[slap-parameters] recipe = slapos.cookbook:slapconfiguration computer = $${slap-connection:computer-id} partition = $${slap-connection:partition-id} url = $${slap-connection:server-url} key = $${slap-connection:key-file} cert = $${slap-connection:cert-file} [monitor-parameters] monitor-dir = $${directory:var}/monitor result-dir = $${:monitor-dir}/bool json-filename = monitor.json json-path = $${:monitor-dir}/$${:json-filename} rss-path = $${:public-cgi}/$${:rss-filename} rss-filename = rssfeed.html executable = $${directory:bin}/monitor.py cgi-bin = $${directory:cgi-bin} monitoring-cgi = $${directory:monitoring-cgi} knowledge0-cgi = $${directory:knowledge0-cgi} public-cgi = $${directory:public-cgi} port = 9685 [directory] home = $${buildout:directory} etc = $${:home}/etc bin = $${:home}/bin srv = $${:home}/srv var = $${:home}/var promises = $${:etc}/promise ca-dir = $${:srv}/ssl cgi-bin = $${:var}/cgi-bin monitoring-cgi = $${:cgi-bin}/monitoring knowledge0-cgi = $${:cgi-bin}/zero-knowledge cron-entries = $${:etc}/cron.d crontabs = $${:etc}/crontabs cronstamps = $${:etc}/cronstamps log = $${:var}/log monitor = $${:etc}/monitor monitor-result = $${monitor-parameters:monitor-dir} monitor-result-bool = $${monitor-parameters:result-dir} promise = $${:etc}/promise public-cgi = $${:cgi-bin}/public run = $${:var}/run service = $${:etc}/service/ tmp = $${:home}/tmp www = $${:var}/www [public-symlink] recipe = cns.recipe.symlink symlink = $${monitor-parameters:public-cgi} = $${directory:www}/public autocreate = true [cron] recipe = slapos.cookbook:cron dcrond-binary = ${dcron:location}/sbin/crond cron-entries = $${directory:cron-entries} crontabs = $${directory:crontabs} cronstamps = $${directory:cronstamps} catcher = $${cron-simplelogger:wrapper} binary = $${directory:service}/crond # Add log to cron [cron-simplelogger] recipe = slapos.cookbook:simplelogger wrapper = $${directory:bin}/cron_simplelogger log = $${directory:log}/cron.log [cron-entry-monitor] <= cron recipe = slapos.cookbook:cron.d name = launch-monitor frequency = */5 * * * * command = $${monitor-parameters:executable} -a [cron-entry-rss] <= cron recipe = slapos.cookbook:cron.d name = build-rss frequency = */5 * * * * command = $${make-rss:output} [setup-static-files] recipe = hexagonit.recipe.download url = ${download-static-files:destination}/${download-static-files:filename} filename = static destination = $${directory:www} ignore-existing = true mode = 0644 [deploy-index] recipe = slapos.recipe.template:jinja2 template = ${index:location}/${index:filename} rendered = $${directory:www}/$${:filename} filename = index.cgi mode = 0744 context = key cgi_directory monitor-parameters:cgi-bin raw index_template $${deploy-index-template:location}/$${deploy-index-template:filename} key password zero-parameters:monitor-password raw extra_eggs_interpreter ${buildout:directory}/bin/${extra-eggs:interpreter} raw default_page /index.cgi?script=$${monitor-parameters:knowledge0-cgi}%2F$${deploy-settings-cgi:filename} [deploy-index-template] recipe = hexagonit.recipe.download url = ${index-template:location}/$${:filename} destination = $${directory:www} filename = ${index-template:filename} download-only = true mode = 0644 [deploy-status-cgi] recipe = slapos.recipe.template:jinja2 template = ${status-cgi:location}/${status-cgi:filename} rendered = $${monitor-parameters:monitoring-cgi}/$${:filename} filename = status.cgi mode = 0744 context = key json_file monitor-parameters:json-path raw python_executable ${buildout:executable} [deploy-settings-cgi] recipe = slapos.recipe.template:jinja2 template = ${settings-cgi:location}/${settings-cgi:filename} rendered = $${monitor-parameters:knowledge0-cgi}/$${:filename} filename = settings.cgi mode = 0744 context = raw config_cfg $${buildout:directory}/knowledge0.cfg raw timestamp $${buildout:directory}/.timestamp raw python_executable ${buildout:executable} key pwd monitor-parameters:knowledge0-cgi key this_file :filename [deploy-monitor-script] recipe = slapos.recipe.template:jinja2 template = ${monitor-bin:location}/${monitor-bin:filename} rendered = $${monitor-parameters:executable} mode = 0744 context = section directory directory key monitoring_file_json monitor-parameters:json-path key monitoring_folder_bool monitor-parameters:result-dir raw python_executable ${buildout:executable} [deploy-rss-script] recipe = hexagonit.recipe.download url = ${rss-bin:destination}/${rss-bin:filename} destination = $${directory:bin} filename = ${rss-bin:filename} mode = 0744 download-only = true [make-rss] recipe = slapos.recipe.template url = ${make-rss-script:output} output = $${directory:bin}/make-rss.sh mode = 0744 [cadirectory] recipe = slapos.cookbook:mkdirectory requests = $${directory:ca-dir}/requests/ private = $${directory:ca-dir}/private/ certs = $${directory:ca-dir}/certs/ newcerts = $${directory:ca-dir}/newcerts/ crl = $${directory:ca-dir}/crl/ [certificate-authority] recipe = slapos.cookbook:certificate_authority openssl-binary = ${openssl:location}/bin/openssl ca-dir = $${directory:ca-dir} requests-directory = $${cadirectory:requests} wrapper = $${directory:service}/certificate_authority ca-private = $${cadirectory:private} ca-certs = $${cadirectory:certs} ca-newcerts = $${cadirectory:newcerts} ca-crl = $${cadirectory:crl} [ca-httpd] <= certificate-authority recipe = slapos.cookbook:certificate_authority.request key-file = $${cadirectory:certs}/httpd.key cert-file = $${cadirectory:certs}/httpd.crt executable = $${directory:bin}/cgi-httpd wrapper = $${directory:service}/cgi-httpd # Put domain name name = example.com ########### # Deploy a webserver running cgi scripts for monitoring ########### [public] recipe = slapos.cookbook:zero-knowledge.write filename = knowledge0.cfg monitor-password = passwordtochange [zero-parameters] recipe = slapos.cookbook:zero-knowledge.read filename = $${public:filename} # XXX could it be something lighter? [cgi-httpd-configuration-file] recipe = collective.recipe.template input = inline: PidFile "$${:pid-file}" ServerName example.com ServerAdmin someone@email <IfDefine !MonitorPort> Listen [$${:listening-ip}]:$${monitor-parameters:port} Define MonitorPort </IfDefine> DocumentRoot "$${:document-root}" ErrorLog "$${:error-log}" LoadModule unixd_module modules/mod_unixd.so LoadModule access_compat_module modules/mod_access_compat.so LoadModule authz_core_module modules/mod_authz_core.so LoadModule authz_host_module modules/mod_authz_host.so LoadModule mime_module modules/mod_mime.so LoadModule cgid_module modules/mod_cgid.so LoadModule dir_module modules/mod_dir.so LoadModule ssl_module modules/mod_ssl.so # SSL Configuration <IfDefine !SSLConfigured> Define SSLConfigured SSLCertificateFile $${ca-httpd:cert-file} SSLCertificateKeyFile $${ca-httpd:key-file} SSLRandomSeed startup builtin SSLRandomSeed connect builtin SSLRandomSeed startup /dev/urandom 256 SSLRandomSeed connect builtin SSLProtocol -ALL +SSLv3 +TLSv1 SSLHonorCipherOrder On SSLCipherSuite RC4-SHA:HIGH:!ADH </IfDefine> SSLEngine On ScriptSock $${:cgid-pid-file} <Directory $${:document-root}> SSLVerifyDepth 1 SSLRequireSSL SSLOptions +StrictRequire # XXX: security???? Options +ExecCGI AddHandler cgi-script .cgi DirectoryIndex $${deploy-index:filename} </Directory> output = $${directory:etc}/cgi-httpd.conf listening-ip = $${slap-parameters:ipv6-random} # XXX: randomize-me htdocs = $${directory:www} pid-file = $${directory:run}/cgi-httpd.pid cgid-pid-file = $${directory:run}/cgi-httpd-cgid.pid document-root = $${directory:www} error-log = $${directory:log}/cgi-httpd-error-log [cgi-httpd-wrapper] recipe = slapos.cookbook:wrapper apache-executable = ${apache:location}/bin/httpd command-line = $${:apache-executable} -f $${cgi-httpd-configuration-file:output} -DFOREGROUND wrapper-path = $${ca-httpd:executable} [monitor-promise] recipe = slapos.cookbook:check_url_available path = $${directory:promises}/monitor url = https://[$${cgi-httpd-configuration-file:listening-ip}]:$${monitor-parameters:port}/$${deploy-index:filename} check-secure = 1 dash_path = ${dash:location}/bin/dash curl_path = ${curl:location}/bin/curl [publish-connection-informations] recipe = slapos.cookbook:publish monitor_url = https://[$${cgi-httpd-configuration-file:listening-ip}]:$${monitor-parameters:port} IMPORTANT_monitor_info = Change the monitor_password as soon as possible ! Default is : $${public:monitor-password}