X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=plc.d%2Fhttpd;h=af5cf7011e5fd51de4f888900343072021340956;hb=2ae81168869377bdc861adb055206f41dd4c1ce4;hp=5dba112149363169ee74796ad4d40ea18a2cbe86;hpb=309572ab8b4843bb6507b0b3f6dc5e5240af257b;p=myplc.git

diff --git a/plc.d/httpd b/plc.d/httpd
index 5dba112..af5cf70 100755
--- a/plc.d/httpd
+++ b/plc.d/httpd
@@ -1,19 +1,20 @@
 #!/bin/bash
 #
-# priority: 700
+# priority: 600
 #
 # Configure Apache web server
 #
 # Mark Huang <mlhuang@cs.princeton.edu>
 # Copyright (C) 2006 The Trustees of Princeton University
 #
-# $Id: httpd,v 1.1 2006/04/06 21:51:59 mlhuang Exp $
-#
 
 # Source function library and configuration
 . /etc/plc.d/functions
 . /etc/planetlab/plc_config
 
+# Be verbose
+set -x
+
 # Default locations
 DocumentRoot=/var/www/html
 php_ini=/etc/php.ini
@@ -21,6 +22,15 @@ httpd_conf=/etc/httpd/conf/httpd.conf
 ssl_conf=/etc/httpd/conf.d/ssl.conf
 plc_conf=/etc/httpd/conf.d/plc.conf
 
+function disable_file () {
+    file=$1; shift
+    [ -f $file ] && mv -f $file $file.disabled
+}
+function enable_file () {
+    file=$1; shift
+    [ ! -f $file ] && mv -f $file.disabled $file
+}
+
 case "$1" in
     start)
 	if [ "$PLC_API_ENABLED" != "1" -a \
@@ -32,9 +42,34 @@ case "$1" in
 	MESSAGE=$"Starting web server"
 	dialog "$MESSAGE"
 
+	# set document root - not really useful on fedora but just in case
+	sed -i -e "s@^DocumentRoot.*@DocumentRoot \"$DocumentRoot\"@" $httpd_conf
+	# whether WWW is enabled or not : 
+	if [ "$PLC_WWW_ENABLED" != "1" ] ; then
+	    # avoid hitting drupal, that would try to connect to the db and create noise
+	    disable_file $DocumentRoot/index.php
+	else
+	    enable_file $DocumentRoot/index.php
+	fi
+
 	# Set the default include path
-	include_path=".:$DocumentRoot/includes:$DocumentRoot/generated:/etc/planetlab/php"
-	sed -i -e "s@;include_path = \"\.:.*\"@include_path = \"$include_path\"@" $php_ini
+	include_path=".:$DocumentRoot/planetlab/includes:$DocumentRoot/plekit/php:$DocumentRoot/generated:/etc/planetlab/php:/usr/share/plc_api/php"
+	sed -i -e "s@[;]*include_path = \"\.:.*\"@include_path = \"$include_path\"@" $php_ini
+
+	# Set open_basedir so as to avoid leaks
+	open_basedir="$DocumentRoot:/etc/planetlab/php:/usr/share/plc_api/php:/var/log/myslice:/var/tmp/bootmedium:/tmp"
+	sed -i -e "s@[;]*open_basedir =.*@open_basedir = \"$open_basedir\"@" $php_ini
+	
+	# for php-5.3 under fedora12, otherwise issues tons of warning messages
+	# Set timezone in php.ini if not already there
+	if grep '^;date.timezone' $php_ini >& /dev/null; then
+	    dialog 'Setting PHP timezone to GMT'
+	    sed -i -e 's,^;date.timezone.*,date.timezone = GMT,' $php_ini
+	fi
+
+	if grep '^short_open_tag = Off' $php_ini >& /dev/null; then
+	    sed -i -e 's,^short_open_tag = Off,short_open_tag = On,' $php_ini
+	fi
 
