instance-runner.cfg 27.8 KB
Newer Older
1 2
[buildout]
parts =
3 4 5 6
  nginx_conf
  nginx-launcher
  certificate-authority
  ca-nginx
7 8
  gunicorn-launcher
  gunicorn-graceful
9
  publish-connection-information
10
  slaprunner-promise
11
  apache-httpd-promise
12
  slaprunner-supervisord-wrapper
13 14 15
  runner-sshd-add-authorized-key
  runner-sshd-graceful
  runner-sshd-promise
16 17
  runner-sshkeys-authority
  runner-sshkeys-sshd
18
  runtestsuite
19
  symlinks
20
  shellinabox
21
  slapos-cfg
22
  cron-entry-prepare-software
23
  deploy-instance-parameters
24
  instance-software
25
  instance-software-type
26
  minishell-cwd
27
  bash-profile
28
  supervisord-wrapper
29
  supervisord-promise
30
  httpd-graceful-wrapper
31 32 33 34
{% if slapparameter_dict.get('no-ipv4-frontend', 'false') == 'false' %}
  slaprunner-frontend-promise
  httpd-frontend-promise
{% endif %}
35
{% if slapparameter_dict.get('custom-frontend-backend-url') and slapparameter_dict.get('check-custom-frontend-promise', 'false') == 'true' %}
36 37
  custom-frontend-promise
{% endif %}
38
## Monitoring part
39
  monitor-base
40
  monitor-check-webrunner-internal-instance
41

42
extends = ${monitor2-template:rendered}
43 44 45 46 47

eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true

48 49
{% if slapparameter_dict.get('custom-frontend-backend-url') -%}
[request-custom-frontend]
50
recipe = slapos.cookbook:requestoptional
51
software-url = {{ slapparameter_dict.get('custom-frontend-software-url', 'http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg') }}
52 53 54 55
software-type = {{ slapparameter_dict.get('custom-frontend-software-type', 'RootSoftwareInstance') }}
slave = true
name = Custom Web Frontend

56 57 58 59 60
server-url = $${slap-connection:server-url}
key-file = $${slap-connection:key-file}
cert-file = $${slap-connection:cert-file}
computer-id = $${slap-connection:computer-id}
partition-id = $${slap-connection:partition-id}
61

62
{% if slapparameter_dict.get('custom-frontend-instance-guid') -%}
63
sla-instance_guid = $${slap-parameter:frontend-instance-guid}
64 65
{% endif -%}

66 67
{% set custom_frontend_backend_type = slapparameter_dict.get('custom-frontend-backend-type') -%}
{% if custom_frontend_backend_type -%}
68 69
config-type = {{ custom_frontend_backend_type }}
{% endif -%}
70
config-url = {{ slapparameter_dict.get('custom-frontend-backend-url') }}
71
return = site_url domain
72 73 74

[custom-frontend-promise]
recipe = slapos.cookbook:check_url_available
75 76 77 78 79
path = $${directory:promises}/custom_frontend_promise
url = https://$${request-custom-frontend:connection-domain}
{% if slapparameter_dict.get('custom-frontend-basic-auth') -%}
check-secure = 1
{% endif -%}
80 81 82
dash_path = {{ dash_executable_location }}
curl_path = {{ curl_executable_location }}

83
[publish-connection-information]
84
custom-frontend-url = https://$${request-custom-frontend:connection-domain}
85
{% endif %}
86

87
# Create all needed directories
88
[directory]
89
recipe = slapos.cookbook:mkdirectory
90 91 92 93 94 95
home = $${buildout:directory}
etc = $${:home}/etc/
var = $${:home}/var/
srv = $${:home}/srv/
bin = $${:home}/bin/
tmp = $${:home}/tmp/
96

97 98 99 100 101 102 103 104 105
sshkeys = $${:srv}/sshkeys
services = $${:etc}/service/
scripts = $${:etc}/run/
ssh = $${:etc}/ssh/
log = $${:var}/log/
run = $${:var}/run/
backup = $${:srv}/backup/
promises = $${:etc}/promise/
test = $${:etc}/test/
106
nginx-data = $${:srv}/nginx
107
ca-dir = $${:srv}/ssl
108
project = $${:srv}/runner/project
109
cgi-bin = $${:srv}/cgi-bin
110 111 112

