From 406958012da0769681cc4d249b75654baee1fe41 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Le=20Ninivin?= <cedric.leninivin@tiolive.com>
Date: Fri, 2 May 2014 11:49:58 +0200
Subject: [PATCH] apache-runner: add log access and publish monitoring url
---
.../instance-apache-frontend.cfg | 12 +-
.../instance-apache-replicate.cfg.in | 8 +-
stack/monitor/monitor.cfg.in | 113 ++++++++++++------
stack/monitor/webfiles/index.html.jinja2 | 2 +
4 files changed, 94 insertions(+), 41 deletions(-)
diff --git a/software/apache-frontend/instance-apache-frontend.cfg b/software/apache-frontend/instance-apache-frontend.cfg
index 4776c78cc..714dd74b0 100644
--- a/software/apache-frontend/instance-apache-frontend.cfg
+++ b/software/apache-frontend/instance-apache-frontend.cfg
@@ -48,7 +48,9 @@ parts =
zero-parameters
public-symlink
cgi-httpd-wrapper
-
+## Monitor for apache
+ monitor-current-log-access
+ monitor-backup-log-access
extends = ${monitor-template:output}
@@ -119,6 +121,14 @@ apache-directory = ${apache-2.2:location}
apache-ipv6 = $${instance-parameter:ipv6-random}
apache-https-port = $${instance-parameter:configuration.port}
+[monitor-current-log-access]
+< = monitor-directory-access
+source = $${directory:log}
+
+[monitor-backup-log-access]
+< = monitor-directory-access
+source = $${directory:logrotate-backup}
+
[jinja2-template-base]
recipe = slapos.recipe.template:jinja2
rendered = $${buildout:directory}/$${:filename}
diff --git a/software/apache-frontend/instance-apache-replicate.cfg.in b/software/apache-frontend/instance-apache-replicate.cfg.in
index 3dc995961..2e8bc8034 100644
--- a/software/apache-frontend/instance-apache-replicate.cfg.in
+++ b/software/apache-frontend/instance-apache-replicate.cfg.in
@@ -59,20 +59,24 @@ sla-{{ parameter }} = {{ slapparameter_dict.pop( sla_key + parameter ) }}
[replicate]
<= slap-connection
-recipe = slapos.cookbook:request
+recipe = slapos.cookbook:requestoptional
software-url = ${slap-connection:software-release-url}
software-type = {{frontend_type}}
-return = private-ipv4 public-ipv4 slave-instance-information-list
+return = private-ipv4 public-ipv4 slave-instance-information-list monitor_url
config = {{ ' '.join(slapparameter_dict.keys()) + ' ' + slave_list_name }}
{% for parameter, value in slapparameter_dict.iteritems() -%}
config-{{parameter}} = {{ value }}
{% endfor -%}
config-{{ slave_list_name }} = {{ json_module.dumps(slave_instance_list) }}
+connection-monitor_url =
[publish-information]
recipe = slapos.cookbook:publish
domain = {{ slapparameter_dict.get('domain') }}
slave-amount = {{ slave_instance_list | length }}
+{% for frontend in frontend_section_list %}
+{{ frontend }}-monitor-url = {{ '${' + frontend + ':connection-monitor_url}' }}
+{% endfor -%}
{% for frontend in frontend_list -%}
#{{frontend}}-private-ipv4 = ${request-{{frontend}}:private-ipv4}
{% endfor -%}
diff --git a/stack/monitor/monitor.cfg.in b/stack/monitor/monitor.cfg.in
index aa39270eb..47963f018 100644
--- a/stack/monitor/monitor.cfg.in
+++ b/stack/monitor/monitor.cfg.in
@@ -7,20 +7,23 @@ key = $${slap-connection:key-file}
cert = $${slap-connection:cert-file}
[monitor-parameters]
-monitor-dir = $${directory:var}/monitor
+monitor-dir = $${monitor-directory:var}/monitor
result-dir = $${:monitor-dir}/bool
json-filename = monitor.json
json-path = $${:monitor-dir}/$${:json-filename}
rss-path = $${:public-cgi}/$${:rss-filename}
rss-filename = rssfeed.html
-executable = $${directory:bin}/monitor.py
-cgi-bin = $${directory:cgi-bin}
-monitoring-cgi = $${directory:monitoring-cgi}
-knowledge0-cgi = $${directory:knowledge0-cgi}
-public-cgi = $${directory:public-cgi}
+executable = $${monitor-directory:bin}/monitor.py
+cgi-bin = $${monitor-directory:cgi-bin}
+monitoring-cgi = $${monitor-directory:monitoring-cgi}
+knowledge0-cgi = $${monitor-directory:knowledge0-cgi}
+public-cgi = $${monitor-directory:public-cgi}
port = 9685
+private-directory = $${monitor-directory:monitor-private-directory}
