Commit e9efe967 authored by Alain Takoudjou's avatar Alain Takoudjou

Merge branch 'master' into 1.0

parents 4483ecb5 775860e6
include CHANGES.txt
include slapos/recipe/apache_frontend/template/notfound.html
include CHANGES.rst
recursive-include slapos/recipe *.in
recursive-include slapos/recipe *.bin
recursive-include slapos/recipe README.*.txt
recursive-include slapos/recipe README.*.rst
recursive-include slapos/recipe *.js
recursive-include slapos/recipe *.zcml
......@@ -18,6 +18,7 @@ eggs =
cloudooo.handler.pdf
cloudooo.handler.ffmpeg
cloudooo.handler.imagemagick
cloudooo.handler.wkhtmltopdf
PasteScript
python-magic
entry-points =
......
......@@ -32,6 +32,6 @@ configure-options =
--disable-gtk-doc-html
environment =
PATH=${pkgconfig:location}/bin:${glib:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${dbus:location}/lib/pkgconfig:${glib:location}/lib/pkgconfig
PKG_CONFIG_PATH=${dbus:location}/lib/pkgconfig:${glib:location}/lib/pkgconfig:${pcre:location}/lib/pkgconfig
CPPFLAGS=-I${libexpat:location}/include
LDFLAGS=-L${libexpat:location}/lib -L${gettext:location}/lib -Wl,-rpath=${zlib:location}/lib
......@@ -32,7 +32,7 @@ pre-configure =
./autogen.sh
environment =
PKG_CONFIG_PATH=${glib:location}/lib/pkgconfig
PKG_CONFIG_PATH=${glib:location}/lib/pkgconfig:${pcre:location}/lib/pkgconfig
PATH=${autoconf:location}/bin:${automake:location}/bin:${pkgconfig:location}/bin:${libtool:location}/bin:${intltool:location}/bin:${gettext:location}/bin:${glib:location}/bin:${perl:location}/bin:%(PATH)s
CPPFLAGS=-I${gettext:location}/include
LDFLAGS=-L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib
......@@ -49,7 +49,7 @@ url = http://dbus.freedesktop.org/releases/dbus-python/dbus-python-${:version}.t
md5sum = b09cd2d1a057cc432ce944de3fc06bf7
python-egg = ${buildout:parts-directory}/${:_buildout_section_name_}/lib/python2.7/site-packages
environment =
PKG_CONFIG_PATH=${dbus:location}/lib/pkgconfig:${dbus-glib:location}/lib/pkgconfig:${glib:location}/lib/pkgconfig
PKG_CONFIG_PATH=${dbus:location}/lib/pkgconfig:${dbus-glib:location}/lib/pkgconfig:${glib:location}/lib/pkgconfig:${pcre:location}/lib/pkgconfig
PATH=${pkgconfig:location}/bin:%(PATH)s
DBUS_CFLAGS=-I${dbus:location}/include/dbus-1.0 -I${dbus:location}/lib/dbus-1.0/include
DBUS_LIBS=-L${dbus:location}/lib -ldbus-1
......@@ -73,7 +73,7 @@ configure-options =
environment =
PATH=${autoconf:location}/bin:${automake:location}/bin:${pkgconfig:location}/bin:${libtool:location}/bin:${intltool:location}/bin:${gettext:location}/bin:${glib:location}/bin:${flex:location}/bin:${bison:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${glib:location}/lib/pkgconfig
PKG_CONFIG_PATH=${glib:location}/lib/pkgconfig:${pcre:location}/lib/pkgconfig
CPPFLAGS=-I${glib:location}/include/glib-2.0 -I${glib:location}/lib/glib-2.0/include
LDFLAGS=-L${glib:location}/lib -Wl,-rpath=${glib:location}/lib -L${libffi:location}/lib -Wl,-rpath=${libffi:location}/lib -lffi
M4=${m4:location}/bin/m4
......@@ -99,7 +99,7 @@ configure-options =
environment =
PATH=${pkgconfig:location}/bin:${libtool:location}/bin:${glib:location}/bin:${xz-utils:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${glib:location}/lib/pkgconfig:${gobject-introspection:location}/lib/pkgconfig
PKG_CONFIG_PATH=${glib:location}/lib/pkgconfig:${gobject-introspection:location}/lib/pkgconfig:${pcre:location}/lib/pkgconfig
PYTHON=${python2.7:location}/bin/python2.7
FFI_CFLAGS=-I${libffi:location}/include
FFI_LIBS=-L${libffi:location}/lib -Wl,-rpath=${libffi:location}/lib -lffi
......
......@@ -10,7 +10,7 @@ recipe = rubygemsrecipe
url = https://rubygems.org/rubygems/rubygems-2.4.8.zip
ruby-executable = ${ruby:location}/bin/ruby
gems =
fluentd==0.12.23
fluentd==0.12.24
fluent-plugin-td==0.10.27
gem-options = --no-ri --no-rdoc --with-icu-lib=${icu:location}/lib/ --with-icu-dir=${icu:location}/
environment =
......
......@@ -2,6 +2,7 @@
extends =
../gettext/buildout.cfg
../libffi/buildout.cfg
../pcre/buildout.cfg
../perl/buildout.cfg
../xz-utils/buildout.cfg
../zlib/buildout.cfg
......@@ -10,8 +11,8 @@ parts =
[glib]
recipe = slapos.recipe.cmmi
url = http://ftp.gnome.org/pub/gnome/core/3.16/3.16.2/sources/glib-2.44.1.tar.xz
md5sum = 83efba4722a9674b97437d1d99af79db
url = http://ftp.gnome.org/pub/gnome/core/3.20/3.20.2/sources/glib-2.48.1.tar.xz
md5sum = 67bd3b75c9f6d5587b457dc01cdcd5bb
configure-options =
--with-python=${python2.7:location}/bin/python2.7
--disable-static
......@@ -25,6 +26,8 @@ environment =
LDFLAGS=-L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
LIBFFI_CFLAGS=-I${libffi:location}/include
LIBFFI_LIBS= -L${libffi:location}/lib -Wl,-rpath=${libffi:location}/lib -lffi
PCRE_CFLAGS=-I${pcre:location}/include
PCRE_LIBS=-L${pcre:location}/lib -Wl,-rpath=${pcre:location}/lib -lpcre
[x86-cygwin-glib]
patches =
......
......@@ -11,9 +11,10 @@ parts =
[glibmm]
recipe = slapos.recipe.cmmi
# we keep using glibmm-2.44 that is buildable with non-C++11 compiler
url = http://ftp.gnome.org/pub/gnome/core/3.16/3.16.2/sources/glibmm-2.44.0.tar.xz
md5sum = 32ee4150b436d097fe2506d0b0b13a75
pkg_config_depends = ${glib:location}/lib/pkgconfig:${libsigc:location}/lib/pkgconfig
pkg_config_depends = ${glib:location}/lib/pkgconfig:${libsigc:location}/lib/pkgconfig:${pcre:location}/lib/pkgconfig
configure-options =
--disable-documentation
environment =
......
......@@ -26,7 +26,7 @@ parts =
recipe = slapos.recipe.cmmi
url = http://cairographics.org/releases/cairo-1.14.2.tar.xz
md5sum = e1cdfaf1c6c995c4d4c54e07215b0118
pkg_config_depends = ${libXext:location}/lib/pkgconfig:${libXext:pkg_config_depends}:${libpng:location}/lib/pkgconfig:${fontconfig:location}/lib/pkgconfig:${fontconfig:pkg_config_depends}:${pixman:location}/lib/pkgconfig:${glib:location}/lib/pkgconfig
pkg_config_depends = ${fontconfig:location}/lib/pkgconfig:${fontconfig:pkg_config_depends}:${glib:location}/lib/pkgconfig:${libXext:location}/lib/pkgconfig:${libXext:pkg_config_depends}:${libpng:location}/lib/pkgconfig:${pcre:location}/lib/pkgconfig:${pixman:location}/lib/pkgconfig
configure-options =
--disable-static
--disable-gtk-doc-html
......@@ -61,8 +61,8 @@ environment =
[pango]
recipe = slapos.recipe.cmmi
url = http://ftp.gnome.org/pub/gnome/core/3.14/3.14.2/sources/pango-1.36.8.tar.xz
md5sum = 217a9a753006275215fa9fa127760ece
url = http://ftp.gnome.org/pub/gnome/core/3.20/3.20.2/sources/pango-1.40.1.tar.xz
md5sum = 6fc88c6529890d6c8e03074d57a3eceb
pkg_config_depends = ${harfbuzz:location}/lib/pkgconfig:${harfbuzz:pkg_config_depends}
configure-options =
--disable-static
......@@ -75,9 +75,9 @@ environment =
[gdk-pixbuf]
recipe = slapos.recipe.cmmi
url = http://ftp.gnome.org/pub/GNOME/sources/gdk-pixbuf/2.32/gdk-pixbuf-2.32.1.tar.xz
md5sum = b1590189a2e89fab9f871959c168508c
pkg_config_depends = ${glib:location}/lib/pkgconfig:${libX11:location}/lib/pkgconfig:${libX11:pkg_config_depends}
url = http://ftp.gnome.org/pub/gnome/core/3.20/3.20.2/sources/gdk-pixbuf-2.35.1.tar.xz
md5sum = 72e0c924d5dc96bfde58a3b65ed83744
pkg_config_depends = ${glib:location}/lib/pkgconfig:${libX11:location}/lib/pkgconfig:${libX11:pkg_config_depends}:${pcre:location}/lib/pkgconfig
configure-options =
--disable-static
--disable-gtk-doc-html
......@@ -92,21 +92,21 @@ environment =
[atk]
recipe = slapos.recipe.cmmi
url = http://ftp.gnome.org/pub/gnome/core/3.16/3.16.2/sources/atk-2.16.0.tar.xz
md5sum = c7c5002bd6e58b4723a165f1bf312116
url = http://ftp.gnome.org/pub/gnome/core/3.20/3.20.2/sources/atk-2.20.0.tar.xz
md5sum = 5187b0972f4d3905f285540b31395e20
configure-options =
--with-python=${python2.7:location}/bin/python2.7
--disable-gtk-doc-html
environment =
PATH=${glib:location}/bin:${pkgconfig:location}/bin:${xz-utils:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${glib:location}/lib/pkgconfig
PKG_CONFIG_PATH=${glib:location}/lib/pkgconfig:${pcre:location}/lib/pkgconfig
LDFLAGS=-L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib -L${glib:location}/lib -Wl,-rpath=${gettext:location}/lib
LD_LIBRARY_PATH=${glib:location}/lib:${gettext:location}/lib
[gtk-2]
recipe = slapos.recipe.cmmi
url = http://ftp.gnome.org/pub/gnome/core/3.16/3.16.2/sources/gtk+-2.24.28.tar.xz
md5sum = bfacf87b2ea67e4e5c7866a9003e6526
url = http://ftp.gnome.org/pub/gnome/core/3.20/3.20.2/sources/gtk+-2.24.30.tar.xz
md5sum = 04568ba5c58b75e3c7543e45628ad789
pkg_config_depends = ${pango:location}/lib/pkgconfig:${pango:pkg_config_depends}:${atk:location}/lib/pkgconfig:${gdk-pixbuf:location}/lib/pkgconfig
configure-options =
--disable-static
......
......@@ -28,6 +28,7 @@ environment =
[pangomm]
recipe = slapos.recipe.cmmi
# we keep using pangomm-2.36 for glibmm-2.44 that is buildable with non-C++11 compiler
url = http://ftp.gnome.org/pub/gnome/core/3.16/3.16.2/sources/pangomm-2.36.0.tar.xz
md5sum = 62910723211d86ab825b666b479871c9
pkg_config_depends = ${pango:location}/lib/pkgconfig:${pango:pkg_config_depends}:${glibmm:location}/lib/pkgconfig:${glibmm:pkg_config_depends}:${cairomm:location}/lib/pkgconfig
......@@ -41,9 +42,10 @@ environment =
[atkmm]
recipe = slapos.recipe.cmmi
# we keep using atkmm-2.22 for glibmm-2.44 that is buildable with non-C++11 compiler
url = http://ftp.gnome.org/pub/gnome/core/3.12/3.12.2/sources/atkmm-2.22.7.tar.xz
md5sum = fec7db3fc47ba2e0c95d130ec865a236
pkg_config_depends = ${glib:location}/lib/pkgconfig:${atk:location}/lib/pkgconfig:${libsigc:location}/lib/pkgconfig:${glibmm:location}/lib/pkgconfig:
pkg_config_depends = ${atk:location}/lib/pkgconfig:${glib:location}/lib/pkgconfig:${glibmm:location}/lib/pkgconfig:${libsigc:location}/lib/pkgconfig:${pcre:location}/lib/pkgconfig
configure-options =
--disable-static
--disable-documentation
......
......@@ -12,8 +12,8 @@ parts = haproxy
[haproxy]
recipe = slapos.recipe.cmmi
url = http://www.haproxy.org/download/1.6/src/haproxy-1.6.4.tar.gz
md5sum = ee107312ef58432859ee12bf048025ab
url = http://www.haproxy.org/download/1.6/src/haproxy-1.6.5.tar.gz
md5sum = 5290f278c04e682e42ab71fed26fc082
configure-command = true
# If the system is running on Linux 2.6, we use "linux26" as the TARGET,
# otherwise use "generic".
......
