Commit 7ae111f1 authored by Łukasz Nowak's avatar Łukasz Nowak

- public version of recipe to instantiate ERP5 using slapos

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@43912 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent e93d48f7
Changelog
=========
1.0 (unreleased)
----------------
include CHANGES.txt
recursive-include src/slapos/recipe/erp5 *.in
The slapos.recipe.erp5 aims to instanciate an ERP5 environnment
===============================================================
SLAP parameters
---------------
zope_amount
~~~~~~~~~~~
:Optional: Yes
:Type: integer
:Default: None
:Description: If present switches to Zope/ZEO configuration and configures this amount of Zopes connected to ZEO. If not present only one Zope with own ZODB is created.
ca_*
~~~~
:Optional: Yes
:Name: ca_country_code, ca_email, ca_state, ca_city, ca_company
:Type: string
:Default: XX, xx@example.com, State, City, Company
:Description: Certificate Authority configuration.
key_auth_path
~~~~~~~~~~~~~
:Optional: Yes
:Type: string
:Default: /erp5/portal_slap
:Description: Path where connections using PKI authorisation will be directed.
[egg_info]
tag_build = .dev
tag_svn_revision = 1
from setuptools import setup, find_packages
name = "slapos.recipe.erp5"
version = '1.0'
def read(name):
return open(name).read()
long_description=( read('README.txt')
+ '\n' +
read('CHANGES.txt')
)
setup(
name = name,
version = version,
description = "ZC Buildout recipe for create an erp5 instance",
long_description=long_description,
license = "GPLv3",
keywords = "buildout slapos erp5",
classifiers=[
"Framework :: Buildout :: Recipe",
"Programming Language :: Python",
],
packages = find_packages('src'),
package_dir = {'': 'src'},
include_package_data=True,
install_requires = [
'zc.recipe.egg',
'setuptools',
'slapos.lib.recipe >= 1.0.dev-r4554',
],
namespace_packages = ['slapos', 'slapos.recipe'],
entry_points = {'zc.buildout': ['default = %s:Recipe' % name]},
)
# See http://peak.telecommunity.com/DevCenter/setuptools#namespace-packages
try:
__import__('pkg_resources').declare_namespace(__name__)
except ImportError:
from pkgutil import extend_path
__path__ = extend_path(__path__, __name__)
# See http://peak.telecommunity.com/DevCenter/setuptools#namespace-packages
try:
__import__('pkg_resources').declare_namespace(__name__)
except ImportError:
from pkgutil import extend_path
__path__ = extend_path(__path__, __name__)
##############################################################################
#
# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
from slapos.lib.recipe.BaseSlapRecipe import BaseSlapRecipe
import binascii
import os
import pkg_resources
import hashlib
import sys
import zc.buildout
import zc.recipe.egg
import time
# global staic configuration parameters
CONFIG = dict(
# Certificate Authority
ca_prefix='ca',
test_ca_prefix='test_ca',
# Zope
zope_user='zope',
zope_port_base=12000,
# Apache (login)
login_apache_port_base=13000,
# Apache (key login)
key_auth_apache_port_base=14000,
# MySQL
mysql_database='erp5',
mysql_port=45678,
mysql_prefix='mysql',
mysql_user='user',
mysql_test_database='test_erp5',
mysql_test_user='test_user',
# Zeo
zodb_data_prefix='zodb',
zodb_root_filename='root.fs',
zeo_port=22001,
zeo_storagename='root',
# HaProxy
haproxy_login_port=15000,
haproxy_key_auth_port=16000,
# Memcached
memcached_port=11000,
memcached_mem_limit=256, # in MB
# Kumofs
kumo_manager_port=13101,
kumo_server_port=13201,
kumo_server_listen_port=13202,
kumo_gateway_port=13301,
# Conversion Server
conversion_server_port=23000,
conversion_server_ooo_port=23060,
test_conversion_server_port=24000,
test_conversion_server_ooo_port=24060,
)
# Taken from Zope2 egg
def write_inituser(fn, user, password):
fp = open(fn, "w")
pw = binascii.b2a_base64(hashlib.sha1(password).digest())[:-1]
fp.write('%s:{SHA}%s\n' % (user, pw))
fp.close()
os.chmod(fn, 0600)
class Recipe(BaseSlapRecipe):
def getTemplateFilename(self, template_name):
return pkg_resources.resource_filename(__name__,
'template/%s' % template_name)
def _install(self):
self.connection_dict = dict()
self.path_list = []
self.requirements, self.ws = self.egg.working_set([__name__])
default_parameter_dict = dict(
ca_country_code='XX',
ca_email='xx@example.com',
ca_state='State',
ca_city='City',
ca_company='Company',
key_auth_path='/erp5/portal_slap'
)
for k, v in default_parameter_dict.iteritems():
self.parameter_dict.setdefault(k, v)
self.installMemcached()
self.installKumo()
self.installTestConversionServer()
self.installConversionServer()
self.installTestCertificateAuthority()
self.installCertificateAuthority()
self.installMysqlServer()
self.installERP5()
zodb_dir = os.path.join(self.data_root_directory,
CONFIG['zodb_data_prefix'])
self._createDirectory(zodb_dir)
CONFIG['zodb_root_path'] = os.path.join(zodb_dir, CONFIG['zodb_root_filename'])
if 'zope_amount' in self.parameter_dict:
simple_zope = False
CONFIG['zope_amount'] = int(self.parameter_dict.get('zope_amount'))
else:
simple_zope = True
CONFIG['zope_amount'] = 1
if not simple_zope:
self.installZeo()
for zope_number in xrange(1, CONFIG['zope_amount'] + 1):
self.installZope(zope_number, simple_zope)
self.installHaproxy()
self.installTestRunner()
self.linkBinary()
self.computer_partition.setConnectionDict(self.connection_dict)
return self.path_list
def linkBinary(self):
"""Links binaries to instance's bin directory for easier exposal"""
for linkline in self.options.get('link_binary_list', '').splitlines():
if not linkline:
continue
target = linkline.split()
if len(target) == 1:
target = target[0]
path, linkname = os.path.split(target)
else:
linkname = target[1]
target = target[0]
link = os.path.join(self.bin_directory, linkname)
if os.path.lexists(link):
if not os.path.islink(link):
raise zc.buildout.UserError(
'Target link already %r exists but it is not link' % link)
os.unlink(link)
os.symlink(target, link)
self.logger.debug('Link %r -> %r created' % (link, target))
self.path_list.append(link)
def installKumo(self):
ip = self.getLocalIPv4Address()
CONFIG.update(
kumo_gateway_binary=self.options['kumo_gateway_binary'],
kumo_gateway_ip=ip,
kumo_gateway_log=os.path.join(self.log_directory, "kumo-gateway.log"),
kumo_manager_binary=self.options['kumo_manager_binary'],
kumo_manager_ip=ip,
kumo_manager_log=os.path.join(self.log_directory, "kumo-manager.log"),
kumo_server_binary=self.options['kumo_server_binary'],
kumo_server_ip=ip,
kumo_server_log=os.path.join(self.log_directory, "kumo-server.log"),
kumo_server_storage=os.path.join(self.data_root_directory, "kumodb.tch"),
)
self.path_list.append(self.createRunningWrapper('kumo_gateway',
self.substituteTemplate(self.getTemplateFilename('kumo_gateway.in'),
CONFIG)))
self.path_list.append(self.createRunningWrapper('kumo_manager',
self.substituteTemplate(self.getTemplateFilename('kumo_manager.in'),
CONFIG)))
self.path_list.append(self.createRunningWrapper('kumo_server',
self.substituteTemplate(self.getTemplateFilename('kumo_server.in'),
CONFIG)))
self.connection_dict.update(
kumo_manager_ip=CONFIG['kumo_manager_ip'],
kumo_manager_port=CONFIG['kumo_manager_port'],
kumo_server_ip=CONFIG['kumo_server_ip'],
kumo_server_port=CONFIG['kumo_server_port'],
kumo_gateway_ip=CONFIG['kumo_gateway_ip'],
kumo_gateway_port=CONFIG['kumo_gateway_port'],
)
def installMemcached(self):
CONFIG.update(
memcached_binary=self.options['memcached_binary'],
memcached_ip=self.getLocalIPv4Address())
self.path_list.append(self.createRunningWrapper('memcached',
self.substituteTemplate(self.getTemplateFilename('memcached.in'),
CONFIG)))
self.connection_dict.update(
memcached_ip=CONFIG['memcached_ip'],
memcached_port=CONFIG['memcached_port']
)
def installTestRunner(self):
"""Installs bin/runTestSuite executable to run all tests using bin/runUnitTest"""
# XXX: This method can be drastically simplified after #20110128-1ECA63
# (ERP5 specific runUnitTest script shall be generated by erp5 eggg) will
# be solved
testinstance = self.createDataDirectory('testinstance')
# workaround wrong assumptions of ERP5Type.tests.runUnitTest about directory
# existence
unit_test = os.path.join(testinstance, 'unit_test')
if not os.path.isdir(unit_test):
os.mkdir(unit_test)
runUnitTest = zc.buildout.easy_install.scripts([
('runUnitTest', __name__ + '.testrunner', 'runUnitTest')],
self.ws, sys.executable, self.bin_directory, arguments=[dict(
instance_home=testinstance,
prepend_path=self.bin_directory,
openssl_binary=self.options['openssl_binary'],
test_ca_path=CONFIG['test_ca_path'],
call_list=[self.options['runUnitTest_binary'],
'--erp5_sql_connection_string', '%(mysql_test_database)s@%'
'(mysql_ip)s:%(mysql_port)s %(mysql_test_user)s '
'%(mysql_test_password)s' % self.connection_dict,
'--conversion_server_hostname=%(test_conversion_server_ip)s' % self.connection_dict,
'--conversion_server_port=%(test_conversion_server_port)s' % self.connection_dict
]
)])[0]
self.path_list.append(runUnitTest)
def _installCertificateAuthority(self, prefix=''):
CONFIG.update(
ca_dir=os.path.join(self.data_root_directory, CONFIG['%sca_prefix' % prefix])
)
CONFIG.update(
ca_certificate=os.path.join(CONFIG['ca_dir'], 'cacert.pem'),
ca_key=os.path.join(CONFIG['ca_dir'], 'private', 'cakey.pem'),
ca_crl=os.path.join(CONFIG['ca_dir'], 'crl'),
login_key=os.path.join(CONFIG['ca_dir'], 'private', 'login.key'),
login_certificate=os.path.join(CONFIG['ca_dir'], 'certs',
'login.crt'),
key_auth_key=os.path.join(CONFIG['ca_dir'], 'private', 'keyauth.key'),
key_auth_certificate=os.path.join(CONFIG['ca_dir'], 'certs',
'keyauth.crt'),
)
self._createDirectory(CONFIG['ca_dir'])
for d in ['certs', 'crl', 'newcerts', 'private']:
self._createDirectory(os.path.join(CONFIG['ca_dir'], d))
for f in ['crlnumber', 'serial']:
if not os.path.exists(os.path.join(CONFIG['ca_dir'], f)):
open(os.path.join(CONFIG['ca_dir'], f), 'w').write('01')
if not os.path.exists(os.path.join(CONFIG['ca_dir'], 'index.txt')):
open(os.path.join(CONFIG['ca_dir'], 'index.txt'), 'w').write('')
ca_conf = CONFIG.copy()
ca_conf['openssl_configuration'] = os.path.join(ca_conf['ca_dir'],
'openssl.cnf')
ca_conf.update(
working_directory=CONFIG['ca_dir'],
country_code=self.parameter_dict['ca_country_code'],
state=self.parameter_dict['ca_state'],
city=self.parameter_dict['ca_city'],
company=self.parameter_dict['ca_company'],
email_address=self.parameter_dict['ca_email'],
)
self._writeFile(ca_conf['openssl_configuration'],
pkg_resources.resource_string(__name__,
'template/openssl.cnf.ca.in') % ca_conf)
self.path_list.extend(zc.buildout.easy_install.scripts([
(prefix + 'certificate_authority',
__name__ + '.certificate_authority', 'runCertificateAuthority')],
self.ws, sys.executable, self.wrapper_directory, arguments=[dict(
openssl_configuration=ca_conf['openssl_configuration'],
openssl_binary=self.options['openssl_binary'],
ca_certificate=os.path.join(CONFIG['ca_dir'], 'cacert.pem'),
ca_key=os.path.join(CONFIG['ca_dir'], 'private', 'cakey.pem'),
ca_crl=os.path.join(CONFIG['ca_dir'], 'crl'),
login_key=os.path.join(CONFIG['ca_dir'], 'private', 'login.key'),
login_certificate=os.path.join(CONFIG['ca_dir'], 'certs',
'login.crt'),
key_auth_key=os.path.join(CONFIG['ca_dir'], 'private',
'keyauth.key'),
key_auth_certificate=os.path.join(CONFIG['ca_dir'], 'certs',
'keyauth.crt'),
)]))
self.connection_dict.update(
openssl_binary=self.options['openssl_binary'],
certificate_authority_path=CONFIG['ca_dir']
)
def _installConversionServer(self, prefix=''):
name = prefix + 'conversion_server'
working_directory = self.createDataDirectory(name)
conversion_server_dict = dict(
working_path=working_directory,
uno_path=self.options['ooo_uno_path'],
office_binary_path=self.options['ooo_binary_path'],
ip=self.getLocalIPv4Address(),
port=CONFIG[name + '_port'],
openoffice_port=CONFIG[name + '_ooo_port'],
)
for env_line in self.options['environment'].splitlines():
env_line = env_line.strip()
if not env_line:
continue
if '=' in env_line:
env_key, env_value = env_line.split('=')
conversion_server_dict[env_key.strip()] = env_value.strip()
else:
raise zc.buildout.UserError('Line %r in environment parameter is '
'incorrect' % env_line)
config_file = self.createConfigurationFile(name + '.cfg',
self.substituteTemplate(self.getTemplateFilename('cloudooo.cfg.in'),
conversion_server_dict))
self.path_list.append(config_file)
self.path_list.extend(zc.buildout.easy_install.scripts([(name,
__name__ + '.execute', 'execute')], self.ws, sys.executable,
self.wrapper_directory, arguments=[self.options['ooo_paster'].strip(),
'serve', config_file]))
self.connection_dict.update(**{
name + '_port': conversion_server_dict['port'],
name + '_ip': conversion_server_dict['ip']
})
def installConversionServer(self):
self._installConversionServer()
def installTestConversionServer(self):
self._installConversionServer('test_')
def installCertificateAuthority(self):
self._installCertificateAuthority()
def installTestCertificateAuthority(self):
self._installCertificateAuthority('test_')
CONFIG.update(
test_ca_path=CONFIG['ca_dir']
)
def installHaproxy(self):
listen_template = """listen %(name)s %(ip)s:%(port)s
option ssl-hello-chk
balance roundrobin
%(server_list)s"""
server_template = """server %(name)s %(address)s check"""
ip_dict = dict(
key_auth=self.getLocalIPv4Address(),
login=self.getGlobalIPv6Address()
)
listen_list = []
for key in ['key_auth', 'login']:
conf = dict(
name=key,
ip=ip_dict[key],
port=CONFIG['haproxy_%s_port' % key]
)
server_list = []
for index in xrange(1, CONFIG['zope_amount'] + 1):
k = '_'.join([key, str(index)])
server_list.append(server_template % dict(name='_'.join([conf['name'],
str(index)]),
address=self.connection_dict[k]))
conf['server_list'] = '\n '.join(server_list)
listen_list.append(listen_template % conf)
key = 'haproxy_' + key + '_url'
d = {key: '%(ip)s:%(port)s' % conf}
CONFIG.update(**d)
self.connection_dict.update(**d)
haproxy_conf_path = self.createConfigurationFile('haproxy.cfg',
self.substituteTemplate(self.getTemplateFilename('haproxy.cfg.in'),
dict(listen_list='\n'.join(listen_list))))
self.path_list.append(haproxy_conf_path)
wrapper = zc.buildout.easy_install.scripts([('haproxy',
__name__ + '.execute', 'execute')], self.ws, sys.executable,
self.wrapper_directory, arguments=[
self.options['haproxy_binary'].strip(), '-f', haproxy_conf_path]
)[0]
self.path_list.append(wrapper)
def installERP5(self):
"""
All zope have to share file created by portal_classes
(until everything is integrated into the ZODB).
So, do not request zope instance and create multiple in the same partition.
"""
# Create instance directories
self.erp5_directory = self.createDataDirectory('erp5shared')
# Create init user
password = self.generatePassword()
write_inituser(os.path.join(self.erp5_directory, "inituser"),
CONFIG['zope_user'], password)
self.connection_dict.update(zope_user=CONFIG['zope_user'],
zope_password=password)
self._createDirectory(self.erp5_directory)
for directory in (
'Constraint',
'Document',
'Extensions',
'PropertySheet',
'import',
'lib',
'tests',
'Products',
):
self._createDirectory(os.path.join(self.erp5_directory, directory))
return []
def installZeo(self):
CONFIG.update(
zeo_event_log=os.path.join(self.log_directory, 'zeo.log'),
zeo_ip=self.getLocalIPv4Address(),
zeo_zodb=CONFIG['zodb_root_path'],
zeo_pid=os.path.join(self.run_directory, 'zeo.pid')
)
zeo_conf_path = self.createConfigurationFile('zeo.conf',
self.substituteTemplate(self.getTemplateFilename('zeo.conf.in'), CONFIG))
self.path_list.append(zeo_conf_path)
wrapper = zc.buildout.easy_install.scripts([('zeo', __name__ + '.execute',
'execute')], self.ws, sys.executable, self.wrapper_directory, arguments=[
self.options['runzeo_binary'].strip(), '-C', zeo_conf_path]
)[0]
self.path_list.append(wrapper)
def installZope(self, index, simple_zope):
self.backend_ip = self.getLocalIPv4Address()
self.backend_port = str(CONFIG['zope_port_base'] + index)
# Create instance directories
# Create zope configuration file
zope_config = {}
zope_config.update(self.options)
zope_config.update(CONFIG)
zope_config['instance'] = self.erp5_directory
zope_config['event_log'] = os.path.join(self.log_directory,
'zope_%s-event.log' % index)
zope_config['z2_log'] = os.path.join(self.log_directory,
'zope_%s-Z2.log' % index)
zope_config['pid-filename'] = os.path.join(self.run_directory,
'zope_%s.pid' % index)
zope_config['lock-filename'] = os.path.join(self.run_directory,
'zope_%s.lock' % index)
prefixed_products = []
for product in reversed(zope_config['products'].split()):
product = product.strip()
if product:
prefixed_products.append('products %s' % product)
prefixed_products.insert(0, 'products %s' % os.path.join(
self.erp5_directory, 'Products'))
zope_config['products'] = '\n'.join(prefixed_products)
zope_config['address'] = '%s:%s' % (self.backend_ip, self.backend_port)
zope_config['tmp_directory'] = self.tmp_directory
zope_config['path'] = ':'.join([self.bin_directory] +
os.environ['PATH'].split(':'))
if simple_zope:
zope_wrapper_template_location = self.getTemplateFilename(
'zope.conf.simple.in')
else:
zope_wrapper_template_location = self.getTemplateFilename('zope.conf.in')
zope_conf_path = self.createConfigurationFile("zope_%s.conf" %
index, self.substituteTemplate(
zope_wrapper_template_location, zope_config))
self.path_list.append(zope_conf_path)
# Create init script
wrapper = zc.buildout.easy_install.scripts([('zope_%s' % index,
__name__ + '.execute', 'execute')], self.ws, sys.executable,
self.wrapper_directory, arguments=[
self.options['runzope_binary'].strip(), '-C', zope_conf_path]
)[0]
self.path_list.append(wrapper)
self.installLoginApache(index)
self.installKeyAuthorisationApache(index)
def _getApacheConfigurationDict(self, prefix, ip, port):
apache_conf = dict()
apache_conf['pid_file'] = os.path.join(self.run_directory,
prefix + '.pid')
apache_conf['lock_file'] = os.path.join(self.run_directory,
prefix+'.lock')
apache_conf['ip'] = ip
apache_conf['port'] = port
apache_conf['server_admin'] = 'admin@'
apache_conf['error_log'] = os.path.join(self.log_directory,
prefix+'-error.log')
apache_conf['access_log'] = os.path.join(self.log_directory,
prefix+'-access.log')
return apache_conf
def _writeApacheConfiguration(self, prefix, apache_conf):
rewrite_rule_template = \
"RewriteRule (.*) http://%(backend_ip)s:%(backend_port)s$1 [L,P]"
path_template = pkg_resources.resource_string(__name__,
'template/apache.zope.conf.path.in')
path = path_template % dict(path='/')
d = dict(
path=path,
backend_ip=self.backend_ip,
backend_port=self.backend_port,
backend_path='/',
port=apache_conf['port'],
vhname=path.replace('/',''),
)
rewrite_rule = rewrite_rule_template % d
apache_conf.update(**dict(
path_enable=path,
rewrite_rule=rewrite_rule
))
return self.createConfigurationFile(prefix+'.conf',
pkg_resources.resource_string(__name__,
'template/apache.zope.conf.in') % apache_conf)
def installLoginApache(self, index):
ssl_template = """SSLEngine on
SSLCertificateFile %(login_certificate)s
SSLCertificateKeyFile %(login_key)s
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
"""
apache_conf = self._getApacheConfigurationDict('login_apache_%s' % index,
self.getLocalIPv4Address(), CONFIG['login_apache_port_base'] + index)
apache_conf['server_name'] = '%s' % apache_conf['ip']
apache_conf['ssl_snippet'] = ssl_template % CONFIG
apache_config_file = self._writeApacheConfiguration('login_apache_%s'% index,
apache_conf)
self.path_list.append(apache_config_file)
self.path_list.extend(zc.buildout.easy_install.scripts([(
'login_apache_%s'% index,
__name__+'.apache', 'runApache')], self.ws,
sys.executable, self.wrapper_directory, arguments=[
dict(
required_path_list = [CONFIG['login_certificate'],
CONFIG['login_key']],
binary=self.options['httpd_binary'],
config=apache_config_file
)
]))
self.connection_dict['login_%s'% index] = '%(ip)s:%(port)s'% apache_conf
def installKeyAuthorisationApache(self, index):
ssl_template = """SSLEngine on
SSLVerifyClient require
RequestHeader set REMOTE_USER %%{SSL_CLIENT_S_DN_CN}s
SSLCertificateFile %(key_auth_certificate)s
SSLCertificateKeyFile %(key_auth_key)s
SSLCACertificateFile %(ca_certificate)s
SSLCARevocationPath %(ca_crl)s"""
apache_conf = self._getApacheConfigurationDict('key_auth_apache_%s' % index,
self.getLocalIPv4Address(),
CONFIG['key_auth_apache_port_base'] + index)
apache_conf['ssl_snippet'] = ssl_template % CONFIG
prefix = 'ssl_key_auth_apache_%s'% index
rewrite_rule_template = \
"RewriteRule (.*) http://%(backend_ip)s:%(backend_port)s%(key_auth_path)s$1 [L,P]"
path_template = pkg_resources.resource_string(__name__,
'template/apache.zope.conf.path.in')
path = path_template % dict(path='/')
d = dict(
path=path,
backend_ip=self.backend_ip,
backend_port=self.backend_port,
backend_path='/',
port=apache_conf['port'],
vhname=path.replace('/',''),
key_auth_path=self.parameter_dict['key_auth_path'],
)
rewrite_rule = rewrite_rule_template % d
apache_conf.update(**dict(
path_enable=path,
rewrite_rule=rewrite_rule
))
apache_config_file = self.createConfigurationFile(prefix+'.conf',
pkg_resources.resource_string(__name__,
'template/apache.zope.conf.in') % apache_conf)
self.path_list.append(apache_config_file)
self.path_list.extend(zc.buildout.easy_install.scripts([(
'key_auth_apache_%s'% index,
__name__+'.apache', 'runApache')], self.ws,
sys.executable, self.wrapper_directory, arguments=[
dict(
required_path_list = [CONFIG['key_auth_certificate'],
CONFIG['key_auth_key'], CONFIG['ca_certificate'],
CONFIG['ca_crl']],
binary=self.options['httpd_binary'],
config=apache_config_file
)
]))
self.connection_dict['key_auth_%s'% index] = \
'%(ip)s:%(port)s'% apache_conf
def installMysqlServer(self):
mysql_conf = dict(
ip=self.getLocalIPv4Address(),
data_directory=os.path.join(self.data_root_directory,
CONFIG['mysql_prefix']),
tcp_port=CONFIG['mysql_port'],
pid_file=os.path.join(self.run_directory, 'mysqld.pid'),
socket=os.path.join(self.run_directory, 'mysqld.sock'),
error_log=os.path.join(self.log_directory, 'mysqld.log'),
slow_query_log=os.path.join(self.log_directory,
'mysql-slow.log'),
mysql_database=CONFIG['mysql_database'],
mysql_user=CONFIG['mysql_user'],
mysql_password=self.generatePassword(),
mysql_test_password=self.generatePassword(),
mysql_test_database=CONFIG['mysql_test_database'],
mysql_test_user=CONFIG['mysql_test_user'],
)
self._createDirectory(mysql_conf['data_directory'])
mysql_conf_path = self.createConfigurationFile("my.cnf",
self.substituteTemplate(self.getTemplateFilename('my.cnf.in'),
mysql_conf))
self.connection_dict.update(
mysql_database=CONFIG['mysql_database'],
mysql_ip=mysql_conf['ip'],
mysql_password=mysql_conf['mysql_password'],
mysql_port=CONFIG['mysql_port'],
mysql_user=CONFIG['mysql_user'],
mysql_test_database=CONFIG['mysql_test_database'],
mysql_test_user=CONFIG['mysql_test_user'],
mysql_test_password=mysql_conf['mysql_test_password'],
)
initialise_command_list = [self.options['mysql_install_binary'],
'--skip-name-resolve', '--no-defaults',
'--datadir=%s' % mysql_conf['data_directory']]
mysql_command_list = [self.options['mysql_binary'].strip(),
'--no-defaults', '-B', '--user=root',
'--socket=%s' % mysql_conf['socket'],
]
mysql_script = pkg_resources.resource_string(__name__,
'template/initmysql.sql.in') % mysql_conf
self.path_list.extend(zc.buildout.easy_install.scripts([('mysql_update',
__name__+'.mysql', 'updateMysql')], self.ws,
sys.executable, self.wrapper_directory, arguments=[mysql_command_list,
mysql_script]))
self.path_list.extend(zc.buildout.easy_install.scripts([('mysqld',
__name__+'.mysql', 'runMysql')], self.ws,
sys.executable, self.wrapper_directory, arguments=[
initialise_command_list, {
'mysqld_binary':self.options['mysqld_binary'],
'configuration_file':mysql_conf_path,
}]))
self.path_list.extend([mysql_conf_path])
import os
import sys
import time
def runApache(args):
sleep = 60
conf = args[0]
while True:
ready = True
for f in conf['required_path_list']:
if not os.path.exists(f):
print 'File %r does not exists, sleeping for %s' % (f, sleep)
ready = False
if ready:
break
time.sleep(sleep)
apache_wrapper_list = [conf['binary'], '-f', conf['config'], '-DFOREGROUND']
apache_wrapper_list.extend(sys.argv[1:])
sys.stdout.flush()
sys.stderr.flush()
