Merge remote-tracking branch 'origin/master' into erp5-component

694f3319 · Kazuhiko Shiozaki · 2ad8cb70 · 2c303cf2 · 694f3319 · 694f3319
Commit 694f3319 authored Jun 16, 2014 by Kazuhiko Shiozaki
15 changed files
--- a/component/hwloc/buildout.cfg
+++ b/component/hwloc/buildout.cfg
+[buildout]
+extends =
+  ../../component/libtool/buildout.cfg
+  ../../component/automake/buildout.cfg
+  ../../component/autoconf/buildout.cfg
+parts =
+  hwloc
+[hwloc]
+recipe = slapos.recipe.cmmi
+url = http://www.open-mpi.org/software/hwloc/v1.9/downloads/hwloc-1.9.tar.gz
+md5sum = 1f9f9155682fe8946a97c08896109508
+environment =
+  PATH=${pkgconfig:location}/bin:${automake:location}/bin:${autoconf:location}/bin:${libtool:location}/bin:%(PATH)s
+configure-options =
+  --prefix="${buildout:parts-directory}/${:_buildout_section_name_}"
\ No newline at end of file
--- a/component/lua/buildout.cfg
+++ b/component/lua/buildout.cfg
+[buildout]
+extends =
+  ../readline/buildout.cfg
+parts =
+  lua
+[lua]
+recipe = slapos.recipe.cmmi
+url = http://www.lua.org/ftp/lua-5.2.3.tar.gz
+md5sum = dc7f94ec6ff15c985d2d6ad0f1b35654
+configure-command = make posix
+make-targets =
+  install INSTALL_TOP=${buildout:parts-directory}/${:_buildout_section_name_}
+environment =
+  CMAKE_INCLUDE_PATH=${readline:location}/include
+  CMAKE_LIBRARY_PATH=${readline:location}/lib
+  CPPFLAGS =-I${readline:location}/include
+  LDFLAGS =-L${readline:location}/lib -Wl,-rpath=${readline:location}/lib
--- a/component/trafficserver/buildout.cfg
+++ b/component/trafficserver/buildout.cfg
+[buildout]
+extends =
+  ../../component/lua/buildout.cfg
+  ../../component/hwloc/buildout.cfg
+  ../../component/pkgconfig/buildout.cfg
+  ../../component/libtool/buildout.cfg
+  ../../component/make/buildout.cfg
+  ../../component/openssl/buildout.cfg
+  ../../component/tcl/buildout.cfg
+  ../../component/libexpat/buildout.cfg
+  ../../component/pcre/buildout.cfg
+  ../../component/libcap/buildout.cfg
+  ../../component/flex/buildout.cfg
+  ../../component/ncurses/buildout.cfg
+  ../../component/curl/buildout.cfg
+  ../../component/zlib/buildout.cfg
+parts =
+  trafficserver
+[trafficserver]
+recipe = slapos.recipe.cmmi
+url = http://apache.claz.org/trafficserver/trafficserver-4.2.1.tar.bz2
+md5sum = 18f7d56650cba260c8cce3bf4abfa56c
+configure-options =
+  --prefix=${buildout:parts-directory}/${:_buildout_section_name_}
+  --with-openssl=${openssl:location}
+  --with-expat=${libexpat:location}
+  --with-pcre=${pcre:location}
+  --with-lua=${lua:location}
+  --with-ncurses=${ncurses:location}
+  --with-tcl=${tcl:location}/lib/
+  --with-zlib=${zlib:location}
+environment =
+  PATH=${make:location}/bin:${libtool:location}/bin:${pkgconfig:location}/bin:%(PATH)s
+  LDFLAGS = -L${tcl:location}/lib -Wl,-rpath=${tcl:location}/lib
+make-target =
+  check
+  install
--- a/software/apache-frontend/common.cfg
+++ b/software/apache-frontend/common.cfg
@@ -13,7 +13,8 @@ extends =
  ../../component/dcron/buildout.cfg
  ../../component/logrotate/buildout.cfg
  ../../component/rdiff-backup/buildout.cfg
-  ../../component/squid/buildout.cfg
+  ../../component/trafficserver/buildout.cfg
 # Monitoring stack
  ../../stack/monitor/buildout.cfg
@@ -33,7 +34,6 @@ parts +=
  dcron
  logrotate
  rdiff-backup
-  squid
 [slapos-toolbox]
 recipe = zc.recipe.egg
@@ -67,7 +67,7 @@ mode = 0644
 [template-apache-frontend]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance-apache-frontend.cfg
-md5sum = f5ec3d3b29d20ccdb00e3b64aa588fa5
+md5sum = b823cb31ff97700c009cf14725690323
 output = ${buildout:directory}/template-apache-frontend.cfg
 mode = 0644
@@ -144,12 +144,6 @@ url = ${:_profile_base_location_}/templates/template-log-access.conf.in
 md5sum = f85005b430978f3bd24ee7ce11b0e304
 mode = 640
-[template-squid-configuration]
-recipe = slapos.recipe.build:download
-url = ${:_profile_base_location_}/templates/squid.conf.jinja2
-md5sum = f17753fa87da074bc949b2967a330099
-mode = 640
 [template-empty]
 recipe = slapos.recipe.build:download
 url = ${:_profile_base_location_}/templates/empty.in
@@ -162,3 +156,12 @@ url = ${:_profile_base_location_}/templates/wrapper.in
 output = ${buildout:directory}/template-wrapper.cfg
 mode = 0644
 md5sum = 8cde04bfd0c0e9bd56744b988275cfd8
+[template-trafficserver-records-config]
+recipe = hexagonit.recipe.download
+url = ${:_profile_base_location_}/templates/trafficserver/${:filename}
+md5sum = 950a19be225a25309a3bda3f61fb5f6a
+location = ${buildout:parts-directory}/${:_buildout_section_name_}
+filename = records.config.jinja2
+download-only = true
+mode = 0644
--- a/software/apache-frontend/instance-apache-frontend.cfg
+++ b/software/apache-frontend/instance-apache-frontend.cfg
@@ -9,16 +9,11 @@ parts =
  certificate-authority
  logrotate-entry-apache
  logrotate-entry-apache-cached
-  logrotate-entry-squid
  apache-frontend
  apache-cached
  switch-apache-softwaretype
  frontend-apache-graceful
  cached-apache-graceful
-  squid-service
-  squid-prepare
-  squid-reload
-  promise-squid
  dynamic-template-default-vh
  not-found-html
  promise-frontend-apache-configuration
@@ -28,6 +23,14 @@ parts =
  promise-apache-frontend-v6-https
  promise-apache-frontend-v6-http
  promise-apache-cached
+  trafficserver-launcher
+  trafficserver-reload
+  trafficserver-configuration-directory
+  trafficserver-records-config
+  trafficserver-remap-config
+  trafficserver-storage-config
 ## Monitoring part
 ###Parts to add for monitoring
  certificate-authority
@@ -47,6 +50,9 @@ parts =
 ## Monitor for apache
  monitor-current-log-access
  monitor-backup-log-access
+  monitor-ats-cache-stats-wrapper
+  monitor-apache-configuration-verification
 extends = ${monitor-template:output}
@@ -79,6 +85,7 @@ crontabs = $${:etc}/crontabs
 cronstamps = $${:etc}/cronstamps
 ca-dir = $${:srv}/ssl
 [switch-apache-softwaretype]
 recipe = slapos.cookbook:softwaretype
 single-default = $${dynamic-default-template-slave-list:rendered}
@@ -117,14 +124,6 @@ apache-directory = ${apache-2.2:location}
 apache-ipv6 = $${instance-parameter:ipv6-random}
 apache-https-port = $${instance-parameter:configuration.port}
-[monitor-current-log-access]
-< = monitor-directory-access
-source = $${directory:log}
-[monitor-backup-log-access]
-< = monitor-directory-access
-source = $${directory:logrotate-backup}
 [jinja2-template-base]
 recipe = slapos.recipe.template:jinja2
 rendered = $${buildout:directory}/$${:filename}
@@ -135,6 +134,7 @@ context =
    key develop_eggs_directory buildout:develop-eggs-directory
    key slap_software_type instance-parameter:slap-software-type
    key slapparameter_dict instance-parameter:configuration
+    section directory directory
    $${:extra-context}
 [dynamic-template-default-vh]
@@ -333,8 +333,8 @@ cache-access-log = $${directory:log}/frontend-apache-access-cached.log
 cache-error-log = $${directory:log}/frontend-apache-error-cached.log
 cache-pid-file = $${directory:run}/httpd-cached.pid
-# Comunication with squid
+# Comunication with ats
-cache-port = 26010
+cache-port = $${trafficserver-variable:input-port}
 cache-through-port = 26011
 # Create wrapper for "apachectl conftest" in bin
@@ -433,77 +433,70 @@ sharedscripts = true
 notifempty = true
 create = true
-[logrotate-entry-squid]
+#################
-<= logrotate
+# Trafficserver
-recipe = slapos.cookbook:logrotate.d
+#################
-name = squid
+[trafficserver-directory]
-log = $${squid-cache:cache-log-path} $${squid-cache:access-log-path}
-frequency = daily
-rotatep-num = 30
-post = ${buildout:bin-directory}/killpidfromfile $${apache-configuration:pid-file} SIGHUP
-sharedscripts = true
-notifempty = true
-create = true
-######################
-#  Squid deployment
-######################
-[squid-directory]
 recipe = slapos.cookbook:mkdirectory
-squid-cache = $${directory:srv}/squid_cache
+configuration = $${directory:etc}/trafficserver
+local-state = $${directory:var}/trafficserver
-[squid-cache]
+bin_path = ${trafficserver:location}/bin
-prepare-path = $${directory:etc-run}/squid-prepare
+log = $${directory:log}/trafficserver
-wrapper-path = $${directory:service}/squid
+cache-path = $${directory:srv}/ats_cache
-binary-path = ${squid:location}/sbin/squid
-configuration-path = $${directory:etc}/squid.cfg
+[trafficserver-variable]
