software/apache-frontend/instance-apache-frontend.cfg

   1 [buildout]
   2 parts =
   3   directory
   4   configtest
   5   logrotate
   6   cron
   7   cron-entry-logrotate
   8   ca-frontend
   9   certificate-authority
  10   logrotate-entry-apache
  11   logrotate-entry-apache-cached
  12   logrotate-entry-squid
  13   apache-frontend
  14   apache-cached
  15   switch-apache-softwaretype
  16   frontend-apache-graceful
  17   cached-apache-graceful
  18   squid-service
  19   squid-prepare
  20   squid-reload
  21   promise-squid
  22   dynamic-template-default-vh
  23   not-found-html
  24   promise-apache-frontend-v4-https
  25   promise-apache-frontend-v4-http
  26   promise-apache-frontend-v6-https
  27   promise-apache-frontend-v6-http
  28   promise-apache-cached
  29
  30
  31 eggs-directory = ${buildout:eggs-directory}
  32 develop-eggs-directory = ${buildout:develop-eggs-directory}
  33 offline = true
  34
  35 # Create all needed directories
  36 [directory]
  37 recipe = slapos.cookbook:mkdirectory
  38
  39 bin = $${buildout:directory}/bin/
  40 etc = $${buildout:directory}/etc/
  41 srv = $${buildout:directory}/srv/
  42 var = $${buildout:directory}/var/
  43 template = $${buildout:directory}/template/
  44
  45 backup = $${:srv}/backup
  46 log = $${:var}/log
  47 run = $${:var}/run
  48 service = $${:etc}/service
  49 etc-run = $${:etc}/run
  50 promise = $${:etc}/promise
  51
  52 logrotate-backup = $${:backup}/logrotate
  53 logrotate-entries = $${:etc}/logrotate.d
  54
  55 cron-entries = $${:etc}/cron.d
  56 crontabs = $${:etc}/crontabs
  57 cronstamps = $${:etc}/cronstamps
  58 ca-dir = $${:srv}/ssl
  59
  60 [switch-apache-softwaretype]
  61 recipe = slapos.cookbook:softwaretype
  62 single-default = $${dynamic-default-template-slave-list:rendered}
  63 single-custom-personal = $${dynamic-custom-personal-template-slave-list:rendered}
  64 single-custom-group = $${dynamic-custom-group-template-slave-list:rendered}
  65
  66 [instance-parameter]
  67 # Fetches parameters defined in SlapOS Master for this instance.
  68 # Always the same.
  69 recipe = slapos.cookbook:slapconfiguration.serialised
  70 computer = $${slap-connection:computer-id}
  71 partition = $${slap-connection:partition-id}
  72 url = $${slap-connection:server-url}
  73 key = $${slap-connection:key-file}
  74 cert = $${slap-connection:cert-file}
  75 # Define default parameter(s) that will be used later, in case user didn't
  76 # specify it
  77 # All parameters are available through the configuration.XX syntax.
  78 # All possible parameters should have a default.
  79 configuration.domain = example.org
  80 configuration.public-ipv4 =
  81 configuration.port = 4443
  82 configuration.plain_http_port = 8080
  83 configuration.server-admin = admin@example.com
  84 configuration.apache_custom_https = ""
  85 configuration.apache_custom_http = ""
  86 configuration.apache-key =
  87 configuration.apache-certificate =
  88 configuration.open-port = 80 443
  89 configuration.extra_slave_instance_list =
  90
  91 [frontend-configuration]
  92 template-log-access = ${template-log-access:target}
  93 log-access-configuration = $${directory:etc}/apache-log-access.conf
  94 apache-directory = ${apache-2.2:location}
  95 apache-ipv6 = $${instance-parameter:ipv6-random}
  96 apache-https-port = $${instance-parameter:configuration.port}
  97
  98 [jinja2-template-base]
  99 recipe = slapos.recipe.template:jinja2
 100 rendered = $${buildout:directory}/$${:filename}
 101 extra-context =
 102 context =
 103     import json_module json
 104     key eggs_directory buildout:eggs-directory
 105     key develop_eggs_directory buildout:develop-eggs-directory
 106     key slap_software_type instance-parameter:slap-software-type
 107     key slapparameter_dict instance-parameter:configuration
 108     $${:extra-context}
 109
 110 [dynamic-template-default-vh]
 111 < = jinja2-template-base
 112 template = ${template-default-virtualhost:target}
 113 rendered = $${apache-directory:slave-configuration}/000.conf
 114 extensions = jinja2.ext.do
 115 extra-context =
 116     key http_port instance-parameter:configuration.plain_http_port
 117     key https_port instance-parameter:configuration.port
 118
 119 [dynamic-custom-personal-template-slave-list]
 120 < = jinja2-template-base
 121 template = ${template-slave-list:target}
 122 filename = custom-personal-instance-slave-list.cfg
 123 extensions = jinja2.ext.do
 124 extra-context =
 125     key apache_configuration_directory apache-directory:slave-configuration
 126     key http_port instance-parameter:configuration.plain_http_port
 127     key https_port instance-parameter:configuration.port
 128     key public_ipv4 instance-parameter:configuration.public-ipv4
 129     key slave_instance_list instance-parameter:slave-instance-list
 130     key extra_slave_instance_list instance-parameter:configuration.extra_slave_instance_list
 131     key rewrite_cached_configuration apache-configuration:cached-rewrite-file
 132     key custom_ssl_directory apache-directory:vh-ssl
 133     key apache_log_directory apache-directory:slave-log
 134     key local_ipv4 instance-parameter:ipv4-random
 135     key cache_port apache-configuration:cache-port
 136     raw empty_template ${template-empty:target}
 137     raw template_slave_configuration ${template-slave-configuration:target}
 138     raw template_rewrite_cached ${template-rewrite-cached:target}
 139     raw software_type single-custom-personal
 140     section logrotate_dict logrotate
 141     section frontend_configuration frontend-configuration
 142     section apache_configuration apache-configuration
 143
 144 [dynamic-custom-group-template-slave-list]
 145 < = jinja2-template-base
 146 template = ${template-custom-slave-list:target}
 147 filename = custom-group-instance-slave-list.cfg
 148 extensions = jinja2.ext.do
 149 extra-context =
 150     key apache_configuration_directory apache-directory:slave-configuration
 151     key domain instance-parameter:configuration.domain
 152     key http_port instance-parameter:configuration.plain_http_port
 153     key https_port instance-parameter:configuration.port
 154     key public_ipv4 instance-parameter:configuration.public-ipv4
 155     key slave_instance_list instance-parameter:slave-instance-list
 156     key extra_slave_instance_list instance-parameter:configuration.extra_slave_instance_list
 157     key rewrite_cached_configuration apache-configuration:cached-rewrite-file
 158     key custom_ssl_directory apache-directory:vh-ssl
 159     key template_slave_configuration dynamic-virtualhost-template-slave:rendered
 160     key apache_log_directory apache-directory:slave-log
 161     key local_ipv4 instance-parameter:ipv4-random
 162     key cache_port apache-configuration:cache-port
 163     raw empty_template ${template-empty:target}
 164     raw template_rewrite_cached ${template-rewrite-cached:target}
 165     raw software_type single-custom-group
 166
 167 [dynamic-default-template-slave-list]
 168 < = jinja2-template-base
 169 template = ${template-custom-slave-list:target}
 170 filename = default-instance-slave-list.cfg
 171 extensions = jinja2.ext.do
 172 extra-context =
 173     key apache_configuration_directory apache-directory:slave-configuration
 174     key domain instance-parameter:configuration.domain
 175     key http_port instance-parameter:configuration.plain_http_port
 176     key https_port instance-parameter:configuration.port
 177     key public_ipv4 instance-parameter:configuration.public-ipv4
 178     key slave_instance_list instance-parameter:slave-instance-list
 179     key extra_slave_instance_list instance-parameter:configuration.extra_slave_instance_list
 180     key rewrite_cached_configuration apache-configuration:cached-rewrite-file
 181     key custom_ssl_directory apache-directory:vh-ssl
 182     key apache_log_directory apache-directory:slave-log
 183     key local_ipv4 instance-parameter:ipv4-random
 184     key cache_port apache-configuration:cache-port
 185     raw template_slave_configuration ${template-default-slave-virtualhost:target}
 186     raw empty_template ${template-empty:target}
 187     raw template_rewrite_cached ${template-rewrite-cached:target}
 188     raw software_type single-default
 189 # XXXX Hack to allow two software types
 190
 191 [dynamic-virtualhost-template-slave]
 192 <= jinja2-template-base
 193 template = ${template-slave-configuration:target}
 194 rendered = $${directory:template}/slave-virtualhost.conf.in
 195 extensions = jinja2.ext.do
 196 extra-context =
 197     key https_port instance-parameter:configuration.port
 198     key http_port instance-parameter:configuration.plain_http_port
 199     key apache_custom_https instance-parameter:configuration.apache_custom_https
 200     key apache_custom_http instance-parameter:configuration.apache_custom_http
 201
 202 # Deploy Apache Frontend (new way, no recipe, jinja power)
 203 [dynamic-apache-frontend-template]
 204 < = jinja2-template-base
 205 template = ${template-apache-frontend-configuration:target}
 206 rendered = $${apache-configuration:frontend-configuration}
 207 extra-context =
 208     raw httpd_home ${apache-2.2:location}
 209     key httpd_mod_ssl_cache_directory apache-directory:mod-ssl
 210     key domain instance-parameter:configuration.domain
 211     key document_root apache-directory:document-root
 212     key instance_home buildout:directory
 213     key ipv4_addr instance-parameter:ipv4-random
 214     key ipv6_addr instance-parameter:ipv6-random
 215     key http_port instance-parameter:configuration.plain_http_port
 216     key https_port instance-parameter:configuration.port
 217     key server_admin instance-parameter:configuration.server-admin
 218     key protected_path apache-configuration:protected-path
 219     key access_control_string apache-configuration:access-control-string
 220     key login_certificate ca-frontend:cert-file
 221     key login_key ca-frontend:key-file
 222     key ca_dir  certificate-authority:ca-dir
 223     key ca_crl certificate-authority:ca-crl
 224     key access_log apache-configuration:access-log
 225     key error_log apache-configuration:error-log
 226     key pid_file apache-configuration:pid-file
 227     key slave_configuration_directory apache-directory:slave-configuration
 228     section frontend_configuration frontend-configuration
 229
 230 [apache-frontend]
 231 recipe = slapos.cookbook:wrapper
