instance-kvm.cfg.jinja2 48.9 KB
Newer Older
1 2 3 4 5 6 7
{# Workaround empty parameter passing #}
{# In case of resilient '' is converted to 'None' string, but with slapproxy '' becomes None #}
{% for k, v in slapparameter_dict.items() %}
{%   if v == 'None' or v is none %}
{%     do slapparameter_dict.__setitem__(k, '') %}
{%   endif %}
{% endfor %}
8
{% set additional_frontend = slapparameter_dict.get('frontend-additional-instance-guid') %}
9 10 11 12 13
{% set enable_http = str(slapparameter_dict.get('enable-http-server', False)).lower() == 'true' -%}
{% set use_tap = str(slapparameter_dict.get('use-tap', True)).lower() == 'true' -%}
{% set use_nat = str(slapparameter_dict.get('use-nat', True)).lower() == 'true' -%}
{% set wipe_disk = str(slapparameter_dict.get('wipe-disk-ondestroy', False)).lower() == 'true' -%}
{% set nat_restrict = str(slapparameter_dict.get('nat-restrict-mode', False)).lower() == 'true' -%}
14
{% set name = slapparameter_dict.get('name', 'localhost') -%}
15
{% set disable_ansible_promise = str(slapparameter_dict.get('disable-ansible-promise', True)).lower() == 'true' -%}
16 17
{% set instance_type = slapparameter_dict.get('type', 'standalone') -%}
{% set nat_rule_list = slapparameter_dict.get('nat-rules', '22 80 443') -%}
18
{% set disk_device_path = slapparameter_dict.get('disk-device-path', None) -%}
19
{% set whitelist_domains = slapparameter_dict.get('whitelist-domains', '') -%}
20 21
{% set virtual_hard_drive_url_enabled = 'virtual-hard-drive-url' in slapparameter_dict %}
{% set virtual_hard_drive_url_gzipped = str(slapparameter_dict.get('virtual-hard-drive-gzipped', False)).lower() == 'true' %}
22
{% set boot_image_url_list_enabled = 'boot-image-url-list' in slapparameter_dict %}
23
{% set boot_image_url_select_enabled = 'boot-image-url-select' in slapparameter_dict %}
24
{% set bootstrap_script_url = slapparameter_dict.get('bootstrap-script-url') -%}
25 26
{% set cpu_max_count = dumps(slapparameter_dict.get('cpu-max-count', int(slapparameter_dict.get('cpu-count', 1)) + 1)) %}
{% set ram_max_size = dumps(slapparameter_dict.get('ram-max-size', int(slapparameter_dict.get('ram-size', 1024)) + 512)) %}
Alain Takoudjou's avatar
Alain Takoudjou committed
27
{% set extends_list = [] -%}
28
{% set part_list = [] -%}
Alain Takoudjou's avatar
Alain Takoudjou committed
29

30 31 32 33 34 35 36
{% if instance_type == 'cluster' -%}
{% set nat_rule_list = slapparameter_dict.get('nat-rules', '') %}
{% endif -%}
{% if not nat_rule_list or not nat_rule_list.strip() -%}
{%   set nat_rule_list = '' %}
{% endif -%}

Alain Takoudjou's avatar
Alain Takoudjou committed
37 38
{% do extends_list.append(template_monitor) -%}
{% do extends_list.append(logrotate_cfg) -%}
39

40 41 42 43
[slap-network-information]
local-ipv4 = {{ slap_configuration['ipv4-random'] }}
global-ipv6 = {{ slap_configuration['ipv6-random'] }}

44 45 46 47 48 49 50 51 52 53 54
[directory]
recipe = slapos.cookbook:mkdirectory
etc = ${buildout:directory}/etc
bin = ${buildout:directory}/bin
srv = ${buildout:directory}/srv
var = ${buildout:directory}/var
log = ${:var}/log
scripts = ${:etc}/run
services = ${:etc}/service
novnc-conf = ${:etc}/novnc
run = ${:var}/run
55
prerm = ${:etc}/prerm
56
ca-dir = ${:srv}/ssl
57
public = ${:srv}/public/
58 59 60
cron-entries = ${:etc}/cron.d
crontabs = ${:etc}/crontabs
cronstamps = ${:etc}/cronstamps
61 62 63 64 65
{%- if virtual_hard_drive_url_enabled %}
virtual-hard-drive-url-repository = ${:srv}/virtual-hard-drive-url-repository
virtual-hard-drive-url-var = ${:var}/virtual-hard-drive-url
virtual-hard-drive-url-expose = ${monitor-directory:private}/virtual-hard-drive-url
{%- endif %}
66 67 68 69
{%- if boot_image_url_list_enabled %}
boot-image-url-list-repository = ${:srv}/boot-image-url-list-repository
boot-image-url-list-var = ${:var}/boot-image-url-list
boot-image-url-list-expose = ${monitor-directory:private}/boot-image-url-list
70
{%- endif %}
71 72 73 74 75
{%- if boot_image_url_select_enabled %}
boot-image-url-select-repository = ${:srv}/boot-image-url-select-repository
boot-image-url-select-var = ${:var}/boot-image-url-select
boot-image-url-select-expose = ${monitor-directory:private}/boot-image-url-select
{%- endif %}
76 77 78 79 80

[create-mac]
recipe = slapos.cookbook:generate.mac
storage-path = ${directory:srv}/mac

81 82 83 84
[create-tap-mac]
recipe = slapos.cookbook:generate.mac
storage-path = ${directory:srv}/tap_mac

85 86 87 88 89
[gen-passwd]
recipe = slapos.cookbook:generate.password
storage-path = ${directory:srv}/passwd
bytes = 8

90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107
{% if boot_image_url_select_enabled %}
## boot-image-url-select support BEGIN
[empty-file-state-base-select-promise]
<= monitor-promise-base
module = check_file_state
name = ${:_buildout_section_name_}.py
config-state = empty
# It's very hard to put the username and password correctly, after schema://
# and before the host, as it's not the way how one can use monitor provided
# information, so just show the information in the URL
config-url = ${monitor-base:base-url}/private/boot-image-url-select/${:filename} with username ${monitor-publish-parameters:monitor-user} and password ${monitor-publish-parameters:monitor-password}

[boot-image-url-select-source-config]
recipe = slapos.recipe.template:jinja2
template = inline:
{%- raw %}
  {{ boot_image_url_select }}
{% endraw -%}
108
boot-image-url-select = {{ dumps(slapparameter_dict['boot-image-url-select']) }}
109
context =
110
  key boot_image_url_select :boot-image-url-select
111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188
rendered = ${directory:etc}/boot-image-url-select.json

[boot-image-url-select-processed-config]
# compares if the current configuration has been used by
# the boot-image-url-select-download, if not, exposes it as not empty file with
# information
recipe = slapos.recipe.build
install =
  import os
  import hashlib
  if not os.path.exists(location):
    os.mkdir(location)
  with open('${:state-file}', 'w') as state_handler:
    try:
      with open('${:config-file}', 'rb') as config_handler, open('${:processed-md5sum}') as processed_handler:
        config_md5sum = hashlib.md5(config_handler.read()).hexdigest()
        processed_md5sum = processed_handler.read()
        if config_md5sum == processed_md5sum:
          state_handler.write('')
        else:
          state_handler.write('config %s != processed %s' % (config_md5sum, processed_md5sum))
    except Exception as e:
      state_handler.write(str(e))

update = ${:install}
config-file = ${boot-image-url-select-source-config:rendered}
state-filename = boot-image-url-select-processed-config.state
state-file = ${directory:boot-image-url-select-expose}/${:state-filename}
processed-md5sum = ${directory:boot-image-url-select-var}/update-image-processed.md5sum

[boot-image-url-select-processed-config-promise]
# promise to check if the configuration provided by the user has been already
# processed by the boot-image-url-select-download script, which runs asynchronously
<= empty-file-state-base-select-promise
filename = ${boot-image-url-select-processed-config:state-filename}
config-filename = ${boot-image-url-select-processed-config:state-file}

[boot-image-url-select-json-config]
# generates json configuration from user configuration
recipe = plone.recipe.command
command = {{ python_executable }} {{ image_download_config_creator }} ${boot-image-url-select-source-config:rendered} ${:rendered} ${directory:boot-image-url-select-repository} ${:error-state-file}
update-command = ${:command}
rendered = ${directory:boot-image-url-select-var}/boot-image-url-select.json
error-state-filename = boot-image-url-select-json-config-error.txt
error-state-file = ${directory:boot-image-url-select-expose}/${:error-state-filename}

[boot-image-url-select-config-state-promise]
# promise to check if configuration has been parsed without errors
<= empty-file-state-base-select-promise
filename = ${boot-image-url-select-json-config:error-state-filename}
config-filename = ${boot-image-url-select-json-config:error-state-file}

[boot-image-url-select-download-wrapper]
# wrapper to execute boot-image-url-select-download on each run
recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:scripts}/boot-image-url-select-updater
command-line = {{ python_executable }} {{ image_download_controller }} ${boot-image-url-select-json-config:rendered} {{ curl_executable_location }} ${:md5sum-state-file} ${:error-state-file} ${boot-image-url-select-processed-config:processed-md5sum}
md5sum-state-filename = boot-image-url-select-download-controller-md5sum-fail.json
md5sum-state-file = ${directory:boot-image-url-select-expose}/${:md5sum-state-filename}
error-state-filename = boot-image-url-select-download-controller-error.text
error-state-file = ${directory:boot-image-url-select-expose}/${:error-state-filename}
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg

[boot-image-url-select-download-md5sum-promise]
# promise to report errors with problems with calculating md5sum of the
# downloaded images
<= empty-file-state-base-select-promise
filename = ${boot-image-url-select-download-wrapper:md5sum-state-filename}
config-filename = ${boot-image-url-select-download-wrapper:md5sum-state-file}

[boot-image-url-select-download-state-promise]
# promise to report errors during download
<= empty-file-state-base-select-promise
filename = ${boot-image-url-select-download-wrapper:error-state-filename}
config-filename = ${boot-image-url-select-download-wrapper:error-state-file}
## boot-image-url-select support END
{% endif %} {# if boot_image_url_select_enabled #}

189 190
{% if boot_image_url_list_enabled %}
## boot-image-url-list support BEGIN
191
[empty-file-state-base-list-promise]
192 193 194 195 196 197 198
<= monitor-promise-base
module = check_file_state
name = ${:_buildout_section_name_}.py
config-state = empty
# It's very hard to put the username and password correctly, after schema://
# and before the host, as it's not the way how one can use monitor provided
# information, so just show the information in the URL
199
config-url = ${monitor-base:base-url}/private/boot-image-url-list/${:filename} with username ${monitor-publish-parameters:monitor-user} and password ${monitor-publish-parameters:monitor-password}
200

201
[boot-image-url-list-source-config]
202 203 204
recipe = slapos.recipe.template:jinja2
template = inline:
{%- raw %}
205
  {{ boot_image_url_list }}
206
{% endraw -%}
207
boot-image-url-list = {{ dumps(slapparameter_dict['boot-image-url-list']) }}
208
context =
209
  key boot_image_url_list :boot-image-url-list
210
rendered = ${directory:etc}/boot-image-url-list.conf
211

212
[boot-image-url-list-processed-config]
213
# compares if the current configuration has been used by
214
# the boot-image-url-list-download, if not, exposes it as not empty file with
215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234
# information
recipe = slapos.recipe.build
install =
  import os
  import hashlib
  if not os.path.exists(location):
    os.mkdir(location)
  with open('${:state-file}', 'w') as state_handler:
    try:
      with open('${:config-file}', 'rb') as config_handler, open('${:processed-md5sum}') as processed_handler:
        config_md5sum = hashlib.md5(config_handler.read()).hexdigest()
        processed_md5sum = processed_handler.read()
        if config_md5sum == processed_md5sum:
          state_handler.write('')
        else:
          state_handler.write('config %s != processed %s' % (config_md5sum, processed_md5sum))
    except Exception as e:
      state_handler.write(str(e))

update = ${:install}
235 236 237 238
config-file = ${boot-image-url-list-source-config:rendered}
state-filename = boot-image-url-list-processed-config.state
state-file = ${directory:boot-image-url-list-expose}/${:state-filename}
processed-md5sum = ${directory:boot-image-url-list-var}/update-image-processed.md5sum
239

240
[boot-image-url-list-processed-config-promise]
241
# promise to check if the configuration provided by the user has been already
242
# processed by the boot-image-url-list-download script, which runs asynchronously
243
<= empty-file-state-base-list-promise
244 245
filename = ${boot-image-url-list-processed-config:state-filename}
config-filename = ${boot-image-url-list-processed-config:state-file}
246

247
[boot-image-url-list-json-config]
248 249
# generates json configuration from user configuration
recipe = plone.recipe.command
250
command = {{ python_executable }} {{ image_download_config_creator }} ${boot-image-url-list-source-config:rendered} ${:rendered} ${directory:boot-image-url-list-repository} ${:error-state-file}
251
update-command = ${:command}
252 253 254
rendered = ${directory:boot-image-url-list-var}/boot-image-url-list.json
error-state-filename = boot-image-url-list-json-config-error.txt
error-state-file = ${directory:boot-image-url-list-expose}/${:error-state-filename}
255

256
[boot-image-url-list-config-state-promise]
257
# promise to check if configuration has been parsed without errors
258
<= empty-file-state-base-list-promise
259 260
filename = ${boot-image-url-list-json-config:error-state-filename}
config-filename = ${boot-image-url-list-json-config:error-state-file}
261

262 263
[boot-image-url-list-download-wrapper]
# wrapper to execute boot-image-url-list-download on each run
264
recipe = slapos.cookbook:wrapper
265 266 267 268 269 270
wrapper-path = ${directory:scripts}/boot-image-url-list-updater
command-line = {{ python_executable }} {{ image_download_controller }} ${boot-image-url-list-json-config:rendered} {{ curl_executable_location }} ${:md5sum-state-file} ${:error-state-file} ${boot-image-url-list-processed-config:processed-md5sum}
md5sum-state-filename = boot-image-url-list-download-controller-md5sum-fail.json
md5sum-state-file = ${directory:boot-image-url-list-expose}/${:md5sum-state-filename}
error-state-filename = boot-image-url-list-download-controller-error.text
error-state-file = ${directory:boot-image-url-list-expose}/${:error-state-filename}
271 272
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg

273
[boot-image-url-list-download-md5sum-promise]
274 275
# promise to report errors with problems with calculating md5sum of the
# downloaded images
276
<= empty-file-state-base-list-promise
277 278
filename = ${boot-image-url-list-download-wrapper:md5sum-state-filename}
config-filename = ${boot-image-url-list-download-wrapper:md5sum-state-file}
279

280
[boot-image-url-list-download-state-promise]
281
# promise to report errors during download
282
<= empty-file-state-base-list-promise
283 284 285 286
filename = ${boot-image-url-list-download-wrapper:error-state-filename}
config-filename = ${boot-image-url-list-download-wrapper:error-state-file}
## boot-image-url-list support END
{% endif %} {# if boot_image_url_list_enabled #}
287

288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387
{% if virtual_hard_drive_url_enabled %}
## virtual-hard-drive-url support BEGIN
[empty-file-state-base-virtual-promise]
<= monitor-promise-base
module = check_file_state
name = ${:_buildout_section_name_}.py
config-state = empty
# It's very hard to put the username and password correctly, after schema://
# and before the host, as it's not the way how one can use monitor provided
# information, so just show the information in the URL
config-url = ${monitor-base:base-url}/private/virtual-hard-drive-url/${:filename} with username ${monitor-publish-parameters:monitor-user} and password ${monitor-publish-parameters:monitor-password}

[virtual-hard-drive-url-source-config]
recipe = slapos.recipe.template:jinja2
template = inline:
{%- raw %}
  {{ virtual_hard_drive_url }}
{% endraw -%}
{# Enforce md5sum on virtual-hard-drive-url #}
virtual-hard-drive-url = {{ slapparameter_dict['virtual-hard-drive-url'] }}#{{ slapparameter_dict['virtual-hard-drive-md5sum'] }}
context =
  key virtual_hard_drive_url :virtual-hard-drive-url
rendered = ${directory:etc}/virtual-hard-drive-url.conf

[virtual-hard-drive-url-processed-config]
# compares if the current configuration has been used by
# the virtual-hard-drive-url-download, if not, exposes it as not empty file with
# information
recipe = slapos.recipe.build
install =
  import os
  import hashlib
  if not os.path.exists(location):
    os.mkdir(location)
  with open('${:state-file}', 'w') as state_handler:
    try:
      with open('${:config-file}', 'rb') as config_handler, open('${:processed-md5sum}') as processed_handler:
        config_md5sum = hashlib.md5(config_handler.read()).hexdigest()
        processed_md5sum = processed_handler.read()
        if config_md5sum == processed_md5sum:
          state_handler.write('')
        else:
          state_handler.write('config %s != processed %s' % (config_md5sum, processed_md5sum))
    except Exception as e:
      state_handler.write(str(e))

update = ${:install}
config-file = ${virtual-hard-drive-url-source-config:rendered}
state-filename = virtual-hard-drive-url-processed-config.state
state-file = ${directory:virtual-hard-drive-url-expose}/${:state-filename}
processed-md5sum = ${directory:virtual-hard-drive-url-var}/update-image-processed.md5sum

[virtual-hard-drive-url-processed-config-promise]
# promise to check if the configuration provided by the user has been already
# processed by the virtual-hard-drive-url-download script, which runs asynchronously
<= empty-file-state-base-virtual-promise
filename = ${virtual-hard-drive-url-processed-config:state-filename}
config-filename = ${virtual-hard-drive-url-processed-config:state-file}

[virtual-hard-drive-url-json-config]
# generates json configuration from user configuration
recipe = plone.recipe.command
command = {{ python_executable }} {{ image_download_config_creator }} ${virtual-hard-drive-url-source-config:rendered} ${:rendered} ${directory:virtual-hard-drive-url-repository} ${:error-state-file}
update-command = ${:command}
rendered = ${directory:virtual-hard-drive-url-var}/virtual-hard-drive-url.json
error-state-filename = virtual-hard-drive-url-json-config-error.txt
error-state-file = ${directory:virtual-hard-drive-url-expose}/${:error-state-filename}

[virtual-hard-drive-url-config-state-promise]
# promise to check if configuration has been parsed without errors
<= empty-file-state-base-virtual-promise
filename = ${virtual-hard-drive-url-json-config:error-state-filename}
config-filename = ${virtual-hard-drive-url-json-config:error-state-file}

[virtual-hard-drive-url-download-wrapper]
# wrapper to execute virtual-hard-drive-url-download on each run
recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:scripts}/virtual-hard-drive-url-updater
command-line = {{ python_executable }} {{ image_download_controller }} ${virtual-hard-drive-url-json-config:rendered} {{ curl_executable_location }} ${:md5sum-state-file} ${:error-state-file} ${virtual-hard-drive-url-processed-config:processed-md5sum}
md5sum-state-filename = virtual-hard-drive-url-download-controller-md5sum-fail.json
md5sum-state-file = ${directory:virtual-hard-drive-url-expose}/${:md5sum-state-filename}
error-state-filename = virtual-hard-drive-url-download-controller-error.text
error-state-file = ${directory:virtual-hard-drive-url-expose}/${:error-state-filename}
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg

[virtual-hard-drive-url-download-md5sum-promise]
# promise to report errors with problems with calculating md5sum of the
# downloaded images
<= empty-file-state-base-virtual-promise
filename = ${virtual-hard-drive-url-download-wrapper:md5sum-state-filename}
config-filename = ${virtual-hard-drive-url-download-wrapper:md5sum-state-file}

[virtual-hard-drive-url-download-state-promise]
# promise to report errors during download
<= empty-file-state-base-virtual-promise
filename = ${virtual-hard-drive-url-download-wrapper:error-state-filename}
config-filename = ${virtual-hard-drive-url-download-wrapper:error-state-file}
## virtual-hard-drive-url support END
{% endif %} {# if virtual_hard_drive_url_enabled #}

388
[kvm-controller-parameter-dict]
389
python-path = {{ python_eggs_executable }}
390
vnc-passwd = ${gen-passwd:passwd}
391
socket-path = ${directory:var}/qmp_socket
392
pid-file = ${directory:run}/pid_file
393
kvm-status-path = ${directory:var}/qemu-vm-is-ready
394
cpu-count = ${slap-parameter:cpu-count}
395
cpu-model = ${slap-parameter:cpu-model}
396 397 398
ram-hotplug-slot-size = ${slap-parameter:ram-hotplug-slot-size}
ram-size = ${slap-parameter:ram-size}
enable-device-hotplug = ${slap-parameter:enable-device-hotplug}
399

400 401
[kvm-parameter-dict]
python-path = {{ python_executable }}
402 403 404 405 406
ipv4 = ${slap-network-information:local-ipv4}
ipv6 = ${slap-network-information:global-ipv6}
vnc-ip = ${:ipv4}
vnc-port = 5901

407
default-cdrom-iso = {{ debian_amd64_netinst_location }}
408 409 410 411 412
{% if virtual_hard_drive_url_enabled %}
virtual-hard-drive-url-json-config = ${virtual-hard-drive-url-json-config:rendered}
{% else %}
virtual-hard-drive-url-json-config =
{% endif %}
413 414
{% if boot_image_url_list_enabled %}
boot-image-url-list-json-config = ${boot-image-url-list-json-config:rendered}
415
{% else %}
416
boot-image-url-list-json-config =
417
{% endif %}
418 419 420 421 422
{% if boot_image_url_select_enabled %}
boot-image-url-select-json-config = ${boot-image-url-select-json-config:rendered}
{% else %}
boot-image-url-select-json-config =
{% endif %}
423 424 425 426 427
nbd-host = ${slap-parameter:nbd-host}
nbd-port = ${slap-parameter:nbd-port}
nbd2-host = ${slap-parameter:nbd2-host}
nbd2-port = ${slap-parameter:nbd2-port}

428
tap-interface = {{ slap_configuration.get('tap-name', '') }}
429
tap-ipv6-addr = {{ slap_configuration.get('tap-ipv6-addr', '') }}
430 431 432

disk-size = ${slap-parameter:disk-size}
disk-type = ${slap-parameter:disk-type}
433
disk-format = ${slap-parameter:disk-format}
434
disk-device-path = ${slap-parameter:disk-device-path}
435
disk-path = ${directory:srv}/virtual.${slap-parameter:disk-format}
436