......@@ -28,7 +28,7 @@ configure-options =
--disable-static
environment =
PATH=${glib:location}/bin:${pkgconfig:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${glib:location}/lib/pkgconfig:${atk:location}/lib/pkgconfig:${libsigc:location}/lib/pkgconfig:${glibmm:location}/lib/pkgconfig:
PKG_CONFIG_PATH=${atk:location}/lib/pkgconfig:${glib:location}/lib/pkgconfig:${glibmm:location}/lib/pkgconfig:${libsigc:location}/lib/pkgconfig:${pcre:location}/lib/pkgconfig
LDFLAGS=-L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib
[inkscape]
......
Description: CVE-2016-1577: Prevent double-free in jas_iccattrval_destroy()
Origin: vendor, http://www.openwall.com/lists/oss-security/2016/03/03/12
Bug-Ubuntu: https://launchpad.net/bugs/1547865
Bug-Debian: https://bugs.debian.org/816625
Forwarded: not-needed
Author: Tyler Hicks <tyhicks@canonical.com>
Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
Last-Update: 2016-03-05
--- a/src/libjasper/base/jas_icc.c
+++ b/src/libjasper/base/jas_icc.c
@@ -300,6 +300,7 @@ jas_iccprof_t *jas_iccprof_load(jas_stre
if (jas_iccprof_setattr(prof, tagtabent->tag, attrval))
goto error;
jas_iccattrval_destroy(attrval);
+ attrval = 0;
} else {
#if 0
jas_eprintf("warning: skipping unknown tag type\n");
Description: CVE-2016-2089: matrix rows_ NULL pointer dereference in jas_matrix_clip()
Origin: vendor
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1302636
Bug-Debian: https://bugs.debian.org/812978
Forwarded: not-needed
Author: Tomas Hoger <thoger@redhat.com>
Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
Last-Update: 2016-03-05
--- a/src/libjasper/base/jas_image.c
+++ b/src/libjasper/base/jas_image.c
@@ -426,6 +426,10 @@ int jas_image_readcmpt(jas_image_t *imag
return -1;
}
+ if (!data->rows_) {
+ return -1;
+ }
+
if (jas_matrix_numrows(data) != height || jas_matrix_numcols(data) != width) {
if (jas_matrix_resize(data, height, width)) {
return -1;
@@ -479,6 +483,10 @@ int jas_image_writecmpt(jas_image_t *ima
return -1;
}
+ if (!data->rows_) {
+ return -1;
+ }
+
if (jas_matrix_numrows(data) != height || jas_matrix_numcols(data) != width) {
return -1;
}
--- a/src/libjasper/base/jas_seq.c
+++ b/src/libjasper/base/jas_seq.c
@@ -262,6 +262,10 @@ void jas_matrix_divpow2(jas_matrix_t *ma
int rowstep;
jas_seqent_t *data;
+ if (!matrix->rows_) {
+ return;
+ }
+
rowstep = jas_matrix_rowstep(matrix);
for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
rowstart += rowstep) {
@@ -282,6 +286,10 @@ void jas_matrix_clip(jas_matrix_t *matri
jas_seqent_t *data;
int rowstep;
+ if (!matrix->rows_) {
+ return;
+ }
+
rowstep = jas_matrix_rowstep(matrix);
for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
rowstart += rowstep) {
@@ -306,6 +314,10 @@ void jas_matrix_asr(jas_matrix_t *matrix
int rowstep;
jas_seqent_t *data;
+ if (!matrix->rows_) {
+ return;
+ }
+
assert(n >= 0);
rowstep = jas_matrix_rowstep(matrix);
for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
@@ -325,6 +337,10 @@ void jas_matrix_asl(jas_matrix_t *matrix
int rowstep;
jas_seqent_t *data;
+ if (!matrix->rows_) {
+ return;
+ }
+
rowstep = jas_matrix_rowstep(matrix);
for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
rowstart += rowstep) {
@@ -367,6 +383,10 @@ void jas_matrix_setall(jas_matrix_t *mat
int rowstep;
jas_seqent_t *data;
+ if (!matrix->rows_) {
+ return;
+ }
+
rowstep = jas_matrix_rowstep(matrix);
for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
rowstart += rowstep) {
Description: CVE-2016-2116: Prevent jas_stream_t memory leak in jas_iccprof_createfrombuf()
Origin: vendor, http://www.openwall.com/lists/oss-security/2016/03/03/12
Bug-Debian: https://bugs.debian.org/816626
Forwarded: not-needed
Author: Tyler Hicks <tyhicks@canoonical.com>
Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
Last-Update: 2016-03-05
--- a/src/libjasper/base/jas_icc.c
+++ b/src/libjasper/base/jas_icc.c
@@ -1693,6 +1693,8 @@ jas_iccprof_t *jas_iccprof_createfrombuf
jas_stream_close(in);
return prof;
error:
+ if (in)
+ jas_stream_close(in);
return 0;
}
......@@ -19,6 +19,9 @@ patches =
${:_profile_base_location_}/CVE-2014-8138.patch#bfb9604fe84b6e686fea29bd760cf34d
${:_profile_base_location_}/CVE-2014-8157.patch#2fb5f62ba8a9f8afffc95a07d1194783
${:_profile_base_location_}/CVE-2014-8158.patch#9036077a1fab5de8819f210ea7b57a38
${:_profile_base_location_}/CVE-2016-1577.patch#bc970cf3e8535559454781ec54db2d15
${:_profile_base_location_}/CVE-2016-2089.patch#9b73eda015b04a6da493de89ce9b5685
${:_profile_base_location_}/CVE-2016-2116.patch#387df217963281827e006ab4f14f869a
configure-options =
--disable-static
--enable-shared
......
......@@ -10,19 +10,19 @@ extends =
[libcroco]
recipe = slapos.recipe.cmmi
url = http://ftp.gnome.org/pub/gnome/core/3.12/3.12.2/sources/libcroco-0.6.8.tar.xz
md5sum = 767e73c4174f75b99695d4530fd9bb80
url = http://ftp.gnome.org/pub/gnome/core/3.20/3.20.2/sources/libcroco-0.6.11.tar.xz
md5sum = dabc1911dfbfa85f8e6859ca47863168
configure-options =
--disable-static
environment =
PATH=${pkgconfig:location}/bin:${xz-utils:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${pkgconfig:location}/lib/pkgconfig:${libxml2:location}/lib/pkgconfig:${glib:location}/lib/pkgconfig:${zlib:location}/lib/pkgconfig
PKG_CONFIG_PATH=${glib:location}/lib/pkgconfig:${libxml2:location}/lib/pkgconfig:${pcre:location}/lib/pkgconfig:${pkgconfig:location}/lib/pkgconfig:${zlib:location}/lib/pkgconfig
LDFLAGS=-Wl,-rpath=${zlib:location}/lib
[librsvg]
recipe = slapos.recipe.cmmi
url = http://ftp.gnome.org/pub/gnome/core/3.16/3.16.2/sources/librsvg-2.40.9.tar.xz
md5sum = 31df15e3beaa8fbbf538ca3c52b400d2
url = http://ftp.gnome.org/pub/gnome/core/3.20/3.20.2/sources/librsvg-2.40.15.tar.xz
md5sum = 3a66ab5b4fe1fb43b471708e4ff39a0e
pkg_config_depends = ${pango:location}/lib/pkgconfig:${pango:pkg_config_depends}:${zlib:location}/lib/pkgconfig:${gdk-pixbuf:location}/lib/pkgconfig:${libcroco:location}/lib/pkgconfig
configure-options =
--disable-static
......
......@@ -9,6 +9,7 @@ parts =
[libsigc]
recipe = slapos.recipe.cmmi
# we keep using libsigc++-2.4 for glibmm-2.44 that is buildable with non-C++11 compiler
url = http://ftp.gnome.org/pub/gnome/core/3.16/3.16.2/sources/libsigc++-2.4.1.tar.xz
md5sum = 55945ba6e1652f89999e910f6b52047c
configure-options =
......
......@@ -11,8 +11,8 @@ parts =
[libxml2]
recipe = slapos.recipe.cmmi
url = http://xmlsoft.org/sources/libxml2-2.9.3.tar.gz
md5sum = daece17e045f1c107610e137ab50c179
url = http://xmlsoft.org/sources/libxml2-2.9.4.tar.gz
md5sum = ae249165c173b1ff386ee8ad676815f5
configure-options =
--disable-static
--without-python
......
......@@ -7,8 +7,8 @@ parts =
libxslt
[libxslt]
url = ftp://xmlsoft.org/libxslt/libxslt-1.1.28.tar.gz
md5sum = 9667bf6f9310b957254fdcf6596600b7
url = ftp://xmlsoft.org/libxslt/libxslt-1.1.29.tar.gz
md5sum = a129d3c44c022de3b9dcf6d6f288d72e
recipe = slapos.recipe.cmmi
configure-options =
--disable-static
......
......@@ -11,8 +11,8 @@ parts = nginx-output
[nginx-common]
recipe = slapos.recipe.cmmi
url = http://nginx.org/download/nginx-1.9.14.tar.gz
md5sum = a25818039f34b5d54b017d44c76321c4
url = http://nginx.org/download/nginx-1.10.1.tar.gz
md5sum = 088292d9caf6059ef328aa7dda332e44
[nginx]
<= nginx-common
......
......@@ -27,7 +27,7 @@ configure-options =
--disable-host-tool
environment =
PATH=.:%(PATH)s
PKG_CONFIG_PATH=${glib:location}/lib/pkgconfig
PKG_CONFIG_PATH=${glib:location}/lib/pkgconfig:${pcre:location}/lib/pkgconfig
CPPFLAGS=-I${glib:location}/include -I${popt:location}/include
LDFLAGS=-L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib -L${glib:location}/lib -Wl,-rpath=${glib:location}/lib -L${popt:location}/lib -Wl,-rpath=${popt:location}/lib
GLIB_CFLAGS=-I${glib:location}/include/glib-2.0 -I${glib:location}/lib/glib-2.0/include
......
......@@ -37,7 +37,7 @@ configure-options =
--disable-werror
environment =
PATH=${pkgconfig:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${gnutls:location}/lib/pkgconfig:${glib:location}/lib/pkgconfig:${pixman:location}/lib/pkgconfig
PKG_CONFIG_PATH=${glib:location}/lib/pkgconfig:${gnutls:location}/lib/pkgconfig:${pcre:location}/lib/pkgconfig:${pixman:location}/lib/pkgconfig
LDFLAGS=-L${pixman:location}/lib -Wl,-rpath=${pixman:location}/lib
[debian-amd64-netinst.iso]
......
......@@ -38,7 +38,7 @@ PATH=${bison:location}/bin:${bzip2:location}/bin:${gettext:location}/bin:${glib:
CFLAGS=-I${bzip2:location}/include -I${gdbm:location}/include -I${gettext:location}/include -I${glib:location}/include -I${libxml2:location}/include -I${libxslt:location}/include -I${ncurses:location}/include -I${openssl:location}/include -I${popt:location}/include -I${readline:location}/include -I${sqlite3:location}/include -I${zlib:location}/include
CPPFLAGS=${:CFLAGS}
LDFLAGS=-L${bzip2:location}/lib -Wl,-rpath=${bzip2:location}/lib -L${gdbm:location}/lib -Wl,-rpath=${gdbm:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib -L${glib:location}/lib -Wl,-rpath=${glib:location}/lib -L${libxml2:location}/lib -Wl,-rpath=${libxml2:location}/lib -L${libxslt:location}/lib -Wl,-rpath=${libxslt:location}/lib -L${ncurses:location}/lib -Wl,-rpath=${ncurses:location}/lib -L${openssl:location}/lib -Wl,-rpath=${openssl:location}/lib -L${popt:location}/lib -Wl,-rpath=${popt:location}/lib -L${readline:location}/lib -Wl,-rpath=${readline:location}/lib -L${sqlite3:location}/lib -Wl,-rpath=${sqlite3:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
PKG_CONFIG_PATH=${glib:location}/lib/pkgconfig:${libxml2:location}/lib/pkgconfig:${libxslt:location}/lib/pkgconfig:${openssl:location}/lib/pkgconfig:${popt:location}/lib/pkgconfig:${python2.7:location}/lib/pkgconfig:${sqlite3:location}/lib/pkgconfig
PKG_CONFIG_PATH=${glib:location}/lib/pkgconfig:${libxml2:location}/lib/pkgconfig:${libxslt:location}/lib/pkgconfig:${openssl:location}/lib/pkgconfig:${pcre:location}/lib/pkgconfig:${popt:location}/lib/pkgconfig:${python2.7:location}/lib/pkgconfig:${sqlite3:location}/lib/pkgconfig
LD_LIBRARY_PATH=${bzip2:location}/lib:${gdbm:location}/lib:${gettext:location}/lib:${glib:location}/lib:${libxml2:location}/lib:${libxslt:location}/lib:${ncurses:location}/lib:${openssl:location}/lib:${popt:location}/lib:${readline:location}/lib:${sqlite3:location}/lib:${zlib:location}/lib
[cfg-environment]
......
......@@ -30,10 +30,10 @@ import os
version = '1.0.31'
name = 'slapos.cookbook'
long_description = open("README.txt").read() + "\n" + \
open("CHANGES.txt").read() + "\n"
long_description = open("README.rst").read() + "\n" + \
open("CHANGES.rst").read() + "\n"
for f in sorted(glob.glob(os.path.join('slapos', 'recipe', 'README.*.txt'))):
for f in sorted(glob.glob(os.path.join('slapos', 'recipe', 'README.*.rst'))):
long_description += '\n' + open(f).read() + '\n'
# extras_requires are not used because of
......@@ -46,6 +46,9 @@ setup(name=name,
"Framework :: Buildout :: Recipe",
"Programming Language :: Python",
],
maintainer="Nexedi",
maintainer_email="info@nexedi.com",
url="https://lab.nexedi.com/nexedi/slapos",
keywords='slapos recipe',
license='GPLv3',
namespace_packages=['slapos', 'slapos.recipe'],
......@@ -91,23 +94,19 @@ setup(name=name,
'cloudooo.test = slapos.recipe.erp5_test:CloudoooRecipe',
'condor = slapos.recipe.condor:Recipe',
'condor.submit = slapos.recipe.condor:AppSubmit',
'configurationfile = slapos.recipe.configurationfile:Recipe',
'copyfilelist = slapos.recipe.copyfilelist:Recipe',
'cron = slapos.recipe.dcron:Recipe',
'cron.d = slapos.recipe.dcron:Part',
'davstorage = slapos.recipe.davstorage:Recipe',
'downloader = slapos.recipe.downloader:Recipe',
'dropbear = slapos.recipe.dropbear:Recipe',
'dropbear.add_authorized_key = slapos.recipe.dropbear:AddAuthorizedKey',
'dropbear.client = slapos.recipe.dropbear:Client',
'dumpmdb = slapos.recipe.dumpmdb:Recipe',
'duplicity = slapos.recipe.duplicity:Recipe',
'egg_test = slapos.recipe.erp5_test:EggTestRecipe',
'equeue = slapos.recipe.equeue:Recipe',
'erp5.bootstrap = slapos.recipe.erp5_bootstrap:Recipe',
'erp5.promise = slapos.recipe.erp5_promise:Recipe',
'erp5.test = slapos.recipe.erp5_test:Recipe',
'erp5.update = slapos.recipe.erp5_update:Recipe',
'erp5scalabilitytestbed = slapos.recipe.erp5scalabilitytestbed:Recipe',
'erp5testnode = slapos.recipe.erp5testnode:Recipe',
'firefox = slapos.recipe.firefox:Recipe',
......@@ -125,14 +124,10 @@ setup(name=name,
'generic.zope.zeo.client = slapos.recipe.generic_zope_zeo_client:Recipe',
'gitinit = slapos.recipe.gitinit:Recipe',
'haproxy = slapos.recipe.haproxy:Recipe',
'helloworld = slapos.recipe.helloworld:Recipe',
'importmdb = slapos.recipe.importmdb:Recipe',
'ipv4toipv6 = slapos.recipe.6tunnel:FourToSix',
'ipv6toipv4 = slapos.recipe.6tunnel:SixToFour',
'java = slapos.recipe.java:Recipe',
'jsondump = slapos.recipe.jsondump:Recipe',
'kumofs = slapos.recipe.kumofs:Recipe',
'kvm = slapos.recipe.kvm:Recipe',
'kvm.frontend = slapos.recipe.kvm_frontend:Recipe',
'lamp = slapos.recipe.lamp:Request',
'lamp.generic = slapos.recipe.lampgeneric:Recipe',
......@@ -189,9 +184,6 @@ setup(name=name,
'slapconfiguration.serialised = slapos.recipe.slapconfiguration:Serialised',
'slapconfiguration.jsondump = slapos.recipe.slapconfiguration:JsonDump',
'slapcontainer = slapos.recipe.container:Recipe',
'slapmonitor = slapos.recipe.slapmonitor:MonitorRecipe',
'slapmonitor-xml = slapos.recipe.slapmonitor:MonitorXMLRecipe',
'slapreport = slapos.recipe.slapreport:Recipe',
'softwaretype = slapos.recipe.softwaretype:Recipe', # BBB
'sphinx= slapos.recipe.sphinx:Recipe',
'squid = slapos.recipe.squid:Recipe',
......@@ -205,7 +197,6 @@ setup(name=name,
'urlparse = slapos.recipe._urlparse:Recipe',
'uuid = slapos.recipe._uuid:Recipe',
'userinfo = slapos.recipe.userinfo:Recipe',
'vifib = slapos.recipe.vifib:Recipe',
'waitfor = slapos.recipe.waitfor:Recipe',
'webchecker = slapos.recipe.web_checker:Recipe',
'wrapper = slapos.recipe.wrapper:Recipe',
......
cloudooo
=========
Instantiates CloudOOo instance.
erp5
====
Instantiates ERP5 instance.
kumofs
=========
Instantiates KumoFS instance.
......@@ -11,18 +11,22 @@ How to use?
just add this part in your software.cfg to use the lamp.simple module
[instance-recipe]
egg = slapos.cookbook
module = lamp.simple
.. code-block::
[instance-recipe]
egg = slapos.cookbook
module = lamp.simple
you also need to extend lamp.cfg
extends =
https://lab.nexedi.com/nexedi/slapos/raw/slapos-0.50/stack/lamp.cfg
.. code-block::
extends =
https://lab.nexedi.com/nexedi/slapos/raw/slapos-0.50/stack/lamp.cfg
lamp.runner
=====
===========
When you install some software (such as prestashop) you need to remove or rename folder, with slapos you can not
access to the www-data directory. to do this, you need to tell to lamp recipe to remove or/and it when software
......@@ -37,31 +41,35 @@ How to use?
this part of lamp recipe work with slapos.toolbox, Therefore you must add it to your recipe.
in software.cfg, replace instance-recipe-egg part by
[instance-recipe-egg]
recipe = zc.recipe.egg
eggs =
${python-mysqlclient:egg}
${instance-recipe:egg}
slapos.toolbox[lampconfigure]
.. code-block::
[instance-recipe-egg]
recipe = zc.recipe.egg
eggs =
${python-mysqlclient:egg}
${instance-recipe:egg}
slapos.toolbox[lampconfigure]
and add into your instance.cfg
lampconfigure_directory = ${buildout:bin-directory}/lampconfigure
.. code-block::
lampconfigure_directory = ${buildout:bin-directory}/lampconfigure
CONDITION
--------
----------
the action (delete, rename, script, chmod) only starts when the condition is filled.
in instance.cfg, add
in instance.cfg, add::
file_token = path_of_file
file_token = path_of_file
and the action will begin when path_of_www-data/path_of_file will be created
you can also use database to check condition. add
you can also use database to check condition. add ::
table_name = name_of_table
constraint = sql_where_condition
table_name = name_of_table
constraint = sql_where_condition
name_of_table is the full or partial name(in some cases we can not know the prefix used to create tables) of table
into mariadb databse for example table_name = admin. if you use
......@@ -74,11 +82,12 @@ you can't use file_token and table_name at the same time, otherwise file_token w
ACTION
-------
The action starts when condition is true
1- delete file or folder
into instance.cfg, use
delete = file_or_folder1, file_or_folder2, file_or_folder3 ...
1- delete file or folder into instance.cfg, use::
delete = file_or_folder1, file_or_folder2, file_or_folder3 ...
for example delete = admin
......@@ -106,26 +115,30 @@ mode = mode_to_apply (ex= 0644)
use script = ${configure-script:location}/${configure-script:filename} into instance.cfg, add part configure-script
into software.cfg
parts = configure-script
.. code-block::
parts = configure-script
[configure-script]
recipe = hexagonit.recipe.download
location = ${buildout:parts-directory}/${:_buildout_section_name_}
url = url_of_script_name.py
filename = script_name.py
download-only = True
The script_name.py should contain a main function, sys.argv is given to the main. you can write script_name.py like this::
...
def setup(args):
mysql_port, mysql_host, mysql_user, mysql_password, mysql_database, base_url, htdocs = args
.......
[configure-script]
recipe = hexagonit.recipe.download
ignore-existing = true
location = ${buildout:parts-directory}/${:_buildout_section_name_}
url = url_of_script_name.py
filename = script_name.py
download-only = True
if __name__ == '__main__':
setup(sys.argv[1:])
The script_name.py should contain a main function, sys.argv is given to the main. you can write script_name.py like this
....
def setup(args):
mysql_port, mysql_host, mysql_user, mysql_password, mysql_database, base_url, htdocs = args
.......
if __name__ == '__main__':
setup(sys.argv[1:])
- base_url: is the url of php software
- htdocs: is the path of www-data directory
- mysql_user, mysql_password, mysql_database, mysql_host: is the mariadb parameters
base_url: is the url of php software
htdocs: is the path of www-data directory
mysql_user, mysql_password, mysql_database, mysql_host: is the mariadb parameters
you can also use "import MySQLdb" if you want to access to database via your python script
\ No newline at end of file
memcached
=========
Instantiates Memcached instance.
mysql
=========
Instantiates MySQL instance.
proactive
=========
Instantiate an proactive environment.
seleniumrunner
==========
==============
Allows to run selenium tests through browser and xvfb. Posts the results on
Nexedi ERP5.
Parameters
=====
==========
* project : name of the project inside of ERP5 test result instance
* user : username to use in ERP5 instance to test
* password : password to use in ERP5 instance to test
......@@ -12,7 +14,8 @@ Parameters
* url : url to portal_test of ERP5 isntance to test
* test_report_instance_url : url of test_result_module to put results
* Example :
* Example::
<?xml version="1.0" encoding="utf-8"?>
<instance>
<parameter id="project">Vifib</parameter>
......
xwiki
=====
Instantiates an xwiki environment.
##############################################################################
#
# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
from slapos.recipe.librecipe import GenericBaseRecipe
class Recipe(GenericBaseRecipe):
def install(self):
configuration_file = self.createFile(
self.options['configuration-file-path'],
self.substituteTemplate(
self.options['configuration-template-path'],
self.options
)
)
return configuration_file
##############################################################################
#
# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
import os
import urllib
import hashlib
import tempfile
import shutil
import subprocess
from slapos.recipe.librecipe import GenericBaseRecipe
BUFFER_SIZE = 1024
# XXX-Cedric: For god's sake, why do we always reinvent the wheel???
# DON'T use this and use h.r.download, except if you need the "confirm" feature.
# XXX-Cedric: implement "confirm" feature in h.r.download
def service(args):
environ = os.environ.copy()
environ.update(PATH=args['path'])
if not os.path.exists(args['confirm']):
tmpdir = tempfile.mkdtemp()
try:
# XXX: Hardcoded path
tmpoutput = os.path.join(tmpdir, 'downloaded')
urllib.urlretrieve(args['url'], tmpoutput)
if args['md5'] is not None:
# XXX: we need to find a better way to do a md5sum
md5sum = hashlib.md5()
with open(args['output'], 'r') as output:
file_buffer = output.read(BUFFER_SIZE)
while len(file_buffer) > 0:
md5sum.update(file_buffer)
file_buffer = output.read(BUFFER_SIZE)
if args['md5'] != md5sum.hexdigest():
return 127 # Not-null return code
if not args['archive']:
shutil.move(tmpoutput, args['output'])
else:
# XXX: hardcoding path
extract_dir = os.path.join(tmpdir, 'extract')
os.mkdir(extract_dir)
subprocess.check_call(
['tar', '-x', '-f', tmpoutput,
'-C', extract_dir,
],
env=environ,
)
archive_content = os.listdir(extract_dir)
if len(archive_content) == 1 and \
os.path.isfile(os.path.join(extract_dir,
archive_content[0])):
shutil.move(os.path.join(extract_dir,
archive_content[0]),
args['output'])
else:
return 127 # Not-null return code
finally:
shutil.rmtree(tmpdir)
# Just a touch on args['confirm'] file
open(args['confirm'], 'w').close()
return 0
class Recipe(GenericBaseRecipe):
def install(self):
path_list = []
md5sum = self.options.get('md5sum', '')
if len(md5sum) == 0:
md5sum = None
keywords = {
'url': self.options['url'],
'md5': md5sum,
'output': self.options['downloaded-file'],
'confirm': self.options['downloaded-file-complete'],
'archive': self.optionIsTrue('archive', False),
}
if keywords['archive']:
keywords['path'] = self.options['path']
path_list.append(
self.createPythonScript(
self.options['binary'],
'slapos.recipe.downloader.service',
keywords,
)
)
return path_list
##############################################################################
#
# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
from slapos.recipe.librecipe import BaseSlapRecipe
import pkg_resources
import sys
import zc.buildout
import zc.recipe.egg
class Recipe(BaseSlapRecipe):
def _install(self):
raise NotImplementedError('Outdated.')