 232 command-line = ${apache-2.2:location}/bin/httpd -f $${dynamic-apache-frontend-template:rendered} -DFOREGROUND
 233 wrapper-path = $${directory:service}/frontend_apache
 234 wait-for-files =
 235                $${ca-frontend:cert-file}
 236                $${ca-frontend:key-file}
 237
 238 # Deploy Apache for cached website
 239 [dynamic-apache-cached-template]
 240 < = jinja2-template-base
 241 template = ${template-apache-cached-configuration:target}
 242 rendered = $${apache-configuration:cached-configuration}
 243 extra-context =
 244     raw httpd_home ${apache-2.2:location}
 245     key httpd_mod_ssl_cache_directory apache-directory:mod-ssl
 246     key domain instance-parameter:configuration.domain
 247     key document_root apache-directory:document-root
 248     key instance_home buildout:directory
 249     key ipv4_addr instance-parameter:ipv4-random
 250     key cached_port apache-configuration:cache-through-port
 251     key server_admin instance-parameter:configuration.server-admin
 252     key protected_path apache-configuration:protected-path
 253     key access_control_string apache-configuration:access-control-string
 254     key login_certificate ca-frontend:cert-file
 255     key login_key ca-frontend:key-file
 256     key ca_dir  certificate-authority:ca-dir
 257     key ca_crl certificate-authority:ca-crl
 258     key access_log apache-configuration:cache-access-log
 259     key error_log apache-configuration:cache-error-log
 260     key pid_file apache-configuration:cache-pid-file
 261     key apachecachedmap_path apache-configuration:cached-rewrite-file
 262
 263 [apache-cached]
 264 recipe = slapos.cookbook:wrapper
 265 command-line = ${apache-2.2:location}/bin/httpd -f $${dynamic-apache-cached-template:rendered} -DFOREGROUND
 266 wrapper-path = $${directory:service}/frontend_cached_apache
 267 wait-for-files =
 268                $${ca-frontend:cert-file}
 269                $${ca-frontend:key-file}
 270
 271 [not-found-html]
 272 recipe = slapos.cookbook:symbolic.link
 273 target-directory = $${apache-directory:document-root}
 274 link-binary =
 275             ${template-not-found-html:target}
 276
 277 [apache-directory]
 278 recipe = slapos.cookbook:mkdirectory
 279 document-root = $${directory:srv}/htdocs
 280 slave-configuration = $${directory:etc}/apache-slave-conf.d/
 281 cache = $${directory:var}/cache
 282 mod-ssl = $${:cache}/httpd_mod_ssl
 283 vh-ssl = $${:slave-configuration}/ssl
 284 slave-log = $${directory:log}/httpd
 285
 286 [apache-configuration]
 287 frontend-configuration = $${directory:etc}/apache_frontend.conf
 288 cached-configuration = $${directory:etc}/apache_frontend_cached.conf
 289 access-log = $${directory:log}/frontend-apache-access.log
 290 error-log = $${directory:log}/frontend-apache-error.log
 291 pid-file = $${directory:run}/httpd.pid
 292 protected-path = /
 293 access-control-string = none
 294 cached-rewrite-file = $${directory:etc}/apache_rewrite_cached.txt
 295
 296 # Apache for cache configuration
 297 cache-access-log = $${directory:log}/frontend-apache-access-cached.log
 298 cache-error-log = $${directory:log}/frontend-apache-error-cached.log
 299 cache-pid-file = $${directory:run}/httpd-cached.pid
 300
 301 # Comunication with squid
 302 cache-port = 26010
 303 cache-through-port = 26011
 304
 305 # Create wrapper for "apachectl conftest" in bin
 306 [configtest]
 307 recipe = slapos.cookbook:wrapper
 308 command-line = ${apache-2.2:location}/bin/httpd -f $${directory:etc}/apache_frontend.conf -t
 309 wrapper-path = $${directory:bin}/apache-configtest
 310
 311 [certificate-authority]
 312 recipe = slapos.cookbook:certificate_authority
 313 openssl-binary = ${openssl:location}/bin/openssl
 314 ca-dir = $${directory:ca-dir}
 315 requests-directory = $${cadirectory:requests}
 316 wrapper = $${directory:service}/certificate_authority
 317 ca-private = $${cadirectory:private}
 318 ca-certs = $${cadirectory:certs}
 319 ca-newcerts = $${cadirectory:newcerts}
 320 ca-crl = $${cadirectory:crl}
 321
 322 [cadirectory]
 323 recipe = slapos.cookbook:mkdirectory
 324 requests = $${directory:ca-dir}/requests/
 325 private = $${directory:ca-dir}/private/
 326 certs = $${directory:ca-dir}/certs/
 327 newcerts = $${directory:ca-dir}/newcerts/
 328 crl = $${directory:ca-dir}/crl/
 329
 330 [ca-frontend]
 331 <= certificate-authority
 332 recipe = slapos.cookbook:certificate_authority.request
 333 key-file = $${cadirectory:certs}/apache_frontend.key
 334 cert-file = $${cadirectory:certs}/apache_frontend.crt
 335 executable = $${directory:service}/frontend_apache
 336 wrapper = $${directory:service}/frontend_apache
 337 key-content = $${instance-parameter:configuration.apache-key}
 338 cert-content = $${instance-parameter:configuration.apache-certificate}
 339 # Put domain name
 340 name = $${instance-parameter:configuration.domain}
 341
 342 [cron]
 343 recipe = slapos.cookbook:cron
 344 dcrond-binary = ${dcron:location}/sbin/crond
 345 cron-entries = $${directory:cron-entries}
 346 crontabs = $${directory:crontabs}
 347 cronstamps = $${directory:cronstamps}
 348 catcher = $${cron-simplelogger:wrapper}
 349 binary = $${directory:service}/crond
 350
 351 [cron-simplelogger]
 352 recipe = slapos.cookbook:simplelogger
 353 wrapper = $${directory:bin}/cron_simplelogger
 354 log = $${directory:log}/cron.log
 355
 356 [cron-entry-logrotate]
 357 <= cron
 358 recipe = slapos.cookbook:cron.d
 359 name = logrotate
 360 frequency = 0 0 * * *
 361 command = $${logrotate:wrapper}
 362
 363 # Deploy Logrotate
 364 [logrotate]
 365 recipe = slapos.cookbook:logrotate
 366 # Binaries
 367 logrotate-binary = ${logrotate:location}/usr/sbin/logrotate
 368 gzip-binary = ${gzip:location}/bin/gzip
 369 gunzip-binary = ${gzip:location}/bin/gunzip
 370 # Directories
 371 wrapper = $${directory:bin}/logrotate
 372 conf = $${directory:etc}/logrotate.conf
 373 logrotate-entries = $${directory:logrotate-entries}
 374 backup = $${directory:logrotate-backup}
 375 state-file = $${directory:srv}/logrotate.status
 376
 377 [logrotate-entry-apache]
 378 <= logrotate
 379 recipe = slapos.cookbook:logrotate.d
 380 name = apache
 381 log = $${apache-configuration:error-log} $${apache-configuration:access-log}
 382 frequency = daily
 383 rotatep-num = 30
 384 post = ${buildout:bin-directory}/killpidfromfile $${apache-configuration:pid-file} SIGUSR1
 385 sharedscripts = true
 386 notifempty = true
 387 create = true
 388
 389 [logrotate-entry-apache-cached]
 390 <= logrotate
 391 recipe = slapos.cookbook:logrotate.d
 392 name = apache-cached
 393 log = $${apache-configuration:cache-error-log} $${apache-configuration:cache-access-log}
 394 frequency = daily
 395 rotatep-num = 30
 396 post = ${buildout:bin-directory}/killpidfromfile $${apache-configuration:cache-pid-file} SIGUSR1
 397 sharedscripts = true
 398 notifempty = true
 399 create = true
 400
 401 [logrotate-entry-squid]
 402 <= logrotate
 403 recipe = slapos.cookbook:logrotate.d
 404 name = squid
 405 log = $${squid-cache:cache-log-path} $${squid-cache:access-log-path}
 406 frequency = daily
 407 rotatep-num = 30
 408 post = ${buildout:bin-directory}/killpidfromfile $${apache-configuration:pid-file} SIGHUP
 409 sharedscripts = true
 410 notifempty = true
 411 create = true
 412
 413 ######################
 414 #  Squid deployment
 415 ######################
 416 [squid-directory]
 417 recipe = slapos.cookbook:mkdirectory
 418 squid-cache = $${directory:srv}/squid_cache
 419
 420 [squid-cache]
 421 prepare-path = $${directory:etc-run}/squid-prepare
 422 wrapper-path = $${directory:service}/squid
 423 binary-path = ${squid:location}/sbin/squid
 424 configuration-path = $${directory:etc}/squid.cfg
 425 cache-path = $${squid-directory:squid-cache}
 426 ip = $${instance-parameter:ipv4-random}
 427 port = $${apache-configuration:cache-port}
 428 backend-ip = $${instance-parameter:ipv4-random}
 429 backend-port = $${apache-configuration:cache-through-port}
 430 open-port = $${instance-parameter:configuration.open-port}
 431 access-log-path = $${directory:log}/squid-access.log
 432 cache-log-path = $${directory:log}/squid-cache.log
 433 pid-filename-path = $${directory:run}/squid.pid
 434
 435 [squid-configuration]
 436 < = jinja2-template-base
 437 template = ${template-squid-configuration:target}
 438 rendered = $${squid-cache:configuration-path}
 439 extra-context =
 440       key ip squid-cache:ip
 441       key port squid-cache:port
 442       key backend_ip squid-cache:backend-ip
 443       key backend_port squid-cache:backend-port
 444       key cache_path squid-cache:cache-path
 445       key access_log_path squid-cache:access-log-path
 446       key cache_log_path squid-cache:cache-log-path
 447       key pid_filename_path squid-cache:pid-filename-path
 448       key open_port squid-cache:open-port
 449
 450 [squid-service]
 451 recipe = slapos.cookbook:wrapper
 452 command-line = $${squid-cache:binary-path} -N -f $${squid-configuration:rendered}
 453 wrapper-path = $${squid-cache:wrapper-path}
 454
 455 [squid-prepare]
 456 recipe = slapos.cookbook:wrapper
 457 command-line = $${squid-cache:binary-path} -z -f $${squid-configuration:rendered}
 458 wrapper-path = $${squid-cache:prepare-path}
 459
 460 [squid-reload]
 461 recipe = slapos.cookbook:wrapper
 462 command-line = ${buildout:bin-directory}/killpidfromfile $${squid-cache:pid-filename-path} SIGHUP
 463 wrapper-path = $${directory:etc-run}/squid-reload
 464
 465 [promise-squid]
 466 recipe = slapos.cookbook:check_port_listening
 467 path = $${directory:promise}/squid
 468 hostname = $${instance-parameter:ipv4-random}
 469 port = $${apache-configuration:cache-port}
 470
 471 # End of Squid part
 472
 473 [frontend-apache-graceful]
 474 recipe = slapos.cookbook:wrapper
 475 command-line = ${buildout:bin-directory}/killpidfromfile $${apache-configuration:pid-file} SIGUSR1
 476 wrapper-path = $${directory:etc-run}/frontend-apache-graceful
 477
 478 [cached-apache-graceful]
 479 recipe = slapos.cookbook:wrapper
 480 command-line = ${buildout:bin-directory}/killpidfromfile $${apache-configuration:cache-pid-file} SIGUSR1
 481 wrapper-path = $${directory:etc-run}/cached-apache-graceful
 482
 483 [promise-apache-frontend-v4-https]
 484 recipe = slapos.cookbook:check_port_listening
 485 path = $${directory:promise}/apache_frontend_ipv4_https
 486 hostname = $${instance-parameter:ipv4-random}
 487 port = $${instance-parameter:configuration.port}
 488
 489 [promise-apache-frontend-v4-http]
 490 recipe = slapos.cookbook:check_port_listening
 491 path = $${directory:promise}/apache_frontend_ipv4_http
 492 hostname = $${instance-parameter:ipv4-random}
 493 port = $${instance-parameter:configuration.plain_http_port}
 494
 495 [promise-apache-frontend-v6-https]
 496 recipe = slapos.cookbook:check_port_listening
 497 path = $${directory:promise}/apache_frontend_ipv6_https
 498 hostname = $${instance-parameter:ipv6-random}
 499 port = $${instance-parameter:configuration.port}
 500
 501 [promise-apache-frontend-v6-http]
 502 recipe = slapos.cookbook:check_port_listening
 503 path = $${directory:promise}/apache_frontend_ipv6_http
 504 hostname = $${instance-parameter:ipv6-random}
 505 port = $${instance-parameter:configuration.plain_http_port}
 506
 507 [promise-apache-cached]
 508 recipe = slapos.cookbook:check_port_listening
 509 path = $${directory:promise}/apache_cached
 510 hostname = $${instance-parameter:ipv4-random}
 511 port = $${apache-configuration:cache-through-port}
 512
 513 [slap_connection]
 514 # Kept for backward compatiblity
 515 computer_id = $${slap-connection:computer-id}
 516 partition_id = $${slap-connection:partition-id}
 517 server_url = $${slap-connection:server-url}
 518 software_release_url = $${slap-connection:software-release-url}
 519 key_file = $${slap-connection:key-file}
 520 cert_file = $${slap-connection:cert-file}