Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Douglas
slapos
Commits
694f3319
Commit
694f3319
authored
Jun 16, 2014
by
Kazuhiko Shiozaki
Browse files
Options
Browse Files
Download
Plain Diff
Merge remote-tracking branch 'origin/master' into erp5-component
parents
2ad8cb70
2c303cf2
Changes
15
Show whitespace changes
Inline
Side-by-side
Showing
15 changed files
with
1165 additions
and
158 deletions
+1165
-158
component/hwloc/buildout.cfg
component/hwloc/buildout.cfg
+16
-0
component/lua/buildout.cfg
component/lua/buildout.cfg
+19
-0
component/trafficserver/buildout.cfg
component/trafficserver/buildout.cfg
+39
-0
software/apache-frontend/common.cfg
software/apache-frontend/common.cfg
+12
-9
software/apache-frontend/instance-apache-frontend.cfg
software/apache-frontend/instance-apache-frontend.cfg
+131
-79
software/apache-frontend/templates/squid.conf.jinja2
software/apache-frontend/templates/squid.conf.jinja2
+0
-36
software/apache-frontend/templates/trafficserver/records.config.jinja2
...he-frontend/templates/trafficserver/records.config.jinja2
+641
-0
stack/monitor/buildout.cfg
stack/monitor/buildout.cfg
+20
-11
stack/monitor/monitor.cfg.in
stack/monitor/monitor.cfg.in
+17
-10
stack/monitor/monitor.py.in
stack/monitor/monitor.py.in
+31
-8
stack/monitor/webfile-directory/index.cgi.in
stack/monitor/webfile-directory/index.cgi.in
+188
-0
stack/monitor/webfile-directory/index.html.jinja2
stack/monitor/webfile-directory/index.html.jinja2
+0
-0
stack/monitor/webfile-directory/monitor-password.cgi.in
stack/monitor/webfile-directory/monitor-password.cgi.in
+29
-0
stack/monitor/webfile-directory/settings.cgi.in
stack/monitor/webfile-directory/settings.cgi.in
+7
-2
stack/monitor/webfile-directory/status.cgi.in
stack/monitor/webfile-directory/status.cgi.in
+15
-3
No files found.
component/hwloc/buildout.cfg
0 → 100644
View file @
694f3319
[buildout]
extends =
../../component/libtool/buildout.cfg
../../component/automake/buildout.cfg
../../component/autoconf/buildout.cfg
parts =
hwloc
[hwloc]
recipe = slapos.recipe.cmmi
url = http://www.open-mpi.org/software/hwloc/v1.9/downloads/hwloc-1.9.tar.gz
md5sum = 1f9f9155682fe8946a97c08896109508
environment =
PATH=${pkgconfig:location}/bin:${automake:location}/bin:${autoconf:location}/bin:${libtool:location}/bin:%(PATH)s
configure-options =
--prefix="${buildout:parts-directory}/${:_buildout_section_name_}"
\ No newline at end of file
component/lua/buildout.cfg
0 → 100644
View file @
694f3319
[buildout]
extends =
../readline/buildout.cfg
parts =
lua
[lua]
recipe = slapos.recipe.cmmi
url = http://www.lua.org/ftp/lua-5.2.3.tar.gz
md5sum = dc7f94ec6ff15c985d2d6ad0f1b35654
configure-command = make posix
make-targets =
install INSTALL_TOP=${buildout:parts-directory}/${:_buildout_section_name_}
environment =
CMAKE_INCLUDE_PATH=${readline:location}/include
CMAKE_LIBRARY_PATH=${readline:location}/lib
CPPFLAGS =-I${readline:location}/include
LDFLAGS =-L${readline:location}/lib -Wl,-rpath=${readline:location}/lib
component/trafficserver/buildout.cfg
0 → 100644
View file @
694f3319
[buildout]
extends =
../../component/lua/buildout.cfg
../../component/hwloc/buildout.cfg
../../component/pkgconfig/buildout.cfg
../../component/libtool/buildout.cfg
../../component/make/buildout.cfg
../../component/openssl/buildout.cfg
../../component/tcl/buildout.cfg
../../component/libexpat/buildout.cfg
../../component/pcre/buildout.cfg
../../component/libcap/buildout.cfg
../../component/flex/buildout.cfg
../../component/ncurses/buildout.cfg
../../component/curl/buildout.cfg
../../component/zlib/buildout.cfg
parts =
trafficserver
[trafficserver]
recipe = slapos.recipe.cmmi
url = http://apache.claz.org/trafficserver/trafficserver-4.2.1.tar.bz2
md5sum = 18f7d56650cba260c8cce3bf4abfa56c
configure-options =
--prefix=${buildout:parts-directory}/${:_buildout_section_name_}
--with-openssl=${openssl:location}
--with-expat=${libexpat:location}
--with-pcre=${pcre:location}
--with-lua=${lua:location}
--with-ncurses=${ncurses:location}
--with-tcl=${tcl:location}/lib/
--with-zlib=${zlib:location}
environment =
PATH=${make:location}/bin:${libtool:location}/bin:${pkgconfig:location}/bin:%(PATH)s
LDFLAGS = -L${tcl:location}/lib -Wl,-rpath=${tcl:location}/lib
make-target =
check
install
software/apache-frontend/common.cfg
View file @
694f3319
...
...
@@ -13,7 +13,8 @@ extends =
../../component/dcron/buildout.cfg
../../component/logrotate/buildout.cfg
../../component/rdiff-backup/buildout.cfg
../../component/squid/buildout.cfg
../../component/trafficserver/buildout.cfg
# Monitoring stack
../../stack/monitor/buildout.cfg
...
...
@@ -33,7 +34,6 @@ parts +=
dcron
logrotate
rdiff-backup
squid
[slapos-toolbox]
recipe = zc.recipe.egg
...
...
@@ -67,7 +67,7 @@ mode = 0644
[template-apache-frontend]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-apache-frontend.cfg
md5sum =
f5ec3d3b29d20ccdb00e3b64aa588fa5
md5sum =
b823cb31ff97700c009cf14725690323
output = ${buildout:directory}/template-apache-frontend.cfg
mode = 0644
...
...
@@ -144,12 +144,6 @@ url = ${:_profile_base_location_}/templates/template-log-access.conf.in
md5sum = f85005b430978f3bd24ee7ce11b0e304
mode = 640
[template-squid-configuration]
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/templates/squid.conf.jinja2
md5sum = f17753fa87da074bc949b2967a330099
mode = 640
[template-empty]
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/templates/empty.in
...
...
@@ -162,3 +156,12 @@ url = ${:_profile_base_location_}/templates/wrapper.in
output = ${buildout:directory}/template-wrapper.cfg
mode = 0644
md5sum = 8cde04bfd0c0e9bd56744b988275cfd8
[template-trafficserver-records-config]
recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/templates/trafficserver/${:filename}
md5sum = 950a19be225a25309a3bda3f61fb5f6a
location = ${buildout:parts-directory}/${:_buildout_section_name_}
filename = records.config.jinja2
download-only = true
mode = 0644
software/apache-frontend/instance-apache-frontend.cfg
View file @
694f3319
...
...
@@ -9,16 +9,11 @@ parts =
certificate-authority
logrotate-entry-apache
logrotate-entry-apache-cached
logrotate-entry-squid
apache-frontend
apache-cached
switch-apache-softwaretype
frontend-apache-graceful
cached-apache-graceful
squid-service
squid-prepare
squid-reload
promise-squid
dynamic-template-default-vh
not-found-html
promise-frontend-apache-configuration
...
...
@@ -28,6 +23,14 @@ parts =
promise-apache-frontend-v6-https
promise-apache-frontend-v6-http
promise-apache-cached
trafficserver-launcher
trafficserver-reload
trafficserver-configuration-directory
trafficserver-records-config
trafficserver-remap-config
trafficserver-storage-config
## Monitoring part
###Parts to add for monitoring
certificate-authority
...
...
@@ -47,6 +50,9 @@ parts =
## Monitor for apache
monitor-current-log-access
monitor-backup-log-access
monitor-ats-cache-stats-wrapper
monitor-apache-configuration-verification
extends = ${monitor-template:output}
...
...
