monitor.cfg.in 10.2 KB
Newer Older
1 2 3 4 5 6 7 8
[slap-parameters]
recipe = slapos.cookbook:slapconfiguration
computer = $${slap-connection:computer-id}
partition = $${slap-connection:partition-id}
url = $${slap-connection:server-url}
key = $${slap-connection:key-file}
cert = $${slap-connection:cert-file}

9 10
[monitor-parameters]
json-filename = monitor.json
11
json-path = $${monitor-directory:monitor-result}/$${:json-filename}
12
rss-filename = rssfeed.html
13
rss-path = $${monitor-directory:public-cgi}/$${:rss-filename}
14
executable = $${monitor-directory:bin}/monitor.py
15
port = 9685
16 17 18 19
htaccess-file = $${monitor-directory:etc}/.htaccess-monitor
url = https://[$${slap-parameters:ipv6-random}]:$${:port}
index-filename = index.cgi
index-path = $${monitor-directory:www}/$${:index-filename}
20
db-path = $${monitor-directory:etc}/monitor.db
21

22 23
[monitor-directory]
recipe = slapos.cookbook:mkdirectory
24
# Standard directory needed by monitoring stack
25 26 27
home = $${buildout:directory}
etc = $${:home}/etc
bin = $${:home}/bin
28
srv = $${:home}/srv
29
var = $${:home}/var
30 31 32 33 34 35 36 37 38 39
log = $${:var}/log
run = $${:var}/run
service = $${:etc}/service/
etc-run = $${:etc}/run/
tmp = $${:home}/tmp
promise = $${:etc}/promise

cron-entries = $${:etc}/cron.d
crontabs = $${:etc}/crontabs
cronstamps = $${:etc}/cronstamps
40

41
ca-dir = $${:srv}/ssl
42 43
www = $${:var}/www

44 45 46
cgi-bin = $${:var}/cgi-bin
monitoring-cgi = $${:cgi-bin}/monitoring
knowledge0-cgi = $${:cgi-bin}/zero-knowledge
47
public-cgi = $${:cgi-bin}/public
48 49 50

monitor-custom-scripts = $${:etc}/monitor
monitor-result = $${:var}/monitor
51

52
private-directory = $${:srv}/monitor-private
53

54 55
[public-symlink]
recipe = cns.recipe.symlink
56
symlink = $${monitor-directory:public-cgi} = $${monitor-directory:www}/public
57 58
autocreate = true

59 60 61
[cron]
recipe = slapos.cookbook:cron
dcrond-binary = ${dcron:location}/sbin/crond
62 63 64
cron-entries = $${monitor-directory:cron-entries}
crontabs = $${monitor-directory:crontabs}
cronstamps = $${monitor-directory:cronstamps}
65
catcher = $${cron-simplelogger:wrapper}
66
binary = $${monitor-directory:service}/crond
67 68 69 70

# Add log to cron
[cron-simplelogger]
recipe = slapos.cookbook:simplelogger
71 72
wrapper = $${monitor-directory:bin}/cron_simplelogger
log = $${monitor-directory:log}/cron.log
73 74 75 76 77

[cron-entry-monitor]
<= cron
recipe = slapos.cookbook:cron.d
name = launch-monitor
78
frequency = */5 * * * *
79
command = $${deploy-monitor-script:rendered} -a
80 81 82 83 84

[cron-entry-rss]
<= cron
recipe = slapos.cookbook:cron.d
name = build-rss
85
frequency = */5 * * * *
86
command = $${make-rss:rendered}
87

88 89 90 91
[setup-static-files]
recipe = hexagonit.recipe.download
url = ${download-static-files:destination}/${download-static-files:filename}
filename = static
92
destination = $${monitor-directory:www}
93 94 95
ignore-existing = true
mode = 0644

96
[deploy-index]
97
recipe = slapos.recipe.template:jinja2
98
template = ${index:location}/${index:filename}
99
rendered = $${monitor-parameters:index-path}
100 101
mode = 0744
context =
102
  key cgi_directory monitor-directory:cgi-bin
103 104 105
  raw index_template $${deploy-index-template:location}/$${deploy-index-template:filename}
  key password zero-parameters:monitor-password
  raw extra_eggs_interpreter ${buildout:directory}/bin/${extra-eggs:interpreter}
106
  raw default_page /welcome.html
107 108 109 110

[deploy-index-template]
recipe = hexagonit.recipe.download
url = ${index-template:location}/$${:filename}
111
destination = $${monitor-directory:www}
112 113 114
filename = ${index-template:filename}
download-only = true
mode = 0644
115 116 117 118

[deploy-status-cgi]
recipe = slapos.recipe.template:jinja2
template = ${status-cgi:location}/${status-cgi:filename}
119
rendered = $${monitor-directory:monitoring-cgi}/$${:filename}
120
filename = status.cgi
121 122 123
mode = 0744
context =
  key json_file monitor-parameters:json-path
124 125 126
  key monitor_bin monitor-parameters:executable
  key pwd monitor-directory:monitoring-cgi
  key this_file :filename
127
  raw python_executable ${buildout:executable}
128

129
[deploy-settings-cgi]
130
recipe = slapos.recipe.template:jinja2
131
template = ${settings-cgi:location}/${settings-cgi:filename}
132
rendered = $${monitor-directory:knowledge0-cgi}/$${:filename}
133
filename = settings.cgi
134 135 136
mode = 0744
context =
  raw config_cfg $${buildout:directory}/knowledge0.cfg
137
  raw timestamp $${buildout:directory}/.timestamp
138
  raw python_executable ${buildout:executable}
139
  key pwd monitor-directory:knowledge0-cgi
140
  key this_file :filename
141

142 143 144
[deploy-monitor-script]
recipe = slapos.recipe.template:jinja2
template = ${monitor-bin:location}/${monitor-bin:filename}
145
rendered = $${monitor-parameters:executable}
146 147
mode = 0744
context =
148
  section directory monitor-directory
149
  section monitor_parameter monitor-parameters
150
  key monitoring_file_json monitor-parameters:json-path
151
  raw python_executable ${buildout:executable}
152

153
[make-rss]
154 155 156
recipe = slapos.recipe.template:jinja2
template = ${make-rss-script:output}
rendered = $${monitor-directory:bin}/make-rss.sh
157
mode = 0744
158 159 160
context =
  section directory monitor-directory
  section monitor_parameters monitor-parameters
161

162 163 164
[monitor-htaccess]
recipe = plone.recipe.command
stop-on-error = true
165
htaccess-path = $${monitor-parameters:htaccess-file}
166 167 168 169
command = ${apache:location}/bin/htpasswd -cb $${:htaccess-path} admin $${zero-parameters:monitor-password}

[monitor-directory-access]
recipe = plone.recipe.command
170
command = ln -s $${:source} $${monitor-directory:private-directory}
171 172
source =

173 174 175 176 177 178
[monitor-instance-log-access]
recipe = plone.recipe.command
command = if [ -d $${:source} ]; then ln -s $${:source} $${monitor-directory:private-directory}/instance-logs; fi
update-command = if [ -d $${:source} ]; then ln -s $${:source} $${monitor-directory:private-directory}/instance-logs; fi
source = $${monitor-directory:home}/.slapgrid/log/

179 180
[cadirectory]
recipe = slapos.cookbook:mkdirectory
181 182 183 184 185
requests = $${monitor-directory:ca-dir}/requests/
private = $${monitor-directory:ca-dir}/private/
certs = $${monitor-directory:ca-dir}/certs/
newcerts = $${monitor-directory:ca-dir}/newcerts/
crl = $${monitor-directory:ca-dir}/crl/
186 187 188 189

[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = ${openssl:location}/bin/openssl
190
ca-dir = $${monitor-directory:ca-dir}
191
requests-directory = $${cadirectory:requests}
192
wrapper = $${monitor-directory:service}/certificate_authority
193 194 195 196 197
ca-private = $${cadirectory:private}
ca-certs = $${cadirectory:certs}
ca-newcerts = $${cadirectory:newcerts}
ca-crl = $${cadirectory:crl}

198 199 200 201 202
[ca-httpd]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = $${cadirectory:certs}/httpd.key
cert-file = $${cadirectory:certs}/httpd.crt
203 204
executable = $${monitor-directory:bin}/cgi-httpd
wrapper = $${monitor-directory:service}/cgi-httpd
205 206 207
# Put domain name
name = example.com

208 209 210
###########
# Deploy a webserver running cgi scripts for monitoring
###########
211
[public]
212
recipe = slapos.cookbook:zero-knowledge.write
213
filename = knowledge0.cfg
214
monitor-password = passwordtochange
215 216

[zero-parameters]
217
recipe = slapos.cookbook:zero-knowledge.read
218
filename = $${public:filename}
219 220 221 222 223 224

# XXX could it be something lighter?
[cgi-httpd-configuration-file]
recipe = collective.recipe.template
input = inline:
  PidFile "$${:pid-file}"
225
  ServerName example.com
226
  ServerAdmin someone@email
227
  <IfDefine !MonitorPort>
228
  Listen [$${:listening-ip}]:$${monitor-parameters:port}
229 230
  Define MonitorPort
  </IfDefine>
231 232 233 234 235
  DocumentRoot "$${:document-root}"
  ErrorLog "$${:error-log}"
  LoadModule unixd_module modules/mod_unixd.so
  LoadModule access_compat_module modules/mod_access_compat.so
  LoadModule authz_core_module modules/mod_authz_core.so
236
  LoadModule authn_core_module modules/mod_authn_core.so
237 238 239 240
  LoadModule authz_host_module modules/mod_authz_host.so
  LoadModule mime_module modules/mod_mime.so
  LoadModule cgid_module modules/mod_cgid.so
  LoadModule dir_module modules/mod_dir.so
241
  LoadModule ssl_module modules/mod_ssl.so
242 243 244 245 246 247
  LoadModule alias_module modules/mod_alias.so
  LoadModule autoindex_module modules/mod_autoindex.so
  LoadModule auth_basic_module modules/mod_auth_basic.so
  LoadModule authz_user_module modules/mod_authz_user.so
  LoadModule authn_file_module modules/mod_authn_file.so

248
  # SSL Configuration
249 250
  <IfDefine !SSLConfigured>
  Define SSLConfigured
251 252 253 254 255 256 257 258 259
  SSLCertificateFile $${ca-httpd:cert-file}
  SSLCertificateKeyFile $${ca-httpd:key-file}
  SSLRandomSeed startup builtin
  SSLRandomSeed connect builtin
  SSLRandomSeed startup /dev/urandom 256
  SSLRandomSeed connect builtin
  SSLProtocol -ALL +SSLv3 +TLSv1
  SSLHonorCipherOrder On
  SSLCipherSuite RC4-SHA:HIGH:!ADH
260
  </IfDefine>
261
  SSLEngine   On
262 263
  ScriptSock $${:cgid-pid-file}
  <Directory $${:document-root}>
264 265 266
    SSLVerifyDepth    1
    SSLRequireSSL
    SSLOptions        +StrictRequire
267 268 269
    # XXX: security????
    Options +ExecCGI
    AddHandler cgi-script .cgi
270
    DirectoryIndex $${monitor-parameters:index-filename}
271
  </Directory>
272 273
  Alias /private/ $${monitor-directory:private-directory}/
  <Directory $${monitor-directory:private-directory}>
274 275 276 277 278 279 280 281
  Order Deny,Allow
  Deny from env=AUTHREQUIRED
  <Files ".??*">
    Order Allow,Deny
    Deny from all
  </Files>
  AuthType Basic
  AuthName "Private access"
282
  AuthUserFile "$${monitor-htaccess:htaccess-path}"
283 284 285 286 287
  Require valid-user
  Options Indexes FollowSymLinks
  Satisfy all
  </Directory>
output = $${monitor-directory:etc}/cgi-httpd.conf
288 289
listening-ip = $${slap-parameters:ipv6-random}
# XXX: randomize-me
290 291 292 293 294
htdocs = $${monitor-directory:www}
pid-file = $${monitor-directory:run}/cgi-httpd.pid
cgid-pid-file = $${monitor-directory:run}/cgi-httpd-cgid.pid
document-root = $${monitor-directory:www}
error-log = $${monitor-directory:log}/cgi-httpd-error-log
295 296 297 298 299

[cgi-httpd-wrapper]
recipe = slapos.cookbook:wrapper
apache-executable = ${apache:location}/bin/httpd
command-line = $${:apache-executable} -f $${cgi-httpd-configuration-file:output} -DFOREGROUND
300
wrapper-path = $${ca-httpd:executable}
301

302 303 304 305 306
[cgi-httpd-graceful-wrapper]
recipe = slapos.cookbook:wrapper
command-line = kill -USR1 $(cat $${cgi-httpd-configuration-file:pid-file})
wrapper-path = $${monitor-directory:etc-run}/cgi-httpd-graceful

307 308
[monitor-promise]
recipe = slapos.cookbook:check_url_available
309 310
path = $${monitor-directory:promise}/monitor
url = $${monitor-parameters:url}/$${monitor-parameters:index-filename}
311 312 313 314
check-secure = 1
dash_path = ${dash:location}/bin/dash
curl_path = ${curl:location}/bin/curl

315
[publish-connection-informations]
316
recipe = slapos.cookbook:publish
317 318
monitor_url = $${monitor-parameters:url}
IMPORTANT_monitor_info = Change the monitor_password as soon as possible ! Default is : $${public:monitor-password} . You can change it in the setting.cgi section of your monitorin interface