instance-runner.cfg 28.5 KB
Newer Older
1 2
[buildout]
parts =
3 4 5 6
  nginx_conf
  nginx-launcher
  certificate-authority
  ca-nginx
7 8
  gunicorn-launcher
  gunicorn-graceful
9
  publish-connection-information
10
  slaprunner-promise
11
  apache-httpd-promise
12
  slaprunner-supervisord-wrapper
13 14 15
  runner-sshd-add-authorized-key
  runner-sshd-graceful
  runner-sshd-promise
16 17
  runner-sshkeys-authority
  runner-sshkeys-sshd
18
  runtestsuite
19
  symlinks
20
  shellinabox
21
  slapos-cfg
22
  cron-entry-prepare-software
23
  deploy-instance-parameters
24
  instance-software
25
  instance-software-type
26
  minishell-cwd
27
  bash-profile
28
  supervisord-wrapper
29
  supervisord-promise
30
  httpd-graceful-wrapper
31 32 33 34
{% if slapparameter_dict.get('no-ipv4-frontend', 'false') == 'false' %}
  slaprunner-frontend-promise
  httpd-frontend-promise
{% endif %}
35
{% if slapparameter_dict.get('custom-frontend-backend-url') and slapparameter_dict.get('check-custom-frontend-promise', 'false') == 'true' %}
36 37
  custom-frontend-promise
{% endif %}
38
## Monitoring part
39
  monitor-base
40
  monitor-check-webrunner-internal-instance
41 42
## Usability part
  template-slapuser-script
43

44
extends = ${monitor2-template:rendered}
45 46 47 48 49

eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true

50 51
{% if slapparameter_dict.get('custom-frontend-backend-url') -%}
[request-custom-frontend]
52
recipe = slapos.cookbook:requestoptional
53
software-url = {{ slapparameter_dict.get('custom-frontend-software-url', 'http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg') }}
54 55 56 57
software-type = {{ slapparameter_dict.get('custom-frontend-software-type', 'RootSoftwareInstance') }}
slave = true
name = Custom Web Frontend

58 59 60 61 62
server-url = $${slap-connection:server-url}
key-file = $${slap-connection:key-file}
cert-file = $${slap-connection:cert-file}
computer-id = $${slap-connection:computer-id}
partition-id = $${slap-connection:partition-id}
63

64
{% if slapparameter_dict.get('custom-frontend-instance-guid') -%}
65
sla-instance_guid = $${slap-parameter:frontend-instance-guid}
66 67
{% endif -%}

68 69
{% set custom_frontend_backend_type = slapparameter_dict.get('custom-frontend-backend-type') -%}
{% if custom_frontend_backend_type -%}
70 71
config-type = {{ custom_frontend_backend_type }}
{% endif -%}
72
config-url = {{ slapparameter_dict.get('custom-frontend-backend-url') }}
73
return = site_url domain
74 75 76

[custom-frontend-promise]
recipe = slapos.cookbook:check_url_available
77 78 79 80 81
path = $${directory:promises}/custom_frontend_promise
url = https://$${request-custom-frontend:connection-domain}
{% if slapparameter_dict.get('custom-frontend-basic-auth') -%}
check-secure = 1
{% endif -%}
82 83 84
dash_path = {{ dash_executable_location }}
curl_path = {{ curl_executable_location }}

85
[publish-connection-information]
86
custom-frontend-url = https://$${request-custom-frontend:connection-domain}
87
{% endif %}
88

89
# Create all needed directories
90
[directory]
91
recipe = slapos.cookbook:mkdirectory
92 93 94 95 96 97
home = $${buildout:directory}
etc = $${:home}/etc/
var = $${:home}/var/
srv = $${:home}/srv/
bin = $${:home}/bin/
tmp = $${:home}/tmp/
98

99 100 101 102 103 104 105 106 107
sshkeys = $${:srv}/sshkeys
services = $${:etc}/service/
scripts = $${:etc}/run/
ssh = $${:etc}/ssh/
log = $${:var}/log/
run = $${:var}/run/
backup = $${:srv}/backup/
promises = $${:etc}/promise/
test = $${:etc}/test/
108
nginx-data = $${:srv}/nginx
109
ca-dir = $${:srv}/ssl
110
project = $${:srv}/runner/project
111
cgi-bin = $${:srv}/cgi-bin
112 113 114

[runnerdirectory]
recipe = slapos.cookbook:mkdirectory
115 116
home = $${directory:srv}/runner/
test = $${directory:srv}/test/
117
project = $${:home}/project
118
public = $${:home}/public
119
software-root = {{ slapparameter_dict.get('software-root', '$${:home}/software') }}
120
instance-root = $${:home}/instance
121 122 123
project-test = $${:test}/project
software-test = $${:test}/software
instance-test = $${:test}/instance
124
sessions = $${buildout:directory}/.sessions
125 126
private-project = $${:home}/.git-private
public-project = $${:home}/.git-public
127 128

[slaprunner]
129
slaprunner = ${buildout:directory}/bin/slaprunner
130
slapos = ${buildout:directory}/bin/slapos
131 132
slapproxy = ${buildout:directory}/bin/slapproxy
supervisor = ${buildout:directory}/bin/slapgrid-supervisorctl
133
git-binary = ${git:location}/bin/git
134
root_check = false
135
slapos.cfg = $${directory:etc}/slapos.cfg
136 137
working-directory = $${runnerdirectory:home}
project-directory = $${runnerdirectory:project}
138 139
instance_root = $${runnerdirectory:instance-root}
software_root = $${runnerdirectory:software-root}
140
ssh_client = ${openssh:location}/bin/ssh
141 142
public_key = $${runner-sshd-raw-server:rsa-keyfile}.pub
private_key = $${runner-sshd-raw-server:rsa-keyfile}
143
instance-monitor-url = https://[$${:ipv6}]:$${monitor-parameters:port}
144 145 146
etc_dir = $${directory:etc}
log_dir =  $${directory:log}
run_dir = $${directory:run}
147 148
ipv4 = $${slap-network-information:local-ipv4}
ipv6 = $${slap-network-information:global-ipv6}
149
instance_root = $${runnerdirectory:instance-root}
150 151
proxy_port = 50000
runner_port = 50005
152
partition-amount = $${slap-parameter:instance-amount}
153
wrapper = $${directory:services}/slaprunner
154
debug = $${slap-parameter:debug}
155
access-url = https://[$${:ipv6}]:$${:runner_port}
156
supervisord_config = $${directory:etc}/supervisord.conf
157
supervisord_server = http://$${supervisord:server}
158
proxy_database = $${slaprunner:working-directory}/proxy.db
159 160 161
console = False
verbose = False
debug = False
162 163 164
auto_deploy = $${slap-parameter:auto-deploy}
auto_deploy_instance = $${slap-parameter:auto-deploy-instance}
autorun = $${slap-parameter:autorun}
165
knowledge0_file = $${monitor-instance-parameter:configuration-file-path}
166
minishell_cwd_file = $${directory:etc}/.minishell-cwd
167
minishell_history_file = $${directory:etc}/.minishell_history
168 169
software_info_json = $${runnerdirectory:home}/software_info.json
instance_info_json = $${runnerdirectory:home}/instance_info.json
170
path = $${shell-environment:path}
171
instance_name = $${slap-parameter:instance-name}
172

173 174 175
default_repository = $${slap-parameter:slapos-repository}
default_repository_branch = $${slap-parameter:slapos-reference}

176 177 178 179 180 181 182 183 184 185 186

#---------------------------
#--
#-- supervisord managing slaprunner instance processes
[slaprunner-supervisord-wrapper]
recipe = slapos.cookbook:wrapper
# XXX hardcoded locations
command-line = $${buildout:directory}/bin/slapos node supervisord --cfg $${directory:etc}/slapos.cfg -n
wrapper-path = $${directory:services}/slaprunner-supervisord


187 188
[test-runner]
<= slaprunner
189
slapos.cfg = $${directory:etc}/slapos-test.cfg
190 191
working-directory = $${runnerdirectory:test}
project-directory = $${runnerdirectory:project-test}
192 193
software_root = $${runnerdirectory:software-test}
instance_root = $${runnerdirectory:instance-test}
194
proxy_port = 8602
195
etc_dir = $${directory:test}
196 197
autorun = False
auto_deploy = True
198

199 200
[runtestsuite]
recipe = slapos.cookbook:wrapper
201 202
arguments = --server_url=$${slap-connection:server-url} --key_file=$${slap-connection:key-file} --cert_file=$${slap-connection:cert-file} --computer_id=$${slap-connection:computer-id} --partition_id=$${slap-connection:partition-id}
command-line = ${buildout:directory}/bin/slaprunnertest $${:arguments}
203
wrapper-path = $${directory:bin}/runTestSuite
204
environment = RUNNER_CONFIG=$${slapos-cfg:rendered}
205
parameters-extra = true
206

207 208 209 210 211 212 213 214 215 216 217
# Deploy openssh-server
[runner-sshd-port]
recipe = slapos.cookbook:free_port
minimum = 22222
maximum = 22231
ip = $${slap-network-information:global-ipv6}