@@ -79,6 +85,7 @@ crontabs = $${:etc}/crontabs
cronstamps = $${:etc}/cronstamps
ca-dir = $${:srv}/ssl
[switch-apache-softwaretype]
recipe = slapos.cookbook:softwaretype
single-default = $${dynamic-default-template-slave-list:rendered}
...
...
@@ -117,14 +124,6 @@ apache-directory = ${apache-2.2:location}
apache-ipv6 = $${instance-parameter:ipv6-random}
apache-https-port = $${instance-parameter:configuration.port}
[monitor-current-log-access]
< = monitor-directory-access
source = $${directory:log}
[monitor-backup-log-access]
< = monitor-directory-access
source = $${directory:logrotate-backup}
[jinja2-template-base]
recipe = slapos.recipe.template:jinja2
rendered = $${buildout:directory}/$${:filename}
...
...
@@ -135,6 +134,7 @@ context =
key develop_eggs_directory buildout:develop-eggs-directory
key slap_software_type instance-parameter:slap-software-type
key slapparameter_dict instance-parameter:configuration
section directory directory
$${:extra-context}
[dynamic-template-default-vh]
...
...
@@ -333,8 +333,8 @@ cache-access-log = $${directory:log}/frontend-apache-access-cached.log
cache-error-log = $${directory:log}/frontend-apache-error-cached.log
cache-pid-file = $${directory:run}/httpd-cached.pid
# Comunication with
squid
cache-port =
26010
# Comunication with
ats
cache-port =
$${trafficserver-variable:input-port}
cache-through-port = 26011
# Create wrapper for "apachectl conftest" in bin
...
...
@@ -433,77 +433,70 @@ sharedscripts = true
notifempty = true
create = true
[logrotate-entry-squid]
<= logrotate
recipe = slapos.cookbook:logrotate.d
name = squid
log = $${squid-cache:cache-log-path} $${squid-cache:access-log-path}
frequency = daily
rotatep-num = 30
post = ${buildout:bin-directory}/killpidfromfile $${apache-configuration:pid-file} SIGHUP
sharedscripts = true
notifempty = true
create = true
######################
# Squid deployment
######################
[squid-directory]
#################
# Trafficserver
#################
[trafficserver-directory]
recipe = slapos.cookbook:mkdirectory
squid-cache = $${directory:srv}/squid_cache
[squid-cache]
prepare-path = $${directory:etc-run}/squid-prepare
wrapper-path = $${directory:service}/squid
binary-path = ${squid:location}/sbin/squid
configuration-path = $${directory:etc}/squid.cfg
cache-path = $${squid-directory:squid-cache}
ip = $${instance-parameter:ipv4-random}
port = $${apache-configuration:cache-port}
backend-ip = $${instance-parameter:ipv4-random}
backend-port = $${apache-configuration:cache-through-port}
open-port = $${instance-parameter:configuration.open-port}
access-log-path = $${directory:log}/squid-access.log
cache-log-path = $${directory:log}/squid-cache.log
pid-filename-path = $${directory:run}/squid.pid
[squid-configuration]
< = jinja2-template-base
template = ${template-squid-configuration:target}
rendered = $${squid-cache:configuration-path}
extra-context =
key ip squid-cache:ip
key port squid-cache:port
key backend_ip squid-cache:backend-ip
key backend_port squid-cache:backend-port
key cache_path squid-cache:cache-path
key access_log_path squid-cache:access-log-path
key cache_log_path squid-cache:cache-log-path
key pid_filename_path squid-cache:pid-filename-path
key open_port squid-cache:open-port
[squid-service]
configuration = $${directory:etc}/trafficserver
local-state = $${directory:var}/trafficserver
bin_path = ${trafficserver:location}/bin
log = $${directory:log}/trafficserver
cache-path = $${directory:srv}/ats_cache
[trafficserver-variable]
wrapper-path = $${directory:service}/trafficserver
reload-path = $${directory:etc-run}/trafficserver-reload
local-ip = $${instance-parameter:ipv4-random}
input-port = 23432
hostname = $${slap-parameter:frontend-name}
remap = map / http://$${instance-parameter:ipv4-random}:$${apache-configuration:cache-through-port}
disk-cache-config = $${trafficserver-directory:cache-path} 8G volume=$${slap-parameter:frontend-name}
[trafficserver-configuration-directory]
recipe = plone.recipe.command
command = cp -rn ${trafficserver:location}/etc/trafficserver/* $${:target}
target = $${trafficserver-directory:configuration}
[trafficserver-launcher]
recipe = slapos.cookbook:wrapper
command-line = $${squid-cache:binary-path} -N -f $${squid-configuration:rendered}
wrapper-path = $${squid-cache:wrapper-path}
command-line = ${trafficserver:location}/bin/traffic_cop
wrapper-path = $${trafficserver-variable:wrapper-path}
environment = TS_ROOT=$${buildout:directory}
[
squid-prepare
]
[
trafficserver-reload
]
recipe = slapos.cookbook:wrapper
command-line = $${squid-cache:binary-path} -z -f $${squid-configuration:rendered}
wrapper-path = $${squid-cache:prepare-path}
command-line = ${trafficserver:location}/bin/traffic_line -x
wrapper-path = $${trafficserver-variable:reload-path}
environment = TS_ROOT=$${buildout:directory}
[squid-reload]
recipe = slapos.cookbook:wrapper
command-line = ${buildout:bin-directory}/killpidfromfile $${squid-cache:pid-filename-path} SIGHUP
wrapper-path = $${directory:etc-run}/squid-reload
[trafficserver-records-config]
< = jinja2-template-base
template = ${template-trafficserver-records-config:location}/${template-trafficserver-records-config:filename}
rendered = $${trafficserver-directory:configuration}/records.config
mode = 700
context =
import os_module os
section ats_directory trafficserver-directory
section ats_configuration trafficserver-variable
[promise-squid]
recipe = slapos.cookbook:check_port_listening
path = $${directory:promise}/squid
hostname = $${instance-parameter:ipv4-random}
port = $${apache-configuration:cache-port}
[trafficserver-remap-config]
< = jinja2-template-base
template = ${template-empty:target}
rendered = $${trafficserver-configuration-directory:target}/remap.config
mode = 700
context =
key content trafficserver-variable:remap
# End of Squid part
[trafficserver-storage-config]
< = jinja2-template-base
template = ${template-empty:target}
rendered = $${trafficserver-configuration-directory:target}/storage.config
mode = 700
context =
key content trafficserver-variable:disk-cache-config
### End of ATS sections
### Apaches Graceful and promises
[frontend-apache-graceful]
...
...
@@ -577,3 +570,62 @@ server_url = $${slap-connection:server-url}
software_release_url = $${slap-connection:software-release-url}
key_file = $${slap-connection:key-file}
cert_file = $${slap-connection:cert-file}
[slap-parameter]
