monitor.cfg.in 5.93 KB
[slap-parameters]
recipe = slapos.cookbook:slapconfiguration
computer = $${slap-connection:computer-id}
partition = $${slap-connection:partition-id}
url = $${slap-connection:server-url}
key = $${slap-connection:key-file}
cert = $${slap-connection:cert-file}

[monitor-parameters]
monitor-dir = $${directory:monitor-result}
result-dir = $${:monitor-dir}/bool
json-filename = monitor.json
json-path = $${:monitor-dir}/$${:json-filename}
rss-path = $${directory:www}/index.html
executable = $${directory:bin}/monitor.py

[directory]
home = $${buildout:directory}
etc = $${:home}/etc
bin = $${:home}/bin
srv = $${:home}/srv

var = $${:home}/var
ca-dir = $${:srv}/ssl
cron-entries = $${:etc}/cron.d
crontabs = $${:etc}/crontabs
cronstamps = $${:etc}/cronstamps
log = $${:var}/log
monitor = $${:etc}/monitor
monitor-result = $${:var}/monitor
monitor-result-bool = $${monitor-parameters:result-dir}
promise = $${:etc}/promise
run = $${:var}/run
service = $${:etc}/service/
tmp = $${:home}/tmp
www = $${:var}/www

[cron]
recipe = slapos.cookbook:cron
dcrond-binary = ${dcron:location}/sbin/crond
cron-entries = $${directory:cron-entries}
crontabs = $${directory:crontabs}
cronstamps = $${directory:cronstamps}
catcher = $${cron-simplelogger:wrapper}
binary = $${directory:service}/crond

# Add log to cron
[cron-simplelogger]
recipe = slapos.cookbook:simplelogger
wrapper = $${directory:bin}/cron_simplelogger
log = $${directory:log}/cron.log

[cron-entry-monitor]
<= cron
recipe = slapos.cookbook:cron.d
name = launch-monitor
frequency = * * * * *
command = $${monitor-parameters:executable} -a

[cron-entry-rss]
<= cron
recipe = slapos.cookbook:cron.d
name = build-rss
frequency = * * * * *
command = $${make-rss:output}

[deploy-cgi-script]
recipe = slapos.recipe.template:jinja2
template = ${cgi-bin:location}/${cgi-bin:filename}
rendered = $${directory:www}/$${:filename}
filename = index.cgi
mode = 0744
context =
  key json_file monitor-parameters:json-path
  key password cgi-password:passwd
  raw python_executable ${buildout:executable}

[deploy-monitor-script]
recipe = slapos.recipe.template:jinja2
template = ${monitor-bin:location}/${monitor-bin:filename}
rendered = $${monitor-parameters:executable}
mode = 0744
context =
  section directory directory
  key monitoring_file_json monitor-parameters:json-path
  key monitoring_folder_bool monitor-parameters:result-dir
  raw python_executable ${buildout:executable}
  
[deploy-rss-script]
recipe = hexagonit.recipe.download
url = ${rss-bin:destination}/${rss-bin:filename}
destination = $${directory:bin}
filename = ${rss-bin:filename}
#md5sum =
mode = 0744
download-only = true

[make-rss]
recipe = slapos.recipe.template
url = ${make-rss-script:output}
output = $${directory:bin}/make-rss.sh
#md5sum = 
mode = 0744

[cadirectory]
recipe = slapos.cookbook:mkdirectory
requests = $${directory:ca-dir}/requests/
private = $${directory:ca-dir}/private/
certs = $${directory:ca-dir}/certs/
newcerts = $${directory:ca-dir}/newcerts/
crl = $${directory:ca-dir}/crl/

[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = ${openssl:location}/bin/openssl
ca-dir = $${directory:ca-dir}
requests-directory = $${cadirectory:requests}
wrapper = $${directory:service}/certificate_authority
ca-private = $${cadirectory:private}
ca-certs = $${cadirectory:certs}
ca-newcerts = $${cadirectory:newcerts}
ca-crl = $${cadirectory:crl}

[ca-httpd]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = $${cadirectory:certs}/httpd.key
cert-file = $${cadirectory:certs}/httpd.crt
executable = $${cgi-httpd-wrapper:wrapper-path}
wrapper = $${directory:service}/cgi-httpd
# Put domain name
name = example.com

###########
# Deploy a webserver running cgi scripts for monitoring
###########
[cgi-password]
recipe = slapos.cookbook:generate.password
storage-path = $${directory:etc}/cgi-passwd
bytes = 8

# XXX could it be something lighter?
[cgi-httpd-configuration-file]
recipe = collective.recipe.template
input = inline:
  PidFile "$${:pid-file}"
  ServerName example.com
  Listen [$${:listening-ip}]:$${:listening-port}
  ServerAdmin someone@email
  DocumentRoot "$${:document-root}"
  ErrorLog "$${:error-log}"
  LoadModule unixd_module modules/mod_unixd.so
  LoadModule access_compat_module modules/mod_access_compat.so
  LoadModule authz_core_module modules/mod_authz_core.so
  LoadModule authz_host_module modules/mod_authz_host.so
  LoadModule mime_module modules/mod_mime.so
  LoadModule cgid_module modules/mod_cgid.so
  LoadModule dir_module modules/mod_dir.so
  LoadModule ssl_module modules/mod_ssl.so
  # SSL Configuration
  SSLCertificateFile $${ca-httpd:cert-file}
  SSLCertificateKeyFile $${ca-httpd:key-file}
  SSLRandomSeed startup builtin
  SSLRandomSeed connect builtin
  SSLRandomSeed startup /dev/urandom 256
  SSLRandomSeed connect builtin
  SSLProtocol -ALL +SSLv3 +TLSv1
  SSLHonorCipherOrder On
  SSLCipherSuite RC4-SHA:HIGH:!ADH
  SSLEngine   On
  ScriptSock $${:cgid-pid-file}
  <Directory $${:document-root}>
    SSLVerifyDepth    1
    SSLRequireSSL
    SSLOptions        +StrictRequire
    # XXX: security????
    Options +ExecCGI
    AddHandler cgi-script .cgi
    DirectoryIndex $${monitor-parameters:rss-path}
  </Directory>
output = $${directory:etc}/cgi-httpd.conf
# md5sum =
listening-ip = $${slap-parameters:ipv6-random}
# XXX: randomize-me
listening-port = 9685
htdocs = $${directory:www}
pid-file = $${directory:run}/cgi-httpd.pid
cgid-pid-file = $${directory:run}/cgi-httpd-cgid.pid
document-root = $${directory:www}
error-log = $${directory:log}/cgi-httpd-error-log

[cgi-httpd-wrapper]
recipe = slapos.cookbook:wrapper
apache-executable = ${apache:location}/bin/httpd
command-line = $${:apache-executable} -f $${cgi-httpd-configuration-file:output} -DFOREGROUND
wrapper-path = $${directory:bin}/cgi-httpd

[publish-connection-parameter]
recipe = slapos.cookbook:publish
monitor_url = http://[$${cgi-httpd-configuration-file:listening-ip}]:$${cgi-httpd-configuration-file:listening-port}
monitor_password = $${cgi-password:passwd}