[slap-configuration]
recipe = slapos.cookbook:slapconfiguration.serialised
computer = ${slap-connection:computer-id}
partition = ${slap-connection:partition-id}
url = ${slap-connection:server-url}
key = ${slap-connection:key-file}
cert = ${slap-connection:cert-file}

# XXX Default values if doesn't exists
root-instance-title = UNKNOWN H-S
instance-title = UNKNOWN Instance
configuration.monitor-interface-url = https://monitor.app.officejs.com/#page=ojsm_landing

[directory]
recipe = slapos.cookbook:mkdirectory
etc = ${buildout:directory}/etc
bin = ${buildout:directory}/bin
srv = ${buildout:directory}/srv
var = ${buildout:directory}/var
run = ${:var}/run
log = ${:var}/log
scripts = ${:etc}/run
services = ${:etc}/service
plugins = ${:etc}/plugin
monitor = ${:srv}/monitor

[monitor-directory]
recipe = slapos.cookbook:mkdirectory
bin = ${directory:bin}
etc = ${directory:etc}
pids = ${directory:run}/monitor
webdav = ${directory:monitor}/webdav
public = ${directory:monitor}/public
private = ${directory:monitor}/private
documents = ${:private}/documents
log = ${directory:log}/monitor
promise-result = ${buildout:directory}/.slapgrid/promise/result
promise-log = ${buildout:directory}/.slapgrid/promise/log

[ca-directory]
recipe = slapos.cookbook:mkdirectory
root = ${directory:srv}/ssl
requests = ${:root}/requests
private = ${:root}/private
certs = ${:root}/certs
newcerts = ${:root}/newcerts
crl = ${:root}/crl

[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = {{ openssl_executable_location }}
ca-dir = ${ca-directory:root}
requests-directory = ${ca-directory:requests}
wrapper = ${directory:bin}/certificate_authority
ca-private = ${ca-directory:private}
ca-certs = ${ca-directory:certs}
ca-newcerts = ${ca-directory:newcerts}
ca-crl = ${ca-directory:crl}

[certificate-authority-service]
recipe = slapos.cookbook:wrapper
command-line = ${certificate-authority:wrapper}
wrapper-path = ${directory:services}/certificate_authority
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg

[ca-monitor-httpd]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = ${monitor-httpd-conf-parameter:key-file}
cert-file = ${monitor-httpd-conf-parameter:cert-file}
executable = ${monitor-httpd-service-wrapper:output}
wrapper = ${directory:bin}/ca-monitor-httpd

[monitor-httpd-service-wrapper]
recipe = slapos.recipe.template:jinja2
url = {{ template_monitor_httpd_wrapper }}
output = ${directory:bin}/monitor-httpd-service-wrapper
pid-file = ${monitor-httpd-conf-parameter:pid-file}
monitor-httpd-wrapper-path = ${monitor-httpd-wrapper:wrapper-path}
monitor-httpd-conf = ${monitor-httpd-conf:output}
context =
    key pid_file :pid-file
    key monitor_httpd_wrapper_path :monitor-httpd-wrapper-path
    key monitor_httpd_conf :monitor-httpd-conf
    raw dash_binary {{ dash_executable_location }}

[ca-monitor-httpd-service]
recipe = slapos.cookbook:wrapper
command-line = ${ca-monitor-httpd:wrapper}
wrapper-path = ${directory:services}/monitor-httpd
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg

[monitor-conf-parameters]
title = ${monitor-instance-parameter:monitor-title}
root-title = ${monitor-instance-parameter:root-instance-title}
public-folder = ${monitor-directory:public}
private-folder = ${monitor-directory:private}
webdav-folder = ${monitor-directory:webdav}
base-url = ${monitor-instance-parameter:monitor-base-url}
service-pid-folder = ${monitor-directory:pids}
crond-folder = ${logrotate-directory:cron-entries}
log-folder = ${monitor-directory:log}
document-folder = ${monitor-directory:documents}
pid-file = ${monitor-directory:pids}/monitor-bootstrap.pid

public-path-list =
private-path-list = ${directory:log}
monitor-url-list = ${monitor-instance-parameter:monitor-url-list}
parameter-file-path = ${monitor-instance-parameter:configuration-file-path}

parameter-list =
  raw monitor-user ${monitor-instance-parameter:username}
  htpasswd monitor-password ${httpd-monitor-htpasswd:password-file} ${monitor-instance-parameter:username} ${httpd-monitor-htpasswd:htpasswd-path}
  file min-free-disk-MB ${promise-check-free-disk-space:config-threshold-file}
  ${monitor-instance-parameter:instance-configuration}

promise-output-file = ${directory:monitor}/monitor-bootstrap-status

[monitor-promise-conf]
output-folder = ${monitor-directory:public}/promise
history-folder = ${monitor-directory:public}
promise-folder = ${directory:plugins}
pid-path = ${monitor-directory:pids}/runpromise.pid
partition-folder = ${buildout:directory}
master-url = ${slap-connection:server-url}
partition-cert = ${slap-connection:cert-file}
partition-key = ${slap-connection:key-file}
partition-id = ${slap-connection:partition-id}
computer-id = ${slap-connection:computer-id}
ipv4 = ${slap-configuration:ipv4-random}
ipv6 = ${slap-configuration:ipv6-random}
software-release = ${slap-connection:software-release-url}
software-type = ${slap-configuration:slap-software-type}

[monitor-base-url-dict]
# place holder to be used to collect erp5 monitor urls

[monitor-conf]
recipe = slapos.recipe.template:jinja2
url = {{ monitor_conf_template }}
output = ${directory:etc}/${:filename}
filename = monitor.conf
context = section parameter_dict          monitor-conf-parameters
          section promise_parameter_dict  monitor-promise-conf
          section monitor_base_urls       monitor-base-url-dict

[start-monitor]
recipe = slapos.cookbook:wrapper
command-line = {{ monitor_bin }} -c ${monitor-conf:output}
name = bootstrap-monitor
wrapper-path = ${directory:scripts}/${:name}

[monitor-htpasswd]
recipe = slapos.cookbook:generate.password
storage-path = ${directory:etc}/.monitor_pwd

[httpd-monitor-htpasswd]
recipe = plone.recipe.command
stop-on-error = true
password-file = ${monitor-directory:etc}/.monitor-password
htpasswd-path = ${monitor-directory:etc}/monitor-htpasswd
location =
  ${:password-file}
  ${:htpasswd-path}
command =
  echo "${monitor-instance-parameter:password}" >${:password-file}
  {{ apache_location }}/bin/htpasswd -cib ${:htpasswd-path} "${monitor-instance-parameter:username}" "${monitor-instance-parameter:password}"

[monitor-symlink]
recipe = cns.recipe.symlink
symlink =
  ${monitor-directory:promise-result} = ${monitor-directory:public}/promise
  ${monitor-directory:promise-log} = ${monitor-directory:log}/promise

[monitor-httpd-conf-parameter]
listening-ip = ${monitor-instance-parameter:monitor-httpd-ipv6}
port = ${monitor-instance-parameter:monitor-httpd-port}
pid-file = ${directory:run}/monitor-httpd.pid
access-log = ${directory:log}/monitor-httpd-access.log
error-log = ${directory:log}/monitor-httpd-error.log
cert-file = ${ca-directory:certs}/monitor-httpd.crt
key-file = ${ca-directory:certs}/monitor-httpd.key
htpasswd-file = ${httpd-monitor-htpasswd:htpasswd-path}
url = https://[${monitor-instance-parameter:monitor-httpd-ipv6}]:${:port}
httpd-cors-config-file = ${monitor-httpd-cors:output}
httpd-include-file =

[monitor-httpd-conf]
recipe = slapos.recipe.template:jinja2
url = {{ monitor_httpd_template }}
output = ${monitor-directory:etc}/monitor-httpd.conf
context =
  section directory monitor-directory
  section parameter_dict monitor-httpd-conf-parameter

[monitor-httpd-cors]
recipe = slapos.recipe.template:jinja2
url = {{ monitor_https_cors }}
output = ${directory:etc}/httpd-cors.cfg
context =
  key domain monitor-instance-parameter:cors-domains

[monitor-httpd-wrapper]
recipe = slapos.cookbook:wrapper
command-line = {{ apache_location }}/bin/httpd -f ${monitor-httpd-conf:output} -DFOREGROUND
wrapper-path = ${directory:bin}/monitor-httpd
wait-for-files =
  ${monitor-httpd-conf-parameter:key-file}
  ${monitor-httpd-conf-parameter:cert-file}
  ${monitor-httpd-graceful-wrapper:output}

[monitor-httpd-graceful-wrapper]
recipe = slapos.recipe.template:jinja2
url = {{ template_wrapper }}
output = ${directory:scripts}/monitor-httpd-graceful
context =
    key content :command
    raw dash_binary {{ dash_executable_location }}
command = kill -USR1 $(cat ${monitor-httpd-conf-parameter:pid-file})

[logrotate-entry-monitor-httpd]
<= logrotate-entry-base
name = monitor-apache
log = ${directory:log}/monitor-httpd-*.log
post = test ! -s ${monitor-httpd-conf-parameter:pid-file} || {{ bin_directory }}/slapos-kill --pidfile ${monitor-httpd-conf-parameter:pid-file} -s USR1