os.execl(apache_wrapper_list[0], *apache_wrapper_list)
import os
import subprocess
import time
def popenCommunicate(command_list, input=None):
subprocess_kw = dict(stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
if input is not None:
subprocess_kw.update(stdin=subprocess.PIPE)
popen = subprocess.Popen(command_list, **subprocess_kw)
result = popen.communicate(input)[0]
if popen.returncode is None:
popen.kill()
if popen.returncode != 0:
raise ValueError('Issue during calling %r, result was:\n%s' % (command_list,
result))
return result
def checkCertificateAuthority(ca_conf):
file_list = [
ca_conf['ca_key'],
ca_conf['ca_certificate'],
]
ca_ready = True
for f in file_list:
if not os.path.exists(f):
ca_ready = False
break
if ca_ready:
return
for f in file_list:
if os.path.exists(f):
os.unlink(f)
try:
# no CA, let us create new one
popenCommunicate([ca_conf['openssl_binary'], 'req', '-nodes', '-config',
ca_conf['openssl_configuration'], '-new', '-x509', '-extensions',
'v3_ca', '-keyout', ca_conf['ca_key'], '-out',
ca_conf['ca_certificate'], '-days',
'10950'], 'Automatic Certificate Authority\n')
except:
try:
for f in file_list:
if os.path.exists(f):
os.unlink(f)
except:
# do not raise during cleanup
pass
raise
def checkCertificate(common_name, key, certificate, ca_conf):
file_list = [ key, certificate ]
ready = True
for f in file_list:
if not os.path.exists(f):
ready = False
break
if ready:
return
for f in file_list:
if os.path.exists(f):
os.unlink(f)
csr = certificate + '.csr'
try:
popenCommunicate([ca_conf['openssl_binary'], 'req', '-config',
ca_conf['openssl_configuration'], '-nodes', '-new', '-keyout',
key, '-out', csr, '-days', '3650'],
common_name + '\n')
try:
popenCommunicate([ca_conf['openssl_binary'], 'ca', '-batch', '-config',
ca_conf['openssl_configuration'], '-out', certificate,
'-infiles', csr])
finally:
if os.path.exists(csr):
os.unlink(csr)
except:
try:
for f in file_list:
if os.path.exists(f):
os.unlink(f)
except:
# do not raise during cleanup
pass
raise
def checkLoginCertificate(ca_conf):
checkCertificate('Login Based Access', ca_conf['login_key'],
ca_conf['login_certificate'], ca_conf)
def checkKeyAuthCertificate(ca_conf):
checkCertificate('Key Based Access', ca_conf['key_auth_key'],
ca_conf['key_auth_certificate'], ca_conf)
def runCertificateAuthority(args):
ca_conf = args[0]
while True:
checkCertificateAuthority(ca_conf)
checkLoginCertificate(ca_conf)
checkKeyAuthCertificate(ca_conf)
time.sleep(60)
import os
def execute(args):
"""Portable execution with process replacement"""
# Note: Candidate for slapos.lib.recipe
os.execv(args[0], args)
import os
import subprocess
import sys
import time
def runMysql(args):
sleep = 60
initialise_command_list = args[0]
mysql_conf = args[1]
mysql_wrapper_list = [mysql_conf['mysqld_binary'],
'--defaults-file=%s'%mysql_conf['configuration_file']]
while True:
# XXX: Protect with proper root password
popen = subprocess.Popen(initialise_command_list,
stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
result = popen.communicate()[0]
if popen.returncode is None or popen.returncode != 0:
print "Failed to initialise server.\nThe error was: %s" % result
print "Waiting for %ss and retrying" % sleep
time.sleep(sleep)
else:
print "Mysql properly initialised"
break
sys.stdout.flush()
sys.stderr.flush()
os.execl(mysql_wrapper_list[0], *mysql_wrapper_list)
def updateMysql(args):
mysql_command_list = args[0]
mysql_script = args[1]
sleep = 30
while True:
mysql = subprocess.Popen(mysql_command_list, stdin=subprocess.PIPE,
stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
result = mysql.communicate(mysql_script)[0]
if mysql.returncode is None:
mysql.kill()
if mysql.returncode != 0:
print 'Script failed with: %s' % result
print 'Sleeping for %ss and retrying' % sleep
else:
print 'Script succesfully run on database, exiting'
time.sleep(sleep)
# Apache configuration file for Zope
# Automatically generated
# Basic server configuration
PidFile "%(pid_file)s"
LockFile "%(lock_file)s"
Listen %(ip)s:%(port)s
ServerAdmin %(server_admin)s
DefaultType text/plain
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
# As backend is trusting REMOTE_USER header unset it always
RequestHeader unset REMOTE_USER
# SSL Configuration
%(ssl_snippet)s
# Log configuration
ErrorLog "%(error_log)s"
LogLevel warn
LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\"" combined
LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b" common
CustomLog "%(access_log)s" common
# Directory protection
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
%(path_enable)s
# Magic of Zope related rewrite
RewriteEngine On
%(rewrite_rule)s
# List of modules
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule headers_module modules/mod_headers.so
LoadModule antiloris_module modules/mod_antiloris.so
# Path enabled
<Location %(path)s>
Order Allow,Deny
Allow from all
</Location>
[app:main]
