instance-monitor.cfg.jinja2.in 14.9 KB
Newer Older
1 2 3 4 5 6 7 8
[slap-configuration]
recipe = slapos.cookbook:slapconfiguration.serialised
computer = ${slap-connection:computer-id}
partition = ${slap-connection:partition-id}
url = ${slap-connection:server-url}
key = ${slap-connection:key-file}
cert = ${slap-connection:cert-file}

9 10 11 12
# XXX Default values if doesn't exists
root-instance-title = UNKNOWN H-S
instance-title = UNKNOWN Instance

13 14 15 16 17 18 19 20 21 22 23
[directory]
recipe = slapos.cookbook:mkdirectory
etc = ${buildout:directory}/etc
bin = ${buildout:directory}/bin
srv = ${buildout:directory}/srv
var = ${buildout:directory}/var
run = ${:var}/run
log = ${:var}/log
scripts = ${:etc}/run
services = ${:etc}/service
promises = ${:etc}/promise
24
plugins = ${:etc}/plugin
25 26 27 28 29 30
monitor = ${:srv}/monitor

[monitor-directory]
recipe = slapos.cookbook:mkdirectory
bin = ${directory:bin}
etc = ${directory:etc}
31 32
promises = ${directory:etc}/monitor-promise
reports = ${directory:etc}/monitor-report
33
pids = ${directory:run}/monitor
34
webdav = ${directory:monitor}/webdav
35 36
public = ${directory:monitor}/public
private = ${directory:monitor}/private
37
documents = ${:private}/documents
38
log = ${directory:log}/monitor
39 40
promise-result = ${buildout:directory}/.slapgrid/promise/result
promise-log = ${buildout:directory}/.slapgrid/promise/log
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55

[ca-directory]
recipe = slapos.cookbook:mkdirectory
root = ${directory:srv}/ssl
requests = ${:root}/requests
private = ${:root}/private
certs = ${:root}/certs
newcerts = ${:root}/newcerts
crl = ${:root}/crl

[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = {{ openssl_executable_location }}
ca-dir = ${ca-directory:root}
requests-directory = ${ca-directory:requests}
56
wrapper = ${directory:services}/certificate_authority
57 58 59 60 61
ca-private = ${ca-directory:private}
ca-certs = ${ca-directory:certs}
ca-newcerts = ${ca-directory:newcerts}
ca-crl = ${ca-directory:crl}

62
[ca-monitor-httpd]
63 64 65 66
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = ${monitor-httpd-conf-parameter:key-file}
cert-file = ${monitor-httpd-conf-parameter:cert-file}
67
executable = ${monitor-httpd-wrapper:wrapper-path}
68 69 70 71
wrapper = ${directory:services}/monitor-httpd

[monitor-conf-parameters]
title = ${monitor-instance-parameter:monitor-title}
72
root-title = ${monitor-instance-parameter:root-instance-title}
73 74
public-folder = ${monitor-directory:public}
private-folder = ${monitor-directory:private}
75
webdav-folder = ${monitor-directory:webdav}
76
base-url = ${monitor-instance-parameter:monitor-base-url}
77 78
service-pid-folder = ${monitor-directory:pids}
crond-folder = ${logrotate-directory:cron-entries}
79 80
log-folder = ${monitor-directory:log}
document-folder = ${monitor-directory:documents}
81
pid-file = ${monitor-directory:pids}/monitor-bootstrap.pid
Alain Takoudjou's avatar
Alain Takoudjou committed
82

83
public-path-list = 
84 85
private-path-list = ${directory:log}
monitor-url-list = ${monitor-instance-parameter:monitor-url-list}
86 87 88 89
parameter-file-path = ${monitor-instance-parameter:configuration-file-path}

parameter-list = 
  raw monitor-user ${monitor-instance-parameter:username}
90
  htpasswd monitor-password ${httpd-monitor-htpasswd:password-file} ${monitor-instance-parameter:username} ${httpd-monitor-htpasswd:htpasswd-path}
91
  file min-free-disk-MB ${promise-check-free-disk-space:config-file}
92 93 94
  ${monitor-instance-parameter:instance-configuration}
# htpasswd entry:  htpasswd key password-file username htpasswd-file

95 96
promise-output-file = ${directory:monitor}/monitor-bootstrap-status

97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112
[monitor-promise-conf]
output-folder = ${monitor-directory:public}/promise
history-folder = ${monitor-directory:public}
promise-folder = ${directory:plugins}
legacy-promise-folder = ${directory:promises}
pid-path = ${monitor-directory:pids}/runpromise.pid
partition-folder = ${buildout:directory}
master-url = ${slap-connection:server-url}
partition-cert = ${slap-connection:cert-file}
partition-key = ${slap-connection:key-file}
partition-id = ${slap-connection:partition-id}
computer-id = ${slap-connection:computer-id}
ipv4 = ${slap-configuration:ipv4-random}
ipv6 = ${slap-configuration:ipv6-random}
software-release = ${slap-connection:software-release-url}
software-type = ${slap-configuration:slap-software-type}
113

114 115 116
[monitor-base-url-dict]
# place holder to be used to collect erp5 monitor urls

117 118 119 120 121
[monitor-conf]
recipe = slapos.recipe.template:jinja2
template = {{ monitor_conf_template }}
rendered = ${directory:etc}/${:filename}
filename = monitor.conf
122 123 124
context = section parameter_dict           monitor-conf-parameters
          section promise_parameter_dict  monitor-promise-conf
          section monitor_base_urls        monitor-base-url-dict
125

Alain Takoudjou's avatar
Alain Takoudjou committed
126 127
[start-monitor]
recipe = slapos.cookbook:wrapper
128
command-line = {{ monitor_bin }} -c ${monitor-conf:rendered}
129 130
name = bootstrap-monitor
wrapper-path = ${directory:scripts}/${:name}
Alain Takoudjou's avatar
Alain Takoudjou committed
131

132 133
[monitor-htpasswd]
recipe = slapos.cookbook:generate.password
134
storage-path = ${directory:etc}/.monitor_pwd
135 136
bytes = 8

137 138 139
[httpd-monitor-htpasswd]
recipe = plone.recipe.command
stop-on-error = true
140
password-file = ${directory:etc}/.monitor_pwd
141
htpasswd-path = ${monitor-directory:etc}/monitor-htpasswd
142 143 144 145 146
# Keep multiple lines as password can end with newline char.
command = 
  if [ ! -s "${:htpasswd-path}" ]; then 
    {{ apache_location }}/bin/htpasswd -cb ${:htpasswd-path} ${:user} ${:password}
  fi
147
  if [ ! -s "${:password-file}" ]; then echo "${monitor-instance-parameter:password}" > ${:password-file}; fi
148
update-command = ${:command}
149 150
user = ${monitor-instance-parameter:username}
password = ${monitor-instance-parameter:password}
151

152 153 154
[monitor-symlink]
recipe = cns.recipe.symlink
symlink =
155 156
  ${monitor-directory:promise-result} = ${monitor-directory:public}/promise
  ${monitor-directory:promise-result} = ${monitor-directory:log}/promise
157

158 159 160
[monitor-httpd-conf-parameter]
listening-ip = ${monitor-instance-parameter:monitor-httpd-ipv6}
port = ${monitor-instance-parameter:monitor-httpd-port}
161
pid-file = ${directory:run}/monitor-httpd.pid
162 163
access-log = ${directory:log}/monitor-httpd-access.log
error-log = ${directory:log}/monitor-httpd-error.log
164 165 166
cert-file = ${ca-directory:certs}/httpd.crt
key-file = ${ca-directory:certs}/httpd.key
htpasswd-file = ${httpd-monitor-htpasswd:htpasswd-path}
167 168 169
url = https://[${monitor-instance-parameter:monitor-httpd-ipv6}]:${:port}
httpd-cors-config-file = ${monitor-httpd-cors:rendered}
httpd-include-file = 
170 171 172 173 174 175 176 177 178 179

[monitor-httpd-conf]
recipe = slapos.recipe.template:jinja2
template = {{ monitor_httpd_template }}
rendered = ${monitor-directory:etc}/monitor-httpd.conf
mode = 0744
context =
  section directory monitor-directory
  section parameter_dict monitor-httpd-conf-parameter

180 181 182 183 184 185 186 187 188
[monitor-httpd-cors]
recipe = slapos.recipe.template:jinja2
template = {{ monitor_https_cors }}
rendered = ${directory:etc}/httpd-cors.cfg
mode = 0600
context =
  key domain monitor-instance-parameter:cors-domains

[monitor-httpd-wrapper]
189 190 191 192 193 194
recipe = slapos.cookbook:wrapper
command-line = {{ apache_location }}/bin/httpd -f ${monitor-httpd-conf:rendered} -DFOREGROUND
wrapper-path = ${directory:bin}/monitor-httpd
wait-for-files =
  ${ca-directory:certs}/httpd.key
  ${ca-directory:certs}/httpd.crt
195
  ${monitor-httpd-graceful-wrapper:rendered}
196

197
[monitor-httpd-graceful-wrapper]
198 199
recipe = slapos.recipe.template:jinja2
template = {{ template_wrapper }}
200
rendered = ${directory:scripts}/monitor-httpd-graceful
201 202 203
mode = 0700
context =
    key content :command
204
    raw dash_binary {{ dash_executable_location }}
205 206
command = kill -USR1 $(cat ${monitor-httpd-conf-parameter:pid-file})

207 208 209
[logrotate-entry-monitor-httpd]
<= logrotate-entry-base
name = monitor-apache
210 211
log = ${directory:log}/monitor-httpd-*.log
post = test ! -s ${monitor-httpd-conf-parameter:pid-file} || {{ bin_directory }}/slapos-kill --pidfile ${monitor-httpd-conf-parameter:pid-file} -s USR1
212

213 214 215 216 217 218 219 220
[xnice-bin]
recipe = collective.recipe.template
input = inline:#!/bin/sh
  # run something at lowest possible priority
  exec nice -19 chrt --idle 0 ionice -c3 "$@"
output = ${directory:bin}/xnice
mode = 700

221 222 223 224 225
[promise-monitor-httpd-is-process-older-than-dependency-set]
recipe = slapos.cookbook:wrapper
command-line = {{ bin_directory }}/is-process-older-than-dependency-set ${monitor-httpd-conf-parameter:pid-file} 
wrapper-path = ${directory:promises}/promise-monitor-httpd-is-process-older-than-dependency-set

226 227
[monitor-globalstate-wrapper]
recipe = slapos.cookbook:wrapper
228
command-line = ${xnice-bin:output} {{ monitor_genstatus }} '${monitor-conf:rendered}'
229 230 231 232 233
wrapper-path = ${directory:bin}/monitor-globalstate

[monitor-configurator-wrapper]
recipe = slapos.cookbook:wrapper
# XXX - hard coded path
234 235 236 237 238
command-line = ${xnice-bin:output} {{ monitor_configwrite }}
              --config_folder '${monitor-conf-parameters:private-folder}/config/.jio_documents'
              --output_cfg_file '${monitor-instance-parameter:configuration-file-path}'
              --htpasswd_bin '{{ apache_location }}/bin/htpasswd'
              --monitor_https_cors {{ monitor_https_cors }}
239 240
wrapper-path = ${directory:bin}/monitor-configurator

241 242 243 244 245 246 247 248
[monitor-collect-wrapper]
recipe = slapos.cookbook:wrapper
command-line = ${xnice-bin:output} {{ monitor_collect }}
               --output_folder ${monitor-directory:documents}
               --collector_db ${monitor-instance-parameter:collector-db}
               --pid_file ${monitor-directory:pids}/monitor-collect.pid
wrapper-path = ${directory:bin}/monitor-collect

249 250 251 252
[monitor-globalstate-cron-entry]
recipe = slapos.cookbook:cron.d
cron-entries = ${cron:cron-entries}
name = monitor-globalstate
253 254
frequency = */2 * * * *
command = {{ bin_directory }}/randomsleep 20 && ${monitor-globalstate-wrapper:wrapper-path}
255 256 257 258 259 260

[monitor-configurator-cron-entry]
recipe = slapos.cookbook:cron.d
cron-entries = ${cron:cron-entries}
name = monitor-configurator
frequency = * * * * *
261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295
command = {{ bin_directory }}/randomsleep 10 && ${monitor-configurator-wrapper:wrapper-path}

[monitor-collect-cron-entry]
recipe = slapos.cookbook:cron.d
cron-entries = ${cron:cron-entries}
name = monitor_collect
frequency = * * * * *
command = {{ bin_directory }}/randomsleep 40 && ${monitor-collect-wrapper:wrapper-path}

[logrotate-entry-monitor-data]
recipe = collective.recipe.template
name = monitor.data
log = ${monitor-directory:private}/*.data.json ${monitor-directory:documents}/*.data.json
input = inline:${:log} {
    weekly
    nocreate
    olddir ${monitor-directory:documents}
    rotate 104
    nocompress
    missingok
    extension .json
    dateext
    dateformat -%Y-%m-%d
    notifempty
  }
output = ${logrotate-directory:logrotate-entries}/${:name}
mode = 600

[logrotate-entry-monitor-promise-history]
<= logrotate-entry-base
name = monitor.service.status
log = ${monitor-directory:public}/*.history.json
rotate-num = 0
frequency = weekly
pre = {{ monitor_statistic }} --history_folder ${monitor-directory:public}
296

297 298 299 300 301 302 303 304 305
[monitor-httpd-promise]
recipe = slapos.cookbook:check_url_available
path = ${directory:promises}/${:filename}
filename = monitor-httpd-listening-on-tcp
url = ${monitor-httpd-conf-parameter:url}
check-secure = 1
dash_path = {{ dash_executable_location }}
curl_path = {{ curl_executable_location }}

306
[monitor-publish-parameters]
307 308
# XXX depends on monitor-base section
monitor-base-url = ${monitor-base:base-url}
309 310 311
monitor-url = ${:monitor-base-url}/public/feeds
monitor-user = ${monitor-instance-parameter:username}
monitor-password = ${monitor-instance-parameter:password}
312 313

[monitor-instance-parameter]
314 315 316
monitor-title = ${slap-configuration:instance-title}
monitor-httpd-ipv6 = ${slap-configuration:ipv6-random}
monitor-httpd-port = 8196
317 318
# XXX - Set monitor-base-url = ${monitor-httpd-conf-parameter:url} => https://[ipv6]:port
monitor-base-url = ${monitor-frontend-promise:url}
319
#monitor-base-url = ${monitor-httpd-conf-parameter:url}
320
root-instance-title = ${slap-configuration:root-instance-title}
321
monitor-url-list =
322
cors-domains = monitor.app.officejs.com
323 324 325 326
# XXX Hard coded parameter
collector-db = /srv/slapgrid/var/data-log/collector.db
# Credentials
password = ${monitor-htpasswd:passwd}
327
username = admin
328 329 330 331 332 333
# XXX: type key value
# ex raw monitor-password resqdsdsd34
instance-configuration =

configuration-file-path = ${monitor-directory:etc}/monitor_knowledge0.cfg

334 335
interface-url = https://monitor.app.officejs.com

336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355
[monitor-frontend]
<= slap-connection
recipe = slapos.cookbook:requestoptional
name = Monitor Frontend ${monitor-instance-parameter:monitor-title}
# XXX We have hardcoded SR URL here.
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
slave = true
config-url = ${monitor-httpd-conf-parameter:url}
config-https-only = true
#software-type = custom-personal
return = domain secure_access

[monitor-frontend-promise]
recipe = slapos.cookbook:check_url_available
path = ${directory:promises}/monitor-http-frontend
url = ${monitor-frontend:connection-secure_access}
dash_path = {{ dash_executable_location }}
curl_path = {{ curl_executable_location }}
check-secure = 1

356
[monitor-bootstrap-promise]
357 358 359
recipe = slapos.cookbook:promise.plugin
eggs =
  slapos.toolbox
360
file = ${monitor-conf-parameters:promise-output-file}
361 362
content = 
  from slapos.promise.plugin.monitor_bootstrap_status import RunPromise
363 364
output = ${directory:plugins}/monitor-bootstrap-status.py
mode = 600
365 366 367
config-process-pid-file = ${monitor-conf-parameters:pid-file}
config-process-name = ${start-monitor:name}
config-status-file = ${:file}
368

369
[promise-check-slapgrid]
370 371 372
recipe = slapos.cookbook:promise.plugin
eggs =
  slapos.toolbox
373
output = ${directory:plugins}/buildout-${slap-connection:partition-id}-status.py
374 375 376
content = 
  from slapos.promise.plugin.check_partition_deployment_state import RunPromise
config-monitor-url = ${monitor-instance-parameter:monitor-base-url}
377
mode = 600
378

379
[promise-check-free-disk-space]
380 381 382 383 384 385
recipe = slapos.cookbook:wrapper
command-line = {{ check_disk_space }}
               --collectordb ${monitor-instance-parameter:collector-db}
               --home_path ${buildout:directory}
               --config ${:config-file}
wrapper-path = ${directory:promises}/check-free-disk-space
386 387 388
config-file = ${directory:etc}/min-free-disk-size


389 390 391 392 393
[monitor-base]
# create dependencies between required monitor parts
recipe = plone.recipe.command
command = true
update-command = 
394
base-url = ${monitor-conf-parameters:base-url}
395 396 397
depends =
  ${monitor-globalstate-cron-entry:name}
  ${monitor-configurator-cron-entry:name}
398
  ${monitor-collect-cron-entry:name}
399
  ${cron-entry-logrotate:name}
400
  ${logrotate-entry-cron:name}
401 402 403
  ${certificate-authority:wrapper}
  ${monitor-conf:rendered}
  ${start-monitor:wrapper-path}
404
  ${ca-monitor-httpd:wrapper}
405
  ${monitor-httpd-promise:filename}
406
  ${monitor-bootstrap-promise:file}
407 408
  ${monitor-symlink:recipe}
  ${promise-check-slapgrid:recipe}
409
  ${promise-monitor-httpd-is-process-older-than-dependency-set:wrapper-path}
410
  ${logrotate-entry-monitor-httpd:name}
411 412
  ${logrotate-entry-monitor-data:name}
  ${logrotate-entry-monitor-promise-history:name}
413

414
[monitor-publish]
415 416
monitor-base-url = ${monitor-publish-parameters:monitor-base-url}
monitor-setup-url = ${monitor-instance-parameter:interface-url}/#page=settings_configurator&url=${monitor-publish-parameters:monitor-url}&username=${monitor-publish-parameters:monitor-user}&password=${monitor-publish-parameters:monitor-password}
417 418 419 420 421


[buildout]

extends = 
422
  {{ template_logrotate_base }}