def installKeyAuthorisationApache(self, ipv6, port, backend, key, certificate,
ca_conf, key_auth_path='/'):
if ipv6:
ip = self.getGlobalIPv6Address()
else:
ip = self.getLocalIPv4Address()
ssl_template = """SSLEngine on
SSLVerifyClient require
RequestHeader set REMOTE_USER %%{SSL_CLIENT_S_DN_CN}s
SSLCertificateFile %(key_auth_certificate)s
SSLCertificateKeyFile %(key_auth_key)s
SSLCACertificateFile %(ca_certificate)s
SSLCARevocationPath %(ca_crl)s"""
apache_conf = self._getApacheConfigurationDict('key_auth_apache', ip, port)
apache_conf['ssl_snippet'] = ssl_template % dict(
key_auth_certificate=certificate,
key_auth_key=key,
ca_certificate=ca_conf['ca_certificate'],
ca_crl=ca_conf['ca_crl']
)
prefix = 'ssl_key_auth_apache'
rewrite_rule_template = \
"RewriteRule (.*) http://%(backend)s%(key_auth_path)s$1 [L,P]"
path_template = pkg_resources.resource_string('slapos.recipe.erp5',
'template/apache.zope.conf.path.in')
path = path_template % dict(path='/')
d = dict(
path=path,
backend=backend,
backend_path='/',
port=apache_conf['port'],
vhname=path.replace('/', ''),
key_auth_path=key_auth_path,
)
rewrite_rule = rewrite_rule_template % d
apache_conf.update(**dict(
path_enable=path,
rewrite_rule=rewrite_rule
))
apache_config_file = self.createConfigurationFile(prefix + '.conf',
pkg_resources.resource_string('slapos.recipe.erp5',
'template/apache.zope.conf.in') % apache_conf)
self.path_list.append(apache_config_file)
self.path_list.extend(zc.buildout.easy_install.scripts([(
'key_auth_apache',
'slapos.recipe.erp5.apache', 'runApache')], self.ws,
sys.executable, self.wrapper_directory, arguments=[
dict(
required_path_list=[certificate, key, ca_conf['ca_certificate'],
ca_conf['ca_crl']],
binary=self.options['httpd_binary'],
config=apache_config_file
)
]))
if ipv6:
return 'https://[%(ip)s:%(port)s]' % apache_conf
else:
return 'https://%(ip)s:%(port)s' % apache_conf
def _getApacheConfigurationDict(self, prefix, ip, port):
apache_conf = dict()
apache_conf['pid_file'] = os.path.join(self.run_directory,
prefix + '.pid')
apache_conf['lock_file'] = os.path.join(self.run_directory,
prefix + '.lock')
apache_conf['ip'] = ip
apache_conf['port'] = port
apache_conf['server_admin'] = 'admin@'
apache_conf['error_log'] = os.path.join(self.log_directory,
prefix + '-error.log')
apache_conf['access_log'] = os.path.join(self.log_directory,
prefix + '-access.log')
self.registerLogRotation(prefix, [apache_conf['error_log'],
apache_conf['access_log']], self.killpidfromfile + ' ' +
apache_conf['pid_file'] + ' SIGUSR1')
return apache_conf
def _writeApacheConfiguration(self, prefix, apache_conf, backend,
access_control_string=None):
rewrite_rule_template = \
"RewriteRule (.*) http://%(backend)s$1 [L,P]"
if access_control_string is None:
path_template = pkg_resources.resource_string(__name__,
'template/apache.zope.conf.path.in')
path = path_template % dict(path='/')
else:
path_template = pkg_resources.resource_string(__name__,
'template/apache.zope.conf.path-protected.in')
path = path_template % dict(path='/',
access_control_string=access_control_string)
d = dict(
path=path,
backend=backend,
backend_path='/',
port=apache_conf['port'],
vhname=path.replace('/', ''),
)
rewrite_rule = rewrite_rule_template % d
apache_conf.update(**dict(
path_enable=path,
rewrite_rule=rewrite_rule
))
apache_conf_string = pkg_resources.resource_string(__name__,
'template/apache.zope.conf.in') % apache_conf
return self.createConfigurationFile(prefix + '.conf', apache_conf_string)
def installFrontendZopeApache(self, ip, port, name, frontend_path, backend_url,
backend_path, key, certificate, access_control_string=None):
ident = 'frontend_' + name
apache_conf = self._getApacheConfigurationDict(ident, ip, port)
apache_conf['server_name'] = name
apache_conf['frontend_path'] = frontend_path
apache_conf['ssl_snippet'] = pkg_resources.resource_string(__name__,
'template/apache.ssl-snippet.conf.in') % dict(
login_certificate=certificate, login_key=key)
path = pkg_resources.resource_string(__name__,
'template/apache.zope.conf.path-protected.in') % \
dict(path='/', access_control_string='none')
if access_control_string is None:
path_template = pkg_resources.resource_string(__name__,
'template/apache.zope.conf.path.in')
path += path_template % dict(path=frontend_path)
else:
path_template = pkg_resources.resource_string(__name__,
'template/apache.zope.conf.path-protected.in')
path += path_template % dict(path=frontend_path,
access_control_string=access_control_string)
rewrite_rule_template = \
"RewriteRule ^%(path)s($|/.*) %(backend_url)s/VirtualHostBase/https/%(server_name)s:%(port)s%(backend_path)s/VirtualHostRoot/%(vhname)s$1 [L,P]\n"
if frontend_path not in ["", None, "/"]:
vhname = "_vh_%s" % frontend_path.replace('/', '')
else:
vhname = ""
frontend_path = ""
rewrite_rule = rewrite_rule_template % dict(
path=frontend_path,
backend_url=backend_url,
backend_path=backend_path,
port=apache_conf['port'],
vhname=vhname,
server_name=name)
apache_conf.update(**dict(
path_enable=path,
rewrite_rule=rewrite_rule
))
apache_conf_string = pkg_resources.resource_string(__name__,
'template/apache.zope.conf.in') % apache_conf
apache_config_file = self.createConfigurationFile(ident + '.conf',
apache_conf_string)
self.path_list.append(apache_config_file)
self.path_list.extend(zc.buildout.easy_install.scripts([(
ident, __name__ + '.apache', 'runApache')], self.ws,
sys.executable, self.wrapper_directory, arguments=[
dict(
required_path_list=[key, certificate],
binary=self.options['httpd_binary'],
config=apache_config_file
)
]))
# Note: IPv6 is assumed always
return 'https://%(server_name)s:%(port)s%(frontend_path)s' % (apache_conf)
import os
import sys
import time
def runApache(args):
sleep = 60
conf = args[0]
while True:
ready = True
for f in conf.get('required_path_list', []):
if not os.path.exists(f):
print 'File %r does not exists, sleeping for %s' % (f, sleep)
ready = False
if ready:
break
time.sleep(sleep)
apache_wrapper_list = [conf['binary'], '-f', conf['config'], '-DFOREGROUND']
apache_wrapper_list.extend(sys.argv[1:])
sys.stdout.flush()
sys.stderr.flush()
os.execl(apache_wrapper_list[0], *apache_wrapper_list)
<Location %(location)s>
Order Deny,Allow
Deny from all
Allow from %(allow_string)s
</Location>
SSLEngine on
SSLCertificateFile %(login_certificate)s
SSLCertificateKeyFile %(login_key)s
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
SSLHonorCipherOrder on
SSLProxyEngine On
# Apache configuration file for Zope
# Automatically generated
# List of modules
LoadModule unixd_module modules/mod_unixd.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule headers_module modules/mod_headers.so
LoadModule antiloris_module modules/mod_antiloris.so
# Basic server configuration
PidFile "%(pid_file)s"
Listen %(ip)s:%(port)s
ServerAdmin %(server_admin)s
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
ServerTokens Prod
ServerSignature Off
TraceEnable Off
# As backend is trusting REMOTE_USER header unset it always
RequestHeader unset REMOTE_USER
# SSL Configuration
%(ssl_snippet)s
# Log configuration
ErrorLog "%(error_log)s"
# Default apache log format with request time in microsecond at the end
LogFormat "%%h %%l %%u %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\" %%D" combined
CustomLog "%(access_log)s" combined
# Directory protection
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
%(path_enable)s
# Magic of Zope related rewrite
RewriteEngine On
%(rewrite_rule)s
# Path protected
<Location %(path)s>
Order Deny,Allow
Deny from all
Allow from %(access_control_string)s
</Location>
# Path enabled
<Location %(path)s>
Order Allow,Deny
Allow from all
</Location>
##############################################################################
#
# Copyright (c) 2011 Vifib SARL and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
import urlparse
from slapos.recipe.librecipe import GenericSlapRecipe
class Recipe(GenericSlapRecipe):
def _install(self):
self.logger.warn('DEPRECATED: Please update your configuration to use erp5.promise and erp5.bootstrap instead.')
conversion_server = None
if 'cloudooo-url' in self.options and self.options['cloudooo-url']:
parsed = urlparse.urlparse(self.options['cloudooo-url'])
conversion_server = "%s:%s" % (parsed.hostname, parsed.port)
memcached = None
if 'memcached-url' in self.options and self.options['memcached-url']:
parsed = urlparse.urlparse(self.options['memcached-url'])
memcached = "%s:%s" % (parsed.hostname, parsed.port)
kumofs = None
if 'kumofs-url' in self.options and self.options['kumofs-url']:
parsed = urlparse.urlparse(self.options['kumofs-url'])
kumofs = "%s:%s" % (parsed.hostname, parsed.port)
parsed = urlparse.urlparse(self.options['mysql-url'])
mysql_connection_string = "%(database)s@%(hostname)s:%(port)s "\
"%(username)s %(password)s" % dict(
database=parsed.path.split('/')[1],
hostname=parsed.hostname,
port=parsed.port,
username=parsed.username,
password=parsed.password
)
parsed = urlparse.urlparse(self.options['url'])
zope_user = parsed.username
zope_password = parsed.password
zope_host = '%s:%s' % (parsed.hostname, parsed.port)
bt5_list = []
if len(self.parameter_dict.get("bt5_list", "").strip()):
bt5_list = self.parameter_dict["bt5_list"].split()
elif self.parameter_dict.get("flavour", "default") == 'configurator':
bt5_list = self.options['configurator-bt5-list'].split()
bt5_repository_list = self.parameter_dict.get("bt5_repository_list",
"").split() or self.options['bt5-repository-list'].split()
script = self.createPythonScript(self.options['update-wrapper'],
__name__+'.erp5.updateERP5', [
self.options['site-id'], mysql_connection_string,
[zope_user, zope_password, zope_host],
memcached, conversion_server, kumofs, bt5_list, bt5_repository_list,
self.options['cadir-path'], self.options['openssl-binary']])
return [script]
This diff is collapsed.
......@@ -27,6 +27,51 @@
import zc.buildout
from slapos.recipe.librecipe import GenericBaseRecipe
def compareMimetypeEntryPair(a, b):
"""
Like comparing strings, but here the star `*` is stronger than any other
character.
"""
i = 0
for i in range(min(len(a), len(b))):
if a[i] != b[i]:
if a[i] == "*": return 1
if b[i] == "*": return -1
if a[i] < b[i]: return -1
if a[i] > b[i]: return 1
return 0
if a[i:i+1]: return 1
if b[i:i+1]: return -1
return 0
default_mimetype_entry_list = [
"application/vnd.oasis.opendocument* * ooo",
"application/vnd.sun.xml* * ooo",
"application/pdf text/* pdf",
"application/pdf * ooo",
"video/* * ffmpeg",
"audio/* * ffmpeg",
"application/x-shockwave-flash * ffmpeg",
"application/ogg * ffmpeg",
"application/ogv * ffmpeg",
"image/png image/jpeg imagemagick",
"image/png * ooo",
"image/* image/* imagemagick",
"text/* * ooo",
"application/zip * ooo",
"application/msword * ooo",
"application/vnd* * ooo",
"application/x-vnd* * ooo",
"application/postscript * ooo",
"application/wmf * ooo",
"application/csv * ooo",
"application/x-openoffice-gdimetafile * ooo",
"application/x-emf * ooo",
"application/emf * ooo",
"application/octet* * ooo",
"* application/vnd.oasis.opendocument* ooo",
]
class Recipe(GenericBaseRecipe):
def install(self):
path_list = []
......@@ -52,6 +97,15 @@ class Recipe(GenericBaseRecipe):
conversion_server_dict['ENVIRONMENT_VARIABLE_LIST'] = '\n'.join(
['env-%s = %s' % (key, value) for key, value in environment_variable_list]
)
mimetype_entry_list = [
l.strip()
for l in self.options.get('mimetype_entry_addition', '').splitlines()
if l and not l.isspace()
]
mimetype_entry_list.extend(default_mimetype_entry_list)
mimetype_entry_list.sort(compareMimetypeEntryPair)
conversion_server_dict['MIMETYPE_ENTRY_LIST'] = \
"\n".join([" " + l for l in mimetype_entry_list])
config_file = self.createFile(self.options['configuration-file'],
self.substituteTemplate(self.getTemplateFilename('cloudooo.cfg.in'),
conversion_server_dict))
......
......@@ -42,31 +42,7 @@ openoffice_port = %(openoffice_port)s
# It is used to select the handler that will be used in conversion.
# Priority matters, first match take precedence on next lines.
mimetype_registry =
application/vnd.oasis.opendocument* * ooo
application/vnd.sun.xml* * ooo
application/pdf text/* pdf
application/pdf * ooo
video/* * ffmpeg
audio/* * ffmpeg
application/x-shockwave-flash * ffmpeg
application/ogg * ffmpeg
application/ogv * ffmpeg
image/png image/jpeg imagemagick
image/png * ooo
image/* image/* imagemagick
text/* * ooo
application/zip * ooo
application/msword * ooo
application/vnd* * ooo
application/x-vnd* * ooo
application/postscript * ooo
application/wmf * ooo
application/csv * ooo
application/x-openoffice-gdimetafile * ooo
application/x-emf * ooo
application/emf * ooo
application/octet* * ooo
* application/vnd.oasis.opendocument* ooo
%(MIMETYPE_ENTRY_LIST)s
[server:main]
use = egg:PasteScript#wsgiutils
......
##############################################################################
#
# Copyright (c) 2011 Vifib SARL and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
from slapos.recipe.librecipe import GenericBaseRecipe
import os
import sys
class Recipe(GenericBaseRecipe):
"""
kvm instance configuration.
"""
def install(self):
# Sanitize drive type parameter
self.options.setdefault('disk-type', 'virtio')
if not self.options.get('disk-type') in ['ide', 'scsi', 'sd',
'mtd', 'floppy', 'pflash', 'virtio']:
print 'Warning: "disk-type" parameter is not in allowed values. Using ' \
'"virtio" value.'
self.options['disk-type'] = 'virtio'
self.options['python-path'] = sys.executable
path_list = []
if self.isTrueValue(self.options.get('use-nat')):
# XXX This could be done using Jinja.
for port in self.options['nat-rules'].split():
tunnel_port = int(port) + 10000
tunnel_path = self.createExecutable(
'%s-%s' % (self.options['6tunnel-wrapper-path'], tunnel_port),
self.substituteTemplate(
self.getTemplateFilename('6to4.in'),
{
'ipv6': self.options['ipv6'],
'ipv6_port': tunnel_port,
'ipv4': self.options['ipv4'],
'ipv4_port': tunnel_port,
'shell_path': self.options['shell-path'],
'6tunnel_path': self.options['6tunnel-path'],
},
),
)
path_list.append(tunnel_path)
runner_path = self.createExecutable(
self.options['runner-path'],
self.substituteTemplate(self.getTemplateFilename('kvm_run.in'),
self.options))
path_list.append(runner_path)
controller_path = self.createExecutable(
self.options['controller-path'],
self.substituteTemplate(self.getTemplateFilename('kvm_controller_run.in'),
self.options))
return path_list
#!%(shell_path)s
# BEWARE: This file is operated by slapgrid
# BEWARE: It will be overwritten automatically
exec %(6tunnel_path)s -6 -4 -d -l %(ipv6)s %(ipv6_port)s %(ipv4)s %(ipv4_port)s
#!%(python-path)s
# BEWARE: This file is operated by slapgrid
# BEWARE: It will be overwritten automatically
# Echo client program
import socket
import time
# XXX: to be factored with slapos.toolbox qemu qmp wrapper.
socket_path = '%(socket-path)s'
vnc_password = '%(vnc-passwd)s'
# Connect to KVM qmp socket
so = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
connected = False
while not connected:
try:
so.connect(socket_path)
except socket.error:
time.sleep(1)
else:
connected = True
data = so.recv(1024)
# Enable qmp
so.send('{ "execute": "qmp_capabilities" }')
data = so.recv(1024)
# Set VNC password
so.send('{ "execute": "change", ' \
'"arguments": { "device": "vnc", "target": "password", ' \
' "arg": "' + vnc_password + '" } }')
data = so.recv(1024)
# Finish
so.close()
This diff is collapsed.
This diff is collapsed.
import os
import sys
import time
def runApache(args):
sleep = 60
conf = args[0]
while True:
ready = True
for f in conf.get('required_path_list', []):
if not os.path.exists(f):
print 'File %r does not exists, sleeping for %s' % (f, sleep)
ready = False
if ready:
break
time.sleep(sleep)
apache_wrapper_list = [conf['binary'], '-f', conf['config'], '-DFOREGROUND']
apache_wrapper_list.extend(sys.argv[1:])
sys.stdout.flush()
sys.stderr.flush()
os.execl(apache_wrapper_list[0], *apache_wrapper_list)
import os
import subprocess
import time
import ConfigParser
def popenCommunicate(command_list, input=None):
subprocess_kw = dict(stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
if input is not None:
subprocess_kw.update(stdin=subprocess.PIPE)
popen = subprocess.Popen(command_list, **subprocess_kw)
result = popen.communicate(input)[0]
if popen.returncode is None:
popen.kill()
if popen.returncode != 0:
raise ValueError('Issue during calling %r, result was:\n%s' % (
command_list, result))
return result
class CertificateAuthority:
def __init__(self, key, certificate, openssl_binary,
openssl_configuration, request_dir):
self.key = key
self.certificate = certificate
self.openssl_binary = openssl_binary
self.openssl_configuration = openssl_configuration
self.request_dir = request_dir
def checkAuthority(self):
file_list = [ self.key, self.certificate ]
ca_ready = True
for f in file_list:
if not os.path.exists(f):
ca_ready = False
break
if ca_ready:
return
for f in file_list:
if os.path.exists(f):
os.unlink(f)
try:
# no CA, let us create new one
popenCommunicate([self.openssl_binary, 'req', '-nodes', '-config',
self.openssl_configuration, '-new', '-x509', '-extensions',
'v3_ca', '-keyout', self.key, '-out', self.certificate,
'-days', '10950'], 'Automatic Certificate Authority\n')
except:
try:
for f in file_list:
if os.path.exists(f):
os.unlink(f)
except:
# do not raise during cleanup
pass
raise
def _checkCertificate(self, common_name, key, certificate):
file_list = [key, certificate]
ready = True
for f in file_list:
if not os.path.exists(f):
ready = False
break
if ready:
return False
for f in file_list:
if os.path.exists(f):
os.unlink(f)
csr = certificate + '.csr'
try:
popenCommunicate([self.openssl_binary, 'req', '-config',
self.openssl_configuration, '-nodes', '-new', '-keyout',
key, '-out', csr, '-days', '3650'],
common_name + '\n')
try:
popenCommunicate([self.openssl_binary, 'ca', '-batch', '-config',
self.openssl_configuration, '-out', certificate,
'-infiles', csr])
finally:
if os.path.exists(csr):
os.unlink(csr)
except:
try:
for f in file_list:
if os.path.exists(f):
os.unlink(f)
except:
# do not raise during cleanup
pass
raise
else:
return True
def checkRequestDir(self):
for request_file in os.listdir(self.request_dir):
parser = ConfigParser.RawConfigParser()
parser.readfp(open(os.path.join(self.request_dir, request_file), 'r'))
if self._checkCertificate(parser.get('certificate', 'name'),
parser.get('certificate', 'key_file'), parser.get('certificate',
'certificate_file')):
print 'Created certificate %r' % parser.get('certificate', 'name')
def runCertificateAuthority(args):
ca_conf = args[0]
ca = CertificateAuthority(ca_conf['key'], ca_conf['certificate'],
ca_conf['openssl_binary'], ca_conf['openssl_configuration'],
ca_conf['request_dir'])
while True:
ca.checkAuthority()
ca.checkRequestDir()
time.sleep(60)
import os
import glob
def controller(args):
"""Creates full or incremental backup
If no full backup is done, it is created
If full backup exists incremental backup is done starting with base
base is the newest (according to date) full or incremental backup
"""
innobackupex_incremental, innobackupex_full, full_backup, incremental_backup \
= args
if len(os.listdir(full_backup)) == 0:
print 'Doing full backup in %r' % full_backup
os.execv(innobackupex_full, [innobackupex_full, full_backup])
else:
backup_list = filter(os.path.isdir, glob.glob(full_backup + "/*") +
glob.glob(incremental_backup + "/*"))
backup_list.sort(key=lambda x: os.path.getmtime(x), reverse=True)
base = backup_list[0]
print 'Doing incremental backup in %r using %r as a base' % (
incremental_backup, base)
os.execv(innobackupex_incremental, [innobackupex_incremental,
'--incremental-basedir=%s'%base, incremental_backup])
import os
import subprocess
import time
import sys
def runMysql(args):
sleep = 60
conf = args[0]
mysqld_wrapper_list = [conf['mysqld_binary'], '--defaults-file=%s' %
conf['configuration_file']]
# we trust mysql_install that if mysql directory is available mysql was
# correctly initalised
if not os.path.isdir(os.path.join(conf['data_directory'], 'mysql')):
while True:
# XXX: Protect with proper root password
# XXX: Follow http://dev.mysql.com/doc/refman/5.0/en/default-privileges.html
popen = subprocess.Popen([conf['mysql_install_binary'],
'--skip-name-resolve', '--no-defaults', '--datadir=%s' %
conf['data_directory']],
stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
result = popen.communicate()[0]
if popen.returncode is None or popen.returncode != 0:
print "Failed to initialise server.\nThe error was: %s" % result
print "Waiting for %ss and retrying" % sleep
time.sleep(sleep)
else:
print "Mysql properly initialised"
break
else:
print "MySQL already initialised"
print "Starting %r" % mysqld_wrapper_list[0]
sys.stdout.flush()
sys.stderr.flush()
os.execl(mysqld_wrapper_list[0], *mysqld_wrapper_list)
def updateMysql(args):
conf = args[0]
sleep = 30
is_succeed = False
while True:
if not is_succeed:
mysql_upgrade_list = [conf['mysql_upgrade_binary'], '--no-defaults', '--user=root', '--socket=%s' % conf['socket']]
mysql_upgrade = subprocess.Popen(mysql_upgrade_list, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
result = mysql_upgrade.communicate()[0]
if mysql_upgrade.returncode is None:
mysql_upgrade.kill()
if mysql_upgrade.returncode != 0 and not 'is already upgraded' in result:
print "Command %r failed with result:\n%s" % (mysql_upgrade_list, result)
print 'Sleeping for %ss and retrying' % sleep
else:
if mysql_upgrade.returncode == 0:
print "MySQL database upgraded with result:\n%s" % result
else:
print "No need to upgrade MySQL database"
mysql_list = [conf['mysql_binary'].strip(), '--no-defaults', '-B', '--user=root', '--socket=%s' % conf['socket']]
mysql = subprocess.Popen(mysql_list, stdin=subprocess.PIPE,
stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
result = mysql.communicate(conf['mysql_script'])[0]
if mysql.returncode is None:
mysql.kill()
if mysql.returncode != 0:
print 'Command %r failed with:\n%s' % (mysql_list, result)
print 'Sleeping for %ss and retrying' % sleep
else:
is_succeed = True
print 'SlapOS initialisation script succesfully applied on database.'
sys.stdout.flush()
sys.stderr.flush()
time.sleep(sleep)
# Apache static configuration
# Automatically generated
# Basic server configuration
PidFile "%(pid_file)s"
Listen %(ip)s:%(port)s
PHPINIDir %(php_ini_dir)s
ServerAdmin someone@email
DefaultType text/plain
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-httpd-php .php .phtml .php5 .php4
AddType application/x-httpd-php-source .phps
# Log configuration
ErrorLog "%(error_log)s"
LogLevel warn
LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\"" combined
LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b" common
CustomLog "%(access_log)s" common
# Directory protection
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
Alias /mmc %(document_root)s
### Allow access to lmc web directory to everyone
<Directory %(document_root)s>
AllowOverride None
Order allow,deny
allow from all
php_flag short_open_tag on
php_flag magic_quotes_gpc on
</Directory>
DocumentRoot %(document_root)s
DirectoryIndex index.html index.php
# List of modules
LoadModule unixd_module modules/mod_unixd.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule headers_module modules/mod_headers.so
LoadModule dir_module modules/mod_dir.so
LoadModule php5_module modules/libphp5.so
%(file_list)s {
daily
dateext
rotate 30
compress
notifempty
sharedscripts
create
postrotate
%(postrotate)s
endscript
olddir %(olddir)s
}
#!/bin/sh
exec %(memcached_binary)s -p %(memcached_port)s -U %(memcached_port)s -l %(memcached_ip)s
#!/bin/sh
exec %(mmc_core_binary)s -f %(mmc_core_config_file)s
[main]
host = %(mmc_host)s
port = %(mmc_port)s
# Credentials for HTTP basic authentication
login = mmc
password = s3cr3t
# RPC Session timeout in seconds.
# If unset default to Twisted hardcoded 900 seconds.
#sessiontimeout = 900
# Multi-threading support (enabled by default)
#multithreading = 1
#maxthreads = 20
# SSL support
enablessl = 1
localcert = %(ssl_localcert)s
cacert = %(ssl_cacert)s
# Certificate check
# verifypeer = 0
# Path to the file containing the Certificate Authority (PEM format)
# cacert =
# Path to the file containing the local key and certificate (PEM format)
# localcert =
[daemon]
user = %(daemon_user)s
group = %(daemon_user)s
umask = 0077
pidfile= %(daemon_pidfile)s
# user = mmc
# group = mmc
# umask = 0007
# pidfile= /var/run/mmc-agent.pid
[loggers]
keys=root
[handlers]
keys=hand01,hand02
[formatters]
keys=form01
[logger_root]
level=NOTSET
handlers=hand01
[handler_hand01]
class=FileHandler
level=INFO
formatter=form01
args=("%s" % %(mmc_log)s,)
[handler_hand02]
class=StreamHandler
level=DEBUG
args=(sys.stderr,)
[formatter_form01]
format=%(asctime)s #%(thread)d %(levelname)s %(message)s
[main]
host = %(mmc_host)s
port = %(mmc_port)s
# Credentials for HTTP basic authentication
login = mmc
password = s3cr3t
# RPC Session timeout in seconds.
# If unset default to Twisted hardcoded 900 seconds.
#sessiontimeout = 900
# Multi-threading support (enabled by default)
#multithreading = 1
#maxthreads = 20
# SSL support
enablessl = 1
localcert = %(ssl_localcert)s
cacert = %(ssl_cacert)s
# Certificate check
# verifypeer = 0
# Path to the file containing the Certificate Authority (PEM format)
# cacert =
# Path to the file containing the local key and certificate (PEM format)
# localcert =
[daemon]
user = %(daemon_user)s
group = %(daemon_user)s
umask = 0077
pidfile= %(daemon_pidfile)s
# user = mmc
# group = mmc
# umask = 0007
# pidfile= /var/run/mmc-agent.pid
[loggers]
keys=root
[handlers]
keys=hand01,hand02
[formatters]
keys=form01
[logger_root]
level=NOTSET
handlers=hand01
[handler_hand01]
class=FileHandler
level=INFO
formatter=form01
args=("%s" % %(mmc_log)s,)
[handler_hand02]
class=StreamHandler
level=DEBUG
args=(sys.stderr,)
[formatter_form01]
format=%(asctime)s #%(thread)d %(levelname)s %(message)s
[global]
; RPC backend to use
backend = xmlrpc
; HTTP basic authentication credentials to use for XMLRPC communication
login = mmc
password = s3cr3t
; Root URL where the MMC web pages are installed
; root= /mmc/ for http://127.0.0.1/mmc/
root = /mmc/
; Filesystem path where the MMC web modules are installed
rootfsmodules = %(mmc_location)s/modules/
; Available pagination steps
pagination = 10 20 50 100
; Number of items to display in lists
maxperpage = 10
; Declare if this installation is a community version or not
; community can be yes or no
community = yes
; Debug section
[debug]
; 0 : no information
; 1 : XMLRPC calls and results are displayed by the web interface
level = 0
; Login page title
; UTF-8 strings must be used
[logintitle]
; Default page title for English and non-translated languages
C =
; French title
fr_FR =
; Spanish title
es_ES =
[server_01]
description = localhost
url = https://127.0.0.1:7080
; Timeout in seconds for all socket I/O operations
; Beware that timeout on a SSL socket only works with PHP >= 5.2.1
; timeout = 300
; SSL certificate check support
; verifypeer = 0
; Path to the file containing the Certificate Authority (PEM format)
; cacert =
; Path to the file containing the local key and certificate (PEM format)
; localcert =
[ldap]
# LDAP we are connected to
# If ldapurl starts with "ldaps://", use LDAP over SSL on the LDAPS port.
# LDAPS is deprecated, and you should use StartTLS.
# If ldapverifypeer = demand, always use the server hostname instead of its IP
# address in the LDAP URL. This hostname must match the CN field of the server
# certificate.
ldapurl = ldap://%(ldap_host)s:%(ldap_port)s
# Network timeout in seconds for LDAP operations. No default timeout set.
#network_timeout =
# TLS connection parameters when LDAPS is not used:
# off - never use TLS (default value)
# start_tls - Use the LDAPv3 StartTLS extended operation (better)
#start_tls = off
# If start_tls != off or LDAPS, specify check to perform on server certificate:
# never - don't ask certificate
# demand - request certificate. If none or bad certificate provided, stop the
# connection (recommended)
#ldapverifypeer = demand
# Client certicates to use (default are empty) for LDAPS or TLS connections:
# For example: /etc/ssl/certs
#cacertdir =
# For example: /etc/mmc/certs/demoCA/cacert.pem
#cacert =
# For example: /etc/mmc/certs/client.cert
#localcert =
# For example: /etc/mmc/certs/client.key
#localkey =
# Accepted ciphers
# Use this for more security: TLSv1+SHA1+AES+DH:CAMELLIA:!NULL:!ADH
#ciphersuites = TLSv1:!NULL
# LDAP debug level - set this to 255 to debug LDAP connection problems
#ldapdebuglevel = 0
# LDAP base DN
baseDN = dc=mandriva, dc=com
# Users location in the LDAP
baseUsersDN = ou=Users, %%(basedn)s
# Groups location in the LDAP
baseGroupsDN = ou=Groups, %%(basedn)s
# LDAP manager
rootName = cn=admin, %%(basedn)s
password = secret
# If enabled, the MMC will create/move/delete the home of the users
# Else will do nothing, but only write user informations into LDAP
userHomeAction = 1
# Skeleton directory to populate a new home directory
skelDir = /etc/skel
# If set, all new users will belong to this group when created
defaultUserGroup = Domain Users
# Default home directory for users
defaultHomeDir = /home
# user uid number start
uidStart = 10000
# group gid number start
gidStart = 10000
# LDAP log file path
logfile = %(ldap_logfile_path)s
# FDS log file path
# logfile = /opt/fedora-ds/slapd-hostname/logs/access
# you can specify here where you can authorized creation of your homedir
# default is your defaultHomeDir
# example:
# authorizedHomeDir = /home, /home2, /mnt/depot/newhome
# LDAP user password scheme to use
# Possible values are "ssha", "crypt" and "passmod"
# "passmod" uses the LDAP Password Modify Extended Operations to change
# password. The password encryption is done by the LDAP server.
passwordscheme = passmod
#[backup-tools]
## Path of the backup tools
#path = /usr/lib/mmc/backup-tools
## Where are put the archives
#destpath = /home/archives
# Computer inventory plugin to use (Pulse 2 related option)
# [computers]
# method = glpi
# method = inventory
# Audit system configuration
# If commented, the audit module will be disabled
# [audit]
# method = database
# dbhost = localhost
# MySQL and PostgreSQL backends are available
# dbdriver = postgres
# dbport = 5432
# dbdriver = mysql
# dbport = 3306
# dbuser = audit
# dbpassword = audit
# dbname = audit
# User authentication configuration
#[authentication]
# Authenticators chain
#method = baseldap externalldap
# baseldap authenticator configuration
#[authentication_baseldap]
# Set a list of login that will only be authentified using this authenticator
#authonly = root
# Externalldap authenticator configuration
#[authentication_externalldap]
# Login list that won't be authenticated with this authenticator.
#exclude =
# If set, only the speficied logins will be authenticated with this
# authenticator.
#authonly =
# Set whether this authenticator is mandatory. If it is mandatory and can't be
# validated during the mmc-agent activation phase, the mmc-agent exits with an
# error.
#mandatory = True
# LDAP server URLs. The LDAP server are selected in the given order when
# authenticating a user.
#ldapurl = ldap://192.168.0.1:389 ldap://192.168.0.2:389
# LDAP connection timeout in seconds. If the LDAP connection failed after this
# timeout, we try the next LDAP server in the list or give up if it the last.
#network_timeout =
# LDAP suffix where to search for user
#suffix = cn=Users,dc=mandriva,dc=com
# How to bind to the LDAP. Empty if anonymous
#bindname = cn=account, cn=Users, dc=linboxad, dc=com
#bindpasswd = s3cr3t
#bindname =
#bindpasswd =
# User filter
#filter = objectClass=*
# User attribute containing her/his login
#attr = cn
# User provisioning configuration
#[provisioning]
#method = externalldap
# externalldap provisioner configuration
#[provisioning_externalldap]
# Login list that won't be provisioned with this provisioner
#exclude = root
# These attributes are mandatory to create a user
#ldap_uid = cn
#ldap_givenName = sn
#ldap_sn = sn
# Other attributes to fill in
#ldap_mail = mail
#...
# We are able to fill the ACL fields the user logs in according to the value of
# an attribute from the external LDAP.
# What is the field name ?
#profile_attr =
# Here we define two profiles: profile1 and profile2
# profile1 allows the user to log in and change her/his password in the web
# interface
#profile_acl_profile1= :base#users#passwd/
# profile2 disallows the user to do anything (no ACL defined)
#profile_acl_profile2 =
# ... You can define as much profile_acl_* options as you need
# For each profile, we can create a group of user, and put users with a given
# profile in the corresponding group automatically when they log in.
# Set the next line to True to activate profile to group mapping
#profile_group_mapping = False
# A prefix for the created group can be set
#profile_group_prefix =
# Example userdefault settings to support Kerberos
# [userdefault]
# objectClass = +krb5KDCEntry,krb5Principal
# krb5KeyVersionNumber = 1
# krb5KDCFlags = 126
# krb5PrincipalName = %uid%@DOMAIN
# Subscription informations
# [subscription]
# product_name = MDS
# vendor_name = Mandriva
# vendor_mail = sales@mandriva.com
# customer_name =
# customer_mail =
# comment =
# users = 0
# computers = 0
# # Support informations
# support_mail = customer@customercare.mandriva.com
# support_phone = 0810 LINBOX
# support_comment =
[ldap]
# LDAP we are connected to
# If ldapurl starts with "ldaps://", use LDAP over SSL on the LDAPS port.
# LDAPS is deprecated, and you should use StartTLS.
# If ldapverifypeer = demand, always use the server hostname instead of its IP
# address in the LDAP URL. This hostname must match the CN field of the server
# certificate.
ldapurl = ldap://%(ldap_host)s:%(ldap_port)s
# Network timeout in seconds for LDAP operations. No default timeout set.
#network_timeout =
# TLS connection parameters when LDAPS is not used:
# off - never use TLS (default value)
# start_tls - Use the LDAPv3 StartTLS extended operation (better)
#start_tls = off
# If start_tls != off or LDAPS, specify check to perform on server certificate:
# never - don't ask certificate
# demand - request certificate. If none or bad certificate provided, stop the
# connection (recommended)
#ldapverifypeer = demand
# Client certicates to use (default are empty) for LDAPS or TLS connections:
# For example: /etc/ssl/certs
#cacertdir =
# For example: /etc/mmc/certs/demoCA/cacert.pem
#cacert =
# For example: /etc/mmc/certs/client.cert
#localcert =
# For example: /etc/mmc/certs/client.key
#localkey =
# Accepted ciphers
# Use this for more security: TLSv1+SHA1+AES+DH:CAMELLIA:!NULL:!ADH
#ciphersuites = TLSv1:!NULL
# LDAP debug level - set this to 255 to debug LDAP connection problems
#ldapdebuglevel = 0
# LDAP base DN
baseDN = dc=mandriva, dc=com
# Users location in the LDAP
baseUsersDN = ou=Users, %%(basedn)s
# Groups location in the LDAP
baseGroupsDN = ou=Groups, %%(basedn)s
# LDAP manager
rootName = cn=admin, %%(basedn)s
password = secret
# If enabled, the MMC will create/move/delete the home of the users
# Else will do nothing, but only write user informations into LDAP
userHomeAction = 1
# Skeleton directory to populate a new home directory
skelDir = /etc/skel
# If set, all new users will belong to this group when created
defaultUserGroup = Domain Users
# Default home directory for users
defaultHomeDir = /home
# user uid number start
uidStart = 10000
# group gid number start
gidStart = 10000
# LDAP log file path
logfile = %(ldap_logfile_path)s
# FDS log file path
# logfile = /opt/fedora-ds/slapd-hostname/logs/access
# you can specify here where you can authorized creation of your homedir
# default is your defaultHomeDir
# example:
# authorizedHomeDir = /home, /home2, /mnt/depot/newhome
# LDAP user password scheme to use
# Possible values are "ssha", "crypt" and "passmod"
# "passmod" uses the LDAP Password Modify Extended Operations to change
# password. The password encryption is done by the LDAP server.
passwordscheme = passmod
#[backup-tools]
## Path of the backup tools
#path = /usr/lib/mmc/backup-tools
## Where are put the archives
#destpath = /home/archives
# Computer inventory plugin to use (Pulse 2 related option)
# [computers]
# method = glpi
# method = inventory
# Audit system configuration
# If commented, the audit module will be disabled
# [audit]
# method = database
# dbhost = localhost
# MySQL and PostgreSQL backends are available
# dbdriver = postgres
# dbport = 5432
# dbdriver = mysql
# dbport = 3306
# dbuser = audit
# dbpassword = audit
# dbname = audit
# User authentication configuration
#[authentication]
# Authenticators chain
#method = baseldap externalldap
# baseldap authenticator configuration
#[authentication_baseldap]
# Set a list of login that will only be authentified using this authenticator
#authonly = root
# Externalldap authenticator configuration
#[authentication_externalldap]
# Login list that won't be authenticated with this authenticator.
#exclude =
# If set, only the speficied logins will be authenticated with this
# authenticator.
#authonly =
# Set whether this authenticator is mandatory. If it is mandatory and can't be
# validated during the mmc-agent activation phase, the mmc-agent exits with an
# error.
#mandatory = True
# LDAP server URLs. The LDAP server are selected in the given order when
# authenticating a user.
#ldapurl = ldap://192.168.0.1:389 ldap://192.168.0.2:389
# LDAP connection timeout in seconds. If the LDAP connection failed after this
# timeout, we try the next LDAP server in the list or give up if it the last.
#network_timeout =
# LDAP suffix where to search for user
#suffix = cn=Users,dc=mandriva,dc=com
# How to bind to the LDAP. Empty if anonymous
#bindname = cn=account, cn=Users, dc=linboxad, dc=com
#bindpasswd = s3cr3t
#bindname =
#bindpasswd =
# User filter
#filter = objectClass=*
# User attribute containing her/his login
#attr = cn
# User provisioning configuration
#[provisioning]
#method = externalldap
# externalldap provisioner configuration
#[provisioning_externalldap]
# Login list that won't be provisioned with this provisioner
#exclude = root
# These attributes are mandatory to create a user
#ldap_uid = cn
#ldap_givenName = sn
#ldap_sn = sn
# Other attributes to fill in
#ldap_mail = mail
#...
# We are able to fill the ACL fields the user logs in according to the value of
# an attribute from the external LDAP.
# What is the field name ?
#profile_attr =
# Here we define two profiles: profile1 and profile2
# profile1 allows the user to log in and change her/his password in the web
# interface
#profile_acl_profile1= :base#users#passwd/
# profile2 disallows the user to do anything (no ACL defined)
#profile_acl_profile2 =
# ... You can define as much profile_acl_* options as you need
# For each profile, we can create a group of user, and put users with a given
# profile in the corresponding group automatically when they log in.
# Set the next line to True to activate profile to group mapping
#profile_group_mapping = False
# A prefix for the created group can be set
#profile_group_prefix =
# Example userdefault settings to support Kerberos
# [userdefault]
# objectClass = +krb5KDCEntry,krb5Principal
# krb5KeyVersionNumber = 1
# krb5KDCFlags = 126
# krb5PrincipalName = %uid%@DOMAIN
# Subscription informations
# [subscription]
# product_name = MDS
# vendor_name = Mandriva
# vendor_mail = sales@mandriva.com
# customer_name =
# customer_mail =
# comment =
# users = 0
# computers = 0
# # Support informations
# support_mail = customer@customercare.mandriva.com
# support_phone = 0810 LINBOX
# support_comment =
[main]
disable = 1
[ppolicy]
# Branch where the password policies are stored
ppolicyDN = ou=Password Policies, %(baseDN)s
# Name of the default password policy
ppolicyDefault = default
# This options are used only once to create the default password policy entry
# into the LDAP
[ppolicyattributes]
pwdAttribute = userPassword
pwdLockout = True
pwdMaxFailure = 5
pwdLockoutDuration = 900
# Password can't be change if it not 7 days old
pwdMinAge = 25200
# Password expiration is 42 days
pwdMaxAge = 3628800
pwdMinLength = 8
pwdInHistory = 5
pwdMustChange = True
# To check password quality
pwdCheckModule = mmc-check-password.so
pwdCheckQuality = 2
# ERP5 buildout my.cnf template based on my-huge.cnf shipped with mysql
# The MySQL server
[mysqld]
# ERP5 by default requires InnoDB storage. MySQL by default fallbacks to using
# different engine, like MyISAM. Such behaviour generates problems only, when
# tables requested as InnoDB are silently created with MyISAM engine.
#
# Loud fail is really required in such case.
sql-mode="NO_ENGINE_SUBSTITUTION"
skip-show-database
port = %(tcp_port)s
bind-address = %(ip)s
socket = %(socket)s
datadir = %(data_directory)s
pid-file = %(pid_file)s
log-error = %(error_log)s
log-slow-file = %(slow_query_log)s
long_query_time = 5
max_allowed_packet = 128M
query_cache_size = 32M
plugin-load = ha_innodb_plugin.so
# The following are important to configure and depend a lot on to the size of
# your database and the available resources.
#innodb_buffer_pool_size = 4G
#innodb_log_file_size = 256M
#innodb_log_buffer_size = 8M
# Some dangerous settings you may want to uncomment if you only want
# performance or less disk access. Useful for unit tests.
#innodb_flush_log_at_trx_commit = 0
#innodb_flush_method = nosync
#innodb_doublewrite = 0
#sync_frm = 0
# Uncomment the following if you need binary logging, which is recommended
# on production instances (either for replication or incremental backups).
#log-bin=mysql-bin
# Force utf8 usage
collation_server = utf8_unicode_ci
character_set_server = utf8
skip-character-set-client-handshake
[mysql]
no-auto-rehash
socket = %(socket)s
[mysqlhotcopy]
interactive-timeout
CREATE DATABASE IF NOT EXISTS %(database)s;
GRANT ALL PRIVILEGES ON %(database)s.* TO %(user)s@localhost IDENTIFIED BY %(password)r;
GRANT ALL PRIVILEGES ON %(database)s.* TO %(user)s@'%%' IDENTIFIED BY %(password)r;
GRANT SHOW DATABASES ON *.* TO %(user)s@localhost IDENTIFIED BY %(password)r;
GRANT SHOW DATABASES ON *.* TO %(user)s@'%%' IDENTIFIED BY %(password)r;
FLUSH PRIVILEGES;
EXIT
This diff is collapsed.
[PHP]
engine = On
safe_mode = Off
expose_php = On
error_reporting = E_ALL | E_STRICT
display_errors = On
display_startup_errors = On
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
[main]
# Is the plugin disable ?
disable = 0
# Are dynamic group enable ?
dynamic_enable = 1
# Are profiles enable ?
# profiles_enable = 0
# Preselected module in the dynamic group creation page
# default_module =
# Maximum number of elements in the static group creation list
# max_elements_for_static_list = 2000
[database]
dbdriver = mysql
dbhost = %(mysql_host)s
dbport = %(mysql_port)s
dbuser = %(mysql_user)s
dbpasswd = %(mysql_password)s
dbname = dyngroup
# dbsslenable = 0
# dbsslca =
# dbsslcert =
# dbsslkey =
# Database connection lifetime
# dbpoolrecycle = 60
# Database connection pool size
# dbpoolsize = 5
[querymanager]
# can we query on group names ?
activate = 0
[main]
disable = 0
dbdriver = mysql
dbhost = %(mysql_host)s
dbport = %(mysql_port)s
dbuser = %(mysql_user)s
dbpasswd = %(mysql_password)s
dbname = glpi
# dbsslenable = 0
# dbsslca =
# dbsslcert =
# dbsslkey =
# Database connection lifetime
# dbpoolrecycle = 60
# Database connection pool size
# dbpoolsize = 5
# Allow users to filter computers list using an entity selector
localisation = True
# Accepted GLPI profiles. A user must have her/his GLPI profile in this list
# else she/he can't display any computers from the GLPI inventory
# active_profiles = profile1 profile2 profile3
# Only display computers with the specified state
# filter_on = state=3
# Give the uri to link to for a computer inventory
# glpi_computer_uri =
# should be something like that :
# glpi_computer_uri = http://localhost/glpi/front/computer.form.php?ID=
# Tell whether the query manager of the dyngroup plugin can use this module
[querymanager]
activate = True
# GLPI authentication configuration
#[authentication_glpi]
# URL to connect to the GLPI HTTP interface ?
#baseurl = http://glpi-server/glpi/
# GLPI provisioning configuration
#[provisioning_glpi]
# Users that will never be provisioned
#exclude = root
# Before provisioning, should we perform a GLPI authentication to create or
# update the user informations in the GLPI database ?
#doauth = 1
# MMC web interface ACLs definition according to the user GLPI profile
#profile_acl_profile1 = :##:base#main#default
#profile_acl_profile2 =
#profile_acl_profile3 =
# If the user belong to more than one profile, the first profile of this list
# will be used
#profiles_order = profile1 profile2 profile3
[main]
disable = 0
[database]
# dbdriver = mysql
# dbhost = localhost
# dbport = 3306
# dbname = imaging
# dbuser = mmc
# dbpasswd = mmc
# dbsslenable = 0
# dbsslca = /etc/mmc/pulse2/imaging/cacert.pem
# dbsslcert = /etc/mmc/pulse2/imaging/cert.pem
# dbsslkey = /etc/mmc/pulse2/imaging/key.pem
# Database connection lifetime
# dbpoolrecycle = 60
# Database connection pool size
# dbpoolsize = 5
# [web]
# ##### Interface customization #####
# user may want to override the way dates are displayed (see http://www.php.net/date for more informations)
# web_def_date_fmt = "%Y-%m-%d %H:%M:%S"
# web_def_default_protocol = nfs
# Menu settings
# web_def_default_menu_name = Menu
# web_def_default_timeout = 60
# web_def_default_background_uri =
# web_def_default_message = Warning ! Your PC is being backed up or restored. Do not reboot !
# start options
# web_def_kernel_parameters = quiet
# backup/restore options
# web_def_image_parameters =
[main]
disable = 0
displayLocalisationBar = 0
# Example of software filter when querying a computer inventory.
# All softwares containing the KB string will be excluded
# software_filter = %KB%
[inventory]
dbdriver = mysql
dbhost = %(mysql_host)s
dbport = %(mysql_port)s
dbuser = %(mysql_user)s
dbpasswd = %(mysql_password)s
dbname = inventory
dbsslenable = 0
dbsslca = %(inventory_ssl_cacert)s
dbsslcert = %(inventory_ssl_cert)s
dbsslkey = %(inventory_ssl_key)s
# Database connection lifetime
# dbpoolrecycle = 60
# Database connection pool size
# dbpoolsize = 5
[computers]
# display = cn::Computer Name||displayName::Description
# content =
[expert_mode]
Bios = BiosVersion|ChipSerial|BiosVendor|SmbManufacturer|SmbProduct|SmbVersion|SmbSerial|SmbUUID|SmbType|DateFirstSwitchOn
Network = CardType|MIB|Bandwidth|NetworkType|SubnetMask|State
Hardware = Build|Version|ProcessorCount|SwapSpace|User|Date|Workgroup|RegisteredName|RegisteredCompany|OSSerialNumber|Type|OsSerialKey|ProcessorFrequency|Host
Software = ProductPath|Type|Icon|UninstallPath|ExecutableSize|Application
Controller = ExpandedType|HardwareVersion|StandardType
Drive = DriveType|FileCount|FileSystem
Input = StandardDescription|ExpandedDescription|Connector
Memory = ExtendedDescription|SlotCount
Monitor = Stamp|Type|Serial|Manuf
Pci =
Port = Stamp
Printer =
Slot =
Sound = Description
Storage = ExtendedType|VolumeName|Media
VideoCard =
[graph]
Network = Gateway
Hardware = OperatingSystem|ProcessorType
Memory = Size
# [querymanager]
# list = Entity/Label||Software/ProductName||Hardware/ProcessorType||Hardware/OperatingSystem||Drive/TotalSpace||Inventory/Date
# double = Software/Products::Software/ProductName##Software/ProductVersion
# halfstatic = Registry/Value/display name::Path##DisplayName
# extended = Inventory/Date||Drive/TotalSpace
# [provisioning_inventory]
# Users that will never be provisioned
# exclude = root
# A user can be automatically linked to a list of entities according to his
# profile.
# What is the LDAP field name that defines its profile name ?
# profile_attr =
# Here are the possible notations for profile to entities mapping:
# A simple list of the entities names
# profile_entity_profile1 = entityA entityB
# The dot char is the root entity
# profile_entity_profile2 = .
# In this example the content of the multi-valued 'pulse2entity' LDAP attribute
# will be used
# profile_entity_profile3 = %pulse2entity%
# Here the provisioning plugin 'network_to_entity' will be used
# profile_entity_profile4 = plugin:network_to_entity
[main]
disable = 0
[msc]
# repopath = /var/lib/pulse2/packages
# qactionspath = /var/lib/pulse2/qactions
# download_directory_path = /var/lib/pulse2/downloads
# dbdriver = mysql
# dbhost = localhost
# dbport = 3306
# dbname = msc
# dbuser = mmc
# dbpasswd = mmc
# dbdebug = ERROR
# Database connection lifetime
# dbpoolrecycle = 60
# Database connection pool size
# dbpoolsize = 5
# SSL support
# dbsslenable = 0
# dbsslca =
# dbsslcert =
# dbsslkey =
# Computer's IP addresses filtering
# ignore_non_rfc2780 = 1
# ignore_non_rfc1918 = 0
# Comma separated values of excluded or included IP addresses or ranges
# For example: exclude_ipaddr = 192.168.0.1,10.0.0.0/10.255.255.255
# Included addresses are never filtered.
# exclude_ipaddr =
# include_ipaddr =
# Computer's host name filtering
# ignore_non_fqdn = 0
# ignore_invalid_hostname = 0
# Space separated list regexp for rejected or accepted host name
# Host name matching the regexp in include_hostname are always accepted
# For example: exclude_hostname = ^computer[0-9]*$ ^server[0-9]*$
# exclude_hostname =
# include_hostname =
# Computer's MAC addresses filtering
# wol_macaddr_blacklist =
# default scheduler used by the msc
default_scheduler = scheduler_01
[scheduler_api]
host = %(ipv4)s
port = 9990
username =
password =
enablessl = 1
# verifypeer = 0
# cacert =
# localcert =
[scheduler_01]
host = %(ipv4)s
port = 8000
username = username
password = password
enablessl = 1
# verifypeer = 0
# cacert =
# localcert =
[web]
