[buildout] parts = resiliency logrotate logrotate-entry-cron logrotate-entry-equeue cron cron-entry-logrotate sshkeys-authority dropbear-server sshkeys-dropbear resilient-sshkeys-dropbear-promise dropbear-server-pbs-authorized-key notifier #---------------- #-- #-- Creation of all needed directories. [rootdirectory] recipe = slapos.cookbook:mkdirectory etc = $${buildout:directory}/etc var = $${buildout:directory}/var srv = $${buildout:directory}/srv bin = $${buildout:directory}/bin [basedirectory] recipe = slapos.cookbook:mkdirectory log = $${rootdirectory:var}/log services = $${rootdirectory:etc}/service run = $${rootdirectory:var}/run script = $${rootdirectory:etc}/script backup = $${rootdirectory:srv}/backup promises = $${rootdirectory:etc}/promise services = $${rootdirectory:etc}/service cache = $${rootdirectory:var}/cache notifier = $${rootdirectory:etc}/notifier [directory] recipe = slapos.cookbook:mkdirectory backup = $${basedirectory:backup}/$${slap-parameter:namebase} ssh = $${rootdirectory:etc}/ssh/ sshkeys = $${rootdirectory:srv}/sshkeys notifier-feeds = $${basedirectory:notifier}/feeds notifier-callbacks = $${basedirectory:notifier}/callbacks cron-entries = $${rootdirectory:etc}/cron.d crontabs = $${rootdirectory:etc}/crontabs cronstamps = $${rootdirectory:etc}/cronstamps logrotate-entries = $${rootdirectory:etc}/logrotate.d logrotate-backup = $${basedirectory:backup}/logrotate cgi-bin = $${rootdirectory:srv}/cgi-bin #---------------- #-- #-- Deploy cron. [cron] recipe = slapos.cookbook:cron dcrond-binary = ${dcron:location}/sbin/crond cron-entries = $${directory:cron-entries} crontabs = $${directory:crontabs} cronstamps = $${directory:cronstamps} catcher = $${cron-simplelogger:wrapper} binary = $${basedirectory:services}/crond [cron-simplelogger] recipe = slapos.cookbook:simplelogger wrapper = $${rootdirectory:bin}/cron_simplelogger log = $${basedirectory:log}/crond.log #---------------- #-- #-- Deploy logrotate. [cron-entry-logrotate] <= cron recipe = slapos.cookbook:cron.d name = logrotate frequency = 0 0 * * * command = $${logrotate:wrapper} [logrotate] recipe = slapos.cookbook:logrotate # Binaries logrotate-binary = ${logrotate:location}/usr/sbin/logrotate gzip-binary = ${gzip:location}/bin/gzip gunzip-binary = ${gzip:location}/bin/gunzip # Directories wrapper = $${rootdirectory:bin}/logrotate conf = $${rootdirectory:etc}/logrotate.conf logrotate-entries = $${directory:logrotate-entries} backup = $${directory:logrotate-backup} state-file = $${rootdirectory:srv}/logrotate.status [logrotate-entry-mariadb] <= logrotate recipe = slapos.cookbook:logrotate.d name = mariadb log = $${mariadb:error-log} frequency = daily rotate-num = 30 post = $${mariadb:logrotate-post} sharedscripts = true notifempty = true create = true [logrotate-entry-cron] <= logrotate recipe =slapos.cookbook:logrotate.d name = crond log = $${cron-simplelogger:log} frequency = daily rotate-num = 30 notifempty = true create = true [logrotate-entry-equeue] <= logrotate recipe = slapos.cookbook:logrotate.d name = equeue log = $${equeue:log} frequency = daily rotate-num = 30 #---------------- #-- #-- Resiliency script for the bully algorithm [resiliency] # If enable-bully-service is true, the scripts will be run automatically. # If false, they can be run with bin/bullly for all the PBSReady instances. enable-bully-service = False recipe = slapos.cookbook:addresiliency wrapper-bully = bully