template-resilient.cfg.in 5.78 KB
Newer Older
1 2 3 4 5 6 7 8
{% import 'parts' as parts %}
{% import 'replicated' as replicated %}

[buildout]

extends =
   {{templateapache}}

9 10
# += because we need to take up parts (like instance-custom, slapmonitor etc) from the profile we extended
parts +=
11 12 13
  {{ parts.replicate("mariadb","3") }}
  request-apache-backup-1
  request-apache-backup-2
Cédric de Saint Martin's avatar
Cédric de Saint Martin committed
14

15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
  request-pull-backup-server-apache-1
  request-pull-backup-server-apache-backup-1

  request-pull-backup-server-apache-2
  request-pull-backup-server-apache-backup-2

  publish-connection-informations
  apache-php
  stunnel
  certificate-authority
  ca-stunnel
  logrotate
  logrotate-entry-apache
  logrotate-entry-stunnel
  cron
  cron-entry-logrotate
  dropbear-server
  sshkeys-authority
  dropbear-server-pbs-authorized-key

  request-pull-backup-server
Cédric de Saint Martin's avatar
Cédric de Saint Martin committed
36

37 38 39 40
{{ replicated.replicate("mariadb", "3", "mariadb-export", "mariadb-import") }}


[request-pull-backup-server]
41
<= request-pbs-common
42 43 44 45 46 47
name = PBS (Pull Backup Server)
return = ssh-key notification-url feeds-url
slave = false

[sshkeys-directory]
recipe = slapos.cookbook:mkdirectory
Marco Mariani's avatar
Marco Mariani committed
48 49
requests = ${directory:sshkeys}/requests
keys = ${directory:sshkeys}/keys
50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113

[sshkeys-authority]
recipe = slapos.cookbook:sshkeys_authority
request-directory = ${sshkeys-directory:requests}
keys-directory = ${sshkeys-directory:keys}
wrapper = ${basedirectory:services}/sshkeys_authority
keygen-binary = {{dropbear}}/bin/dropbearkey

[sshkeys-dropbear]
<= sshkeys-authority
recipe = slapos.cookbook:sshkeys_authority.request
name = dropbear
type = rsa
executable = ${dropbear-server:wrapper}
public-key = ${dropbear-server:rsa-keyfile}.pub
private-key = ${dropbear-server:rsa-keyfile}
wrapper = ${basedirectory:services}/sshd

[dropbear-server]
recipe = slapos.cookbook:dropbear
host = ${slap-network-information:global-ipv6}
port = 2222
home = ${directory:ssh}
wrapper = ${rootdirectory:bin}/raw_sshd
shell = ${rdiff-backup-server:wrapper}
rsa-keyfile = ${directory:ssh}/server_key.rsa
dropbear-binary = {{dropbear}}/sbin/dropbear

[dropbear-server-pbs-authorized-key]
<= dropbear-server
recipe = slapos.cookbook:dropbear.add_authorized_key
key = ${request-pull-backup-server:connection-ssh-key}

[rdiff-backup-server]
<= apache-php
recipe = slapos.cookbook:pbs
client = false
path = ${apache-php:htdocs}
wrapper = ${rootdirectory:bin}/rdiffbackup-server
rdiffbackup-binary = {{buildout}}/rdiff-backup

[request-apache-backup-1]
<= slap-connection
recipe = slapos.cookbook:request
name = Apache Backup 1
software-url = ${slap-connection:software-release-url}
software-type = apache-backup
return = url ssh-url ssh-public-key
config = authorized-key proxy-url
config-authorized-key = ${request-pull-backup-server:connection-ssh-key}
config-proxy-url = ${publish-connection-informations:url}

[request-apache-backup-2]
<= slap-connection
recipe = slapos.cookbook:request
name = Apache Backup 2
software-url = ${slap-connection:software-release-url}
software-type = apache-backup
return = url ssh-url ssh-public-key
config = authorized-key proxy-url
config-authorized-key = ${request-pull-backup-server:connection-ssh-key}
config-proxy-url = ${publish-connection-informations:url}

[request-pull-backup-server-apache-1]
114
<= request-pbs-common
115 116 117 118 119 120 121 122 123 124
name = PBS pulling from Apache 1
config = url name type server-key notify notification-id frequency
config-url = ssh://nobody@[${dropbear-server:host}]:${dropbear-server:port}/${rdiff-backup-server:path}
config-name = ${slap-connection:computer-id}-${slap-connection:partition-id}-apache
config-type = pull
config-server-key = ${sshkeys-dropbear:public-key-value}
config-notify = ${request-pull-backup-server:connection-notification-url}
config-notification-id = ${slap-connection:computer-id}-${slap-connection:partition-id}-apache-pull
config-frequency = 30 * * * *
slave = true
125 126
sla = instance_guid
sla-instance_guid = ${request-pull-backup-server:instance_guid}
127 128

[request-pull-backup-server-apache-2]
129
<= request-pbs-common
130 131 132 133 134 135 136 137 138 139
name = PBS pulling from Apache 2
config = url name type server-key notify notification-id frequency
config-url = ssh://nobody@[${dropbear-server:host}]:${dropbear-server:port}/${rdiff-backup-server:path}
config-name = ${slap-connection:computer-id}-${slap-connection:partition-id}-apache
config-type = pull
config-server-key = ${sshkeys-dropbear:public-key-value}
config-notify = ${request-pull-backup-server:connection-notification-url}
config-notification-id = ${slap-connection:computer-id}-${slap-connection:partition-id}-apache-pull
config-frequency = 30 * * * *
slave = true
140 141
sla = instance_guid
sla-instance_guid = ${request-pull-backup-server:instance_guid}
142 143 144


[request-pull-backup-server-apache-backup-1]
145
<= request-pbs-common
146 147 148 149 150 151 152 153
name = PBS pushing to ${request-apache-backup-1:name}
config = url name type server-key on-notification
config-url = ${request-apache-backup-1:connection-ssh-url}
config-name = ${request-pull-backup-server-apache-1:config-name}
config-type = push
config-server-key = ${request-apache-backup-1:connection-ssh-public-key}
config-on-notification = ${request-pull-backup-server:connection-feeds-url}${request-pull-backup-server-apache-1:config-notification-id}
slave = true
154 155
sla = instance_guid
sla-instance_guid = ${request-pull-backup-server:instance_guid}
156 157

[request-pull-backup-server-apache-backup-2]
158
<= request-pbs-common
159 160 161 162 163 164 165 166
name = PBS pushing to ${request-apache-backup-2:name}
config = url name type server-key on-notification
config-url = ${request-apache-backup-2:connection-ssh-url}
config-name = ${request-pull-backup-server-apache-2:config-name}
config-type = push
config-server-key = ${request-apache-backup-2:connection-ssh-public-key}
config-on-notification = ${request-pull-backup-server:connection-feeds-url}${request-pull-backup-server-apache-2:config-notification-id}
slave = true
167 168
sla = instance_guid
sla-instance_guid = ${request-pull-backup-server:instance_guid}
169 170 171


[directory]
Marco Mariani's avatar
Marco Mariani committed
172
ssh = ${rootdirectory:etc}/ssh
173
sshkeys = ${rootdirectory:srv}/sshkeys