instance-kvm-cluster.cfg.jinja2.in 15.1 KB
Newer Older
1
{% set publish_dict = {} -%}
2 3
{% set part_list = [] -%}
{% set ipv6 = (ipv6 | list)[0] -%}
4
{% set frontend_dict = slapparameter_dict.get('frontend', {}) -%}
5
{% set slave_frontend_dict = slapparameter_dict.get('slave-frontend', {}) -%}
6
{% set slave_frontend_sr = slave_frontend_dict.get('software-url', 'http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg') -%}
7
{% set slave_frontend_stype = slave_frontend_dict.get('software-type', 'custom-personal') -%}
8
{% set slave_frontend_iguid = slave_frontend_dict.get('instance-guid', '') -%}
9 10
{% set WEBSOCKET_FRONTEND_DEFAULT_SR = 'http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg' %}
{% set WEBSOCKET_FRONTEND_DEFAULT_ST = 'RootSoftwareInstance' %}
11
{% set kvm_instance_dict = {} -%}
12
{% set kvm_hostname_list = [] -%}
13
{% set monitor_base_url_dict = {} -%}
14

15 16 17 18 19 20 21
{% macro setconfig(name, value) -%}
{# will set a config-name = value if value is not empty -#}
{% if value and value != '' -%}
config-{{ name }} = {{ dumps(value) }}
{% endif -%}
{% endmacro -%}

22 23 24 25 26
[slap-network-information]
global-ipv6 = {{ ipv6 }}

[slap-parameter]
{% for k, v in slapparameter_dict.items() -%}
27 28 29
{%-   if k == 'namebase' %}
{{ k }} = {{ v }}
{%-   else %}
30
{{ k }} = {{ dumps(v) }}
31
{%-   endif %}
32 33
{% endfor -%}

34 35 36 37 38 39 40 41 42 43 44 45
[request-common]
software-url = ${slap-connection:software-release-url}
server-url = ${slap-connection:server-url}
key-file = ${slap-connection:key-file}
cert-file = ${slap-connection:cert-file}
computer-id = ${slap-connection:computer-id}
partition-id = ${slap-connection:partition-id}
config-use-ipv6 = {{ dumps(slapparameter_dict.get('use-ipv6', False)) }}

# Request kvm instances
{% for instance_name, kvm_parameter_dict in slapparameter_dict.get('kvm-partition-dict', {'kvm-default': {}}).items() -%}
{% set section = 'request-' ~ instance_name -%}
46
{% set use_nat = kvm_parameter_dict.get('use-nat', True) -%}
47 48
[{{ section }}]
<= request-common
49
recipe = slapos.cookbook:request.serialised
50 51
software-type = kvm
name = {{ instance_name }}
52
{% if kvm_parameter_dict.get('sticky-computer', '') -%}
53
sla-computer_guid = ${slap-connection:computer-id}
54
{% else -%}
55
sla-computer_guid = {{ dumps(kvm_parameter_dict.get('computer-guid', '')) }}
56 57
{% endif -%}

58 59
sla-network_guid = {{ dumps(kvm_parameter_dict.get('network-guid', '')) }}
sla-project_guid = {{ dumps(kvm_parameter_dict.get('project-guid', '')) }}
60 61 62
{% if kvm_parameter_dict.get('state', '') == 'stopped' -%}
state = stopped
{% endif -%}
63

64 65 66 67 68 69 70 71 72 73
config-frontend-instance-name = {{ instance_name ~ ' VNC Real Frontend' }}
{{ setconfig('frontend-software-url', frontend_dict.get('frontend-software-url', WEBSOCKET_FRONTEND_DEFAULT_SR)) }}
{{ setconfig('frontend-software-type', frontend_dict.get('frontend-software-type', WEBSOCKET_FRONTEND_DEFAULT_ST)) }}
{{ setconfig('frontend-instance-guid', frontend_dict.get('frontend-instance-guid', '')) }}

config-frontend-additional-instance-name = {{ instance_name ~ ' VNC Real Frontend Additional' }}
{{ setconfig('frontend-additional-software-url', frontend_dict.get('frontend-additional-software-url', WEBSOCKET_FRONTEND_DEFAULT_SR)) }}
{{ setconfig('frontend-additional-software-type', frontend_dict.get('frontend-additional-software-type', WEBSOCKET_FRONTEND_DEFAULT_ST)) }}
{{ setconfig('frontend-additional-instance-guid', frontend_dict.get('frontend-additional-instance-guid', '')) }}

74
config-name = {{ instance_name }}
75 76
{% if slapparameter_dict.get('authorized-keys', []) -%}
config-authorized-key = {{ dumps(slapparameter_dict.get('authorized-keys') | join('\n')) }}
77
{% endif -%}
78 79
config-nbd-port = {{ dumps(kvm_parameter_dict.get('nbd-port', 1024)) }}
config-nbd2-port = {{ dumps(kvm_parameter_dict.get('nbd-port2', 1024)) }}
80 81
config-ram-size = {{ dumps(kvm_parameter_dict.get('ram-size', 4096)) }}
config-ram-max-size = {{ dumps(kvm_parameter_dict.get('ram-max-size', int(kvm_parameter_dict.get('ram-size', 4096)) + 512)) }}
82 83
config-enable-device-hotplug = {{ dumps(kvm_parameter_dict.get('enable-device-hotplug', False)) }}
config-ram-hotplug-slot-size = {{ dumps(kvm_parameter_dict.get('ram-hotplug-slot-size', 512)) }}
84
config-disk-size = {{ dumps(kvm_parameter_dict.get('disk-size', 40)) }}
85
config-disk-type = {{ dumps(kvm_parameter_dict.get('disk-type', 'virtio')) }}
86
config-disk-format = {{ dumps(kvm_parameter_dict.get('disk-format', 'qcow2')) }}
87
config-cpu-count = {{ dumps(kvm_parameter_dict.get('cpu-count', 2)) }}
88
config-cpu-max-count = {{ dumps(kvm_parameter_dict.get('cpu-max-count', int(kvm_parameter_dict.get('cpu-count', 2)) + 1)) }}
89
config-network-adapter = {{ dumps(kvm_parameter_dict.get('network-adapter', 'virtio-net-pci')) }}
90
{{ setconfig('numa', kvm_parameter_dict.get('numa', '')) }}
91
{{ setconfig('machine-options', kvm_parameter_dict.get('machine-options', '')) }}
92 93 94
{{ setconfig('nbd-host', kvm_parameter_dict.get('nbd-host', '')) }}
{{ setconfig('host2', kvm_parameter_dict.get('host2', '')) }}

95
config-auto-ballooning = {{ dumps(kvm_parameter_dict.get('auto-ballooning', True)) }}
96 97
{{ setconfig('disk-cache', kvm_parameter_dict.get('disk-cache', '')) }}
{{ setconfig('disk-aio', kvm_parameter_dict.get('disk-aio', '')) }}
98
{{ setconfig('cpu-model', kvm_parameter_dict.get('cpu-model', 'host')) }}
99
{{ setconfig('disk-cache', kvm_parameter_dict.get('disk-cache', '')) }}
100
{{ setconfig('disk-device-path', kvm_parameter_dict.get('disk-device-path', '')) }}
101

102 103 104 105 106 107 108 109 110
{# Note: dirty_nat_rules_list is cleaned up later, as the UI generated by JSON schema #}
{#       gives freedom to the user to enter values separated by spaces and newlines #}
{#       but on UI level they are only supported when separated by newlines, which #}
{#       leads to cryptic failures of the cluster #}
{% set dirty_nat_rules_list = kvm_parameter_dict.get('nat-rules', []) -%}
{% set nat_rules_list = [] %}
{% for nat_rule in dirty_nat_rules_list %}
{%   do nat_rules_list.extend(nat_rule.split()) %}
{% endfor %}
111
{{ setconfig('nat-rules', nat_rules_list | join(' ')) }}
112
config-publish-nat-url = True
113
config-use-nat = {{ dumps(use_nat) }}
114
config-use-tap = {{ dumps(kvm_parameter_dict.get('use-tap', True)) }}
115
config-nat-restrict-mode = {{ dumps(kvm_parameter_dict.get('nat-restrict-mode', False)) }}
116
config-enable-vhost = {{ dumps(kvm_parameter_dict.get('enable-vhost', False)) }}
117 118
{{ setconfig('virtual-hard-drive-url', kvm_parameter_dict.get('virtual-hard-drive-url', '')) }}
{{ setconfig('virtual-hard-drive-md5sum', kvm_parameter_dict.get('virtual-hard-drive-md5sum', '')) }}
119
config-virtual-hard-drive-gzipped = {{ dumps(kvm_parameter_dict.get('virtual-hard-drive-gzipped', False)) }}
120
config-hard-drive-url-check-certificate = {{ dumps(kvm_parameter_dict.get('hard-drive-url-check-certificate', True)) }}
121 122
config-external-disk-number = {{ dumps(kvm_parameter_dict.get('external-disk-number', 0)) }}
config-external-disk-size = {{ dumps(kvm_parameter_dict.get('external-disk-size', 20)) }}
123
config-external-disk-format = {{ dumps(kvm_parameter_dict.get('external-disk-format', 'qcow2')) }}
124 125
config-enable-http-server = {{ dumps(kvm_parameter_dict.get('enable-http-server', True)) }}
config-httpd-port = {{ dumps(kvm_parameter_dict.get('httpd-port', 8081)) }}
126 127 128

{{ setconfig('data-to-vm', kvm_parameter_dict.get('data-to-vm', '')) }}

129
config-disable-ansible-promise = {{ dumps(kvm_parameter_dict.get('disable-ansible-promise', False)) }}
130
config-monitor-cors-domains = {{ slapparameter_dict.get('monitor-cors-domains', 'monitor.app.officejs.com') }}
131
config-monitor-username = ${monitor-instance-parameter:username}
132
config-monitor-password = ${publish-early:monitor-password}
133 134 135 136 137
# Enable disk wipe options
{% if kvm_parameter_dict.get('wipe-disk-ondestroy', False) -%}
config-wipe-disk-ondestroy = True
config-wipe-disk-iterations = {{ dumps(kvm_parameter_dict.get('wipe-disk-iterations', 1)) }}
{% endif -%}
138
# Enable simple http server on ipv6 so all VMs will access it
139 140 141
config-document-host = ${apache-conf:ip}
config-document-port = ${apache-conf:port}
config-document-path = ${hash-code:passwd}
142
{%- for k in ['boot-image-url-list', 'boot-image-url-select', 'whitelist-domains'] %}
143 144 145 146 147 148
{#-   play nice - use parameter only if present #}
{%-   if k in kvm_parameter_dict %}
{#-     play safe - dumps value #}
config-{{ k }} = {{ dumps(kvm_parameter_dict[k]) }}
{%-   endif %}
{%- endfor %}
149
config-type = cluster
150

151 152 153 154 155
{% set bootstrap_script_url = slapparameter_dict.get('bootstrap-script-url', kvm_parameter_dict.get('bootstrap-script-url', '')) -%}
{% if bootstrap_script_url -%}
config-bootstrap-script-url = {{ bootstrap_script_url }}
{% endif -%}

156 157 158 159 160
{% set authorized_source_list = slapparameter_dict.get('fw-authorized-sources', []) -%}
{% set rejected_source_list = slapparameter_dict.get('fw-reject-sources', []) -%}
sla-fw_authorized_sources = {{ authorized_source_list | join(' ') }}
sla-fw_rejected_sources = {{ rejected_source_list | join(' ') }}
sla-fw_restricted_access = {{ dumps(slapparameter_dict.get('fw-restricted-access', 'off')) }}
161

162
return =
163
  url
164
{% if frontend_dict.get('frontend-additional-instance-guid') %}
165 166
  url-additional
{% endif %}
167
  backend-url
168
{% if use_nat -%}
169
{%   for port in nat_rules_list -%}
170 171 172 173 174 175
{%     if ':' in port -%}
{%       set proto, port = port.split(':') -%}
{%     else -%}
{%       set proto, port = 'tcp', port -%}
{%     endif -%}
{{ '  ' }}nat-rule-url-{{proto}}-{{ port }}
176 177
{%   endfor -%}
{% endif -%}
178
{{ '  ' }}monitor-base-url
179
{% if str(kvm_parameter_dict.get('use-tap', 'True')).lower() == 'true' -%}
180
{{ '  ' }}tap-ipv4
181 182
{{ '  ' }}tap-ipv6
{{ '  ' }}ipv6-network-info
183

