[buildout]
extends = {{ template_runner_path }}
          {{ pbsready_import_template_path }}

parts +=
  nginx_conf
  nginx-launcher
  certificate-authority
  ca-nginx
  certificate-authority-service
  ca-nginx-service
  gunicorn-launcher
  gunicorn-graceful
  slaprunner-promise
  slaprunner-supervisord-wrapper
  runner-sshd-add-authorized-key
  runner-sshd-graceful
  runner-sshd-promise
  runner-sshkeys-authority
  runner-sshkeys-authority-service
  runner-sshkeys-sshd
  runner-sshkeys-sshd-service
  runtestsuite
  shellinabox
  shellinabox-service
  symlinks
  slapos-cfg
  cron-entry-prepare-software
  deploy-instance-parameters
  instance-software-type
  bash-profile
  supervisord-wrapper
  importer-consistency-promise
  software-release-deployment-promise

  resilient-software-release-information
# have to repeat the next one, as it's not inherited from pbsready-import
  import-on-notification

  monitor-base

[directory]
recipe = slapos.cookbook:mkdirectory
# XXX - keep srv path with slash at the end.
srv = ${:home}/srv/


# For the needs of importer, we run the full slaprunner
# In case both exporter and importer (aka main instance and clone instance)
# run with the same IP (usually for testing purposes),
# run slaprunner using different ports.
[proxy-free-port]
recipe = slapos.cookbook:free_port
minimum = 49990
maximum = 49999
ip = ${slap-network-information:local-ipv4}

[runner-free-port]
recipe = slapos.cookbook:free_port
minimum = 50015
maximum = 50024
ip = ${slap-network-information:global-ipv6}

[slaprunner]
proxy_port = ${proxy-free-port:port}
runner_port = ${runner-free-port:port}

[supervisord-free-port]
recipe = slapos.cookbook:free_port
minimum = 39996
maximum = 40005
ip = ${slaprunner:ipv4}

[supervisord]
port = ${supervisord-free-port:port}

[runner-sshd-port]
minimum = 22232
maximum = 22241

# Deactivate the call to prepareSoftware, and let the importer script
# handle the build&run of the instance.
[cron-entry-prepare-software]
recipe =

[importer]
recipe = slapos.recipe.template:jinja2
template = {{ importer_script_path }}
rendered = ${directory:bin}/${slap-parameter:namebase}-importer
# backward compatibility for resilient stack
wrapper = ${:rendered}
mode = 700
restore-exit-code-file = ${directory:srv}/${:restore-exit-code-file-basename}
restore-exit-code-file-basename = importer-exit-code-file
restore-error-message-file = ${directory:srv}/${:restore-error-message-file-basename}
restore-error-message-file-basename = importer-error-message-file
resilient-log-basename = resilient.log
context =
  import sys sys
  import easy_install zc.buildout.easy_install
  key backend_url slaprunner:access-url
  key ipv4 slaprunner:ipv4
  key ipv6 slaprunner:ipv6
  key proxy_port slaprunner:proxy_port
  key instance_folder slaprunner:instance_root
  section directory directory
  section supervisord supervisord
  raw  output_log_file ${directory:log}/${:resilient-log-basename}
  raw  shell_binary {{ bash_executable_location }}
  raw  rsync_binary {{ rsync_executable_location }}
  raw  restore_exit_code_file ${:restore-exit-code-file}
  raw  restore_error_message_file ${:restore-error-message-file}

[importer-consistency-bin]
# Test that the importer script and "after-import" subscripts
# are not older than 2 days (1 day + some slack), and have succeeded
recipe = collective.recipe.template
input = inline: #!/bin/sh
  EXIT_CODE_FILE="${importer:restore-exit-code-file}"
  RECENT_EXIT_CODE_FILE=$(find ${directory:srv} -maxdepth 1 -name "${importer:restore-exit-code-file-basename}" -mtime -2)
  RESILIENT_LOG_URL=${monitor-publish-parameters:monitor-base-url}/log/${importer:resilient-log-basename}
  if [ ! -f "$EXIT_CODE_FILE" ]; then
    exit 0;
  else
    if [ -z "$RECENT_EXIT_CODE_FILE" ]; then
       echo "Consistency check is too old.";
       exit 1;
    else
      if [ -f "${importer:restore-error-message-file}" ]; then
        cat ${importer:restore-error-message-file}
      fi
      echo "More information can be found here : $RESILIENT_LOG_URL";
      exit $(cat $EXIT_CODE_FILE);
    fi
  fi
  exit 1; # Something else went wrong
output = ${directory:bin}/importer-consistency-promise
mode = 755

[importer-consistency-promise]
<= monitor-promise-base
module = check_command_execute
name = importer-consistency-promise.py
config-command = ${importer-consistency-promise:output}

[software-release-deployment-bin]
recipe = collective.recipe.template
input = inline: #!/bin/sh
  PROJECT_FILE=$(find "${directory:etc}" -maxdepth 1 -name .project)
  if [ -z "$PROJECT_FILE" ]; then
    exit 0;
  else
    INSTALLATION_FILE=$(find "${runnerdirectory:software-root}" -mindepth 2 -maxdepth 2 -name .completed)
    if [ -n "$INSTALLATION_FILE" ]; then
      exit 0;
    else
      exit 1;
    fi
  fi
  exit 1
output = ${directory:bin}/software-release-deployment-promise
mode = 755

[software-release-deployment-promise]
<= monitor-promise-base
module = check_command_execute
name = software-release-deployment-promise.py
config-command =${software-release-deployment-bin:output}

[resilient-software-release-information]
recipe = slapos.recipe.template
url = {{ software_release_information_template }}
output = ${directory:cgi-bin}/resilient_software_release_information.py
resilient-log-url = ${monitor-publish-parameters:monitor-base-url}/log/${importer:resilient-log-basename}
mode = 0600

[slap-parameter]
auto-deploy-instance = false
auto-deploy = true

[resilient-publish-connection-parameter]
monitor-base-url = ${monitor-publish-parameters:monitor-base-url}
monitor-url = ${monitor-publish-parameters:monitor-url}
monitor-user = ${monitor-publish-parameters:monitor-user}
monitor-password = ${monitor-publish-parameters:monitor-password}

[monitor-instance-parameter]
monitor-httpd-port = 8360
monitor-title = {{ slapparameter_dict.get('name', 'Webrunner import') }}
cors-domains = {{ slapparameter_dict.get('monitor-cors-domains', 'monitor.app.officejs.com') }}
{% if slapparameter_dict.get('monitor-username', '') -%}
username = {{ slapparameter_dict['monitor-username'] }}
{% endif -%}
{% if slapparameter_dict.get('monitor-password', '') -%}
password = {{ slapparameter_dict['monitor-password'] }}
{% endif -%}
instance-configuration =
  raw takeover-url http://[${resilient-web-takeover-httpd-configuration-file:listening-ip}]:${resilient-web-takeover-httpd-configuration-file:listening-port}/
  raw takeover-password ${resilient-web-takeover-password:passwd}
configuration-file-path = ${buildout:directory}/knowledge0.cfg

[monitor-conf-parameters]
private-path-list +=
  $${logrotate-directory:logrotate-backup}

[post-notification-run]
recipe = slapos.cookbook:wrapper
command-line = {{ software_release_bin }}/runner-importer-post-notification-run --diff-file ${:diff-file} --proof-signature-file ${:proof-signature-file} --srv-path ${directory:srv} --backup-path ${directory:backup}
wrapper-path = ${rootdirectory:bin}/post-notification-run
output = ${:wrapper-path}
mode = 0700