wrapper-takeover = takeover services = $${basedirectory:services} bin = $${rootdirectory:bin} etc = $${rootdirectory:etc} #---------------- #-- #-- Sets up an rdiff-backup server (with a dropbear server for ssh) [rdiff-backup-server] recipe = slapos.cookbook:pbs client = false path = $${directory:backup} wrapper = $${rootdirectory:bin}/rdiffbackup-server rdiffbackup-binary = ${buildout:bin-directory}/rdiff-backup #---------------- #-- #-- Set up the equeue and notifier. [equeue] recipe = slapos.cookbook:equeue socket = $${basedirectory:run}/equeue.sock log = $${basedirectory:log}/equeue.log database = $${rootdirectory:srv}/equeue.db wrapper = $${basedirectory:services}/equeue equeue-binary = ${buildout:bin-directory}/equeue # notifier.notify adds the [exporter, notifier] to the execution queue # notifier.notify.callback sets up a callback [notifier] recipe = slapos.cookbook:notifier feeds = $${directory:notifier-feeds} callbacks = $${directory:notifier-callbacks} id-file = $${rootdirectory:etc}/notifier.id equeue-socket = $${equeue:socket} host = $${slap-network-information:global-ipv6} port = 65534 wrapper = $${basedirectory:services}/notifier server-binary = ${buildout:bin-directory}/pubsubserver notifier-binary = ${buildout:bin-directory}/pubsubnotifier #---------------- #-- #-- Dropbear. [dropbear-server] recipe = slapos.cookbook:dropbear host = $${slap-network-information:global-ipv6} # Explicitely excludes to define "port" argument. It will be defined in # pbs-ready-import.cfg.in and pbs-ready-export.cfg.in home = $${directory:ssh} wrapper = $${rootdirectory:bin}/raw_sshd shell = $${rdiff-backup-server:wrapper} rsa-keyfile = $${directory:ssh}/server_key.rsa dropbear-binary = ${dropbear:location}/sbin/dropbear [dropbear-server-pbs-authorized-key] <= dropbear-server recipe = slapos.cookbook:dropbear.add_authorized_key key = $${slap-parameter:authorized-key} #---------------- #-- #-- sshkeys [sshkeys-directory] recipe = slapos.cookbook:mkdirectory requests = $${directory:sshkeys}/requests keys = $${directory:sshkeys}/keys [sshkeys-authority] recipe = slapos.cookbook:sshkeys_authority request-directory = $${sshkeys-directory:requests} keys-directory = $${sshkeys-directory:keys} wrapper = $${basedirectory:services}/sshkeys_authority keygen-binary = ${dropbear:location}/bin/dropbearkey [sshkeys-dropbear] <= sshkeys-authority recipe = slapos.cookbook:sshkeys_authority.request name = dropbear type = rsa executable = $${dropbear-server:wrapper} public-key = $${dropbear-server:rsa-keyfile}.pub private-key = $${dropbear-server:rsa-keyfile} wrapper = $${basedirectory:services}/sshd [resilient-sshkeys-dropbear-promise] # Check that public key file exists and is not empty recipe = collective.recipe.template input = inline:#!${bash:location}/bin/bash PUBLIC_KEY_CONTENT="$${sshkeys-dropbear:public-key-value}" if [[ ! -n "$PUBLIC_KEY_CONTENT" || "$PUBLIC_KEY_CONTENT" == *None* ]]; then exit 1 fi output = $${basedirectory:promises}/public-key-existence mode = 700 #---------------- #-- #-- Connection informations to re-use. # XXX-Cedric: when "aggregation" system is done in libslap, directly publish. [resilient-publish-connection-parameter] recipe = slapos.cookbook:publish ssh-public-key = $${sshkeys-dropbear:public-key-value} ssh-url = ssh://nobody@[$${dropbear-server:host}]:$${dropbear-server:port}/$${rdiff-backup-server:path} ip = $${slap-network-information:global-ipv6}