instance.cfg.in 7.01 KB
Newer Older
1 2
[buildout]
parts =
3
  monitor-base
4 5 6 7
  promises
  frontend-reload
  publish-connection-parameter

8 9
extends = ${monitor-template:rendered}

10
eggs-directory = ${buildout:eggs-directory}
11
develop-eggs-directory = ${buildout:develop-eggs-directory}
12 13 14 15 16 17 18 19
offline = true


[frontend-instance-password]
recipe = slapos.cookbook:generate.password
username = node
bytes = 12

20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37
[frontend-instance-certificate]
recipe = plone.recipe.command
command =
  if [ ! -e $${:key-file} ]
  then
    ${openssl-output:openssl} req -x509 -nodes -days 3650 \
      -subj "/C=AA/ST=X/L=X/O=Dis/CN=$${:common-name}" \
      -newkey rsa:1024 -keyout $${:key-file} \
      -out $${:cert-file}
  fi
update-command = $${:command}
key-file = $${directory:etc}/$${:_buildout_section_name_}.key
cert-file = $${directory:etc}/$${:_buildout_section_name_}.crt
common-name = $${frontend-instance-config:ip}
location =
  $${:key-file}
  $${:cert-file}

38 39 40 41
[frontend-instance-config]
recipe = slapos.recipe.template:jinja2
rendered = $${directory:etc}/$${:_buildout_section_name_}
template = inline:
42
  :$${:port} {
43
    bind $${:ip}
44
    tls $${frontend-instance-certificate:cert-file} $${frontend-instance-certificate:key-file}
45 46 47 48 49 50 51 52
    log stdout
    errors stderr
    gzip
    # because caddy does not support upgrade http2 to websocket
    # https://tools.ietf.org/html/rfc8441
    tls {
      alpn http/1.1
    }
53 54
    root $${directory:frontend-static}
    browse
55
    proxy / $${theia-instance:base-url} {
56
      except public $${favicon.ico:filename}
57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79
    }
    proxy /services $${theia-instance:base-url} {
      websocket
    }
    basicauth $${frontend-instance-password:username} $${frontend-instance-password:passwd} {
      realm "Theia"
      /
    }
  }
ip = $${instance-parameter:ipv6-random}
hostname = [$${:ip}]
port = 3001

[frontend-instance]
recipe = slapos.cookbook:wrapper
wrapper-path = $${directory:services}/$${:_buildout_section_name_}
command-line =
  ${caddy:output} -conf $${frontend-instance-config:rendered} -pidfile $${:pidfile}

ip = $${frontend-instance-config:ip}
hostname = $${frontend-instance-config:hostname}
port = $${frontend-instance-config:port}
pidfile = $${directory:pidfiles}/$${:_buildout_section_name_}.pid
80
url = https://$${:hostname}:$${:port}/
81 82 83 84 85 86 87 88 89 90 91 92 93

[frontend-reload]
recipe = slapos.cookbook:wrapper
wrapper-path = $${directory:services}/$${:_buildout_section_name_}
command-line =
  ${bash:location}/bin/bash -c
  "kill -s USR1 $$(${coreutils:location}/bin/cat $${frontend-instance:pidfile}) \
    && ${coreutils:location}/bin/sleep infinity"
hash-files =
  $${frontend-instance-config:rendered}
  $${frontend-instance:wrapper-path}
wait-for-files = $${frontend-instance:pidfile}

94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116
[favicon.ico]
# generate a pseudo random favicon, different for each instance name.
recipe = slapos.recipe.build
install =
  import hashlib, shutil
  buildout_offline = self.buildout['buildout']['offline']
  self.buildout['buildout']['offline'] = 'false'
  try:
    gravatar_url = "https://www.gravatar.com/avatar/" + hashlib.md5(
      '''$${slap-configuration:root-instance-title}'''
    ).hexdigest() + "?s=256&d=retro"
    shutil.copy(self.download(gravatar_url), '''$${:location}''')
  except Exception:
    # Because installation should work offline, if we can't download a favicon,
    # just ignore this step.
    self.logger.exception("Error while downloading favicon, using empty one")
    open('''$${:location}''', 'w').close()
  finally:
    self.buildout['buildout']['offline'] = buildout_offline

location = $${directory:frontend-static}/$${:filename}
filename = $${:_buildout_section_name_}

