Install test suite runner.
[slapos.git] / slapos / recipe / vifib.py
1 ##############################################################################
2 #
3 # Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
4 #
5 # WARNING: This program as such is intended to be used by professional
6 # programmers who take the whole responsibility of assessing all potential
7 # consequences resulting from its eventual inadequacies and bugs
8 # End users who are looking for a ready-to-use solution with commercial
9 # guarantees and support are strongly adviced to contract a Free Software
10 # Service Company
11 #
12 # This program is Free Software; you can redistribute it and/or
13 # modify it under the terms of the GNU General Public License
14 # as published by the Free Software Foundation; either version 3
15 # of the License, or (at your option) any later version.
16 #
17 # This program is distributed in the hope that it will be useful,
18 # but WITHOUT ANY WARRANTY; without even the implied warranty of
19 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 # GNU General Public License for more details.
21 #
22 # You should have received a copy of the GNU General Public License
23 # along with this program; if not, write to the Free Software
24 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
25 #
26 ##############################################################################
27 import slapos.recipe.erp5
28 import os
29 import pkg_resources
30 import zc.buildout
31 import sys
32
33 class Recipe(slapos.recipe.erp5.Recipe):
34 def installKeyAuthorisationApache(self, ip, port, backend, key, certificate,
35 ca_conf, key_auth_path='/erp5/portal_slap'):
36 ssl_template = """SSLEngine on
37 SSLVerifyClient require
38 RequestHeader set REMOTE_USER %%{SSL_CLIENT_S_DN_CN}s
39 SSLCertificateFile %(key_auth_certificate)s
40 SSLCertificateKeyFile %(key_auth_key)s
41 SSLCACertificateFile %(ca_certificate)s
42 SSLCARevocationPath %(ca_crl)s"""
43 apache_conf = self._getApacheConfigurationDict('key_auth_apache', ip, port)
44 apache_conf['ssl_snippet'] = ssl_template % dict(
45 key_auth_certificate=certificate,
46 key_auth_key=key,
47 ca_certificate=ca_conf['ca_certificate'],
48 ca_crl=ca_conf['ca_crl']
49 )
50 prefix = 'ssl_key_auth_apache'
51 rewrite_rule_template = \
52 "RewriteRule (.*) http://%(backend)s%(key_auth_path)s$1 [L,P]"
53 path_template = pkg_resources.resource_string('slapos.recipe.erp5',
54 'template/apache.zope.conf.path.in')
55 path = path_template % dict(path='/')
56 d = dict(
57 path=path,
58 backend=backend,
59 backend_path='/',
60 port=apache_conf['port'],
61 vhname=path.replace('/', ''),
62 key_auth_path=key_auth_path,
63 )
64 rewrite_rule = rewrite_rule_template % d
65 apache_conf.update(**dict(
66 path_enable=path,
67 rewrite_rule=rewrite_rule
68 ))
69 apache_config_file = self.createConfigurationFile(prefix + '.conf',
70 pkg_resources.resource_string('slapos.recipe.erp5',
71 'template/apache.zope.conf.in') % apache_conf)
72 self.path_list.append(apache_config_file)
73 self.path_list.extend(zc.buildout.easy_install.scripts([(
74 'key_auth_apache',
75 'slapos.recipe.erp5.apache', 'runApache')], self.ws,
76 sys.executable, self.wrapper_directory, arguments=[
77 dict(
78 required_path_list=[certificate, key, ca_conf['ca_certificate'],
79 ca_conf['ca_crl']],
80 binary=self.options['httpd_binary'],
81 config=apache_config_file
82 )
83 ]))
84 return 'https://%(ip)s:%(port)s' % apache_conf
85
86 def _getZeoClusterDict(self):
87 site_path = '/erp5/'
88 return {
89 '/': (self._requestZeoFileStorage('Zeo Server 1', 'main'),
90 site_path + 'account_module'),
91 }
92
93 def installProduction(self):
94 ca_conf = self.installCertificateAuthority(
95 self.parameter_dict['ca_country_code'],
96 self.parameter_dict['ca_email'], self.parameter_dict['ca_state'],
97 self.parameter_dict['ca_city'], self.parameter_dict['ca_company'])
98 memcached_conf = self.installMemcached(ip=self.getLocalIPv4Address(),
99 port=11000)
100 conversion_server_conf = self.installConversionServer(
