apache: extend part ton include monitor graceful
[slapos.git] / software / apache-frontend / instance-apache-frontend.cfg
1 [buildout]
2 parts =
3   directory
4   configtest
5   logrotate
6   cron
7   cron-entry-logrotate
8   ca-frontend
9   certificate-authority
10   logrotate-entry-apache
11   logrotate-entry-apache-cached
12   logrotate-entry-squid
13   apache-frontend
14   apache-cached
15   switch-apache-softwaretype
16   frontend-apache-graceful
17   cached-apache-graceful
18   squid-service
19   squid-prepare
20   squid-reload
21   promise-squid
22   dynamic-template-default-vh
23   not-found-html
24   promise-frontend-apache-configuration
25   promise-cached-apache-configuration
26   promise-apache-frontend-v4-https
27   promise-apache-frontend-v4-http
28   promise-apache-frontend-v6-https
29   promise-apache-frontend-v6-http
30   promise-apache-cached
31 ## Monitoring part
32 ###Parts to add for monitoring
33   slap-parameters
34   certificate-authority
35   cron-entry-monitor
36   cron-entry-rss
37   deploy-index
38   deploy-index-template
39   deploy-monitor-script
40   deploy-rss-script
41   deploy-settings-cgi
42   deploy-status-cgi
43   make-rss
44   monitor-promise
45   setup-static-files
46   certificate-authority
47   public
48   zero-parameters
49   public-symlink
50   cgi-httpd-wrapper
51   cgi-httpd-graceful-wrapper
52 ## Monitor for apache
53   monitor-current-log-access
54   monitor-backup-log-access
55 extends = ${monitor-template:output}
56
57
58 eggs-directory = ${buildout:eggs-directory}
59 develop-eggs-directory = ${buildout:develop-eggs-directory}
60 offline = true
61
62 # Create all needed directories
63 [directory]
64 recipe = slapos.cookbook:mkdirectory
65
66 bin = $${buildout:directory}/bin/
67 etc = $${buildout:directory}/etc/
68 srv = $${buildout:directory}/srv/
69 var = $${buildout:directory}/var/
70 template = $${buildout:directory}/template/
71
72 backup = $${:srv}/backup
73 log = $${:var}/log
74 run = $${:var}/run
75 service = $${:etc}/service
76 etc-run = $${:etc}/run
77 promise = $${:etc}/promise
78
79 logrotate-backup = $${:backup}/logrotate
80 logrotate-entries = $${:etc}/logrotate.d
81
82 cron-entries = $${:etc}/cron.d
83 crontabs = $${:etc}/crontabs
84 cronstamps = $${:etc}/cronstamps
85 ca-dir = $${:srv}/ssl
86
87 [switch-apache-softwaretype]
88 recipe = slapos.cookbook:softwaretype
89 single-default = $${dynamic-default-template-slave-list:rendered}
90 single-custom-personal = $${dynamic-custom-personal-template-slave-list:rendered}
91 single-custom-group = $${dynamic-custom-group-template-slave-list:rendered}
92
93 [instance-parameter]
94 # Fetches parameters defined in SlapOS Master for this instance.
95 # Always the same.
96 recipe = slapos.cookbook:slapconfiguration.serialised
97 computer = $${slap-connection:computer-id}
98 partition = $${slap-connection:partition-id}
99 url = $${slap-connection:server-url}
100 key = $${slap-connection:key-file}
101 cert = $${slap-connection:cert-file}
102 # Define default parameter(s) that will be used later, in case user didn't
103 # specify it
104 # All parameters are available through the configuration.XX syntax.
105 # All possible parameters should have a default.