use = egg:cloudooo
#
## System config
#
debug_mode = True
# Folder where pid files, lock files and virtual frame buffer mappings
# are stored. In this folder is necessary create a folder tmp, because this
# folder is used to create all temporary documents.
working_path = %(working_path)s
# Folder where UNO library is installed
uno_path = %(uno_path)s
# Folder where soffice.bin is installed
office_binary_path = %(office_binary_path)s
#
## Monitor Settings
#
# Limit to use the Openoffice Instance. if pass of the limit, the instance is
# stopped and another is started.
limit_number_request = 100
# Interval to check the factory
monitor_interval = 10
timeout_response = 180
enable_memory_monitor = True
# Set the limit in MB
# e.g 1000 = 1 GB, 100 = 100 MB
limit_memory_used = 3000
#
## OOFactory Settings
#
# The pool consist of several OpenOffice.org instances
application_hostname = localhost
# OpenOffice Port
openoffice_port = %(openoffice_port)s
# LD_LIBRARY_PATH passed to OpenOffice
env-LD_LIBRARY_PATH = %(LD_LIBRARY_PATH)s
[server:main]
use = egg:PasteScript#wsgiutils
host = %(ip)s
port = %(port)s
# Apache configuration file for Zope
# Automatically generated
# Basic server configuration
PidFile "%(pid_file)s"
LockFile "%(lock_file)s"
Listen [%(ip)s]:%(port)s
ServerAdmin %(server_admin)s
ServerName %(server_name)s
DefaultType text/plain
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
SSLCertificateFile %(certificate)s
SSLCertificateKeyFile %(key)s
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
# Log configuration
ErrorLog "%(error_log)s"
LogLevel warn
LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\"" combined
LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b" common
CustomLog "%(access_log)s" common
# Directory protection
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
# Magic of Zope related rewrite
RewriteEngine On
%(rewrite_rule)s
# List of modules
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule headers_module modules/mod_headers.so
defaults
mode tcp
option redispatch
timeout server 3000s
timeout queue 5s
timeout connect 10s
timeout client 3600s
%(listen_list)s
CREATE DATABASE IF NOT EXISTS %(mysql_database)s;
GRANT ALL PRIVILEGES ON %(mysql_database)s.* TO %(mysql_user)s@'%%' IDENTIFIED BY '%(mysql_password)s';
CREATE DATABASE IF NOT EXISTS %(mysql_test_database)s;
GRANT ALL PRIVILEGES ON %(mysql_test_database)s.* TO %(mysql_test_user)s@'%%' IDENTIFIED BY '%(mysql_test_password)s';
EXIT
#!/bin/sh
exec %(kumo_gateway_binary)s -F -E -m %(kumo_manager_ip)s:%(kumo_manager_port)s -t %(kumo_gateway_ip)s:%(kumo_gateway_port)s -o %(kumo_gateway_log)s
#!/bin/sh
exec %(kumo_manager_binary)s -a -l %(kumo_manager_ip)s:%(kumo_manager_port)s -o %(kumo_manager_log)s
#!/bin/sh
exec %(kumo_server_binary)s -l %(kumo_server_ip)s:%(kumo_server_port)s -L %(kumo_server_listen_port)s -m %(kumo_manager_ip)s:%(kumo_manager_port)s -s %(kumo_server_storage)s -o %(kumo_server_log)s
#!/bin/sh
exec %(memcached_binary)s -p %(memcached_port)s -U %(memcached_port)s -l %(memcached_ip)s -m %(memcached_mem_limit)s
# ERP5 buildout my.cnf template based on my-huge.cnf shipped with mysql
# The MySQL server
[mysqld]
# ERP5 by default requires InnoDB storage. MySQL by default fallbacks to using
# different engine, like MyISAM. Such behaviour generates problems only, when
# tables requested as InnoDB are silently created with MyISAM engine.
#
# Loud fail is really required in such case.
sql-mode="NO_ENGINE_SUBSTITUTION"
skip-show-database
port = %(tcp_port)s
bind-address = %(ip)s
socket = %(socket)s
datadir = %(data_directory)s
pid-file = %(pid_file)s
log-error = %(error_log)s
log-slow-queries = %(slow_query_log)s
long_query_time = 5
max_allowed_packet = 128M
query_cache_size = 32M
plugin-load = ha_innodb_plugin.so
# The following are important to configure and depend a lot on to the size of
# your database and the available resources.
#innodb_buffer_pool_size = 4G
#innodb_log_file_size = 256M
#innodb_log_buffer_size = 8M
# Some dangerous settings you may want to uncomment if you only want
# performance or less disk access. Useful for unit tests.
#innodb_flush_log_at_trx_commit = 0
#innodb_flush_method = nosync
#innodb_doublewrite = 0
#sync_frm = 0
# Uncomment the following if you need binary logging, which is recommended
# on production instances (either for replication or incremental backups).
#log-bin=mysql-bin
# Force utf8 usage
collation_server = utf8_unicode_ci
character_set_server = utf8
default-character-set = utf8
skip-character-set-client-handshake
[mysql]
no-auto-rehash
socket = %(socket)s
[mysqlhotcopy]
interactive-timeout
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
# Policies used by the TSA examples.
tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = %(working_directory)s # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
#unique_subject = no # Set to 'no' to allow creation of
# several ctificates with same subject.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
crlnumber = $dir/crlnumber # the current crl number
# must be commented out to leave a V1 CRL
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem # The private key
RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Comment out the following two lines for the "traditional"