184
{% do publish_dict.__setitem__(instance_name ~ '-ipv4', '${' ~ section ~ ':connection-tap-ipv4}') -%}
185
{% do publish_dict.__setitem__(instance_name ~ '-ipv6', '${' ~ section ~ ':connection-tap-ipv6}') -%}
186
{% do publish_dict.__setitem__(instance_name ~ '-ipv6-info', '${' ~ section ~ ':connection-ipv6-network-info}') -%}
187
{% do kvm_hostname_list.append(instance_name ~ ' ' ~ '${' ~ section ~ ':connection-tap-ipv4}') -%}
188
{% endif -%}
189
{% do monitor_base_url_dict.__setitem__(instance_name, '${' ~ section ~ ':connection-monitor-base-url}') -%}
190 191
{% do publish_dict.__setitem__(instance_name ~ '-backend-url', '${' ~ section ~ ':connection-backend-url}') -%}
{% do publish_dict.__setitem__(instance_name ~ '-url', '${' ~ section ~ ':connection-url}') -%}
192
{% if frontend_dict.get('frontend-additional-instance-guid') %}
193 194
{% do publish_dict.__setitem__(instance_name ~ '-url-additional', '${' ~ section ~ ':connection-url-additional}') -%}
{% endif %}
195
{% do kvm_instance_dict.__setitem__(instance_name, (use_nat, nat_rules_list)) -%}
196 197 198 199 200 201 202 203 204 205
{% endfor %}


#request custom kvm frontend
{% for frontend_name, frontend_parameter_dict in slave_frontend_dict.get('slave-frontend-dict', {}).items() -%}
{%   set name = frontend_name -%}
{%   set url = frontend_parameter_dict.get('url', '') -%}
{%   set error = '' -%}
{%   if frontend_parameter_dict.get('kvm-partition-name', '') != '' -%}
{%     set kvm_name = frontend_parameter_dict['kvm-partition-name'] -%}
206
{%     set service_port = str(frontend_parameter_dict['service-port']) -%}
207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224
{%     if kvm_name in kvm_instance_dict.keys()  and not kvm_instance_dict[kvm_name][0] -%}
{%       set error = "You should set parameter use-nat to 'true' for '" ~ kvm_name ~ "', or provide url to use for frontend." -%}
{%     elif kvm_name in kvm_instance_dict.keys() and service_port in kvm_instance_dict[kvm_name][1] -%}
{%       set url = '${request-' ~ kvm_name ~ ':connection-nat-rule-url-' ~ service_port ~ '}' -%}
{%       set url = frontend_parameter_dict.get('url-scheme', 'http') ~ '://' ~ url -%}
{%     else -%}
{%       set error = kvm_name ~ " and/or port " ~ service_port ~ " doesn't match any KVM name and/or related nat-rules in your request parameters." -%}
{%     endif -%}
{%   endif -%}
{%   set section = 'request-' ~ name ~ '-slave-frontend' -%}
[{{ section }}]
<= request-common
recipe = slapos.cookbook:request
software-url = {{ slave_frontend_sr }}
name = Frontend {{ name }}
software-type = {{ slave_frontend_stype }}
slave = true
config-url = {{ url }}
225
{{ setconfig('custom_domain', kvm_parameter_dict.get('domain', '')) }}
226 227 228 229 230 231 232 233
config-enable_cache = {{ dumps(frontend_parameter_dict.get('enable-cache', False)) }}
config-https-only = {{ dumps(frontend_parameter_dict.get('https-only', False)) }}
{%  if frontend_parameter_dict.get('type', '') -%}
config-type = {{ dumps(frontend_parameter_dict['type']) }}
{%    if frontend_parameter_dict.get('path', '') -%}
config-path = {{ dumps(frontend_parameter_dict['path']) }}
{%    endif -%}
{%  endif -%}
234
return =
235 236 237 238 239 240
  site_url
sla-instance_guid = {{ slave_frontend_iguid }}
{%   do publish_dict.__setitem__(name ~ '-url', '${' ~ section ~ ':connection-site_url}') -%}
{%   if error != '' -%}
{%     do publish_dict.__setitem__('1_error', error) -%}
{%   endif -%}
241 242
{% endfor %}

243
# Enable simple http server on ipv6 so all VMs will access it
244 245 246 247 248
[hash-code]
recipe = slapos.cookbook:generate.password
storage-path = ${directory:etc}/code
bytes = 24

249 250 251 252 253 254 255 256 257
[directory]
recipe = slapos.cookbook:mkdirectory
etc = ${buildout:directory}/etc
bin = ${buildout:directory}/bin
srv = ${buildout:directory}/srv
var = ${buildout:directory}/var
log = ${:var}/log
scripts = ${:etc}/run
services = ${:etc}/service
258
webroot = ${:srv}/document
259 260
ssl = ${:etc}/ssl

261 262 263 264 265 266 267 268
[directory-doc]
recipe = slapos.cookbook:mkdirectory
document = ${directory:webroot}/${hash-code:passwd}

[apache-conf]
denied-root-access = true
root = ${directory:webroot}/
index = ${directory:webroot}/${hash-code:passwd}
269
port = 9002
270 271 272

{% if len(kvm_hostname_list) -%}
{%   do part_list.append('write-vm-hostname') -%}
273 274
[write-vm-hostname]
recipe = slapos.recipe.template:jinja2
275
url = {{ template_content }}
276
filename = hosts
277
output = ${directory:webroot}/${hash-code:passwd}/${:filename}
278 279 280
context =
    raw content_list {{ kvm_hostname_list | join('#') }}
    raw sep #
281
{% endif -%}
282

283 284 285 286 287 288 289 290 291 292 293 294 295
{% macro writefile(section_name, file_path, content, mode='') -%}
{% do part_list.append(section_name) -%}
{% set data_list =  content.split('\n') -%}
[{{ section_name }}]
recipe = collective.recipe.template
input = inline:
  {{ data_list | join('\n  ') }}
output = {{ file_path }}
mode = {{ mode }}
{% endmacro -%}

# write cluster-data into file public/data
{% if slapparameter_dict.get('cluster-data', '') -%}
296
{{ writefile('cluster-data-content', '${directory:webroot}/${hash-code:passwd}/data', slapparameter_dict.get('cluster-data', ''), '700') }}
297 298
{% endif -%}

299 300 301 302 303
[publish-early]
recipe = slapos.cookbook:publish-early
-init =
  monitor-password monitor-htpasswd:passwd

304 305
[monitor-instance-parameter]
monitor-httpd-port = 8060
306
cors-domains = {{ slapparameter_dict.get('monitor-cors-domains', 'monitor.app.officejs.com') }}
307
username = admin
308
password = ${publish-early:monitor-password}
309

310 311 312
[monitor-base-url-dict]
{% for key, value in monitor_base_url_dict.items() -%}
{{ key }} = {{ value }}
313
{% endfor %}
314 315

[monitor-conf-parameters]
316
private-path-list +=
317 318
  ${directory:webroot}/

319
[publish-connection-information]
320
<= monitor-publish
321
-extends = publish-early
322
recipe = slapos.cookbook:publish.serialised
323 324 325
{% for name, value in publish_dict.items() -%}
{{   name }} = {{ value }}
{% endfor %}
326
{% do part_list.append('monitor-base') -%}
327

328
[buildout]
329
extends =
330
  {{ template_httpd_cfg }}
331
{{ '  ' ~ template_monitor }}
332

333
parts =
334
  httpd
335
  httpd-graceful
336
  httpd-promise
337
  publish-connection-information
338
  directory-doc
339

340 341
# Complete parts with sections
  {{ part_list | join('\n  ') }}
342

343 344
eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}
345
offline = true