106 configuration.domain = example.org
107 configuration.public-ipv4 =
108 configuration.port = 4443
109 configuration.plain_http_port = 8080
110 configuration.server-admin = admin@example.com
111 configuration.apache_custom_https = ""
112 configuration.apache_custom_http = ""
113 configuration.apache-key =
114 configuration.apache-certificate =
115 configuration.open-port = 80 443
116 configuration.extra_slave_instance_list =
117
118 [frontend-configuration]
119 template-log-access = ${template-log-access:target}
120 log-access-configuration = $${directory:etc}/apache-log-access.conf
121 apache-directory = ${apache-2.2:location}
122 apache-ipv6 = $${instance-parameter:ipv6-random}
123 apache-https-port = $${instance-parameter:configuration.port}
124
125 [monitor-current-log-access]
126 < = monitor-directory-access
127 source = $${directory:log}
128
129 [monitor-backup-log-access]
130 < = monitor-directory-access
131 source = $${directory:logrotate-backup}
132
133 [jinja2-template-base]
134 recipe = slapos.recipe.template:jinja2
135 rendered = $${buildout:directory}/$${:filename}
136 extra-context =
137 context =
138     import json_module json
139     key eggs_directory buildout:eggs-directory
140     key develop_eggs_directory buildout:develop-eggs-directory
141     key slap_software_type instance-parameter:slap-software-type
142     key slapparameter_dict instance-parameter:configuration
143     $${:extra-context}
144
145 [dynamic-template-default-vh]
146 < = jinja2-template-base
147 template = ${template-default-virtualhost:target}
148 rendered = $${apache-directory:slave-configuration}/000.conf
149 extensions = jinja2.ext.do
150 extra-context =
151     key http_port instance-parameter:configuration.plain_http_port
152     key https_port instance-parameter:configuration.port
153
154 [dynamic-custom-personal-template-slave-list]
155 < = jinja2-template-base
156 template = ${template-slave-list:target}
157 filename = custom-personal-instance-slave-list.cfg
158 extensions = jinja2.ext.do
159 extra-context =
160     key apache_configuration_directory apache-directory:slave-configuration
161     key http_port instance-parameter:configuration.plain_http_port
162     key https_port instance-parameter:configuration.port
163     key public_ipv4 instance-parameter:configuration.public-ipv4
164     key slave_instance_list instance-parameter:slave-instance-list
165     key extra_slave_instance_list instance-parameter:configuration.extra_slave_instance_list
166     key rewrite_cached_configuration apache-configuration:cached-rewrite-file
167     key custom_ssl_directory apache-directory:vh-ssl
168     key apache_log_directory apache-directory:slave-log
169     key local_ipv4 instance-parameter:ipv4-random
170     key cache_port apache-configuration:cache-port
171     raw empty_template ${template-empty:target}
172     raw template_slave_configuration ${template-slave-configuration:target}
173     raw template_rewrite_cached ${template-rewrite-cached:target}
174     raw software_type single-custom-personal
175     section logrotate_dict logrotate
176     section frontend_configuration frontend-configuration
177     section apache_configuration apache-configuration
178     section connection_information_dict publish-connection-informations
179
180 [dynamic-custom-group-template-slave-list]
181 < = jinja2-template-base
182 template = ${template-custom-slave-list:target}
183 filename = custom-group-instance-slave-list.cfg
184 extensions = jinja2.ext.do
185 extra-context =
186     key apache_configuration_directory apache-directory:slave-configuration
187     key domain instance-parameter:configuration.domain
188     key http_port instance-parameter:configuration.plain_http_port
189     key https_port instance-parameter:configuration.port
190     key public_ipv4 instance-parameter:configuration.public-ipv4
191     key slave_instance_list instance-parameter:slave-instance-list
192     key extra_slave_instance_list instance-parameter:configuration.extra_slave_instance_list
193     key rewrite_cached_configuration apache-configuration:cached-rewrite-file
194     key custom_ssl_directory apache-directory:vh-ssl
195     key template_slave_configuration dynamic-virtualhost-template-slave:rendered
196     key apache_log_directory apache-directory:slave-log
197     key local_ipv4 instance-parameter:ipv4-random
198     key cache_port apache-configuration:cache-port
199     raw empty_template ${template-empty:target}
200     raw template_rewrite_cached ${template-rewrite-cached:target}
201     raw software_type single-custom-group
202
203 [dynamic-default-template-slave-list]
204 < = jinja2-template-base
205 template = ${template-custom-slave-list:target}
206 filename = default-instance-slave-list.cfg
207 extensions = jinja2.ext.do
208 extra-context =
209     key apache_configuration_directory apache-directory:slave-configuration
210     key domain instance-parameter:configuration.domain
211     key http_port instance-parameter:configuration.plain_http_port
212     key https_port instance-parameter:configuration.port
213     key public_ipv4 instance-parameter:configuration.public-ipv4
214     key slave_instance_list instance-parameter:slave-instance-list
215     key extra_slave_instance_list instance-parameter:configuration.extra_slave_instance_list
216     key rewrite_cached_configuration apache-configuration:cached-rewrite-file
217     key custom_ssl_directory apache-directory:vh-ssl
218     key apache_log_directory apache-directory:slave-log
219     key local_ipv4 instance-parameter:ipv4-random
220     key cache_port apache-configuration:cache-port
221     raw template_slave_configuration ${template-default-slave-virtualhost:target}
222     raw empty_template ${template-empty:target}
223     raw template_rewrite_cached ${template-rewrite-cached:target}
224     raw software_type single-default
225 # XXXX Hack to allow two software types
226
227 [dynamic-virtualhost-template-slave]
228 <= jinja2-template-base
229 template = ${template-slave-configuration:target}
230 rendered = $${directory:template}/slave-virtualhost.conf.in
231 extensions = jinja2.ext.do
232 extra-context =
233     key https_port instance-parameter:configuration.port
234     key http_port instance-parameter:configuration.plain_http_port
235     key apache_custom_https instance-parameter:configuration.apache_custom_https
236     key apache_custom_http instance-parameter:configuration.apache_custom_http
237
238 # Deploy Apache Frontend (new way, no recipe, jinja power)
239 [dynamic-apache-frontend-template]
240 < = jinja2-template-base
241 template = ${template-apache-frontend-configuration:target}
242 rendered = $${apache-configuration:frontend-configuration}
243 extra-context =
244     raw httpd_home ${apache-2.2:location}
245     key httpd_mod_ssl_cache_directory apache-directory:mod-ssl
246     key domain instance-parameter:configuration.domain
247     key document_root apache-directory:document-root
248     key instance_home buildout:directory
249     key ipv4_addr instance-parameter:ipv4-random
250     key ipv6_addr instance-parameter:ipv6-random
251     key http_port instance-parameter:configuration.plain_http_port
252     key https_port instance-parameter:configuration.port
253     key server_admin instance-parameter:configuration.server-admin
254     key protected_path apache-configuration:protected-path
255     key access_control_string apache-configuration:access-control-string
256     key login_certificate ca-frontend:cert-file
257     key login_key ca-frontend:key-file
258     key ca_dir  certificate-authority:ca-dir
259     key ca_crl certificate-authority:ca-crl
260     key access_log apache-configuration:access-log
261     key error_log apache-configuration:error-log
262     key pid_file apache-configuration:pid-file
263     key slave_configuration_directory apache-directory:slave-configuration
264     section frontend_configuration frontend-configuration
265
266 [apache-frontend]
267 recipe = slapos.cookbook:wrapper
268 command-line = ${apache-2.2:location}/bin/httpd -f $${dynamic-apache-frontend-template:rendered} -DFOREGROUND
269 wrapper-path = $${directory:service}/frontend_apache
270 wait-for-files =
271                $${ca-frontend:cert-file}
272                $${ca-frontend:key-file}
273
