[slap-configuration] recipe = slapos.cookbook:slapconfiguration.serialised computer = ${slap-connection:computer-id} partition = ${slap-connection:partition-id} url = ${slap-connection:server-url} key = ${slap-connection:key-file} cert = ${slap-connection:cert-file} # XXX Default values if doesn't exists root-instance-title = UNKNOWN H-S instance-title = UNKNOWN Instance [directory] recipe = slapos.cookbook:mkdirectory etc = ${buildout:directory}/etc bin = ${buildout:directory}/bin srv = ${buildout:directory}/srv var = ${buildout:directory}/var run = ${:var}/run log = ${:var}/log scripts = ${:etc}/run services = ${:etc}/service promises = ${:etc}/promise monitor = ${:srv}/monitor monitor-promise = ${:etc}/monitor-promise monitor-report = ${:etc}/monitor-report [monitor-directory] recipe = slapos.cookbook:mkdirectory bin = ${directory:bin} etc = ${directory:etc} run = ${directory:monitor}/run #run = ${directory:scripts} promises = ${directory:monitor-promise} reports = ${directory:monitor-report} pids = ${directory:run}/monitor cgi-bin = ${directory:monitor}/cgi-bin webdav = ${directory:monitor}/webdav public = ${directory:monitor}/public private = ${directory:monitor}/private services = ${directory:services} services-conf = ${directory:etc}/monitor.conf.d log = ${directory:log}/monitor monitor-var = ${directory:var}/monitor [ca-directory] recipe = slapos.cookbook:mkdirectory root = ${directory:srv}/ssl requests = ${:root}/requests private = ${:root}/private certs = ${:root}/certs newcerts = ${:root}/newcerts crl = ${:root}/crl [certificate-authority] recipe = slapos.cookbook:certificate_authority openssl-binary = {{ openssl_executable_location }} ca-dir = ${ca-directory:root} requests-directory = ${ca-directory:requests} wrapper = ${monitor-directory:services}/certificate_authority ca-private = ${ca-directory:private} ca-certs = ${ca-directory:certs} ca-newcerts = ${ca-directory:newcerts} ca-crl = ${ca-directory:crl} [ca-monitor-httpd] <= certificate-authority recipe = slapos.cookbook:certificate_authority.request key-file = ${monitor-httpd-conf-parameter:key-file} cert-file = ${monitor-httpd-conf-parameter:cert-file} executable = ${monitor-httpd-wrapper:wrapper-path} wrapper = ${directory:services}/monitor-httpd [monitor-conf-parameters] title = ${monitor-instance-parameter:monitor-title} root-title = ${monitor-instance-parameter:root-instance-title} public-folder = ${monitor-directory:public} private-folder = ${monitor-directory:private} webdav-folder = ${monitor-directory:webdav} report-folder = ${monitor-directory:reports} base-url = ${monitor-instance-parameter:monitor-base-url} monitor-hal-json = ${monitor-directory:public}/monitor.hal.json service-pid-folder = ${monitor-directory:pids} crond-folder = ${logrotate-directory:cron-entries} logrotate-folder = ${logrotate-directory:logrotate-entries} promise-runner = {{ monitor_runpromise }} promise-folder = ${directory:promises} monitor-promise-folder = ${monitor-directory:promises} promises-timeout-file = ${monitor-promise-timeout-file:file} pid-file = ${monitor-directory:pids}/monitor-bootstrap.pid public-path-list = private-path-list = ${directory:log} # monitor-url-list = ${monitor-instance-parameter:monitor-url-list} parameter-file-path = ${monitor-instance-parameter:configuration-file-path} parameter-list = raw monitor-user ${monitor-instance-parameter:username} htpasswd monitor-password ${monitor-htpassword-file:password-file} ${monitor-instance-parameter:username} ${httpd-monitor-htpasswd:htpasswd-path} file promise-timeout ${monitor-promise-timeout-file:file} file min-free-disk-MB ${promise-check-free-disk-space:config-file} ${monitor-instance-parameter:instance-configuration} # htpasswd entry: htpasswd key password-file username htpasswd-file collector-db = ${monitor-instance-parameter:collector-db} collect-script = {{ monitor_collect }} python = {{ python_with_eggs }} nice-cmd = ${xnice-bin:output} promise-output-file = ${directory:monitor}/monitor-bootstrap-status [monitor-promise-timeout-file] recipe = plone.recipe.command file = ${directory:etc}/promise_timeout command = if [ ! -s "${:file}" ]; then echo "20" > ${:file} fi [monitor-conf] recipe = slapos.recipe.template:jinja2 template = {{ monitor_conf_template }} rendered = ${directory:etc}/${:filename} filename = monitor.conf context = section parameter_dict monitor-conf-parameters [instance-info-parameters] name = ${monitor-instance-parameter:monitor-title} root-name = ${monitor-instance-parameter:root-instance-title} computer-id = ${slap-connection:computer-id} ipv4 = ${slap-configuration:ipv4-random} ipv6 = ${slap-configuration:ipv6-random} software-release = ${slap-connection:software-release-url} software-type = ${slap-configuration:slap-software-type} partition-id = ${slap-connection:partition-id} [monitor-instance-info] recipe = slapos.recipe.template:jinja2 template = {{ monitor_instance_info }} rendered = ${directory:etc}/${:filename} filename = instance-info.conf context = section instance_dict instance-info-parameters [python-symlink] recipe = plone.recipe.command target = ${directory:bin} command = ln -sf {{ python_with_eggs }} ${:target}/python update-command = ${:command} [start-monitor] recipe = slapos.cookbook:wrapper command-line = {{ python_executable }} {{ monitor_bin }} --config_file ${monitor-conf:rendered} wrapper-path = ${directory:scripts}/bootstrap-monitor environment = PATH=${python-symlink:target}:/usr/local/bin:/usr/bin:/bin [monitor-htpasswd] recipe = slapos.cookbook:generate.password storage-path = ${directory:etc}/.monitor_pwd bytes = 8 username = admin [monitor-htpassword-file] recipe = plone.recipe.command stop-on-error = true password-file = ${directory:etc}/.monitor_pwd command = if [ ! -s "${:password-file}" ]; then echo "${monitor-instance-parameter:password}" > ${:password-file}; fi update-command = ${:command} [httpd-monitor-htpasswd] recipe = plone.recipe.command stop-on-error = true htpasswd-path = ${monitor-directory:etc}/monitor-htpasswd command = if [ ! -s "${:htpasswd-path}" ]; then {{ apache_location }}/bin/htpasswd -cb ${:htpasswd-path} ${:user} ${:password}; fi update-command = ${:command} user = ${monitor-instance-parameter:username} password = ${monitor-instance-parameter:password} [monitor-httpd-conf-parameter] listening-ip = ${monitor-instance-parameter:monitor-httpd-ipv6} port = ${monitor-instance-parameter:monitor-httpd-port} pid-file = ${directory:run}/monitor-httpd.pid access-log = ${monitor-directory:log}/monitor-httpd-access.log error-log = ${monitor-directory:log}/monitor-httpd-error.log cert-file = ${ca-directory:certs}/httpd.crt key-file = ${ca-directory:certs}/httpd.key htpasswd-file = ${httpd-monitor-htpasswd:htpasswd-path} url = https://[${monitor-instance-parameter:monitor-httpd-ipv6}]:${:port} httpd-cors-config-file = ${monitor-httpd-cors:rendered} httpd-include-file = [monitor-httpd-conf] recipe = slapos.recipe.template:jinja2 template = {{ monitor_httpd_template }} rendered = ${monitor-directory:etc}/monitor-httpd.conf mode = 0744 context = section directory monitor-directory section parameter_dict monitor-httpd-conf-parameter [monitor-httpd-cors] recipe = slapos.recipe.template:jinja2 template = {{ monitor_https_cors }} rendered = ${directory:etc}/httpd-cors.cfg mode = 0600 context = key domain monitor-instance-parameter:cors-domains [monitor-httpd-wrapper] recipe = slapos.cookbook:wrapper command-line = {{ apache_location }}/bin/httpd -f ${monitor-httpd-conf:rendered} -DFOREGROUND wrapper-path = ${directory:bin}/monitor-httpd wait-for-files = ${ca-directory:certs}/httpd.key ${ca-directory:certs}/httpd.crt ${monitor-httpd-graceful-wrapper:rendered} [monitor-httpd-graceful-wrapper] recipe = slapos.recipe.template:jinja2 template = {{ template_wrapper }} rendered = ${directory:scripts}/monitor-httpd-graceful mode = 0700 context = key content :command raw dash_binary {{ dash_executable_location }} command = kill -USR1 $(cat ${monitor-httpd-conf-parameter:pid-file}) [xnice-bin] recipe = collective.recipe.template input = inline:#!/bin/sh # run something at lowest possible priority exec nice -19 chrt --idle 0 ionice -c3 "$@" output = ${directory:bin}/xnice mode = 700 [promise-monitor-httpd-is-process-older-than-dependency-set] recipe = slapos.cookbook:wrapper command-line = {{ bin_directory }}/is-process-older-than-dependency-set ${monitor-httpd-conf-parameter:pid-file} wrapper-path = ${directory:promises}/promise-monitor-httpd-is-process-older-than-dependency-set parameters-extra = true [monitor-globalstate-wrapper] recipe = slapos.cookbook:wrapper command-line = ${xnice-bin:output} {{ monitor_genstatus }} '${monitor-conf:rendered}' '${monitor-instance-info:rendered}' wrapper-path = ${directory:bin}/monitor-globalstate [monitor-configurator-wrapper] recipe = slapos.cookbook:wrapper # XXX - hard coded path command-line = {{ monitor_configwrite }} --config_folder '${monitor-conf-parameters:private-folder}/config/.jio_documents' --output_cfg_file '${monitor-instance-parameter:configuration-file-path}' --htpasswd_bin '{{ apache_location }}/bin/htpasswd' --monitor_https_cors {{ monitor_https_cors }} wrapper-path = ${directory:bin}/monitor-configurator [monitor-globalstate-cron-entry] recipe = slapos.cookbook:cron.d cron-entries = ${cron:cron-entries} name = monitor-globalstate frequency = * * * * * command = ${monitor-globalstate-wrapper:wrapper-path} [monitor-configurator-cron-entry] recipe = slapos.cookbook:cron.d cron-entries = ${cron:cron-entries} name = monitor-configurator frequency = * * * * * command = ${monitor-configurator-wrapper:wrapper-path} [monitor-httpd-promise] recipe = slapos.cookbook:check_url_available path = ${directory:promises}/${:filename} filename = monitor-httpd-listening-on-tcp url = ${monitor-httpd-conf-parameter:url} check-secure = 1 dash_path = {{ dash_executable_location }} curl_path = {{ curl_executable_location }} [publish] # XXX depends on monitor-base section monitor-base-url = ${monitor-base:base-url} monitor-url = ${:monitor-base-url}/public/feeds monitor-user = ${monitor-instance-parameter:username} monitor-password = ${monitor-instance-parameter:password} [monitor-instance-parameter] monitor-title = ${slap-configuration:instance-title} monitor-httpd-ipv6 = ${slap-configuration:ipv6-random} monitor-httpd-port = 8196 # XXX - Set monitor-base-url = ${monitor-httpd-conf-parameter:url} => https://[ipv6]:port monitor-base-url = ${monitor-frontend-promise:url} #monitor-base-url = ${monitor-httpd-conf-parameter:url} root-instance-title = ${slap-configuration:root-instance-title} monitor-url-list = cors-domains = monitor.app.officejs.com # XXX Hard coded parameter collector-db = /srv/slapgrid/var/data-log/collector.db # Credentials password = ${monitor-htpasswd:passwd} username = ${monitor-htpasswd:username} # XXX: type key value # ex raw monitor-password resqdsdsd34 instance-configuration = configuration-file-path = ${monitor-directory:etc}/monitor_knowledge0.cfg interface-url = https://monitor.app.officejs.com [monitor-frontend] <= slap-connection recipe = slapos.cookbook:requestoptional name = Monitor Frontend ${monitor-instance-parameter:monitor-title} # XXX We have hardcoded SR URL here. software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg slave = true config-url = ${monitor-httpd-conf-parameter:url} config-https-only = true #software-type = custom-personal return = domain secure_access [monitor-frontend-promise] recipe = slapos.cookbook:check_url_available path = ${directory:promises}/monitor-http-frontend url = ${monitor-frontend:connection-secure_access} dash_path = {{ dash_executable_location }} curl_path = {{ curl_executable_location }} check-secure = 1 [monitor-bootstrap-promise] recipe = collective.recipe.template file = ${monitor-conf-parameters:promise-output-file} input = inline:#!{{ dash_executable_location }} pidfile=${monitor-conf-parameters:pid-file} if [ -s $pidfile ]; then COUNTER=0 # Wait until max 20 seconds, the limit promise timeout while [ $COUNTER -lt 40 ]; do if [ -n "$(ps -p $(cat $pidfile) -o pid=)" ]; then ((COUNTER=COUNTER+1)) sleep 0.5 else break fi done fi if [ ! -f "${:file}" ]; then echo "Monitor bootstrap exited with error." && exit 2; else echo "Bootstrap OK"; fi output = ${directory:promises}/monitor-bootstrap-status mode = 700 [promise-check-slapgrid] recipe = collective.recipe.template error-log-file = ${buildout:directory}/.slapgrid-${slap-connection:partition-id}-error.log input = inline:#!/bin/sh if [ -f "${:error-log-file}" ]; then >&2 cat ${:error-log-file} exit 1 fi output = ${monitor-directory:promises}/buildout-${slap-connection:partition-id}-status mode = 700 [promise-check-free-disk-space] recipe = slapos.recipe.template:jinja2 template = {{ template_check_disk_space }} rendered = ${monitor-directory:promises}/check-free-disk-space mode = 0700 context = key config_file :config-file raw home_path ${buildout:directory} raw python_bin {{ python_with_eggs }} config-file = ${directory:etc}/min-free-disk-size [monitor-base] # create dependencies between required monitor parts recipe = plone.recipe.command command = true update-command = base-url = ${monitor-conf-parameters:base-url} depends = ${monitor-globalstate-cron-entry:name} ${monitor-configurator-cron-entry:name} ${cron-entry-logrotate:name} ${logrotate-entry-cron:name} ${certificate-authority:wrapper} ${monitor-conf:rendered} ${start-monitor:wrapper-path} ${ca-monitor-httpd:wrapper} ${monitor-httpd-promise:filename} ${monitor-bootstrap-promise:file} ${promise-check-slapgrid:output} ${promise-monitor-httpd-is-process-older-than-dependency-set:wrapper-path} [monitor-publish] monitor-base-url = ${publish:monitor-base-url} monitor-setup-url = ${monitor-instance-parameter:interface-url}/#page=settings_configurator&url=${publish:monitor-url}&username=$${publish:monitor-user}&password=${publish:monitor-password} [buildout] extends = {{ template_logrotate_base }}