Commit d36b2da7 authored by Guillaume Hervier's avatar Guillaume Hervier

stack/monitor: Add auto-restart on certificate-authority section

/reviewed-on !499
parent 139a2d9c
...@@ -14,4 +14,4 @@ ...@@ -14,4 +14,4 @@
# not need these here). # not need these here).
[monitor2-template] [monitor2-template]
filename = instance-monitor.cfg.jinja2.in filename = instance-monitor.cfg.jinja2.in
md5sum = 0713a3987d11dc60649d8105ec9746f4 md5sum = 3b3acb2291fc7458bb11efc80a5aba27
...@@ -51,12 +51,18 @@ recipe = slapos.cookbook:certificate_authority ...@@ -51,12 +51,18 @@ recipe = slapos.cookbook:certificate_authority
openssl-binary = {{ openssl_executable_location }} openssl-binary = {{ openssl_executable_location }}
ca-dir = ${ca-directory:root} ca-dir = ${ca-directory:root}
requests-directory = ${ca-directory:requests} requests-directory = ${ca-directory:requests}
wrapper = ${directory:services}/certificate_authority wrapper = ${directory:bin}/certificate_authority
ca-private = ${ca-directory:private} ca-private = ${ca-directory:private}
ca-certs = ${ca-directory:certs} ca-certs = ${ca-directory:certs}
ca-newcerts = ${ca-directory:newcerts} ca-newcerts = ${ca-directory:newcerts}
ca-crl = ${ca-directory:crl} ca-crl = ${ca-directory:crl}
[certificate-authority-service]
recipe = slapos.cookbook:wrapper
command-line = ${certificate-authority:wrapper}
wrapper-path = ${directory:services}/certificate_authority
hash-files = ${buildout:directory}/software_release/buildout.cfg
[ca-monitor-httpd] [ca-monitor-httpd]
<= certificate-authority <= certificate-authority
recipe = slapos.cookbook:certificate_authority.request recipe = slapos.cookbook:certificate_authority.request
...@@ -84,12 +90,12 @@ log-folder = ${monitor-directory:log} ...@@ -84,12 +90,12 @@ log-folder = ${monitor-directory:log}
document-folder = ${monitor-directory:documents} document-folder = ${monitor-directory:documents}
pid-file = ${monitor-directory:pids}/monitor-bootstrap.pid pid-file = ${monitor-directory:pids}/monitor-bootstrap.pid
public-path-list = public-path-list =
private-path-list = ${directory:log} private-path-list = ${directory:log}
monitor-url-list = ${monitor-instance-parameter:monitor-url-list} monitor-url-list = ${monitor-instance-parameter:monitor-url-list}
parameter-file-path = ${monitor-instance-parameter:configuration-file-path} parameter-file-path = ${monitor-instance-parameter:configuration-file-path}
parameter-list = parameter-list =
raw monitor-user ${monitor-instance-parameter:username} raw monitor-user ${monitor-instance-parameter:username}
htpasswd monitor-password ${httpd-monitor-htpasswd:password-file} ${monitor-instance-parameter:username} ${httpd-monitor-htpasswd:htpasswd-path} htpasswd monitor-password ${httpd-monitor-htpasswd:password-file} ${monitor-instance-parameter:username} ${httpd-monitor-htpasswd:htpasswd-path}
file min-free-disk-MB ${promise-check-free-disk-space:config-threshold-file} file min-free-disk-MB ${promise-check-free-disk-space:config-threshold-file}
...@@ -144,8 +150,8 @@ stop-on-error = true ...@@ -144,8 +150,8 @@ stop-on-error = true
password-file = ${directory:etc}/.monitor_pwd password-file = ${directory:etc}/.monitor_pwd
htpasswd-path = ${monitor-directory:etc}/monitor-htpasswd htpasswd-path = ${monitor-directory:etc}/monitor-htpasswd
# Keep multiple lines as password can end with newline char. # Keep multiple lines as password can end with newline char.
command = command =
if [ ! -s "${:htpasswd-path}" ]; then if [ ! -s "${:htpasswd-path}" ]; then
{{ apache_location }}/bin/htpasswd -cb ${:htpasswd-path} ${:user} ${:password} {{ apache_location }}/bin/htpasswd -cb ${:htpasswd-path} ${:user} ${:password}
fi fi
if [ ! -s "${:password-file}" ]; then echo "${monitor-instance-parameter:password}" > ${:password-file}; fi if [ ! -s "${:password-file}" ]; then echo "${monitor-instance-parameter:password}" > ${:password-file}; fi
...@@ -170,7 +176,7 @@ key-file = ${ca-directory:certs}/httpd.key ...@@ -170,7 +176,7 @@ key-file = ${ca-directory:certs}/httpd.key
htpasswd-file = ${httpd-monitor-htpasswd:htpasswd-path} htpasswd-file = ${httpd-monitor-htpasswd:htpasswd-path}
url = https://[${monitor-instance-parameter:monitor-httpd-ipv6}]:${:port} url = https://[${monitor-instance-parameter:monitor-httpd-ipv6}]:${:port}
httpd-cors-config-file = ${monitor-httpd-cors:rendered} httpd-cors-config-file = ${monitor-httpd-cors:rendered}
httpd-include-file = httpd-include-file =
[monitor-httpd-conf] [monitor-httpd-conf]
recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
...@@ -224,7 +230,7 @@ mode = 700 ...@@ -224,7 +230,7 @@ mode = 700
[promise-monitor-httpd-is-process-older-than-dependency-set] [promise-monitor-httpd-is-process-older-than-dependency-set]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
command-line = {{ bin_directory }}/is-process-older-than-dependency-set ${monitor-httpd-conf-parameter:pid-file} command-line = {{ bin_directory }}/is-process-older-than-dependency-set ${monitor-httpd-conf-parameter:pid-file}
wrapper-path = ${directory:promises}/promise-monitor-httpd-is-process-older-than-dependency-set wrapper-path = ${directory:promises}/promise-monitor-httpd-is-process-older-than-dependency-set
[monitor-globalstate-wrapper] [monitor-globalstate-wrapper]
...@@ -362,7 +368,7 @@ recipe = slapos.cookbook:promise.plugin ...@@ -362,7 +368,7 @@ recipe = slapos.cookbook:promise.plugin
eggs = eggs =
slapos.toolbox slapos.toolbox
file = ${monitor-conf-parameters:promise-output-file} file = ${monitor-conf-parameters:promise-output-file}
content = content =
from slapos.promise.plugin.monitor_bootstrap_status import RunPromise from slapos.promise.plugin.monitor_bootstrap_status import RunPromise
output = ${directory:plugins}/monitor-bootstrap-status.py output = ${directory:plugins}/monitor-bootstrap-status.py
mode = 600 mode = 600
...@@ -375,7 +381,7 @@ recipe = slapos.cookbook:promise.plugin ...@@ -375,7 +381,7 @@ recipe = slapos.cookbook:promise.plugin
eggs = eggs =
slapos.toolbox slapos.toolbox
output = ${directory:plugins}/buildout-${slap-connection:partition-id}-status.py output = ${directory:plugins}/buildout-${slap-connection:partition-id}-status.py
content = content =
from slapos.promise.plugin.check_partition_deployment_state import RunPromise from slapos.promise.plugin.check_partition_deployment_state import RunPromise
config-monitor-url = ${monitor-instance-parameter:monitor-base-url} config-monitor-url = ${monitor-instance-parameter:monitor-base-url}
mode = 600 mode = 600
...@@ -385,7 +391,7 @@ recipe = slapos.cookbook:promise.plugin ...@@ -385,7 +391,7 @@ recipe = slapos.cookbook:promise.plugin
eggs = eggs =
slapos.toolbox slapos.toolbox
output = ${directory:plugins}/check-free-disk-space.py output = ${directory:plugins}/check-free-disk-space.py
content = content =
from slapos.promise.plugin.check_free_disk_space import RunPromise from slapos.promise.plugin.check_free_disk_space import RunPromise
mode = 600 mode = 600
config-collectordb = ${monitor-instance-parameter:collector-db} config-collectordb = ${monitor-instance-parameter:collector-db}
...@@ -396,7 +402,7 @@ config-threshold-file = ${directory:etc}/min-free-disk-size ...@@ -396,7 +402,7 @@ config-threshold-file = ${directory:etc}/min-free-disk-size
# create dependencies between required monitor parts # create dependencies between required monitor parts
recipe = plone.recipe.command recipe = plone.recipe.command
command = true command = true
update-command = update-command =
base-url = ${monitor-conf-parameters:base-url} base-url = ${monitor-conf-parameters:base-url}
depends = depends =
${monitor-globalstate-cron-entry:name} ${monitor-globalstate-cron-entry:name}
...@@ -404,7 +410,7 @@ depends = ...@@ -404,7 +410,7 @@ depends =
${monitor-collect-cron-entry:name} ${monitor-collect-cron-entry:name}
${cron-entry-logrotate:name} ${cron-entry-logrotate:name}
${logrotate-entry-cron:name} ${logrotate-entry-cron:name}
${certificate-authority:wrapper} ${certificate-authority-service:wrapper}
${monitor-conf:rendered} ${monitor-conf:rendered}
${start-monitor:wrapper-path} ${start-monitor:wrapper-path}
${ca-monitor-httpd-service:wrapper-path} ${ca-monitor-httpd-service:wrapper-path}
...@@ -424,5 +430,5 @@ monitor-setup-url = ${monitor-instance-parameter:interface-url}/#page=settings_c ...@@ -424,5 +430,5 @@ monitor-setup-url = ${monitor-instance-parameter:interface-url}/#page=settings_c
[buildout] [buildout]
extends = extends =
{{ template_logrotate_base }} {{ template_logrotate_base }}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment