Commit 6b911e36 authored by Alain Takoudjou's avatar Alain Takoudjou Committed by Tristan Cavelier

deploy the new desgin of monitor instance

parent c9acedbe
...@@ -44,12 +44,61 @@ filename = monitor.cfg ...@@ -44,12 +44,61 @@ filename = monitor.cfg
md5sum = 51284c0aeb62eccd37f8a4e1621ee28c md5sum = 51284c0aeb62eccd37f8a4e1621ee28c
mode = 0644 mode = 0644
[monitor-site-template]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-monitor.cfg.jinja2.in
output = ${buildout:directory}/template-monitor.cfg
filename = instance-monitor.cfg.jinja2.in
md5sum = 51284c0aeb62eccd37f8a4e1621ee28c
mode = 0644
[monitor-site-template]
recipe = slapos.recipe.template:jinja2
filename = template-monitor.cfg
template = ${:_profile_base_location_}/instance-monitor.cfg.jinja2.in
rendered = ${buildout:directory}/template-monitor.cfg
md5sum = 566c3fad3da5e4db1efcdaf66a3e49af
context =
key apache_location apache:location
key gzip_location gzip:location
key monitor_static_html monitor-html-static:location
raw monitor_bin ${monitor-bin:location}/${monitor-bin:filename}
raw curl_executable_location ${curl:location}/bin/curl
raw dash_executable_location ${dash:location}/bin/dash
raw dcron_executable_location ${dcron:location}/sbin/crond
raw logrotate_executable_location ${logrotate:location}/usr/sbin/logrotate
raw monitor_httpd_template ${monitor-httpd-conf:location}/${monitor-httpd-conf:filename}
raw openssl_executable_location ${openssl:location}/bin/openssl
raw python_executable ${buildout:executable}
raw template_wrapper ${template-wrapper:output}
[monitor-httpd-conf]
recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/templates/${:filename}
download-only = true
md5sum = f3ac37fa505e6ce34e343f4824779cd9
filename = monitor-httpd.conf.in
mode = 0644
[monitor-service-template-conf]
recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/templates/${:filename}
download-only = true
md5sum = f8af115e19de672454a0a3fea5929638
filename = monitor-service.conf.in
mode = 0644
[monitor-html-static]
recipe = slapos.recipe.build:download-unpacked
url = https://nexedi.erp5.net/monitor-ce2136c4f1c6d7184d48d135211c6c20cd91303c.tar.gz
#md5sum
strip-top-level-dir = true
[monitor-bin] [monitor-bin]
recipe = hexagonit.recipe.download recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/${:filename} url = ${:_profile_base_location_}/${:filename}
download-only = true download-only = true
md5sum = 5b12e864f1762d7984f7d4863d0b795d md5sum = f64caed50df8add6a38ce1eac7a61585
destination = ${buildout:parts-directory}/monitor-template-monitor-bin
filename = monitor.py.in filename = monitor.py.in
mode = 0644 mode = 0644
......
[cron]
recipe = slapos.cookbook:cron
cron-entries = ${logrotate-directory:cron-entries}
dcrond-binary = {{ dcron_executable_location }}
crontabs = ${logrotate-directory:crontabs}
cronstamps = ${logrotate-directory:cronstamps}
catcher = ${cron-simplelogger:wrapper}
binary = ${logrotate-directory:services}/crond
[cron-simplelogger]
recipe = slapos.cookbook:simplelogger
wrapper = ${logrotate-directory:bin}/cron_simplelogger
log = ${logrotate-directory:log}/cron.log
[logrotate]
recipe = slapos.cookbook:logrotate
logrotate-entries = ${logrotate-directory:logrotate-entries}
backup = ${logrotate-directory:logrotate-backup}
logrotate-binary = {{ logrotate_executable_location }}
gzip-binary = {{ gzip_location }}/bin/gzip
gunzip-binary = {{ gzip_location }}/bin/gunzip
wrapper = ${logrotate-directory:bin}/logrotate
conf = ${logrotate-directory:etc}/logrotate.conf
state-file = ${logrotate-directory:srv}/logrotate.status
[cron-entry-logrotate]
recipe = slapos.cookbook:cron.d
cron-entries = ${cron:cron-entries}
name = logrotate
frequency = 0 0 * * *
command = ${logrotate:wrapper}
[cron]
recipe = slapos.cookbook:cron
