.1
+slapos.libnetworkcache = 0.2
+
+# Use SlapOS patched zc.buildout
+zc.buildout = 1.5.3-dev-SlapOS-005

software/vifib/software.cfg

+[buildout]
+extends =
+  ../erp5/software.cfg
+
+parts +=
+  vifib
+
+[eggs]
+eggs += slapos.core
+
+[instance-recipe]
+module = vifib
+
+# Additional Configuration
+configurator_bt5_list = erp5_core_proxy_field_legacy erp5_full_text_myisam_catalog erp5_base erp5_workflow erp5_configurator erp5_configurator_vifib
+
+[erp5_repository_list]
+repository_id_list += vifib/master
+
+[vifib]
+<= erp5
+repository = http://git.erp5.org/repos/slapos.core.git
+revision = 3f766ab93c5312c75b7315a60238c1c5b3e4170d 
+
+[local-bt5-repository]
+# XXX: workaround for zc.buildout bug, as list += ends up with adding new entry
+#      after newline
+list = ${erp5:location}/bt5 ${erp5:location}/product/ERP5/bootstrap ${vifib:location}/master/bt5
+
+[products]
+# XXX: Lack of eggification workaround
+# list of products, possible to extend, it is passed in reversed way
+# to allow overriding during extending profile
+list = ${products-deps:location} ${erp5:location}/product ${vifib:location}/master/product

software/wordpress/instance.cfg

+[buildout]
+eggs-directory = ${buildout:eggs-directory}
+develop-eggs-directory = ${buildout:develop-eggs-directory}
+
+parts = instance
+
+[instance]
+recipe = ${instance-recipe:egg}:${instance-recipe:module}
+source = ${application:location}
+template = ${application-template:location}/${application-template:filename}
+configuration = ${application-configuration:location}
+
+httpd_binary = ${apache:location}/bin/httpd
+mysql_binary = ${mariadb:location}/bin/mysql
+mysql_install_binary = ${mariadb:location}/bin/mysql_install_db
+mysql_upgrade_binary = ${mariadb:location}/bin/mysql_upgrade
+mysqld_binary = ${mariadb:location}/libexec/mysqld

software/wordpress/software.cfg

+[buildout]
+versions = versions
+
+parts =
+  template
+  apache-php
+  mariadb
+  eggs
+  instance-recipe-egg
+  
+extends =
+  ../../stack/lamp.cfg
+  ../../stack/shacache-client.cfg
+
+[application]
+url = http://wordpress.org/latest.tar.gz
+#md5sum = Student may put here md5sum of this file, this is good idea
+
+[application-template]
+recipe = slapos.recipe.download
+url = ${:_profile_base_location_}/wp-config.php.in
+#md5sum = ${application-configuration:md5sum}
+download-only = True
+filename = template.in
+mode = 0644
+location = ${buildout:parts-directory}/${:_buildout_section_name_}
+
+[application-configuration]
+location = wp-config.php
+  
+[instance-recipe]
+egg = slapos.cookbook
+module = osoeslaptraining.request
+
+[instance-recipe-egg]
+recipe = zc.recipe.egg
+python = python2.7
+eggs = ${instance-recipe:egg}
+
+[template]
+# Default template for the instance.
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance.cfg
+md5sum = efdb8509f40c86b1b73924fc1ce92f13
+output = ${buildout:directory}/template.cfg
+mode = 0644
+
+[versions]
+slapos.cookbook = 0.12
+
+# Required by slapos.cookbook==0.12
+slapos.core = 0.8
+collective.recipe.template = 1.8
+netaddr = 0.7.5
+xml-marshaller = 0.9.7
+setuptools = 0.6c12dev-r88795
+
+hexagonit.recipe.cmmi = 1.5.0
+hexagonit.recipe.download = 1.5.0
+plone.recipe.command = 1.1
+
+# Use SlapOS patched zc.buildout
+zc.buildout = 1.5.3-dev-SlapOS-005

software/wordpress/wp-config.php.in

+<?php
+/**
+ * The base configurations of the WordPress.
+ *
+ * This file has the following configurations: MySQL settings, Table Prefix,
+ * Secret Keys, WordPress Language, and ABSPATH. You can find more information
+ * by visiting {@link http://codex.wordpress.org/Editing_wp-config.php Editing
+ * wp-config.php} Codex page. You can get the MySQL settings from your web host.
+ *
+ * This file is used by the wp-config.php creation script during the
+ * installation. You don't have to use the web site, you can just copy this file
+ * to "wp-config.php" and fill in the values.
+ *
+ * @package WordPress
+ */
+
+// ** MySQL settings - You can get this info from your web host ** //
+/** The name of the database for WordPress */
+define('DB_NAME', '%(mysql_database)s');
+
+/** MySQL database username */
+define('DB_USER', '%(mysql_user)s');
+
+/** MySQL database password */
+define('DB_PASSWORD', '%(mysql_password)s');
+
+/** MySQL hostname */
+define('DB_HOST', '%(mysql_host)s');
+
+/** Database Charset to use in creating database tables. */
+define('DB_CHARSET', 'utf8');
+
+/** The Database Collate type. Don't change this if in doubt. */
+define('DB_COLLATE', '');
+
+/**#@+
+ * Authentication Unique Keys and Salts.
+ *
+ * Change these to different unique phrases!
+ * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
+ * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
+ *
+ * @since 2.6.0
+ */
+define('AUTH_KEY',         'put your unique phrase here');
+define('SECURE_AUTH_KEY',  'put your unique phrase here');
+define('LOGGED_IN_KEY',    'put your unique phrase here');
+define('NONCE_KEY',        'put your unique phrase here');
+define('AUTH_SALT',        'put your unique phrase here');
+define('SECURE_AUTH_SALT', 'put your unique phrase here');
+define('LOGGED_IN_SALT',   'put your unique phrase here');
+define('NONCE_SALT',       'put your unique phrase here');
+
+/**#@-*/
+
+/**
+ * WordPress Database Table prefix.
+ *
+ * You can have multiple installations in one database if you give each a unique
+ * prefix. Only numbers, letters, and underscores please!
+ */
+$table_prefix  = 'wp_';
+
+/**
+ * WordPress Localized Language, defaults to English.
+ *
+ * Change this to localize WordPress. A corresponding MO file for the chosen
+ * language must be installed to wp-content/languages. For example, install
+ * de_DE.mo to wp-content/languages and set WPLANG to 'de_DE' to enable German
+ * language support.
+ */
+define('WPLANG', '');
+
+/**
+ * For developers: WordPress debugging mode.
+ *
+ * Change this to true to enable the display of notices during development.
+ * It is strongly recommended that plugin and theme developers use WP_DEBUG
+ * in their development environments.
+ */
+define('WP_DEBUG', false);
+
+/* That's all, stop editing! Happy blogging. */
+
+/** Absolute path to the WordPress directory. */
+if ( !defined('ABSPATH') )
+	define('ABSPATH', dirname(__FILE__) . '/');
+
+/** Sets up WordPress vars and included files. */
+require_once(ABSPATH . 'wp-settings.php');

software/zabbix-agent/instance.cfg

+[buildout]
+parts =
+  instance
+
+eggs-directory = ${buildout:eggs-directory}
+develop-eggs-directory = ${buildout:develop-eggs-directory}
+
+[instance]
+recipe = slapos.cookbook:zabbixagent
+dcrond_binary = ${dcron:location}/sbin/crond
+logrotate_binary = ${logrotate:location}/usr/sbin/logrotate
+zabbix_agentd_binary = ${zabbix-agent:location}/sbin/zabbix_agentd

software/zabbix-agent/software.cfg

+[buildout]
+extends =
+  ../../component/dcron/buildout.cfg
+  ../../component/logrotate/buildout.cfg
+  ../../component/zabbix/buildout.cfg
+  ../../component/lxml-python/buildout.cfg
+
+find-links = http://www.nexedi.org/static/packages/source/slapos.buildout/
+
+versions = versions
+
+parts =
+  eggs
+  template
+
+# Use only quite well working sites.
+allow-hosts =
+  *.nexedi.org
+  *.python.org
+  *.sourceforge.net
+
+[eggs]
+recipe = zc.recipe.egg
+eggs =
+  ${lxml-python:egg}
+  slapos.cookbook
+
+[template]
+# Default template for the instance.
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance.cfg
+md5sum = 98a680fe8fddce5dcee455e65c228fde
+output = ${buildout:directory}/template.cfg
+mode = 0644
+
+[versions]
+zc.buildout = 1.5.3-dev-SlapOS-001
+Jinja2 = 2.5.5
+Werkzeug = 0.6.2
+buildout-versions = 1.6
+hexagonit.recipe.cmmi = 1.5.0
+lxml = 2.3
+meld3 = 0.6.7
+slapos.recipe.template = 1.1
+
+# Required by:
+# slapos.core==0.2
+Flask = 0.6.1
+
+# Required by:
+# slapos.cookbook==0.4
+PyXML = 0.8.4
+
+# Required by:
+# slapos.recipe.template==1.1
+collective.recipe.template = 1.8
+
+# Required by:
+# hexagonit.recipe.cmmi==1.5.0
+hexagonit.recipe.download = 1.5.0
+
+# Required by:
+# slapos.cookbook==0.4
+# slapos.core==0.2
+netaddr = 0.7.5
+
+# Required by:
+# slapos.core==0.2
+netifaces = 0.5
+
+# Required by:
+# slapos.cookbook==0.4
+# slapos.core==0.2
+# zc.buildout==1.5.3-dev-SlapOS-001
+# zc.recipe.egg==1.3.2
+setuptools = 0.6c12dev-r88846
+
+# Required by:
+# slapos.cookbook==0.4
+slapos.core = 0.2
+
+# Required by:
+# slapos.core==0.2
+supervisor = 3.0a10
+
+# Required by:
+# slapos.cookbook==0.4
+xml-marshaller = 0.9.7
+
+# Required by:
+# slapos.cookbook==0.4
+zc.recipe.egg = 1.3.2
+
+# Required by:
+# slapos.core==0.2
+zope.interface = 3.6.3
+
+# Added by Buildout Versions at 2011-06-13 10:01:36.219846
+Jinja2 = 2.5.5
+Werkzeug = 0.6.2
+buildout-versions = 1.6
+hexagonit.recipe.cmmi = 1.5.0
+lxml = 2.3
+meld3 = 0.6.7
+slapos.recipe.template = 1.1
+
+# Required by:
+# slapos.core==0.2
+Flask = 0.6.1
+
+# Required by:
+# slapos.cookbook==0.4
+PyXML = 0.8.4
+
+# Required by:
+# slapos.recipe.template==1.1
+collective.recipe.template = 1.8
+
+# Required by:
+# hexagonit.recipe.cmmi==1.5.0
+hexagonit.recipe.download = 1.5.0
+
+# Required by:
+# slapos.cookbook==0.4
+# slapos.core==0.2
+netaddr = 0.7.5
+
+# Required by:
+# slapos.core==0.2
+netifaces = 0.5
+
+# Required by:
+# slapos.cookbook==0.4
+# slapos.core==0.2
+# zc.buildout==1.5.3-dev-SlapOS-001
+# zc.recipe.egg==1.3.2
+setuptools = 0.6c12dev-r88846
+
+# Required by:
+# slapos.cookbook==0.4
+slapos.core = 0.2
+
+# Required by:
+# slapos.core==0.2
+supervisor = 3.0a10
+
+# Required by:
+# slapos.cookbook==0.4
+xml-marshaller = 0.9.7
+
+# Required by:
+# slapos.cookbook==0.4
+zc.recipe.egg = 1.3.2
+
