instance-runner.cfg 18.6 KB
Newer Older
1 2
[buildout]
parts =
3 4 5 6
  nginx_conf
  nginx-launcher
  certificate-authority
  ca-nginx
7
  ca-shellinabox
8 9
  gunicorn-launcher
  gunicorn-graceful
10
  test-runner
11
  sshkeys-dropbear-runner
12
  dropbear-server-add-authorized-key
13
  sshkeys-authority
14
  publish-connection-informations
15 16 17
  slaprunner-promise
  slaprunner-frontend-promise
  dropbear-promise
18
  private
19
  shellinabox-promise
20
  symlinks
21
  shellinabox
22
  slapos-cfg
23
  slapos-repo-config
24
  cron-entry-prepare-software
25
  deploy-instance-parameters
26 27 28
{% if slapparameter_dict.get('custom-frontend-backend-url') %}
  custom-frontend-promise
{% endif %}
29 30 31 32 33 34
###Parts to add for monitoring
  slap-parameters
  certificate-authority
  cron
  cron-entry-monitor
  cron-entry-rss
35
  deploy-index
36
  deploy-index-template
37 38
  deploy-monitor-script
  deploy-rss-script
39 40
  deploy-settings-cgi
  deploy-status-cgi
41
  make-rss
42
  monitor-frontend
43
  monitor-promise
44
  setup-static-files
45 46 47 48 49 50
  certificate-authority
  public
  zero-parameters
  cgi-httpd-wrapper

extends = ${monitor-template:output}
51 52 53 54 55

eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true

56 57 58 59 60 61 62 63 64 65 66 67 68
{% if slapparameter_dict.get('custom-frontend-backend-url') -%}
# Requests, if defined, a frontend to allow access to a server
# located inside of the virtual machine listening to port X
# to LAN IPv4.
# Internaly, the frontend will be asked to listen on the IPv6
# with port X + 10000, to match NAT rules of Qemu.
[request-custom-frontend]
recipe = slapos.cookbook:request
software-url = {{ slapparameter_dict.get('custom-frontend-software-url', 'http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg') }}
software-type = {{ slapparameter_dict.get('custom-frontend-software-type', 'RootSoftwareInstance') }}
slave = true
name = Custom Web Frontend

69 70 71 72 73
server-url = $${slap-connection:server-url}
key-file = $${slap-connection:key-file}
cert-file = $${slap-connection:cert-file}
computer-id = $${slap-connection:computer-id}
partition-id = $${slap-connection:partition-id}
74 75 76

{% if slapparameter_dict.get('custom-frontend-instance-guid') -%}
sla = instance_guid
77
sla-instance_guid = $${slap-parameter:frontend-instance-guid}
78 79
{% endif -%}

80
config = url
81
config-url = {{ slapparameter_dict.get('custom-frontend-backend-url') }}
82
return = site_url domain
83 84 85

[custom-frontend-promise]
recipe = slapos.cookbook:check_url_available
86 87 88 89 90
path = $${directory:promises}/custom_frontend_promise
url = https://$${request-custom-frontend:connection-domain}
{% if slapparameter_dict.get('custom-frontend-basic-auth') -%}
check-secure = 1
{% endif -%}
91 92 93 94
dash_path = {{ dash_executable_location }}
curl_path = {{ curl_executable_location }}

[publish-connection-informations]
95
custom-frontend-url = https://$${request-custom-frontend:connection-domain}
96 97
{% endif -%}

98
# Create all needed directories
99
[directory]
100 101 102 103 104
recipe = slapos.cookbook:mkdirectory
etc = $${buildout:directory}/etc/
var = $${buildout:directory}/var/
srv = $${buildout:directory}/srv/
bin = $${buildout:directory}/bin/
105
tmp = $${buildout:directory}/tmp/
106

107 108 109 110 111 112 113 114 115
sshkeys = $${:srv}/sshkeys
services = $${:etc}/service/
scripts = $${:etc}/run/
ssh = $${:etc}/ssh/
log = $${:var}/log/
run = $${:var}/run/
backup = $${:srv}/backup/
promises = $${:etc}/promise/
test = $${:etc}/test/
116
nginx-data = $${directory:srv}/nginx
117
ca-dir = $${:srv}/ssl
118
project = $${:srv}/runner/project
119 120 121

[runnerdirectory]
recipe = slapos.cookbook:mkdirectory
122 123
home = $${directory:srv}/runner/
test = $${directory:srv}/test/
124 125 126
project = $${:home}/project
software-root = $${:home}/software
instance-root = $${:home}/instance
127 128 129
project-test = $${:test}/project
software-test = $${:test}/software
instance-test = $${:test}/instance
130
sessions = $${buildout:directory}/.sessions
131

132 133
#Create password recovery code for slaprunner
[recovery-code]
134
recipe = slapos.cookbook:generate.password
135
storage-path = $${directory:etc}/.rcode
136
bytes = 8
137

138
[slaprunner]
139 140 141 142 143
slaprunner = ${buildout:directory}/bin/slaprunner
slapgrid_sr = ${buildout:directory}/bin/slapgrid-sr
slapgrid_cp = ${buildout:directory}/bin/slapgrid-cp
slapproxy = ${buildout:directory}/bin/slapproxy
supervisor = ${buildout:directory}/bin/slapgrid-supervisorctl
144
git-binary = ${git:location}/bin/git
145
slapos.cfg = $${directory:etc}/slapos.cfg
146 147 148 149
working-directory = $${runnerdirectory:home}
project-directory = $${runnerdirectory:project}
software-directory = $${runnerdirectory:software-root}
instance-directory = $${runnerdirectory:instance-root}
150 151 152
etc_dir = $${directory:etc}
log_dir =  $${directory:log}
run_dir = $${directory:run}
153 154 155
ssh_client = $${sshkeys-dropbear-runner:wrapper}
public_key = $${sshkeys-dropbear-runner:public-key}
private_key = $${sshkeys-dropbear-runner:private-key}
156 157
ipv4 = $${slap-network-information:local-ipv4}
ipv6 = $${slap-network-information:global-ipv6}
Jean-Baptiste Petre's avatar
Jean-Baptiste Petre committed
158
proxy_port = 50000
159
runner_port = 50005
160
partition-amount = $${slap-parameter:instance-amount}
161
wrapper = $${directory:services}/slaprunner
162
debug = $${slap-parameter:debug}
163
access-url = https://[$${:ipv6}]:$${:runner_port} 
Nicolas Wavrant's avatar
Nicolas Wavrant committed
164 165
supd-temp-var = $${directory:etc}/supervisord.conf
prox-db-var = $${slaprunner:working-directory}/proxy.db
166 167 168
console = False
verbose = False
debug = False
169

170 171 172 173
[test-runner]
<= slaprunner
recipe = slapos.cookbook:slaprunner.test
slaprunnertest = ${buildout:directory}/bin/slaprunnertest
174
slapos.cfg = $${directory:etc}/slapos-test.cfg
175 176 177 178
working-directory = $${runnerdirectory:test}
project-directory = $${runnerdirectory:project-test}
software-directory = $${runnerdirectory:software-test}
instance-directory = $${runnerdirectory:instance-test}
179
proxy_port = 8602
180 181 182 183 184 185 186 187 188
wrapper = $${directory:bin}/runTestSuite
etc_dir = $${directory:test}


# Deploy dropbear (minimalist SSH server)
[sshkeys-directory]
recipe = slapos.cookbook:mkdirectory
requests = $${directory:sshkeys}/requests/
keys = $${directory:sshkeys}/keys/
189

190 191 192 193
[sshkeys-authority]
recipe = slapos.cookbook:sshkeys_authority
request-directory = $${sshkeys-directory:requests}
keys-directory = $${sshkeys-directory:keys}
194
wrapper = $${directory:services}/sshkeys_authority
195 196
keygen-binary = ${dropbear:location}/bin/dropbearkey