# ##### Interface customization #####
# user may want to override the way dates are displayed (see http://www.php.net/date for more informations)
# web_def_date_fmt = "%Y-%m-%d %H:%M:%S"
#
# ##### Deployment default settings #####
# pre-check the "awake" checkbox in 'standard' deploy mode
# web_def_awake = 1
# pre-check the "do inventory" checkbox in 'standard' deploy mode
# web_def_inventory = 1
# hidden option
# web_show_reboot = 0
# pre-select the following mode in 'advanced' deploy mode
# the two available modes are push and push_pull
# web_def_mode = push
# if set to False, the following setting allow the user to toggle between push and push/pull mode in advanced mode
# web_force_mode = True
# web_def_maxbw = 0
# web_def_delay = 60
# web_def_attempts = 3
# web_def_deployment_intervals =
# web_dlpath =
# Max bandwidth for file download in Kbit/s
# web_def_dlmaxbw = 0
#
# ##### Proxy default settings ####
# May the local proxy system be used ?
# web_allow_local_proxy = False
# default proxy mode, defaut "multiple", other possible value "single"
# web_def_local_proxy_mode = multiple
# Max number of clients per proxy in proxy mode
# web_def_max_clients_per_proxy = 10
# Number of auto-selected proxy in semi-auto mode
# web_def_proxy_number = 2
# default mode (semi_auto / manual)
# web_def_proxy_selection_mode = semi_auto
#
# ##### VNC Applet default settings ####
# Here we may define the VNC applet behavior (in some way)
# may the VNC applet used ? (this setting simply (en/dis)able the display of the VNC action button)
# vnc_show_icon = True
# allow user to interact with remote desktop ?
# vnc_view_only = True
# use the following VNC client pre-defined rules,
# currently available profiles:
# fiber: for high speed local networks (low latency, 10 Mb/s per connection)
# lan: for 100 Mb local networks (low latency, 3 Mb/s per connection)
# cable: for high-end broadband links (high latency, 400 kb/s per connection)
# dsl: for low-end broadband links (high latency, 120 kb/s per connection)
# isdn: (high latency, 75 kb/s)
# vnc_network_connectivity = lan
# display applet control to user
# vnc_allow_user_control = False
# the port to use to connect to a VNC
# vnc_port = 5900
#
# ##### Client probing behavior ####
# the LED which represents the client status can take four colors:
# black => no probe done
# red => all probe failed
# orange => minimal probe succedeed (ping), maximal probe failed (ssh)
# green => all probe succedeed
# available probes are: none (field is empty), ping, ssh, ping_ssh (ie. both)
# for networks where icmp is not allowed, ping may be disabled: probe_order=ssh
# to speed-up display, ssh may be disabled: probe_order=ping
# to fully disable probe: probe_order=
# default conf: ping_ssh, in other terms: ping = orange, ssh = green
# probe_order=ping_ssh
[package_api]
# mserver = 127.0.0.1
# mport = 9990
# mmountpoint = /rpc
# enablessl = 1
# verifypeer = 0
# localcert =
# cacert =
[main]
disable = 0
[user_package_api]
server = localhost
port = 9990
mountpoint = /upaa
username =
password =
enablessl = 1
# verifypeer = 0
# cacert =
# localcert =
[main]
disable = 0
# [database]
# dbdriver = mysql
# dbhost = localhost
# dbport = 3306
# dbname = pulse2
# dbuser = mmc
# dbpasswd = mmc
# dbsslenable = 0
# dbsslca =
# dbsslcert =
# dbsslkey =
^/tftpboot/revoboot/bin/revoboot.pxe$ bootloader/pxe_boot
^/bootloader/pxe_boot$ bootloader/pxe_boot
^/bootloader/bootsplash.xpm$ bootloader/bootsplash.xpm
^/bootmenus/default bootmenus/default
^/bootmenus/([0-9A-F]{12}) bootmenus/$1
^/bootmenus/([0-9A-F]{8}) bootmenus/$1
^/custom/(.+) custom/$1
^/diskless/kernel$ diskless/kernel
^/diskless/initrd$ diskless/initrd
^/diskless/memtest$ diskless/memtest
^/tools/memtest$ diskless/memtest
^/masters/(.+) masters/$1
^/(.*)$ ?
.* ?
[main]
# We will bind on this address ...
# host = 0.0.0.0
# ... and this UDP port
# port = 1001
# required password to record a client, not checked if empty
# adminpass =
[daemon]
# as we are a service, we need some info to be run, such as:
# - the identity we will run into
# user = root
# group = root
# - our umask
# umask = 0077
# and where to record our PID
# pidfile= /var/run/pulse2-imaging-server.pid
[package-server]
# here are described how to talk to our referent package server
#
# host = 127.0.0.1
# port = 9990
# mount_point = /imaging_api
# enablessl = True
# username = username
# password = password
# cacert = /etc/mmc/pulse2/imaging-server/keys/cacert.pem
# localcert = /etc/mmc/pulse2/imaging-server/keys/privkey.pem
# verifypeer = False
[hooks]
# hooks_dir = /usr/lib/pulse2/imaging-server/hooks
#
# 0xAD => "I'm new" action : menu creation request, triggered by the bootloader
# arg[1] = source MAC (short)
# arg[2] = given ID (short)
# arg[3] = given PASSWORD (optionnal)
# exit 0 on success
# create_client_path = create_client
#
# 0xAA => "I just booted" action : menu update request + inventory processing request, triggered by the bootloader
# arg[1] = source MAC (short)
# boot_client_path = boot_client
# arg[1] = source MAC (short)
# arg[2] = where the inventory is temporaly stored
# process_inventory_path = process_inventory
#
# 0xEC => "I just started a backup" : start a backup request, triggered by revoinc
# arg[1] = source MAC (short)
# arg[2] = kind of backup (L = image, B = Master)
# exit 0 on success
# start_image_path = start_image
#
# 0xED => "I just finished a backup" : end a backup request, triggered by revodoneimage
# end_image_path = end_image
#
# 0xCD => "Change my default menu" => change default menu request, triggered by revodefault
# arg[1] = source MAC (short)
# arg[2] = item to use
# exit 0 on success
# change_default_path = change_default
#
# 0x4C => log stuff
# arg[1] = source MAC (short)
# arg[2] = action :
# 0 => booted
# 1 => took item arg[3]
# 2 => starting restoration (more info in arg[3])
# 3 => finished restoration (more info in arg[3])
# 4 => starting backup (more info in arg[3])
# 5 => finished backup (more info in arg[3])
# 6 => started postinst
# 7 => finished postinst
# 8 => critical error
# arg[3] = optional, see upper
# exit 0 on success
# log_action_path = log_action
#
# 0x1A => asks for its UUID
# arg[1] = source MAC (short)
# exit 0 on success, UUID is the last line on stdout
# get_uuid_path = get_uuid
#
# 0x1B => asks for its Hostname
# arg[1] = source MAC (short)
# exit 0 on success, hostname is the last line on stdout
# get_hostname_path = get_hostname
#
# 0x54 => ask for time sync (for mtftp)
# arg[1] = source MAC (short)
# arg[2] = computed sync
# exit 0 on success
# mtftp_sync_path = mtftp_sync
[loggers]
keys = root
[handlers]
keys = hand01
[formatters]
keys = form01
[logger_root]
level = NOTSET
handlers = hand01
[handler_hand01]
class = FileHandler
level = INFO
formatter = form01
args = ("/var/log/mmc/pulse2-imaging-server.log",)
[formatter_form01]
format = %(asctime)s %(levelname)s %(message)s
[main]
# host =
# port = 9999
# ocsmapping = /etc/mmc/pulse2/inventory-server/OcsNGMap.xml
# enablessl = False
# verifypeer = False
# cacert = /etc/mmc/pulse2/inventory-server/keys/cacert.pem
# localcert = /etc/mmc/pulse2/inventory-server/keys/privkey.pem
# to put the data from the registry as hostname
# hostname = Hardware/Host # by default
# default_entity = .
# entities_rules_file =
[database]
# dbdriver = mysql
# dbhost = localhost
# dbport = 3306
# dbname = inventory
# dbuser = mmc
# dbpasswd = mmc
# dbpoolrecycle = 60
# dbsslenable = 0
# dbsslca = /etc/mmc/pulse2/inventory/cacert.pem
# dbsslcert = /etc/mmc/pulse2/inventory/cert.pem
# dbsslkey = /etc/mmc/pulse2/inventory/key.pem
[daemon]
# pidfile = /var/run/pulse2-inventory-server.pid
# user = root
# group = root
# umask = 0077
# Example of non-root execution settings:
# user = mmc
# group = mmc
# umask = 0007
# [option_01]
# NAME = REGISTRY
# PARAM_01 = NAME::srvcomment||REGKEY::SYSTEM\CurrentControlSet\Services\lanmanserver\parameters||REGTREE::2##srvcomment
# PARAM_02 = NAME::DisplayName||REGKEY::SYSTEM\CurrentControlSet\Services\lanmanserver||REGTREE::2##DisplayName
[loggers]
keys=root
[handlers]
keys=hand01,hand02
[formatters]
keys=form01
[logger_root]
level=NOTSET
handlers=hand01
[handler_hand01]
class=FileHandler
level=INFO
formatter=form01
args=("/var/log/mmc/pulse2-inventory-server.log",)
[handler_hand02]
class=StreamHandler
level=DEBUG
args=(sys.stderr,)
[formatter_form01]
format=%(asctime)s %(levelname)s %(message)s
[launchers]
# Pulse2 Launcher path
# launcher_path = /usr/sbin/pulse2-launcher
## Misc locations ##
# Source directory for push mode
# source_path = /var/lib/pulse2/packages
## Workflow-related commands ##
# global ping command
# ping_path = /usr/sbin/pulse2-ping
# global inventory command
# inventory_command = export P2SRV=`echo $SSH_CONNECTION | cut -f1 -d\ `; export P2PORT=9999; export http_proxy=""; export ftp_proxy=""; ( [ -x /cygdrive/c/Program\ Files/OCS\ Inventory\ Agent/OCSInventory.exe ] && /cygdrive/c/Program\ Files/OCS\ Inventory\ Agent/OCSInventory.exe /np /server:$P2SRV /pnum:$P2PORT ) || ( [ -x /usr/bin/ocsinventory-agent ] && /usr/bin/ocsinventory-agent --server=http://$P2SRV:$P2PORT ) || ( [ -x /usr/sbin/ocsinventory-agent ] && /usr/sbin/ocsinventory-agent --server=http://$P2SRV:$P2PORT ) || ( [ -x /usr/local/sbin/ocs_mac_agent.php ] && /usr/local/sbin/ocs_mac_agent.php )
# global reboot command
# reboot_command = /bin/shutdown.exe -f -r 1 || shutdown -r now
# global halt command
# halt_command = /bin/shutdown.exe -f -s 1 || shutdown -h now
## Target on client ##
# target directory on client
# target_path = /tmp
# temp folder name prefix on client
# temp_folder_prefix = MDVPLS
## Foll-proofing ##
# Above this amount of seconds the command will automatically be killed.
# max_command_age = 86400
# Above this amount of seconds a computer will be considered as
# unreachable.
# max_ping_time = 4
# Above this amount of seconds a computer will be considered as without
# ssh installed
# max_probe_time = 20
[daemon]
# the place were we put the daemons's PID files
# pidfile = /var/run/pulse2
# user = root
# group = root
# umask = 0077
# Example of non-root execution settings:
# user = mmc
# group = mmc
# umask = 0007
[wrapper]
# wrapper path
# path = /usr/sbin/pulse2-output-wrapper
# cap the amount of logs a wrapper can generate (in bytes)
# max_log_size = 512000
# wrapper will quit it process takes longer to complete (in seconds)
# max_exec_time = 21600
[ssh]
# defaultkey is the name of the default SSH key
# default_key = default
# openssl binaries path
# scp_path = /usr/bin/scp
# ssh_path = /usr/bin/ssh
# ssh_agent_path = /usr/bin/ssh-agent
# sshkey_default = /root/.ssh/id_dsa
# sshkey_mysecondkey = /somewhere/my_second_key
# options passed to SSH via "-o"
# ssh_options = LogLevel=ERROR UserKnownHostsFile=/dev/null StrictHostKeyChecking=no Batchmode=yes PasswordAuthentication=no ServerAliveInterval=10 CheckHostIP=no ConnectTimeout=10
# ssh's keyforwarding control: never, always, or let (aka 'let the scheduler decide')
# forward_key = let
[wget]
# wget binary path (on client)
# wget_path = /usr/bin/wget
# wget_options =
# check_certs = False
# resume = True
[rsync]
# rsync_path = /usr/bin/rsync
# resume = True
# set_executable can be yes, no or keep
# set_executable = yes
# set_access can be private, restricted or public
# set_access = private
[wol]
# Pulse2 WOL Path
# wol_path = /usr/sbin/pulse2-wol
# wol_port = 40000
# wol_bcast = 255.255.255.255
[tcp_sproxy]
# Pulse2 SSH Proxy path
# tcp_sproxy_path = /usr/sbin/pulse2-tcp-sproxy
# The "external" VNC IP adress
# tcp_sproxy_host =
# The TCP range to attribue to the proxy
# tcp_sproxy_port_range = 8100-8200
# the initial ssh connection to the client timeout
# tcp_sproxy_establish_delay = 20
# the initial VNC connection to the proxy timeout
# tcp_sproxy_connect_delay = 60
# the number of seconds a connection will stay open after the initial handshake
# tcp_sproxy_session_lenght = 3600
[smart_cleaner]
# Pulse2 Smart Cleaner path (on the target); if empty we do not use it
# smart_cleaner_path = /usr/bin/pulse2-smart-cleaner.sh
# cleaner options, space separated, see doc
# smart_cleaner_options =
[scheduler_01]
# host = 127.0.0.1
# port = 8000
# enablessl = True
# username = username
# password = password
# periodicaly talk to our referent scheduler
# awake_time = 600
# add some randomness in our wake-ups
# awake_incertitude_factor = .2
# if set to yes, do no send results directly after a command completion
# defer_results = no
# Launchers sections, one per launcher
[launcher_01]
# bind = 127.0.0.1
port = 8001
# slots = 300
# username = username
# password = password
# scheduler = scheduler_01
enablessl = True
cacert = /etc/mmc/pulse2/launchers/keys/cacert.pem
localcert = /etc/mmc/pulse2/launchers/keys/privkey.pem
verifypeer = False
# You can override the logger configuration of this launcher with the
# loggconffile option, else the logger configuration from the current file will
# be used.
# logconffile = /etc/mmc/pulse2/launchers/log_launcher_01.ini
[loggers]
keys = root
[handlers]
keys = hand01
[formatters]
keys = form01
[logger_root]
level = NOTSET
handlers = hand01
[handler_hand01]
class = FileHandler
level = INFO
formatter = form01
args = ("/var/log/mmc/pulse2-launchers.log",)
[formatter_form01]
format = %(asctime)s %(levelname)s %(message)s
[loggers]
keys = root
[handlers]
keys = hand01
[formatters]
keys = form01
[logger_root]
level = NOTSET
handlers = hand01
[handler_hand01]
class = FileHandler
level = INFO
formatter = form01
args = ("/var/log/mmc/pulse2-launcher-01.log",)
[formatter_form01]
format = %(asctime)s %(levelname)s %(message)s
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment