apache-runner: add log access and publish monitoring url
[slapos.git] / software / apache-frontend / instance-apache-frontend.cfg
1 [buildout]
2 parts =
3   directory
4   configtest
5   logrotate
6   cron
7   cron-entry-logrotate
8   ca-frontend
9   certificate-authority
10   logrotate-entry-apache
11   logrotate-entry-apache-cached
12   logrotate-entry-squid
13   apache-frontend
14   apache-cached
15   switch-apache-softwaretype
16   frontend-apache-graceful
17   cached-apache-graceful
18   squid-service
19   squid-prepare
20   squid-reload
21   promise-squid
22   dynamic-template-default-vh
23   not-found-html
24   promise-frontend-apache-configuration
25   promise-cached-apache-configuration
26   promise-apache-frontend-v4-https
27   promise-apache-frontend-v4-http
28   promise-apache-frontend-v6-https
29   promise-apache-frontend-v6-http
30   promise-apache-cached
31 ## Monitoring part
32 ###Parts to add for monitoring
33   slap-parameters
34   certificate-authority
35   cron-entry-monitor
36   cron-entry-rss
37   deploy-index
38   deploy-index-template
39   deploy-monitor-script
40   deploy-rss-script
41   deploy-settings-cgi
42   deploy-status-cgi
43   make-rss
44   monitor-promise
45   setup-static-files
46   certificate-authority
47   public
48   zero-parameters
49   public-symlink
50   cgi-httpd-wrapper
51 ## Monitor for apache
52   monitor-current-log-access
53   monitor-backup-log-access
54 extends = ${monitor-template:output}
55
56
57 eggs-directory = ${buildout:eggs-directory}
58 develop-eggs-directory = ${buildout:develop-eggs-directory}
59 offline = true
60
61 # Create all needed directories
62 [directory]
63 recipe = slapos.cookbook:mkdirectory
64
65 bin = $${buildout:directory}/bin/
66 etc = $${buildout:directory}/etc/
67 srv = $${buildout:directory}/srv/
68 var = $${buildout:directory}/var/
69 template = $${buildout:directory}/template/
70
71 backup = $${:srv}/backup
72 log = $${:var}/log
73 run = $${:var}/run
74 service = $${:etc}/service
75 etc-run = $${:etc}/run
76 promise = $${:etc}/promise
77
78 logrotate-backup = $${:backup}/logrotate
79 logrotate-entries = $${:etc}/logrotate.d
80
81 cron-entries = $${:etc}/cron.d
82 crontabs = $${:etc}/crontabs
83 cronstamps = $${:etc}/cronstamps
84 ca-dir = $${:srv}/ssl
85
86 [switch-apache-softwaretype]
87 recipe = slapos.cookbook:softwaretype
88 single-default = $${dynamic-default-template-slave-list:rendered}
89 single-custom-personal = $${dynamic-custom-personal-template-slave-list:rendered}
90 single-custom-group = $${dynamic-custom-group-template-slave-list:rendered}
91
92 [instance-parameter]
93 # Fetches parameters defined in SlapOS Master for this instance.
94 # Always the same.
95 recipe = slapos.cookbook:slapconfiguration.serialised
96 computer = $${slap-connection:computer-id}
97 partition = $${slap-connection:partition-id}
98 url = $${slap-connection:server-url}
99 key = $${slap-connection:key-file}
100 cert = $${slap-connection:cert-file}
101 # Define default parameter(s) that will be used later, in case user didn't
102 # specify it
103 # All parameters are available through the configuration.XX syntax.
104 # All possible parameters should have a default.
105 configuration.domain = example.org
106 configuration.public-ipv4 =
107 configuration.port = 4443
108 configuration.plain_http_port = 8080
109 configuration.server-admin = admin@example.com
110 configuration.apache_custom_https = ""
111 configuration.apache_custom_http = ""
112 configuration.apache-key =
113 configuration.apache-certificate =
114 configuration.open-port = 80 443
115 configuration.extra_slave_instance_list =
116
117 [frontend-configuration]
118 template-log-access = ${template-log-access:target}
119 log-access-configuration = $${directory:etc}/apache-log-access.conf
120 apache-directory = ${apache-2.2:location}
121 apache-ipv6 = $${instance-parameter:ipv6-random}
122 apache-https-port = $${instance-parameter:configuration.port}
123
124 [monitor-current-log-access]
125 < = monitor-directory-access
126 source = $${directory:log}
127
128 [monitor-backup-log-access]
129 < = monitor-directory-access
130 source = $${directory:logrotate-backup}
131
132 [jinja2-template-base]
133 recipe = slapos.recipe.template:jinja2
134 rendered = $${buildout:directory}/$${:filename}
135 extra-context =
136 context =
137     import json_module json
138     key eggs_directory buildout:eggs-directory
139     key develop_eggs_directory buildout:develop-eggs-directory
140     key slap_software_type instance-parameter:slap-software-type
141     key slapparameter_dict instance-parameter:configuration
142     $${:extra-context}
143
144 [dynamic-template-default-vh]
145 < = jinja2-template-base
146 template = ${template-default-virtualhost:target}
147 rendered = $${apache-directory:slave-configuration}/000.conf
148 extensions = jinja2.ext.do
149 extra-context =
150     key http_port instance-parameter:configuration.plain_http_port
151     key https_port instance-parameter:configuration.port
152
153 [dynamic-custom-personal-template-slave-list]
154 < = jinja2-template-base
155 template = ${template-slave-list:target}
156 filename = custom-personal-instance-slave-list.cfg
157 extensions = jinja2.ext.do
158 extra-context =
159     key apache_configuration_directory apache-directory:slave-configuration
160     key http_port instance-parameter:configuration.plain_http_port
161     key https_port instance-parameter:configuration.port
162     key public_ipv4 instance-parameter:configuration.public-ipv4
163     key slave_instance_list instance-parameter:slave-instance-list
164     key extra_slave_instance_list instance-parameter:configuration.extra_slave_instance_list
165     key rewrite_cached_configuration apache-configuration:cached-rewrite-file
166     key custom_ssl_directory apache-directory:vh-ssl
167     key apache_log_directory apache-directory:slave-log
168     key local_ipv4 instance-parameter:ipv4-random
169     key cache_port apache-configuration:cache-port
170     raw empty_template ${template-empty:target}
171     raw template_slave_configuration ${template-slave-configuration:target}
172     raw template_rewrite_cached ${template-rewrite-cached:target}
173     raw software_type single-custom-personal
174     section logrotate_dict logrotate
175     section frontend_configuration frontend-configuration
176     section apache_configuration apache-configuration
177     section connection_information_dict publish-connection-informations
178
179 [dynamic-custom-group-template-slave-list]
180 < = jinja2-template-base
181 template = ${template-custom-slave-list:target}
182 filename = custom-group-instance-slave-list.cfg
183 extensions = jinja2.ext.do
184 extra-context =
185     key apache_configuration_directory apache-directory:slave-configuration
186     key domain instance-parameter:configuration.domain
187     key http_port instance-parameter:configuration.plain_http_port
188     key https_port instance-parameter:configuration.port
189     key public_ipv4 instance-parameter:configuration.public-ipv4
190     key slave_instance_list instance-parameter:slave-instance-list
191     key extra_slave_instance_list instance-parameter:configuration.extra_slave_instance_list
192     key rewrite_cached_configuration apache-configuration:cached-rewrite-file
193     key custom_ssl_directory apache-directory:vh-ssl
194     key template_slave_configuration dynamic-virtualhost-template-slave:rendered
195     key apache_log_directory apache-directory:slave-log
196     key local_ipv4 instance-parameter:ipv4-random
197     key cache_port apache-configuration:cache-port
198     raw empty_template ${template-empty:target}
199     raw template_rewrite_cached ${template-rewrite-cached:target}
200     raw software_type single-custom-group
201
202 [dynamic-default-template-slave-list]
203 < = jinja2-template-base
204 template = ${template-custom-slave-list:target}
205 filename = default-instance-slave-list.cfg
206 extensions = jinja2.ext.do
207 extra-context =
208     key apache_configuration_directory apache-directory:slave-configuration
209     key domain instance-parameter:configuration.domain
210     key http_port instance-parameter:configuration.plain_http_port
211     key https_port instance-parameter:configuration.port
212     key public_ipv4 instance-parameter:configuration.public-ipv4
213     key slave_instance_list instance-parameter:slave-instance-list
214     key extra_slave_instance_list instance-parameter:configuration.extra_slave_instance_list
215     key rewrite_cached_configuration apache-configuration:cached-rewrite-file
216     key custom_ssl_directory apache-directory:vh-ssl
217     key apache_log_directory apache-directory:slave-log
218     key local_ipv4 instance-parameter:ipv4-random
219     key cache_port apache-configuration:cache-port
220     raw template_slave_configuration ${template-default-slave-virtualhost:target}
221     raw empty_template ${template-empty:target}
222     raw template_rewrite_cached ${template-rewrite-cached:target}
223     raw software_type single-default
224 # XXXX Hack to allow two software types
225
226 [dynamic-virtualhost-template-slave]
227 <= jinja2-template-base
228 template = ${template-slave-configuration:target}
229 rendered = $${directory:template}/slave-virtualhost.conf.in
230 extensions = jinja2.ext.do
231 extra-context =
232     key https_port instance-parameter:configuration.port
233     key http_port instance-parameter:configuration.plain_http_port
234     key apache_custom_https instance-parameter:configuration.apache_custom_https
235     key apache_custom_http instance-parameter:configuration.apache_custom_http
236
237 # Deploy Apache Frontend (new way, no recipe, jinja power)
238 [dynamic-apache-frontend-template]
239 < = jinja2-template-base
240 template = ${template-apache-frontend-configuration:target}
241 rendered = $${apache-configuration:frontend-configuration}
242 extra-context =
243     raw httpd_home ${apache-2.2:location}
244     key httpd_mod_ssl_cache_directory apache-directory:mod-ssl
245     key domain instance-parameter:configuration.domain
246     key document_root apache-directory:document-root
247     key instance_home buildout:directory
248     key ipv4_addr instance-parameter:ipv4-random
249     key ipv6_addr instance-parameter:ipv6-random
250     key http_port instance-parameter:configuration.plain_http_port
251     key https_port instance-parameter:configuration.port
252     key server_admin instance-parameter:configuration.server-admin
253     key protected_path apache-configuration:protected-path
254     key access_control_string apache-configuration:access-control-string
255     key login_certificate ca-frontend:cert-file
256     key login_key ca-frontend:key-file
257     key ca_dir  certificate-authority:ca-dir
258     key ca_crl certificate-authority:ca-crl
259     key access_log apache-configuration:access-log
260     key error_log apache-configuration:error-log
261     key pid_file apache-configuration:pid-file
262     key slave_configuration_directory apache-directory:slave-configuration
263     section frontend_configuration frontend-configuration
264
265 [apache-frontend]
266 recipe = slapos.cookbook:wrapper
267 command-line = ${apache-2.2:location}/bin/httpd -f $${dynamic-apache-frontend-template:rendered} -DFOREGROUND
268 wrapper-path = $${directory:service}/frontend_apache
269 wait-for-files =
270                $${ca-frontend:cert-file}
271                $${ca-frontend:key-file}
272
273 # Deploy Apache for cached website
274 [dynamic-apache-cached-template]
275 < = jinja2-template-base
276 template = ${template-apache-cached-configuration:target}
277 rendered = $${apache-configuration:cached-configuration}
278 extra-context =
279     raw httpd_home ${apache-2.2:location}
280     key httpd_mod_ssl_cache_directory apache-directory:mod-ssl
281     key domain instance-parameter:configuration.domain
282     key document_root apache-directory:document-root
283     key instance_home buildout:directory
284     key ipv4_addr instance-parameter:ipv4-random
285     key cached_port apache-configuration:cache-through-port
286     key server_admin instance-parameter:configuration.server-admin
287     key protected_path apache-configuration:protected-path
288     key access_control_string apache-configuration:access-control-string
289     key login_certificate ca-frontend:cert-file
290     key login_key ca-frontend:key-file
291     key ca_dir  certificate-authority:ca-dir
292     key ca_crl certificate-authority:ca-crl
293     key access_log apache-configuration:cache-access-log
294     key error_log apache-configuration:cache-error-log
295     key pid_file apache-configuration:cache-pid-file
296     key apachecachedmap_path apache-configuration:cached-rewrite-file
297
298 [apache-cached]
299 recipe = slapos.cookbook:wrapper
300 command-line = ${apache-2.2:location}/bin/httpd -f $${dynamic-apache-cached-template:rendered} -DFOREGROUND
301 wrapper-path = $${directory:service}/frontend_cached_apache
302 wait-for-files =
303                $${ca-frontend:cert-file}
304                $${ca-frontend:key-file}
305
306 [not-found-html]
307 recipe = slapos.cookbook:symbolic.link
308 target-directory = $${apache-directory:document-root}
309 link-binary =
310             ${template-not-found-html:target}
311
312 [apache-directory]
313 recipe = slapos.cookbook:mkdirectory
314 document-root = $${directory:srv}/htdocs
315 slave-configuration = $${directory:etc}/apache-slave-conf.d/
316 cache = $${directory:var}/cache
317 mod-ssl = $${:cache}/httpd_mod_ssl
318 vh-ssl = $${:slave-configuration}/ssl
319 slave-log = $${directory:log}/httpd
320
321 [apache-configuration]
322 frontend-configuration = $${directory:etc}/apache_frontend.conf
323 cached-configuration = $${directory:etc}/apache_frontend_cached.conf
324 access-log = $${directory:log}/frontend-apache-access.log
325 error-log = $${directory:log}/frontend-apache-error.log
326 pid-file = $${directory:run}/httpd.pid
327 protected-path = /
328 access-control-string = none
329 cached-rewrite-file = $${directory:etc}/apache_rewrite_cached.txt
330 frontend-configuration-verification = ${apache-2.2:location}/bin/httpd -Sf $${:frontend-configuration}
331 frontend-graceful-command = $${:frontend-configuration-verification}; if [ $? -eq 0 ]; then kill -USR1 $(cat $${:pid-file}); fi
332 cached-configuration-verification = ${apache-2.2:location}/bin/httpd -Sf $${:cached-configuration}
333 cached-graceful-command = $${:cached-configuration-verification}; if [ $? -eq 0 ]; then kill -USR1 $(cat $${apache-configuration:cache-pid-file}); fi
334
335 # Apache for cache configuration
336 cache-access-log = $${directory:log}/frontend-apache-access-cached.log
337 cache-error-log = $${directory:log}/frontend-apache-error-cached.log
338 cache-pid-file = $${directory:run}/httpd-cached.pid
339
340 # Comunication with squid
341 cache-port = 26010
342 cache-through-port = 26011
343
344 # Create wrapper for "apachectl conftest" in bin
345 [configtest]
346 recipe = slapos.cookbook:wrapper
347 command-line = ${apache-2.2:location}/bin/httpd -f $${directory:etc}/apache_frontend.conf -t
348 wrapper-path = $${directory:bin}/apache-configtest
349
350 [certificate-authority]
351 recipe = slapos.cookbook:certificate_authority
352 openssl-binary = ${openssl:location}/bin/openssl
353 ca-dir = $${directory:ca-dir}
354 requests-directory = $${cadirectory:requests}
355 wrapper = $${directory:service}/certificate_authority
356 ca-private = $${cadirectory:private}
357 ca-certs = $${cadirectory:certs}
358 ca-newcerts = $${cadirectory:newcerts}
359 ca-crl = $${cadirectory:crl}
360
361 [cadirectory]
362 recipe = slapos.cookbook:mkdirectory
363 requests = $${directory:ca-dir}/requests/
364 private = $${directory:ca-dir}/private/
365 certs = $${directory:ca-dir}/certs/
366 newcerts = $${directory:ca-dir}/newcerts/
367 crl = $${directory:ca-dir}/crl/
368
369 [ca-frontend]
370 <= certificate-authority
371 recipe = slapos.cookbook:certificate_authority.request
372 key-file = $${cadirectory:certs}/apache_frontend.key
373 cert-file = $${cadirectory:certs}/apache_frontend.crt
374 executable = $${directory:service}/frontend_apache
375 wrapper = $${directory:service}/frontend_apache
376 key-content = $${instance-parameter:configuration.apache-key}
377 cert-content = $${instance-parameter:configuration.apache-certificate}
378 # Put domain name
379 name = $${instance-parameter:configuration.domain}
380
381 [cron]
382 recipe = slapos.cookbook:cron
383 dcrond-binary = ${dcron:location}/sbin/crond
384 cron-entries = $${directory:cron-entries}
385 crontabs = $${directory:crontabs}
386 cronstamps = $${directory:cronstamps}
387 catcher = $${cron-simplelogger:wrapper}
388 binary = $${directory:service}/crond
389
390 [cron-simplelogger]
391 recipe = slapos.cookbook:simplelogger
392 wrapper = $${directory:bin}/cron_simplelogger
393 log = $${directory:log}/cron.log
394
395 [cron-entry-logrotate]
396 <= cron
397 recipe = slapos.cookbook:cron.d
398 name = logrotate
399 frequency = 0 0 * * *
400 command = $${logrotate:wrapper}
401
402 # Deploy Logrotate
403 [logrotate]
404 recipe = slapos.cookbook:logrotate
405 # Binaries
406 logrotate-binary = ${logrotate:location}/usr/sbin/logrotate
407 gzip-binary = ${gzip:location}/bin/gzip
408 gunzip-binary = ${gzip:location}/bin/gunzip
409 # Directories
410 wrapper = $${directory:bin}/logrotate
411 conf = $${directory:etc}/logrotate.conf
412 logrotate-entries = $${directory:logrotate-entries}
413 backup = $${directory:logrotate-backup}
414 state-file = $${directory:srv}/logrotate.status
415
416 [logrotate-entry-apache]
417 <= logrotate
418 recipe = slapos.cookbook:logrotate.d
419 name = apache
420 log = $${apache-configuration:error-log} $${apache-configuration:access-log}
421 frequency = daily
422 rotatep-num = 30
423 post = $${apache-configuration:frontend-graceful-command}
424 sharedscripts = true
425 notifempty = true
426 create = true
427
428 [logrotate-entry-apache-cached]
429 <= logrotate
430 recipe = slapos.cookbook:logrotate.d
431 name = apache-cached
432 log = $${apache-configuration:cache-error-log} $${apache-configuration:cache-access-log}
433 frequency = daily
434 rotatep-num = 30
435 post = $${apache-configuration:cached-graceful-command}
436 sharedscripts = true
437 notifempty = true
438 create = true
439
440 [logrotate-entry-squid]
441 <= logrotate
442 recipe = slapos.cookbook:logrotate.d
443 name = squid
444 log = $${squid-cache:cache-log-path} $${squid-cache:access-log-path}
445 frequency = daily
446 rotatep-num = 30
447 post = ${buildout:bin-directory}/killpidfromfile $${apache-configuration:pid-file} SIGHUP
448 sharedscripts = true
449 notifempty = true
450 create = true
451
452 ######################
453 #  Squid deployment
454 ######################
455 [squid-directory]
456 recipe = slapos.cookbook:mkdirectory
457 squid-cache = $${directory:srv}/squid_cache
458
459 [squid-cache]
460 prepare-path = $${directory:etc-run}/squid-prepare
461 wrapper-path = $${directory:service}/squid
462 binary-path = ${squid:location}/sbin/squid
463 configuration-path = $${directory:etc}/squid.cfg
464 cache-path = $${squid-directory:squid-cache}
465 ip = $${instance-parameter:ipv4-random}
466 port = $${apache-configuration:cache-port}
467 backend-ip = $${instance-parameter:ipv4-random}
468 backend-port = $${apache-configuration:cache-through-port}
469 open-port = $${instance-parameter:configuration.open-port}
470 access-log-path = $${directory:log}/squid-access.log
471 cache-log-path = $${directory:log}/squid-cache.log
472 pid-filename-path = $${directory:run}/squid.pid
473
474 [squid-configuration]
475 < = jinja2-template-base
476 template = ${template-squid-configuration:target}
477 rendered = $${squid-cache:configuration-path}
478 extra-context =
479       key ip squid-cache:ip
480       key port squid-cache:port
481       key backend_ip squid-cache:backend-ip
482       key backend_port squid-cache:backend-port
483       key cache_path squid-cache:cache-path
484       key access_log_path squid-cache:access-log-path
485       key cache_log_path squid-cache:cache-log-path
486       key pid_filename_path squid-cache:pid-filename-path
487       key open_port squid-cache:open-port
488
489 [squid-service]
490 recipe = slapos.cookbook:wrapper
491 command-line = $${squid-cache:binary-path} -N -f $${squid-configuration:rendered}
492 wrapper-path = $${squid-cache:wrapper-path}
493
494 [squid-prepare]
495 recipe = slapos.cookbook:wrapper
496 command-line = $${squid-cache:binary-path} -z -f $${squid-configuration:rendered}
497 wrapper-path = $${squid-cache:prepare-path}
498
499 [squid-reload]
500 recipe = slapos.cookbook:wrapper
501 command-line = ${buildout:bin-directory}/killpidfromfile $${squid-cache:pid-filename-path} SIGHUP
502 wrapper-path = $${directory:etc-run}/squid-reload
503
504 [promise-squid]
505 recipe = slapos.cookbook:check_port_listening
506 path = $${directory:promise}/squid
507 hostname = $${instance-parameter:ipv4-random}
508 port = $${apache-configuration:cache-port}
509
510 # End of Squid part
511
512 ### Apaches Graceful and promises
513 [frontend-apache-graceful]
514 < = jinja2-template-base
515 template = ${template-wrapper:output}
516 rendered = $${directory:etc-run}/frontend-apache-safe-graceful
517 mode = 0700
518 extra-context =
519     key content apache-configuration:frontend-graceful-command
520
521 [cached-apache-graceful]
522 < = jinja2-template-base
523 template = ${template-wrapper:output}
524 rendered = $${directory:etc-run}/cached-apache-safe-graceful
525 mode = 0700
526 extra-context =
527     key content apache-configuration:cached-graceful-command
528
529 # Promises checking configuration:
530 [promise-frontend-apache-configuration]
531 < = jinja2-template-base
532 template = ${template-wrapper:output}
533 rendered = $${directory:promise}/frontend-apache-configuration-promise
534 mode = 0700
535 extra-context =
536     key content apache-configuration:frontend-configuration-verification
537
538 [promise-cached-apache-configuration]
539 < = jinja2-template-base
540 template = ${template-wrapper:output}
541 rendered = $${directory:promise}/cached-apache-configuration-promise
542 mode = 0700
543 extra-context =
544     key content apache-configuration:cached-configuration-verification
545
546 [promise-apache-frontend-v4-https]
547 recipe = slapos.cookbook:check_port_listening
548 path = $${directory:promise}/apache_frontend_ipv4_https
549 hostname = $${instance-parameter:ipv4-random}
550 port = $${instance-parameter:configuration.port}
551
552 [promise-apache-frontend-v4-http]
553 recipe = slapos.cookbook:check_port_listening
554 path = $${directory:promise}/apache_frontend_ipv4_http
555 hostname = $${instance-parameter:ipv4-random}
556 port = $${instance-parameter:configuration.plain_http_port}
557
558 [promise-apache-frontend-v6-https]
559 recipe = slapos.cookbook:check_port_listening
560 path = $${directory:promise}/apache_frontend_ipv6_https
561 hostname = $${instance-parameter:ipv6-random}
562 port = $${instance-parameter:configuration.port}
563
564 [promise-apache-frontend-v6-http]
565 recipe = slapos.cookbook:check_port_listening
566 path = $${directory:promise}/apache_frontend_ipv6_http
567 hostname = $${instance-parameter:ipv6-random}
568 port = $${instance-parameter:configuration.plain_http_port}
569
570 [promise-apache-cached]
571 recipe = slapos.cookbook:check_port_listening
572 path = $${directory:promise}/apache_cached
573 hostname = $${instance-parameter:ipv4-random}
574 port = $${apache-configuration:cache-through-port}
575
576 [slap_connection]
577 # Kept for backward compatiblity
578 computer_id = $${slap-connection:computer-id}
579 partition_id = $${slap-connection:partition-id}
580 server_url = $${slap-connection:server-url}
581 software_release_url = $${slap-connection:software-release-url}
582 key_file = $${slap-connection:key-file}
583 cert_file = $${slap-connection:cert-file}