diff --git a/stack/lamp/buildout.cfg b/stack/lamp/buildout.cfg index 254a000f8bec239319e4ca72cfb28e7bd5b259df..d75705356b592dc0c57cab1d7ed2c160b5945706 100644 --- a/stack/lamp/buildout.cfg +++ b/stack/lamp/buildout.cfg @@ -76,21 +76,28 @@ strip-top-level-dir = true recipe = slapos.recipe.template url = ${:_profile_base_location_}/instance.cfg output = ${buildout:directory}/template.cfg -md5sum = f4e4cf75225685e1787c0bc6d1c16910 +md5sum = 8117f10e814a13c5376af4c01e6546d4 mode = 0644 [template-apache-php] recipe = slapos.recipe.template url = ${:_profile_base_location_}/instance-apache-php.cfg output = ${buildout:directory}/template-apache-php.cfg -md5sum = 96d226b30e882e1046e37473109d1ece +md5sum = 45bc82dc468e7f418d95c846d1a33d74 +mode = 0644 + +[template-apache-backup] +recipe = slapos.recipe.template +url = ${:_profile_base_location_}/instance-apache-backup.cfg +output = ${buildout:directory}/template-apache-backup.cfg +md5sum = cfb77ac8785e0d125a785f69a5339014 mode = 0644 [template-backuped] recipe = slapos.recipe.template url = ${:_profile_base_location_}/instance-backuped.cfg output = ${buildout:directory}/template-backuped.cfg -md5sum = d2d910986762b52d8ff965292d7c3635 +md5sum = ad19f5e1803debfa34d3b6408cc96637 mode = 0644 [template-mariadb] diff --git a/stack/lamp/instance-apache-backup.cfg b/stack/lamp/instance-apache-backup.cfg new file mode 100644 index 0000000000000000000000000000000000000000..69f14c2fa48acd7e4f7e1b8a48b4351aad3db126 --- /dev/null +++ b/stack/lamp/instance-apache-backup.cfg @@ -0,0 +1,156 @@ +[buildout] + +parts = + urls + apache-proxy + logrotate + logrotate-entry-apache + cron + cron-entry-logrotate + sshkeys-authority + sshkeys-dropbear + dropbear-server + dropbear-server-pbs-authorized-key + +eggs-directory = ${buildout:eggs-directory} +develop-eggs-directory = ${buildout:develop-eggs-directory} +offline = true + +[urls] +recipe = slapos.cookbook:publish +url = http://[$${apache-proxy:ip}]:$${apache-proxy:port}/ +ssh-public-key = $${sshkeys-dropbear:public-key-value} +ssh-url = ssh://nobody@[$${dropbear-server:host}]:$${dropbear-server:port}/$${rdiff-backup-server:path} + +[apache-proxy] +recipe = slapos.cookbook:apacheproxy +url = $${slap-parameter:proxy-url} +pid-file = $${basedirectory:run}/apache.pid +lock-file = $${basedirectory:run}/apache.lock +ip = $${slap-network-information:global-ipv6} +port = 8080 +error-log = $${directory:httpd-log}/error.log +access-log = $${directory:httpd-log}/access.log +httpd-conf = $${rootdirectory:etc}/apache.conf +wrapper = $${basedirectory:services}/apache + +promise = $${basedirectory:promises}/apache + +httpd-binary = ${apache:location}/bin/httpd + +[sshkeys-directory] +recipe = slapos.cookbook:mkdirectory +requests = $${directory:sshkeys}/requests/ +keys = $${directory:sshkeys}/keys/ + +[sshkeys-authority] +recipe = slapos.cookbook:sshkeys_authority +request-directory = $${sshkeys-directory:requests} +keys-directory = $${sshkeys-directory:keys} +wrapper = $${basedirectory:services}/sshkeys_authority +keygen-binary = ${dropbear:location}/bin/dropbearkey + +[sshkeys-dropbear] +<= sshkeys-authority +recipe = slapos.cookbook:sshkeys_authority.request +name = dropbear +type = rsa +executable = $${dropbear-server:wrapper} +public-key = $${dropbear-server:rsa-keyfile}.pub +private-key = $${dropbear-server:rsa-keyfile} +wrapper = $${basedirectory:services}/sshd + +[dropbear-server] +recipe = slapos.cookbook:dropbear +host = $${slap-network-information:global-ipv6} +port = 2222 +home = $${directory:ssh} +wrapper = $${rootdirectory:bin}/raw_sshd +shell = $${rdiff-backup-server:wrapper} +rsa-keyfile = $${directory:ssh}/server_key.rsa +dropbear-binary = ${dropbear:location}/sbin/dropbear + +[dropbear-server-pbs-authorized-key] +<= dropbear-server +recipe = slapos.cookbook:dropbear.add_authorized_key +key = $${slap-parameter:authorized-key} + +[rdiff-backup-server] +recipe = slapos.cookbook:pbs +client = false +path = $${directory:htdocs} +wrapper = $${rootdirectory:bin}/rdiffbackup-server +rdiffbackup-binary = ${buildout:bin-directory}/rdiff-backup + +[logrotate] +recipe = slapos.cookbook:logrotate +# Binaries +logrotate-binary = ${logrotate:location}/usr/sbin/logrotate +gzip-binary = ${gzip:location}/bin/gzip +gunzip-binary = ${gzip:location}/bin/gunzip +# Directories +wrapper = $${rootdirectory:bin}/logrotate +conf = $${rootdirectory:etc}/logrotate.conf +logrotate-entries = $${directory:logrotate-entries} +backup = $${directory:logrotate-backup} +state-file = $${rootdirectory:srv}/logrotate.status + +[logrotate-entry-apache] +<= logrotate +recipe = slapos.cookbook:logrotate.d +name = apache +log = $${apache-proxy:error-log} $${apache-proxy:access-log} +frequency = daily +rotate-num = 30 +sharedscripts = true +notifempty = true +create = true + +[cron] +recipe = slapos.cookbook:cron +dcrond-binary = ${dcron:location}/sbin/crond +cron-entries = $${directory:cron-entries} +crontabs = $${directory:crontabs} +cronstamps = $${directory:cronstamps} +catcher = $${cron-simplelogger:wrapper} +binary = $${basedirectory:services}/crond + +[cron-simplelogger] +recipe = slapos.cookbook:simplelogger +wrapper = $${rootdirectory:bin}/cron_simplelogger +log = $${basedirectory:log}/crond.log + +[cron-entry-logrotate] +<= cron +recipe = slapos.cookbook:cron.d +name = logrotate +frequency = 0 0 * * * +command = $${logrotate:wrapper} + +[rootdirectory] +recipe = slapos.cookbook:mkdirectory +etc = $${buildout:directory}/etc/ +var = $${buildout:directory}/var/ +srv = $${buildout:directory}/srv/ +bin = $${buildout:directory}/bin/ +tmp = $${buildout:directory}/tmp/ + +[basedirectory] +recipe = slapos.cookbook:mkdirectory +log = $${rootdirectory:var}/log/ +services = $${rootdirectory:etc}/run/ +run = $${rootdirectory:var}/run/ +backup = $${rootdirectory:srv}/backup/ +promises = $${rootdirectory:etc}/promise/ + +[directory] +recipe = slapos.cookbook:mkdirectory +htdocs = $${rootdirectory:srv}/www/ +logrotate-entries = $${rootdirectory:etc}/logrotate.d/ +logrotate-backup = $${basedirectory:backup}/logrotate/ +cronstamps = $${rootdirectory:etc}/cronstamps/ +cron-entries = $${rootdirectory:etc}/cron.d/ +crontabs = $${rootdirectory:etc}/crontabs/ +ssh = $${rootdirectory:etc}/ssh/ +sshkeys = $${rootdirectory:srv}/sshkeys +httpd-log = $${basedirectory:log}/apache/ diff --git a/stack/lamp/instance-apache-php.cfg b/stack/lamp/instance-apache-php.cfg index 0f58dd97ccc7f4c2fad01032f4a42d68ac2c1d1f..77e266f21def3d68a1ee1cfbe374e9eb4bb86ea6 100644 --- a/stack/lamp/instance-apache-php.cfg +++ b/stack/lamp/instance-apache-php.cfg @@ -19,9 +19,7 @@ offline = true [url] recipe = slapos.cookbook:publishurl -scheme = http -host = $${apache-php:ip} -port = $${apache-php:port} +url = http://[$${apache-php:ip}]:$${apache-php:port}/ [mariadb-urlparse] recipe = slapos.cookbook:urlparse diff --git a/stack/lamp/instance-backuped.cfg b/stack/lamp/instance-backuped.cfg index b7f34a48127f3f8431368ebe780146c386b89579..6876e6566b2616bb23656d2e2a2caddbbeb32a98 100644 --- a/stack/lamp/instance-backuped.cfg +++ b/stack/lamp/instance-backuped.cfg @@ -6,9 +6,12 @@ extends = parts = request-mariadb request-mariadb-pseudo-replicating + request-apache-backup request-pull-backup-server request-pull-backup-server-mariadb request-pull-backup-server-mariadb-backup + request-pull-backup-server-apache + request-pull-backup-server-apache-backup url apache-php stunnel @@ -19,6 +22,51 @@ parts = logrotate-entry-stunnel cron cron-entry-logrotate + dropbear-server-pbs-authorized-key + +[sshkeys-directory] +recipe = slapos.cookbook:mkdirectory +requests = $${directory:sshkeys}/requests/ +keys = $${directory:sshkeys}/keys/ + +[sshkeys-authority] +recipe = slapos.cookbook:sshkeys_authority +request-directory = $${sshkeys-directory:requests} +keys-directory = $${sshkeys-directory:keys} +wrapper = $${basedirectory:services}/sshkeys_authority +keygen-binary = ${dropbear:location}/bin/dropbearkey + +[sshkeys-dropbear] +<= sshkeys-authority +recipe = slapos.cookbook:sshkeys_authority.request +name = dropbear +type = rsa +executable = $${dropbear-server:wrapper} +public-key = $${dropbear-server:rsa-keyfile}.pub +private-key = $${dropbear-server:rsa-keyfile} +wrapper = $${basedirectory:services}/sshd + +[dropbear-server] +recipe = slapos.cookbook:dropbear +host = $${slap-network-information:global-ipv6} +port = 2222 +home = $${directory:ssh} +wrapper = $${rootdirectory:bin}/raw_sshd +shell = $${rdiff-backup-server:wrapper} +rsa-keyfile = $${directory:ssh}/server_key.rsa +dropbear-binary = ${dropbear:location}/sbin/dropbear + +[dropbear-server-pbs-authorized-key] +<= dropbear-server +recipe = slapos.cookbook:dropbear.add_authorized_key +key = $${request-pull-backup-server:connection-ssh-key} + +[rdiff-backup-server] +recipe = slapos.cookbook:pbs +client = false +path = $${directory:htdocs} +wrapper = $${rootdirectory:bin}/rdiffbackup-server +rdiffbackup-binary = ${buildout:bin-directory}/rdiff-backup [request-pull-backup-server] <= slap-connection @@ -31,7 +79,6 @@ slave = false [request-mariadb] software-type = mariadb-pbsready-export -id = $${slap-parameter:mariadb-id} config = authorized-key notify config-authorized-key = $${request-pull-backup-server:connection-ssh-key} config-notify = $${request-pull-backup-server:connection-notification-url} @@ -40,9 +87,7 @@ return = url ssh-public-key ssh-url notification-id [request-mariadb-pseudo-replicating] <= slap-connection recipe = slapos.cookbook:request -name = $${request-mariadb:name} -id = $${request-mariadb:id} -id-increment = 1 +name = MariaDB Backup software-url = $${slap-connection:software-release-url} software-type = mariadb-pbsready-import return = url ssh-public-key ssh-url notification-url @@ -51,10 +96,51 @@ config-authorized-key = $${request-pull-backup-server:connection-ssh-key} pbs-notification-id = $${slap-connection:computer-id}-$${slap-connection:partition-id}-mariadb-push config-on-notification = $${request-pull-backup-server:connection-feeds-url}$${:pbs-notification-id} +[request-apache-backup] +<= slap-connection +recipe = slapos.cookbook:request +name = Apache Backup +software-url = $${slap-connection:software-release-url} +software-type = apache-backup +return = url ssh-url ssh-public-key +config = authorized-key proxy-url +config-authorized-key = $${request-pull-backup-server:connection-ssh-key} +config-proxy-url = $${url:url} + +[request-pull-backup-server-apache] +<= request-pull-backup-server + slap-connection +recipe = slapos.cookbook:request +name = PBS pulling from Apache +software-url = $${slap-connection:software-release-url} +config = url name type server-key notify notification-id frequency +config-url = ssh://nobody@[$${dropbear-server:host}]:$${dropbear-server:port}/$${rdiff-backup-server:path} +config-name = $${slap-connection:computer-id}-$${slap-connection:partition-id}-apache +config-type = pull +config-server-key = $${sshkeys-dropbear:public-key-value} +config-notify = $${request-pull-backup-server:connection-notification-url} +config-notification-id = $${slap-connection:computer-id}-$${slap-connection:partition-id}-apache-pull +config-frequency = 30 * * * * +slave = true + +[request-pull-backup-server-apache-backup] +<= request-pull-backup-server + slap-connection +recipe = slapos.cookbook:request +name = PBS pushing to $${request-apache-backup:name} +software-url = $${slap-connection:software-release-url} +config = url name type server-key on-notification +config-url = $${request-apache-backup:connection-ssh-url} +config-name = $${request-pull-backup-server-apache:config-name} +config-type = push +config-server-key = $${request-apache-backup:connection-ssh-public-key} +config-on-notification = $${request-pull-backup-server:connection-feeds-url}$${request-pull-backup-server-apache:config-notification-id} +slave = true + [request-pull-backup-server-mariadb] <= request-pull-backup-server slap-connection -name = PBS pulling from MariaDB (backuped) +name = PBS pulling from $${request-mariadb:name} config = url name type server-key on-notification notify notification-id title config-url = $${request-mariadb:connection-ssh-url} config-name = $${slap-connection:computer-id}-$${slap-connection:partition-id}-mariadb @@ -69,10 +155,10 @@ slave = true [request-pull-backup-server-mariadb-backup] <= request-pull-backup-server slap-connection -name = PBS pushing on MariaDB (ready to use backup) +name = PBS pushing on $${request-mariadb-pseudo-replicating:name} config = url name type server-key on-notification notify notification-id title config-url = $${request-mariadb-pseudo-replicating:connection-ssh-url} -config-name = $${slap-connection:computer-id}-$${slap-connection:partition-id}-mariadb +config-name = $${request-pull-backup-server-mariadb:config-name} config-type = push config-server-key = $${request-mariadb-pseudo-replicating:connection-ssh-public-key} config-on-notification = $${request-pull-backup-server:connection-feeds-url}$${request-pull-backup-server-mariadb:config-notification-id} @@ -80,3 +166,7 @@ config-notify = $${request-mariadb-pseudo-replicating:connection-notification-ur config-notification-id = $${request-mariadb-pseudo-replicating:pbs-notification-id} config-title = Pushing to MariaDB backup slave = true + +[directory] +ssh = $${rootdirectory:etc}/ssh/ +sshkeys = $${rootdirectory:srv}/sshkeys diff --git a/stack/lamp/instance.cfg b/stack/lamp/instance.cfg index 93dbffeb001e3ffea94474450b83576a3f068225..be6cc34ffb40c17e46aaea2e390aa435adff9712 100644 --- a/stack/lamp/instance.cfg +++ b/stack/lamp/instance.cfg @@ -14,3 +14,4 @@ mariadb = ${template-mariadb:output} mariadb-pbsready-import = ${template-mariadb-pbsready-import:output} mariadb-pbsready-export = ${template-mariadb-pbsready-export:output} pull-backup = ${template-pull-backup:output} +apache-backup = ${template-apache-backup:output}