instance-runner.cfg 18.7 KB
Newer Older
1 2
[buildout]
parts =
3 4 5 6
  nginx_conf
  nginx-launcher
  certificate-authority
  ca-nginx
7
  ca-shellinabox
8 9
  gunicorn-launcher
  gunicorn-graceful
10
  sshkeys-dropbear-runner
11
  dropbear-server-add-authorized-key
12
  sshkeys-authority
13
  publish-connection-informations
14 15 16
  slaprunner-promise
  slaprunner-frontend-promise
  dropbear-promise
17
  runtestsuite
18
  shellinabox-promise
19
  symlinks
20
  shellinabox
21
  slapos-cfg
22
  slapos-repo-config
23
  cron-entry-prepare-software
24
  deploy-instance-parameters
25 26 27
{% if slapparameter_dict.get('custom-frontend-backend-url') %}
  custom-frontend-promise
{% endif %}
28 29 30 31 32 33
###Parts to add for monitoring
  slap-parameters
  certificate-authority
  cron
  cron-entry-monitor
  cron-entry-rss
34
  deploy-index
35
  deploy-index-template
36 37
  deploy-monitor-script
  deploy-rss-script
38 39
  deploy-settings-cgi
  deploy-status-cgi
40
  make-rss
41
  monitor-promise
42
  setup-static-files
43 44 45 46
  certificate-authority
  public
  zero-parameters
  cgi-httpd-wrapper
47
  public-symlink
48 49

extends = ${monitor-template:output}
50 51 52 53 54

eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true

55 56 57 58 59 60 61 62 63 64 65 66 67
{% if slapparameter_dict.get('custom-frontend-backend-url') -%}
# Requests, if defined, a frontend to allow access to a server
# located inside of the virtual machine listening to port X
# to LAN IPv4.
# Internaly, the frontend will be asked to listen on the IPv6
# with port X + 10000, to match NAT rules of Qemu.
[request-custom-frontend]
recipe = slapos.cookbook:request
software-url = {{ slapparameter_dict.get('custom-frontend-software-url', 'http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg') }}
software-type = {{ slapparameter_dict.get('custom-frontend-software-type', 'RootSoftwareInstance') }}
slave = true
name = Custom Web Frontend

68 69 70 71 72
server-url = $${slap-connection:server-url}
key-file = $${slap-connection:key-file}
cert-file = $${slap-connection:cert-file}
computer-id = $${slap-connection:computer-id}
partition-id = $${slap-connection:partition-id}
73 74 75

{% if slapparameter_dict.get('custom-frontend-instance-guid') -%}
sla = instance_guid
76
sla-instance_guid = $${slap-parameter:frontend-instance-guid}
77 78
{% endif -%}

79
config = url
80
config-url = {{ slapparameter_dict.get('custom-frontend-backend-url') }}
81
return = site_url domain
82 83 84

[custom-frontend-promise]
recipe = slapos.cookbook:check_url_available
85 86 87 88 89
path = $${directory:promises}/custom_frontend_promise
url = https://$${request-custom-frontend:connection-domain}
{% if slapparameter_dict.get('custom-frontend-basic-auth') -%}
check-secure = 1
{% endif -%}
90 91 92 93
dash_path = {{ dash_executable_location }}
curl_path = {{ curl_executable_location }}

[publish-connection-informations]
94
custom-frontend-url = https://$${request-custom-frontend:connection-domain}
95 96
{% endif -%}

97
# Create all needed directories
98
[directory]
99 100 101 102 103
recipe = slapos.cookbook:mkdirectory
etc = $${buildout:directory}/etc/
var = $${buildout:directory}/var/
srv = $${buildout:directory}/srv/
bin = $${buildout:directory}/bin/
104
tmp = $${buildout:directory}/tmp/
105

106 107 108 109 110 111 112 113 114
sshkeys = $${:srv}/sshkeys
services = $${:etc}/service/
scripts = $${:etc}/run/
ssh = $${:etc}/ssh/
log = $${:var}/log/
run = $${:var}/run/
backup = $${:srv}/backup/
promises = $${:etc}/promise/
test = $${:etc}/test/
115
nginx-data = $${directory:srv}/nginx
116
ca-dir = $${:srv}/ssl
117
project = $${:srv}/runner/project
118 119 120

[runnerdirectory]
recipe = slapos.cookbook:mkdirectory
121 122
home = $${directory:srv}/runner/
test = $${directory:srv}/test/
123
project = $${:home}/project
124
public = $${:home}/public
125 126
software-root = $${:home}/software
instance-root = $${:home}/instance
127 128 129
project-test = $${:test}/project
software-test = $${:test}/software
instance-test = $${:test}/instance
130
sessions = $${buildout:directory}/.sessions
131

132 133
#Create password recovery code for slaprunner
[recovery-code]
134
recipe = slapos.cookbook:generate.password
135
storage-path = $${directory:etc}/.rcode
136
bytes = 8
137

138
[slaprunner]
139
slaprunner = ${buildout:directory}/bin/slaprunner
140
slapos = ${buildout:directory}/bin/slapos
141 142
slapproxy = ${buildout:directory}/bin/slapproxy
supervisor = ${buildout:directory}/bin/slapgrid-supervisorctl
143
git-binary = ${git:location}/bin/git
144
root_check = false
145
slapos.cfg = $${directory:etc}/slapos.cfg
146 147
working-directory = $${runnerdirectory:home}
project-directory = $${runnerdirectory:project}
148 149
instance_root = $${runnerdirectory:instance-root}
software_root = $${runnerdirectory:software-root}
150 151
#XXX-Nico hardcoded default port because overridden by this buildout config
instance-monitor-url = https://[$${:ipv6}]:9685
152 153 154
etc_dir = $${directory:etc}
log_dir =  $${directory:log}
run_dir = $${directory:run}
155 156 157
ssh_client = $${sshkeys-dropbear-runner:wrapper}
public_key = $${sshkeys-dropbear-runner:public-key}
private_key = $${sshkeys-dropbear-runner:private-key}
158 159
ipv4 = $${slap-network-information:local-ipv4}
ipv6 = $${slap-network-information:global-ipv6}
160
instance_root = $${runnerdirectory:instance-root}
Jean-Baptiste Petre's avatar
Jean-Baptiste Petre committed
161
proxy_port = 50000
162
runner_port = 50005
163
partition-amount = $${slap-parameter:instance-amount}
164
wrapper = $${directory:services}/slaprunner
165
debug = $${slap-parameter:debug}
166
access-url = https://[$${:ipv6}]:$${:runner_port}
167 168
supervisord_config = $${directory:etc}/supervisord.conf
proxy_database = $${slaprunner:working-directory}/proxy.db
169 170 171
console = False
verbose = False
debug = False
172 173 174 175
auto_deploy = $${slap-parameter:auto-deploy}
auto_deploy_instance = $${slap-parameter:auto-deploy-instance}
autorun = $${slap-parameter:autorun}
knowledge0_file = $${buildout:directory}/$${public:filename}
176

177 178
[test-runner]
<= slaprunner
179
slapos.cfg = $${directory:etc}/slapos-test.cfg
180 181 182 183
working-directory = $${runnerdirectory:test}
project-directory = $${runnerdirectory:project-test}
software-directory = $${runnerdirectory:software-test}
instance-directory = $${runnerdirectory:instance-test}
184
proxy_port = 8602
185 186
etc_dir = $${directory:test}

187 188 189 190 191
[runtestsuite]
recipe = slapos.cookbook:wrapper
command-line = ${buildout:directory}/bin/slaprunnertest
wrapper-path = $${directory:bin}/runTestSuite
environment = RUNNER_CONFIG=$${slapos-test-cfg:rendered}
192 193 194 195 196 197

# Deploy dropbear (minimalist SSH server)
[sshkeys-directory]
recipe = slapos.cookbook:mkdirectory
requests = $${directory:sshkeys}/requests/
keys = $${directory:sshkeys}/keys/
198

