deploy the new desgin of monitor instance

stack/monitor/buildout.cfg

@@ -44,12 +44,61 @@ filename = monitor.cfg
 md5sum = 51284c0aeb62eccd37f8a4e1621ee28c
 mode = 0644
 
+[monitor-site-template]
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance-monitor.cfg.jinja2.in
+output = ${buildout:directory}/template-monitor.cfg
+filename = instance-monitor.cfg.jinja2.in
+md5sum = 51284c0aeb62eccd37f8a4e1621ee28c
+mode = 0644
+
+[monitor-site-template]
+recipe = slapos.recipe.template:jinja2
+filename = template-monitor.cfg
+template = ${:_profile_base_location_}/instance-monitor.cfg.jinja2.in
+rendered = ${buildout:directory}/template-monitor.cfg
+md5sum = 566c3fad3da5e4db1efcdaf66a3e49af
+context =
+    key apache_location apache:location
+    key gzip_location gzip:location
+    key monitor_static_html monitor-html-static:location
+    raw monitor_bin ${monitor-bin:location}/${monitor-bin:filename}
+    raw curl_executable_location ${curl:location}/bin/curl
+    raw dash_executable_location ${dash:location}/bin/dash
+    raw dcron_executable_location ${dcron:location}/sbin/crond
+    raw logrotate_executable_location ${logrotate:location}/usr/sbin/logrotate
+    raw monitor_httpd_template ${monitor-httpd-conf:location}/${monitor-httpd-conf:filename}
+    raw openssl_executable_location ${openssl:location}/bin/openssl
+    raw python_executable ${buildout:executable}
+    raw template_wrapper ${template-wrapper:output}
+
+[monitor-httpd-conf]
+recipe = hexagonit.recipe.download
+url = ${:_profile_base_location_}/templates/${:filename}
+download-only = true
+md5sum = f3ac37fa505e6ce34e343f4824779cd9
+filename = monitor-httpd.conf.in
+mode = 0644
+
+[monitor-service-template-conf]
+recipe = hexagonit.recipe.download
+url = ${:_profile_base_location_}/templates/${:filename}
+download-only = true
+md5sum = f8af115e19de672454a0a3fea5929638
+filename = monitor-service.conf.in
+mode = 0644
+
+[monitor-html-static]
+recipe = slapos.recipe.build:download-unpacked
+url = https://nexedi.erp5.net/monitor-ce2136c4f1c6d7184d48d135211c6c20cd91303c.tar.gz
+#md5sum
+strip-top-level-dir = true
+
 [monitor-bin]
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/${:filename}
 download-only = true
-md5sum = 5b12e864f1762d7984f7d4863d0b795d
-destination = ${buildout:parts-directory}/monitor-template-monitor-bin
+md5sum = f64caed50df8add6a38ce1eac7a61585
 filename = monitor.py.in
 mode = 0644
 

stack/monitor/instance-monitor.cfg.jinja2.in

+[cron]
+recipe = slapos.cookbook:cron
+cron-entries = ${logrotate-directory:cron-entries}
+dcrond-binary = {{ dcron_executable_location }}
+crontabs = ${logrotate-directory:crontabs}
+cronstamps = ${logrotate-directory:cronstamps}
+catcher = ${cron-simplelogger:wrapper}
+binary = ${logrotate-directory:services}/crond
+
+[cron-simplelogger]
+recipe = slapos.cookbook:simplelogger
+wrapper = ${logrotate-directory:bin}/cron_simplelogger
+log = ${logrotate-directory:log}/cron.log
+
+[logrotate]
+recipe = slapos.cookbook:logrotate
+logrotate-entries = ${logrotate-directory:logrotate-entries}
+backup = ${logrotate-directory:logrotate-backup}
+logrotate-binary = {{ logrotate_executable_location }}
+gzip-binary = {{ gzip_location }}/bin/gzip
+gunzip-binary = {{ gzip_location }}/bin/gunzip
+wrapper = ${logrotate-directory:bin}/logrotate
+conf = ${logrotate-directory:etc}/logrotate.conf
+state-file = ${logrotate-directory:srv}/logrotate.status
+
+[cron-entry-logrotate]
+recipe = slapos.cookbook:cron.d
+cron-entries = ${cron:cron-entries}
+name = logrotate
+frequency = 0 0 * * *
+command = ${logrotate:wrapper}
+
+
+[cron]
+recipe = slapos.cookbook:cron
+dcrond-binary = ${dcron:location}/sbin/crond
+cron-entries = $${monitor-directory:cron-entries}
+crontabs = $${monitor-directory:crontabs}
+cronstamps = $${monitor-directory:cronstamps}
+catcher = $${cron-simplelogger:wrapper}
+binary = $${monitor-directory:services}/crond
+
+# Add log to cron
+[cron-simplelogger]
+recipe = slapos.cookbook:simplelogger
+wrapper = $${monitor-directory:bin}/cron_simplelogger
+log = $${monitor-directory:log}/cron.log
+
+[directory]
+recipe = slapos.cookbook:mkdirectory
+etc = ${buildout:directory}/etc
+bin = ${buildout:directory}/bin
+srv = ${buildout:directory}/srv
+var = ${buildout:directory}/var
+run = ${:var}/run
+log = ${:var}/log
+scripts = ${:etc}/run
+services = ${:etc}/service
+promises = ${:etc}/promise
+ssl = ${:etc}/ssl
+monitor = ${:srv}/monitor
+
+[monitor-directory]
+recipe = slapos.cookbook:mkdirectory
+etc = ${directory:etc}
+run = ${directory:monitor}/run
+cgi-bin = ${directory:monitor}/cgi-bin
+public = ${directory:monitor}/public
+private = ${directory:monitor}/private
+services-conf = ${directory:etc}/monitor.conf.d
+www = ${directory:monitor}/web
+log = ${directory:log}/monitor
+
+[logrotate-directory]
+recipe = slapos.cookbook:mkdirectory
+cron-entries = ${:etc}/cron.d
+cronstamps = ${:etc}/cronstamps
+crontabs = ${:etc}/crontabs
+logrotate-backup = ${:backup}/logrotate
+logrotate-entries = ${:etc}/logrotate.d
+bin = ${buildout:directory}/bin
+srv = ${buildout:directory}/srv
+backup = ${:srv}/backup
+etc = ${buildout:directory}/etc
+services = ${:etc}/service
+log = ${buildout:directory}/var/log
+
+[ca-directory]
+recipe = slapos.cookbook:mkdirectory
+requests = ${directory:ssl}/requests/
+private = ${directory:ssl}/private/
+certs = ${directory:ssl}/certs/
+newcerts = ${directory:ssl}/newcerts/
+crl = ${directory:ssl}/crl/
+
+[certificate-authority]
+recipe = slapos.cookbook:certificate_authority
+openssl-binary = {{ openssl_executable_location }}
+ca-dir = ${monitor-directory:ca-dir}
+requests-directory = ${ca-directory:requests}
+wrapper = ${monitor-directory:services}/certificate_authority
+ca-private = ${ca-directory:private}
+ca-certs = ${ca-directory:certs}
+ca-newcerts = ${ca-directory:newcerts}
+ca-crl = ${ca-directory:crl}
+
+[ca-httpd]
+<= certificate-authority
+recipe = slapos.cookbook:certificate_authority.request
+key-file = ${monitor-httpd-conf:key-file}
+cert-file = ${monitor-httpd-conf:cert-file}
+executable = ${httpd-wrapper:wrapper-path}
+wrapper = ${directory:services}/monitor-httpd
+
+[monitor]
+recipe = slapos.cookbook:zero-knowledge.write
+filename = ${monitor-directory:etc}/monitor.conf
+
+public-folder = ${monitor-directory:public}
+private-folder = ${monitor-directory:private}
+web-folder = ${monitor-static-web:web-dir}
+monitor-json = ${monitor-static-web:web-dir}/monitor.json
+public-path-list = 
+  ${directory:log}
+private-path-list = 
+
+monitor-url-list = 
+
+
+[httpd-monitor-htaccess]
+recipe = plone.recipe.command
+stop-on-error = true
+htaccess-path = ${monitor-directory:etc}/.htaccess
+command = {{ apache_location }}/bin/htpasswd -cb ${:htaccess-path} ${:user} ${:password}
+user = admin
+password = admin
+
+[monitor-httpd-conf]
+listening-ip = ${slap-network-information:global-ipv6}
+port = 9206
+pid-file = ${directory:run}/httpd.pid
+cgid-pid-file = ${directory:run}/cgid.pid
+access-log = ${monitor-directory:log}/httpd-access.log
+error-log = ${monitor-directory:log}/httpd-error.log
+cert-file = ${ca-directory:certs}/httpd.crt
+key-file = ${ca-directory:certs}/httpd.key
+htaccess-file = ${httpd-monitor-htaccess:htaccess-path}
+url = https://[${slap-network-information:global-ipv6}]:${:port}/
+
+[monitor-httpd-conf]
+recipe = slapos.recipe.template:jinja2
+template = {{ monitor_httpd_template }}
+rendered = ${monitor-directory:etc}/monitor-httpd.conf
+mode = 0744
+context =
+  section directory monitor-directory
+  section monitor_parameters monitor
+  section monitor_httpd monitor-httpd-conf
+
+[httpd-wrapper]
+recipe = slapos.cookbook:wrapper
+command-line = {{ apache_location }}/bin/httpd -f ${monitor-httpd-conf:rendered} -DFOREGROUND
+wrapper-path = ${directory:bin}/monitor-httpd
+wait-for-files =
+  ${ca-directory:certs}/httpd.key
+  ${ca-directory:certs}/httpd.crt
+
+[cgi-httpd-graceful-wrapper]
+recipe = slapos.recipe.template:jinja2
+template = {{ template_wrapper }}
+rendered = ${directory:run}/monitor-httpd-graceful
+mode = 0700
+context =
+    key content :command
+command = kill -USR1 $(cat ${monitor-httpd-conf:pid-file})
+
+[monitor-static-web]
+recipe = plone.recipe.command
+web-dir = ${monitor-directory:www}/
+command = 
+  cp -ax {{monitor_static_html}}/* ${:web-dir}
+update-command = 
+stop-on-error = true
+
+[start-monitor]
+recipe = slapos.recipe.template:jinja2
+template = {{ monitor_bin }}
+rendered = ${directory:scripts}/bootstrap-monitor
+context = 
+  raw python_executable {{ python_executable }}
+  key configuration_location monitor:filename
+
+[monitor-promise]
+recipe = slapos.cookbook:check_url_available
+path = ${directory:promises}/monitor
+url = ${monitor-httpd-conf:url}
+check-secure = 1
+dash_path = {{ dash_executable_location }}
+curl_path = {{ curl_executable_location }}
+
+[publish-connection-information]
+recipe = slapos.cookbook:publish
+monitor_url_v6 = ${monitor-httpd-conf:url}
+
+[buildout]
+parts =
+  cron-entry-logrotate
+  certificate-authority
+  monitor
+  start-monitor
+  ca-httpd
+  publish-connection-information

stack/monitor/templates/monitor-httpd.conf.in

+PidFile "{{ monitor_httpd.get('pid-file') }}"
+
+StartServers 1
+ServerLimit 1
+ThreadLimit 4
+ThreadsPerChild 4
+
+ServerName example.com
+ServerAdmin someone@email
+<IfDefine !MonitorPort>
+Listen [{{ monitor_httpd.get('listening-ip') }}]:{{ monitor_httpd.get('port') }}
+Define MonitorPort
+</IfDefine>
+DocumentRoot "{{ directory.get('www') }}"
+ErrorLog "{{ monitor_httpd.get('error-log') }}"
+LoadModule unixd_module modules/mod_unixd.so
+LoadModule access_compat_module modules/mod_access_compat.so
+LoadModule authz_core_module modules/mod_authz_core.so
+LoadModule authn_core_module modules/mod_authn_core.so
+LoadModule authz_host_module modules/mod_authz_host.so
+LoadModule mime_module modules/mod_mime.so
+LoadModule cgid_module modules/mod_cgid.so
+LoadModule dir_module modules/mod_dir.so
+LoadModule ssl_module modules/mod_ssl.so
+LoadModule alias_module modules/mod_alias.so
+LoadModule autoindex_module modules/mod_autoindex.so
+LoadModule auth_basic_module modules/mod_auth_basic.so
+LoadModule authz_user_module modules/mod_authz_user.so
+LoadModule authn_file_module modules/mod_authn_file.so
+LoadModule proxy_module      modules/mod_proxy.so
+LoadModule proxy_http_module modules/mod_proxy_http.so
+LoadModule rewrite_module modules/mod_rewrite.so
+
+# SSL Configuration
+<IfDefine !SSLConfigured>
+Define SSLConfigured
+SSLCertificateFile {{ monitor_httpd.get('cert-file') }}
+SSLCertificateKeyFile {{ monitor_httpd.get('key-file') }}
+SSLRandomSeed startup builtin
+SSLRandomSeed connect builtin
+SSLRandomSeed startup /dev/urandom 256
+SSLRandomSeed connect builtin
+SSLProtocol -ALL +SSLv3 +TLSv1
+SSLHonorCipherOrder On
+SSLCipherSuite RC4-SHA:HIGH:!ADH
+</IfDefine>
+
+SSLEngine   On
+ScriptSock {{ monitor_httpd.get('cgid-pid-file') }}
+<Directory {{ directory.get('www') }}>
+  SSLVerifyDepth    1
+  SSLRequireSSL
+  SSLOptions        +StrictRequire
+  # XXX: security????
+  #Options +ExecCGI
+  #AddHandler cgi-script .cgi
+  DirectoryIndex index.html
+  Options FollowSymLinks
+  Order Allow,Deny
+  Allow from all
+</Directory>
+
+Alias /private {{ directory.get('private') }}/
+<Directory {{ directory.get('private') }}>
+Order Deny,Allow
+Deny from env=AUTHREQUIRED
+<Files ".??*">
+  Order Allow,Deny
+  Deny from all
+</Files>
+AuthType Basic
+AuthName "Private access"
+AuthUserFile "{{ monitor_httpd.get('htaccess-file') }}"
+Require valid-user
+Options Indexes FollowSymLinks
+Satisfy all
+</Directory>
+
+Alias /public {{ directory.get('public') }}/
+<Directory {{ directory.get('public') }}>
+  Options Indexes FollowSymLinks
+  Order Allow,Deny
+  Allow from all
+</Directory>

stack/monitor/templates/monitor-service.conf.in

+[service]
+name = {{ name }}
+title = {{ title }}
+frequency = {{ frequency }}
+script_path = {{ script_path }}
+public_path_list = 
+  {{ public_path_list.split() | join('\n  ') }}
+private_path_list = 
+  {{ private_path_list.split() | join('\n  ') }}
+
+[parameter]
+{% for key, value in parameters.iteritems() -%}
+{{ key }} = {{ value }}
+{% endfor -%}
\ No newline at end of file