instance-re6stnet.cfg.in 6.79 KB
Newer Older
Julien Muchembled's avatar
Julien Muchembled committed
1
{% set bin_directory = parameter_dict['bin-directory'] -%}
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
{% set python_bin = parameter_dict['python-executable'] -%}
{% set ipv6 = (ipv6_set | list)[0] -%}
{% set ipv4 = (ipv4_set | list)[0] -%}

[directory]
recipe = slapos.cookbook:mkdirectory
bin = ${buildout:directory}/bin
etc = ${buildout:directory}/etc
srv = ${buildout:directory}/srv
var = ${buildout:directory}/var
log = ${:var}/log
services = ${:etc}/service
script = ${:etc}/run
run = ${:var}/run

[re6stnet-dirs]
recipe = slapos.cookbook:mkdirectory
19
data = ${directory:srv}/re6stnet
20 21 22 23
log = ${directory:log}/re6stnet
conf = ${directory:etc}/re6stnet
ssl = ${:conf}/ssl
token = ${:conf}/token
24
run = ${directory:run}/re6stnet
25 26 27 28 29 30 31 32 33 34

[apache-conf]
recipe = slapos.recipe.template:jinja2
template = {{ parameter_dict['template-apache-conf'] }}
rendered = ${directory:etc}/apache.conf
ipv6 = {{ ipv6 }}
port = 9026
error-log = ${directory:log}/apache-error.log
access-log = ${directory:log}/apache-access.log
pid-file = ${directory:run}/apache.pid
35
context =
36 37 38 39 40 41 42 43 44 45
  key apache_port :port
  key re6st_ipv4 re6st-registry:ipv4
  key re6st_port re6st-registry:port
  key access_log :access-log
  key error_log :error-log
  key pid_file :pid-file
  raw ipv6 {{ ipv6 }}

[apache-httpd]
recipe = slapos.cookbook:wrapper
46
wrapper-path = ${directory:services}/httpd
47
command-line = "{{ parameter_dict['apache-location'] }}/bin/httpd" -f "${apache-conf:rendered}" -DFOREGROUND
48

49 50 51
[apache-httpd-graceful]
recipe = slapos.recipe.template:jinja2
rendered = ${directory:script}/httpd-graceful
Julien Muchembled's avatar
Julien Muchembled committed
52 53 54 55 56 57
template = inline:{{'{{content}}'}}
context = key content :script
script =
  #!/bin/sh -e
  {{ parameter_dict['apache-location'] }}/bin/httpd -Sf ${apache-conf:rendered}
  {{ bin_directory }}/slapos-kill --pidfile ${apache-conf:pid-file} -s USR1
58

59 60 61 62
[logrotate-apache]
< = logrotate-entry-base
name = apache
log = ${apache-conf:error-log} ${apache-conf:access-log}
Julien Muchembled's avatar
Julien Muchembled committed
63
post = test ! -s ${apache-conf:pid-file} || {{ bin_directory }}/slapos-kill --pidfile ${apache-conf:pid-file} -s USR1
64 65 66 67

[re6st-registry-conf-dict]
port = 9201
ipv4 = {{ ipv4 }}
68
db = ${re6stnet-dirs:data}/registry.db
69 70
ca = ${re6stnet-dirs:ssl}/re6stnet.crt
key = ${re6stnet-dirs:ssl}/re6stnet.key
71
dh = ${re6stnet-dirs:ssl}/dh.pem
72 73
verbose = 2
mailhost = {{ slapparameter_dict.get('mailhost', '127.0.0.1') }}
74
prefix-length = {{ slapparameter_dict.get('prefix-length', 16) }}
75
anonymous-prefix-length = {{ slapparameter_dict.get('anonymous-prefix-length', 0) }}
76
logfile = ${re6stnet-dirs:log}/registry.log
77 78 79 80 81 82 83 84
run-dir = ${re6stnet-dirs:run}
ipv4-net = {{ slapparameter_dict.get('ipv4-net', '') }}
client-count = {{ slapparameter_dict.get('client-count', 10) }}
tunnel-refresh = {{ slapparameter_dict.get('tunnel-refresh', 300) }}
max-clients = {{ slapparameter_dict.get('max-clients', 0) }}
hello = {{ slapparameter_dict.get('hello', 15) }}
min-protocol = {{ slapparameter_dict.get('min-protocol', -1) }}
encrypt = {{ slapparameter_dict.get('encrypt', 'False') }}
85
same-country = {{ slapparameter_dict.get('same-country', '') }}
86 87 88 89 90 91 92 93 94
{%- set community = slapparameter_dict.get('community-conf') %}
{%- if community %}
community-path = ${re6st-community-conf:output}

[re6st-community-conf]
recipe = slapos.recipe.template
inline = {{ dumps(community) }}
output = ${re6stnet-dirs:conf}/community.conf
{%- endif %}
95 96 97 98