+htaccess-file = $${monitor-htaccess:htaccess-path}
-[directory]
+[monitor-directory]
+recipe = slapos.cookbook:mkdirectory
home = $${buildout:directory}
etc = $${:home}/etc
bin = $${:home}/bin
@@ -37,34 +40,35 @@ crontabs = $${:etc}/crontabs
cronstamps = $${:etc}/cronstamps
log = $${:var}/log
monitor = $${:etc}/monitor
-monitor-result = $${monitor-parameters:monitor-dir}
-monitor-result-bool = $${monitor-parameters:result-dir}
+monitor-result = $${:var}/monitor
+monitor-result-bool = $${:var}/monitor
promise = $${:etc}/promise
public-cgi = $${:cgi-bin}/public
run = $${:var}/run
service = $${:etc}/service/
tmp = $${:home}/tmp
www = $${:var}/www
+monitor-private-directory = $${:srv}/monitor-private
[public-symlink]
recipe = cns.recipe.symlink
-symlink = $${monitor-parameters:public-cgi} = $${directory:www}/public
+symlink = $${monitor-parameters:public-cgi} = $${monitor-directory:www}/public
autocreate = true
[cron]
recipe = slapos.cookbook:cron
dcrond-binary = ${dcron:location}/sbin/crond
-cron-entries = $${directory:cron-entries}
-crontabs = $${directory:crontabs}
-cronstamps = $${directory:cronstamps}
+cron-entries = $${monitor-directory:cron-entries}
+crontabs = $${monitor-directory:crontabs}
+cronstamps = $${monitor-directory:cronstamps}
catcher = $${cron-simplelogger:wrapper}
-binary = $${directory:service}/crond
+binary = $${monitor-directory:service}/crond
# Add log to cron
[cron-simplelogger]
recipe = slapos.cookbook:simplelogger
-wrapper = $${directory:bin}/cron_simplelogger
-log = $${directory:log}/cron.log
+wrapper = $${monitor-directory:bin}/cron_simplelogger
+log = $${monitor-directory:log}/cron.log
[cron-entry-monitor]
<= cron
@@ -84,14 +88,14 @@ command = $${make-rss:output}
recipe = hexagonit.recipe.download
url = ${download-static-files:destination}/${download-static-files:filename}
filename = static
-destination = $${directory:www}
+destination = $${monitor-directory:www}
ignore-existing = true
mode = 0644
[deploy-index]
recipe = slapos.recipe.template:jinja2
template = ${index:location}/${index:filename}
-rendered = $${directory:www}/$${:filename}
+rendered = $${monitor-directory:www}/$${:filename}
filename = index.cgi
mode = 0744
context =
@@ -104,7 +108,7 @@ context =
[deploy-index-template]
recipe = hexagonit.recipe.download
url = ${index-template:location}/$${:filename}
-destination = $${directory:www}
+destination = $${monitor-directory:www}
filename = ${index-template:filename}
download-only = true
mode = 0644
@@ -138,7 +142,7 @@ template = ${monitor-bin:location}/${monitor-bin:filename}
rendered = $${monitor-parameters:executable}
mode = 0744
context =
- section directory directory
+ section directory monitor-directory
key monitoring_file_json monitor-parameters:json-path
key monitoring_folder_bool monitor-parameters:result-dir
raw python_executable ${buildout:executable}
@@ -146,7 +150,7 @@ context =
[deploy-rss-script]
recipe = hexagonit.recipe.download
url = ${rss-bin:destination}/${rss-bin:filename}
-destination = $${directory:bin}
+destination = $${monitor-directory:bin}
filename = ${rss-bin:filename}
mode = 0744
download-only = true
@@ -154,23 +158,34 @@ download-only = true
[make-rss]
recipe = slapos.recipe.template
url = ${make-rss-script:output}
-output = $${directory:bin}/make-rss.sh
+output = $${monitor-directory:bin}/make-rss.sh
mode = 0744
+[monitor-htaccess]
+recipe = plone.recipe.command
+stop-on-error = true
+htaccess-path = $${monitor-directory:monitor}/.htaccess
+command = ${apache:location}/bin/htpasswd -cb $${:htaccess-path} admin $${zero-parameters:monitor-password}
+
+[monitor-directory-access]
+recipe = plone.recipe.command
+command = ln -s $${:source} $${monitor-directory:monitor-private-directory}
+source =
+
[cadirectory]
recipe = slapos.cookbook:mkdirectory
-requests = $${directory:ca-dir}/requests/
-private = $${directory:ca-dir}/private/
-certs = $${directory:ca-dir}/certs/
-newcerts = $${directory:ca-dir}/newcerts/
-crl = $${directory:ca-dir}/crl/
+requests = $${monitor-directory:ca-dir}/requests/
+private = $${monitor-directory:ca-dir}/private/
+certs = $${monitor-directory:ca-dir}/certs/
+newcerts = $${monitor-directory:ca-dir}/newcerts/
+crl = $${monitor-directory:ca-dir}/crl/
[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = ${openssl:location}/bin/openssl
-ca-dir = $${directory:ca-dir}
+ca-dir = $${monitor-directory:ca-dir}
requests-directory = $${cadirectory:requests}
-wrapper = $${directory:service}/certificate_authority
+wrapper = $${monitor-directory:service}/certificate_authority
ca-private = $${cadirectory:private}
ca-certs = $${cadirectory:certs}
ca-newcerts = $${cadirectory:newcerts}
@@ -181,8 +196,8 @@ ca-crl = $${cadirectory:crl}
recipe = slapos.cookbook:certificate_authority.request
key-file = $${cadirectory:certs}/httpd.key
cert-file = $${cadirectory:certs}/httpd.crt
-executable = $${directory:bin}/cgi-httpd
-wrapper = $${directory:service}/cgi-httpd
+executable = $${monitor-directory:bin}/cgi-httpd
+wrapper = $${monitor-directory:service}/cgi-httpd
# Put domain name
name = example.com
@@ -214,11 +229,18 @@ input = inline:
LoadModule unixd_module modules/mod_unixd.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule authz_core_module modules/mod_authz_core.so
+ LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule mime_module modules/mod_mime.so
LoadModule cgid_module modules/mod_cgid.so
LoadModule dir_module modules/mod_dir.so
LoadModule ssl_module modules/mod_ssl.so
+ LoadModule alias_module modules/mod_alias.so
+ LoadModule autoindex_module modules/mod_autoindex.so
+ LoadModule auth_basic_module modules/mod_auth_basic.so
+ LoadModule authz_user_module modules/mod_authz_user.so
+ LoadModule authn_file_module modules/mod_authn_file.so
+
# SSL Configuration
<IfDefine !SSLConfigured>
Define SSLConfigured
@@ -243,14 +265,29 @@ input = inline:
AddHandler cgi-script .cgi
DirectoryIndex $${deploy-index:filename}
</Directory>
-output = $${directory:etc}/cgi-httpd.conf
+ Alias /private/ $${monitor-parameters:private-directory}/
+ <Directory $${monitor-parameters:private-directory}>
+ Order Deny,Allow
+ Deny from env=AUTHREQUIRED
+ <Files ".??*">
+ Order Allow,Deny
+ Deny from all
+ </Files>
+ AuthType Basic
+ AuthName "Private access"
+ AuthUserFile "$${monitor-parameters:htaccess-file}"
+ Require valid-user
+ Options Indexes FollowSymLinks
+ Satisfy all
+ </Directory>
+output = $${monitor-directory:etc}/cgi-httpd.conf
listening-ip = $${slap-parameters:ipv6-random}
# XXX: randomize-me
-htdocs = $${directory:www}
-pid-file = $${directory:run}/cgi-httpd.pid
-cgid-pid-file = $${directory:run}/cgi-httpd-cgid.pid
-document-root = $${directory:www}
-error-log = $${directory:log}/cgi-httpd-error-log
+htdocs = $${monitor-directory:www}
+pid-file = $${monitor-directory:run}/cgi-httpd.pid
+cgid-pid-file = $${monitor-directory:run}/cgi-httpd-cgid.pid
+document-root = $${monitor-directory:www}
+error-log = $${monitor-directory:log}/cgi-httpd-error-log
[cgi-httpd-wrapper]
recipe = slapos.cookbook:wrapper
@@ -260,7 +297,7 @@ wrapper-path = $${ca-httpd:executable}
[monitor-promise]
recipe = slapos.cookbook:check_url_available
-path = $${directory:promises}/monitor
+path = $${monitor-directory:promises}/monitor
url = https://[$${cgi-httpd-configuration-file:listening-ip}]:$${monitor-parameters:port}/$${deploy-index:filename}
check-secure = 1
dash_path = ${dash:location}/bin/dash
diff --git a/stack/monitor/webfiles/index.html.jinja2 b/stack/monitor/webfiles/index.html.jinja2
index 4977ae82f..a8250012d 100644
--- a/stack/monitor/webfiles/index.html.jinja2
+++ b/stack/monitor/webfiles/index.html.jinja2
@@ -17,6 +17,8 @@
<li><a href="{{ category }}/{{ script }}" class="script">{{ script }}</a></li>
{% endfor %}
{% endfor %}
+ <li class="pure-menu-heading category">Files</li>
+ <li><a href="./private/" class="link"> User: admin</br> Password is yours</a></li>
</ul>
</div>
</div>
--
2.30.9