pbsready-import.cfg.in 5.77 KB
Newer Older
1
[buildout]
2
extends = ${pbsready:output}
3

4
parts +=
5
  resiliency-takeover-script
6 7 8 9
  resilient-web-takeover-cgi-script
  resilient-web-takeover-httpd-wrapper
  resilient-web-takeover-httpd-promise

10
  notify-callback
11
  backup-checksum-integrity-promise
12
  resilient-publish-connection-parameter
13

14 15
  backup-signature-link

16 17 18 19

[slap-parameter]
on-notification =

20
[resilient-publish-connection-parameter]
21
notification-url = http://[$${notifier:host}]:$${notifier:port}/notify
22 23
takeover-url = http://[$${resilient-web-takeover-httpd-configuration-file:listening-ip}]:$${resilient-web-takeover-httpd-configuration-file:listening-port}/
takeover-password = $${resilient-web-takeover-password:passwd}
24

25 26 27
# Define port of ssh server. It has to be different from import so that it
# supports export/import using same IP (slaprunner, slapos-in-partition,
# ipv4...)
28 29 30 31 32
[sshd-port]
recipe = slapos.cookbook:free_port
minimum = 22210
maximum = 22219
ip = $${slap-network-information:global-ipv6}
33

34
# Define port of notifier (same reason)
35 36 37 38 39
[notifier-port]
recipe = slapos.cookbook:free_port
minimum = 65516
maximum = 65525
ip = $${notifier:host}
40

41
[notify-callback]
Marco Mariani's avatar
Marco Mariani committed
42 43
# notifier.callback runs a script when a notification (sent by a parent PBS)
# is received
44
recipe = slapos.cookbook:notifier.callback
45
directory = $${notifier:callbacks}
46
on-notification-id = $${slap-parameter:on-notification}
47 48 49 50 51
callbacks =
# import on notification
  $${importer:wrapper}
# check backup integrity on notification
  $${post-notification-run:output}
52

53 54
[post-notification-run]
recipe = collective.recipe.template
55 56
diff-file = $${basedirectory:backup}/backup.diff
proof-signature-file = $${basedirectory:backup}/proof.signature
57 58 59
input = inline:
  #!/${bash:location}/bin/bash
  cd $${directory:backup}
60
  find -type f ! -name backup.signature ! -wholename "./rdiff-backup-data/*" -print0 | xargs -0 sha256sum  | LC_ALL=C sort -k 66 > $${:proof-signature-file}
61
  diff -ruw backup.signature $${:proof-signature-file} > $${:diff-file}
62 63 64
output = $${rootdirectory:bin}/post-notification-run
mode = 0700

65
[backup-checksum-integrity-promise-bin]
66 67 68
recipe = slapos.recipe.template:jinja2
template = inline:
  #!/${bash:location}/bin/bash
69 70 71 72 73 74 75 76
  backup_diff_file=$${post-notification-run:diff-file}
  if [ -f "$backup_diff_file" ]; then
    if [ $(wc -l "$backup_diff_file" | cut -d \  -f1) -eq 0 ]; then
      exit 0;
    else
      exit 1;
    fi
  else
77
    # If file doesn't exist, promise shouldnt raise false positive
78 79
    exit 0;
  fi
80
rendered = $${rootdirectory:bin}/backup-checksum-integrity
81 82
mode = 700

83 84 85 86 87 88 89
[backup-checksum-integrity-promise]
<= monitor-promise-base
module = check_command_execute
name = backup-checksum-integrity.py
config-command = $${backup-checksum-integrity-promise-bin:rendered}


90 91 92 93 94 95 96 97 98 99 100 101 102 103
###########
# Generate the takeover script
###########
[resiliency-takeover-script]
recipe = slapos.cookbook:addresiliency
wrapper-takeover = $${rootdirectory:bin}/takeover
takeover-triggered-file-path = $${rootdirectory:srv}/takeover_triggered

# Add path of file created by takeover script when takeover is triggered
# Takeover script will create this file
# equeue process will watch for file existence.
[equeue]
takeover-triggered-file-path = $${resiliency-takeover-script:takeover-triggered-file-path}

104 105 106 107 108 109 110 111 112 113
###########
# Deploy a webserver allowing to do takeover from a web browser.
###########
[resilient-web-takeover-password]
recipe = slapos.cookbook:generate.password
storage-path = $${directory:srv}/passwd
bytes = 8

[resilient-web-takeover-cgi-script]
recipe = collective.recipe.template
114
input = ${resilient-web-takeover-cgi-script-download:target}
115 116 117
output = $${directory:cgi-bin}/web-takeover.cgi
password = $${resilient-web-takeover-password:passwd}
mode = 700
118
proof-signature-url = $${monitor-publish-parameters:monitor-base-url}/private/resilient/backup.signature
119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161

# XXX could it be something lighter?
# XXX Add SSL
[resilient-web-takeover-httpd-configuration-file]
recipe = collective.recipe.template
input = inline:
  PidFile "$${:pid-file}"
  Listen [$${:listening-ip}]:$${:listening-port}
  ServerAdmin someone@email
  DocumentRoot "$${:document-root}"
  ErrorLog "$${:error-log}"
  LoadModule unixd_module modules/mod_unixd.so
  LoadModule access_compat_module modules/mod_access_compat.so
  LoadModule authz_core_module modules/mod_authz_core.so
  LoadModule authz_host_module modules/mod_authz_host.so
  LoadModule mime_module modules/mod_mime.so
  LoadModule cgid_module modules/mod_cgid.so
  LoadModule dir_module modules/mod_dir.so
  ScriptSock $${:cgid-pid-file}
  <Directory $${:document-root}>
    # XXX: security????
    Options +ExecCGI
    AddHandler cgi-script .cgi
    DirectoryIndex web-takeover.cgi
  </Directory>
output = $${directory:etc}/resilient-web-takeover-httpd.conf
# md5sum =
listening-ip = $${slap-network-information:global-ipv6}
# XXX: randomize-me
listening-port = 9263
htdocs = $${directory:cgi-bin}
pid-file = $${directory:run}/resilient-web-takeover-httpd.pid
cgid-pid-file = $${directory:run}/resilient-web-takeover-httpd-cgid.pid
document-root = $${directory:cgi-bin}
error-log = $${directory:log}/resilient-web-takeover-httpd-error-log

[resilient-web-takeover-httpd-wrapper]
recipe = slapos.cookbook:wrapper
apache-executable = ${apache:location}/bin/httpd
command-line = $${:apache-executable} -f $${resilient-web-takeover-httpd-configuration-file:output} -DFOREGROUND
wrapper-path = $${basedirectory:services}/resilient-web-takeover-httpd

[resilient-web-takeover-httpd-promise]
162 163 164 165
<= monitor-promise-base
module = check_url_available
name = resilient-web-takeover-httpd.py
config-url = http://[$${resilient-web-takeover-httpd-configuration-file:listening-ip}]:$${resilient-web-takeover-httpd-configuration-file:listening-port}/
166

167 168 169 170 171
###########
# Symlinks
###########
[backup-signature-link]
recipe = cns.recipe.symlink
172
symlink = $${post-notification-run:proof-signature-file} = $${directory:monitor-resilient}/backup.signature