+# Required by:
+# slapos.core==0.2
+zope.interface = 3.6.3
+
+# Added by Buildout Versions at 2011-06-13 10:15:31.979623
+Jinja2 = 2.5.5
+Werkzeug = 0.6.2
+buildout-versions = 1.6
+hexagonit.recipe.cmmi = 1.5.0
+lxml = 2.3
+meld3 = 0.6.7
+slapos.recipe.template = 1.1
+
+# Required by:
+# slapos.core==0.2
+Flask = 0.6.1
+
+# Required by:
+# slapos.cookbook==0.4
+PyXML = 0.8.4
+
+# Required by:
+# slapos.recipe.template==1.1
+collective.recipe.template = 1.8
+
+# Required by:
+# hexagonit.recipe.cmmi==1.5.0
+hexagonit.recipe.download = 1.5.0
+
+# Required by:
+# slapos.cookbook==0.4
+# slapos.core==0.2
+netaddr = 0.7.3
+
+# Required by:
+# slapos.core==0.2
+netifaces = 0.5
+
+# Required by:
+# slapos.cookbook==0.4
+# slapos.core==0.2
+# zc.buildout==1.5.3-dev-SlapOS-001
+# zc.recipe.egg==1.3.2
+setuptools = 0.6c11
+
+# Required by:
+# slapos.cookbook==0.4
+slapos.core = 0.2
+
+# Required by:
+# slapos.core==0.2
+supervisor = 3.0a10
+
+# Required by:
+# slapos.cookbook==0.4
+xml-marshaller = 0.9.7
+
+# Required by:
+# slapos.cookbook==0.4
+zc.recipe.egg = 1.3.2
+
+# Required by:
+# slapos.core==0.2
+zope.interface = 3.6.3
+
+# Added by Buildout Versions at 2011-06-13 10:16:55.921352
+Jinja2 = 2.5.5
+Werkzeug = 0.6.2
+buildout-versions = 1.6
+hexagonit.recipe.cmmi = 1.5.0
+lxml = 2.3
+meld3 = 0.6.7
+slapos.recipe.template = 1.1
+
+# Required by:
+# slapos.core==0.2
+Flask = 0.6.1
+
+# Required by:
+# slapos.cookbook==0.4
+PyXML = 0.8.4
+
+# Required by:
+# slapos.recipe.template==1.1
+collective.recipe.template = 1.8
+
+# Required by:
+# hexagonit.recipe.cmmi==1.5.0
+hexagonit.recipe.download = 1.5.0
+
+# Required by:
+# slapos.cookbook==0.4
+# slapos.core==0.2
+netaddr = 0.7.3
+
+# Required by:
+# slapos.core==0.2
+netifaces = 0.5
+
+# Required by:
+# slapos.cookbook==0.4
+# slapos.core==0.2
+# zc.buildout==1.5.3-dev-SlapOS-001
+# zc.recipe.egg==1.3.2
+setuptools = 0.6c11
+
+# Required by:
+# slapos.cookbook==0.4
+slapos.core = 0.2
+
+# Required by:
+# slapos.core==0.2
+supervisor = 3.0a10
+
+# Required by:
+# slapos.cookbook==0.4
+xml-marshaller = 0.9.7
+
+# Required by:
+# slapos.cookbook==0.4
+zc.recipe.egg = 1.3.2
+
+# Required by:
+# slapos.core==0.2
+zope.interface = 3.6.3
+
+# Added by Buildout Versions at 2011-06-13 10:17:42.100375
+Jinja2 = 2.5.5
+Werkzeug = 0.6.2
+buildout-versions = 1.6
+hexagonit.recipe.cmmi = 1.5.0
+lxml = 2.3
+meld3 = 0.6.7
+slapos.recipe.template = 1.1
+
+# Required by:
+# slapos.core==0.2
+Flask = 0.6.1
+
+# Required by:
+# slapos.cookbook==0.4
+PyXML = 0.8.4
+
+# Required by:
+# slapos.recipe.template==1.1
+collective.recipe.template = 1.8
+
+# Required by:
+# hexagonit.recipe.cmmi==1.5.0
+hexagonit.recipe.download = 1.5.0
+
+# Required by:
+# slapos.cookbook==0.4
+# slapos.core==0.2
+netaddr = 0.7.3
+
+# Required by:
+# slapos.core==0.2
+netifaces = 0.5
+
+# Required by:
+# slapos.cookbook==0.4
+# slapos.core==0.2
+# zc.buildout==1.5.3-dev-SlapOS-001
+# zc.recipe.egg==1.3.2
+setuptools = 0.6c11
+
+# Required by:
+# slapos.cookbook==0.4
+slapos.core = 0.2
+
+# Required by:
+# slapos.core==0.2
+supervisor = 3.0a10
+
+# Required by:
+# slapos.cookbook==0.4
+xml-marshaller = 0.9.7
+
+# Required by:
+# slapos.cookbook==0.4
+zc.recipe.egg = 1.3.2
+
+# Required by:
+# slapos.core==0.2
