instance-runner.cfg 18.5 KB
Newer Older
1 2
[buildout]
parts =
3 4 5 6
  nginx_conf
  nginx-launcher
  certificate-authority
  ca-nginx
7
  ca-shellinabox
8 9
  gunicorn-launcher
  gunicorn-graceful
10
  sshkeys-dropbear-runner
11
  dropbear-server-add-authorized-key
12
  sshkeys-authority
13
  publish-connection-informations
14 15 16
  slaprunner-promise
  slaprunner-frontend-promise
  dropbear-promise
17
  runtestsuite
18
  shellinabox-promise
19
  symlinks
20
  shellinabox
21
  slapos-cfg
22
  slapos-repo-config
23
  cron-entry-prepare-software
24
  deploy-instance-parameters
25 26 27
{% if slapparameter_dict.get('custom-frontend-backend-url') %}
  custom-frontend-promise
{% endif %}
28 29 30 31 32 33
###Parts to add for monitoring
  slap-parameters
  certificate-authority
  cron
  cron-entry-monitor
  cron-entry-rss
34
  deploy-index
35
  deploy-index-template
36 37
  deploy-monitor-script
  deploy-rss-script
38 39
  deploy-settings-cgi
  deploy-status-cgi
40
  make-rss
41
  monitor-promise
42
  setup-static-files
43 44 45 46
  certificate-authority
  public
  zero-parameters
  cgi-httpd-wrapper
47
  public-symlink
48 49

extends = ${monitor-template:output}
50 51 52 53 54

eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true

55 56 57 58 59 60 61 62 63 64 65 66 67
{% if slapparameter_dict.get('custom-frontend-backend-url') -%}
# Requests, if defined, a frontend to allow access to a server
# located inside of the virtual machine listening to port X
# to LAN IPv4.
# Internaly, the frontend will be asked to listen on the IPv6
# with port X + 10000, to match NAT rules of Qemu.
[request-custom-frontend]
recipe = slapos.cookbook:request
software-url = {{ slapparameter_dict.get('custom-frontend-software-url', 'http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg') }}
software-type = {{ slapparameter_dict.get('custom-frontend-software-type', 'RootSoftwareInstance') }}
slave = true
name = Custom Web Frontend

68 69 70 71 72
server-url = $${slap-connection:server-url}
key-file = $${slap-connection:key-file}
cert-file = $${slap-connection:cert-file}
computer-id = $${slap-connection:computer-id}
partition-id = $${slap-connection:partition-id}
73 74 75

{% if slapparameter_dict.get('custom-frontend-instance-guid') -%}
sla = instance_guid
76
sla-instance_guid = $${slap-parameter:frontend-instance-guid}
77 78
{% endif -%}

79
config = url
80
config-url = {{ slapparameter_dict.get('custom-frontend-backend-url') }}
81
return = site_url domain
82 83 84

[custom-frontend-promise]
recipe = slapos.cookbook:check_url_available
85 86 87 88 89
path = $${directory:promises}/custom_frontend_promise
url = https://$${request-custom-frontend:connection-domain}
{% if slapparameter_dict.get('custom-frontend-basic-auth') -%}
check-secure = 1
{% endif -%}
90 91 92 93
dash_path = {{ dash_executable_location }}
curl_path = {{ curl_executable_location }}

[publish-connection-informations]
94
custom-frontend-url = https://$${request-custom-frontend:connection-domain}
95 96
{% endif -%}

97
# Create all needed directories
98
[directory]
99 100 101 102 103
recipe = slapos.cookbook:mkdirectory
etc = $${buildout:directory}/etc/
var = $${buildout:directory}/var/
srv = $${buildout:directory}/srv/
bin = $${buildout:directory}/bin/
104
tmp = $${buildout:directory}/tmp/
105

106 107 108 109 110 111 112 113 114
sshkeys = $${:srv}/sshkeys
services = $${:etc}/service/
scripts = $${:etc}/run/
ssh = $${:etc}/ssh/
log = $${:var}/log/
run = $${:var}/run/
backup = $${:srv}/backup/
promises = $${:etc}/promise/
test = $${:etc}/test/
115
nginx-data = $${directory:srv}/nginx
116
ca-dir = $${:srv}/ssl
117
project = $${:srv}/runner/project
118 119 120

