[slap-configuration]
recipe = slapos.cookbook:slapconfiguration.serialised
computer = ${slap-connection:computer-id}
partition = ${slap-connection:partition-id}
url = ${slap-connection:server-url}
key = ${slap-connection:key-file}
cert = ${slap-connection:cert-file}

# XXX Default values if doesn't exists
root-instance-title = UNKNOWN H-S
instance-title = UNKNOWN Instance

[directory]
recipe = slapos.cookbook:mkdirectory
etc = ${buildout:directory}/etc
bin = ${buildout:directory}/bin
srv = ${buildout:directory}/srv
var = ${buildout:directory}/var
run = ${:var}/run
log = ${:var}/log
scripts = ${:etc}/run
services = ${:etc}/service
promises = ${:etc}/promise
plugins = ${:etc}/plugin
monitor = ${:srv}/monitor

[monitor-directory]
recipe = slapos.cookbook:mkdirectory
bin = ${directory:bin}
etc = ${directory:etc}
promises = ${directory:etc}/monitor-promise
reports = ${directory:etc}/monitor-report
pids = ${directory:run}/monitor
webdav = ${directory:monitor}/webdav
public = ${directory:monitor}/public
private = ${directory:monitor}/private
documents = ${:private}/documents
log = ${directory:log}/monitor
promise-result = ${buildout:directory}/.slapgrid/promise/result
promise-log = ${buildout:directory}/.slapgrid/promise/log

[ca-directory]
recipe = slapos.cookbook:mkdirectory
root = ${directory:srv}/ssl
requests = ${:root}/requests
private = ${:root}/private
certs = ${:root}/certs
newcerts = ${:root}/newcerts
crl = ${:root}/crl

[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = {{ openssl_executable_location }}
ca-dir = ${ca-directory:root}
requests-directory = ${ca-directory:requests}
wrapper = ${directory:services}/certificate_authority
ca-private = ${ca-directory:private}
ca-certs = ${ca-directory:certs}
ca-newcerts = ${ca-directory:newcerts}
ca-crl = ${ca-directory:crl}

[ca-monitor-httpd]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = ${monitor-httpd-conf-parameter:key-file}
cert-file = ${monitor-httpd-conf-parameter:cert-file}
executable = ${monitor-httpd-wrapper:wrapper-path}
wrapper = ${directory:services}/monitor-httpd

[monitor-conf-parameters]
title = ${monitor-instance-parameter:monitor-title}
root-title = ${monitor-instance-parameter:root-instance-title}
public-folder = ${monitor-directory:public}
private-folder = ${monitor-directory:private}
webdav-folder = ${monitor-directory:webdav}
base-url = ${monitor-instance-parameter:monitor-base-url}
service-pid-folder = ${monitor-directory:pids}
crond-folder = ${logrotate-directory:cron-entries}
log-folder = ${monitor-directory:log}
document-folder = ${monitor-directory:documents}
pid-file = ${monitor-directory:pids}/monitor-bootstrap.pid

public-path-list = 
private-path-list = ${directory:log}
monitor-url-list = ${monitor-instance-parameter:monitor-url-list}
parameter-file-path = ${monitor-instance-parameter:configuration-file-path}

parameter-list = 
  raw monitor-user ${monitor-instance-parameter:username}
  htpasswd monitor-password ${httpd-monitor-htpasswd:password-file} ${monitor-instance-parameter:username} ${httpd-monitor-htpasswd:htpasswd-path}
  file min-free-disk-MB ${promise-check-free-disk-space:config-file}
  ${monitor-instance-parameter:instance-configuration}
# htpasswd entry:  htpasswd key password-file username htpasswd-file

promise-output-file = ${directory:monitor}/monitor-bootstrap-status

[monitor-promise-conf]
output-folder = ${monitor-directory:public}/promise
history-folder = ${monitor-directory:public}
promise-folder = ${directory:plugins}
legacy-promise-folder = ${directory:promises}
pid-path = ${monitor-directory:pids}/runpromise.pid
partition-folder = ${buildout:directory}
master-url = ${slap-connection:server-url}
partition-cert = ${slap-connection:cert-file}
partition-key = ${slap-connection:key-file}
partition-id = ${slap-connection:partition-id}
computer-id = ${slap-connection:computer-id}
ipv4 = ${slap-configuration:ipv4-random}
ipv6 = ${slap-configuration:ipv6-random}
software-release = ${slap-connection:software-release-url}
software-type = ${slap-configuration:slap-software-type}

