[buildout]
parts =
  nginx_conf
  nginx-launcher
  certificate-authority
  ca-nginx
  ca-shellinabox
  gunicorn-launcher
  gunicorn-graceful
  sshkeys-dropbear-runner
  dropbear-server-add-authorized-key
  sshkeys-authority
  publish-connection-informations
  slaprunner-promise
  slaprunner-frontend-promise
  dropbear-promise
  runtestsuite
  shellinabox-promise
  symlinks
  shellinabox
  slapos-cfg
  slapos-repo-config
  cron-entry-prepare-software
  deploy-instance-parameters
  instance-software-type
{% if slapparameter_dict.get('custom-frontend-backend-url') %}
  custom-frontend-promise
{% endif %}
## Monitoring part
###Parts to add for monitoring
  cron
  certificate-authority
  cron-entry-monitor
  cron-entry-rss
  deploy-index
  deploy-settings-cgi
  deploy-status-cgi
  deploy-status-history-cgi
  setup-static-files
  certificate-authority
  zero-parameters
  public-symlink
  cgi-httpd-wrapper
  cgi-httpd-graceful-wrapper
  monitor-promise
  monitor-instance-log-access
## Monitor for runner
  monitor-current-log-access

extends = ${monitor-template:output}

eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true

{% if slapparameter_dict.get('custom-frontend-backend-url') -%}
# Requests, if defined, a frontend to allow access to a server
# located inside of the virtual machine listening to port X
# to LAN IPv4.
# Internaly, the frontend will be asked to listen on the IPv6
# with port X + 10000, to match NAT rules of Qemu.
[request-custom-frontend]
recipe = slapos.cookbook:requestoptional
software-url = {{ slapparameter_dict.get('custom-frontend-software-url', 'http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg') }}
software-type = {{ slapparameter_dict.get('custom-frontend-software-type', 'RootSoftwareInstance') }}
slave = true
name = Custom Web Frontend

server-url = $${slap-connection:server-url}
key-file = $${slap-connection:key-file}
cert-file = $${slap-connection:cert-file}
computer-id = $${slap-connection:computer-id}
partition-id = $${slap-connection:partition-id}

{%- if slapparameter_dict.get('custom-frontend-instance-guid') -%}
sla = instance_guid
sla-instance_guid = $${slap-parameter:frontend-instance-guid}
{% endif -%}

{% set custom_frontend_backend_type = slapparameter_dict.get('custom-frontend-backend-type')%}
{% if custom_frontend_backend_type %}
config = url type
config-type = {{ custom_frontend_backend_type }}
{% else %}
config = url
{% endif -%}
config-url = {{ slapparameter_dict.get('custom-frontend-backend-url') }}
return = site_url domain

[custom-frontend-promise]
recipe = slapos.cookbook:check_url_available
path = $${directory:promises}/custom_frontend_promise
url = https://$${request-custom-frontend:connection-domain}
{% if slapparameter_dict.get('custom-frontend-basic-auth') -%}
check-secure = 1
{% endif -%}
dash_path = {{ dash_executable_location }}
curl_path = {{ curl_executable_location }}

[publish-connection-informations]
custom-frontend-url = https://$${request-custom-frontend:connection-domain}
{% endif %}

# Create all needed directories
[directory]
recipe = slapos.cookbook:mkdirectory
etc = $${buildout:directory}/etc/
var = $${buildout:directory}/var/
srv = $${buildout:directory}/srv/
bin = $${buildout:directory}/bin/
tmp = $${buildout:directory}/tmp/

sshkeys = $${:srv}/sshkeys
services = $${:etc}/service/
scripts = $${:etc}/run/
ssh = $${:etc}/ssh/
log = $${:var}/log/
run = $${:var}/run/
backup = $${:srv}/backup/
promises = $${:etc}/promise/
test = $${:etc}/test/
nginx-data = $${directory:srv}/nginx
ca-dir = $${:srv}/ssl
project = $${:srv}/runner/project

[runnerdirectory]
recipe = slapos.cookbook:mkdirectory
home = $${directory:srv}/runner/
test = $${directory:srv}/test/
project = $${:home}/project
public = $${:home}/public
software-root = $${:home}/software
instance-root = $${:home}/instance
project-test = $${:test}/project
software-test = $${:test}/software
instance-test = $${:test}/instance
sessions = $${buildout:directory}/.sessions

#Create password recovery code for slaprunner
[recovery-code]
recipe = slapos.cookbook:generate.password
storage-path = $${directory:etc}/.rcode
bytes = 8

[slaprunner]
slaprunner = ${buildout:directory}/bin/slaprunner
slapos = ${buildout:directory}/bin/slapos
slapproxy = ${buildout:directory}/bin/slapproxy
supervisor = ${buildout:directory}/bin/slapgrid-supervisorctl
git-binary = ${git:location}/bin/git
root_check = false
slapos.cfg = $${directory:etc}/slapos.cfg
working-directory = $${runnerdirectory:home}
project-directory = $${runnerdirectory:project}
instance_root = $${runnerdirectory:instance-root}
software_root = $${runnerdirectory:software-root}
#XXX-Nico hardcoded default port because overridden by this buildout config
instance-monitor-url = https://[$${:ipv6}]:9685
etc_dir = $${directory:etc}
log_dir =  $${directory:log}
run_dir = $${directory:run}
ssh_client = $${sshkeys-dropbear-runner:wrapper}
public_key = $${sshkeys-dropbear-runner:public-key}
private_key = $${sshkeys-dropbear-runner:private-key}
ipv4 = $${slap-network-information:local-ipv4}
ipv6 = $${slap-network-information:global-ipv6}
instance_root = $${runnerdirectory:instance-root}
proxy_port = 50000
runner_port = 50005
partition-amount = $${slap-parameter:instance-amount}
wrapper = $${directory:services}/slaprunner
debug = $${slap-parameter:debug}
access-url = https://[$${:ipv6}]:$${:runner_port}
supervisord_config = $${directory:etc}/supervisord.conf
proxy_database = $${slaprunner:working-directory}/proxy.db
console = False
verbose = False
debug = False
auto_deploy = $${slap-parameter:auto-deploy}
auto_deploy_instance = $${slap-parameter:auto-deploy-instance}
autorun = $${slap-parameter:autorun}
knowledge0_file = $${buildout:directory}/$${public:filename}

[test-runner]
<= slaprunner
slapos.cfg = $${directory:etc}/slapos-test.cfg
working-directory = $${runnerdirectory:test}
project-directory = $${runnerdirectory:project-test}
software-directory = $${runnerdirectory:software-test}
instance-directory = $${runnerdirectory:instance-test}
proxy_port = 8602
etc_dir = $${directory:test}

[runtestsuite]
recipe = slapos.cookbook:wrapper
command-line = ${buildout:directory}/bin/slaprunnertest
wrapper-path = $${directory:bin}/runTestSuite
environment = RUNNER_CONFIG=$${slapos-test-cfg:rendered}

# Deploy dropbear (minimalist SSH server)
[sshkeys-directory]
recipe = slapos.cookbook:mkdirectory
requests = $${directory:sshkeys}/requests/
keys = $${directory:sshkeys}/keys/

[sshkeys-authority]
recipe = slapos.cookbook:sshkeys_authority
request-directory = $${sshkeys-directory:requests}
keys-directory = $${sshkeys-directory:keys}
wrapper = $${directory:services}/sshkeys_authority
keygen-binary = ${dropbear:location}/bin/dropbearkey

[dropbear-runner-server]
recipe = slapos.cookbook:dropbear
host = $${slap-network-information:global-ipv6}
port = 22222
home = $${directory:ssh}
wrapper = $${directory:bin}/runner_sshd
shell = ${bash:location}/bin/bash
rsa-keyfile = $${directory:ssh}/server_key.rsa
dropbear-binary = ${dropbear:location}/sbin/dropbear

[sshkeys-dropbear-runner]
<= sshkeys-authority
recipe = slapos.cookbook:sshkeys_authority.request
name = dropbear
type = rsa
executable = $${dropbear-runner-server:wrapper}
public-key = $${dropbear-runner-server:rsa-keyfile}.pub
private-key = $${dropbear-runner-server:rsa-keyfile}
wrapper = $${directory:services}/runner_sshd

[dropbear-server-add-authorized-key]
<= dropbear-runner-server
recipe = slapos.cookbook:dropbear.add_authorized_key
key = $${slap-parameter:user-authorized-key}

#---------------------------
#--
#-- Set nginx frontend

[tempdirectory]
recipe = slapos.cookbook:mkdirectory
client_body_temp_path = $${directory:tmp}/client_body_temp_path
proxy_temp_path = $${directory:tmp}/proxy_temp_path
fastcgi_temp_path = $${directory:tmp}/fastcgi_temp_path
uwsgi_temp_path = $${directory:tmp}/uwsgi_temp_path
scgi_temp_path = $${directory:tmp}/scgi_temp_path

