From 142d35d82360c952577870cdaf2ba7645f6b9d5f Mon Sep 17 00:00:00 2001
From: Guillaume Hervier <guillaume.hervier@nexedi.com>
Date: Mon, 24 Sep 2018 16:36:10 +0200
Subject: [PATCH] software/slaprunner: auto-restart services on SR upgrade.

---
 software/slaprunner/buildout.hash.cfg   |  2 +-
 software/slaprunner/instance-runner.cfg | 65 ++++++++++++++++++++-----
 2 files changed, 53 insertions(+), 14 deletions(-)

diff --git a/software/slaprunner/buildout.hash.cfg b/software/slaprunner/buildout.hash.cfg
index 6349a1210..1675ff53f 100644
--- a/software/slaprunner/buildout.hash.cfg
+++ b/software/slaprunner/buildout.hash.cfg
@@ -18,7 +18,7 @@ md5sum = 713db528880282d568278f09458d2aab
 
 [template-runner]
 filename = instance-runner.cfg
-md5sum = e12255a8c946b3eb8c6373fff481339f
+md5sum = cd855670076979919c0fd00cc0f5938c
 
 [template-runner-import-script]
 filename = template/runner-import.sh.jinja2
diff --git a/software/slaprunner/instance-runner.cfg b/software/slaprunner/instance-runner.cfg
index b73abed29..9ba6272d7 100644
--- a/software/slaprunner/instance-runner.cfg
+++ b/software/slaprunner/instance-runner.cfg
@@ -4,6 +4,8 @@ parts =
   nginx-launcher
   certificate-authority
   ca-nginx
+  certificate-authority-service
+  ca-nginx-service
   logrotate-entry-nginx
   gunicorn-launcher
   gunicorn-graceful
@@ -16,10 +18,13 @@ parts =
   runner-sshd-graceful
   runner-sshd-promise
   runner-sshkeys-authority
+  runner-sshkeys-authority-service
   runner-sshkeys-sshd
+  runner-sshkeys-sshd-service
   runtestsuite
   symlinks
   shellinabox
+  shellinabox-service
   slapos-cfg
   cron-entry-prepare-software
   deploy-instance-parameters
@@ -202,8 +207,9 @@ default_repository_branch = $${slap-parameter:slapos-reference}
 [slaprunner-supervisord-wrapper]
 recipe = slapos.cookbook:wrapper
 # XXX hardcoded locations
-command-line = $${buildout:directory}/bin/slapos node supervisord --cfg $${directory:etc}/slapos.cfg -n
+command-line = $${directory:bin}/slapos node supervisord --cfg $${directory:etc}/slapos.cfg -n
 wrapper-path = $${directory:services}/slaprunner-supervisord
+hash-files = $${buildout:directory}/software_release/buildout.cfg
 
 
 [test-runner]
@@ -224,7 +230,7 @@ arguments = --server_url=$${slap-connection:server-url} --key_file=$${slap-conne
 command-line = ${buildout:directory}/bin/slaprunnertest $${:arguments}
 wrapper-path = $${directory:bin}/runTestSuite
 environment = PATH=$${shell-environment:path}
-  RUNNER_CONFIG=$${slapos-cfg:rendered} 
+  RUNNER_CONFIG=$${slapos-cfg:rendered}
 
 # Deploy openssh-server
 [runner-sshd-port]
@@ -287,9 +293,15 @@ keys = $${directory:sshkeys}/runner-keys/
 recipe = slapos.cookbook:sshkeys_authority
 request-directory = $${runner-sshkeys-directory:requests}
 keys-directory = $${runner-sshkeys-directory:keys}
-wrapper = $${directory:services}/runner_sshkeys_authority
+wrapper = $${directory:bin}/runner_sshkeys_authority
 keygen-binary = ${openssh:location}/bin/ssh-keygen
 
+[runner-sshkeys-authority-service]
+recipe = slapos.cookbook:wrapper
+command-line = $${runner-sshkeys-authority:wrapper}
+wrapper-path = $${directory:services}/runner-sshkeys-authority
+hash-files = $${buildout:directory}/software_release/buildout.cfg
+
 [runner-sshkeys-sshd]
 <= runner-sshkeys-authority
 recipe = slapos.cookbook:sshkeys_authority.request
@@ -298,7 +310,13 @@ type = rsa
 executable = $${runner-sshd-server:output}
 public-key = $${runner-sshd-raw-server:rsa-keyfile}.pub
 private-key = $${runner-sshd-raw-server:rsa-keyfile}
-wrapper = $${directory:services}/runner-sshd
+wrapper = $${directory:bin}/runner-sshd
+
+[runner-sshkeys-sshd-service]
+recipe = slapos.cookbook:wrapper
+command-line = $${runner-sshkeys-sshd:wrapper}
+wrapper-path = $${directory:services}/runner-sshd
+hash-files = $${buildout:directory}/software_release/buildout.cfg
 
 [runner-sshd-add-authorized-key]
 recipe = slapos.cookbook:dropbear.add_authorized_key
@@ -411,6 +429,7 @@ access-url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global
 wait-for-files =
   $${ca-nginx:cert-file}
   $${ca-nginx:key-file}
+hash-files = $${buildout:directory}/software_release/buildout.cfg
 
