monitor: httpd conf template is now in a real file (and not declared inline anymore)

stack/monitor/buildout.cfg

@@ -41,7 +41,7 @@ recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/monitor.cfg.in
 output = ${buildout:directory}/monitor.cfg
 filename = monitor.cfg
-md5sum = fe76a9e0619f276e9de3dacf9e3e01ec
+md5sum = 7387e01d054954aa8fe98c9e6a6156a9
 mode = 0644
 
 [monitor-bin]
@@ -53,6 +53,14 @@ destination = ${buildout:directory}/parts/monitor-template-monitor-bin
 filename = monitor.py.in
 mode = 0644
 
+[monitor-httpd-template]
+recipe = hexagonit.recipe.download
+url = ${:_profile_base_location_}/${:filename}
+download-only = true
+md5sum = 2668fae366c1df56757c09fad476f627
+filename = cgi-httpd.conf.in
+mode = 0644
+
 [index]
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/webfile-directory/${:filename}

stack/monitor/cgi-httpd.conf.in

+PidFile "${:pid-file}"
+ServerName example.com
+ServerAdmin someone@email
+<IfDefine !MonitorPort>
+Listen [${:listening-ip}]:${monitor-parameters:port}
+Define MonitorPort
+</IfDefine>
+DocumentRoot "${monitor-directory:www}"
+ErrorLog "${:error-log}"
+LoadModule unixd_module modules/mod_unixd.so
+LoadModule access_compat_module modules/mod_access_compat.so
+LoadModule authz_core_module modules/mod_authz_core.so
+LoadModule authn_core_module modules/mod_authn_core.so
+LoadModule authz_host_module modules/mod_authz_host.so
+LoadModule mime_module modules/mod_mime.so
+LoadModule cgid_module modules/mod_cgid.so
+LoadModule dir_module modules/mod_dir.so
+LoadModule ssl_module modules/mod_ssl.so
+LoadModule alias_module modules/mod_alias.so
+LoadModule autoindex_module modules/mod_autoindex.so
+LoadModule auth_basic_module modules/mod_auth_basic.so
+LoadModule authz_user_module modules/mod_authz_user.so
+LoadModule authn_file_module modules/mod_authn_file.so
+
+# SSL Configuration
+<IfDefine !SSLConfigured>
+Define SSLConfigured
+SSLCertificateFile ${ca-httpd:cert-file}
+SSLCertificateKeyFile ${ca-httpd:key-file}
+SSLRandomSeed startup builtin
+SSLRandomSeed connect builtin
+SSLRandomSeed startup /dev/urandom 256
+SSLRandomSeed connect builtin
+SSLProtocol -ALL +SSLv3 +TLSv1
+SSLHonorCipherOrder On
+SSLCipherSuite RC4-SHA:HIGH:!ADH
+</IfDefine>
+SSLEngine   On
+ScriptSock ${:cgid-pid-file}
+<Directory ${monitor-directory:www}>
+  SSLVerifyDepth    1
+  SSLRequireSSL
+  SSLOptions        +StrictRequire
+  # XXX: security????
+  Options +ExecCGI
+  AddHandler cgi-script .cgi
+  DirectoryIndex ${monitor-parameters:index-filename}
+</Directory>
+Alias /private/ ${monitor-directory:private-directory}/
+<Directory ${monitor-directory:private-directory}>
+Order Deny,Allow
+Deny from env=AUTHREQUIRED
+<Files ".??*">
+  Order Allow,Deny
+  Deny from all
+</Files>
+AuthType Basic
+AuthName "Private access"
+AuthUserFile "${monitor-parameters:htaccess-file}"
+Require valid-user
+Options Indexes FollowSymLinks
+Satisfy all
+</Directory>

stack/monitor/monitor.cfg.in

@@ -237,77 +237,11 @@ filename = $${public:filename}
 # XXX could it be something lighter?
 [cgi-httpd-configuration-file]
 recipe = collective.recipe.template
-input = inline:
-  PidFile "$${:pid-file}"
-  ServerName example.com
-  ServerAdmin someone@email
-  <IfDefine !MonitorPort>
-  Listen [$${:listening-ip}]:$${monitor-parameters:port}
-  Define MonitorPort
-  </IfDefine>
-  DocumentRoot "$${:document-root}"
-  ErrorLog "$${:error-log}"
-  LoadModule unixd_module modules/mod_unixd.so
-  LoadModule access_compat_module modules/mod_access_compat.so
-  LoadModule authz_core_module modules/mod_authz_core.so
-  LoadModule authn_core_module modules/mod_authn_core.so
-  LoadModule authz_host_module modules/mod_authz_host.so
-  LoadModule mime_module modules/mod_mime.so
-  LoadModule cgid_module modules/mod_cgid.so
-  LoadModule dir_module modules/mod_dir.so
-  LoadModule ssl_module modules/mod_ssl.so
-  LoadModule alias_module modules/mod_alias.so
-  LoadModule autoindex_module modules/mod_autoindex.so
-  LoadModule auth_basic_module modules/mod_auth_basic.so
-  LoadModule authz_user_module modules/mod_authz_user.so
-  LoadModule authn_file_module modules/mod_authn_file.so
-
-  # SSL Configuration
-  <IfDefine !SSLConfigured>
-  Define SSLConfigured
-  SSLCertificateFile $${ca-httpd:cert-file}
-  SSLCertificateKeyFile $${ca-httpd:key-file}
-  SSLRandomSeed startup builtin
-  SSLRandomSeed connect builtin
-  SSLRandomSeed startup /dev/urandom 256
-  SSLRandomSeed connect builtin
-  SSLProtocol -ALL +SSLv3 +TLSv1
-  SSLHonorCipherOrder On
-  SSLCipherSuite RC4-SHA:HIGH:!ADH
-  </IfDefine>
-  SSLEngine   On
-  ScriptSock $${:cgid-pid-file}
-  <Directory $${:document-root}>
-    SSLVerifyDepth    1
-    SSLRequireSSL
-    SSLOptions        +StrictRequire
-    # XXX: security????
-    Options +ExecCGI
-    AddHandler cgi-script .cgi
-    DirectoryIndex $${monitor-parameters:index-filename}
-  </Directory>
-  Alias /private/ $${monitor-directory:private-directory}/
-  <Directory $${monitor-directory:private-directory}>
-  Order Deny,Allow
-  Deny from env=AUTHREQUIRED
-  <Files ".??*">
-    Order Allow,Deny
-    Deny from all
-  </Files>
-  AuthType Basic
-  AuthName "Private access"
-  AuthUserFile "$${monitor-parameters:htaccess-file}"
-  Require valid-user
-  Options Indexes FollowSymLinks
-  Satisfy all
-  </Directory>
+input = ${monitor-httpd-template:destination}/${monitor-httpd-template:filename}
 output = $${monitor-directory:etc}/cgi-httpd.conf
 listening-ip = $${slap-parameters:ipv6-random}
-# XXX: randomize-me
-htdocs = $${monitor-directory:www}
 pid-file = $${monitor-directory:run}/cgi-httpd.pid
 cgid-pid-file = $${monitor-directory:run}/cgi-httpd-cgid.pid
-document-root = $${monitor-directory:www}
 error-log = $${monitor-directory:log}/cgi-httpd-error-log
 
 [cgi-httpd-wrapper]