stack-monitor: public access to files and scripts in cgi-bin/public
[slapos.git] / stack / monitor / monitor.cfg.in
1 [slap-parameters]
2 recipe = slapos.cookbook:slapconfiguration
3 computer = $${slap-connection:computer-id}
4 partition = $${slap-connection:partition-id}
5 url = $${slap-connection:server-url}
6 key = $${slap-connection:key-file}
7 cert = $${slap-connection:cert-file}
8
9 [monitor-parameters]
10 monitor-dir = $${directory:var}/monitor
11 result-dir = $${:monitor-dir}/bool
12 json-filename = monitor.json
13 json-path = $${:monitor-dir}/$${:json-filename}
14 rss-path = $${:monitoring-cgi}/$${:rss-filename}
15 rss-filename = rssfeed.html
16 executable = $${directory:bin}/monitor.py
17 cgi-bin = $${directory:cgi-bin}
18 monitoring-cgi = $${directory:monitoring-cgi}
19 knowledge0-cgi = $${directory:knowledge0-cgi}
20 public-cgi = $${directory:public-cgi}
21 port = 9685
22
23 [directory]
24 home = $${buildout:directory}
25 etc = $${:home}/etc
26 bin = $${:home}/bin
27 srv = $${:home}/srv
28 var = $${:home}/var
29
30 promises = $${:etc}/promise
31 ca-dir = $${:srv}/ssl
32 cgi-bin = $${:var}/cgi-bin
33 monitoring-cgi = $${:cgi-bin}/monitoring
34 knowledge0-cgi = $${:cgi-bin}/zero-knowledge
35 cron-entries = $${:etc}/cron.d
36 crontabs = $${:etc}/crontabs
37 cronstamps = $${:etc}/cronstamps
38 log = $${:var}/log
39 monitor = $${:etc}/monitor
40 monitor-result = $${monitor-parameters:monitor-dir}
41 monitor-result-bool = $${monitor-parameters:result-dir}
42 promise = $${:etc}/promise
43 public-cgi = $${:cgi-bin}/public
44 run = $${:var}/run
45 service = $${:etc}/service/
46 tmp = $${:home}/tmp
47 www = $${:var}/www
48
49 [public-symlink]
50 recipe = cns.recipe.symlink
51 symlink = $${monitor-parameters:public-cgi} = $${directory:www}/public
52 autocreate = true
53
54 [cron]
55 recipe = slapos.cookbook:cron
56 dcrond-binary = ${dcron:location}/sbin/crond
57 cron-entries = $${directory:cron-entries}
58 crontabs = $${directory:crontabs}
59 cronstamps = $${directory:cronstamps}
60 catcher = $${cron-simplelogger:wrapper}
61 binary = $${directory:service}/crond
62
63 # Add log to cron
64 [cron-simplelogger]
65 recipe = slapos.cookbook:simplelogger
66 wrapper = $${directory:bin}/cron_simplelogger
67 log = $${directory:log}/cron.log
68
69 [cron-entry-monitor]
70 <= cron
71 recipe = slapos.cookbook:cron.d
72 name = launch-monitor
73 frequency = */5 * * * *
74 command = $${monitor-parameters:executable} -a
75
76 [cron-entry-rss]
77 <= cron
78 recipe = slapos.cookbook:cron.d
79 name = build-rss
80 frequency = */5 * * * *
81 command = $${make-rss:output}
82
83 [setup-static-files]
84 recipe = hexagonit.recipe.download
85 url = ${download-static-files:destination}/${download-static-files:filename}
86 #md5sum = 628072e7212db1e8cdacb22b21752cda
87 filename = static
88 destination = $${directory:www}
89 ignore-existing = true
90 mode = 0644
91
92 [deploy-index]
93 recipe = slapos.recipe.template:jinja2
94 template = ${index:location}/${index:filename}
95 rendered = $${directory:www}/$${:filename}
96 filename = index.cgi
97 mode = 0744
98 context =
99   key cgi_directory monitor-parameters:cgi-bin
100   raw index_template $${deploy-index-template:location}/$${deploy-index-template:filename}
101   key password zero-parameters:monitor-password
102   raw extra_eggs_interpreter ${buildout:directory}/bin/${extra-eggs:interpreter}
103   raw default_page /index.cgi?script=$${monitor-parameters:knowledge0-cgi}%2F$${deploy-settings-cgi:filename}
104
105 [deploy-index-template]
106 recipe = hexagonit.recipe.download
107 url = ${index-template:location}/$${:filename}
108 destination = $${directory:www}
109 filename = ${index-template:filename}
110 download-only = true
111 #md5sum = 
112 mode = 0644
113
114 [deploy-status-cgi]
115 recipe = slapos.recipe.template:jinja2
116 template = ${status-cgi:location}/${status-cgi:filename}
117 rendered = $${monitor-parameters:monitoring-cgi}/$${:filename}
118 filename = status.cgi
119 mode = 0744
120 context =
121   key json_file monitor-parameters:json-path
122   raw python_executable ${buildout:executable}
123
124 [deploy-settings-cgi]
125 recipe = slapos.recipe.template:jinja2
126 template = ${settings-cgi:location}/${settings-cgi:filename}
127 rendered = $${monitor-parameters:knowledge0-cgi}/$${:filename}
128 filename = settings.cgi
129 mode = 0744
130 context =
131   raw config_cfg $${buildout:directory}/knowledge0.cfg
132   raw timestamp $${buildout:directory}/.timestamp
133   raw python_executable ${buildout:executable}
134   key pwd monitor-parameters:knowledge0-cgi
135   key this_file :filename
136
137 [deploy-monitor-script]
138 recipe = slapos.recipe.template:jinja2
139 template = ${monitor-bin:location}/${monitor-bin:filename}
140 rendered = $${monitor-parameters:executable}
141 mode = 0744
142 context =
143   section directory directory
144   key monitoring_file_json monitor-parameters:json-path
145   key monitoring_folder_bool monitor-parameters:result-dir
146   raw python_executable ${buildout:executable}
147   
148 [deploy-rss-script]
149 recipe = hexagonit.recipe.download
150 url = ${rss-bin:destination}/${rss-bin:filename}
151 destination = $${directory:bin}
152 filename = ${rss-bin:filename}
153 #md5sum =
154 mode = 0744
155 download-only = true
156
157 [make-rss]
158 recipe = slapos.recipe.template
159 url = ${make-rss-script:output}
160 output = $${directory:bin}/make-rss.sh
161 #md5sum = 
162 mode = 0744
163
164 [cadirectory]
165 recipe = slapos.cookbook:mkdirectory
166 requests = $${directory:ca-dir}/requests/
167 private = $${directory:ca-dir}/private/
168 certs = $${directory:ca-dir}/certs/
169 newcerts = $${directory:ca-dir}/newcerts/
170 crl = $${directory:ca-dir}/crl/
171
172 [certificate-authority]
173 recipe = slapos.cookbook:certificate_authority
174 openssl-binary = ${openssl:location}/bin/openssl
175 ca-dir = $${directory:ca-dir}
176 requests-directory = $${cadirectory:requests}
177 wrapper = $${directory:service}/certificate_authority
178 ca-private = $${cadirectory:private}
179 ca-certs = $${cadirectory:certs}
180 ca-newcerts = $${cadirectory:newcerts}
181 ca-crl = $${cadirectory:crl}
182
183 [ca-httpd]
184 <= certificate-authority
185 recipe = slapos.cookbook:certificate_authority.request
186 key-file = $${cadirectory:certs}/httpd.key
187 cert-file = $${cadirectory:certs}/httpd.crt
188 executable = $${directory:bin}/cgi-httpd
189 wrapper = $${directory:service}/cgi-httpd
190 # Put domain name
191 name = example.com
192
193 ###########
194 # Deploy a webserver running cgi scripts for monitoring
195 ###########
196 [public]
197 recipe = slapos.cookbook:zeroknown.write
198 filename = knowledge0.cfg
199 monitor-password = passwordtochange
200
201 [zero-parameters]
202 recipe = slapos.cookbook:zeroknown.read
203 filename = $${public:filename}
204
205 # XXX could it be something lighter?
206 [cgi-httpd-configuration-file]
207 recipe = collective.recipe.template
208 input = inline:
209   PidFile "$${:pid-file}"
210   ServerName example.com
211   ServerAdmin someone@email
212   <IfDefine !MonitorPort>
213   Listen [$${:listening-ip}]:$${monitor-parameters:port}
214   Define MonitorPort
215   </IfDefine>
216   DocumentRoot "$${:document-root}"
217   ErrorLog "$${:error-log}"
218   LoadModule unixd_module modules/mod_unixd.so
219   LoadModule access_compat_module modules/mod_access_compat.so
220   LoadModule authz_core_module modules/mod_authz_core.so
221   LoadModule authz_host_module modules/mod_authz_host.so
222   LoadModule mime_module modules/mod_mime.so
223   LoadModule cgid_module modules/mod_cgid.so
224   LoadModule dir_module modules/mod_dir.so
225   LoadModule ssl_module modules/mod_ssl.so
226   # SSL Configuration
227   <IfDefine !SSLConfigured>
228   Define SSLConfigured
229   SSLCertificateFile $${ca-httpd:cert-file}
230   SSLCertificateKeyFile $${ca-httpd:key-file}
231   SSLRandomSeed startup builtin
232   SSLRandomSeed connect builtin
233   SSLRandomSeed startup /dev/urandom 256
234   SSLRandomSeed connect builtin
235   SSLProtocol -ALL +SSLv3 +TLSv1
236   SSLHonorCipherOrder On
237   SSLCipherSuite RC4-SHA:HIGH:!ADH
238   </IfDefine> 
239   SSLEngine   On
240   ScriptSock $${:cgid-pid-file}
241   <Directory $${:document-root}>
242     SSLVerifyDepth    1
243     SSLRequireSSL
244     SSLOptions        +StrictRequire
245     # XXX: security????
246     Options +ExecCGI
247     AddHandler cgi-script .cgi
248     DirectoryIndex $${deploy-index:rendered}
249   </Directory>
250 output = $${directory:etc}/cgi-httpd.conf
251 # md5sum =
252 listening-ip = $${slap-parameters:ipv6-random}
253 # XXX: randomize-me
254 htdocs = $${directory:www}
255 pid-file = $${directory:run}/cgi-httpd.pid
256 cgid-pid-file = $${directory:run}/cgi-httpd-cgid.pid
257 document-root = $${directory:www}
258 error-log = $${directory:log}/cgi-httpd-error-log
259
260 [cgi-httpd-wrapper]
261 recipe = slapos.cookbook:wrapper
262 apache-executable = ${apache:location}/bin/httpd
263 command-line = $${:apache-executable} -f $${cgi-httpd-configuration-file:output} -DFOREGROUND
264 wrapper-path = $${ca-httpd:executable}
265
266 [monitor-promise]
267 recipe = slapos.cookbook:check_url_available
268 path = $${directory:promises}/monitor
269 url = https://[$${cgi-httpd-configuration-file:listening-ip}]:$${monitor-parameters:port}/$${deploy-index:filename}
270 check-secure = 1
271 dash_path = ${dash:location}/bin/dash
272 curl_path = ${curl:location}/bin/curl
273
274 [publish-connection-informations]
275 recipe = slapos.cookbook:publish
276 monitor_url = https://[$${cgi-httpd-configuration-file:listening-ip}]:$${monitor-parameters:port}/$${deploy-index:filename}
277 IMPORTANT_monitor_info = Change the monitor_password as soon as possible ! Default is : $${public:monitor-password}