instance-kvm.cfg.jinja2 49.1 KB
Newer Older
1 2 3 4 5 6 7
{# Workaround empty parameter passing #}
{# In case of resilient '' is converted to 'None' string, but with slapproxy '' becomes None #}
{% for k, v in slapparameter_dict.items() %}
{%   if v == 'None' or v is none %}
{%     do slapparameter_dict.__setitem__(k, '') %}
{%   endif %}
{% endfor %}
8
{% set additional_frontend = slapparameter_dict.get('frontend-additional-instance-guid') %}
9 10 11 12 13
{% set enable_http = str(slapparameter_dict.get('enable-http-server', False)).lower() == 'true' -%}
{% set use_tap = str(slapparameter_dict.get('use-tap', True)).lower() == 'true' -%}
{% set use_nat = str(slapparameter_dict.get('use-nat', True)).lower() == 'true' -%}
{% set wipe_disk = str(slapparameter_dict.get('wipe-disk-ondestroy', False)).lower() == 'true' -%}
{% set nat_restrict = str(slapparameter_dict.get('nat-restrict-mode', False)).lower() == 'true' -%}
14
{% set name = slapparameter_dict.get('name', 'localhost') -%}
15
{% set disable_ansible_promise = str(slapparameter_dict.get('disable-ansible-promise', True)).lower() == 'true' -%}
16 17
{% set instance_type = slapparameter_dict.get('type', 'standalone') -%}
{% set nat_rule_list = slapparameter_dict.get('nat-rules', '22 80 443') -%}
18
{% set disk_device_path = slapparameter_dict.get('disk-device-path', None) -%}
19
{% set whitelist_domains = slapparameter_dict.get('whitelist-domains', '') -%}
20 21
{% set virtual_hard_drive_url_enabled = 'virtual-hard-drive-url' in slapparameter_dict %}
{% set virtual_hard_drive_url_gzipped = str(slapparameter_dict.get('virtual-hard-drive-gzipped', False)).lower() == 'true' %}
22
{% set boot_image_url_list_enabled = 'boot-image-url-list' in slapparameter_dict %}
23
{% set boot_image_url_select_enabled = 'boot-image-url-select' in slapparameter_dict %}
24
{% set bootstrap_script_url = slapparameter_dict.get('bootstrap-script-url') -%}
25 26
{% set cpu_max_count = dumps(slapparameter_dict.get('cpu-max-count', int(slapparameter_dict.get('cpu-count', 2)) + 1)) %}
{% set ram_max_size = dumps(slapparameter_dict.get('ram-max-size', int(slapparameter_dict.get('ram-size', 4096)) + 512)) %}
Alain Takoudjou's avatar
Alain Takoudjou committed
27
{% set extends_list = [] -%}
28
{% set part_list = [] -%}
Alain Takoudjou's avatar
Alain Takoudjou committed
29

30 31 32 33 34 35 36
{% if instance_type == 'cluster' -%}
{% set nat_rule_list = slapparameter_dict.get('nat-rules', '') %}
{% endif -%}
{% if not nat_rule_list or not nat_rule_list.strip() -%}
{%   set nat_rule_list = '' %}
{% endif -%}

Alain Takoudjou's avatar
Alain Takoudjou committed
37 38
{% do extends_list.append(template_monitor) -%}
{% do extends_list.append(logrotate_cfg) -%}
39

40 41 42 43
[slap-network-information]
local-ipv4 = {{ slap_configuration['ipv4-random'] }}
global-ipv6 = {{ slap_configuration['ipv6-random'] }}

44 45 46 47 48 49 50 51 52 53 54
[directory]
recipe = slapos.cookbook:mkdirectory
etc = ${buildout:directory}/etc
bin = ${buildout:directory}/bin
srv = ${buildout:directory}/srv
var = ${buildout:directory}/var
log = ${:var}/log
scripts = ${:etc}/run
services = ${:etc}/service
novnc-conf = ${:etc}/novnc
run = ${:var}/run
55
prerm = ${:etc}/prerm
56
ca-dir = ${:srv}/ssl
57
public = ${:srv}/public/
58 59 60
cron-entries = ${:etc}/cron.d
crontabs = ${:etc}/crontabs
cronstamps = ${:etc}/cronstamps
61 62 63 64 65
{%- if virtual_hard_drive_url_enabled %}
virtual-hard-drive-url-repository = ${:srv}/virtual-hard-drive-url-repository
virtual-hard-drive-url-var = ${:var}/virtual-hard-drive-url
virtual-hard-drive-url-expose = ${monitor-directory:private}/virtual-hard-drive-url
{%- endif %}
66 67 68 69
{%- if boot_image_url_list_enabled %}
boot-image-url-list-repository = ${:srv}/boot-image-url-list-repository
boot-image-url-list-var = ${:var}/boot-image-url-list
boot-image-url-list-expose = ${monitor-directory:private}/boot-image-url-list
70
{%- endif %}
71 72 73 74 75
{%- if boot_image_url_select_enabled %}
boot-image-url-select-repository = ${:srv}/boot-image-url-select-repository
boot-image-url-select-var = ${:var}/boot-image-url-select
boot-image-url-select-expose = ${monitor-directory:private}/boot-image-url-select
{%- endif %}
76 77 78 79 80

[create-mac]
recipe = slapos.cookbook:generate.mac
storage-path = ${directory:srv}/mac

81 82 83 84
[create-tap-mac]
recipe = slapos.cookbook:generate.mac
storage-path = ${directory:srv}/tap_mac

85 86 87 88 89
[gen-passwd]
recipe = slapos.cookbook:generate.password
storage-path = ${directory:srv}/passwd
bytes = 8

90 91 92 93
{% if boot_image_url_select_enabled %}
## boot-image-url-select support BEGIN
[empty-file-state-base-select-promise]
<= monitor-promise-base
94
promise = check_file_state
95 96 97 98 99 100 101 102 103 104 105 106 107
name = ${:_buildout_section_name_}.py
config-state = empty
# It's very hard to put the username and password correctly, after schema://
# and before the host, as it's not the way how one can use monitor provided
# information, so just show the information in the URL
config-url = ${monitor-base:base-url}/private/boot-image-url-select/${:filename} with username ${monitor-publish-parameters:monitor-user} and password ${monitor-publish-parameters:monitor-password}

[boot-image-url-select-source-config]
recipe = slapos.recipe.template:jinja2
template = inline:
{%- raw %}
  {{ boot_image_url_select }}
{% endraw -%}
108
boot-image-url-select = {{ dumps(slapparameter_dict['boot-image-url-select']) }}
109
context =
110
  key boot_image_url_select :boot-image-url-select
111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188
rendered = ${directory:etc}/boot-image-url-select.json

[boot-image-url-select-processed-config]
# compares if the current configuration has been used by
# the boot-image-url-select-download, if not, exposes it as not empty file with
# information
recipe = slapos.recipe.build
install =
  import os
  import hashlib
  if not os.path.exists(location):
    os.mkdir(location)
  with open('${:state-file}', 'w') as state_handler:
    try:
      with open('${:config-file}', 'rb') as config_handler, open('${:processed-md5sum}') as processed_handler:
        config_md5sum = hashlib.md5(config_handler.read()).hexdigest()
        processed_md5sum = processed_handler.read()
        if config_md5sum == processed_md5sum:
          state_handler.write('')
        else:
          state_handler.write('config %s != processed %s' % (config_md5sum, processed_md5sum))
    except Exception as e:
      state_handler.write(str(e))

update = ${:install}
config-file = ${boot-image-url-select-source-config:rendered}
state-filename = boot-image-url-select-processed-config.state
state-file = ${directory:boot-image-url-select-expose}/${:state-filename}
processed-md5sum = ${directory:boot-image-url-select-var}/update-image-processed.md5sum

