apache-frontend: check configuration file before reloading apache
[slapos.git] / software / apache-frontend / instance-apache-frontend.cfg
1 [buildout]
2 parts =
3   directory
4   configtest
5   logrotate
6   cron
7   cron-entry-logrotate
8   ca-frontend
9   certificate-authority
10   logrotate-entry-apache
11   logrotate-entry-apache-cached
12   logrotate-entry-squid
13   apache-frontend
14   apache-cached
15   switch-apache-softwaretype
16   frontend-apache-graceful
17   cached-apache-graceful
18   squid-service
19   squid-prepare
20   squid-reload
21   promise-squid
22   dynamic-template-default-vh
23   not-found-html
24   promise-apache-frontend-v4-https
25   promise-apache-frontend-v4-http
26   promise-apache-frontend-v6-https
27   promise-apache-frontend-v6-http
28   promise-apache-cached
29
30
31 eggs-directory = ${buildout:eggs-directory}
32 develop-eggs-directory = ${buildout:develop-eggs-directory}
33 offline = true
34
35 # Create all needed directories
36 [directory]
37 recipe = slapos.cookbook:mkdirectory
38
39 bin = $${buildout:directory}/bin/
40 etc = $${buildout:directory}/etc/
41 srv = $${buildout:directory}/srv/
42 var = $${buildout:directory}/var/
43 template = $${buildout:directory}/template/
44
45 backup = $${:srv}/backup
46 log = $${:var}/log
47 run = $${:var}/run
48 service = $${:etc}/service
49 etc-run = $${:etc}/run
50 promise = $${:etc}/promise
51
52 logrotate-backup = $${:backup}/logrotate
53 logrotate-entries = $${:etc}/logrotate.d
54
55 cron-entries = $${:etc}/cron.d
56 crontabs = $${:etc}/crontabs
57 cronstamps = $${:etc}/cronstamps
58 ca-dir = $${:srv}/ssl
59
60 [switch-apache-softwaretype]
61 recipe = slapos.cookbook:softwaretype
62 single-default = $${dynamic-default-template-slave-list:rendered}
63 single-custom-personal = $${dynamic-custom-personal-template-slave-list:rendered}
64 single-custom-group = $${dynamic-custom-group-template-slave-list:rendered}
65
66 [instance-parameter]
67 # Fetches parameters defined in SlapOS Master for this instance.
68 # Always the same.
69 recipe = slapos.cookbook:slapconfiguration.serialised
70 computer = $${slap-connection:computer-id}
71 partition = $${slap-connection:partition-id}
72 url = $${slap-connection:server-url}
73 key = $${slap-connection:key-file}
74 cert = $${slap-connection:cert-file}
75 # Define default parameter(s) that will be used later, in case user didn't
76 # specify it
77 # All parameters are available through the configuration.XX syntax.
78 # All possible parameters should have a default.
79 configuration.domain = example.org
80 configuration.public-ipv4 =
81 configuration.port = 4443
82 configuration.plain_http_port = 8080
83 configuration.server-admin = admin@example.com
84 configuration.apache_custom_https = ""
85 configuration.apache_custom_http = ""
86 configuration.apache-key =
87 configuration.apache-certificate =
88 configuration.open-port = 80 443
89 configuration.extra_slave_instance_list =
90
91 [frontend-configuration]
92 template-log-access = ${template-log-access:target}
93 log-access-configuration = $${directory:etc}/apache-log-access.conf
94 apache-directory = ${apache-2.2:location}
95 apache-ipv6 = $${instance-parameter:ipv6-random}
96 apache-https-port = $${instance-parameter:configuration.port}
97
98 [jinja2-template-base]
99 recipe = slapos.recipe.template:jinja2
100 rendered = $${buildout:directory}/$${:filename}
101 extra-context =
102 context =
103     import json_module json
104     key eggs_directory buildout:eggs-directory
105     key develop_eggs_directory buildout:develop-eggs-directory
106     key slap_software_type instance-parameter:slap-software-type
107     key slapparameter_dict instance-parameter:configuration
108     $${:extra-context}
109
110 [dynamic-template-default-vh]
111 < = jinja2-template-base
112 template = ${template-default-virtualhost:target}
113 rendered = $${apache-directory:slave-configuration}/000.conf
114 extensions = jinja2.ext.do
115 extra-context =
116     key http_port instance-parameter:configuration.plain_http_port
117     key https_port instance-parameter:configuration.port
118
119 [dynamic-custom-personal-template-slave-list]
120 < = jinja2-template-base
121 template = ${template-slave-list:target}
122 filename = custom-personal-instance-slave-list.cfg
123 extensions = jinja2.ext.do
124 extra-context =
125     key apache_configuration_directory apache-directory:slave-configuration
126     key http_port instance-parameter:configuration.plain_http_port
127     key https_port instance-parameter:configuration.port
128     key public_ipv4 instance-parameter:configuration.public-ipv4
129     key slave_instance_list instance-parameter:slave-instance-list
130     key extra_slave_instance_list instance-parameter:configuration.extra_slave_instance_list
131     key rewrite_cached_configuration apache-configuration:cached-rewrite-file
132     key custom_ssl_directory apache-directory:vh-ssl
133     key apache_log_directory apache-directory:slave-log
134     key local_ipv4 instance-parameter:ipv4-random
135     key cache_port apache-configuration:cache-port
136     raw empty_template ${template-empty:target}
137     raw template_slave_configuration ${template-slave-configuration:target}
138     raw template_rewrite_cached ${template-rewrite-cached:target}
139     raw software_type single-custom-personal
140     section logrotate_dict logrotate
141     section frontend_configuration frontend-configuration
142     section apache_configuration apache-configuration
143
144 [dynamic-custom-group-template-slave-list]
145 < = jinja2-template-base
146 template = ${template-custom-slave-list:target}
147 filename = custom-group-instance-slave-list.cfg
148 extensions = jinja2.ext.do
149 extra-context =
150     key apache_configuration_directory apache-directory:slave-configuration
151     key domain instance-parameter:configuration.domain
152     key http_port instance-parameter:configuration.plain_http_port
153     key https_port instance-parameter:configuration.port
154     key public_ipv4 instance-parameter:configuration.public-ipv4
155     key slave_instance_list instance-parameter:slave-instance-list
156     key extra_slave_instance_list instance-parameter:configuration.extra_slave_instance_list
157     key rewrite_cached_configuration apache-configuration:cached-rewrite-file
158     key custom_ssl_directory apache-directory:vh-ssl
159     key template_slave_configuration dynamic-virtualhost-template-slave:rendered
160     key apache_log_directory apache-directory:slave-log
161     key local_ipv4 instance-parameter:ipv4-random
162     key cache_port apache-configuration:cache-port
163     raw empty_template ${template-empty:target}
164     raw template_rewrite_cached ${template-rewrite-cached:target}
165     raw software_type single-custom-group
166
167 [dynamic-default-template-slave-list]
168 < = jinja2-template-base
169 template = ${template-custom-slave-list:target}
170 filename = default-instance-slave-list.cfg
171 extensions = jinja2.ext.do
172 extra-context =
173     key apache_configuration_directory apache-directory:slave-configuration
174     key domain instance-parameter:configuration.domain
175     key http_port instance-parameter:configuration.plain_http_port
176     key https_port instance-parameter:configuration.port
177     key public_ipv4 instance-parameter:configuration.public-ipv4
178     key slave_instance_list instance-parameter:slave-instance-list
179     key extra_slave_instance_list instance-parameter:configuration.extra_slave_instance_list
180     key rewrite_cached_configuration apache-configuration:cached-rewrite-file
181     key custom_ssl_directory apache-directory:vh-ssl
182     key apache_log_directory apache-directory:slave-log
183     key local_ipv4 instance-parameter:ipv4-random
184     key cache_port apache-configuration:cache-port
185     raw template_slave_configuration ${template-default-slave-virtualhost:target}
186     raw empty_template ${template-empty:target}
187     raw template_rewrite_cached ${template-rewrite-cached:target}
188     raw software_type single-default
189 # XXXX Hack to allow two software types
190
191 [dynamic-virtualhost-template-slave]
192 <= jinja2-template-base
193 template = ${template-slave-configuration:target}
194 rendered = $${directory:template}/slave-virtualhost.conf.in
195 extensions = jinja2.ext.do
196 extra-context =
197     key https_port instance-parameter:configuration.port
198     key http_port instance-parameter:configuration.plain_http_port
199     key apache_custom_https instance-parameter:configuration.apache_custom_https
200     key apache_custom_http instance-parameter:configuration.apache_custom_http
201
202 # Deploy Apache Frontend (new way, no recipe, jinja power)
203 [dynamic-apache-frontend-template]
204 < = jinja2-template-base
205 template = ${template-apache-frontend-configuration:target}
206 rendered = $${apache-configuration:frontend-configuration}
207 extra-context =
208     raw httpd_home ${apache-2.2:location}
209     key httpd_mod_ssl_cache_directory apache-directory:mod-ssl
210     key domain instance-parameter:configuration.domain
211     key document_root apache-directory:document-root
212     key instance_home buildout:directory
213     key ipv4_addr instance-parameter:ipv4-random
214     key ipv6_addr instance-parameter:ipv6-random
215     key http_port instance-parameter:configuration.plain_http_port
216     key https_port instance-parameter:configuration.port
217     key server_admin instance-parameter:configuration.server-admin
218     key protected_path apache-configuration:protected-path
219     key access_control_string apache-configuration:access-control-string
220     key login_certificate ca-frontend:cert-file
221     key login_key ca-frontend:key-file
222     key ca_dir  certificate-authority:ca-dir
223     key ca_crl certificate-authority:ca-crl
224     key access_log apache-configuration:access-log
225     key error_log apache-configuration:error-log
226     key pid_file apache-configuration:pid-file
227     key slave_configuration_directory apache-directory:slave-configuration
228     section frontend_configuration frontend-configuration
229
230 [apache-frontend]
231 recipe = slapos.cookbook:wrapper
232 command-line = ${apache-2.2:location}/bin/httpd -f $${dynamic-apache-frontend-template:rendered} -DFOREGROUND
233 wrapper-path = $${directory:service}/frontend_apache
234 wait-for-files =
235                $${ca-frontend:cert-file}
236                $${ca-frontend:key-file}
237
238 # Deploy Apache for cached website
239 [dynamic-apache-cached-template]
240 < = jinja2-template-base
241 template = ${template-apache-cached-configuration:target}
242 rendered = $${apache-configuration:cached-configuration}
243 extra-context =
244     raw httpd_home ${apache-2.2:location}
245     key httpd_mod_ssl_cache_directory apache-directory:mod-ssl
246     key domain instance-parameter:configuration.domain
247     key document_root apache-directory:document-root
248     key instance_home buildout:directory
249     key ipv4_addr instance-parameter:ipv4-random
250     key cached_port apache-configuration:cache-through-port
251     key server_admin instance-parameter:configuration.server-admin
252     key protected_path apache-configuration:protected-path
253     key access_control_string apache-configuration:access-control-string
254     key login_certificate ca-frontend:cert-file
255     key login_key ca-frontend:key-file
256     key ca_dir  certificate-authority:ca-dir
257     key ca_crl certificate-authority:ca-crl
258     key access_log apache-configuration:cache-access-log
259     key error_log apache-configuration:cache-error-log
260     key pid_file apache-configuration:cache-pid-file
261     key apachecachedmap_path apache-configuration:cached-rewrite-file
262
263 [apache-cached]
264 recipe = slapos.cookbook:wrapper
265 command-line = ${apache-2.2:location}/bin/httpd -f $${dynamic-apache-cached-template:rendered} -DFOREGROUND
266 wrapper-path = $${directory:service}/frontend_cached_apache
267 wait-for-files =
268                $${ca-frontend:cert-file}
269                $${ca-frontend:key-file}
270
271 [not-found-html]
272 recipe = slapos.cookbook:symbolic.link
273 target-directory = $${apache-directory:document-root}
274 link-binary =
275             ${template-not-found-html:target}
276
277 [apache-directory]
278 recipe = slapos.cookbook:mkdirectory
279 document-root = $${directory:srv}/htdocs
280 slave-configuration = $${directory:etc}/apache-slave-conf.d/
281 cache = $${directory:var}/cache
282 mod-ssl = $${:cache}/httpd_mod_ssl
283 vh-ssl = $${:slave-configuration}/ssl
284 slave-log = $${directory:log}/httpd
285
286 [apache-configuration]
287 frontend-configuration = $${directory:etc}/apache_frontend.conf
288 cached-configuration = $${directory:etc}/apache_frontend_cached.conf
289 access-log = $${directory:log}/frontend-apache-access.log
290 error-log = $${directory:log}/frontend-apache-error.log
291 pid-file = $${directory:run}/httpd.pid
292 protected-path = /
293 access-control-string = none
294 cached-rewrite-file = $${directory:etc}/apache_rewrite_cached.txt
295 frontend-graceful-command = ${apache-2.2:location}/bin/httpd -Sf $${:frontend-configuration}; if [ $? -eq 0 ]; then kill -USR1 $(cat $${:pid-file}); fi
296 cached-graceful-command = ${apache-2.2:location}/bin/httpd -Sf $${:cached-configuration}; if [ $? -eq 0 ]; then kill -USR1 $(cat $${apache-configuration:cache-pid-file}); fi
297
298 # Apache for cache configuration
299 cache-access-log = $${directory:log}/frontend-apache-access-cached.log
300 cache-error-log = $${directory:log}/frontend-apache-error-cached.log
301 cache-pid-file = $${directory:run}/httpd-cached.pid
302
303 # Comunication with squid
304 cache-port = 26010
305 cache-through-port = 26011
306
307 # Create wrapper for "apachectl conftest" in bin
308 [configtest]
309 recipe = slapos.cookbook:wrapper
310 command-line = ${apache-2.2:location}/bin/httpd -f $${directory:etc}/apache_frontend.conf -t
311 wrapper-path = $${directory:bin}/apache-configtest
312
313 [certificate-authority]
314 recipe = slapos.cookbook:certificate_authority
315 openssl-binary = ${openssl:location}/bin/openssl
316 ca-dir = $${directory:ca-dir}
317 requests-directory = $${cadirectory:requests}
318 wrapper = $${directory:service}/certificate_authority
319 ca-private = $${cadirectory:private}
320 ca-certs = $${cadirectory:certs}
321 ca-newcerts = $${cadirectory:newcerts}
322 ca-crl = $${cadirectory:crl}
323
324 [cadirectory]
325 recipe = slapos.cookbook:mkdirectory
326 requests = $${directory:ca-dir}/requests/
327 private = $${directory:ca-dir}/private/
328 certs = $${directory:ca-dir}/certs/
329 newcerts = $${directory:ca-dir}/newcerts/
330 crl = $${directory:ca-dir}/crl/
331
332 [ca-frontend]
333 <= certificate-authority
334 recipe = slapos.cookbook:certificate_authority.request
335 key-file = $${cadirectory:certs}/apache_frontend.key
336 cert-file = $${cadirectory:certs}/apache_frontend.crt
337 executable = $${directory:service}/frontend_apache
338 wrapper = $${directory:service}/frontend_apache
339 key-content = $${instance-parameter:configuration.apache-key}
340 cert-content = $${instance-parameter:configuration.apache-certificate}
341 # Put domain name
342 name = $${instance-parameter:configuration.domain}
343
344 [cron]
345 recipe = slapos.cookbook:cron
346 dcrond-binary = ${dcron:location}/sbin/crond
347 cron-entries = $${directory:cron-entries}
348 crontabs = $${directory:crontabs}
349 cronstamps = $${directory:cronstamps}
350 catcher = $${cron-simplelogger:wrapper}
351 binary = $${directory:service}/crond
352
353 [cron-simplelogger]
354 recipe = slapos.cookbook:simplelogger
355 wrapper = $${directory:bin}/cron_simplelogger
356 log = $${directory:log}/cron.log
357
358 [cron-entry-logrotate]
359 <= cron
360 recipe = slapos.cookbook:cron.d
361 name = logrotate
362 frequency = 0 0 * * *
363 command = $${logrotate:wrapper}
364
365 # Deploy Logrotate
366 [logrotate]
367 recipe = slapos.cookbook:logrotate
368 # Binaries
369 logrotate-binary = ${logrotate:location}/usr/sbin/logrotate
370 gzip-binary = ${gzip:location}/bin/gzip
371 gunzip-binary = ${gzip:location}/bin/gunzip
372 # Directories
373 wrapper = $${directory:bin}/logrotate
374 conf = $${directory:etc}/logrotate.conf
375 logrotate-entries = $${directory:logrotate-entries}
376 backup = $${directory:logrotate-backup}
377 state-file = $${directory:srv}/logrotate.status
378
379 [logrotate-entry-apache]
380 <= logrotate
381 recipe = slapos.cookbook:logrotate.d
382 name = apache
383 log = $${apache-configuration:error-log} $${apache-configuration:access-log}
384 frequency = daily
385 rotatep-num = 30
386 post = $${apache-configuration:frontend-graceful-command}
387 sharedscripts = true
388 notifempty = true
389 create = true
390
391 [logrotate-entry-apache-cached]
392 <= logrotate
393 recipe = slapos.cookbook:logrotate.d
394 name = apache-cached
395 log = $${apache-configuration:cache-error-log} $${apache-configuration:cache-access-log}
396 frequency = daily
397 rotatep-num = 30
398 post = $${apache-configuration:cached-graceful-command}
399 sharedscripts = true
400 notifempty = true
401 create = true
402
403 [logrotate-entry-squid]
404 <= logrotate
405 recipe = slapos.cookbook:logrotate.d
406 name = squid
407 log = $${squid-cache:cache-log-path} $${squid-cache:access-log-path}
408 frequency = daily
409 rotatep-num = 30
410 post = ${buildout:bin-directory}/killpidfromfile $${apache-configuration:pid-file} SIGHUP
411 sharedscripts = true
412 notifempty = true
413 create = true
414
415 ######################
416 #  Squid deployment
417 ######################
418 [squid-directory]
419 recipe = slapos.cookbook:mkdirectory
420 squid-cache = $${directory:srv}/squid_cache
421
422 [squid-cache]
423 prepare-path = $${directory:etc-run}/squid-prepare
424 wrapper-path = $${directory:service}/squid
425 binary-path = ${squid:location}/sbin/squid
426 configuration-path = $${directory:etc}/squid.cfg
427 cache-path = $${squid-directory:squid-cache}
428 ip = $${instance-parameter:ipv4-random}
429 port = $${apache-configuration:cache-port}
430 backend-ip = $${instance-parameter:ipv4-random}
431 backend-port = $${apache-configuration:cache-through-port}
432 open-port = $${instance-parameter:configuration.open-port}
433 access-log-path = $${directory:log}/squid-access.log
434 cache-log-path = $${directory:log}/squid-cache.log
435 pid-filename-path = $${directory:run}/squid.pid
436
437 [squid-configuration]
438 < = jinja2-template-base
439 template = ${template-squid-configuration:target}
440 rendered = $${squid-cache:configuration-path}
441 extra-context =
442       key ip squid-cache:ip
443       key port squid-cache:port
444       key backend_ip squid-cache:backend-ip
445       key backend_port squid-cache:backend-port
446       key cache_path squid-cache:cache-path
447       key access_log_path squid-cache:access-log-path
448       key cache_log_path squid-cache:cache-log-path
449       key pid_filename_path squid-cache:pid-filename-path
450       key open_port squid-cache:open-port
451
452 [squid-service]
453 recipe = slapos.cookbook:wrapper
454 command-line = $${squid-cache:binary-path} -N -f $${squid-configuration:rendered}
455 wrapper-path = $${squid-cache:wrapper-path}
456
457 [squid-prepare]
458 recipe = slapos.cookbook:wrapper
459 command-line = $${squid-cache:binary-path} -z -f $${squid-configuration:rendered}
460 wrapper-path = $${squid-cache:prepare-path}
461
462 [squid-reload]
463 recipe = slapos.cookbook:wrapper
464 command-line = ${buildout:bin-directory}/killpidfromfile $${squid-cache:pid-filename-path} SIGHUP
465 wrapper-path = $${directory:etc-run}/squid-reload
466
467 [promise-squid]
468 recipe = slapos.cookbook:check_port_listening
469 path = $${directory:promise}/squid
470 hostname = $${instance-parameter:ipv4-random}
471 port = $${apache-configuration:cache-port}
472
473 # End of Squid part
474
475 [frontend-apache-graceful]
476 < = jinja2-template-base
477 template = ${template-wrapper:target}
478 rendered = $${directory:etc-run}/frontend-apache-safe-graceful
479 mode = 0700
480 extra-context =
481     key content apache-configuration:frontend-graceful-command
482
483 [cached-apache-graceful]
484 < = jinja2-template-base
485 template = ${template-wrapper:target}
486 rendered = $${directory:etc-run}/cached-apache-safe-graceful
487 mode = 0700
488 extra-context =
489     key content apache-configuration:cached-graceful-command
490
491 [promise-apache-frontend-v4-https]
492 recipe = slapos.cookbook:check_port_listening
493 path = $${directory:promise}/apache_frontend_ipv4_https
494 hostname = $${instance-parameter:ipv4-random}
495 port = $${instance-parameter:configuration.port}
496
497 [promise-apache-frontend-v4-http]
498 recipe = slapos.cookbook:check_port_listening
499 path = $${directory:promise}/apache_frontend_ipv4_http
500 hostname = $${instance-parameter:ipv4-random}
501 port = $${instance-parameter:configuration.plain_http_port}
502
503 [promise-apache-frontend-v6-https]
504 recipe = slapos.cookbook:check_port_listening
505 path = $${directory:promise}/apache_frontend_ipv6_https
506 hostname = $${instance-parameter:ipv6-random}
507 port = $${instance-parameter:configuration.port}
508
509 [promise-apache-frontend-v6-http]
510 recipe = slapos.cookbook:check_port_listening
511 path = $${directory:promise}/apache_frontend_ipv6_http
512 hostname = $${instance-parameter:ipv6-random}
513 port = $${instance-parameter:configuration.plain_http_port}
514
515 [promise-apache-cached]
516 recipe = slapos.cookbook:check_port_listening
517 path = $${directory:promise}/apache_cached
518 hostname = $${instance-parameter:ipv4-random}
519 port = $${apache-configuration:cache-through-port}
520
521 [slap_connection]
522 # Kept for backward compatiblity
523 computer_id = $${slap-connection:computer-id}
524 partition_id = $${slap-connection:partition-id}
525 server_url = $${slap-connection:server-url}
526 software_release_url = $${slap-connection:software-release-url}
527 key_file = $${slap-connection:key-file}
528 cert_file = $${slap-connection:cert-file}