199 200 201 202
[sshkeys-authority]
recipe = slapos.cookbook:sshkeys_authority
request-directory = $${sshkeys-directory:requests}
keys-directory = $${sshkeys-directory:keys}
203
wrapper = $${directory:services}/sshkeys_authority
204 205
keygen-binary = ${dropbear:location}/bin/dropbearkey

206
[dropbear-runner-server]
207 208
recipe = slapos.cookbook:dropbear
host = $${slap-network-information:global-ipv6}
209
port = 22222
210
home = $${directory:ssh}
211 212
wrapper = $${directory:bin}/runner_sshd
shell = ${bash:location}/bin/bash
213 214 215
rsa-keyfile = $${directory:ssh}/server_key.rsa
dropbear-binary = ${dropbear:location}/sbin/dropbear

216
[sshkeys-dropbear-runner]
217 218 219 220
<= sshkeys-authority
recipe = slapos.cookbook:sshkeys_authority.request
name = dropbear
type = rsa
221 222 223 224
executable = $${dropbear-runner-server:wrapper}
public-key = $${dropbear-runner-server:rsa-keyfile}.pub
private-key = $${dropbear-runner-server:rsa-keyfile}
wrapper = $${directory:services}/runner_sshd
225 226

[dropbear-server-add-authorized-key]
227
<= dropbear-runner-server
228
recipe = slapos.cookbook:dropbear.add_authorized_key
229
key = $${slap-parameter:user-authorized-key}
230

231
#---------------------------
232
#--
233 234
#-- Set nginx frontend

235 236 237 238 239 240 241 242 243 244 245 246
[tempdirectory]
recipe = slapos.cookbook:mkdirectory
client_body_temp_path = $${directory:tmp}/client_body_temp_path
proxy_temp_path = $${directory:tmp}/proxy_temp_path
fastcgi_temp_path = $${directory:tmp}/fastcgi_temp_path
uwsgi_temp_path = $${directory:tmp}/uwsgi_temp_path
scgi_temp_path = $${directory:tmp}/scgi_temp_path

[nginx-frontend]
# Options
nb_workers = 2
# Network
247
local-ip = $${slap-network-information:local-ipv4}
248
port = 30001
249 250
global-ip = $${slap-network-information:global-ipv6}
global-port = $${slaprunner:runner_port}
251
# Backend
252 253
runner-ip = $${slaprunner:ipv4}
runner-port = $${slaprunner:runner_port}
254 255 256 257 258 259 260 261
# SSL
ssl-certificate = $${ca-nginx:cert-file}
ssl-key = $${ca-nginx:key-file}
# Log
path_pid = $${directory:run}/nginx.pid
path_log = $${directory:log}/nginx.log
path_access_log = $${directory:log}/nginx.access.log
path_error_log = $${directory:log}/nginx.error.log
262
path_tmp = $${directory:tmp}/
263 264 265
# Config files
path_nginx_conf = $${directory:etc}/nginx.conf
# Executables
266
bin_nginx = ${nginx-webdav:location}/sbin/nginx
267
bin_launcher = $${directory:bin}/launcher
268 269
# Utils
path_shell = ${dash:location}/bin/dash
270 271
# Misc.
etc_dir = $${directory:etc}
272
work_dir = $${slaprunner:working-directory}
273 274 275 276 277 278

[nginx_conf]
recipe = slapos.recipe.template:jinja2
template = ${template_nginx_conf:location}/${template_nginx_conf:filename}
rendered = $${nginx-frontend:path_nginx_conf}
context =
279
    key shellinabox_port shellinabox:port
280
    key socket gunicorn:socket
281 282 283 284 285 286 287 288 289 290 291
    section param_nginx_frontend nginx-frontend
    section param_tempdir tempdirectory

[nginx-launcher]
recipe = slapos.recipe.template:jinja2
template = ${template_launcher:location}/${template_launcher:filename}
rendered = $${nginx-frontend:bin_launcher}
mode = 700
context =
    section param_nginx_frontend nginx-frontend

292 293 294 295 296 297 298 299 300 301 302 303 304
[httpd-parameters]
path_pid = $${directory:run}/httpd.pid
path_error_log = $${directory:log}/httpd-error.log
path_access_log = $${directory:log}/httpd-access.log
key_file = $${ca-httpd:key-file}
cert_file = $${ca-httpd:cert-file}
global_ip = $${slap-network-information:global-ipv6}
global_port = $${slaprunner:runner_port}
monitor_port = $${monitor-parameters:port}
monitor_index = $${deploy-index:rendered}
working_directory = $${slaprunner:working-directory}
dav_lock = $${directory:var}/DavLock
etc_dir = $${directory:etc}
305
var_dir = $${directory:var}
306 307
document_root = $${directory:www}
project_folder = $${directory:project}
308
runner_home = $${runnerdirectory:home}
309 310 311 312 313 314 315
git_http_backend = ${git:location}/libexec/git-core/git-http-backend
cgi_httpd_conf = $${cgi-httpd-configuration-file:output}

[httpd-conf]
recipe = slapos.recipe.template:jinja2
template = ${template_httpd_conf:location}/${template_httpd_conf:filename}
rendered = $${directory:etc}/httpd.conf
316
context =
317 318 319
    section parameters httpd-parameters

[cgi-httpd-wrapper]
320 321 322
recipe = slapos.cookbook:wrapper
apache-executable = ${apache:location}/bin/httpd
wrapper-path = $${ca-httpd:executable}
323 324
command-line = $${:apache-executable} -f $${httpd-conf:rendered} -DFOREGROUND

325 326 327 328
#--------------------
#--
#-- WSGI

329
[gunicorn]
330 331 332 333 334 335 336 337
bin_gunicorn = $${directory:bin}/gunicorn
bin_launcher = $${directory:services}/gunicorn
path_shell = ${dash:location}/bin/dash
socket = $${directory:tmp}/flaskserver.sock
path_pid = $${directory:run}/gunicorn.pid

[gunicorn-launcher]
recipe = slapos.cookbook:wrapper
338 339
command-line = $${gunicorn:bin_gunicorn} slapos.runner:app -p $${gunicorn:path_pid} -b unix:$${gunicorn:socket} -e RUNNER_CONFIG=$${slaprunner:slapos.cfg} --preload
wrapper-path = $${gunicorn:bin_launcher}
340 341 342 343 344
environment = PATH=$${environ:PATH}
  RUNNER_CONFIG=$${slaprunner:slapos.cfg}

[gunicorn-graceful]
recipe = slapos.cookbook:wrapper
345
command-line = $${directory:bin}/killpidfromfile $${gunicorn:path_pid} SIGHUP
346 347
wrapper-path = $${directory:scripts}/gunicorn-graceful

348
#--------------------
349
#--
350
#-- ssl certificates
351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375

[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = ${openssl:location}/bin/openssl
ca-dir = $${directory:ca-dir}
requests-directory = $${cadirectory:requests}
wrapper = $${directory:services}/certificate_authority
ca-private = $${cadirectory:private}
ca-certs = $${cadirectory:certs}
ca-newcerts = $${cadirectory:newcerts}
ca-crl = $${cadirectory:crl}

[cadirectory]
recipe = slapos.cookbook:mkdirectory
requests = $${directory:ca-dir}/requests/
private = $${directory:ca-dir}/private/
certs = $${directory:ca-dir}/certs/
newcerts = $${directory:ca-dir}/newcerts/
crl = $${directory:ca-dir}/crl/

[ca-nginx]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = $${cadirectory:certs}/nginx_frontend.key
cert-file = $${cadirectory:certs}/nginx_frontend.crt
376 377
executable = $${nginx-launcher:rendered}
wrapper = $${directory:services}/nginx-frontend
378 379 380
# Put domain name
name = example.com

381 382 383 384 385
[ca-shellinabox]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
executable = $${shellinabox:wrapper}
wrapper = $${directory:services}/shellinaboxd
386 387
key-file = $${cadirectory:certs}/shellinabox.key
cert-file = $${cadirectory:certs}/shellinabox.crt
388
#--------------------
389 390
#--
#-- Request frontend
391

