From 6dfd3d62dfcd6762359adbc970538faa147bb51c Mon Sep 17 00:00:00 2001
From: Alain Takoudjou <alain.takoudjou@nexedi.com>
Date: Fri, 25 Mar 2016 09:38:16 +0100
Subject: [PATCH] webrunner now use his own apache server
---
software/slaprunner/common.cfg | 16 +--
software/slaprunner/httpd_conf.in | 75 +++++++++--
.../slaprunner/instance-runner-export.cfg.in | 9 +-
software/slaprunner/instance-runner.cfg | 125 +++++++++++-------
4 files changed, 157 insertions(+), 68 deletions(-)
diff --git a/software/slaprunner/common.cfg b/software/slaprunner/common.cfg
index 6bf1c22e0..19879d617 100644
--- a/software/slaprunner/common.cfg
+++ b/software/slaprunner/common.cfg
@@ -54,7 +54,7 @@ mode = 0644
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-runner.cfg
output = ${buildout:directory}/template-runner.cfg.in
-md5sum = 04f5cd311b452836b76808cf29f5a23d
+md5sum = c1c81a2042f262a52657da3d427222e4
mode = 0644
[template-runner-import-script]
@@ -84,7 +84,7 @@ mode = 0644
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-runner-export.cfg.in
output = ${buildout:directory}/instance-runner-export.cfg
-md5sum = d2c374858d421247dfabcf38589a904f
+md5sum = 8f4912ca04a650298c3c260689109c2e
mode = 0644
[template-resilient]
@@ -114,7 +114,7 @@ mode = 0644
recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/httpd_conf.in
download-only = true
-md5sum = 61ac2dd5aeb5af9745d4c72d2571df8a
+md5sum = 21009dac6e9868bed61a669632103830
filename = httpd_conf.in
mode = 0644
@@ -171,15 +171,6 @@ filename = listener_slapgrid.py.in
download-only = true
mode = 0644
-[cors-domain-cgi]
-recipe = hexagonit.recipe.download
-url = ${:_profile_base_location_}/template/${:filename}
-download-only = true
-md5sum = d4c564267dd98cd178a890158c52c384
-destination = ${buildout:parts-directory}/monitor-template-cors-domain-cgi
-filename = cors-domain.jinja
-mode = 0644
-
[monitor-check-webrunner-internal-instance]
recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/template/${:filename}
@@ -193,6 +184,7 @@ mode = 0644
recipe = zc.recipe.egg
eggs =
collective.recipe.environment
+ collective.recipe.template
cns.recipe.symlink
erp5.util
lock-file
diff --git a/software/slaprunner/httpd_conf.in b/software/slaprunner/httpd_conf.in
index afce96dad..3e5ea4b71 100644
--- a/software/slaprunner/httpd_conf.in
+++ b/software/slaprunner/httpd_conf.in
@@ -1,9 +1,69 @@
+PidFile "{{ parameters.path_pid }}"
+ServerName example.com
+ServerAdmin someone@email
+
+<IfDefine !HTTPDPort>
+ Listen [{{ parameters.global_ip }}]:{{ parameters.global_port }}
+ Define HTTPDPort
+</IfDefine>
+
+LoadModule unixd_module modules/mod_unixd.so
+LoadModule access_compat_module modules/mod_access_compat.so
+LoadModule auth_basic_module modules/mod_auth_basic.so
+LoadModule authz_core_module modules/mod_authz_core.so
+LoadModule authz_user_module modules/mod_authz_user.so
+LoadModule authz_host_module modules/mod_authz_host.so
+LoadModule authn_core_module modules/mod_authn_core.so
+LoadModule authn_file_module modules/mod_authn_file.so
+LoadModule mime_module modules/mod_mime.so
+#LoadModule cgid_module modules/mod_cgid.so
+LoadModule ssl_module modules/mod_ssl.so
+LoadModule alias_module modules/mod_alias.so
+LoadModule env_module modules/mod_env.so
+LoadModule rewrite_module modules/mod_rewrite.so
+LoadModule headers_module modules/mod_headers.so
LoadModule log_config_module modules/mod_log_config.so
+LoadModule dav_module modules/mod_dav.so
+LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule cache_module modules/mod_cache.so
LoadModule file_cache_module modules/mod_file_cache.so
+LoadModule setenvif_module modules/mod_setenvif.so
+LoadModule dir_module modules/mod_dir.so
+LoadModule cgid_module modules/mod_cgid.so
+LoadModule autoindex_module modules/mod_autoindex.so
+
+ErrorLog "{{ parameters.path_error_log }}"
+LogFormat "%h %l %u %t \"%r\" %>s %b" common
+CustomLog "{{ parameters.path_access_log }}" common
+
+# SSL Configuration
+Define SSLConfigured