437
pid-file-path = ${kvm-controller-parameter-dict:pid-file}
438
socket-path = ${kvm-controller-parameter-dict:socket-path}
439

440 441
enable-device-hotplug = ${kvm-controller-parameter-dict:enable-device-hotplug}
smp-count = ${kvm-controller-parameter-dict:cpu-count}
442
smp-max-count = {{ cpu_max_count }}
443 444

ram-size = ${kvm-controller-parameter-dict:ram-size}
445
ram-max-size = {{ ram_max_size }}
446
init-ram-size = 1024
447
mac-address = ${create-mac:mac-address}
448
tap-mac-address = ${create-tap-mac:mac-address}
449 450

use-tap = ${slap-parameter:use-tap}
451
use-nat = ${slap-parameter:use-nat}
452
nat-rules = {{ nat_rule_list }}
453
nat-restrict= {{ dumps(nat_restrict) }}
454
enable-vhost = ${slap-parameter:enable-vhost}
455 456 457

virtual-hard-drive-url = ${slap-parameter:virtual-hard-drive-url}
virtual-hard-drive-md5sum = ${slap-parameter:virtual-hard-drive-md5sum}
458
virtual-hard-drive-gzipped = ${slap-parameter:virtual-hard-drive-gzipped}
459
hard-drive-url-check-certificate = ${slap-parameter:hard-drive-url-check-certificate}
460 461 462 463 464

shell-path = {{ dash_executable_location }}
qemu-path =  {{ qemu_executable_location }}
qemu-img-path = {{ qemu_img_executable_location }}

465
etc-directory = ${directory:etc}
466
disk-storage-list =
467 468 469 470 471
{% for key, path in storage_dict.items() -%}
{{ '  ' ~ key ~ ' ' ~ path }}
{% endfor -%}
external-disk-number = ${slap-parameter:external-disk-number}
external-disk-size = ${slap-parameter:external-disk-size}
472
external-disk-format = ${slap-parameter:external-disk-format}
473

474
{% if enable_http -%}
475 476 477 478
httpd-port = ${slap-parameter:httpd-port}
{% else -%}
httpd-port = 0
{% endif -%}
479 480 481 482 483 484

# Main instance document server info
{% if slapparameter_dict.get('document-host', '') and slapparameter_dict.get('document-port', '') -%}
cluster-doc-host = ${tunnel-cluster-url:ipv4}
cluster-doc-port = ${tunnel-cluster-url:ipv4-port}
{% else -%}
485
cluster-doc-host =
486 487
cluster-doc-port = 0
{% endif -%}
488
netcat-binary = {{ netcat_bin }}
489

490 491 492 493 494
name = {{ slapparameter_dict.get('name', 'Single KVM') }}
disk-cache = ${slap-parameter:disk-cache}
disk-aio = ${slap-parameter:disk-aio}
auto-ballooning = ${slap-parameter:auto-ballooning}
machine-options = ${slap-parameter:machine-options}
495
cpu-model = ${slap-parameter:cpu-model}
496 497 498

log-file = ${directory:log}/qemu.log

499 500 501 502 503
[kvm-run]
recipe = slapos.recipe.template:jinja2
template = {{ template_kvm_run }}
rendered = ${directory:bin}/kvm_raw
mode = 700
504
context =
505 506
  section parameter_dict kvm-parameter-dict

507
[kvm-controller]
508 509
recipe = slapos.recipe.template:jinja2
template = {{ template_kvm_controller_run }}
510
rendered = ${directory:bin}/kvm_controller_raw
511
mode = 700
512
context =
513 514 515 516 517 518 519 520
  section parameter_dict kvm-controller-parameter-dict

[tunnel-6to4-base]
recipe = slapos.cookbook:wrapper
ipv4 = ${slap-network-information:local-ipv4}
ipv6 = ${slap-network-information:global-ipv6}
wrapper-path = ${directory:services}/6tunnel-${:ipv6-port}
command-line = {{ sixtunnel_executable_location }} -6 -4 -d -l ${:ipv6} ${:ipv6-port} ${:ipv4} ${:ipv4-port}
521
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
522

523
{% if use_nat and nat_rule_list -%}
524
{%   for port in nat_rule_list.split(' ') -%}
525 526 527 528 529
{%     if ':' in port -%}
{%       set proto, port = port.split(':') -%}
{%     else -%}
{%       set proto, port = 'tcp', port -%}
{%     endif -%}
530
{%     set external_port = 10000 + port|int() -%}
531
{%     set section_name = '6tunnel-' ~ proto ~ '-' ~ external_port -%}
532 533 534 535 536 537 538 539
[{{ section_name }}]
<= tunnel-6to4-base
ipv4-port = {{ external_port }}
ipv6-port = {{ external_port }}
{%     do part_list.append(section_name) -%}
{%   endfor -%}
{% endif -%}

540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560
{%- set depend_section_list = [] %}
{%- set hash_file_list = ['${kvm-run:rendered}'] %}
{%- macro generate_depend_section(section, key) %}
{%-  do depend_section_list.append('${' + section + ':command}' ) %}
{%-  do hash_file_list.append('${' + key + '}') %}
[{{ section }}]
recipe = plone.recipe.command
update-command = ${:command}
command = [ ! -f {{ '${' + key + '}' }} ] && touch {{ '${' +  key + '}' }}
{%- endmacro %}
{#- Create depending sections, as state files appear late, so it's better to have empty file which will impact the hash anyway #}
{%- if boot_image_url_list_enabled %}
{{    generate_depend_section('boot-image-url-list-depend', 'boot-image-url-list-download-wrapper:md5sum-state-file') }}
{%- endif %}
{%- if boot_image_url_select_enabled %}
{{    generate_depend_section('boot-image-url-select-depend', 'boot-image-url-select-download-wrapper:md5sum-state-file') }}
{%- endif %}
{%- if virtual_hard_drive_url_enabled %}
{{    generate_depend_section('virtual-hard-drive-url-depend', 'virtual-hard-drive-url-download-wrapper:md5sum-state-file') }}
{%- endif %}

561
[kvm-instance]
562 563 564 565
depends =
{%- for depend_section in depend_section_list %}
  {{ depend_section }}
{%- endfor %}
566 567 568 569
recipe = slapos.cookbook:wrapper
socket-path = ${kvm-controller-parameter-dict:socket-path}
wrapper-path = ${directory:services}/kvm
command-line = ${kvm-run:rendered}
570
kvm-controller = ${kvm-controller-wrapper:wrapper-path}
571
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
572 573 574 575
hash-files =
{%- for hash_file in hash_file_list %}
  {{ hash_file }}
{%- endfor %}
576 577 578 579 580

[kvm-controller-wrapper]
recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:scripts}/kvm_controller
command-line = ${kvm-controller:rendered}
581 582


583
[kvm-vnc-promise]
584 585 586 587 588
<= monitor-promise-base
module = check_port_listening
name = vnc_promise.py
config-hostname = ${kvm-parameter-dict:vnc-ip}
config-port = ${kvm-parameter-dict:vnc-port}
589

590
[kvm-disk-image-corruption-bin]
591 592
recipe = collective.recipe.template
input = inline:#!/bin/sh
593 594 595
  # Return code 0 is "OK"
  # Return code 3 is "found leaks, but image is OK"
  # http://git.qemu.org/?p=qemu.git;a=blob;f=qemu-img.c;h=4e9a7f5741c9cb863d978225829e68fefcae3947;hb=HEAD#l702
596 597 598 599
  if [ "${slap-parameter:disk-device-path}" != "" ]; then
    # disk device option is used, skip qemu img check
    exit 0
  fi
600
  ${kvm-parameter-dict:qemu-img-path} check -U ${kvm-parameter-dict:disk-path} > /dev/null 2>&1
601 602 603 604 605 606
  RETURN_CODE=$?
  if [ $RETURN_CODE -eq 0 ] || [ $RETURN_CODE -eq 3 ]; then
    exit 0
  else
    exit 1
  fi
607
output = ${directory:bin}/kvm-disk-image-corruption
608 609
mode = 700

610 611 612 613 614 615 616
[kvm-disk-image-corruption-promise]
# Check that disk image is not corrupted
<= monitor-promise-base
module = check_command_execute
name = kvm-disk-image-corruption.py
config-command = ${kvm-disk-image-corruption-bin:output}

617
{% if wipe_disk -%}
618 619 620 621 622 623 624 625
{% do part_list.append('wipe-disk-wrapper') -%}
{% set wipe_file_list = '${kvm-parameter-dict:disk-path}' -%}
{% if storage_dict -%}
{% set wipe_file_list = '${kvm-parameter-dict:disk-path}' ~ ' ' ~ '/* '.join(storage_dict.values()) ~ '/*' -%}
{% endif -%}
[wipe-disk-wrapper]
recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:prerm}/slapos_wipe_qemu_disk
626
command-line =
627 628 629
  {{ wipe_disk_wrapper }} -n {{ slapparameter_dict.get('wipe-disk-iterations', 1) }} -suz --check-pid-file ${kvm-parameter-dict:pid-file-path} --file {{ wipe_file_list }}
{% endif -%}

630
[kvm-started-bin]
631 632
recipe = slapos.recipe.template:jinja2
template = {{ qemu_start_promise_tpl }}
633
rendered = ${directory:bin}/qemu-virtual-machine-is-ready
634
mode = 700
635
context =
636 637 638
  raw dash {{ dash_executable_location }}
  raw qemu_ready_path ${kvm-controller-parameter-dict:kvm-status-path}
  raw qemu_service_log_file ${buildout:directory}/.${slap-connection:partition-id}_kvm.log
639

640 641 642 643 644 645
[kvm-started-promise]
<= monitor-promise-base
module = check_command_execute
name = qemu-virtual-machine-is-ready.py
config-command = ${kvm-started-bin:rendered}

646 647 648 649 650
[novnc-instance]
recipe = slapos.cookbook:novnc
path = ${ca-novnc:executable}
ip = ${slap-network-information:global-ipv6}
port = 6080
651 652
vnc-ip = ${kvm-parameter-dict:vnc-ip}
vnc-port = ${kvm-parameter-dict:vnc-port}
653 654 655 656 657 658 659
novnc-location = {{ novnc_location }}
websockify-path = {{ websockify_executable_location }}
ssl-key-path = ${ca-novnc:key-file}
ssl-cert-path = ${ca-novnc:cert-file}

[websockify-sighandler]
recipe = slapos.cookbook:signalwrapper
660
wrapper-path = ${directory:bin}/websockify-sighandler
661 662
wrapped-path = ${novnc-instance:path}

663 664 665 666
[websockify-sighandler-service]
recipe = slapos.cookbook:wrapper
command-line = ${websockify-sighandler:wrapper-path}
wrapper-path = ${directory:services}/websockify
667
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
668 669 670
wait-for-files =
  ${ca-novnc:key-file}
  ${ca-novnc:cert-file}
671

672 673 674 675 676
[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = {{ openssl_executable_location }}
ca-dir = ${directory:ca-dir}
requests-directory = ${cadirectory:requests}
677
wrapper = ${directory:bin}/certificate_authority
678 679 680 681 682
ca-private = ${cadirectory:private}
ca-certs = ${cadirectory:certs}
ca-newcerts = ${cadirectory:newcerts}
ca-crl = ${cadirectory:crl}

683 684 685 686
[certificate-authority-service]
recipe = slapos.cookbook:wrapper
command-line = ${certificate-authority:wrapper}
wrapper-path = ${directory:services}/certificate_authority
687
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
688

689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705
[cadirectory]
recipe = slapos.cookbook:mkdirectory
requests = ${directory:ca-dir}/requests/
private = ${directory:ca-dir}/private/
certs = ${directory:ca-dir}/certs/
newcerts = ${directory:ca-dir}/newcerts/
crl = ${directory:ca-dir}/crl/

[ca-novnc]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = ${directory:novnc-conf}/novnc.key
cert-file = ${directory:novnc-conf}/novnc.crt
executable = ${directory:bin}/novnc
wrapper = ${directory:bin}/websockify

[novnc-promise]
706 707 708 709 710
<= monitor-promise-base
module = check_port_listening
name = novnc_promise.py
config-hostname = ${novnc-instance:ip}
config-port = ${novnc-instance:port}
711 712 713 714 715 716 717 718 719 720 721 722 723


#----------------
#--
#-- Deploy cron.

[cron]
recipe = slapos.cookbook:cron
dcrond-binary = {{ dcron_executable_location }}
cron-entries = ${directory:cron-entries}
crontabs = ${directory:crontabs}
cronstamps = ${directory:cronstamps}
catcher = ${cron-simplelogger:wrapper}
724 725 726 727 728 729
binary = ${directory:bin}/crond_raw

[cron-service]
recipe = slapos.cookbook:wrapper
command-line = ${cron:binary}
wrapper-path = ${directory:services}/crond
730
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
731 732 733 734 735 736 737 738 739 740

[cron-simplelogger]
recipe = slapos.cookbook:simplelogger
wrapper = ${directory:bin}/cron_simplelogger
log = ${directory:log}/crond.log

#----------------
#--
#-- Deploy frontend.

741
[request-slave-frontend-base]
742 743 744 745 746 747 748
recipe = slapos.cookbook:requestoptional
server-url = ${slap-connection:server-url}
key-file = ${slap-connection:key-file}
cert-file = ${slap-connection:cert-file}
computer-id = ${slap-connection:computer-id}
partition-id = ${slap-connection:partition-id}
slave = true
749 750 751 752 753 754 755 756 757 758
config-https-only = True
config-type = websocket
config-url = https://[${novnc-instance:ip}]:${novnc-instance:port}
return = secure_access domain

[request-slave-frontend]
<= request-slave-frontend-base
software-url = ${slap-parameter:frontend-software-url}
software-type = ${slap-parameter:frontend-software-type}
name = ${slap-parameter:frontend-instance-name}
759 760 761
sla-instance_guid = ${slap-parameter:frontend-instance-guid}

[frontend-promise]
762 763 764 765
<= monitor-promise-base
module = check_url_available
name = frontend_promise.py
config-url = ${publish-connection-information:url}
766

767 768 769 770 771 772 773 774 775
{% if additional_frontend %}
[request-slave-frontend-additional]
<= request-slave-frontend-base
software-url = ${slap-parameter:frontend-additional-software-url}
software-type = ${slap-parameter:frontend-additional-software-type}
name = ${slap-parameter:frontend-additional-instance-name}
sla-instance_guid = ${slap-parameter:frontend-additional-instance-guid}

[frontend-additional-promise]
776 777 778 779
<= monitor-promise-base
module = check_url_available
name = frontend_additional_promise.py
config-url = ${publish-connection-information:url-additional}
780
{% endif %}
781

782
{% if enable_http %}
783 784 785 786 787
[httpd]
recipe = slapos.cookbook:simplehttpserver
host = ${slap-network-information:local-ipv4}
port = ${slap-parameter:httpd-port}
base-path = ${directory:public}
788
wrapper = ${directory:bin}/http-server
789 790 791
log-file = ${directory:log}/httpd.log
use-hash-url = false

792 793 794 795
[httpd-service]
recipe = slapos.cookbook:wrapper
command-line = ${httpd:wrapper}
wrapper-path = ${directory:services}/http-server
796
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
797

798
[httpd-promise]
799 800 801 802 803
<= monitor-promise-base
module = check_port_listening
name = httpd.py
config-hostname = ${httpd:host}
config-port = ${httpd:port}
804 805
{% endif %}

806 807 808
[monitor-instance-parameter]
monitor-httpd-port = 8026
monitor-title = {{ slapparameter_dict.get('name', 'KVM Standalone') }}
809
cors-domains = {{ slapparameter_dict.get('monitor-cors-domains', 'monitor.app.officejs.com') }}
810
{% if slapparameter_dict.get('monitor-username', '') -%}
811
username = {{ slapparameter_dict['monitor-username'] }}
812 813
{% endif -%}
{% if slapparameter_dict.get('monitor-password', '') -%}
814
password = {{ slapparameter_dict['monitor-password'] }}
Alain Takoudjou's avatar
Alain Takoudjou committed
815
{% endif -%}
816
interface-url = {{ slapparameter_dict.get('monitor-interface-url', 'https://monitor.app.officejs.com') }}
Alain Takoudjou's avatar
Alain Takoudjou committed
817

818 819 820 821
# this helper just gives a blank line to insert in multiline values
[helper]
blank-line =

822
[publish-connection-information]
823
<= monitor-publish
824
recipe = slapos.cookbook:publish
Alain Takoudjou's avatar
Alain Takoudjou committed
825
ipv6 = ${slap-network-information:global-ipv6}
826 827
backend-url = https://[${novnc-instance:ip}]:${novnc-instance:port}/vnc.html?auto=1&encrypt=1&password=${kvm-controller-parameter-dict:vnc-passwd}
url = ${request-slave-frontend:connection-secure_access}/vnc.html?auto=1&encrypt=1&password=${kvm-controller-parameter-dict:vnc-passwd}
828
{% if additional_frontend %}
829
url-additional = ${request-slave-frontend-additional:connection-secure_access}/vnc.html?auto=1&encrypt=1&password=${kvm-controller-parameter-dict:vnc-passwd}
830
{% endif %}
831 832
{% set disk_number = len(storage_dict) -%}
maximum-extra-disk-amount = {{ disk_number }}
833
{% set iface = 'ens3' -%}
834
{% if use_nat -%}
835
{%   set iface = 'ens4' -%}
836
{%   if nat_rule_list -%}
837
# Publish NAT port mapping status
838
{%     for port in nat_rule_list.split(' ') -%}
839 840 841 842 843
{%       if ':' in port -%}
{%         set proto, port = port.split(':') -%}
{%       else -%}
{%         set proto, port = 'tcp', port -%}
{%       endif -%}
844
{%       set external_port = 10000 + port|int() -%}
845
nat-rule-port-{{proto}}-{{port}} = ${slap-network-information:global-ipv6} : ${6tunnel-{{proto}}-{{external_port}}:ipv6-port}
846
{%       if slapparameter_dict.get('publish-nat-url', False) -%}
Thomas Gambier's avatar
Thomas Gambier committed
847
nat-rule-url-{{proto}}-{{port}} = [${slap-network-information:global-ipv6}]:${6tunnel-{{proto}}-{{external_port}}:ipv6-port}
848 849 850
{%       endif -%}
{%     endfor -%}
{%   endif -%}
851
{% endif -%}
852
{% if use_tap -%}
853 854
tap-ipv4 = {{ slap_configuration.get('tap-ipv4-addr', '') }}
tap-ipv6 = {{ slap_configuration.get('tap-ipv6-addr', '') }}
855
{% endif -%}
856 857

{% set kvm_http = 'http://${slap-network-information:local-ipv4}:' ~ slapparameter_dict.get('httpd-port', 8081) -%}
858 859
{% if enable_http %}
{%   if use_nat -%}
860 861
{%     set kvm_http = 'http://10.0.2.100' -%}
{%   endif %}
Alain Takoudjou's avatar
Alain Takoudjou committed
862
{%   if slapparameter_dict.get('authorized-key', '') and slapparameter_dict.get('type', '') == 'cluster' -%}
863
key_info = Get the publick key file in your VM with the command: wget {{ kvm_http }}/authorized_keys
864 865 866
{%   endif %}
{% endif %}

867
ipv6-network-info =
868
{% if use_tap and slap_configuration.get('tap-ipv6-addr') %}
869
  PERMANENT SOLUTION: in your VM, add the lines below in /etc/network/interfaces and then run: "ifup {{ iface }}"
870 871 872 873 874
  auto {{ iface }}
  iface {{ iface }} inet6 static
  	address {{ slap_configuration.get('tap-ipv6-gateway') }}
  	netmask {{ slap_configuration.get('tap-ipv6-network').split('/')[1] }}
  	gateway {{ slap_configuration.get('tap-ipv6-addr') }}
875
{% if enable_http %}
876
  ${helper:blank-line}
877 878
  TEMPORARY SOLUTION: run in your VM the command: "wget -O- {{ kvm_http }}/${network-config-ipv6:filename} | /bin/sh -"
  (the configuration will be gone after the next reboot)
879 880 881 882
{% endif %}
{% endif %}


883
{% if use_tap and slap_configuration.get('tap-ipv4-addr') -%}
884
[network-config-ipv4]
885
recipe = plone.recipe.command
886 887
filename = netconfig.sh
path = ${directory:public}/${:filename}
888
ipv4-add-address = ip -4 address add {{ slap_configuration.get('tap-ipv4-addr') }}/{{ slap_configuration.get('tap-ipv4-netmask') }} dev \$IFACE noprefixroute
889
ipv4-add-gateway-route = ip route add {{ slap_configuration.get('tap-ipv4-gateway') }} dev \$IFACE
890
{%   if nat_restrict -%}
891
ipv4-add-default-route = ip route add default via {{ slap_configuration.get('tap-ipv4-gateway') }} dev \$IFACE
892
{%   elif global_ipv4_prefix -%}
893
ipv4-add-default-route = ip route add {{ global_ipv4_prefix }} via {{ slap_configuration.get('tap-ipv4-gateway') }} dev \$IFACE src {{ slap_configuration.get('tap-ipv4-addr') }}
894
{%   else -%}
895
ipv4-add-default-route =
896
{%   endif -%}
897
ipv4-set-link-up = ip link set dev \$IFACE up
898
command =
899 900 901 902
  cat > ${:path} << EOF
  #!/bin/sh
  IFACE={{ iface }}
  #try to be compatible with OS with old names
903 904
  ip a | grep eth0: && [ \$IFACE = ens3 ] && IFACE=eth0
  ip a | grep eth1: && [ \$IFACE = ens4 ] && IFACE=eth1
905
  ${:ipv4-add-address}
906
  ${:ipv4-add-gateway-route}
907 908
  ${:ipv4-add-default-route}
  ${:ipv4-set-link-up}
909 910 911 912
  EOF
update-command = ${:command}
{% endif -%}