[re6st-registry-conf]
recipe = slapos.recipe.template:jinja2
template = {{ parameter_dict['template-re6st-registry-conf'] }}
99
rendered = ${re6stnet-dirs:conf}/registry.conf
100 101
context = section parameter_dict re6st-registry-conf-dict

102
[re6st-registry-wrapper]
Julien Muchembled's avatar
Julien Muchembled committed
103 104 105 106
recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:services}/re6st-registry
pidfile = ${directory:run}/registry.pid
command-line = {{ bin_directory }}/re6st-registry @${re6st-registry-conf:rendered}
107

108 109 110 111 112 113 114
[cron-entry-re6st-backup]
recipe = slapos.cookbook:cron.d
cron-entries = ${cron:cron-entries}
name = re6stnet-backup
time = hourly
command = {{ parameter_dict['re6stnet-backup'] }} ${logrotate-directory:backup}/re6stnet ${re6st-registry-conf-dict:db} {{ slapparameter_dict.get('backup-repository', '') }}

115 116 117 118 119 120 121 122 123 124
[re6st-registry]
recipe = slapos.cookbook:re6stnet.registry
manager-wrapper = ${directory:bin}/re6stManageToken
openssl-bin = {{ openssl_bin }}/openssl
python-bin = {{ python_bin }}
ipv6-prefix = {{ slapparameter_dict.get('ipv6-prefix', '2001:db8:24::/48') }}
key-size = {{ slapparameter_dict.get('key-size', 2048) }}
conf-dir = ${re6stnet-dirs:conf}
token-dir = ${re6stnet-dirs:token}

125 126 127 128 129 130 131
#Re6st config
config-file = ${re6st-registry-conf:rendered}
port = ${re6st-registry-conf-dict:port}
ipv4 = ${re6st-registry-conf-dict:ipv4}
db-path = ${re6st-registry-conf-dict:db}
key-file = ${re6st-registry-conf-dict:key}
cert-file = ${re6st-registry-conf-dict:ca}
132
dh-file = ${re6st-registry-conf-dict:dh}
133
slave-instance-list = {{ dumps(slave_instance_list) }}
134

135
environment =
136 137 138 139 140 141 142
  PATH={{ openssl_bin }}

[re6stnet-manage]
recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:script}/re6st-token-manager
command-line = "{{ python_bin }}" ${re6st-registry:manager-wrapper}

143
[cron-entry-re6st-manage]
144 145 146
recipe = slapos.cookbook:cron.d
cron-entries = ${cron:cron-entries}
name = re6stnet-check-token
Julien Muchembled's avatar
Julien Muchembled committed
147
time = *:0/5
148
command = {{ python_bin }} ${re6st-registry:manager-wrapper}
149 150 151 152 153

[logrotate-entry-re6stnet]
< = logrotate-entry-base
name = re6stnet
log = ${re6st-registry-conf-dict:logfile}
Julien Muchembled's avatar
Julien Muchembled committed
154
post = [ ! -s ${re6st-registry-wrapper:pidfile} ] || {{ bin_directory }}/slapos-kill --pidfile ${re6st-registry-wrapper:pidfile} -s USR1
155

156 157 158 159 160 161 162 163 164 165
[port-redirection]
recipe = slapos.recipe.template:jinja2
template = inline:
{%- raw %}
  [{"srcPort": 9201, "destPort": 9201, "destAddress": "{{ parameter_dict['ipv4'] }}"}]
{% endraw -%}
rendered = ${buildout:directory}/.slapos-port-redirect
context =
  section parameter_dict re6st-registry-conf-dict

166
[re6st-registry-promise]
167
<= monitor-promise-base
168
promise = check_socket_listening
169
name = re6st-registry.py
170
config-host = ${re6st-registry:ipv4}
171
config-port = ${re6st-registry:port}
172 173

[apache-registry-promise]
174
<= monitor-promise-base
175
promise = check_socket_listening
176
name = apache-re6st-registry.py
177
config-host = ${apache-conf:ipv6}
178
config-port = ${apache-conf:port}
179 180 181

[publish]
recipe = slapos.cookbook:publish
182
monitor-setup-url = https://monitor.app.officejs.com/#page=settings_configurator&url=${monitor-publish-parameters:monitor-url}&username=${monitor-publish-parameters:monitor-user}&password=${monitor-publish-parameters:monitor-password}
183 184 185
slave-amount = {{ len(slave_instance_list) }}
re6stry-url = http://[${apache-conf:ipv6}]:${apache-conf:port}
re6stry-local-url = http://${re6st-registry:ipv4}:${re6st-registry:port}
186 187 188

[buildout]
extends =
189
  {{ monitor2_template_rendered }}
190 191
  {{ logrotate_cfg }}

192
parts =
193 194 195 196
  logrotate-apache
  logrotate-entry-re6stnet
  re6stnet-manage
  cron-entry-logrotate
197
  cron-entry-re6st-manage
198
  cron-entry-re6st-backup
199
  apache-httpd
200
  apache-httpd-graceful
201
  publish
202 203
  port-redirection

204 205
  re6st-registry-promise
  apache-registry-promise
206
  monitor-base