apache-custom-slave-list.cfg.in

{% if software_type == slap_software_type -%}

{% set cached_server_dict = {} -%}
{% set part_list = [] -%}
{% set cache_access = "http://%s:%s" % (local_ipv4, cache_port) -%}
{% set ssl_cache_access = "http://%s:%s/HTTPS" % (local_ipv4, cache_port) -%}
{% set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
{% set NGINX_TYPE_LIST = ['eventsource', 'notebook'] -%}
{% set generic_instance_parameter_dict = {'cache_access': cache_access,} -%}
{% set slave_log_dict = {} -%}
{% if extra_slave_instance_list -%}
{%   set slave_instance_information_list = [] -%}
{%   set slave_instance_list = slave_instance_list + json_module.loads(extra_slave_instance_list) -%}
{% endif -%}
[jinja2-template-base]
recipe = slapos.recipe.template:jinja2
extensions = jinja2.ext.do
extra-context =
context =
    key eggs_directory buildout:eggs-directory
    key develop_eggs_directory buildout:develop-eggs-directory
    ${:extra-context}

{% do logrotate_dict.pop('recipe') %}
[logrotate]
{% for key, value in logrotate_dict.iteritems() -%}
{{ key }} = {{ value }}
{% endfor %}

[cadirectory]
recipe = slapos.cookbook:mkdirectory
requests = {{ custom_ssl_directory }}/requests/
private = {{ custom_ssl_directory }}/private/
certs = {{ custom_ssl_directory }}/certs/
newcerts = {{ custom_ssl_directory }}/newcerts/
crl = {{ custom_ssl_directory }}/crl/

{# Loop throught slave list to set up slaves #}
{% for slave_instance in slave_instance_list -%}
{#   # Do all set and do upper, so it makes easy to read the file later #} 
{%   set slave_reference = slave_instance.get('slave_reference') -%}
{%   set slave_type = slave_instance.get('type', '') -%}
{%   set slave_section_title = 'dynamic-template-slave-instance-%s' % slave_reference -%}
{%   set slave_parameter_dict = generic_instance_parameter_dict.copy() -%}
{%   set slave_publish_dict = {} -%}
{%   set slave_configuration_section_name = 'slave-instance-%s-configuration' % slave_reference %}
{%   set slave_logrotate_section = slave_reference + "-logs" -%}
{%   set slave_password_section = slave_reference + "-password" -%}
{%   set slave_ln_section = slave_reference + "-ln" -%}
{%   set slave_htaccess_section = slave_reference + '-htaccess' %}

{#   extend parts #}
{%   do part_list.extend([slave_htaccess_section, slave_ln_section]) -%}
{%   do part_list.extend([slave_logrotate_section, slave_section_title]) -%}

{%   set slave_log_folder = logrotate_dict.get('backup') + '/' + slave_reference + "-logs" -%}

{#   Set Up log files #}
{%   do slave_parameter_dict.__setitem__('access_log', '/'.join([apache_log_directory, '%s_access_log' % slave_reference])) -%}
{%   do slave_parameter_dict.__setitem__('error_log', '/'.join([apache_log_directory, '%s_error_log' % slave_reference])) -%}
{%   do slave_instance.__setitem__('access_log', slave_parameter_dict.get('access_log')) -%}
{%   do slave_instance.__setitem__('error_log', slave_parameter_dict.get('error_log')) -%}

{#   Add slave log directory to the slave log access dict #}
{%   do slave_log_dict.__setitem__(slave_reference, slave_log_folder) %}

{%   set slave_log_access_url = 'https://' + slave_reference + ':${'+ slave_password_section +':passwd}@[' + frontend_configuration.get('apache-ipv6') + ']:' + frontend_configuration.get('apache-https-port') + '/' + slave_reference.lower() + '/' %}
{%   do slave_publish_dict.__setitem__('log-access', slave_log_access_url) %}
{%   do slave_publish_dict.__setitem__('slave-reference', slave_reference) %}
{%   do slave_publish_dict.__setitem__('public-ipv4', public_ipv4) %}