[runnerdirectory]
recipe = slapos.cookbook:mkdirectory
121 122
home = $${directory:srv}/runner/
test = $${directory:srv}/test/
123
project = $${:home}/project
124
public = $${:home}/public
125 126
software-root = $${:home}/software
instance-root = $${:home}/instance
127 128 129
project-test = $${:test}/project
software-test = $${:test}/software
instance-test = $${:test}/instance
130
sessions = $${buildout:directory}/.sessions
131

132 133
#Create password recovery code for slaprunner
[recovery-code]
134
recipe = slapos.cookbook:generate.password
135
storage-path = $${directory:etc}/.rcode
136
bytes = 8
137

138
[slaprunner]
139
slaprunner = ${buildout:directory}/bin/slaprunner
140
slapos = ${buildout:directory}/bin/slapos
141 142
slapproxy = ${buildout:directory}/bin/slapproxy
supervisor = ${buildout:directory}/bin/slapgrid-supervisorctl
143
git-binary = ${git:location}/bin/git
144
root_check = false
145
slapos.cfg = $${directory:etc}/slapos.cfg
146 147
working-directory = $${runnerdirectory:home}
project-directory = $${runnerdirectory:project}
148 149
instance_root = $${runnerdirectory:instance-root}
software_root = $${runnerdirectory:software-root}
150 151
#XXX-Nico hardcoded default port because overridden by this buildout config
instance-monitor-url = https://[$${:ipv6}]:9685
152 153 154
etc_dir = $${directory:etc}
log_dir =  $${directory:log}
run_dir = $${directory:run}
155 156 157
ssh_client = $${sshkeys-dropbear-runner:wrapper}
public_key = $${sshkeys-dropbear-runner:public-key}
private_key = $${sshkeys-dropbear-runner:private-key}
158 159
ipv4 = $${slap-network-information:local-ipv4}
ipv6 = $${slap-network-information:global-ipv6}
160
instance_root = $${runnerdirectory:instance-root}
Jean-Baptiste Petre's avatar
Jean-Baptiste Petre committed
161
proxy_port = 50000
162
runner_port = 50005
163
partition-amount = $${slap-parameter:instance-amount}
164
wrapper = $${directory:services}/slaprunner
165
debug = $${slap-parameter:debug}
166
access-url = https://[$${:ipv6}]:$${:runner_port}
167 168
supervisord_config = $${directory:etc}/supervisord.conf
proxy_database = $${slaprunner:working-directory}/proxy.db
169 170 171
console = False
verbose = False
debug = False
172 173 174 175
auto_deploy = $${slap-parameter:auto-deploy}
auto_deploy_instance = $${slap-parameter:auto-deploy-instance}
autorun = $${slap-parameter:autorun}
knowledge0_file = $${buildout:directory}/$${public:filename}
176

177 178
[test-runner]
<= slaprunner
179
slapos.cfg = $${directory:etc}/slapos-test.cfg
180 181 182 183
working-directory = $${runnerdirectory:test}
project-directory = $${runnerdirectory:project-test}
software-directory = $${runnerdirectory:software-test}
instance-directory = $${runnerdirectory:instance-test}
184
proxy_port = 8602
185 186
etc_dir = $${directory:test}

187 188 189 190 191 192
[runtestsuite]
recipe = slapos.cookbook:wrapper
command-line = ${buildout:directory}/bin/slaprunnertest
wrapper-path = $${directory:bin}/runTestSuite
environment = RUNNER_CONFIG=$${slapos-test-cfg:rendered}

193 194 195 196 197
# Deploy dropbear (minimalist SSH server)
[sshkeys-directory]
recipe = slapos.cookbook:mkdirectory
requests = $${directory:sshkeys}/requests/
keys = $${directory:sshkeys}/keys/
198