[monitor-base-url-dict]
# place holder to be used to collect erp5 monitor urls

[monitor-conf]
recipe = slapos.recipe.template:jinja2
template = {{ monitor_conf_template }}
rendered = ${directory:etc}/${:filename}
filename = monitor.conf
context = section parameter_dict           monitor-conf-parameters
          section promise_parameter_dict  monitor-promise-conf
          section monitor_base_urls        monitor-base-url-dict

[start-monitor]
recipe = slapos.cookbook:wrapper
command-line = {{ monitor_bin }} -c ${monitor-conf:rendered}
name = bootstrap-monitor
wrapper-path = ${directory:scripts}/${:name}

[monitor-htpasswd]
recipe = slapos.cookbook:generate.password
storage-path = ${directory:etc}/.monitor_pwd
bytes = 8

[httpd-monitor-htpasswd]
recipe = plone.recipe.command
stop-on-error = true
password-file = ${directory:etc}/.monitor_pwd
htpasswd-path = ${monitor-directory:etc}/monitor-htpasswd
# Keep multiple lines as password can end with newline char.
command = 
  if [ ! -s "${:htpasswd-path}" ]; then 
    {{ apache_location }}/bin/htpasswd -cb ${:htpasswd-path} ${:user} ${:password}
  fi
  if [ ! -s "${:password-file}" ]; then echo "${monitor-instance-parameter:password}" > ${:password-file}; fi
update-command = ${:command}
user = ${monitor-instance-parameter:username}
password = ${monitor-instance-parameter:password}

[monitor-symlink]
recipe = cns.recipe.symlink
symlink =
  ${monitor-directory:promise-result} = ${monitor-directory:public}/promise
  ${monitor-directory:promise-result} = ${monitor-directory:log}/promise

[monitor-httpd-conf-parameter]
listening-ip = ${monitor-instance-parameter:monitor-httpd-ipv6}
port = ${monitor-instance-parameter:monitor-httpd-port}
pid-file = ${directory:run}/monitor-httpd.pid
access-log = ${directory:log}/monitor-httpd-access.log
error-log = ${directory:log}/monitor-httpd-error.log
cert-file = ${ca-directory:certs}/httpd.crt
key-file = ${ca-directory:certs}/httpd.key
htpasswd-file = ${httpd-monitor-htpasswd:htpasswd-path}
url = https://[${monitor-instance-parameter:monitor-httpd-ipv6}]:${:port}
httpd-cors-config-file = ${monitor-httpd-cors:rendered}
httpd-include-file = 

[monitor-httpd-conf]
recipe = slapos.recipe.template:jinja2
template = {{ monitor_httpd_template }}
rendered = ${monitor-directory:etc}/monitor-httpd.conf
mode = 0744
context =
  section directory monitor-directory
  section parameter_dict monitor-httpd-conf-parameter

[monitor-httpd-cors]
recipe = slapos.recipe.template:jinja2
template = {{ monitor_https_cors }}
rendered = ${directory:etc}/httpd-cors.cfg
mode = 0600
context =
  key domain monitor-instance-parameter:cors-domains

[monitor-httpd-wrapper]
recipe = slapos.cookbook:wrapper
command-line = {{ apache_location }}/bin/httpd -f ${monitor-httpd-conf:rendered} -DFOREGROUND
wrapper-path = ${directory:bin}/monitor-httpd
wait-for-files =
  ${ca-directory:certs}/httpd.key
  ${ca-directory:certs}/httpd.crt
  ${monitor-httpd-graceful-wrapper:rendered}

[monitor-httpd-graceful-wrapper]
recipe = slapos.recipe.template:jinja2
template = {{ template_wrapper }}
rendered = ${directory:scripts}/monitor-httpd-graceful
mode = 0700
context =
    key content :command
    raw dash_binary {{ dash_executable_location }}
command = kill -USR1 $(cat ${monitor-httpd-conf-parameter:pid-file})

[logrotate-entry-monitor-httpd]
<= logrotate-entry-base
name = monitor-apache
log = ${directory:log}/monitor-httpd-*.log
post = test ! -s ${monitor-httpd-conf-parameter:pid-file} || {{ bin_directory }}/slapos-kill --pidfile ${monitor-httpd-conf-parameter:pid-file} -s USR1

[xnice-bin]
recipe = collective.recipe.template
input = inline:#!/bin/sh
  # run something at lowest possible priority
  exec nice -19 chrt --idle 0 ionice -c3 "$@"
output = ${directory:bin}/xnice
mode = 700

[promise-monitor-httpd-is-process-older-than-dependency-set]
recipe = slapos.cookbook:wrapper
command-line = {{ bin_directory }}/is-process-older-than-dependency-set ${monitor-httpd-conf-parameter:pid-file} 
wrapper-path = ${directory:promises}/promise-monitor-httpd-is-process-older-than-dependency-set

[monitor-globalstate-wrapper]
recipe = slapos.cookbook:wrapper
command-line = ${xnice-bin:output} {{ monitor_genstatus }} '${monitor-conf:rendered}'
wrapper-path = ${directory:bin}/monitor-globalstate

[monitor-configurator-wrapper]
recipe = slapos.cookbook:wrapper
# XXX - hard coded path
command-line = ${xnice-bin:output} {{ monitor_configwrite }}
              --config_folder '${monitor-conf-parameters:private-folder}/config/.jio_documents'
              --output_cfg_file '${monitor-instance-parameter:configuration-file-path}'
              --htpasswd_bin '{{ apache_location }}/bin/htpasswd'
              --monitor_https_cors {{ monitor_https_cors }}
wrapper-path = ${directory:bin}/monitor-configurator

[monitor-collect-wrapper]
recipe = slapos.cookbook:wrapper
command-line = ${xnice-bin:output} {{ monitor_collect }}
               --output_folder ${monitor-directory:documents}
               --collector_db ${monitor-instance-parameter:collector-db}
               --pid_file ${monitor-directory:pids}/monitor-collect.pid
wrapper-path = ${directory:bin}/monitor-collect

[monitor-globalstate-cron-entry]
recipe = slapos.cookbook:cron.d
cron-entries = ${cron:cron-entries}
name = monitor-globalstate
frequency = */2 * * * *
command = {{ bin_directory }}/randomsleep 20 && ${monitor-globalstate-wrapper:wrapper-path}

[monitor-configurator-cron-entry]
recipe = slapos.cookbook:cron.d
cron-entries = ${cron:cron-entries}
name = monitor-configurator
frequency = * * * * *
command = {{ bin_directory }}/randomsleep 10 && ${monitor-configurator-wrapper:wrapper-path}

[monitor-collect-cron-entry]
recipe = slapos.cookbook:cron.d
cron-entries = ${cron:cron-entries}
name = monitor_collect
frequency = * * * * *
command = {{ bin_directory }}/randomsleep 40 && ${monitor-collect-wrapper:wrapper-path}

[logrotate-entry-monitor-data]
recipe = collective.recipe.template
name = monitor.data
log = ${monitor-directory:private}/*.data.json ${monitor-directory:documents}/*.data.json
input = inline:${:log} {
    weekly
    nocreate
    olddir ${monitor-directory:documents}
    rotate 104
    nocompress
    missingok
    extension .json
    dateext
    dateformat -%Y-%m-%d
    notifempty
  }
output = ${logrotate-directory:logrotate-entries}/${:name}
mode = 600

[logrotate-entry-monitor-promise-history]
<= logrotate-entry-base
name = monitor.service.status
log = ${monitor-directory:public}/*.history.json
rotate-num = 0
frequency = weekly
pre = {{ monitor_statistic }} --history_folder ${monitor-directory:public}

[monitor-httpd-promise]
recipe = slapos.cookbook:check_url_available
path = ${directory:promises}/${:filename}
filename = monitor-httpd-listening-on-tcp
url = ${monitor-httpd-conf-parameter:url}
check-secure = 1
dash_path = {{ dash_executable_location }}
curl_path = {{ curl_executable_location }}

[monitor-publish-parameters]
# XXX depends on monitor-base section
monitor-base-url = ${monitor-base:base-url}
monitor-url = ${:monitor-base-url}/public/feeds
monitor-user = ${monitor-instance-parameter:username}
monitor-password = ${monitor-instance-parameter:password}

[monitor-instance-parameter]
monitor-title = ${slap-configuration:instance-title}
monitor-httpd-ipv6 = ${slap-configuration:ipv6-random}
monitor-httpd-port = 8196
# XXX - Set monitor-base-url = ${monitor-httpd-conf-parameter:url} => https://[ipv6]:port
monitor-base-url = ${monitor-frontend-promise:url}
#monitor-base-url = ${monitor-httpd-conf-parameter:url}
root-instance-title = ${slap-configuration:root-instance-title}
monitor-url-list =
cors-domains = monitor.app.officejs.com
# XXX Hard coded parameter
collector-db = /srv/slapgrid/var/data-log/collector.db
# Credentials
password = ${monitor-htpasswd:passwd}
username = admin
# XXX: type key value
# ex raw monitor-password resqdsdsd34
instance-configuration =

configuration-file-path = ${monitor-directory:etc}/monitor_knowledge0.cfg

interface-url = https://monitor.app.officejs.com

[monitor-frontend]
<= slap-connection
recipe = slapos.cookbook:requestoptional
name = Monitor Frontend ${monitor-instance-parameter:monitor-title}
# XXX We have hardcoded SR URL here.
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
slave = true
config-url = ${monitor-httpd-conf-parameter:url}
config-https-only = true
#software-type = custom-personal
return = domain secure_access

[monitor-frontend-promise]
recipe = slapos.cookbook:check_url_available
path = ${directory:promises}/monitor-http-frontend
url = ${monitor-frontend:connection-secure_access}
dash_path = {{ dash_executable_location }}
curl_path = {{ curl_executable_location }}
check-secure = 1

[monitor-bootstrap-promise]
recipe = slapos.cookbook:promise.plugin
eggs =
  slapos.toolbox
file = ${monitor-conf-parameters:promise-output-file}
content = 
  from slapos.promise.plugin.monitor_bootstrap_status import RunPromise
output = ${directory:plugins}/monitor-bootstrap-status.py
mode = 600
config-process-pid-file = ${monitor-conf-parameters:pid-file}
config-process-name = ${start-monitor:name}
config-status-file = ${:file}

[promise-check-slapgrid]
recipe = slapos.cookbook:promise.plugin
eggs =
  slapos.toolbox
output = ${directory:plugins}/buildout-${slap-connection:partition-id}-status.py
content = 
  from slapos.promise.plugin.check_partition_deployment_state import RunPromise
config-monitor-url = ${monitor-instance-parameter:monitor-base-url}
mode = 600

[promise-check-free-disk-space]
recipe = slapos.cookbook:wrapper
command-line = {{ check_disk_space }}
               --collectordb ${monitor-instance-parameter:collector-db}
               --home_path ${buildout:directory}
               --config ${:config-file}
wrapper-path = ${directory:promises}/check-free-disk-space
config-file = ${directory:etc}/min-free-disk-size


[monitor-base]
# create dependencies between required monitor parts
recipe = plone.recipe.command
command = true
update-command = 
base-url = ${monitor-conf-parameters:base-url}
depends =
  ${monitor-globalstate-cron-entry:name}
  ${monitor-configurator-cron-entry:name}
  ${monitor-collect-cron-entry:name}
  ${cron-entry-logrotate:name}
  ${logrotate-entry-cron:name}
  ${certificate-authority:wrapper}
  ${monitor-conf:rendered}
  ${start-monitor:wrapper-path}
  ${ca-monitor-httpd:wrapper}
  ${monitor-httpd-promise:filename}
  ${monitor-bootstrap-promise:file}
  ${monitor-symlink:recipe}
  ${promise-check-slapgrid:recipe}
  ${promise-monitor-httpd-is-process-older-than-dependency-set:wrapper-path}
  ${logrotate-entry-monitor-httpd:name}
  ${logrotate-entry-monitor-data:name}
  ${logrotate-entry-monitor-promise-history:name}

[monitor-publish]
monitor-base-url = ${monitor-publish-parameters:monitor-base-url}
monitor-setup-url = ${monitor-instance-parameter:interface-url}/#page=settings_configurator&url=${monitor-publish-parameters:monitor-url}&username=${monitor-publish-parameters:monitor-user}&password=${monitor-publish-parameters:monitor-password}


[buildout]

extends = 
  {{ template_logrotate_base }}