instance-runner.cfg 29.7 KB
Newer Older
1 2
[buildout]
parts =
3 4 5 6
  nginx_conf
  nginx-launcher
  certificate-authority
  ca-nginx
7
  logrotate-entry-nginx
8 9
  gunicorn-launcher
  gunicorn-graceful
10
  publish-connection-information
11
  slaprunner-promise
12
  logrotate-entry-apache-httpd
13
  apache-httpd-promise
14
  slaprunner-supervisord-wrapper
15 16 17
  runner-sshd-add-authorized-key
  runner-sshd-graceful
  runner-sshd-promise
18 19
  runner-sshkeys-authority
  runner-sshkeys-sshd
20
  runtestsuite
21
  symlinks
22
  shellinabox
23
  slapos-cfg
24
  cron-entry-prepare-software
25
  deploy-instance-parameters
26
  instance-software
27
  instance-software-type
28
  minishell-cwd
29
  bash-profile
30
  supervisord-wrapper
31
  supervisord-promise
32
  logrotate-entry-supervisord
33
  logrotate-entry-slapgrid
34
  httpd-graceful-wrapper
35 36 37 38
{% if slapparameter_dict.get('no-ipv4-frontend', 'false') == 'false' %}
  slaprunner-frontend-promise
  httpd-frontend-promise
{% endif %}
39
{% if slapparameter_dict.get('custom-frontend-backend-url') and slapparameter_dict.get('check-custom-frontend-promise', 'false') == 'true' %}
40 41
  custom-frontend-promise
{% endif %}
42
## Monitoring part
43
  monitor-base
44
  monitor-check-webrunner-internal-instance
45 46
## Usability part
  template-slapuser-script
47

48
extends = ${monitor2-template:rendered}
49 50 51 52 53

eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true

54 55
{% if slapparameter_dict.get('custom-frontend-backend-url') -%}
[request-custom-frontend]
56
recipe = slapos.cookbook:requestoptional
57
software-url = {{ slapparameter_dict.get('custom-frontend-software-url', 'http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg') }}
58 59 60 61
software-type = {{ slapparameter_dict.get('custom-frontend-software-type', 'RootSoftwareInstance') }}
slave = true
name = Custom Web Frontend

62 63 64 65 66
server-url = $${slap-connection:server-url}
key-file = $${slap-connection:key-file}
cert-file = $${slap-connection:cert-file}
computer-id = $${slap-connection:computer-id}
partition-id = $${slap-connection:partition-id}
67

68
{% if slapparameter_dict.get('custom-frontend-instance-guid') -%}
69
sla-instance_guid = $${slap-parameter:frontend-instance-guid}
70 71
{% endif -%}

72 73
{% set custom_frontend_backend_type = slapparameter_dict.get('custom-frontend-backend-type') -%}
{% if custom_frontend_backend_type -%}
74 75
config-type = {{ custom_frontend_backend_type }}
{% endif -%}
76
config-url = {{ slapparameter_dict.get('custom-frontend-backend-url') }}
77
return = site_url domain
78 79 80

[custom-frontend-promise]
recipe = slapos.cookbook:check_url_available
81 82 83 84 85
path = $${directory:promises}/custom_frontend_promise
url = https://$${request-custom-frontend:connection-domain}
{% if slapparameter_dict.get('custom-frontend-basic-auth') -%}
check-secure = 1
{% endif -%}
86 87 88
dash_path = {{ dash_executable_location }}
curl_path = {{ curl_executable_location }}

89
[publish-connection-information]
90
custom-frontend-url = https://$${request-custom-frontend:connection-domain}
91
{% endif %}
92

93
# Create all needed directories
94
[directory]
95
recipe = slapos.cookbook:mkdirectory
96 97 98 99 100 101
home = $${buildout:directory}
etc = $${:home}/etc/
var = $${:home}/var/
srv = $${:home}/srv/
bin = $${:home}/bin/
tmp = $${:home}/tmp/
102

103 104 105 106 107 108 109 110 111
sshkeys = $${:srv}/sshkeys
services = $${:etc}/service/
scripts = $${:etc}/run/
ssh = $${:etc}/ssh/
log = $${:var}/log/
run = $${:var}/run/
backup = $${:srv}/backup/
promises = $${:etc}/promise/
test = $${:etc}/test/
112
nginx-data = $${:srv}/nginx
113
ca-dir = $${:srv}/ssl
114
project = $${:srv}/runner/project
115
cgi-bin = $${:srv}/cgi-bin
116 117 118

[runnerdirectory]
recipe = slapos.cookbook:mkdirectory
119 120
home = $${directory:srv}/runner/
test = $${directory:srv}/test/
121
project = $${:home}/project
122
public = $${:home}/public
123
software-root = {{ slapparameter_dict.get('software-root', '$${:home}/software') }}
124
instance-root = $${:home}/instance
125 126 127
project-test = $${:test}/project
software-test = $${:test}/software
instance-test = $${:test}/instance
128
sessions = $${buildout:directory}/.sessions
129 130
private-project = $${:home}/.git-private
public-project = $${:home}/.git-public
131 132

[slaprunner]
133
slaprunner = ${buildout:directory}/bin/slaprunner
134
slapos = ${buildout:directory}/bin/slapos
135 136
slapproxy = ${buildout:directory}/bin/slapproxy
supervisor = ${buildout:directory}/bin/slapgrid-supervisorctl
137
git-binary = ${git:location}/bin/git
138
root_check = false
139
slapos.cfg = $${directory:etc}/slapos.cfg
140 141
working-directory = $${runnerdirectory:home}
project-directory = $${runnerdirectory:project}
142 143
instance_root = $${runnerdirectory:instance-root}
software_root = $${runnerdirectory:software-root}
144 145
pidfile-software = $${directory:run}/slapgrid-cp.pid
pidfile-instance = $${directory:run}/slapgrid-sr.pid
146
ssh_client = ${openssh:location}/bin/ssh
147 148
public_key = $${runner-sshd-raw-server:rsa-keyfile}.pub
private_key = $${runner-sshd-raw-server:rsa-keyfile}
149
instance-monitor-url = https://[$${:ipv6}]:$${monitor-parameters:port}
150 151 152
etc_dir = $${directory:etc}
log_dir =  $${directory:log}
run_dir = $${directory:run}
153 154
ipv4 = $${slap-network-information:local-ipv4}
ipv6 = $${slap-network-information:global-ipv6}
155
instance_root = $${runnerdirectory:instance-root}
156 157
proxy_port = 50000
runner_port = 50005
158
partition-amount = $${slap-parameter:instance-amount}
159
wrapper = $${directory:services}/slaprunner
160
debug = $${slap-parameter:debug}
161
access-url = https://[$${:ipv6}]:$${:runner_port}
162
supervisord_config = $${directory:etc}/supervisord.conf
163
supervisord_server = http://$${supervisord:server}
164
proxy_database = $${slaprunner:working-directory}/proxy.db
165 166 167
console = False
verbose = False
debug = False
168 169 170
auto_deploy = $${slap-parameter:auto-deploy}
auto_deploy_instance = $${slap-parameter:auto-deploy-instance}
autorun = $${slap-parameter:autorun}
171
knowledge0_file = $${monitor-instance-parameter:configuration-file-path}
172
minishell_cwd_file = $${directory:etc}/.minishell-cwd
173
minishell_history_file = $${directory:etc}/.minishell_history
174 175
software_info_json = $${runnerdirectory:home}/software_info.json
instance_info_json = $${runnerdirectory:home}/instance_info.json
176
path = $${shell-environment:path}
177
instance_name = $${slap-parameter:instance-name}
178

179 180 181
default_repository = $${slap-parameter:slapos-repository}
default_repository_branch = $${slap-parameter:slapos-reference}

182 183 184 185 186 187 188 189 190 191 192

#---------------------------
#--
#-- supervisord managing slaprunner instance processes
[slaprunner-supervisord-wrapper]
recipe = slapos.cookbook:wrapper
# XXX hardcoded locations
command-line = $${buildout:directory}/bin/slapos node supervisord --cfg $${directory:etc}/slapos.cfg -n
wrapper-path = $${directory:services}/slaprunner-supervisord


193 194
[test-runner]
<= slaprunner
195
slapos.cfg = $${directory:etc}/slapos-test.cfg
196 197
working-directory = $${runnerdirectory:test}
project-directory = $${runnerdirectory:project-test}
198 199
software_root = $${runnerdirectory:software-test}
instance_root = $${runnerdirectory:instance-test}
200
proxy_port = 8602
201
etc_dir = $${directory:test}
202 203
autorun = False
auto_deploy = True
204

205 206
[runtestsuite]
recipe = slapos.cookbook:wrapper
207 208
arguments = --server_url=$${slap-connection:server-url} --key_file=$${slap-connection:key-file} --cert_file=$${slap-connection:cert-file} --computer_id=$${slap-connection:computer-id} --partition_id=$${slap-connection:partition-id}
command-line = ${buildout:directory}/bin/slaprunnertest $${:arguments}
209
wrapper-path = $${directory:bin}/runTestSuite
210 211
environment = PATH=$${shell-environment:path}
  RUNNER_CONFIG=$${slapos-cfg:rendered} 
212

213 214 215 216 217 218 219 220 221 222 223
# Deploy openssh-server
[runner-sshd-port]
recipe = slapos.cookbook:free_port
minimum = 22222
maximum = 22231
ip = $${slap-network-information:global-ipv6}

[runner-sshd-config]
recipe = slapos.recipe.template:jinja2
rendered = $${directory:etc}/runner-sshd.conf
path_pid = $${directory:run}/runner-sshd.pid
224
host_key = $${directory:ssh}/runner_server_key.rsa
225 226 227 228 229 230
template = inline:
  PidFile $${:path_pid}
  Port $${runner-sshd-port:port}
  ListenAddress $${slap-network-information:global-ipv6}
  Protocol 2
  UsePrivilegeSeparation no
231
  HostKey $${:host_key}
232 233 234
  PasswordAuthentication no
  PubkeyAuthentication yes
  AuthorizedKeysFile $${buildout:directory}/.ssh/authorized_keys
235
  ForceCommand if [ -z "$SSH_ORIGINAL_COMMAND" ]; then $${shell-environment:shell} -l; else SHELL=$${shell-environment:shell} PATH=$${shell-environment:path} eval "$SSH_ORIGINAL_COMMAND"; fi
236
  Subsystem sftp ${openssh:location}/libexec/sftp-server
237

238
[runner-sshd-raw-server]
239
recipe = slapos.cookbook:wrapper
240
host = $${slap-network-information:global-ipv6}
241
rsa-keyfile = $${runner-sshd-config:host_key}
242
home = $${directory:ssh}
243
command-line = ${openssh:location}/sbin/sshd -D -e -f $${runner-sshd-config:rendered}
244 245 246 247 248 249 250 251 252
wrapper-path = $${directory:bin}/runner_raw_sshd

[runner-sshd-authorized-key]
<= runner-sshd-raw-server
recipe = slapos.cookbook:dropbear.add_authorized_key
key = $${slap-parameter:user-authorized-key}

[runner-sshd-server]
recipe = collective.recipe.template
253
log = $${directory:log}/runner-sshd.log
254 255 256
input = inline:#!/bin/sh
    exec $${runner-sshd-raw-server:wrapper-path} >> $${:log} 2>&1

257
output = $${directory:bin}/runner_raw_sshd_log
258
mode = 700
259 260 261 262 263 264

[runner-sshd-graceful]
recipe = slapos.cookbook:wrapper
command-line = $${directory:bin}/killpidfromfile $${runner-sshd-config:path_pid} SIGHUP
wrapper-path = $${directory:scripts}/runner-sshd-graceful

265
[runner-sshkeys-directory]
266
recipe = slapos.cookbook:mkdirectory
267 268
requests = $${directory:sshkeys}/runner-requests/
keys = $${directory:sshkeys}/runner-keys/
269 270 271

[runner-sshkeys-authority]
recipe = slapos.cookbook:sshkeys_authority
272 273 274
request-directory = $${runner-sshkeys-directory:requests}
keys-directory = $${runner-sshkeys-directory:keys}
wrapper = $${directory:services}/runner_sshkeys_authority
275 276 277 278 279
keygen-binary = ${openssh:location}/bin/ssh-keygen

[runner-sshkeys-sshd]
<= runner-sshkeys-authority
recipe = slapos.cookbook:sshkeys_authority.request
280
name = sshd
281 282 283 284 285 286
type = rsa
executable = $${runner-sshd-server:output}
public-key = $${runner-sshd-raw-server:rsa-keyfile}.pub
private-key = $${runner-sshd-raw-server:rsa-keyfile}
wrapper = $${directory:services}/runner-sshd

287
[runner-sshd-add-authorized-key]
288
recipe = slapos.cookbook:dropbear.add_authorized_key
289
home = $${buildout:directory}
290
key = $${slap-parameter:user-authorized-key}
291

292
#---------------------------
293
#--
294 295
#-- Set nginx frontend

296 297 298 299 300 301 302 303 304 305
[tempdirectory]
recipe = slapos.cookbook:mkdirectory
client_body_temp_path = $${directory:tmp}/client_body_temp_path
proxy_temp_path = $${directory:tmp}/proxy_temp_path
fastcgi_temp_path = $${directory:tmp}/fastcgi_temp_path
uwsgi_temp_path = $${directory:tmp}/uwsgi_temp_path
scgi_temp_path = $${directory:tmp}/scgi_temp_path

[nginx-frontend]
# Options
306
nb_workers = 5
307
# Network
308 309 310
local-ip = $${slap-network-information:local-ipv4}
global-ip = $${slap-network-information:global-ipv6}
global-port = $${slaprunner:runner_port}
311
# Backend
312 313
runner-ip = $${slaprunner:ipv4}
runner-port = $${slaprunner:runner_port}
314 315 316 317 318 319 320 321
# SSL
ssl-certificate = $${ca-nginx:cert-file}
ssl-key = $${ca-nginx:key-file}
# Log
path_pid = $${directory:run}/nginx.pid
path_log = $${directory:log}/nginx.log
path_access_log = $${directory:log}/nginx.access.log
path_error_log = $${directory:log}/nginx.error.log
322
path_tmp = $${directory:tmp}/
323
nginx_prefix = $${buildout:directory}
324 325 326
# Config files
path_nginx_conf = $${directory:etc}/nginx.conf
# Executables
327
bin_nginx = ${nginx-webdav:location}/sbin/nginx
328
bin_launcher = $${directory:bin}/launcher
329 330
# Utils
path_shell = ${dash:location}/bin/dash
331 332
# Misc.
etc_dir = $${directory:etc}
333
work_dir = $${slaprunner:working-directory}
334 335 336 337 338 339

[nginx_conf]
recipe = slapos.recipe.template:jinja2
template = ${template_nginx_conf:location}/${template_nginx_conf:filename}
rendered = $${nginx-frontend:path_nginx_conf}
context =
340
    key shellinabox_socket shellinabox:socket
341
    key socket gunicorn:socket
342 343 344 345 346 347 348 349 350 351 352
    section param_nginx_frontend nginx-frontend
    section param_tempdir tempdirectory

[nginx-launcher]
recipe = slapos.recipe.template:jinja2
template = ${template_launcher:location}/${template_launcher:filename}
rendered = $${nginx-frontend:bin_launcher}
mode = 700
context =
    section param_nginx_frontend nginx-frontend

353 354 355
[logrotate-entry-nginx]
<= logrotate-entry-base
name = nginx
Ivan Tyagov's avatar
Ivan Tyagov committed
356
log = $${directory:log}/nginx.access.log $${directory:log}/nginx.error.log
357
post = kill -USR1 $(cat $${buildout:directory}/var/run/nginx.pid)
358

359
[httpd-parameters]
360 361 362 363 364 365
path_pid = $${directory:run}/httpd.pid
path_error_log = $${directory:log}/httpd-error.log
path_access_log = $${directory:log}/httpd-access.log
# XXX Use ca-nginx, no need to regenerate certificate
cert_file = $${ca-nginx:cert-file}
key_file = $${ca-nginx:key-file}
366
global_ip = $${slap-network-information:global-ipv6}
367
global_port = $${slap-parameter:slaprunner-httpd-port}
368 369
working_directory = $${slaprunner:working-directory}
dav_lock = $${directory:var}/WebDavLock
370
htpasswd_file = $${directory:etc}/.htpasswd
371
etc_dir = $${directory:etc}
372 373
var_dir = $${directory:var}
project_folder = $${directory:project}
374
project_private_folder = $${runnerdirectory:private-project}
375
project_public_folder = $${runnerdirectory:public-project}
376
runner_home = $${runnerdirectory:home}
377
git_http_backend = ${git:location}/libexec/git-core/git-http-backend
378
cgid_sock = $${directory:run}/cgid.sock
379
#cgi_httpd_conf = $${monitor-httpd-configuration-file:rendered}
380
httpd_cors_file = $${slaprunner-httpd-cors:location}
381 382 383 384

[httpd-conf]
recipe = slapos.recipe.template:jinja2
template = ${template_httpd_conf:location}/${template_httpd_conf:filename}
385
rendered = $${directory:etc}/httpd.conf
386
context =
387 388
    section parameters httpd-parameters

389 390 391 392 393 394 395 396 397 398
[apache-httpd]
recipe = slapos.cookbook:wrapper
apache-executable = ${apache:location}/bin/httpd
wrapper-path = $${directory:services}/slaprunner-httpd
command-line = $${:apache-executable} -f $${httpd-conf:rendered} -DFOREGROUND
access-url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global_port}
wait-for-files =
  $${ca-nginx:cert-file}
  $${ca-nginx:key-file}

399 400 401
[logrotate-entry-apache-httpd]
<= logrotate-entry-base
name = apache
Ivan Tyagov's avatar
Ivan Tyagov committed
402
log = $${directory:log}/httpd-access.log $${directory:log}/httpd-error.log
403 404
post = test ! -s $${buildout:directory}/var/run/httpd.pid || $${buildout:directory}/bin/slapos-kill --pidfile $${buildout:directory}/var/run/httpd.pid -s USR1

405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427
[httpd-graceful-wrapper]
recipe = collective.recipe.template
input = inline:
  #!/bin/sh
  exec kill -USR1 $(cat $${httpd-parameters:path_pid})
output = $${directory:scripts}/slaprunner-httpd-graceful
mode = 700

[apache-httpd-promise]
recipe = slapos.cookbook:check_url_available
path = $${directory:promises}/$${:filename}
filename = apache-httpd-listening-on-tcp
url = $${apache-httpd:access-url}
check-secure = 1
dash_path = {{ dash_executable_location }}
curl_path = {{ curl_executable_location }}

[slaprunner-httpd-cors]
recipe = plone.recipe.command
command = if [ ! -f $${:location} ]; then touch $${:location}; fi
location = $${directory:etc}/$${:filename}
filename = slaprunner-httpd-cors.cfg
stop-on-error = true
428

