[buildout] parts = certificate-authority ca-stunnel logrotate logrotate-entry-stunnel logrotate-entry-apache cron cron-entry-logrotate trac-config trac-git-hook-script trac-svn-hook-script post-revprop-change-script gitweb-conf httpd gitdaemon promise ca-shellinabox frontend-promise content-promise publish-connection-informations eggs-directory = ${buildout:eggs-directory} develop-eggs-directory = ${buildout:develop-eggs-directory} offline = true #---------------- #-- #-- Creation of all needed directories. [rootdirectory] recipe = slapos.cookbook:mkdirectory etc = $${buildout:directory}/etc var = $${buildout:directory}/var srv = $${buildout:directory}/srv bin = $${buildout:directory}/bin tmp = $${buildout:directory}/tmp [basedirectory] recipe = slapos.cookbook:mkdirectory log = $${rootdirectory:var}/log services = $${rootdirectory:etc}/service run = $${rootdirectory:var}/run backup = $${rootdirectory:srv}/backup promises = $${rootdirectory:etc}/promise [directory] recipe = slapos.cookbook:mkdirectory cron-entries = $${rootdirectory:etc}/cron.d crontabs = $${rootdirectory:etc}/crontabs cronstamps = $${rootdirectory:etc}/cronstamps ca-dir = $${rootdirectory:srv}/ssl httpd-log = $${basedirectory:log}/apache logrotate-entries = $${rootdirectory:etc}/logrotate.d logrotate-backup = $${basedirectory:backup}/logrotate tracconfig = $${rootdirectory:srv} stunnel-conf = $${rootdirectory:etc}/stunnel shellinabox = $${rootdirectory:srv}/shellinabox/ [cadirectory] recipe = slapos.cookbook:mkdirectory requests = $${directory:ca-dir}/requests private = $${directory:ca-dir}/private certs = $${directory:ca-dir}/certs newcerts = $${directory:ca-dir}/newcerts crl = $${directory:ca-dir}/crl #---------------- #-- #-- Deploy cron. [cron] recipe = slapos.cookbook:cron dcrond-binary = ${dcron:location}/sbin/crond cron-entries = $${directory:cron-entries} crontabs = $${directory:crontabs} cronstamps = $${directory:cronstamps} catcher = $${cron-simplelogger:wrapper} binary = $${basedirectory:services}/crond [cron-simplelogger] recipe = slapos.cookbook:simplelogger wrapper = $${rootdirectory:bin}/cron_simplelogger log = $${basedirectory:log}/crond.log #---------------- #-- #-- Deploy logrotate. [cron-entry-logrotate] <= cron recipe = slapos.cookbook:cron.d name = logrotate frequency = 0 0 * * * command = $${logrotate:wrapper} [logrotate] recipe = slapos.cookbook:logrotate # Binaries logrotate-binary = ${logrotate:location}/usr/sbin/logrotate gzip-binary = ${gzip:location}/bin/gzip gunzip-binary = ${gzip:location}/bin/gunzip # Directories wrapper = $${rootdirectory:bin}/logrotate conf = $${rootdirectory:etc}/logrotate.conf logrotate-entries = $${directory:logrotate-entries} backup = $${directory:logrotate-backup} state-file = $${rootdirectory:srv}/logrotate.status #---------------- #-- #-- Deploy stunnel. [stunnel] recipe = slapos.cookbook:stunnel client = true stunnel-binary = ${stunnel:location}/bin/stunnel remote-host = $${mariadb-urlparse:host} remote-port = $${mariadb-urlparse:port} local-host = $${slap-network-information:local-ipv4} local-port = 3306 log-file = $${basedirectory:log}/stunnel.log config-file = $${directory:stunnel-conf}/stunnel.conf key-file = $${directory:stunnel-conf}/stunnel.key cert-file = $${directory:stunnel-conf}/stunnel.crt pid-file = $${basedirectory:run}/stunnel.pid wrapper = $${rootdirectory:bin}/raw_stunnel post-rotate-script = $${rootdirectory:bin}/stunnel_post_rotate [logrotate-entry-stunnel] <= logrotate recipe = slapos.cookbook:logrotate.d name = stunnel log = $${stunnel:log-file} frequency = daily rotate-num = 30 notifempty = true create = true post = $${stunnel:post-rotate-script} #---------------- #-- #-- Certificate stuff. [certificate-authority] recipe = slapos.cookbook:certificate_authority openssl-binary = ${openssl:location}/bin/openssl ca-dir = $${directory:ca-dir} requests-directory = $${cadirectory:requests} wrapper = $${basedirectory:services}/ca ca-private = $${cadirectory:private} ca-certs = $${cadirectory:certs} ca-newcerts = $${cadirectory:newcerts} ca-crl = $${cadirectory:crl} [ca-stunnel] <= certificate-authority recipe = slapos.cookbook:certificate_authority.request executable = $${stunnel:wrapper} wrapper = $${basedirectory:services}/stunnel key-file = $${stunnel:key-file} cert-file = $${stunnel:cert-file} #---------------- #-- #-- Request MariaDB instance and parse its URL. [request-mariadb] <= slap-connection recipe = slapos.cookbook:request name = MariaDB software-url = $${slap-connection:software-release-url} software-type = mariadb return = url sla = computer_guid sla-computer_guid = $${slap-connection:computer-id} [mariadb-urlparse] recipe = slapos.cookbook:urlparse url = $${request-mariadb:connection-url} #---------------- #-- #-- Deploy Apache + PHP application. [httpd-conf] recipe = slapos.recipe.template url = ${template-httpd-conf:location}/${template-httpd-conf:filename} output = $${rootdirectory:etc}/apache.conf document_root = $${rootdirectory:srv}/site/ wsgi_location = $${rootdirectory:srv}/site/apache gitweb-static-dir = ${gitweb:location}/share/gitweb/static/ gitweb-script = $${gitweb-cgi:output} git-http-backend = $${git-http-backend-cgi:output} cgid-sock = $${basedirectory:run}/cgid.sock pid_file = $${basedirectory:run}/apache.pid lock_file = $${basedirectory:run}/apache.lock ip = $${slap-network-information:global-ipv6} port = 8080 error_log = $${directory:httpd-log}/error.log access_log = $${directory:httpd-log}/access.log [trac-config] recipe = slapos.recipe.template url = ${tracIni:location}/${tracIni:filename} output = $${directory:tracconfig}/trac-config-model.ini mode = 0600 project_dir = $${rootdirectory:srv}/site #project_url = http://[$${slap-network-information:global-ipv6}]:8080 project_url = $${request-frontend:connection-site_url} trac_plugins = $${:project_dir}/plugins git_bin = ${git:location}/bin/git git_project_base = $${:project_dir}/git git_project_list = git_url = $${:project_url}git admin_email = $${slap-parameter:admin-email} project_description = $${slap-parameter:project-desc} project_footer = $${slap-parameter:project-footer} project_name = $${slap-parameter:project-name} #MySQL informations mysql_username = $${mariadb-urlparse:username} mysql_password = $${mariadb-urlparse:password} mysql_database = $${mariadb-urlparse:path} mysql_host = $${stunnel:local-host} mysql_port = $${stunnel:local-port} [trac-wsgi] recipe = slapos.recipe.template url = ${tracWsgi:location}/${tracWsgi:filename} output = $${directory:tracconfig}/trac.wsgi mode = 0700 trac_env = $${trac-config:project_dir} python_bin = ${python2.7:location}/bin/python2.7 [trac-svn-hook-script] recipe = slapos.recipe.template url = ${trac-svn-hook:location}/${trac-svn-hook:filename} output = $${directory:tracconfig}/trac-svn-hook mode = 0700 trac_env = $${trac-config:project_dir} trac_admin = ${buildout:bin-directory} python_bin = ${python2.7:location}/bin python_lib = ${python2.7:location}/lib svn_python = ${subversion-1.9:location}/lib/svn-python [trac-git-hook-script] recipe = slapos.recipe.template url = ${trac-git-hook:location}/${trac-git-hook:filename} output = $${directory:tracconfig}/trac-git-hook mode = 0700 git_bin = ${git:location}/bin/git trac_admin = ${buildout:bin-directory}/trac-admin trac_env = $${trac-config:project_dir} [post-revprop-change-script] recipe = slapos.recipe.template url = ${post-revprop-change:location}/${post-revprop-change:filename} output = $${directory:tracconfig}/post-revprop-change mode = 0700 trac_svn_hook = $${trac-svn-hook-script:output} [trac-svnrepo-script] recipe = slapos.recipe.template url = ${create-svn-repo:location}/${create-svn-repo:filename} output = $${rootdirectory:bin}/create-svn-repository.sh mode = 0700 trac_admin = ${buildout:bin-directory} svn_bin = ${subversion-1.9:location}/bin svn_python = ${subversion-1.9:location}/lib/svn-python python_lib = ${python2.7:location}/lib [gitweb-conf] recipe = slapos.recipe.template url = ${template-gitweb-conf:location}/${template-gitweb-conf:filename} output = $${rootdirectory:etc}/gitweb.conf url-list = $${trac-config:project_url}git http://[$${slap-network-information:global-ipv6}]:8080/git git://[$${slap-network-information:global-ipv6}] base-directory = $${trac-config:project_dir}/git [gitweb-cgi] recipe = slapos.recipe.template url = ${template-gitweb-cgi:location}/${template-gitweb-cgi:filename} output = $${rootdirectory:bin}/gitweb.cgi mode = 700 perl = ${perl:location}/bin/perl gitweb = ${gitweb:location}/share/gitweb/gitweb.cgi [git-http-backend-cgi] recipe = slapos.recipe.template url = ${template-git-http-backend-cgi:location}/${template-git-http-backend-cgi:filename} output = $${rootdirectory:bin}/git-http-backend.cgi mode = 700 githttpbackend = ${git:location}/libexec/git-core/git-http-backend base-directory = $${trac-config:project_dir}/git [trac-admin] recipe = slapos.cookbook:pwgen file = $${buildout:directory}/.password pwgen-binary = ${pwgen:location}/bin/pwgen user = TracAdmin #--------------------- #to avoid manipulate apache after installation, this part is installed before #running apache services for the first time [inittrac] recipe = slapos.cookbook:trac site-dir = $${trac-config:project_dir} site-url = $${trac-config:project_url} project = $${slap-parameter:project-name} #Use to install trac additional plugins plugins-egg-dir = ${trac-plugins-egg:location} #Usefull for update pythonPath eggs-dirs = ${buildout:eggs-directory} ${buildout:develop-eggs-directory} python-lib = ${python2.7:location}/lib trac-admin = ${buildout:bin-directory}/trac-admin admin-user = $${trac-admin:user} admin-password = $${trac-admin:password} #MySQL informations mysql-username = $${mariadb-urlparse:username} mysql-password = $${mariadb-urlparse:password} mysql-database = $${mariadb-urlparse:path} mysql-host = $${stunnel:local-host} mysql-port = $${stunnel:local-port} #SVN - GIT Project list svn-project-list = $${slap-parameter:svn-project-list} git-project-list = $${slap-parameter:git-project-list} git-binary = ${git:location}/bin/git #configurations files trac-ini = $${trac-config:output} trac-wsgi = $${trac-wsgi:output} svn-repo-script = $${trac-svnrepo-script:output} post-revprop-change = $${post-revprop-change-script:output} trac-svn-hook = $${trac-svn-hook-script:output} trac-git-hook = $${trac-git-hook-script:output} file-status = $${buildout:directory}/.status #Trac User list htpasswd = ${apache:location}/bin/htpasswd passwd-file = $${trac-config:project_dir}/.htpasswd user-list = $${slap-parameter:trac-user-list} [httpd] recipe = slapos.cookbook:wrapper command-line = ${apache:location}/bin/httpd -DFOREGROUND -f "$${httpd-conf:output}" environment = PYTHONPATH=${subversion-1.9:location}/lib/svn-python:$${inittrac:python_path} LD_LIBRARY_PATH=${python2.7:location}/lib wrapper-path = $${basedirectory:services}/httpd wait-for-files = $${inittrac:file-status} [gitdaemon] recipe = slapos.cookbook:wrapper ip = $${slap-network-information:global-ipv6} port = 9418 command-line = ${git:location}/bin/git daemon --export-all --listen=$${:ip} --port=$${:port} --interpolated-path=$${inittrac:site-dir}/git/%D wrapper-path = $${basedirectory:services}/git-daemon