projects / slapos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
monitor: change public directory name to avoid conflicts -> monitor-public
[slapos.git] / stack / monitor / monitor.cfg.in
1 [slap-parameters]
2 recipe = slapos.cookbook:slapconfiguration
3 computer = $${slap-connection:computer-id}
4 partition = $${slap-connection:partition-id}
5 url = $${slap-connection:server-url}
6 key = $${slap-connection:key-file}
7 cert = $${slap-connection:cert-file}
8
9 [monitor-parameters]
10 json-filename = monitor.json
11 json-path = $${monitor-directory:monitor-result}/$${:json-filename}
12 rss-filename = rssfeed.html
13 rss-path = $${monitor-directory:public-cgi}/$${:rss-filename}
14 executable = $${monitor-directory:bin}/monitor.py
15 port = 9685
16 htaccess-file = $${monitor-directory:etc}/.htaccess-monitor
17 url = https://[$${slap-parameters:ipv6-random}]:$${:port}
18 index-filename = index.cgi
19 index-path = $${monitor-directory:www}/$${:index-filename}
20 db-path = $${monitor-directory:etc}/monitor.db
21 monitor-password-path = $${monitor-directory:etc}/.monitor.shadow
22
23 [monitor-directory]
24 recipe = slapos.cookbook:mkdirectory
25 # Standard directory needed by monitoring stack
26 home = $${buildout:directory}
27 etc = $${:home}/etc
28 bin = $${:home}/bin
29 srv = $${:home}/srv
30 var = $${:home}/var
31 log = $${:var}/log
32 run = $${:var}/run
33 service = $${:etc}/service/
34 etc-run = $${:etc}/run/
35 tmp = $${:home}/tmp
36 promise = $${:etc}/promise
37
38 cron-entries = $${:etc}/cron.d
39 crontabs = $${:etc}/crontabs
40 cronstamps = $${:etc}/cronstamps
41
42 ca-dir = $${:srv}/ssl
43 www = $${:var}/www
44
45 cgi-bin = $${:var}/cgi-bin
46 monitoring-cgi = $${:cgi-bin}/monitoring
47 knowledge0-cgi = $${:cgi-bin}/zero-knowledge
48 public-cgi = $${:cgi-bin}/monitor-public
49
50 monitor-custom-scripts = $${:etc}/monitor
51 monitor-result = $${:var}/monitor
52
53 private-directory = $${:srv}/monitor-private
54
55 [public-symlink]
56 recipe = cns.recipe.symlink
57 symlink = $${monitor-directory:public-cgi} = $${monitor-directory:www}/monitor-public
58 autocreate = true
59
60 [cron]
61 recipe = slapos.cookbook:cron
62 dcrond-binary = ${dcron:location}/sbin/crond
63 cron-entries = $${monitor-directory:cron-entries}
64 crontabs = $${monitor-directory:crontabs}
65 cronstamps = $${monitor-directory:cronstamps}
66 catcher = $${cron-simplelogger:wrapper}
67 binary = $${monitor-directory:service}/crond
68
69 # Add log to cron
70 [cron-simplelogger]
71 recipe = slapos.cookbook:simplelogger
72 wrapper = $${monitor-directory:bin}/cron_simplelogger
73 log = $${monitor-directory:log}/cron.log
74
75 [cron-entry-monitor]
76 <= cron
77 recipe = slapos.cookbook:cron.d
78 name = launch-monitor
79 frequency = */5 * * * *
80 command = $${deploy-monitor-script:rendered} -a
81
82 [cron-entry-rss]
83 <= cron
84 recipe = slapos.cookbook:cron.d
85 name = build-rss
86 frequency = */5 * * * *
87 command = $${make-rss:rendered}
88
89 [setup-static-files]
90 recipe = plone.recipe.command
91 command = ln -s ${download-monitor-jquery:destination} $${monitor-directory:www}/static
92 update-command = $${:command}
93
94 [deploy-index]
95 recipe = slapos.recipe.template:jinja2
96 template = ${index:location}/${index:filename}
97 rendered = $${monitor-parameters:index-path}
98 update-apache-access = ${apache:location}/bin/htpasswd -cb $${monitor-parameters:htaccess-file} admin
99 mode = 0744
100 context =
101   key cgi_directory monitor-directory:cgi-bin
102   raw index_template $${deploy-index-template:location}/$${deploy-index-template:filename}
103   key monitor_password_path monitor-parameters:monitor-password-path
104   key monitor_password_script_path deploy-monitor-password-cgi:rendered
105   key apache_update_command :update-apache-access
106   raw extra_eggs_interpreter ${buildout:directory}/bin/${extra-eggs:interpreter}
107   raw default_page /static/welcome.html
108
109 [deploy-index-template]
110 recipe = hexagonit.recipe.download
111 url = ${index-template:location}/$${:filename}
112 destination = $${monitor-directory:www}
113 filename = ${index-template:filename}
114 download-only = true
115 mode = 0644
116
117 [deploy-status-cgi]
118 recipe = slapos.recipe.template:jinja2
119 template = ${status-cgi:location}/${status-cgi:filename}
120 rendered = $${monitor-directory:monitoring-cgi}/$${:filename}
121 filename = status.cgi
122 mode = 0744
123 context =
124   key json_file monitor-parameters:json-path
125   key monitor_bin monitor-parameters:executable
126   key pwd monitor-directory:monitoring-cgi
127   key this_file :filename
128   raw python_executable ${buildout:executable}
129
130 [deploy-status-history-cgi]
131 recipe = slapos.recipe.template:jinja2
132 template = ${status-history-cgi:location}/${status-history-cgi:filename}
133 rendered = $${monitor-directory:monitoring-cgi}/$${:filename}
134 filename = status-history.cgi
135 mode = 0744
136 context =
137   key monitor_db_path monitor-parameters:db-path
138   key status_history_length zero-parameters:status-history-length
139   raw python_executable ${buildout:executable}
140
141 [deploy-settings-cgi]
142 recipe = slapos.recipe.template:jinja2
143 template = ${settings-cgi:location}/${settings-cgi:filename}
144 rendered = $${monitor-directory:knowledge0-cgi}/$${:filename}
145 filename = settings.cgi
146 mode = 0744
147 context =
148   raw config_cfg $${buildout:directory}/knowledge0.cfg
149   raw timestamp $${buildout:directory}/.timestamp
150   raw python_executable ${buildout:executable}
151   key pwd monitor-directory:knowledge0-cgi
152   key this_file :filename
153
154 [deploy-monitor-password-cgi]
155 recipe = slapos.recipe.template:jinja2
156 template = ${monitor-password-cgi:location}/${monitor-password-cgi:filename}
157 rendered = $${monitor-directory:knowledge0-cgi}/$${:filename}
158 filename = monitor-password.cgi
159 mode = 0744
160 context =
161   raw python_executable ${buildout:executable}
162   key pwd monitor-directory:knowledge0-cgi
163   key this_file :filename
164
165 [deploy-monitor-script]
166 recipe = slapos.recipe.template:jinja2
167 template = ${monitor-bin:location}/${monitor-bin:filename}
168 rendered = $${monitor-parameters:executable}
169 mode = 0744
170 context =
171   section directory monitor-directory
172   section monitor_parameter monitor-parameters
173   key monitoring_file_json monitor-parameters:json-path
174   raw python_executable ${buildout:executable}
175
176 [make-rss]
177 recipe = slapos.recipe.template:jinja2
178 template = ${make-rss-script:output}
179 rendered = $${monitor-directory:bin}/make-rss.sh
180 mode = 0744
181 context =
182   section directory monitor-directory
183   section monitor_parameters monitor-parameters
184
185 [monitor-directory-access]
186 recipe = plone.recipe.command
187 command = ln -s $${:source} $${monitor-directory:private-directory}
188 source =
189
190 [monitor-instance-log-access]
191 recipe = plone.recipe.command
192 command = if [ -d $${:source} ]; then ln -s $${:source} $${monitor-directory:private-directory}/instance-logs; fi
193 update-command = if [ -d $${:source} ]; then ln -s $${:source} $${monitor-directory:private-directory}/instance-logs; fi
194 source = $${monitor-directory:home}/.slapgrid/log/
195
196 [cadirectory]
197 recipe = slapos.cookbook:mkdirectory
198 requests = $${monitor-directory:ca-dir}/requests/
199 private = $${monitor-directory:ca-dir}/private/
200 certs = $${monitor-directory:ca-dir}/certs/
201 newcerts = $${monitor-directory:ca-dir}/newcerts/
202 crl = $${monitor-directory:ca-dir}/crl/
203
204 [certificate-authority]
205 recipe = slapos.cookbook:certificate_authority
206 openssl-binary = ${openssl:location}/bin/openssl
207 ca-dir = $${monitor-directory:ca-dir}
208 requests-directory = $${cadirectory:requests}
209 wrapper = $${monitor-directory:service}/certificate_authority
210 ca-private = $${cadirectory:private}
211 ca-certs = $${cadirectory:certs}
212 ca-newcerts = $${cadirectory:newcerts}
213 ca-crl = $${cadirectory:crl}
214
215 [ca-httpd]
216 <= certificate-authority
217 recipe = slapos.cookbook:certificate_authority.request
218 key-file = $${cadirectory:certs}/httpd.key
219 cert-file = $${cadirectory:certs}/httpd.crt
220 executable = $${monitor-directory:bin}/cgi-httpd
221 wrapper = $${monitor-directory:service}/cgi-httpd
222 # Put domain name
223 name = example.com
224
225 ###########
226 # Deploy a webserver running cgi scripts for monitoring
227 ###########
228 [public]
229 recipe = slapos.cookbook:zero-knowledge.write
230 filename = knowledge0.cfg
231 status-history-length = 5
232
233 [zero-parameters]
234 recipe = slapos.cookbook:zero-knowledge.read
235 filename = $${public:filename}
236
237 # XXX could it be something lighter?
238 [cgi-httpd-configuration-file]
239 recipe = collective.recipe.template
240 input = inline:
241   PidFile "$${:pid-file}"
242   ServerName example.com
243   ServerAdmin someone@email
244   <IfDefine !MonitorPort>
245   Listen [$${:listening-ip}]:$${monitor-parameters:port}
246   Define MonitorPort
247   </IfDefine>
248   DocumentRoot "$${:document-root}"
249   ErrorLog "$${:error-log}"
250   LoadModule unixd_module modules/mod_unixd.so
251   LoadModule access_compat_module modules/mod_access_compat.so
252   LoadModule authz_core_module modules/mod_authz_core.so
253   LoadModule authn_core_module modules/mod_authn_core.so
254   LoadModule authz_host_module modules/mod_authz_host.so
255   LoadModule mime_module modules/mod_mime.so
256   LoadModule cgid_module modules/mod_cgid.so
257   LoadModule dir_module modules/mod_dir.so
258   LoadModule ssl_module modules/mod_ssl.so
259   LoadModule alias_module modules/mod_alias.so
260   LoadModule autoindex_module modules/mod_autoindex.so
261   LoadModule auth_basic_module modules/mod_auth_basic.so
262   LoadModule authz_user_module modules/mod_authz_user.so
263   LoadModule authn_file_module modules/mod_authn_file.so
264
265   # SSL Configuration
266   <IfDefine !SSLConfigured>
267   Define SSLConfigured
268   SSLCertificateFile $${ca-httpd:cert-file}
269   SSLCertificateKeyFile $${ca-httpd:key-file}
270   SSLRandomSeed startup builtin
271   SSLRandomSeed connect builtin
272   SSLRandomSeed startup /dev/urandom 256
273   SSLRandomSeed connect builtin
274   SSLProtocol -ALL +SSLv3 +TLSv1
275   SSLHonorCipherOrder On
276   SSLCipherSuite RC4-SHA:HIGH:!ADH
277   </IfDefine>
278   SSLEngine   On
279   ScriptSock $${:cgid-pid-file}
280   <Directory $${:document-root}>
281     SSLVerifyDepth    1
282     SSLRequireSSL
283     SSLOptions        +StrictRequire
284     # XXX: security????
285     Options +ExecCGI
286     AddHandler cgi-script .cgi
287     DirectoryIndex $${monitor-parameters:index-filename}
288   </Directory>
289   Alias /private/ $${monitor-directory:private-directory}/
290   <Directory $${monitor-directory:private-directory}>
291   Order Deny,Allow
292   Deny from env=AUTHREQUIRED
293   <Files ".??*">
294     Order Allow,Deny
295     Deny from all
296   </Files>
297   AuthType Basic
298   AuthName "Private access"
299   AuthUserFile "$${monitor-parameters:htaccess-file}"
300   Require valid-user
301   Options Indexes FollowSymLinks
302   Satisfy all
303   </Directory>
304 output = $${monitor-directory:etc}/cgi-httpd.conf
305 listening-ip = $${slap-parameters:ipv6-random}
306 # XXX: randomize-me
307 htdocs = $${monitor-directory:www}
308 pid-file = $${monitor-directory:run}/cgi-httpd.pid
309 cgid-pid-file = $${monitor-directory:run}/cgi-httpd-cgid.pid
310 document-root = $${monitor-directory:www}
311 error-log = $${monitor-directory:log}/cgi-httpd-error-log
312
313 [cgi-httpd-wrapper]
314 recipe = slapos.cookbook:wrapper
315 apache-executable = ${apache:location}/bin/httpd
316 command-line = $${:apache-executable} -f $${cgi-httpd-configuration-file:output} -DFOREGROUND
317 wrapper-path = $${ca-httpd:executable}
318
319 [cgi-httpd-graceful-wrapper]
320 recipe = slapos.cookbook:wrapper
321 command-line = kill -USR1 $(cat $${cgi-httpd-configuration-file:pid-file})
322 wrapper-path = $${monitor-directory:etc-run}/cgi-httpd-graceful
323
324 [monitor-promise]
325 recipe = slapos.cookbook:check_url_available
326 path = $${monitor-directory:promise}/monitor
327 url = $${monitor-parameters:url}/$${monitor-parameters:index-filename}
328 check-secure = 1
329 dash_path = ${dash:location}/bin/dash
330 curl_path = ${curl:location}/bin/curl
331
332 [publish-connection-informations]
333 recipe = slapos.cookbook:publish
334 monitor_url = $${monitor-parameters:url}
(lab) SlapOS recipes