pbsready-import.cfg.in 5.78 KB
Newer Older
1
[buildout]
2
extends = ${pbsready:output}
3

4
parts +=
5
  resiliency-takeover-script
6 7 8 9
  resilient-web-takeover-cgi-script
  resilient-web-takeover-httpd-wrapper
  resilient-web-takeover-httpd-promise

10
  check-backup-integrity-on-notification
11
  import-on-notification
12
  backup-checksum-integrity-promise
13
  resilient-publish-connection-parameter
14

15 16
  backup-signature-link

17 18 19 20

[slap-parameter]
on-notification =

21
[resilient-publish-connection-parameter]
22
notification-url = http://[$${notifier:host}]:$${notifier:port}/notify
23 24
takeover-url = http://[$${resilient-web-takeover-httpd-configuration-file:listening-ip}]:$${resilient-web-takeover-httpd-configuration-file:listening-port}/
takeover-password = $${resilient-web-takeover-password:passwd}
25

26 27 28
# Define port of ssh server. It has to be different from import so that it
# supports export/import using same IP (slaprunner, slapos-in-partition,
# ipv4...)
29 30 31 32 33
[sshd-port]
recipe = slapos.cookbook:free_port
minimum = 22210
maximum = 22219
ip = $${slap-network-information:global-ipv6}
34

35
# Define port of notifier (same reason)
36 37 38 39 40
[notifier-port]
recipe = slapos.cookbook:free_port
minimum = 65516
maximum = 65525
ip = $${notifier:host}
41

42
[import-on-notification]
Marco Mariani's avatar
Marco Mariani committed
43 44
# notifier.callback runs a script when a notification (sent by a parent PBS)
# is received
45 46 47 48
<= notifier
recipe = slapos.cookbook:notifier.callback
on-notification-id = $${slap-parameter:on-notification}
callback = $${importer:wrapper}
49

50 51
[post-notification-run]
recipe = collective.recipe.template
52 53
diff-file = $${basedirectory:backup}/backup.diff
proof-signature-file = $${basedirectory:backup}/proof.signature
54 55 56
input = inline:
  #!/${bash:location}/bin/bash
  cd $${directory:backup}
57
  find -type f ! -name backup.signature ! -wholename "./rdiff-backup-data/*" -print0 | xargs -0 sha256sum  | LC_ALL=C sort -k 66 > $${:proof-signature-file}
58
  diff -ruw backup.signature $${:proof-signature-file} > $${:diff-file}
59 60 61 62 63 64 65 66 67
output = $${rootdirectory:bin}/post-notification-run
mode = 0700

[check-backup-integrity-on-notification]
<= notifier
recipe = slapos.cookbook:notifier.callback
on-notification-id = $${slap-parameter:on-notification}
callback = $${post-notification-run:output}

68
[backup-checksum-integrity-promise]
69 70 71
recipe = slapos.recipe.template:jinja2
template = inline:
  #!/${bash:location}/bin/bash
72 73 74 75 76 77 78 79
  backup_diff_file=$${post-notification-run:diff-file}
  if [ -f "$backup_diff_file" ]; then
    if [ $(wc -l "$backup_diff_file" | cut -d \  -f1) -eq 0 ]; then
      exit 0;
    else
      exit 1;
    fi
  else
80
    # If file doesn't exist, promise shouldnt raise false positive
81 82
    exit 0;
  fi
83
rendered = $${basedirectory:promises}/backup-checksum-integrity
84 85
mode = 700

86 87 88 89 90 91 92 93 94 95 96 97 98 99
###########
# Generate the takeover script
###########
[resiliency-takeover-script]
recipe = slapos.cookbook:addresiliency
wrapper-takeover = $${rootdirectory:bin}/takeover
takeover-triggered-file-path = $${rootdirectory:srv}/takeover_triggered

# Add path of file created by takeover script when takeover is triggered
# Takeover script will create this file
# equeue process will watch for file existence.
[equeue]
takeover-triggered-file-path = $${resiliency-takeover-script:takeover-triggered-file-path}

100 101 102 103 104 105 106 107 108 109
###########
# Deploy a webserver allowing to do takeover from a web browser.
###########
[resilient-web-takeover-password]
recipe = slapos.cookbook:generate.password
storage-path = $${directory:srv}/passwd
bytes = 8

[resilient-web-takeover-cgi-script]
recipe = collective.recipe.template
110
input = ${resilient-web-takeover-cgi-script-download:target}
111 112 113
output = $${directory:cgi-bin}/web-takeover.cgi
password = $${resilient-web-takeover-password:passwd}
mode = 700
114
proof-signature-url = $${monitor-publish-parameters:monitor-base-url}/private/resilient/backup.signature
115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163

# XXX could it be something lighter?
# XXX Add SSL
[resilient-web-takeover-httpd-configuration-file]
recipe = collective.recipe.template
input = inline:
  PidFile "$${:pid-file}"
  Listen [$${:listening-ip}]:$${:listening-port}
  ServerAdmin someone@email
  DocumentRoot "$${:document-root}"
  ErrorLog "$${:error-log}"
  LoadModule unixd_module modules/mod_unixd.so
  LoadModule access_compat_module modules/mod_access_compat.so
  LoadModule authz_core_module modules/mod_authz_core.so
  LoadModule authz_host_module modules/mod_authz_host.so
  LoadModule mime_module modules/mod_mime.so
  LoadModule cgid_module modules/mod_cgid.so
  LoadModule dir_module modules/mod_dir.so
  ScriptSock $${:cgid-pid-file}
  <Directory $${:document-root}>
    # XXX: security????
    Options +ExecCGI
    AddHandler cgi-script .cgi
    DirectoryIndex web-takeover.cgi
  </Directory>
output = $${directory:etc}/resilient-web-takeover-httpd.conf
# md5sum =
listening-ip = $${slap-network-information:global-ipv6}
# XXX: randomize-me
listening-port = 9263
htdocs = $${directory:cgi-bin}
pid-file = $${directory:run}/resilient-web-takeover-httpd.pid
cgid-pid-file = $${directory:run}/resilient-web-takeover-httpd-cgid.pid
document-root = $${directory:cgi-bin}
error-log = $${directory:log}/resilient-web-takeover-httpd-error-log

[resilient-web-takeover-httpd-wrapper]
recipe = slapos.cookbook:wrapper
apache-executable = ${apache:location}/bin/httpd
command-line = $${:apache-executable} -f $${resilient-web-takeover-httpd-configuration-file:output} -DFOREGROUND
wrapper-path = $${basedirectory:services}/resilient-web-takeover-httpd

[resilient-web-takeover-httpd-promise]
recipe = slapos.cookbook:check_url_available
path = $${basedirectory:promises}/resilient-web-takeover-httpd
url = http://[$${resilient-web-takeover-httpd-configuration-file:listening-ip}]:$${resilient-web-takeover-httpd-configuration-file:listening-port}/
dash_path = ${dash:location}/bin/dash
curl_path = ${curl:location}/bin/curl

164 165 166 167 168
###########
# Symlinks
###########
[backup-signature-link]
recipe = cns.recipe.symlink
169
symlink = $${post-notification-run:proof-signature-file} = $${directory:monitor-resilient}/backup.signature