429 430 431 432
#--------------------
#--
#-- WSGI

433
[gunicorn]
434 435 436 437 438 439 440 441
bin_gunicorn = $${directory:bin}/gunicorn
bin_launcher = $${directory:services}/gunicorn
path_shell = ${dash:location}/bin/dash
socket = $${directory:tmp}/flaskserver.sock
path_pid = $${directory:run}/gunicorn.pid

[gunicorn-launcher]
recipe = slapos.cookbook:wrapper
442
command-line = $${gunicorn:bin_gunicorn} slapos.runner.run:app -p $${gunicorn:path_pid} -b unix:$${gunicorn:socket} -e RUNNER_CONFIG=$${slaprunner:slapos.cfg} --error-logfile $${directory:log}/$${:error-log-file} --timeout 200 --threads 3 --log-level error --preload
443
error-log-file = gunicorn-error.log
444
wrapper-path = $${gunicorn:bin_launcher}
445
environment = PATH=$${shell-environment:path}
446
  RUNNER_CONFIG=$${slaprunner:slapos.cfg}
447
  LANG=en_GB.UTF-8
448 449 450

[gunicorn-graceful]
recipe = slapos.cookbook:wrapper
451
command-line = $${directory:bin}/killpidfromfile $${gunicorn:path_pid} SIGHUP
452 453
wrapper-path = $${directory:scripts}/gunicorn-graceful

454
#--------------------
455
#--
456
#-- ssl certificates
457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481

[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = ${openssl:location}/bin/openssl
ca-dir = $${directory:ca-dir}
requests-directory = $${cadirectory:requests}
wrapper = $${directory:services}/certificate_authority
ca-private = $${cadirectory:private}
ca-certs = $${cadirectory:certs}
ca-newcerts = $${cadirectory:newcerts}
ca-crl = $${cadirectory:crl}

[cadirectory]
recipe = slapos.cookbook:mkdirectory
requests = $${directory:ca-dir}/requests/
private = $${directory:ca-dir}/private/
certs = $${directory:ca-dir}/certs/
newcerts = $${directory:ca-dir}/newcerts/
crl = $${directory:ca-dir}/crl/

[ca-nginx]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = $${cadirectory:certs}/nginx_frontend.key
cert-file = $${cadirectory:certs}/nginx_frontend.crt
482 483
executable = $${nginx-launcher:rendered}
wrapper = $${directory:services}/nginx-frontend
484 485 486
# Put domain name
name = example.com

487
#--------------------
488 489
#--
#-- Request frontend
490

491
{% if slapparameter_dict.get('no-ipv4-frontend', 'false') == 'false' -%}
492 493
[request-frontend]
<= slap-connection
494
recipe = slapos.cookbook:requestoptional
495
name = SlapRunner Frontend
496
# XXX We have hardcoded SR URL here.
497
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
498
slave = true
499
config-url = $${slaprunner:access-url}
500
config-domain = $${slap-parameter:frontend-domain}
501
return = site_url domain
502

503 504 505 506 507 508 509 510
[slaprunner-frontend-promise]
recipe = slapos.cookbook:check_url_available
path = $${directory:promises}/slaprunner_frontend
url = https://$${request-frontend:connection-domain}/login
dash_path = ${dash:location}/bin/dash
curl_path = ${curl:location}/bin/curl
check-secure = 1

511 512 513
[request-httpd-frontend]
<= slap-connection
recipe = slapos.cookbook:requestoptional
514 515 516
# XXX - Unfortunately, we still call webrunner httpd frontend "Monitor Frontend" otherwise 
# buildout will ignore previous frontend that was created and create a new one (in case of upgrade)
name = Monitor Frontend
517 518 519 520 521 522 523 524 525 526 527 528 529 530 531
# XXX We have hardcoded SR URL here.
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
slave = true
config-url = $${apache-httpd:access-url}
config-domain = 
return = secure_access domain

[httpd-frontend-promise]
recipe = slapos.cookbook:check_url_available
path = $${directory:promises}/slaprunner-apache-http-frontend
url = $${request-httpd-frontend:connection-secure_access}
dash_path = {{ dash_executable_location }}
curl_path = {{ curl_executable_location }}
check-secure = 1

532
{% endif %}
533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551

[htpasswd]
recipe = slapos.cookbook:generate.password
storage-path = $${directory:etc}/.pwd
bytes = 8

[runner-htpasswd]
recipe = plone.recipe.command
stop-on-error = true
htpasswd-path = $${monitor-directory:etc}/.htpasswd
command = if [ ! -f "$${:htpasswd-path}" ]; then ${apache:location}//bin/htpasswd -cb $${:htpasswd-path} $${:user} $${:password}; fi
update-command = $${:command}
user = admin
{% if slapparameter_dict.get('monitor-password', '') -%}
password = {{ slapparameter_dict['monitor-password'] }}
{% else -%}
password = $${htpasswd:passwd}
{% endif -%}

552
#--------------------------------------
553
#--
554
#-- Send information to SlapOS Master
555

556 557 558
[user-info]
recipe = slapos.cookbook:userinfo

559
[publish-connection-information]
560
recipe = slapos.cookbook:publish
561 562 563
backend-url = $${slaprunner:access-url}
init-user = $${runner-htpasswd:user}
init-password = $${runner-htpasswd:password}
564
ssh-command = ssh $${user-info:pw-name}@$${slap-network-information:global-ipv6} -p $${runner-sshd-port:port}
565 566
git-public-url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global_port}/git-public/
git-private-url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global_port}/git/
567
monitor-base-url = $${monitor-publish-parameters:monitor-base-url}
568 569 570 571 572
{% if slapparameter_dict.get('no-ipv4-frontend', 'false') == 'false' -%}
url =  https://$${request-frontend:connection-domain}
webdav-url = $${request-httpd-frontend:connection-secure_access}/share/
public-url =  $${request-httpd-frontend:connection-secure_access}/public/
{% else %}
573
url =  $${slaprunner:access-url}
574 575 576 577
webdav-url = $${apache-httpd:access-url}/share/
public-url =  $${apache-httpd:access-url}/public/
{% endif %}

578 579
{% if slapparameter_dict.get('instance-type', '') != 'resilient' -%}
{% set monitor_interface_url = slapparameter_dict.get('monitor-interface-url', 'https://monitor.app.officejs.com') -%}
580
monitor-setup-url = {{ monitor_interface_url }}/#page=settings_configurator&url=$${monitor-publish-parameters:monitor-url}&username=$${monitor-publish-parameters:monitor-user}&password=$${monitor-publish-parameters:monitor-password}
581
{% else -%}
582 583 584
monitor-url = $${monitor-publish-parameters:monitor-url}
monitor-user = $${monitor-publish-parameters:monitor-user}
monitor-password = $${monitor-publish-parameters:monitor-password}
585
{% endif -%}
586 587 588
#---------------------------
#--
#-- Deploy promises scripts
Jean-Baptiste Petre's avatar
Jean-Baptiste Petre committed
589

590 591
[slaprunner-promise]
recipe = slapos.cookbook:check_port_listening
592
path = $${directory:promises}/slaprunner
593 594
hostname = $${slaprunner:ipv6}
port = $${slaprunner:runner_port}
Jean-Baptiste Petre's avatar
Jean-Baptiste Petre committed
595

596
[runner-sshd-promise]
597
recipe = slapos.cookbook:check_port_listening
598 599 600
path = $${directory:promises}/runner-sshd
hostname = $${slap-network-information:global-ipv6}
port = $${runner-sshd-port:port}
601

602 603
[symlinks]
recipe = cns.recipe.symlink
604
symlink_target = $${directory:bin}
605
symlink_base = ${buildout:directory}/bin
606 607 608

[slap-parameter]
# Default value if no ssh key is specified
609
user-authorized-key =
610
# Default value of instances number in slaprunner
611
instance-amount = 10
612 613
debug = false
frontend-domain =
614
slapos-repository = https://lab.nexedi.com/nexedi/slapos.git
615
slapos-software =
616
slapos-software-type =
617
slapos-reference = master
618
auto-deploy = false
619
auto-deploy-instance = true
620
autorun = false
621 622
slaprunner-httpd-port = $${:monitor-port}
# XXX - for backward compatibility, monitor-port was for slaprunner httpd server
623
monitor-port = 9686
624
instance-name =
625 626
monitor-cors-domains = 
monitor-interface-url = 
627
# XXX - define a new port for monitor here and use monitor-port for backward compatibility
628
monitor-httpd-port = 8386
629 630 631

[monitor-parameters]
port = $${slap-parameter:monitor-port}
632

633 634
[slapos-cfg]
recipe = slapos.recipe.template:jinja2
635
template = ${template-slapos-cfg:location}/${template-slapos-cfg:filename}
636 637 638
rendered = $${slaprunner:slapos.cfg}
mode = 700
context =
639
  section slaprunner slaprunner
640

641 642
[slapos-test-cfg]
recipe = slapos.recipe.template:jinja2
643
template = ${template-slapos-cfg:location}/${template-slapos-cfg:filename}
644 645 646 647 648
rendered = $${test-runner:slapos.cfg}
mode = 700
context =
  section slaprunner test-runner

649
[shellinabox]
650 651 652 653 654 655 656 657 658 659 660
recipe = slapos.recipe.template:jinja2
# We cannot use slapos.cookbook:wrapper here because this recipe escapes too much
socket = $${directory:run}/siab.sock
mode = 0700
rendered = $${directory:services}/shellinaboxd
template = inline:
  #!/bin/sh
  exec ${shellinabox:location}/bin/shellinaboxd \
    --disable-ssl \
    --disable-ssl-menu \
    --unixdomain-only=$${:socket}:$(id -u):$(id -g):0600 \
661
    --service "/:$(id -u):$(id -g):HOME:$${shell-environment:shell} -l"
662

663
[shell-environment]
664
shell = ${bash:location}/bin/bash
665
path = ${nano:location}/bin:${vim:location}/bin:${screen:location}/bin:${git:location}/bin:${curl:location}/bin:${python2.7:location}/bin:${tig:location}/bin:${zip:location}/bin:${mosh:location}/bin:${bash:location}/bin:$${buildout:directory}/bin/:/usr/bin:/bin/
666

667 668
[prepare-software]
recipe = slapos.cookbook:wrapper
669
command-line = ${curl:location}/bin/curl -g https://[$${slaprunner:ipv6}]:$${slaprunner:runner_port}/isSRReady --max-time 1 --insecure
670 671
wrapper-path = $${directory:scripts}/prepareSoftware

672 673 674 675 676 677 678
[cron-entry-prepare-software]
<= cron
recipe = slapos.cookbook:cron.d
name = prepare-software
frequency = */2 * * * *
command = $${prepare-software:wrapper-path}

679 680 681
[instance-parameters]
recipe = slapos.recipe.template:jinja2
extensions = jinja2.ext.do
682
template = ${template-parameters:location}/${template-parameters:filename}
683 684
rendered = $${directory:etc}/.parameter.xml.default
mode = 0644
685
context =
686 687 688 689 690 691 692 693
  key slapparameter_dict slap-configuration:configuration

[deploy-instance-parameters]
recipe = plone.recipe.command
stop-on-error = true
parameter-xml = $${directory:etc}/.parameter.xml
command = if [ ! -f $${:parameter-xml} ]; then cp $${instance-parameters:rendered} $${:parameter-xml}; fi

694 695 696 697 698 699 700
[instance-software-type]
recipe = plone.recipe.command
stop-on-error = true
# XXX It should not be named with .xml as it is not xml
software-type-path = $${directory:etc}/.software_type.xml
command = if [ ! -f $${:software-type-path} -a "$${slap-parameter:slapos-software-type}" != "" ]; then echo "$${slap-parameter:slapos-software-type}" > $${:software-type-path}; fi

701 702 703 704 705
[instance-software]
recipe = plone.recipe.command
stop-on-error = true
command = SR=$${slap-parameter:slapos-software} && if [ -n "$SR" ] && [ ! -f "$${directory:etc}/.project" ]; then echo workspace/slapos/$${slap-parameter:slapos-software}/ > $${directory:etc}/.project; fi

706 707 708 709 710 711 712 713
[slap-configuration]
recipe = slapos.cookbook:slapconfiguration.serialised
computer = $${slap-connection:computer-id}
partition = $${slap-connection:partition-id}
url = $${slap-connection:server-url}
key = $${slap-connection:key-file}
cert = $${slap-connection:cert-file}

714

715 716 717 718 719 720
[minishell-cwd]
recipe = plone.recipe.command
command = if [ ! -f $${slaprunner:minishell_cwd_file} ]; then echo $${runnerdirectory:home} > $${slaprunner:minishell_cwd_file}; fi
location = $${slaprunner:minishell_cwd_file}
stop-on-error = true

721
[bash-profile]
722 723 724 725
recipe = slapos.recipe.template:jinja2
template = ${template-bash-profile:location}/${template-bash-profile:filename}
rendered = $${buildout:directory}/.bash_profile
context =
726
    raw path $${shell-environment:path}
727
    raw shell $${shell-environment:shell}
728
    key instance_name slap-parameter:instance-name
729
    key workdir runnerdirectory:home
730
    
731 732 733 734
#---------------------------
#--
#-- supervisord managing slaprunner automation features

735
[supervisord]
736
autorestart = false
737 738 739 740
autostart = false
directory = $${buildout:directory}
exitcodes = 0
logfile = $${directory:log}/supervisord.log
741
no_logfile = NONE
742
numprocs = 1
743
path = $${shell-environment:path}
744
pidfile = $${directory:run}/supervisord.pid
745 746
ip = $${slaprunner:ipv4}
server = $${:ip}:$${:port}
747
port = 39986
748
slapgrid-cp = slapgrid-cp
749
slapgrid-cp-command = $${slaprunner:slapos} node instance --all --cfg $${:slapos-cfg} --verbose --logfile $${:slapgrid-cp-log}
750
slapgrid-cp-log = $${runnerdirectory:home}/instance.log
751
slapgrid-cp-startretries = 0
752
slapgrid-sr = slapgrid-sr
753
slapgrid-sr-command = $${slaprunner:slapos} node software --all --cfg $${:slapos-cfg} --verbose --logfile $${:slapgrid-sr-log}
754
slapgrid-sr-log = $${runnerdirectory:home}/software.log
755
slapgrid-sr-startretries = 0
756 757 758
slapproxy = slapproxy
slapproxy-autorestart = true
slapproxy-autostart = true
759
slapproxy-startsecs = 1
760
slapproxy-command = $${slaprunner:slapos} proxy start --logfile $${:slapproxy-log} --cfg $${:slapos-cfg}
761
slapproxy-log = $${directory:log}/slapproxy.log
762 763
socket_name = unix://$${:socket_path}
socket_path = $${directory:tmp}/supervisord.sock
764
startsecs = 0
765 766 767
# This file logs errors from listeners. Supervisord has its own logfile.
# Processes should handle their logs by themselves
stderr_logfile = $${directory:log}/supervisord-errors.log
768
slapos-cfg = $${slaprunner:slapos.cfg}
769 770 771 772 773 774

[supervisord-conf]
recipe = slapos.recipe.template:jinja2
template = ${template-supervisord:location}/${template-supervisord:filename}
rendered = $${directory:etc}/supervisord.conf
context =
775 776
    import multiprocessing multiprocessing
    import builtin __builtin__
777
    section supervisord supervisord
778
    key slapparameter_dict slap-configuration:configuration
779 780 781 782 783 784 785 786 787 788
    key listener_slapgrid listener-slapgrid-bin:rendered

[listener-slapgrid-bin]
recipe = slapos.recipe.template:jinja2
template = ${template-listener-slapgrid:location}/${template-listener-slapgrid:filename}
rendered = $${directory:bin}/listener_slapgrid.py
mode = 0744
context =
    section supervisord supervisord
    section slaprunner slaprunner
789
    raw python_executable ${buildout:directory}/bin/${extra-eggs:interpreter}
790 791 792 793 794 795

[supervisord-wrapper]
recipe = slapos.cookbook:wrapper
command-line = $${buildout:directory}/bin/supervisord -c $${supervisord-conf:rendered} --nodaemon
wrapper-path = $${directory:services}/supervisord

796 797 798
[logrotate-entry-supervisord]
<= logrotate-entry-base
name = supervisord
Ivan Tyagov's avatar
Ivan Tyagov committed
799
log = $${directory:log}/slapproxy.log $${directory:log}/supervisord.log $${directory:log}/supervisord-errors.log
800
post = kill -USR2 $(cat $${buildout:directory}/var/run/supervisord.pid)
801

802 803 804
[logrotate-entry-slapgrid]
<= logrotate-entry-base
name = slapgrid
Ivan Tyagov's avatar
Ivan Tyagov committed
805
log = $${runnerdirectory:home}/instance/*/.slapgrid/log/instance.log $${runnerdirectory:home}/instance/*/.slapgrid/promise/log/*.log
806

807 808 809 810 811 812
[supervisord-promise]
recipe = slapos.cookbook:check_port_listening
path = $${directory:promises}/supervisord
hostname = $${slaprunner:ipv4}
port = $${supervisord:port}

813 814
# XXX Monitor 
[monitor-instance-parameter]
815
monitor-httpd-port = $${slap-parameter:monitor-httpd-port}
816 817 818
{% if slapparameter_dict.get('name', '') -%}
monitor-title = {{ slapparameter_dict['name'] }}
{% endif -%}
819
cors-domains = {{ slapparameter_dict.get('monitor-cors-domains', 'monitor.app.officejs.com') }}
820 821 822
{% if slapparameter_dict.get('monitor-username', '') -%}
username = {{ slapparameter_dict['monitor-username'] }}
{% endif -%}
823
password = $${runner-htpasswd:password}
824
{% if slapparameter_dict.get('monitor-url-list', '') -%}
825
monitor-url-list = {{ slapparameter_dict['monitor-url-list'] }}
826 827
{% endif -%}
instance-configuration =
828
  httpdcors cors-domain $${slaprunner-httpd-cors:location} $${httpd-graceful-wrapper:output}
829
configuration-file-path = $${buildout:directory}/knowledge0.cfg
830

831 832 833
[monitor-check-webrunner-internal-instance]
recipe = slapos.recipe.template:jinja2
template = ${monitor-check-webrunner-internal-instance:location}/${monitor-check-webrunner-internal-instance:filename}
834
rendered = $${monitor-directory:reports}/$${:filename}
835 836 837
filename = monitor-check-webrunner-internal-instance
mode = 0744

838 839 840
## Slapuser slapos command script
[template-slapuser-script]
recipe = slapos.recipe.template:jinja2
841
template = ${template-slapuser-script:location}/${template-slapuser-script:filename}
842 843 844 845 846
rendered = $${buildout:bin-directory}/slapos
mode = 0744
context =
  raw config_location $${slapos-cfg:rendered}
  raw slapos_python_file_location ${buildout:bin-directory}/slapos