[runner-sshd-config]
recipe = slapos.recipe.template:jinja2
rendered = $${directory:etc}/runner-sshd.conf
path_pid = $${directory:run}/runner-sshd.pid
218
host_key = $${directory:ssh}/runner_server_key.rsa
219 220 221 222 223 224
template = inline:
  PidFile $${:path_pid}
  Port $${runner-sshd-port:port}
  ListenAddress $${slap-network-information:global-ipv6}
  Protocol 2
  UsePrivilegeSeparation no
225
  HostKey $${:host_key}
226 227 228
  PasswordAuthentication no
  PubkeyAuthentication yes
  AuthorizedKeysFile $${buildout:directory}/.ssh/authorized_keys
229
  ForceCommand if [ -z "$SSH_ORIGINAL_COMMAND" ]; then $${shell-environment:shell} -l; else PATH=$${shell-environment:path} eval "$SSH_ORIGINAL_COMMAND"; fi
230
  Subsystem sftp ${openssh:location}/libexec/sftp-server
231

232
[runner-sshd-raw-server]
233
recipe = slapos.cookbook:wrapper
234
host = $${slap-network-information:global-ipv6}
235
rsa-keyfile = $${runner-sshd-config:host_key}
236
home = $${directory:ssh}
237
command-line = ${openssh:location}/sbin/sshd -D -e -f $${runner-sshd-config:rendered}
238 239 240 241 242 243 244 245 246
wrapper-path = $${directory:bin}/runner_raw_sshd

[runner-sshd-authorized-key]
<= runner-sshd-raw-server
recipe = slapos.cookbook:dropbear.add_authorized_key
key = $${slap-parameter:user-authorized-key}

[runner-sshd-server]
recipe = collective.recipe.template
247
log = $${directory:log}/runner-sshd.log
248 249 250
input = inline:#!/bin/sh
    exec $${runner-sshd-raw-server:wrapper-path} >> $${:log} 2>&1

251
output = $${directory:bin}/runner_raw_sshd_log
252
mode = 700
253 254 255 256 257 258

[runner-sshd-graceful]
recipe = slapos.cookbook:wrapper
command-line = $${directory:bin}/killpidfromfile $${runner-sshd-config:path_pid} SIGHUP
wrapper-path = $${directory:scripts}/runner-sshd-graceful

259
[runner-sshkeys-directory]
260
recipe = slapos.cookbook:mkdirectory
261 262
requests = $${directory:sshkeys}/runner-requests/
keys = $${directory:sshkeys}/runner-keys/
263 264 265

[runner-sshkeys-authority]
recipe = slapos.cookbook:sshkeys_authority
266 267 268
request-directory = $${runner-sshkeys-directory:requests}
keys-directory = $${runner-sshkeys-directory:keys}
wrapper = $${directory:services}/runner_sshkeys_authority
269 270 271 272 273
keygen-binary = ${openssh:location}/bin/ssh-keygen

[runner-sshkeys-sshd]
<= runner-sshkeys-authority
recipe = slapos.cookbook:sshkeys_authority.request
274
name = sshd
275 276 277 278 279 280
type = rsa
executable = $${runner-sshd-server:output}
public-key = $${runner-sshd-raw-server:rsa-keyfile}.pub
private-key = $${runner-sshd-raw-server:rsa-keyfile}
wrapper = $${directory:services}/runner-sshd

281
[runner-sshd-add-authorized-key]
282
recipe = slapos.cookbook:dropbear.add_authorized_key
283
home = $${buildout:directory}
284
key = $${slap-parameter:user-authorized-key}
285

286
#---------------------------
287
#--
288 289
#-- Set nginx frontend

290 291 292 293 294 295 296 297 298 299
[tempdirectory]
recipe = slapos.cookbook:mkdirectory
client_body_temp_path = $${directory:tmp}/client_body_temp_path
proxy_temp_path = $${directory:tmp}/proxy_temp_path
fastcgi_temp_path = $${directory:tmp}/fastcgi_temp_path
uwsgi_temp_path = $${directory:tmp}/uwsgi_temp_path
scgi_temp_path = $${directory:tmp}/scgi_temp_path