274 # Deploy Apache for cached website
275 [dynamic-apache-cached-template]
276 < = jinja2-template-base
277 template = ${template-apache-cached-configuration:target}
278 rendered = $${apache-configuration:cached-configuration}
279 extra-context =
280     raw httpd_home ${apache-2.2:location}
281     key httpd_mod_ssl_cache_directory apache-directory:mod-ssl
282     key domain instance-parameter:configuration.domain
283     key document_root apache-directory:document-root
284     key instance_home buildout:directory
285     key ipv4_addr instance-parameter:ipv4-random
286     key cached_port apache-configuration:cache-through-port
287     key server_admin instance-parameter:configuration.server-admin
288     key protected_path apache-configuration:protected-path
289     key access_control_string apache-configuration:access-control-string
290     key login_certificate ca-frontend:cert-file
291     key login_key ca-frontend:key-file
292     key ca_dir  certificate-authority:ca-dir
293     key ca_crl certificate-authority:ca-crl
294     key access_log apache-configuration:cache-access-log
295     key error_log apache-configuration:cache-error-log
296     key pid_file apache-configuration:cache-pid-file
297     key apachecachedmap_path apache-configuration:cached-rewrite-file
298
299 [apache-cached]
300 recipe = slapos.cookbook:wrapper
301 command-line = ${apache-2.2:location}/bin/httpd -f $${dynamic-apache-cached-template:rendered} -DFOREGROUND
302 wrapper-path = $${directory:service}/frontend_cached_apache
303 wait-for-files =
304                $${ca-frontend:cert-file}
305                $${ca-frontend:key-file}
306
307 [not-found-html]
308 recipe = slapos.cookbook:symbolic.link
309 target-directory = $${apache-directory:document-root}
310 link-binary =
311             ${template-not-found-html:target}
312
313 [apache-directory]
314 recipe = slapos.cookbook:mkdirectory
315 document-root = $${directory:srv}/htdocs
316 slave-configuration = $${directory:etc}/apache-slave-conf.d/
317 cache = $${directory:var}/cache
318 mod-ssl = $${:cache}/httpd_mod_ssl
319 vh-ssl = $${:slave-configuration}/ssl
320 slave-log = $${directory:log}/httpd
321
322 [apache-configuration]
323 frontend-configuration = $${directory:etc}/apache_frontend.conf
324 cached-configuration = $${directory:etc}/apache_frontend_cached.conf
325 access-log = $${directory:log}/frontend-apache-access.log
326 error-log = $${directory:log}/frontend-apache-error.log
327 pid-file = $${directory:run}/httpd.pid
328 protected-path = /
329 access-control-string = none
330 cached-rewrite-file = $${directory:etc}/apache_rewrite_cached.txt
331 frontend-configuration-verification = ${apache-2.2:location}/bin/httpd -Sf $${:frontend-configuration}
332 frontend-graceful-command = $${:frontend-configuration-verification}; if [ $? -eq 0 ]; then kill -USR1 $(cat $${:pid-file}); fi
333 cached-configuration-verification = ${apache-2.2:location}/bin/httpd -Sf $${:cached-configuration}
334 cached-graceful-command = $${:cached-configuration-verification}; if [ $? -eq 0 ]; then kill -USR1 $(cat $${apache-configuration:cache-pid-file}); fi
335
336 # Apache for cache configuration
337 cache-access-log = $${directory:log}/frontend-apache-access-cached.log
338 cache-error-log = $${directory:log}/frontend-apache-error-cached.log
339 cache-pid-file = $${directory:run}/httpd-cached.pid
340
341 # Comunication with squid
342 cache-port = 26010
343 cache-through-port = 26011
344
345 # Create wrapper for "apachectl conftest" in bin
346 [configtest]
347 recipe = slapos.cookbook:wrapper
348 command-line = ${apache-2.2:location}/bin/httpd -f $${directory:etc}/apache_frontend.conf -t
349 wrapper-path = $${directory:bin}/apache-configtest
350
351 [certificate-authority]
352 recipe = slapos.cookbook:certificate_authority
353 openssl-binary = ${openssl:location}/bin/openssl
354 ca-dir = $${directory:ca-dir}
355 requests-directory = $${cadirectory:requests}
356 wrapper = $${directory:service}/certificate_authority
357 ca-private = $${cadirectory:private}
358 ca-certs = $${cadirectory:certs}
359 ca-newcerts = $${cadirectory:newcerts}
360 ca-crl = $${cadirectory:crl}
361
362 [cadirectory]
363 recipe = slapos.cookbook:mkdirectory
364 requests = $${directory:ca-dir}/requests/
365 private = $${directory:ca-dir}/private/
366 certs = $${directory:ca-dir}/certs/
367 newcerts = $${directory:ca-dir}/newcerts/
368 crl = $${directory:ca-dir}/crl/
369
370 [ca-frontend]
371 <= certificate-authority
372 recipe = slapos.cookbook:certificate_authority.request
373 key-file = $${cadirectory:certs}/apache_frontend.key
374 cert-file = $${cadirectory:certs}/apache_frontend.crt
375 executable = $${directory:service}/frontend_apache
376 wrapper = $${directory:service}/frontend_apache
377 key-content = $${instance-parameter:configuration.apache-key}
378 cert-content = $${instance-parameter:configuration.apache-certificate}
379 # Put domain name
380 name = $${instance-parameter:configuration.domain}
381
382 [cron]
383 recipe = slapos.cookbook:cron
384 dcrond-binary = ${dcron:location}/sbin/crond
385 cron-entries = $${directory:cron-entries}
386 crontabs = $${directory:crontabs}
387 cronstamps = $${directory:cronstamps}
388 catcher = $${cron-simplelogger:wrapper}
389 binary = $${directory:service}/crond
390
391 [cron-simplelogger]
392 recipe = slapos.cookbook:simplelogger
393 wrapper = $${directory:bin}/cron_simplelogger
394 log = $${directory:log}/cron.log
395
396 [cron-entry-logrotate]
397 <= cron
398 recipe = slapos.cookbook:cron.d
399 name = logrotate
400 frequency = 0 0 * * *
401 command = $${logrotate:wrapper}
402
403 # Deploy Logrotate
404 [logrotate]
405 recipe = slapos.cookbook:logrotate
406 # Binaries
407 logrotate-binary = ${logrotate:location}/usr/sbin/logrotate
408 gzip-binary = ${gzip:location}/bin/gzip
409 gunzip-binary = ${gzip:location}/bin/gunzip
410 # Directories
411 wrapper = $${directory:bin}/logrotate
412 conf = $${directory:etc}/logrotate.conf
413 logrotate-entries = $${directory:logrotate-entries}
414 backup = $${directory:logrotate-backup}
415 state-file = $${directory:srv}/logrotate.status
416
417 [logrotate-entry-apache]
418 <= logrotate
419 recipe = slapos.cookbook:logrotate.d
420 name = apache
421 log = $${apache-configuration:error-log} $${apache-configuration:access-log}
422 frequency = daily
423 rotatep-num = 30
424 post = $${apache-configuration:frontend-graceful-command}
425 sharedscripts = true
426 notifempty = true
427 create = true
428
429 [logrotate-entry-apache-cached]
430 <= logrotate
431 recipe = slapos.cookbook:logrotate.d
432 name = apache-cached
433 log = $${apache-configuration:cache-error-log} $${apache-configuration:cache-access-log}
434 frequency = daily
435 rotatep-num = 30
436 post = $${apache-configuration:cached-graceful-command}
437 sharedscripts = true
438 notifempty = true
439 create = true
440
441 [logrotate-entry-squid]
442 <= logrotate
443 recipe = slapos.cookbook:logrotate.d
444 name = squid
445 log = $${squid-cache:cache-log-path} $${squid-cache:access-log-path}
446 frequency = daily
447 rotatep-num = 30
448 post = ${buildout:bin-directory}/killpidfromfile $${apache-configuration:pid-file} SIGHUP
449 sharedscripts = true
450 notifempty = true
451 create = true
452
453 ######################
454 #  Squid deployment
455 ######################
456 [squid-directory]
457 recipe = slapos.cookbook:mkdirectory
458 squid-cache = $${directory:srv}/squid_cache
459
460 [squid-cache]
461 prepare-path = $${directory:etc-run}/squid-prepare
462 wrapper-path = $${directory:service}/squid
463 binary-path = ${squid:location}/sbin/squid
464 configuration-path = $${directory:etc}/squid.cfg
465 cache-path = $${squid-directory:squid-cache}
466 ip = $${instance-parameter:ipv4-random}
467 port = $${apache-configuration:cache-port}
468 backend-ip = $${instance-parameter:ipv4-random}
469 backend-port = $${apache-configuration:cache-through-port}
470 open-port = $${instance-parameter:configuration.open-port}
471 access-log-path = $${directory:log}/squid-access.log
472 cache-log-path = $${directory:log}/squid-cache.log
473 pid-filename-path = $${directory:run}/squid.pid
474
475 [squid-configuration]
476 < = jinja2-template-base
477 template = ${template-squid-configuration:target}
478 rendered = $${squid-cache:configuration-path}
479 extra-context =
480       key ip squid-cache:ip
481       key port squid-cache:port
482       key backend_ip squid-cache:backend-ip
483       key backend_port squid-cache:backend-port
484       key cache_path squid-cache:cache-path
485       key access_log_path squid-cache:access-log-path
486       key cache_log_path squid-cache:cache-log-path
487       key pid_filename_path squid-cache:pid-filename-path
488       key open_port squid-cache:open-port
489
490 [squid-service]
491 recipe = slapos.cookbook:wrapper
492 command-line = $${squid-cache:binary-path} -N -f $${squid-configuration:rendered}
493 wrapper-path = $${squid-cache:wrapper-path}
494
495 [squid-prepare]
496 recipe = slapos.cookbook:wrapper
497 command-line = $${squid-cache:binary-path} -z -f $${squid-configuration:rendered}
498 wrapper-path = $${squid-cache:prepare-path}
499
500 [squid-reload]
501 recipe = slapos.cookbook:wrapper
502 command-line = ${buildout:bin-directory}/killpidfromfile $${squid-cache:pid-filename-path} SIGHUP
503 wrapper-path = $${directory:etc-run}/squid-reload
504
505 [promise-squid]
506 recipe = slapos.cookbook:check_port_listening
507 path = $${directory:promise}/squid
508 hostname = $${instance-parameter:ipv4-random}
509 port = $${apache-configuration:cache-port}
510
511 # End of Squid part
512
513 ### Apaches Graceful and promises
514 [frontend-apache-graceful]
515 < = jinja2-template-base
516 template = ${template-wrapper:output}
517 rendered = $${directory:etc-run}/frontend-apache-safe-graceful
518 mode = 0700
519 extra-context =
520     key content apache-configuration:frontend-graceful-command
521
522 [cached-apache-graceful]
523 < = jinja2-template-base
524 template = ${template-wrapper:output}
525 rendered = $${directory:etc-run}/cached-apache-safe-graceful
526 mode = 0700
527 extra-context =
528     key content apache-configuration:cached-graceful-command
529
530 # Promises checking configuration:
531 [promise-frontend-apache-configuration]
532 < = jinja2-template-base
533 template = ${template-wrapper:output}
534 rendered = $${directory:promise}/frontend-apache-configuration-promise
535 mode = 0700
536 extra-context =
537     key content apache-configuration:frontend-configuration-verification
538
539 [promise-cached-apache-configuration]
540 < = jinja2-template-base
541 template = ${template-wrapper:output}
542 rendered = $${directory:promise}/cached-apache-configuration-promise
543 mode = 0700
544 extra-context =
545     key content apache-configuration:cached-configuration-verification
546
547 [promise-apache-frontend-v4-https]
548 recipe = slapos.cookbook:check_port_listening
549 path = $${directory:promise}/apache_frontend_ipv4_https
550 hostname = $${instance-parameter:ipv4-random}
551 port = $${instance-parameter:configuration.port}
552
553 [promise-apache-frontend-v4-http]
554 recipe = slapos.cookbook:check_port_listening
555 path = $${directory:promise}/apache_frontend_ipv4_http
556 hostname = $${instance-parameter:ipv4-random}
557 port = $${instance-parameter:configuration.plain_http_port}
558
559 [promise-apache-frontend-v6-https]
560 recipe = slapos.cookbook:check_port_listening
561 path = $${directory:promise}/apache_frontend_ipv6_https
562 hostname = $${instance-parameter:ipv6-random}
563 port = $${instance-parameter:configuration.port}
564
565 [promise-apache-frontend-v6-http]
566 recipe = slapos.cookbook:check_port_listening
567 path = $${directory:promise}/apache_frontend_ipv6_http
568 hostname = $${instance-parameter:ipv6-random}
569 port = $${instance-parameter:configuration.plain_http_port}
570
571 [promise-apache-cached]
572 recipe = slapos.cookbook:check_port_listening
573 path = $${directory:promise}/apache_cached
574 hostname = $${instance-parameter:ipv4-random}
575 port = $${apache-configuration:cache-through-port}
576
577 [slap_connection]
578 # Kept for backward compatiblity
579 computer_id = $${slap-connection:computer-id}
580 partition_id = $${slap-connection:partition-id}
581 server_url = $${slap-connection:server-url}
582 software_release_url = $${slap-connection:software-release-url}
583 key_file = $${slap-connection:key-file}
584 cert_file = $${slap-connection:cert-file}