[buildout] parts = nginx_conf nginx-launcher certificate-authority ca-nginx ca-shellinabox gunicorn-launcher gunicorn-graceful test-runner sshkeys-dropbear-runner dropbear-server-add-authorized-key sshkeys-authority publish-connection-informations slaprunner-promise slaprunner-frontend-promise dropbear-promise shellinabox-promise symlinks shellinabox slapos-cfg slapos-repo-config prepare-software {% if slapparameter_dict.get('custom-frontend-backend-url') %} custom-frontend-promise {% endif %} ###Parts to add for monitoring slap-parameters certificate-authority cron cron-entry-monitor cron-entry-rss deploy-monitor-cgi deploy-control-cgi deploy-monitor-script deploy-rss-script make-rss certificate-authority public zero-parameters cgi-httpd-wrapper extends = ${monitor-template:output} eggs-directory = ${buildout:eggs-directory} develop-eggs-directory = ${buildout:develop-eggs-directory} offline = true {% if slapparameter_dict.get('custom-frontend-backend-url') -%} # Requests, if defined, a frontend to allow access to a server # located inside of the virtual machine listening to port X # to LAN IPv4. # Internaly, the frontend will be asked to listen on the IPv6 # with port X + 10000, to match NAT rules of Qemu. [request-custom-frontend] recipe = slapos.cookbook:request software-url = {{ slapparameter_dict.get('custom-frontend-software-url', 'http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg') }} software-type = {{ slapparameter_dict.get('custom-frontend-software-type', 'RootSoftwareInstance') }} slave = true name = Custom Web Frontend server-url = $${slap-connection:server-url} key-file = $${slap-connection:key-file} cert-file = $${slap-connection:cert-file} computer-id = $${slap-connection:computer-id} partition-id = $${slap-connection:partition-id} {% if slapparameter_dict.get('custom-frontend-instance-guid') -%} sla = instance_guid sla-instance_guid = $${slap-parameter:frontend-instance-guid} {% endif -%} config = url config-url = {{ slapparameter_dict.get('custom-frontend-backend-url') }} return = site_url domain [custom-frontend-promise] recipe = slapos.cookbook:check_url_available path = $${directory:promises}/custom_frontend_promise url = https://$${request-custom-frontend:connection-domain} {% if slapparameter_dict.get('custom-frontend-basic-auth') -%} check-secure = 1 {% endif -%} dash_path = {{ dash_executable_location }} curl_path = {{ curl_executable_location }} [publish-connection-informations] custom-frontend-url = https://$${request-custom-frontend:connection-domain} {% endif -%} # Create all needed directories [directory] recipe = slapos.cookbook:mkdirectory etc = $${buildout:directory}/etc/ var = $${buildout:directory}/var/ srv = $${buildout:directory}/srv/ bin = $${buildout:directory}/bin/ tmp = $${buildout:directory}/tmp/ sshkeys = $${:srv}/sshkeys services = $${:etc}/service/ scripts = $${:etc}/run/ ssh = $${:etc}/ssh/ log = $${:var}/log/ run = $${:var}/run/ backup = $${:srv}/backup/ promises = $${:etc}/promise/ test = $${:etc}/test/ nginx-data = $${directory:srv}/nginx ca-dir = $${:srv}/ssl project = $${:srv}/runner/project/ [runnerdirectory] recipe = slapos.cookbook:mkdirectory home = $${directory:srv}/runner/ test = $${directory:srv}/test/ project = $${:home}/project software-root = $${:home}/software instance-root = $${:home}/instance project-test = $${:test}/project software-test = $${:test}/software instance-test = $${:test}/instance sessions = $${buildout:directory}/.sessions #Create password recovery code for slaprunner [recovery-code] recipe = slapos.cookbook:generate.password storage-path = $${directory:etc}/.rcode bytes = 8 [slaprunner] slaprunner = ${buildout:directory}/bin/slaprunner slapgrid_sr = ${buildout:directory}/bin/slapgrid-sr slapgrid_cp = ${buildout:directory}/bin/slapgrid-cp slapproxy = ${buildout:directory}/bin/slapproxy supervisor = ${buildout:directory}/bin/slapgrid-supervisorctl git-binary = ${git:location}/bin/git slapos.cfg = $${directory:etc}/slapos.cfg working-directory = $${runnerdirectory:home} project-directory = $${runnerdirectory:project} software-directory = $${runnerdirectory:software-root} instance-directory = $${runnerdirectory:instance-root} etc_dir = $${directory:etc} log_dir = $${directory:log} run_dir = $${directory:run} ssh_client = $${sshkeys-dropbear-runner:wrapper} public_key = $${sshkeys-dropbear-runner:public-key} private_key = $${sshkeys-dropbear-runner:private-key} ipv4 = $${slap-network-information:local-ipv4} ipv6 = $${slap-network-information:global-ipv6} proxy_port = 50000 runner_port = 50005 partition-amount = $${slap-parameter:instance-amount} wrapper = $${directory:services}/slaprunner debug = $${slap-parameter:debug} access-url = https://[$${:ipv6}]:$${:runner_port} supd-temp-var = $${directory:etc}/supervisord.conf prox-db-var = $${slaprunner:working-directory}/proxy.db console = False verbose = False debug = False [test-runner] <= slaprunner recipe = slapos.cookbook:slaprunner.test slaprunnertest = ${buildout:directory}/bin/slaprunnertest slapos.cfg = $${directory:etc}/slapos-test.cfg working-directory = $${runnerdirectory:test} project-directory = $${runnerdirectory:project-test} software-directory = $${runnerdirectory:software-test} instance-directory = $${runnerdirectory:instance-test} proxy_port = 8602 wrapper = $${directory:bin}/runTestSuite etc_dir = $${directory:test} # Deploy dropbear (minimalist SSH server) [sshkeys-directory] recipe = slapos.cookbook:mkdirectory requests = $${directory:sshkeys}/requests/ keys = $${directory:sshkeys}/keys/ [sshkeys-authority] recipe = slapos.cookbook:sshkeys_authority request-directory = $${sshkeys-directory:requests} keys-directory = $${sshkeys-directory:keys} wrapper = $${directory:services}/sshkeys_authority keygen-binary = ${dropbear:location}/bin/dropbearkey [dropbear-runner-server] recipe = slapos.cookbook:dropbear host = $${slap-network-information:global-ipv6} port = 22222 home = $${directory:ssh} wrapper = $${directory:bin}/runner_sshd shell = ${bash:location}/bin/bash rsa-keyfile = $${directory:ssh}/server_key.rsa dropbear-binary = ${dropbear:location}/sbin/dropbear [sshkeys-dropbear-runner] <= sshkeys-authority recipe = slapos.cookbook:sshkeys_authority.request name = dropbear type = rsa executable = $${dropbear-runner-server:wrapper} public-key = $${dropbear-runner-server:rsa-keyfile}.pub private-key = $${dropbear-runner-server:rsa-keyfile} wrapper = $${directory:services}/runner_sshd [dropbear-server-add-authorized-key] <= dropbear-runner-server recipe = slapos.cookbook:dropbear.add_authorized_key key = $${slap-parameter:authorized-key} #--------------------------- #-- #-- Set nginx frontend [tempdirectory] recipe = slapos.cookbook:mkdirectory client_body_temp_path = $${directory:tmp}/client_body_temp_path proxy_temp_path = $${directory:tmp}/proxy_temp_path fastcgi_temp_path = $${directory:tmp}/fastcgi_temp_path uwsgi_temp_path = $${directory:tmp}/uwsgi_temp_path scgi_temp_path = $${directory:tmp}/scgi_temp_path [nginx-frontend] # Options nb_workers = 2 # Network local-ip = $${slap-network-information:local-ipv4} port = 30001 global-ip = $${slap-network-information:global-ipv6} global-port = $${slaprunner:runner_port} # Backend runner-ip = $${slaprunner:ipv4} runner-port = $${slaprunner:runner_port} # SSL ssl-certificate = $${ca-nginx:cert-file} ssl-key = $${ca-nginx:key-file} # Log path_pid = $${directory:run}/nginx.pid path_log = $${directory:log}/nginx.log path_access_log = $${directory:log}/nginx.access.log path_error_log = $${directory:log}/nginx.error.log path_tmp = $${directory:tmp}/ # Config files path_nginx_conf = $${directory:etc}/nginx.conf # Executables bin_nginx = ${nginx:location}/sbin/nginx bin_launcher = $${directory:bin}/launcher # Utils path_shell = ${dash:location}/bin/dash # Misc. etc_dir = $${directory:etc} [nginx_conf] recipe = slapos.recipe.template:jinja2 template = ${template_nginx_conf:location}/${template_nginx_conf:filename} rendered = $${nginx-frontend:path_nginx_conf} context = key shellinabox_port shellinabox:port key socket gunicorn:socket section param_nginx_frontend nginx-frontend section param_tempdir tempdirectory [nginx-launcher] recipe = slapos.recipe.template:jinja2 template = ${template_launcher:location}/${template_launcher:filename} rendered = $${nginx-frontend:bin_launcher} mode = 700 context = section param_nginx_frontend nginx-frontend #-------------------- #-- #-- WSGI [gunicorn] bin_gunicorn = $${directory:bin}/gunicorn bin_launcher = $${directory:services}/gunicorn path_shell = ${dash:location}/bin/dash socket = $${directory:tmp}/flaskserver.sock path_pid = $${directory:run}/gunicorn.pid [gunicorn-launcher] recipe = slapos.cookbook:wrapper command-line = $${gunicorn:bin_gunicorn} slapos.runner:app -p $${gunicorn:path_pid} -b unix:$${gunicorn:socket} -e RUNNER_CONFIG=$${slaprunner:slapos.cfg} --preload wrapper-path = $${gunicorn:bin_launcher} environment = PATH=$${environ:PATH} RUNNER_CONFIG=$${slaprunner:slapos.cfg} [gunicorn-graceful] recipe = slapos.cookbook:wrapper command-line = $${directory:bin}/killpidfromfile $${gunicorn:path_pid} SIGHUP wrapper-path = $${directory:scripts}/gunicorn-graceful #-------------------- #-- #-- ssl certificates [certificate-authority] recipe = slapos.cookbook:certificate_authority openssl-binary = ${openssl:location}/bin/openssl ca-dir = $${directory:ca-dir} requests-directory = $${cadirectory:requests} wrapper = $${directory:services}/certificate_authority ca-private = $${cadirectory:private} ca-certs = $${cadirectory:certs} ca-newcerts = $${cadirectory:newcerts} ca-crl = $${cadirectory:crl} [cadirectory] recipe = slapos.cookbook:mkdirectory requests = $${directory:ca-dir}/requests/ private = $${directory:ca-dir}/private/ certs = $${directory:ca-dir}/certs/ newcerts = $${directory:ca-dir}/newcerts/ crl = $${directory:ca-dir}/crl/ [ca-nginx] <= certificate-authority recipe = slapos.cookbook:certificate_authority.request key-file = $${cadirectory:certs}/nginx_frontend.key cert-file = $${cadirectory:certs}/nginx_frontend.crt executable = $${nginx-launcher:rendered} wrapper = $${directory:services}/nginx-frontend # Put domain name name = example.com [ca-shellinabox] <= certificate-authority recipe = slapos.cookbook:certificate_authority.request executable = $${shellinabox:wrapper} wrapper = $${directory:services}/shellinaboxd key-file = $${cadirectory:certs}/shellinabox.key cert-file = $${cadirectory:certs}/shellinabox.crt #-------------------- #-- #-- Request frontend [request-frontend] <= slap-connection recipe = slapos.cookbook:requestoptional name = SlapRunner Frontend # XXX We have hardcoded SR URL here. software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg slave = true config = url domain config-url = $${slaprunner:access-url} config-domain = $${slap-parameter:frontend-domain} return = site_url domain #-------------------------------------- #-- #-- Send informations to SlapOS Master [publish-connection-informations] recipe = slapos.cookbook:publish 1_info = On your first run, Use "access_url" to setup you account.Then you can use both "url" or "access_url". Or "backend_url" if you want to use ipv6. backend_url = $${slaprunner:access-url} access_url = $${:url}/login url = https://$${request-frontend:connection-domain} ssh_command = ssh $${dropbear-runner-server:host} -p $${dropbear-runner-server:port} shell_password = $${shellinabox:password} password_recovery_code = $${recovery-code:passwd} #--------------------------- #-- #-- Deploy promises scripts [slaprunner-promise] recipe = slapos.cookbook:check_port_listening path = $${directory:promises}/slaprunner hostname = $${slaprunner:ipv6} port = $${slaprunner:runner_port} [slaprunner-frontend-promise] recipe = slapos.cookbook:check_url_available path = $${directory:promises}/slaprunner_frontend url = https://$${request-frontend:connection-domain}/login dash_path = ${dash:location}/bin/dash curl_path = ${curl:location}/bin/curl [dropbear-promise] recipe = slapos.cookbook:check_port_listening path = $${directory:promises}/dropbear hostname = $${dropbear-runner-server:host} port = $${dropbear-runner-server:port} [shellinabox-promise] recipe = slapos.cookbook:check_port_listening path = $${directory:promises}/shellinabox hostname = $${shellinabox:ipv6} port = $${shellinabox:port} [symlinks] recipe = cns.recipe.symlink symlink_target = $${directory:bin} symlink_base = ${buildout:directory}/bin [slap-parameter] # Default value if no ssh key is specified authorized-key = # Default value of instances number in slaprunner instance-amount = 10 debug = false frontend-domain = slapos-repository = http://git.erp5.org/repos/slapos.git slapos-software = slapos-reference = master auto-deploy = true auto-deploy-instance = true [slapos-cfg] recipe = slapos.recipe.template:jinja2 template = ${slapos-cfg-template:location}/${slapos-cfg-template:filename} rendered = $${slaprunner:slapos.cfg} mode = 700 context = key software_root runnerdirectory:software-root key instance_root runnerdirectory:instance-root key cloud9_url slaprunner:cloud9-url key console slaprunner:console key debug slaprunner:debug key etc_dir slaprunner:etc_dir key git slaprunner:git-binary key ipv4 slaprunner:ipv4 key ipv6 slaprunner:ipv6 key log_dir slaprunner:log_dir key partition_amount slaprunner:partition-amount key private_key slaprunner:private_key key proxy_database slaprunner:prox-db-var key proxy_host slaprunner:ipv4 key proxy_port slaprunner:proxy_port key public_key slaprunner:public_key key run_dir slaprunner:run_dir key runner_port slaprunner:runner_port key runner_workdir slaprunner:working-directory key slapgrid_cp slaprunner:slapgrid_cp key slapgrid_sr slaprunner:slapgrid_sr key slapproxy slaprunner:slapproxy key ssh_client slaprunner:ssh_client key supervisor slaprunner:supervisor key supervisord_config slaprunner:supd-temp-var key verbose slaprunner:verbose key auto_deploy slap-parameter:auto-deploy key auto_deploy_instance slap-parameter:auto-deploy-instance [shellinabox] recipe = slapos.cookbook:shellinabox ipv6 = $${slap-network-information:global-ipv6} port = 8080 shell = $${shell:wrapper} wrapper = $${directory:bin}/shellinaboxd shellinabox-binary = ${shellinabox:location}/bin/shellinaboxd password = $${shellinabox-code:passwd} directory = $${runnerdirectory:home} login-shell = $${directory:bin}/login certificate-directory = $${cadirectory:certs} cert-file = $${ca-shellinabox:cert-file} key-file = $${ca-shellinabox:key-file} [shellinabox-code] recipe = slapos.cookbook:generate.password storage-path = $${directory:etc}/.scode bytes = 8 [shell] recipe = slapos.cookbook:shell wrapper = $${directory:bin}/sh shell = ${bash:location}/bin/bash home = $${runnerdirectory:home} path = $${environ:PATH}:${nano:location}/bin:${vim:location}/bin:${screen:location}/bin:${git:location}/bin ps1 = "\\w> " [environ] recipe = collective.recipe.environment [slapos-repo] recipe = slapos.recipe.build:gitclone repository = $${slap-parameter:slapos-repository} git-executable = ${git:location}/bin/git develop = true location = $${directory:project}/slapos [slapos-repo-config] recipe = plone.recipe.command stop-on-error = true reference = $${slap-parameter:slapos-reference} location = $${slapos-repo:location} command = cd $${:location} && ${git:location}/bin/git checkout $${:reference} && echo "$${directory:etc}/.project" && SR=$${slap-parameter:slapos-software} && if [ -n "$SR" ] && [ ! -f "$${directory:etc}/.project" ]; then echo workspace/slapos/$${slap-parameter:slapos-software}/ > $${directory:etc}/.project; fi [prepare-software] recipe = slapos.cookbook:wrapper command-line = ${curl:location}/bin/curl -g https://[$${slaprunner:ipv6}]:$${slaprunner:runner_port}/isSRReady --max-time 1 --insecure wrapper-path = $${directory:scripts}/prepareSoftware