[buildout] parts = directory configtest logrotate cron cron-entry-logrotate ca-frontend certificate-authority squid-cache logrotate-entry-apache apache-frontend apache-cached frontend-apache-graceful cached-apache-graceful switch-softwaretype eggs-directory = ${buildout:eggs-directory} develop-eggs-directory = ${buildout:develop-eggs-directory} # Create all needed directories [directory] recipe = slapos.cookbook:mkdirectory bin = $${buildout:directory}/bin/ etc = $${buildout:directory}/etc/ srv = $${buildout:directory}/srv/ var = $${buildout:directory}/var/ backup = $${:srv}/backup log = $${:var}/log run = $${:var}/run service = $${:etc}/service logrotate-backup = $${:backup}/logrotate logrotate-entries = $${:etc}/logrotate.d cron-entries = $${:etc}/cron.d crontabs = $${:etc}/crontabs cronstamps = $${:etc}/cronstamps ca-dir = $${:srv}/ssl squid-cache = $${:srv}/squid_cache [switch-softwaretype] recipe = slapos.cookbook:softwaretype default = $${dynamic-template-slave-list:rendered} [instance-parameter] # Fetches parameters defined in SlapOS Master for this instance. # Always the same. recipe = slapos.cookbook:slapconfiguration computer = $${slap_connection:computer_id} partition = $${slap_connection:partition_id} url = $${slap_connection:server_url} key = $${slap_connection:key_file} cert = $${slap_connection:cert_file} # Define default parameter(s) that will be used later, in case user didn't # specify it # All parameters are available through the configuration.XX syntax. # All possible parameters should have a default. configuration.domain = "example.org" configuration.public-ipv4 = '' configuration.port = 4443 configuration.plain_http_port = 8080 configuration.server-admin = admin@example.com [jinja2-template-base] recipe = slapos.recipe.template:jinja2 rendered = $${buildout:directory}/$${:filename} extra-context = context = key eggs_directory buildout:eggs-directory key develop_eggs_directory buildout:develop-eggs-directory key slap_software_type instance-parameter:slap-software-type key slapparameter_dict instance-parameter:configuration $${:extra-context} [dynamic-template-slave-list] < = jinja2-template-base template = ${template-slave-list:target} filename = instance-slave-list.cfg extensions = jinja2.ext.do extra-context = key apache_configuration_directory apache-directory:slave-configuration key http_port instance-parameter:configuration.plain_http_port key https_port instance-parameter:configuration.port key slave_instance_list instance-parameter:slave-instance-list key rewrite_cached_configuration apache-configuration:cached-rewrite-file key custom_ssl_directory apache-directory:vh-ssl raw empty_template ${template-empty:target} raw cache_access http://$${instance-parameter:ipv4-random}:$${apache-configuration:cache-port} raw template_slave_configuration ${template-slave-configuration:target} raw template_rewrite_cached ${template-rewrite-cached:target} # Deploy Apache Frontend (new way, no recipe, jinja power) [dynamic-apache-frontend-template] < = jinja2-template-base template = ${template-apache-frontend-configuration:target} rendered = $${apache-configuration:frontend-configuration} extra-context = raw httpd_home ${apache-2.2:location} key httpd_mod_ssl_cache_directory apache-directory:mod-ssl key server_name instance-parameter:configuration.domain key document_root apache-directory:document-root key instance_home buildout:directory key ipv4_addr instance-parameter:ipv4-random key ipv6_addr instance-parameter:ipv6-random key http_port instance-parameter:configuration.plain_http_port key https_port instance-parameter:configuration.port key server_admin instance-parameter:configuration.server-admin key protected_path apache-configuration:protected-path key access_control_string apache-configuration:access-control-string key login_certificate ca-frontend:cert-file key login_key ca-frontend:key-file key ca_dir certificate-authority:ca-dir key ca_crl certificate-authority:ca-crl key access_log apache-configuration:access-log key error_log apache-configuration:error-log key pid_file apache-configuration:pid-file key slave_configuration_directory apache-directory:slave-configuration [apache-frontend] recipe = slapos.cookbook:wrapper command-line = ${apache-2.2:location}/bin/httpd -f $${dynamic-apache-frontend-template:rendered} -DFOREGROUND wrapper-path = $${directory:service}/frontend_apache wait-for-files = $${ca-frontend:cert-file} $${ca-frontend:key-file} # Deploy Apache for cached website [dynamic-apache-cached-template] < = jinja2-template-base template = ${template-apache-cached-configuration:target} rendered = $${apache-configuration:cached-configuration} extra-context = raw httpd_home ${apache-2.2:location} key httpd_mod_ssl_cache_directory apache-directory:mod-ssl key server_name instance-parameter:configuration.domain key document_root apache-directory:document-root key instance_home buildout:directory key ipv4_addr instance-parameter:ipv4-random key cached_port apache-configuration:cache-through-port key server_admin instance-parameter:configuration.server-admin key protected_path apache-configuration:protected-path key access_control_string apache-configuration:access-control-string key login_certificate ca-frontend:cert-file key login_key ca-frontend:key-file key ca_dir certificate-authority:ca-dir key ca_crl certificate-authority:ca-crl key