392 393
[request-frontend]
<= slap-connection
394
recipe = slapos.cookbook:requestoptional
395
name = SlapRunner Frontend
396 397 398
# XXX We have hardcoded SR URL here.
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
slave = true
399
config = url domain
400
config-url = $${slaprunner:access-url}
401
config-domain = $${slap-parameter:frontend-domain}
402
return = site_url domain
403

404 405 406 407 408 409 410 411 412 413 414 415
[monitor-frontend]
<= slap-connection
recipe = slapos.cookbook:requestoptional
name = Monitor Frontend
# XXX We have hardcoded SR URL here.
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
slave = true
config = url domain
config-url = https://[$${cgi-httpd-configuration-file:listening-ip}]:$${monitor-parameters:port}
config-domain = $${slap-parameter:frontend-domain}
return = site_url domain

416
#--------------------------------------
417 418
#--
#-- Send informations to SlapOS Master
419

420 421
[publish-connection-informations]
recipe = slapos.cookbook:publish
422
1_info = On your first run, Use "access_url" to setup you account. Then you can use both "url" or "access_url". Or "backend_url" if you want to use ipv6. Set up your account in the webrunner in order to use webdav, and being able to clone your git repositories from the runner.
423
2_info = In order to set up your account, get the recovery-code from the monitoring interface. Before read the notification on monitor_info.
424
backend_url = $${slaprunner:access-url}
425
access_url = $${:url}/login
426
url =  https://$${request-frontend:connection-domain}
427
ssh_command = ssh $${dropbear-runner-server:host} -p $${dropbear-runner-server:port}
428
monitor_url = https://$${monitor-frontend:connection-domain}
429 430
webdav_url = $${:monitor_url}/share/
public_url =  $${:monitor_url}/public/
431 432
git_public_url =  https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:monitor_port}/git-public/
git_private_url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:monitor_port}/git/
433

434 435 436
#---------------------------
#--
#-- Deploy promises scripts
Jean-Baptiste Petre's avatar
Jean-Baptiste Petre committed
437

438 439
[slaprunner-promise]
recipe = slapos.cookbook:check_port_listening
440
path = $${directory:promises}/slaprunner
441 442
hostname = $${slaprunner:ipv6}
port = $${slaprunner:runner_port}
Jean-Baptiste Petre's avatar
Jean-Baptiste Petre committed
443

444
[slaprunner-frontend-promise]
Jean-Baptiste Petre's avatar
Jean-Baptiste Petre committed
445
recipe = slapos.cookbook:check_url_available
446
path = $${directory:promises}/slaprunner_frontend
447
url = https://$${request-frontend:connection-domain}/login
Jean-Baptiste Petre's avatar
Jean-Baptiste Petre committed
448 449 450
dash_path = ${dash:location}/bin/dash
curl_path = ${curl:location}/bin/curl

451 452
[dropbear-promise]
recipe = slapos.cookbook:check_port_listening
453
path = $${directory:promises}/dropbear
454 455
hostname = $${dropbear-runner-server:host}
port = $${dropbear-runner-server:port}
456

457 458 459 460 461 462
[shellinabox-promise]
recipe = slapos.cookbook:check_port_listening
path = $${directory:promises}/shellinabox
hostname = $${shellinabox:ipv6}
port = $${shellinabox:port}

463 464
[symlinks]
recipe = cns.recipe.symlink
465
symlink_target = $${directory:bin}
466
symlink_base = ${buildout:directory}/bin
467 468 469

[slap-parameter]
# Default value if no ssh key is specified
470
user-authorized-key =
471
# Default value of instances number in slaprunner
472
instance-amount = 10
473 474
debug = false
frontend-domain =
475 476 477
slapos-repository = http://git.erp5.org/repos/slapos.git
slapos-software =
slapos-reference = master
478
auto-deploy = false
479
auto-deploy-instance = true
480
autorun = false
481
monitor-port = 9684
482 483 484

[monitor-parameters]
port = $${slap-parameter:monitor-port}
485

486 487 488 489 490 491
[slapos-cfg]
recipe = slapos.recipe.template:jinja2
template = ${slapos-cfg-template:location}/${slapos-cfg-template:filename}
rendered = $${slaprunner:slapos.cfg}
mode = 700
context =
492
  section slaprunner slaprunner
493

494 495 496 497 498 499 500 501
[slapos-test-cfg]
recipe = slapos.recipe.template:jinja2
template = ${slapos-cfg-template:location}/${slapos-cfg-template:filename}
rendered = $${test-runner:slapos.cfg}
mode = 700
context =
  section slaprunner test-runner

502 503
[shellinabox]
recipe = slapos.cookbook:shellinabox
504
ipv6 = $${slap-network-information:global-ipv6}
505
port = 8080
506
shell = $${shell:wrapper}
507
wrapper = $${directory:bin}/shellinaboxd
508
shellinabox-binary = ${shellinabox:location}/bin/shellinaboxd
509
password = $${zero-parameters:shell-password}
510
directory = $${runnerdirectory:home}
511
login-shell = $${directory:bin}/login
512 513 514
certificate-directory = $${cadirectory:certs}
cert-file = $${ca-shellinabox:cert-file}
key-file = $${ca-shellinabox:key-file}
515

516 517 518
[shellinabox-code]
recipe = slapos.cookbook:generate.password
storage-path = $${directory:etc}/.scode
519
bytes = 8
520 521 522 523 524 525

[shell]
recipe = slapos.cookbook:shell
wrapper = $${directory:bin}/sh
shell = ${bash:location}/bin/bash
home = $${runnerdirectory:home}
526
path = $${environ:PATH}:${nano:location}/bin:${vim:location}/bin:${screen:location}/bin:${git:location}/bin
527 528
ps1 = "\\w> "

529 530 531
[environ]
recipe = collective.recipe.environment

532 533 534 535 536 537 538 539 540 541
[slapos-repo]
recipe = slapos.recipe.build:gitclone
repository = $${slap-parameter:slapos-repository}
git-executable = ${git:location}/bin/git
develop = true
location = $${directory:project}/slapos

[slapos-repo-config]
recipe = plone.recipe.command
stop-on-error = true
542 543
command = cd $${slapos-repo:location} && ${git:location}/bin/git checkout $${slap-parameter:slapos-reference} && SR=$${slap-parameter:slapos-software} && if [ -n "$SR" ] && [ ! -f "$${directory:etc}/.project" ]; then echo workspace/slapos/$${slap-parameter:slapos-software}/ > $${directory:etc}/.project; fi
update-command = true
544 545 546

[prepare-software]
recipe = slapos.cookbook:wrapper
547
command-line = ${curl:location}/bin/curl -g https://[$${slaprunner:ipv6}]:$${slaprunner:runner_port}/isSRReady --max-time 1 --insecure
548 549
wrapper-path = $${directory:scripts}/prepareSoftware

550 551 552 553 554 555 556
[cron-entry-prepare-software]
<= cron
recipe = slapos.cookbook:cron.d
name = prepare-software
frequency = */2 * * * *
command = $${prepare-software:wrapper-path}

557 558 559 560 561 562
[instance-parameters]
recipe = slapos.recipe.template:jinja2
extensions = jinja2.ext.do
template = ${parameters-template:location}/${parameters-template:filename}
rendered = $${directory:etc}/.parameter.xml.default
mode = 0644
563
context =
564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579
  key slapparameter_dict slap-configuration:configuration

[deploy-instance-parameters]
recipe = plone.recipe.command
stop-on-error = true
parameter-xml = $${directory:etc}/.parameter.xml
command = if [ ! -f $${:parameter-xml} ]; then cp $${instance-parameters:rendered} $${:parameter-xml}; fi

[slap-configuration]
recipe = slapos.cookbook:slapconfiguration.serialised
computer = $${slap-connection:computer-id}
partition = $${slap-connection:partition-id}
url = $${slap-connection:server-url}
key = $${slap-connection:key-file}
cert = $${slap-connection:cert-file}

580 581
[public]
shell-password = $${shellinabox-code:passwd}
582 583
recovery-code = $${recovery-code:passwd}

584
[zero-parameters]