[nginx-frontend]
# Options
300
nb_workers = 5
301
# Network
302 303 304
local-ip = $${slap-network-information:local-ipv4}
global-ip = $${slap-network-information:global-ipv6}
global-port = $${slaprunner:runner_port}
305
# Backend
306 307
runner-ip = $${slaprunner:ipv4}
runner-port = $${slaprunner:runner_port}
308 309 310 311 312 313 314 315
# SSL
ssl-certificate = $${ca-nginx:cert-file}
ssl-key = $${ca-nginx:key-file}
# Log
path_pid = $${directory:run}/nginx.pid
path_log = $${directory:log}/nginx.log
path_access_log = $${directory:log}/nginx.access.log
path_error_log = $${directory:log}/nginx.error.log
316
path_tmp = $${directory:tmp}/
317
nginx_prefix = $${buildout:directory}
318 319 320
# Config files
path_nginx_conf = $${directory:etc}/nginx.conf
# Executables
321
bin_nginx = ${nginx-webdav:location}/sbin/nginx
322
bin_launcher = $${directory:bin}/launcher
323 324
# Utils
path_shell = ${dash:location}/bin/dash
325 326
# Misc.
etc_dir = $${directory:etc}
327
work_dir = $${slaprunner:working-directory}
328 329 330 331 332 333

[nginx_conf]
recipe = slapos.recipe.template:jinja2
template = ${template_nginx_conf:location}/${template_nginx_conf:filename}
rendered = $${nginx-frontend:path_nginx_conf}
context =
334
    key shellinabox_socket shellinabox:socket
335
    key socket gunicorn:socket
336 337 338 339 340 341 342 343 344 345 346
    section param_nginx_frontend nginx-frontend
    section param_tempdir tempdirectory

[nginx-launcher]
recipe = slapos.recipe.template:jinja2
template = ${template_launcher:location}/${template_launcher:filename}
rendered = $${nginx-frontend:bin_launcher}
mode = 700
context =
    section param_nginx_frontend nginx-frontend

347
[httpd-parameters]
348 349 350 351 352 353
path_pid = $${directory:run}/httpd.pid
path_error_log = $${directory:log}/httpd-error.log
path_access_log = $${directory:log}/httpd-access.log
# XXX Use ca-nginx, no need to regenerate certificate
cert_file = $${ca-nginx:cert-file}
key_file = $${ca-nginx:key-file}
354
global_ip = $${slap-network-information:global-ipv6}
355
global_port = $${slap-parameter:slaprunner-httpd-port}
356 357
working_directory = $${slaprunner:working-directory}
dav_lock = $${directory:var}/WebDavLock
358
htpasswd_file = $${directory:etc}/.htpasswd
359
etc_dir = $${directory:etc}
360 361
var_dir = $${directory:var}
project_folder = $${directory:project}
362
project_private_folder = $${runnerdirectory:private-project}
363
project_public_folder = $${runnerdirectory:public-project}
364
runner_home = $${runnerdirectory:home}
365
git_http_backend = ${git:location}/libexec/git-core/git-http-backend
366
cgid_sock = $${directory:run}/cgid.sock
367
#cgi_httpd_conf = $${monitor-httpd-configuration-file:rendered}
368
httpd_cors_file = $${slaprunner-httpd-cors:location}
369 370 371 372

[httpd-conf]
recipe = slapos.recipe.template:jinja2
template = ${template_httpd_conf:location}/${template_httpd_conf:filename}
373
rendered = $${directory:etc}/httpd.conf
374
context =
375 376
    section parameters httpd-parameters

377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409
[apache-httpd]
recipe = slapos.cookbook:wrapper
apache-executable = ${apache:location}/bin/httpd
wrapper-path = $${directory:services}/slaprunner-httpd
command-line = $${:apache-executable} -f $${httpd-conf:rendered} -DFOREGROUND
access-url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global_port}
wait-for-files =
  $${ca-nginx:cert-file}
  $${ca-nginx:key-file}

[httpd-graceful-wrapper]
recipe = collective.recipe.template
input = inline:
  #!/bin/sh
  exec kill -USR1 $(cat $${httpd-parameters:path_pid})
output = $${directory:scripts}/slaprunner-httpd-graceful
mode = 700

[apache-httpd-promise]
recipe = slapos.cookbook:check_url_available
path = $${directory:promises}/$${:filename}
filename = apache-httpd-listening-on-tcp
url = $${apache-httpd:access-url}
check-secure = 1
dash_path = {{ dash_executable_location }}
curl_path = {{ curl_executable_location }}

[slaprunner-httpd-cors]
recipe = plone.recipe.command
command = if [ ! -f $${:location} ]; then touch $${:location}; fi
location = $${directory:etc}/$${:filename}
filename = slaprunner-httpd-cors.cfg
stop-on-error = true
410

411 412 413 414
#--------------------
#--
#-- WSGI

415
[gunicorn]
416 417 418 419 420 421 422 423
bin_gunicorn = $${directory:bin}/gunicorn
bin_launcher = $${directory:services}/gunicorn
path_shell = ${dash:location}/bin/dash
socket = $${directory:tmp}/flaskserver.sock
path_pid = $${directory:run}/gunicorn.pid

[gunicorn-launcher]
recipe = slapos.cookbook:wrapper
424
command-line = $${gunicorn:bin_gunicorn} slapos.runner.run:app -p $${gunicorn:path_pid} -b unix:$${gunicorn:socket} -e RUNNER_CONFIG=$${slaprunner:slapos.cfg} --error-logfile $${directory:log}/$${:error-log-file} --timeout 200 --threads 3 --log-level error --preload
425
error-log-file = gunicorn-error.log
426
wrapper-path = $${gunicorn:bin_launcher}
427
environment = PATH=$${shell-environment:path}
428
  RUNNER_CONFIG=$${slaprunner:slapos.cfg}
429
  LANG=en_GB.UTF-8
430 431 432

[gunicorn-graceful]
recipe = slapos.cookbook:wrapper
433
command-line = $${directory:bin}/killpidfromfile $${gunicorn:path_pid} SIGHUP
434 435
wrapper-path = $${directory:scripts}/gunicorn-graceful

436
#--------------------
437
#--
438
#-- ssl certificates
439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463

[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = ${openssl:location}/bin/openssl
ca-dir = $${directory:ca-dir}
requests-directory = $${cadirectory:requests}
wrapper = $${directory:services}/certificate_authority
ca-private = $${cadirectory:private}
ca-certs = $${cadirectory:certs}
ca-newcerts = $${cadirectory:newcerts}
ca-crl = $${cadirectory:crl}

[cadirectory]
recipe = slapos.cookbook:mkdirectory
requests = $${directory:ca-dir}/requests/
private = $${directory:ca-dir}/private/
certs = $${directory:ca-dir}/certs/
newcerts = $${directory:ca-dir}/newcerts/
crl = $${directory:ca-dir}/crl/

[ca-nginx]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = $${cadirectory:certs}/nginx_frontend.key
cert-file = $${cadirectory:certs}/nginx_frontend.crt
464 465
executable = $${nginx-launcher:rendered}
wrapper = $${directory:services}/nginx-frontend
466 467 468
# Put domain name
name = example.com

469
#--------------------
470 471
#--
#-- Request frontend
472

473
{% if slapparameter_dict.get('no-ipv4-frontend', 'false') == 'false' -%}
474 475
[request-frontend]
<= slap-connection
476
recipe = slapos.cookbook:requestoptional
477
name = SlapRunner Frontend
478
# XXX We have hardcoded SR URL here.
479
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
480
slave = true
481
config-url = $${slaprunner:access-url}
482
config-domain = $${slap-parameter:frontend-domain}
483
return = site_url domain
484

485 486 487 488 489 490 491 492
[slaprunner-frontend-promise]
recipe = slapos.cookbook:check_url_available
path = $${directory:promises}/slaprunner_frontend
url = https://$${request-frontend:connection-domain}/login
dash_path = ${dash:location}/bin/dash
curl_path = ${curl:location}/bin/curl
check-secure = 1

493 494 495
[request-httpd-frontend]
<= slap-connection
recipe = slapos.cookbook:requestoptional
496 497 498
# XXX - Unfortunately, we still call webrunner httpd frontend "Monitor Frontend" otherwise 
# buildout will ignore previous frontend that was created and create a new one (in case of upgrade)
name = Monitor Frontend
499 500 501 502 503 504 505 506 507 508 509 510 511 512 513
# XXX We have hardcoded SR URL here.
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
slave = true
config-url = $${apache-httpd:access-url}
config-domain = 
return = secure_access domain

[httpd-frontend-promise]
recipe = slapos.cookbook:check_url_available
path = $${directory:promises}/slaprunner-apache-http-frontend
url = $${request-httpd-frontend:connection-secure_access}
dash_path = {{ dash_executable_location }}
curl_path = {{ curl_executable_location }}
check-secure = 1

514
{% endif %}
515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533

[htpasswd]
recipe = slapos.cookbook:generate.password
storage-path = $${directory:etc}/.pwd
bytes = 8

[runner-htpasswd]
recipe = plone.recipe.command
stop-on-error = true
htpasswd-path = $${monitor-directory:etc}/.htpasswd
command = if [ ! -f "$${:htpasswd-path}" ]; then ${apache:location}//bin/htpasswd -cb $${:htpasswd-path} $${:user} $${:password}; fi
update-command = $${:command}
user = admin
{% if slapparameter_dict.get('monitor-password', '') -%}
password = {{ slapparameter_dict['monitor-password'] }}
{% else -%}
password = $${htpasswd:passwd}
{% endif -%}

