[buildout] common-runner-parts = nginx_conf nginx-launcher certificate-authority ca-nginx certificate-authority-service ca-nginx-service logrotate-entry-nginx gunicorn-launcher gunicorn-graceful publish-connection-information slaprunner-promise logrotate-entry-apache-httpd apache-httpd-promise slaprunner-supervisord-wrapper runner-sshd-add-authorized-key runner-sshd-graceful runner-sshd-promise runner-sshkeys-authority runner-sshkeys-authority-service runner-sshkeys-sshd runner-sshkeys-sshd-service runtestsuite symlinks shellinabox shellinabox-service slapos-cfg cron-entry-prepare-software deploy-instance-parameters instance-software instance-software-type minishell-cwd bash-profile supervisord-wrapper supervisord-promise logrotate-entry-supervisord logrotate-entry-slapgrid httpd-graceful-wrapper {% if slapparameter_dict.get('no-ipv4-frontend', 'false') == 'false' %} slaprunner-frontend-promise httpd-frontend-promise {% endif %} {% if slapparameter_dict.get('custom-frontend-backend-url') and slapparameter_dict.get('check-custom-frontend-promise', 'false') == 'true' %} custom-frontend-promise {% endif %} ## Monitoring part monitor-base monitor-check-webrunner-internal-instance ## Usability part template-slapuser-script parts = $${:common-runner-parts} extends = ${monitor2-template:rendered} ${template-logrotate-base:rendered} eggs-directory = ${buildout:eggs-directory} develop-eggs-directory = ${buildout:develop-eggs-directory} offline = true {% if slapparameter_dict.get('custom-frontend-backend-url') -%} [request-custom-frontend] recipe = slapos.cookbook:requestoptional software-url = {{ slapparameter_dict.get('custom-frontend-software-url', 'http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg') }} software-type = {{ slapparameter_dict.get('custom-frontend-software-type', 'RootSoftwareInstance') }} slave = true name = Custom Web Frontend server-url = $${slap-connection:server-url} key-file = $${slap-connection:key-file} cert-file = $${slap-connection:cert-file} computer-id = $${slap-connection:computer-id} partition-id = $${slap-connection:partition-id} {% if slapparameter_dict.get('custom-frontend-instance-guid') -%} sla-instance_guid = $${slap-parameter:frontend-instance-guid} {% endif -%} {% set custom_frontend_backend_type = slapparameter_dict.get('custom-frontend-backend-type') -%} {% if custom_frontend_backend_type -%} config-type = {{ custom_frontend_backend_type }} {% endif -%} config-url = {{ slapparameter_dict.get('custom-frontend-backend-url') }} return = site_url domain [custom-frontend-promise] recipe = slapos.cookbook:check_url_available path = $${directory:promises}/custom_frontend_promise url = https://$${request-custom-frontend:connection-domain} {% if slapparameter_dict.get('custom-frontend-basic-auth') -%} check-secure = 1 {% endif -%} dash_path = {{ dash_executable_location }} curl_path = {{ curl_executable_location }} [custom-frontend-url-ready-promise] recipe = slapos.recipe.template:jinja2 path = $${directory:promises}/custom_frontend_ready_promise url = https://$${request-custom-frontend:connection-domain} rendered = $${directory:promises}/custom_frontend_ready_promise template = inline: #!{{ dash_executable_location }} URL="$${:url}" CODE=$({{ curl_executable_location }} -g -k -sL $URL -w %{http_code} --max-time 5 -o /dev/null) if [ $? -eq 3 ]; then echo "Custom frontend URL malformed: $URL." >&2 exit 1 fi [publish-connection-information] custom-frontend-url = $${custom-frontend-url-ready-promise:url} {% endif %} # Create all needed directories [directory] recipe = slapos.cookbook:mkdirectory home = $${buildout:directory} etc = $${:home}/etc/ var = $${:home}/var/ # This srv path has an extra slash, which will cause runnerdirectory:home # to be .../srv//runner/.. but for compatibility reasons we don't fix this, # because this is the path that will be used as software URL installed by # webrunner and would cause software release hash to become different. srv = $${:home}/srv/ bin = $${:home}/bin/ tmp = $${:home}/tmp/ sshkeys = $${:srv}/sshkeys services = $${:etc}/service/ scripts = $${:etc}/run/ ssh = $${:etc}/ssh/ log = $${:var}/log/ run = $${:var}/run/ backup = $${:srv}/backup/ promises = $${:etc}/promise/ test = $${:etc}/test/ nginx-data = $${:srv}/nginx ca-dir = $${:srv}/ssl project = $${:srv}/runner/project cgi-bin = $${:srv}/cgi-bin [runnerdirectory] recipe = slapos.cookbook:mkdirectory home = $${directory:srv}/runner/ test = $${directory:srv}/test/ project = $${:home}/project public = $${:home}/public software-root = {{ slapparameter_dict.get('software-root', '$${:home}/software') }} instance-root = $${:home}/instance shared-root = $${slap-parameter:buildout-shared-folder} project-test = $${:test}/project software-test = $${:test}/software instance-test = $${:test}/instance sessions = $${buildout:directory}/.sessions private-project = $${:home}/.git-private public-project = $${:home}/.git-public [slaprunner] slaprunner = ${buildout:directory}/bin/slaprunner slapos = ${buildout:directory}/bin/slapos slapproxy = ${buildout:directory}/bin/slapproxy supervisor = ${buildout:directory}/bin/slapgrid-supervisorctl git-binary = ${git:location}/bin/git root_check = false slapos.cfg = $${directory:etc}/slapos.cfg working-directory = $${runnerdirectory:home} project-directory = $${runnerdirectory:project} instance_root = $${runnerdirectory:instance-root} software_root = $${runnerdirectory:software-root} shared_root = $${runnerdirectory:shared-root} buildout-shared-part-list-dump = ${template-buildout-shared-part-list:output} pidfile-software = $${directory:run}/slapgrid-cp.pid pidfile-instance = $${directory:run}/slapgrid-sr.pid ssh_client = ${openssh:location}/bin/ssh public_key = $${runner-sshd-raw-server:rsa-keyfile}.pub private_key = $${runner-sshd-raw-server:rsa-keyfile} instance-monitor-url = https://[$${:ipv6}]:$${slap-parameter:monitor-httpd-port} etc_dir = $${directory:etc} log_dir = $${directory:log} run_dir = $${directory:run} ipv4 = $${slap-network-information:local-ipv4} ipv6 = $${slap-network-information:global-ipv6} instance_root = $${runnerdirectory:instance-root} proxy_port = 50000 runner_port = 50005 partition-amount = $${slap-parameter:instance-amount} wrapper = $${directory:services}/slaprunner debug = $${slap-parameter:debug} access-url = https://[$${:ipv6}]:$${:runner_port} supervisord_config = $${directory:etc}/supervisord.conf supervisord_server = http://$${supervisord:server} proxy_database = $${slaprunner:working-directory}/proxy.db console = False verbose = False debug = False auto_deploy = $${slap-parameter:auto-deploy} auto_deploy_instance = $${slap-parameter:auto-deploy-instance} autorun = $${slap-parameter:autorun} knowledge0_file = $${monitor-instance-parameter:configuration-file-path} minishell_cwd_file = $${directory:etc}/.minishell-cwd minishell_history_file = $${directory:etc}/.minishell_history software_info_json = $${runnerdirectory:home}/software_info.json instance_info_json = $${runnerdirectory:home}/instance_info.json path = $${shell-environment:path} instance_name = $${slap-parameter:instance-name} default_repository = $${slap-parameter:slapos-repository} default_repository_branch = $${slap-parameter:slapos-reference} #--------------------------- #-- #-- supervisord managing slaprunner instance processes [slaprunner-supervisord-wrapper] recipe = slapos.cookbook:wrapper # XXX hardcoded locations command-line = $${directory:bin}/slapos node supervisord --cfg $${directory:etc}/slapos.cfg -n wrapper-path = $${directory:services}/slaprunner-supervisord hash-existing-files = $${buildout:directory}/software_release/buildout.cfg [test-runner] <= slaprunner slapos.cfg = $${directory:etc}/slapos-test.cfg working-directory = $${runnerdirectory:test} project-directory = $${runnerdirectory:project-test} software_root = $${runnerdirectory:software-test} instance_root = $${runnerdirectory:instance-test} proxy_port = 8602 etc_dir = $${directory:test} autorun = False auto_deploy = True [runtestsuite] recipe = slapos.cookbook:wrapper arguments = --server_url=$${slap-connection:server-url} --key_file=$${slap-connection:key-file} --cert_file=$${slap-connection:cert-file} --computer_id=$${slap-connection:computer-id} --partition_id=$${slap-connection:partition-id} command-line = ${buildout:directory}/bin/slaprunnertest $${:arguments} wrapper-path = $${directory:bin}/runTestSuite environment = PATH=$${shell-environment:path} RUNNER_CONFIG=$${slapos-cfg:rendered} # Deploy openssh-server [runner-sshd-port] recipe = slapos.cookbook:free_port minimum = 22222 maximum = 22231 ip = $${slap-network-information:global-ipv6} [runner-sshd-config] recipe = slapos.recipe.template:jinja2 rendered = $${directory:etc}/runner-sshd.conf path_pid = $${directory:run}/runner-sshd.pid host_key = $${directory:ssh}/runner_server_key.rsa template = inline: PidFile $${:path_pid} Port $${runner-sshd-port:port} ListenAddress $${slap-network-information:global-ipv6} Protocol 2 UsePrivilegeSeparation no HostKey $${:host_key} PasswordAuthentication no PubkeyAuthentication yes AuthorizedKeysFile $${buildout:directory}/.ssh/authorized_keys ForceCommand cd $${directory:home}; if [ -z "$SSH_ORIGINAL_COMMAND" ]; then HOME=$${directory:home} $${shell-environment:shell} -l; else HOME=$${directory:home} SHELL=$${shell-environment:shell} PATH=$${shell-environment:path} eval "$SSH_ORIGINAL_COMMAND"; fi Subsystem sftp ${openssh:location}/libexec/sftp-server [runner-sshd-raw-server] recipe = slapos.cookbook:wrapper host = $${slap-network-information:global-ipv6} rsa-keyfile = $${runner-sshd-config:host_key} home = $${directory:ssh} command-line = ${openssh:location}/sbin/sshd -D -e -f $${runner-sshd-config:rendered} wrapper-path = $${directory:bin}/runner_raw_sshd [runner-sshd-authorized-key] <= runner-sshd-raw-server recipe = slapos.cookbook:dropbear.add_authorized_key key = $${slap-parameter:user-authorized-key} [runner-sshd-server] recipe = collective.recipe.template log = $${directory:log}/runner-sshd.log input = inline:#!/bin/sh exec $${runner-sshd-raw-server:wrapper-path} >> $${:log} 2>&1 output = $${directory:bin}/runner_raw_sshd_log mode = 700 [runner-sshd-graceful] recipe = slapos.cookbook:wrapper command-line = $${directory:bin}/killpidfromfile $${runner-sshd-config:path_pid} SIGHUP wrapper-path = $${directory:scripts}/runner-sshd-graceful [runner-sshkeys-directory] recipe = slapos.cookbook:mkdirectory requests = $${directory:sshkeys}/runner-requests/ keys = $${directory:sshkeys}/runner-keys/ [runner-sshkeys-authority] recipe = slapos.cookbook:sshkeys_authority request-directory = $${runner-sshkeys-directory:requests} keys-directory = $${runner-sshkeys-directory:keys} wrapper = $${directory:bin}/runner_sshkeys_authority keygen-binary = ${openssh:location}/bin/ssh-keygen [runner-sshkeys-authority-service] recipe = slapos.cookbook:wrapper command-line = $${runner-sshkeys-authority:wrapper} wrapper-path = $${directory:services}/runner-sshkeys-authority hash-existing-files = $${buildout:directory}/software_release/buildout.cfg [runner-sshkeys-sshd] <= runner-sshkeys-authority recipe = slapos.cookbook:sshkeys_authority.request name = sshd type = rsa executable = $${runner-sshd-server:output} public-key = $${runner-sshd-raw-server:rsa-keyfile}.pub private-key = $${runner-sshd-raw-server:rsa-keyfile} wrapper = $${directory:bin}/runner-sshd [runner-sshkeys-sshd-service] recipe = slapos.cookbook:wrapper command-line = $${runner-sshkeys-sshd:wrapper} wrapper-path = $${directory:services}/runner-sshd hash-existing-files = $${buildout:directory}/software_release/buildout.cfg [runner-sshd-add-authorized-key] recipe = slapos.cookbook:dropbear.add_authorized_key home = $${buildout:directory} key = $${slap-parameter:user-authorized-key} [runner-sshkeys-publickey-fingerprint-cmd] recipe = plone.recipe.command command = bash -o pipefail -c "$${runner-sshkeys-authority:keygen-binary} -lf $${runner-sshkeys-sshd:public-key} | cut -f 2 -d\ | sed 's/+/%2B/g' | sed 's/\//%2F/g' | sed 's/SHA256://'" [runner-sshkeys-publickey-fingerprint-shelloutput] recipe = collective.recipe.shelloutput # XXX because collective.recipe.shelloutput ignore errors, we run the same # command in a plone.recipe.command so that if fails if something goes wrong. commands = fingerprint = $${runner-sshkeys-publickey-fingerprint-cmd:command} [runner-sshkeys-publickey-fingerprint] # fingerprint for ssh url, see # https://tools.ietf.org/id/draft-salowey-secsh-uri-00.html#connparam # https://winscp.net/eng/docs/session_url#hostkey # format is host-key-alg-fingerprint, but we know that # $${runner-sshkeys-sshd:public-key} is rsa so for host-key-alg # we just use use rsa. fingerprint = ssh-rsa-$${runner-sshkeys-publickey-fingerprint-shelloutput:fingerprint} #--------------------------- #-- #-- Set nginx frontend [tempdirectory] recipe = slapos.cookbook:mkdirectory client_body_temp_path = $${directory:tmp}/client_body_temp_path proxy_temp_path = $${directory:tmp}/proxy_temp_path fastcgi_temp_path = $${directory:tmp}/fastcgi_temp_path uwsgi_temp_path = $${directory:tmp}/uwsgi_temp_path scgi_temp_path = $${directory:tmp}/scgi_temp_path [nginx-frontend] # Options nb_workers = 5 # Network local-ip = $${slap-network-information:local-ipv4} global-ip = $${slap-network-information:global-ipv6} global-port = $${slaprunner:runner_port} # Backend runner-ip = $${slaprunner:ipv4} runner-port = $${slaprunner:runner_port} # SSL ssl-certificate = $${ca-nginx:cert-file} ssl-key = $${ca-nginx:key-file} # Log path_pid = $${directory:run}/nginx.pid path_log = $${directory:log}/nginx.log path_access_log = $${directory:log}/nginx.access.log path_error_log = $${directory:log}/nginx.error.log path_tmp = $${directory:tmp}/ nginx_prefix = $${buildout:directory} # Config files path_nginx_conf = $${directory:etc}/nginx.conf # Executables bin_nginx = ${nginx-webdav:location}/sbin/nginx bin_launcher = $${directory:bin}/launcher # Utils path_shell = ${dash:location}/bin/dash # Misc. etc_dir = $${directory:etc} work_dir = $${slaprunner:working-directory} [nginx_conf] recipe = slapos.recipe.template:jinja2 template = ${template_nginx_conf:location}/${template_nginx_conf:filename} rendered = $${nginx-frontend:path_nginx_conf} context = key shellinabox_socket shellinabox:socket key socket gunicorn:socket section param_nginx_frontend nginx-frontend section param_tempdir tempdirectory [nginx-launcher] recipe = slapos.recipe.template:jinja2 template = ${template_launcher:location}/${template_launcher:filename} rendered = $${nginx-frontend:bin_launcher} mode = 700 context = section param_nginx_frontend nginx-frontend [logrotate-entry-nginx] <= logrotate-entry-base name = nginx log = $${directory:log}/nginx.access.log $${directory:log}/nginx.error.log post = kill -USR1 $(cat $${buildout:directory}/var/run/nginx.pid) [httpd-parameters] path_pid = $${directory:run}/httpd.pid path_error_log = $${directory:log}/httpd-error.log path_access_log = $${directory:log}/httpd-access.log # XXX Use ca-nginx, no need to regenerate certificate cert_file = $${ca-nginx:cert-file} key_file = $${ca-nginx:key-file} global_ip = $${slap-network-information:global-ipv6} global_port = $${slap-parameter:slaprunner-httpd-port} working_directory = $${slaprunner:working-directory} dav_lock = $${directory:var}/WebDavLock htpasswd_file = $${directory:etc}/.htpasswd etc_dir = $${directory:etc} var_dir = $${directory:var} project_folder = $${directory:project} project_private_folder = $${runnerdirectory:private-project} project_public_folder = $${runnerdirectory:public-project} runner_home = $${runnerdirectory:home} git_http_backend = ${git:location}/libexec/git-core/git-http-backend cgid_sock = $${directory:run}/cgid.sock httpd_cors_file = $${slaprunner-httpd-cors:location} [httpd-conf] recipe = slapos.recipe.template:jinja2 template = ${template_httpd_conf:location}/${template_httpd_conf:filename} rendered = $${directory:etc}/httpd.conf context = section parameters httpd-parameters [apache-httpd] recipe = slapos.cookbook:wrapper apache-executable = ${apache:location}/bin/httpd wrapper-path = $${directory:services}/slaprunner-httpd command-line = $${:apache-executable} -f $${httpd-conf:rendered} -DFOREGROUND access-url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global_port} wait-for-files = $${ca-nginx:cert-file} $${ca-nginx:key-file} hash-existing-files = $${buildout:directory}/software_release/buildout.cfg [logrotate-entry-apache-httpd] <= logrotate-entry-base name = apache log = $${directory:log}/httpd-access.log $${directory:log}/httpd-error.log post = test ! -s $${buildout:directory}/var/run/httpd.pid || $${buildout:directory}/bin/slapos-kill --pidfile $${buildout:directory}/var/run/httpd.pid -s USR1 [httpd-graceful-wrapper] recipe = collective.recipe.template input = inline: #!/bin/sh exec kill -USR1 $(cat $${httpd-parameters:path_pid}) output = $${directory:scripts}/slaprunner-httpd-graceful mode = 700 [apache-httpd-promise] recipe = slapos.cookbook:check_url_available path = $${directory:promises}/$${:filename} filename = apache-httpd-listening-on-tcp url = $${apache-httpd:access-url} check-secure = 1 dash_path = {{ dash_executable_location }} curl_path = {{ curl_executable_location }} [slaprunner-httpd-cors] recipe = plone.recipe.command command = if [ ! -f $${:location} ]; then touch $${:location}; fi location = $${directory:etc}/$${:filename} filename = slaprunner-httpd-cors.cfg stop-on-error = true #-------------------- #-- #-- WSGI [gunicorn] bin_gunicorn = $${directory:bin}/gunicorn bin_launcher = $${directory:services}/gunicorn path_shell = ${dash:location}/bin/dash socket = $${directory:tmp}/flaskserver.sock path_pid = $${directory:run}/gunicorn.pid [gunicorn-launcher] recipe = slapos.cookbook:wrapper command-line = $${gunicorn:bin_gunicorn} slapos.runner.run:app -p $${gunicorn:path_pid} -b unix:$${gunicorn:socket} -e RUNNER_CONFIG=$${slaprunner:slapos.cfg} --error-logfile $${directory:log}/$${:error-log-file} --timeout 200 --threads 3 --log-level error --preload error-log-file = gunicorn-error.log wrapper-path = $${gunicorn:bin_launcher} environment = PATH=$${shell-environment:path} RUNNER_CONFIG=$${slaprunner:slapos.cfg} LANG=en_GB.UTF-8 hash-existing-files = $${buildout:directory}/software_release/buildout.cfg [gunicorn-graceful] recipe = slapos.cookbook:wrapper command-line = $${directory:bin}/killpidfromfile $${gunicorn:path_pid} SIGHUP wrapper-path = $${directory:scripts}/gunicorn-graceful #-------------------- #-- #-- ssl certificates [certificate-authority] recipe = slapos.cookbook:certificate_authority openssl-binary = ${openssl:location}/bin/openssl ca-dir = $${directory:ca-dir} requests-directory = $${cadirectory:requests} wrapper = $${directory:bin}/certificate_authority ca-private = $${cadirectory:private} ca-certs = $${cadirectory:certs} ca-newcerts = $${cadirectory:newcerts} ca-crl = $${cadirectory:crl} [cadirectory] recipe = slapos.cookbook:mkdirectory requests = $${directory:ca-dir}/requests/ private = $${directory:ca-dir}/private/ certs = $${directory:ca-dir}/certs/ newcerts = $${directory:ca-dir}/newcerts/ crl = $${directory:ca-dir}/crl/ [ca-nginx] <= certificate-authority recipe = slapos.cookbook:certificate_authority.request key-file = $${cadirectory:certs}/nginx_frontend.key cert-file = $${cadirectory:certs}/nginx_frontend.crt executable = $${nginx-launcher:rendered} wrapper = $${directory:bin}/nginx-frontend # Put domain name name = example.com [ca-nginx-service] recipe = slapos.cookbook:wrapper command-line = $${directory:bin}/nginx-frontend wrapper-path = $${directory:services}/nginx-frontend hash-existing-files = $${buildout:directory}/software_release/buildout.cfg [certificate-authority-service] recipe = slapos.cookbook:wrapper command-line = $${directory:bin}/certificate_authority wrapper-path = $${directory:services}/certificate_authority hash-existing-files = $${buildout:directory}/software_release/buildout.cfg #-------------------- #-- #-- Request frontend {% if slapparameter_dict.get('no-ipv4-frontend', 'false') == 'false' -%} [request-frontend] <= slap-connection recipe = slapos.cookbook:requestoptional name = SlapRunner Frontend # XXX We have hardcoded SR URL here. software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg slave = true config-url = $${slaprunner:access-url} config-domain = $${slap-parameter:frontend-domain} return = site_url domain [slaprunner-frontend-promise] recipe = slapos.cookbook:check_url_available path = $${directory:promises}/slaprunner_frontend url = https://$${request-frontend:connection-domain}/login dash_path = ${dash:location}/bin/dash curl_path = ${curl:location}/bin/curl check-secure = 1 [request-httpd-frontend] <= slap-connection recipe = slapos.cookbook:requestoptional # XXX - Unfortunately, we still call webrunner httpd frontend "Monitor Frontend" otherwise # buildout will ignore previous frontend that was created and create a new one (in case of upgrade) name = Monitor Frontend # XXX We have hardcoded SR URL here. software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg slave = true config-url = $${apache-httpd:access-url} config-domain = return = secure_access domain [httpd-frontend-promise] recipe = slapos.cookbook:check_url_available path = $${directory:promises}/slaprunner-apache-http-frontend url = $${request-httpd-frontend:connection-secure_access} dash_path = {{ dash_executable_location }} curl_path = {{ curl_executable_location }} check-secure = 1 {% endif %} [htpasswd] recipe = slapos.cookbook:generate.password storage-path = $${directory:etc}/.pwd bytes = 8 [runner-htpasswd] recipe = plone.recipe.command stop-on-error = true htpasswd-path = $${monitor-directory:etc}/.htpasswd command = if [ ! -f "$${:htpasswd-path}" ]; then ${apache:location}//bin/htpasswd -cb $${:htpasswd-path} $${:user} $${:password}; fi update-command = $${:command} user = admin {% if slapparameter_dict.get('monitor-password', '') -%} password = {{ slapparameter_dict['monitor-password'] }} {% else -%} password = $${htpasswd:passwd} {% endif -%} #-------------------------------------- #-- #-- Send information to SlapOS Master [user-info] recipe = slapos.cookbook:userinfo [publish-connection-information] recipe = slapos.cookbook:publish backend-url = $${slaprunner:access-url} init-user = $${runner-htpasswd:user} init-password = $${runner-htpasswd:password} ssh-command = ssh $${user-info:pw-name}@$${slap-network-information:global-ipv6} -p $${runner-sshd-port:port} ssh-url = ssh://$${user-info:pw-name};fingerprint=$${runner-sshkeys-publickey-fingerprint:fingerprint}@[$${slap-network-information:global-ipv6}]:$${runner-sshd-port:port} git-public-url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global_port}/git-public/ git-private-url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global_port}/git/ monitor-base-url = $${monitor-publish-parameters:monitor-base-url} {% if slapparameter_dict.get('no-ipv4-frontend', 'false') == 'false' -%} url = https://$${request-frontend:connection-domain} webdav-url = $${request-httpd-frontend:connection-secure_access}/share/ public-url = $${request-httpd-frontend:connection-secure_access}/public/ {% else %} url = $${slaprunner:access-url} webdav-url = $${apache-httpd:access-url}/share/ public-url = $${apache-httpd:access-url}/public/ {% endif %} {% if slapparameter_dict.get('instance-type', '') != 'resilient' -%} {% set monitor_interface_url = slapparameter_dict.get('monitor-interface-url', 'https://monitor.app.officejs.com') -%} monitor-setup-url = {{ monitor_interface_url }}/#page=settings_configurator&url=$${monitor-publish-parameters:monitor-url}&username=$${monitor-publish-parameters:monitor-user}&password=$${monitor-publish-parameters:monitor-password} {% else -%} monitor-url = $${monitor-publish-parameters:monitor-url} monitor-user = $${monitor-publish-parameters:monitor-user} monitor-password = $${monitor-publish-parameters:monitor-password} {% endif -%} #--------------------------- #-- #-- Deploy promises scripts [slaprunner-promise] recipe = slapos.cookbook:check_port_listening path = $${directory:promises}/slaprunner hostname = $${slaprunner:ipv6} port = $${slaprunner:runner_port} [runner-sshd-promise] recipe = slapos.cookbook:check_port_listening path = $${directory:promises}/runner-sshd hostname = $${slap-network-information:global-ipv6} port = $${runner-sshd-port:port} [symlinks] recipe = cns.recipe.symlink symlink_target = $${directory:bin} symlink_base = ${buildout:directory}/bin [slap-parameter] # Default value if no ssh key is specified user-authorized-key = # Default value of instances number in slaprunner instance-amount = 10 debug = false frontend-domain = slapos-repository = https://lab.nexedi.com/nexedi/slapos.git slapos-software = slapos-software-type = slapos-reference = 1.0 auto-deploy = false auto-deploy-instance = true autorun = false slaprunner-httpd-port = 9686 instance-name = monitor-cors-domains = monitor-interface-url = monitor-httpd-port = 8386 buildout-shared-folder = $${runnerdirectory:home}/shared [slapos-cfg] recipe = slapos.recipe.template:jinja2 template = ${template-slapos-cfg:location}/${template-slapos-cfg:filename} rendered = $${slaprunner:slapos.cfg} mode = 700 context = section slaprunner slaprunner import codecs codecs raw buildout_shared_part_list_dump $${slaprunner:buildout-shared-part-list-dump} [slapos-test-cfg] recipe = slapos.recipe.template:jinja2 template = ${template-slapos-cfg:location}/${template-slapos-cfg:filename} rendered = $${test-runner:slapos.cfg} mode = 700 context = section slaprunner test-runner [shellinabox] recipe = slapos.recipe.template:jinja2 # We cannot use slapos.cookbook:wrapper here because this recipe escapes too much socket = $${directory:run}/siab.sock mode = 0700 rendered = $${directory:bin}/shellinaboxd template = inline: #!/bin/sh exec ${shellinabox:location}/bin/shellinaboxd \ --unixdomain-only=$${:socket}:$(id -u):$(id -g):0600 \ --service "/:$(id -u):$(id -g):HOME:$${shell-environment:shell} -l" [shellinabox-service] recipe = slapos.cookbook:wrapper command-line = $${directory:bin}/shellinaboxd wrapper-path = $${directory:services}/shellinaboxd hash-existing-files = $${buildout:directory}/software_release/buildout.cfg [shell-environment] shell = ${bash:location}/bin/bash path = ${nano:location}/bin:${vim:location}/bin:${screen:location}/bin:${git:location}/bin:${curl:location}/bin:${python2.7:location}/bin:${tig:location}/bin:${zip:location}/bin:${mosh:location}/bin:${bash:location}/bin:$${buildout:directory}/bin/:/usr/bin:/bin/ [prepare-software] recipe = slapos.cookbook:wrapper command-line = ${curl:location}/bin/curl -g https://[$${slaprunner:ipv6}]:$${slaprunner:runner_port}/isSRReady --max-time 1 --insecure wrapper-path = $${directory:scripts}/prepareSoftware [cron-entry-prepare-software] <= cron recipe = slapos.cookbook:cron.d name = prepare-software frequency = */2 * * * * command = $${prepare-software:wrapper-path} [instance-parameters] recipe = slapos.recipe.template:jinja2 extensions = jinja2.ext.do template = ${template-parameters:location}/${template-parameters:filename} rendered = $${directory:etc}/.parameter.xml.default mode = 0644 context = key slapparameter_dict slap-configuration:configuration [deploy-instance-parameters] recipe = plone.recipe.command stop-on-error = true parameter-xml = $${directory:etc}/.parameter.xml command = if [ ! -f $${:parameter-xml} ]; then cp $${instance-parameters:rendered} $${:parameter-xml}; fi [instance-software-type] recipe = plone.recipe.command stop-on-error = true # XXX It should not be named with .xml as it is not xml software-type-path = $${directory:etc}/.software_type.xml command = if [ ! -f $${:software-type-path} -a "$${slap-parameter:slapos-software-type}" != "" ]; then echo "$${slap-parameter:slapos-software-type}" > $${:software-type-path}; fi [instance-software] recipe = plone.recipe.command stop-on-error = true command = SR=$${slap-parameter:slapos-software} && if [ -n "$SR" ] && [ ! -f "$${directory:etc}/.project" ]; then echo workspace/slapos/$${slap-parameter:slapos-software}/ > $${directory:etc}/.project; fi [slap-configuration] recipe = slapos.cookbook:slapconfiguration.serialised computer = $${slap-connection:computer-id} partition = $${slap-connection:partition-id} url = $${slap-connection:server-url} key = $${slap-connection:key-file} cert = $${slap-connection:cert-file} [minishell-cwd] recipe = plone.recipe.command command = if [ ! -f $${slaprunner:minishell_cwd_file} ]; then echo $${runnerdirectory:home} > $${slaprunner:minishell_cwd_file}; fi location = $${slaprunner:minishell_cwd_file} stop-on-error = true [bash-profile] recipe = slapos.recipe.template:jinja2 template = ${template-bash-profile:location}/${template-bash-profile:filename} rendered = $${buildout:directory}/.bash_profile context = raw path $${shell-environment:path} raw shell $${shell-environment:shell} key terminfo terminfo:location key instance_name slap-parameter:instance-name key workdir runnerdirectory:home key home directory:home [terminfo] location = ${ncurses:location}/share/terminfo/ #--------------------------- #-- #-- supervisord managing slaprunner automation features [supervisord] autorestart = false autostart = false directory = $${buildout:directory} exitcodes = 0 logfile = $${directory:log}/supervisord.log no_logfile = NONE numprocs = 1 path = $${shell-environment:path} pidfile = $${directory:run}/supervisord.pid ip = $${slaprunner:ipv4} server = $${:ip}:$${:port} port = 39986 slapgrid-cp = slapgrid-cp slapgrid-cp-command = $${slaprunner:slapos} node instance --cfg $${:slapos-cfg} --verbose --logfile $${:slapgrid-cp-log} slapgrid-cp-log = $${runnerdirectory:home}/instance.log slapgrid-cp-startretries = 0 slapgrid-sr = slapgrid-sr slapgrid-sr-command = $${slaprunner:slapos} node software --all --cfg $${:slapos-cfg} --verbose --logfile $${:slapgrid-sr-log} slapgrid-sr-log = $${runnerdirectory:home}/software.log slapgrid-sr-startretries = 0 slapproxy = slapproxy slapproxy-autorestart = true slapproxy-autostart = true slapproxy-startsecs = 1 slapproxy-command = $${slaprunner:slapos} proxy start --logfile $${:slapproxy-log} --cfg $${:slapos-cfg} slapproxy-log = $${directory:log}/slapproxy.log socket_name = unix://$${:socket_path} socket_path = $${directory:tmp}/supervisord.sock startsecs = 0 # This file logs errors from listeners. Supervisord has its own logfile. # Processes should handle their logs by themselves stderr_logfile = $${directory:log}/supervisord-errors.log slapos-cfg = $${slaprunner:slapos.cfg} [supervisord-conf] recipe = slapos.recipe.template:jinja2 template = ${template-supervisord:location}/${template-supervisord:filename} rendered = $${directory:etc}/supervisord.conf context = import multiprocessing multiprocessing import builtin __builtin__ section supervisord supervisord key slapparameter_dict slap-configuration:configuration key listener_slapgrid listener-slapgrid-bin:rendered [listener-slapgrid-bin] recipe = slapos.recipe.template:jinja2 template = ${template-listener-slapgrid:location}/${template-listener-slapgrid:filename} rendered = $${directory:bin}/listener_slapgrid.py mode = 0744 context = section supervisord supervisord section slaprunner slaprunner raw python_executable ${buildout:directory}/bin/${extra-eggs:interpreter} [supervisord-wrapper] recipe = slapos.cookbook:wrapper command-line = $${buildout:directory}/bin/supervisord -c $${supervisord-conf:rendered} --nodaemon wrapper-path = $${directory:services}/supervisord hash-existing-files = $${buildout:directory}/software_release/buildout.cfg [logrotate-entry-supervisord] <= logrotate-entry-base name = supervisord log = $${directory:log}/slapproxy.log $${directory:log}/supervisord.log $${directory:log}/supervisord-errors.log post = kill -USR2 $(cat $${buildout:directory}/var/run/supervisord.pid) [logrotate-entry-slapgrid] <= logrotate-entry-base name = slapgrid log = $${runnerdirectory:home}/instance/*/.slapgrid/log/instance.log $${runnerdirectory:home}/instance/*/.slapgrid/promise/log/*.log [supervisord-promise] recipe = slapos.cookbook:check_port_listening path = $${directory:promises}/supervisord hostname = $${slaprunner:ipv4} port = $${supervisord:port} # XXX Monitor [monitor-instance-parameter] monitor-httpd-port = $${slap-parameter:monitor-httpd-port} {% if slapparameter_dict.get('name', '') -%} monitor-title = {{ slapparameter_dict['name'] }} {% endif -%} cors-domains = {{ slapparameter_dict.get('monitor-cors-domains', 'monitor.app.officejs.com') }} {% if slapparameter_dict.get('monitor-username', '') -%} username = {{ slapparameter_dict['monitor-username'] }} {% endif -%} password = $${runner-htpasswd:password} {% if slapparameter_dict.get('monitor-url-list', '') -%} monitor-url-list = {{ slapparameter_dict['monitor-url-list'] }} {% endif -%} instance-configuration = httpdcors cors-domain $${slaprunner-httpd-cors:location} $${httpd-graceful-wrapper:output} configuration-file-path = $${buildout:directory}/knowledge0.cfg [monitor-conf-parameters] private-path-list += $${logrotate-directory:logrotate-backup} [monitor-check-webrunner-internal-instance] recipe = slapos.recipe.template:jinja2 template = ${monitor-check-webrunner-internal-instance:location}/${monitor-check-webrunner-internal-instance:filename} rendered = $${monitor-directory:bin}/$${:filename} filename = monitor-check-webrunner-internal-instance mode = 0744 ## Slapuser slapos command script [template-slapuser-script] recipe = slapos.recipe.template:jinja2 template = ${template-slapuser-script:location}/${template-slapuser-script:filename} rendered = $${buildout:bin-directory}/slapos mode = 0744 context = raw config_location $${slapos-cfg:rendered} raw slapos_python_file_location ${buildout:bin-directory}/slapos