913
{% if use_tap and slap_configuration.get('tap-ipv6-addr') -%}
914 915
[network-config-ipv6]
recipe = plone.recipe.command
916 917 918
filename = ipv6_config.sh
path = ${directory:public}/${:filename}
ipv6-add-address = ip -6 address add {{ slap_configuration.get('tap-ipv6-gateway') }}/{{ slap_configuration.get('tap-ipv6-network').split('/')[1] }} dev \$IFACE
919
ipv6-add-default-route =
920 921
  ip -6 route del default ; ip -6 route add default dev \$IFACE via {{ slap_configuration.get('tap-ipv6-addr') }}
ipv6-set-link-up = ip link set dev \$IFACE up
922 923 924 925 926 927
command =
  cat > ${:path} << EOF
  #!/bin/sh
  IFACE={{ iface }}
  ${:ipv6-add-address}
  ${:ipv6-add-default-route}
928
  ${:ipv6-set-link-up}
929
  EOF
930
update-command = ${:command}
931
{% endif -%}
932

933 934 935 936 937 938 939 940 941 942 943 944 945
{% macro writefile(section_name, file_path, content, mode='') -%}
{% set data_list =  content.split('\n') -%}
[{{ section_name }}]
recipe = collective.recipe.template
input = inline:
  {{ data_list | join('\n  ') }}
output = {{ file_path }}
mode = {{ mode }}
{% endmacro -%}

# write vm-data into file public/data
{{ writefile('vm-data-content', '${directory:public}/data', slapparameter_dict.get('data-to-vm', ''), '700') }}

946
{% if slapparameter_dict.get('authorized-key', '') -%}
947
# write public key for vms to public/authorized_keys
948 949
{{   writefile('get-authorized-key', '${directory:public}/authorized_keys', slapparameter_dict.get('authorized-key', ''), '700') }}
{% endif -%}
950

951
{% if use_tap and nat_restrict -%}
952 953 954 955 956
# Ask to set default to tap interface in the vm
{{ writefile('set-default-interface', '${directory:public}/delDefaultIface', iface, '600') }}
{% do part_list.append('set-default-interface') -%}
{% endif -%}

957 958 959
[publish-host-config]
recipe = plone.recipe.command
name = {{ slapparameter_dict.get('name', 'localhost') }}
960
{% if use_tap and slap_configuration.get('tap-ipv4-addr') -%}
961
local-ipv4 = {{ slap_configuration['tap-ipv4-addr'] }}
962 963 964
gateway = {{ slap_configuration.get('tap-ipv4-gateway') }}
netmask = {{ slap_configuration.get('tap-ipv4-network') }}
network = {{ slap_configuration.get('tap-ipv4-netmask') }}
965 966
{% else -%}
local-ipv4 = 127.0.0.1
967 968 969
gateway =
netmask =
network =
970 971 972
{% endif -%}
path-host = ${directory:public}/hostname
path-ip = ${directory:public}/ipv4
973 974 975
path-gateway = ${directory:public}/gateway
path-network = ${directory:public}/network
path-netmask = ${directory:public}/netmask
976
command =
977 978
  rm -f ${:path-host}
  rm -f ${:path-ip}
979 980 981
  rm -f ${:path-gateway}
  rm -f ${:path-network}
  rm -f ${:path-netmask}
982 983
  echo "${:name}" > ${:path-host}
  echo "${:local-ipv4}" > ${:path-ip}
984 985 986
  echo "${:gateway}" > ${:path-gateway}
  echo "${:network}" > ${:path-network}
  echo "${:netmask}" > ${:path-netmask}
987 988
update-command = ${:command}

989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008
# To access documents of main instance (in case of kvm-cluster) through http
[cluster-url-path]
recipe = slapos.recipe.template:jinja2
template = {{ template_content }}
filename = cluster.hash
rendered = ${directory:public}/${:filename}
hash-url = https://10.0.2.101:443/{{ slapparameter_dict.get('document-path', '') }}
context =
    key content_list :hash-url
    raw sep #

# This 6to4 tunnel help to access document url in ipv4
[tunnel-cluster-url]
recipe = slapos.cookbook:ipv4toipv6
ipv6 = {{ slapparameter_dict.get('document-host', '') }}
ipv4 = ${slap-network-information:local-ipv4}
ipv6-port = {{ slapparameter_dict.get('document-port', '') }}
ipv4-port = 16936
shell-path = {{ dash_executable_location }}
6tunnel-path = {{ sixtunnel_executable_location }}
1009 1010 1011 1012 1013 1014
runner-path = ${directory:bin}/6tunnel-cluster

[tunnel-cluster-service]
recipe = slapos.cookbook:wrapper
command-line = ${tunnel-cluster-url:runner-path}
wrapper-path = ${directory:services}/6tunnel-cluster
1015
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
1016

1017
[ansible-vm-bin]
1018 1019
recipe = slapos.recipe.template:jinja2
template = {{ ansible_promise_tpl }}
1020
rendered = ${directory:bin}/ansible_{{ name }}
1021 1022 1023 1024 1025
extensions = jinja2.ext.do
context =
  raw logs ${directory:public}/ansible
  raw name {{ name }}

1026 1027
[ansible-vm-promise]
<= monitor-promise-base
1028
module = check_command_execute
1029 1030 1031
name = ansible_{{ name }}.py
config-command = ${ansible-vm-bin:rendered}

1032
{% if bootstrap_script_url -%}
1033
[download-bootstrap-script]
1034 1035 1036 1037 1038 1039 1040 1041 1042 1043
recipe = slapos.recipe.build
location = ${directory:public}/vm-bootstrap
install =
  from zc.buildout.download import check_md5sum, urlretrieve, ChecksumError
  url, md5sum = {{ repr(bootstrap_script_url) }}.split('#')
  urlretrieve(url, location)
  if not check_md5sum(location, md5sum):
    os.remove(location)
    raise ChecksumError
{% endif -%}
1044

1045 1046 1047 1048 1049
[logrotate-vm-bootstrap]
< = logrotate-entry-base
name = vm-bootstrap
log = ${directory:public}/ansible/vm-bootstrap.log

1050 1051
[slap-parameter]
# Default values if not specified
1052 1053
frontend-software-type = RootSoftwareInstance
frontend-software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
1054
frontend-instance-guid =
1055 1056 1057 1058 1059
frontend-instance-name = VNC Real Frontend
frontend-additional-software-type = RootSoftwareInstance
frontend-additional-software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
frontend-additional-instance-guid =
frontend-additional-instance-name = VNC Real Frontend Additional
1060 1061 1062 1063
nbd-port = 1024
nbd-host =
nbd2-port = 1024
nbd2-host =
1064
boot-image-url-list =
1065

1066
enable-device-hotplug = False
1067
ram-size = 1024
1068
ram-hotplug-slot-size = 512
1069 1070
disk-size = 10
disk-type = virtio
1071 1072
disk-format = qcow2
disk-device-path =
1073 1074

cpu-count = 1
1075 1076
disk-cache =
disk-aio =
1077
auto-ballooning = True
1078
machine-options =
1079
cpu-model = host
1080 1081

nat-rules = 22 80 443
1082
use-nat = True
1083
use-tap = True
1084
nat-restrict-mode = False
1085
enable-vhost = False
1086 1087 1088

virtual-hard-drive-url =
virtual-hard-drive-md5sum =
1089
virtual-hard-drive-gzipped = False
1090 1091
# if virtual-hard-drive-url use https, then specify if https certificate should be checked or not
hard-drive-url-check-certificate = True
1092 1093 1094

external-disk-number = 0
external-disk-size = 20
1095
external-disk-format = qcow2
1096

1097
# Help to get some configuration files into the vm from http
1098 1099
enable-http-server = False
httpd-port = 8081
1100
# for auto config, the public key file will be available in the VM via url http://10.0.2.100/authorized_key if use-nat = True
1101
authorized-key =
1102 1103 1104

# send some content which will be accessible to the vm through static url: http://10.0.2.100/data
data-to-vm =
1105

1106
{% for k, v in slapparameter_dict.items() -%}
1107 1108 1109 1110
{% if k == 'authorized-key' and v -%}
{% set key_list =  v.split('\n') -%}
{{ k }} =
  {{ key_list | join('\n  ') }}
1111
{% elif k in ['boot-image-url-list', 'boot-image-url-select', 'whitelist-domains'] %}
1112 1113
{# needs to decorate possibly multiline or maybe unsafe value #}
{{ k }} = {{ dumps(v) }}
1114
{% else -%}
1115
{{ k }} = {{ v }}
1116
{% endif -%}
1117 1118
{% endfor -%}

1119 1120 1121 1122 1123 1124 1125
#############################
#
# Instanciate kvm (Buildout Section)
#
#############################

{% if slapparameter_dict.get('document-host', '') %}
1126
# Set Additionals parts
1127 1128
{%   do part_list.append('cluster-url-path') -%}
{% endif -%}
1129
{% if enable_http %}
1130
{%   do part_list.extend(['httpd', 'httpd-service', 'httpd-promise', 'publish-host-config']) -%}
1131 1132 1133
{% if slapparameter_dict.get('data-to-vm', '') %}
{%   do part_list.append('vm-data-content') -%}
{% endif -%}
1134
{% if not disable_ansible_promise %}
1135 1136
{%   do part_list.extend(['ansible-vm-promise', 'logrotate-vm-bootstrap']) -%}
{% endif -%}
Alain Takoudjou's avatar
Alain Takoudjou committed
1137
{% if slapparameter_dict.get('authorized-key', '') and slapparameter_dict.get('type', '') == 'cluster' %}
1138
{%   do part_list.append('get-authorized-key') -%}
1139
{% endif -%}
1140
{% if bootstrap_script_url -%}
1141 1142
{%   do part_list.append('download-bootstrap-script') -%}
{% endif -%}
1143 1144 1145
{% if slapparameter_dict.get('document-port', '') -%}
{%   do part_list.append('tunnel-cluster-service') -%}
{% endif -%}
1146 1147 1148 1149

{% endif -%}


1150 1151 1152 1153 1154 1155
{% if disk_device_path %}
{%   do part_list.append('disk-device-permission') -%}
[disk-device-permission]
recipe = slapos.recipe.template:jinja2
template = inline:
{%- raw %}
1156 1157 1158 1159 1160
  {%- set disk_list = [] %}
  {%- for disk in disk_device_path.split() %}
  {%-   do disk_list.append({'disk': disk}) %}
  {%- endfor -%}
  {{ json_module.dumps(disk_list) }}
1161 1162
{% endraw -%}
rendered = ${buildout:directory}/.slapos-disk-permission
1163
extensions = jinja2.ext.do
1164
context =
1165
  import json_module json
1166
  raw disk_device_path {{disk_device_path}}
1167 1168 1169

{%   do part_list.append('wipe-disk-device-wrapper') -%}
[wipe-disk-device-wrapper]
1170 1171 1172 1173 1174 1175 1176
recipe = slapos.recipe.template:jinja2
template = inline:
{%- for disk_device in disk_device_path.split() %}
  dd if=/dev/zero of={{ disk_device }} bs=4096 count=500k
{%- endfor %}
rendered = ${directory:prerm}/slapos_wipe_device_disk
mode = 0700
1177 1178
{% endif -%}

1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233
{%   do part_list.append('whitelist-firewall') -%}
[whitelist-firewall]
recipe = slapos.cookbook:wrapper
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
wrapper-path = ${directory:scripts}/${:_buildout_section_name_}
command-line =
  {{ dnsresolver_executable }}
  --style list
  --output ${:output}
  ${:source}

source =
  ${whitelist-domains-request:rendered}
  {{ whitelist_domains_default }}
  ${whitelist-domains-resolv.conf:output}
  ${whitelist-domains-download:output}
output = ${buildout:directory}/.slapos-whitelist-firewall

[whitelist-firewall-directory]
recipe = plone.recipe.command
location = ${buildout:parts-directory}/whitelist-firewall
command = mkdir -p ${:location}
update-command = ${:command}

[whitelist-domains-request]
recipe = slapos.recipe.template:jinja2
template = inline:
{%- raw %}
  {%- for domain in whitelist_domains.split() %}
  {{ domain }}
  {%- endfor %}
{% endraw -%}
rendered = ${whitelist-firewall-directory:location}/${:_buildout_section_name_}.txt
whitelist-domains = {{ dumps(whitelist_domains) }}
extensions = jinja2.ext.do
context =
  key whitelist_domains :whitelist-domains

[whitelist-domains-resolv.conf]
recipe = plone.recipe.command
output = ${whitelist-firewall-directory:location}/${:_buildout_section_name_}.txt
update-command = ${:command}
command =
  egrep ^nameserver /etc/resolv.conf  | cut -d ' ' -f 2 > ${:output}

[whitelist-domains-download]
recipe = slapos.cookbook:wrapper
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
wrapper-path = ${directory:scripts}/${:_buildout_section_name_}
output = ${whitelist-firewall-directory:location}/${:_buildout_section_name_}.txt
interval = 3600
command-line = {{ python_executable }} {{ whitelist_firewall_download_controller }} {{ curl_executable_location }} 3600 ${:output} ${:url}

url = https://stream.nxdcdn.com/rapidspace-whitelist-domains

1234
[instance-kvm-parts]
1235 1236
parts =
  certificate-authority
1237
  certificate-authority-service
1238 1239
  publish-connection-information
  kvm-instance
1240
  kvm-controller-wrapper
1241 1242 1243
  kvm-vnc-promise
  kvm-disk-image-corruption-promise
  websockify-sighandler
1244
  websockify-sighandler-service
1245
  novnc-promise
1246
  kvm-started-promise
1247
  cron
1248
  cron-service
1249
  cron-entry-logrotate
1250
  frontend-promise
1251 1252 1253 1254 1255 1256 1257
{% if virtual_hard_drive_url_enabled %}
  virtual-hard-drive-url-download-wrapper
  virtual-hard-drive-url-config-state-promise
  virtual-hard-drive-url-download-md5sum-promise
  virtual-hard-drive-url-download-state-promise
  virtual-hard-drive-url-processed-config-promise
{% endif %}
1258 1259 1260 1261 1262 1263
{% if boot_image_url_list_enabled %}
  boot-image-url-list-download-wrapper
  boot-image-url-list-config-state-promise
  boot-image-url-list-download-md5sum-promise
  boot-image-url-list-download-state-promise
  boot-image-url-list-processed-config-promise
1264
{% endif %}
1265 1266 1267 1268 1269 1270 1271
{% if boot_image_url_select_enabled %}
  boot-image-url-select-download-wrapper
  boot-image-url-select-config-state-promise
  boot-image-url-select-download-md5sum-promise
  boot-image-url-select-download-state-promise
  boot-image-url-select-processed-config-promise
{% endif %}
1272 1273 1274
{% if additional_frontend %}
  frontend-additional-promise
{% endif %}
1275
# monitor parts
1276
  monitor-base
1277 1278 1279
# Complete parts with sections
  {{ part_list | join('\n  ') }}

1280 1281 1282
[buildout]
parts = ${instance-kvm-parts:parts}

1283
extends =
1284 1285 1286 1287 1288 1289
#  Add extends list
 {{ extends_list | join('\n  ') }}
#  {{ template_httpd_cfg }}

eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}
1290
offline = true