534
#--------------------------------------
535
#--
536
#-- Send information to SlapOS Master
537

538 539 540
[user-info]
recipe = slapos.cookbook:userinfo

541
[publish-connection-information]
542
recipe = slapos.cookbook:publish
543 544 545
backend-url = $${slaprunner:access-url}
init-user = $${runner-htpasswd:user}
init-password = $${runner-htpasswd:password}
546
ssh-command = ssh $${user-info:pw-name}@$${slap-network-information:global-ipv6} -p $${runner-sshd-port:port}
547 548
git-public-url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global_port}/git-public/
git-private-url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global_port}/git/
549
monitor-base-url = $${monitor-publish-parameters:monitor-base-url}
550 551 552 553 554
{% if slapparameter_dict.get('no-ipv4-frontend', 'false') == 'false' -%}
url =  https://$${request-frontend:connection-domain}
webdav-url = $${request-httpd-frontend:connection-secure_access}/share/
public-url =  $${request-httpd-frontend:connection-secure_access}/public/
{% else %}
555
url =  $${slaprunner:access-url}
556 557 558 559
webdav-url = $${apache-httpd:access-url}/share/
public-url =  $${apache-httpd:access-url}/public/
{% endif %}

560 561
{% if slapparameter_dict.get('instance-type', '') != 'resilient' -%}
{% set monitor_interface_url = slapparameter_dict.get('monitor-interface-url', 'https://monitor.app.officejs.com') -%}
562
monitor-setup-url = {{ monitor_interface_url }}/#page=settings_configurator&url=$${monitor-publish-parameters:monitor-url}&username=$${monitor-publish-parameters:monitor-user}&password=$${monitor-publish-parameters:monitor-password}
563
{% else -%}
564 565 566
monitor-url = $${monitor-publish-parameters:monitor-url}
monitor-user = $${monitor-publish-parameters:monitor-user}
monitor-password = $${monitor-publish-parameters:monitor-password}
567
{% endif -%}
568 569 570
#---------------------------
#--
#-- Deploy promises scripts
Jean-Baptiste Petre's avatar
Jean-Baptiste Petre committed
571

572 573
[slaprunner-promise]
recipe = slapos.cookbook:check_port_listening
574
path = $${directory:promises}/slaprunner
575 576
hostname = $${slaprunner:ipv6}
port = $${slaprunner:runner_port}
Jean-Baptiste Petre's avatar
Jean-Baptiste Petre committed
577

578
[runner-sshd-promise]
579
recipe = slapos.cookbook:check_port_listening
580 581 582
path = $${directory:promises}/runner-sshd
hostname = $${slap-network-information:global-ipv6}
port = $${runner-sshd-port:port}
583

584 585
[symlinks]
recipe = cns.recipe.symlink
586
symlink_target = $${directory:bin}
587
symlink_base = ${buildout:directory}/bin
588 589 590

[slap-parameter]
# Default value if no ssh key is specified
591
user-authorized-key =
592
# Default value of instances number in slaprunner
593
instance-amount = 10
594 595
debug = false
frontend-domain =
596
slapos-repository = https://lab.nexedi.com/nexedi/slapos.git
597
slapos-software =
598
slapos-software-type =
599
slapos-reference = master
600
auto-deploy = false
601
auto-deploy-instance = true
602
autorun = false
603 604
slaprunner-httpd-port = $${:monitor-port}
# XXX - for backward compatibility, monitor-port was for slaprunner httpd server
605
monitor-port = 9686
606
instance-name =
607 608
monitor-cors-domains = 
monitor-interface-url = 
609
# XXX - define a new port for monitor here and use monitor-port for backward compatibility
610
monitor-httpd-port = 8386
611 612 613

[monitor-parameters]
port = $${slap-parameter:monitor-port}
614

615 616
[slapos-cfg]
recipe = slapos.recipe.template:jinja2
617
template = ${template-slapos-cfg:location}/${template-slapos-cfg:filename}
618 619 620
rendered = $${slaprunner:slapos.cfg}
mode = 700
context =
621
  section slaprunner slaprunner
622

623 624
[slapos-test-cfg]
recipe = slapos.recipe.template:jinja2
625
template = ${template-slapos-cfg:location}/${template-slapos-cfg:filename}
626 627 628 629 630
rendered = $${test-runner:slapos.cfg}
mode = 700
context =
  section slaprunner test-runner

631
[shellinabox]
632 633 634 635 636 637 638 639 640 641 642
recipe = slapos.recipe.template:jinja2
# We cannot use slapos.cookbook:wrapper here because this recipe escapes too much
socket = $${directory:run}/siab.sock
mode = 0700
rendered = $${directory:services}/shellinaboxd
template = inline:
  #!/bin/sh
  exec ${shellinabox:location}/bin/shellinaboxd \
    --disable-ssl \
    --disable-ssl-menu \
    --unixdomain-only=$${:socket}:$(id -u):$(id -g):0600 \
643
    --service "/:$(id -u):$(id -g):HOME:$${shell-environment:shell} -l"
644

645
[shell-environment]
646
shell = ${bash:location}/bin/bash
647
path = ${nano:location}/bin:${vim:location}/bin:${screen:location}/bin:${git:location}/bin:${curl:location}/bin:${python2.7:location}/bin:${tig:location}/bin:${zip:location}/bin:${mosh:location}/bin:${bash:location}/bin:$${buildout:directory}/bin/:/usr/bin:/bin/
648

649 650
[prepare-software]
recipe = slapos.cookbook:wrapper
651
command-line = ${curl:location}/bin/curl -g https://[$${slaprunner:ipv6}]:$${slaprunner:runner_port}/isSRReady --max-time 1 --insecure
652 653
wrapper-path = $${directory:scripts}/prepareSoftware

654 655 656 657 658 659 660
[cron-entry-prepare-software]
<= cron
recipe = slapos.cookbook:cron.d
name = prepare-software
frequency = */2 * * * *
command = $${prepare-software:wrapper-path}

661 662 663
[instance-parameters]
recipe = slapos.recipe.template:jinja2
extensions = jinja2.ext.do
664
template = ${template-parameters:location}/${template-parameters:filename}
665 666
rendered = $${directory:etc}/.parameter.xml.default
mode = 0644
667
context =
668 669 670 671 672 673 674 675
  key slapparameter_dict slap-configuration:configuration

[deploy-instance-parameters]
recipe = plone.recipe.command
stop-on-error = true
parameter-xml = $${directory:etc}/.parameter.xml
command = if [ ! -f $${:parameter-xml} ]; then cp $${instance-parameters:rendered} $${:parameter-xml}; fi

676 677 678 679 680 681 682
[instance-software-type]
recipe = plone.recipe.command
stop-on-error = true
# XXX It should not be named with .xml as it is not xml
software-type-path = $${directory:etc}/.software_type.xml
command = if [ ! -f $${:software-type-path} -a "$${slap-parameter:slapos-software-type}" != "" ]; then echo "$${slap-parameter:slapos-software-type}" > $${:software-type-path}; fi

683 684 685 686 687
[instance-software]
recipe = plone.recipe.command
stop-on-error = true
command = SR=$${slap-parameter:slapos-software} && if [ -n "$SR" ] && [ ! -f "$${directory:etc}/.project" ]; then echo workspace/slapos/$${slap-parameter:slapos-software}/ > $${directory:etc}/.project; fi

688 689 690 691 692 693 694 695
[slap-configuration]
recipe = slapos.cookbook:slapconfiguration.serialised
computer = $${slap-connection:computer-id}
partition = $${slap-connection:partition-id}
url = $${slap-connection:server-url}
key = $${slap-connection:key-file}
cert = $${slap-connection:cert-file}

696

697 698 699 700 701 702
[minishell-cwd]
recipe = plone.recipe.command
command = if [ ! -f $${slaprunner:minishell_cwd_file} ]; then echo $${runnerdirectory:home} > $${slaprunner:minishell_cwd_file}; fi
location = $${slaprunner:minishell_cwd_file}
stop-on-error = true

703
[bash-profile]
704 705 706 707
recipe = slapos.recipe.template:jinja2
template = ${template-bash-profile:location}/${template-bash-profile:filename}
rendered = $${buildout:directory}/.bash_profile
context =
708
    raw path $${shell-environment:path}
709
    key workdir runnerdirectory:home
710
    
711 712 713 714
#---------------------------
#--
#-- supervisord managing slaprunner automation features