+zope.interface = 3.6.3
+
+# Added by Buildout Versions at 2011-06-13 10:19:50.709164
+Jinja2 = 2.5.5
+Werkzeug = 0.6.2
+buildout-versions = 1.6
+hexagonit.recipe.cmmi = 1.5.0
+lxml = 2.3
+meld3 = 0.6.7
+slapos.recipe.template = 1.1
+
+# Required by:
+# slapos.core==0.2
+Flask = 0.6.1
+
+# Required by:
+# slapos.cookbook==0.4
+PyXML = 0.8.4
+
+# Required by:
+# slapos.recipe.template==1.1
+collective.recipe.template = 1.8
+
+# Required by:
+# hexagonit.recipe.cmmi==1.5.0
+hexagonit.recipe.download = 1.5.0
+
+# Required by:
+# slapos.cookbook==0.4
+# slapos.core==0.2
+netaddr = 0.7.3
+
+# Required by:
+# slapos.core==0.2
+netifaces = 0.5
+
+# Required by:
+# slapos.cookbook==0.4
+# slapos.core==0.2
+# zc.buildout==1.5.3-dev-SlapOS-001
+# zc.recipe.egg==1.3.2
+setuptools = 0.6c11
+
+# Required by:
+# slapos.cookbook==0.4
+slapos.core = 0.2
+
+# Required by:
+# slapos.core==0.2
+supervisor = 3.0a10
+
+# Required by:
+# slapos.cookbook==0.4
+xml-marshaller = 0.9.7
+
+# Required by:
+# slapos.cookbook==0.4
+zc.recipe.egg = 1.3.2
+
+# Required by:
+# slapos.core==0.2
+zope.interface = 3.6.3
+
+# Added by Buildout Versions at 2011-06-13 10:39:36.870559
+Jinja2 = 2.5.5
+Werkzeug = 0.6.2
+buildout-versions = 1.6
+hexagonit.recipe.cmmi = 1.5.0
+lxml = 2.3
+meld3 = 0.6.7
+slapos.recipe.template = 1.1
+
+# Required by:
+# slapos.core==0.2
+Flask = 0.6.1
+
+# Required by:
+# slapos.cookbook==0.4
+PyXML = 0.8.4
+
+# Required by:
+# slapos.recipe.template==1.1
+collective.recipe.template = 1.8
+
+# Required by:
+# hexagonit.recipe.cmmi==1.5.0
+hexagonit.recipe.download = 1.5.0
+
+# Required by:
+# slapos.cookbook==0.4
+# slapos.core==0.2
+netaddr = 0.7.3
+
+# Required by:
+# slapos.core==0.2
+netifaces = 0.5
+
+# Required by:
+# slapos.cookbook==0.4
+# slapos.core==0.2
+# zc.buildout==1.5.3-dev-SlapOS-001
+# zc.recipe.egg==1.3.2
+setuptools = 0.6c11
+
+# Required by:
+# slapos.cookbook==0.4
+slapos.core = 0.2
+
+# Required by:
+# slapos.core==0.2
+supervisor = 3.0a10
+
+# Required by:
+# slapos.cookbook==0.4
+xml-marshaller = 0.9.7
+
+# Required by:
+# slapos.cookbook==0.4
+zc.recipe.egg = 1.3.2
+
+# Required by:
+# slapos.core==0.2
+zope.interface = 3.6.3
+
+# Added by Buildout Versions at 2011-06-13 10:41:41.115948
+Jinja2 = 2.5.5
+Werkzeug = 0.6.2
+buildout-versions = 1.6
+hexagonit.recipe.cmmi = 1.5.0
+lxml = 2.3
+meld3 = 0.6.7
+slapos.cookbook = 0.5
+slapos.recipe.template = 1.1
+
+# Required by:
+# slapos.core==0.2
+Flask = 0.6.1
+
+# Required by:
+# slapos.cookbook==0.5
+PyXML = 0.8.4
+
+# Required by:
+# slapos.recipe.template==1.1
+collective.recipe.template = 1.8
+
+# Required by:
+# hexagonit.recipe.cmmi==1.5.0
+hexagonit.recipe.download = 1.5.0
+
+# Required by:
+# slapos.cookbook==0.5
+# slapos.core==0.2
+netaddr = 0.7.3
+
+# Required by:
+# slapos.core==0.2
+netifaces = 0.5
+
+# Required by:
+# slapos.cookbook==0.5
+# slapos.core==0.2
+# zc.buildout==1.5.3-dev-SlapOS-001
+# zc.recipe.egg==1.3.2
+setuptools = 0.6c11
+
+# Required by:
+# slapos.cookbook==0.5
+slapos.core = 0.2
+
+# Required by:
+# slapos.core==0.2
+supervisor = 3.0a10
+
+# Required by:
+# slapos.cookbook==0.5
+xml-marshaller = 0.9.7
+
+# Required by:
+# slapos.cookbook==0.5
+zc.recipe.egg = 1.3.2
+
+# Required by:
+# slapos.core==0.2
+zope.interface = 3.6.3
+