# (and highly broken) format.
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
# Extension copying option: use with caution.
# copy_extensions = copy
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crlnumber must also be commented out to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = default # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_match
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = 2048
default_md = sha1
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
#attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
string_mask = utf8only
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_value = %(country_code)s
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_value = %(state)s
localityName = Locality Name (eg, city)
localityName_value = %(city)s
0.organizationName = Organization Name (eg, company)
0.organizationName_value = %(company)s
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
emailAddress = Email Address
emailAddress_value = %(email_address)s
emailAddress_max = 64
# SET-ex3 = SET extension number 3
#[ req_attributes ]
#challengePassword = A challenge password
#challengePassword_min = 4
#challengePassword_max = 20
#
#unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
# This is required for TSA certificates.
# extendedKeyUsage = critical,timeStamping
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always
[ proxy_cert_ext ]
# These extensions should be added when creating a proxy certificate
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
# This really needs to be in place for it to be a proxy certificate.
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
####################################################################
[ tsa ]
default_tsa = tsa_config1 # the default TSA section
[ tsa_config1 ]
# These are used by the TSA reply generation only.
dir = /etc/pki/tls # TSA root directory
serial = $dir/tsaserial # The current serial number (mandatory)
crypto_device = builtin # OpenSSL engine to use for signing
signer_cert = $dir/tsacert.pem # The TSA signing certificate
# (optional)
certs = $dir/cacert.pem # Certificate chain to include in reply
# (optional)
signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
default_policy = tsa_policy1 # Policy if request did not specify it
# (optional)
other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
digests = md5, sha1 # Acceptable message digests (mandatory)
accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
clock_precision_digits = 0 # number of digits after dot. (optional)
ordering = yes # Is ordering defined for timestamps?
# (optional, default: no)
tsa_name = yes # Must the TSA name be included in the reply?
# (optional, default: no)
ess_cert_id_chain = no # Must the ESS cert id chain be included?
# (optional, default: no)
####################################################################
[ req ]
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
string_mask = utf8only
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = XX
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Somewhere
localityName = Locality Name (eg, city)
0.organizationName = Organization Name (eg, company)
0.organizationName_default = erp5.recipe.apache autogeneration
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organization Unit Name
organizationalUnitName_default = Unknown
commonName = Common Name
commonName_default = %(server_name)s
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
# ZEO configuration file generated by SlapOS
<zeo>
address %(zeo_ip)s:%(zeo_port)s
read-only false
invalidation-queue-size 100
pid-filename %(zeo_pid)s
</zeo>
<filestorage %(zeo_storagename)s>
path %(zeo_zodb)s
</filestorage>
<eventlog>
<logfile>
path %(zeo_event_log)s
</logfile>
</eventlog>
## Zope 2 configuration file generated by SlapOS
# Some defines
%%define INSTANCE %(instance)s
instancehome $INSTANCE
# Used products
%(products)s
# Environment override
<environment>
TMP %(tmp_directory)s
TMPDIR %(tmp_directory)s
HOME %(tmp_directory)s
PATH %(path)s
</environment>
# No need to debug
debug-mode off
# One thread is safe enough
zserver-threads 1
# File location
pid-filename %(pid-filename)s
lock-filename %(lock-filename)s
# Logging configuration
<eventlog>
<logfile>
path %(event_log)s
</logfile>
</eventlog>
<logger access>
<logfile>
path %(z2_log)s
</logfile>
</logger>
# Serving configuration
<http-server>
address %(address)s
</http-server>
# ZODB configuration
<zodb_db main>
mount-point /
<zeoclient>
server %(zeo_ip)s:%(zeo_port)s
storage %(zeo_storagename)s
name %(zeo_storagename)s
</zeoclient>
</zodb_db>
<zoperunner>
program $INSTANCE/bin/runzope
</zoperunner>
# ERP5 Timer Service
%%import timerserver
<timer-server>
interval 5
</timer-server>
## Zope 2 configuration file generated by SlapOS
# Some defines
%%define INSTANCE %(instance)s
instancehome $INSTANCE
# Used products
%(products)s
# Environment override
<environment>
TMP %(tmp_directory)s
TMPDIR %(tmp_directory)s
HOME %(tmp_directory)s
PATH %(path)s
</environment>
# No need to debug
debug-mode off
# One thread is safe enough
zserver-threads 1
# File location
pid-filename %(pid-filename)s
lock-filename %(lock-filename)s
# Logging configuration
<eventlog>
<logfile>
path %(event_log)s
</logfile>
</eventlog>
<logger access>
<logfile>
path %(z2_log)s
</logfile>
</logger>
# Serving configuration
<http-server>
address %(address)s
</http-server>
# ZODB configuration
<zodb_db root>
# Main FileStorage database
<filestorage>
# See .../ZODB/component.xml for directives (sectiontype
# "filestorage").
path %(zodb_root_path)s
</filestorage>
mount-point /
</zodb_db>
<zoperunner>
program $INSTANCE/bin/runzope
</zoperunner>
# ERP5 Timer Service
%%import timerserver
<timer-server>
interval 5
</timer-server>
import os
import sys
def runUnitTest(args):
env = os.environ.copy()
d = args[0]
env['OPENSSL_BINARY'] = d['openssl_binary']
env['TEST_CA_PATH'] = d['test_ca_path']
env['PATH'] = ':'.join([d['prepend_path']] + os.environ['PATH'].split(':'))
env['INSTANCE_HOME'] = d['instance_home']
env['REAL_INSTANCE_HOME'] = d['instance_home']
os.execve(d['call_list'][0], d['call_list'] + sys.argv[1:], env)
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment