monitor: clean directory and parameter sections
[slapos.git] / stack / monitor / monitor.cfg.in
1 [slap-parameters]
2 recipe = slapos.cookbook:slapconfiguration
3 computer = $${slap-connection:computer-id}
4 partition = $${slap-connection:partition-id}
5 url = $${slap-connection:server-url}
6 key = $${slap-connection:key-file}
7 cert = $${slap-connection:cert-file}
8
9 [monitor-parameters]
10 json-filename = monitor.json
11 json-path = $${monitor-directory:monitor-result}/$${:json-filename}
12 rss-filename = rssfeed.html
13 rss-path = $${monitor-directory:public-cgi}/$${:rss-filename}
14 executable = $${monitor-directory:bin}/monitor.py
15 port = 9685
16 htaccess-file = $${monitor-directory:etc}/.htaccess-monitor
17 url = https://[$${slap-parameters:ipv6-random}]:$${:port}
18 index-filename = index.cgi
19 index-path = $${monitor-directory:www}/$${:index-filename}
20
21 [monitor-directory]
22 recipe = slapos.cookbook:mkdirectory
23 # Standard directory needed by monitoring stack
24 home = $${buildout:directory}
25 etc = $${:home}/etc
26 bin = $${:home}/bin
27 srv = $${:home}/srv
28 var = $${:home}/var
29 log = $${:var}/log
30 run = $${:var}/run
31 service = $${:etc}/service/
32 etc-run = $${:etc}/run/
33 tmp = $${:home}/tmp
34 promise = $${:etc}/promise
35
36 cron-entries = $${:etc}/cron.d
37 crontabs = $${:etc}/crontabs
38 cronstamps = $${:etc}/cronstamps
39
40 ca-dir = $${:srv}/ssl
41 www = $${:var}/www
42
43 cgi-bin = $${:var}/cgi-bin
44 monitoring-cgi = $${:cgi-bin}/monitoring
45 knowledge0-cgi = $${:cgi-bin}/zero-knowledge
46 public-cgi = $${:cgi-bin}/public
47
48 monitor-custom-scripts = $${:etc}/monitor
49 monitor-result = $${:var}/monitor
50 monitor-result-bool = $${:monitor-result}/bool
51 private-directory = $${:srv}/monitor-private
52
53 [public-symlink]
54 recipe = cns.recipe.symlink
55 symlink = $${monitor-directory:public-cgi} = $${monitor-directory:www}/public
56 autocreate = true
57
58 [cron]
59 recipe = slapos.cookbook:cron
60 dcrond-binary = ${dcron:location}/sbin/crond
61 cron-entries = $${monitor-directory:cron-entries}
62 crontabs = $${monitor-directory:crontabs}
63 cronstamps = $${monitor-directory:cronstamps}
64 catcher = $${cron-simplelogger:wrapper}
65 binary = $${monitor-directory:service}/crond
66
67 # Add log to cron
68 [cron-simplelogger]
69 recipe = slapos.cookbook:simplelogger
70 wrapper = $${monitor-directory:bin}/cron_simplelogger
71 log = $${monitor-directory:log}/cron.log
72
73 [cron-entry-monitor]
74 <= cron
75 recipe = slapos.cookbook:cron.d
76 name = launch-monitor
77 frequency = */5 * * * *
78 command = $${deploy-monitor-script:rendered} -a
79
80 [cron-entry-rss]
81 <= cron
82 recipe = slapos.cookbook:cron.d
83 name = build-rss
84 frequency = */5 * * * *
85 command = $${make-rss:rendered}
86
87 [setup-static-files]
88 recipe = hexagonit.recipe.download
89 url = ${download-static-files:destination}/${download-static-files:filename}
90 filename = static
91 destination = $${monitor-directory:www}
92 ignore-existing = true
93 mode = 0644
94
95 [deploy-index]
96 recipe = slapos.recipe.template:jinja2
97 template = ${index:location}/${index:filename}
98 rendered = $${monitor-parameters:index-path}
99 mode = 0744
100 context =
101   key cgi_directory monitor-directory:cgi-bin
102   raw index_template $${deploy-index-template:location}/$${deploy-index-template:filename}
103   key password zero-parameters:monitor-password
104   raw extra_eggs_interpreter ${buildout:directory}/bin/${extra-eggs:interpreter}
105   raw default_page /welcome.html
106
107 [deploy-index-template]
108 recipe = hexagonit.recipe.download
109 url = ${index-template:location}/$${:filename}
110 destination = $${monitor-directory:www}
111 filename = ${index-template:filename}
112 download-only = true
113 mode = 0644
114
115 [deploy-status-cgi]
116 recipe = slapos.recipe.template:jinja2
117 template = ${status-cgi:location}/${status-cgi:filename}
118 rendered = $${monitor-directory:monitoring-cgi}/$${:filename}
119 filename = status.cgi
120 mode = 0744
121 context =
122   key json_file monitor-parameters:json-path
123   raw python_executable ${buildout:executable}
124
125 [deploy-settings-cgi]
126 recipe = slapos.recipe.template:jinja2
127 template = ${settings-cgi:location}/${settings-cgi:filename}
128 rendered = $${monitor-directory:knowledge0-cgi}/$${:filename}
129 filename = settings.cgi
130 mode = 0744
131 context =
132   raw config_cfg $${buildout:directory}/knowledge0.cfg
133   raw timestamp $${buildout:directory}/.timestamp
134   raw python_executable ${buildout:executable}
135   key pwd monitor-directory:knowledge0-cgi
136   key this_file :filename
137
138 [deploy-monitor-script]
139 recipe = slapos.recipe.template:jinja2
140 template = ${monitor-bin:location}/${monitor-bin:filename}
141 rendered = $${monitor-parameters:executable}
142 mode = 0744
143 context =
144   section directory monitor-directory
145   key monitoring_file_json monitor-parameters:json-path
146   raw python_executable ${buildout:executable}
147
148 [make-rss]
149 recipe = slapos.recipe.template:jinja2
150 template = ${make-rss-script:output}
151 rendered = $${monitor-directory:bin}/make-rss.sh
152 mode = 0744
153 context =
154   section directory monitor-directory
155   section monitor_parameters monitor-parameters
156
157 [monitor-htaccess]
158 recipe = plone.recipe.command
159 stop-on-error = true
160 htaccess-path = $${monitor-parameters:htaccess-file}
161 command = ${apache:location}/bin/htpasswd -cb $${:htaccess-path} admin $${zero-parameters:monitor-password}
162
163 [monitor-directory-access]
164 recipe = plone.recipe.command
165 command = ln -s $${:source} $${monitor-directory:private-directory}
166 source =
167
168 [cadirectory]
169 recipe = slapos.cookbook:mkdirectory
170 requests = $${monitor-directory:ca-dir}/requests/
171 private = $${monitor-directory:ca-dir}/private/
172 certs = $${monitor-directory:ca-dir}/certs/
173 newcerts = $${monitor-directory:ca-dir}/newcerts/
174 crl = $${monitor-directory:ca-dir}/crl/
175
176 [certificate-authority]
177 recipe = slapos.cookbook:certificate_authority
178 openssl-binary = ${openssl:location}/bin/openssl
179 ca-dir = $${monitor-directory:ca-dir}
180 requests-directory = $${cadirectory:requests}
181 wrapper = $${monitor-directory:service}/certificate_authority
182 ca-private = $${cadirectory:private}
183 ca-certs = $${cadirectory:certs}
184 ca-newcerts = $${cadirectory:newcerts}
185 ca-crl = $${cadirectory:crl}
186
187 [ca-httpd]
188 <= certificate-authority
189 recipe = slapos.cookbook:certificate_authority.request
190 key-file = $${cadirectory:certs}/httpd.key
191 cert-file = $${cadirectory:certs}/httpd.crt
192 executable = $${monitor-directory:bin}/cgi-httpd
193 wrapper = $${monitor-directory:service}/cgi-httpd
194 # Put domain name
195 name = example.com
196
197 ###########
198 # Deploy a webserver running cgi scripts for monitoring
199 ###########
200 [public]
201 recipe = slapos.cookbook:zero-knowledge.write
202 filename = knowledge0.cfg
203 monitor-password = passwordtochange
204
205 [zero-parameters]
206 recipe = slapos.cookbook:zero-knowledge.read
207 filename = $${public:filename}
208
209 # XXX could it be something lighter?
210 [cgi-httpd-configuration-file]
211 recipe = collective.recipe.template
212 input = inline:
213   PidFile "$${:pid-file}"
214   ServerName example.com
215   ServerAdmin someone@email
216   <IfDefine !MonitorPort>
217   Listen [$${:listening-ip}]:$${monitor-parameters:port}
218   Define MonitorPort
219   </IfDefine>
220   DocumentRoot "$${:document-root}"
221   ErrorLog "$${:error-log}"
222   LoadModule unixd_module modules/mod_unixd.so
223   LoadModule access_compat_module modules/mod_access_compat.so
224   LoadModule authz_core_module modules/mod_authz_core.so
225   LoadModule authn_core_module modules/mod_authn_core.so
226   LoadModule authz_host_module modules/mod_authz_host.so
227   LoadModule mime_module modules/mod_mime.so
228   LoadModule cgid_module modules/mod_cgid.so
229   LoadModule dir_module modules/mod_dir.so
230   LoadModule ssl_module modules/mod_ssl.so
231   LoadModule alias_module modules/mod_alias.so
232   LoadModule autoindex_module modules/mod_autoindex.so
233   LoadModule auth_basic_module modules/mod_auth_basic.so
234   LoadModule authz_user_module modules/mod_authz_user.so
235   LoadModule authn_file_module modules/mod_authn_file.so
236
237   # SSL Configuration
238   <IfDefine !SSLConfigured>
239   Define SSLConfigured
240   SSLCertificateFile $${ca-httpd:cert-file}
241   SSLCertificateKeyFile $${ca-httpd:key-file}
242   SSLRandomSeed startup builtin
243   SSLRandomSeed connect builtin
244   SSLRandomSeed startup /dev/urandom 256
245   SSLRandomSeed connect builtin
246   SSLProtocol -ALL +SSLv3 +TLSv1
247   SSLHonorCipherOrder On
248   SSLCipherSuite RC4-SHA:HIGH:!ADH
249   </IfDefine>
250   SSLEngine   On
251   ScriptSock $${:cgid-pid-file}
252   <Directory $${:document-root}>
253     SSLVerifyDepth    1
254     SSLRequireSSL
255     SSLOptions        +StrictRequire
256     # XXX: security????
257     Options +ExecCGI
258     AddHandler cgi-script .cgi
259     DirectoryIndex $${monitor-parameters:index-filename}
260   </Directory>
261   Alias /private/ $${monitor-directory:private-directory}/
262   <Directory $${monitor-directory:private-directory}>
263   Order Deny,Allow
264   Deny from env=AUTHREQUIRED
265   <Files ".??*">
266     Order Allow,Deny
267     Deny from all
268   </Files>
269   AuthType Basic
270   AuthName "Private access"
271   AuthUserFile "$${monitor-htaccess:htaccess-path}"
272   Require valid-user
273   Options Indexes FollowSymLinks
274   Satisfy all
275   </Directory>
276 output = $${monitor-directory:etc}/cgi-httpd.conf
277 listening-ip = $${slap-parameters:ipv6-random}
278 # XXX: randomize-me
279 htdocs = $${monitor-directory:www}
280 pid-file = $${monitor-directory:run}/cgi-httpd.pid
281 cgid-pid-file = $${monitor-directory:run}/cgi-httpd-cgid.pid
282 document-root = $${monitor-directory:www}
283 error-log = $${monitor-directory:log}/cgi-httpd-error-log
284
285 [cgi-httpd-wrapper]
286 recipe = slapos.cookbook:wrapper
287 apache-executable = ${apache:location}/bin/httpd
288 command-line = $${:apache-executable} -f $${cgi-httpd-configuration-file:output} -DFOREGROUND
289 wrapper-path = $${ca-httpd:executable}
290
291 [cgi-httpd-graceful-wrapper]
292 recipe = slapos.cookbook:wrapper
293 command-line = kill -USR1 $(cat $${cgi-httpd-configuration-file:pid-file})
294 wrapper-path = $${monitor-directory:etc-run}/cgi-httpd-graceful
295
296 [monitor-promise]
297 recipe = slapos.cookbook:check_url_available
298 path = $${monitor-directory:promise}/monitor
299 url = $${monitor-parameters:url}/$${monitor-parameters:index-filename}
300 check-secure = 1
301 dash_path = ${dash:location}/bin/dash
302 curl_path = ${curl:location}/bin/curl
303
304 [publish-connection-informations]
305 recipe = slapos.cookbook:publish
306 monitor_url = $${monitor-parameters:url}
307 IMPORTANT_monitor_info = Change the monitor_password as soon as possible ! Default is : $${public:monitor-password} . You can change it in the setting.cgi section of your monitorin interface