stack/cloudooo.cfg

+[buildout]
+extensions =
+  slapos.tool.rebootstrap
+  slapos.zcbworkarounds
+  mr.developer
+
+find-links = http://www.nexedi.org/static/packages/source/slapos.buildout/
+    http://dist.repoze.org
+    http://www.nexedi.org/static/packages/source/
+
+extends =
+  ../component/libreoffice-bin/buildout.cfg 
+  ../component/lxml-python/buildout.cfg
+  ../component/python-2.6/buildout.cfg
+  ../component/python-2.7/buildout.cfg
+  ../component/xorg/buildout.cfg
+  ../component/fonts/buildout.cfg
+  ../component/xpdf/buildout.cfg
+  ../component/imagemagick/buildout.cfg
+  ../component/pdftk/buildout.cfg
+  ../component/ffmpeg/buildout.cfg
+  ../component/file/buildout.cfg
+
+versions = versions
+
+parts =
+  libreoffice-bin
+
+# basic Xorg
+  libXdmcp
+  libXext
+  libXau
+  libX11
+
+# fonts
+  liberation-fonts
+  ipaex-fonts
+
+# Dependencies
+  imagemagick
+  file
+  xpdf 
+  pdftk
+  ffmpeg
+
+  instance-recipe-egg
+  bootstrap2.6
+  cloudooo
+
+[instance-recipe-egg]
+recipe = zc.recipe.egg
+python = python2.6
+eggs =
+  ${lxml-python:egg}
+# instantiation egg
+  ${instance-recipe:egg}
+
+[bootstrap2.6]
+python = python2.6
+
+[rebootstrap]
+# Default first version of rebootstrapped python
+version = 2
+section = python2.7
+
+[lxml-python]
+python = python2.6
+
+[cloudooo]
+recipe = zc.recipe.egg
+python = python2.6
+eggs =
+  ${lxml-python:egg}
+  cloudooo
+  PasteScript
+scripts =
+  paster=cloudooo_paster
+
+[versions]
+# Use SlapOS patched zc.buildout
+zc.buildout = 1.5.3-dev-SlapOS-001

stack/erp5.cfg

@@ -2,16 +2,36 @@
 extensions =
   slapos.rebootstrap
   slapos.zcbworkarounds
+  buildout-versions
   mr.developer
 
 find-links =
     http://www.nexedi.org/static/packages/source/slapos.buildout/
     http://dist.repoze.org
     http://www.nexedi.org/static/packages/source/
+    http://www.owlfish.com/software/wsgiutils/download.html
+
+# Separate from site eggs
+allowed-eggs-from-site-packages =
+include-site-packages = false
+exec-sitecustomize = false
+
+# Use only quite well working sites.
+allow-hosts =
+  *.nexedi.org
+  *.python.org
+  *.sourceforge.net
+  dist.repoze.org
+  effbot.org
+  github.com
+  peak.telecommunity.com
+  psutil.googlecode.com
+  www.dabeaz.com
+  www.owlfish.com
 
 extends =
 # Exact version of Zope
-  http://svn.zope.org/repos/main/Zope/tags/2.12.18/versions.cfg
+  http://svn.zope.org/repos/main/Zope/tags/2.12.19/versions.cfg
   ../component/logrotate/buildout.cfg
   ../component/dcron/buildout.cfg
   ../component/file/buildout.cfg
@@ -20,12 +40,14 @@ extends =
   ../component/git/buildout.cfg
   ../component/glib/buildout.cfg
   ../component/graphviz/buildout.cfg
+  ../component/gzip/buildout.cfg
   ../component/haproxy/buildout.cfg
   ../component/hookbox/buildout.cfg
   ../component/imagemagick/buildout.cfg
   ../component/kumo/buildout.cfg
   ../component/libreoffice-bin/buildout.cfg
   ../component/lxml-python/buildout.cfg
+  ../component/maatkit/buildout.cfg
   ../component/mariadb/buildout.cfg
   ../component/memcached/buildout.cfg
   ../component/mysql-python/buildout.cfg
@@ -35,6 +57,7 @@ extends =
   ../component/python-2.7/buildout.cfg
   ../component/python-ldap-python/buildout.cfg
   ../component/rdiff-backup/buildout.cfg
+  ../component/sphinx/buildout.cfg
   ../component/stunnel/buildout.cfg
   ../component/subversion/buildout.cfg
   ../component/tesseract/buildout.cfg
@@ -42,7 +65,7 @@ extends =
   ../component/w3-validator/buildout.cfg
   ../component/w3m/buildout.cfg
   ../component/xorg/buildout.cfg
-  ../component/xpdf/buildout.cfg
+  ../component/poppler/buildout.cfg
   ../component/xtrabackup/buildout.cfg
   ../component/zabbix/buildout.cfg
   ../component/sed/buildout.cfg
@@ -63,10 +86,11 @@ parts =
   varnish-2.1
   stunnel
   w3m
-  xpdf
-  libpng12
+  poppler
+  libpng
   ghostscript
   mariadb
+  sphinx
   imagemagick
   kumo
   libreoffice-bin
@@ -103,27 +127,36 @@ parts =
 
 # get git repositories
   erp5
-
-[products]
-# XXX: ERP5 related products are not defined as python distributions, so it is
-#      required to configure them in declarative manner
-list = ${products-deps:location} ${erp5:location}/product
+  genbt5list
+
+[bt5-repository]
+# Format:
+#   <url or path> [...]
+#
+# Use absolute paths for local repositories, and URLs for non-local otherwise.
+#
+list = ${local-bt5-repository:list}
+
+[local-bt5-repository]
+# Same as bt5-repository, but only local repository.
+# Used to generate bt5lists.
+list = ${erp5:location}/bt5 ${erp5:location}/product/ERP5/bootstrap
+
+[genbt5list]
+recipe = plone.recipe.command
+stop-on-error = true
+genbt5list = ${erp5:location}/product/ERP5/bin/genbt5list
+command =
+  ${buildout:executable} ${:genbt5list} ${local-bt5-repository:list}
+update-command = ${:command}
 
 [bootstrap2.6]
 python = python2.6
 
 [rebootstrap]
-# Default first version of rebootstrapped python
-version = 2
+version = 3
 section = python2.7
-
-[template]
-# Default template for erp5 instance.
-recipe = slapos.cookbook:template
-url = ${:_profile_base_location_}/instance.cfg
-md5sum = 16d09f1964101bbe128a81c7ffcf996e
-output = ${buildout:directory}/template.cfg
-mode = 0644
+eggs = slapos.libnetworkcache
 