[boot-image-url-select-processed-config-promise]
# promise to check if the configuration provided by the user has been already
# processed by the boot-image-url-select-download script, which runs asynchronously
<= empty-file-state-base-select-promise
filename = ${boot-image-url-select-processed-config:state-filename}
config-filename = ${boot-image-url-select-processed-config:state-file}

[boot-image-url-select-json-config]
# generates json configuration from user configuration
recipe = plone.recipe.command
command = {{ python_executable }} {{ image_download_config_creator }} ${boot-image-url-select-source-config:rendered} ${:rendered} ${directory:boot-image-url-select-repository} ${:error-state-file}
update-command = ${:command}
rendered = ${directory:boot-image-url-select-var}/boot-image-url-select.json
error-state-filename = boot-image-url-select-json-config-error.txt
error-state-file = ${directory:boot-image-url-select-expose}/${:error-state-filename}

[boot-image-url-select-config-state-promise]
# promise to check if configuration has been parsed without errors
<= empty-file-state-base-select-promise
filename = ${boot-image-url-select-json-config:error-state-filename}
config-filename = ${boot-image-url-select-json-config:error-state-file}

[boot-image-url-select-download-wrapper]
# wrapper to execute boot-image-url-select-download on each run
recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:scripts}/boot-image-url-select-updater
command-line = {{ python_executable }} {{ image_download_controller }} ${boot-image-url-select-json-config:rendered} {{ curl_executable_location }} ${:md5sum-state-file} ${:error-state-file} ${boot-image-url-select-processed-config:processed-md5sum}
md5sum-state-filename = boot-image-url-select-download-controller-md5sum-fail.json
md5sum-state-file = ${directory:boot-image-url-select-expose}/${:md5sum-state-filename}
error-state-filename = boot-image-url-select-download-controller-error.text
error-state-file = ${directory:boot-image-url-select-expose}/${:error-state-filename}
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg

[boot-image-url-select-download-md5sum-promise]
# promise to report errors with problems with calculating md5sum of the
# downloaded images
<= empty-file-state-base-select-promise
filename = ${boot-image-url-select-download-wrapper:md5sum-state-filename}
config-filename = ${boot-image-url-select-download-wrapper:md5sum-state-file}

[boot-image-url-select-download-state-promise]
# promise to report errors during download
<= empty-file-state-base-select-promise
filename = ${boot-image-url-select-download-wrapper:error-state-filename}
config-filename = ${boot-image-url-select-download-wrapper:error-state-file}
## boot-image-url-select support END
{% endif %} {# if boot_image_url_select_enabled #}

189 190
{% if boot_image_url_list_enabled %}
## boot-image-url-list support BEGIN
191
[empty-file-state-base-list-promise]
192
<= monitor-promise-base
193
promise = check_file_state
194 195 196 197 198
name = ${:_buildout_section_name_}.py
config-state = empty
# It's very hard to put the username and password correctly, after schema://
# and before the host, as it's not the way how one can use monitor provided
# information, so just show the information in the URL
199
config-url = ${monitor-base:base-url}/private/boot-image-url-list/${:filename} with username ${monitor-publish-parameters:monitor-user} and password ${monitor-publish-parameters:monitor-password}
200

201
[boot-image-url-list-source-config]
202 203 204
recipe = slapos.recipe.template:jinja2
template = inline:
{%- raw %}
205
  {{ boot_image_url_list }}
206
{% endraw -%}
207
boot-image-url-list = {{ dumps(slapparameter_dict['boot-image-url-list']) }}
208
context =
209
  key boot_image_url_list :boot-image-url-list
210
rendered = ${directory:etc}/boot-image-url-list.conf
211

212
[boot-image-url-list-processed-config]
213
# compares if the current configuration has been used by
214
# the boot-image-url-list-download, if not, exposes it as not empty file with
215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234
# information
recipe = slapos.recipe.build
install =
  import os
  import hashlib
  if not os.path.exists(location):
    os.mkdir(location)
  with open('${:state-file}', 'w') as state_handler:
    try:
      with open('${:config-file}', 'rb') as config_handler, open('${:processed-md5sum}') as processed_handler:
        config_md5sum = hashlib.md5(config_handler.read()).hexdigest()
        processed_md5sum = processed_handler.read()
        if config_md5sum == processed_md5sum:
          state_handler.write('')
        else:
          state_handler.write('config %s != processed %s' % (config_md5sum, processed_md5sum))
    except Exception as e:
      state_handler.write(str(e))

update = ${:install}
235 236 237 238
config-file = ${boot-image-url-list-source-config:rendered}
state-filename = boot-image-url-list-processed-config.state
state-file = ${directory:boot-image-url-list-expose}/${:state-filename}
processed-md5sum = ${directory:boot-image-url-list-var}/update-image-processed.md5sum
239

240
[boot-image-url-list-processed-config-promise]
241
# promise to check if the configuration provided by the user has been already
242
# processed by the boot-image-url-list-download script, which runs asynchronously
243
<= empty-file-state-base-list-promise
244 245
filename = ${boot-image-url-list-processed-config:state-filename}
config-filename = ${boot-image-url-list-processed-config:state-file}
246

247
[boot-image-url-list-json-config]
248 249
# generates json configuration from user configuration
recipe = plone.recipe.command
250
command = {{ python_executable }} {{ image_download_config_creator }} ${boot-image-url-list-source-config:rendered} ${:rendered} ${directory:boot-image-url-list-repository} ${:error-state-file}
251
update-command = ${:command}
252 253 254
rendered = ${directory:boot-image-url-list-var}/boot-image-url-list.json
error-state-filename = boot-image-url-list-json-config-error.txt
error-state-file = ${directory:boot-image-url-list-expose}/${:error-state-filename}
255

256
[boot-image-url-list-config-state-promise]
257
# promise to check if configuration has been parsed without errors
258
<= empty-file-state-base-list-promise
259 260
filename = ${boot-image-url-list-json-config:error-state-filename}
config-filename = ${boot-image-url-list-json-config:error-state-file}
261

262 263
[boot-image-url-list-download-wrapper]
# wrapper to execute boot-image-url-list-download on each run
264
recipe = slapos.cookbook:wrapper
265 266 267 268 269 270
wrapper-path = ${directory:scripts}/boot-image-url-list-updater
command-line = {{ python_executable }} {{ image_download_controller }} ${boot-image-url-list-json-config:rendered} {{ curl_executable_location }} ${:md5sum-state-file} ${:error-state-file} ${boot-image-url-list-processed-config:processed-md5sum}
md5sum-state-filename = boot-image-url-list-download-controller-md5sum-fail.json
md5sum-state-file = ${directory:boot-image-url-list-expose}/${:md5sum-state-filename}
error-state-filename = boot-image-url-list-download-controller-error.text
error-state-file = ${directory:boot-image-url-list-expose}/${:error-state-filename}
271 272
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg

273
[boot-image-url-list-download-md5sum-promise]
274 275
# promise to report errors with problems with calculating md5sum of the
# downloaded images
276
<= empty-file-state-base-list-promise
277 278
filename = ${boot-image-url-list-download-wrapper:md5sum-state-filename}
config-filename = ${boot-image-url-list-download-wrapper:md5sum-state-file}
279

280
[boot-image-url-list-download-state-promise]
281
# promise to report errors during download
282
<= empty-file-state-base-list-promise
283 284 285 286
filename = ${boot-image-url-list-download-wrapper:error-state-filename}
config-filename = ${boot-image-url-list-download-wrapper:error-state-file}
## boot-image-url-list support END
{% endif %} {# if boot_image_url_list_enabled #}
287