117 118 119 120 121 122 123
[user]
recipe = slapos.cookbook:userinfo

[theia-instance]
recipe = slapos.cookbook:wrapper
wrapper-path = $${directory:services}/$${:_buildout_section_name_}
command-line =
124
  env LC_ALL=C.UTF-8 TMP=$${directory:tmp} THEIA_SHELL=$${theia-shell:wrapper-path} ${theia-wrapper:rendered} --hostname=$${:hostname} --port=$${:port} $${directory:project}
125 126 127 128 129

ip =  $${instance-parameter:ipv4-random}
hostname =  $${:ip}
port = 3000
base-url = http://$${:hostname}:$${:port}/
130 131 132
hash-existing-files =
  ${yarn.lock:output}
  ${theia-wrapper:rendered}
133

134 135 136
[theia-shell]
recipe = slapos.cookbook:wrapper
wrapper-path = $${directory:bin}/$${:_buildout_section_name_}
137 138
# reset GIT_EXEC_PATH to workaround https://github.com/eclipse-theia/theia/issues/7555
# activate slapos configuration
139
command-line =
140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157
  ${bash:location}/bin/bash -c ". $${slapos-standalone-activate:rendered} && exec env GIT_EXEC_PATH= ${bash:location}/bin/bash"

[slapos-standalone-activate]
recipe = slapos.recipe.template:jinja2
rendered = $${directory:bin}/$${:_buildout_section_name_}
mode = 0700
# XXX maybe standalone slapos should provide an activate script like virtualenv is doing?
template =
  inline:#!/bin/sh
  export PATH=${buildout:bin-directory}:$PATH
  ${slapos-standalone:script-path} $${directory:slapos} $${:ipv4} $${:ipv6} $${:port}
  export SLAPOS_CONFIGURATION=$${directory:slapos}/etc/slapos.cfg
  export SLAPOS_CLIENT_CONFIGURATION=$SLAPOS_CONFIGURATION

ipv4 = $${instance-parameter:ipv4-random}
ipv6 = $${instance-parameter:ipv6-random}
port = 4000

158

159 160 161
[promises]
recipe =
instance-promises =
162 163
  $${theia-listen-promise:name}
  $${frontend-listen-promise:name}
164
  $${apache-frontend-url-available-promise:name}
165 166

[theia-listen-promise]
167 168 169 170 171
<= monitor-promise-base
module = check_port_listening
name = $${:_buildout_section_name_}.py
config-hostname=  $${theia-instance:ip}
config-port = $${theia-instance:port}
172 173

[frontend-listen-promise]
174 175 176 177 178
<= monitor-promise-base
module = check_port_listening
name = $${:_buildout_section_name_}.py
config-hostname = $${frontend-instance:ip}
config-port = $${frontend-instance:port}
179

180 181 182 183 184 185 186
[apache-frontend-url-available-promise]
<= monitor-promise-base
module = check_url_available
name = $${:_buildout_section_name_}.py
config-url = $${apache-frontend:connection-secure_access}
config-check-secure = 1

187 188 189 190 191 192 193 194 195 196 197 198 199
[apache-frontend]
<= slap-connection
recipe = slapos.cookbook:requestoptional
name = Theia Frontend
# XXX We have hardcoded SR URL here.
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
slave = true
config-url = $${frontend-instance:url}
config-https-only = true
config-type = websocket
config-websocket-path-list = /services
return = domain secure_access

200 201
[publish-connection-parameter]
recipe = slapos.cookbook:publish
202 203 204
url = $${apache-frontend:connection-secure_access}
username = $${frontend-instance-password:username}
password = $${frontend-instance-password:passwd}
205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223

[instance-parameter]
recipe = slapos.cookbook:slapconfiguration
computer = $${slap-connection:computer-id}
partition = $${slap-connection:partition-id}
url = $${slap-connection:server-url}
key = $${slap-connection:key-file}
cert = $${slap-connection:cert-file}

[directory]
recipe = slapos.cookbook:mkdirectory
etc = $${buildout:directory}/etc
var = $${buildout:directory}/var
srv = $${buildout:directory}/srv
bin = $${buildout:directory}/bin
tmp = $${buildout:directory}/tmp
pidfiles = $${:var}/run

services = $${:etc}/service
224
project = $${:srv}/project
225
slapos = $${:srv}/slapos
226 227
frontend-static = $${:srv}/frontend-static
frontend-static-public = $${:frontend-static}/public