197
[dropbear-runner-server]
198 199
recipe = slapos.cookbook:dropbear
host = $${slap-network-information:global-ipv6}
200
port = 22222
201
home = $${directory:ssh}
202 203
wrapper = $${directory:bin}/runner_sshd
shell = ${bash:location}/bin/bash
204 205 206
rsa-keyfile = $${directory:ssh}/server_key.rsa
dropbear-binary = ${dropbear:location}/sbin/dropbear

207
[sshkeys-dropbear-runner]
208 209 210 211
<= sshkeys-authority
recipe = slapos.cookbook:sshkeys_authority.request
name = dropbear
type = rsa
212 213 214 215
executable = $${dropbear-runner-server:wrapper}
public-key = $${dropbear-runner-server:rsa-keyfile}.pub
private-key = $${dropbear-runner-server:rsa-keyfile}
wrapper = $${directory:services}/runner_sshd
216 217

[dropbear-server-add-authorized-key]
218
<= dropbear-runner-server
219 220 221
recipe = slapos.cookbook:dropbear.add_authorized_key
key = $${slap-parameter:authorized-key}

222
#---------------------------
223
#--
224 225
#-- Set nginx frontend

226 227 228 229 230 231 232 233 234 235 236 237
[tempdirectory]
recipe = slapos.cookbook:mkdirectory
client_body_temp_path = $${directory:tmp}/client_body_temp_path
proxy_temp_path = $${directory:tmp}/proxy_temp_path
fastcgi_temp_path = $${directory:tmp}/fastcgi_temp_path
uwsgi_temp_path = $${directory:tmp}/uwsgi_temp_path
scgi_temp_path = $${directory:tmp}/scgi_temp_path

[nginx-frontend]
# Options
nb_workers = 2
# Network
238
local-ip = $${slap-network-information:local-ipv4}
239
port = 30001
240 241
global-ip = $${slap-network-information:global-ipv6}
global-port = $${slaprunner:runner_port}
242
# Backend
243 244
runner-ip = $${slaprunner:ipv4}
runner-port = $${slaprunner:runner_port}
245 246 247 248 249 250 251 252
# SSL
ssl-certificate = $${ca-nginx:cert-file}
ssl-key = $${ca-nginx:key-file}
# Log
path_pid = $${directory:run}/nginx.pid
path_log = $${directory:log}/nginx.log
path_access_log = $${directory:log}/nginx.access.log
path_error_log = $${directory:log}/nginx.error.log
253
path_tmp = $${directory:tmp}/
254 255 256
# Config files
path_nginx_conf = $${directory:etc}/nginx.conf
# Executables
257
bin_nginx = ${nginx-webdav:location}/sbin/nginx
258
bin_launcher = $${directory:bin}/launcher
259 260
# Utils
path_shell = ${dash:location}/bin/dash
261 262
# Misc.
etc_dir = $${directory:etc}
263
work_dir = $${slaprunner:working-directory}
264 265 266 267 268 269

[nginx_conf]
recipe = slapos.recipe.template:jinja2
template = ${template_nginx_conf:location}/${template_nginx_conf:filename}
rendered = $${nginx-frontend:path_nginx_conf}
context =
270
    key shellinabox_port shellinabox:port
271
    key socket gunicorn:socket
272 273 274 275 276 277 278 279 280 281 282
    section param_nginx_frontend nginx-frontend
    section param_tempdir tempdirectory

[nginx-launcher]
recipe = slapos.recipe.template:jinja2
template = ${template_launcher:location}/${template_launcher:filename}
rendered = $${nginx-frontend:bin_launcher}
mode = 700
context =
    section param_nginx_frontend nginx-frontend

283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313
[httpd-parameters]
path_pid = $${directory:run}/httpd.pid
path_error_log = $${directory:log}/httpd-error.log
path_access_log = $${directory:log}/httpd-access.log
key_file = $${ca-httpd:key-file}
cert_file = $${ca-httpd:cert-file}
global_ip = $${slap-network-information:global-ipv6}
global_port = $${slaprunner:runner_port}
monitor_port = $${monitor-parameters:port}
monitor_index = $${deploy-index:rendered}
working_directory = $${slaprunner:working-directory}
dav_lock = $${directory:var}/DavLock
etc_dir = $${directory:etc}
document_root = $${directory:www}
project_folder = $${directory:project}
git_http_backend = ${git:location}/libexec/git-core/git-http-backend
cgi_httpd_conf = $${cgi-httpd-configuration-file:output}

[httpd-conf]
recipe = slapos.recipe.template:jinja2
template = ${template_httpd_conf:location}/${template_httpd_conf:filename}
rendered = $${directory:etc}/httpd.conf
context = 
    section parameters httpd-parameters

[cgi-httpd-wrapper]
recipe = slapos.cookbook:wrapper                                                    
apache-executable = ${apache:location}/bin/httpd                                    
wrapper-path = $${ca-httpd:executable}  
command-line = $${:apache-executable} -f $${httpd-conf:rendered} -DFOREGROUND

314 315 316 317
#--------------------
#--
#-- WSGI

318
[gunicorn]
319 320 321 322 323 324 325 326
bin_gunicorn = $${directory:bin}/gunicorn
bin_launcher = $${directory:services}/gunicorn
path_shell = ${dash:location}/bin/dash
socket = $${directory:tmp}/flaskserver.sock
path_pid = $${directory:run}/gunicorn.pid

[gunicorn-launcher]
recipe = slapos.cookbook:wrapper
327 328
command-line = $${gunicorn:bin_gunicorn} slapos.runner:app -p $${gunicorn:path_pid} -b unix:$${gunicorn:socket} -e RUNNER_CONFIG=$${slaprunner:slapos.cfg} --preload
wrapper-path = $${gunicorn:bin_launcher}
329 330 331 332 333
environment = PATH=$${environ:PATH}
  RUNNER_CONFIG=$${slaprunner:slapos.cfg}

[gunicorn-graceful]
recipe = slapos.cookbook:wrapper
334
command-line = $${directory:bin}/killpidfromfile $${gunicorn:path_pid} SIGHUP
335 336
wrapper-path = $${directory:scripts}/gunicorn-graceful

337
#--------------------
338
#--
339
#-- ssl certificates
340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364

[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = ${openssl:location}/bin/openssl
ca-dir = $${directory:ca-dir}
requests-directory = $${cadirectory:requests}
wrapper = $${directory:services}/certificate_authority
ca-private = $${cadirectory:private}
ca-certs = $${cadirectory:certs}
ca-newcerts = $${cadirectory:newcerts}
ca-crl = $${cadirectory:crl}

[cadirectory]
recipe = slapos.cookbook:mkdirectory
requests = $${directory:ca-dir}/requests/
private = $${directory:ca-dir}/private/
certs = $${directory:ca-dir}/certs/
newcerts = $${directory:ca-dir}/newcerts/
crl = $${directory:ca-dir}/crl/

[ca-nginx]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = $${cadirectory:certs}/nginx_frontend.key
cert-file = $${cadirectory:certs}/nginx_frontend.crt
365 366
executable = $${nginx-launcher:rendered}
wrapper = $${directory:services}/nginx-frontend
367 368 369
# Put domain name
name = example.com

370 371 372 373 374
[ca-shellinabox]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
executable = $${shellinabox:wrapper}
wrapper = $${directory:services}/shellinaboxd
375 376
key-file = $${cadirectory:certs}/shellinabox.key
cert-file = $${cadirectory:certs}/shellinabox.crt
377
#--------------------
378 379
#--
#-- Request frontend
380

381 382
[request-frontend]
<= slap-connection
383
recipe = slapos.cookbook:requestoptional
384
name = SlapRunner Frontend
385 386 387
# XXX We have hardcoded SR URL here.
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
slave = true
388
config = url domain
389
config-url = $${slaprunner:access-url}
390
config-domain = $${slap-parameter:frontend-domain}
391
return = site_url domain
392

393
#--------------------------------------
394 395
#--
#-- Send informations to SlapOS Master
396