access_log apache-configuration:cache-access-log key error_log apache-configuration:cache-error-log key pid_file apache-configuration:cache-pid-file key apachecachedmap_path apache-configuration:cached-rewrite-file [apache-cached] recipe = slapos.cookbook:wrapper command-line = ${apache-2.2:location}/bin/httpd -f $${dynamic-apache-cached-template:rendered} -DFOREGROUND wrapper-path = $${directory:service}/frontend_cached_apache wait-for-files = $${ca-frontend:cert-file} $${ca-frontend:key-file} [apache-directory] recipe = slapos.cookbook:mkdirectory document-root = $${directory:srv}/htdocs slave-configuration = $${directory:srv}/apache-slave-conf.d/ cache = $${directory:var}/cache mod-ssl = $${:cache}/httpd_mod_ssl vh-ssl = $${:slave-configuration}/ssl [apache-configuration] frontend-configuration = $${directory:etc}/apache_frontend.conf cached-configuration = $${directory:etc}/apache_frontend_cached.conf access-log = $${directory:log}/frontend-apache-access.log error-log = $${directory:log}/frontend-apache-error.log pid-file = $${directory:run}/httpd.pid protected-path = / access-control-string = none cached-rewrite-file = $${directory:etc}/apache_rewrite_cached.txt # Apache for cache configuration cache-access-log = $${directory:log}/frontend-apache-access-cached.log cache-error-log = $${directory:log}/frontend-apache-error-cached.log cache-pid-file = $${directory:run}/httpd-cached.pid # Comunication with squid cache-port = 26010 cache-through-port = 26011 # Create wrapper for "apachectl conftest" in bin [configtest] recipe = slapos.cookbook:wrapper command-line = ${apache-2.2:location}/bin/httpd -f $${directory:etc}/apache_frontend.conf -t wrapper-path = $${directory:bin}/apache-configtest [certificate-authority] recipe = slapos.cookbook:certificate_authority openssl-binary = ${openssl:location}/bin/openssl ca-dir = $${directory:ca-dir} requests-directory = $${cadirectory:requests} wrapper = $${directory:service}/certificate_authority ca-private = $${cadirectory:private} ca-certs = $${cadirectory:certs} ca-newcerts = $${cadirectory:newcerts} ca-crl = $${cadirectory:crl} [cadirectory] recipe = slapos.cookbook:mkdirectory requests = $${directory:ca-dir}/requests/ private = $${directory:ca-dir}/private/ certs = $${directory:ca-dir}/certs/ newcerts = $${directory:ca-dir}/newcerts/ crl = $${directory:ca-dir}/crl/ [ca-frontend] <= certificate-authority recipe = slapos.cookbook:certificate_authority.request key-file = $${cadirectory:certs}/apache_frontend.key cert-file = $${cadirectory:certs}/apache_frontend.crt executable = $${directory:service}/frontend_apache wrapper = $${directory:service}/frontend_apache # Put domain name name = $${instance-parameter:configuration.domain} [cron] recipe = slapos.cookbook:cron dcrond-binary = ${dcron:location}/sbin/crond cron-entries = $${directory:cron-entries} crontabs = $${directory:crontabs} cronstamps = $${directory:cronstamps} catcher = $${cron-simplelogger:wrapper} binary = $${directory:service}/crond [cron-simplelogger] recipe = slapos.cookbook:simplelogger wrapper = $${directory:bin}/cron_simplelogger log = $${directory:log}/cron.log [cron-entry-logrotate] <= cron recipe = slapos.cookbook:cron.d name = logrotate frequency = 0 0 * * * command = $${logrotate:wrapper} # Deploy Logrotate [logrotate] recipe = slapos.cookbook:logrotate # Binaries logrotate-binary = ${logrotate:location}/usr/sbin/logrotate gzip-binary = ${gzip:location}/bin/gzip gunzip-binary = ${gzip:location}/bin/gunzip # Directories wrapper = $${directory:bin}/logrotate conf = $${directory:etc}/logrotate.conf logrotate-entries = $${directory:logrotate-entries} backup = $${directory:logrotate-backup} state-file = $${directory:srv}/logrotate.status [logrotate-entry-apache] <= logrotate recipe = slapos.cookbook:logrotate.d name = apache log = $${apache-configuration:error-log} $${apache-configuration:access-log} frequency = daily rotatep-num = 30 post = ${buildout:bin-directory}/killpidfromfile $${apache-configuration:pid-file} SIGUSR1 sharedscripts = true notifempty = true create = true [squid-cache] recipe = slapos.cookbook:squid prepare-path = $${directory:service}/squid-prepare wrapper-path = $${directory:service}/squid binary-path = ${squid:location}/sbin/squid conf-path = $${directory:etc}/squid.cfg cache-path = $${directory:squid-cache} ip = $${instance-parameter:ipv4-random} port = $${apache-configuration:cache-port} backend-ip = $${instance-parameter:ipv4-random} backend-port = $${apache-configuration:cache-through-port} public-ipv4 = $${instance-parameter:configuration.public-ipv4} access-log-path = $${directory:log}/squid-access.log cache-log-path = $${directory:log}/squid-cache.log pid-filename-path = $${directory:run}/squid.pid [squid-reload] recipe = slapos.cookbook:wrapper command-line = ${buildout:bin-directory}/killpidfromfile $${squid-cache:pid-filename-path} SIGHUP wrapper-path = $${directory:service}/squid-reload [frontend-apache-graceful] recipe = slapos.cookbook:wrapper command-line = ${buildout:bin-directory}/killpidfromfile $${apache-configuration:pid-file} SIGUSR1 wrapper-path = $${directory:service}/frontend-apache-graceful [cached-apache-graceful] recipe = slapos.cookbook:wrapper command-line = ${buildout:bin-directory}/killpidfromfile $${apache-configuration:cache-pid-file} SIGUSR1 wrapper-path = $${directory:service}/cached-apache-graceful