[xnice-bin]
recipe = collective.recipe.template
input = inline:#!/bin/sh
  # run something at lowest possible priority
  exec nice -19 chrt --idle 0 ionice -c3 "$@"
output = ${directory:bin}/xnice
mode = 700

[monitor-globalstate-wrapper]
recipe = slapos.cookbook:wrapper
command-line = ${xnice-bin:output} {{ monitor_genstatus }} '${monitor-conf:output}'
wrapper-path = ${directory:bin}/monitor-globalstate

[monitor-configurator-wrapper]
recipe = slapos.cookbook:wrapper
# XXX - hard coded path
command-line = ${xnice-bin:output} {{ monitor_configwrite }}
              --config_folder '${monitor-conf-parameters:private-folder}/config/.jio_documents'
              --output_cfg_file '${monitor-instance-parameter:configuration-file-path}'
              --htpasswd_bin '{{ apache_location }}/bin/htpasswd'
              --monitor_https_cors {{ monitor_https_cors }}
wrapper-path = ${directory:bin}/monitor-configurator

[monitor-collect-wrapper]
recipe = slapos.cookbook:wrapper
command-line = ${xnice-bin:output} {{ monitor_collect }}
               --output_folder ${monitor-directory:documents}
               --collector_db ${monitor-instance-parameter:collector-db}
               --pid_file ${monitor-directory:pids}/monitor-collect.pid
wrapper-path = ${directory:bin}/monitor-collect

[monitor-globalstate-cron-entry]
recipe = slapos.cookbook:cron.d
cron-entries = ${cron:cron-entries}
name = monitor-globalstate
frequency = */2 * * * *
command = {{ randomsleep }} 20 && ${monitor-globalstate-wrapper:wrapper-path}

[monitor-globalstate-first-run]
recipe = plone.recipe.command
command = ${monitor-globalstate-wrapper:wrapper-path}
stop-on-error = true

[monitor-configurator-cron-entry]
recipe = slapos.cookbook:cron.d
cron-entries = ${cron:cron-entries}
name = monitor-configurator
frequency = * * * * *
command = {{ randomsleep }} 10 && ${monitor-configurator-wrapper:wrapper-path}

[monitor-collect-cron-entry]
recipe = slapos.cookbook:cron.d
cron-entries = ${cron:cron-entries}
name = monitor_collect
frequency = * * * * *
command = {{ randomsleep }} 40 && ${monitor-collect-wrapper:wrapper-path}

[logrotate-entry-monitor-data]
recipe = collective.recipe.template
name = monitor.data
log = ${monitor-directory:private}/*.data.json ${monitor-directory:documents}/*.data.json
input = inline:${:log} {
    weekly
    nocreate
    olddir ${monitor-directory:documents}
    rotate 104
    nocompress
    missingok
    extension .json
    dateext
    dateformat -%Y-%m-%d
    notifempty
  }
output = ${logrotate-directory:logrotate-entries}/${:name}

[logrotate-entry-monitor-promise-history]
<= logrotate-entry-base
name = monitor.service.status
log = ${monitor-directory:public}/*.history.json
rotate-num = 0
frequency = weekly
pre = {{ monitor_statistic }} --history_folder ${monitor-directory:public}

[monitor-promise-base]
recipe = slapos.cookbook:promise.plugin
eggs =
  slapos.toolbox
module = slapos.promise.plugin.${:promise}
output = ${directory:plugins}/${:name}

[monitor-httpd-promise]
<= monitor-promise-base
promise = check_url_available
name = monitor-httpd-listening-on-tcp.py
config-url = ${monitor-httpd-conf-parameter:url}
config-http-code = 401

[monitor-publish-parameters]
# XXX depends on monitor-base section
monitor-base-url = ${monitor-base:base-url}
monitor-url = ${:monitor-base-url}/public/feeds
monitor-user = ${monitor-instance-parameter:username}
monitor-password = ${monitor-instance-parameter:password}

[monitor-parameters-propagation]
config-monitor-interface-url = ${slap-configuration:configuration.monitor-interface-url}

[monitor-interface-configuration]
recipe = slapos.recipe.build
url = ${monitor-parameters-propagation:config-monitor-interface-url}
init =
  from six.moves.urllib.parse import urlparse
  options['cors-domain'] = urlparse(options['url']).hostname

