instance-runner.cfg 28.3 KB
Newer Older
1 2
[buildout]
parts =
3 4 5 6
  nginx_conf
  nginx-launcher
  certificate-authority
  ca-nginx
7 8
  gunicorn-launcher
  gunicorn-graceful
9
  publish-connection-information
10
  slaprunner-promise
11
  apache-httpd-promise
12
  slaprunner-supervisord-wrapper
13 14 15
  runner-sshd-add-authorized-key
  runner-sshd-graceful
  runner-sshd-promise
16 17
  runner-sshkeys-authority
  runner-sshkeys-sshd
18
  runtestsuite
19
  symlinks
20
  shellinabox
21
  slapos-cfg
22
  cron-entry-prepare-software
23
  deploy-instance-parameters
24
  instance-software
25
  instance-software-type
26
  minishell-cwd
27
  bash-profile
28
  supervisord-wrapper
29
  supervisord-promise
30
  httpd-graceful-wrapper
31 32 33 34
{% if slapparameter_dict.get('no-ipv4-frontend', 'false') == 'false' %}
  slaprunner-frontend-promise
  httpd-frontend-promise
{% endif %}
35
{% if slapparameter_dict.get('custom-frontend-backend-url') and slapparameter_dict.get('check-custom-frontend-promise', 'false') == 'true' %}
36 37
  custom-frontend-promise
{% endif %}
38
## Monitoring part
39
  monitor-base
40
  monitor-check-webrunner-internal-instance
41

42
extends = ${monitor2-template:rendered}
43 44 45 46 47

eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true

48 49
{% if slapparameter_dict.get('custom-frontend-backend-url') -%}
[request-custom-frontend]
50
recipe = slapos.cookbook:requestoptional
51
software-url = {{ slapparameter_dict.get('custom-frontend-software-url', 'http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg') }}
52 53 54 55
software-type = {{ slapparameter_dict.get('custom-frontend-software-type', 'RootSoftwareInstance') }}
slave = true
name = Custom Web Frontend

56 57 58 59 60
server-url = $${slap-connection:server-url}
key-file = $${slap-connection:key-file}
cert-file = $${slap-connection:cert-file}
computer-id = $${slap-connection:computer-id}
partition-id = $${slap-connection:partition-id}
61

62
{% if slapparameter_dict.get('custom-frontend-instance-guid') -%}
63
sla-instance_guid = $${slap-parameter:frontend-instance-guid}
64 65
{% endif -%}

66 67
{% set custom_frontend_backend_type = slapparameter_dict.get('custom-frontend-backend-type') -%}
{% if custom_frontend_backend_type -%}
68 69
config-type = {{ custom_frontend_backend_type }}
{% endif -%}
70
config-url = {{ slapparameter_dict.get('custom-frontend-backend-url') }}
71
return = site_url domain
72 73 74

[custom-frontend-promise]
recipe = slapos.cookbook:check_url_available
75 76 77 78 79
path = $${directory:promises}/custom_frontend_promise
url = https://$${request-custom-frontend:connection-domain}
{% if slapparameter_dict.get('custom-frontend-basic-auth') -%}
check-secure = 1
{% endif -%}
80 81 82
dash_path = {{ dash_executable_location }}
curl_path = {{ curl_executable_location }}

83
[publish-connection-information]
84
custom-frontend-url = https://$${request-custom-frontend:connection-domain}
85
{% endif %}
86

87
# Create all needed directories
88
[directory]
89
recipe = slapos.cookbook:mkdirectory
90 91 92 93 94 95
home = $${buildout:directory}
etc = $${:home}/etc/
var = $${:home}/var/
srv = $${:home}/srv/
bin = $${:home}/bin/
tmp = $${:home}/tmp/
96

97 98 99 100 101 102 103 104 105
sshkeys = $${:srv}/sshkeys
services = $${:etc}/service/
scripts = $${:etc}/run/
ssh = $${:etc}/ssh/
log = $${:var}/log/
run = $${:var}/run/
backup = $${:srv}/backup/
promises = $${:etc}/promise/
test = $${:etc}/test/
106
nginx-data = $${:srv}/nginx
107
ca-dir = $${:srv}/ssl
108
project = $${:srv}/runner/project
109
cgi-bin = $${:srv}/cgi-bin
110 111 112

[runnerdirectory]
recipe = slapos.cookbook:mkdirectory
113 114
home = $${directory:srv}/runner/
test = $${directory:srv}/test/
115
project = $${:home}/project
116
public = $${:home}/public
117
software-root = {{ slapparameter_dict.get('software-root', '$${:home}/software') }}
118
instance-root = $${:home}/instance
119 120 121
project-test = $${:test}/project
software-test = $${:test}/software
instance-test = $${:test}/instance
122
sessions = $${buildout:directory}/.sessions
123 124
private-project = $${:home}/.git-private
public-project = $${:home}/.git-public
125 126