101 self.getLocalIPv4Address(), 23000, 23060)
102 mysql_conf = self.installMysqlServer(self.getLocalIPv4Address(), 45678)
103 user, password = self.installERP5()
104 zodb_dir = os.path.join(self.data_root_directory, 'zodb')
105 self._createDirectory(zodb_dir)
106 ip = self.getLocalIPv4Address()
107 mount_point_zeo_dict = self._getZeoClusterDict()
108 zeo_conf = self.installZeo(ip)
109 zodb_configuration_list = []
110 known_tid_storage_identifier_dict = {}
111 for mount_point, (storage_dict, check_path) in mount_point_zeo_dict.iteritems():
112 known_tid_storage_identifier_dict[
113 (((storage_dict['ip'],storage_dict['port']),), storage_dict['storage_name'])
114 ] = (zeo_conf[storage_dict['storage_name']]['path'], check_path or mount_point)
115 zodb_configuration_list.append(self.substituteTemplate(
116 self.getTemplateFilename('zope-zeo-snippet.conf.in'), dict(
117 storage_name=storage_dict['storage_name'],
118 address='%s:%s' % (storage_dict['ip'], storage_dict['port']),
119 mount_point=mount_point
120 )))
121 tidstorage_config = dict(host=self.getLocalIPv4Address(), port='6001')
122 zodb_configuration_string = '\n'.join(zodb_configuration_list)
123 zope_port = 12000
124 # One Distribution Node
125 zope_port += 1
126 self.installZope(ip, zope_port, 'zope_distribution', with_timerservice=True,
127 zodb_configuration_string=zodb_configuration_string,
128 tidstorage_config=tidstorage_config)
129 # Two Activity Nodes
130 for i in (1, 2):
131 zope_port += 1
132 self.installZope(ip, zope_port, 'zope_activity_%s' % i,
133 with_timerservice=True,
134 zodb_configuration_string=zodb_configuration_string,
135 tidstorage_config=tidstorage_config)
136 # Four Web Page Nodes (Human access)
137 login_url_list = []
138 for i in (1, 2, 3, 4):
139 zope_port += 1
140 login_url_list.append(self.installZope(ip, zope_port,
141 'zope_login_%s' % i, with_timerservice=False,
142 zodb_configuration_string=zodb_configuration_string,
143 tidstorage_config=tidstorage_config))
144 backend_key, backend_certificate = self.requestCertificate(
145 'Login Based Access')
146 login_haproxy = self.installHaproxy(ip, 15001, 'login', self.site_check_path,
147 login_url_list)
148 apache_login = self.installBackendApache(self.getGlobalIPv6Address(), 15000,
149 login_haproxy, backend_key, backend_certificate)
150 apache_frontend_login = self.installFrontendZopeApache(
151 self.getGlobalIPv6Address(), 4443, 'vifib', '/',
152 apache_login, '/', backend_key, backend_certificate)
153 # Four Web Service Nodes (Machine access)
154 service_url_list = []
155 for i in (1, 2, 3, 4):
156 zope_port += 1
157 service_url_list.append(self.installZope(ip, zope_port,
158 'zope_service_%s' % i, with_timerservice=False,
159 zodb_configuration_string=zodb_configuration_string,
160 tidstorage_config=tidstorage_config))
161 service_haproxy = self.installHaproxy(ip, 15000, 'service',
162 self.site_check_path, service_url_list)
163
164 key_auth_key, key_auth_certificate = self.requestCertificate(
165 'Key Based Access')
166 apache_keyauth = self.installKeyAuthorisationApache(
167 self.getLocalIPv4Address(), 15500, service_haproxy, key_auth_key,
168 key_auth_certificate, ca_conf, key_auth_path=self.key_auth_path)
169 memcached_conf = self.installMemcached(ip=self.getLocalIPv4Address(),
170 port=11000)
171 kumo_conf = self.installKumo(self.getLocalIPv4Address())
172 self.installTidStorage(tidstorage_config['host'], tidstorage_config['port'],
173 known_tid_storage_identifier_dict, 'http://'+login_haproxy)
174 self.linkBinary()
175 self.setConnectionDict(dict(
176 front_end_url=apache_frontend_login,
177 site_url=apache_login,
178 site_user=user,
179 site_password=password,
180 service_url=apache_keyauth,
181 memcached_url=memcached_conf['memcached_url'],
182 kumo_url=kumo_conf['kumo_address'],
183 conversion_server_url='%(conversion_server_ip)s:%(conversion_server_port)s' %
184 conversion_server_conf,
185 # openssl binary might be removed, as soon as CP environment will be
186 # fully controlled
