{% if software_type == slap_software_type %} {% set cached_server_dict = {} %} {% set part_list = [] %} {% set cache_port = caddy_configuration.get('cache-port') %} {% set cached_port = caddy_configuration.get('cache-through-port') %} {% set ssl_cached_port = caddy_configuration.get('ssl-cache-through-port') %} {% set cache_access = "http://%s:%s" % (local_ipv4, cache_port) %} {% set ssl_cache_access = "http://%s:%s/HTTPS" % (local_ipv4, cache_port) %} {% set TRUE_VALUES = ['y', 'yes', '1', 'true'] %} {% set NGINX_TYPE_LIST = ['eventsource', 'notebook'] %} {% set generic_instance_parameter_dict = { 'cache_access': cache_access, 'local_ipv4': local_ipv4, 'http_port': http_port, 'https_port': https_port} %} {% set slave_log_dict = {} %} {% if extra_slave_instance_list %} {% set slave_instance_information_list = [] %} {% set slave_instance_list = slave_instance_list + json_module.loads(extra_slave_instance_list) %} {% endif %} [jinja2-template-base] recipe = slapos.recipe.template:jinja2 extensions = jinja2.ext.do extra-context = context = raw common_profile {{ common_profile }} ${:extra-context} {% do logrotate_dict.pop('recipe') %} [logrotate] {% for key, value in logrotate_dict.iteritems() %} {{ key }} = {{ value }} {% endfor %} post = {{ frontend_lazy_graceful_reload }} & frequency = daily rotatep-num = 30 sharedscripts = true notifempty = true create = true [cadirectory] recipe = slapos.cookbook:mkdirectory requests = {{ custom_ssl_directory }}/requests/ private = {{ custom_ssl_directory }}/private/ certs = {{ custom_ssl_directory }}/certs/ newcerts = {{ custom_ssl_directory }}/newcerts/ crl = {{ custom_ssl_directory }}/crl/ {# Loop thought slave list to set up slaves #} {% for slave_instance in slave_instance_list %} {% set slave_reference = slave_instance.get('slave_reference') %} {% set slave_type = slave_instance.get('type', '') %} {% set slave_section_title = 'dynamic-template-slave-instance-%s' % slave_reference %} {% set slave_parameter_dict = generic_instance_parameter_dict.copy() %} {% set slave_publish_dict = {} %} {% set slave_configuration_section_name = 'slave-instance-%s-configuration' % slave_reference %} {% set slave_logrotate_section = slave_reference + "-logs" %} {% set slave_password_section = slave_reference + "-password" %} {% set slave_ln_section = slave_reference + "-ln" %} {# extend parts #} {% do part_list.extend([slave_ln_section]) %} {% do part_list.extend([slave_logrotate_section, slave_section_title]) %} {% set slave_log_folder = logrotate_dict.get('backup') + '/' + slave_reference + "-logs" %} {# Pass HTTP2 switch #} {% do slave_instance.__setitem__('enable_http2_by_default', enable_http2_by_default) %} {% do slave_instance.__setitem__('global_disable_http2', global_disable_http2) %} {# Pass proxy_try_duration and proxy_try_interval #} {% do slave_instance.__setitem__('proxy_try_duration', proxy_try_duration) %} {% do slave_instance.__setitem__('proxy_try_interval', proxy_try_interval) %} {# Set Up log files #} {% do slave_parameter_dict.__setitem__('access_log', '/'.join([caddy_log_directory, '%s_access_log' % slave_reference])) %} {% do slave_parameter_dict.__setitem__('error_log', '/'.join([caddy_log_directory, '%s_error_log' % slave_reference])) %} {% do slave_instance.__setitem__('access_log', slave_parameter_dict.get('access_log')) %} {% do slave_instance.__setitem__('error_log', slave_parameter_dict.get('error_log')) %} {# Add slave log directory to the slave log access dict #} {% do slave_log_dict.__setitem__(slave_reference, slave_log_folder) %} {% set slave_log_access_url = 'https://' + slave_reference + ':${'+ slave_password_section +':passwd}@[' + frontend_configuration.get('caddy-ipv6') + ']:' + frontend_configuration.get('caddy-https-port') + '/' + slave_reference.lower() + '/' %} {% do slave_publish_dict.__setitem__('log-access', slave_log_access_url) %} {% do slave_publish_dict.__setitem__('slave-reference', slave_reference) %} {% do slave_publish_dict.__setitem__('public-ipv4', public_ipv4) %} {# Set slave domain if none was defined #} {% if slave_instance.get('custom_domain', None) == None %} {% set domain_prefix = slave_instance.get('slave_reference').replace("-", "").replace("_", "").lower() %} {% if slave_type in NGINX_TYPE_LIST %} {% do slave_instance.__setitem__('custom_domain', "%s.%s" % (domain_prefix, slapparameter_dict.get('nginx-domain', slapparameter_dict.get('domain')))) %} {% else %} {% do slave_instance.__setitem__('custom_domain', "%s.%s" % (domain_prefix, slapparameter_dict.get('domain'))) %} {% endif %} {% endif %} {% set enable_cache = (('' ~ slave_instance.get('enable_cache', '')).lower() in TRUE_VALUES and slave_type != 'redirect') %} {% if enable_cache and 'url' in slave_instance %} {% if 'domain' in slave_instance %} {% do slave_instance.__setitem__('custom_domain', slave_instance.get('domain')) %} {% endif %} {% do slave_instance.__setitem__('backend_url', slave_instance.get('url')) %} {% do slave_instance.__setitem__('https_backend_url', slave_instance.get('https-url', slave_instance.get('url'))) %} {% do slave_instance.__setitem__('url', cache_access) %} {% do slave_instance.__setitem__('https-url', ssl_cache_access) %} {% do cached_server_dict.__setitem__(slave_reference, slave_configuration_section_name) %} {% endif %} {# BBB: apache_custom_https and apache_custom_http #} {% if not slave_instance.has_key('caddy_custom_http') and not slave_instance.has_key('caddy_custom_https') and not slave_instance.has_key('apache_custom_http') and not slave_instance.has_key('apache_custom_https') %} {% do slave_publish_dict.__setitem__('domain', slave_instance.get('custom_domain')) %} {% do slave_publish_dict.__setitem__('url', "http://%s" % slave_instance.get('custom_domain')) %} {% do slave_publish_dict.__setitem__('site_url', "http://%s" % slave_instance.get('custom_domain')) %} {% do slave_publish_dict.__setitem__('secure_access', 'https://%s' % slave_instance.get('custom_domain')) %} {% endif %} [slave-log-directory-dict] {{slave_reference}} = {{ slave_log_folder }} [slave-log-directories] <= slave-log-directory-dict recipe = slapos.cookbook:mkdirectory {% do part_list.append('slave-log-directories') %} [caddy-log-access] < = jinja2-template-base template = {{frontend_configuration.get('template-log-access')}} rendered = {{frontend_configuration.get('log-access-configuration')}} extra-context = section slave_log_directory slave-log-directory-dict section slave_password slave-password section parameter_dict caddy-log-access-parameters {% do part_list.append('caddy-log-access') %} [slave-password] {{ slave_reference }} = {{ '${' + slave_password_section + ':passwd}' }} {# Set slave logrotate entry #} [{{slave_logrotate_section}}] <= logrotate recipe = slapos.cookbook:logrotate.d name = ${:_buildout_section_name_} log = {{slave_parameter_dict.get('access_log')}} {{slave_parameter_dict.get('error_log')}} backup = {{ slave_log_folder }} {# integrate current logs inside #} [{{slave_ln_section}}] recipe = plone.recipe.command stop-on-error = false command = ln -s {{slave_parameter_dict.get('error_log')}} {{ slave_log_folder }}/error.log && ln -s {{slave_parameter_dict.get('access_log')}} {{ slave_log_folder }}/access.log {# Set password for slave #} [{{slave_password_section}}] recipe = slapos.cookbook:generate.password storage-path = {{caddy_configuration_directory}}/.{{slave_reference}}.passwd bytes = 8 {# ################################################## #} {# Set Slave Certificates if needed #} {# Set ssl certificates for each slave #} {% for cert_name in ('ssl_csr', 'ssl_proxy_ca_crt')%} {% if cert_name in slave_instance %} {% set cert_title = '%s-%s' % (slave_reference, cert_name.replace('ssl_', '')) %} {% set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) %} {% do part_list.append(cert_title) %} {% do slave_parameter_dict.__setitem__(cert_name, cert_file) %} {% do slave_instance.__setitem__('path_to_' + cert_name, cert_file) %} {# Store certificates on fs #} [{{ cert_title }}] < = jinja2-template-base template = {{ empty_template }} rendered = {{ cert_file }} extra-context = key content {{ cert_title + '-config:value' }} # Store certificate in config [{{ cert_title + '-config' }}] value = {{ dumps(slave_instance.get(cert_name)) }} {% endif %} {% endfor %} {#- Set Up Certs #} {% do slave_instance.__setitem__('login_certificate', login_certificate) %} {% do slave_instance.__setitem__('login_key', login_key) %} {% do slave_instance.__setitem__('login_ca_crt', login_ca_crt) %} {% do slave_parameter_dict.__setitem__('ssl_crt', login_certificate) %} {% do slave_parameter_dict.__setitem__('ssl_key', login_key) %} {% if 'ssl_key' in slave_instance and 'ssl_crt' in slave_instance %} {% set cert_title = '%s-crt' % (slave_reference) %} {% set key_title = '%s-key' % (slave_reference) %} {% set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) %} {% set key_file = '/'.join([custom_ssl_directory, key_title.replace('-','.')]) %} {% do part_list.append(cert_title) %} {% do part_list.append(key_title) %} {% do slave_parameter_dict.__setitem__("ssl_crt", cert_file) %} {% do slave_parameter_dict.__setitem__("ssl_key", key_file) %} {% do slave_instance.__setitem__('path_to_ssl_crt', cert_file) %} {% do slave_instance.__setitem__('path_to_ssl_key', key_file) %} [{{key_title}}] < = jinja2-template-base template = {{ empty_template }} rendered = {{ key_file }} key-content = {{ dumps(slave_instance.get('ssl_key')) }} extra-context = key content :key-content [{{cert_title}}] < = jinja2-template-base template = {{ empty_template }} rendered = {{ cert_file }} cert-content = {{ dumps(slave_instance.get('ssl_crt') + '\n' + slave_instance.get('ssl_ca_crt', '')) }} extra-context = key content :cert-content {% endif %} {# ########################################## #} {# Set Slave Configuration #} [{{ slave_configuration_section_name }}] https_port = {{ dumps(https_port) }} http_port = {{ dumps(http_port) }} local_ipv4 = {{ dumps(local_ipv4) }} nginx_http_port = {{ dumps(nginx_http_port) }} nginx_https_port = {{ dumps(nginx_https_port) }} cached_port = {{ dumps(cached_port) }} ssl_cached_port = {{ (ssl_cached_port) }} {# BBB: apache_custom_https and apache_custom_http #} {% set caddy_custom_http = ((slave_instance.pop('caddy_custom_http', slave_instance.pop('apache_custom_http', ''))) % slave_parameter_dict) %} {% set caddy_custom_https = ((slave_instance.pop('caddy_custom_https', slave_instance.pop('apache_custom_https', ''))) % slave_parameter_dict) %} caddy_custom_http = {{ dumps(caddy_custom_http) }} caddy_custom_https = {{ dumps(caddy_custom_https) }} {{ '\n' }} {% for key, value in slave_instance.iteritems() %} {{ key }} = {{ dumps(value) }} {% endfor %} [{{ slave_section_title }}] < = jinja2-template-base {% if slave_type in NGINX_TYPE_LIST %} rendered = {{ nginx_configuration_directory }}/${:filename} {% else %} rendered = {{ caddy_configuration_directory }}/${:filename} {% endif %} {% if caddy_custom_http or caddy_custom_https %} template = {{ template_custom_slave_configuration }} {% elif slave_type == 'eventsource' %} template = {{ template_eventsource_slave_configuration }} {% elif slave_type == 'notebook' %} template = {{ template_notebook_slave_configuration }} {% else %} template = {{ template_default_slave_configuration }} {% endif %} filename = {{ '%s.conf' % slave_reference }} extra-context = section slave_parameter {{ slave_configuration_section_name }} {{ '\n' }} {% set check_error_log_section_title = 'check-%s-error-log-last-hour' % slave_instance.get('slave_reference') %} {% do part_list.append(check_error_log_section_title) %} [{{ check_error_log_section_title }}] recipe = slapos.cookbook:wrapper command-line = {{ bin_directory }}/check-error-on-apache-log -l {{ slave_instance.get('error_log') }} -d 3600 filename = {{ check_error_log_section_title }} wrapper-path = {{ promise_directory }}/${:filename} {% set check_error_log_section_title = 'check-%s-error-log-last-day' % slave_instance.get('slave_reference') %} {% do part_list.append(check_error_log_section_title) %} [{{ check_error_log_section_title }}] recipe = slapos.cookbook:wrapper command-line = {{ bin_directory }}/check-error-on-apache-log -l {{ slave_instance.get('error_log') }} -d 86400 filename = {{ check_error_log_section_title }} wrapper-path = {{ promise_directory }}/${:filename} {% set monitor_ipv6_test = slave_instance.get('monitor-ipv6-test', '') %} {% if monitor_ipv6_test %} {% set monitor_ipv6_section_title = 'check-%s-ipv6-packet-list-test' % slave_instance.get('slave_reference') %} {% do part_list.append(monitor_ipv6_section_title) %} [{{ monitor_ipv6_section_title }}] recipe = slapos.cookbook:wrapper command-line = {{ dumps(bin_directory ~ '/is-icmp-packet-lost -a ' ~ monitor_ipv6_test) }} filename = {{ monitor_ipv6_section_title }} wrapper-path = {{ promise_directory }}/${:filename} {% endif %} {% set monitor_ipv4_test = slave_instance.get('monitor-ipv4-test', '') %} {% if monitor_ipv4_test %} {% set monitor_ipv4_section_title = 'check-%s-ipv4-packet-list-test' % slave_instance.get('slave_reference') %} {% do part_list.append(monitor_ipv4_section_title) %} [{{ monitor_ipv4_section_title }}] recipe = slapos.cookbook:wrapper command-line = {{ dumps(bin_directory ~ '/is-icmp-packet-lost -4 -a ' ~ monitor_ipv4_test) }} filename = {{ monitor_ipv4_section_title }} wrapper-path = {{ promise_directory }}/${:filename} {% endif %} {% set re6st_optimal_test = slave_instance.get('re6st-optimal-test', '') %} {% set re6st_ipv6 = None %} {% set re6st_ipv4 = None %} {% if ',' in re6st_optimal_test %} {% set re6st_ipv6, re6st_ipv4 = re6st_optimal_test.split(",") %} {% endif %} {% if re6st_ipv6 and re6st_ipv4 %} {% set re6st_optimal_test_section_title = 'check-%s-re6st-optimal-test' % slave_instance.get('slave_reference') %} {% do part_list.append(re6st_optimal_test_section_title) %} [{{ re6st_optimal_test_section_title }}] recipe = slapos.cookbook:wrapper command-line = {{ dumps(bin_directory ~ '/check-re6st-optimal-status -4 ' ~ re6st_ipv4 ~ ' -6 ' ~ re6st_ipv6) }} filename = {{ re6st_optimal_test_section_title }} wrapper-path = {{ promise_directory }}/${:filename} {% endif %} {# ############################### #} {# Publish Slave Information #} {% if not extra_slave_instance_list %} {% set publish_section_title = 'publish-%s-connection-information' % slave_instance.get('slave_reference') %} {% do part_list.append(publish_section_title) %} [{{ publish_section_title }}] recipe = slapos.cookbook:publish {% for key, value in slave_publish_dict.iteritems() %} {{ key }} = {{ value }} {% endfor %} {% else %} {% do slave_instance_information_list.append(slave_publish_dict) %} {% endif %} {# End of the main for loop#} {% endfor %} ############################################### ### Prepare virtualhost for slaves using cache {% for slave_reference, slave_configuration_section_name in cached_server_dict.iteritems() %} {% set cached_slave_configuration_section_title = '%s-cached-virtualhost' % slave_reference %} {% do part_list.append(cached_slave_configuration_section_title) %} [{{ cached_slave_configuration_section_title }}] < = jinja2-template-base template = {{ template_cached_slave_configuration }} filename = {{ '%s.conf' % slave_reference }} rendered = {{ caddy_cached_configuration_directory }}/${:filename} extensions = jinja2.ext.do extra-context = section slave_parameter {{ slave_configuration_section_name }} {{ '\n' }} {% endfor %} {#- Define IPv6 to IPV4 tunneling #} [tunnel-6to4-base] recipe = slapos.cookbook:wrapper ipv4 = ${slap-network-information:local-ipv4} ipv6 = ${slap-network-information:global-ipv6} wrapper-path = {{ service_directory}}/6tunnel-${:ipv6-port} command-line = {{ sixtunnel_executable }} -6 -4 -d -l ${:ipv6} ${:ipv6-port} ${:ipv4} ${:ipv4-port} hash-files = ${buildout:directory}/software_release/buildout.cfg [tunnel-6to4-base-http_port] <= tunnel-6to4-base ipv4-port = {{ http_port }} ipv6-port = {{ http_port }} [tunnel-6to4-base-https_port] <= tunnel-6to4-base ipv4-port = {{ https_port }} ipv6-port = {{ https_port }} [tunnel-6to4-base-cached_port] <= tunnel-6to4-base ipv4-port = {{ cached_port }} ipv6-port = {{ cached_port }} [tunnel-6to4-base-ssl_cached_port] <= tunnel-6to4-base ipv4-port = {{ ssl_cached_port }} ipv6-port = {{ ssl_cached_port }} [tunnel-6to4-base-nginx_http_port] <= tunnel-6to4-base ipv4-port = {{ nginx_http_port }} ipv6-port = {{ nginx_http_port }} [tunnel-6to4-base-nginx_https_port] <= tunnel-6to4-base ipv4-port = {{ nginx_https_port }} ipv6-port = {{ nginx_https_port }} {# Define log access #} [caddy-log-access-parameters] caddy_log_directory = {{ dumps(caddy_log_directory) }} caddy_configuration_directory = {{ dumps(caddy_configuration_directory) }} local_ipv4 = {{ dumps(local_ipv4) }} global_ipv6 = {{ dumps(global_ipv6) }} https_port = {{ dumps(https_port) }} http_port = {{ dumps(http_port) }} ip_access_certificate = {{ frontend_configuration.get('ip-access-certificate') }} ip_access_key = {{ frontend_configuration.get('ip-access-key') }} access_log = {{ dumps(access_log) }} error_log = {{ dumps(error_log) }} not_found_file = {{ dumps(not_found_file) }} [caddy-log-access] < = jinja2-template-base template = {{frontend_configuration.get('template-log-access')}} rendered = {{frontend_configuration.get('log-access-configuration')}} extra-context = section slave_log_directory slave-log-directory-dict section slave_password slave-password section parameter_dict caddy-log-access-parameters {# Publish information for the instance #} [publish-caddy-information] recipe = slapos.cookbook:publish.serialised public-ipv4 = {{ public_ipv4 }} private-ipv4 = {{ local_ipv4 }} {% if extra_slave_instance_list %} slave-instance-information-list = {{ json_module.dumps(slave_instance_information_list) }} {% endif %} monitor-base-url = {{ monitor_base_url }} [buildout] extends = {{ common_profile }} parts += {% for part in part_list %} {{ ' %s' % part }} {% endfor %} publish-caddy-information tunnel-6to4-base-http_port tunnel-6to4-base-https_port tunnel-6to4-base-cached_port tunnel-6to4-base-ssl_cached_port tunnel-6to4-base-nginx_http_port tunnel-6to4-base-nginx_https_port cache-access = {{ cache_access }} {% endif %}