dcrond-binary = ${dcron:location}/sbin/crond
cron-entries = $${monitor-directory:cron-entries}
crontabs = $${monitor-directory:crontabs}
cronstamps = $${monitor-directory:cronstamps}
catcher = $${cron-simplelogger:wrapper}
binary = $${monitor-directory:services}/crond
# Add log to cron
[cron-simplelogger]
recipe = slapos.cookbook:simplelogger
wrapper = $${monitor-directory:bin}/cron_simplelogger
log = $${monitor-directory:log}/cron.log
[directory]
recipe = slapos.cookbook:mkdirectory
etc = ${buildout:directory}/etc
bin = ${buildout:directory}/bin
srv = ${buildout:directory}/srv
var = ${buildout:directory}/var
run = ${:var}/run
log = ${:var}/log
scripts = ${:etc}/run
services = ${:etc}/service
promises = ${:etc}/promise
ssl = ${:etc}/ssl
monitor = ${:srv}/monitor
[monitor-directory]
recipe = slapos.cookbook:mkdirectory
etc = ${directory:etc}
run = ${directory:monitor}/run
cgi-bin = ${directory:monitor}/cgi-bin
public = ${directory:monitor}/public
private = ${directory:monitor}/private
services-conf = ${directory:etc}/monitor.conf.d
www = ${directory:monitor}/web
log = ${directory:log}/monitor
[logrotate-directory]
recipe = slapos.cookbook:mkdirectory
cron-entries = ${:etc}/cron.d
cronstamps = ${:etc}/cronstamps
crontabs = ${:etc}/crontabs
logrotate-backup = ${:backup}/logrotate
logrotate-entries = ${:etc}/logrotate.d
bin = ${buildout:directory}/bin
srv = ${buildout:directory}/srv
backup = ${:srv}/backup
etc = ${buildout:directory}/etc
services = ${:etc}/service
log = ${buildout:directory}/var/log
[ca-directory]
recipe = slapos.cookbook:mkdirectory
requests = ${directory:ssl}/requests/
private = ${directory:ssl}/private/
certs = ${directory:ssl}/certs/
newcerts = ${directory:ssl}/newcerts/
crl = ${directory:ssl}/crl/
[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = {{ openssl_executable_location }}
ca-dir = ${monitor-directory:ca-dir}
requests-directory = ${ca-directory:requests}
wrapper = ${monitor-directory:services}/certificate_authority
ca-private = ${ca-directory:private}
ca-certs = ${ca-directory:certs}
ca-newcerts = ${ca-directory:newcerts}
ca-crl = ${ca-directory:crl}
[ca-httpd]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = ${monitor-httpd-conf:key-file}
cert-file = ${monitor-httpd-conf:cert-file}
executable = ${httpd-wrapper:wrapper-path}
wrapper = ${directory:services}/monitor-httpd
[monitor]
recipe = slapos.cookbook:zero-knowledge.write
filename = ${monitor-directory:etc}/monitor.conf
public-folder = ${monitor-directory:public}
private-folder = ${monitor-directory:private}
web-folder = ${monitor-static-web:web-dir}
monitor-json = ${monitor-static-web:web-dir}/monitor.json
public-path-list =
${directory:log}
private-path-list =
monitor-url-list =
[httpd-monitor-htaccess]
recipe = plone.recipe.command
stop-on-error = true
htaccess-path = ${monitor-directory:etc}/.htaccess
command = {{ apache_location }}/bin/htpasswd -cb ${:htaccess-path} ${:user} ${:password}
user = admin
password = admin
[monitor-httpd-conf]
listening-ip = ${slap-network-information:global-ipv6}
port = 9206
pid-file = ${directory:run}/httpd.pid
cgid-pid-file = ${directory:run}/cgid.pid
access-log = ${monitor-directory:log}/httpd-access.log
error-log = ${monitor-directory:log}/httpd-error.log
cert-file = ${ca-directory:certs}/httpd.crt
key-file = ${ca-directory:certs}/httpd.key
htaccess-file = ${httpd-monitor-htaccess:htaccess-path}
url = https://[${slap-network-information:global-ipv6}]:${:port}/
[monitor-httpd-conf]
recipe = slapos.recipe.template:jinja2
template = {{ monitor_httpd_template }}
rendered = ${monitor-directory:etc}/monitor-httpd.conf
mode = 0744
context =
section directory monitor-directory
section monitor_parameters monitor
section monitor_httpd monitor-httpd-conf
[httpd-wrapper]
recipe = slapos.cookbook:wrapper
command-line = {{ apache_location }}/bin/httpd -f ${monitor-httpd-conf:rendered} -DFOREGROUND
wrapper-path = ${directory:bin}/monitor-httpd
wait-for-files =
${ca-directory:certs}/httpd.key
${ca-directory:certs}/httpd.crt
[cgi-httpd-graceful-wrapper]
recipe = slapos.recipe.template:jinja2
template = {{ template_wrapper }}
rendered = ${directory:run}/monitor-httpd-graceful
mode = 0700
context =
key content :command
command = kill -USR1 $(cat ${monitor-httpd-conf:pid-file})
[monitor-static-web]
recipe = plone.recipe.command
web-dir = ${monitor-directory:www}/
command =
cp -ax {{monitor_static_html}}/* ${:web-dir}
update-command =
stop-on-error = true
[start-monitor]
recipe = slapos.recipe.template:jinja2
template = {{ monitor_bin }}
rendered = ${directory:scripts}/bootstrap-monitor
context =
raw python_executable {{ python_executable }}
key configuration_location monitor:filename
[monitor-promise]
recipe = slapos.cookbook:check_url_available
path = ${directory:promises}/monitor
url = ${monitor-httpd-conf:url}
check-secure = 1
dash_path = {{ dash_executable_location }}
curl_path = {{ curl_executable_location }}
[publish-connection-information]
recipe = slapos.cookbook:publish
monitor_url_v6 = ${monitor-httpd-conf:url}
[buildout]
parts =
cron-entry-logrotate
certificate-authority
monitor
start-monitor
ca-httpd
publish-connection-information
PidFile "{{ monitor_httpd.get('pid-file') }}"
StartServers 1
ServerLimit 1
ThreadLimit 4
ThreadsPerChild 4
ServerName example.com
ServerAdmin someone@email
<IfDefine !MonitorPort>
Listen [{{ monitor_httpd.get('listening-ip') }}]:{{ monitor_httpd.get('port') }}
Define MonitorPort
</IfDefine>
DocumentRoot "{{ directory.get('www') }}"
ErrorLog "{{ monitor_httpd.get('error-log') }}"
LoadModule unixd_module modules/mod_unixd.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule mime_module modules/mod_mime.so
LoadModule cgid_module modules/mod_cgid.so
LoadModule dir_module modules/mod_dir.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule alias_module modules/mod_alias.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule rewrite_module modules/mod_rewrite.so
# SSL Configuration
<IfDefine !SSLConfigured>
Define SSLConfigured
SSLCertificateFile {{ monitor_httpd.get('cert-file') }}
SSLCertificateKeyFile {{ monitor_httpd.get('key-file') }}
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLRandomSeed startup /dev/urandom 256
SSLRandomSeed connect builtin
SSLProtocol -ALL +SSLv3 +TLSv1
SSLHonorCipherOrder On
SSLCipherSuite RC4-SHA:HIGH:!ADH
</IfDefine>
SSLEngine On
ScriptSock {{ monitor_httpd.get('cgid-pid-file') }}
<Directory {{ directory.get('www') }}>
SSLVerifyDepth 1
SSLRequireSSL
SSLOptions +StrictRequire
# XXX: security????
#Options +ExecCGI
#AddHandler cgi-script .cgi
DirectoryIndex index.html
Options FollowSymLinks
Order Allow,Deny
Allow from all
</Directory>
Alias /private {{ directory.get('private') }}/
<Directory {{ directory.get('private') }}>
Order Deny,Allow
Deny from env=AUTHREQUIRED
<Files ".??*">
Order Allow,Deny
Deny from all
</Files>
AuthType Basic
AuthName "Private access"
AuthUserFile "{{ monitor_httpd.get('htaccess-file') }}"
Require valid-user
Options Indexes FollowSymLinks
Satisfy all
</Directory>
Alias /public {{ directory.get('public') }}/
<Directory {{ directory.get('public') }}>
Options Indexes FollowSymLinks
Order Allow,Deny
Allow from all
</Directory>
[service]
name = {{ name }}
title = {{ title }}
frequency = {{ frequency }}
script_path = {{ script_path }}
public_path_list =
{{ public_path_list.split() | join('\n ') }}
private_path_list =
{{ private_path_list.split() | join('\n ') }}
[parameter]
{% for key, value in parameters.iteritems() -%}
{{ key }} = {{ value }}
{% endfor -%}
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment