[buildout] parts = nginx_conf nginx-launcher certificate-authority ca-nginx ca-shellinabox gunicorn-launcher gunicorn-graceful sshkeys-dropbear-runner dropbear-server-add-authorized-key sshkeys-authority publish-connection-informations slaprunner-promise slaprunner-frontend-promise dropbear-promise runtestsuite shellinabox-promise symlinks shellinabox slapos-cfg slapos-repo-config cron-entry-prepare-software deploy-instance-parameters instance-software-type {% if slapparameter_dict.get('custom-frontend-backend-url') %} custom-frontend-promise {% endif %} ## Monitoring part ###Parts to add for monitoring cron certificate-authority cron-entry-monitor cron-entry-rss deploy-index deploy-settings-cgi deploy-status-cgi deploy-status-history-cgi setup-static-files certificate-authority zero-parameters public-symlink cgi-httpd-wrapper cgi-httpd-graceful-wrapper monitor-promise monitor-instance-log-access ## Monitor for runner monitor-current-log-access extends = ${monitor-template:output} eggs-directory = ${buildout:eggs-directory} develop-eggs-directory = ${buildout:develop-eggs-directory} offline = true {% if slapparameter_dict.get('custom-frontend-backend-url') -%} # Requests, if defined, a frontend to allow access to a server # located inside of the virtual machine listening to port X # to LAN IPv4. # Internaly, the frontend will be asked to listen on the IPv6 # with port X + 10000, to match NAT rules of Qemu. [request-custom-frontend] recipe = slapos.cookbook:requestoptional software-url = {{ slapparameter_dict.get('custom-frontend-software-url', 'http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg') }} software-type = {{ slapparameter_dict.get('custom-frontend-software-type', 'RootSoftwareInstance') }} slave = true name = Custom Web Frontend server-url = $${slap-connection:server-url} key-file = $${slap-connection:key-file} cert-file = $${slap-connection:cert-file} computer-id = $${slap-connection:computer-id} partition-id = $${slap-connection:partition-id} {%- if slapparameter_dict.get('custom-frontend-instance-guid') -%} sla = instance_guid sla-instance_guid = $${slap-parameter:frontend-instance-guid} {% endif -%} {% set custom_frontend_backend_type = slapparameter_dict.get('custom-frontend-backend-type')%} {% if custom_frontend_backend_type %} config = url type config-type = {{ custom_frontend_backend_type }} {% else %} config = url {% endif -%} config-url = {{ slapparameter_dict.get('custom-frontend-backend-url') }} return = site_url domain [custom-frontend-promise] recipe = slapos.cookbook:check_url_available path = $${directory:promises}/custom_frontend_promise url = https://$${request-custom-frontend:connection-domain} {% if slapparameter_dict.get('custom-frontend-basic-auth') -%} check-secure = 1 {% endif -%} dash_path = {{ dash_executable_location }} curl_path = {{ curl_executable_location }} [publish-connection-informations] custom-frontend-url = https://$${request-custom-frontend:connection-domain} {% endif %} # Create all needed directories [directory] recipe = slapos.cookbook:mkdirectory etc = $${buildout:directory}/etc/ var = $${buildout:directory}/var/ srv = $${buildout:directory}/srv/ bin = $${buildout:directory}/bin/ tmp = $${buildout:directory}/tmp/ sshkeys = $${:srv}/sshkeys services = $${:etc}/service/ scripts = $${:etc}/run/ ssh = $${:etc}/ssh/ log = $${:var}/log/ run = $${:var}/run/ backup = $${:srv}/backup/ promises = $${:etc}/promise/ test = $${:etc}/test/ nginx-data = $${directory:srv}/nginx ca-dir = $${:srv}/ssl project = $${:srv}/runner/project [runnerdirectory] recipe = slapos.cookbook:mkdirectory home = $${directory:srv}/runner/ test = $${directory:srv}/test/ project = $${:home}/project public = $${:home}/public software-root = $${:home}/software instance-root = $${:home}/instance project-test = $${:test}/project software-test = $${:test}/software instance-test = $${:test}/instance sessions = $${buildout:directory}/.sessions #Create password recovery code for slaprunner [recovery-code] recipe = slapos.cookbook:generate.password storage-path = $${directory:etc}/.rcode bytes = 8 [slaprunner] slaprunner = ${buildout:directory}/bin/slaprunner slapos = ${buildout:directory}/bin/slapos slapproxy = ${buildout:directory}/bin/slapproxy supervisor = ${buildout:directory}/bin/slapgrid-supervisorctl git-binary = ${git:location}/bin/git root_check = false slapos.cfg = $${directory:etc}/slapos.cfg working-directory = $${runnerdirectory:home} project-directory = $${runnerdirectory:project} instance_root = $${runnerdirectory:instance-root} software_root = $${runnerdirectory:software-root} #XXX-Nico hardcoded default port because overridden by this buildout config instance-monitor-url = https://[$${:ipv6}]:9685 etc_dir = $${directory:etc} log_dir = $${directory:log} run_dir = $${directory:run} ssh_client = $${sshkeys-dropbear-runner:wrapper} public_key = $${sshkeys-dropbear-runner:public-key} private_key = $${sshkeys-dropbear-runner:private-key} ipv4 = $${slap-network-information:local-ipv4} ipv6 = $${slap-network-information:global-ipv6} instance_root = $${runnerdirectory:instance-root} proxy_port = 50000 runner_port = 50005 partition-amount = $${slap-parameter:instance-amount} wrapper = $${directory:services}/slaprunner debug = $${slap-parameter:debug} access-url = https://[$${:ipv6}]:$${:runner_port} supervisord_config = $${directory:etc}/supervisord.conf proxy_database = $${slaprunner:working-directory}/proxy.db console = False verbose = False debug = False auto_deploy = $${slap-parameter:auto-deploy} auto_deploy_instance = $${slap-parameter:auto-deploy-instance} autorun = $${slap-parameter:autorun} knowledge0_file = $${buildout:directory}/$${public:filename} [test-runner] <= slaprunner slapos.cfg = $${directory:etc}/slapos-test.cfg working-directory = $${runnerdirectory:test} project-directory = $${runnerdirectory:project-test} software-directory = $${runnerdirectory:software-test} instance-directory = $${runnerdirectory:instance-test} proxy_port = 8602 etc_dir = $${directory:test} [runtestsuite] recipe = slapos.cookbook:wrapper command-line = ${buildout:directory}/bin/slaprunnertest wrapper-path = $${directory:bin}/runTestSuite environment = RUNNER_CONFIG=$${slapos-test-cfg:rendered} # Deploy dropbear (minimalist SSH server) [sshkeys-directory] recipe = slapos.cookbook:mkdirectory requests = $${directory:sshkeys}/requests/ keys = $${directory:sshkeys}/keys/ [sshkeys-authority] recipe = slapos.cookbook:sshkeys_authority request-directory = $${sshkeys-directory:requests} keys-directory = $${sshkeys-directory:keys} wrapper = $${directory:services}/sshkeys_authority keygen-binary = ${dropbear:location}/bin/dropbearkey [dropbear-runner-server] recipe = slapos.cookbook:dropbear host = $${slap-network-information:global-ipv6} port = 22222 home = $${directory:ssh} wrapper = $${directory:bin}/runner_sshd shell = ${bash:location}/bin/bash rsa-keyfile = $${directory:ssh}/server_key.rsa dropbear-binary = ${dropbear:location}/sbin/dropbear [sshkeys-dropbear-runner] <= sshkeys-authority recipe = slapos.cookbook:sshkeys_authority.request name = dropbear type = rsa executable = $${dropbear-runner-server:wrapper} public-key = $${dropbear-runner-server:rsa-keyfile}.pub private-key = $${dropbear-runner-server:rsa-keyfile} wrapper = $${directory:services}/runner_sshd [dropbear-server-add-authorized-key] <= dropbear-runner-server recipe = slapos.cookbook:dropbear.add_authorized_key key = $${slap-parameter:user-authorized-key} #--------------------------- #-- #-- Set nginx frontend [tempdirectory] recipe = slapos.cookbook:mkdirectory client_body_temp_path = $${directory:tmp}/client_body_temp_path proxy_temp_path = $${directory:tmp}/proxy_temp_path fastcgi_temp_path = $${directory:tmp}/fastcgi_temp_path uwsgi_temp_path = $${directory:tmp}/uwsgi_temp_path scgi_temp_path = $${directory:tmp}/scgi_temp_path [nginx-frontend] # Options nb_workers = 2 # Network local-ip = $${slap-network-information:local-ipv4} port = 30001 global-ip = $${slap-network-information:global-ipv6} global-port = $${slaprunner:runner_port} # Backend runner-ip = $${slaprunner:ipv4} runner-port = $${slaprunner:runner_port} # SSL ssl-certificate = $${ca-nginx:cert-file} ssl-key = $${ca-nginx:key-file} # Log path_pid = $${directory:run}/nginx.pid path_log = $${directory:log}/nginx.log path_access_log = $${directory:log}/nginx.access.log path_error_log = $${directory:log}/nginx.error.log path_tmp = $${directory:tmp}/ # Config files path_nginx_conf = $${directory:etc}/nginx.conf # Executables bin_nginx = ${nginx-webdav:location}/sbin/nginx bin_launcher = $${directory:bin}/launcher # Utils path_shell = ${dash:location}/bin/dash # Misc. etc_dir = $${directory:etc} work_dir = $${slaprunner:working-directory} [nginx_conf] recipe = slapos.recipe.template:jinja2 template = ${template_nginx_conf:location}/${template_nginx_conf:filename} rendered = $${nginx-frontend:path_nginx_conf} context = key shellinabox_port shellinabox:port key socket gunicorn:socket section param_nginx_frontend nginx-frontend section param_tempdir tempdirectory [nginx-launcher] recipe = slapos.recipe.template:jinja2 template = ${template_launcher:location}/${template_launcher:filename} rendered = $${nginx-frontend:bin_launcher} mode = 700 context = section param_nginx_frontend nginx-frontend [httpd-parameters] path_pid = $${directory:run}/httpd.pid path_error_log = $${directory:log}/httpd-error.log path_access_log = $${directory:log}/httpd-access.log key_file = $${ca-httpd:key-file} cert_file = $${ca-httpd:cert-file} global_ip = $${slap-network-information:global-ipv6} global_port = $${slaprunner:runner_port} monitor_port = $${monitor-parameters:port} monitor_index = $${deploy-index:rendered} working_directory = $${slaprunner:working-directory} dav_lock = $${directory:var}/DavLock etc_dir = $${directory:etc} var_dir = $${directory:var} project_folder = $${directory:project} runner_home = $${runnerdirectory:home} git_http_backend = ${git:location}/libexec/git-core/git-http-backend cgi_httpd_conf = $${cgi-httpd-configuration-file:output} [httpd-conf] recipe = slapos.recipe.template:jinja2 template = ${template_httpd_conf:location}/${template_httpd_conf:filename} rendered = $${directory:etc}/httpd.conf context = section parameters httpd-parameters [cgi-httpd-wrapper] recipe = slapos.cookbook:wrapper apache-executable = ${apache:location}/bin/httpd wrapper-path = $${ca-httpd:executable} command-line = $${:apache-executable} -f $${httpd-conf:rendered} -DFOREGROUND #-------------------- #-- #-- WSGI [gunicorn] bin_gunicorn = $${directory:bin}/gunicorn bin_launcher = $${directory:services}/gunicorn path_shell = ${dash:location}/bin/dash socket = $${directory:tmp}/flaskserver.sock path_pid = $${directory:run}/gunicorn.pid [gunicorn-launcher] recipe = slapos.cookbook:wrapper command-line = $${gunicorn:bin_gunicorn} slapos.runner:app -p $${gunicorn:path_pid} -b unix:$${gunicorn:socket} -e RUNNER_CONFIG=$${slaprunner:slapos.cfg} --preload wrapper-path = $${gunicorn:bin_launcher} environment = PATH=$${environ:PATH}:${git:location}/bin/ RUNNER_CONFIG=$${slaprunner:slapos.cfg} [gunicorn-graceful] recipe = slapos.cookbook:wrapper command-line = $${directory:bin}/killpidfromfile $${gunicorn:path_pid} SIGHUP wrapper-path = $${directory:scripts}/gunicorn-graceful #-------------------- #-- #-- ssl certificates [certificate-authority] recipe = slapos.cookbook:certificate_authority openssl-binary = ${openssl:location}/bin/openssl ca-dir = $${directory:ca-dir} requests-directory = $${cadirectory:requests} wrapper = $${directory:services}/certificate_authority ca-private = $${cadirectory:private} ca-certs = $${cadirectory:certs} ca-newcerts = $${cadirectory:newcerts} ca-crl = $${cadirectory:crl} [cadirectory] recipe = slapos.cookbook:mkdirectory requests = $${directory:ca-dir}/requests/ private = $${directory:ca-dir}/private/ certs = $${directory:ca-dir}/certs/ newcerts = $${directory:ca-dir}/newcerts/ crl = $${directory:ca-dir}/crl/ [ca-nginx] <= certificate-authority recipe = slapos.cookbook:certificate_authority.request key-file = $${cadirectory:certs}/nginx_frontend.key cert-file = $${cadirectory:certs}/nginx_frontend.crt executable = $${nginx-launcher:rendered} wrapper = $${directory:services}/nginx-frontend # Put domain name name = example.com [ca-shellinabox] <= certificate-authority recipe = slapos.cookbook:certificate_authority.request executable = $${shellinabox:wrapper} wrapper = $${directory:services}/shellinaboxd key-file = $${cadirectory:certs}/shellinabox.key cert-file = $${cadirectory:certs}/shellinabox.crt #-------------------- #-- #-- Request frontend [request-frontend] <= slap-connection recipe = slapos.cookbook:requestoptional name = SlapRunner Frontend # XXX We have hardcoded SR URL here. software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg slave = true config = url domain config-url = $${slaprunner:access-url} config-domain = $${slap-parameter:frontend-domain} return = site_url domain [monitor-frontend] <= slap-connection recipe = slapos.cookbook:requestoptional name = Monitor Frontend # XXX We have hardcoded SR URL here. software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg slave = true config = url domain config-url = https://[$${cgi-httpd-configuration-file:listening-ip}]:$${monitor-parameters:port} config-domain = $${slap-parameter:frontend-domain} return = site_url domain #-------------------------------------- #-- #-- Send informations to SlapOS Master [publish-connection-informations] recipe = slapos.cookbook:publish 1_info = On your first run, Use "access_url" to setup you account. Then you can use both "url" or "access_url". Or "backend_url" if you want to use ipv6. Set up your account in the webrunner in order to use webdav, and being able to clone your git repositories from the runner. 2_info = In order to set up your account, get the recovery-code from the monitoring interface. Before read the notification on monitor_info. backend_url = $${slaprunner:access-url} access_url = $${:url}/login url = https://$${request-frontend:connection-domain} ssh_command = ssh $${dropbear-runner-server:host} -p $${dropbear-runner-server:port} monitor_url = https://$${monitor-frontend:connection-domain} webdav_url = $${:monitor_url}/share/ public_url = $${:monitor_url}/public/ git_public_url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:monitor_port}/git-public/ git_private_url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:monitor_port}/git/ #--------------------------- #-- #-- Deploy promises scripts [slaprunner-promise] recipe = slapos.cookbook:check_port_listening path = $${directory:promises}/slaprunner hostname = $${slaprunner:ipv6} port = $${slaprunner:runner_port} [slaprunner-frontend-promise] recipe = slapos.cookbook:check_url_available path = $${directory:promises}/slaprunner_frontend url = https://$${request-frontend:connection-domain}/login dash_path = ${dash:location}/bin/dash curl_path = ${curl:location}/bin/curl [dropbear-promise] recipe = slapos.cookbook:check_port_listening path = $${directory:promises}/dropbear hostname = $${dropbear-runner-server:host} port = $${dropbear-runner-server:port} [shellinabox-promise] recipe = slapos.cookbook:check_port_listening path = $${directory:promises}/shellinabox hostname = $${shellinabox:ipv6} port = $${shellinabox:port} [symlinks] recipe = cns.recipe.symlink symlink_target = $${directory:bin} symlink_base = ${buildout:directory}/bin [slap-parameter] # Default value if no ssh key is specified user-authorized-key = # Default value of instances number in slaprunner instance-amount = 10 debug = false frontend-domain = slapos-repository = http://git.erp5.org/repos/slapos.git slapos-software = slapos-software-type = slapos-reference = master auto-deploy = false auto-deploy-instance = true autorun = false monitor-port = 9684 [monitor-parameters] port = $${slap-parameter:monitor-port} [slapos-cfg] recipe = slapos.recipe.template:jinja2 template = ${slapos-cfg-template:location}/${slapos-cfg-template:filename} rendered = $${slaprunner:slapos.cfg} mode = 700 context = section slaprunner slaprunner [slapos-test-cfg] recipe = slapos.recipe.template:jinja2 template = ${slapos-cfg-template:location}/${slapos-cfg-template:filename} rendered = $${test-runner:slapos.cfg} mode = 700 context = section slaprunner test-runner [shellinabox] recipe = slapos.cookbook:shellinabox ipv6 = $${slap-network-information:global-ipv6} port = 8080 shell = $${shell:wrapper} wrapper = $${directory:bin}/shellinaboxd shellinabox-binary = ${shellinabox:location}/bin/shellinaboxd password = $${zero-parameters:shell-password} directory = $${runnerdirectory:home} login-shell = $${directory:bin}/login certificate-directory = $${cadirectory:certs} cert-file = $${ca-shellinabox:cert-file} key-file = $${ca-shellinabox:key-file} [shellinabox-code] recipe = slapos.cookbook:generate.password storage-path = $${directory:etc}/.scode bytes = 8 [shell] recipe = slapos.cookbook:shell wrapper = $${directory:bin}/sh shell = ${bash:location}/bin/bash home = $${runnerdirectory:home} path = $${environ:PATH}:${nano:location}/bin:${vim:location}/bin:${screen:location}/bin:${git:location}/bin ps1 = "\\w> " [environ] recipe = collective.recipe.environment [slapos-repo] recipe = slapos.recipe.build:gitclone repository = $${slap-parameter:slapos-repository} git-executable = ${git:location}/bin/git develop = true location = $${directory:project}/slapos [slapos-repo-config] recipe = plone.recipe.command stop-on-error = true command = cd $${slapos-repo:location} && ${git:location}/bin/git checkout $${slap-parameter:slapos-reference} && SR=$${slap-parameter:slapos-software} && if [ -n "$SR" ] && [ ! -f "$${directory:etc}/.project" ]; then echo workspace/slapos/$${slap-parameter:slapos-software}/ > $${directory:etc}/.project; fi update-command = true [prepare-software] recipe = slapos.cookbook:wrapper command-line = ${curl:location}/bin/curl -g https://[$${slaprunner:ipv6}]:$${slaprunner:runner_port}/isSRReady --max-time 1 --insecure wrapper-path = $${directory:scripts}/prepareSoftware [cron-entry-prepare-software] <= cron recipe = slapos.cookbook:cron.d name = prepare-software frequency = */2 * * * * command = $${prepare-software:wrapper-path} [instance-parameters] recipe = slapos.recipe.template:jinja2 extensions = jinja2.ext.do template = ${parameters-template:location}/${parameters-template:filename} rendered = $${directory:etc}/.parameter.xml.default mode = 0644 context = key slapparameter_dict slap-configuration:configuration [deploy-instance-parameters] recipe = plone.recipe.command stop-on-error = true parameter-xml = $${directory:etc}/.parameter.xml command = if [ ! -f $${:parameter-xml} ]; then cp $${instance-parameters:rendered} $${:parameter-xml}; fi [instance-software-type] recipe = plone.recipe.command stop-on-error = true # XXX It should not be named with .xml as it is not xml software-type-path = $${directory:etc}/.software_type.xml command = if [ ! -f $${:software-type-path} -a "$${slap-parameter:slapos-software-type}" != "" ]; then echo "$${slap-parameter:slapos-software-type}" > $${:software-type-path}; fi [slap-configuration] recipe = slapos.cookbook:slapconfiguration.serialised computer = $${slap-connection:computer-id} partition = $${slap-connection:partition-id} url = $${slap-connection:server-url} key = $${slap-connection:key-file} cert = $${slap-connection:cert-file} [public] shell-password = $${shellinabox-code:passwd} recovery-code = $${recovery-code:passwd} [zero-parameters] [monitor-current-log-access] < = monitor-directory-access source = $${directory:log}