[slaprunner]
127
slaprunner = ${buildout:directory}/bin/slaprunner
128
slapos = ${buildout:directory}/bin/slapos
129 130
slapproxy = ${buildout:directory}/bin/slapproxy
supervisor = ${buildout:directory}/bin/slapgrid-supervisorctl
131
git-binary = ${git:location}/bin/git
132
root_check = false
133
slapos.cfg = $${directory:etc}/slapos.cfg
134 135
working-directory = $${runnerdirectory:home}
project-directory = $${runnerdirectory:project}
136 137
instance_root = $${runnerdirectory:instance-root}
software_root = $${runnerdirectory:software-root}
138
ssh_client = ${openssh:location}/bin/ssh
139 140
public_key = $${runner-sshd-raw-server:rsa-keyfile}.pub
private_key = $${runner-sshd-raw-server:rsa-keyfile}
141
instance-monitor-url = https://[$${:ipv6}]:$${monitor-parameters:port}
142 143 144
etc_dir = $${directory:etc}
log_dir =  $${directory:log}
run_dir = $${directory:run}
145 146
ipv4 = $${slap-network-information:local-ipv4}
ipv6 = $${slap-network-information:global-ipv6}
147
instance_root = $${runnerdirectory:instance-root}
148 149
proxy_port = 50000
runner_port = 50005
150
partition-amount = $${slap-parameter:instance-amount}
151
wrapper = $${directory:services}/slaprunner
152
debug = $${slap-parameter:debug}
153
access-url = https://[$${:ipv6}]:$${:runner_port}
154
supervisord_config = $${directory:etc}/supervisord.conf
155
supervisord_server = http://$${supervisord:server}
156
proxy_database = $${slaprunner:working-directory}/proxy.db
157 158 159
console = False
verbose = False
debug = False
160 161 162
auto_deploy = $${slap-parameter:auto-deploy}
auto_deploy_instance = $${slap-parameter:auto-deploy-instance}
autorun = $${slap-parameter:autorun}
163
knowledge0_file = $${monitor-instance-parameter:configuration-file-path}
164
minishell_cwd_file = $${directory:etc}/.minishell-cwd
165
minishell_history_file = $${directory:etc}/.minishell_history
166 167
software_info_json = $${runnerdirectory:home}/software_info.json
instance_info_json = $${runnerdirectory:home}/instance_info.json
168
path = $${shell:path}
169
instance_name = $${slap-parameter:instance-name}
170

171 172 173
default_repository = $${slap-parameter:slapos-repository}
default_repository_branch = $${slap-parameter:slapos-reference}

174 175 176 177 178 179 180 181 182 183 184

#---------------------------
#--
#-- supervisord managing slaprunner instance processes
[slaprunner-supervisord-wrapper]
recipe = slapos.cookbook:wrapper
# XXX hardcoded locations
command-line = $${buildout:directory}/bin/slapos node supervisord --cfg $${directory:etc}/slapos.cfg -n
wrapper-path = $${directory:services}/slaprunner-supervisord


185 186
[test-runner]
<= slaprunner
187
slapos.cfg = $${directory:etc}/slapos-test.cfg
188 189
working-directory = $${runnerdirectory:test}
project-directory = $${runnerdirectory:project-test}
190 191
software_root = $${runnerdirectory:software-test}
instance_root = $${runnerdirectory:instance-test}
192
proxy_port = 8602
193
etc_dir = $${directory:test}
194 195
autorun = False
auto_deploy = True
196

197 198
[runtestsuite]
recipe = slapos.cookbook:wrapper
199 200
arguments = --server_url=$${slap-connection:server-url} --key_file=$${slap-connection:key-file} --cert_file=$${slap-connection:cert-file} --computer_id=$${slap-connection:computer-id} --partition_id=$${slap-connection:partition-id}
command-line = ${buildout:directory}/bin/slaprunnertest $${:arguments}
201
wrapper-path = $${directory:bin}/runTestSuite
202
environment = RUNNER_CONFIG=$${slapos-cfg:rendered}
203
parameters-extra = true
204

205 206 207 208 209 210 211 212 213 214 215
# Deploy openssh-server
[runner-sshd-port]
recipe = slapos.cookbook:free_port
minimum = 22222
maximum = 22231
ip = $${slap-network-information:global-ipv6}

[runner-sshd-config]
recipe = slapos.recipe.template:jinja2
rendered = $${directory:etc}/runner-sshd.conf
path_pid = $${directory:run}/runner-sshd.pid
216
host_key = $${directory:ssh}/runner_server_key.rsa
217 218 219 220 221 222
template = inline:
  PidFile $${:path_pid}
  Port $${runner-sshd-port:port}
  ListenAddress $${slap-network-information:global-ipv6}
  Protocol 2
  UsePrivilegeSeparation no
223
  HostKey $${:host_key}
224 225 226
  PasswordAuthentication no
  PubkeyAuthentication yes
  AuthorizedKeysFile $${buildout:directory}/.ssh/authorized_keys
227
  ForceCommand if [ -z "$SSH_ORIGINAL_COMMAND" ]; then ${bash:location}/bin/bash -l; else eval "$SSH_ORIGINAL_COMMAND"; fi
228
  Subsystem sftp ${openssh:location}/libexec/sftp-server
229

230
[runner-sshd-raw-server]
231
recipe = slapos.cookbook:wrapper
232
host = $${slap-network-information:global-ipv6}
233
rsa-keyfile = $${runner-sshd-config:host_key}
234
home = $${directory:ssh}
235
command-line = ${openssh:location}/sbin/sshd -D -e -f $${runner-sshd-config:rendered}
236 237 238 239 240 241 242 243 244
wrapper-path = $${directory:bin}/runner_raw_sshd

[runner-sshd-authorized-key]
<= runner-sshd-raw-server
recipe = slapos.cookbook:dropbear.add_authorized_key
key = $${slap-parameter:user-authorized-key}

[runner-sshd-server]
recipe = collective.recipe.template
245
log = $${directory:log}/runner-sshd.log
246 247 248
input = inline:#!/bin/sh
    exec $${runner-sshd-raw-server:wrapper-path} >> $${:log} 2>&1

249
output = $${directory:bin}/runner_raw_sshd_log
250
mode = 700
251 252 253 254 255 256

[runner-sshd-graceful]
recipe = slapos.cookbook:wrapper
command-line = $${directory:bin}/killpidfromfile $${runner-sshd-config:path_pid} SIGHUP
wrapper-path = $${directory:scripts}/runner-sshd-graceful

257
[runner-sshkeys-directory]
258
recipe = slapos.cookbook:mkdirectory
259 260
requests = $${directory:sshkeys}/runner-requests/
keys = $${directory:sshkeys}/runner-keys/
261 262 263

[runner-sshkeys-authority]
recipe = slapos.cookbook:sshkeys_authority
264 265 266
request-directory = $${runner-sshkeys-directory:requests}
keys-directory = $${runner-sshkeys-directory:keys}
wrapper = $${directory:services}/runner_sshkeys_authority
267 268 269 270 271
keygen-binary = ${openssh:location}/bin/ssh-keygen

[runner-sshkeys-sshd]
<= runner-sshkeys-authority
recipe = slapos.cookbook:sshkeys_authority.request
272
name = sshd
273 274 275 276 277 278
type = rsa
executable = $${runner-sshd-server:output}
public-key = $${runner-sshd-raw-server:rsa-keyfile}.pub
private-key = $${runner-sshd-raw-server:rsa-keyfile}
wrapper = $${directory:services}/runner-sshd

279
[runner-sshd-add-authorized-key]
280
recipe = slapos.cookbook:dropbear.add_authorized_key
281
home = $${buildout:directory}
282
key = $${slap-parameter:user-authorized-key}
283

284
#---------------------------
285
#--
286 287
#-- Set nginx frontend

288 289 290 291 292 293 294 295 296 297
[tempdirectory]
recipe = slapos.cookbook:mkdirectory
client_body_temp_path = $${directory:tmp}/client_body_temp_path
proxy_temp_path = $${directory:tmp}/proxy_temp_path
fastcgi_temp_path = $${directory:tmp}/fastcgi_temp_path
uwsgi_temp_path = $${directory:tmp}/uwsgi_temp_path
scgi_temp_path = $${directory:tmp}/scgi_temp_path

[nginx-frontend]
# Options
298
nb_workers = 5
299
# Network
300 301 302
local-ip = $${slap-network-information:local-ipv4}
global-ip = $${slap-network-information:global-ipv6}
global-port = $${slaprunner:runner_port}
303
# Backend
304 305
runner-ip = $${slaprunner:ipv4}
runner-port = $${slaprunner:runner_port}
306 307 308 309 310 311 312 313
# SSL
ssl-certificate = $${ca-nginx:cert-file}
ssl-key = $${ca-nginx:key-file}
# Log
path_pid = $${directory:run}/nginx.pid
path_log = $${directory:log}/nginx.log
path_access_log = $${directory:log}/nginx.access.log
path_error_log = $${directory:log}/nginx.error.log
314
path_tmp = $${directory:tmp}/
315
nginx_prefix = $${buildout:directory}
316 317 318
# Config files
path_nginx_conf = $${directory:etc}/nginx.conf
# Executables
319
bin_nginx = ${nginx-webdav:location}/sbin/nginx
320
bin_launcher = $${directory:bin}/launcher
321 322
# Utils
path_shell = ${dash:location}/bin/dash
323 324
# Misc.
etc_dir = $${directory:etc}
325
work_dir = $${slaprunner:working-directory}
326 327 328 329 330 331

[nginx_conf]
recipe = slapos.recipe.template:jinja2
template = ${template_nginx_conf:location}/${template_nginx_conf:filename}
rendered = $${nginx-frontend:path_nginx_conf}
context =
332
    key shellinabox_socket shellinabox:socket
333
    key socket gunicorn:socket
334 335 336 337 338 339 340 341 342 343 344
    section param_nginx_frontend nginx-frontend
    section param_tempdir tempdirectory

[nginx-launcher]
recipe = slapos.recipe.template:jinja2
template = ${template_launcher:location}/${template_launcher:filename}
rendered = $${nginx-frontend:bin_launcher}
mode = 700
context =
    section param_nginx_frontend nginx-frontend

345
[httpd-parameters]
346 347 348 349 350 351
path_pid = $${directory:run}/httpd.pid
path_error_log = $${directory:log}/httpd-error.log
path_access_log = $${directory:log}/httpd-access.log
# XXX Use ca-nginx, no need to regenerate certificate
cert_file = $${ca-nginx:cert-file}
key_file = $${ca-nginx:key-file}
352
global_ip = $${slap-network-information:global-ipv6}
353
global_port = $${slap-parameter:slaprunner-httpd-port}
354 355
working_directory = $${slaprunner:working-directory}
dav_lock = $${directory:var}/WebDavLock
356
htpasswd_file = $${directory:etc}/.htpasswd
357
etc_dir = $${directory:etc}
358 359
var_dir = $${directory:var}
project_folder = $${directory:project}
360
project_private_folder = $${runnerdirectory:private-project}
361
project_public_folder = $${runnerdirectory:public-project}
362
runner_home = $${runnerdirectory:home}
363
git_http_backend = ${git:location}/libexec/git-core/git-http-backend
364
cgid_sock = $${directory:run}/cgid.sock
365
#cgi_httpd_conf = $${monitor-httpd-configuration-file:rendered}
366
httpd_cors_file = $${slaprunner-httpd-cors:location}
367 368 369 370

[httpd-conf]
recipe = slapos.recipe.template:jinja2
template = ${template_httpd_conf:location}/${template_httpd_conf:filename}
371
rendered = $${directory:etc}/httpd.conf
372
context =
373 374
    section parameters httpd-parameters

375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407
[apache-httpd]
recipe = slapos.cookbook:wrapper
apache-executable = ${apache:location}/bin/httpd
wrapper-path = $${directory:services}/slaprunner-httpd
command-line = $${:apache-executable} -f $${httpd-conf:rendered} -DFOREGROUND
access-url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global_port}
wait-for-files =
  $${ca-nginx:cert-file}
  $${ca-nginx:key-file}

[httpd-graceful-wrapper]
recipe = collective.recipe.template
input = inline:
  #!/bin/sh
  exec kill -USR1 $(cat $${httpd-parameters:path_pid})
output = $${directory:scripts}/slaprunner-httpd-graceful
mode = 700

[apache-httpd-promise]
recipe = slapos.cookbook:check_url_available
path = $${directory:promises}/$${:filename}
filename = apache-httpd-listening-on-tcp
url = $${apache-httpd:access-url}
check-secure = 1
dash_path = {{ dash_executable_location }}
curl_path = {{ curl_executable_location }}

[slaprunner-httpd-cors]
recipe = plone.recipe.command
command = if [ ! -f $${:location} ]; then touch $${:location}; fi
location = $${directory:etc}/$${:filename}
filename = slaprunner-httpd-cors.cfg
stop-on-error = true
408

409 410 411 412
#--------------------
#--
#-- WSGI

413
[gunicorn]
414 415 416 417 418 419 420 421
bin_gunicorn = $${directory:bin}/gunicorn
bin_launcher = $${directory:services}/gunicorn
path_shell = ${dash:location}/bin/dash
socket = $${directory:tmp}/flaskserver.sock
path_pid = $${directory:run}/gunicorn.pid

[gunicorn-launcher]
recipe = slapos.cookbook:wrapper
422
command-line = $${gunicorn:bin_gunicorn} slapos.runner.run:app -p $${gunicorn:path_pid} -b unix:$${gunicorn:socket} -e RUNNER_CONFIG=$${slaprunner:slapos.cfg} --error-logfile $${directory:log}/$${:error-log-file} --timeout 200 --threads 3 --log-level error --preload
423
error-log-file = gunicorn-error.log
424
wrapper-path = $${gunicorn:bin_launcher}
425
environment = PATH=$${environ:PATH}:${git:location}/bin/
426
  RUNNER_CONFIG=$${slaprunner:slapos.cfg}
427
  LANG=en_GB.UTF-8
428 429 430

[gunicorn-graceful]
recipe = slapos.cookbook:wrapper
431
command-line = $${directory:bin}/killpidfromfile $${gunicorn:path_pid} SIGHUP
432 433
wrapper-path = $${directory:scripts}/gunicorn-graceful

434
#--------------------
435
#--
436
#-- ssl certificates
437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461

[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = ${openssl:location}/bin/openssl
ca-dir = $${directory:ca-dir}
requests-directory = $${cadirectory:requests}
wrapper = $${directory:services}/certificate_authority
ca-private = $${cadirectory:private}
ca-certs = $${cadirectory:certs}
ca-newcerts = $${cadirectory:newcerts}
ca-crl = $${cadirectory:crl}

[cadirectory]
recipe = slapos.cookbook:mkdirectory
requests = $${directory:ca-dir}/requests/
private = $${directory:ca-dir}/private/
certs = $${directory:ca-dir}/certs/
newcerts = $${directory:ca-dir}/newcerts/
crl = $${directory:ca-dir}/crl/

[ca-nginx]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = $${cadirectory:certs}/nginx_frontend.key
cert-file = $${cadirectory:certs}/nginx_frontend.crt
462 463
executable = $${nginx-launcher:rendered}
wrapper = $${directory:services}/nginx-frontend
464 465 466
# Put domain name
name = example.com

467
#--------------------
468 469
#--
#-- Request frontend
470

471
{% if slapparameter_dict.get('no-ipv4-frontend', 'false') == 'false' -%}
472 473
[request-frontend]
<= slap-connection
474
recipe = slapos.cookbook:requestoptional
475
name = SlapRunner Frontend
476
# XXX We have hardcoded SR URL here.
477
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
478
slave = true
479
config-url = $${slaprunner:access-url}
480
config-domain = $${slap-parameter:frontend-domain}
481
return = site_url domain
482

483 484 485 486 487 488 489 490
[slaprunner-frontend-promise]
recipe = slapos.cookbook:check_url_available
path = $${directory:promises}/slaprunner_frontend
url = https://$${request-frontend:connection-domain}/login
dash_path = ${dash:location}/bin/dash
curl_path = ${curl:location}/bin/curl
check-secure = 1

491 492 493
[request-httpd-frontend]
<= slap-connection
recipe = slapos.cookbook:requestoptional
494 495 496
# XXX - Unfortunately, we still call webrunner httpd frontend "Monitor Frontend" otherwise 
# buildout will ignore previous frontend that was created and create a new one (in case of upgrade)
name = Monitor Frontend
497 498 499 500 501 502 503 504 505 506 507 508 509 510 511
# XXX We have hardcoded SR URL here.
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
slave = true
config-url = $${apache-httpd:access-url}
config-domain = 
return = secure_access domain

[httpd-frontend-promise]
recipe = slapos.cookbook:check_url_available
path = $${directory:promises}/slaprunner-apache-http-frontend
url = $${request-httpd-frontend:connection-secure_access}
dash_path = {{ dash_executable_location }}
curl_path = {{ curl_executable_location }}
check-secure = 1

512
{% endif %}
513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531

[htpasswd]
recipe = slapos.cookbook:generate.password
storage-path = $${directory:etc}/.pwd
bytes = 8

[runner-htpasswd]
recipe = plone.recipe.command
stop-on-error = true
htpasswd-path = $${monitor-directory:etc}/.htpasswd
command = if [ ! -f "$${:htpasswd-path}" ]; then ${apache:location}//bin/htpasswd -cb $${:htpasswd-path} $${:user} $${:password}; fi
update-command = $${:command}
user = admin
{% if slapparameter_dict.get('monitor-password', '') -%}
password = {{ slapparameter_dict['monitor-password'] }}
{% else -%}
password = $${htpasswd:passwd}
{% endif -%}

532
#--------------------------------------
533
#--
534
#-- Send information to SlapOS Master
535

536 537 538
[user-info]
recipe = slapos.cookbook:userinfo

539
[publish-connection-information]
540
recipe = slapos.cookbook:publish
541 542 543
backend-url = $${slaprunner:access-url}
init-user = $${runner-htpasswd:user}
init-password = $${runner-htpasswd:password}
544
ssh-command = ssh $${user-info:pw-name}@$${slap-network-information:global-ipv6} -p $${runner-sshd-port:port}
545 546
git-public-url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global_port}/git-public/
git-private-url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global_port}/git/
547
monitor-base-url = $${publish:monitor-base-url}
548 549 550 551 552
{% if slapparameter_dict.get('no-ipv4-frontend', 'false') == 'false' -%}
url =  https://$${request-frontend:connection-domain}
webdav-url = $${request-httpd-frontend:connection-secure_access}/share/
public-url =  $${request-httpd-frontend:connection-secure_access}/public/
{% else %}
553
url =  $${slaprunner:access-url}
554 555 556 557
webdav-url = $${apache-httpd:access-url}/share/
public-url =  $${apache-httpd:access-url}/public/
{% endif %}

558 559
{% if slapparameter_dict.get('instance-type', '') != 'resilient' -%}
{% set monitor_interface_url = slapparameter_dict.get('monitor-interface-url', 'https://monitor.app.officejs.com') -%}
560
monitor-setup-url = {{ monitor_interface_url }}/#page=settings_configurator&url=$${publish:monitor-url}&username=$${publish:monitor-user}&password=$${publish:monitor-password}
561
{% else -%}
562 563 564 565
monitor-url = $${publish:monitor-url}
monitor-user = $${publish:monitor-user}
monitor-password = $${publish:monitor-password}
{% endif -%}
566 567 568
#---------------------------
#--
#-- Deploy promises scripts
Jean-Baptiste Petre's avatar
Jean-Baptiste Petre committed
569

570 571
[slaprunner-promise]
recipe = slapos.cookbook:check_port_listening
572
path = $${directory:promises}/slaprunner
573 574
hostname = $${slaprunner:ipv6}
port = $${slaprunner:runner_port}
Jean-Baptiste Petre's avatar
Jean-Baptiste Petre committed
575

576
[runner-sshd-promise]
577
recipe = slapos.cookbook:check_port_listening
578 579 580
path = $${directory:promises}/runner-sshd
hostname = $${slap-network-information:global-ipv6}
port = $${runner-sshd-port:port}
581

582 583
[symlinks]
recipe = cns.recipe.symlink
584
symlink_target = $${directory:bin}
585
symlink_base = ${buildout:directory}/bin
586 587 588

[slap-parameter]
# Default value if no ssh key is specified
589
user-authorized-key =
590
# Default value of instances number in slaprunner
591
instance-amount = 10
592 593
debug = false
frontend-domain =
594
slapos-repository = https://lab.nexedi.com/nexedi/slapos.git
595
slapos-software =
596
slapos-software-type =
597
slapos-reference = master
598
auto-deploy = false
599
auto-deploy-instance = true
600
autorun = false
601 602
slaprunner-httpd-port = $${:monitor-port}
# XXX - for backward compatibility, monitor-port was for slaprunner httpd server
603
monitor-port = 9686
604
instance-name =
605 606
monitor-cors-domains = 
monitor-interface-url = 
607
# XXX - define a new port for monitor here and use monitor-port for backward compatibility
608
monitor-httpd-port = 8386
609 610 611

[monitor-parameters]
port = $${slap-parameter:monitor-port}
612

613 614
[slapos-cfg]
recipe = slapos.recipe.template:jinja2
615
template = ${template-slapos-cfg:location}/${template-slapos-cfg:filename}
616 617 618
rendered = $${slaprunner:slapos.cfg}
mode = 700
context =
619
  section slaprunner slaprunner
620

621 622
[slapos-test-cfg]
recipe = slapos.recipe.template:jinja2
623
template = ${template-slapos-cfg:location}/${template-slapos-cfg:filename}
624 625 626 627 628
rendered = $${test-runner:slapos.cfg}
mode = 700
context =
  section slaprunner test-runner

629
[shellinabox]
630 631 632 633 634 635 636 637 638 639 640
recipe = slapos.recipe.template:jinja2
# We cannot use slapos.cookbook:wrapper here because this recipe escapes too much
socket = $${directory:run}/siab.sock
mode = 0700
rendered = $${directory:services}/shellinaboxd
template = inline:
  #!/bin/sh
  exec ${shellinabox:location}/bin/shellinaboxd \
    --disable-ssl \
    --disable-ssl-menu \
    --unixdomain-only=$${:socket}:$(id -u):$(id -g):0600 \
Jérome Perrin's avatar
Jérome Perrin committed
641
    --service "/:$(id -u):$(id -g):HOME:$${shell:wrapper} -l"
642 643 644

[shell]
recipe = slapos.cookbook:shell
Jérome Perrin's avatar
Jérome Perrin committed
645
wrapper = $${directory:bin}/bash
646
shell = ${bash:location}/bin/bash
647
home = $${buildout:directory}
648
path = $${environ:PATH}:/usr/bin:/bin/:${nano:location}/bin:${vim:location}/bin:${screen:location}/bin:${git:location}/bin:${tig:location}/bin
649 650
ps1 = "\\w> "

651 652 653
[environ]
recipe = collective.recipe.environment

654 655
[prepare-software]
recipe = slapos.cookbook:wrapper
656
command-line = ${curl:location}/bin/curl -g https://[$${slaprunner:ipv6}]:$${slaprunner:runner_port}/isSRReady --max-time 1 --insecure
657 658
wrapper-path = $${directory:scripts}/prepareSoftware

659 660 661 662 663 664 665
[cron-entry-prepare-software]
<= cron
recipe = slapos.cookbook:cron.d
name = prepare-software
frequency = */2 * * * *
command = $${prepare-software:wrapper-path}

666 667 668
[instance-parameters]
recipe = slapos.recipe.template:jinja2
extensions = jinja2.ext.do
669
template = ${template-parameters:location}/${template-parameters:filename}
670 671
rendered = $${directory:etc}/.parameter.xml.default
mode = 0644
672
context =
673 674 675 676 677 678 679 680
  key slapparameter_dict slap-configuration:configuration

[deploy-instance-parameters]
recipe = plone.recipe.command
stop-on-error = true
parameter-xml = $${directory:etc}/.parameter.xml
command = if [ ! -f $${:parameter-xml} ]; then cp $${instance-parameters:rendered} $${:parameter-xml}; fi

681 682 683 684 685 686 687
[instance-software-type]
recipe = plone.recipe.command
stop-on-error = true
# XXX It should not be named with .xml as it is not xml
software-type-path = $${directory:etc}/.software_type.xml
command = if [ ! -f $${:software-type-path} -a "$${slap-parameter:slapos-software-type}" != "" ]; then echo "$${slap-parameter:slapos-software-type}" > $${:software-type-path}; fi

688 689 690 691 692
[instance-software]
recipe = plone.recipe.command
stop-on-error = true
command = SR=$${slap-parameter:slapos-software} && if [ -n "$SR" ] && [ ! -f "$${directory:etc}/.project" ]; then echo workspace/slapos/$${slap-parameter:slapos-software}/ > $${directory:etc}/.project; fi

693 694 695 696 697 698 699 700
[slap-configuration]
recipe = slapos.cookbook:slapconfiguration.serialised
computer = $${slap-connection:computer-id}
partition = $${slap-connection:partition-id}
url = $${slap-connection:server-url}
key = $${slap-connection:key-file}
cert = $${slap-connection:cert-file}

701

702 703 704 705 706 707
[minishell-cwd]
recipe = plone.recipe.command
command = if [ ! -f $${slaprunner:minishell_cwd_file} ]; then echo $${runnerdirectory:home} > $${slaprunner:minishell_cwd_file}; fi
location = $${slaprunner:minishell_cwd_file}
stop-on-error = true

708
[bash-profile]
709 710 711 712
recipe = slapos.recipe.template:jinja2
template = ${template-bash-profile:location}/${template-bash-profile:filename}
rendered = $${buildout:directory}/.bash_profile
context =
713
    raw path $PATH:${nano:location}/bin:${vim:location}/bin:${screen:location}/bin:${git:location}/bin:${curl:location}/bin:${python2.7:location}/bin:${tig:location}/bin:${zip:location}/bin
714
    key workdir runnerdirectory:home
715

716 717 718 719 720

#---------------------------
#--
#-- supervisord managing slaprunner automation features

721
[supervisord]
722
autorestart = false
723 724 725 726
autostart = false
directory = $${buildout:directory}
exitcodes = 0
logfile = $${directory:log}/supervisord.log
727
no_logfile = NONE
728
numprocs = 1
729
path = $${shell:path}
730
pidfile = $${directory:run}/supervisord.pid
731 732
ip = $${slaprunner:ipv4}
server = $${:ip}:$${:port}
733
port = 39986
734
slapgrid-cp = slapgrid-cp
735
slapgrid-cp-command = $${slaprunner:slapos} node instance --all --cfg $${:slapos-cfg} --pidfile $${:slapgrid-cp-pid} --verbose --logfile $${:slapgrid-cp-log}
736 737
slapgrid-cp-log = $${runnerdirectory:home}/instance.log
slapgrid-cp-pid = $${directory:run}/slapgrid-cp.pid
738
slapgrid-cp-startretries = 0
739
slapgrid-sr = slapgrid-sr
740
slapgrid-sr-command = $${slaprunner:slapos} node software --all --cfg $${:slapos-cfg} --pidfile $${:slapgrid-sr-pid} --verbose --logfile $${:slapgrid-sr-log}
741 742
slapgrid-sr-log = $${runnerdirectory:home}/software.log
slapgrid-sr-pid = $${directory:run}/slapgrid-sr.pid
743
slapgrid-sr-startretries = 0
744 745 746
slapproxy = slapproxy
slapproxy-autorestart = true
slapproxy-autostart = true
747
slapproxy-startsecs = 1
748
slapproxy-command = $${slaprunner:slapos} proxy start --logfile $${:slapproxy-log} --cfg $${:slapos-cfg}
749
slapproxy-log = $${directory:log}/slapproxy.log
750 751
socket_name = unix://$${:socket_path}
socket_path = $${directory:tmp}/supervisord.sock
752
startsecs = 0
753 754 755
# This file logs errors from listeners. Supervisord has its own logfile.
# Processes should handle their logs by themselves
stderr_logfile = $${directory:log}/supervisord-errors.log
756
slapos-cfg = $${slaprunner:slapos.cfg}
757 758 759 760 761 762

[supervisord-conf]
recipe = slapos.recipe.template:jinja2
template = ${template-supervisord:location}/${template-supervisord:filename}
rendered = $${directory:etc}/supervisord.conf
context =
763 764
    import multiprocessing multiprocessing
    import builtin __builtin__
765
    section supervisord supervisord
766
    key slapparameter_dict slap-configuration:configuration
767 768 769 770 771 772 773 774 775 776
    key listener_slapgrid listener-slapgrid-bin:rendered

[listener-slapgrid-bin]
recipe = slapos.recipe.template:jinja2
template = ${template-listener-slapgrid:location}/${template-listener-slapgrid:filename}
rendered = $${directory:bin}/listener_slapgrid.py
mode = 0744
context =
    section supervisord supervisord
    section slaprunner slaprunner
777
    raw python_executable ${buildout:directory}/bin/${extra-eggs:interpreter}
778 779 780 781 782 783

[supervisord-wrapper]
recipe = slapos.cookbook:wrapper
command-line = $${buildout:directory}/bin/supervisord -c $${supervisord-conf:rendered} --nodaemon
wrapper-path = $${directory:services}/supervisord

784 785 786 787 788 789
[supervisord-promise]
recipe = slapos.cookbook:check_port_listening
path = $${directory:promises}/supervisord
hostname = $${slaprunner:ipv4}
port = $${supervisord:port}

790 791
# XXX Monitor 
[monitor-instance-parameter]
792
monitor-httpd-port = $${slap-parameter:monitor-httpd-port}
793 794 795
{% if slapparameter_dict.get('name', '') -%}
monitor-title = {{ slapparameter_dict['name'] }}
{% endif -%}
796
cors-domains = {{ slapparameter_dict.get('monitor-cors-domains', 'monitor.app.officejs.com') }}
797 798 799
{% if slapparameter_dict.get('monitor-username', '') -%}
username = {{ slapparameter_dict['monitor-username'] }}
{% endif -%}
800
password = $${runner-htpasswd:password}
801
{% if slapparameter_dict.get('monitor-url-list', '') -%}
802
monitor-url-list = {{ slapparameter_dict['monitor-url-list'] }}
803
{% endif -%}
804
# check if not resilient runner
805 806 807
{% if not slapparameter_dict.get('authorized-key', '') -%}
# Pass some parameter to dispay in monitoring interface
instance-configuration =
808
  httpdcors cors-domain $${slaprunner-httpd-cors:location} $${httpd-graceful-wrapper:output}
809 810
{% endif -%}
configuration-file-path = $${buildout:directory}/knowledge0.cfg
811

812 813 814
[monitor-check-webrunner-internal-instance]
recipe = slapos.recipe.template:jinja2
template = ${monitor-check-webrunner-internal-instance:location}/${monitor-check-webrunner-internal-instance:filename}
815
rendered = $${monitor-directory:reports}/$${:filename}
816 817 818
filename = monitor-check-webrunner-internal-instance
mode = 0744