instance-runner.cfg 15.7 KB
Newer Older
1 2
[buildout]
parts =
3 4 5 6
  nginx_conf
  nginx-launcher
  certificate-authority
  ca-nginx
7
  ca-shellinabox
8 9
  gunicorn-launcher
  gunicorn-graceful
10
  test-runner
11
  sshkeys-dropbear-runner
12
  dropbear-server-add-authorized-key
13
  sshkeys-authority
14
  publish-connection-informations
15 16 17
  slaprunner-promise
  slaprunner-frontend-promise
  dropbear-promise
18
  shellinabox-promise
19
  symlinks
20
  shellinabox
21
  slapos-cfg
22
  slapos-repo-config
23
  prepare-software
24 25 26
{% if slapparameter_dict.get('custom-frontend-backend-url') %}
  custom-frontend-promise
{% endif %}
27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43
###Parts to add for monitoring
  slap-parameters
  certificate-authority
  cron
  cron-entry-monitor
  cron-entry-rss
  deploy-monitor-cgi
  deploy-control-cgi
  deploy-monitor-script
  deploy-rss-script
  make-rss
  certificate-authority
  public
  zero-parameters
  cgi-httpd-wrapper

extends = ${monitor-template:output}
44 45 46 47 48

eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true

49 50 51 52 53 54 55 56 57 58 59 60 61
{% if slapparameter_dict.get('custom-frontend-backend-url') -%}
# Requests, if defined, a frontend to allow access to a server
# located inside of the virtual machine listening to port X
# to LAN IPv4.
# Internaly, the frontend will be asked to listen on the IPv6
# with port X + 10000, to match NAT rules of Qemu.
[request-custom-frontend]
recipe = slapos.cookbook:request
software-url = {{ slapparameter_dict.get('custom-frontend-software-url', 'http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg') }}
software-type = {{ slapparameter_dict.get('custom-frontend-software-type', 'RootSoftwareInstance') }}
slave = true
name = Custom Web Frontend

62 63 64 65 66
server-url = $${slap-connection:server-url}
key-file = $${slap-connection:key-file}
cert-file = $${slap-connection:cert-file}
computer-id = $${slap-connection:computer-id}
partition-id = $${slap-connection:partition-id}
67 68 69

{% if slapparameter_dict.get('custom-frontend-instance-guid') -%}
sla = instance_guid
70
sla-instance_guid = $${slap-parameter:frontend-instance-guid}
71 72
{% endif -%}

73
config = url
74
config-url = {{ slapparameter_dict.get('custom-frontend-backend-url') }}
75
return = site_url domain
76 77 78

[custom-frontend-promise]
recipe = slapos.cookbook:check_url_available
79 80 81 82 83
path = $${directory:promises}/custom_frontend_promise
url = https://$${request-custom-frontend:connection-domain}
{% if slapparameter_dict.get('custom-frontend-basic-auth') -%}
check-secure = 1
{% endif -%}
84 85 86 87
dash_path = {{ dash_executable_location }}
curl_path = {{ curl_executable_location }}

[publish-connection-informations]
88
custom-frontend-url = https://$${request-custom-frontend:connection-domain}
89 90
{% endif -%}

91
# Create all needed directories
92
[directory]
93 94 95 96 97
recipe = slapos.cookbook:mkdirectory
etc = $${buildout:directory}/etc/
var = $${buildout:directory}/var/
srv = $${buildout:directory}/srv/
bin = $${buildout:directory}/bin/
98
tmp = $${buildout:directory}/tmp/
99

100 101 102 103 104 105 106 107 108
sshkeys = $${:srv}/sshkeys
services = $${:etc}/service/
scripts = $${:etc}/run/
ssh = $${:etc}/ssh/
log = $${:var}/log/
run = $${:var}/run/
backup = $${:srv}/backup/
promises = $${:etc}/promise/
test = $${:etc}/test/
109
nginx-data = $${directory:srv}/nginx
110
ca-dir = $${:srv}/ssl
111
project = $${:srv}/runner/project/
112 113 114