+SSLCertificateFile {{ parameters.cert_file }}
+SSLCertificateKeyFile {{ parameters.key_file }}
+SSLRandomSeed startup builtin
+SSLRandomSeed connect builtin
+SSLRandomSeed startup /dev/urandom 256
+SSLRandomSeed connect builtin
+SSLProtocol -ALL +SSLv3 +TLSv1
+SSLHonorCipherOrder On
+SSLCipherSuite RC4-SHA:HIGH:!ADH
+SSLEngine On
+
+Include {{ parameters.httpd_cors_file }}
+Header set Access-Control-Allow-Credentials "true"
+Header set Access-Control-Allow-Methods "PROPFIND, PROPPATCH, COPY, MOVE, DELETE, MKCOL, LOCK, UNLOCK, PUT, GETLIB, VERSION-CONTROL, CHECKIN, CHECKOUT, UNCHECKOUT, REPORT, UPDATE, CANCELUPLOAD, HEAD, OPTIONS, GET, POST"
+Header set Access-Control-Allow-Headers "Overwrite, Destination, Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control, Authorization"
+DocumentRoot {{ parameters.runner_home }}/public
-Alias /web-public {{ parameters.runner_home }}/public
+# Directory protection
+<Directory />
+ Options FollowSymLinks
+ AllowOverride None
+ Require all denied
+</Directory>
+
+Alias /public {{ parameters.runner_home }}/public
<Directory {{ parameters.runner_home }}/public>
Order Allow,Deny
Allow from all
@@ -17,20 +77,20 @@ Alias /web-public {{ parameters.runner_home }}/public
</Files>
</Directory>
-Alias /shared {{ parameters.runner_home }}
+DavLockDB {{ parameters.dav_lock }}
+Alias /share {{ parameters.runner_home }}
<Directory {{ parameters.runner_home }}>
DirectoryIndex disabled
DAV On
Options Indexes FollowSymLinks
AuthType Basic
- AuthName "webdav"
- AuthUserFile "{{ parameters.etc_dir }}/monitor-htpasswd"
+ AuthName "Webrunner Dav"
+ AuthUserFile "{{ parameters.htpasswd_file }}"
<LimitExcept OPTIONS>
Require valid-user
</LimitExcept>
</Directory>
-
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias /git/ {{ parameters.git_http_backend }}/
ScriptAlias /git-public/ {{ parameters.git_http_backend }}/
@@ -45,7 +105,7 @@ RewriteCond %{REQUEST_URI} /git-receive-pack$
AuthType Basic
AuthName "Git Access"
- AuthUserFile "{{ parameters.etc_dir }}/monitor-htpasswd"
+ AuthUserFile "{{ parameters.htpasswd_file }}"
Require valid-user
</LocationMatch>
@@ -56,8 +116,7 @@ RewriteCond %{REQUEST_URI} /git-receive-pack$
AuthType Basic
AuthName "Git Access"
- AuthUserFile "{{ parameters.etc_dir }}/monitor-htpasswd"
+ AuthUserFile "{{ parameters.htpasswd_file }}"
Require valid-user
Satisfy any
</LocationMatch>
-
diff --git a/software/slaprunner/instance-runner-export.cfg.in b/software/slaprunner/instance-runner-export.cfg.in
index 7ef23b337..e1c750402 100644
--- a/software/slaprunner/instance-runner-export.cfg.in
+++ b/software/slaprunner/instance-runner-export.cfg.in
@@ -15,6 +15,8 @@ parts +=
publish-connection-information
slaprunner-promise
slaprunner-frontend-promise
+ apache-httpd-promise
+ httpd-frontend-promise
slaprunner-supervisord-wrapper
dropbear-promise
runtestsuite
@@ -22,11 +24,15 @@ parts +=
shellinabox
slapos-cfg
slapos-repo
- cron-entry-backup
cron-entry-prepare-software
deploy-instance-parameters
+ instance-software
+ instance-software-type
minishell-cwd
+ bash-profile
supervisord-wrapper
+ supervisord-promise
+ httpd-graceful-wrapper
## Monitoring part
## Monitor for runner
monitor-check-resilient-feed-file
@@ -50,6 +56,7 @@ monitor-httpd-port = 8437
# Pass some parameter to dispay in monitoring interface
instance-configuration =
file recovery-code $${recovery-code:storage-path}
+ httpdcors cors-domain $${slaprunner-httpd-cors:location} $${httpd-graceful-wrapper:output}
raw webrunner-url https://$${request-frontend:connection-domain}
# Extends publish section with resilient parameters
diff --git a/software/slaprunner/instance-runner.cfg b/software/slaprunner/instance-runner.cfg
index a3b1fa7d1..7e8744973 100644
--- a/software/slaprunner/instance-runner.cfg
+++ b/software/slaprunner/instance-runner.cfg
@@ -12,6 +12,8 @@ parts =
publish-connection-information
slaprunner-promise
slaprunner-frontend-promise
+ apache-httpd-promise
+ httpd-frontend-promise
slaprunner-supervisord-wrapper
dropbear-promise
runtestsuite
@@ -27,6 +29,7 @@ parts =
bash-profile
supervisord-wrapper
supervisord-promise
+ httpd-graceful-wrapper
{% if slapparameter_dict.get('custom-frontend-backend-url') and slapparameter_dict.get('check-custom-frontend-promise', 'false') == 'true' %}
custom-frontend-promise
{% endif %}
@@ -298,39 +301,69 @@ context =
section param_nginx_frontend nginx-frontend
[httpd-parameters]
-#path_pid = $${directory:run}/httpd.pid
-#path_error_log = $${directory:log}/httpd-error.log
-#path_access_log = $${directory:log}/httpd-access.log
-#key_file = $${ca-httpd:key-file}
-#cert_file = $${ca-httpd:cert-file}
+path_pid = $${directory:run}/httpd.pid
+path_error_log = $${directory:log}/httpd-error.log
+path_access_log = $${directory:log}/httpd-access.log
+# XXX Use ca-nginx, no need to regenerate certificate
+cert_file = $${ca-nginx:cert-file}
+key_file = $${ca-nginx:key-file}
global_ip = $${slap-network-information:global-ipv6}
-global_port = $${slaprunner:runner_port}
-monitor_port = $${monitor-parameters:port}
+global_port = 8386
+#httpd_port = $${monitor-parameters:port}
#monitor_index = $${deploy-index:rendered}
-#working_directory = $${slaprunner:working-directory}
-#dav_lock = $${directory:var}/DavLock
+working_directory = $${slaprunner:working-directory}
+dav_lock = $${directory:var}/WebDavLock
+htpasswd_file = $${monitor-httpd-conf-parameter:htpasswd-file}
etc_dir = $${directory:etc}
-#var_dir = $${directory:var}
-#project_folder = $${directory:project}
+var_dir = $${directory:var}
+project_folder = $${directory:project}
project_private_folder = $${runnerdirectory:private-project}
project_public_folder = $${runnerdirectory:public-project}
runner_home = $${runnerdirectory:home}
git_http_backend = ${git:location}/libexec/git-core/git-http-backend
#cgi_httpd_conf = $${monitor-httpd-configuration-file:rendered}
-#httpd_cors_file = $${monitor-httpd-cors:location}
+httpd_cors_file = $${slaprunner-httpd-cors:location}
[httpd-conf]
recipe = slapos.recipe.template:jinja2
template = ${template_httpd_conf:location}/${template_httpd_conf:filename}
-rendered = $${directory:etc}/httpd-part.conf
+rendered = $${directory:etc}/httpd.conf
context =
section parameters httpd-parameters
-#[cgi-httpd-wrapper]
-#recipe = slapos.cookbook:wrapper
-#apache-executable = ${apache:location}/bin/httpd
-#wrapper-path = $${ca-httpd:executable}
-#command-line = $${:apache-executable} -f $${httpd-conf:rendered} -DFOREGROUND
+[apache-httpd]
+recipe = slapos.cookbook:wrapper
+apache-executable = ${apache:location}/bin/httpd
+wrapper-path = $${directory:services}/slaprunner-httpd
+command-line = $${:apache-executable} -f $${httpd-conf:rendered} -DFOREGROUND
+access-url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global_port}
+wait-for-files =
+ $${ca-nginx:cert-file}
+ $${ca-nginx:key-file}
+
+[httpd-graceful-wrapper]
+recipe = collective.recipe.template
+input = inline:
+ #!/bin/sh
+ exec kill -USR1 $(cat $${httpd-parameters:path_pid})
+output = $${directory:scripts}/slaprunner-httpd-graceful
+mode = 700
+
+[apache-httpd-promise]
+recipe = slapos.cookbook:check_url_available
+path = $${directory:promises}/$${:filename}
+filename = apache-httpd-listening-on-tcp
+url = $${apache-httpd:access-url}
+check-secure = 1
+dash_path = {{ dash_executable_location }}
+curl_path = {{ curl_executable_location }}
+
+[slaprunner-httpd-cors]
+recipe = plone.recipe.command
+command = if [ ! -f $${:location} ]; then touch $${:location}; fi
+location = $${directory:etc}/$${:filename}
+filename = slaprunner-httpd-cors.cfg
+stop-on-error = true
#--------------------
#--
@@ -405,6 +438,25 @@ config-url = $${slaprunner:access-url}
config-domain = $${slap-parameter:frontend-domain}
return = site_url domain
+[request-httpd-frontend]
+<= slap-connection
+recipe = slapos.cookbook:requestoptional
+name = SlapRunner httpd Frontend
+# XXX We have hardcoded SR URL here.