 [logrotate-entry-apache-httpd]
 <= logrotate-entry-base
@@ -461,6 +480,7 @@ wrapper-path = $${gunicorn:bin_launcher}
 environment = PATH=$${shell-environment:path}
   RUNNER_CONFIG=$${slaprunner:slapos.cfg}
   LANG=en_GB.UTF-8
+hash-files = $${buildout:directory}/software_release/buildout.cfg
 
 [gunicorn-graceful]
 recipe = slapos.cookbook:wrapper
@@ -476,7 +496,7 @@ recipe = slapos.cookbook:certificate_authority
 openssl-binary = ${openssl:location}/bin/openssl
 ca-dir = $${directory:ca-dir}
 requests-directory = $${cadirectory:requests}
-wrapper = $${directory:services}/certificate_authority
+wrapper = $${directory:bin}/certificate_authority
 ca-private = $${cadirectory:private}
 ca-certs = $${cadirectory:certs}
 ca-newcerts = $${cadirectory:newcerts}
@@ -496,10 +516,22 @@ recipe = slapos.cookbook:certificate_authority.request
 key-file = $${cadirectory:certs}/nginx_frontend.key
 cert-file = $${cadirectory:certs}/nginx_frontend.crt
 executable = $${nginx-launcher:rendered}
-wrapper = $${directory:services}/nginx-frontend
+wrapper = $${directory:bin}/nginx-frontend
 # Put domain name
 name = example.com
 
+[ca-nginx-service]
+recipe = slapos.cookbook:wrapper
+command-line = $${directory:bin}/nginx-frontend
+wrapper-path = $${directory:services}/nginx-frontend
+hash-files = $${buildout:directory}/software_release/buildout.cfg
+
+[certificate-authority-service]
+recipe = slapos.cookbook:wrapper
+command-line = $${directory:bin}/certificate_authority
+wrapper-path = $${directory:services}/certificate_authority
+hash-files = $${buildout:directory}/software_release/buildout.cfg
+
 #--------------------
 #--
 #-- Request frontend
@@ -527,14 +559,14 @@ check-secure = 1
 [request-httpd-frontend]
 <= slap-connection
 recipe = slapos.cookbook:requestoptional
-# XXX - Unfortunately, we still call webrunner httpd frontend "Monitor Frontend" otherwise 
+# XXX - Unfortunately, we still call webrunner httpd frontend "Monitor Frontend" otherwise
 # buildout will ignore previous frontend that was created and create a new one (in case of upgrade)
 name = Monitor Frontend
 # XXX We have hardcoded SR URL here.
 software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
 slave = true
 config-url = $${apache-httpd:access-url}
-config-domain = 
+config-domain =
 return = secure_access domain
 
 [httpd-frontend-promise]
@@ -638,8 +670,8 @@ slaprunner-httpd-port = $${:monitor-port}
 # XXX - for backward compatibility, monitor-port was for slaprunner httpd server
 monitor-port = 9686
 instance-name =
-monitor-cors-domains = 
-monitor-interface-url = 
+monitor-cors-domains =
+monitor-interface-url =
 # XXX - define a new port for monitor here and use monitor-port for backward compatibility
 monitor-httpd-port = 8386
 
@@ -667,7 +699,7 @@ recipe = slapos.recipe.template:jinja2
 # We cannot use slapos.cookbook:wrapper here because this recipe escapes too much
 socket = $${directory:run}/siab.sock
 mode = 0700
-rendered = $${directory:services}/shellinaboxd
+rendered = $${directory:bin}/shellinaboxd
 template = inline:
   #!/bin/sh
   exec ${shellinabox:location}/bin/shellinaboxd \
@@ -676,6 +708,12 @@ template = inline:
     --unixdomain-only=$${:socket}:$(id -u):$(id -g):0600 \
     --service "/:$(id -u):$(id -g):HOME:$${shell-environment:shell} -l"
 
+[shellinabox-service]
+recipe = slapos.cookbook:wrapper
+command-line = $${directory:bin}/shellinaboxd
+wrapper-path = $${directory:services}/shellinaboxd
+hash-files = $${buildout:directory}/software_release/buildout.cfg
+
 [shell-environment]
 shell = ${bash:location}/bin/bash
 path = ${nano:location}/bin:${vim:location}/bin:${screen:location}/bin:${git:location}/bin:${curl:location}/bin:${python2.7:location}/bin:${tig:location}/bin:${zip:location}/bin:${mosh:location}/bin:${bash:location}/bin:$${buildout:directory}/bin/:/usr/bin:/bin/
@@ -743,7 +781,7 @@ context =
     raw shell $${shell-environment:shell}
     key instance_name slap-parameter:instance-name
     key workdir runnerdirectory:home
-    
+
 #---------------------------
 #--
 #-- supervisord managing slaprunner automation features
@@ -808,6 +846,7 @@ context =
 recipe = slapos.cookbook:wrapper
 command-line = $${buildout:directory}/bin/supervisord -c $${supervisord-conf:rendered} --nodaemon
 wrapper-path = $${directory:services}/supervisord
+hash-files = $${buildout:directory}/software_release/buildout.cfg
 
 [logrotate-entry-supervisord]
 <= logrotate-entry-base
@@ -826,7 +865,7 @@ path = $${directory:promises}/supervisord
 hostname = $${slaprunner:ipv4}
 port = $${supervisord:port}
 
-# XXX Monitor 
+# XXX Monitor
 [monitor-instance-parameter]
 monitor-httpd-port = $${slap-parameter:monitor-httpd-port}
 {% if slapparameter_dict.get('name', '') -%}
-- 
2.30.9