[runnerdirectory]
recipe = slapos.cookbook:mkdirectory
113 114
home = $${directory:srv}/runner/
test = $${directory:srv}/test/
115
project = $${:home}/project
116
public = $${:home}/public
117 118
software-root = $${:home}/software
instance-root = $${:home}/instance
119 120 121
project-test = $${:test}/project
software-test = $${:test}/software
instance-test = $${:test}/instance
122
sessions = $${buildout:directory}/.sessions
123 124
private-project = $${:home}/.git-private
public-project = $${:home}/.git-public
125 126

[slaprunner]
127
slaprunner = ${buildout:directory}/bin/slaprunner
128
slapos = ${buildout:directory}/bin/slapos
129 130
slapproxy = ${buildout:directory}/bin/slapproxy
supervisor = ${buildout:directory}/bin/slapgrid-supervisorctl
131
git-binary = ${git:location}/bin/git
132
root_check = false
133
slapos.cfg = $${directory:etc}/slapos.cfg
134 135
working-directory = $${runnerdirectory:home}
project-directory = $${runnerdirectory:project}
136 137
instance_root = $${runnerdirectory:instance-root}
software_root = $${runnerdirectory:software-root}
138
ssh_client = ${openssh:location}/bin/ssh
139 140
public_key = $${runner-sshd-raw-server:rsa-keyfile}.pub
private_key = $${runner-sshd-raw-server:rsa-keyfile}
141
instance-monitor-url = https://[$${:ipv6}]:$${monitor-parameters:port}
142 143 144
etc_dir = $${directory:etc}
log_dir =  $${directory:log}
run_dir = $${directory:run}
145 146
ipv4 = $${slap-network-information:local-ipv4}
ipv6 = $${slap-network-information:global-ipv6}
147
instance_root = $${runnerdirectory:instance-root}
148 149
proxy_port = 50000
runner_port = 50005
150
partition-amount = $${slap-parameter:instance-amount}
151
wrapper = $${directory:services}/slaprunner
152
debug = $${slap-parameter:debug}
153
access-url = https://[$${:ipv6}]:$${:runner_port}
154
supervisord_config = $${directory:etc}/supervisord.conf
155
supervisord_server = http://$${supervisord:server}
156
proxy_database = $${slaprunner:working-directory}/proxy.db
157 158 159
console = False
verbose = False
debug = False
160 161 162
auto_deploy = $${slap-parameter:auto-deploy}
auto_deploy_instance = $${slap-parameter:auto-deploy-instance}
autorun = $${slap-parameter:autorun}
163
knowledge0_file = $${monitor-instance-parameter:configuration-file-path}
164
minishell_cwd_file = $${directory:etc}/.minishell-cwd
165
minishell_history_file = $${directory:etc}/.minishell_history
166 167
software_info_json = $${runnerdirectory:home}/software_info.json
instance_info_json = $${runnerdirectory:home}/instance_info.json
168
path = $${shell:path}
169
instance_name = $${slap-parameter:instance-name}
170

171 172 173
default_repository = $${slap-parameter:slapos-repository}
default_repository_branch = $${slap-parameter:slapos-reference}

174 175 176 177 178 179 180 181 182 183 184

#---------------------------
#--
#-- supervisord managing slaprunner instance processes
[slaprunner-supervisord-wrapper]
recipe = slapos.cookbook:wrapper
# XXX hardcoded locations
command-line = $${buildout:directory}/bin/slapos node supervisord --cfg $${directory:etc}/slapos.cfg -n
wrapper-path = $${directory:services}/slaprunner-supervisord


185 186
[test-runner]
<= slaprunner
187
slapos.cfg = $${directory:etc}/slapos-test.cfg
188 189
working-directory = $${runnerdirectory:test}
project-directory = $${runnerdirectory:project-test}
190 191
software_root = $${runnerdirectory:software-test}
instance_root = $${runnerdirectory:instance-test}
192
proxy_port = 8602
193
etc_dir = $${directory:test}
194 195
autorun = False
auto_deploy = True
196

197 198 199
[runtestsuite]
recipe = slapos.cookbook:wrapper
command-line = ${buildout:directory}/bin/slaprunnertest
200
wrapper-path = $${directory:bin}/runTestSuite
201
environment = RUNNER_CONFIG=$${slapos-cfg:rendered}
202

203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219
# Deploy openssh-server
[runner-sshd-port]
recipe = slapos.cookbook:free_port
minimum = 22222
maximum = 22231
ip = $${slap-network-information:global-ipv6}

[runner-sshd-config]
recipe = slapos.recipe.template:jinja2
rendered = $${directory:etc}/runner-sshd.conf
path_pid = $${directory:run}/runner-sshd.pid
template = inline:
  PidFile $${:path_pid}
  Port $${runner-sshd-port:port}
  ListenAddress $${slap-network-information:global-ipv6}
  Protocol 2
  UsePrivilegeSeparation no
220
  HostKey $${directory:ssh}/server_key.rsa
221 222 223 224 225
  PasswordAuthentication no
  PubkeyAuthentication yes
  AuthorizedKeysFile $${buildout:directory}/.ssh/authorized_keys
  ForceCommand if [ -z "$SSH_ORIGINAL_COMMAND" ]; then ${bash:location}/bin/bash -l; else $SSH_ORIGINAL_COMMAND; fi

226
[runner-sshd-raw-server]
227
recipe = slapos.cookbook:wrapper
228 229 230
host = $${slap-network-information:global-ipv6}
rsa-keyfile = $${directory:ssh}/server_key.rsa
home = $${directory:ssh}
231
command-line = ${openssh:location}/sbin/sshd -D -e -f $${runner-sshd-config:rendered}
232 233 234 235 236 237 238 239 240 241 242 243 244 245 246
wrapper-path = $${directory:bin}/runner_raw_sshd

[runner-sshd-authorized-key]
<= runner-sshd-raw-server
recipe = slapos.cookbook:dropbear.add_authorized_key
key = $${slap-parameter:user-authorized-key}

[runner-sshd-server]
recipe = collective.recipe.template
log = $${basedirectory:log}/runner-sshd.log
input = inline:#!/bin/sh
    exec $${runner-sshd-raw-server:wrapper-path} >> $${:log} 2>&1

output = $${rootdirectory:bin}/runner_raw_sshd_log
mode = 700
247 248 249 250 251 252

[runner-sshd-graceful]
recipe = slapos.cookbook:wrapper
command-line = $${directory:bin}/killpidfromfile $${runner-sshd-config:path_pid} SIGHUP
wrapper-path = $${directory:scripts}/runner-sshd-graceful

253 254 255 256 257 258 259 260 261 262 263 264 265 266 267
[sshkeys-directory]
recipe = slapos.cookbook:mkdirectory
requests = $${directory:sshkeys}/requests/
keys = $${directory:sshkeys}/keys/

[runner-sshkeys-authority]
recipe = slapos.cookbook:sshkeys_authority
request-directory = $${sshkeys-directory:requests}
keys-directory = $${sshkeys-directory:keys}
wrapper = $${directory:services}/sshkeys_authority
keygen-binary = ${openssh:location}/bin/ssh-keygen

[runner-sshkeys-sshd]
<= runner-sshkeys-authority
recipe = slapos.cookbook:sshkeys_authority.request
268
name = sshd
269 270 271 272 273 274
type = rsa
executable = $${runner-sshd-server:output}
public-key = $${runner-sshd-raw-server:rsa-keyfile}.pub
private-key = $${runner-sshd-raw-server:rsa-keyfile}
wrapper = $${directory:services}/runner-sshd

275
[runner-sshd-add-authorized-key]
276
recipe = slapos.cookbook:dropbear.add_authorized_key
277
home = $${buildout:directory}
278
key = $${slap-parameter:user-authorized-key}
279

280
#---------------------------
281
#--
282 283
#-- Set nginx frontend

284 285 286 287 288 289 290 291 292 293
[tempdirectory]
recipe = slapos.cookbook:mkdirectory
client_body_temp_path = $${directory:tmp}/client_body_temp_path
proxy_temp_path = $${directory:tmp}/proxy_temp_path
fastcgi_temp_path = $${directory:tmp}/fastcgi_temp_path
uwsgi_temp_path = $${directory:tmp}/uwsgi_temp_path
scgi_temp_path = $${directory:tmp}/scgi_temp_path

[nginx-frontend]
# Options
294
nb_workers = 5
295
# Network
296 297 298
local-ip = $${slap-network-information:local-ipv4}
global-ip = $${slap-network-information:global-ipv6}
global-port = $${slaprunner:runner_port}
299
# Backend
300 301
runner-ip = $${slaprunner:ipv4}
runner-port = $${slaprunner:runner_port}
302 303 304 305 306 307 308 309
# SSL
ssl-certificate = $${ca-nginx:cert-file}
ssl-key = $${ca-nginx:key-file}
# Log
path_pid = $${directory:run}/nginx.pid
path_log = $${directory:log}/nginx.log
path_access_log = $${directory:log}/nginx.access.log
path_error_log = $${directory:log}/nginx.error.log
310
path_tmp = $${directory:tmp}/
311
nginx_prefix = $${buildout:directory}
312 313 314
# Config files
path_nginx_conf = $${directory:etc}/nginx.conf
# Executables
315
bin_nginx = ${nginx-webdav:location}/sbin/nginx
316
bin_launcher = $${directory:bin}/launcher
317 318
# Utils
path_shell = ${dash:location}/bin/dash
319 320
# Misc.
etc_dir = $${directory:etc}
321
work_dir = $${slaprunner:working-directory}
322 323 324 325 326 327

[nginx_conf]
recipe = slapos.recipe.template:jinja2
template = ${template_nginx_conf:location}/${template_nginx_conf:filename}
rendered = $${nginx-frontend:path_nginx_conf}
context =
328
    key shellinabox_socket shellinabox:socket
329
    key socket gunicorn:socket
330 331 332 333 334 335 336 337 338 339 340
    section param_nginx_frontend nginx-frontend
    section param_tempdir tempdirectory

[nginx-launcher]
recipe = slapos.recipe.template:jinja2
template = ${template_launcher:location}/${template_launcher:filename}
rendered = $${nginx-frontend:bin_launcher}
mode = 700
context =
    section param_nginx_frontend nginx-frontend

341
[httpd-parameters]
342 343 344 345 346 347
path_pid = $${directory:run}/httpd.pid
path_error_log = $${directory:log}/httpd-error.log
path_access_log = $${directory:log}/httpd-access.log
# XXX Use ca-nginx, no need to regenerate certificate
cert_file = $${ca-nginx:cert-file}
key_file = $${ca-nginx:key-file}
348
global_ip = $${slap-network-information:global-ipv6}
349
global_port = $${slap-parameter:slaprunner-httpd-port}
350 351
working_directory = $${slaprunner:working-directory}
dav_lock = $${directory:var}/WebDavLock
352
htpasswd_file = $${directory:etc}/.htpasswd
353
etc_dir = $${directory:etc}
354 355
var_dir = $${directory:var}
project_folder = $${directory:project}
356
project_private_folder = $${runnerdirectory:private-project}
357
project_public_folder = $${runnerdirectory:public-project}
358
runner_home = $${runnerdirectory:home}
359
git_http_backend = ${git:location}/libexec/git-core/git-http-backend
360
cgid_sock = $${directory:run}/cgid.sock
361
#cgi_httpd_conf = $${monitor-httpd-configuration-file:rendered}
362
httpd_cors_file = $${slaprunner-httpd-cors:location}
363 364 365 366

[httpd-conf]
recipe = slapos.recipe.template:jinja2
template = ${template_httpd_conf:location}/${template_httpd_conf:filename}
367
rendered = $${directory:etc}/httpd.conf
368
context =
369 370
    section parameters httpd-parameters

371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403
[apache-httpd]
recipe = slapos.cookbook:wrapper
apache-executable = ${apache:location}/bin/httpd
wrapper-path = $${directory:services}/slaprunner-httpd
command-line = $${:apache-executable} -f $${httpd-conf:rendered} -DFOREGROUND
access-url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global_port}
wait-for-files =
  $${ca-nginx:cert-file}
  $${ca-nginx:key-file}

[httpd-graceful-wrapper]
recipe = collective.recipe.template
input = inline:
  #!/bin/sh
  exec kill -USR1 $(cat $${httpd-parameters:path_pid})
output = $${directory:scripts}/slaprunner-httpd-graceful
mode = 700

[apache-httpd-promise]
recipe = slapos.cookbook:check_url_available
path = $${directory:promises}/$${:filename}
filename = apache-httpd-listening-on-tcp
url = $${apache-httpd:access-url}
check-secure = 1
dash_path = {{ dash_executable_location }}
curl_path = {{ curl_executable_location }}

[slaprunner-httpd-cors]
recipe = plone.recipe.command
command = if [ ! -f $${:location} ]; then touch $${:location}; fi
location = $${directory:etc}/$${:filename}
filename = slaprunner-httpd-cors.cfg
stop-on-error = true
404

405 406 407 408
#--------------------
#--
#-- WSGI

409
[gunicorn]
410 411 412 413 414 415 416 417
bin_gunicorn = $${directory:bin}/gunicorn
bin_launcher = $${directory:services}/gunicorn
path_shell = ${dash:location}/bin/dash
socket = $${directory:tmp}/flaskserver.sock
path_pid = $${directory:run}/gunicorn.pid