-cache-path = $${squid-directory:squid-cache}
+wrapper-path = $${directory:service}/trafficserver
-ip = $${instance-parameter:ipv4-random}
+reload-path = $${directory:etc-run}/trafficserver-reload
-port = $${apache-configuration:cache-port}
+local-ip = $${instance-parameter:ipv4-random}
-backend-ip = $${instance-parameter:ipv4-random}
+input-port = 23432
-backend-port = $${apache-configuration:cache-through-port}
+hostname = $${slap-parameter:frontend-name}
-open-port = $${instance-parameter:configuration.open-port}
+remap = map / http://$${instance-parameter:ipv4-random}:$${apache-configuration:cache-through-port}
-access-log-path = $${directory:log}/squid-access.log
+disk-cache-config = $${trafficserver-directory:cache-path} 8G volume=$${slap-parameter:frontend-name}
-cache-log-path = $${directory:log}/squid-cache.log
-pid-filename-path = $${directory:run}/squid.pid
+[trafficserver-configuration-directory]
+recipe = plone.recipe.command
-[squid-configuration]
+command = cp -rn ${trafficserver:location}/etc/trafficserver/* $${:target}
-< = jinja2-template-base
+target = $${trafficserver-directory:configuration}
-template = ${template-squid-configuration:target}
-rendered = $${squid-cache:configuration-path}
+[trafficserver-launcher]
-extra-context =
-      key ip squid-cache:ip
-      key port squid-cache:port
-      key backend_ip squid-cache:backend-ip
-      key backend_port squid-cache:backend-port
-      key cache_path squid-cache:cache-path
-      key access_log_path squid-cache:access-log-path
-      key cache_log_path squid-cache:cache-log-path
-      key pid_filename_path squid-cache:pid-filename-path
-      key open_port squid-cache:open-port
-[squid-service]
 recipe = slapos.cookbook:wrapper
-command-line = $${squid-cache:binary-path} -N -f $${squid-configuration:rendered}
+command-line = ${trafficserver:location}/bin/traffic_cop
-wrapper-path = $${squid-cache:wrapper-path}
+wrapper-path = $${trafficserver-variable:wrapper-path}
+environment = TS_ROOT=$${buildout:directory}
-[squid-prepare]
+[trafficserver-reload]
 recipe = slapos.cookbook:wrapper
-command-line = $${squid-cache:binary-path} -z -f $${squid-configuration:rendered}
+command-line = ${trafficserver:location}/bin/traffic_line -x
-wrapper-path = $${squid-cache:prepare-path}
+wrapper-path = $${trafficserver-variable:reload-path}
+environment = TS_ROOT=$${buildout:directory}
-[squid-reload]
+[trafficserver-records-config]
-recipe = slapos.cookbook:wrapper
+< = jinja2-template-base
-command-line = ${buildout:bin-directory}/killpidfromfile $${squid-cache:pid-filename-path} SIGHUP
+template = ${template-trafficserver-records-config:location}/${template-trafficserver-records-config:filename}
-wrapper-path = $${directory:etc-run}/squid-reload
+rendered = $${trafficserver-directory:configuration}/records.config
+mode = 700
+context =
+    import os_module os
+    section ats_directory trafficserver-directory
+    section ats_configuration trafficserver-variable
-[promise-squid]
+[trafficserver-remap-config]
-recipe = slapos.cookbook:check_port_listening
+< = jinja2-template-base
-path = $${directory:promise}/squid
+template = ${template-empty:target}
-hostname = $${instance-parameter:ipv4-random}
+rendered = $${trafficserver-configuration-directory:target}/remap.config
-port = $${apache-configuration:cache-port}
+mode = 700
+context =
+    key content trafficserver-variable:remap
-# End of Squid part
+[trafficserver-storage-config]
+< = jinja2-template-base
+template = ${template-empty:target}
+rendered = $${trafficserver-configuration-directory:target}/storage.config
+mode = 700
+context =
+    key content trafficserver-variable:disk-cache-config
+### End of ATS sections
 ### Apaches Graceful and promises
 [frontend-apache-graceful]
@@ -577,3 +570,62 @@ server_url = $${slap-connection:server-url}
 software_release_url = $${slap-connection:software-release-url}
 key_file = $${slap-connection:key-file}
 cert_file = $${slap-connection:cert-file}
+[slap-parameter]
+# Define default parameter(s) that will be used later, in case user didn't
+# specify it
+# All parameters are available through the configuration.XX syntax.
+# All possible parameters should have a default.
+domain = example.org
+public-ipv4 =
+port = 4443
+plain_http_port = 8080
+server-admin = admin@example.com
+apache_custom_https = ""
+apache_custom_http = ""
+apache-key =
+apache-certificate =
+open-port = 80 443
+extra_slave_instance_list =
+frontend-name =
+#######
+# Monitoring sections
+#
+[monitor-current-log-access]
+< = monitor-directory-access
+source = $${directory:log}
+[monitor-backup-log-access]
+< = monitor-directory-access
+source = $${directory:logrotate-backup}
+# Produce ATS Cache stats
+[monitor-ats-cache-stats-wrapper]
+< = jinja2-template-base
+template = ${template-wrapper:output}
+rendered = $${monitor-directory:monitoring-cgi}/ats-cache-stats
+mode = 0700
+command = export TS_ROOT=$${buildout:directory} && echo "<pre>$(${trafficserver:location}/bin/traffic_shell $${monitor-ats-cache-stats-config:rendered})</pre>"
+extra-context =
+  key content monitor-ats-cache-stats-wrapper:command
+[monitor-ats-cache-stats-config]
+< = jinja2-template-base
+template = ${template-empty:target}
+rendered = $${trafficserver-configuration-directory:target}/cache-config.stats
+mode = 644
+context =
+    raw content show:cache-stats
+# Display result of apache configuration check
+[monitor-apache-configuration-verification]
+< = jinja2-template-base
+template = ${template-wrapper:output}
+rendered = $${monitor-directory:monitoring-cgi}/front-httpd-configuration
+mode = 0700
+command = echo "<pre>$($${apache-configuration:frontend-configuration-verification})</pre>"
+extra-context =
+  key content :command
--- a/software/apache-frontend/templates/squid.conf.jinja2
+++ b/software/apache-frontend/templates/squid.conf.jinja2
-refresh_pattern .   0 20% 4320 max-stale=604800
-# Dissallow cachemgr access
-http_access deny manager
-# Squid service configuration
-http_port {{ ip }}:{{ port }} accel defaultsite={{ ip }}
-cache_peer {{ backend_ip }} parent {{ backend_port }} 0 no-query originserver name=backend
-acl our_sites port {{ open_port }}
-http_access allow our_sites
-cache_peer_access backend allow our_sites
-cache_peer_access backend deny all
-# Drop squid headers
-# via off
-# reply_header_access X-Cache-Lookup deny all
-# reply_header_access X-Squid-Error deny all
-# reply_header_access X-Cache deny all
-header_replace X-Forwarded-For
-follow_x_forwarded_for allow all
-forwarded_for on
-cache_dir aufs {{ cache_path }} 5000 16 256
-# Use 1Go of RAM
-cache_mem 1024 MB
-# But do not keep big object in RAM
-maximum_object_size_in_memory 2048 KB
-# Log
-access_log {{ access_log_path }}
-cache_log {{ cache_log_path }}
-pid_filename {{ pid_filename_path }}
--- a/software/apache-frontend/templates/trafficserver/records.config.jinja2
+++ b/software/apache-frontend/templates/trafficserver/records.config.jinja2
--- a/stack/monitor/buildout.cfg
+++ b/stack/monitor/buildout.cfg
@@ -42,30 +42,30 @@ recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/monitor.cfg.in
 output = ${buildout:directory}/monitor.cfg
 filename = monitor.cfg
-md5sum = bd592a0f0c41ec15c643c4e91e9ec5cc
+md5sum = 499ba647f0c22f16bea3cc88bdfd98e8
 mode = 0644
 [monitor-bin]
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/${:filename}
 download-only = true
-md5sum = 1e7b4698f6627150b1eb783b06f8b13a
+md5sum = cb2f15850d3dc82459a0044adb4416cf
 destination = ${buildout:directory}/parts/monitor-template-monitor-bin
 filename = monitor.py.in
 mode = 0644
 [index]
 recipe = hexagonit.recipe.download
-url = ${:_profile_base_location_}/webfiles/${:filename}
+url = ${:_profile_base_location_}/webfile-directory/${:filename}
 download-only = true
-md5sum = 91ac749f86aecc0c383d93e51e15a572
+md5sum = cd649264b331499241abfcdb4e81672a
 destination = ${buildout:directory}/parts/monitor-index
 filename = index.cgi.in
 mode = 0644
 [index-template]
 recipe = hexagonit.recipe.download
-url = ${:_profile_base_location_}/webfiles/${:filename}
+url = ${:_profile_base_location_}/webfile-directory/${:filename}
 download-only = true
 destination = ${buildout:directory}/parts/monitor-template-index
 md5sum = e0d2aaeffc046b2ac6d9d717e1ba321d
@@ -74,22 +74,31 @@ mode = 0644
 [status-cgi]
 recipe = hexagonit.recipe.download
-url = ${:_profile_base_location_}/webfiles/${:filename}
+url = ${:_profile_base_location_}/webfile-directory/${:filename}
 download-only = true
-md5sum = aa2764cab87e457410435974f729e906
+md5sum = 4fb26753ee669b8ac90ffe33dbd12e8f
 destination = ${buildout:directory}/parts/monitor-template-status-cgi
 filename = status.cgi.in
 mode = 0644
 [settings-cgi]
 recipe = hexagonit.recipe.download
-url = ${:_profile_base_location_}/webfiles/${:filename}
+url = ${:_profile_base_location_}/webfile-directory/${:filename}
 download-only = true
-md5sum = 18574b804da0c65d8670959f9e7c4774
+md5sum = f19c8e4b94718d475520618ae57338c8
 destination = ${buildout:directory}/parts/monitor-template-settings-cgi
 filename = settings.cgi.in
 mode = 0644
+[monitor-password-cgi]
+recipe = hexagonit.recipe.download
+url = ${:_profile_base_location_}/webfile-directory/${:filename}
+download-only = true
+md5sum = 1a6153908934bf77e3e033eeabdc1675
+destination = ${buildout:directory}/parts/monitor-template-monitor-password-cgi
+filename = monitor-password.cgi.in
+mode = 0644
 [rss-bin]
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/${:filename}
@@ -108,9 +117,9 @@ logfile = $${directory:log}/crond.log
 [download-static-files]
 recipe = hexagonit.recipe.download
-url = https://github.com/SlapOS/staticForMonitoring/blob/db670e7568871c69a64916d462ccb57629f1c77d/static-files.tar.gz?raw=true
+url = https://github.com/SlapOS/staticForMonitoring/blob/8b7050faa2dd22592766e25b66b9efe0d0b216c9/static-files.tar.gz?raw=true
 download-only = true
-md5sum = 9e3feb2b520620d5b8d478eb9a9be6de
+md5sum = 05030ff31dc75c2b96559dedc70945f5
 filename = static-files.tar.gz
 destination = ${buildout:directory}/parts/monitor-static-files
 mode = 0644
--- a/stack/monitor/monitor.cfg.in
+++ b/stack/monitor/monitor.cfg.in
@@ -18,6 +18,7 @@ url = https://[$${slap-parameters:ipv6-random}]:$${:port}
 index-filename = index.cgi
 index-path = $${monitor-directory:www}/$${:index-filename}
 db-path = $${monitor-directory:etc}/monitor.db
+monitor-password-path = $${monitor-directory:etc}/.monitor.shadow
 [monitor-directory]
 recipe = slapos.cookbook:mkdirectory
@@ -97,11 +98,14 @@ mode = 0644
 recipe = slapos.recipe.template:jinja2
 template = ${index:location}/${index:filename}
 rendered = $${monitor-parameters:index-path}
+update-apache-access = ${apache:location}/bin/htpasswd -cb $${monitor-parameters:htaccess-file} admin
 mode = 0744
 context =
  key cgi_directory monitor-directory:cgi-bin
  raw index_template $${deploy-index-template:location}/$${deploy-index-template:filename}
-  key password zero-parameters:monitor-password
+  key monitor_password_path monitor-parameters:monitor-password-path
+  key monitor_password_script_path deploy-monitor-password-cgi:rendered
+  key apache_update_command :update-apache-access
  raw extra_eggs_interpreter ${buildout:directory}/bin/${extra-eggs:interpreter}
  raw default_page /welcome.html
@@ -139,6 +143,17 @@ context =
  key pwd monitor-directory:knowledge0-cgi
  key this_file :filename
+[deploy-monitor-password-cgi]
+recipe = slapos.recipe.template:jinja2
+template = ${monitor-password-cgi:location}/${monitor-password-cgi:filename}
+rendered = $${monitor-directory:knowledge0-cgi}/$${:filename}
+filename = monitor-password.cgi
+mode = 0744
+context =
+  raw python_executable ${buildout:executable}
+  key pwd monitor-directory:knowledge0-cgi
+  key this_file :filename
 [deploy-monitor-script]
 recipe = slapos.recipe.template:jinja2
 template = ${monitor-bin:location}/${monitor-bin:filename}
@@ -159,12 +174,6 @@ context =
  section directory monitor-directory
  section monitor_parameters monitor-parameters
-[monitor-htaccess]
-recipe = plone.recipe.command
-stop-on-error = true
-htaccess-path = $${monitor-parameters:htaccess-file}
-command = ${apache:location}/bin/htpasswd -cb $${:htaccess-path} admin $${zero-parameters:monitor-password}
 [monitor-directory-access]
 recipe = plone.recipe.command
 command = ln -s $${:source} $${monitor-directory:private-directory}
@@ -211,7 +220,6 @@ name = example.com
 [public]
 recipe = slapos.cookbook:zero-knowledge.write
 filename = knowledge0.cfg
-monitor-password = passwordtochange
 [zero-parameters]
 recipe = slapos.cookbook:zero-knowledge.read
@@ -279,7 +287,7 @@ input = inline:
  </Files>
  AuthType Basic
  AuthName "Private access"
-  AuthUserFile "$${monitor-htaccess:htaccess-path}"
+  AuthUserFile "$${monitor-parameters:htaccess-file}"
  Require valid-user
  Options Indexes FollowSymLinks
  Satisfy all
@@ -315,4 +323,3 @@ curl_path = ${curl:location}/bin/curl
 [publish-connection-informations]
 recipe = slapos.cookbook:publish
 monitor_url = $${monitor-parameters:url}
-IMPORTANT_monitor_info = Change the monitor_password as soon as possible ! Default is : $${public:monitor-password} . You can change it in the setting.cgi section of your monitorin interface
--- a/stack/monitor/monitor.py.in
+++ b/stack/monitor/monitor.py.in
@@ -7,6 +7,7 @@ import subprocess
 import sys
 import sqlite3
 import time
+import threading
 from optparse import OptionParser, make_option
@@ -34,6 +35,26 @@ option_list = [
              help="add the file containing services\'pid to the files to monitor")
 ]
+class Popen(subprocess.Popen):
+  __timeout = None
+  def timeout(self, delay, delay_before_kill=5):
+    if self.__timeout is not None: self.__timeout.cancel()
+    self.__timeout = threading.Timer(delay, self.stop, [delay_before_kill])
+    self.__timeout.start()
+    def waiter():
+        self.wait()
+        self.__timeout.cancel()
+    threading.Thread(target=waiter).start()
+  def stop(self, delay_before_kill=5):
+    if self.__timeout is not None: self.__timeout.cancel()
+    self.terminate()
+    t = threading.Timer(delay_before_kill, self.kill)
+    t.start()
+    r = self.wait()
+    t.cancel()
+    return r
 def init_db():
  db = sqlite3.connect(db_path)
@@ -89,24 +110,26 @@ def runServices(directory):
 def runScripts(directory):
  scripts = getListOfScripts(directory)
-  script_timeout = 3
+  # XXX script_timeout could be passed as parameters
+  script_timeout = 60 # in seconds
  result = {}
  for script in scripts:
    command = [os.path.join(promise_dir, script)]
    script = os.path.basename(command[0])
    result[script] = ''
-    process_handler = subprocess.Popen(command,
+    process_handler = Popen(command,
-                                       cwd=instance_path,
+                            cwd=instance_path,
-                                       env=None if sys.platform == 'cygwin' else {},
+                            env=None if sys.platform == 'cygwin' else {},
-                                       stdout=subprocess.PIPE,
+                            stdout=subprocess.PIPE,
-                                       stderr=subprocess.PIPE,
+                            stderr=subprocess.PIPE,
-                                       stdin=subprocess.PIPE)
+                            stdin=subprocess.PIPE)
    process_handler.stdin.flush()
    process_handler.stdin.close()
    process_handler.stdin = None
-    time.sleep(script_timeout)
+    process_handler.timeout(script_timeout)
+    process_handler.wait()
    if process_handler.poll() is None:
      process_handler.terminate()

--- a/stack/monitor/webfiles/index.cgi.in
+++ b/stack/monitor/webfiles/index.cgi.in
@@ -3,11 +3,12 @@
 import cgi
 import cgitb
 import Cookie
+import base64
+import hashlib
+import hmac
 import jinja2
-import json
 import os
 import subprocess