# Define default parameter(s) that will be used later, in case user didn't
# specify it
# All parameters are available through the configuration.XX syntax.
# All possible parameters should have a default.
domain = example.org
public-ipv4 =
port = 4443
plain_http_port = 8080
server-admin = admin@example.com
apache_custom_https = ""
apache_custom_http = ""
apache-key =
apache-certificate =
open-port = 80 443
extra_slave_instance_list =
frontend-name =
#######
# Monitoring sections
#
[monitor-current-log-access]
< = monitor-directory-access
source = $${directory:log}
[monitor-backup-log-access]
< = monitor-directory-access
source = $${directory:logrotate-backup}
# Produce ATS Cache stats
[monitor-ats-cache-stats-wrapper]
< = jinja2-template-base
template = ${template-wrapper:output}
rendered = $${monitor-directory:monitoring-cgi}/ats-cache-stats
mode = 0700
command = export TS_ROOT=$${buildout:directory} && echo "<pre>$(${trafficserver:location}/bin/traffic_shell $${monitor-ats-cache-stats-config:rendered})</pre>"
extra-context =
key content monitor-ats-cache-stats-wrapper:command
[monitor-ats-cache-stats-config]
< = jinja2-template-base
template = ${template-empty:target}
rendered = $${trafficserver-configuration-directory:target}/cache-config.stats
mode = 644
context =
raw content show:cache-stats
# Display result of apache configuration check
[monitor-apache-configuration-verification]
< = jinja2-template-base
template = ${template-wrapper:output}
rendered = $${monitor-directory:monitoring-cgi}/front-httpd-configuration
mode = 0700
command = echo "<pre>$($${apache-configuration:frontend-configuration-verification})</pre>"
extra-context =
key content :command
software/apache-frontend/templates/squid.conf.jinja2
deleted
100644 → 0
View file @
2ad8cb70
refresh_pattern . 0 20% 4320 max-stale=604800
# Dissallow cachemgr access
http_access deny manager
# Squid service configuration
http_port {{ ip }}:{{ port }} accel defaultsite={{ ip }}
cache_peer {{ backend_ip }} parent {{ backend_port }} 0 no-query originserver name=backend
acl our_sites port {{ open_port }}
http_access allow our_sites
cache_peer_access backend allow our_sites
cache_peer_access backend deny all
# Drop squid headers
# via off
# reply_header_access X-Cache-Lookup deny all
# reply_header_access X-Squid-Error deny all
# reply_header_access X-Cache deny all
header_replace X-Forwarded-For
follow_x_forwarded_for allow all
forwarded_for on
cache_dir aufs {{ cache_path }} 5000 16 256
# Use 1Go of RAM
cache_mem 1024 MB
# But do not keep big object in RAM
maximum_object_size_in_memory 2048 KB
# Log
access_log {{ access_log_path }}
cache_log {{ cache_log_path }}
pid_filename {{ pid_filename_path }}
software/apache-frontend/templates/trafficserver/records.config.jinja2
0 → 100644
View file @
694f3319
#
#
# Process Records Config File
#
# <RECORD-TYPE> <NAME> <TYPE> <VALUE (till end of line)>
#
# RECORD-TYPE: CONFIG, LOCAL
# NAME: name of variable
# TYPE: INT, STRING, FLOAT
# VALUE: Initial value for record
#
#
# *NOTE*: All options covered in this file should be documented in the
# administration guide or the addendum:
#
#
##############################################################################
#
# System Variables
#
##############################################################################
CONFIG proxy.config.proxy_name STRING {{ ats_configuration['hostname'] }}
CONFIG proxy.config.local_state_dir {{ ats_directory['local-state'] }}
CONFIG proxy.config.config_dir STRING {{ ats_directory['configuration'] }}
CONFIG proxy.config.bin_path STRING {{ ats_directory['bin_path'] }}
CONFIG proxy.config.proxy_binary_opts STRING -M
CONFIG proxy.config.env_prep STRING example_prep.sh
CONFIG proxy.config.alarm_email STRING nobody
CONFIG proxy.config.syslog_facility STRING LOG_DAEMON
CONFIG proxy.config.output.logfile STRING traffic.out
CONFIG proxy.config.snapshot_dir STRING snapshots
CONFIG proxy.config.system.mmap_max INT 2097152
##############################################################################
#
# Main threads configuration (worker threads). Also see configurations for
# SSL threads, disk I/O threads and task threads in their respective areas.
#
##############################################################################
CONFIG proxy.config.exec_thread.autoconfig INT 1
CONFIG proxy.config.exec_thread.autoconfig.scale FLOAT 1.5
CONFIG proxy.config.exec_thread.limit INT 2
CONFIG proxy.config.accept_threads INT 1
##############################################################################
#
# Local Manager
#
##############################################################################
CONFIG proxy.config.admin.admin_user STRING admin
CONFIG proxy.config.admin.number_config_bak INT 3
CONFIG proxy.config.admin.user_id STRING {{ '#%s' % os_module.geteuid() }}
##############################################################################
#
# Process Manager
#
##############################################################################
CONFIG proxy.config.admin.autoconf_port INT 8083
CONFIG proxy.config.process_manager.mgmt_port INT 8084
##############################################################################
#
# In order to only bind a specific IP, use the following config, as in
# the example below. Note - this can contain two addresses, one for IPv4
# sockets and one for IPv6 sockets.
#
##############################################################################
LOCAL proxy.local.incoming_ip_to_bind STRING {{ ats_configuration['local-ip'] }}
#LOCAL proxy.local.outgoing_ip_to_bind STRING 10.0.143.32
#LOCAL proxy.local.incoming_ip_to_bind STRING 192.168.101.17 fc07:192:168:101::17
##############################################################################
#
# Alarm Configuration
#
##############################################################################
# execute alarm as "<abs_path>/<bin> "<MSG_STRING_FROM_PROXY>""
CONFIG proxy.config.alarm.bin STRING example_alarm_bin.sh
CONFIG proxy.config.alarm.abs_path STRING NULL
##############################################################################
#
# HTTP Engine
#
##############################################################################
##########
# basics #
##########
# The server ports are listed here. These are separated by spaces or commas.
# Each port is a colon separated list of values, which must include a
# port number. The order is irrelevant. Other options are
# ipv4 - Use IPv4 (default)
# ipv6 - Use IPv6
# tr-in - Transparent inbound.
# tr-out - Transparent outbound.
# tr-full - Fully transparent (inbound and outbound).
# tr-pass - Transparently Pass-through non-HTTP traffic (in conjuction with tr-in).
# ssl - SSL terminated port.
# blind - Blind tunnel port (CONNECT only)
# ip-in=[addr] - Bind inbound IP address (listen for client).
# ip-out=[addr] - Bind outbound IP address (connect to origin server).
# ip-resolve=[style] - Set the IP resolution style.
#
# Note - address types must agree with each other and the ipv4/ipv6
# option if specified. IPv6 addresses must be enclosed in brackets.
# ip-out can be repeated as long as each address is a different
# family. If ip-in is specified as an IPv6 address, the port is
# forced to IPv6. Transparent ports cannot be bound to an IP
# address on the transparent side.
#
# The '=' is optional for any option with a value.
#
# Example 1: Port 8080 IPv6 inbound transparent, and port 80 IPv4
# "8080:ipv6:tr-in 80"
#
# Example 2: Listen on standard http and https ports for IPv4 and IPv6,
# fully transparent on the http ports. Also provide an non-transparent
# port at address 192.168.1.56 on port 8080.
# "80:ipv4:tr-full tr-full:80:ipv6 443:ipv4:ssl 443:ssl:ipv6 ip-in=192.168.1.56:8080"
#
CONFIG proxy.config.http.server_ports STRING {{ ats_configuration['local-ip'] + ':' + ats_configuration['input-port'] }}
