PROJECT_MOVED -> https://lab.nexedi.com/nexedi/slapos
[slapos.git] / stack / resilient / pbsready-import.cfg.in
1 [buildout]
2
3 extends = ${pbsready:output}
4
5 # Explicitely define extended parts from pbsready
6 # then add local parts
7 parts =
8   logrotate
9   logrotate-entry-cron
10   logrotate-entry-equeue
11   cron
12   cron-entry-logrotate
13   sshkeys-authority
14   dropbear-server
15   sshkeys-dropbear
16   resilient-sshkeys-dropbear-promise
17   dropbear-server-pbs-authorized-key
18   notifier
19
20   resiliency-takeover-script
21   resilient-web-takeover-cgi-script
22   resilient-web-takeover-httpd-wrapper
23   resilient-web-takeover-httpd-promise
24
25   import-on-notification
26   resilient-publish-connection-parameter
27
28 [resilient-publish-connection-parameter]
29 notification-url = http://[$${notifier:host}]:$${notifier:port}/notify
30 takeover-url = http://[$${resilient-web-takeover-httpd-configuration-file:listening-ip}]:$${resilient-web-takeover-httpd-configuration-file:listening-port}/
31 takeover-password = $${resilient-web-takeover-password:passwd}
32
33 # Define port of ssh server. It has to be different from import so that it
34 # supports export/import using same IP (slaprunner, slapos-in-partition,
35 # ipv4...)
36 [dropbear-server]
37 port = 22220
38
39 # Define port of notifier (same reason)
40 [notifier]
41 port = 65533
42
43 [import-on-notification]
44 # notifier.callback runs a script when a notification (sent by a parent PBS)
45 # is received
46 <= notifier
47 recipe = slapos.cookbook:notifier.callback
48 on-notification-id = $${slap-parameter:on-notification}
49 callback = $${importer:wrapper}
50
51 ###########
52 # Generate the takeover script
53 ###########
54 [resiliency-takeover-script]
55 recipe = slapos.cookbook:addresiliency
56 wrapper-takeover = $${rootdirectory:bin}/takeover
57 takeover-triggered-file-path = $${rootdirectory:srv}/takeover_triggered
58
59 # Add path of file created by takeover script when takeover is triggered
60 # Takeover script will create this file
61 # equeue process will watch for file existence.
62 [equeue]
63 takeover-triggered-file-path = $${resiliency-takeover-script:takeover-triggered-file-path}
64
65 ###########
66 # Deploy a webserver allowing to do takeover from a web browser.
67 ###########
68 [resilient-web-takeover-password]
69 recipe = slapos.cookbook:generate.password
70 storage-path = $${directory:srv}/passwd
71 bytes = 8
72
73 [resilient-web-takeover-cgi-script]
74 recipe = collective.recipe.template
75 input = ${resilient-web-takeover-cgi-script-download:destination}
76 output = $${directory:cgi-bin}/web-takeover.cgi
77 password = $${resilient-web-takeover-password:passwd}
78 mode = 700
79
80 # XXX could it be something lighter?
81 # XXX Add SSL
82 [resilient-web-takeover-httpd-configuration-file]
83 recipe = collective.recipe.template
84 input = inline:
85   PidFile "$${:pid-file}"
86   Listen [$${:listening-ip}]:$${:listening-port}
87   ServerAdmin someone@email
88   DocumentRoot "$${:document-root}"
89   ErrorLog "$${:error-log}"
90   LoadModule unixd_module modules/mod_unixd.so
91   LoadModule access_compat_module modules/mod_access_compat.so
92   LoadModule authz_core_module modules/mod_authz_core.so
93   LoadModule authz_host_module modules/mod_authz_host.so
94   LoadModule mime_module modules/mod_mime.so
95   LoadModule cgid_module modules/mod_cgid.so
96   LoadModule dir_module modules/mod_dir.so
97   ScriptSock $${:cgid-pid-file}
98   <Directory $${:document-root}>
99     # XXX: security????
100     Options +ExecCGI
101     AddHandler cgi-script .cgi
102     DirectoryIndex web-takeover.cgi
103   </Directory>
104 output = $${directory:etc}/resilient-web-takeover-httpd.conf
105 # md5sum =
106 listening-ip = $${slap-network-information:global-ipv6}
107 # XXX: randomize-me
108 listening-port = 9263
109 htdocs = $${directory:cgi-bin}
110 pid-file = $${directory:run}/resilient-web-takeover-httpd.pid
111 cgid-pid-file = $${directory:run}/resilient-web-takeover-httpd-cgid.pid
112 document-root = $${directory:cgi-bin}
113 error-log = $${directory:log}/resilient-web-takeover-httpd-error-log
114
115 [resilient-web-takeover-httpd-wrapper]
116 recipe = slapos.cookbook:wrapper
117 apache-executable = ${apache:location}/bin/httpd
118 command-line = $${:apache-executable} -f $${resilient-web-takeover-httpd-configuration-file:output} -DFOREGROUND
119 wrapper-path = $${basedirectory:services}/resilient-web-takeover-httpd
120
121 [resilient-web-takeover-httpd-promise]
122 recipe = slapos.cookbook:check_url_available
123 path = $${basedirectory:promises}/resilient-web-takeover-httpd
124 url = http://[$${resilient-web-takeover-httpd-configuration-file:listening-ip}]:$${resilient-web-takeover-httpd-configuration-file:listening-port}/
125 dash_path = ${dash:location}/bin/dash
126 curl_path = ${curl:location}/bin/curl
127