-import sys
 import urllib
 cgitb.enable(display=0, logdir="/tmp/cgi.log")
@@ -17,6 +18,58 @@ cookie = Cookie.SimpleCookie()
 cgi_path = "{{ cgi_directory }}"
+monitor_password_path = "{{ monitor_password_path }}"
+monitor_password_script_path = "{{ monitor_password_script_path }}"
+monitor_apache_password_command = "{{ apache_update_command }}"
+########
+# Password functions
+#######
+def crypt(word, salt="$$"):
+  salt = salt.split("$")
+  algo = salt[0] or 'sha1'
+  if algo in hashlib.algorithms:
+    H = getattr(hashlib, algo)
+  elif algo == "plain":
+    return "%s$%s" % (algo, word)
+  else:
+    raise ValueError
+  rounds = min(max(0, int(salt[1])), 30) if salt[1] else 9
+  salt = salt[2] or base64.b64encode(os.urandom(12), "./")
+  h = hmac.new(salt, word, H).digest()
+  for x in xrange(1, 1 << rounds):
+    h = H(h).digest()
+  return "%s$%s$%s$%s" % (algo, rounds, salt,
+    base64.b64encode(h, "./").rstrip("="))
+def is_password_set():
+  if not os.path.exists(monitor_password_path):
+    return False
+  hashed_password = open(monitor_password_path, 'r').read()
+  try:
+    void, algo, salt, hsh = hashed_password.split('$')
+  except ValueError:
+    return False
+  return True
+def set_password(raw_password):
+  hashed_password = crypt(raw_password)
+  subprocess.check_call(monitor_apache_password_command + " %s" % raw_password,
+                        shell=True)
+  open(monitor_password_path, 'w').write(hashed_password)
+def check_password(raw_password):
+  """
+  Returns a boolean of whether the raw_password was correct. Handles
+  encryption formats behind the scenes.
+  """
+  if not os.path.exists(monitor_password_path) or not raw_password:
+    return False
+  hashed_password = open(monitor_password_path, 'r').read()
+  return hashed_password == crypt(raw_password, hashed_password)
+### End of password functions
 def forward_form():
  command = os.path.join(cgi_path, form['posting-script'].value)
@@ -33,8 +86,10 @@ def forward_form():
    pass
-def return_document():
+def return_document(command=None):
-  command = os.path.join(cgi_path, form['script'].value)
+  if not command:
+    script = form['script'].value
+    command = os.path.join(cgi_path, script)
  #XXX this functions should be called only for display,
  #so a priori it doesn't need form data
  os.environ['QUERY_STRING'] = ''
@@ -45,8 +100,8 @@ def return_document():
      print open(command).read()
    else:
      raise OSError
-  except (subprocess.CalledProcessError, OSError):
+  except (subprocess.CalledProcessError, OSError) as e:
-    print "<p>File cannot be found</p>"
+    print "<p>Error :</p><pre>%s</pre>" % e
 def make_menu():
@@ -62,29 +117,48 @@ def make_menu():
  return folder_list
-# Beginning of response
+def get_cookie_password():
-print "Content-Type: text/html"
-# Check if user is logged
-if "password" in form:
-  password = form['password'].value
-  if password == '{{ password }}' :
-    cookie['password'] = password
-    print cookie, "; Path=/; HttpOnly"
-else:
  cookie_string = os.environ.get('HTTP_COOKIE')
  if cookie_string:
    cookie.load(cookie_string)
    try:
-      password = cookie['password'].value
+      return cookie['password'].value
    except KeyError:
-      password = None
+      pass
-  else:
+  return None
-    password = None
+def set_cookie_password(password):
+  cookie['password'] = password
+  print cookie, "; Path=/; HttpOnly"
+# Beginning of response
+print "Content-Type: text/html"
+password = None
+# Check if user is logged
+if "password_2" in form and "password" in form:
+  password_2 = form['password_2'].value
+  password_1 = form['password'].value
+  password = get_cookie_password()
+  if not is_password_set() or check_password(password):
+    if password_2 == password_1:
+      password = password_1
+      set_password(password)
+      set_cookie_password(password)
+elif "password" in form:
+  password = form['password'].value
+  if is_password_set() and check_password(password):
+    set_cookie_password(password)
+else:
+  password = get_cookie_password()
 print '\n'
-if not password or password != '{{ password }}':
+if not is_password_set():
+  return_document(monitor_password_script_path)
+elif not check_password(password):
  print "<html><head>"
  print """
    <link rel="stylesheet" href="pure-min.css">
@@ -101,7 +175,6 @@ if not password or password != '{{ password }}':
    <button type="submit" class="pure-button pure-button-primary">Access</button>
  </form>
  </body></html>"""
 # redirection to the required script/page
 else:
  print

--- a/stack/monitor/webfiles/index.html.jinja2
+++ b/stack/monitor/webfiles/index.html.jinja2
--- a/stack/monitor/webfile-directory/monitor-password.cgi.in
+++ b/stack/monitor/webfile-directory/monitor-password.cgi.in
+#!{{ python_executable }}
+import cgitb
+cgitb.enable()
+print "<html><head>"
+print """
+  <script type="text/javascript" src="/jquery-1.10.2.min.js"></script>
+  <link rel="stylesheet" href="pure-min.css">
+  <link rel="stylesheet" href="/style.css">"""
+print "</head><body>"
+print "<h1>This is the monitoring interface</h1>"
+print "<h2>Please set your password for later access</h2>"
+print """
+<form action="/index.cgi" method="post" class="pure-form-aligned">
+<div class="pure-control-group">
+<label for="password">Password*:</label>
+<input placeholder="Set your password" type="password" name="password" id="password"></br>
+</div><div class="pure-control-group">
+<label for="password">Verify Password*:</label>
+<input placeholder="Verify password" type="password" name="password_2" id="password_2"></br>
+</div><p id="validate-status" style="color:red"></p>
+<div class="pure-controls">
+<button id="register-button" type="submit" class="pure-button pure-button-primary" disabled>Access</button></div>
+</form>
+<script type="text/javascript" src="monitor-register.js"></script>
+</body></html>
+"""
--- a/stack/monitor/webfiles/settings.cgi.in
+++ b/stack/monitor/webfiles/settings.cgi.in
@@ -17,14 +17,19 @@ config_file = "{{ config_cfg }}"
 if not os.path.exists(config_file):
  print "Your software does <b>not</b> embed 0-knowledge. \
-  This interface is useless in this case"
+  This interface is useless in this case</body></html>"
  exit(0)
 parser = ConfigParser.ConfigParser()
 parser.read(config_file)
+if not parser.has_section('public'):
+  print "<p>Your software does not use 0-knowledge settings.</p></body></html>"
+  exit(0)
 for name in form:
-  parser.set('public', name, form[name].value)
+  if parser.has_option('public', name):
+    parser.set('public', name, form[name].value)
 with open(config_file, 'w') as file:
  parser.write(file)

--- a/stack/monitor/webfiles/status.cgi.in
+++ b/stack/monitor/webfiles/status.cgi.in
@@ -3,6 +3,7 @@
 import cgi
 import cgitb
 import json
+import os
 import subprocess
 def refresh():
@@ -11,10 +12,21 @@ def refresh():
 cgitb.enable(display=0, logdir="/tmp/cgi.log")
 form = cgi.FieldStorage()
-if "refresh" in form:
-  refresh()
 json_file = "{{ json_file }}"
+if not os.path.exists(json_file) or "refresh" in form:
+  refresh()
+if not os.path.exists(json_file):
+  print """<html><head>
+  <link rel="stylesheet" href="pure-min.css">
+  <link rel="stylesheet" href="/style.css">
+  </head><body>
+  <h1>Monitoring :</h1>
+  No status file found</p></body></html>"""
+  exit(0)
 result = json.load(open(json_file))
 print "<html><head>"
@@ -33,7 +45,7 @@ print "<br/>"
 print "<h2>These scripts and promises have failed :</h2>"
 for r in result:
  if result[r] != '':
-    print "<h3>%s</h3><p style=\"padding-left:30px;\">%s</p>" % (r, result[r])
+    print "<h3>%s</h3><pre style=\"padding-left:30px;\">%s</pre>" % (cgi.escape(r), cgi.escape(result[r]))
 print "<br/>"
 print "<h2>These scripts and promises were successful :</h2>"