instance.cfg 6.45 KB
Newer Older
1 2
[buildout]
parts =
3
  directory
4
  configtest
5
  logrotate
6 7 8 9 10
  cron
  cron-entry-logrotate
  ca-frontend
  certificate-authority
  squid-cache
11
  logrotate-entry-apache
12
  apache
13 14 15 16

eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}

17 18 19
# Create all needed directories
[directory]
recipe = slapos.cookbook:mkdirectory
20 21

bin = $${buildout:directory}/bin/
22 23
etc = $${buildout:directory}/etc/
srv = $${buildout:directory}/srv/
24 25 26 27 28
var = $${buildout:directory}/var/

backup = $${:srv}/backup
log = $${:var}/log
run = $${:var}/run
29
service = $${:etc}/service
30

31 32 33
logrotate-backup = $${:backup}/logrotate
logrotate-entries = $${:etc}/logrotate.d

34 35 36 37 38 39
cron-entries = $${:etc}/cron.d
crontabs = $${:etc}/crontabs
cronstamps = $${:etc}/cronstamps
ca-dir = $${:srv}/ssl

squid-cache = $${:srv}/squid_cache
40
stunnel-conf = $${:etc}/stunnel
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56

[instance-parameter]
# Fetches parameters defined in SlapOS Master for this instance.
# Always the same.
recipe = slapos.cookbook:slapconfiguration
computer = $${slap_connection:computer_id}
partition = $${slap_connection:partition_id}
url = $${slap_connection:server_url}
key = $${slap_connection:key_file}
cert = $${slap_connection:cert_file}

# Define default parameter(s) that will be used later, in case user didn't
# specify it
# All parameters are available through the configuration.XX syntax.
# All possible parameters should have a default.
configuration.domain = "example.org"
57
configuration.public-ipv4 = ''
58
configuration.port = 4443
59
configuration.plain_http_port = ''
60

61 62

# Deploy Apache (old way, with monolithic recipe)
63
[apache]
64
recipe = slapos.cookbook:apache.frontend
65
httpd_home = ${apache-2.2:location}
66
httpd_binary = ${apache-2.2:location}/bin/httpd
67 68
logrotate_binary = ${logrotate:location}/usr/sbin/logrotate
openssl_binary = ${openssl:location}/bin/openssl
Rafael Monnerat's avatar
Rafael Monnerat committed
69
dcrond_binary = ${dcron:location}/sbin/crond
70
squid_binary = ${squid:location}/sbin/squid
71
stunnel_binary = ${stunnel:location}/bin/stunnel
Rafael Monnerat's avatar
Rafael Monnerat committed
72
rdiff_backup_binary = ${buildout:bin-directory}/rdiff-backup
73
gcc_binary = gcc
74
binutils_directory = ${binutils:location}/bin/
75 76 77 78
ca_dir = $${certificate-authority:ca-dir}
cert_path = $${ca-frontend:cert-file}
key_path = $${ca-frontend:key-file}
ca_crl = $${certificate-authority:ca-crl}
79 80 81 82
access-log = $${directory:log}/frontend-apache-access.log
error-log = $${directory:log}/frontend-apache-error.log
pid-file = $${directory:run}/httpd.pid

83 84 85 86

# Create wrapper for "apachectl conftest" in bin
[configtest]
recipe = slapos.cookbook:wrapper
87 88 89
command-line = $${apache:httpd_binary} -f $${directory:etc}/apache_frontend.conf -t
wrapper-path = $${directory:bin}/apache-configtest

90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118
[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = ${openssl:location}/bin/openssl
ca-dir = $${directory:ca-dir}
requests-directory = $${cadirectory:requests}
wrapper = $${directory:service}/certificate_authority
ca-private = $${cadirectory:private}
ca-certs = $${cadirectory:certs}
ca-newcerts = $${cadirectory:newcerts}
ca-crl = $${cadirectory:crl}

[cadirectory]
recipe = slapos.cookbook:mkdirectory
requests = $${directory:ca-dir}/requests/
private = $${directory:ca-dir}/private/
certs = $${directory:ca-dir}/certs/
newcerts = $${directory:ca-dir}/newcerts/
crl = $${directory:ca-dir}/crl/

[ca-frontend]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = $${cadirectory:certs}/apache_frontend.key
cert-file = $${cadirectory:certs}/apache_frontend.crt
executable = $${directory:service}/apache_frontend
wrapper = $${directory:service}/apache_frontend
# Put domain name
name = $${instance-parameter:configuration.domain}

119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143
[ca-stunnel]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = $${directory:stunnel-conf}/stunnel.key
cert-file = $${directory:stunnel-conf}/stunnel.crt
executable = $${stunnel:wrapper}
wrapper = $${basedirectory:services}/stunnel

[stunnel]
recipe = slapos.cookbook:stunnel
stunnel-binary = ${stunnel:location}/bin/stunnel
wrapper = $${directory:bin}/stunnel
log-file = $${directory:log}/stunnel.log
config-file = $${directory:etc}/stunnel.conf
key-file = $${ca-stunnel:key-file}
cert-file = $${ca-stunnel:cert-file}
pid-file = $${directory:run}/stunnel.pid
local-port = $${squid-hardcoded:backend-port}
local-host = $${squid-hardcoded:backend-ip}
remote-host = $${squid-hardcoded:remote-host}
remote-port = $${squid-hardcoded:remote-port}
client = false
post-rotate-script = $${directory:bin}/stunnel_post_rotate


144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163
[cron]
recipe = slapos.cookbook:cron
dcrond-binary = ${dcron:location}/sbin/crond
cron-entries = $${directory:cron-entries}
crontabs = $${directory:crontabs}
cronstamps = $${directory:cronstamps}
catcher = $${cron-simplelogger:wrapper}
binary = $${directory:service}/crond

[cron-simplelogger]
recipe = slapos.cookbook:simplelogger
wrapper = $${directory:bin}/cron_simplelogger
log = $${directory:log}/cron.log

[cron-entry-logrotate]
<= cron
recipe = slapos.cookbook:cron.d
name = logrotate
frequency = 0 0 * * *
command = $${logrotate:wrapper}
164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189

# Deploy Logrotate
[logrotate]
recipe = slapos.cookbook:logrotate
# Binaries
logrotate-binary = ${logrotate:location}/usr/sbin/logrotate
gzip-binary = ${gzip:location}/bin/gzip
gunzip-binary = ${gzip:location}/bin/gunzip
# Directories
wrapper = $${directory:bin}/logrotate
conf = $${directory:etc}/logrotate.conf
logrotate-entries = $${directory:logrotate-entries}
backup = $${directory:logrotate-backup}
state-file = $${directory:srv}/logrotate.status

[logrotate-entry-apache]
<= logrotate
recipe = slapos.cookbook:logrotate.d
name = apache
log = $${apache:error-log} $${apache:access-log}
frequency = daily
rotate-num = 30
post = ${buildout:bin-directory}/killpidfromfile $${apache:pid-file} SIGUSR1
sharedscripts = true
notifempty = true
create = true
190 191 192

[squid-cache]
recipe = slapos.cookbook:squid
193 194
prepare-path = $${directory:service}/squid-prepare
wrapper-path = $${directory:service}/squid
195
binary-path = ${squid:location}/sbin/squid
196 197 198 199 200 201
conf-path = $${directory:etc}/squid.cfg
cache-path = $${directory:squid-cache}
ip = $${squid-hardcoded:ip}
port = $${squid-hardcoded:port}
backend-ip = $${squid-hardcoded:backend-ip}
backend-port = $${squid-hardcoded:backend-port}
202
domain = $${squid-hardcoded:domain}
203 204 205 206 207 208
access-log-path = $${directory:log}/squid-access.log
cache-log-path = $${directory:log}/squid-cache.log
pid-filename-path = $${directory:run}/squid.pid

[squid-hardcoded]
ip = 10.0.24.140
209
port = 26010
210
backend-ip = 10.0.24.140
211
backend-port = 26011
212 213 214
domain = softinst34784.bateau.org
remote-host = 2001:470:1f14:169:d418:9eb7:1bea:8983
remote-port = 16001