monitor.cfg.in 8.61 KB
Newer Older
1 2 3 4 5 6 7 8
[slap-parameters]
recipe = slapos.cookbook:slapconfiguration
computer = $${slap-connection:computer-id}
partition = $${slap-connection:partition-id}
url = $${slap-connection:server-url}
key = $${slap-connection:key-file}
cert = $${slap-connection:cert-file}

9
[monitor-parameters]
10
monitor-dir = $${directory:var}/monitor
11 12 13
result-dir = $${:monitor-dir}/bool
json-filename = monitor.json
json-path = $${:monitor-dir}/$${:json-filename}
14
rss-path = $${:monitoring-cgi}/$${:rss-filename}
15
rss-filename = rssfeed.html
16
executable = $${directory:bin}/monitor.py
17 18 19
cgi-bin = $${directory:cgi-bin}
monitoring-cgi = $${directory:monitoring-cgi}
knowledge0-cgi = $${directory:knowledge0-cgi}
20
access-url = https://[$${cgi-httpd-configuration-file:listening-ip}]:$${:port}
21
port = 9685
22

23 24 25 26
[directory]
home = $${buildout:directory}
etc = $${:home}/etc
bin = $${:home}/bin
27
srv = $${:home}/srv
28
var = $${:home}/var
29

30
promises = $${:etc}/promise
31
ca-dir = $${:srv}/ssl
32 33 34
cgi-bin = $${:var}/cgi-bin
monitoring-cgi = $${:cgi-bin}/monitoring
knowledge0-cgi = $${:cgi-bin}/zero-knowledge
35 36 37 38 39
cron-entries = $${:etc}/cron.d
crontabs = $${:etc}/crontabs
cronstamps = $${:etc}/cronstamps
log = $${:var}/log
monitor = $${:etc}/monitor
40
monitor-result = $${monitor-parameters:monitor-dir}
41
monitor-result-bool = $${monitor-parameters:result-dir}
42
promise = $${:etc}/promise
43
run = $${:var}/run
44 45 46
service = $${:etc}/service/
tmp = $${:home}/tmp
www = $${:var}/www
47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66

[cron]
recipe = slapos.cookbook:cron
dcrond-binary = ${dcron:location}/sbin/crond
cron-entries = $${directory:cron-entries}
crontabs = $${directory:crontabs}
cronstamps = $${directory:cronstamps}
catcher = $${cron-simplelogger:wrapper}
binary = $${directory:service}/crond

# Add log to cron
[cron-simplelogger]
recipe = slapos.cookbook:simplelogger
wrapper = $${directory:bin}/cron_simplelogger
log = $${directory:log}/cron.log

[cron-entry-monitor]
<= cron
recipe = slapos.cookbook:cron.d
name = launch-monitor
67
frequency = */5 * * * *
68
command = $${monitor-parameters:executable} -a
69 70 71 72 73

[cron-entry-rss]
<= cron
recipe = slapos.cookbook:cron.d
name = build-rss
74
frequency = */5 * * * *
75 76
command = $${make-rss:output}

77 78 79 80 81 82 83 84 85
[setup-static-files]
recipe = hexagonit.recipe.download
url = ${download-static-files:destination}/${download-static-files:filename}
#md5sum = 628072e7212db1e8cdacb22b21752cda
filename = static
destination = $${directory:www}
ignore-existing = true
mode = 0644

86
[deploy-index]
87
recipe = slapos.recipe.template:jinja2
88
template = ${index:location}/${index:filename}
89
rendered = $${directory:www}/$${:filename}
90
filename = index.cgi
91 92
mode = 0744
context =
93 94 95 96
  key cgi_directory monitor-parameters:cgi-bin
  raw index_template $${deploy-index-template:location}/$${deploy-index-template:filename}
  key password zero-parameters:monitor-password
  raw extra_eggs_interpreter ${buildout:directory}/bin/${extra-eggs:interpreter}
97
  raw default_page /index.cgi?script=$${monitor-parameters:knowledge0-cgi}%2F$${deploy-settings-cgi:filename}
98 99 100 101 102 103 104 105 106

[deploy-index-template]
recipe = hexagonit.recipe.download
url = ${index-template:location}/$${:filename}
destination = $${directory:www}
filename = ${index-template:filename}
download-only = true
#md5sum = 
mode = 0644
107 108 109 110

[deploy-status-cgi]
recipe = slapos.recipe.template:jinja2
template = ${status-cgi:location}/${status-cgi:filename}
111
rendered = $${monitor-parameters:monitoring-cgi}/$${:filename}
112
filename = status.cgi
113 114 115
mode = 0744
context =
  key json_file monitor-parameters:json-path
116
  raw python_executable ${buildout:executable}
117

118
[deploy-settings-cgi]
119
recipe = slapos.recipe.template:jinja2
120
template = ${settings-cgi:location}/${settings-cgi:filename}
121
rendered = $${monitor-parameters:knowledge0-cgi}/$${:filename}
122
filename = settings.cgi
123 124 125 126
mode = 0744
context =
  raw config_cfg $${buildout:directory}/knowledge0.cfg
  raw python_executable ${buildout:executable}
127
  key pwd monitor-parameters:knowledge0-cgi
128
  key this_file :filename
129

130 131 132
[deploy-monitor-script]
recipe = slapos.recipe.template:jinja2
template = ${monitor-bin:location}/${monitor-bin:filename}
133
rendered = $${monitor-parameters:executable}
134 135 136
mode = 0744
context =
  section directory directory
137 138
  key monitoring_file_json monitor-parameters:json-path
  key monitoring_folder_bool monitor-parameters:result-dir
139
  raw python_executable ${buildout:executable}
140 141 142 143 144 145 146 147 148 149 150 151 152 153 154
  
[deploy-rss-script]
recipe = hexagonit.recipe.download
url = ${rss-bin:destination}/${rss-bin:filename}
destination = $${directory:bin}
filename = ${rss-bin:filename}
#md5sum =
mode = 0744
download-only = true

[make-rss]
recipe = slapos.recipe.template
url = ${make-rss-script:output}
output = $${directory:bin}/make-rss.sh
#md5sum = 
155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175
mode = 0744

[cadirectory]
recipe = slapos.cookbook:mkdirectory
requests = $${directory:ca-dir}/requests/
private = $${directory:ca-dir}/private/
certs = $${directory:ca-dir}/certs/
newcerts = $${directory:ca-dir}/newcerts/
crl = $${directory:ca-dir}/crl/

[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = ${openssl:location}/bin/openssl
ca-dir = $${directory:ca-dir}
requests-directory = $${cadirectory:requests}
wrapper = $${directory:service}/certificate_authority
ca-private = $${cadirectory:private}
ca-certs = $${cadirectory:certs}
ca-newcerts = $${cadirectory:newcerts}
ca-crl = $${cadirectory:crl}

176 177 178 179 180
[ca-httpd]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = $${cadirectory:certs}/httpd.key
cert-file = $${cadirectory:certs}/httpd.crt
181
executable = $${directory:bin}/cgi-httpd
182 183 184 185
wrapper = $${directory:service}/cgi-httpd
# Put domain name
name = example.com

186 187 188
###########
# Deploy a webserver running cgi scripts for monitoring
###########
189 190 191
[public]
recipe = slapos.cookbook:zeroknown.write
filename = knowledge0.cfg
192
monitor-password = passwordtochange
193 194 195 196

[zero-parameters]
recipe = slapos.cookbook:zeroknown.read
filename = $${public:filename}
197 198 199 200 201 202

# XXX could it be something lighter?
[cgi-httpd-configuration-file]
recipe = collective.recipe.template
input = inline:
  PidFile "$${:pid-file}"
203
  ServerName example.com
204
  ServerAdmin someone@email
205
  <IfDefine !MonitorPort>
206
  Listen [$${:listening-ip}]:$${monitor-parameters:port}
207 208
  Define MonitorPort
  </IfDefine>
209 210 211 212 213 214 215 216 217
  DocumentRoot "$${:document-root}"
  ErrorLog "$${:error-log}"
  LoadModule unixd_module modules/mod_unixd.so
  LoadModule access_compat_module modules/mod_access_compat.so
  LoadModule authz_core_module modules/mod_authz_core.so
  LoadModule authz_host_module modules/mod_authz_host.so
  LoadModule mime_module modules/mod_mime.so
  LoadModule cgid_module modules/mod_cgid.so
  LoadModule dir_module modules/mod_dir.so
218 219
  LoadModule ssl_module modules/mod_ssl.so
  # SSL Configuration
220 221
  <IfDefine !SSLConfigured>
  Define SSLConfigured
222 223 224 225 226 227 228 229 230
  SSLCertificateFile $${ca-httpd:cert-file}
  SSLCertificateKeyFile $${ca-httpd:key-file}
  SSLRandomSeed startup builtin
  SSLRandomSeed connect builtin
  SSLRandomSeed startup /dev/urandom 256
  SSLRandomSeed connect builtin
  SSLProtocol -ALL +SSLv3 +TLSv1
  SSLHonorCipherOrder On
  SSLCipherSuite RC4-SHA:HIGH:!ADH
231
  </IfDefine> 
232
  SSLEngine   On
233 234
  ScriptSock $${:cgid-pid-file}
  <Directory $${:document-root}>
235 236 237
    SSLVerifyDepth    1
    SSLRequireSSL
    SSLOptions        +StrictRequire
238 239 240
    # XXX: security????
    Options +ExecCGI
    AddHandler cgi-script .cgi
241
    DirectoryIndex $${deploy-index:rendered}
242 243 244 245 246
  </Directory>
output = $${directory:etc}/cgi-httpd.conf
# md5sum =
listening-ip = $${slap-parameters:ipv6-random}
# XXX: randomize-me
247
htdocs = $${directory:www}
248 249
pid-file = $${directory:run}/cgi-httpd.pid
cgid-pid-file = $${directory:run}/cgi-httpd-cgid.pid
250
document-root = $${directory:www}
251 252
error-log = $${directory:log}/cgi-httpd-error-log

253 254 255 256 257 258 259 260 261 262 263 264
[monitor-frontend]
<= slap-connection
recipe = slapos.cookbook:requestoptional
name = Monitor Frontend
# XXX We have hardcoded SR URL here.
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
slave = true
config = url domain
config-url = $${monitor-parameters:access-url}
config-domain = $${slap-parameter:frontend-domain}
return = site_url domain

265 266 267 268
[cgi-httpd-wrapper]
recipe = slapos.cookbook:wrapper
apache-executable = ${apache:location}/bin/httpd
command-line = $${:apache-executable} -f $${cgi-httpd-configuration-file:output} -DFOREGROUND
269
wrapper-path = $${ca-httpd:executable}
270

271 272 273
[monitor-promise]
recipe = slapos.cookbook:check_url_available
path = $${directory:promises}/monitor
274
url = $${monitor-parameters:access-url}/$${deploy-index:filename}
275 276 277 278
check-secure = 1
dash_path = ${dash:location}/bin/dash
curl_path = ${curl:location}/bin/curl

279
[publish-connection-informations]
280
recipe = slapos.cookbook:publish
281
monitor_url = https://$${monitor-frontend:connection-domain}/index.cgi
282
IMPORTANT_monitor_info = change the monitor_password as soon as possible ! Default is : $${public:monitor-password}