[gunicorn-launcher]
recipe = slapos.cookbook:wrapper
418
command-line = $${gunicorn:bin_gunicorn} slapos.runner.run:app -p $${gunicorn:path_pid} -b unix:$${gunicorn:socket} -e RUNNER_CONFIG=$${slaprunner:slapos.cfg} --error-logfile $${directory:log}/$${:error-log-file} --timeout 200 --threads 3 --log-level error --preload
419
error-log-file = gunicorn-error.log
420
wrapper-path = $${gunicorn:bin_launcher}
421
environment = PATH=$${environ:PATH}:${git:location}/bin/
422
  RUNNER_CONFIG=$${slaprunner:slapos.cfg}
423
  LANG=en_GB.UTF-8
424 425 426

[gunicorn-graceful]
recipe = slapos.cookbook:wrapper
427
command-line = $${directory:bin}/killpidfromfile $${gunicorn:path_pid} SIGHUP
428 429
wrapper-path = $${directory:scripts}/gunicorn-graceful

430
#--------------------
431
#--
432
#-- ssl certificates
433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457

[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = ${openssl:location}/bin/openssl
ca-dir = $${directory:ca-dir}
requests-directory = $${cadirectory:requests}
wrapper = $${directory:services}/certificate_authority
ca-private = $${cadirectory:private}
ca-certs = $${cadirectory:certs}
ca-newcerts = $${cadirectory:newcerts}
ca-crl = $${cadirectory:crl}

[cadirectory]
recipe = slapos.cookbook:mkdirectory
requests = $${directory:ca-dir}/requests/
private = $${directory:ca-dir}/private/
certs = $${directory:ca-dir}/certs/
newcerts = $${directory:ca-dir}/newcerts/
crl = $${directory:ca-dir}/crl/

[ca-nginx]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = $${cadirectory:certs}/nginx_frontend.key
cert-file = $${cadirectory:certs}/nginx_frontend.crt
458 459
executable = $${nginx-launcher:rendered}
wrapper = $${directory:services}/nginx-frontend
460 461 462
# Put domain name
name = example.com

463
#--------------------
464 465
#--
#-- Request frontend
466

467
{% if slapparameter_dict.get('no-ipv4-frontend', 'false') == 'false' -%}
468 469
[request-frontend]
<= slap-connection
470
recipe = slapos.cookbook:requestoptional
471
name = SlapRunner Frontend
472
# XXX We have hardcoded SR URL here.
473
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
474
slave = true
475
config-url = $${slaprunner:access-url}
476
config-domain = $${slap-parameter:frontend-domain}
477
return = site_url domain
478

479 480 481 482 483 484 485 486
[slaprunner-frontend-promise]
recipe = slapos.cookbook:check_url_available
path = $${directory:promises}/slaprunner_frontend
url = https://$${request-frontend:connection-domain}/login
dash_path = ${dash:location}/bin/dash
curl_path = ${curl:location}/bin/curl
check-secure = 1

487 488 489
[request-httpd-frontend]
<= slap-connection
recipe = slapos.cookbook:requestoptional
490 491 492
# XXX - Unfortunately, we still call webrunner httpd frontend "Monitor Frontend" otherwise 
# buildout will ignore previous frontend that was created and create a new one (in case of upgrade)
name = Monitor Frontend
493 494 495 496 497 498 499 500 501 502 503 504 505 506 507
# XXX We have hardcoded SR URL here.
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
slave = true
config-url = $${apache-httpd:access-url}
config-domain = 
return = secure_access domain

[httpd-frontend-promise]
recipe = slapos.cookbook:check_url_available
path = $${directory:promises}/slaprunner-apache-http-frontend
url = $${request-httpd-frontend:connection-secure_access}
dash_path = {{ dash_executable_location }}
curl_path = {{ curl_executable_location }}
check-secure = 1

508
{% endif %}
509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527

[htpasswd]
recipe = slapos.cookbook:generate.password
storage-path = $${directory:etc}/.pwd
bytes = 8

[runner-htpasswd]
recipe = plone.recipe.command
stop-on-error = true
htpasswd-path = $${monitor-directory:etc}/.htpasswd
command = if [ ! -f "$${:htpasswd-path}" ]; then ${apache:location}//bin/htpasswd -cb $${:htpasswd-path} $${:user} $${:password}; fi
update-command = $${:command}
user = admin
{% if slapparameter_dict.get('monitor-password', '') -%}
password = {{ slapparameter_dict['monitor-password'] }}
{% else -%}
password = $${htpasswd:passwd}
{% endif -%}

528
#--------------------------------------
529
#--
530
#-- Send information to SlapOS Master
531