 	# Disable default Listen directive
 	sed -i -e '/^Listen/d' $httpd_conf
@@ -49,10 +84,10 @@ case "$1" in
 	    http_port=PLC_${server}_PORT
 	    https_port=PLC_${server}_SSL_PORT
 
-	    # API should always be accessed via SSL
-	    if [ "$server" = "API" ] ; then
-		https_port=${!http_port}
-		http_port=
+#	    # API should always be accessed via SSL
+#	    if [ "$server" = "API" ] ; then
+#		https_port=${!http_port}
+#		http_port=
 	    fi
 
 	    # Check if we are already listening on these ports
@@ -62,7 +97,10 @@ case "$1" in
 		if [ "$server" = "$previous_server" ] ; then
 		    break
 		fi
-		previous_hostname=PLC_${previous_server}_HOST
+		previous_enabled=PLC_${previous_server}_ENABLED
+		if [ "${!previous_enabled}" != "1" ] ; then
+		    continue
+		fi
 		previous_http_port=PLC_${previous_server}_PORT
 		previous_https_port=PLC_${previous_server}_SSL_PORT
 
@@ -74,17 +112,22 @@ case "$1" in
 		fi
 	    done
 
-	    # Listen on these ports
+	    # HTTP configuration
 	    if [ $skip_http -eq 0 -a -n "${!http_port}" ] ; then
 		cat <<EOF
 Listen ${!http_port}
 <VirtualHost *:${!http_port}>
+    # Make sure that the admin web pages are always accessed via SSL
     Redirect /db https://$PLC_WWW_HOST:$PLC_WWW_SSL_PORT/db
-    # XXX Not yet until we can get rid of oldapi
-    # Redirect /$PLC_API_PATH https://$PLC_API_HOST:$PLC_API_PORT/$PLC_API_PATH
+    Redirect /planetlab https://$PLC_WWW_HOST:$PLC_WWW_SSL_PORT/planetlab
+# as a matter of fact most xmlrpc clients won't follow the redirection
+# so this is mostly rethorical, but just in case...
+   Redirect /$PLC_API_PATH https://$PLC_WWW_HOST:$PLC_WWW_SSL_PORT/$PLC_API_PATH
 </VirtualHost>
 EOF
 	    fi
+
+	    # HTTPS configuration
 	    if [ $skip_https -eq 0 -a -n "${!https_port}" ] ; then
 		# XXX Cannot support NameVirtualHost over SSL. If
 		# the API, boot, and web servers are all running
@@ -94,32 +137,51 @@ EOF
 		    -e "s/^Listen .*/Listen ${!https_port}/" \
 		    -e "s/<VirtualHost _default_:.*>/<VirtualHost _default_:${!https_port}>/" \
 		    $ssl_conf
+	    # this is used to locate the right certificates
+	    server_lower=$(echo $server | tr 'A-Z' 'a-z')
+	    cat <<EOF
+# create wsgi socket where we have the permission
+WSGISocketPrefix run/wsgi
+
+<VirtualHost *:${!https_port}>
+
+   WSGIScriptAlias /$PLC_API_PATH /usr/share/plc_api/wsgi/plc.wsgi
+# xxx would be cool to be able to tweak this through config
+   WSGIDaemonProcess plcapi-wsgi-ssl user=apache group=apache processes=1 threads=25
+   WSGIProcessGroup plcapi-wsgi-ssl
+
+   # SSL
+   SSLEngine On
+   SSLCertificateFile /etc/planetlab/${server_lower}_ssl.crt
+   SSLCertificateKeyFile /etc/planetlab/${server_lower}_ssl.key
+   SSLCertificateChainFile /etc/planetlab/${server_lower}_ca_ssl.crt
+
+</VirtualHost>
+EOF
 	    fi
 	done >$plc_conf
 