# Ports on the origin server to which a blind tunnel may connect.
CONFIG proxy.config.http.connect_ports STRING 443 563
# The via settings have four values
# 0 - Do not modify / set this via header
# 1 - Update the via, with normal verbosity
# 2 - Update the via, with higher verbosity
# 3 - Update the via, with highest verbosity
CONFIG proxy.config.http.insert_request_via_str INT 2
CONFIG proxy.config.http.insert_response_via_str INT 2
# Insert a Server: header, this has three values
# 0 - Don't add or modify the Server: header
# 1 - Add a Server: header
# 2 - Only add a Server: header if one doesn't exist already
CONFIG proxy.config.http.response_server_enabled INT 1
CONFIG proxy.config.http.insert_age_in_response INT 1
CONFIG proxy.config.http.enable_url_expandomatic INT 0
CONFIG proxy.config.http.no_dns_just_forward_to_parent INT 0
CONFIG proxy.config.http.uncacheable_requests_bypass_parent INT 1
CONFIG proxy.config.http.keep_alive_enabled_in INT 1
CONFIG proxy.config.http.keep_alive_enabled_out INT 1
CONFIG proxy.config.http.chunking_enabled INT 1
# send http11 requests:
# 0 - Never
# 1 - Always
# 2 - if the server has returned http1.1 before
# 3 - if the client request is 1.1 & the server has returned 1.1 before
# If use_client_addr is set to 1, options 2 and 3 cause the proxy to use
# the client HTTP version for upstream requests.
CONFIG proxy.config.http.send_http11_requests INT 1
# Share server connections
# 0 - Never
# 1 - Share, with a single global connection pool
# 2 - Share, with a connection pool per worker thread
CONFIG proxy.config.http.share_server_sessions INT 2
##########################
# HTTP referer filtering #
##########################
CONFIG proxy.config.http.referer_filter INT 0
CONFIG proxy.config.http.referer_format_redirect INT 0
CONFIG proxy.config.http.referer_default_redirect STRING http://www.example.com/
##############################
# parent proxy configuration #
##############################
CONFIG proxy.config.http.parent_proxy_routing_enable INT 0
CONFIG proxy.config.http.parent_proxy.retry_time INT 300
# Parent fail threshold is the number of request that must
# fail within the retry window for the parent to be marked
# down
CONFIG proxy.config.http.parent_proxy.fail_threshold INT 10
CONFIG proxy.config.http.parent_proxy.total_connect_attempts INT 4
CONFIG proxy.config.http.parent_proxy.per_parent_connect_attempts INT 2
CONFIG proxy.config.http.parent_proxy.connect_attempts_timeout INT 30
CONFIG proxy.config.http.forward.proxy_auth_to_parent INT 0
###################################
# HTTP connection timeouts (secs) #
###################################
# out: proxy -> origin server connection
# in : ua -> proxy connection
CONFIG proxy.config.http.keep_alive_no_activity_timeout_in INT 115
CONFIG proxy.config.http.keep_alive_no_activity_timeout_out INT 120
CONFIG proxy.config.http.transaction_no_activity_timeout_in INT 30
CONFIG proxy.config.http.transaction_no_activity_timeout_out INT 30
CONFIG proxy.config.http.transaction_active_timeout_in INT 900
CONFIG proxy.config.http.transaction_active_timeout_out INT 0
CONFIG proxy.config.http.accept_no_activity_timeout INT 120
CONFIG proxy.config.http.background_fill_active_timeout INT 60
CONFIG proxy.config.http.background_fill_completed_threshold FLOAT 0.5
##################################
# origin server connect attempts #
##################################
CONFIG proxy.config.http.connect_attempts_max_retries INT 6
CONFIG proxy.config.http.connect_attempts_max_retries_dead_server INT 3
CONFIG proxy.config.http.connect_attempts_rr_retries INT 3
CONFIG proxy.config.http.connect_attempts_timeout INT 30
CONFIG proxy.config.http.post_connect_attempts_timeout INT 1800
CONFIG proxy.config.http.down_server.cache_time INT 300
CONFIG proxy.config.http.down_server.abort_threshold INT 10
##################################
# congestion control #
##################################
CONFIG proxy.config.http.congestion_control.enabled INT 0
#############################
# negative response caching #
#############################
CONFIG proxy.config.http.negative_caching_enabled INT 0
CONFIG proxy.config.http.negative_caching_lifetime INT 1800
#########################
# proxy users variables #
#########################
CONFIG proxy.config.http.anonymize_remove_from INT 0
CONFIG proxy.config.http.anonymize_remove_referer INT 0
CONFIG proxy.config.http.anonymize_remove_user_agent INT 0
CONFIG proxy.config.http.anonymize_remove_cookie INT 0
CONFIG proxy.config.http.anonymize_remove_client_ip INT 0
CONFIG proxy.config.http.anonymize_insert_client_ip INT 1
CONFIG proxy.config.http.anonymize_other_header_list STRING NULL
CONFIG proxy.config.http.insert_squid_x_forwarded_for INT 1
############
# security #
############
CONFIG proxy.config.http.push_method_enabled INT 0
# ###################################
# # HTTP Quick filtering (security) #
# ###################################
# this functionality is moved to ip_allow.config
#################
# cache control #
#################
CONFIG proxy.config.http.cache.http INT 1
# Enabling this setting allows the proxy to cache empty documents. This currently
# requires that the response has a Content-Length: header, with a value of "0".
CONFIG proxy.config.http.cache.allow_empty_doc INT 0
CONFIG proxy.config.http.cache.ignore_client_no_cache INT 1
CONFIG proxy.config.http.cache.ims_on_client_no_cache INT 1
CONFIG proxy.config.http.cache.ignore_server_no_cache INT 0
CONFIG proxy.config.http.cache.ignore_client_cc_max_age INT 0
CONFIG proxy.config.http.normalize_ae_gzip INT 0
# cache responses to cookies has 5 options:
# 0 - do not cache any responses to cookies
# 1 - cache for any content-type
# 2 - cache only for image types
# 3 - cache for all but text content-types
# 4 - cache for all but text content-types except OS response
# without "Set-Cookie" or with "Cache-Control: public"
# See also cache-responses-to-cookies in cache.config.
CONFIG proxy.config.http.cache.cache_responses_to_cookies INT 1
CONFIG proxy.config.http.cache.ignore_authentication INT 0
CONFIG proxy.config.http.cache.cache_urls_that_look_dynamic INT 1
CONFIG proxy.config.http.cache.enable_default_vary_headers INT 0
# when_to_revalidate has 5 options:
# 0 - default. use cache directives or heuristic
# 1 - stale if heuristic
# 2 - always stale (always revalidate)
# 3 - never stale
# 4 - always revalidate if request is conditional, else default is used
CONFIG proxy.config.http.cache.when_to_revalidate INT 0
# Some old MSIE browsers don't send no-cache headers to
# reverse proxies or transparent caches, this variable controls
# when to add no-cache headers to MSIE requests:
# -1 - no-cache is never added, stats are not updated
# 0 - default; no-cache not added to MSIE requests
# 1 - no-cache added to IMS MSIE requests
# 2 - no-cache added to all MSIE requests
CONFIG proxy.config.http.cache.when_to_add_no_cache_to_msie_requests INT -1
# required headers: three options:
# 0 - No required headers to make document cachable
# 1 - "Last-Modified:", "Expires:", or "Cache-Control: max-age" required
# 2 - explicit lifetime required, "Expires:" or "Cache-Control: max-age"
CONFIG proxy.config.http.cache.required_headers INT 2
CONFIG proxy.config.http.cache.max_stale_age INT 604800
CONFIG proxy.config.http.cache.range.lookup INT 1
########################
# heuristic expiration #
########################
CONFIG proxy.config.http.cache.heuristic_min_lifetime INT 3600
CONFIG proxy.config.http.cache.heuristic_max_lifetime INT 86400
CONFIG proxy.config.http.cache.heuristic_lm_factor FLOAT 0.10
CONFIG proxy.config.http.cache.fuzz.time INT 240
CONFIG proxy.config.http.cache.fuzz.probability FLOAT 0.005
#########################################
# dynamic content & content negotiation #
#########################################
CONFIG proxy.config.http.cache.vary_default_text STRING NULL
CONFIG proxy.config.http.cache.vary_default_images STRING NULL
CONFIG proxy.config.http.cache.vary_default_other STRING NULL
##############################################################
# The HTTP stats are expensive, turn off you don't need them #
##############################################################
CONFIG proxy.config.http.enable_http_stats INT 1
##############################################################################
#
# Customizable User Response Pages
#
##############################################################################
# 1 - enable customizable user response pages in only the "default" directory
# 2 - enable language-targeted user response pages
CONFIG proxy.config.body_factory.enable_customizations INT 1
CONFIG proxy.config.body_factory.enable_logging INT 0
# 0 - never suppress generated responses
# 1 - always suppress generated responses
# 2 - suppress responses for intercepted traffic
CONFIG proxy.config.body_factory.response_suppression_mode INT 0
