manual port of changes on lapp-resilient over this new branch
[slapos.git] / stack / lapp / instance-resilient.cfg
1 {% import 'parts' as parts %}
2 {% import 'replicated' as replicated %}
3
4 [buildout]
5
6 extends =
7    {{templateapache}}
8
9 parts =
10   {{ parts.replicate("postgres","3") }}
11   request-apache-backup-1
12   request-apache-backup-2
13
14   request-pull-backup-server-apache-1
15   request-pull-backup-server-apache-backup-1
16
17   request-pull-backup-server-apache-2
18   request-pull-backup-server-apache-backup-2
19
20   publish-connection-informations
21   apache-php
22   stunnel
23   certificate-authority
24   ca-stunnel
25   logrotate
26   logrotate-entry-apache
27   logrotate-entry-stunnel
28   cron
29   cron-entry-logrotate
30   dropbear-server
31   sshkeys-authority
32   dropbear-server-pbs-authorized-key
33
34   request-pull-backup-server
35
36 {{ replicated.replicate("postgres", "3", "postgres-export", "postgres-import") }}
37
38
39 [request-pull-backup-server]
40 <= request-pbs-common
41 name = PBS (Pull Backup Server)
42 return = ssh-key notification-url feeds-url
43 slave = false
44
45 [sshkeys-directory]
46 recipe = slapos.cookbook:mkdirectory
47 requests = ${directory:sshkeys}/requests
48 keys = ${directory:sshkeys}/keys
49
50 [sshkeys-authority]
51 recipe = slapos.cookbook:sshkeys_authority
52 request-directory = ${sshkeys-directory:requests}
53 keys-directory = ${sshkeys-directory:keys}
54 wrapper = ${basedirectory:services}/sshkeys_authority
55 keygen-binary = {{dropbear}}/bin/dropbearkey
56
57 [sshkeys-dropbear]
58 <= sshkeys-authority
59 recipe = slapos.cookbook:sshkeys_authority.request
60 name = dropbear
61 type = rsa
62 executable = ${dropbear-server:wrapper}
63 public-key = ${dropbear-server:rsa-keyfile}.pub
64 private-key = ${dropbear-server:rsa-keyfile}
65 wrapper = ${basedirectory:services}/sshd
66
67 [dropbear-server]
68 recipe = slapos.cookbook:dropbear
69 host = ${slap-network-information:global-ipv6}
70 port = 2222
71 home = ${directory:ssh}
72 wrapper = ${rootdirectory:bin}/raw_sshd
73 shell = ${rdiff-backup-server:wrapper}
74 rsa-keyfile = ${directory:ssh}/server_key.rsa
75 dropbear-binary = {{dropbear}}/sbin/dropbear
76
77 [dropbear-server-pbs-authorized-key]
78 <= dropbear-server
79 recipe = slapos.cookbook:dropbear.add_authorized_key
80 key = ${request-pull-backup-server:connection-ssh-key}
81
82 [rdiff-backup-server]
83 <= apache-php
84 recipe = slapos.cookbook:pbs
85 client = false
86 path = ${apache-php:htdocs}
87 wrapper = ${rootdirectory:bin}/rdiffbackup-server
88 rdiffbackup-binary = {{buildout}}/rdiff-backup
89
90 [request-apache-backup-1]
91 <= slap-connection
92 recipe = slapos.cookbook:request
93 name = Apache Backup 1
94 software-url = ${slap-connection:software-release-url}
95 software-type = apache-backup
96 return = url ssh-url ssh-public-key
97 config = authorized-key proxy-url
98 config-authorized-key = ${request-pull-backup-server:connection-ssh-key}
99 config-proxy-url = ${publish-connection-informations:url}
100
101 [request-apache-backup-2]
102 <= slap-connection
103 recipe = slapos.cookbook:request
104 name = Apache Backup 2
105 software-url = ${slap-connection:software-release-url}
106 software-type = apache-backup
107 return = url ssh-url ssh-public-key
108 config = authorized-key proxy-url
109 config-authorized-key = ${request-pull-backup-server:connection-ssh-key}
110 config-proxy-url = ${publish-connection-informations:url}
111
112 [request-pull-backup-server-apache-1]
113 <= request-pbs-common
114 name = PBS pulling from Apache 1
115 config = url name type server-key notify notification-id frequency
116 config-url = ssh://nobody@[${dropbear-server:host}]:${dropbear-server:port}/${rdiff-backup-server:path}
117 config-name = ${slap-connection:computer-id}-${slap-connection:partition-id}-apache
118 config-type = pull
119 config-server-key = ${sshkeys-dropbear:public-key-value}
120 config-notify = ${request-pull-backup-server:connection-notification-url}
121 config-notification-id = ${slap-connection:computer-id}-${slap-connection:partition-id}-apache-pull
122 config-frequency = 30 * * * *
123 slave = true
124 sla = instance_guid
125 sla-instance_guid = ${request-pull-backup-server:instance_guid}
126
127 [request-pull-backup-server-apache-2]
128 <= request-pbs-common
129 name = PBS pulling from Apache 2
130 config = url name type server-key notify notification-id frequency
131 config-url = ssh://nobody@[${dropbear-server:host}]:${dropbear-server:port}/${rdiff-backup-server:path}
132 config-name = ${slap-connection:computer-id}-${slap-connection:partition-id}-apache
133 config-type = pull
134 config-server-key = ${sshkeys-dropbear:public-key-value}
135 config-notify = ${request-pull-backup-server:connection-notification-url}
136 config-notification-id = ${slap-connection:computer-id}-${slap-connection:partition-id}-apache-pull
137 config-frequency = 30 * * * *
138 slave = true
139 sla = instance_guid
140 sla-instance_guid = ${request-pull-backup-server:instance_guid}
141
142
143 [request-pull-backup-server-apache-backup-1]
144 <= request-pbs-common
145 name = PBS pushing to ${request-apache-backup-1:name}
146 config = url name type server-key on-notification
147 config-url = ${request-apache-backup-1:connection-ssh-url}
148 config-name = ${request-pull-backup-server-apache-1:config-name}
149 config-type = push
150 config-server-key = ${request-apache-backup-1:connection-ssh-public-key}
151 config-on-notification = ${request-pull-backup-server:connection-feeds-url}${request-pull-backup-server-apache-1:config-notification-id}
152 slave = true
153 sla = instance_guid
154 sla-instance_guid = ${request-pull-backup-server:instance_guid}
155
156 [request-pull-backup-server-apache-backup-2]
157 <= request-pbs-common
158 name = PBS pushing to ${request-apache-backup-2:name}
159 config = url name type server-key on-notification
160 config-url = ${request-apache-backup-2:connection-ssh-url}
161 config-name = ${request-pull-backup-server-apache-2:config-name}
162 config-type = push
163 config-server-key = ${request-apache-backup-2:connection-ssh-public-key}
164 config-on-notification = ${request-pull-backup-server:connection-feeds-url}${request-pull-backup-server-apache-2:config-notification-id}
165 slave = true
166 sla = instance_guid
167 sla-instance_guid = ${request-pull-backup-server:instance_guid}
168
169
170 [directory]
171 ssh = ${rootdirectory:etc}/ssh
172 sshkeys = ${rootdirectory:srv}/sshkeys