[buildout] parts = urls postgres-instance postgres-promise stunnel certificate-authority ca-stunnel logrotate logrotate-entry-stunnel logrotate-entry-cron cron cron-entry-logrotate slapmonitor slapmonitor-xml gzip-binary = ${gzip:location}/bin/gzip # Define egg directories to be the one from Software Release # (/opt/slapgrid/...) eggs-directory = ${buildout:eggs-directory} develop-eggs-directory = ${buildout:develop-eggs-directory} offline = true #---------------- #-- #-- Creation of all needed directories. [rootdirectory] recipe = slapos.cookbook:mkdirectory etc = $${buildout:directory}/etc var = $${buildout:directory}/var srv = $${buildout:directory}/srv bin = $${buildout:directory}/bin [basedirectory] recipe = slapos.cookbook:mkdirectory log = $${rootdirectory:var}/log services = $${rootdirectory:etc}/service run = $${rootdirectory:var}/run script = $${rootdirectory:etc}/script backup = $${rootdirectory:srv}/backup promises = $${rootdirectory:etc}/promise [directory] recipe = slapos.cookbook:mkdirectory cron-entries = $${rootdirectory:etc}/cron.d crontabs = $${rootdirectory:etc}/crontabs cronstamps = $${rootdirectory:etc}/cronstamps ca-dir = $${rootdirectory:srv}/ssl logrotate-backup = $${basedirectory:backup}/logrotate report = $${rootdirectory:etc}/report stunnel-conf = $${rootdirectory:etc}/stunnel logrotate-entries = $${rootdirectory:etc}/logrotate.d xml-report = $${rootdirectory:var}/xml_report #---------------- #-- #-- Deploy cron. [cron] recipe = slapos.cookbook:cron dcrond-binary = ${dcron:location}/sbin/crond cron-entries = $${directory:cron-entries} crontabs = $${directory:crontabs} cronstamps = $${directory:cronstamps} catcher = $${cron-simplelogger:wrapper} binary = $${basedirectory:services}/crond [cron-simplelogger] recipe = slapos.cookbook:simplelogger wrapper = $${rootdirectory:bin}/cron_simplelogger log = $${basedirectory:log}/crond.log #---------------- #-- #-- Deploy logrotate. [cron-entry-logrotate] <= cron recipe = slapos.cookbook:cron.d name = logrotate frequency = 0 0 * * * command = $${logrotate:wrapper} [logrotate] recipe = slapos.cookbook:logrotate # Binaries logrotate-binary = ${logrotate:location}/usr/sbin/logrotate gzip-binary = $${buildout:gzip-binary} gunzip-binary = ${gzip:location}/bin/gunzip # Directories wrapper = $${rootdirectory:bin}/logrotate conf = $${rootdirectory:etc}/logrotate.conf logrotate-entries = $${directory:logrotate-entries} backup = $${directory:logrotate-backup} state-file = $${rootdirectory:srv}/logrotate.status [logrotate-entry-stunnel] <= logrotate recipe = slapos.cookbook:logrotate.d name = stunnel log = $${stunnel:log-file} frequency = daily rotate-num = 30 notifempty = true create = true post = $${stunnel:post-rotate-script} [logrotate-entry-cron] <= logrotate recipe =slapos.cookbook:logrotate.d name = crond log = $${cron-simplelogger:log} frequency = daily rotate-num = 30 notifempty = true create = true #---------------- #-- #-- Deploy stunnel. [stunnel] recipe = slapos.cookbook:stunnel stunnel-binary = ${stunnel:location}/bin/stunnel wrapper = $${rootdirectory:bin}/stunnel log-file = $${basedirectory:log}/stunnel.log config-file = $${directory:stunnel-conf}/stunnel.conf key-file = $${directory:stunnel-conf}/stunnel.key cert-file = $${directory:stunnel-conf}/stunnel.crt pid-file = $${basedirectory:run}/stunnel.pid local-host = $${instance-parameters:ipv4_random} local-port = $${postgres-instance:port} remote-host = $${instance-parameters:ipv6_random} remote-port = 6446 client = false post-rotate-script = $${rootdirectory:bin}/stunnel_post_rotate #---------------- #-- #-- Certificate stuff. [certificate-authority] recipe = slapos.cookbook:certificate_authority openssl-binary = ${openssl:location}/bin/openssl ca-dir = $${directory:ca-dir} requests-directory = $${cadirectory:requests} wrapper = $${basedirectory:services}/ca ca-private = $${cadirectory:private} ca-certs = $${cadirectory:certs} ca-newcerts = $${cadirectory:newcerts} ca-crl = $${cadirectory:crl} [cadirectory] recipe = slapos.cookbook:mkdirectory requests = $${directory:ca-dir}/requests/ private = $${directory:ca-dir}/private/ certs = $${directory:ca-dir}/certs/ newcerts = $${directory:ca-dir}/newcerts/ crl = $${directory:ca-dir}/crl/ #---------------- #-- #-- Creates a Postgres cluster, configuration files, and a database. [postgres-instance] recipe = slapos.cookbook:postgres ipv6 = $${instance-parameters:ipv6} ipv4 = $${instance-parameters:ipv4} ipv6_random = $${instance-parameters:ipv6_random} superuser = postgres port = 5432 dbname = db # pgdata_directory is created by initdb, and should not exist beforehand. pgdata-directory = $${rootdirectory:var}/data backup-directory = $${basedirectory:backup}/postgres bin = ${postgresql:location}/bin services = $${basedirectory:services} [ca-stunnel] <= certificate-authority recipe = slapos.cookbook:certificate_authority.request executable = $${stunnel:wrapper} wrapper = $${basedirectory:services}/stunnel key-file = $${stunnel:key-file} cert-file = $${stunnel:cert-file} #---------------- #-- #-- Deploy slapmonitor. [slapmonitor] recipe = slapos.cookbook:slapmonitor pid-file = $${postgres-instance:pgdata-directory}/postmaster.pid database-path = $${basedirectory:log}/slapmonitor.db slapmonitor-path = ${buildout:bin-directory}/slapmonitor path = $${basedirectory:services}/slapmonitor [slapmonitor-xml] recipe = slapos.cookbook:slapmonitor-xml database-path = $${basedirectory:log}/slapmonitor.db slapmonitor-xml-path = ${buildout:bin-directory}/slapmonitor-xml path = $${directory:report}/slapmonitor-xml #---------------- #-- #-- Deploy promise scripts. [postgres-promise] recipe = slapos.cookbook:check_port_listening path = $${basedirectory:promises}/postgres hostname = $${instance-parameters:ipv6_random} port = $${postgres-instance:port} #---------------- #-- #-- Publish instance parameters. [urls] recipe = slapos.cookbook:publish url = $${postgres-instance:url} ip = $${instance-parameters:ipv6_random} #---------------- #-- #-- Fetches parameters defined in SlapOS Master for this instance [instance-parameters] recipe = slapos.cookbook:slapconfiguration computer = $${slap-connection:computer-id} partition = $${slap-connection:partition-id} url = $${slap-connection:server-url} key = $${slap-connection:key-file} cert = $${slap-connection:cert-file}