+software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
+slave = true
+config-url = $${apache-httpd:access-url}
+config-domain =
+return = secure_access domain
+
+[httpd-frontend-promise]
+recipe = slapos.cookbook:check_url_available
+path = $${directory:promises}/slaprunner-apache-http-frontend
+url = $${request-httpd-frontend:connection-secure_access}
+dash_path = {{ dash_executable_location }}
+curl_path = {{ curl_executable_location }}
+check-secure = 1
+
#--------------------------------------
#--
#-- Send information to SlapOS Master
@@ -417,10 +469,10 @@ backend_url = $${slaprunner:access-url}
access_url = $${:url}/login
url = https://$${request-frontend:connection-domain}
ssh_command = ssh $${dropbear-runner-server:host} -p $${dropbear-runner-server:port}
-webdav_url = $${:monitor-base-url}/shared/
-public_url = $${:monitor-base-url}/web-public/
-git_public_url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:monitor_port}/git-public/
-git_private_url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:monitor_port}/git/
+webdav_url = $${request-httpd-frontend:connection-secure_access}/shared/
+public_url = $${request-httpd-frontend:connection-secure_access}/public/
+git_public_url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global_port}/git-public/
+git_private_url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global_port}/git/
monitor-base-url = $${publish:monitor-base-url}
monitor-url = $${publish:monitor-url}
monitor-user = $${publish:monitor-user}
@@ -473,6 +525,8 @@ auto-deploy-instance = true
autorun = false
monitor-port = 9687
instance-name =
+monitor-cors-domains =
+monitor-interface-url =
[monitor-parameters]
port = $${slap-parameter:monitor-port}
@@ -682,12 +736,11 @@ opml-url-list = {{ slapparameter_dict['monitor-url-list'] }}
# Pass some parameter to dispay in monitoring interface
instance-configuration =
file recovery-code $${recovery-code:storage-path}
+ httpdcors cors-domain $${slaprunner-httpd-cors:location} $${httpd-graceful-wrapper:output}
+ raw webrunner-url https://$${request-frontend:connection-domain}
{% endif -%}
configuration-file-path = $${buildout:directory}/knowledge0.cfg
-[monitor-httpd-conf-parameter]
-httpd-include-file = $${httpd-conf:rendered}
-
[monitor-check-webrunner-internal-instance]
recipe = slapos.recipe.template:jinja2
template = ${monitor-check-webrunner-internal-instance:location}/${monitor-check-webrunner-internal-instance:filename}
@@ -695,25 +748,3 @@ rendered = $${monitor-directory:promises}/$${:filename}
filename = monitor-check-webrunner-internal-instance
mode = 0744
-# XXX -not needed for monitor2
-[monitor-deploy-cors-domain-cgi]
-recipe = slapos.recipe.template:jinja2
-template = ${cors-domain-cgi:location}/${cors-domain-cgi:filename}
-rendered = $${monitor-directory:knowledge0-cgi}/$${:filename}
-filename = cors-domain.cgi
-mode = 0744
-context =
- raw config_cfg $${buildout:directory}/knowledge0.cfg
- raw timestamp $${buildout:directory}/.timestamp
- raw python_executable ${buildout:executable}
- key apache_file httpd-parameters:httpd_cors_file
- key pwd monitor-directory:knowledge0-cgi
- key this_file :filename
- key httpd_graceful cgi-httpd-graceful-wrapper:rendered
-
-[monitor-httpd-cors-xx]
-recipe = plone.recipe.command
-command = if [ ! -f $${:location} ]; then touch $${:location}; fi
-location = $${directory:etc}/$${:filename}
-filename = httpd-cors.cfg
-stop-on-error = true
--
2.30.9