532
[publish-connection-information]
533
recipe = slapos.cookbook:publish
534 535 536
backend-url = $${slaprunner:access-url}
init-user = $${runner-htpasswd:user}
init-password = $${runner-htpasswd:password}
537
ssh-command = ssh $${slap-configuration:slapuser}@$${slap-network-information:global-ipv6} -p $${runner-sshd-port:port}
538 539
git-public-url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global_port}/git-public/
git-private-url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global_port}/git/
540
monitor-base-url = $${publish:monitor-base-url}
541 542 543 544 545
{% if slapparameter_dict.get('no-ipv4-frontend', 'false') == 'false' -%}
url =  https://$${request-frontend:connection-domain}
webdav-url = $${request-httpd-frontend:connection-secure_access}/share/
public-url =  $${request-httpd-frontend:connection-secure_access}/public/
{% else %}
546
url =  $${slaprunner:access-url}
547 548 549 550
webdav-url = $${apache-httpd:access-url}/share/
public-url =  $${apache-httpd:access-url}/public/
{% endif %}

551 552
{% if slapparameter_dict.get('instance-type', '') != 'resilient' -%}
{% set monitor_interface_url = slapparameter_dict.get('monitor-interface-url', 'https://monitor.app.officejs.com') -%}
553
monitor-setup-url = {{ monitor_interface_url }}/#page=settings_configurator&url=$${publish:monitor-url}&username=$${publish:monitor-user}&password=$${publish:monitor-password}
554
{% else -%}
555 556 557 558
monitor-url = $${publish:monitor-url}
monitor-user = $${publish:monitor-user}
monitor-password = $${publish:monitor-password}
{% endif -%}
559 560 561
#---------------------------
#--
#-- Deploy promises scripts
Jean-Baptiste Petre's avatar
Jean-Baptiste Petre committed
562

563 564
[slaprunner-promise]
recipe = slapos.cookbook:check_port_listening
565
path = $${directory:promises}/slaprunner
566 567
hostname = $${slaprunner:ipv6}
port = $${slaprunner:runner_port}
Jean-Baptiste Petre's avatar
Jean-Baptiste Petre committed
568

569
[runner-sshd-promise]
570
recipe = slapos.cookbook:check_port_listening
571 572 573
path = $${directory:promises}/runner-sshd
hostname = $${slap-network-information:global-ipv6}
port = $${runner-sshd-port:port}
574

575 576
[symlinks]
recipe = cns.recipe.symlink
577
symlink_target = $${directory:bin}
578
symlink_base = ${buildout:directory}/bin
579 580 581

[slap-parameter]
# Default value if no ssh key is specified
582
user-authorized-key =
583
# Default value of instances number in slaprunner
584
instance-amount = 10
585 586
debug = false
frontend-domain =
587
slapos-repository = https://lab.nexedi.com/nexedi/slapos.git
588
slapos-software =
589
slapos-software-type =
590
slapos-reference = master
591
auto-deploy = false
592
auto-deploy-instance = true
593
autorun = false
594 595
slaprunner-httpd-port = $${:monitor-port}
# XXX - for backward compatibility, monitor-port was for slaprunner httpd server
596
monitor-port = 9686
597
instance-name =
598 599
monitor-cors-domains = 
monitor-interface-url = 
600
# XXX - define a new port for monitor here and use monitor-port for backward compatibility
601
monitor-httpd-port = 8386
602 603 604

[monitor-parameters]
port = $${slap-parameter:monitor-port}
605

606 607
[slapos-cfg]
recipe = slapos.recipe.template:jinja2
608
template = ${template-slapos-cfg:location}/${template-slapos-cfg:filename}
609 610 611
rendered = $${slaprunner:slapos.cfg}
mode = 700
context =
612
  section slaprunner slaprunner
613

614 615
[slapos-test-cfg]
recipe = slapos.recipe.template:jinja2
616
template = ${template-slapos-cfg:location}/${template-slapos-cfg:filename}
617 618 619 620 621
rendered = $${test-runner:slapos.cfg}
mode = 700
context =
  section slaprunner test-runner

622
[shellinabox]
623 624 625 626 627 628 629 630 631 632 633
recipe = slapos.recipe.template:jinja2
# We cannot use slapos.cookbook:wrapper here because this recipe escapes too much
socket = $${directory:run}/siab.sock
mode = 0700
rendered = $${directory:services}/shellinaboxd
template = inline:
  #!/bin/sh
  exec ${shellinabox:location}/bin/shellinaboxd \
    --disable-ssl \
    --disable-ssl-menu \
    --unixdomain-only=$${:socket}:$(id -u):$(id -g):0600 \
Jérome Perrin's avatar
Jérome Perrin committed
634
    --service "/:$(id -u):$(id -g):HOME:$${shell:wrapper} -l"
635 636 637

[shell]
recipe = slapos.cookbook:shell
Jérome Perrin's avatar
Jérome Perrin committed
638
wrapper = $${directory:bin}/bash
639
shell = ${bash:location}/bin/bash
640
home = $${buildout:directory}
641
path = $${environ:PATH}:/usr/bin:/bin/:${nano:location}/bin:${vim:location}/bin:${screen:location}/bin:${git:location}/bin:${tig:location}/bin
642 643
ps1 = "\\w> "

644 645 646
[environ]
recipe = collective.recipe.environment

647 648
[prepare-software]
recipe = slapos.cookbook:wrapper
649
command-line = ${curl:location}/bin/curl -g https://[$${slaprunner:ipv6}]:$${slaprunner:runner_port}/isSRReady --max-time 1 --insecure
650 651
wrapper-path = $${directory:scripts}/prepareSoftware

652 653 654 655 656 657 658
[cron-entry-prepare-software]
<= cron
recipe = slapos.cookbook:cron.d
name = prepare-software
frequency = */2 * * * *
command = $${prepare-software:wrapper-path}

659 660 661
[instance-parameters]
recipe = slapos.recipe.template:jinja2
extensions = jinja2.ext.do
662
template = ${template-parameters:location}/${template-parameters:filename}
663 664
rendered = $${directory:etc}/.parameter.xml.default
mode = 0644
665
context =
666 667 668 669 670 671 672 673
  key slapparameter_dict slap-configuration:configuration

[deploy-instance-parameters]
recipe = plone.recipe.command
stop-on-error = true
parameter-xml = $${directory:etc}/.parameter.xml
command = if [ ! -f $${:parameter-xml} ]; then cp $${instance-parameters:rendered} $${:parameter-xml}; fi

674 675 676 677 678 679 680
[instance-software-type]
recipe = plone.recipe.command
stop-on-error = true
# XXX It should not be named with .xml as it is not xml
software-type-path = $${directory:etc}/.software_type.xml
command = if [ ! -f $${:software-type-path} -a "$${slap-parameter:slapos-software-type}" != "" ]; then echo "$${slap-parameter:slapos-software-type}" > $${:software-type-path}; fi

681 682 683 684 685
[instance-software]
recipe = plone.recipe.command
stop-on-error = true
command = SR=$${slap-parameter:slapos-software} && if [ -n "$SR" ] && [ ! -f "$${directory:etc}/.project" ]; then echo workspace/slapos/$${slap-parameter:slapos-software}/ > $${directory:etc}/.project; fi

686 687 688 689 690 691 692 693
[slap-configuration]
recipe = slapos.cookbook:slapconfiguration.serialised
computer = $${slap-connection:computer-id}
partition = $${slap-connection:partition-id}
url = $${slap-connection:server-url}
key = $${slap-connection:key-file}
cert = $${slap-connection:cert-file}

694

695 696 697 698 699 700
[minishell-cwd]
recipe = plone.recipe.command
command = if [ ! -f $${slaprunner:minishell_cwd_file} ]; then echo $${runnerdirectory:home} > $${slaprunner:minishell_cwd_file}; fi
location = $${slaprunner:minishell_cwd_file}
stop-on-error = true

701
[bash-profile]
702 703 704 705
recipe = slapos.recipe.template:jinja2
template = ${template-bash-profile:location}/${template-bash-profile:filename}
rendered = $${buildout:directory}/.bash_profile
context =
706
    raw path $PATH:${nano:location}/bin:${vim:location}/bin:${screen:location}/bin:${git:location}/bin:${curl:location}/bin:${python2.7:location}/bin:${tig:location}/bin:${zip:location}/bin
707
    key workdir runnerdirectory:home
708

709 710 711 712 713

#---------------------------
#--
#-- supervisord managing slaprunner automation features