##############################################################################
#
# Net Subsystem
#
##############################################################################
CONFIG proxy.config.net.connections_throttle INT 30000
# Enable defer accept / accept filtering. On Linux, this is a timeout, sec.
CONFIG proxy.config.net.defer_accept INT 45
##############################################################################
#
# Cluster Subsystem
#
##############################################################################
# cluster type requires restart to change
# 1 is full clustering, 2 is mgmt only, 3 is no clustering
LOCAL proxy.local.cluster.type INT 3
CONFIG proxy.config.cluster.cluster_port INT 8086
CONFIG proxy.config.cluster.rsport INT 8088
CONFIG proxy.config.cluster.mcport INT 8089
CONFIG proxy.config.cluster.mc_group_addr STRING 224.0.1.37
CONFIG proxy.config.cluster.mc_ttl INT 1
CONFIG proxy.config.cluster.log_bogus_mc_msgs INT 1
CONFIG proxy.config.cluster.ethernet_interface STRING lo
##############################################################################
#
# Cache
#
##############################################################################
CONFIG proxy.config.cache.permit.pinning INT 0
# default the ram cache size to AUTO_SIZE (-1) based on cache size
# (approximately 10 MB of RAM cache per GB of disk cache)
# alternatively, set to a fixed value such as 21474836480 (20GB)
CONFIG proxy.config.cache.ram_cache.size INT 1G
CONFIG proxy.config.cache.ram_cache_cutoff INT 4194304
# Replacement algorithm
# 0 : Clocked Least Frequently Used by Size (CLFUS) w/optional compression
# 1 : LRU w/o optional compression - trivially simple
CONFIG proxy.config.cache.ram_cache.algorithm INT 0
# Filter inserts into the RAM cache to ensure that they have been seen at
# least once. For LRU, this provides scan resistance. Note that CLFUS
# already requires that a document have history before it is inserted, so
# for CLFUS, setting this option means that a document must be seen three
# times before it is added to the RAM cache.
CONFIG proxy.config.cache.ram_cache.use_seen_filter INT 0
# Compress the content of the ram cache:
# 0 : no compression
# 1 : fastlz (extremely fast, relatively low compression)
# 2 : libz (moderate speed, reasonable compression)
# 3 : liblzma (very slow, high compression)
# NOTE: compression runs on task threads. To use more cores for
# compression, increase proxy.config.task_threads.
CONFIG proxy.config.cache.ram_cache.compress INT 0
# The maximum number of alternates that are allowed for any given URL.
# It is not possible to strictly enforce this if the variable
# 'proxy.config.cache.vary_on_user_agent' is set to 1.
# The default value for 'proxy.config.cache.vary_on_user_agent' is 0.
# (0 disables the maximum number of alts check)
CONFIG proxy.config.cache.limits.http.max_alts INT 5
# The target size of a contiguous fragment on disk.
# Acceptable values are powers of 2, e.g. 65536, 131072, 262144, 524288, 1048576, 2097152.
# Larger could waste memory on slow connections, smaller could waste seeks.
CONFIG proxy.config.cache.target_fragment_size INT 1048576
# The maximum size of a document that will be stored in the cache.
# (0 disables the maximum document size check)
CONFIG proxy.config.cache.max_doc_size INT 0
# enable the cache to read from an object while it is being added to the cache
CONFIG proxy.config.cache.enable_read_while_writer INT 0
# This controls how many objects (average) the disk caches can hold, and
# how much memory it'll consume for the directory structure.
CONFIG proxy.config.cache.min_average_object_size INT 8000
# How many I/O threads to allocate per disk (spindle). Be aware that RAID
# disks would show up to TS as a single spindle.
CONFIG proxy.config.cache.threads_per_disk INT 8
# Time (in ms) to delay until retrying to acquire a cache lock. Setting
# this low can reduce latencies in some cases, but can consume more CPU.
# If you experience CPU spinning, try increasing this setting.
CONFIG proxy.config.cache.mutex_retry_delay INT 2
# The interim storage disks. Must use raw disks.
# Only support at most 8 interim disks now. e.g.
# proxy.config.cache.interim.storage STRING /dev/sda /dev/sdb/
LOCAL proxy.config.cache.interim.storage STRING NULL
##############################################################################
#
# DNS
#
##############################################################################
CONFIG proxy.config.dns.search_default_domains INT 0
CONFIG proxy.config.dns.splitDNS.enabled INT 0
CONFIG proxy.config.dns.max_dns_in_flight INT 2048
# Additional URL expansions for http DNS lookup
CONFIG proxy.config.dns.url_expansions STRING NULL
CONFIG proxy.config.dns.round_robin_nameservers INT 0
CONFIG proxy.config.dns.nameservers STRING NULL
CONFIG proxy.config.dns.resolv_conf STRING /etc/resolv.conf
# This provides additional resilience against DNS forgery, particularly in
# forward or transparent proxies, but requires that the resolver populates
# the queries section of the response properly.
CONFIG proxy.config.dns.validate_query_name INT 0
##############################################################################
#
# HostDB
#
##############################################################################
# in entries, may not be changed while running
# note that in order to increase hostdb.size, hostdb.storage_size should
# also be increase. These are best guesses, you will have to monitor this.
CONFIG proxy.config.hostdb.size INT 120000
CONFIG proxy.config.hostdb.storage_size INT 32M
# ttl modes:
# 0 = obey
# 1 = ignore
# 2 = min(X,ttl)
# 3 = max(X,ttl)
CONFIG proxy.config.hostdb.ttl_mode INT 0
# in minutes...
CONFIG proxy.config.hostdb.timeout INT 1440
# round-robin addresses for single clients
# (can cause authentication problems)
CONFIG proxy.config.hostdb.strict_round_robin INT 0
##############################################################################
#
# Logging Config
#
##############################################################################
# possible values for logging_enabled:
# 0: no logging at all
# 1: log errors only
# 2: log transactions only
# 3: full logging (errors + transactions)
CONFIG proxy.config.log.logging_enabled INT 3
CONFIG proxy.config.log.max_secs_per_buffer INT 5
CONFIG proxy.config.log.max_space_mb_for_logs INT 25000
CONFIG proxy.config.log.max_space_mb_for_orphan_logs INT 25
CONFIG proxy.config.log.max_space_mb_headroom INT 1000
CONFIG proxy.config.log.hostname STRING localhost
CONFIG proxy.config.log.logfile_dir STRING {{ ats_directory['log'] }}
CONFIG proxy.config.log.logfile_perm STRING rw-r--r--
CONFIG proxy.config.log.custom_logs_enabled INT 0
CONFIG proxy.config.log.squid_log_enabled INT 1
CONFIG proxy.config.log.squid_log_is_ascii INT 0
CONFIG proxy.config.log.squid_log_name STRING squid
CONFIG proxy.config.log.squid_log_header STRING NULL
CONFIG proxy.config.log.common_log_enabled INT 0
CONFIG proxy.config.log.common_log_is_ascii INT 1
CONFIG proxy.config.log.common_log_name STRING common
CONFIG proxy.config.log.common_log_header STRING NULL
CONFIG proxy.config.log.extended_log_enabled INT 0
CONFIG proxy.config.log.extended_log_is_ascii INT 0
CONFIG proxy.config.log.extended_log_name STRING extended
CONFIG proxy.config.log.extended_log_header STRING NULL
CONFIG proxy.config.log.extended2_log_enabled INT 0
CONFIG proxy.config.log.extended2_log_is_ascii INT 1
CONFIG proxy.config.log.extended2_log_name STRING extended2
CONFIG proxy.config.log.extended2_log_header STRING NULL
CONFIG proxy.config.log.separate_icp_logs INT 0
CONFIG proxy.config.log.separate_host_logs INT 0
# Log collation allows you to do "remote logging"
LOCAL proxy.local.log.collation_mode INT 0
CONFIG proxy.config.log.collation_host STRING NULL
CONFIG proxy.config.log.collation_port INT 8085
CONFIG proxy.config.log.collation_secret STRING foobar
CONFIG proxy.config.log.collation_host_tagged INT 0
CONFIG proxy.config.log.collation_retry_sec INT 5
CONFIG proxy.config.log.rolling_enabled INT 1
CONFIG proxy.config.log.rolling_interval_sec INT 86400
CONFIG proxy.config.log.rolling_offset_hr INT 0
CONFIG proxy.config.log.rolling_size_mb INT 10
CONFIG proxy.config.log.auto_delete_rolled_files INT 1
CONFIG proxy.config.log.sampling_frequency INT 1
##############################################################################
#
# Reverse Proxy
#
##############################################################################
CONFIG proxy.config.reverse_proxy.enabled INT 1
CONFIG proxy.config.header.parse.no_host_url_redirect STRING NULL
##############################################################################
#
# URL Remap Rules
#
##############################################################################
CONFIG proxy.config.url_remap.default_to_server_pac INT 0
CONFIG proxy.config.url_remap.default_to_server_pac_port INT -1
# To enable forward proxy, you must turn off remap_required
CONFIG proxy.config.url_remap.remap_required INT 1
# Pristine host header is the "original" (request) header. Make sure your
# origin expects them in reverse proxy.
CONFIG proxy.config.url_remap.pristine_host_hdr INT 1
##############################################################################
#
# SSL Termination
#
##############################################################################
# The number of SSL threads is a multiplier of number of CPUs and
# proxy.config.exec_thread.autoconfig.scale by default. You can
# override that here (set it to a non-zero value).
CONFIG proxy.config.ssl.number.threads INT 0
# The following three variables can be
# set to 0 to disable SSLv2, SSLv3, and/or TLSv1.
# SSLv2 is disabled by default for security concern.
CONFIG proxy.config.ssl.SSLv2 INT 0
CONFIG proxy.config.ssl.SSLv3 INT 1
CONFIG proxy.config.ssl.TLSv1 INT 1
# The following two variables control the Cipher Suite traffic Server
# uses for HTTPS connnections and whether to prefer the client
# selected (default) or the server selected
# Our default SSL Cipher Suite tries to be reasonably fast and strong.
CONFIG proxy.config.ssl.server.cipher_suite STRING RC4-SHA:AES128-SHA:DES-CBC3-SHA:AES256-SHA:ALL:!aNULL:!EXP:!LOW:!MD5:!SSLV2:!NULL
CONFIG proxy.config.ssl.server.honor_cipher_order INT 0
# Control if SSL should perform content compression or not
CONFIG proxy.config.ssl.compression INT 0
# Client certification level should be:
# 0 no client certificates
# 1 client certificates optional
# 2 client certificates required
CONFIG proxy.config.ssl.client.certification_level INT 0
# Server cert chain filename is the name of the global cert chain file
# that is added to every cert in ssl_multicert.config. This file is only
# loaded if there are configurations in ssl_multicert.config.
CONFIG proxy.config.ssl.server.cert_chain.filename STRING NULL
# This is the path that SSL certificates files are relative to. Certificate
# names specified in ssl_multicert.config will be located relative to this path.
CONFIG proxy.config.ssl.server.cert.path STRING etc/trafficserver
# If any private key is not contained in the certificate file, you must
# fill in the private key path. Private key names specified in
# ssl_multicert.config will be located relative to this path.
CONFIG proxy.config.ssl.server.private_key.path STRING etc/trafficserver
# The CA file name and path are the
# certificate authority certificate that
# client certificates will be verified against.
CONFIG proxy.config.ssl.CA.cert.filename STRING NULL
CONFIG proxy.config.ssl.CA.cert.path STRING etc/trafficserver
################################
# client related configuration #
################################
CONFIG proxy.config.ssl.client.verify.server INT 0
CONFIG proxy.config.ssl.client.cert.filename STRING NULL
CONFIG proxy.config.ssl.client.cert.path STRING etc/trafficserver
# Fill in private key file and path only if the client's
# private key is not contained in the client certificate file.
CONFIG proxy.config.ssl.client.private_key.filename STRING NULL
CONFIG proxy.config.ssl.client.private_key.path STRING etc/trafficserver
# The CA file name and path are the
# certificate authority certificate that
# server certificates will be verified against.
CONFIG proxy.config.ssl.client.CA.cert.filename STRING NULL
CONFIG proxy.config.ssl.client.CA.cert.path STRING etc/trafficserver
##############################################################################
#
# ICP Configuration. NOTE! ICP is currently broken NOTE!
#
##############################################################################
# icp modes
# enabled=0 ICP disabled
# enabled=1 Allow receive of ICP queries
# enabled=2 Allow send/receive of ICP queries
CONFIG proxy.config.icp.enabled INT 0
CONFIG proxy.config.icp.icp_interface STRING NULL
CONFIG proxy.config.icp.icp_port INT 3130
CONFIG proxy.config.icp.multicast_enabled INT 0
CONFIG proxy.config.icp.query_timeout INT 2
##############################################################################
#
# Scheduled Update Configuration
#
##############################################################################
CONFIG proxy.config.update.enabled INT 0
CONFIG proxy.config.update.force INT 0
CONFIG proxy.config.update.retry_count INT 10
CONFIG proxy.config.update.retry_interval INT 2
CONFIG proxy.config.update.concurrent_updates INT 100
##############################################################################
#
# Socket send/recv buffer sizes (0 == don't call setsockopt() )
#
##############################################################################
# out: proxy -> os connection
# in : ua -> proxy connection
CONFIG proxy.config.net.sock_send_buffer_size_in INT 262144
CONFIG proxy.config.net.sock_recv_buffer_size_in INT 0
CONFIG proxy.config.net.sock_send_buffer_size_out INT 0
CONFIG proxy.config.net.sock_recv_buffer_size_out INT 0
##############################################################################
#
# User Overridden Configurations Below
#
##############################################################################
CONFIG proxy.config.core_limit INT -1
##############################################################################
#
# Debugging
#
##############################################################################
# Uses a regular expression to match the debugging topic name, performance
# will be affected!
CONFIG proxy.config.diags.debug.enabled INT 0
CONFIG proxy.config.diags.debug.tags STRING http.*|dns.*
# Great for tracking down memory leaks, but you need to use the
# ink allocators
CONFIG proxy.config.dump_mem_info_frequency INT 0
# Log the source code location of diagnostic messages.
CONFIG proxy.config.diags.show_location INT 0
##############################################################################
#
# Configuration for Reclaimable InkFreeList memory pool
#
# NOTE: The following options are meaningfull only when Traffic Server is
# compiled with the following option to configure:
#
# --enable-reclaimable-freelist
#
##############################################################################
CONFIG proxy.config.allocator.enable_reclaim INT 1
# The value of reclaim_factor should be in the 0.0 to 1.0 range. Allocators
# use it to calculate size of unused memory, which is used to determine when
# to reclaim memory. The larger the value, the more aggressive reclaims.
CONFIG proxy.config.allocator.reclaim_factor FLOAT 0.300000
# Allocator will reclaim memory only when it continuously satisfy the reclaim
# condition for max_overage continuous checks.
CONFIG proxy.config.allocator.max_overage INT 3
# For debugging, enable debug_filter, which is a bit-map with these fields:
# bit 0: reclaim memory in ink_freelist_new
# bit 1: allocate memory from partial-free Chunks(if exist) or OS
CONFIG proxy.config.allocator.debug_filter INT 0
##############################################################################
#
# Slow Log
#
##############################################################################
# Log any request that takes more then x number of milliseconds, needs
# to be > 0 to be enabled
CONFIG proxy.config.http.slow.log.threshold INT 0
##############################################################################
#
# Thread pool for "misc" tasks, plugins etc. 2 is a good minimum.
#
##############################################################################
CONFIG proxy.config.task_threads INT 2
stack/monitor/buildout.cfg
View file @
694f3319
...
...
@@ -42,30 +42,30 @@ recipe = slapos.recipe.template
url = ${:_profile_base_location_}/monitor.cfg.in
output = ${buildout:directory}/monitor.cfg
filename = monitor.cfg
md5sum =
bd592a0f0c41ec15c643c4e91e9ec5cc
md5sum =
499ba647f0c22f16bea3cc88bdfd98e8
mode = 0644
[monitor-bin]
recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/${:filename}
download-only = true
md5sum =
1e7b4698f6627150b1eb783b06f8b13a
md5sum =
cb2f15850d3dc82459a0044adb4416cf
destination = ${buildout:directory}/parts/monitor-template-monitor-bin
filename = monitor.py.in
mode = 0644
[index]
recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/webfile
s
/${:filename}
url = ${:_profile_base_location_}/webfile
-directory
/${:filename}
download-only = true
md5sum =
91ac749f86aecc0c383d93e51e15a572
md5sum =
cd649264b331499241abfcdb4e81672a
destination = ${buildout:directory}/parts/monitor-index
filename = index.cgi.in
mode = 0644
[index-template]
recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/webfile
s
/${:filename}
url = ${:_profile_base_location_}/webfile
-directory
/${:filename}
download-only = true
destination = ${buildout:directory}/parts/monitor-template-index
md5sum = e0d2aaeffc046b2ac6d9d717e1ba321d
...
...