397 398
[publish-connection-informations]
recipe = slapos.cookbook:publish
399 400
1_info = On your first run, Use "access_url" to setup you account.Then you can use both "url" or "access_url". Or "backend_url" if you want to use ipv6. Set your account in the webrunner in order to use webdav, and being able to access to clone your git repositories from the runner.
2_info = In order to set up your account, get the recovery-code from the monitoring interface. Before read the notification on monitor_info.
401
backend_url = $${slaprunner:access-url}
402
access_url = $${:url}/login
403
url =  https://$${request-frontend:connection-domain}
404
ssh_command = ssh $${dropbear-runner-server:host} -p $${dropbear-runner-server:port}
405
webdav_url = https://$${request-frontend:connection-domain}/share
406
monitor_url = $${:url}:$${cgi-httpd-configuration-file:listening-port}/$${deploy-index:filename}
407

408 409 410
#---------------------------
#--
#-- Deploy promises scripts
Jean-Baptiste Petre's avatar
Jean-Baptiste Petre committed
411

412 413
[slaprunner-promise]
recipe = slapos.cookbook:check_port_listening
414
path = $${directory:promises}/slaprunner
415 416
hostname = $${slaprunner:ipv6}
port = $${slaprunner:runner_port}
Jean-Baptiste Petre's avatar
Jean-Baptiste Petre committed
417

418
[slaprunner-frontend-promise]
Jean-Baptiste Petre's avatar
Jean-Baptiste Petre committed
419
recipe = slapos.cookbook:check_url_available
420
path = $${directory:promises}/slaprunner_frontend
421
url = https://$${request-frontend:connection-domain}/login
Jean-Baptiste Petre's avatar
Jean-Baptiste Petre committed
422 423 424
dash_path = ${dash:location}/bin/dash
curl_path = ${curl:location}/bin/curl

425 426
[dropbear-promise]
recipe = slapos.cookbook:check_port_listening
427
path = $${directory:promises}/dropbear
428 429
hostname = $${dropbear-runner-server:host}
port = $${dropbear-runner-server:port}
430

431 432 433 434 435 436
[shellinabox-promise]
recipe = slapos.cookbook:check_port_listening
path = $${directory:promises}/shellinabox
hostname = $${shellinabox:ipv6}
port = $${shellinabox:port}

437 438
[symlinks]
recipe = cns.recipe.symlink
439
symlink_target = $${directory:bin}
440
symlink_base = ${buildout:directory}/bin
441 442 443 444

[slap-parameter]
# Default value if no ssh key is specified
authorized-key =
445
# Default value of instances number in slaprunner
446
instance-amount = 10
447 448
debug = false
frontend-domain =
449 450 451 452
slapos-repository = http://git.erp5.org/repos/slapos.git
slapos-software =
slapos-reference = master
auto-deploy = true
453
auto-deploy-instance = true
454
autorun = true
455

456 457 458 459 460 461 462 463
[slapos-cfg]
recipe = slapos.recipe.template:jinja2
template = ${slapos-cfg-template:location}/${slapos-cfg-template:filename}
rendered = $${slaprunner:slapos.cfg}
mode = 700
context =
  key software_root runnerdirectory:software-root
  key instance_root runnerdirectory:instance-root
464 465 466
  key auto_deploy slap-parameter:auto-deploy
  key auto_deploy_instance slap-parameter:auto-deploy-instance
  key autorun slap-parameter:autorun
467 468 469 470
  key console slaprunner:console
  key debug slaprunner:debug
  key etc_dir slaprunner:etc_dir
  key git slaprunner:git-binary
471
  key ipv4 slaprunner:ipv4
472 473
  key ipv6 slaprunner:ipv6
  key log_dir slaprunner:log_dir
474
  key partition_amount slaprunner:partition-amount
475 476 477 478 479 480 481 482
  key private_key slaprunner:private_key
  key proxy_database slaprunner:prox-db-var
  key proxy_host slaprunner:ipv4
  key proxy_port slaprunner:proxy_port
  key public_key slaprunner:public_key
  key run_dir slaprunner:run_dir
  key runner_port slaprunner:runner_port
  key runner_workdir slaprunner:working-directory
483
  key slapgrid_cp slaprunner:slapgrid_cp
484
  key slapgrid_sr slaprunner:slapgrid_sr 
485
  key slapproxy slaprunner:slapproxy 
486
  key ssh_client slaprunner:ssh_client
487
  key supervisor slaprunner:supervisor
Nicolas Wavrant's avatar
Nicolas Wavrant committed
488
  key supervisord_config slaprunner:supd-temp-var
489
  key verbose slaprunner:verbose
490

491 492
[shellinabox]
recipe = slapos.cookbook:shellinabox
493
ipv6 = $${slap-network-information:global-ipv6}
494
port = 8080
495
shell = $${shell:wrapper}
496
wrapper = $${directory:bin}/shellinaboxd
497
shellinabox-binary = ${shellinabox:location}/bin/shellinaboxd 
498
password = $${zero-parameters:shell-password}
499
directory = $${runnerdirectory:home}
500
login-shell = $${directory:bin}/login
501 502 503
certificate-directory = $${cadirectory:certs}
cert-file = $${ca-shellinabox:cert-file}
key-file = $${ca-shellinabox:key-file}
504

505 506 507
[shellinabox-code]
recipe = slapos.cookbook:generate.password
storage-path = $${directory:etc}/.scode
508
bytes = 8
509 510 511 512 513 514

[shell]
recipe = slapos.cookbook:shell
wrapper = $${directory:bin}/sh
shell = ${bash:location}/bin/bash
home = $${runnerdirectory:home}
515
path = $${environ:PATH}:${nano:location}/bin:${vim:location}/bin:${screen:location}/bin:${git:location}/bin
516 517
ps1 = "\\w> "

518 519 520
[environ]
recipe = collective.recipe.environment

521 522 523 524 525 526 527 528 529 530 531 532
[slapos-repo]
recipe = slapos.recipe.build:gitclone
repository = $${slap-parameter:slapos-repository}
git-executable = ${git:location}/bin/git
develop = true
location = $${directory:project}/slapos

[slapos-repo-config]
recipe = plone.recipe.command
stop-on-error = true
reference = $${slap-parameter:slapos-reference}
location = $${slapos-repo:location}
533
command = cd $${:location} && ${git:location}/bin/git checkout $${:reference} && echo "$${directory:etc}/.project" && SR=$${slap-parameter:slapos-software} && if [ -n "$SR" ] && [ ! -f "$${directory:etc}/.project" ]; then echo workspace/slapos/$${slap-parameter:slapos-software}/ > $${directory:etc}/.project; fi
534 535 536

[prepare-software]
recipe = slapos.cookbook:wrapper
537
command-line = ${curl:location}/bin/curl -g https://[$${slaprunner:ipv6}]:$${slaprunner:runner_port}/isSRReady --max-time 1 --insecure
538 539
wrapper-path = $${directory:scripts}/prepareSoftware

540 541 542 543 544 545 546
[cron-entry-prepare-software]
<= cron
recipe = slapos.cookbook:cron.d
name = prepare-software
frequency = */2 * * * *
command = $${prepare-software:wrapper-path}

547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569
[instance-parameters]
recipe = slapos.recipe.template:jinja2
extensions = jinja2.ext.do
template = ${parameters-template:location}/${parameters-template:filename}
rendered = $${directory:etc}/.parameter.xml.default
mode = 0644
context = 
  key slapparameter_dict slap-configuration:configuration

[deploy-instance-parameters]
recipe = plone.recipe.command
stop-on-error = true
parameter-xml = $${directory:etc}/.parameter.xml
command = if [ ! -f $${:parameter-xml} ]; then cp $${instance-parameters:rendered} $${:parameter-xml}; fi

[slap-configuration]
recipe = slapos.cookbook:slapconfiguration.serialised
computer = $${slap-connection:computer-id}
partition = $${slap-connection:partition-id}
url = $${slap-connection:server-url}
key = $${slap-connection:key-file}
cert = $${slap-connection:cert-file}

570 571 572
[public]
shell-password = $${shellinabox-code:passwd}

573 574 575 576 577
[private]
recipe = slapos.cookbook:zeroknown.write
filename = knowledge0.cfg
recovery-code = $${recovery-code:passwd}

578
[zero-parameters]