resilient: factorizes the takeover part

c0c5ddac · Nicolas Wavrant · 57c302b7 · c0c5ddac · c0c5ddac · c0c5ddac
Commit c0c5ddac authored Oct 11, 2016 by Nicolas Wavrant
4 changed files
--- a/stack/resilient/buildout.cfg
+++ b/stack/resilient/buildout.cfg
@@ -16,6 +16,7 @@ parts =
  pbsready-export
  template-replicated
  template-parts
+  template-takeover
  instance-frozen
  root-instance-clone

@@ -51,7 +52,7 @@ mode = 0644
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/pbsready-import.cfg.in
 output = ${buildout:directory}/pbsready-import.cfg
-md5sum = a13be3bd76d6a52b6527c7035ba33a06
+md5sum = 472bfb80290468f0b67e33e07d0fa011
 mode = 0644

 [pbsready-export]
@@ -84,6 +85,13 @@ md5sum = 41e571360ca9c4e3300ec2b6356a521e
 mode = 0644
 destination = ${buildout:directory}/template-parts.cfg.in

+[template-takeover]
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/template-takeover.cfg.in
+output = ${buildout:directory}/template-takeover.cfg
+md5sum = ac3977ca5de74ed0cb2d5cad970555a1
+mode = 0644
+
 [instance-frozen]
 # When an instance is detected as broken, its software type is changed to "frozen".
 # On the next run of slapgrid-cp, the buildout profile is replaced by instance-frozen.cfg,
@@ -103,7 +111,7 @@ destination = ${buildout:directory}/resilient-web-takeover-cgi-script.py.in
 [root-instance-clone]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/root-instance-clone.cfg.in
-md5sum = c5b75c0ddfe13b31c121a484cdd454ce
+md5sum = c09effce6fc61621a1382623a47ecd9e
 output = ${buildout:directory}/root-instance-clone.cfg

 # Provide an empty wrapper

--- a/stack/resilient/pbsready-import.cfg.in
+++ b/stack/resilient/pbsready-import.cfg.in
 [buildout]

 extends = ${pbsready:output}
+          ${template-takeover:output}

 # Explicitely define extended parts from pbsready
 # then add local parts
@@ -19,7 +20,6 @@ parts =
  sshd-pbs-authorized-key
  notifier

-  resiliency-takeover-script
  resilient-web-takeover-cgi-script
  resilient-web-takeover-httpd-wrapper
  resilient-web-takeover-httpd-promise
@@ -33,8 +33,6 @@ parts =

 [resilient-publish-connection-parameter]
 notification-url = http://[$${notifier:host}]:$${notifier:port}/notify
-takeover-url = http://[$${resilient-web-takeover-httpd-configuration-file:listening-ip}]:$${resilient-web-takeover-httpd-configuration-file:listening-port}/
-takeover-password = $${resilient-web-takeover-password:passwd}

 # Define port of ssh server. It has to be different from import so that it
 # supports export/import using same IP (slaprunner, slapos-in-partition,
@@ -96,83 +94,17 @@ template = inline:
 rendered = $${basedirectory:promises}/backup-transfer-integrity-promise
 mode = 700

-###########
-# Generate the takeover script
-###########
-[resiliency-takeover-script]
-recipe = slapos.cookbook:addresiliency
-wrapper-takeover = $${rootdirectory:bin}/takeover
-takeover-triggered-file-path = $${rootdirectory:srv}/takeover_triggered
-
-# Add path of file created by takeover script when takeover is triggered
-# Takeover script will create this file
-# equeue process will watch for file existence.
 [equeue]
 takeover-triggered-file-path = $${resiliency-takeover-script:takeover-triggered-file-path}

-###########
-# Deploy a webserver allowing to do takeover from a web browser.
-###########
-[resilient-web-takeover-password]
-recipe = slapos.cookbook:generate.password
-storage-path = $${directory:srv}/passwd
-bytes = 8
-
 [resilient-web-takeover-cgi-script]
-recipe = collective.recipe.template
-input = ${resilient-web-takeover-cgi-script-download:destination}
-output = $${directory:cgi-bin}/web-takeover.cgi
-password = $${resilient-web-takeover-password:passwd}
-mode = 700
 proof-signature-url = $${publish:monitor-base-url}/private/resilient/backup.signature

-# XXX could it be something lighter?
-# XXX Add SSL
-[resilient-web-takeover-httpd-configuration-file]
-recipe = collective.recipe.template
-input = inline:
-  PidFile "$${:pid-file}"
-  Listen [$${:listening-ip}]:$${:listening-port}
-  ServerAdmin someone@email
-  DocumentRoot "$${:document-root}"
-  ErrorLog "$${:error-log}"
-  LoadModule unixd_module modules/mod_unixd.so
-  LoadModule access_compat_module modules/mod_access_compat.so
-  LoadModule authz_core_module modules/mod_authz_core.so
-  LoadModule authz_host_module modules/mod_authz_host.so
-  LoadModule mime_module modules/mod_mime.so
-  LoadModule cgid_module modules/mod_cgid.so
-  LoadModule dir_module modules/mod_dir.so
-  ScriptSock $${:cgid-pid-file}
-  <Directory $${:document-root}>
-    # XXX: security????
-    Options +ExecCGI
-    AddHandler cgi-script .cgi
-    DirectoryIndex web-takeover.cgi
-  </Directory>
-output = $${directory:etc}/resilient-web-takeover-httpd.conf
-# md5sum =
-listening-ip = $${slap-network-information:global-ipv6}
-# XXX: randomize-me
-listening-port = 9263
-htdocs = $${directory:cgi-bin}
-pid-file = $${directory:run}/resilient-web-takeover-httpd.pid
-cgid-pid-file = $${directory:run}/resilient-web-takeover-httpd-cgid.pid
-document-root = $${directory:cgi-bin}
-error-log = $${directory:log}/resilient-web-takeover-httpd-error-log
-
-[resilient-web-takeover-httpd-wrapper]
-recipe = slapos.cookbook:wrapper
-apache-executable = ${apache:location}/bin/httpd
-command-line = $${:apache-executable} -f $${resilient-web-takeover-httpd-configuration-file:output} -DFOREGROUND
-wrapper-path = $${basedirectory:services}/resilient-web-takeover-httpd
-
-[resilient-web-takeover-httpd-promise]
-recipe = slapos.cookbook:check_url_available
-path = $${basedirectory:promises}/resilient-web-takeover-httpd
-url = http://[$${resilient-web-takeover-httpd-configuration-file:listening-ip}]:$${resilient-web-takeover-httpd-configuration-file:listening-port}/
-dash_path = ${dash:location}/bin/dash
-curl_path = ${curl:location}/bin/curl
+[resilient-web-takeover-httpd-port]
+recipe = slapos.cookbook:free_port
+ip = $${resilient-web-takeover-httpd-configuration-file:listening-ip}
+minimum = 9263
+maximum = 9272

 ###########
 # Symlinks

--- a/stack/resilient/root-instance-clone.cfg.in
+++ b/stack/resilient/root-instance-clone.cfg.in
 [buildout]
+extends = ${template-takeover:output}

 parts =
-  publish-connection-information
+  resilient-publish-connection-parameter
  slap-configuration

  resiliency-takeover-script
@@ -9,68 +10,12 @@ parts =
  resilient-web-takeover-httpd-wrapper
  resilient-web-takeover-httpd-promise

-
 eggs-directory = ${buildout:eggs-directory}
 develop-eggs-directory = ${buildout:develop-eggs-directory}
 offline = true

-[directory]
-recipe = slapos.cookbook:mkdirectory
-bin = $${buildout:directory}/bin
-etc = $${buildout:directory}/etc
-srv = $${buildout:directory}/srv
-var = $${buildout:directory}/var
-
-services = $${:etc}/service
-promises = $${:etc}/promise
-
-log = $${:var}/log
-run = $${:var}/run
-
-cgi-bin = $${:srv}/cgi-bin
-
-
-[publish-connection-information]
-recipe = slapos.cookbook:publish
-takeover-url = http://[$${resilient-web-takeover-httpd-configuration-file:listening-ip}]:$${resilient-web-takeover-httpd-configuration-file:listening-port}
-takeover-password = $${resilient-web-takeover-password:passwd}
-
-###########
-# Generate the takeover script
-###########
 [resiliency-takeover-script]
 recipe = slapos.cookbook:addresiliency-root
-wrapper-takeover = $${directory:bin}/takeover
-takeover-triggered-file-path = $${directory:srv}/takeover_triggered
-
-# Add path of file created by takeover script when takeover is triggered
-# Takeover script will create this file
-# equeue process will watch for file existence.
-[equeue]
-recipe = slapos.cookbook:equeue
-socket = $${directory:run}/equeue.sock
-lockfile = $${directory:run}/equeue.lock
-log = $${directory:log}/equeue.log
-database = $${directory:srv}/equeue.db
-wrapper = $${directory:services}/equeue
-equeue-binary = ${buildout:bin-directory}/equeue
-takeover-triggered-file-path = $${resiliency-takeover-script:takeover-triggered-file-path}
-
-###########
-# Deploy a webserver allowing to do takeover from a web browser.
-###########
-[resilient-web-takeover-password]
-recipe = slapos.cookbook:generate.password
-storage-path = $${directory:srv}/passwd
-bytes = 8
-
-[resilient-web-takeover-cgi-script]
-recipe = collective.recipe.template
-input = ${resilient-web-takeover-cgi-script-download:destination}
-output = $${directory:cgi-bin}/web-takeover.cgi
-password = $${resilient-web-takeover-password:passwd}
-mode = 700
-proof-signature-url = 

 [resilient-web-takeover-httpd-port]
 recipe = slapos.cookbook:free_port
@@ -78,54 +23,6 @@ ip = $${resilient-web-takeover-httpd-configuration-file:listening-ip}
 minimum = 9281
 maximum = 9292

-# XXX could it be something lighter?
-# XXX Add SSL
-[resilient-web-takeover-httpd-configuration-file]
-recipe = collective.recipe.template
-input = inline:
-  PidFile "$${:pid-file}"
-  Listen [$${:listening-ip}]:$${:listening-port}
-  ServerAdmin someone@email
-  DocumentRoot "$${:document-root}"
-  ErrorLog "$${:error-log}"
-  LoadModule unixd_module modules/mod_unixd.so
-  LoadModule access_compat_module modules/mod_access_compat.so
-  LoadModule authz_core_module modules/mod_authz_core.so
-  LoadModule authz_host_module modules/mod_authz_host.so
-  LoadModule mime_module modules/mod_mime.so
-  LoadModule cgid_module modules/mod_cgid.so
-  LoadModule dir_module modules/mod_dir.so
-  ScriptSock $${:cgid-pid-file}
-  <Directory $${:document-root}>
-    # XXX: security????
-    Options +ExecCGI
-    AddHandler cgi-script .cgi
-    DirectoryIndex web-takeover.cgi
-  </Directory>
-output = $${directory:etc}/resilient-web-takeover-httpd.conf
-# md5sum =
-listening-ip = $${slap-network-information:global-ipv6}
-# XXX: randomize-me
-listening-port = $${resilient-web-takeover-httpd-port:port}
-htdocs = $${directory:cgi-bin}
-pid-file = $${directory:run}/resilient-web-takeover-httpd.pid
-cgid-pid-file = $${directory:run}/resilient-web-takeover-httpd-cgid.pid
-document-root = $${directory:cgi-bin}
-error-log = $${directory:log}/resilient-web-takeover-httpd-error-log
-
-[resilient-web-takeover-httpd-wrapper]
-recipe = slapos.cookbook:wrapper
-apache-executable = ${apache:location}/bin/httpd
-command-line = $${:apache-executable} -f $${resilient-web-takeover-httpd-configuration-file:output} -DFOREGROUND
-wrapper-path = $${directory:services}/resilient-web-takeover-httpd
-
-[resilient-web-takeover-httpd-promise]
-recipe = slapos.cookbook:check_url_available
-path = $${directory:promises}/resilient-web-takeover-httpd
-url = http://[$${resilient-web-takeover-httpd-configuration-file:listening-ip}]:$${resilient-web-takeover-httpd-configuration-file:listening-port}/
-dash_path = ${dash:location}/bin/dash
-curl_path = ${curl:location}/bin/curl
-
 [slap-configuration]
 recipe = slapos.cookbook:slapconfiguration
 computer = $${slap-connection:computer-id}

