monitor: httpd conf template is now in a real file (and not declared inline anymore)

monitor: move httpd configuration template to jinja2

monitor: httpd conf template is now in a real file (and not declared inline anymore)
monitor: move httpd configuration template to jinja2
7dde344c · Nicolas Wavrant · Kazuhiko Shiozaki · eaf47378 · 7dde344c · 7dde344c
Commit 7dde344c authored Jul 22, 2014 by Nicolas Wavrant Committed by Kazuhiko Shiozaki Aug 07, 2014
Showing with 88 additions and 74 deletions

stack/monitor/buildout.cfg stack/monitor/buildout.cfg +9 -1

stack/monitor/cgi-httpd.conf.in stack/monitor/cgi-httpd.conf.in +63 -0

stack/monitor/monitor.cfg.in stack/monitor/monitor.cfg.in +16 -73

No files found.
--- a/stack/monitor/buildout.cfg
+++ b/stack/monitor/buildout.cfg
@@ -41,7 +41,7 @@ recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/monitor.cfg.in
 output = ${buildout:directory}/monitor.cfg
 filename = monitor.cfg
-md5sum = fe76a9e0619f276e9de3dacf9e3e01ec
+md5sum = 852a0e205e005969547cce8192e531cd
 mode = 0644

 [monitor-bin]
@@ -53,6 +53,14 @@ destination = ${buildout:directory}/parts/monitor-template-monitor-bin
 filename = monitor.py.in
 mode = 0644

+[monitor-httpd-template]
+recipe = hexagonit.recipe.download
+url = ${:_profile_base_location_}/${:filename}
+download-only = true
+md5sum = 335e618be6bbe02328cd3aaa30e29d9c
+filename = cgi-httpd.conf.in
+mode = 0644
+
 [index]
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/webfile-directory/${:filename}

--- a/stack/monitor/cgi-httpd.conf.in
+++ b/stack/monitor/cgi-httpd.conf.in
+PidFile "{{ httpd_configuration.get('pid-file') }}"
+ServerName example.com
+ServerAdmin someone@email
+<IfDefine !MonitorPort>
+Listen [{{ httpd_configuration.get('listening-ip') }}]:{{ monitor_parameters.get('port') }}
+Define MonitorPort
+</IfDefine>
+DocumentRoot "{{ directory.get('www') }}"
+ErrorLog "{{ httpd_configuration.get('error-log') }}"
+LoadModule unixd_module modules/mod_unixd.so
+LoadModule access_compat_module modules/mod_access_compat.so
+LoadModule authz_core_module modules/mod_authz_core.so
+LoadModule authn_core_module modules/mod_authn_core.so
+LoadModule authz_host_module modules/mod_authz_host.so
+LoadModule mime_module modules/mod_mime.so
+LoadModule cgid_module modules/mod_cgid.so
+LoadModule dir_module modules/mod_dir.so
+LoadModule ssl_module modules/mod_ssl.so
+LoadModule alias_module modules/mod_alias.so
+LoadModule autoindex_module modules/mod_autoindex.so
+LoadModule auth_basic_module modules/mod_auth_basic.so
+LoadModule authz_user_module modules/mod_authz_user.so
+LoadModule authn_file_module modules/mod_authn_file.so
+
+# SSL Configuration
+<IfDefine !SSLConfigured>
+Define SSLConfigured
+SSLCertificateFile {{ httpd_configuration.get('certificate') }}
+SSLCertificateKeyFile {{ httpd_configuration.get('key') }}
+SSLRandomSeed startup builtin
+SSLRandomSeed connect builtin
+SSLRandomSeed startup /dev/urandom 256
+SSLRandomSeed connect builtin
+SSLProtocol -ALL +SSLv3 +TLSv1
+SSLHonorCipherOrder On
+SSLCipherSuite RC4-SHA:HIGH:!ADH
+</IfDefine>
+SSLEngine   On
+ScriptSock {{ httpd_configuration.get('cgid-pid-file') }}
+<Directory {{ directory.get('www') }}>
+  SSLVerifyDepth    1
+  SSLRequireSSL
+  SSLOptions        +StrictRequire
+  # XXX: security????
+  Options +ExecCGI
+  AddHandler cgi-script .cgi
+  DirectoryIndex {{ monitor_parameters.get('index-filename') }}
+</Directory>
+Alias /private/ {{ directory.get('private-directory') }}/
+<Directory {{ directory.get('private-directory') }}>
+Order Deny,Allow
+Deny from env=AUTHREQUIRED
+<Files ".??*">
+  Order Allow,Deny
+  Deny from all
+</Files>
+AuthType Basic
+AuthName "Private access"
+AuthUserFile "{{ monitor_parameters.get('htaccess-file') }}"
+Require valid-user
+Options Indexes FollowSymLinks
+Satisfy all
+</Directory>
--- a/stack/monitor/monitor.cfg.in
+++ b/stack/monitor/monitor.cfg.in
@@ -235,90 +235,33 @@ recipe = slapos.cookbook:zero-knowledge.read
 filename = $${public:filename}

 # XXX could it be something lighter?
-[cgi-httpd-configuration-file]
-recipe = collective.recipe.template
-input = inline:
-  PidFile "$${:pid-file}"
-  ServerName example.com
-  ServerAdmin someone@email
-  <IfDefine !MonitorPort>
-  Listen [$${:listening-ip}]:$${monitor-parameters:port}
-  Define MonitorPort
-  </IfDefine>
-  DocumentRoot "$${:document-root}"
-  ErrorLog "$${:error-log}"
-  LoadModule unixd_module modules/mod_unixd.so
-  LoadModule access_compat_module modules/mod_access_compat.so
-  LoadModule authz_core_module modules/mod_authz_core.so
-  LoadModule authn_core_module modules/mod_authn_core.so
-  LoadModule authz_host_module modules/mod_authz_host.so
-  LoadModule mime_module modules/mod_mime.so
-  LoadModule cgid_module modules/mod_cgid.so
-  LoadModule dir_module modules/mod_dir.so
-  LoadModule ssl_module modules/mod_ssl.so
-  LoadModule alias_module modules/mod_alias.so
-  LoadModule autoindex_module modules/mod_autoindex.so
-  LoadModule auth_basic_module modules/mod_auth_basic.so
-  LoadModule authz_user_module modules/mod_authz_user.so
-  LoadModule authn_file_module modules/mod_authn_file.so
-
-  # SSL Configuration
-  <IfDefine !SSLConfigured>
-  Define SSLConfigured
-  SSLCertificateFile $${ca-httpd:cert-file}
-  SSLCertificateKeyFile $${ca-httpd:key-file}
-  SSLRandomSeed startup builtin
-  SSLRandomSeed connect builtin
-  SSLRandomSeed startup /dev/urandom 256
-  SSLRandomSeed connect builtin
-  SSLProtocol -ALL +SSLv3 +TLSv1
-  SSLHonorCipherOrder On
-  SSLCipherSuite RC4-SHA:HIGH:!ADH
-  </IfDefine>
-  SSLEngine   On
-  ScriptSock $${:cgid-pid-file}
-  <Directory $${:document-root}>
-    SSLVerifyDepth    1
-    SSLRequireSSL
-    SSLOptions        +StrictRequire
-    # XXX: security????
-    Options +ExecCGI
-    AddHandler cgi-script .cgi
-    DirectoryIndex $${monitor-parameters:index-filename}
-  </Directory>
-  Alias /private/ $${monitor-directory:private-directory}/
-  <Directory $${monitor-directory:private-directory}>
-  Order Deny,Allow
-  Deny from env=AUTHREQUIRED
-  <Files ".??*">
-    Order Allow,Deny
-    Deny from all
-  </Files>
-  AuthType Basic
-  AuthName "Private access"
-  AuthUserFile "$${monitor-parameters:htaccess-file}"
-  Require valid-user
-  Options Indexes FollowSymLinks
-  Satisfy all
-  </Directory>
-output = $${monitor-directory:etc}/cgi-httpd.conf
-listening-ip = $${slap-parameters:ipv6-random}
-# XXX: randomize-me
-htdocs = $${monitor-directory:www}
+[monitor-httpd-configuration]
 pid-file = $${monitor-directory:run}/cgi-httpd.pid
 cgid-pid-file = $${monitor-directory:run}/cgi-httpd-cgid.pid
-document-root = $${monitor-directory:www}
 error-log = $${monitor-directory:log}/cgi-httpd-error-log
+listening-ip = $${slap-parameters:ipv6-random}
+certificate = $${ca-httpd:cert-file}
+key = $${ca-httpd:key-file}
+
+[monitor-httpd-configuration-file]
+recipe = slapos.recipe.template:jinja2
+template = ${monitor-httpd-template:destination}/${monitor-httpd-template:filename}
+rendered = $${monitor-directory:etc}/cgi-httpd.conf
+mode = 0744
+context =
+  section directory monitor-directory
+  section monitor_parameters monitor-parameters
+  section httpd_configuration monitor-httpd-configuration

 [cgi-httpd-wrapper]
 recipe = slapos.cookbook:wrapper
 apache-executable = ${apache:location}/bin/httpd
-command-line = $${:apache-executable} -f $${cgi-httpd-configuration-file:output} -DFOREGROUND
+command-line = $${:apache-executable} -f $${monitor-httpd-configuration-file:rendered} -DFOREGROUND
 wrapper-path = $${ca-httpd:executable}

 [cgi-httpd-graceful-wrapper]
 recipe = slapos.cookbook:wrapper
-command-line = kill -USR1 $(cat $${cgi-httpd-configuration-file:pid-file})
+command-line = kill -USR1 $(cat $${monitor-httpd-configuration:pid-file})
 wrapper-path = $${monitor-directory:etc-run}/cgi-httpd-graceful

 [monitor-promise]