{% if software_type == slap_software_type -%} {% set cached_server_dict = {} -%} {% set part_list = [] -%} {% set cache_access = "http://%s:%s" % (local_ipv4, cache_port) -%} {% set ssl_cache_access = "http://%s:%s/HTTPS" % (local_ipv4, cache_port) -%} {% set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%} {% set NGINX_TYPE_LIST = ['eventsource', 'notebook'] -%} {% set generic_instance_parameter_dict = {'cache_access': cache_access,} -%} {% set slave_log_dict = {} -%} {% if extra_slave_instance_list -%} {% set slave_instance_information_list = [] -%} {% set slave_instance_list = slave_instance_list + json_module.loads(extra_slave_instance_list) -%} {% endif -%} [jinja2-template-base] recipe = slapos.recipe.template:jinja2 extensions = jinja2.ext.do extra-context = context = key eggs_directory buildout:eggs-directory key develop_eggs_directory buildout:develop-eggs-directory ${:extra-context} {% do logrotate_dict.pop('recipe') %} [logrotate] {% for key, value in logrotate_dict.iteritems() -%} {{ key }} = {{ value }} {% endfor %} post = {{ apache_configuration.get('frontend-graceful-command') }} frequency = daily rotatep-num = 30 sharedscripts = true notifempty = true create = true [cadirectory] recipe = slapos.cookbook:mkdirectory requests = {{ custom_ssl_directory }}/requests/ private = {{ custom_ssl_directory }}/private/ certs = {{ custom_ssl_directory }}/certs/ newcerts = {{ custom_ssl_directory }}/newcerts/ crl = {{ custom_ssl_directory }}/crl/ {# Loop throught slave list to set up slaves #} {% for slave_instance in slave_instance_list -%} {# # Do all set and do upper, so it makes easy to read the file later #} {% set slave_reference = slave_instance.get('slave_reference') -%} {% set slave_type = slave_instance.get('type', '') -%} {% set slave_section_title = 'dynamic-template-slave-instance-%s' % slave_reference -%} {% set slave_parameter_dict = generic_instance_parameter_dict.copy() -%} {% set slave_publish_dict = {} -%} {% set slave_configuration_section_name = 'slave-instance-%s-configuration' % slave_reference %} {% set slave_logrotate_section = slave_reference + "-logs" -%} {% set slave_password_section = slave_reference + "-password" -%} {% set slave_ln_section = slave_reference + "-ln" -%} {% set slave_htaccess_section = slave_reference + '-htaccess' %} {# extend parts #} {% do part_list.extend([slave_htaccess_section, slave_ln_section]) -%} {% do part_list.extend([slave_logrotate_section, slave_section_title]) -%} {% set slave_log_folder = logrotate_dict.get('backup') + '/' + slave_reference + "-logs" -%} {# Set Up log files #} {% do slave_parameter_dict.__setitem__('access_log', '/'.join([apache_log_directory, '%s_access_log' % slave_reference])) -%} {% do slave_parameter_dict.__setitem__('error_log', '/'.join([apache_log_directory, '%s_error_log' % slave_reference])) -%} {% do slave_instance.__setitem__('access_log', slave_parameter_dict.get('access_log')) -%} {% do slave_instance.__setitem__('error_log', slave_parameter_dict.get('error_log')) -%} {# Add slave log directory to the slave log access dict #} {% do slave_log_dict.__setitem__(slave_reference, slave_log_folder) %} {% set slave_log_access_url = 'https://' + slave_reference + ':${'+ slave_password_section +':passwd}@[' + frontend_configuration.get('apache-ipv6') + ']:' + frontend_configuration.get('apache-https-port') + '/' + slave_reference.lower() + '/' %} {% do slave_publish_dict.__setitem__('log-access', slave_log_access_url) %} {% do slave_publish_dict.__setitem__('slave-reference', slave_reference) %} {% do slave_publish_dict.__setitem__('public-ipv4', public_ipv4) %} {# Set slave domain if none was defined #} {% if slave_instance.get('custom_domain', None) == None -%} {% set domain_prefix = slave_instance.get('slave_reference').replace("-", "").lower() -%} {% if slave_type in NGINX_TYPE_LIST -%} {% do slave_instance.__setitem__('custom_domain', "%s.%s" % (domain_prefix, slapparameter_dict.get('nginx-domain', slapparameter_dict.get('domain')))) -%} {% else -%} {% do slave_instance.__setitem__('custom_domain', "%s.%s" % (domain_prefix, slapparameter_dict.get('domain'))) -%} {% endif -%} {% endif -%} {% set enable_cache = (('' ~ slave_instance.get('enable_cache', '')).lower() in TRUE_VALUES and slave_type != 'redirect') -%} {% if enable_cache and 'url' in slave_instance -%} {% if 'domain' in slave_instance -%} {% do slave_instance.__setitem__('custom_domain', slave_instance.get('domain')) -%} {% endif -%} {% do slave_instance.__setitem__('backend_url', slave_instance.get('url')) -%} {% do slave_instance.__setitem__('https_backend_url', slave_instance.get('https-url', slave_instance.get('url'))) -%} {% do slave_instance.__setitem__('url', cache_access) -%} {% do slave_instance.__setitem__('https-url', ssl_cache_access) -%} {% do cached_server_dict.__setitem__(slave_reference, slave_configuration_section_name) -%} {% endif -%} {% if not slave_instance.has_key('apache_custom_http') %} {% do slave_publish_dict.__setitem__('domain', slave_instance.get('custom_domain')) -%} {% do slave_publish_dict.__setitem__('url', "http://%s" % slave_instance.get('custom_domain')) -%} {% do slave_publish_dict.__setitem__('site_url', "http://%s" % slave_instance.get('custom_domain')) -%} {% do slave_publish_dict.__setitem__('secure_access', 'https://%s' % slave_instance.get('custom_domain')) -%} {% endif -%} [slave-log-directories] {{slave_reference}}-log-folder = {{ slave_log_folder }} {# Set slave logrotate entry #} [{{slave_logrotate_section}}] <= logrotate recipe = slapos.cookbook:logrotate.d name = ${:_buildout_section_name_} log = {{slave_parameter_dict.get('access_log')}} {{slave_parameter_dict.get('error_log')}} backup = {{ slave_log_folder }} {# integrate current logs inside #} [{{slave_ln_section}}] recipe = plone.recipe.command stop-on-error = false command = ln -s {{slave_parameter_dict.get('error_log')}} {{ slave_log_folder }}/apache-error.log && ln -s {{slave_parameter_dict.get('access_log')}} {{ slave_log_folder }}/apache-access.log {# Set password for slave #} [{{slave_password_section}}] recipe = slapos.cookbook:generate.password storage-path = {{apache_configuration_directory}}/.{{slave_reference}}.passwd bytes = 8 {# Set up htaccess file for slave #} [{{slave_htaccess_section}}] recipe = plone.recipe.command stop-on-error = true htaccess-path = {{apache_configuration_directory}}/.{{slave_reference}}.htaccess command = {{frontend_configuration.get('apache-directory')}}/bin/htpasswd -cb ${:htaccess-path} {{ slave_reference }} {{ '${' + slave_password_section + ':passwd}' }} {# ################################################## #} {# Set Slave Certificates if needed #} {# Set ssl certificates for each slave #} {% for cert_name in ('ssl_ca_crt', 'ssl_csr', 'ssl_proxy_ca_crt')-%} {% if cert_name in slave_instance -%} {% set cert_title = '%s-%s' % (slave_reference, cert_name.replace('ssl_', '')) -%} {% set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) -%} {% do part_list.append(cert_title) -%} {% do slave_parameter_dict.__setitem__(cert_name, cert_file) -%} {% do slave_instance.__setitem__('path_to_' + cert_name, cert_file) -%} {# Store certificates on fs #} [{{ cert_title }}] < = jinja2-template-base template = {{ empty_template }} rendered = {{ cert_file }} extra-context = key content {{ cert_title + '-config:value' }} # Store certificate in config [{{ cert_title + '-config' }}] value = {{ dumps(slave_instance.get(cert_name)) }} {% endif -%} {% endfor -%} {% if 'ssl_key' in slave_instance and 'ssl_crt' in slave_instance -%} {% set cert_title = '%s-crt' % (slave_reference) -%} {% set key_title = '%s-key' % (slave_reference) -%} {% set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) -%} {% set key_file = '/'.join([custom_ssl_directory, key_title.replace('-','.')]) -%} {% do part_list.append(cert_title) -%} {% do slave_parameter_dict.__setitem__("ssl_crt", cert_file) -%} {% do slave_parameter_dict.__setitem__("ssl_key", key_file) -%} {% do slave_instance.__setitem__('path_to_ssl_crt', cert_file) -%} {% do slave_instance.__setitem__('path_to_ssl_key', key_file) -%} [{{cert_title}}] recipe = slapos.cookbook:certificate_authority.request #openssl-binary = ${openssl:location}/bin/openssl requests-directory = ${cadirectory:requests} ca-private = ${cadirectory:private} ca-certs = ${cadirectory:certs} ca-newcerts = ${cadirectory:newcerts} ca-crl = ${cadirectory:crl} key-file = {{ key_file }} cert-file = {{ cert_file }} key-content = {{ dumps(slave_instance.get('ssl_key')) }} cert-content = {{ dumps(slave_instance.get('ssl_crt')) }} {% endif -%} {# ########################################## #} {# Set Slave Configuration #} [{{ slave_configuration_section_name }}] {% set apache_custom_http = ((slave_instance.pop('apache_custom_http', '')) % slave_parameter_dict) -%} {% set apache_custom_https = ((slave_instance.pop('apache_custom_https', '')) % slave_parameter_dict) -%} apache_custom_http = {{ dumps(apache_custom_http) }} apache_custom_https = {{ dumps(apache_custom_https) }} {{ '\n' }} {% for key, value in slave_instance.iteritems() -%} {{ key }} = {{ dumps(value) }} {% endfor %} [{{ slave_section_title }}] < = jinja2-template-base {% if slave_type in NGINX_TYPE_LIST %} rendered = {{ nginx_configuration_directory }}/${:filename} {% else %} rendered = {{ apache_configuration_directory }}/${:filename} {% endif %} {% if apache_custom_http %} template = {{ template_custom_slave_configuration }} {% elif slave_type == 'eventsource' %} template = {{ template_eventsource_slave_configuration }} {% elif slave_type == 'notebook' %} template = {{ template_notebook_slave_configuration }} {% else %} template = {{ template_default_slave_configuration }} {% endif %} filename = {{ '%s.conf' % slave_reference }} extra-context = raw https_port {{ https_port }} raw http_port {{ http_port }} raw global_ipv6 {{ global_ipv6 }} raw local_ipv4 {{ local_ipv4 }} raw nginx_http_port {{ nginx_http_port }} raw nginx_https_port {{ nginx_https_port }} section slave_parameter {{ slave_configuration_section_name }} {{ '\n' }} {% set check_error_log_section_title = 'check-%s-error-log-last-hour' % slave_instance.get('slave_reference') -%} {% do part_list.append(check_error_log_section_title) -%} [{{ check_error_log_section_title }}] recipe = slapos.cookbook:wrapper command-line = {{ bin_directory }}/check-error-on-apache-log -l {{ slave_instance.get('error_log') }} -d 3600 filename = {{ check_error_log_section_title }} wrapper-path = {{ promise_directory }}/${:filename} {% set check_error_log_section_title = 'check-%s-error-log-last-day' % slave_instance.get('slave_reference') -%} {% do part_list.append(check_error_log_section_title) -%} [{{ check_error_log_section_title }}] recipe = slapos.cookbook:wrapper command-line = {{ bin_directory }}/check-error-on-apache-log -l {{ slave_instance.get('error_log') }} -d 86400 filename = {{ check_error_log_section_title }} wrapper-path = {{ promise_directory }}/${:filename} {% set monitor_ipv6_test = slave_instance.get('monitor-ipv6-test', '') %} {% if monitor_ipv6_test %} {% set monitor_ipv6_section_title = 'check-%s-ipv6-packet-list-test' % slave_instance.get('slave_reference') %} {% do part_list.append(monitor_ipv6_section_title) -%} [{{ monitor_ipv6_section_title }}] recipe = slapos.cookbook:wrapper command-line = {{ bin_directory }}/is-icmp-packet-lost -a {{monitor_ipv6_test}} filename = {{ monitor_ipv6_section_title }} wrapper-path = {{ promise_directory }}/${:filename} {% endif %} {% set monitor_ipv4_test = slave_instance.get('monitor-ipv4-test', '') %} {% if monitor_ipv4_test %} {% set monitor_ipv4_section_title = 'check-%s-ipv4-packet-list-test' % slave_instance.get('slave_reference') %} {% do part_list.append(monitor_ipv4_section_title) -%} [{{ monitor_ipv4_section_title }}] recipe = slapos.cookbook:wrapper command-line = {{ bin_directory }}/is-icmp-packet-lost -4 -a {{monitor_ipv4_test}} filename = {{ monitor_ipv4_section_title }} wrapper-path = {{ promise_directory }}/${:filename} {% endif %} {# ############################### #} {# Publish Slave Information #} {% if not extra_slave_instance_list -%} {% set publish_section_title = 'publish-%s-connection-information' % slave_instance.get('slave_reference') -%} {% do part_list.append(publish_section_title) -%} [{{ publish_section_title }}] recipe = slapos.cookbook:publish {% for key, value in slave_publish_dict.iteritems() %} {{ key }} = {{ value }} {% endfor %} {% else -%} {% do slave_instance_information_list.append(slave_publish_dict) -%} {% endif -%} {# End of the main for loop#} {% endfor -%} ############################################### ### Prepare virtualhost for slaves using cache {% for slave_reference, slave_configuration_section_name in cached_server_dict.iteritems() %} {% set cached_slave_configuration_section_title = '%s-cached-virtualhost' % slave_reference %} {% do part_list.append(cached_slave_configuration_section_title) -%} [{{ cached_slave_configuration_section_title }}] < = jinja2-template-base template = {{ template_cached_slave_configuration }} filename = {{ '%s.conf' % slave_reference }} rendered = {{ apache_cached_configuration_directory }}/${:filename} extensions = jinja2.ext.do extra-context = section slave_parameter {{ slave_configuration_section_name }} raw cached_port {{ cached_port }} raw ssl_cached_port {{ ssl_cached_port }} {{ '\n' }} {% endfor %} [slave-log-directories] recipe = slapos.cookbook:mkdirectory {# Define log access #} [apache-log-access] < = jinja2-template-base template = {{frontend_configuration.get('template-log-access')}} rendered = {{frontend_configuration.get('log-access-configuration')}} extra-context = section slave_log_directory slave-log-directories raw apache_log_directory {{apache_log_directory}} raw apache_configuration_directory {{apache_configuration_directory}} {# Publish information for the instance #} [publish-apache-information] recipe = slapos.cookbook:publish public-ipv4 = {{ public_ipv4 }} private-ipv4 = {{ local_ipv4 }} {% if extra_slave_instance_list -%} slave-instance-information-list = {{ json_module.dumps(slave_instance_information_list) }} {% endif -%} monitor-base-url = {{ monitor_base_url }} [buildout] parts += slave-log-directories {% for part in part_list -%} {{ ' %s' % part }} {% endfor %} publish-apache-information apache-log-access eggs-directory = {{ eggs_directory }} develop-eggs-directory = {{ develop_eggs_directory }} offline = true cache-access = {{ cache_access }} {% endif -%}