[runnerdirectory]
recipe = slapos.cookbook:mkdirectory
115 116
home = $${directory:srv}/runner/
test = $${directory:srv}/test/
117 118 119
project = $${:home}/project
software-root = $${:home}/software
instance-root = $${:home}/instance
120 121 122
project-test = $${:test}/project
software-test = $${:test}/software
instance-test = $${:test}/instance
123
sessions = $${buildout:directory}/.sessions
124

125 126
#Create password recovery code for slaprunner
[recovery-code]
127
recipe = slapos.cookbook:generate.password
128
storage-path = $${directory:etc}/.rcode
129
bytes = 8
130

131
[slaprunner]
132 133 134 135 136
slaprunner = ${buildout:directory}/bin/slaprunner
slapgrid_sr = ${buildout:directory}/bin/slapgrid-sr
slapgrid_cp = ${buildout:directory}/bin/slapgrid-cp
slapproxy = ${buildout:directory}/bin/slapproxy
supervisor = ${buildout:directory}/bin/slapgrid-supervisorctl
137
git-binary = ${git:location}/bin/git
138
slapos.cfg = $${directory:etc}/slapos.cfg
139 140 141 142
working-directory = $${runnerdirectory:home}
project-directory = $${runnerdirectory:project}
software-directory = $${runnerdirectory:software-root}
instance-directory = $${runnerdirectory:instance-root}
143 144 145
etc_dir = $${directory:etc}
log_dir =  $${directory:log}
run_dir = $${directory:run}
146 147 148
ssh_client = $${sshkeys-dropbear-runner:wrapper}
public_key = $${sshkeys-dropbear-runner:public-key}
private_key = $${sshkeys-dropbear-runner:private-key}
149 150
ipv4 = $${slap-network-information:local-ipv4}
ipv6 = $${slap-network-information:global-ipv6}
Jean-Baptiste Petre's avatar
Jean-Baptiste Petre committed
151
proxy_port = 50000
152
runner_port = 50005
153
partition-amount = $${slap-parameter:instance-amount}
154
wrapper = $${directory:services}/slaprunner
155
debug = $${slap-parameter:debug}
156
access-url = https://[$${:ipv6}]:$${:runner_port} 
Nicolas Wavrant's avatar
Nicolas Wavrant committed
157 158
supd-temp-var = $${directory:etc}/supervisord.conf
prox-db-var = $${slaprunner:working-directory}/proxy.db
159 160 161
console = False
verbose = False
debug = False
162

163 164 165 166
[test-runner]
<= slaprunner
recipe = slapos.cookbook:slaprunner.test
slaprunnertest = ${buildout:directory}/bin/slaprunnertest
167
slapos.cfg = $${directory:etc}/slapos-test.cfg
168 169 170 171
working-directory = $${runnerdirectory:test}
project-directory = $${runnerdirectory:project-test}
software-directory = $${runnerdirectory:software-test}
instance-directory = $${runnerdirectory:instance-test}
172
proxy_port = 8602
173 174 175 176 177 178 179 180 181
wrapper = $${directory:bin}/runTestSuite
etc_dir = $${directory:test}


# Deploy dropbear (minimalist SSH server)
[sshkeys-directory]
recipe = slapos.cookbook:mkdirectory
requests = $${directory:sshkeys}/requests/
keys = $${directory:sshkeys}/keys/
182

183 184 185 186
[sshkeys-authority]
recipe = slapos.cookbook:sshkeys_authority
request-directory = $${sshkeys-directory:requests}
keys-directory = $${sshkeys-directory:keys}
187
wrapper = $${directory:services}/sshkeys_authority
188 189
keygen-binary = ${dropbear:location}/bin/dropbearkey

190
[dropbear-runner-server]
191 192
recipe = slapos.cookbook:dropbear
host = $${slap-network-information:global-ipv6}
193
port = 22222
194
home = $${directory:ssh}
195 196
wrapper = $${directory:bin}/runner_sshd
shell = ${bash:location}/bin/bash
197 198 199
rsa-keyfile = $${directory:ssh}/server_key.rsa
dropbear-binary = ${dropbear:location}/sbin/dropbear

200
[sshkeys-dropbear-runner]
201 202 203 204
<= sshkeys-authority
recipe = slapos.cookbook:sshkeys_authority.request
name = dropbear
type = rsa
205 206 207 208
executable = $${dropbear-runner-server:wrapper}
public-key = $${dropbear-runner-server:rsa-keyfile}.pub
private-key = $${dropbear-runner-server:rsa-keyfile}
wrapper = $${directory:services}/runner_sshd
209 210

[dropbear-server-add-authorized-key]
211
<= dropbear-runner-server
212 213 214
recipe = slapos.cookbook:dropbear.add_authorized_key
key = $${slap-parameter:authorized-key}

215
#---------------------------
216
#--
217 218
#-- Set nginx frontend

219 220 221 222 223 224 225 226 227 228 229 230
[tempdirectory]
recipe = slapos.cookbook:mkdirectory
client_body_temp_path = $${directory:tmp}/client_body_temp_path
proxy_temp_path = $${directory:tmp}/proxy_temp_path
fastcgi_temp_path = $${directory:tmp}/fastcgi_temp_path
uwsgi_temp_path = $${directory:tmp}/uwsgi_temp_path
scgi_temp_path = $${directory:tmp}/scgi_temp_path

[nginx-frontend]
# Options
nb_workers = 2
# Network
231
local-ip = $${slap-network-information:local-ipv4}
232
port = 30001
233 234
global-ip = $${slap-network-information:global-ipv6}
global-port = $${slaprunner:runner_port}
235
# Backend
236 237
runner-ip = $${slaprunner:ipv4}
runner-port = $${slaprunner:runner_port}
238 239 240 241 242 243 244 245
# SSL
ssl-certificate = $${ca-nginx:cert-file}
ssl-key = $${ca-nginx:key-file}
# Log
path_pid = $${directory:run}/nginx.pid
path_log = $${directory:log}/nginx.log
path_access_log = $${directory:log}/nginx.access.log
path_error_log = $${directory:log}/nginx.error.log
246
path_tmp = $${directory:tmp}/
247 248 249 250
# Config files
path_nginx_conf = $${directory:etc}/nginx.conf
# Executables
bin_nginx = ${nginx:location}/sbin/nginx
251
bin_launcher = $${directory:bin}/launcher
252 253
# Utils
path_shell = ${dash:location}/bin/dash
254 255
# Misc.
etc_dir = $${directory:etc}
256 257 258 259 260 261 262


[nginx_conf]
recipe = slapos.recipe.template:jinja2
template = ${template_nginx_conf:location}/${template_nginx_conf:filename}
rendered = $${nginx-frontend:path_nginx_conf}
context =
263
    key shellinabox_port shellinabox:port
264
    key socket gunicorn:socket
265 266 267 268 269 270 271 272 273 274 275
    section param_nginx_frontend nginx-frontend
    section param_tempdir tempdirectory

[nginx-launcher]
recipe = slapos.recipe.template:jinja2
template = ${template_launcher:location}/${template_launcher:filename}
rendered = $${nginx-frontend:bin_launcher}
mode = 700
context =
    section param_nginx_frontend nginx-frontend

276 277 278 279
#--------------------
#--
#-- WSGI

280
[gunicorn]
281 282 283 284 285 286 287 288
bin_gunicorn = $${directory:bin}/gunicorn
bin_launcher = $${directory:services}/gunicorn
path_shell = ${dash:location}/bin/dash
socket = $${directory:tmp}/flaskserver.sock
path_pid = $${directory:run}/gunicorn.pid

[gunicorn-launcher]
recipe = slapos.cookbook:wrapper
289 290
command-line = $${gunicorn:bin_gunicorn} slapos.runner:app -p $${gunicorn:path_pid} -b unix:$${gunicorn:socket} -e RUNNER_CONFIG=$${slaprunner:slapos.cfg} --preload
wrapper-path = $${gunicorn:bin_launcher}
291 292 293 294 295
environment = PATH=$${environ:PATH}
  RUNNER_CONFIG=$${slaprunner:slapos.cfg}

[gunicorn-graceful]
recipe = slapos.cookbook:wrapper
296
command-line = $${directory:bin}/killpidfromfile $${gunicorn:path_pid} SIGHUP
297 298
wrapper-path = $${directory:scripts}/gunicorn-graceful

299
#--------------------
300
#--
301
#-- ssl certificates
302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326

[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = ${openssl:location}/bin/openssl
ca-dir = $${directory:ca-dir}
requests-directory = $${cadirectory:requests}
wrapper = $${directory:services}/certificate_authority
ca-private = $${cadirectory:private}
ca-certs = $${cadirectory:certs}
ca-newcerts = $${cadirectory:newcerts}
ca-crl = $${cadirectory:crl}

[cadirectory]
recipe = slapos.cookbook:mkdirectory
requests = $${directory:ca-dir}/requests/
private = $${directory:ca-dir}/private/
certs = $${directory:ca-dir}/certs/
newcerts = $${directory:ca-dir}/newcerts/
crl = $${directory:ca-dir}/crl/

[ca-nginx]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = $${cadirectory:certs}/nginx_frontend.key
cert-file = $${cadirectory:certs}/nginx_frontend.crt
327 328
executable = $${nginx-launcher:rendered}
wrapper = $${directory:services}/nginx-frontend
329 330 331
# Put domain name
name = example.com

332 333 334 335 336
[ca-shellinabox]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
executable = $${shellinabox:wrapper}
wrapper = $${directory:services}/shellinaboxd
337 338
key-file = $${cadirectory:certs}/shellinabox.key
cert-file = $${cadirectory:certs}/shellinabox.crt
339
#--------------------
340 341
#--
#-- Request frontend
342

343 344
[request-frontend]
<= slap-connection
345
recipe = slapos.cookbook:requestoptional
346
name = SlapRunner Frontend
347 348 349
# XXX We have hardcoded SR URL here.
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
slave = true
350
config = url domain
351
config-url = $${slaprunner:access-url}
352
config-domain = $${slap-parameter:frontend-domain}
353
return = site_url domain
354

355
#--------------------------------------
356 357
#--
#-- Send informations to SlapOS Master
358

359 360
[publish-connection-informations]
recipe = slapos.cookbook:publish
361
1_info = On your first run, Use "access_url" to setup you account.Then you can use both "url" or "access_url". Or "backend_url" if you want to use ipv6.
362
backend_url = $${slaprunner:access-url}
363
access_url = $${:url}/login
364
url =  https://$${request-frontend:connection-domain}
365
ssh_command = ssh $${dropbear-runner-server:host} -p $${dropbear-runner-server:port}
366
shell_password = $${shellinabox:password}
367
password_recovery_code = $${recovery-code:passwd}
368

369 370 371
#---------------------------
#--
#-- Deploy promises scripts
Jean-Baptiste Petre's avatar
Jean-Baptiste Petre committed
372

373 374
[slaprunner-promise]
recipe = slapos.cookbook:check_port_listening
375
path = $${directory:promises}/slaprunner
376 377
hostname = $${slaprunner:ipv6}
port = $${slaprunner:runner_port}
Jean-Baptiste Petre's avatar
Jean-Baptiste Petre committed
378

379
[slaprunner-frontend-promise]
Jean-Baptiste Petre's avatar
Jean-Baptiste Petre committed
380
recipe = slapos.cookbook:check_url_available
381
path = $${directory:promises}/slaprunner_frontend
382
url = https://$${request-frontend:connection-domain}/login
Jean-Baptiste Petre's avatar
Jean-Baptiste Petre committed
383 384 385
dash_path = ${dash:location}/bin/dash
curl_path = ${curl:location}/bin/curl

386 387
[dropbear-promise]
recipe = slapos.cookbook:check_port_listening
388
path = $${directory:promises}/dropbear
389 390
hostname = $${dropbear-runner-server:host}
port = $${dropbear-runner-server:port}
391

392 393 394 395 396 397
[shellinabox-promise]
recipe = slapos.cookbook:check_port_listening
path = $${directory:promises}/shellinabox
hostname = $${shellinabox:ipv6}
port = $${shellinabox:port}

398 399
[symlinks]
recipe = cns.recipe.symlink
400
symlink_target = $${directory:bin}
401
symlink_base = ${buildout:directory}/bin
402 403 404 405

[slap-parameter]
# Default value if no ssh key is specified
authorized-key =
406
# Default value of instances number in slaprunner
407
instance-amount = 10
408 409
debug = false
frontend-domain =
410 411 412 413
slapos-repository = http://git.erp5.org/repos/slapos.git
slapos-software =
slapos-reference = master
auto-deploy = true
414
auto-deploy-instance = true
415

416 417 418 419 420 421 422 423
[slapos-cfg]
recipe = slapos.recipe.template:jinja2
template = ${slapos-cfg-template:location}/${slapos-cfg-template:filename}
rendered = $${slaprunner:slapos.cfg}
mode = 700
context =
  key software_root runnerdirectory:software-root
  key instance_root runnerdirectory:instance-root
424 425 426 427 428
  key cloud9_url slaprunner:cloud9-url
  key console slaprunner:console
  key debug slaprunner:debug
  key etc_dir slaprunner:etc_dir
  key git slaprunner:git-binary
429
  key ipv4 slaprunner:ipv4
430 431
  key ipv6 slaprunner:ipv6
  key log_dir slaprunner:log_dir
432
  key partition_amount slaprunner:partition-amount
433 434 435 436 437 438 439 440
  key private_key slaprunner:private_key
  key proxy_database slaprunner:prox-db-var
  key proxy_host slaprunner:ipv4
  key proxy_port slaprunner:proxy_port
  key public_key slaprunner:public_key
  key run_dir slaprunner:run_dir
  key runner_port slaprunner:runner_port
  key runner_workdir slaprunner:working-directory
441
  key slapgrid_cp slaprunner:slapgrid_cp
442
  key slapgrid_sr slaprunner:slapgrid_sr 
443
  key slapproxy slaprunner:slapproxy 
444
  key ssh_client slaprunner:ssh_client
445
  key supervisor slaprunner:supervisor
Nicolas Wavrant's avatar
Nicolas Wavrant committed
446
  key supervisord_config slaprunner:supd-temp-var
447
  key verbose slaprunner:verbose
448
  key auto_deploy slap-parameter:auto-deploy
449
  key auto_deploy_instance slap-parameter:auto-deploy-instance
450

451 452
[shellinabox]
recipe = slapos.cookbook:shellinabox
453
ipv6 = $${slap-network-information:global-ipv6}
454
port = 8080
455
shell = $${shell:wrapper}
456
wrapper = $${directory:bin}/shellinaboxd
457
shellinabox-binary = ${shellinabox:location}/bin/shellinaboxd 
458 459
password = $${shellinabox-code:passwd}
directory = $${runnerdirectory:home}
460
login-shell = $${directory:bin}/login
461 462 463
certificate-directory = $${cadirectory:certs}
cert-file = $${ca-shellinabox:cert-file}
key-file = $${ca-shellinabox:key-file}
464

465 466 467
[shellinabox-code]
recipe = slapos.cookbook:generate.password
storage-path = $${directory:etc}/.scode
468
bytes = 8
469 470 471 472 473 474

[shell]
recipe = slapos.cookbook:shell
wrapper = $${directory:bin}/sh
shell = ${bash:location}/bin/bash
home = $${runnerdirectory:home}
475
path = $${environ:PATH}:${nano:location}/bin:${vim:location}/bin:${screen:location}/bin:${git:location}/bin
476 477
ps1 = "\\w> "

478 479 480
[environ]
recipe = collective.recipe.environment

481 482 483 484 485 486 487 488 489 490 491 492
[slapos-repo]
recipe = slapos.recipe.build:gitclone
repository = $${slap-parameter:slapos-repository}
git-executable = ${git:location}/bin/git
develop = true
location = $${directory:project}/slapos

[slapos-repo-config]
recipe = plone.recipe.command
stop-on-error = true
reference = $${slap-parameter:slapos-reference}
location = $${slapos-repo:location}
493
command = cd $${:location} && ${git:location}/bin/git checkout $${:reference} && echo "$${directory:etc}/.project" && SR=$${slap-parameter:slapos-software} && if [ -n "$SR" ] && [ ! -f "$${directory:etc}/.project" ]; then echo workspace/slapos/$${slap-parameter:slapos-software}/ > $${directory:etc}/.project; fi
494 495 496

[prepare-software]
recipe = slapos.cookbook:wrapper
497
command-line = ${curl:location}/bin/curl -g https://[$${slaprunner:ipv6}]:$${slaprunner:runner_port}/isSRReady --max-time 1 --insecure
498 499
wrapper-path = $${directory:scripts}/prepareSoftware