288 289 290 291
{% if virtual_hard_drive_url_enabled %}
## virtual-hard-drive-url support BEGIN
[empty-file-state-base-virtual-promise]
<= monitor-promise-base
292
promise = check_file_state
293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387
name = ${:_buildout_section_name_}.py
config-state = empty
# It's very hard to put the username and password correctly, after schema://
# and before the host, as it's not the way how one can use monitor provided
# information, so just show the information in the URL
config-url = ${monitor-base:base-url}/private/virtual-hard-drive-url/${:filename} with username ${monitor-publish-parameters:monitor-user} and password ${monitor-publish-parameters:monitor-password}

[virtual-hard-drive-url-source-config]
recipe = slapos.recipe.template:jinja2
template = inline:
{%- raw %}
  {{ virtual_hard_drive_url }}
{% endraw -%}
{# Enforce md5sum on virtual-hard-drive-url #}
virtual-hard-drive-url = {{ slapparameter_dict['virtual-hard-drive-url'] }}#{{ slapparameter_dict['virtual-hard-drive-md5sum'] }}
context =
  key virtual_hard_drive_url :virtual-hard-drive-url
rendered = ${directory:etc}/virtual-hard-drive-url.conf

[virtual-hard-drive-url-processed-config]
# compares if the current configuration has been used by
# the virtual-hard-drive-url-download, if not, exposes it as not empty file with
# information
recipe = slapos.recipe.build
install =
  import os
  import hashlib
  if not os.path.exists(location):
    os.mkdir(location)
  with open('${:state-file}', 'w') as state_handler:
    try:
      with open('${:config-file}', 'rb') as config_handler, open('${:processed-md5sum}') as processed_handler:
        config_md5sum = hashlib.md5(config_handler.read()).hexdigest()
        processed_md5sum = processed_handler.read()
        if config_md5sum == processed_md5sum:
          state_handler.write('')
        else:
          state_handler.write('config %s != processed %s' % (config_md5sum, processed_md5sum))
    except Exception as e:
      state_handler.write(str(e))

update = ${:install}
config-file = ${virtual-hard-drive-url-source-config:rendered}
state-filename = virtual-hard-drive-url-processed-config.state
state-file = ${directory:virtual-hard-drive-url-expose}/${:state-filename}
processed-md5sum = ${directory:virtual-hard-drive-url-var}/update-image-processed.md5sum

[virtual-hard-drive-url-processed-config-promise]
# promise to check if the configuration provided by the user has been already
# processed by the virtual-hard-drive-url-download script, which runs asynchronously
<= empty-file-state-base-virtual-promise
filename = ${virtual-hard-drive-url-processed-config:state-filename}
config-filename = ${virtual-hard-drive-url-processed-config:state-file}

[virtual-hard-drive-url-json-config]
# generates json configuration from user configuration
recipe = plone.recipe.command
command = {{ python_executable }} {{ image_download_config_creator }} ${virtual-hard-drive-url-source-config:rendered} ${:rendered} ${directory:virtual-hard-drive-url-repository} ${:error-state-file}
update-command = ${:command}
rendered = ${directory:virtual-hard-drive-url-var}/virtual-hard-drive-url.json
error-state-filename = virtual-hard-drive-url-json-config-error.txt
error-state-file = ${directory:virtual-hard-drive-url-expose}/${:error-state-filename}

[virtual-hard-drive-url-config-state-promise]
# promise to check if configuration has been parsed without errors
<= empty-file-state-base-virtual-promise
filename = ${virtual-hard-drive-url-json-config:error-state-filename}
config-filename = ${virtual-hard-drive-url-json-config:error-state-file}

[virtual-hard-drive-url-download-wrapper]
# wrapper to execute virtual-hard-drive-url-download on each run
recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:scripts}/virtual-hard-drive-url-updater
command-line = {{ python_executable }} {{ image_download_controller }} ${virtual-hard-drive-url-json-config:rendered} {{ curl_executable_location }} ${:md5sum-state-file} ${:error-state-file} ${virtual-hard-drive-url-processed-config:processed-md5sum}
md5sum-state-filename = virtual-hard-drive-url-download-controller-md5sum-fail.json
md5sum-state-file = ${directory:virtual-hard-drive-url-expose}/${:md5sum-state-filename}
error-state-filename = virtual-hard-drive-url-download-controller-error.text
error-state-file = ${directory:virtual-hard-drive-url-expose}/${:error-state-filename}
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg

[virtual-hard-drive-url-download-md5sum-promise]
# promise to report errors with problems with calculating md5sum of the
# downloaded images
<= empty-file-state-base-virtual-promise
filename = ${virtual-hard-drive-url-download-wrapper:md5sum-state-filename}
config-filename = ${virtual-hard-drive-url-download-wrapper:md5sum-state-file}

[virtual-hard-drive-url-download-state-promise]
# promise to report errors during download
<= empty-file-state-base-virtual-promise
filename = ${virtual-hard-drive-url-download-wrapper:error-state-filename}
config-filename = ${virtual-hard-drive-url-download-wrapper:error-state-file}
## virtual-hard-drive-url support END
{% endif %} {# if virtual_hard_drive_url_enabled #}

388
[kvm-controller-parameter-dict]
389
python-path = {{ python_eggs_executable }}
390
vnc-passwd = ${gen-passwd:passwd}
391
socket-path = ${directory:var}/qmp_socket
392
pid-file = ${directory:run}/pid_file
393
kvm-status-path = ${directory:var}/qemu-vm-is-ready
394
cpu-count = ${slap-parameter:cpu-count}
395
cpu-model = ${slap-parameter:cpu-model}
396 397 398
ram-hotplug-slot-size = ${slap-parameter:ram-hotplug-slot-size}
ram-size = ${slap-parameter:ram-size}
enable-device-hotplug = ${slap-parameter:enable-device-hotplug}
399

400 401
[kvm-parameter-dict]
python-path = {{ python_executable }}
402 403 404 405 406
ipv4 = ${slap-network-information:local-ipv4}
ipv6 = ${slap-network-information:global-ipv6}
vnc-ip = ${:ipv4}
vnc-port = 5901

407
default-cdrom-iso = {{ debian_amd64_netinst_location }}
408 409 410 411 412
{% if virtual_hard_drive_url_enabled %}
virtual-hard-drive-url-json-config = ${virtual-hard-drive-url-json-config:rendered}
{% else %}
virtual-hard-drive-url-json-config =
{% endif %}
413 414
{% if boot_image_url_list_enabled %}
boot-image-url-list-json-config = ${boot-image-url-list-json-config:rendered}
415
{% else %}
416
boot-image-url-list-json-config =
417
{% endif %}
418 419 420 421 422
{% if boot_image_url_select_enabled %}
boot-image-url-select-json-config = ${boot-image-url-select-json-config:rendered}
{% else %}
boot-image-url-select-json-config =
{% endif %}
423 424 425 426 427
nbd-host = ${slap-parameter:nbd-host}
nbd-port = ${slap-parameter:nbd-port}
nbd2-host = ${slap-parameter:nbd2-host}
nbd2-port = ${slap-parameter:nbd2-port}

428
tap-interface = {{ slap_configuration.get('tap-name', '') }}
429
tap-ipv6-addr = {{ slap_configuration.get('tap-ipv6-addr', '') }}
430 431 432

disk-size = ${slap-parameter:disk-size}
disk-type = ${slap-parameter:disk-type}
433
disk-format = ${slap-parameter:disk-format}
434
disk-device-path = ${slap-parameter:disk-device-path}
435
disk-path = ${directory:srv}/virtual.${slap-parameter:disk-format}
436