wait-for-files = $${inittrac:file-status} [logrotate-entry-apache] <= logrotate recipe = slapos.cookbook:logrotate.d name = apache log = $${httpd-conf:error_log} $${httpd-conf:access_log} frequency = daily rotate-num = 30 sharedscripts = true notifempty = true create = true #-------------------------- #----- #---- Request Console for Trac-administration (cannot use Trac without console admin) [ca-shellinabox] <= certificate-authority recipe = slapos.cookbook:certificate_authority.request executable = $${shellinabox:wrapper} wrapper = $${basedirectory:services}/shellinaboxd key-file = $${shellinabox:key-file} cert-file = $${shellinabox:cert-file} [shellinabox] recipe = slapos.cookbook:shellinabox ipv6 = $${slap-network-information:global-ipv6} port = 9000 shell = $${shell:wrapper} wrapper = $${rootdirectory:bin}/shellinaboxd_raw shellinabox-binary = ${shellinabox:location}/bin/shellinaboxd password = $${trac-admin:password} directory = $${inittrac:site-dir} login-shell = $${rootdirectory:bin}/login certificate-directory = $${directory:shellinabox} cert-file = $${directory:shellinabox}/public.crt key-file = $${directory:shellinabox}/private.key [shell-wrapper] recipe = slapos.cookbook:wrapper command-line = ${buildout:bin-directory}/trac-admin $${inittrac:site-dir} environment = PYTHONPATH=${subversion-1.9:location}/lib/svn-python:$${inittrac:python_path} ENV=$${inittrac:site-dir} SNV_REPOS=$${inittrac:site-dir}/svn GIT_REPOS=$${inittrac:site-dir}/git wrapper-path = $${rootdirectory:bin}/shell_raw [shell] recipe = slapos.cookbook:shell wrapper = $${rootdirectory:bin}/shell shell = $${shell-wrapper:wrapper-path} home = $${inittrac:site-dir} ps1 = "\\w> " path = #---------------- #-- #-- Request frontend. #-- We need to remove dependancy between apache, trac and frontend, because url is needed in #-- trac configuration file and apache depend on trac. [request-frontend] <= slap-connection recipe = slapos.cookbook:requestoptional name = Frontend # XXX We have hardcoded SR URL here. software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg slave = true config = url custom_domain config-url = http://[$${slap-network-information:global-ipv6}]:8080 return = site_url config-custom_domain = $${slap-parameter:domain} #---------------- #-- #-- Publish instance parameters. [publish-connection-informations] recipe = slapos.cookbook:publish backend_url = http://[$${httpd-conf:ip}]:$${httpd-conf:port}/ frontend_url = $${request-frontend:connection-site_url} git = $${request-frontend:connection-site_url}git/ svn = $${request-frontend:connection-site_url}svn/ admin_user = $${trac-admin:user} admin_password = $${trac-admin:password} admin_shell = https://[$${shellinabox:ipv6}]:$${shellinabox:port}/ #---------------- #-- #-- Deploy promises scripts. [promise] recipe = slapos.cookbook:check_port_listening path = $${basedirectory:promises}/apache hostname = $${httpd-conf:ip} port = $${httpd-conf:port} [frontend-promise] recipe = slapos.cookbook:check_url_available path = $${basedirectory:promises}/frontend url = $${request-frontend:connection-site_url} dash_path = ${dash:location}/bin/dash curl_path = ${curl:location}/bin/curl [content-promise] recipe = slapos.cookbook:check_page_content path = $${basedirectory:promises}/content url = $${request-frontend:connection-site_url} dash_path = ${dash:location}/bin/dash curl_path = ${curl:location}/bin/curl match = $${slap-parameter:project-name} [slap-parameter] domain = project-name = project project-desc = My example project project-footer = Visit the Trac open source project at<br /><a href="http://trac.edgewall.org/">http://trac.edgewall.org/</a> admin-email = you.admin@email.com trac-user-list = {} svn-project-list = {} git-project-list = {}