{# Set slave domain if none was defined #}
{%   if slave_instance.get('custom_domain', None) == None -%}
{%     set domain_prefix = slave_instance.get('slave_reference').replace("-", "").lower() -%}
{%     if slave_type in NGINX_TYPE_LIST -%}
{%       do slave_instance.__setitem__('custom_domain', "%s.%s" % (domain_prefix, slapparameter_dict.get('nginx-domain', slapparameter_dict.get('domain')))) -%}
{%     else -%}
{%       do slave_instance.__setitem__('custom_domain', "%s.%s" % (domain_prefix, slapparameter_dict.get('domain'))) -%}
{%     endif -%}
{%   endif -%}

{%   set enable_cache = (('' ~ slave_instance.get('enable_cache', '')).lower() in TRUE_VALUES and slave_type != 'redirect') -%}
{%   if enable_cache and 'url' in slave_instance -%}
{%     if 'domain' in slave_instance -%}
{%       do slave_instance.__setitem__('custom_domain', slave_instance.get('domain')) -%}
{%     endif -%}
{%     do slave_instance.__setitem__('backend_url', slave_instance.get('url')) -%}
{%     do slave_instance.__setitem__('https_backend_url', slave_instance.get('https-url', slave_instance.get('url'))) -%}
{%     do slave_instance.__setitem__('url', cache_access) -%}
{%     do slave_instance.__setitem__('https-url', ssl_cache_access) -%}
{%     do cached_server_dict.__setitem__(slave_reference, slave_configuration_section_name) -%}
{%   endif -%}

{%   if not slave_instance.has_key('apache_custom_http') %}
{%     do slave_publish_dict.__setitem__('domain', slave_instance.get('custom_domain')) -%}
{%     do slave_publish_dict.__setitem__('url', "http://%s" % slave_instance.get('custom_domain')) -%}
{%     do slave_publish_dict.__setitem__('site_url', "http://%s" % slave_instance.get('custom_domain')) -%}
{%     do slave_publish_dict.__setitem__('secure_access', 'https://%s' % slave_instance.get('custom_domain')) -%}
{%   endif -%}

[slave-log-directory]
{{slave_reference}}-log-folder = {{ slave_log_folder }}

{# Set slave logrotate entry #}
[{{slave_logrotate_section}}]
<= logrotate
recipe = slapos.cookbook:logrotate.d
name = ${:_buildout_section_name_}
log = {{slave_parameter_dict.get('access_log')}} {{slave_parameter_dict.get('error_log')}}
backup = {{ slave_log_folder }} 
frequency = daily
rotatep-num = 30
post = {{ apache_configuration.get('frontend-graceful-command') }}
sharedscripts = true
notifempty = true
create = true

{# integrate current logs inside #}
[{{slave_ln_section}}]
recipe = plone.recipe.command
stop-on-error = false
command = ln -s {{slave_parameter_dict.get('error_log')}} {{ slave_log_folder }}/apache-error.log && ln -s {{slave_parameter_dict.get('access_log')}} {{ slave_log_folder }}/apache-access.log

{# Set password for slave #}
[{{slave_password_section}}]
recipe = slapos.cookbook:generate.password
storage-path = {{apache_configuration_directory}}/.{{slave_reference}}.passwd
bytes = 8

{# Set up htaccess file for slave #}
[{{slave_htaccess_section}}]
recipe = plone.recipe.command
stop-on-error = true
htaccess-path = {{apache_configuration_directory}}/.{{slave_reference}}.htaccess
command = {{frontend_configuration.get('apache-directory')}}/bin/htpasswd -cb ${:htaccess-path} {{ slave_reference }} {{ '${' + slave_password_section + ':passwd}' }}

{# ################################################## #}
{# Set Slave Certificates if needed                   #}

{# Set ssl certificates for each slave #}
{%   for cert_name in ('ssl_ca_crt', 'ssl_csr', 'ssl_proxy_ca_crt')-%}
{%     if cert_name in slave_instance -%}
{%       set cert_title = '%s-%s' % (slave_reference, cert_name.replace('ssl_', '')) -%}
{%       set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) -%}
{%       do part_list.append(cert_title) -%}
{%       do slave_parameter_dict.__setitem__(cert_name, cert_file) -%}
{%       do slave_instance.__setitem__('path_to_' + cert_name, cert_file) -%}
{# Store certificates on fs #}
[{{ cert_title }}]
< = jinja2-template-base
template = {{ empty_template }}
rendered = {{ cert_file }}
extra-context =
    key content {{ cert_title + '-config:value' }}
# Store certificate in config
[{{ cert_title + '-config' }}]
value = {{ dumps(slave_instance.get(cert_name)) }}
{%     endif -%}
{%   endfor -%}

{%   if 'ssl_key' in slave_instance and 'ssl_crt' in slave_instance -%}
{%     set cert_title = '%s-crt' % (slave_reference) -%}
{%     set key_title = '%s-key' % (slave_reference) -%}
{%     set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) -%}
{%     set key_file = '/'.join([custom_ssl_directory, key_title.replace('-','.')]) -%}
{%     do part_list.append(cert_title) -%}
{%     do slave_parameter_dict.__setitem__("ssl_crt", cert_file) -%}
{%     do slave_parameter_dict.__setitem__("ssl_key", key_file) -%}
{%     do slave_instance.__setitem__('path_to_ssl_crt', cert_file) -%}
{%     do slave_instance.__setitem__('path_to_ssl_key', key_file) -%}

[{{cert_title}}]
recipe = slapos.cookbook:certificate_authority.request
#openssl-binary = ${openssl:location}/bin/openssl

requests-directory = ${cadirectory:requests}
ca-private = ${cadirectory:private}
ca-certs = ${cadirectory:certs}
ca-newcerts = ${cadirectory:newcerts}
ca-crl = ${cadirectory:crl}

key-file = {{ key_file }}
cert-file = {{ cert_file }}
key-content = {{ dumps(slave_instance.get('ssl_key')) }}
cert-content = {{ dumps(slave_instance.get('ssl_crt')) }} 
{%     endif -%}

{# ########################################## #}
{# Set Slave Configuration                    #}
[{{ slave_configuration_section_name }}]
{%     set apache_custom_http = ((slave_instance.pop('apache_custom_http', '')) % slave_parameter_dict) -%}
{%     set apache_custom_https = ((slave_instance.pop('apache_custom_https', '')) % slave_parameter_dict) -%}
apache_custom_http = {{ dumps(apache_custom_http) }}
apache_custom_https = {{ dumps(apache_custom_https) }}
{{ '\n' }}
{%     for key, value in slave_instance.iteritems() -%}
{{ key }} = {{ dumps(value) }}
{%     endfor %}

[{{ slave_section_title }}]
< = jinja2-template-base
{%   if slave_type in NGINX_TYPE_LIST %}
rendered = {{ nginx_configuration_directory }}/${:filename}
{%   else %}
rendered = {{ apache_configuration_directory }}/${:filename}
{%   endif %}


{%   if apache_custom_http %}
template = {{ template_custom_slave_configuration }}
{%   elif slave_type == 'eventsource' %}
template = {{ template_eventsource_slave_configuration }}
{%   elif slave_type == 'notebook' %}
template = {{ template_notebook_slave_configuration }}
{%   else %}
template = {{ template_default_slave_configuration }}
{%   endif %}

filename = {{ '%s.conf' % slave_reference }}
extra-context =
    raw https_port {{ https_port }}
    raw http_port {{ http_port }}
    raw global_ipv6 {{ global_ipv6 }}
    raw local_ipv4 {{ local_ipv4 }}
    raw nginx_http_port {{ nginx_http_port }} 
    raw nginx_https_port {{ nginx_https_port }}
    section slave_parameter {{ slave_configuration_section_name }}
{{ '\n' }}


{%   set check_error_log_section_title = 'check-%s-error-log-last-hour' % slave_instance.get('slave_reference') -%}
{%   do part_list.append(check_error_log_section_title) -%}
[{{ check_error_log_section_title }}]
recipe = slapos.cookbook:wrapper
command-line = {{ bin_directory }}/check-error-on-apache-log -l {{ slave_instance.get('error_log') }} -d 3600 
filename = {{ check_error_log_section_title }}
wrapper-path = {{ promise_directory }}/${:filename}

{%   set check_error_log_section_title = 'check-%s-error-log-last-day' % slave_instance.get('slave_reference') -%}
{%   do part_list.append(check_error_log_section_title) -%}
[{{ check_error_log_section_title }}]
recipe = slapos.cookbook:wrapper
command-line = {{ bin_directory }}/check-error-on-apache-log -l {{ slave_instance.get('error_log') }} -d 86400
filename = {{ check_error_log_section_title }}
wrapper-path = {{ promise_directory }}/${:filename}

{%   set monitor_ipv6_test = slave_instance.get('monitor-ipv6-test', '') %}
{%   if monitor_ipv6_test %}
{%     set monitor_ipv6_section_title = 'check-%s-ipv6-packet-list-test' % slave_instance.get('slave_reference') %}
{%     do part_list.append(monitor_ipv6_section_title) -%}
[{{ monitor_ipv6_section_title }}]
recipe = slapos.cookbook:wrapper
command-line = {{ bin_directory }}/is-icmp-packet-lost -a {{monitor_ipv6_test}} 
filename = {{ monitor_ipv6_section_title }}
wrapper-path = {{ promise_directory }}/${:filename}
{%   endif %}

{%   set monitor_ipv4_test = slave_instance.get('monitor-ipv4-test', '') %}
{%   if monitor_ipv4_test %}
{%     set monitor_ipv4_section_title = 'check-%s-ipv4-packet-list-test' % slave_instance.get('slave_reference') %}
{%     do part_list.append(monitor_ipv4_section_title) -%}
[{{ monitor_ipv4_section_title }}]
recipe = slapos.cookbook:wrapper
command-line = {{ bin_directory }}/is-icmp-packet-lost -4 -a {{monitor_ipv4_test}}
filename = {{ monitor_ipv4_section_title }}
wrapper-path = {{ promise_directory }}/${:filename}
{%   endif %}

{# ###############################  #}
{# Publish Slave Information        #}
{%   if not extra_slave_instance_list -%}
{%     set publish_section_title = 'publish-%s-connection-information' % slave_instance.get('slave_reference') -%}
{%     do part_list.append(publish_section_title) -%}
[{{ publish_section_title }}]
recipe = slapos.cookbook:publish
{%     for key, value in slave_publish_dict.iteritems() %}
{{ key }} = {{ value }}
{%     endfor %}
{%   else -%}
{%     do slave_instance_information_list.append(slave_publish_dict) -%}
{%   endif -%}

{# End of the main for loop#}
{% endfor -%}

###############################################
### Prepare virtualhost for slaves using cache

{% for slave_reference, slave_configuration_section_name in cached_server_dict.iteritems() %}
{%   set cached_slave_configuration_section_title = '%s-cached-virtualhost' % slave_reference %}
{%   do part_list.append(cached_slave_configuration_section_title) -%}
[{{ cached_slave_configuration_section_title }}]
< = jinja2-template-base
template = {{ template_cached_slave_configuration }}
filename = {{ '%s.conf' % slave_reference }}
rendered = {{ apache_cached_configuration_directory }}/${:filename}
extensions = jinja2.ext.do
extra-context =
    section slave_parameter {{ slave_configuration_section_name }}
    raw cached_port {{ cached_port }}
    raw ssl_cached_port {{ ssl_cached_port }}
{{ '\n' }}
{% endfor %}

[slave-log-directories]
recipe = slapos.cookbook:mkdirectory
{% for key, value in slave_log_dict.iteritems() -%}
{{ key }} = {{ value }}
{% endfor %}

{# Define log access #}
[apache-log-access]
< = jinja2-template-base
template = {{frontend_configuration.get('template-log-access')}}
rendered = {{frontend_configuration.get('log-access-configuration')}}
extra-context =
    section slave_log_directory slave-log-directories
    raw apache_log_directory {{apache_log_directory}}
    raw apache_configuration_directory {{apache_configuration_directory}}

{# Publish information for the instance #}
{% set publish_section_title = 'publish-apache-information' -%}
{% do part_list.append(publish_section_title) -%}
[{{ publish_section_title }}]
recipe = slapos.cookbook:publish
public-ipv4 = {{ public_ipv4 }}
private-ipv4 = {{ local_ipv4 }}
{% if extra_slave_instance_list -%}
slave-instance-information-list = {{ json_module.dumps(slave_instance_information_list) }}
{% endif -%}
monitor-base-url = {{ monitor_base_url }}

[buildout]
parts +=
    slave-log-directories
{% for part in part_list -%}
{{ '    %s' % part }}
{% endfor %}
    apache-log-access

eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}
offline = true
cache-access = {{ cache_access }}

{% endif -%}