Commit c0c5ddac authored by Nicolas Wavrant's avatar Nicolas Wavrant

resilient: factorizes the takeover part

parent 57c302b7
...@@ -16,6 +16,7 @@ parts = ...@@ -16,6 +16,7 @@ parts =
pbsready-export pbsready-export
template-replicated template-replicated
template-parts template-parts
template-takeover
instance-frozen instance-frozen
root-instance-clone root-instance-clone
...@@ -51,7 +52,7 @@ mode = 0644 ...@@ -51,7 +52,7 @@ mode = 0644
recipe = slapos.recipe.template recipe = slapos.recipe.template
url = ${:_profile_base_location_}/pbsready-import.cfg.in url = ${:_profile_base_location_}/pbsready-import.cfg.in
output = ${buildout:directory}/pbsready-import.cfg output = ${buildout:directory}/pbsready-import.cfg
md5sum = a13be3bd76d6a52b6527c7035ba33a06 md5sum = 472bfb80290468f0b67e33e07d0fa011
mode = 0644 mode = 0644
[pbsready-export] [pbsready-export]
...@@ -84,6 +85,13 @@ md5sum = 41e571360ca9c4e3300ec2b6356a521e ...@@ -84,6 +85,13 @@ md5sum = 41e571360ca9c4e3300ec2b6356a521e
mode = 0644 mode = 0644
destination = ${buildout:directory}/template-parts.cfg.in destination = ${buildout:directory}/template-parts.cfg.in
[template-takeover]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/template-takeover.cfg.in
output = ${buildout:directory}/template-takeover.cfg
md5sum = ac3977ca5de74ed0cb2d5cad970555a1
mode = 0644
[instance-frozen] [instance-frozen]
# When an instance is detected as broken, its software type is changed to "frozen". # When an instance is detected as broken, its software type is changed to "frozen".
# On the next run of slapgrid-cp, the buildout profile is replaced by instance-frozen.cfg, # On the next run of slapgrid-cp, the buildout profile is replaced by instance-frozen.cfg,
...@@ -103,7 +111,7 @@ destination = ${buildout:directory}/resilient-web-takeover-cgi-script.py.in ...@@ -103,7 +111,7 @@ destination = ${buildout:directory}/resilient-web-takeover-cgi-script.py.in
[root-instance-clone] [root-instance-clone]
recipe = slapos.recipe.template recipe = slapos.recipe.template
url = ${:_profile_base_location_}/root-instance-clone.cfg.in url = ${:_profile_base_location_}/root-instance-clone.cfg.in
md5sum = c5b75c0ddfe13b31c121a484cdd454ce md5sum = c09effce6fc61621a1382623a47ecd9e
output = ${buildout:directory}/root-instance-clone.cfg output = ${buildout:directory}/root-instance-clone.cfg
# Provide an empty wrapper # Provide an empty wrapper
......
[buildout] [buildout]
extends = ${pbsready:output} extends = ${pbsready:output}
${template-takeover:output}
# Explicitely define extended parts from pbsready # Explicitely define extended parts from pbsready
# then add local parts # then add local parts
...@@ -19,7 +20,6 @@ parts = ...@@ -19,7 +20,6 @@ parts =
sshd-pbs-authorized-key sshd-pbs-authorized-key
notifier notifier
resiliency-takeover-script
resilient-web-takeover-cgi-script resilient-web-takeover-cgi-script
resilient-web-takeover-httpd-wrapper resilient-web-takeover-httpd-wrapper
resilient-web-takeover-httpd-promise resilient-web-takeover-httpd-promise
...@@ -33,8 +33,6 @@ parts = ...@@ -33,8 +33,6 @@ parts =
[resilient-publish-connection-parameter] [resilient-publish-connection-parameter]
notification-url = http://[$${notifier:host}]:$${notifier:port}/notify notification-url = http://[$${notifier:host}]:$${notifier:port}/notify
takeover-url = http://[$${resilient-web-takeover-httpd-configuration-file:listening-ip}]:$${resilient-web-takeover-httpd-configuration-file:listening-port}/
takeover-password = $${resilient-web-takeover-password:passwd}
# Define port of ssh server. It has to be different from import so that it # Define port of ssh server. It has to be different from import so that it
# supports export/import using same IP (slaprunner, slapos-in-partition, # supports export/import using same IP (slaprunner, slapos-in-partition,
...@@ -96,83 +94,17 @@ template = inline: ...@@ -96,83 +94,17 @@ template = inline:
rendered = $${basedirectory:promises}/backup-transfer-integrity-promise rendered = $${basedirectory:promises}/backup-transfer-integrity-promise
mode = 700 mode = 700
###########
# Generate the takeover script
###########
[resiliency-takeover-script]
recipe = slapos.cookbook:addresiliency
wrapper-takeover = $${rootdirectory:bin}/takeover
takeover-triggered-file-path = $${rootdirectory:srv}/takeover_triggered
# Add path of file created by takeover script when takeover is triggered
# Takeover script will create this file
# equeue process will watch for file existence.
[equeue] [equeue]
takeover-triggered-file-path = $${resiliency-takeover-script:takeover-triggered-file-path} takeover-triggered-file-path = $${resiliency-takeover-script:takeover-triggered-file-path}
###########
# Deploy a webserver allowing to do takeover from a web browser.
###########
[resilient-web-takeover-password]
recipe = slapos.cookbook:generate.password
storage-path = $${directory:srv}/passwd
bytes = 8
[resilient-web-takeover-cgi-script] [resilient-web-takeover-cgi-script]
recipe = collective.recipe.template
input = ${resilient-web-takeover-cgi-script-download:destination}
output = $${directory:cgi-bin}/web-takeover.cgi
password = $${resilient-web-takeover-password:passwd}
mode = 700
proof-signature-url = $${publish:monitor-base-url}/private/resilient/backup.signature proof-signature-url = $${publish:monitor-base-url}/private/resilient/backup.signature
# XXX could it be something lighter? [resilient-web-takeover-httpd-port]
# XXX Add SSL recipe = slapos.cookbook:free_port
[resilient-web-takeover-httpd-configuration-file] ip = $${resilient-web-takeover-httpd-configuration-file:listening-ip}
recipe = collective.recipe.template minimum = 9263
input = inline: maximum = 9272
PidFile "$${:pid-file}"
Listen [$${:listening-ip}]:$${:listening-port}
ServerAdmin someone@email
DocumentRoot "$${:document-root}"
ErrorLog "$${:error-log}"
LoadModule unixd_module modules/mod_unixd.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule mime_module modules/mod_mime.so
LoadModule cgid_module modules/mod_cgid.so
LoadModule dir_module modules/mod_dir.so
ScriptSock $${:cgid-pid-file}
<Directory $${:document-root}>
# XXX: security????
Options +ExecCGI
AddHandler cgi-script .cgi
DirectoryIndex web-takeover.cgi
</Directory>
output = $${directory:etc}/resilient-web-takeover-httpd.conf
# md5sum =
listening-ip = $${slap-network-information:global-ipv6}
# XXX: randomize-me
listening-port = 9263
htdocs = $${directory:cgi-bin}
pid-file = $${directory:run}/resilient-web-takeover-httpd.pid
cgid-pid-file = $${directory:run}/resilient-web-takeover-httpd-cgid.pid
document-root = $${directory:cgi-bin}
error-log = $${directory:log}/resilient-web-takeover-httpd-error-log
[resilient-web-takeover-httpd-wrapper]
recipe = slapos.cookbook:wrapper
apache-executable = ${apache:location}/bin/httpd
command-line = $${:apache-executable} -f $${resilient-web-takeover-httpd-configuration-file:output} -DFOREGROUND
wrapper-path = $${basedirectory:services}/resilient-web-takeover-httpd
[resilient-web-takeover-httpd-promise]
recipe = slapos.cookbook:check_url_available
path = $${basedirectory:promises}/resilient-web-takeover-httpd
url = http://[$${resilient-web-takeover-httpd-configuration-file:listening-ip}]:$${resilient-web-takeover-httpd-configuration-file:listening-port}/
dash_path = ${dash:location}/bin/dash
curl_path = ${curl:location}/bin/curl
########### ###########
# Symlinks # Symlinks
......
[buildout] [buildout]
extends = ${template-takeover:output}
parts = parts =
publish-connection-information resilient-publish-connection-parameter
slap-configuration slap-configuration
resiliency-takeover-script resiliency-takeover-script
...@@ -9,68 +10,12 @@ parts = ...@@ -9,68 +10,12 @@ parts =
resilient-web-takeover-httpd-wrapper resilient-web-takeover-httpd-wrapper
resilient-web-takeover-httpd-promise resilient-web-takeover-httpd-promise
eggs-directory = ${buildout:eggs-directory} eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory} develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true offline = true
[directory]
recipe = slapos.cookbook:mkdirectory
bin = $${buildout:directory}/bin
etc = $${buildout:directory}/etc
srv = $${buildout:directory}/srv
var = $${buildout:directory}/var
services = $${:etc}/service
promises = $${:etc}/promise
log = $${:var}/log
run = $${:var}/run
cgi-bin = $${:srv}/cgi-bin
[publish-connection-information]
recipe = slapos.cookbook:publish
takeover-url = http://[$${resilient-web-takeover-httpd-configuration-file:listening-ip}]:$${resilient-web-takeover-httpd-configuration-file:listening-port}
takeover-password = $${resilient-web-takeover-password:passwd}
###########
# Generate the takeover script
###########
[resiliency-takeover-script] [resiliency-takeover-script]
recipe = slapos.cookbook:addresiliency-root recipe = slapos.cookbook:addresiliency-root
wrapper-takeover = $${directory:bin}/takeover
takeover-triggered-file-path = $${directory:srv}/takeover_triggered
# Add path of file created by takeover script when takeover is triggered
# Takeover script will create this file
# equeue process will watch for file existence.
[equeue]
recipe = slapos.cookbook:equeue
socket = $${directory:run}/equeue.sock
lockfile = $${directory:run}/equeue.lock
log = $${directory:log}/equeue.log
database = $${directory:srv}/equeue.db
wrapper = $${directory:services}/equeue
equeue-binary = ${buildout:bin-directory}/equeue
takeover-triggered-file-path = $${resiliency-takeover-script:takeover-triggered-file-path}
###########
# Deploy a webserver allowing to do takeover from a web browser.
###########
[resilient-web-takeover-password]
recipe = slapos.cookbook:generate.password
storage-path = $${directory:srv}/passwd
bytes = 8
[resilient-web-takeover-cgi-script]
recipe = collective.recipe.template
input = ${resilient-web-takeover-cgi-script-download:destination}
output = $${directory:cgi-bin}/web-takeover.cgi
password = $${resilient-web-takeover-password:passwd}
mode = 700
proof-signature-url =
[resilient-web-takeover-httpd-port] [resilient-web-takeover-httpd-port]
recipe = slapos.cookbook:free_port recipe = slapos.cookbook:free_port
...@@ -78,54 +23,6 @@ ip = $${resilient-web-takeover-httpd-configuration-file:listening-ip} ...@@ -78,54 +23,6 @@ ip = $${resilient-web-takeover-httpd-configuration-file:listening-ip}
minimum = 9281 minimum = 9281
maximum = 9292 maximum = 9292
# XXX could it be something lighter?
# XXX Add SSL
[resilient-web-takeover-httpd-configuration-file]
recipe = collective.recipe.template
input = inline:
PidFile "$${:pid-file}"
Listen [$${:listening-ip}]:$${:listening-port}
ServerAdmin someone@email
DocumentRoot "$${:document-root}"
ErrorLog "$${:error-log}"
LoadModule unixd_module modules/mod_unixd.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule mime_module modules/mod_mime.so
LoadModule cgid_module modules/mod_cgid.so
LoadModule dir_module modules/mod_dir.so
ScriptSock $${:cgid-pid-file}
<Directory $${:document-root}>
# XXX: security????
Options +ExecCGI
AddHandler cgi-script .cgi
DirectoryIndex web-takeover.cgi
</Directory>
output = $${directory:etc}/resilient-web-takeover-httpd.conf
# md5sum =
listening-ip = $${slap-network-information:global-ipv6}
# XXX: randomize-me
listening-port = $${resilient-web-takeover-httpd-port:port}
htdocs = $${directory:cgi-bin}
pid-file = $${directory:run}/resilient-web-takeover-httpd.pid
cgid-pid-file = $${directory:run}/resilient-web-takeover-httpd-cgid.pid
document-root = $${directory:cgi-bin}
error-log = $${directory:log}/resilient-web-takeover-httpd-error-log
[resilient-web-takeover-httpd-wrapper]
recipe = slapos.cookbook:wrapper
apache-executable = ${apache:location}/bin/httpd
command-line = $${:apache-executable} -f $${resilient-web-takeover-httpd-configuration-file:output} -DFOREGROUND
wrapper-path = $${directory:services}/resilient-web-takeover-httpd
[resilient-web-takeover-httpd-promise]
recipe = slapos.cookbook:check_url_available
path = $${directory:promises}/resilient-web-takeover-httpd
url = http://[$${resilient-web-takeover-httpd-configuration-file:listening-ip}]:$${resilient-web-takeover-httpd-configuration-file:listening-port}/
dash_path = ${dash:location}/bin/dash
curl_path = ${curl:location}/bin/curl
[slap-configuration] [slap-configuration]
recipe = slapos.cookbook:slapconfiguration recipe = slapos.cookbook:slapconfiguration
computer = $${slap-connection:computer-id} computer = $${slap-connection:computer-id}
......