715
[supervisord]
716
autorestart = false
717 718 719 720
autostart = false
directory = $${buildout:directory}
exitcodes = 0
logfile = $${directory:log}/supervisord.log
721
no_logfile = NONE
722
numprocs = 1
723
path = $${shell-environment:path}
724
pidfile = $${directory:run}/supervisord.pid
725 726
ip = $${slaprunner:ipv4}
server = $${:ip}:$${:port}
727
port = 39986
728
slapgrid-cp = slapgrid-cp
729
slapgrid-cp-command = $${slaprunner:slapos} node instance --all --cfg $${:slapos-cfg} --pidfile $${:slapgrid-cp-pid} --verbose --logfile $${:slapgrid-cp-log}
730 731
slapgrid-cp-log = $${runnerdirectory:home}/instance.log
slapgrid-cp-pid = $${directory:run}/slapgrid-cp.pid
732
slapgrid-cp-startretries = 0
733
slapgrid-sr = slapgrid-sr
734
slapgrid-sr-command = $${slaprunner:slapos} node software --all --cfg $${:slapos-cfg} --pidfile $${:slapgrid-sr-pid} --verbose --logfile $${:slapgrid-sr-log}
735 736
slapgrid-sr-log = $${runnerdirectory:home}/software.log
slapgrid-sr-pid = $${directory:run}/slapgrid-sr.pid
737
slapgrid-sr-startretries = 0
738 739 740
slapproxy = slapproxy
slapproxy-autorestart = true
slapproxy-autostart = true
741
slapproxy-startsecs = 1
742
slapproxy-command = $${slaprunner:slapos} proxy start --logfile $${:slapproxy-log} --cfg $${:slapos-cfg}
743
slapproxy-log = $${directory:log}/slapproxy.log
744 745
socket_name = unix://$${:socket_path}
socket_path = $${directory:tmp}/supervisord.sock
746
startsecs = 0
747 748 749
# This file logs errors from listeners. Supervisord has its own logfile.
# Processes should handle their logs by themselves
stderr_logfile = $${directory:log}/supervisord-errors.log
750
slapos-cfg = $${slaprunner:slapos.cfg}
751 752 753 754 755 756

[supervisord-conf]
recipe = slapos.recipe.template:jinja2
template = ${template-supervisord:location}/${template-supervisord:filename}
rendered = $${directory:etc}/supervisord.conf
context =
757 758
    import multiprocessing multiprocessing
    import builtin __builtin__
759
    section supervisord supervisord
760
    key slapparameter_dict slap-configuration:configuration
761 762 763 764 765 766 767 768 769 770
    key listener_slapgrid listener-slapgrid-bin:rendered

[listener-slapgrid-bin]
recipe = slapos.recipe.template:jinja2
template = ${template-listener-slapgrid:location}/${template-listener-slapgrid:filename}
rendered = $${directory:bin}/listener_slapgrid.py
mode = 0744
context =
    section supervisord supervisord
    section slaprunner slaprunner
771
    raw python_executable ${buildout:directory}/bin/${extra-eggs:interpreter}
772 773 774 775 776 777

[supervisord-wrapper]
recipe = slapos.cookbook:wrapper
command-line = $${buildout:directory}/bin/supervisord -c $${supervisord-conf:rendered} --nodaemon
wrapper-path = $${directory:services}/supervisord

778 779 780 781 782 783
[supervisord-promise]
recipe = slapos.cookbook:check_port_listening
path = $${directory:promises}/supervisord
hostname = $${slaprunner:ipv4}
port = $${supervisord:port}

784 785
# XXX Monitor 
[monitor-instance-parameter]
786
monitor-httpd-port = $${slap-parameter:monitor-httpd-port}
787 788 789
{% if slapparameter_dict.get('name', '') -%}
monitor-title = {{ slapparameter_dict['name'] }}
{% endif -%}
790
cors-domains = {{ slapparameter_dict.get('monitor-cors-domains', 'monitor.app.officejs.com') }}
791 792 793
{% if slapparameter_dict.get('monitor-username', '') -%}
username = {{ slapparameter_dict['monitor-username'] }}
{% endif -%}
794
password = $${runner-htpasswd:password}
795
{% if slapparameter_dict.get('monitor-url-list', '') -%}
796
monitor-url-list = {{ slapparameter_dict['monitor-url-list'] }}
797 798
{% endif -%}
instance-configuration =
799
  httpdcors cors-domain $${slaprunner-httpd-cors:location} $${httpd-graceful-wrapper:output}
800
configuration-file-path = $${buildout:directory}/knowledge0.cfg
801

802 803 804
[monitor-check-webrunner-internal-instance]
recipe = slapos.recipe.template:jinja2
template = ${monitor-check-webrunner-internal-instance:location}/${monitor-check-webrunner-internal-instance:filename}
805
rendered = $${monitor-directory:reports}/$${:filename}
806 807 808
filename = monitor-check-webrunner-internal-instance
mode = 0744

809 810 811
## Slapuser slapos command script
[template-slapuser-script]
recipe = slapos.recipe.template:jinja2
812
template = ${template-slapuser-script:location}/${template-slapuser-script:filename}
813 814 815 816 817
rendered = $${buildout:bin-directory}/slapos
mode = 0744
context =
  raw config_location $${slapos-cfg:rendered}
  raw slapos_python_file_location ${buildout:bin-directory}/slapos