[monitor-instance-parameter]
monitor-title = ${slap-configuration:instance-title}
monitor-httpd-ipv6 = ${slap-configuration:ipv6-random}
monitor-httpd-port = 8196
# XXX - Set monitor-base-url = ${monitor-httpd-conf-parameter:url} => https://[ipv6]:port
monitor-base-url = ${monitor-frontend:connection-secure_access}
#monitor-base-url = ${monitor-httpd-conf-parameter:url}
root-instance-title = ${slap-configuration:root-instance-title}
monitor-url-list =
cors-domains = ${monitor-interface-configuration:cors-domain}
# XXX Hard coded parameter
collector-db = /srv/slapgrid/var/data-log/collector.db
# Credentials
password = ${monitor-htpasswd:passwd}
username = admin
instance-configuration =
configuration-file-path = ${monitor-directory:etc}/monitor_knowledge0.cfg
interface-url = ${monitor-interface-configuration:url}

[monitor-frontend]
<= slap-connection
recipe = slapos.cookbook:requestoptional
name = Monitor Frontend ${monitor-instance-parameter:monitor-title}
# XXX We have hardcoded SR URL here.
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
shared = true
config-url = ${monitor-httpd-conf-parameter:url}
config-https-only = true
#software-type = custom-personal
return = domain secure_access

# Requests to the frontend URL should succeed with the correct
# credentials.
[check-monitor-password-promise]
<= monitor-promise-base
promise = check_url_available
name = check-monitor-frontend-password.py
url = ${monitor-frontend:connection-secure_access}
config-url = ${:url}
config-username = ${monitor-instance-parameter:username}
config-password = ${monitor-instance-parameter:password}

# Requests to the frontend URL should fail when no credentials are
# supplied.
[monitor-frontend-promise]
<= monitor-promise-base
promise = check_url_available
name = monitor-http-frontend.py
url = ${monitor-frontend:connection-secure_access}
config-url = ${:url}
config-http-code = 401

[monitor-bootstrap-promise]
<= monitor-promise-base
promise = monitor_bootstrap_status
name = monitor-bootstrap-status.py
config-process-pid-file = ${monitor-conf-parameters:pid-file}
config-process-name = ${start-monitor:name}
config-status-file = ${monitor-conf-parameters:promise-output-file}

[promise-check-slapgrid]
<= monitor-promise-base
promise = check_partition_deployment_state
name = buildout-${slap-connection:partition-id}-status.py
config-monitor-url = ${monitor-instance-parameter:monitor-base-url}

[promise-check-free-disk-space]
<= monitor-promise-base
promise = check_free_disk_space
name = check-free-disk-space.py
config-collectordb = ${monitor-instance-parameter:collector-db}
config-threshold-file = ${directory:etc}/min-free-disk-size

[monitor-base]
# create dependencies between required monitor parts
recipe = plone.recipe.command
command = true
update-command =
base-url = ${monitor-conf-parameters:base-url}
depends =
  ${monitor-globalstate-cron-entry:name}
  ${monitor-globalstate-first-run:recipe}
  ${monitor-configurator-cron-entry:name}
  ${monitor-collect-cron-entry:name}
  ${cron-entry-logrotate:name}
  ${logrotate-entry-cron:name}
  ${certificate-authority-service:wrapper-path}
  ${start-monitor:wrapper-path}
  ${ca-monitor-httpd-service:wrapper-path}
  ${monitor-httpd-promise:name}
  ${monitor-frontend-promise:name}
  ${check-monitor-password-promise:name}
  ${monitor-bootstrap-promise:name}
  ${monitor-symlink:recipe}
  ${promise-check-slapgrid:recipe}
  ${logrotate-entry-monitor-httpd:name}
  ${logrotate-entry-monitor-data:name}
  ${logrotate-entry-monitor-promise-history:name}

[expand-monitor-uri-template]
recipe = slapos.recipe.build
template = ${monitor-instance-parameter:interface-url}{&url,username,password}
url = ${monitor-publish-parameters:monitor-url}
username = ${monitor-publish-parameters:monitor-user}
password = ${monitor-publish-parameters:monitor-password}
init =
  import zc.buildout
  import pkg_resources
  from six.moves.urllib.parse import unquote

  buildout_options = self.buildout["buildout"]
  zc.buildout.easy_install.install(
    ["uritemplate"],
    dest=None,
    working_set=pkg_resources.working_set,
    path=[
      buildout_options["develop-eggs-directory"],
      buildout_options["eggs-directory"]])

  import uritemplate
  options['uri'] = unquote(uritemplate.URITemplate(options['template']).expand(options))

[monitor-publish]
monitor-base-url = ${monitor-publish-parameters:monitor-base-url}
monitor-setup-url = ${expand-monitor-uri-template:uri}

[buildout]

extends =
  {{ template_logrotate_base }}