[buildout]
parts =
resilient-publish-connection-parameter
slap-configuration
resiliency-takeover-script
resilient-web-takeover-cgi-script
resilient-web-takeover-httpd-wrapper
resilient-web-takeover-httpd-promise
eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true
[directory]
recipe = slapos.cookbook:mkdirectory
bin = $${buildout:directory}/bin
etc = $${buildout:directory}/etc
srv = $${buildout:directory}/srv
var = $${buildout:directory}/var
services = $${:etc}/service
promises = $${:etc}/promise
log = $${:var}/log
run = $${:var}/run
cgi-bin = $${:srv}/cgi-bin
[resilient-publish-connection-parameter]
recipe = slapos.cookbook:publish
takeover-url = http://[$${resilient-web-takeover-httpd-configuration-file:listening-ip}]:$${resilient-web-takeover-httpd-configuration-file:listening-port}
takeover-password = $${resilient-web-takeover-password:passwd}
###########
# Generate the takeover script
###########
[resiliency-takeover-script]
recipe = slapos.cookbook:addresiliency-root
wrapper-takeover = $${directory:bin}/takeover
takeover-triggered-file-path = $${directory:srv}/takeover_triggered
# Add path of file created by takeover script when takeover is triggered
# Takeover script will create this file
# equeue process will watch for file existence.
[equeue]
recipe = slapos.cookbook:equeue
socket = $${directory:run}/equeue.sock
lockfile = $${directory:run}/equeue.lock
log = $${directory:log}/equeue.log
database = $${directory:srv}/equeue.db
wrapper = $${directory:services}/equeue
equeue-binary = ${buildout:bin-directory}/equeue
takeover-triggered-file-path = $${resiliency-takeover-script:takeover-triggered-file-path}
###########
# Deploy a webserver allowing to do takeover from a web browser.
###########
[resilient-web-takeover-password]
recipe = slapos.cookbook:generate.password
storage-path = $${directory:srv}/passwd
bytes = 8
[resilient-web-takeover-cgi-script]
recipe = collective.recipe.template
input = ${resilient-web-takeover-cgi-script-download:destination}
output = $${directory:cgi-bin}/web-takeover.cgi
password = $${resilient-web-takeover-password:passwd}
mode = 700
proof-signature-url =
[resilient-web-takeover-httpd-port]
recipe = slapos.cookbook:free_port
ip = $${resilient-web-takeover-httpd-configuration-file:listening-ip}
minimum = 9281
maximum = 9292
# XXX could it be something lighter?
# XXX Add SSL
[resilient-web-takeover-httpd-configuration-file]
recipe = collective.recipe.template
input = inline:
PidFile "$${:pid-file}"
Listen [$${:listening-ip}]:$${:listening-port}
ServerAdmin someone@email
DocumentRoot "$${:document-root}"
ErrorLog "$${:error-log}"
LoadModule unixd_module modules/mod_unixd.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule mime_module modules/mod_mime.so
LoadModule cgid_module modules/mod_cgid.so
LoadModule dir_module modules/mod_dir.so
ScriptSock $${:cgid-pid-file}
<Directory $${:document-root}>
# XXX: security????
Options +ExecCGI
AddHandler cgi-script .cgi
DirectoryIndex web-takeover.cgi
</Directory>
output = $${directory:etc}/resilient-web-takeover-httpd.conf
# md5sum =
listening-ip = $${slap-network-information:global-ipv6}
# XXX: randomize-me
listening-port = $${resilient-web-takeover-httpd-port:port}
htdocs = $${directory:cgi-bin}
pid-file = $${directory:run}/resilient-web-takeover-httpd.pid
cgid-pid-file = $${directory:run}/resilient-web-takeover-httpd-cgid.pid
document-root = $${directory:cgi-bin}
error-log = $${directory:log}/resilient-web-takeover-httpd-error-log
[resilient-web-takeover-httpd-wrapper]
recipe = slapos.cookbook:wrapper
apache-executable = ${apache:location}/bin/httpd
command-line = $${:apache-executable} -f $${resilient-web-takeover-httpd-configuration-file:output} -DFOREGROUND
wrapper-path = $${directory:services}/resilient-web-takeover-httpd
[resilient-web-takeover-httpd-promise]
recipe = slapos.cookbook:check_url_available
path = $${directory:promises}/resilient-web-takeover-httpd
url = http://[$${resilient-web-takeover-httpd-configuration-file:listening-ip}]:$${resilient-web-takeover-httpd-configuration-file:listening-port}/
dash_path = ${dash:location}/bin/dash
curl_path = ${curl:location}/bin/curl
[slap-configuration]
recipe = slapos.cookbook:slapconfiguration
computer = $${slap-connection:computer-id}
partition = $${slap-connection:partition-id}
url = $${slap-connection:server-url}
key = $${slap-connection:key-file}
cert = $${slap-connection:cert-file}
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment