apache-runner: add log access and publish monitoring url

40695801 · Cédric Le Ninivin · 264b43dc · 40695801 · 40695801 · 40695801
Commit 40695801 authored May 02, 2014 by Cédric Le Ninivin
4 changed files
--- a/software/apache-frontend/instance-apache-frontend.cfg
+++ b/software/apache-frontend/instance-apache-frontend.cfg
@@ -48,7 +48,9 @@ parts =
  zero-parameters
  public-symlink
  cgi-httpd-wrapper
-
+## Monitor for apache
+  monitor-current-log-access
+  monitor-backup-log-access
 extends = ${monitor-template:output}


@@ -119,6 +121,14 @@ apache-directory = ${apache-2.2:location}
 apache-ipv6 = $${instance-parameter:ipv6-random}
 apache-https-port = $${instance-parameter:configuration.port}

+[monitor-current-log-access]
+< = monitor-directory-access
+source = $${directory:log}
+
+[monitor-backup-log-access]
+< = monitor-directory-access
+source = $${directory:logrotate-backup}
+
 [jinja2-template-base]
 recipe = slapos.recipe.template:jinja2
 rendered = $${buildout:directory}/$${:filename}

--- a/software/apache-frontend/instance-apache-replicate.cfg.in
+++ b/software/apache-frontend/instance-apache-replicate.cfg.in
@@ -59,20 +59,24 @@ sla-{{ parameter }} = {{ slapparameter_dict.pop( sla_key + parameter ) }}

 [replicate]
 <= slap-connection
-recipe = slapos.cookbook:request
+recipe = slapos.cookbook:requestoptional
 software-url = ${slap-connection:software-release-url}
 software-type = {{frontend_type}}
-return = private-ipv4 public-ipv4 slave-instance-information-list
+return = private-ipv4 public-ipv4 slave-instance-information-list monitor_url
 config = {{ ' '.join(slapparameter_dict.keys()) + ' ' + slave_list_name }}
 {% for parameter, value in slapparameter_dict.iteritems() -%}
 config-{{parameter}} = {{ value }}
 {% endfor -%}
 config-{{ slave_list_name }} = {{ json_module.dumps(slave_instance_list) }}
+connection-monitor_url =

 [publish-information]
 recipe = slapos.cookbook:publish
 domain = {{ slapparameter_dict.get('domain') }}
 slave-amount = {{ slave_instance_list | length }}
+{% for frontend in frontend_section_list %}
+{{ frontend }}-monitor-url = {{ '${' + frontend + ':connection-monitor_url}' }}
+{% endfor -%}
 {% for frontend in frontend_list -%}
 #{{frontend}}-private-ipv4 = ${request-{{frontend}}:private-ipv4}
 {% endfor -%}

--- a/stack/monitor/monitor.cfg.in
+++ b/stack/monitor/monitor.cfg.in
@@ -7,20 +7,23 @@ key = $${slap-connection:key-file}
 cert = $${slap-connection:cert-file}

 [monitor-parameters]
-monitor-dir = $${directory:var}/monitor
+monitor-dir = $${monitor-directory:var}/monitor
 result-dir = $${:monitor-dir}/bool
 json-filename = monitor.json
 json-path = $${:monitor-dir}/$${:json-filename}
 rss-path = $${:public-cgi}/$${:rss-filename}
 rss-filename = rssfeed.html
-executable = $${directory:bin}/monitor.py
-cgi-bin = $${directory:cgi-bin}
-monitoring-cgi = $${directory:monitoring-cgi}
-knowledge0-cgi = $${directory:knowledge0-cgi}
-public-cgi = $${directory:public-cgi}
+executable = $${monitor-directory:bin}/monitor.py
+cgi-bin = $${monitor-directory:cgi-bin}
+monitoring-cgi = $${monitor-directory:monitoring-cgi}
+knowledge0-cgi = $${monitor-directory:knowledge0-cgi}
+public-cgi = $${monitor-directory:public-cgi}
 port = 9685
+private-directory = $${monitor-directory:monitor-private-directory}
+htaccess-file = $${monitor-htaccess:htaccess-path}

-[directory]
+[monitor-directory]
+recipe = slapos.cookbook:mkdirectory
 home = $${buildout:directory}
 etc = $${:home}/etc
 bin = $${:home}/bin
@@ -37,34 +40,35 @@ crontabs = $${:etc}/crontabs
 cronstamps = $${:etc}/cronstamps
 log = $${:var}/log
 monitor = $${:etc}/monitor
-monitor-result = $${monitor-parameters:monitor-dir}
-monitor-result-bool = $${monitor-parameters:result-dir}
+monitor-result = $${:var}/monitor
+monitor-result-bool = $${:var}/monitor
 promise = $${:etc}/promise
 public-cgi = $${:cgi-bin}/public
 run = $${:var}/run
 service = $${:etc}/service/
 tmp = $${:home}/tmp
 www = $${:var}/www
+monitor-private-directory = $${:srv}/monitor-private

 [public-symlink]
 recipe = cns.recipe.symlink
-symlink = $${monitor-parameters:public-cgi} = $${directory:www}/public
+symlink = $${monitor-parameters:public-cgi} = $${monitor-directory:www}/public
 autocreate = true

 [cron]
 recipe = slapos.cookbook:cron
 dcrond-binary = ${dcron:location}/sbin/crond
-cron-entries = $${directory:cron-entries}
-crontabs = $${directory:crontabs}
-cronstamps = $${directory:cronstamps}
+cron-entries = $${monitor-directory:cron-entries}
+crontabs = $${monitor-directory:crontabs}
+cronstamps = $${monitor-directory:cronstamps}
 catcher = $${cron-simplelogger:wrapper}
-binary = $${directory:service}/crond
+binary = $${monitor-directory:service}/crond

 # Add log to cron
 [cron-simplelogger]
 recipe = slapos.cookbook:simplelogger
-wrapper = $${directory:bin}/cron_simplelogger
-log = $${directory:log}/cron.log
+wrapper = $${monitor-directory:bin}/cron_simplelogger
+log = $${monitor-directory:log}/cron.log

 [cron-entry-monitor]
 <= cron
@@ -84,14 +88,14 @@ command = $${make-rss:output}
 recipe = hexagonit.recipe.download
 url = ${download-static-files:destination}/${download-static-files:filename}
 filename = static
-destination = $${directory:www}
+destination = $${monitor-directory:www}
 ignore-existing = true
 mode = 0644

 [deploy-index]
 recipe = slapos.recipe.template:jinja2
 template = ${index:location}/${index:filename}
-rendered = $${directory:www}/$${:filename}
+rendered = $${monitor-directory:www}/$${:filename}
 filename = index.cgi
 mode = 0744
 context =
@@ -104,7 +108,7 @@ context =
 [deploy-index-template]
 recipe = hexagonit.recipe.download
 url = ${index-template:location}/$${:filename}
-destination = $${directory:www}
+destination = $${monitor-directory:www}
 filename = ${index-template:filename}
 download-only = true
 mode = 0644
@@ -138,7 +142,7 @@ template = ${monitor-bin:location}/${monitor-bin:filename}
 rendered = $${monitor-parameters:executable}
 mode = 0744
 context =
-  section directory directory
+  section directory monitor-directory
  key monitoring_file_json monitor-parameters:json-path
  key monitoring_folder_bool monitor-parameters:result-dir
  raw python_executable ${buildout:executable}
@@ -146,7 +150,7 @@ context =
 [deploy-rss-script]
 recipe = hexagonit.recipe.download
 url = ${rss-bin:destination}/${rss-bin:filename}
-destination = $${directory:bin}
+destination = $${monitor-directory:bin}
 filename = ${rss-bin:filename}
 mode = 0744
 download-only = true
@@ -154,23 +158,34 @@ download-only = true
 [make-rss]
 recipe = slapos.recipe.template
 url = ${make-rss-script:output}
-output = $${directory:bin}/make-rss.sh
+output = $${monitor-directory:bin}/make-rss.sh
 mode = 0744

+[monitor-htaccess]
+recipe = plone.recipe.command
+stop-on-error = true
+htaccess-path = $${monitor-directory:monitor}/.htaccess
+command = ${apache:location}/bin/htpasswd -cb $${:htaccess-path} admin $${zero-parameters:monitor-password}
+
+[monitor-directory-access]
+recipe = plone.recipe.command
+command = ln -s $${:source} $${monitor-directory:monitor-private-directory}
+source =
+
 [cadirectory]
 recipe = slapos.cookbook:mkdirectory
-requests = $${directory:ca-dir}/requests/
-private = $${directory:ca-dir}/private/
-certs = $${directory:ca-dir}/certs/
-newcerts = $${directory:ca-dir}/newcerts/
-crl = $${directory:ca-dir}/crl/
+requests = $${monitor-directory:ca-dir}/requests/
+private = $${monitor-directory:ca-dir}/private/
+certs = $${monitor-directory:ca-dir}/certs/
+newcerts = $${monitor-directory:ca-dir}/newcerts/
+crl = $${monitor-directory:ca-dir}/crl/

 [certificate-authority]
 recipe = slapos.cookbook:certificate_authority
 openssl-binary = ${openssl:location}/bin/openssl
-ca-dir = $${directory:ca-dir}
+ca-dir = $${monitor-directory:ca-dir}
 requests-directory = $${cadirectory:requests}
-wrapper = $${directory:service}/certificate_authority
+wrapper = $${monitor-directory:service}/certificate_authority
 ca-private = $${cadirectory:private}
 ca-certs = $${cadirectory:certs}
 ca-newcerts = $${cadirectory:newcerts}
@@ -181,8 +196,8 @@ ca-crl = $${cadirectory:crl}
 recipe = slapos.cookbook:certificate_authority.request
 key-file = $${cadirectory:certs}/httpd.key
 cert-file = $${cadirectory:certs}/httpd.crt
-executable = $${directory:bin}/cgi-httpd
-wrapper = $${directory:service}/cgi-httpd
+executable = $${monitor-directory:bin}/cgi-httpd
+wrapper = $${monitor-directory:service}/cgi-httpd
 # Put domain name
 name = example.com

@@ -214,11 +229,18 @@ input = inline:
  LoadModule unixd_module modules/mod_unixd.so
  LoadModule access_compat_module modules/mod_access_compat.so
  LoadModule authz_core_module modules/mod_authz_core.so
+  LoadModule authn_core_module modules/mod_authn_core.so
  LoadModule authz_host_module modules/mod_authz_host.so
  LoadModule mime_module modules/mod_mime.so
  LoadModule cgid_module modules/mod_cgid.so
  LoadModule dir_module modules/mod_dir.so
  LoadModule ssl_module modules/mod_ssl.so
+  LoadModule alias_module modules/mod_alias.so
+  LoadModule autoindex_module modules/mod_autoindex.so
+  LoadModule auth_basic_module modules/mod_auth_basic.so
+  LoadModule authz_user_module modules/mod_authz_user.so
+  LoadModule authn_file_module modules/mod_authn_file.so
+
  # SSL Configuration
  <IfDefine !SSLConfigured>
  Define SSLConfigured
@@ -243,14 +265,29 @@ input = inline:
    AddHandler cgi-script .cgi
    DirectoryIndex $${deploy-index:filename}
  </Directory>
-output = $${directory:etc}/cgi-httpd.conf
+  Alias /private/ $${monitor-parameters:private-directory}/
+  <Directory $${monitor-parameters:private-directory}>
+  Order Deny,Allow
+  Deny from env=AUTHREQUIRED
+  <Files ".??*">
+    Order Allow,Deny
+    Deny from all
+  </Files>
+  AuthType Basic
+  AuthName "Private access"
+  AuthUserFile "$${monitor-parameters:htaccess-file}"
+  Require valid-user
+  Options Indexes FollowSymLinks
+  Satisfy all
+  </Directory>
+output = $${monitor-directory:etc}/cgi-httpd.conf
 listening-ip = $${slap-parameters:ipv6-random}
 # XXX: randomize-me
-htdocs = $${directory:www}
-pid-file = $${directory:run}/cgi-httpd.pid
-cgid-pid-file = $${directory:run}/cgi-httpd-cgid.pid
-document-root = $${directory:www}
-error-log = $${directory:log}/cgi-httpd-error-log
+htdocs = $${monitor-directory:www}
+pid-file = $${monitor-directory:run}/cgi-httpd.pid
+cgid-pid-file = $${monitor-directory:run}/cgi-httpd-cgid.pid
+document-root = $${monitor-directory:www}
+error-log = $${monitor-directory:log}/cgi-httpd-error-log

 [cgi-httpd-wrapper]
 recipe = slapos.cookbook:wrapper
@@ -260,7 +297,7 @@ wrapper-path = $${ca-httpd:executable}

 [monitor-promise]
 recipe = slapos.cookbook:check_url_available
-path = $${directory:promises}/monitor
+path = $${monitor-directory:promises}/monitor
 url = https://[$${cgi-httpd-configuration-file:listening-ip}]:$${monitor-parameters:port}/$${deploy-index:filename}
 check-secure = 1
 dash_path = ${dash:location}/bin/dash

--- a/stack/monitor/webfiles/index.html.jinja2
+++ b/stack/monitor/webfiles/index.html.jinja2
@@ -17,6 +17,8 @@
    <li><a href="{{ category }}/{{ script }}" class="script">{{ script }}</a></li>
    {% endfor %}
   {% endfor %}
+   <li class="pure-menu-heading category">Files</li>
+   <li><a href="./private/" class="link">  User: admin</br>  Password is yours</a></li>
  </ul>
 </div>
 </div>