[slap-configuration] recipe = slapos.cookbook:slapconfiguration.serialised computer = ${slap-connection:computer-id} partition = ${slap-connection:partition-id} url = ${slap-connection:server-url} key = ${slap-connection:key-file} cert = ${slap-connection:cert-file} # XXX Default values if doesn't exists root-instance-title = UNKNOWN H-S instance-title = UNKNOWN Instance configuration.monitor-interface-url = https://monitor.app.officejs.com/#page=ojsm_landing [directory] recipe = slapos.cookbook:mkdirectory etc = ${buildout:directory}/etc bin = ${buildout:directory}/bin srv = ${buildout:directory}/srv var = ${buildout:directory}/var run = ${:var}/run log = ${:var}/log scripts = ${:etc}/run services = ${:etc}/service plugins = ${:etc}/plugin monitor = ${:srv}/monitor [monitor-directory] recipe = slapos.cookbook:mkdirectory bin = ${directory:bin} etc = ${directory:etc} pids = ${directory:run}/monitor webdav = ${directory:monitor}/webdav public = ${directory:monitor}/public private = ${directory:monitor}/private documents = ${:private}/documents log = ${directory:log}/monitor promise-result = ${buildout:directory}/.slapgrid/promise/result promise-log = ${buildout:directory}/.slapgrid/promise/log [ca-directory] recipe = slapos.cookbook:mkdirectory root = ${directory:srv}/ssl requests = ${:root}/requests private = ${:root}/private certs = ${:root}/certs newcerts = ${:root}/newcerts crl = ${:root}/crl [certificate-authority] recipe = slapos.cookbook:certificate_authority openssl-binary = {{ openssl_executable_location }} ca-dir = ${ca-directory:root} requests-directory = ${ca-directory:requests} wrapper = ${directory:bin}/certificate_authority ca-private = ${ca-directory:private} ca-certs = ${ca-directory:certs} ca-newcerts = ${ca-directory:newcerts} ca-crl = ${ca-directory:crl} [certificate-authority-service] recipe = slapos.cookbook:wrapper command-line = ${certificate-authority:wrapper} wrapper-path = ${directory:services}/certificate_authority hash-existing-files = ${buildout:directory}/software_release/buildout.cfg [ca-monitor-httpd] <= certificate-authority recipe = slapos.cookbook:certificate_authority.request key-file = ${monitor-httpd-conf-parameter:key-file} cert-file = ${monitor-httpd-conf-parameter:cert-file} executable = ${monitor-httpd-service-wrapper:output} wrapper = ${directory:bin}/ca-monitor-httpd [monitor-httpd-service-wrapper] recipe = slapos.recipe.template:jinja2 url = {{ template_monitor_httpd_wrapper }} output = ${directory:bin}/monitor-httpd-service-wrapper pid-file = ${monitor-httpd-conf-parameter:pid-file} monitor-httpd-wrapper-path = ${monitor-httpd-wrapper:wrapper-path} monitor-httpd-conf = ${monitor-httpd-conf:output} context = key pid_file :pid-file key monitor_httpd_wrapper_path :monitor-httpd-wrapper-path key monitor_httpd_conf :monitor-httpd-conf raw dash_binary {{ dash_executable_location }} [ca-monitor-httpd-service] recipe = slapos.cookbook:wrapper command-line = ${ca-monitor-httpd:wrapper} wrapper-path = ${directory:services}/monitor-httpd hash-existing-files = ${buildout:directory}/software_release/buildout.cfg [monitor-conf-parameters] title = ${monitor-instance-parameter:monitor-title} root-title = ${monitor-instance-parameter:root-instance-title} public-folder = ${monitor-directory:public} private-folder = ${monitor-directory:private} webdav-folder = ${monitor-directory:webdav} base-url = ${monitor-instance-parameter:monitor-base-url} service-pid-folder = ${monitor-directory:pids} crond-folder = ${logrotate-directory:cron-entries} log-folder = ${monitor-directory:log} document-folder = ${monitor-directory:documents} pid-file = ${monitor-directory:pids}/monitor-bootstrap.pid public-path-list = private-path-list = ${directory:log} monitor-url-list = ${monitor-instance-parameter:monitor-url-list} parameter-file-path = ${monitor-instance-parameter:configuration-file-path} parameter-list = raw monitor-user ${monitor-instance-parameter:username} htpasswd monitor-password ${httpd-monitor-htpasswd:password-file} ${monitor-instance-parameter:username} ${httpd-monitor-htpasswd:htpasswd-path} file