 	# Set custom Apache directives
 	(
-	    if [ "$PLC_API_ENABLED" = "1" ] ; then
-		cat <<EOF
-<Location $PLC_API_PATH>
-    SetHandler python-program
-    PythonPath "sys.path + ['/usr/share/plc_api']"
-    PythonHandler mod_pythonXMLRPC
-</Location>
+	    # could be restricted to boot boxes but harmless..
+	    cat <<EOF
+AddType application/octet-stream .iso
+AddType application/octet-stream .usb
 EOF
-	    else
+	    # make sure /PLCAPI can't get accessed if API not enabled here
+	    if [ "$PLC_API_ENABLED" != "1" ] ; then
 		cat <<EOF
+# mod_wsgi location
 <Location $PLC_API_PATH>
     Deny from all
-</Location>
+</Location> 
 EOF
 	    fi
 
+	    # redirect www requests if not on the right server
 	    if [ "$PLC_WWW_ENABLED" != "1" ] ; then
 		cat <<EOF
-<Location /db>
-    Deny from all
-</Location>
+Redirect /index.html http://$PLC_WWW_HOST:$PLC_WWW_PORT/
 EOF
 	    fi
 	) >>$plc_conf
@@ -127,6 +189,63 @@ EOF
 	# Make alpina-logs directory writable for bootmanager log upload
 	chown apache:apache $DocumentRoot/alpina-logs/nodes
 
+	# Make the Drupal files upload directory owned by Apache
+	mkdir -p $DocumentRoot/files
+	chown apache:apache $DocumentRoot/files
+
+	# Symlink any (real) files or directories in
+	# /data/var/www/html/* to /var/www/html/. We could descend
+	# into subdirectories, but the code to do so properly would be
+	# madness.
+	for file in /data/$DocumentRoot/* ; do
+	    if [ -e "$file" -a ! -h "$file" ] ; then
+		base=$(basename "$file")
+		if [ ! -e "$DocumentRoot/$base" ] ; then
+		    ln -nsf "$file" "$DocumentRoot/$base"
+		fi
+	    fi
+	done
+
+	# Cleanup broken symlinks
+	for file in $DocumentRoot/* ; do
+	    if [ -h "$file" -a ! -e "$file" ] ; then
+		rm -f "$file"
+	    fi
+	done
+
+	# Old style PHP constants
+	mkdir -p /etc/planetlab/php
+	cat >/etc/planetlab/php/site_constants.php <<"EOF"
+<?php
+include('plc_config.php');
+
+define('PL_API_SERVER', PLC_API_HOST);
+define('PL_API_PATH', PLC_API_PATH);
+define('PL_API_PORT', PLC_API_PORT);
+define('PL_API_CAPABILITY_AUTH_METHOD', 'capability');
+define('PL_API_CAPABILITY_PASS', PLC_API_MAINTENANCE_PASSWORD);
+define('PL_API_CAPABILITY_USERNAME', PLC_API_MAINTENANCE_USER);
+define('WWW_BASE', PLC_WWW_HOST);
+define('BOOT_BASE', PLC_BOOT_HOST);
+define('DEBUG', PLC_WWW_DEBUG);
+define('API_CALL_DEBUG', PLC_API_DEBUG);
+define('SENDMAIL', PLC_MAIL_ENABLED);
+define('PLANETLAB_SUPPORT_EMAIL', PLC_NAME . ' Support <' . PLC_MAIL_SUPPORT_ADDRESS . '>');
+define('PLANETLAB_SUPPORT_EMAIL_ONLY', PLC_MAIL_SUPPORT_ADDRESS);
+?>
+EOF
+
+	## patch php.ini
+	# memory limit
+	sed -i -e 's,^memory_limit = 32M *;,memory_limit = 80M ; patch myplc -- ,' $php_ini 
+	# log_errors : is On by default
+	# error_log
+	if ! grep '^error_log *=' $php_ini > /dev/null ; then
+	  echo 'error_log = /var/log/php.log' >> $php_ini
+	  touch /var/log/php.log
+	  chmod 666 /var/log/php.log
+	fi
+
 	plc_daemon httpd
 	check