[nginx-frontend]
# Options
nb_workers = 2
# Network
local-ip = $${slap-network-information:local-ipv4}
port = 30001
global-ip = $${slap-network-information:global-ipv6}
global-port = $${slaprunner:runner_port}
# Backend
runner-ip = $${slaprunner:ipv4}
runner-port = $${slaprunner:runner_port}
# SSL
ssl-certificate = $${ca-nginx:cert-file}
ssl-key = $${ca-nginx:key-file}
# Log
path_pid = $${directory:run}/nginx.pid
path_log = $${directory:log}/nginx.log
path_access_log = $${directory:log}/nginx.access.log
path_error_log = $${directory:log}/nginx.error.log
path_tmp = $${directory:tmp}/
# Config files
path_nginx_conf = $${directory:etc}/nginx.conf
# Executables
bin_nginx = ${nginx-webdav:location}/sbin/nginx
bin_launcher = $${directory:bin}/launcher
# Utils
path_shell = ${dash:location}/bin/dash
# Misc.
etc_dir = $${directory:etc}
work_dir = $${slaprunner:working-directory}

[nginx_conf]
recipe = slapos.recipe.template:jinja2
template = ${template_nginx_conf:location}/${template_nginx_conf:filename}
rendered = $${nginx-frontend:path_nginx_conf}
context =
    key shellinabox_port shellinabox:port
    key socket gunicorn:socket
    section param_nginx_frontend nginx-frontend
    section param_tempdir tempdirectory

[nginx-launcher]
recipe = slapos.recipe.template:jinja2
template = ${template_launcher:location}/${template_launcher:filename}
rendered = $${nginx-frontend:bin_launcher}
mode = 700
context =
    section param_nginx_frontend nginx-frontend

[httpd-parameters]
path_pid = $${directory:run}/httpd.pid
path_error_log = $${directory:log}/httpd-error.log
path_access_log = $${directory:log}/httpd-access.log
key_file = $${ca-httpd:key-file}
cert_file = $${ca-httpd:cert-file}
global_ip = $${slap-network-information:global-ipv6}
global_port = $${slaprunner:runner_port}
monitor_port = $${monitor-parameters:port}
monitor_index = $${deploy-index:rendered}
working_directory = $${slaprunner:working-directory}
dav_lock = $${directory:var}/DavLock
etc_dir = $${directory:etc}
var_dir = $${directory:var}
project_folder = $${directory:project}
runner_home = $${runnerdirectory:home}
git_http_backend = ${git:location}/libexec/git-core/git-http-backend
cgi_httpd_conf = $${cgi-httpd-configuration-file:output}

[httpd-conf]
recipe = slapos.recipe.template:jinja2
template = ${template_httpd_conf:location}/${template_httpd_conf:filename}
rendered = $${directory:etc}/httpd.conf
context =
    section parameters httpd-parameters

[cgi-httpd-wrapper]
recipe = slapos.cookbook:wrapper
apache-executable = ${apache:location}/bin/httpd
wrapper-path = $${ca-httpd:executable}
command-line = $${:apache-executable} -f $${httpd-conf:rendered} -DFOREGROUND

#--------------------
#--
#-- WSGI

[gunicorn]
bin_gunicorn = $${directory:bin}/gunicorn
bin_launcher = $${directory:services}/gunicorn
path_shell = ${dash:location}/bin/dash
socket = $${directory:tmp}/flaskserver.sock
path_pid = $${directory:run}/gunicorn.pid

[gunicorn-launcher]
recipe = slapos.cookbook:wrapper
command-line = $${gunicorn:bin_gunicorn} slapos.runner:app -p $${gunicorn:path_pid} -b unix:$${gunicorn:socket} -e RUNNER_CONFIG=$${slaprunner:slapos.cfg} --preload
wrapper-path = $${gunicorn:bin_launcher}
environment = PATH=$${environ:PATH}:${git:location}/bin/
  RUNNER_CONFIG=$${slaprunner:slapos.cfg}

[gunicorn-graceful]
recipe = slapos.cookbook:wrapper
command-line = $${directory:bin}/killpidfromfile $${gunicorn:path_pid} SIGHUP
wrapper-path = $${directory:scripts}/gunicorn-graceful

#--------------------
#--
#-- ssl certificates

[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = ${openssl:location}/bin/openssl
ca-dir = $${directory:ca-dir}
requests-directory = $${cadirectory:requests}
wrapper = $${directory:services}/certificate_authority
ca-private = $${cadirectory:private}
ca-certs = $${cadirectory:certs}
ca-newcerts = $${cadirectory:newcerts}
ca-crl = $${cadirectory:crl}

[cadirectory]
recipe = slapos.cookbook:mkdirectory
requests = $${directory:ca-dir}/requests/
private = $${directory:ca-dir}/private/
certs = $${directory:ca-dir}/certs/
newcerts = $${directory:ca-dir}/newcerts/
crl = $${directory:ca-dir}/crl/

[ca-nginx]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = $${cadirectory:certs}/nginx_frontend.key
cert-file = $${cadirectory:certs}/nginx_frontend.crt
executable = $${nginx-launcher:rendered}
wrapper = $${directory:services}/nginx-frontend
# Put domain name
name = example.com

[ca-shellinabox]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
executable = $${shellinabox:wrapper}
wrapper = $${directory:services}/shellinaboxd
key-file = $${cadirectory:certs}/shellinabox.key
cert-file = $${cadirectory:certs}/shellinabox.crt
#--------------------
#--
#-- Request frontend

[request-frontend]
<= slap-connection
recipe = slapos.cookbook:requestoptional
name = SlapRunner Frontend
# XXX We have hardcoded SR URL here.
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
slave = true
config = url domain
config-url = $${slaprunner:access-url}
config-domain = $${slap-parameter:frontend-domain}
return = site_url domain

[monitor-frontend]
<= slap-connection
recipe = slapos.cookbook:requestoptional
name = Monitor Frontend
# XXX We have hardcoded SR URL here.
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
slave = true
config = url domain
config-url = https://[$${cgi-httpd-configuration-file:listening-ip}]:$${monitor-parameters:port}
config-domain = $${slap-parameter:frontend-domain}
return = site_url domain

#--------------------------------------
#--
#-- Send informations to SlapOS Master

[publish-connection-informations]
recipe = slapos.cookbook:publish
1_info = On your first run, Use "access_url" to setup you account. Then you can use both "url" or "access_url". Or "backend_url" if you want to use ipv6. Set up your account in the webrunner in order to use webdav, and being able to clone your git repositories from the runner.
2_info = In order to set up your account, get the recovery-code from the monitoring interface. Before read the notification on monitor_info.
backend_url = $${slaprunner:access-url}
access_url = $${:url}/login
url =  https://$${request-frontend:connection-domain}
ssh_command = ssh $${dropbear-runner-server:host} -p $${dropbear-runner-server:port}
monitor_url = https://$${monitor-frontend:connection-domain}
webdav_url = $${:monitor_url}/share/
public_url =  $${:monitor_url}/public/
git_public_url =  https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:monitor_port}/git-public/
git_private_url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:monitor_port}/git/

#---------------------------
#--
#-- Deploy promises scripts

[slaprunner-promise]
recipe = slapos.cookbook:check_port_listening
path = $${directory:promises}/slaprunner
hostname = $${slaprunner:ipv6}
port = $${slaprunner:runner_port}

[slaprunner-frontend-promise]
recipe = slapos.cookbook:check_url_available
path = $${directory:promises}/slaprunner_frontend
url = https://$${request-frontend:connection-domain}/login
dash_path = ${dash:location}/bin/dash
curl_path = ${curl:location}/bin/curl

[dropbear-promise]
recipe = slapos.cookbook:check_port_listening
path = $${directory:promises}/dropbear
hostname = $${dropbear-runner-server:host}
port = $${dropbear-runner-server:port}

[shellinabox-promise]
recipe = slapos.cookbook:check_port_listening
path = $${directory:promises}/shellinabox
hostname = $${shellinabox:ipv6}
port = $${shellinabox:port}

[symlinks]
recipe = cns.recipe.symlink
symlink_target = $${directory:bin}
symlink_base = ${buildout:directory}/bin

[slap-parameter]
# Default value if no ssh key is specified
user-authorized-key =
# Default value of instances number in slaprunner
instance-amount = 10
debug = false
frontend-domain =
slapos-repository = http://git.erp5.org/repos/slapos.git
slapos-software =
slapos-software-type =
slapos-reference = master
auto-deploy = false
auto-deploy-instance = true
autorun = false
monitor-port = 9684

[monitor-parameters]
port = $${slap-parameter:monitor-port}

[slapos-cfg]
recipe = slapos.recipe.template:jinja2
template = ${slapos-cfg-template:location}/${slapos-cfg-template:filename}
rendered = $${slaprunner:slapos.cfg}
mode = 700
context =
  section slaprunner slaprunner

[slapos-test-cfg]
recipe = slapos.recipe.template:jinja2
template = ${slapos-cfg-template:location}/${slapos-cfg-template:filename}
rendered = $${test-runner:slapos.cfg}
mode = 700
context =
  section slaprunner test-runner

[shellinabox]
recipe = slapos.cookbook:shellinabox
ipv6 = $${slap-network-information:global-ipv6}
port = 8080
shell = $${shell:wrapper}
wrapper = $${directory:bin}/shellinaboxd
shellinabox-binary = ${shellinabox:location}/bin/shellinaboxd
password = $${zero-parameters:shell-password}
directory = $${runnerdirectory:home}
login-shell = $${directory:bin}/login
certificate-directory = $${cadirectory:certs}
cert-file = $${ca-shellinabox:cert-file}
key-file = $${ca-shellinabox:key-file}

[shellinabox-code]
recipe = slapos.cookbook:generate.password
storage-path = $${directory:etc}/.scode
bytes = 8

[shell]
recipe = slapos.cookbook:shell
wrapper = $${directory:bin}/sh
shell = ${bash:location}/bin/bash
home = $${runnerdirectory:home}
path = $${environ:PATH}:${nano:location}/bin:${vim:location}/bin:${screen:location}/bin:${git:location}/bin
ps1 = "\\w> "

[environ]
recipe = collective.recipe.environment

[slapos-repo]
recipe = slapos.recipe.build:gitclone
repository = $${slap-parameter:slapos-repository}
git-executable = ${git:location}/bin/git
develop = true
location = $${directory:project}/slapos

[slapos-repo-config]
recipe = plone.recipe.command
stop-on-error = true
command = cd $${slapos-repo:location} && ${git:location}/bin/git checkout $${slap-parameter:slapos-reference} && SR=$${slap-parameter:slapos-software} && if [ -n "$SR" ] && [ ! -f "$${directory:etc}/.project" ]; then echo workspace/slapos/$${slap-parameter:slapos-software}/ > $${directory:etc}/.project; fi
update-command = true

[prepare-software]
recipe = slapos.cookbook:wrapper
command-line = ${curl:location}/bin/curl -g https://[$${slaprunner:ipv6}]:$${slaprunner:runner_port}/isSRReady --max-time 1 --insecure
wrapper-path = $${directory:scripts}/prepareSoftware

[cron-entry-prepare-software]
<= cron
recipe = slapos.cookbook:cron.d
name = prepare-software
frequency = */2 * * * *
command = $${prepare-software:wrapper-path}

[instance-parameters]
recipe = slapos.recipe.template:jinja2
extensions = jinja2.ext.do
template = ${parameters-template:location}/${parameters-template:filename}
rendered = $${directory:etc}/.parameter.xml.default
mode = 0644
context =
  key slapparameter_dict slap-configuration:configuration

[deploy-instance-parameters]
recipe = plone.recipe.command
stop-on-error = true
parameter-xml = $${directory:etc}/.parameter.xml
command = if [ ! -f $${:parameter-xml} ]; then cp $${instance-parameters:rendered} $${:parameter-xml}; fi

[instance-software-type]
recipe = plone.recipe.command
stop-on-error = true
# XXX It should not be named with .xml as it is not xml
software-type-path = $${directory:etc}/.software_type.xml
command = if [ ! -f $${:software-type-path} -a "$${slap-parameter:slapos-software-type}" != "" ]; then echo "$${slap-parameter:slapos-software-type}" > $${:software-type-path}; fi

[slap-configuration]
recipe = slapos.cookbook:slapconfiguration.serialised
computer = $${slap-connection:computer-id}
partition = $${slap-connection:partition-id}
url = $${slap-connection:server-url}
key = $${slap-connection:key-file}
cert = $${slap-connection:cert-file}

[public]
shell-password = $${shellinabox-code:passwd}
recovery-code = $${recovery-code:passwd}

[zero-parameters]


[monitor-current-log-access]
< = monitor-directory-access
source = $${directory:log}