187 openssl_binary=self.options['openssl_binary'],
188 # As soon as there would be Vifib ERP5 configuration and possibility to
189 # call it over the network this can be removed
190 certificate_authority_path=ca_conf['certificate_authority_path'],
191 # as installERP5Site is not trusted (yet) and this recipe is production
192 # ready expose more information
193 mysql_url='%(mysql_database)s@%(ip)s:%(tcp_port)s %(mysql_user)s %(mysql_password)s' % mysql_conf,
194 ))
195 return self.path_list
196
197 def installDevelopment(self):
198 ca_conf = self.installCertificateAuthority()
199 memcached_conf = self.installMemcached(ip=self.getLocalIPv4Address(),
200 port=11000)
201 conversion_server_conf = self.installConversionServer(
202 self.getLocalIPv4Address(), 23000, 23060)
203 mysql_conf = self.installMysqlServer(self.getLocalIPv4Address(), 45678)
204 user, password = self.installERP5()
205 zodb_dir = os.path.join(self.data_root_directory, 'zodb')
206 self._createDirectory(zodb_dir)
207 zodb_root_path = os.path.join(zodb_dir, 'root.fs')
208 ip = self.getLocalIPv4Address()
209 zope_port = '18080'
210 zope_access = self.installZope(ip, zope_port, 'zope_development',
211 zodb_configuration_string=self.substituteTemplate(
212 self.getTemplateFilename('zope-zodb-snippet.conf.in'),
213 dict(zodb_root_path=zodb_root_path)),
214 thread_amount=8, with_timerservice=True)
215 service_haproxy = self.installHaproxy(ip, 15000, 'service',
216 self.site_check_path, [zope_access])
217 key_auth_key, key_auth_certificate = self.requestCertificate(
218 'Key Based Access')
219 apache_keyauth = self.installKeyAuthorisationApache(
220 self.getLocalIPv4Address(), 15500, service_haproxy, key_auth_key,
221 key_auth_certificate, ca_conf, key_auth_path=self.key_auth_path)
222 memcached_conf = self.installMemcached(ip=self.getLocalIPv4Address(),
223 port=11000)
224 kumo_conf = self.installKumo(self.getLocalIPv4Address())
225 self.installTestRunner(ca_conf, mysql_conf, conversion_server_conf,
226 memcached_conf, kumo_conf)
227 self.installTestSuiteRunner(ca_conf, mysql_conf, conversion_server_conf,
228 memcached_conf, kumo_conf)
229 self.linkBinary()
230 self.setConnectionDict(dict(
231 development_zope='http://%s:%s/' % (ip, zope_port),
232 site_user=user,
233 site_password=password,
234 service_url=apache_keyauth,
235 memcached_url=memcached_conf['memcached_url'],
236 kumo_url=kumo_conf['kumo_address'],
237 conversion_server_url='%(conversion_server_ip)s:%(conversion_server_port)s' %
238 conversion_server_conf,
239 # openssl binary might be removed, as soon as CP environment will be
240 # fully controlled
241 openssl_binary=self.options['openssl_binary'],
242 # As soon as there would be Vifib ERP5 configuration and possibility to
243 # call it over the network this can be removed
244 certificate_authority_path=ca_conf['certificate_authority_path'],
245 # as installERP5Site is not trusted (yet) and this recipe is production
246 # ready expose more information
247 mysql_url='%(mysql_database)s@%(ip)s:%(tcp_port)s %(mysql_user)s %(mysql_password)s' % mysql_conf,
248 ))
249 return self.path_list
250
251 def _install(self):
252 self.site_check_path = '/%s/getId' % self.site_id
253 self.key_auth_path = '/%s/portal_slap' % self.site_id
254 self.path_list = []
255 self.requirements, self.ws = self.egg.working_set()
256 # self.cron_d is a directory, where cron jobs can be registered
257 self.cron_d = self.installCrond()
258 self.logrotate_d, self.logrotate_backup = self.installLogrotate()
259 self.killpidfromfile = zc.buildout.easy_install.scripts(
260 [('killpidfromfile', 'slapos.recipe.erp5.killpidfromfile',
261 'killpidfromfile')], self.ws, sys.executable, self.bin_directory)[0]
262 self.path_list.append(self.killpidfromfile)
263 if self.parameter_dict.get('development', 'false').lower() == 'true':
264 return self.installDevelopment()
265 if self.parameter_dict.get('production', 'false').lower() == 'true':
266 return self.installProduction()
267 raise NotImplementedError('Flavour of instance have to be given.')