monitor.cfg.in 10.5 KB
Newer Older
1 2 3 4 5 6 7 8
[slap-parameters]
recipe = slapos.cookbook:slapconfiguration
computer = $${slap-connection:computer-id}
partition = $${slap-connection:partition-id}
url = $${slap-connection:server-url}
key = $${slap-connection:key-file}
cert = $${slap-connection:cert-file}

9 10
[monitor-parameters]
json-filename = monitor.json
11
json-path = $${monitor-directory:monitor-result}/$${:json-filename}
12
rss-filename = rssfeed.html
13
rss-path = $${monitor-directory:public-cgi}/$${:rss-filename}
14
executable = $${monitor-directory:bin}/monitor.py
15
port = 9685
16 17 18 19
htaccess-file = $${monitor-directory:etc}/.htaccess-monitor
url = https://[$${slap-parameters:ipv6-random}]:$${:port}
index-filename = index.cgi
index-path = $${monitor-directory:www}/$${:index-filename}
20
db-path = $${monitor-directory:etc}/monitor.db
21
monitor-password-path = $${monitor-directory:etc}/.monitor.shadow
22

23 24
[monitor-directory]
recipe = slapos.cookbook:mkdirectory
25
# Standard directory needed by monitoring stack
26 27 28
home = $${buildout:directory}
etc = $${:home}/etc
bin = $${:home}/bin
29
srv = $${:home}/srv
30
var = $${:home}/var
31 32 33 34 35 36 37 38 39 40
log = $${:var}/log
run = $${:var}/run
service = $${:etc}/service/
etc-run = $${:etc}/run/
tmp = $${:home}/tmp
promise = $${:etc}/promise

cron-entries = $${:etc}/cron.d
crontabs = $${:etc}/crontabs
cronstamps = $${:etc}/cronstamps
41

42
ca-dir = $${:srv}/ssl
43 44
www = $${:var}/www

45 46 47
cgi-bin = $${:var}/cgi-bin
monitoring-cgi = $${:cgi-bin}/monitoring
knowledge0-cgi = $${:cgi-bin}/zero-knowledge
48
public-cgi = $${:cgi-bin}/public
49 50 51

monitor-custom-scripts = $${:etc}/monitor
monitor-result = $${:var}/monitor
52

53
private-directory = $${:srv}/monitor-private
54

55 56
[public-symlink]
recipe = cns.recipe.symlink
57
symlink = $${monitor-directory:public-cgi} = $${monitor-directory:www}/public
58 59
autocreate = true

60 61 62
[cron]
recipe = slapos.cookbook:cron
dcrond-binary = ${dcron:location}/sbin/crond
63 64 65
cron-entries = $${monitor-directory:cron-entries}
crontabs = $${monitor-directory:crontabs}
cronstamps = $${monitor-directory:cronstamps}
66
catcher = $${cron-simplelogger:wrapper}
67
binary = $${monitor-directory:service}/crond
68 69 70 71

# Add log to cron
[cron-simplelogger]
recipe = slapos.cookbook:simplelogger
72 73
wrapper = $${monitor-directory:bin}/cron_simplelogger
log = $${monitor-directory:log}/cron.log
74 75 76 77 78

[cron-entry-monitor]
<= cron
recipe = slapos.cookbook:cron.d
name = launch-monitor
79
frequency = */5 * * * *
80
command = $${deploy-monitor-script:rendered} -a
81 82 83 84 85

[cron-entry-rss]
<= cron
recipe = slapos.cookbook:cron.d
name = build-rss
86
frequency = */5 * * * *
87
command = $${make-rss:rendered}
88

89 90 91 92
[setup-static-files]
recipe = hexagonit.recipe.download
url = ${download-static-files:destination}/${download-static-files:filename}
filename = static
93
destination = $${monitor-directory:www}
94 95 96
ignore-existing = true
mode = 0644

97
[deploy-index]
98
recipe = slapos.recipe.template:jinja2
99
template = ${index:location}/${index:filename}
100
rendered = $${monitor-parameters:index-path}
101
update-apache-access = ${apache:location}/bin/htpasswd -cb $${monitor-parameters:htaccess-file} admin
102 103
mode = 0744
context =
104
  key cgi_directory monitor-directory:cgi-bin
105
  raw index_template $${deploy-index-template:location}/$${deploy-index-template:filename}
106 107 108
  key monitor_password_path monitor-parameters:monitor-password-path
  key monitor_password_script_path deploy-monitor-password-cgi:rendered
  key apache_update_command :update-apache-access
109
  raw extra_eggs_interpreter ${buildout:directory}/bin/${extra-eggs:interpreter}
110
  raw default_page /welcome.html
111 112 113 114

