software/slapos-in-partition/instance.cfg.jinja2

   1 [buildout]
   2 parts =
   3   slapos-configuration-file
   4   cron-entry-slapos
   5   slapos-node-format-wrapper
   6
   7   httpd-wrapper
   8
   9   cron
  10   logrotate
  11   logrotate-entry-httpd
  12   logrotate-entry-slapos
  13
  14   sshkeys-dropbear
  15   dropbear-server-add-authorized-key
  16   sshkeys-authority
  17   publish-connection-informations
  18   dropbear-promise
  19
  20
  21 eggs-directory = {{ eggs_directory }}
  22 develop-eggs-directory = {{ develop_eggs_directory }}
  23 offline = true
  24
  25 [instance-parameter]
  26 recipe = slapos.cookbook:slapconfiguration
  27 computer = ${slap_connection:computer_id}
  28 partition = ${slap_connection:partition_id}
  29 url = ${slap_connection:server_url}
  30 key = ${slap_connection:key_file}
  31 cert = ${slap_connection:cert_file}
  32
  33 configuration.master-url = https://slap.vifib.com
  34 configuration.authorized-key =
  35
  36 # Create all needed directories
  37 [directory]
  38 recipe = slapos.cookbook:mkdirectory
  39 mode = 0750
  40
  41 etc = ${buildout:directory}/etc/
  42 var = ${buildout:directory}/var/
  43 srv = ${buildout:directory}/srv/
  44 bin = ${buildout:directory}/bin/
  45
  46 sshkeys = ${:srv}/sshkeys
  47 service = ${:etc}/service/
  48 scripts = ${:etc}/run/
  49 ssh = ${:etc}/ssh/
  50 log = ${:var}/log/
  51 run = ${:var}/run/
  52 backup = ${:srv}/backup/
  53 promises = ${:etc}/promise/
  54
  55 slapos-partitions-certificate-repository = ${:var}/pki
  56 software-root = ${:srv}/slapos-software
  57 instance-root = ${:srv}/slapos-instance
  58 slapos-log = ${:log}/slapos
  59
  60 {% for i in range(0,10) %}
  61 slappart{{i}} = ${:instance-root}/slappart{{i}}
  62 {% endfor %}
  63
  64 cron-entries = ${:etc}/cron.d
  65 crontabs = ${:etc}/crontabs
  66 cronstamps = ${:etc}/cronstamps
  67
  68 logrotate-entries = ${:etc}/logrotate.d
  69 logrotate-backup = ${:backup}/logrotate
  70
  71 httpd-log = ${:log}/httpd
  72
  73
  74 ########
  75 # Deploy slapos.cfg, computer certificates and slapos node wrapper
  76 ########
  77 [slapos-computer-certificate-file]
  78 recipe = collective.recipe.template
  79 input = inline:${instance-parameter:configuration.computer-certificate}
  80 output = ${directory:var}/slapos-computer.crt
  81
  82 [slapos-computer-key-file]
  83 recipe = collective.recipe.template
  84 input = inline:${instance-parameter:configuration.computer-key}
  85 output = ${directory:var}/slapos-computer.key
  86
  87 [computer-definition-file]
  88 recipe = collective.recipe.template
  89 input = inline:
  90   [computer]
  91 {% for i in range(0,10|int) %}
  92   [partition_{{i}}]
  93   address = ${instance-parameter:ipv4-random}/255.255.255.0 ${instance-parameter:ipv6-random}/64
  94   pathname = slappart{{i}}
  95   user = dummy
  96   network_interface = dummy
  97 {% endfor %}
  98 output = ${directory:etc}/slapos-computer-definition.cfg
  99
 100 [slapos-configuration-file]
 101 recipe = slapos.recipe.template
 102 url = {{ slapos_configuration_file_template_path }}
 103 output = ${directory:etc}/slapos.cfg
 104 #md5sum = 4861be4a581686feef9f9edea865d7ee
 105 software-root = ${directory:software-root}
 106 instance-root = ${directory:instance-root}
 107 master-url = ${instance-parameter:configuration.master-url}
 108 computer-id = ${instance-parameter:configuration.computer-id}
 109 # XXX should be a parameter
 110 partition-amount = 10
 111 computer-definition-file = ${computer-definition-file:output}
 112 computer-xml = ${directory:var}/slapos.xml
 113 computer-key-file = ${slapos-computer-key-file:output}
 114 computer-certificate-file = ${slapos-computer-certificate-file:output}
 115 certificate-repository-path = ${directory:slapos-partitions-certificate-repository}
 116
 117 [slapos-node-format-wrapper]
 118 recipe = slapos.cookbook:wrapper
 119 command-line = {{ bin_directory }}/slapos node format --cfg ${slapos-configuration-file:output} --logfile=${directory:slapos-log}/slapos-node-format.log --now
 120 wrapper-path = ${directory:scripts}/slapos-node-format
 121 parameters-extra = true
 122
 123 [slapos-node-instance-wrapper]
 124 recipe = slapos.cookbook:wrapper
 125 command-line = {{ bin_directory }}/slapos node instance --cfg ${slapos-configuration-file:output} --pidfile ${directory:run}/slapos-instance.pid --logfile ${directory:slapos-log}/slapos-instance.cfg
 126 wrapper-path = ${buildout:bin-directory}/slapos-node-instance
 127 parameters-extra = true
 128
 129 [slapos-node-software-wrapper]
 130 recipe = slapos.cookbook:wrapper
 131 command-line = {{ bin_directory }}/slapos node software --cfg ${slapos-configuration-file:output} --pidfile ${directory:run}/slapos-software.pid --logfile ${directory:slapos-log}/slapos-software.cfg
 132 wrapper-path = ${buildout:bin-directory}/slapos-node-software
 133 parameters-extra = true
 134
 135 [slapos-node-report-wrapper]
 136 recipe = slapos.cookbook:wrapper
 137 command-line = {{ bin_directory }}/slapos node report --cfg ${slapos-configuration-file:output} --pidfile ${directory:run}/slapos-report.pid --logfile ${directory:slapos-log}/slapos-report.cfg
 138 wrapper-path = ${buildout:bin-directory}/slapos-node-report
 139 parameters-extra = true
 140
 141 #########
 142 # Deploy some http server to see logs online
 143 #########
 144 # XXX could it be something lighter?
 145 [httpd-configuration-file]
 146 recipe = slapos.recipe.template
 147 url = {{ httpd_configuration_file_template_path }}
 148 output = ${directory:etc}/httpd.conf
 149 # md5sum =
 150 listening-ip = ${instance-parameter:ipv6-random}
 151 listening-port = 8080
 152 htdocs = ${directory:log}
 153 pid-file = ${directory:run}/httpd.pid
 154 access-log = ${directory:httpd-log}/access-log
 155 error-log = ${directory:httpd-log}/error-log
 156 document-root = ${directory:log}
 157
 158 # XXX logrotate for httpd
 159
 160 [httpd-wrapper]
 161 recipe = slapos.cookbook:wrapper
 162 apache-executable = {{ httpd_executable }}
 163 command-line = ${:apache-executable} -f ${httpd-configuration-file:output} -DFOREGROUND
 164 wrapper-path = ${directory:service}/httpd
 165 # generated parameter containing url to use for other sections
 166 url = http://[${httpd-configuration-file:listening-ip}]/
 167
 168 #[httpd-wrapper]
 169 #recipe = collective.recipe.template
 170 #input = inline:
 171 #  #!${buildout:executable}
 172 #  import SimpleHTTPServer
 173 #  import SocketServer
 174 #  PORT = ${:listening-port}
 175 #  LISTENING_IP = '${:listening-ip}'
 176 #  Handler = SimpleHTTPServer.SimpleHTTPRequestHandler
 177 #  httpd = SocketServer.TCPServer((LISTENING_IP, PORT), Handler)
 178 #  print "serving at port", PORT
 179 #  httpd.serve_forever()
 180 #output = ${directory:service}/httpd
 181 #listening-ip = ${instance-parameter:ipv6-random}
 182 #listening-port = 8080
 183 #mode = 755
 184
 185
 186 #########
 187 # Deploy logrotate
 188 #########
 189 [logrotate]
 190 recipe = slapos.cookbook:logrotate
 191 # Binaries
 192 logrotate-binary = {{ logrotate_executable }}
 193 gzip-binary = {{ gzip_executable }}
 194 gunzip-binary = {{ gunzip_executable }}
 195 # Directories
 196 wrapper = ${directory:bin}/logrotate
 197 conf = ${directory:etc}/logrotate.conf
 198 logrotate-entries = ${directory:logrotate-entries}
 199 backup = ${directory:logrotate-backup}
 200 state-file = ${directory:srv}/logrotate.status
 201
 202 [logrotate-entry-httpd]
 203 <= logrotate
 204 recipe = slapos.cookbook:logrotate.d
 205 name = httpd
 206 log = ${httpd-configuration-file:access-log} ${httpd-configuration-file:error-log}
 207 frequency = daily
 208 rotate-num = 30
 209 post = {{ bin_directory }}/killpidfromfile $${apache-configuration:pid-file} SIGUSR1
 210 sharedscripts = true
 211 notifempty = true
 212 create = true
 213
 214 [logrotate-entry-slapos]
 215 <= logrotate
 216 recipe = slapos.cookbook:logrotate.d
 217 name = slapos
 218 log = ${directory:slapos-log}/*.log
 219 frequency = daily
 220 rotate-num = 30
 221 #post = {{ bin_directory }}/killpidfromfile ${nginx-configuration:pid-file} SIGUSR1
 222 sharedscripts = true
 223 notifempty = true
 224 create = true
 225
 226 ###########
 227 # Deploy cron and configure it
 228 ###########
 229 [cron-simplelogger]
 230 recipe = slapos.cookbook:simplelogger
 231 wrapper = ${directory:bin}/cron_simplelogger
 232 log = ${directory:log}/crond.log
 233
 234 [cron]
 235 recipe = slapos.cookbook:cron
 236 dcrond-binary = {{ dcron_executable }}
 237 cron-entries = ${directory:cron-entries}
 238 crontabs = ${directory:crontabs}
 239 cronstamps = ${directory:cronstamps}
 240 catcher = ${cron-simplelogger:wrapper}
 241 binary = ${directory:service}/crond
 242
 243 [cron-entry-slapos]
 244 recipe = collective.recipe.template
 245 # Add current PATH to environment, otherwise, gcc is not able to find its own cc1.
 246 # We don't add it in the top of the script, because dcron disallow it.
 247 # XXX: maybe it works if we take PATH from instance, not software.
 248 input = inline:
 249   * * * * * PATH={{ path }} ${slapos-node-instance-wrapper:wrapper-path} > /dev/null 2>&1
 250   * * * * * PATH={{ path }} ${slapos-node-software-wrapper:wrapper-path} > /dev/null 2>&1
 251   * * * * * PATH={{ path }} ${slapos-node-report-wrapper:wrapper-path} > /dev/null 2>&1
 252 output = ${directory:cron-entries}/slapos
 253
 254 [cron-entry-logrotate]
 255 <= cron
 256 recipe = slapos.cookbook:cron.d
 257 name = logrotate
 258 frequency = 0 0 * * *
 259 command = $${logrotate:wrapper}
 260
 261
 262
 263 # XXX what to do for slapformat?
 264
 265 #########
 266 # Deploy dropbear (minimalist SSH server)
 267 #########
 268 [sshkeys-directory]
 269 recipe = slapos.cookbook:mkdirectory
 270 requests = ${directory:sshkeys}/requests/
 271 keys = ${directory:sshkeys}/keys/
 272
 273 [sshkeys-authority]
 274 recipe = slapos.cookbook:sshkeys_authority
 275 request-directory = ${sshkeys-directory:requests}
 276 keys-directory = ${sshkeys-directory:keys}
 277 wrapper = ${directory:service}/sshkeys_authority
 278 keygen-binary = {{ dropbearkey_executable }}
 279
 280 [dropbear-server]
 281 recipe = slapos.cookbook:dropbear
 282 host = ${instance-parameter:ipv6-random}
 283 port = 2222
 284 home = ${directory:ssh}
 285 wrapper = ${directory:bin}/raw_sshd
 286 shell = {{ bash_executable }}
 287 rsa-keyfile = ${directory:ssh}/server_key.rsa
 288 dropbear-binary = {{ dropbear_executable }}
 289
 290 [sshkeys-dropbear]
 291 <= sshkeys-authority
 292 recipe = slapos.cookbook:sshkeys_authority.request
 293 name = dropbear
 294 type = rsa
 295 executable = ${dropbear-server:wrapper}
 296 public-key = ${dropbear-server:rsa-keyfile}.pub
 297 private-key = ${dropbear-server:rsa-keyfile}
 298 wrapper = ${directory:service}/sshd
 299
 300 [dropbear-server-add-authorized-key]
 301 <= dropbear-server
 302 recipe = slapos.cookbook:dropbear.add_authorized_key
 303 key = ${instance-parameter:configuration.authorized-key}
 304
 305
 306 # Deploy a frontend for log
 307 # XXX TODO
 308
 309 #########
 310 # Send informations to SlapOS Master
 311 #########
 312 [publish-connection-informations]
 313 recipe = slapos.cookbook:publish
 314 log-viewer-url = http://[${httpd-configuration-file:listening-ip}]:${httpd-configuration-file:listening-port}
 315
 316 #########
 317 # Deploy promises scripts
 318 #########
 319 [dropbear-promise]
 320 recipe = slapos.cookbook:check_port_listening
 321 path = ${directory:promises}/dropbear
 322 hostname = ${dropbear-server:host}
 323 port = ${dropbear-server:port}
 324