[slap-configuration] recipe = slapos.cookbook:slapconfiguration.serialised computer = ${slap-connection:computer-id} partition = ${slap-connection:partition-id} url = ${slap-connection:server-url} key = ${slap-connection:key-file} cert = ${slap-connection:cert-file} # XXX Default values if doesn't exists root-instance-title = UNKNOWN H-S instance-title = UNKNOWN Instance [directory] recipe = slapos.cookbook:mkdirectory etc = ${buildout:directory}/etc bin = ${buildout:directory}/bin srv = ${buildout:directory}/srv var = ${buildout:directory}/var run = ${:var}/run log = ${:var}/log scripts = ${:etc}/run services = ${:etc}/service promises = ${:etc}/promise plugins = ${:etc}/plugin monitor = ${:srv}/monitor [monitor-directory] recipe = slapos.cookbook:mkdirectory bin = ${directory:bin} etc = ${directory:etc} promises = ${directory:etc}/monitor-promise reports = ${directory:etc}/monitor-report pids = ${directory:run}/monitor webdav = ${directory:monitor}/webdav public = ${directory:monitor}/public private = ${directory:monitor}/private documents = ${:private}/documents log = ${directory:log}/monitor promise-result = ${buildout:directory}/.slapgrid/promise/result promise-log = ${buildout:directory}/.slapgrid/promise/log [ca-directory] recipe = slapos.cookbook:mkdirectory root = ${directory:srv}/ssl requests = ${:root}/requests private = ${:root}/private certs = ${:root}/certs newcerts = ${:root}/newcerts crl = ${:root}/crl [certificate-authority] recipe = slapos.cookbook:certificate_authority openssl-binary = {{ openssl_executable_location }} ca-dir = ${ca-directory:root} requests-directory = ${ca-directory:requests} wrapper = ${directory:services}/certificate_authority ca-private = ${ca-directory:private} ca-certs = ${ca-directory:certs} ca-newcerts = ${ca-directory:newcerts} ca-crl = ${ca-directory:crl} [ca-monitor-httpd] <= certificate-authority recipe = slapos.cookbook:certificate_authority.request key-file = ${monitor-httpd-conf-parameter:key-file} cert-file = ${monitor-httpd-conf-parameter:cert-file} executable = ${monitor-httpd-wrapper:wrapper-path} wrapper = ${directory:services}/monitor-httpd [monitor-conf-parameters] title = ${monitor-instance-parameter:monitor-title} root-title = ${monitor-instance-parameter:root-instance-title} public-folder = ${monitor-directory:public} private-folder = ${monitor-directory:private} webdav-folder = ${monitor-directory:webdav} base-url = ${monitor-instance-parameter:monitor-base-url} service-pid-folder = ${monitor-directory:pids} crond-folder = ${logrotate-directory:cron-entries} log-folder = ${monitor-directory:log} document-folder = ${monitor-directory:documents} pid-file = ${monitor-directory:pids}/monitor-bootstrap.pid public-path-list = private-path-list = ${directory:log} monitor-url-list = ${monitor-instance-parameter:monitor-url-list} parameter-file-path = ${monitor-instance-parameter:configuration-file-path} parameter-list = raw monitor-user ${monitor-instance-parameter:username} htpasswd monitor-password ${httpd-monitor-htpasswd:password-file} ${monitor-instance-parameter:username} ${httpd-monitor-htpasswd:htpasswd-path} file min-free-disk-MB ${promise-check-free-disk-space:config-file} ${monitor-instance-parameter:instance-configuration} # htpasswd entry: htpasswd key password-file username htpasswd-file promise-output-file = ${directory:monitor}/monitor-bootstrap-status [monitor-promise-conf] output-folder = ${monitor-directory:public}/promise history-folder = ${monitor-directory:public} promise-folder = ${directory:plugins} legacy-promise-folder = ${directory:promises} pid-path = ${monitor-directory:pids}/runpromise.pid partition-folder = ${buildout:directory} master-url = ${slap-connection:server-url} partition-cert = ${slap-connection:cert-file} partition-key = ${slap-connection:key-file} partition-id = ${slap-connection:partition-id} computer-id = ${slap-connection:computer-id} ipv4 = ${slap-configuration:ipv4-random} ipv6 = ${slap-configuration:ipv6-random} software-release = ${slap-connection:software-release-url} software-type = ${slap-configuration:slap-software-type} [monitor-base-url-dict] # place holder to be used to collect erp5 monitor urls [monitor-conf] recipe = slapos.recipe.template:jinja2 template = {{ monitor_conf_template }} rendered = ${directory:etc}/${:filename} filename = monitor.conf context = section parameter_dict monitor-conf-parameters section promise_parameter_dict monitor-promise-conf section monitor_base_urls monitor-base-url-dict [start-monitor] recipe = slapos.cookbook:wrapper command-line = {{ monitor_bin }} -c ${monitor-conf:rendered} name = bootstrap-monitor wrapper-path = ${directory:scripts}/${:name} [monitor-htpasswd] recipe = slapos.cookbook:generate.password storage-path = ${directory:etc}/.monitor_pwd bytes = 8 [httpd-monitor-htpasswd] recipe = plone.recipe.command stop-on-error = true password-file = ${directory:etc}/.monitor_pwd htpasswd-path = ${monitor-directory:etc}/monitor-htpasswd # Keep multiple lines as password can end with newline char. command = if [ ! -s "${:htpasswd-path}" ]; then {{ apache_location }}/bin/htpasswd -cb ${:htpasswd-path} ${:user} ${:password} fi if [ ! -s "${:password-file}" ]; then echo "${monitor-instance-parameter:password}" > ${:password-file}; fi update-command = ${:command} user = ${monitor-instance-parameter:username} password = ${monitor-instance-parameter:password} [monitor-symlink] recipe = cns.recipe.symlink symlink = ${monitor-directory:promise-result} = ${monitor-directory:public}/promise ${monitor-directory:promise-result} = ${monitor-directory:log}/promise [monitor-httpd-conf-parameter] listening-ip = ${monitor-instance-parameter:monitor-httpd-ipv6} port = ${monitor-instance-parameter:monitor-httpd-port} pid-file = ${directory:run}/monitor-httpd.pid access-log = ${directory:log}/monitor-httpd-access.log error-log = ${directory:log}/monitor-httpd-error.log cert-file = ${ca-directory:certs}/httpd.crt key-file = ${ca-directory:certs}/httpd.key htpasswd-file = ${httpd-monitor-htpasswd:htpasswd-path} url = https://[${monitor-instance-parameter:monitor-httpd-ipv6}]:${:port} httpd-cors-config-file = ${monitor-httpd-cors:rendered} httpd-include-file = [monitor-httpd-conf] recipe = slapos.recipe.template:jinja2 template = {{ monitor_httpd_template }} rendered = ${monitor-directory:etc}/monitor-httpd.conf mode = 0744 context = section directory monitor-directory section parameter_dict monitor-httpd-conf-parameter [monitor-httpd-cors] recipe = slapos.recipe.template:jinja2 template = {{ monitor_https_cors }} rendered = ${directory:etc}/httpd-cors.cfg mode = 0600 context = key domain monitor-instance-parameter:cors-domains [monitor-httpd-wrapper] recipe = slapos.cookbook:wrapper command-line = {{ apache_location }}/bin/httpd -f ${monitor-httpd-conf:rendered} -DFOREGROUND wrapper-path = ${directory:bin}/monitor-httpd wait-for-files = ${ca-directory:certs}/httpd.key ${ca-directory:certs}/httpd.crt ${monitor-httpd-graceful-wrapper:rendered} [monitor-httpd-graceful-wrapper] recipe = slapos.recipe.template:jinja2 template = {{ template_wrapper }} rendered = ${directory:scripts}/monitor-httpd-graceful mode = 0700 context = key content :command raw dash_binary {{ dash_executable_location }} command = kill -USR1 $(cat ${monitor-httpd-conf-parameter:pid-file}) [logrotate-entry-monitor-httpd] <= logrotate-entry-base name = monitor-apache log = ${directory:log}/monitor-httpd-*.log post = test ! -s ${monitor-httpd-conf-parameter:pid-file} || {{ bin_directory }}/slapos-kill --pidfile ${monitor-httpd-conf-parameter:pid-file} -s USR1 [xnice-bin] recipe = collective.recipe.template input = inline:#!/bin/sh # run something at lowest possible priority exec nice -19 chrt --idle 0 ionice -c3 "$@" output = ${directory:bin}/xnice mode = 700 [promise-monitor-httpd-is-process-older-than-dependency-set] recipe = slapos.cookbook:wrapper command-line = {{ bin_directory }}/is-process-older-than-dependency-set ${monitor-httpd-conf-parameter:pid-file} wrapper-path = ${directory:promises}/promise-monitor-httpd-is-process-older-than-dependency-set [monitor-globalstate-wrapper] recipe = slapos.cookbook:wrapper command-line = ${xnice-bin:output} {{ monitor_genstatus }} '${monitor-conf:rendered}' wrapper-path = ${directory:bin}/monitor-globalstate [monitor-configurator-wrapper] recipe = slapos.cookbook:wrapper # XXX - hard coded path command-line = ${xnice-bin:output} {{ monitor_configwrite }} --config_folder '${monitor-conf-parameters:private-folder}/config/.jio_documents' --output_cfg_file '${monitor-instance-parameter:configuration-file-path}' --htpasswd_bin '{{ apache_location }}/bin/htpasswd' --monitor_https_cors {{ monitor_https_cors }} wrapper-path = ${directory:bin}/monitor-configurator [monitor-collect-wrapper] recipe = slapos.cookbook:wrapper command-line = ${xnice-bin:output} {{ monitor_collect }} --output_folder ${monitor-directory:documents} --collector_db ${monitor-instance-parameter:collector-db} --pid_file ${monitor-directory:pids}/monitor-collect.pid wrapper-path = ${directory:bin}/monitor-collect [monitor-globalstate-cron-entry] recipe = slapos.cookbook:cron.d cron-entries = ${cron:cron-entries} name = monitor-globalstate frequency = */2 * * * * command = {{ bin_directory }}/randomsleep 20 && ${monitor-globalstate-wrapper:wrapper-path} [monitor-configurator-cron-entry] recipe = slapos.cookbook:cron.d cron-entries = ${cron:cron-entries} name = monitor-configurator frequency = * * * * * command = {{ bin_directory }}/randomsleep 10 && ${monitor-configurator-wrapper:wrapper-path} [monitor-collect-cron-entry] recipe = slapos.cookbook:cron.d cron-entries = ${cron:cron-entries} name = monitor_collect frequency = * * * * * command = {{ bin_directory }}/randomsleep 40 && ${monitor-collect-wrapper:wrapper-path} [logrotate-entry-monitor-data] recipe = collective.recipe.template name = monitor.data log = ${monitor-directory:private}/*.data.json ${monitor-directory:documents}/*.data.json input = inline:${:log} { weekly nocreate olddir ${monitor-directory:documents} rotate 104 nocompress missingok extension .json dateext dateformat -%Y-%m-%d notifempty } output = ${logrotate-directory:logrotate-entries}/${:name} mode = 600 [logrotate-entry-monitor-promise-history] <= logrotate-entry-base name = monitor.service.status log = ${monitor-directory:public}/*.history.json rotate-num = 0 frequency = weekly pre = {{ monitor_statistic }} --history_folder ${monitor-directory:public} [monitor-httpd-promise] recipe = slapos.cookbook:check_url_available path = ${directory:promises}/${:filename} filename = monitor-httpd-listening-on-tcp url = ${monitor-httpd-conf-parameter:url} check-secure = 1 dash_path = {{ dash_executable_location }} curl_path = {{ curl_executable_location }} [monitor-publish-parameters] # XXX depends on monitor-base section monitor-base-url = ${monitor-base:base-url} monitor-url = ${:monitor-base-url}/public/feeds monitor-user = ${monitor-instance-parameter:username} monitor-password = ${monitor-instance-parameter:password} [monitor-instance-parameter] monitor-title = ${slap-configuration:instance-title} monitor-httpd-ipv6 = ${slap-configuration:ipv6-random} monitor-httpd-port = 8196 # XXX - Set monitor-base-url = ${monitor-httpd-conf-parameter:url} => https://[ipv6]:port monitor-base-url = ${monitor-frontend-promise:url} #monitor-base-url = ${monitor-httpd-conf-parameter:url} root-instance-title = ${slap-configuration:root-instance-title} monitor-url-list = cors-domains = monitor.app.officejs.com # XXX Hard coded parameter collector-db = /srv/slapgrid/var/data-log/collector.db # Credentials password = ${monitor-htpasswd:passwd} username = admin # XXX: type key value # ex raw monitor-password resqdsdsd34 instance-configuration = configuration-file-path = ${monitor-directory:etc}/monitor_knowledge0.cfg interface-url = https://monitor.app.officejs.com [monitor-frontend] <= slap-connection recipe = slapos.cookbook:requestoptional name = Monitor Frontend ${monitor-instance-parameter:monitor-title} # XXX We have hardcoded SR URL here. software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg slave = true config-url = ${monitor-httpd-conf-parameter:url} config-https-only = true #software-type = custom-personal return = domain secure_access [monitor-frontend-promise] recipe = slapos.cookbook:check_url_available path = ${directory:promises}/monitor-http-frontend url = ${monitor-frontend:connection-secure_access} dash_path = {{ dash_executable_location }} curl_path = {{ curl_executable_location }} check-secure = 1 [monitor-bootstrap-promise] recipe = slapos.cookbook:promise.plugin eggs = slapos.toolbox file = ${monitor-conf-parameters:promise-output-file} content = from slapos.promise.plugin.monitor_bootstrap_status import RunPromise output = ${directory:plugins}/monitor-bootstrap-status.py mode = 600 config-process-pid-file = ${monitor-conf-parameters:pid-file} config-process-name = ${start-monitor:name} config-status-file = ${:file} [promise-check-slapgrid] recipe = slapos.cookbook:promise.plugin eggs = slapos.toolbox output = ${directory:plugins}/buildout-${slap-connection:partition-id}-status.py content = from slapos.promise.plugin.check_partition_deployment_state import RunPromise config-monitor-url = ${monitor-instance-parameter:monitor-base-url} mode = 600 [promise-check-free-disk-space] recipe = slapos.cookbook:wrapper command-line = {{ check_disk_space }} --collectordb ${monitor-instance-parameter:collector-db} --home_path ${buildout:directory} --config ${:config-file} wrapper-path = ${directory:promises}/check-free-disk-space config-file = ${directory:etc}/min-free-disk-size [monitor-base] # create dependencies between required monitor parts recipe = plone.recipe.command command = true update-command = base-url = ${monitor-conf-parameters:base-url} depends = ${monitor-globalstate-cron-entry:name} ${monitor-configurator-cron-entry:name} ${monitor-collect-cron-entry:name} ${cron-entry-logrotate:name} ${logrotate-entry-cron:name} ${certificate-authority:wrapper} ${monitor-conf:rendered} ${start-monitor:wrapper-path} ${ca-monitor-httpd:wrapper} ${monitor-httpd-promise:filename} ${monitor-bootstrap-promise:file} ${monitor-symlink:recipe} ${promise-check-slapgrid:recipe} ${promise-monitor-httpd-is-process-older-than-dependency-set:wrapper-path} ${logrotate-entry-monitor-httpd:name} ${logrotate-entry-monitor-data:name} ${logrotate-entry-monitor-promise-history:name} [monitor-publish] monitor-base-url = ${monitor-publish-parameters:monitor-base-url} monitor-setup-url = ${monitor-instance-parameter:interface-url}/#page=settings_configurator&url=${monitor-publish-parameters:monitor-url}&username=${monitor-publish-parameters:monitor-user}&password=${monitor-publish-parameters:monitor-password} [buildout] extends = {{ template_logrotate_base }}