714
[supervisord]
715
autorestart = false
716 717 718 719
autostart = false
directory = $${buildout:directory}
exitcodes = 0
logfile = $${directory:log}/supervisord.log
720
no_logfile = NONE
721
numprocs = 1
722
path = $${shell:path}
723
pidfile = $${directory:run}/supervisord.pid
724 725
ip = $${slaprunner:ipv4}
server = $${:ip}:$${:port}
726
port = 39986
727
slapgrid-cp = slapgrid-cp
728
slapgrid-cp-command = $${slaprunner:slapos} node instance --all --cfg $${:slapos-cfg} --pidfile $${:slapgrid-cp-pid} --verbose --logfile $${:slapgrid-cp-log}
729 730
slapgrid-cp-log = $${runnerdirectory:home}/instance.log
slapgrid-cp-pid = $${directory:run}/slapgrid-cp.pid
731
slapgrid-cp-startretries = 0
732
slapgrid-sr = slapgrid-sr
733
slapgrid-sr-command = $${slaprunner:slapos} node software --all --cfg $${:slapos-cfg} --pidfile $${:slapgrid-sr-pid} --verbose --logfile $${:slapgrid-sr-log}
734 735
slapgrid-sr-log = $${runnerdirectory:home}/software.log
slapgrid-sr-pid = $${directory:run}/slapgrid-sr.pid
736
slapgrid-sr-startretries = 0
737 738 739
slapproxy = slapproxy
slapproxy-autorestart = true
slapproxy-autostart = true
740
slapproxy-startsecs = 1
741
slapproxy-command = $${slaprunner:slapos} proxy start --logfile $${:slapproxy-log} --cfg $${:slapos-cfg}
742
slapproxy-log = $${directory:log}/slapproxy.log
743 744
socket_name = unix://$${:socket_path}
socket_path = $${directory:tmp}/supervisord.sock
745
startsecs = 0
746 747 748
# This file logs errors from listeners. Supervisord has its own logfile.
# Processes should handle their logs by themselves
stderr_logfile = $${directory:log}/supervisord-errors.log
749
slapos-cfg = $${slaprunner:slapos.cfg}
750 751 752 753 754 755

[supervisord-conf]
recipe = slapos.recipe.template:jinja2
template = ${template-supervisord:location}/${template-supervisord:filename}
rendered = $${directory:etc}/supervisord.conf
context =
756 757
    import multiprocessing multiprocessing
    import builtin __builtin__
758
    section supervisord supervisord
759
    key slapparameter_dict slap-configuration:configuration
760 761 762 763 764 765 766 767 768 769
    key listener_slapgrid listener-slapgrid-bin:rendered

[listener-slapgrid-bin]
recipe = slapos.recipe.template:jinja2
template = ${template-listener-slapgrid:location}/${template-listener-slapgrid:filename}
rendered = $${directory:bin}/listener_slapgrid.py
mode = 0744
context =
    section supervisord supervisord
    section slaprunner slaprunner
770
    raw python_executable ${buildout:directory}/bin/${extra-eggs:interpreter}
771 772 773 774 775 776

[supervisord-wrapper]
recipe = slapos.cookbook:wrapper
command-line = $${buildout:directory}/bin/supervisord -c $${supervisord-conf:rendered} --nodaemon
wrapper-path = $${directory:services}/supervisord

777 778 779 780 781 782
[supervisord-promise]
recipe = slapos.cookbook:check_port_listening
path = $${directory:promises}/supervisord
hostname = $${slaprunner:ipv4}
port = $${supervisord:port}

783 784
# XXX Monitor 
[monitor-instance-parameter]
785
monitor-httpd-port = $${slap-parameter:monitor-httpd-port}
786 787 788
{% if slapparameter_dict.get('name', '') -%}
monitor-title = {{ slapparameter_dict['name'] }}
{% endif -%}
789
cors-domains = {{ slapparameter_dict.get('monitor-cors-domains', 'monitor.app.officejs.com') }}
790 791 792
{% if slapparameter_dict.get('monitor-username', '') -%}
username = {{ slapparameter_dict['monitor-username'] }}
{% endif -%}
793
password = $${runner-htpasswd:password}
794
{% if slapparameter_dict.get('monitor-url-list', '') -%}
795
monitor-url-list = {{ slapparameter_dict['monitor-url-list'] }}
796
{% endif -%}
797
# check if not resilient runner
798 799 800
{% if not slapparameter_dict.get('authorized-key', '') -%}
# Pass some parameter to dispay in monitoring interface
instance-configuration =
801
  httpdcors cors-domain $${slaprunner-httpd-cors:location} $${httpd-graceful-wrapper:output}
802 803
{% endif -%}
configuration-file-path = $${buildout:directory}/knowledge0.cfg
804

805 806 807
[monitor-check-webrunner-internal-instance]
recipe = slapos.recipe.template:jinja2
template = ${monitor-check-webrunner-internal-instance:location}/${monitor-check-webrunner-internal-instance:filename}
808
rendered = $${monitor-directory:reports}/$${:filename}
809 810 811
filename = monitor-check-webrunner-internal-instance
mode = 0744