min-free-disk-MB ${promise-check-free-disk-space:config-threshold-file} ${monitor-instance-parameter:instance-configuration} promise-output-file = ${directory:monitor}/monitor-bootstrap-status [monitor-promise-conf] output-folder = ${monitor-directory:public}/promise history-folder = ${monitor-directory:public} promise-folder = ${directory:plugins} pid-path = ${monitor-directory:pids}/runpromise.pid partition-folder = ${buildout:directory} master-url = ${slap-connection:server-url} partition-cert = ${slap-connection:cert-file} partition-key = ${slap-connection:key-file} partition-id = ${slap-connection:partition-id} computer-id = ${slap-connection:computer-id} ipv4 = ${slap-configuration:ipv4-random} ipv6 = ${slap-configuration:ipv6-random} software-release = ${slap-connection:software-release-url} software-type = ${slap-configuration:slap-software-type} [monitor-base-url-dict] # place holder to be used to collect erp5 monitor urls [monitor-conf] recipe = slapos.recipe.template:jinja2 url = {{ monitor_conf_template }} output = ${directory:etc}/${:filename} filename = monitor.conf context = section parameter_dict monitor-conf-parameters section promise_parameter_dict monitor-promise-conf section monitor_base_urls monitor-base-url-dict [start-monitor] recipe = slapos.cookbook:wrapper command-line = {{ monitor_bin }} -c ${monitor-conf:output} name = bootstrap-monitor wrapper-path = ${directory:scripts}/${:name} [monitor-htpasswd] recipe = slapos.cookbook:generate.password storage-path = ${directory:etc}/.monitor_pwd [httpd-monitor-htpasswd] recipe = plone.recipe.command stop-on-error = true password-file = ${monitor-directory:etc}/.monitor-password htpasswd-path = ${monitor-directory:etc}/monitor-htpasswd location = ${:password-file} ${:htpasswd-path} command = echo "${monitor-instance-parameter:password}" >${:password-file} {{ apache_location }}/bin/htpasswd -cib ${:htpasswd-path} "${monitor-instance-parameter:username}" "${monitor-instance-parameter:password}" [monitor-symlink] recipe = cns.recipe.symlink symlink = ${monitor-directory:promise-result} = ${monitor-directory:public}/promise ${monitor-directory:promise-log} = ${monitor-directory:log}/promise [monitor-httpd-conf-parameter] listening-ip = ${monitor-instance-parameter:monitor-httpd-ipv6} port = ${monitor-instance-parameter:monitor-httpd-port} pid-file = ${directory:run}/monitor-httpd.pid access-log = ${directory:log}/monitor-httpd-access.log error-log = ${directory:log}/monitor-httpd-error.log cert-file = ${ca-directory:certs}/monitor-httpd.crt key-file = ${ca-directory:certs}/monitor-httpd.key htpasswd-file = ${httpd-monitor-htpasswd:htpasswd-path} url = https://[${monitor-instance-parameter:monitor-httpd-ipv6}]:${:port} httpd-cors-config-file = ${monitor-httpd-cors:output} httpd-include-file = [monitor-httpd-conf] recipe = slapos.recipe.template:jinja2 url = {{ monitor_httpd_template }} output = ${monitor-directory:etc}/monitor-httpd.conf context = section directory monitor-directory section parameter_dict monitor-httpd-conf-parameter [monitor-httpd-cors] recipe = slapos.recipe.template:jinja2 url = {{ monitor_https_cors }} output = ${directory:etc}/httpd-cors.cfg context = key domain monitor-instance-parameter:cors-domains [monitor-httpd-wrapper] recipe = slapos.cookbook:wrapper command-line = {{ apache_location }}/bin/httpd -f ${monitor-httpd-conf:output} -DFOREGROUND wrapper-path = ${directory:bin}/monitor-httpd wait-for-files = ${monitor-httpd-conf-parameter:key-file} ${monitor-httpd-conf-parameter:cert-file} ${monitor-httpd-graceful-wrapper:output} [monitor-httpd-graceful-wrapper] recipe = slapos.recipe.template:jinja2 url = {{ template_wrapper }} output = ${directory:scripts}/monitor-httpd-graceful context = key content :command raw dash_binary {{ dash_executable_location }} command = kill -USR1 $(cat ${monitor-httpd-conf-parameter:pid-file}) [logrotate-entry-monitor-httpd] <= logrotate-entry-base name = monitor-apache log = ${directory:log}/monitor-httpd-*.log post = test ! -s ${monitor-httpd-conf-parameter:pid-file} || {{ bin_directory }}/slapos-kill --pidfile ${monitor-httpd-conf-parameter:pid-file} -s USR1 [xnice-bin] recipe = collective.recipe.template input = inline:#!/bin/sh # run something at lowest possible priority exec nice -19 chrt --idle 0 ionice -c3 "$@" output = ${directory:bin}/xnice mode = 700 [monitor-globalstate-wrapper] recipe = slapos.cookbook:wrapper command-line = ${xnice-bin:output} {{ monitor_genstatus }} '${monitor-conf:output}' wrapper-path = ${directory:bin}/monitor-globalstate [monitor-configurator-wrapper] recipe = slapos.cookbook:wrapper # XXX - hard coded path command-line = ${xnice-bin:output} {{ monitor_configwrite }} --config_folder '${monitor-conf-parameters:private-folder}/config/.jio_documents' --output_cfg_file '${monitor-instance-parameter:configuration-file-path}' --htpasswd_bin '{{ apache_location }}/bin/htpasswd' --monitor_https_cors {{ monitor_https_cors }} wrapper-path = ${directory:bin}/monitor-configurator [monitor-collect-wrapper] recipe = slapos.cookbook:wrapper command-line = ${xnice-bin:output} {{ monitor_collect }} --output_folder ${monitor-directory:documents} --collector_db ${monitor-instance-parameter:collector-db} --pid_file ${monitor-directory:pids}/monitor-collect.pid wrapper-path = ${directory:bin}/monitor-collect [monitor-globalstate-cron-entry] recipe = slapos.cookbook:cron.d cron-entries = ${cron:cron-entries} name = monitor-globalstate frequency = */2 * * * * command = {{ randomsleep }} 20 && ${monitor-globalstate-wrapper:wrapper-path} [monitor-globalstate-first-run] recipe = plone.recipe.command command = ${monitor-globalstate-wrapper:wrapper-path} stop-on-error = true [monitor-configurator-cron-entry] recipe = slapos.cookbook:cron.d cron-entries = ${cron:cron-entries} name = monitor-configurator frequency = * * * * * command = {{ randomsleep }} 10 && ${monitor-configurator-wrapper:wrapper-path} [monitor-collect-cron-entry] recipe = slapos.cookbook:cron.d cron-entries = ${cron:cron-entries} name = monitor_collect frequency = * * * * * command = {{ randomsleep }} 40 && ${monitor-collect-wrapper:wrapper-path} [logrotate-entry-monitor-data] recipe = collective.recipe.template name = monitor.data log = ${monitor-directory:private}/*.data.json ${monitor-directory:documents}/*.data.json input = inline:${:log} { weekly nocreate olddir ${monitor-directory:documents} rotate 104 nocompress missingok extension .json dateext dateformat -%Y-%m-%d notifempty } output = ${logrotate-directory:logrotate-entries}/${:name} [logrotate-entry-monitor-promise-history] <= logrotate-entry-base name = monitor.service.status log = ${monitor-directory:public}/*.history.json rotate-num = 0 frequency = weekly pre = {{ monitor_statistic }} --history_folder ${monitor-directory:public} [monitor-promise-base] recipe = slapos.cookbook:promise.plugin eggs = slapos.toolbox module = slapos.promise.plugin.${:promise} output = ${directory:plugins}/${:name} [monitor-httpd-promise] <= monitor-promise-base promise = check_url_available name = monitor-httpd-listening-on-tcp.py config-url = ${monitor-httpd-conf-parameter:url} config-http-code = 401 [monitor-publish-parameters] # XXX depends on monitor-base section monitor-base-url = ${monitor-base:base-url} monitor-url = ${:monitor-base-url}/public/feeds monitor-user = ${monitor-instance-parameter:username} monitor-password = ${monitor-instance-parameter:password} [monitor-parameters-propagation] config-monitor-interface-url = ${slap-configuration:configuration.monitor-interface-url} [monitor-interface-configuration] recipe = slapos.recipe.build url = ${monitor-parameters-propagation:config-monitor-interface-url} init = from six.moves.urllib.parse import urlparse options['cors-domain'] = urlparse(options['url']).hostname [monitor-instance-parameter] monitor-title = ${slap-configuration:instance-title} monitor-httpd-ipv6 = ${slap-configuration:ipv6-random} monitor-httpd-port = 8196 # XXX - Set monitor-base-url = ${monitor-httpd-conf-parameter:url} => https://[ipv6]:port monitor-base-url = ${monitor-frontend:connection-secure_access} #monitor-base-url = ${monitor-httpd-conf-parameter:url} root-instance-title = ${slap-configuration:root-instance-title} monitor-url-list = cors-domains = ${monitor-interface-configuration:cors-domain} # XXX Hard coded parameter collector-db = /srv/slapgrid/var/data-log/collector.db # Credentials password = ${monitor-htpasswd:passwd} username = admin instance-configuration = configuration-file-path = ${monitor-directory:etc}/monitor_knowledge0.cfg interface-url = ${monitor-interface-configuration:url} [monitor-frontend] <= slap-connection recipe = slapos.cookbook:requestoptional name = Monitor Frontend ${monitor-instance-parameter:monitor-title} # XXX We have hardcoded SR URL here. software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg shared = true config-url = ${monitor-httpd-conf-parameter:url} config-https-only = true #software-type = custom-personal return = domain secure_access # Requests to the frontend URL should succeed with the correct # credentials. [check-monitor-password-promise] <= monitor-promise-base promise = check_url_available name = check-monitor-frontend-password.py url = ${monitor-frontend:connection-secure_access} config-url = ${:url} config-username = ${monitor-instance-parameter:username} config-password = ${monitor-instance-parameter:password} # Requests to the frontend URL should fail when no credentials are # supplied. [monitor-frontend-promise] <= monitor-promise-base promise = check_url_available name = monitor-http-frontend.py url = ${monitor-frontend:connection-secure_access} config-url = ${:url} config-http-code = 401 [monitor-bootstrap-promise] <= monitor-promise-base promise = monitor_bootstrap_status name = monitor-bootstrap-status.py config-process-pid-file = ${monitor-conf-parameters:pid-file} config-process-name = ${start-monitor:name} config-status-file = ${monitor-conf-parameters:promise-output-file} [promise-check-slapgrid] <= monitor-promise-base promise = check_partition_deployment_state name = buildout-${slap-connection:partition-id}-status.py config-monitor-url = ${monitor-instance-parameter:monitor-base-url} [promise-check-free-disk-space] <= monitor-promise-base promise = check_free_disk_space name = check-free-disk-space.py config-collectordb = ${monitor-instance-parameter:collector-db} config-threshold-file = ${directory:etc}/min-free-disk-size [monitor-base] # create dependencies between required monitor parts recipe = plone.recipe.command command = true update-command = base-url = ${monitor-conf-parameters:base-url} depends = ${monitor-globalstate-cron-entry:name} ${monitor-globalstate-first-run:recipe} ${monitor-configurator-cron-entry:name} ${monitor-collect-cron-entry:name} ${cron-entry-logrotate:name} ${logrotate-entry-cron:name} ${certificate-authority-service:wrapper-path} ${start-monitor:wrapper-path} ${ca-monitor-httpd-service:wrapper-path} ${monitor-httpd-promise:name} ${monitor-frontend-promise:name} ${check-monitor-password-promise:name} ${monitor-bootstrap-promise:name} ${monitor-symlink:recipe} ${promise-check-slapgrid:recipe} ${logrotate-entry-monitor-httpd:name} ${logrotate-entry-monitor-data:name} ${logrotate-entry-monitor-promise-history:name} [expand-monitor-uri-template] recipe = slapos.recipe.build template = ${monitor-instance-parameter:interface-url}{&url,username,password} url = ${monitor-publish-parameters:monitor-url} username = ${monitor-publish-parameters:monitor-user} password = ${monitor-publish-parameters:monitor-password} init = import zc.buildout import pkg_resources from six.moves.urllib.parse import unquote buildout_options = self.buildout["buildout"] zc.buildout.easy_install.install( ["uritemplate"], dest=None, working_set=pkg_resources.working_set, path=[ buildout_options["develop-eggs-directory"], buildout_options["eggs-directory"]]) import uritemplate options['uri'] = unquote(uritemplate.URITemplate(options['template']).expand(options)) [monitor-publish] monitor-base-url = ${monitor-publish-parameters:monitor-base-url} monitor-setup-url = ${expand-monitor-uri-template:uri} [buildout] extends = {{ template_logrotate_base }}