437 438
network-adapter = ${slap-parameter:network-adapter}

439
pid-file-path = ${kvm-controller-parameter-dict:pid-file}
440
socket-path = ${kvm-controller-parameter-dict:socket-path}
441

442
{%- set enable_device_hotplug = slapparameter_dict.get('enable-device-hotplug', 'false').lower() == 'true' %}
443 444
smp-max-count = {{ cpu_max_count }}
ram-max-size = {{ ram_max_size }}
445
{%- if enable_device_hotplug %}
446 447
init-ram-size = 4096
init-smp-count = 2
448 449 450 451 452
{%- else %}
init-ram-size = ${kvm-controller-parameter-dict:ram-size}
init-smp-count = ${kvm-controller-parameter-dict:cpu-count}
{%- endif %}

453
mac-address = ${create-mac:mac-address}
454
tap-mac-address = ${create-tap-mac:mac-address}
455 456

use-tap = ${slap-parameter:use-tap}
457
use-nat = ${slap-parameter:use-nat}
458
nat-rules = {{ nat_rule_list }}
459
nat-restrict= {{ dumps(nat_restrict) }}
460
enable-vhost = ${slap-parameter:enable-vhost}
461 462 463

virtual-hard-drive-url = ${slap-parameter:virtual-hard-drive-url}
virtual-hard-drive-md5sum = ${slap-parameter:virtual-hard-drive-md5sum}
464
virtual-hard-drive-gzipped = ${slap-parameter:virtual-hard-drive-gzipped}
465
hard-drive-url-check-certificate = ${slap-parameter:hard-drive-url-check-certificate}
466 467 468 469 470

shell-path = {{ dash_executable_location }}
qemu-path =  {{ qemu_executable_location }}
qemu-img-path = {{ qemu_img_executable_location }}

471
etc-directory = ${directory:etc}
472
disk-storage-list =
473 474 475 476 477
{% for key, path in storage_dict.items() -%}
{{ '  ' ~ key ~ ' ' ~ path }}
{% endfor -%}
external-disk-number = ${slap-parameter:external-disk-number}
external-disk-size = ${slap-parameter:external-disk-size}
478
external-disk-format = ${slap-parameter:external-disk-format}
479

480
{% if enable_http -%}
481 482 483 484
httpd-port = ${slap-parameter:httpd-port}
{% else -%}
httpd-port = 0
{% endif -%}
485 486 487 488 489 490

# Main instance document server info
{% if slapparameter_dict.get('document-host', '') and slapparameter_dict.get('document-port', '') -%}
cluster-doc-host = ${tunnel-cluster-url:ipv4}
cluster-doc-port = ${tunnel-cluster-url:ipv4-port}
{% else -%}
491
cluster-doc-host =
492 493
cluster-doc-port = 0
{% endif -%}
494
netcat-binary = {{ netcat_bin }}
495

496 497 498 499 500
name = {{ slapparameter_dict.get('name', 'Single KVM') }}
disk-cache = ${slap-parameter:disk-cache}
disk-aio = ${slap-parameter:disk-aio}
auto-ballooning = ${slap-parameter:auto-ballooning}
machine-options = ${slap-parameter:machine-options}
501
cpu-model = ${slap-parameter:cpu-model}
502 503 504

log-file = ${directory:log}/qemu.log

505 506 507 508 509
[kvm-run]
recipe = slapos.recipe.template:jinja2
template = {{ template_kvm_run }}
rendered = ${directory:bin}/kvm_raw
mode = 700
510
context =
511 512
  section parameter_dict kvm-parameter-dict

513
[kvm-controller]
514 515
recipe = slapos.recipe.template:jinja2
template = {{ template_kvm_controller_run }}
516
rendered = ${directory:bin}/kvm_controller_raw
517
mode = 700
518
context =
519 520 521 522 523 524 525 526
  section parameter_dict kvm-controller-parameter-dict

[tunnel-6to4-base]
recipe = slapos.cookbook:wrapper
ipv4 = ${slap-network-information:local-ipv4}
ipv6 = ${slap-network-information:global-ipv6}
wrapper-path = ${directory:services}/6tunnel-${:ipv6-port}
command-line = {{ sixtunnel_executable_location }} -6 -4 -d -l ${:ipv6} ${:ipv6-port} ${:ipv4} ${:ipv4-port}
527
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
528

529
{% if use_nat and nat_rule_list -%}
530
{%   for port in nat_rule_list.split(' ') -%}
531 532 533 534 535
{%     if ':' in port -%}
{%       set proto, port = port.split(':') -%}
{%     else -%}
{%       set proto, port = 'tcp', port -%}
{%     endif -%}
536
{%     set external_port = 10000 + port|int() -%}
537
{%     set section_name = '6tunnel-' ~ proto ~ '-' ~ external_port -%}
538 539 540 541 542 543 544 545
[{{ section_name }}]
<= tunnel-6to4-base
ipv4-port = {{ external_port }}
ipv6-port = {{ external_port }}
{%     do part_list.append(section_name) -%}
{%   endfor -%}
{% endif -%}

546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566
{%- set depend_section_list = [] %}
{%- set hash_file_list = ['${kvm-run:rendered}'] %}
{%- macro generate_depend_section(section, key) %}
{%-  do depend_section_list.append('${' + section + ':command}' ) %}
{%-  do hash_file_list.append('${' + key + '}') %}
[{{ section }}]
recipe = plone.recipe.command
update-command = ${:command}
command = [ ! -f {{ '${' + key + '}' }} ] && touch {{ '${' +  key + '}' }}
{%- endmacro %}
{#- Create depending sections, as state files appear late, so it's better to have empty file which will impact the hash anyway #}
{%- if boot_image_url_list_enabled %}
{{    generate_depend_section('boot-image-url-list-depend', 'boot-image-url-list-download-wrapper:md5sum-state-file') }}
{%- endif %}
{%- if boot_image_url_select_enabled %}
{{    generate_depend_section('boot-image-url-select-depend', 'boot-image-url-select-download-wrapper:md5sum-state-file') }}
{%- endif %}
{%- if virtual_hard_drive_url_enabled %}
{{    generate_depend_section('virtual-hard-drive-url-depend', 'virtual-hard-drive-url-download-wrapper:md5sum-state-file') }}
{%- endif %}

567
[kvm-instance]
568 569 570 571
depends =
{%- for depend_section in depend_section_list %}
  {{ depend_section }}
{%- endfor %}
572 573 574 575
recipe = slapos.cookbook:wrapper
socket-path = ${kvm-controller-parameter-dict:socket-path}
wrapper-path = ${directory:services}/kvm
command-line = ${kvm-run:rendered}
576
kvm-controller = ${kvm-controller-wrapper:wrapper-path}
577
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
578 579 580 581
hash-files =
{%- for hash_file in hash_file_list %}
  {{ hash_file }}
{%- endfor %}
582 583 584 585 586

[kvm-controller-wrapper]
recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:scripts}/kvm_controller
command-line = ${kvm-controller:rendered}
587 588


589
[kvm-vnc-promise]
590
<= monitor-promise-base
591
promise = check_socket_listening
592
name = vnc_promise.py
593
config-host = ${kvm-parameter-dict:vnc-ip}
594
config-port = ${kvm-parameter-dict:vnc-port}
595

