apache-custom-slave-list.cfg.in 12.8 KB
Newer Older
1 2
{% if software_type == slap_software_type -%}

3 4
{% set cached_server_dict = {} -%}
{% set part_list = [] -%}
5
{% set cache_access = "http://%s:%s" % (local_ipv4, cache_port) -%}
6
{% set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
7
{% set generic_instance_parameter_dict = {'cache_access': cache_access,} -%}
8
{% set slave_log_dict = {} -%}
9
{% if extra_slave_instance_list -%}
10
{%   set slave_instance_information_list = [] -%}
11 12
{%   set slave_instance_list = slave_instance_list + json_module.loads(extra_slave_instance_list) -%}
{% endif -%}
13 14 15 16 17 18 19 20
[jinja2-template-base]
recipe = slapos.recipe.template:jinja2
extra-context =
context =
    key eggs_directory buildout:eggs-directory
    key develop_eggs_directory buildout:develop-eggs-directory
    ${:extra-context}

21 22 23 24 25 26
{% do logrotate_dict.pop('recipe') %}
[logrotate]
{% for key, value in logrotate_dict.iteritems() -%}
{{ key }} = {{ value }}
{% endfor %}

27
# Loop trhought slave list to set up slaves
28 29 30
{% for slave_instance in slave_instance_list -%}
{%   set slave_reference = slave_instance.get('slave_reference') -%}
{%   set slave_section_title = 'dynamic-template-slave-instance-%s' % slave_reference -%}
31
{%   set slave_parameter_dict = generic_instance_parameter_dict.copy() -%}
32
{%   set slave_publish_dict = {} -%}
33
{%   set slave_configuration_section_name = 'slave-instance-%s-configuration' % slave_reference %}
34
{%   do part_list.append(slave_section_title) -%}
35

36 37
############################
#### Set Slave Log Directory and access
38 39 40 41 42 43 44

{%   set slave_directory_section = slave_reference + "-directory" -%}
{%   set slave_log_folder = logrotate_dict.get('backup') + '/' + slave_reference + "-logs" -%}
[{{slave_directory_section}}]
recipe = slapos.cookbook:mkdirectory
log-folder = {{slave_log_folder}}

45
# Set Up log files
46 47
{%   do slave_parameter_dict.__setitem__('access_log', '/'.join([apache_log_directory, '%s_access_log' % slave_reference])) -%}
{%   do slave_parameter_dict.__setitem__('error_log', '/'.join([apache_log_directory, '%s_error_log' % slave_reference])) -%}
48 49
{%       do slave_instance.__setitem__('access_log', slave_parameter_dict.get('access_log')) -%}
{%       do slave_instance.__setitem__('error_log', slave_parameter_dict.get('error_log')) -%}
50 51 52 53 54 55 56 57 58 59 60 61

# Set slave logrotate entry
{%   set slave_logrotate_section = slave_reference + "-logs" -%}
{%   do part_list.append(slave_logrotate_section) -%}
[{{slave_logrotate_section}}]
<= logrotate
recipe = slapos.cookbook:logrotate.d
name = ${:_buildout_section_name_}
log = {{slave_parameter_dict.get('access_log')}} {{slave_parameter_dict.get('error_log')}}
backup = {{ '${' + slave_directory_section + ':log-folder}' }}
frequency = daily
rotatep-num = 30
62
post = {{ apache_configuration.get('frontend-graceful-command') }}
63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93
sharedscripts = true
notifempty = true
create = true

# integrate current logs inside
{%   set slave_ln_section = slave_reference + "-ln" -%}
{%   do part_list.append(slave_ln_section) -%}
[{{slave_ln_section}}]
recipe = plone.recipe.command
stop-on-error = false
command = ln -s {{slave_parameter_dict.get('error_log')}} {{ '${' + slave_directory_section + ':log-folder}' }}/apache-error.log && ln -s {{slave_parameter_dict.get('access_log')}} {{ '${' + slave_directory_section + ':log-folder}' }}/apache-access.log

# Set password for slave
{%   set slave_password_section = slave_reference + "-password" -%}
[{{slave_password_section}}]
recipe = slapos.cookbook:generate.password
storage-path = {{apache_configuration_directory}}/.{{slave_reference}}.passwd
bytes = 8

# Set up htaccess file for slave
{%   set slave_htaccess_section = slave_reference + '-htaccess' %}
{%   do part_list.append(slave_htaccess_section) -%}
[{{slave_htaccess_section}}]
recipe = plone.recipe.command
stop-on-error = true
htaccess-path = {{apache_configuration_directory}}/.{{slave_reference}}.htaccess
command = {{frontend_configuration.get('apache-directory')}}/bin/htpasswd -cb ${:htaccess-path} {{ slave_reference }} {{ '${' + slave_password_section + ':passwd}' }}

# Add slave log directory to the slave log access dict
{%   do slave_log_dict.__setitem__(slave_reference, slave_log_folder) %}