199 200 201 202
[sshkeys-authority]
recipe = slapos.cookbook:sshkeys_authority
request-directory = $${sshkeys-directory:requests}
keys-directory = $${sshkeys-directory:keys}
203
wrapper = $${directory:services}/sshkeys_authority
204 205
keygen-binary = ${dropbear:location}/bin/dropbearkey

206
[dropbear-runner-server]
207 208
recipe = slapos.cookbook:dropbear
host = $${slap-network-information:global-ipv6}
209
port = 22222
210
home = $${directory:ssh}
211 212
wrapper = $${directory:bin}/runner_sshd
shell = ${bash:location}/bin/bash
213 214 215
rsa-keyfile = $${directory:ssh}/server_key.rsa
dropbear-binary = ${dropbear:location}/sbin/dropbear

216
[sshkeys-dropbear-runner]
217 218 219 220
<= sshkeys-authority
recipe = slapos.cookbook:sshkeys_authority.request
name = dropbear
type = rsa
221 222 223 224
executable = $${dropbear-runner-server:wrapper}
public-key = $${dropbear-runner-server:rsa-keyfile}.pub
private-key = $${dropbear-runner-server:rsa-keyfile}
wrapper = $${directory:services}/runner_sshd
225 226

[dropbear-server-add-authorized-key]
227
<= dropbear-runner-server
228
recipe = slapos.cookbook:dropbear.add_authorized_key
229
key = $${slap-parameter:user-authorized-key}
230

231
#---------------------------
232
#--
233 234
#-- Set nginx frontend

235 236 237 238 239 240 241 242 243 244 245 246
[tempdirectory]
recipe = slapos.cookbook:mkdirectory
client_body_temp_path = $${directory:tmp}/client_body_temp_path
proxy_temp_path = $${directory:tmp}/proxy_temp_path
fastcgi_temp_path = $${directory:tmp}/fastcgi_temp_path
uwsgi_temp_path = $${directory:tmp}/uwsgi_temp_path
scgi_temp_path = $${directory:tmp}/scgi_temp_path

[nginx-frontend]
# Options
nb_workers = 2
# Network
247
local-ip = $${slap-network-information:local-ipv4}
248
port = 30001
249 250
global-ip = $${slap-network-information:global-ipv6}
global-port = $${slaprunner:runner_port}
251
# Backend
252 253
runner-ip = $${slaprunner:ipv4}
runner-port = $${slaprunner:runner_port}
254 255 256 257 258 259 260 261
# SSL
ssl-certificate = $${ca-nginx:cert-file}
ssl-key = $${ca-nginx:key-file}
# Log
path_pid = $${directory:run}/nginx.pid
path_log = $${directory:log}/nginx.log
path_access_log = $${directory:log}/nginx.access.log
path_error_log = $${directory:log}/nginx.error.log
262
path_tmp = $${directory:tmp}/
263 264 265
# Config files
path_nginx_conf = $${directory:etc}/nginx.conf
# Executables
266
bin_nginx = ${nginx-webdav:location}/sbin/nginx
267
bin_launcher = $${directory:bin}/launcher
268 269
# Utils
path_shell = ${dash:location}/bin/dash
270 271
# Misc.
etc_dir = $${directory:etc}
272
work_dir = $${slaprunner:working-directory}
273 274 275 276 277 278

[nginx_conf]
recipe = slapos.recipe.template:jinja2
template = ${template_nginx_conf:location}/${template_nginx_conf:filename}
rendered = $${nginx-frontend:path_nginx_conf}
context =
279
    key shellinabox_port shellinabox:port
280
    key socket gunicorn:socket
281 282 283 284 285 286 287 288 289 290 291
    section param_nginx_frontend nginx-frontend
    section param_tempdir tempdirectory

[nginx-launcher]
recipe = slapos.recipe.template:jinja2
template = ${template_launcher:location}/${template_launcher:filename}
rendered = $${nginx-frontend:bin_launcher}
mode = 700
context =
    section param_nginx_frontend nginx-frontend

292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313
[httpd-parameters]
path_pid = $${directory:run}/httpd.pid
path_error_log = $${directory:log}/httpd-error.log
path_access_log = $${directory:log}/httpd-access.log
key_file = $${ca-httpd:key-file}
cert_file = $${ca-httpd:cert-file}
global_ip = $${slap-network-information:global-ipv6}
global_port = $${slaprunner:runner_port}
monitor_port = $${monitor-parameters:port}
monitor_index = $${deploy-index:rendered}
working_directory = $${slaprunner:working-directory}
dav_lock = $${directory:var}/DavLock
etc_dir = $${directory:etc}
document_root = $${directory:www}
project_folder = $${directory:project}
git_http_backend = ${git:location}/libexec/git-core/git-http-backend
cgi_httpd_conf = $${cgi-httpd-configuration-file:output}

[httpd-conf]
recipe = slapos.recipe.template:jinja2
template = ${template_httpd_conf:location}/${template_httpd_conf:filename}
rendered = $${directory:etc}/httpd.conf
314
context =
315 316 317
    section parameters httpd-parameters

[cgi-httpd-wrapper]
318 319 320
recipe = slapos.cookbook:wrapper
apache-executable = ${apache:location}/bin/httpd
wrapper-path = $${ca-httpd:executable}
321 322
command-line = $${:apache-executable} -f $${httpd-conf:rendered} -DFOREGROUND

323 324 325 326
#--------------------
#--
#-- WSGI

327
[gunicorn]
328 329 330 331 332 333 334 335
bin_gunicorn = $${directory:bin}/gunicorn
bin_launcher = $${directory:services}/gunicorn
path_shell = ${dash:location}/bin/dash
socket = $${directory:tmp}/flaskserver.sock
path_pid = $${directory:run}/gunicorn.pid

[gunicorn-launcher]
recipe = slapos.cookbook:wrapper
336 337
command-line = $${gunicorn:bin_gunicorn} slapos.runner:app -p $${gunicorn:path_pid} -b unix:$${gunicorn:socket} -e RUNNER_CONFIG=$${slaprunner:slapos.cfg} --preload
wrapper-path = $${gunicorn:bin_launcher}
338 339 340 341 342
environment = PATH=$${environ:PATH}
  RUNNER_CONFIG=$${slaprunner:slapos.cfg}

[gunicorn-graceful]
recipe = slapos.cookbook:wrapper
343
command-line = $${directory:bin}/killpidfromfile $${gunicorn:path_pid} SIGHUP
344 345
wrapper-path = $${directory:scripts}/gunicorn-graceful

346
#--------------------
347
#--
348
#-- ssl certificates
349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373

[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = ${openssl:location}/bin/openssl
ca-dir = $${directory:ca-dir}
requests-directory = $${cadirectory:requests}
wrapper = $${directory:services}/certificate_authority
ca-private = $${cadirectory:private}
ca-certs = $${cadirectory:certs}
ca-newcerts = $${cadirectory:newcerts}
ca-crl = $${cadirectory:crl}

[cadirectory]
recipe = slapos.cookbook:mkdirectory
requests = $${directory:ca-dir}/requests/
private = $${directory:ca-dir}/private/
certs = $${directory:ca-dir}/certs/
newcerts = $${directory:ca-dir}/newcerts/
crl = $${directory:ca-dir}/crl/

[ca-nginx]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = $${cadirectory:certs}/nginx_frontend.key
cert-file = $${cadirectory:certs}/nginx_frontend.crt
374 375
executable = $${nginx-launcher:rendered}
wrapper = $${directory:services}/nginx-frontend
376 377 378
# Put domain name
name = example.com

379 380 381 382 383
[ca-shellinabox]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
executable = $${shellinabox:wrapper}
wrapper = $${directory:services}/shellinaboxd
384 385
key-file = $${cadirectory:certs}/shellinabox.key
cert-file = $${cadirectory:certs}/shellinabox.crt
386
#--------------------
387 388
#--
#-- Request frontend
389

390 391
[request-frontend]
<= slap-connection
392
recipe = slapos.cookbook:requestoptional
393
name = SlapRunner Frontend
394 395 396
# XXX We have hardcoded SR URL here.
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
slave = true
397
config = url domain
398
config-url = $${slaprunner:access-url}
399
config-domain = $${slap-parameter:frontend-domain}
400
return = site_url domain
401

402 403 404 405 406 407 408 409 410 411 412 413
[monitor-frontend]
<= slap-connection
recipe = slapos.cookbook:requestoptional
name = Monitor Frontend
# XXX We have hardcoded SR URL here.
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
slave = true
config = url domain
config-url = https://[$${cgi-httpd-configuration-file:listening-ip}]:$${monitor-parameters:port}
config-domain = $${slap-parameter:frontend-domain}
return = site_url domain

414
#--------------------------------------
415 416
#--
#-- Send informations to SlapOS Master
417

418 419
[publish-connection-informations]
recipe = slapos.cookbook:publish
420
1_info = On your first run, Use "access_url" to setup you account. Then you can use both "url" or "access_url". Or "backend_url" if you want to use ipv6. Set up your account in the webrunner in order to use webdav, and being able to clone your git repositories from the runner.
421
2_info = In order to set up your account, get the recovery-code from the monitoring interface. Before read the notification on monitor_info.
422
backend_url = $${slaprunner:access-url}
423
access_url = $${:url}/login
424
url =  https://$${request-frontend:connection-domain}
425
ssh_command = ssh $${dropbear-runner-server:host} -p $${dropbear-runner-server:port}
426
webdav_url = https://$${request-frontend:connection-domain}/share
427
monitor_url = https://$${monitor-frontend:connection-domain}
428
public_url =  $${:url}/public/
429

430 431 432
#---------------------------
#--
#-- Deploy promises scripts
Jean-Baptiste Petre's avatar
Jean-Baptiste Petre committed
433

434 435
[slaprunner-promise]
recipe = slapos.cookbook:check_port_listening
436
path = $${directory:promises}/slaprunner
437 438
hostname = $${slaprunner:ipv6}
port = $${slaprunner:runner_port}
Jean-Baptiste Petre's avatar
Jean-Baptiste Petre committed
439

440
[slaprunner-frontend-promise]
Jean-Baptiste Petre's avatar
Jean-Baptiste Petre committed
441
recipe = slapos.cookbook:check_url_available
442
path = $${directory:promises}/slaprunner_frontend
443
url = https://$${request-frontend:connection-domain}/login
Jean-Baptiste Petre's avatar
Jean-Baptiste Petre committed
444 445 446
dash_path = ${dash:location}/bin/dash
curl_path = ${curl:location}/bin/curl

447 448
[dropbear-promise]
recipe = slapos.cookbook:check_port_listening
449
path = $${directory:promises}/dropbear
450 451
hostname = $${dropbear-runner-server:host}
port = $${dropbear-runner-server:port}
452

453 454 455 456 457 458
[shellinabox-promise]
recipe = slapos.cookbook:check_port_listening
path = $${directory:promises}/shellinabox
hostname = $${shellinabox:ipv6}
port = $${shellinabox:port}

459 460
[symlinks]
recipe = cns.recipe.symlink
461
symlink_target = $${directory:bin}
462
symlink_base = ${buildout:directory}/bin
463 464 465

[slap-parameter]
# Default value if no ssh key is specified
466
user-authorized-key =
467
# Default value of instances number in slaprunner
468
instance-amount = 10
469 470
debug = false
frontend-domain =
471 472 473
slapos-repository = http://git.erp5.org/repos/slapos.git
slapos-software =
slapos-reference = master
474
auto-deploy = false
475
auto-deploy-instance = true
476
autorun = false
477
monitor-port = 9684
478 479 480

[monitor-parameters]
port = $${slap-parameter:monitor-port}
481

482 483 484 485 486 487
[slapos-cfg]
recipe = slapos.recipe.template:jinja2
template = ${slapos-cfg-template:location}/${slapos-cfg-template:filename}
rendered = $${slaprunner:slapos.cfg}
mode = 700
context =
488
  section slaprunner slaprunner
489

490 491 492
[slapos-test-cfg]
recipe = slapos.recipe.template:jinja2
template = ${slapos-cfg-template:location}/${slapos-cfg-template:filename}
493
rendered = $${test-runner:slapos.cfg}
494 495 496 497
mode = 700
context =
  section slaprunner test-runner

498 499
[shellinabox]
recipe = slapos.cookbook:shellinabox
500
ipv6 = $${slap-network-information:global-ipv6}
501
port = 8080
502
shell = $${shell:wrapper}
503
wrapper = $${directory:bin}/shellinaboxd
504
shellinabox-binary = ${shellinabox:location}/bin/shellinaboxd
505
password = $${zero-parameters:shell-password}
506
directory = $${runnerdirectory:home}
507
login-shell = $${directory:bin}/login
508 509 510
certificate-directory = $${cadirectory:certs}
cert-file = $${ca-shellinabox:cert-file}
key-file = $${ca-shellinabox:key-file}
511

512 513 514
[shellinabox-code]
recipe = slapos.cookbook:generate.password
storage-path = $${directory:etc}/.scode
515
bytes = 8
516 517 518 519 520 521

[shell]
recipe = slapos.cookbook:shell
wrapper = $${directory:bin}/sh
shell = ${bash:location}/bin/bash
home = $${runnerdirectory:home}
522
path = $${environ:PATH}:${nano:location}/bin:${vim:location}/bin:${screen:location}/bin:${git:location}/bin
523 524
ps1 = "\\w> "

525 526 527
[environ]
recipe = collective.recipe.environment

528 529 530 531 532 533 534 535 536 537
[slapos-repo]
recipe = slapos.recipe.build:gitclone
repository = $${slap-parameter:slapos-repository}
git-executable = ${git:location}/bin/git
develop = true
location = $${directory:project}/slapos

[slapos-repo-config]
recipe = plone.recipe.command
stop-on-error = true
538 539
command = cd $${slapos-repo:location} && ${git:location}/bin/git checkout $${slap-parameter:slapos-reference} && SR=$${slap-parameter:slapos-software} && if [ -n "$SR" ] && [ ! -f "$${directory:etc}/.project" ]; then echo workspace/slapos/$${slap-parameter:slapos-software}/ > $${directory:etc}/.project; fi
update-command = true
540 541 542

[prepare-software]
recipe = slapos.cookbook:wrapper
543
command-line = ${curl:location}/bin/curl -g https://[$${slaprunner:ipv6}]:$${slaprunner:runner_port}/isSRReady --max-time 1 --insecure
544 545
wrapper-path = $${directory:scripts}/prepareSoftware

546 547 548 549 550 551 552
[cron-entry-prepare-software]
<= cron
recipe = slapos.cookbook:cron.d
name = prepare-software
frequency = */2 * * * *
command = $${prepare-software:wrapper-path}

553 554 555 556 557 558
[instance-parameters]
recipe = slapos.recipe.template:jinja2
extensions = jinja2.ext.do
template = ${parameters-template:location}/${parameters-template:filename}
rendered = $${directory:etc}/.parameter.xml.default
mode = 0644
559
context =
560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575
  key slapparameter_dict slap-configuration:configuration

[deploy-instance-parameters]
recipe = plone.recipe.command
stop-on-error = true
parameter-xml = $${directory:etc}/.parameter.xml
command = if [ ! -f $${:parameter-xml} ]; then cp $${instance-parameters:rendered} $${:parameter-xml}; fi

[slap-configuration]
recipe = slapos.cookbook:slapconfiguration.serialised
computer = $${slap-connection:computer-id}
partition = $${slap-connection:partition-id}
url = $${slap-connection:server-url}
key = $${slap-connection:key-file}
cert = $${slap-connection:cert-file}

576 577
[public]
shell-password = $${shellinabox-code:passwd}
578 579
recovery-code = $${recovery-code:passwd}

580
[zero-parameters]