[buildout]
parts =
  directory
  configtest
  logrotate
  cron
  cron-entry-logrotate
  ca-frontend
  certificate-authority
  logrotate-entry-apache
  logrotate-entry-apache-cached
  logrotate-entry-squid
  apache-frontend
  apache-cached
  switch-apache-softwaretype
  frontend-apache-graceful
  cached-apache-graceful
  squid-service
  squid-prepare
  squid-reload
  promise-squid
  dynamic-template-default-vh
  not-found-html
  promise-frontend-apache-configuration
  promise-cached-apache-configuration
  promise-apache-frontend-v4-https
  promise-apache-frontend-v4-http
  promise-apache-frontend-v6-https
  promise-apache-frontend-v6-http
  promise-apache-cached
## Monitoring part
###Parts to add for monitoring
  certificate-authority
  cron-entry-monitor
  cron-entry-rss
  deploy-index
  deploy-settings-cgi
  deploy-status-cgi
  setup-static-files
  certificate-authority
  zero-parameters
  public-symlink
  cgi-httpd-wrapper
  cgi-httpd-graceful-wrapper
  monitor-promise
  monitor-instance-log-access
## Monitor for apache
  monitor-current-log-access
  monitor-backup-log-access
extends = ${monitor-template:output}


eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true

# Create all needed directories
[directory]
recipe = slapos.cookbook:mkdirectory

bin = $${buildout:directory}/bin/
etc = $${buildout:directory}/etc/
srv = $${buildout:directory}/srv/
var = $${buildout:directory}/var/
template = $${buildout:directory}/template/

backup = $${:srv}/backup
log = $${:var}/log
run = $${:var}/run
service = $${:etc}/service
etc-run = $${:etc}/run
promise = $${:etc}/promise

logrotate-backup = $${:backup}/logrotate
logrotate-entries = $${:etc}/logrotate.d

cron-entries = $${:etc}/cron.d
crontabs = $${:etc}/crontabs
cronstamps = $${:etc}/cronstamps
ca-dir = $${:srv}/ssl

[switch-apache-softwaretype]
recipe = slapos.cookbook:softwaretype
single-default = $${dynamic-default-template-slave-list:rendered}
single-custom-personal = $${dynamic-custom-personal-template-slave-list:rendered}
single-custom-group = $${dynamic-custom-group-template-slave-list:rendered}

[instance-parameter]
# Fetches parameters defined in SlapOS Master for this instance.
# Always the same.
recipe = slapos.cookbook:slapconfiguration.serialised
computer = $${slap-connection:computer-id}
partition = $${slap-connection:partition-id}
url = $${slap-connection:server-url}
key = $${slap-connection:key-file}
cert = $${slap-connection:cert-file}
# Define default parameter(s) that will be used later, in case user didn't
# specify it
# All parameters are available through the configuration.XX syntax.
# All possible parameters should have a default.
configuration.domain = example.org
configuration.public-ipv4 =
configuration.port = 4443
configuration.plain_http_port = 8080
configuration.server-admin = admin@example.com
configuration.apache_custom_https = ""
configuration.apache_custom_http = ""
configuration.apache-key =
configuration.apache-certificate =
configuration.open-port = 80 443
configuration.extra_slave_instance_list =

[frontend-configuration]
template-log-access = ${template-log-access:target}
log-access-configuration = $${directory:etc}/apache-log-access.conf
apache-directory = ${apache-2.2:location}
apache-ipv6 = $${instance-parameter:ipv6-random}
apache-https-port = $${instance-parameter:configuration.port}

[monitor-current-log-access]
< = monitor-directory-access
source = $${directory:log}

[monitor-backup-log-access]
< = monitor-directory-access
source = $${directory:logrotate-backup}

[jinja2-template-base]
recipe = slapos.recipe.template:jinja2
rendered = $${buildout:directory}/$${:filename}
extra-context =
context =
    import json_module json
    key eggs_directory buildout:eggs-directory
    key develop_eggs_directory buildout:develop-eggs-directory
    key slap_software_type instance-parameter:slap-software-type
    key slapparameter_dict instance-parameter:configuration
    $${:extra-context}

[dynamic-template-default-vh]
< = jinja2-template-base
template = ${template-default-virtualhost:target}
rendered = $${apache-directory:slave-configuration}/000.conf
extensions = jinja2.ext.do
extra-context =
    key http_port instance-parameter:configuration.plain_http_port
    key https_port instance-parameter:configuration.port

[dynamic-custom-personal-template-slave-list]
< = jinja2-template-base
template = ${template-slave-list:target}
filename = custom-personal-instance-slave-list.cfg
extensions = jinja2.ext.do
extra-context =
    key apache_configuration_directory apache-directory:slave-configuration
    key http_port instance-parameter:configuration.plain_http_port
    key https_port instance-parameter:configuration.port
    key public_ipv4 instance-parameter:configuration.public-ipv4
    key slave_instance_list instance-parameter:slave-instance-list
    key extra_slave_instance_list instance-parameter:configuration.extra_slave_instance_list
    key rewrite_cached_configuration apache-configuration:cached-rewrite-file
    key custom_ssl_directory apache-directory:vh-ssl
    key apache_log_directory apache-directory:slave-log
    key local_ipv4 instance-parameter:ipv4-random
    key cache_port apache-configuration:cache-port
    raw empty_template ${template-empty:target}
    raw template_slave_configuration ${template-slave-configuration:target}
    raw template_rewrite_cached ${template-rewrite-cached:target}
    raw software_type single-custom-personal
    section logrotate_dict logrotate
    section frontend_configuration frontend-configuration
    section apache_configuration apache-configuration
    section connection_information_dict publish-connection-informations

[dynamic-custom-group-template-slave-list]
< = jinja2-template-base
template = ${template-custom-slave-list:target}
filename = custom-group-instance-slave-list.cfg
extensions = jinja2.ext.do
extra-context =
    key apache_configuration_directory apache-directory:slave-configuration
    key domain instance-parameter:configuration.domain
    key http_port instance-parameter:configuration.plain_http_port
    key https_port instance-parameter:configuration.port
    key public_ipv4 instance-parameter:configuration.public-ipv4
    key slave_instance_list instance-parameter:slave-instance-list
    key extra_slave_instance_list instance-parameter:configuration.extra_slave_instance_list
    key rewrite_cached_configuration apache-configuration:cached-rewrite-file
    key custom_ssl_directory apache-directory:vh-ssl
    key template_slave_configuration dynamic-virtualhost-template-slave:rendered
    key apache_log_directory apache-directory:slave-log
    key local_ipv4 instance-parameter:ipv4-random
    key cache_port apache-configuration:cache-port
    raw empty_template ${template-empty:target}
    raw template_rewrite_cached ${template-rewrite-cached:target}
    raw software_type single-custom-group

[dynamic-default-template-slave-list]
< = jinja2-template-base
template = ${template-custom-slave-list:target}
filename = default-instance-slave-list.cfg
extensions = jinja2.ext.do
extra-context =
    key apache_configuration_directory apache-directory:slave-configuration
    key domain instance-parameter:configuration.domain
    key http_port instance-parameter:configuration.plain_http_port
    key https_port instance-parameter:configuration.port
    key public_ipv4 instance-parameter:configuration.public-ipv4
    key slave_instance_list instance-parameter:slave-instance-list
    key extra_slave_instance_list instance-parameter:configuration.extra_slave_instance_list
    key rewrite_cached_configuration apache-configuration:cached-rewrite-file
    key custom_ssl_directory apache-directory:vh-ssl
    key apache_log_directory apache-directory:slave-log
    key local_ipv4 instance-parameter:ipv4-random
    key cache_port apache-configuration:cache-port
    raw template_slave_configuration ${template-default-slave-virtualhost:target}
    raw empty_template ${template-empty:target}
    raw template_rewrite_cached ${template-rewrite-cached:target}
    raw software_type single-default
# XXXX Hack to allow two software types

[dynamic-virtualhost-template-slave]
<= jinja2-template-base
template = ${template-slave-configuration:target}
rendered = $${directory:template}/slave-virtualhost.conf.in
extensions = jinja2.ext.do
extra-context =
    key https_port instance-parameter:configuration.port
    key http_port instance-parameter:configuration.plain_http_port
    key apache_custom_https instance-parameter:configuration.apache_custom_https
    key apache_custom_http instance-parameter:configuration.apache_custom_http

# Deploy Apache Frontend (new way, no recipe, jinja power)
[dynamic-apache-frontend-template]
< = jinja2-template-base
template = ${template-apache-frontend-configuration:target}
rendered = $${apache-configuration:frontend-configuration}
extra-context =
    raw httpd_home ${apache-2.2:location}
    key httpd_mod_ssl_cache_directory apache-directory:mod-ssl
    key domain instance-parameter:configuration.domain
    key document_root apache-directory:document-root
    key instance_home buildout:directory
    key ipv4_addr instance-parameter:ipv4-random
    key ipv6_addr instance-parameter:ipv6-random
    key http_port instance-parameter:configuration.plain_http_port
    key https_port instance-parameter:configuration.port
    key server_admin instance-parameter:configuration.server-admin
    key protected_path apache-configuration:protected-path
    key access_control_string apache-configuration:access-control-string
    key login_certificate ca-frontend:cert-file
    key login_key ca-frontend:key-file
    key ca_dir  certificate-authority:ca-dir
    key ca_crl certificate-authority:ca-crl
    key access_log apache-configuration:access-log
    key error_log apache-configuration:error-log
    key pid_file apache-configuration:pid-file
    key slave_configuration_directory apache-directory:slave-configuration
    section frontend_configuration frontend-configuration

[apache-frontend]
recipe = slapos.cookbook:wrapper
command-line = ${apache-2.2:location}/bin/httpd -f $${dynamic-apache-frontend-template:rendered} -DFOREGROUND
wrapper-path = $${directory:service}/frontend_apache
wait-for-files =
	       $${ca-frontend:cert-file}
	       $${ca-frontend:key-file}

# Deploy Apache for cached website
[dynamic-apache-cached-template]
< = jinja2-template-base
template = ${template-apache-cached-configuration:target}
rendered = $${apache-configuration:cached-configuration}
extra-context =
    raw httpd_home ${apache-2.2:location}
    key httpd_mod_ssl_cache_directory apache-directory:mod-ssl
    key domain instance-parameter:configuration.domain
    key document_root apache-directory:document-root
    key instance_home buildout:directory
    key ipv4_addr instance-parameter:ipv4-random
    key cached_port apache-configuration:cache-through-port
    key server_admin instance-parameter:configuration.server-admin
    key protected_path apache-configuration:protected-path
    key access_control_string apache-configuration:access-control-string
    key login_certificate ca-frontend:cert-file
    key login_key ca-frontend:key-file
    key ca_dir  certificate-authority:ca-dir
    key ca_crl certificate-authority:ca-crl
    key access_log apache-configuration:cache-access-log
    key error_log apache-configuration:cache-error-log
    key pid_file apache-configuration:cache-pid-file
    key apachecachedmap_path apache-configuration:cached-rewrite-file

[apache-cached]
recipe = slapos.cookbook:wrapper
command-line = ${apache-2.2:location}/bin/httpd -f $${dynamic-apache-cached-template:rendered} -DFOREGROUND
wrapper-path = $${directory:service}/frontend_cached_apache
wait-for-files =
	       $${ca-frontend:cert-file}
	       $${ca-frontend:key-file}

[not-found-html]
recipe = slapos.cookbook:symbolic.link
target-directory = $${apache-directory:document-root}
link-binary =
	    ${template-not-found-html:target}

[apache-directory]
recipe = slapos.cookbook:mkdirectory
document-root = $${directory:srv}/htdocs
slave-configuration = $${directory:etc}/apache-slave-conf.d/
cache = $${directory:var}/cache
mod-ssl = $${:cache}/httpd_mod_ssl
vh-ssl = $${:slave-configuration}/ssl
slave-log = $${directory:log}/httpd

[apache-configuration]
frontend-configuration = $${directory:etc}/apache_frontend.conf
cached-configuration = $${directory:etc}/apache_frontend_cached.conf
access-log = $${directory:log}/frontend-apache-access.log
error-log = $${directory:log}/frontend-apache-error.log
pid-file = $${directory:run}/httpd.pid
protected-path = /
access-control-string = none
cached-rewrite-file = $${directory:etc}/apache_rewrite_cached.txt
frontend-configuration-verification = ${apache-2.2:location}/bin/httpd -Sf $${:frontend-configuration}
frontend-graceful-command = $${:frontend-configuration-verification}; if [ $? -eq 0 ]; then kill -USR1 $(cat $${:pid-file}); fi
cached-configuration-verification = ${apache-2.2:location}/bin/httpd -Sf $${:cached-configuration}
cached-graceful-command = $${:cached-configuration-verification}; if [ $? -eq 0 ]; then kill -USR1 $(cat $${apache-configuration:cache-pid-file}); fi

# Apache for cache configuration
cache-access-log = $${directory:log}/frontend-apache-access-cached.log
cache-error-log = $${directory:log}/frontend-apache-error-cached.log
cache-pid-file = $${directory:run}/httpd-cached.pid

# Comunication with squid
cache-port = 26010
cache-through-port = 26011

# Create wrapper for "apachectl conftest" in bin
[configtest]
recipe = slapos.cookbook:wrapper
command-line = ${apache-2.2:location}/bin/httpd -f $${directory:etc}/apache_frontend.conf -t
wrapper-path = $${directory:bin}/apache-configtest

[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = ${openssl:location}/bin/openssl
ca-dir = $${directory:ca-dir}
requests-directory = $${cadirectory:requests}
wrapper = $${directory:service}/certificate_authority
ca-private = $${cadirectory:private}
ca-certs = $${cadirectory:certs}
ca-newcerts = $${cadirectory:newcerts}
ca-crl = $${cadirectory:crl}

[cadirectory]
recipe = slapos.cookbook:mkdirectory
requests = $${directory:ca-dir}/requests/
private = $${directory:ca-dir}/private/
certs = $${directory:ca-dir}/certs/
newcerts = $${directory:ca-dir}/newcerts/
crl = $${directory:ca-dir}/crl/

[ca-frontend]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = $${cadirectory:certs}/apache_frontend.key
cert-file = $${cadirectory:certs}/apache_frontend.crt
executable = $${directory:service}/frontend_apache
wrapper = $${directory:service}/frontend_apache
key-content = $${instance-parameter:configuration.apache-key}
cert-content = $${instance-parameter:configuration.apache-certificate}
# Put domain name
name = $${instance-parameter:configuration.domain}

[cron]
recipe = slapos.cookbook:cron
dcrond-binary = ${dcron:location}/sbin/crond
cron-entries = $${directory:cron-entries}
crontabs = $${directory:crontabs}
cronstamps = $${directory:cronstamps}
catcher = $${cron-simplelogger:wrapper}
binary = $${directory:service}/crond

[cron-simplelogger]
recipe = slapos.cookbook:simplelogger
wrapper = $${directory:bin}/cron_simplelogger
log = $${directory:log}/cron.log

[cron-entry-logrotate]
<= cron
recipe = slapos.cookbook:cron.d
name = logrotate
frequency = 0 0 * * *
command = $${logrotate:wrapper}

# Deploy Logrotate
[logrotate]
recipe = slapos.cookbook:logrotate
# Binaries
logrotate-binary = ${logrotate:location}/usr/sbin/logrotate
gzip-binary = ${gzip:location}/bin/gzip
gunzip-binary = ${gzip:location}/bin/gunzip
# Directories
wrapper = $${directory:bin}/logrotate
conf = $${directory:etc}/logrotate.conf
logrotate-entries = $${directory:logrotate-entries}
backup = $${directory:logrotate-backup}
state-file = $${directory:srv}/logrotate.status

[logrotate-entry-apache]
<= logrotate
recipe = slapos.cookbook:logrotate.d
name = apache
log = $${apache-configuration:error-log} $${apache-configuration:access-log}
frequency = daily
rotatep-num = 30
post = $${apache-configuration:frontend-graceful-command}
sharedscripts = true
notifempty = true
create = true

[logrotate-entry-apache-cached]
<= logrotate
recipe = slapos.cookbook:logrotate.d
name = apache-cached
log = $${apache-configuration:cache-error-log} $${apache-configuration:cache-access-log}
frequency = daily
rotatep-num = 30
post = $${apache-configuration:cached-graceful-command}
sharedscripts = true
notifempty = true
create = true

[logrotate-entry-squid]
<= logrotate
recipe = slapos.cookbook:logrotate.d
name = squid
log = $${squid-cache:cache-log-path} $${squid-cache:access-log-path}
frequency = daily
rotatep-num = 30
post = ${buildout:bin-directory}/killpidfromfile $${apache-configuration:pid-file} SIGHUP
sharedscripts = true
notifempty = true
create = true

######################
#  Squid deployment
######################
[squid-directory]
recipe = slapos.cookbook:mkdirectory
squid-cache = $${directory:srv}/squid_cache

[squid-cache]
prepare-path = $${directory:etc-run}/squid-prepare
wrapper-path = $${directory:service}/squid
binary-path = ${squid:location}/sbin/squid
configuration-path = $${directory:etc}/squid.cfg
cache-path = $${squid-directory:squid-cache}
ip = $${instance-parameter:ipv4-random}
port = $${apache-configuration:cache-port}
backend-ip = $${instance-parameter:ipv4-random}
backend-port = $${apache-configuration:cache-through-port}
open-port = $${instance-parameter:configuration.open-port}
access-log-path = $${directory:log}/squid-access.log
cache-log-path = $${directory:log}/squid-cache.log
pid-filename-path = $${directory:run}/squid.pid

[squid-configuration]
< = jinja2-template-base
template = ${template-squid-configuration:target}
rendered = $${squid-cache:configuration-path}
extra-context =
      key ip squid-cache:ip
      key port squid-cache:port
      key backend_ip squid-cache:backend-ip
      key backend_port squid-cache:backend-port
      key cache_path squid-cache:cache-path
      key access_log_path squid-cache:access-log-path
      key cache_log_path squid-cache:cache-log-path
      key pid_filename_path squid-cache:pid-filename-path
      key open_port squid-cache:open-port

[squid-service]
recipe = slapos.cookbook:wrapper
command-line = $${squid-cache:binary-path} -N -f $${squid-configuration:rendered}
wrapper-path = $${squid-cache:wrapper-path}

[squid-prepare]
recipe = slapos.cookbook:wrapper
command-line = $${squid-cache:binary-path} -z -f $${squid-configuration:rendered}
wrapper-path = $${squid-cache:prepare-path}

[squid-reload]
recipe = slapos.cookbook:wrapper
command-line = ${buildout:bin-directory}/killpidfromfile $${squid-cache:pid-filename-path} SIGHUP
wrapper-path = $${directory:etc-run}/squid-reload

[promise-squid]
recipe = slapos.cookbook:check_port_listening
path = $${directory:promise}/squid
hostname = $${instance-parameter:ipv4-random}
port = $${apache-configuration:cache-port}

# End of Squid part

### Apaches Graceful and promises
[frontend-apache-graceful]
< = jinja2-template-base
template = ${template-wrapper:output}
rendered = $${directory:etc-run}/frontend-apache-safe-graceful
mode = 0700
extra-context =
    key content apache-configuration:frontend-graceful-command

[cached-apache-graceful]
< = jinja2-template-base
template = ${template-wrapper:output}
rendered = $${directory:etc-run}/cached-apache-safe-graceful
mode = 0700
extra-context =
    key content apache-configuration:cached-graceful-command

# Promises checking configuration:
[promise-frontend-apache-configuration]
< = jinja2-template-base
template = ${template-wrapper:output}
rendered = $${directory:promise}/frontend-apache-configuration-promise
mode = 0700
extra-context =
    key content apache-configuration:frontend-configuration-verification

[promise-cached-apache-configuration]
< = jinja2-template-base
template = ${template-wrapper:output}
rendered = $${directory:promise}/cached-apache-configuration-promise
mode = 0700
extra-context =
    key content apache-configuration:cached-configuration-verification

[promise-apache-frontend-v4-https]
recipe = slapos.cookbook:check_port_listening
path = $${directory:promise}/apache_frontend_ipv4_https
hostname = $${instance-parameter:ipv4-random}
port = $${instance-parameter:configuration.port}

[promise-apache-frontend-v4-http]
recipe = slapos.cookbook:check_port_listening
path = $${directory:promise}/apache_frontend_ipv4_http
hostname = $${instance-parameter:ipv4-random}
port = $${instance-parameter:configuration.plain_http_port}

[promise-apache-frontend-v6-https]
recipe = slapos.cookbook:check_port_listening
path = $${directory:promise}/apache_frontend_ipv6_https
hostname = $${instance-parameter:ipv6-random}
port = $${instance-parameter:configuration.port}

[promise-apache-frontend-v6-http]
recipe = slapos.cookbook:check_port_listening
path = $${directory:promise}/apache_frontend_ipv6_http
hostname = $${instance-parameter:ipv6-random}
port = $${instance-parameter:configuration.plain_http_port}

[promise-apache-cached]
recipe = slapos.cookbook:check_port_listening
path = $${directory:promise}/apache_cached
hostname = $${instance-parameter:ipv4-random}
port = $${apache-configuration:cache-through-port}

[slap_connection]
# Kept for backward compatiblity
computer_id = $${slap-connection:computer-id}
partition_id = $${slap-connection:partition-id}
server_url = $${slap-connection:server-url}
software_release_url = $${slap-connection:software-release-url}
key_file = $${slap-connection:key-file}
cert_file = $${slap-connection:cert-file}