94 95 96 97 98
{%   set slave_log_access_url = 'https://' + slave_reference + ':${'+ slave_password_section +':passwd}@[' + frontend_configuration.get('apache-ipv6') + ']:' + frontend_configuration.get('apache-https-port') + '/' + slave_reference.lower() + '/' %}
{%   do slave_publish_dict.__setitem__('log-access', slave_log_access_url) %}

############################
#### Set Slave Certificates if needed
99

100
# Set ssl certificates for each slave
101
{%   for cert_name in ('ssl_ca_crt', 'ssl_csr', 'ssl_proxy_ca_crt')-%}
102 103 104 105
{%     if cert_name in slave_instance -%}
{%       set cert_title = '%s-%s' % (slave_reference, cert_name.replace('ssl_', '')) -%}
{%       set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) -%}
{%       do part_list.append(cert_title) -%}
106
{%       do slave_parameter_dict.__setitem__(cert_name, cert_file) -%}
107
{%       do slave_instance.__setitem__('path_to_' + cert_name, cert_file) -%}
108
# Store certificates on fs
109 110 111 112 113 114
[{{ cert_title }}]
< = jinja2-template-base
template = {{ empty_template }}
rendered = {{ cert_file }}
extra-context =
    key content {{ cert_title + '-config:value' }}
115
# Store certificate in config
116 117 118 119 120
[{{ cert_title + '-config' }}]
value = {{ dumps(slave_instance.get(cert_name)) }}
{%     endif -%}
{%   endfor -%}

121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155
[cadirectory]
recipe = slapos.cookbook:mkdirectory
requests = {{ custom_ssl_directory }}/requests/
private = {{ custom_ssl_directory }}/private/
certs = {{ custom_ssl_directory }}/certs/
newcerts = {{ custom_ssl_directory }}/newcerts/
crl = {{ custom_ssl_directory }}/crl/

{%   if 'ssl_key' in slave_instance and 'ssl_crt' in slave_instance -%}
{%     set cert_title = '%s-crt' % (slave_reference) -%}
{%     set key_title = '%s-key' % (slave_reference) -%}
{%     set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) -%}
{%     set key_file = '/'.join([custom_ssl_directory, key_title.replace('-','.')]) -%}
{%     do part_list.append(cert_title) -%}
{%     do slave_instance.__setitem__('path_to_ssl_crt', cert_file) -%}
{%     do slave_instance.__setitem__('path_to_ssl_key', key_file) -%}

[{{cert_title}}]
recipe = slapos.cookbook:certificate_authority.request
#openssl-binary = ${openssl:location}/bin/openssl

requests-directory = ${cadirectory:requests}
ca-private = ${cadirectory:private}
ca-certs = ${cadirectory:certs}
ca-newcerts = ${cadirectory:newcerts}
ca-crl = ${cadirectory:crl}

key-file = {{ key_file }}
cert-file = {{ cert_file }}
key-content = {{ dumps(slave_instance.get('ssl_key')) }}
cert-content = {{ dumps(slave_instance.get('ssl_crt')) }} 
{%     endif -%}



156 157 158 159 160 161 162 163 164 165 166
############################
#### Set Slave Configuration

{%   if slave_instance.has_key('apache_custom_http') %}
#### Set Configuration for custom slaves

# Set up apache configuration file for slave
[{{ slave_section_title }}]
< = jinja2-template-base
template = {{ template_custom_slave_configuration }}
filename = {{ '%s.conf' % slave_reference }}
167
rendered = {{ apache_configuration_directory }}/${:filename}
168 169 170 171 172 173 174
extra-context =
    key apache_custom_https {{ 'slave-instance-%s-configuration:apache_custom_https' % slave_reference }}
    key apache_custom_http {{ 'slave-instance-%s-configuration:apache_custom_http' % slave_reference }}
    raw https_port {{ https_port }}
    raw http_port {{ http_port }}
{{ '\n' }}

175 176
# The slave use cache
{%     if 'enable_cache' in slave_instance and 'url' in slave_instance and 'domain' in slave_instance -%}
177
{%       do slave_instance.__setitem__('custom_domain', slave_instance.get('domain')) -%}
178 179 180
{%       do slave_instance.__setitem__('backend_url', slave_instance.get('url')) -%}
{%       do cached_server_dict.__setitem__(slave_reference, slave_configuration_section_name) -%}
{%     endif -%}
181

182
# Set apache configuration value for slave
183 184 185
[{{ slave_configuration_section_name }}]
{%   set apache_custom_http = ((slave_instance.pop('apache_custom_http', '')) % slave_parameter_dict) -%}
{%   set apache_custom_https = ((slave_instance.pop('apache_custom_https', '')) % slave_parameter_dict) -%}
186 187
apache_custom_http = {{ dumps(apache_custom_http) }}
apache_custom_https = {{ dumps(apache_custom_https) }}
188 189 190
{%     for key, value in slave_instance.iteritems() -%}
{{ key }} = {{ dumps(value) }}
{%     endfor %}
191 192
{{ '\n' }}

193 194 195 196 197 198 199 200 201 202 203 204 205
# Publish information
{%     do slave_publish_dict.update(**{'slave-reference':slave_instance.get('slave_reference'), 'public-ipv4':public_ipv4, 'log-access': slave_log_access_url}) %}

{%   else %}
#### Set Configuration for default slaves

# Set slave domain if none was defined
{%     if slave_instance.get('custom_domain', None) == None -%}
{%       do slave_instance.__setitem__('custom_domain', "%s.%s" % (slave_instance.get('slave_reference').replace("-", "").lower(), slapparameter_dict.get('domain'))) -%}
{%     endif -%}

# The slave use cache
# Next line is forbidden and people who copy it will be hanged short
206
{%     set enable_cache = (('' ~ slave_instance.get('enable_cache', '')).lower() in TRUE_VALUES and slave_instance.get('type', '') != 'redirect') -%}
207
{%     if enable_cache -%}
208
{%       do slave_instance.__setitem__('backend_url', slave_instance.get('url')) -%}
209
{%       do slave_instance.__setitem__('url', cache_access) -%}
210
{%       do cached_server_dict.__setitem__(slave_reference, slave_configuration_section_name) -%}
211 212 213 214
{%     endif -%}
{%     do part_list.append(slave_section_title) -%}


215
[{{ slave_configuration_section_name }}]
216 217 218 219 220 221 222 223 224
{%     for key, value in slave_instance.iteritems() -%}
{{ key }} = {{ dumps(value) }}
{%     endfor %}

# Set up slave configuration file
[{{ slave_section_title }}]
< = jinja2-template-base
template = {{ template_default_slave_configuration }}
filename = {{ '%s.conf' % slave_reference }}
225
rendered = {{ apache_configuration_directory }}/${:filename}
226 227
extensions = jinja2.ext.do
extra-context =
228
    section slave_parameter {{ slave_configuration_section_name }}
229 230 231 232
    raw https_port {{ https_port }}
    raw http_port {{ http_port }}
{{ '\n' }}

233
{%     do slave_publish_dict.update(**{'slave-reference':slave_instance.get('slave_reference'), 'public-ipv4':public_ipv4, 'domain':slave_instance.get('custom_domain'), 'url':"http://%s" % slave_instance.get('custom_domain'), 'site_url':"http://%s" % slave_instance.get('custom_domain'), 'secure_access': 'https://%s' % slave_instance.get('custom_domain')}) %}
234

235 236
{%   endif -%}

237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255
############################
### Prepare virtualhost for slaves using cache

{% for slave_reference, slave_configuration_section_name in cached_server_dict.iteritems() %}
{%   set cached_slave_configuration_section_title = '%s-cached-virtualhost' % slave_reference %}
{%   do part_list.append(cached_slave_configuration_section_title) -%}
[{{ cached_slave_configuration_section_title }}]
< = jinja2-template-base
template = {{ template_cached_slave_configuration }}
filename = {{ '%s.conf' % slave_reference }}
rendered = {{ apache_cached_configuration_directory }}/${:filename}
extensions = jinja2.ext.do
extra-context =
    section slave_parameter {{ slave_configuration_section_name }}
    raw cached_port {{ cached_port }}
{{ '\n' }}
{% endfor %}


256 257 258
############################
#### Publish Slave Information

259
# Publish slave information
260 261 262
{%   if not extra_slave_instance_list -%}
{%     set publish_section_title = 'publish-%s-connection-information' % slave_instance.get('slave_reference') -%}
{%     do part_list.append(publish_section_title) -%}
263 264
[{{ publish_section_title }}]
recipe = slapos.cookbook:publish
265 266 267
{%     for key, value in slave_publish_dict.iteritems() %}
{{ key }} = {{ value }}
{%     endfor %}
268
{%   else -%}
269
{%     do slave_instance_information_list.append(slave_publish_dict) -%}
270
{%   endif -%}
271 272
{% endfor -%}

273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289
[slave-log-directories]
{% for key, value in slave_log_dict.iteritems() -%}
{{ key }} = {{ value }}
{% endfor %}

# Define log access
{% set log_access_section = "apache-log-access" %}
{% do part_list.append(log_access_section) -%}
[{{log_access_section}}]
< = jinja2-template-base
template = {{frontend_configuration.get('template-log-access')}}
rendered = {{frontend_configuration.get('log-access-configuration')}}
extra-context =
    section slave_log_directory slave-log-directories
    raw apache_log_directory {{apache_log_directory}}
    raw apache_configuration_directory {{apache_configuration_directory}}

290 291 292 293 294 295 296 297 298 299
# Publish information for the instance
{% set publish_section_title = 'publish-apache-information' -%}
{% do part_list.append(publish_section_title) -%}
[{{ publish_section_title }}]
recipe = slapos.cookbook:publish
public-ipv4 = {{ public_ipv4 }}
private-ipv4 = {{ local_ipv4 }}
{% if extra_slave_instance_list -%}
slave-instance-information-list = {{ json_module.dumps(slave_instance_information_list) }}
{% endif -%}
300
monitor-base-url = {{ monitor_base_url }}
301 302 303 304 305 306 307 308 309 310

[buildout]
parts +=
{% for part in part_list -%}
{{ '    %s' % part }}
{% endfor -%}

eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}
offline = true
311 312 313
cache-access = {{ cache_access }}

{% endif -%}