596
[kvm-disk-image-corruption-bin]
597 598
recipe = collective.recipe.template
input = inline:#!/bin/sh
599 600 601
  # Return code 0 is "OK"
  # Return code 3 is "found leaks, but image is OK"
  # http://git.qemu.org/?p=qemu.git;a=blob;f=qemu-img.c;h=4e9a7f5741c9cb863d978225829e68fefcae3947;hb=HEAD#l702
602 603 604 605
  if [ "${slap-parameter:disk-device-path}" != "" ]; then
    # disk device option is used, skip qemu img check
    exit 0
  fi
606
  ${kvm-parameter-dict:qemu-img-path} check -U ${kvm-parameter-dict:disk-path} > /dev/null 2>&1
607 608 609 610 611 612
  RETURN_CODE=$?
  if [ $RETURN_CODE -eq 0 ] || [ $RETURN_CODE -eq 3 ]; then
    exit 0
  else
    exit 1
  fi
613
output = ${directory:bin}/kvm-disk-image-corruption
614 615
mode = 700

616 617 618
[kvm-disk-image-corruption-promise]
# Check that disk image is not corrupted
<= monitor-promise-base
619
promise = check_command_execute
620 621 622
name = kvm-disk-image-corruption.py
config-command = ${kvm-disk-image-corruption-bin:output}

623
{% if wipe_disk -%}
624 625 626 627 628 629 630 631
{% do part_list.append('wipe-disk-wrapper') -%}
{% set wipe_file_list = '${kvm-parameter-dict:disk-path}' -%}
{% if storage_dict -%}
{% set wipe_file_list = '${kvm-parameter-dict:disk-path}' ~ ' ' ~ '/* '.join(storage_dict.values()) ~ '/*' -%}
{% endif -%}
[wipe-disk-wrapper]
recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:prerm}/slapos_wipe_qemu_disk
632
command-line =
633 634 635
  {{ wipe_disk_wrapper }} -n {{ slapparameter_dict.get('wipe-disk-iterations', 1) }} -suz --check-pid-file ${kvm-parameter-dict:pid-file-path} --file {{ wipe_file_list }}
{% endif -%}

636
[kvm-started-bin]
637 638
recipe = slapos.recipe.template:jinja2
template = {{ qemu_start_promise_tpl }}
639
rendered = ${directory:bin}/qemu-virtual-machine-is-ready
640
mode = 700
641
context =
642 643 644
  raw dash {{ dash_executable_location }}
  raw qemu_ready_path ${kvm-controller-parameter-dict:kvm-status-path}
  raw qemu_service_log_file ${buildout:directory}/.${slap-connection:partition-id}_kvm.log
645

646 647
[kvm-started-promise]
<= monitor-promise-base
648
promise = check_command_execute
649 650 651
name = qemu-virtual-machine-is-ready.py
config-command = ${kvm-started-bin:rendered}

652 653 654 655 656
[novnc-instance]
recipe = slapos.cookbook:novnc
path = ${ca-novnc:executable}
ip = ${slap-network-information:global-ipv6}
port = 6080
657 658
vnc-ip = ${kvm-parameter-dict:vnc-ip}
vnc-port = ${kvm-parameter-dict:vnc-port}
659 660 661 662 663 664 665
novnc-location = {{ novnc_location }}
websockify-path = {{ websockify_executable_location }}
ssl-key-path = ${ca-novnc:key-file}
ssl-cert-path = ${ca-novnc:cert-file}

[websockify-sighandler]
recipe = slapos.cookbook:signalwrapper
666
wrapper-path = ${directory:bin}/websockify-sighandler
667 668
wrapped-path = ${novnc-instance:path}

669 670 671 672
[websockify-sighandler-service]
recipe = slapos.cookbook:wrapper
command-line = ${websockify-sighandler:wrapper-path}
wrapper-path = ${directory:services}/websockify
673
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
674 675 676
wait-for-files =
  ${ca-novnc:key-file}
  ${ca-novnc:cert-file}
677

678 679 680 681 682
[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = {{ openssl_executable_location }}
ca-dir = ${directory:ca-dir}
requests-directory = ${cadirectory:requests}
683
wrapper = ${directory:bin}/certificate_authority
684 685 686 687 688
ca-private = ${cadirectory:private}
ca-certs = ${cadirectory:certs}
ca-newcerts = ${cadirectory:newcerts}
ca-crl = ${cadirectory:crl}

689 690 691 692
[certificate-authority-service]
recipe = slapos.cookbook:wrapper
command-line = ${certificate-authority:wrapper}
wrapper-path = ${directory:services}/certificate_authority
693
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
694

695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711
[cadirectory]
recipe = slapos.cookbook:mkdirectory
requests = ${directory:ca-dir}/requests/
private = ${directory:ca-dir}/private/
certs = ${directory:ca-dir}/certs/
newcerts = ${directory:ca-dir}/newcerts/
crl = ${directory:ca-dir}/crl/

[ca-novnc]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = ${directory:novnc-conf}/novnc.key
cert-file = ${directory:novnc-conf}/novnc.crt
executable = ${directory:bin}/novnc
wrapper = ${directory:bin}/websockify

[novnc-promise]
712
<= monitor-promise-base
713
promise = check_socket_listening
714
name = novnc_promise.py
715
config-host = ${novnc-instance:ip}
716
config-port = ${novnc-instance:port}
717 718 719 720 721 722 723 724 725 726 727 728 729


#----------------
#--
#-- Deploy cron.

[cron]
recipe = slapos.cookbook:cron
dcrond-binary = {{ dcron_executable_location }}
cron-entries = ${directory:cron-entries}
crontabs = ${directory:crontabs}
cronstamps = ${directory:cronstamps}
catcher = ${cron-simplelogger:wrapper}
730 731 732 733 734 735
binary = ${directory:bin}/crond_raw

[cron-service]
recipe = slapos.cookbook:wrapper
command-line = ${cron:binary}
wrapper-path = ${directory:services}/crond
736
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
737 738 739 740 741 742 743 744 745 746

[cron-simplelogger]
recipe = slapos.cookbook:simplelogger
wrapper = ${directory:bin}/cron_simplelogger
log = ${directory:log}/crond.log

#----------------
#--
#-- Deploy frontend.

747
[request-slave-frontend-base]
748 749 750 751 752 753 754
recipe = slapos.cookbook:requestoptional
server-url = ${slap-connection:server-url}
key-file = ${slap-connection:key-file}
cert-file = ${slap-connection:cert-file}
computer-id = ${slap-connection:computer-id}
partition-id = ${slap-connection:partition-id}
slave = true
755 756 757 758 759 760 761 762 763 764
config-https-only = True
config-type = websocket
config-url = https://[${novnc-instance:ip}]:${novnc-instance:port}
return = secure_access domain

[request-slave-frontend]
<= request-slave-frontend-base
software-url = ${slap-parameter:frontend-software-url}
software-type = ${slap-parameter:frontend-software-type}
name = ${slap-parameter:frontend-instance-name}
765 766 767
sla-instance_guid = ${slap-parameter:frontend-instance-guid}

[frontend-promise]
768
<= monitor-promise-base
769
promise = check_url_available
770 771
name = frontend_promise.py
config-url = ${publish-connection-information:url}
772

773 774 775 776 777 778 779 780 781
{% if additional_frontend %}
[request-slave-frontend-additional]
<= request-slave-frontend-base
software-url = ${slap-parameter:frontend-additional-software-url}
software-type = ${slap-parameter:frontend-additional-software-type}
name = ${slap-parameter:frontend-additional-instance-name}
sla-instance_guid = ${slap-parameter:frontend-additional-instance-guid}

[frontend-additional-promise]
782
<= monitor-promise-base
783
promise = check_url_available
784 785
name = frontend_additional_promise.py
config-url = ${publish-connection-information:url-additional}
786
{% endif %}
787

788
{% if enable_http %}
789 790 791 792 793
[httpd]
recipe = slapos.cookbook:simplehttpserver
host = ${slap-network-information:local-ipv4}
port = ${slap-parameter:httpd-port}
base-path = ${directory:public}
794
wrapper = ${directory:bin}/http-server
795 796 797
log-file = ${directory:log}/httpd.log
use-hash-url = false

798 799 800 801
[httpd-service]
recipe = slapos.cookbook:wrapper
command-line = ${httpd:wrapper}
wrapper-path = ${directory:services}/http-server
802
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
803

804
[httpd-promise]
805
<= monitor-promise-base
806
promise = check_socket_listening
807
name = httpd.py
808
config-host = ${httpd:host}
809
config-port = ${httpd:port}
810 811
{% endif %}

812 813 814
[monitor-instance-parameter]
monitor-httpd-port = 8026
monitor-title = {{ slapparameter_dict.get('name', 'KVM Standalone') }}
815
cors-domains = {{ slapparameter_dict.get('monitor-cors-domains', 'monitor.app.officejs.com') }}
816
{% if slapparameter_dict.get('monitor-username', '') -%}
817
username = {{ slapparameter_dict['monitor-username'] }}
818 819
{% endif -%}
{% if slapparameter_dict.get('monitor-password', '') -%}
820
password = {{ slapparameter_dict['monitor-password'] }}
Alain Takoudjou's avatar
Alain Takoudjou committed
821
{% endif -%}
822
interface-url = {{ slapparameter_dict.get('monitor-interface-url', 'https://monitor.app.officejs.com') }}
Alain Takoudjou's avatar
Alain Takoudjou committed
823

824 825 826 827
# this helper just gives a blank line to insert in multiline values
[helper]
blank-line =

828
[publish-connection-information]
829
<= monitor-publish
830
recipe = slapos.cookbook:publish
Alain Takoudjou's avatar
Alain Takoudjou committed
831
ipv6 = ${slap-network-information:global-ipv6}
832 833
backend-url = https://[${novnc-instance:ip}]:${novnc-instance:port}/vnc.html?auto=1&encrypt=1&password=${kvm-controller-parameter-dict:vnc-passwd}
url = ${request-slave-frontend:connection-secure_access}/vnc.html?auto=1&encrypt=1&password=${kvm-controller-parameter-dict:vnc-passwd}
834
{% if additional_frontend %}
835
url-additional = ${request-slave-frontend-additional:connection-secure_access}/vnc.html?auto=1&encrypt=1&password=${kvm-controller-parameter-dict:vnc-passwd}
836
{% endif %}
837 838
{% set disk_number = len(storage_dict) -%}
maximum-extra-disk-amount = {{ disk_number }}
839
{% set iface = 'ens3' -%}
840
{% if use_nat -%}
841
{%   set iface = 'ens4' -%}
842
{%   if nat_rule_list -%}
843
# Publish NAT port mapping status
844
{%     for port in nat_rule_list.split(' ') -%}
845 846 847 848 849
{%       if ':' in port -%}
{%         set proto, port = port.split(':') -%}
{%       else -%}
{%         set proto, port = 'tcp', port -%}
{%       endif -%}
850
{%       set external_port = 10000 + port|int() -%}
851
nat-rule-port-{{proto}}-{{port}} = ${slap-network-information:global-ipv6} : ${6tunnel-{{proto}}-{{external_port}}:ipv6-port}
852
{%       if slapparameter_dict.get('publish-nat-url', False) -%}
Thomas Gambier's avatar
Thomas Gambier committed
853
nat-rule-url-{{proto}}-{{port}} = [${slap-network-information:global-ipv6}]:${6tunnel-{{proto}}-{{external_port}}:ipv6-port}
854 855 856
{%       endif -%}
{%     endfor -%}
{%   endif -%}
857
{% endif -%}
858
{% if use_tap -%}
859 860
tap-ipv4 = {{ slap_configuration.get('tap-ipv4-addr', '') }}
tap-ipv6 = {{ slap_configuration.get('tap-ipv6-addr', '') }}
861
{% endif -%}
862 863

{% set kvm_http = 'http://${slap-network-information:local-ipv4}:' ~ slapparameter_dict.get('httpd-port', 8081) -%}
864 865
{% if enable_http %}
{%   if use_nat -%}
866 867
{%     set kvm_http = 'http://10.0.2.100' -%}
{%   endif %}
Alain Takoudjou's avatar
Alain Takoudjou committed
868
{%   if slapparameter_dict.get('authorized-key', '') and slapparameter_dict.get('type', '') == 'cluster' -%}
869
key_info = Get the publick key file in your VM with the command: wget {{ kvm_http }}/authorized_keys
870 871 872
{%   endif %}
{% endif %}

873
ipv6-network-info =
874
{% if use_tap and slap_configuration.get('tap-ipv6-addr') %}
875
  PERMANENT SOLUTION: in your VM, add the lines below in /etc/network/interfaces and then run: "ifup {{ iface }}"
876 877 878 879 880
  auto {{ iface }}
  iface {{ iface }} inet6 static
  	address {{ slap_configuration.get('tap-ipv6-gateway') }}
  	netmask {{ slap_configuration.get('tap-ipv6-network').split('/')[1] }}
  	gateway {{ slap_configuration.get('tap-ipv6-addr') }}
881
{% if enable_http %}
882
  ${helper:blank-line}
883 884
  TEMPORARY SOLUTION: run in your VM the command: "wget -O- {{ kvm_http }}/${network-config-ipv6:filename} | /bin/sh -"
  (the configuration will be gone after the next reboot)
885 886 887 888
{% endif %}
{% endif %}


889
{% if use_tap and slap_configuration.get('tap-ipv4-addr') -%}
890
[network-config-ipv4]
891
recipe = plone.recipe.command
892 893
filename = netconfig.sh
path = ${directory:public}/${:filename}
894
ipv4-add-address = ip -4 address add {{ slap_configuration.get('tap-ipv4-addr') }}/{{ slap_configuration.get('tap-ipv4-netmask') }} dev \$IFACE noprefixroute
895
ipv4-add-gateway-route = ip route add {{ slap_configuration.get('tap-ipv4-gateway') }} dev \$IFACE
896
{%   if nat_restrict -%}
897
ipv4-add-default-route = ip route add default via {{ slap_configuration.get('tap-ipv4-gateway') }} dev \$IFACE
898
{%   elif global_ipv4_prefix -%}
899
ipv4-add-default-route = ip route add {{ global_ipv4_prefix }} via {{ slap_configuration.get('tap-ipv4-gateway') }} dev \$IFACE src {{ slap_configuration.get('tap-ipv4-addr') }}
900
{%   else -%}
901
ipv4-add-default-route =
902
{%   endif -%}
903
ipv4-set-link-up = ip link set dev \$IFACE up
904
command =
905 906 907 908
  cat > ${:path} << EOF
  #!/bin/sh
  IFACE={{ iface }}
  #try to be compatible with OS with old names
909 910
  ip a | grep eth0: && [ \$IFACE = ens3 ] && IFACE=eth0
  ip a | grep eth1: && [ \$IFACE = ens4 ] && IFACE=eth1
911
  ${:ipv4-add-address}
912
  ${:ipv4-add-gateway-route}
913 914
  ${:ipv4-add-default-route}
  ${:ipv4-set-link-up}
915 916 917 918
  EOF
update-command = ${:command}
{% endif -%}

919
{% if use_tap and slap_configuration.get('tap-ipv6-addr') -%}
920 921
[network-config-ipv6]
recipe = plone.recipe.command
922 923 924
filename = ipv6_config.sh
path = ${directory:public}/${:filename}
ipv6-add-address = ip -6 address add {{ slap_configuration.get('tap-ipv6-gateway') }}/{{ slap_configuration.get('tap-ipv6-network').split('/')[1] }} dev \$IFACE
925
ipv6-add-default-route =
926 927
  ip -6 route del default ; ip -6 route add default dev \$IFACE via {{ slap_configuration.get('tap-ipv6-addr') }}
ipv6-set-link-up = ip link set dev \$IFACE up
928 929 930 931 932 933
command =
  cat > ${:path} << EOF
  #!/bin/sh
  IFACE={{ iface }}
  ${:ipv6-add-address}
  ${:ipv6-add-default-route}
934
  ${:ipv6-set-link-up}
935
  EOF
936
update-command = ${:command}
937
{% endif -%}
938

939 940 941 942 943 944 945 946 947 948 949 950 951
{% macro writefile(section_name, file_path, content, mode='') -%}
{% set data_list =  content.split('\n') -%}
[{{ section_name }}]
recipe = collective.recipe.template
input = inline:
  {{ data_list | join('\n  ') }}
output = {{ file_path }}
mode = {{ mode }}
{% endmacro -%}

# write vm-data into file public/data
{{ writefile('vm-data-content', '${directory:public}/data', slapparameter_dict.get('data-to-vm', ''), '700') }}

952
{% if slapparameter_dict.get('authorized-key', '') -%}
953
# write public key for vms to public/authorized_keys
954 955
{{   writefile('get-authorized-key', '${directory:public}/authorized_keys', slapparameter_dict.get('authorized-key', ''), '700') }}
{% endif -%}
956

957
{% if use_tap and nat_restrict -%}
958 959 960 961 962
# Ask to set default to tap interface in the vm
{{ writefile('set-default-interface', '${directory:public}/delDefaultIface', iface, '600') }}
{% do part_list.append('set-default-interface') -%}
{% endif -%}

963 964 965
[publish-host-config]
recipe = plone.recipe.command
name = {{ slapparameter_dict.get('name', 'localhost') }}
966
{% if use_tap and slap_configuration.get('tap-ipv4-addr') -%}
967
local-ipv4 = {{ slap_configuration['tap-ipv4-addr'] }}
968 969 970
gateway = {{ slap_configuration.get('tap-ipv4-gateway') }}
netmask = {{ slap_configuration.get('tap-ipv4-network') }}
network = {{ slap_configuration.get('tap-ipv4-netmask') }}
971 972
{% else -%}
local-ipv4 = 127.0.0.1
973 974 975
gateway =
netmask =
network =
976 977 978
{% endif -%}
path-host = ${directory:public}/hostname
path-ip = ${directory:public}/ipv4
979 980 981
path-gateway = ${directory:public}/gateway
path-network = ${directory:public}/network
path-netmask = ${directory:public}/netmask
982
command =
983 984
  rm -f ${:path-host}
  rm -f ${:path-ip}
985 986 987
  rm -f ${:path-gateway}
  rm -f ${:path-network}
  rm -f ${:path-netmask}
988 989
  echo "${:name}" > ${:path-host}
  echo "${:local-ipv4}" > ${:path-ip}
990 991 992
  echo "${:gateway}" > ${:path-gateway}
  echo "${:network}" > ${:path-network}
  echo "${:netmask}" > ${:path-netmask}
993 994
update-command = ${:command}

995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014
# To access documents of main instance (in case of kvm-cluster) through http
[cluster-url-path]
recipe = slapos.recipe.template:jinja2
template = {{ template_content }}
filename = cluster.hash
rendered = ${directory:public}/${:filename}
hash-url = https://10.0.2.101:443/{{ slapparameter_dict.get('document-path', '') }}
context =
    key content_list :hash-url
    raw sep #

# This 6to4 tunnel help to access document url in ipv4
[tunnel-cluster-url]
recipe = slapos.cookbook:ipv4toipv6
ipv6 = {{ slapparameter_dict.get('document-host', '') }}
ipv4 = ${slap-network-information:local-ipv4}
ipv6-port = {{ slapparameter_dict.get('document-port', '') }}
ipv4-port = 16936
shell-path = {{ dash_executable_location }}
6tunnel-path = {{ sixtunnel_executable_location }}
1015 1016 1017 1018 1019 1020
runner-path = ${directory:bin}/6tunnel-cluster

[tunnel-cluster-service]
recipe = slapos.cookbook:wrapper
command-line = ${tunnel-cluster-url:runner-path}
wrapper-path = ${directory:services}/6tunnel-cluster
1021
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
1022

1023
[ansible-vm-bin]
1024 1025
recipe = slapos.recipe.template:jinja2
template = {{ ansible_promise_tpl }}
1026
rendered = ${directory:bin}/ansible_{{ name }}
1027 1028 1029 1030 1031
extensions = jinja2.ext.do
context =
  raw logs ${directory:public}/ansible
  raw name {{ name }}

1032 1033
[ansible-vm-promise]
<= monitor-promise-base
1034
promise = check_command_execute
1035 1036 1037
name = ansible_{{ name }}.py
config-command = ${ansible-vm-bin:rendered}

1038
{% if bootstrap_script_url -%}
1039
[download-bootstrap-script]
1040 1041 1042 1043 1044 1045 1046 1047 1048 1049
recipe = slapos.recipe.build
location = ${directory:public}/vm-bootstrap
install =
  from zc.buildout.download import check_md5sum, urlretrieve, ChecksumError
  url, md5sum = {{ repr(bootstrap_script_url) }}.split('#')
  urlretrieve(url, location)
  if not check_md5sum(location, md5sum):
    os.remove(location)
    raise ChecksumError
{% endif -%}
1050

1051 1052 1053 1054 1055
[logrotate-vm-bootstrap]
< = logrotate-entry-base
name = vm-bootstrap
log = ${directory:public}/ansible/vm-bootstrap.log

1056 1057
[slap-parameter]
# Default values if not specified
1058 1059
frontend-software-type = RootSoftwareInstance
frontend-software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
1060
frontend-instance-guid =
1061 1062 1063 1064 1065
frontend-instance-name = VNC Real Frontend
frontend-additional-software-type = RootSoftwareInstance
frontend-additional-software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
frontend-additional-instance-guid =
frontend-additional-instance-name = VNC Real Frontend Additional
1066 1067 1068 1069
nbd-port = 1024
nbd-host =
nbd2-port = 1024
nbd2-host =
1070
boot-image-url-list =
1071

1072
enable-device-hotplug = False
1073
ram-size = 4096
1074
ram-hotplug-slot-size = 512
1075
disk-size = 40
1076
disk-type = virtio
1077 1078
disk-format = qcow2
disk-device-path =
1079

1080 1081
network-adapter = virtio-net-pci

1082
cpu-count = 2
1083 1084
disk-cache =
disk-aio =
1085
auto-ballooning = True
1086
machine-options =
1087
cpu-model = host
1088 1089

nat-rules = 22 80 443
1090
use-nat = True
1091
use-tap = True
1092
nat-restrict-mode = False
1093
enable-vhost = False
1094 1095 1096

virtual-hard-drive-url =
virtual-hard-drive-md5sum =
1097
virtual-hard-drive-gzipped = False
1098 1099
# if virtual-hard-drive-url use https, then specify if https certificate should be checked or not
hard-drive-url-check-certificate = True
1100 1101 1102

external-disk-number = 0
external-disk-size = 20
1103
external-disk-format = qcow2
1104

1105
# Help to get some configuration files into the vm from http
1106 1107
enable-http-server = False
httpd-port = 8081
1108
# for auto config, the public key file will be available in the VM via url http://10.0.2.100/authorized_key if use-nat = True
1109
authorized-key =
1110 1111 1112

# send some content which will be accessible to the vm through static url: http://10.0.2.100/data
data-to-vm =
1113

1114
{% for k, v in slapparameter_dict.items() -%}
1115 1116 1117 1118
{% if k == 'authorized-key' and v -%}
{% set key_list =  v.split('\n') -%}
{{ k }} =
  {{ key_list | join('\n  ') }}
1119
{% elif k in ['boot-image-url-list', 'boot-image-url-select', 'whitelist-domains'] %}
1120 1121
{# needs to decorate possibly multiline or maybe unsafe value #}
{{ k }} = {{ dumps(v) }}
1122
{% else -%}
1123
{{ k }} = {{ v }}
1124
{% endif -%}
1125 1126
{% endfor -%}

1127 1128 1129 1130 1131 1132 1133
#############################
#
# Instanciate kvm (Buildout Section)
#
#############################

{% if slapparameter_dict.get('document-host', '') %}
1134
# Set Additionals parts
1135 1136
{%   do part_list.append('cluster-url-path') -%}
{% endif -%}
1137
{% if enable_http %}
1138
{%   do part_list.extend(['httpd', 'httpd-service', 'httpd-promise', 'publish-host-config']) -%}
1139 1140 1141
{% if slapparameter_dict.get('data-to-vm', '') %}
{%   do part_list.append('vm-data-content') -%}
{% endif -%}
1142
{% if not disable_ansible_promise %}
1143 1144
{%   do part_list.extend(['ansible-vm-promise', 'logrotate-vm-bootstrap']) -%}
{% endif -%}
Alain Takoudjou's avatar
Alain Takoudjou committed
1145
{% if slapparameter_dict.get('authorized-key', '') and slapparameter_dict.get('type', '') == 'cluster' %}
1146
{%   do part_list.append('get-authorized-key') -%}
1147
{% endif -%}
1148
{% if bootstrap_script_url -%}
1149 1150
{%   do part_list.append('download-bootstrap-script') -%}
{% endif -%}
1151 1152 1153
{% if slapparameter_dict.get('document-port', '') -%}
{%   do part_list.append('tunnel-cluster-service') -%}
{% endif -%}
1154 1155 1156 1157

{% endif -%}


1158 1159 1160 1161 1162 1163
{% if disk_device_path %}
{%   do part_list.append('disk-device-permission') -%}
[disk-device-permission]
recipe = slapos.recipe.template:jinja2
template = inline:
{%- raw %}
1164 1165 1166 1167 1168
  {%- set disk_list = [] %}
  {%- for disk in disk_device_path.split() %}
  {%-   do disk_list.append({'disk': disk}) %}
  {%- endfor -%}
  {{ json_module.dumps(disk_list) }}
1169 1170
{% endraw -%}
rendered = ${buildout:directory}/.slapos-disk-permission
1171
extensions = jinja2.ext.do
1172
context =
1173
  import json_module json
1174
  raw disk_device_path {{disk_device_path}}
1175 1176 1177

{%   do part_list.append('wipe-disk-device-wrapper') -%}
[wipe-disk-device-wrapper]
1178 1179
recipe = slapos.recipe.template:jinja2
template = inline:
1180
  #!/bin/sh
1181 1182 1183 1184 1185
{%- for disk_device in disk_device_path.split() %}
  dd if=/dev/zero of={{ disk_device }} bs=4096 count=500k
{%- endfor %}
rendered = ${directory:prerm}/slapos_wipe_device_disk
mode = 0700
1186 1187
{% endif -%}

1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242
{%   do part_list.append('whitelist-firewall') -%}
[whitelist-firewall]
recipe = slapos.cookbook:wrapper
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
wrapper-path = ${directory:scripts}/${:_buildout_section_name_}
command-line =
  {{ dnsresolver_executable }}
  --style list
  --output ${:output}
  ${:source}

source =
  ${whitelist-domains-request:rendered}
  {{ whitelist_domains_default }}
  ${whitelist-domains-resolv.conf:output}
  ${whitelist-domains-download:output}
output = ${buildout:directory}/.slapos-whitelist-firewall

[whitelist-firewall-directory]
recipe = plone.recipe.command
location = ${buildout:parts-directory}/whitelist-firewall
command = mkdir -p ${:location}
update-command = ${:command}

[whitelist-domains-request]
recipe = slapos.recipe.template:jinja2
template = inline:
{%- raw %}
  {%- for domain in whitelist_domains.split() %}
  {{ domain }}
  {%- endfor %}
{% endraw -%}
rendered = ${whitelist-firewall-directory:location}/${:_buildout_section_name_}.txt
whitelist-domains = {{ dumps(whitelist_domains) }}
extensions = jinja2.ext.do
context =
  key whitelist_domains :whitelist-domains

[whitelist-domains-resolv.conf]
recipe = plone.recipe.command
output = ${whitelist-firewall-directory:location}/${:_buildout_section_name_}.txt
update-command = ${:command}
command =
  egrep ^nameserver /etc/resolv.conf  | cut -d ' ' -f 2 > ${:output}

[whitelist-domains-download]
recipe = slapos.cookbook:wrapper
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
wrapper-path = ${directory:scripts}/${:_buildout_section_name_}
output = ${whitelist-firewall-directory:location}/${:_buildout_section_name_}.txt
interval = 3600
command-line = {{ python_executable }} {{ whitelist_firewall_download_controller }} {{ curl_executable_location }} 3600 ${:output} ${:url}

url = https://stream.nxdcdn.com/rapidspace-whitelist-domains

1243
[instance-kvm-parts]
1244 1245
parts =
  certificate-authority
1246
  certificate-authority-service
1247 1248
  publish-connection-information
  kvm-instance
1249
  kvm-controller-wrapper
1250 1251 1252
  kvm-vnc-promise
  kvm-disk-image-corruption-promise
  websockify-sighandler
1253
  websockify-sighandler-service
1254
  novnc-promise
1255
  kvm-started-promise
1256
  cron
1257
  cron-service
1258
  cron-entry-logrotate
1259
  frontend-promise
1260 1261 1262 1263 1264 1265 1266
{% if virtual_hard_drive_url_enabled %}
  virtual-hard-drive-url-download-wrapper
  virtual-hard-drive-url-config-state-promise
  virtual-hard-drive-url-download-md5sum-promise
  virtual-hard-drive-url-download-state-promise
  virtual-hard-drive-url-processed-config-promise
{% endif %}
1267 1268 1269 1270 1271 1272
{% if boot_image_url_list_enabled %}
  boot-image-url-list-download-wrapper
  boot-image-url-list-config-state-promise
  boot-image-url-list-download-md5sum-promise
  boot-image-url-list-download-state-promise
  boot-image-url-list-processed-config-promise
1273
{% endif %}
1274 1275 1276 1277 1278 1279 1280
{% if boot_image_url_select_enabled %}
  boot-image-url-select-download-wrapper
  boot-image-url-select-config-state-promise
  boot-image-url-select-download-md5sum-promise
  boot-image-url-select-download-state-promise
  boot-image-url-select-processed-config-promise
{% endif %}
1281 1282 1283
{% if additional_frontend %}
  frontend-additional-promise
{% endif %}
1284
# monitor parts
1285
  monitor-base
1286 1287 1288
# Complete parts with sections
  {{ part_list | join('\n  ') }}

1289 1290 1291
[buildout]
parts = ${instance-kvm-parts:parts}

1292
extends =
1293 1294 1295 1296 1297 1298
#  Add extends list
 {{ extends_list | join('\n  ') }}
#  {{ template_httpd_cfg }}

eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}
1299
offline = true