--- a/stack/resilient/template-takeover.cfg.in
+++ b/stack/resilient/template-takeover.cfg.in
+[buildout]
+
+parts =
+  resilient-publish-connection-parameter
+  slap-configuration
+
+  resiliency-takeover-script
+  resilient-web-takeover-cgi-script
+  resilient-web-takeover-httpd-wrapper
+  resilient-web-takeover-httpd-promise
+
+
+eggs-directory = ${buildout:eggs-directory}
+develop-eggs-directory = ${buildout:develop-eggs-directory}
+offline = true
+
+[directory]
+recipe = slapos.cookbook:mkdirectory
+bin = $${buildout:directory}/bin
+etc = $${buildout:directory}/etc
+srv = $${buildout:directory}/srv
+var = $${buildout:directory}/var
+
+services = $${:etc}/service
+promises = $${:etc}/promise
+
+log = $${:var}/log
+run = $${:var}/run
+
+cgi-bin = $${:srv}/cgi-bin
+
+
+[resilient-publish-connection-parameter]
+recipe = slapos.cookbook:publish
+takeover-url = http://[$${resilient-web-takeover-httpd-configuration-file:listening-ip}]:$${resilient-web-takeover-httpd-configuration-file:listening-port}
+takeover-password = $${resilient-web-takeover-password:passwd}
+
+###########
+# Generate the takeover script
+###########
+[resiliency-takeover-script]
+recipe = slapos.cookbook:addresiliency-root
+wrapper-takeover = $${directory:bin}/takeover
+takeover-triggered-file-path = $${directory:srv}/takeover_triggered
+
+# Add path of file created by takeover script when takeover is triggered
+# Takeover script will create this file
+# equeue process will watch for file existence.
+[equeue]
+recipe = slapos.cookbook:equeue
+socket = $${directory:run}/equeue.sock
+lockfile = $${directory:run}/equeue.lock
+log = $${directory:log}/equeue.log
+database = $${directory:srv}/equeue.db
+wrapper = $${directory:services}/equeue
+equeue-binary = ${buildout:bin-directory}/equeue
+takeover-triggered-file-path = $${resiliency-takeover-script:takeover-triggered-file-path}
+
+###########
+# Deploy a webserver allowing to do takeover from a web browser.
+###########
+[resilient-web-takeover-password]
+recipe = slapos.cookbook:generate.password
+storage-path = $${directory:srv}/passwd
+bytes = 8
+
+[resilient-web-takeover-cgi-script]
+recipe = collective.recipe.template
+input = ${resilient-web-takeover-cgi-script-download:destination}
+output = $${directory:cgi-bin}/web-takeover.cgi
+password = $${resilient-web-takeover-password:passwd}
+mode = 700
+proof-signature-url = 
+
+[resilient-web-takeover-httpd-port]
+recipe = slapos.cookbook:free_port
+ip = $${resilient-web-takeover-httpd-configuration-file:listening-ip}
+minimum = 9281
+maximum = 9292
+
+# XXX could it be something lighter?
+# XXX Add SSL
+[resilient-web-takeover-httpd-configuration-file]
+recipe = collective.recipe.template
+input = inline:
+  PidFile "$${:pid-file}"
+  Listen [$${:listening-ip}]:$${:listening-port}
+  ServerAdmin someone@email
+  DocumentRoot "$${:document-root}"
+  ErrorLog "$${:error-log}"
+  LoadModule unixd_module modules/mod_unixd.so
+  LoadModule access_compat_module modules/mod_access_compat.so
+  LoadModule authz_core_module modules/mod_authz_core.so
+  LoadModule authz_host_module modules/mod_authz_host.so
+  LoadModule mime_module modules/mod_mime.so
+  LoadModule cgid_module modules/mod_cgid.so
+  LoadModule dir_module modules/mod_dir.so
+  ScriptSock $${:cgid-pid-file}
+  <Directory $${:document-root}>
+    # XXX: security????
+    Options +ExecCGI
+    AddHandler cgi-script .cgi
+    DirectoryIndex web-takeover.cgi
+  </Directory>
+output = $${directory:etc}/resilient-web-takeover-httpd.conf
+# md5sum =
+listening-ip = $${slap-network-information:global-ipv6}
+# XXX: randomize-me
+listening-port = $${resilient-web-takeover-httpd-port:port}
+htdocs = $${directory:cgi-bin}
+pid-file = $${directory:run}/resilient-web-takeover-httpd.pid
+cgid-pid-file = $${directory:run}/resilient-web-takeover-httpd-cgid.pid
+document-root = $${directory:cgi-bin}
+error-log = $${directory:log}/resilient-web-takeover-httpd-error-log
+
+[resilient-web-takeover-httpd-wrapper]
+recipe = slapos.cookbook:wrapper
+apache-executable = ${apache:location}/bin/httpd
+command-line = $${:apache-executable} -f $${resilient-web-takeover-httpd-configuration-file:output} -DFOREGROUND
+wrapper-path = $${directory:services}/resilient-web-takeover-httpd
+
+[resilient-web-takeover-httpd-promise]
+recipe = slapos.cookbook:check_url_available
+path = $${directory:promises}/resilient-web-takeover-httpd
+url = http://[$${resilient-web-takeover-httpd-configuration-file:listening-ip}]:$${resilient-web-takeover-httpd-configuration-file:listening-port}/
+dash_path = ${dash:location}/bin/dash
+curl_path = ${curl:location}/bin/curl
+
+[slap-configuration]
+recipe = slapos.cookbook:slapconfiguration
+computer = $${slap-connection:computer-id}
+partition = $${slap-connection:partition-id}
+url = $${slap-connection:server-url}
+key = $${slap-connection:key-file}
+cert = $${slap-connection:cert-file}
\ No newline at end of file