@@ -74,22 +74,31 @@ mode = 0644
[status-cgi]
recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/webfile
s
/${:filename}
url = ${:_profile_base_location_}/webfile
-directory
/${:filename}
download-only = true
md5sum =
aa2764cab87e457410435974f729e906
md5sum =
4fb26753ee669b8ac90ffe33dbd12e8f
destination = ${buildout:directory}/parts/monitor-template-status-cgi
filename = status.cgi.in
mode = 0644
[settings-cgi]
recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/webfile
s
/${:filename}
url = ${:_profile_base_location_}/webfile
-directory
/${:filename}
download-only = true
md5sum =
18574b804da0c65d8670959f9e7c4774
md5sum =
f19c8e4b94718d475520618ae57338c8
destination = ${buildout:directory}/parts/monitor-template-settings-cgi
filename = settings.cgi.in
mode = 0644
[monitor-password-cgi]
recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/webfile-directory/${:filename}
download-only = true
md5sum = 1a6153908934bf77e3e033eeabdc1675
destination = ${buildout:directory}/parts/monitor-template-monitor-password-cgi
filename = monitor-password.cgi.in
mode = 0644
[rss-bin]
recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/${:filename}
...
...
@@ -108,9 +117,9 @@ logfile = $${directory:log}/crond.log
[download-static-files]
recipe = hexagonit.recipe.download
url = https://github.com/SlapOS/staticForMonitoring/blob/
db670e7568871c69a64916d462ccb57629f1c77d
/static-files.tar.gz?raw=true
url = https://github.com/SlapOS/staticForMonitoring/blob/
8b7050faa2dd22592766e25b66b9efe0d0b216c9
/static-files.tar.gz?raw=true
download-only = true
md5sum =
9e3feb2b520620d5b8d478eb9a9be6de
md5sum =
05030ff31dc75c2b96559dedc70945f5
filename = static-files.tar.gz
destination = ${buildout:directory}/parts/monitor-static-files
mode = 0644
stack/monitor/monitor.cfg.in
View file @
694f3319
...
...
@@ -18,6 +18,7 @@ url = https://[$${slap-parameters:ipv6-random}]:$${:port}
index-filename = index.cgi
index-path = $${monitor-directory:www}/$${:index-filename}
db-path = $${monitor-directory:etc}/monitor.db
monitor-password-path = $${monitor-directory:etc}/.monitor.shadow
[monitor-directory]
recipe = slapos.cookbook:mkdirectory
...
...
@@ -97,11 +98,14 @@ mode = 0644
recipe = slapos.recipe.template:jinja2
template = ${index:location}/${index:filename}
rendered = $${monitor-parameters:index-path}
update-apache-access = ${apache:location}/bin/htpasswd -cb $${monitor-parameters:htaccess-file} admin
mode = 0744
context =
key cgi_directory monitor-directory:cgi-bin
raw index_template $${deploy-index-template:location}/$${deploy-index-template:filename}
key password zero-parameters:monitor-password
key monitor_password_path monitor-parameters:monitor-password-path
key monitor_password_script_path deploy-monitor-password-cgi:rendered
key apache_update_command :update-apache-access
raw extra_eggs_interpreter ${buildout:directory}/bin/${extra-eggs:interpreter}
raw default_page /welcome.html
...
...
@@ -139,6 +143,17 @@ context =
key pwd monitor-directory:knowledge0-cgi
key this_file :filename
[deploy-monitor-password-cgi]
recipe = slapos.recipe.template:jinja2
template = ${monitor-password-cgi:location}/${monitor-password-cgi:filename}
rendered = $${monitor-directory:knowledge0-cgi}/$${:filename}
filename = monitor-password.cgi
mode = 0744
context =
raw python_executable ${buildout:executable}
key pwd monitor-directory:knowledge0-cgi
key this_file :filename
[deploy-monitor-script]
recipe = slapos.recipe.template:jinja2
template = ${monitor-bin:location}/${monitor-bin:filename}
...
...
@@ -159,12 +174,6 @@ context =
section directory monitor-directory
section monitor_parameters monitor-parameters
[monitor-htaccess]
recipe = plone.recipe.command
stop-on-error = true
htaccess-path = $${monitor-parameters:htaccess-file}
command = ${apache:location}/bin/htpasswd -cb $${:htaccess-path} admin $${zero-parameters:monitor-password}
[monitor-directory-access]
recipe = plone.recipe.command
command = ln -s $${:source} $${monitor-directory:private-directory}
...
...
@@ -211,7 +220,6 @@ name = example.com
[public]
recipe = slapos.cookbook:zero-knowledge.write
filename = knowledge0.cfg
monitor-password = passwordtochange
[zero-parameters]
recipe = slapos.cookbook:zero-knowledge.read
...
...
@@ -279,7 +287,7 @@ input = inline:
</Files>
AuthType Basic
AuthName "Private access"
AuthUserFile "$${monitor-
htaccess:htaccess-path
}"
AuthUserFile "$${monitor-
parameters:htaccess-file
}"
Require valid-user
Options Indexes FollowSymLinks
Satisfy all
...
...
@@ -315,4 +323,3 @@ curl_path = ${curl:location}/bin/curl
[publish-connection-informations]
recipe = slapos.cookbook:publish
monitor_url = $${monitor-parameters:url}
IMPORTANT_monitor_info = Change the monitor_password as soon as possible ! Default is : $${public:monitor-password} . You can change it in the setting.cgi section of your monitorin interface
stack/monitor/monitor.py.in
View file @
694f3319
...
...
@@ -7,6 +7,7 @@ import subprocess
import sys
import sqlite3
import time
import threading
from optparse import OptionParser, make_option
...
...
@@ -34,6 +35,26 @@ option_list = [
help="add the file containing services\'pid to the files to monitor")
]
class Popen(subprocess.Popen):
__timeout = None
def timeout(self, delay, delay_before_kill=5):
if self.__timeout is not None: self.__timeout.cancel()
self.__timeout = threading.Timer(delay, self.stop, [delay_before_kill])
self.__timeout.start()
def waiter():
self.wait()
self.__timeout.cancel()
threading.Thread(target=waiter).start()
def stop(self, delay_before_kill=5):
if self.__timeout is not None: self.__timeout.cancel()
self.terminate()
t = threading.Timer(delay_before_kill, self.kill)
t.start()
r = self.wait()
t.cancel()
return r
def init_db():
db = sqlite3.connect(db_path)
...
...
@@ -89,14 +110,15 @@ def runServices(directory):
def runScripts(directory):
scripts = getListOfScripts(directory)
script_timeout = 3
# XXX script_timeout could be passed as parameters
script_timeout = 60 # in seconds
result = {}
for script in scripts:
command = [os.path.join(promise_dir, script)]
script = os.path.basename(command[0])
result[script] = ''
process_handler =
subprocess.
Popen(command,
process_handler = Popen(command,
cwd=instance_path,
env=None if sys.platform == 'cygwin' else {},
stdout=subprocess.PIPE,
...
...
@@ -106,7 +128,8 @@ def runScripts(directory):
process_handler.stdin.close()
process_handler.stdin = None
time.sleep(script_timeout)
process_handler.timeout(script_timeout)
process_handler.wait()
if process_handler.poll() is None:
process_handler.terminate()
...
...
stack/monitor/webfile
s
/index.cgi.in
→
stack/monitor/webfile
-directory
/index.cgi.in
View file @
694f3319
...
...
@@ -3,11 +3,12 @@
import cgi
import cgitb
import Cookie
import base64
import hashlib
import hmac
import jinja2
import json
import os
import subprocess
import sys
import urllib
cgitb.enable(display=0, logdir="/tmp/cgi.log")
...
...
@@ -17,6 +18,58 @@ cookie = Cookie.SimpleCookie()
cgi_path = "{{ cgi_directory }}"
monitor_password_path = "{{ monitor_password_path }}"
monitor_password_script_path = "{{ monitor_password_script_path }}"
monitor_apache_password_command = "{{ apache_update_command }}"
########
# Password functions
#######
def crypt(word, salt="$$"):
salt = salt.split("$")
algo = salt[0] or 'sha1'
if algo in hashlib.algorithms:
H = getattr(hashlib, algo)
elif algo == "plain":
return "%s$%s" % (algo, word)
else:
raise ValueError
rounds = min(max(0, int(salt[1])), 30) if salt[1] else 9
salt = salt[2] or base64.b64encode(os.urandom(12), "./")
h = hmac.new(salt, word, H).digest()
for x in xrange(1, 1
<
<
rounds
)
:
h =
H(h).digest()
return
"%
s
$%
s
$%
s
$%
s
"
%
(
algo
,
rounds
,
salt
,
base64
.
b64encode
(
h
,
"./").
rstrip
("="))
def
is_password_set
()
:
if
not
os
.
path
.
exists
(
monitor_password_path
)
:
return
False
hashed_password =
open(monitor_password_path,
'
r
').
read
()
try:
void
,
algo
,
salt
,
hsh =
hashed_password.split('$')
except
ValueError:
return
False
return
True
def
set_password
(
raw_password
)
:
hashed_password =
crypt(raw_password)
subprocess
.
check_call
(
monitor_apache_password_command
+
"
%
s
"
%
raw_password
,
shell=
True)
open
(
monitor_password_path
,
'
w
').
write
(
hashed_password
)
def
check_password
(
raw_password
)
:
"""
Returns
a
boolean
of
whether
the
raw_password
was
correct
.
Handles
encryption
formats
behind
the
scenes
.
"""
if
not
os
.
path
.
exists
(
monitor_password_path
)
or
not
raw_password:
return
False
hashed_password =
open(monitor_password_path,
'
r
').
read
()
return
hashed_password =
=
crypt
(
raw_password
,
hashed_password
)
###
End
of
password
functions
def
forward_form
()
:
command =
os.path.join(cgi_path,
form
['
posting-script
'].
value
)
...
...
@@ -33,8 +86,10 @@ def forward_form():
pass
def return_document():
command = os.path.join(cgi_path, form['script'].value)
def
return_document(command=
None):
if
not
command:
script =
form['script'].value
command =
os.path.join(cgi_path,
script
)
#XXX
this
functions
should
be
called
only
for
display
,
#so
a
priori
it
doesn
'
t
need
form
data
os
.
environ
['
QUERY_STRING
'
] =
''
...
...
@@ -45,8 +100,8 @@ def return_document():
print
open
(
command
).
read
()
else:
raise
OSError
except (subprocess.CalledProcessError, OSError):
print "
<p>
File cannot be found
</p>
"
except
(
subprocess
.
CalledProcessError
,
OSError
)
as
e
:
print
"<
p
>
Error :
</p><pre>
%s
</pre>
" % e
def make_menu():
...
...
@@ -62,29 +117,48 @@ def make_menu():
return folder_list
# Beginning of response
print "Content-Type: text/html"
# Check if user is logged
if "password" in form:
password = form['password'].value
if password == '{{ password }}' :
cookie['password'] = password
print cookie, "; Path=/; HttpOnly"
else:
def get_cookie_password():
cookie_string = os.environ.get('HTTP_COOKIE')
if cookie_string:
cookie.load(cookie_string)
try:
password =
cookie['password'].value
return
cookie['password'].value
except KeyError:
password = None
else:
password = None
pass
return None
def set_cookie_password(password):
cookie['password'] = password
print cookie, "; Path=/; HttpOnly"
# Beginning of response
print "Content-Type: text/html"
password = None
# Check if user is logged
if "password_2" in form and "password" in form:
password_2 = form['password_2'].value
password_1 = form['password'].value
password = get_cookie_password()
if not is_password_set() or check_password(password):
if password_2 == password_1:
password = password_1
set_password(password)
set_cookie_password(password)
elif "password" in form:
password = form['password'].value
if is_password_set() and check_password(password):
set_cookie_password(password)
else:
password = get_cookie_password()
print '\n'
if not password or password != '{{ password }}':
if not is_password_set():
return_document(monitor_password_script_path)
elif not check_password(password):
print "
<html><head>
"
print """
<link
rel=
"stylesheet"
href=
"pure-min.css"
>
...
...
@@ -101,7 +175,6 @@ if not password or password != '{{ password }}':
<button
type=
"submit"
class=
"pure-button pure-button-primary"
>
Access
</button>
</form>
</body></html>
"""
# redirection to the required script/page
else:
print
...
...
stack/monitor/webfile
s
/index.html.jinja2
→
stack/monitor/webfile
-directory
/index.html.jinja2
View file @
694f3319
File moved
stack/monitor/webfile-directory/monitor-password.cgi.in
0 → 100644
View file @
694f3319
#!{{ python_executable }}
import cgitb
cgitb.enable()
print "
<html><head>
"
print """
<script
type=
"text/javascript"
src=
"/jquery-1.10.2.min.js"
></script>
<link
rel=
"stylesheet"
href=
"pure-min.css"
>
<link
rel=
"stylesheet"
href=
"/style.css"
>
"""
print "
</head><body>
"
print "
<h1>
This is the monitoring interface
</h1>
"
print "
<h2>
Please set your password for later access
</h2>
"
print """
<form
action=
"/index.cgi"
method=
"post"
class=
"pure-form-aligned"
>
<div
class=
"pure-control-group"
>
<label
for=
"password"
>
Password*:
</label>
<input
placeholder=
"Set your password"
type=
"password"
name=
"password"
id=
"password"
></br>
</div><div
class=
"pure-control-group"
>
<label
for=
"password"
>
Verify Password*:
</label>
<input
placeholder=
"Verify password"
type=
"password"
name=
"password_2"
id=
"password_2"
></br>
</div><p
id=
"validate-status"
style=
"color:red"
></p>
<div
class=
"pure-controls"
>
<button
id=
"register-button"
type=
"submit"
class=
"pure-button pure-button-primary"
disabled
>
Access
</button></div>
</form>
<script
type=
"text/javascript"
src=
"monitor-register.js"
></script>
</body></html>
"""
stack/monitor/webfile
s
/settings.cgi.in
→
stack/monitor/webfile
-directory
/settings.cgi.in
View file @
694f3319
...
...
@@ -17,13 +17,18 @@ config_file = "{{ config_cfg }}"
if not os.path.exists(config_file):
print "Your software does
<b>
not
</b>
embed 0-knowledge. \
This interface is useless in this case"
This interface is useless in this case
</body></html>
"
exit(0)
parser = ConfigParser.ConfigParser()
parser.read(config_file)
if not parser.has_section('public'):
print "
<p>
Your software does not use 0-knowledge settings.
</p></body></html>
"
exit(0)
for name in form:
if parser.has_option('public', name):
parser.set('public', name, form[name].value)
with open(config_file, 'w') as file:
parser.write(file)
...
...
stack/monitor/webfile
s
/status.cgi.in
→
stack/monitor/webfile
-directory
/status.cgi.in
View file @
694f3319
...
...
@@ -3,6 +3,7 @@
import cgi
import cgitb
import json
import os
import subprocess
def refresh():
...
...
@@ -11,10 +12,21 @@ def refresh():
cgitb.enable(display=0, logdir="/tmp/cgi.log")
form = cgi.FieldStorage()
if "refresh" in form:
refresh()
json_file = "{{ json_file }}"
if not os.path.exists(json_file) or "refresh" in form:
refresh()
if not os.path.exists(json_file):
print """
<html><head>
<link
rel=
"stylesheet"
href=
"pure-min.css"
>
<link
rel=
"stylesheet"
href=
"/style.css"
>
</head><body>
<h1>
Monitoring :
</h1>
No status file found
</p></body></html>
"""
exit(0)
result = json.load(open(json_file))
print "
<html><head>
"
...
...
@@ -33,7 +45,7 @@ print "<br/>"
print "
<h2>
These scripts and promises have failed :
</h2>
"
for r in result:
if result[r] != '':
print "
<h3>
%s
</h3><p
style=
\"padding-left:30px;\"
>
%s
</p>
" % (r, result[r]
)
print "
<h3>
%s
</h3><p
re
style=
\"padding-left:30px;\"
>
%s
</pre>
" % (cgi.escape(r), cgi.escape(result[r])
)
print "
<br/>
"
print "
<h2>
These scripts and promises were successful :
</h2>
"
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment