instance-re6stnet.cfg.in 8.45 KB
Newer Older
1 2 3

{% set python_bin = parameter_dict['python-executable'] -%}
{% set re6st_registry = parameter_dict['re6st-registry'] -%}
4
{% set re6stnet = parameter_dict['re6stnet'] -%}
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37
{% set publish_dict = {} -%}
{% set part_list = [] -%}
{% set ipv6 = (ipv6_set | list)[0] -%}
{% set ipv4 = (ipv4_set | list)[0] -%}
{% set uri_scheme = slapparameter_dict.get('uri-scheme', 'http') -%}
{% macro section(name) %}{% do part_list.append(name) %}{{ name }}{% endmacro -%}

[directory]
recipe = slapos.cookbook:mkdirectory
bin = ${buildout:directory}/bin
etc = ${buildout:directory}/etc
srv = ${buildout:directory}/srv
var = ${buildout:directory}/var
log = ${:var}/log
services = ${:etc}/service
script = ${:etc}/run
promises = ${:etc}/promise
run = ${:var}/run
ca-dir = ${:etc}/ssl
requests = ${:ca-dir}/requests
private = ${:ca-dir}/private
certs = ${:ca-dir}/certs
newcerts = ${:ca-dir}/newcerts
crl = ${:ca-dir}/crl
re6st = ${:srv}/res6stnet

[re6stnet-dirs]
recipe = slapos.cookbook:mkdirectory
registry = ${directory:re6st}/registry
log = ${directory:log}/re6stnet
conf = ${directory:etc}/re6stnet
ssl = ${:conf}/ssl
token = ${:conf}/token
38
run = ${directory:run}/re6stnet
39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60

[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = {{ openssl_bin }}/openssl
ca-dir = ${directory:ca-dir}
requests-directory = ${directory:requests}
wrapper = ${directory:services}/certificate_authority
ca-private = ${directory:private}
ca-certs = ${directory:certs}
ca-newcerts = ${directory:newcerts}
ca-crl = ${directory:crl}


[apache-conf]
recipe = slapos.recipe.template:jinja2
template = {{ parameter_dict['template-apache-conf'] }}
rendered = ${directory:etc}/apache.conf
ipv6 = {{ ipv6 }}
port = 9026
error-log = ${directory:log}/apache-error.log
access-log = ${directory:log}/apache-access.log
pid-file = ${directory:run}/apache.pid
61
context =
62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82
  key apache_port :port
  key re6st_ipv4 re6st-registry:ipv4
  key re6st_port re6st-registry:port
  key access_log :access-log
  key error_log :error-log
  key pid_file :pid-file
  raw certificate ${directory:certs}/apache.crt
  raw key ${directory:private}/apache.key
  raw ipv6 {{ ipv6 }}
  raw uri_scheme {{ uri_scheme }}

{% set apache_wrapper = '${directory:services}/httpd' -%}
{% if uri_scheme == 'https' -%}
{% set apache_wrapper = '${directory:bin}/httpd_raw' -%}
{% endif -%}
[apache-httpd]
recipe = slapos.cookbook:wrapper
wrapper-path = {{ apache_wrapper }}
command-line = "{{ parameter_dict['apache-location'] }}/bin/httpd" -f "${apache-conf:rendered}" -DFOREGROUND

{% if uri_scheme == 'https' %}
83
[apache-ca]
84 85 86
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
executable = ${apache-httpd:wrapper-path}
87
wrapper = ${directory:bin}/httpd
88 89
key-file = ${certificate-authority:ca-private}/apache.key
cert-file = ${certificate-authority:ca-certs}/apache.crt
90 91 92 93 94 95

[{{ section('apache-ca-service') }}]
recipe = slapos.cookbook:wrapper
command-line = ${apache-ca:wrapper}
wrapper-path = ${directory:services}/httpd
hash-files = ${buildout:directory}/software_release/buildout.cfg
96 97
{% endif %}

98 99 100 101 102 103 104 105 106
[apache-httpd-graceful]
recipe = slapos.recipe.template:jinja2
template = {{ parameter_dict['template-wrapper'] }}
rendered = ${directory:script}/httpd-graceful
mode = 0700
context =
  raw content {{ parameter_dict['apache-location'] }}/bin/httpd -Sf ${apache-conf:rendered}; if [ $? -eq 0 ]; then kill -USR1 $(cat ${apache-conf:pid-file}); fi
  raw dash {{ dash_binary }}

107 108 109 110
[logrotate-apache]
< = logrotate-entry-base
name = apache
log = ${apache-conf:error-log} ${apache-conf:access-log}
111
post = test ! -s ${apache-conf:pid-file} || {{ parameter_dict['bin-directory'] }}/slapos-kill --pidfile ${apache-conf:pid-file} -s USR1
112 113 114 115 116 117 118 119

[re6st-registry-conf-dict]
port = 9201
ipv4 = {{ ipv4 }}
ipv6 = {{ ipv6 }}
db = ${re6stnet-dirs:registry}/registry.db
ca = ${re6stnet-dirs:ssl}/re6stnet.crt
key = ${re6stnet-dirs:ssl}/re6stnet.key
120
dh = ${re6stnet-dirs:ssl}/dh.pem
121 122
verbose = 2
mailhost = {{ slapparameter_dict.get('mailhost', '127.0.0.1') }}
123
prefix-length = {{ slapparameter_dict.get('prefix-length', 16) }}
124
anonymous-prefix-length = {{ slapparameter_dict.get('anonymous-prefix-length', 0) }}
125
logfile = ${re6stnet-dirs:log}/registry.log
126 127 128 129 130 131 132 133
run-dir = ${re6stnet-dirs:run}
ipv4-net = {{ slapparameter_dict.get('ipv4-net', '') }}
client-count = {{ slapparameter_dict.get('client-count', 10) }}
tunnel-refresh = {{ slapparameter_dict.get('tunnel-refresh', 300) }}
max-clients = {{ slapparameter_dict.get('max-clients', 0) }}
hello = {{ slapparameter_dict.get('hello', 15) }}
min-protocol = {{ slapparameter_dict.get('min-protocol', -1) }}
encrypt = {{ slapparameter_dict.get('encrypt', 'False') }}
134
same-country = {{ slapparameter_dict.get('same-country', '') }}
135 136 137 138 139 140 141

[re6st-registry-conf]
recipe = slapos.recipe.template:jinja2
template = {{ parameter_dict['template-re6st-registry-conf'] }}
rendered = ${directory:etc}/re6st-registry.conf
context = section parameter_dict re6st-registry-conf-dict

142 143 144 145 146 147 148 149 150 151
[re6st-registry-wrapper]
recipe = slapos.recipe.template:jinja2
template = {{ parameter_dict['template-registry-run'] }}
rendered = ${directory:services}/re6st-registry
pid-file = ${directory:run}/registry.pid
context =
  key pid_file :pid-file
  raw re6st_command {{ re6st_registry }}
  key re6st_conf re6st-registry-conf:rendered

152 153 154 155 156 157 158 159 160 161
[re6st-registry]
recipe = slapos.cookbook:re6stnet.registry
manager-wrapper = ${directory:bin}/re6stManageToken
openssl-bin = {{ openssl_bin }}/openssl
python-bin = {{ python_bin }}
ipv6-prefix = {{ slapparameter_dict.get('ipv6-prefix', '2001:db8:24::/48') }}
key-size = {{ slapparameter_dict.get('key-size', 2048) }}
conf-dir = ${re6stnet-dirs:conf}
token-dir = ${re6stnet-dirs:token}

162 163 164 165 166 167 168
#Re6st config
config-file = ${re6st-registry-conf:rendered}
port = ${re6st-registry-conf-dict:port}
ipv4 = ${re6st-registry-conf-dict:ipv4}
db-path = ${re6st-registry-conf-dict:db}
key-file = ${re6st-registry-conf-dict:key}
cert-file = ${re6st-registry-conf-dict:ca}
169
dh-file = ${re6st-registry-conf-dict:dh}
170

171 172
slave-instance-list = ${slap-parameter:slave_instance_list}

173
environment =
174 175 176 177 178 179 180
  PATH={{ openssl_bin }}

[re6stnet-manage]
recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:script}/re6st-token-manager
command-line = "{{ python_bin }}" ${re6st-registry:manager-wrapper}

181
[cron-entry-re6st-manage]
182 183 184
recipe = slapos.cookbook:cron.d
cron-entries = ${cron:cron-entries}
name = re6stnet-check-token
185
frequency = */5 * * * *
186
command = {{ python_bin }} ${re6st-registry:manager-wrapper}
187 188 189 190 191

[logrotate-entry-re6stnet]
< = logrotate-entry-base
name = re6stnet
log = ${re6st-registry-conf-dict:logfile}
192
post = test ! -s ${re6st-registry-wrapper:pid-file} || {{ parameter_dict['bin-directory'] }}/slapos-kill --pidfile ${re6st-registry-wrapper:pid-file} -s USR1
193

194 195 196 197 198 199 200 201 202 203
[port-redirection]
recipe = slapos.recipe.template:jinja2
template = inline:
{%- raw %}
  [{"srcPort": 9201, "destPort": 9201, "destAddress": "{{ parameter_dict['ipv4'] }}"}]
{% endraw -%}
rendered = ${buildout:directory}/.slapos-port-redirect
context =
  section parameter_dict re6st-registry-conf-dict

204 205 206 207 208 209 210 211 212 213 214 215 216
[re6st-registry-promise]
recipe = slapos.cookbook:check_port_listening
path = ${directory:promises}/re6st-registry
hostname = ${re6st-registry:ipv4}
port = ${re6st-registry:port}

[apache-registry-promise]
recipe = slapos.cookbook:check_port_listening
path = ${directory:promises}/apache-re6st-registry
hostname = ${apache-conf:ipv6}
port = ${apache-conf:port}

{% do publish_dict.__setitem__('re6stry-url', uri_scheme ~ '://[${apache-conf:ipv6}]:${apache-conf:port}') -%}
217
{% do publish_dict.__setitem__('re6stry-local-url',  'http://${re6st-registry:ipv4}:${re6st-registry:port}/') -%}
218
{% do publish_dict.__setitem__('slave-amount',  '${re6st-registry:slave-amount}') -%}
219 220
[publish]
recipe = slapos.cookbook:publish
221
monitor-setup-url = https://monitor.app.officejs.com/#page=settings_configurator&url=${monitor-publish-parameters:monitor-url}&username=${monitor-publish-parameters:monitor-user}&password=${monitor-publish-parameters:monitor-password}
222 223 224 225 226 227
{% for name, value in publish_dict.items() -%}
{{   name }} = {{ value }}
{% endfor -%}

[buildout]
extends =
228
  {{ monitor2_template_rendered }}
229 230
  {{ logrotate_cfg }}

231
parts =
232 233 234 235 236
  certificate-authority
  logrotate-apache
  logrotate-entry-re6stnet
  re6stnet-manage
  cron-entry-logrotate
237
  cron-entry-re6st-manage
238
  apache-httpd
239
  apache-httpd-graceful
240
  publish
241 242
  port-redirection

243 244
  re6st-registry-promise
  apache-registry-promise
245
  monitor-base
246 247 248 249 250 251 252 253 254 255
# Complete parts with sections
  {{ part_list | join('\n  ') }}

eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}
offline = true

[slap-parameter]
slave_instance_list = {}