 [itools]
 pkgname = itools-0.50.8
@@ -187,8 +220,9 @@ location = ${buildout:parts-directory}/${:_buildout_section_name_}
 stop-on-error = true
 repository = http://git.erp5.org/repos/erp5.git
 branch = master
-command = ${git:location}/bin/git clone --quiet -b ${:branch} ${:repository} ${:location}
-update-command = cd ${:location} && ${git:location}/bin/git pull --quiet
+revision = dd36cf064495e04f2ad0eaa9c527a2c3246e9ecb 
+command = ${git:location}/bin/git clone --quiet -b ${:branch} ${:repository} ${:location} && if [ -n ${:revision} ]; then cd ${:location} && ${git:location}/bin/git reset --quiet --hard ${:revision} ; fi
+update-command = cd ${:location} && ${git:location}/bin/git pull --quiet && if [ -n ${:revision} ]; then cd ${:location} && ${git:location}/bin/git reset --quiet --hard ${:revision} ; fi
 
 [products]
 # XXX: ERP5 related products are not defined as python distributions, so it is
@@ -214,14 +248,16 @@ initialization =
   import Zope2
   os.environ['SOFTWARE_HOME'] = os.path.abspath(os.path.dirname(os.path.dirname(Zope2.__file__)))
   os.environ['ZOPE_SCRIPTS'] = ''
-  temp_bt5_path_list = ['/'.join(['''${buildout:parts-directory}''', x, 'bt5']) for x in '''${erp5_repository_list:repository_id_list}'''.split(' ')]
+  parts_directory = '''${buildout:parts-directory}'''
+  repository_id_list = list(reversed('''${erp5_repository_list:repository_id_list}'''.split()))
+  temp_bt5_path_list = ['/'.join([parts_directory, x, 'bt5']) for x in repository_id_list]
   bt5_path_list = []
   [bt5_path_list.extend([bt5_path, '%s/*' % bt5_path]) for bt5_path in temp_bt5_path_list]
   os.environ['erp5_tests_bt5_path'] = ','.join(bt5_path_list)
-  sys.path[0:0] = ['/'.join(['''${buildout:parts-directory}''', x, 'tests']) for x in '''${erp5_repository_list:repository_id_list}'''.split(' ')]
+  sys.path[0:0] = ['/'.join([parts_directory, x, 'tests']) for x in repository_id_list]
   import glob
   product_test_path_list = []
-  [product_test_path_list.extend(glob.glob('/'.join(['''${buildout:parts-directory}''', x, 'product/*/tests']))) for x in '''${erp5_repository_list:repository_id_list}'''.split(' ')]
+  [product_test_path_list.extend(glob.glob('/'.join([parts_directory, x, 'product/*/tests']))) for x in repository_id_list]
   sys.path[0:0] = product_test_path_list
 
 [test_suite_runner]
@@ -243,7 +279,8 @@ initialization =
   import Zope2
   os.environ['SOFTWARE_HOME'] = os.path.abspath(os.path.dirname(os.path.dirname(Zope2.__file__)))
   os.environ['ZOPE_SCRIPTS'] = ''
-  sys.path[0:0] = ['/'.join(['''${buildout:parts-directory}''', x]) for x in '''${erp5_repository_list:repository_id_list}'''.split(' ')]
+  repository_id_list = list(reversed('''${erp5_repository_list:repository_id_list}'''.split()))
+  sys.path[0:0] = ['/'.join(['''${buildout:parts-directory}''', x]) for x in repository_id_list]
 
 [instance-recipe-egg]
 recipe = zc.recipe.egg
@@ -285,6 +322,7 @@ eggs =
   xupdate_processor
   feedparser
   argparse
+  validictory
 
 # Zope 2.12 with patched acquisition
   ZODB3
@@ -360,7 +398,7 @@ scripts =
 
 [versions]
 # Use SlapOS patched zc.buildout
-zc.buildout = 1.5.3-dev-SlapOS-001
+zc.buildout = 1.5.3-dev-SlapOS-005
 
 # pin Acquisition and Products.DCWorkflow to Nexedi flavour of eggs
 Acquisition = 2.13.7nxd001

stack/flask.cfg

+# Stack for Flask microframework: http://flask.pocoo.org/
+[buildout]
+extends =
+  ../component/python-2.7/buildout.cfg
+  ../component/lxml-python/buildout.cfg
+
+# Use only quite well working sites.
+allow-hosts =
+  *.nexedi.org
+  *.python.org
+  *.sourceforge.net
+  dist.repoze.org
+  effbot.org
+  github.com
+  peak.telecommunity.com
+  psutil.googlecode.com
+  www.dabeaz.com
+
+parts =
+  eggs
+
+# Unzip, as Flask can have a lot of troubles with zipped eggs
+unzip = true
+
+[eggs]
+python = python2.7
+recipe = zc.recipe.egg
+eggs =
+  ${lxml-python:egg}
+  Flask
+  slapos.cookbook
+
+[lxml-python]
+python = python2.7

stack/kvm.cfg

+[buildout]
+extends =
+  shacache-client.cfg
+  ../component/python-2.7/buildout.cfg
+  ../component/lxml-python/buildout.cfg
+  ../component/git/buildout.cfg
+  ../component/zlib/buildout.cfg
+  ../component/readline/buildout.cfg
+  ../component/ncurses/buildout.cfg
+  ../component/libuuid/buildout.cfg
+  ../component/noVNC/buildout.cfg
+  ../component/openssl/buildout.cfg
+  ../component/rdiff-backup/buildout.cfg
+  ../component/dcron/buildout.cfg
+  ../component/libpng/buildout.cfg
+
+#XXX-Cedric : Currently, one can only access to KVM using noVNC.
+#             Ideally one should be able to access KVM by using either NoVNC or VNC.
+#             Problem is : no native crypto support in web browsers. So we have to disable ssl
+#             In qemu builtin vnc server, and make it available only for localhost 
+#             so that only novnc can listen to it.
+
+#XXX-Cedric: Check status of https://github.com/kanaka/noVNC/issues/13 to see
+#            When qemu has builtin support for websockets in vnc server to get rid of 
+#            Websockify (socket <-> websocket proxy server) when it is ready.
+#            May solve previous XXX depending on the implementation.
+
+#XXX-Cedric: Check status of 
+#            https://www.tiolive.com/nexedi/bug_module/20110819-11F4F70 for
+#            Chrome >= 14 and Firefox >=7 can access to noVNC.
+
+parts =
+  template
+  gnutls
+  kvm
+  eggs
+
+find-links +=
+  http://www.nexedi.org/static/packages/source/slapos.buildout/
+
+versions = versions
+
+[gpg-error]
+recipe = hexagonit.recipe.cmmi
+url = ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.10.tar.gz
+md5sum = 7c2710ef439f82ac429b88fec88e9a4c
+
+[gcrypt]
+recipe = hexagonit.recipe.cmmi
+url = ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.6.tar.gz
+md5sum = bfd45922eefb8a24d598af77366220d4
+configure-options =
+  --with-gpg-error-prefix=${gpg-error:location}
+environment =
+  CPPFLAGS=-I${gpg-error:location}/include
+  LDFLAGS=-Wl,-rpath -Wl,${gpg-error:location}/lib -Wl,${gpg-error:location}/lib/libgpg-error.so.0
+
+[gnutls]
+recipe = hexagonit.recipe.cmmi
+url = ftp://ftp.gnupg.org/gcrypt/gnutls/gnutls-2.8.6.tar.bz2
+md5sum = eb0a6d7d3cb9ac684d971c14f9f6d3ba
+configure-options =
+  --with-libgcrypt-prefix=${gcrypt:location}
+environment =
+  CPPFLAGS=-I${zlib:location}/include -I${readline:location}/include -I${ncurses:location}/include -I${ncurses:location}/include/ncursesw -I${gcrypt:location}/include -I${gpg-error:location}/include
+  LDFLAGS=-L${readline:location}/lib -L${ncurses:location}/lib -L${gcrypt:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -Wl,-rpath -Wl,${readline:location}/lib -Wl,-rpath -Wl,${ncurses:location}/lib -Wl,-rpath -Wl,${gcrypt:location}/lib -Wl,-rpath -Wl,${gpg-error:location}/lib -Wl,${gcrypt:location}/lib/libgcrypt.so.11
+  PKG_CONFIG=${zlib:location}/lib/pkgconfig
+
+[kvm]
+recipe = hexagonit.recipe.cmmi
+path = ${kvmsource:location}/
+configure-options =
+  --disable-sdl
+  --disable-xen
+  --enable-vnc-tls
+  --disable-vnc-sasl
+  --disable-curses
+  --disable-curl
+  --enable-kvm
+  --disable-docs
+  --enable-vnc-png
+  --disable-vnc-jpeg
+  --extra-cflags="-I${gnutls:location}/include -I${libuuid:location}/include -I${zlib:location}/include -I${libpng:location}/include"
+  --extra-ldflags="-Wl,-rpath -Wl,${gnutls:location}/lib -L${gnutls:location}/lib -Wl,-rpath -Wl,${libpng:location}/lib -L${libpng:location}/lib -L${libuuid:location}/lib -Wl,-rpath -Wl,${libuuid:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -lpng -lz -lgnutls"
+  --disable-werror
+environment =
+  PKG_CONFIG_PATH=${gnutls:location}/lib/pkgconfig
+
+[kvmsource]
+recipe=plone.recipe.command
+location = ${buildout:parts-directory}/${:_buildout_section_name_}
+stop-on-error = true
+#tag = slapos-v0.1
+command =
+  (${git:location}/bin/git clone --quiet http://git.erp5.org/repos/slapos.kvm.git ${:location} ) || (rm -fr ${:location} ; exit 1)
+update-command =
+ cd ${:location} && ${git:location}/bin/git pull --quiet origin master
+
+[eggs]
+python = python2.7
+recipe = z3c.recipe.scripts
+eggs =
+  ${lxml-python:egg}
+  slapos.cookbook
+  numpy
+
+[versions]
+zc.buildout = 1.5.3-dev-SlapOS-005

stack/lamp.cfg

+[buildout]
+find-links +=
+    http://www.nexedi.org/static/packages/source/slapos.buildout/
+
+# Use only quite well working sites.
+allow-hosts =
+  *.nexedi.org
+  *.python.org
+  *.sourceforge.net
+  dist.repoze.org
+  effbot.org
+  github.com
+  peak.telecommunity.com
+  psutil.googlecode.com
+  www.dabeaz.com
+
+parts =
+  template
+  apache-php
+  mariadb
+  eggs
+  instance-recipe-egg
+  
+extends =
+  ../component/mariadb/buildout.cfg
+  ../component/apache/buildout.cfg
+  ../component/apache-php/buildout.cfg
+  ../component/dcron/buildout.cfg
+  ../component/git/buildout.cfg
+  ../component/glib/buildout.cfg
+  ../component/logrotate/buildout.cfg
+  ../component/python-2.7/buildout.cfg
+  ../component/perl/buildout.cfg
+  ../component/sqlite3/buildout.cfg
+  ../component/xtrabackup/buildout.cfg
+  ../component/rdiff-backup/buildout.cfg
+  ../component/lxml-python/buildout.cfg
+  ../component/zlib/buildout.cfg
+
+[application]
+recipe = hexagonit.recipe.download
+#If provided tarball does not containt top directory this option shall be changed to false
+strip-top-level-dir = true
+
+[eggs]
+recipe = zc.recipe.egg
+eggs =
+  ${lxml-python:egg}

stack/nbd.cfg

+[buildout]
+extends =
+  ../component/python-2.6/buildout.cfg
+  ../component/lxml-python/buildout.cfg
+  ../component/zlib/buildout.cfg
+  ../component/git/buildout.cfg
+
+# Python2.6 needed by Flask and pyopenssl
+extensions =
+  slapos.rebootstrap
+
+parts +=
+  nbdserver
+  pyOpenSSL-python
+  eggs
+
+find-links +=
+  http://www.nexedi.org/static/packages/source/slapos.buildout/
+
+versions = versions
+
+# Use only quite well working sites.
+allow-hosts =
+  *.nexedi.org
+  *.python.org
+  *.sourceforge.net
+  dist.repoze.org
+  effbot.org
+  github.com
+  peak.telecommunity.com
+  psutil.googlecode.com
+  www.dabeaz.com
+
+[rebootstrap]
+section = python2.6
+version = 3
+eggs = slapos.libnetworkcache
+
+[nbdserver]
+recipe = hexagonit.recipe.cmmi
+path = ${nbdserversource:location}/
+configure-options =
+  --disable-system
+  --disable-kvm
+  --extra-cflags="-I${zlib:location}/include"
+  --extra-ldflags="-L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib"
+  --disable-werror
+
+[nbdserversource]
+recipe=plone.recipe.command
+location = ${buildout:parts-directory}/${:_buildout_section_name_}
+stop-on-error = true
+command =
+  (${git:location}/bin/git clone --quiet http://git.erp5.org/repos/slapos.kvm.git ${:location} ) || (rm -fr ${:location} ; exit 1)
+update-command =
+ cd ${:location} && ${git:location}/bin/git pull --quiet origin master
+
+[instance-recipe]
+egg = slapos.cookbook
+module = nbdserver
+
+[eggs]
+recipe = zc.recipe.egg
+eggs =
+  ${lxml-python:egg}
+  slapos.toolbox
+  slapos.cookbook
+  pyOpenSSL
+
+[pyOpenSSL-python]
+recipe = zc.recipe.egg:custom
+egg = pyOpenSSL
+include-dirs =
+  ${openssl:location}/include/
+  ${python2.6:location}/include/
+library-dirs =
+  ${openssl:location}/lib/
+  ${python2.6:location}/lib/
+rpath =
+  ${openssl:location}/lib/
+  ${python2.6:location}/lib/
+
+
+[versions]
+# Use SlapOS patched zc.buildout
+zc.buildout = 1.5.3-dev-SlapOS-005
+
+Jinja2 = 2.5.5
+Werkzeug = 0.6.2
+apache-libcloud = 0.5.2
+hexagonit.recipe.cmmi = 1.5.0
+meld3 = 0.6.7
+plone.recipe.command = 1.1
+pyOpenSSL = 0.12
+pycrypto = 2.3
+slapos.cookbook = 0.14
+slapos.recipe.template = 1.1
+slapos.toolbox = 0.6
+
+# Required by:
+# slapos.core==0.9
+# slapos.toolbox==0.6
+Flask = 0.7.2
+
+# Required by:
+# slapos.cookbook==0.14
+PyXML = 0.8.4
+
+# Required by:
+# slapos.core==0.9
+argparse = 1.1
+
+# Required by:
+# slapos.recipe.template==1.1
+collective.recipe.template = 1.8
+
+# Required by:
+# hexagonit.recipe.cmmi==1.5.0
+hexagonit.recipe.download = 1.5.0
+
+# Required by:
+# slapos.cookbook==0.14
+# slapos.core==0.9
+# slapos.toolbox==0.6
+# xml-marshaller==0.9.7
+lxml = 2.3
+
+# Required by:
+# slapos.cookbook==0.14
+netaddr = 0.7.5
+
+# Required by:
+# slapos.core==0.9
+netifaces = 0.4
+
+# Required by:
+# slapos.toolbox==0.6
+paramiko = 1.7.7.1
+
+# Required by:
+# slapos.toolbox==0.6
+psutil = 0.3.0
+
+# Required by:
+# slapos.cookbook==0.14
+# slapos.core==0.9
+# slapos.toolbox==0.6
+# zc.buildout==1.5.3-dev-SlapOS-005
+# zc.recipe.egg==1.3.2
+setuptools = 0.6c12dev-r88846
+
+# Required by:
+# slapos.cookbook==0.14
+# slapos.toolbox==0.6
+slapos.core = 0.9
+
+# Required by:
+# slapos.core==0.9
+supervisor = 3.0a10
+
+# Required by:
+# slapos.cookbook==0.14
+# slapos.toolbox==0.6
+xml-marshaller = 0.9.7
+
+# Required by:
+# slapos.cookbook==0.14
+zc.recipe.egg = 1.3.2
+
+# Required by:
+# slapos.core==0.9
+zope.interface = 3.6.4

stack/shacache-client.cfg

+[buildout]
+networkcache-section = networkcache
+
+[networkcache]
+download-cache-url = http://www.shacache.org/shacache
+download-dir-url = http://www.shacache.org/shadir