[deploy-index-template]
recipe = hexagonit.recipe.download
url = ${index-template:location}/$${:filename}
115
destination = $${monitor-directory:www}
116 117 118
filename = ${index-template:filename}
download-only = true
mode = 0644
119 120 121 122

[deploy-status-cgi]
recipe = slapos.recipe.template:jinja2
template = ${status-cgi:location}/${status-cgi:filename}
123
rendered = $${monitor-directory:monitoring-cgi}/$${:filename}
124
filename = status.cgi
125 126 127
mode = 0744
context =
  key json_file monitor-parameters:json-path
128 129 130
  key monitor_bin monitor-parameters:executable
  key pwd monitor-directory:monitoring-cgi
  key this_file :filename
131
  raw python_executable ${buildout:executable}
132

133
[deploy-settings-cgi]
134
recipe = slapos.recipe.template:jinja2
135
template = ${settings-cgi:location}/${settings-cgi:filename}
136
rendered = $${monitor-directory:knowledge0-cgi}/$${:filename}
137
filename = settings.cgi
138 139 140
mode = 0744
context =
  raw config_cfg $${buildout:directory}/knowledge0.cfg
141
  raw timestamp $${buildout:directory}/.timestamp
142
  raw python_executable ${buildout:executable}
143
  key pwd monitor-directory:knowledge0-cgi
144
  key this_file :filename
145

146 147 148 149 150 151 152 153 154 155 156
[deploy-monitor-password-cgi]
recipe = slapos.recipe.template:jinja2
template = ${monitor-password-cgi:location}/${monitor-password-cgi:filename}
rendered = $${monitor-directory:knowledge0-cgi}/$${:filename}
filename = monitor-password.cgi
mode = 0744
context =
  raw python_executable ${buildout:executable}
  key pwd monitor-directory:knowledge0-cgi
  key this_file :filename

157 158 159
[deploy-monitor-script]
recipe = slapos.recipe.template:jinja2
template = ${monitor-bin:location}/${monitor-bin:filename}
160
rendered = $${monitor-parameters:executable}
161 162
mode = 0744
context =
163
  section directory monitor-directory
164
  section monitor_parameter monitor-parameters
165
  key monitoring_file_json monitor-parameters:json-path
166
  raw python_executable ${buildout:executable}
167

168
[make-rss]
169 170 171
recipe = slapos.recipe.template:jinja2
template = ${make-rss-script:output}
rendered = $${monitor-directory:bin}/make-rss.sh
172
mode = 0744
173 174 175
context =
  section directory monitor-directory
  section monitor_parameters monitor-parameters
176

177 178
[monitor-directory-access]
recipe = plone.recipe.command
179
command = ln -s $${:source} $${monitor-directory:private-directory}
180 181
source =

182 183 184 185 186 187
[monitor-instance-log-access]
recipe = plone.recipe.command
command = if [ -d $${:source} ]; then ln -s $${:source} $${monitor-directory:private-directory}/instance-logs; fi
update-command = if [ -d $${:source} ]; then ln -s $${:source} $${monitor-directory:private-directory}/instance-logs; fi
source = $${monitor-directory:home}/.slapgrid/log/

188 189
[cadirectory]
recipe = slapos.cookbook:mkdirectory
190 191 192 193 194
requests = $${monitor-directory:ca-dir}/requests/
private = $${monitor-directory:ca-dir}/private/
certs = $${monitor-directory:ca-dir}/certs/
newcerts = $${monitor-directory:ca-dir}/newcerts/
crl = $${monitor-directory:ca-dir}/crl/
195 196 197 198

[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = ${openssl:location}/bin/openssl
199
ca-dir = $${monitor-directory:ca-dir}
200
requests-directory = $${cadirectory:requests}
201
wrapper = $${monitor-directory:service}/certificate_authority
202 203 204 205 206
ca-private = $${cadirectory:private}
ca-certs = $${cadirectory:certs}
ca-newcerts = $${cadirectory:newcerts}
ca-crl = $${cadirectory:crl}

207 208 209 210 211
[ca-httpd]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = $${cadirectory:certs}/httpd.key
cert-file = $${cadirectory:certs}/httpd.crt
212 213
executable = $${monitor-directory:bin}/cgi-httpd
wrapper = $${monitor-directory:service}/cgi-httpd
214 215 216
# Put domain name
name = example.com

217 218 219
###########
# Deploy a webserver running cgi scripts for monitoring
###########
220
[public]
221
recipe = slapos.cookbook:zero-knowledge.write
222 223 224
filename = knowledge0.cfg

[zero-parameters]
225
recipe = slapos.cookbook:zero-knowledge.read
226
filename = $${public:filename}
227 228 229 230 231 232

# XXX could it be something lighter?
[cgi-httpd-configuration-file]
recipe = collective.recipe.template
input = inline:
  PidFile "$${:pid-file}"
233
  ServerName example.com
234
  ServerAdmin someone@email
235
  <IfDefine !MonitorPort>
236
  Listen [$${:listening-ip}]:$${monitor-parameters:port}
237 238
  Define MonitorPort
  </IfDefine>
239 240 241 242 243
  DocumentRoot "$${:document-root}"
  ErrorLog "$${:error-log}"
  LoadModule unixd_module modules/mod_unixd.so
  LoadModule access_compat_module modules/mod_access_compat.so
  LoadModule authz_core_module modules/mod_authz_core.so
244
  LoadModule authn_core_module modules/mod_authn_core.so
245 246 247 248
  LoadModule authz_host_module modules/mod_authz_host.so
  LoadModule mime_module modules/mod_mime.so
  LoadModule cgid_module modules/mod_cgid.so
  LoadModule dir_module modules/mod_dir.so
249
  LoadModule ssl_module modules/mod_ssl.so
250 251 252 253 254 255
  LoadModule alias_module modules/mod_alias.so
  LoadModule autoindex_module modules/mod_autoindex.so
  LoadModule auth_basic_module modules/mod_auth_basic.so
  LoadModule authz_user_module modules/mod_authz_user.so
  LoadModule authn_file_module modules/mod_authn_file.so

256
  # SSL Configuration
257 258
  <IfDefine !SSLConfigured>
  Define SSLConfigured
259 260 261 262 263 264 265 266 267
  SSLCertificateFile $${ca-httpd:cert-file}
  SSLCertificateKeyFile $${ca-httpd:key-file}
  SSLRandomSeed startup builtin
  SSLRandomSeed connect builtin
  SSLRandomSeed startup /dev/urandom 256
  SSLRandomSeed connect builtin
  SSLProtocol -ALL +SSLv3 +TLSv1
  SSLHonorCipherOrder On
  SSLCipherSuite RC4-SHA:HIGH:!ADH
268
  </IfDefine>
269
  SSLEngine   On
270 271
  ScriptSock $${:cgid-pid-file}
  <Directory $${:document-root}>
272 273 274
    SSLVerifyDepth    1
    SSLRequireSSL
    SSLOptions        +StrictRequire
275 276 277
    # XXX: security????
    Options +ExecCGI
    AddHandler cgi-script .cgi
278
    DirectoryIndex $${monitor-parameters:index-filename}
279
  </Directory>
280 281
  Alias /private/ $${monitor-directory:private-directory}/
  <Directory $${monitor-directory:private-directory}>
282 283 284 285 286 287 288 289
  Order Deny,Allow
  Deny from env=AUTHREQUIRED
  <Files ".??*">
    Order Allow,Deny
    Deny from all
  </Files>
  AuthType Basic
  AuthName "Private access"
290
  AuthUserFile "$${monitor-parameters:htaccess-file}"
291 292 293 294 295
  Require valid-user
  Options Indexes FollowSymLinks
  Satisfy all
  </Directory>
output = $${monitor-directory:etc}/cgi-httpd.conf
296 297
listening-ip = $${slap-parameters:ipv6-random}
# XXX: randomize-me
298 299 300 301 302
htdocs = $${monitor-directory:www}
pid-file = $${monitor-directory:run}/cgi-httpd.pid
cgid-pid-file = $${monitor-directory:run}/cgi-httpd-cgid.pid
document-root = $${monitor-directory:www}
error-log = $${monitor-directory:log}/cgi-httpd-error-log
303 304 305 306 307

[cgi-httpd-wrapper]
recipe = slapos.cookbook:wrapper
apache-executable = ${apache:location}/bin/httpd
command-line = $${:apache-executable} -f $${cgi-httpd-configuration-file:output} -DFOREGROUND
308
wrapper-path = $${ca-httpd:executable}
309

310 311 312 313 314
[cgi-httpd-graceful-wrapper]
recipe = slapos.cookbook:wrapper
command-line = kill -USR1 $(cat $${cgi-httpd-configuration-file:pid-file})
wrapper-path = $${monitor-directory:etc-run}/cgi-httpd-graceful

315 316
[monitor-promise]
recipe = slapos.cookbook:check_url_available
317 318
path = $${monitor-directory:promise}/monitor
url = $${monitor-parameters:url}/$${monitor-parameters:index-filename}
319 320 321 322
check-secure = 1
dash_path = ${dash:location}/bin/dash
curl_path = ${curl:location}/bin/curl

323
[publish-connection-informations]
324
recipe = slapos.cookbook:publish
325
monitor_url = $${monitor-parameters:url}