stack/monitor/monitor.cfg.in

   1 [slap-parameters]
   2 recipe = slapos.cookbook:slapconfiguration
   3 computer = $${slap-connection:computer-id}
   4 partition = $${slap-connection:partition-id}
   5 url = $${slap-connection:server-url}
   6 key = $${slap-connection:key-file}
   7 cert = $${slap-connection:cert-file}
   8
   9 [monitor-parameters]
  10 monitor-dir = $${monitor-directory:var}/monitor
  11 result-dir = $${:monitor-dir}/bool
  12 json-filename = monitor.json
  13 json-path = $${:monitor-dir}/$${:json-filename}
  14 rss-path = $${:public-cgi}/$${:rss-filename}
  15 rss-filename = rssfeed.html
  16 executable = $${monitor-directory:bin}/monitor.py
  17 cgi-bin = $${monitor-directory:cgi-bin}
  18 monitoring-cgi = $${monitor-directory:monitoring-cgi}
  19 knowledge0-cgi = $${monitor-directory:knowledge0-cgi}
  20 public-cgi = $${monitor-directory:public-cgi}
  21 port = 9685
  22 private-directory = $${monitor-directory:monitor-private-directory}
  23 htaccess-file = $${monitor-htaccess:htaccess-path}
  24
  25 [monitor-directory]
  26 recipe = slapos.cookbook:mkdirectory
  27 home = $${buildout:directory}
  28 etc = $${:home}/etc
  29 bin = $${:home}/bin
  30 srv = $${:home}/srv
  31 var = $${:home}/var
  32 log = $${:var}/log
  33 run = $${:var}/run
  34 service = $${:etc}/service/
  35 etc-run = $${:etc}/run/
  36 tmp = $${:home}/tmp
  37 promise = $${:etc}/promise
  38
  39 cron-entries = $${:etc}/cron.d
  40 crontabs = $${:etc}/crontabs
  41 cronstamps = $${:etc}/cronstamps
  42
  43 promises = $${:etc}/promise
  44 ca-dir = $${:srv}/ssl
  45 cgi-bin = $${:var}/cgi-bin
  46 monitoring-cgi = $${:cgi-bin}/monitoring
  47 knowledge0-cgi = $${:cgi-bin}/zero-knowledge
  48 cron-entries = $${:etc}/cron.d
  49 crontabs = $${:etc}/crontabs
  50 cronstamps = $${:etc}/cronstamps
  51 log = $${:var}/log
  52 monitor = $${:etc}/monitor
  53 monitor-result = $${:var}/monitor
  54 monitor-result-bool = $${:var}/monitor
  55 promise = $${:etc}/promise
  56 public-cgi = $${:cgi-bin}/public
  57 run = $${:var}/run
  58 service = $${:etc}/service/
  59 tmp = $${:home}/tmp
  60 www = $${:var}/www
  61 monitor-private-directory = $${:srv}/monitor-private
  62
  63 [public-symlink]
  64 recipe = cns.recipe.symlink
  65 symlink = $${monitor-parameters:public-cgi} = $${monitor-directory:www}/public
  66 autocreate = true
  67
  68 [cron]
  69 recipe = slapos.cookbook:cron
  70 dcrond-binary = ${dcron:location}/sbin/crond
  71 cron-entries = $${monitor-directory:cron-entries}
  72 crontabs = $${monitor-directory:crontabs}
  73 cronstamps = $${monitor-directory:cronstamps}
  74 catcher = $${cron-simplelogger:wrapper}
  75 binary = $${monitor-directory:service}/crond
  76
  77 # Add log to cron
  78 [cron-simplelogger]
  79 recipe = slapos.cookbook:simplelogger
  80 wrapper = $${monitor-directory:bin}/cron_simplelogger
  81 log = $${monitor-directory:log}/cron.log
  82
  83 [cron-entry-monitor]
  84 <= cron
  85 recipe = slapos.cookbook:cron.d
  86 name = launch-monitor
  87 frequency = */5 * * * *
  88 command = $${monitor-parameters:executable} -a
  89
  90 [cron-entry-rss]
  91 <= cron
  92 recipe = slapos.cookbook:cron.d
  93 name = build-rss
  94 frequency = */5 * * * *
  95 command = $${make-rss:output}
  96
  97 [setup-static-files]
  98 recipe = hexagonit.recipe.download
  99 url = ${download-static-files:destination}/${download-static-files:filename}
 100 filename = static
 101 destination = $${monitor-directory:www}
 102 ignore-existing = true
 103 mode = 0644
 104
 105 [deploy-index]
 106 recipe = slapos.recipe.template:jinja2
 107 template = ${index:location}/${index:filename}
 108 rendered = $${monitor-directory:www}/$${:filename}
 109 filename = index.cgi
 110 mode = 0744
 111 context =
 112   key cgi_directory monitor-parameters:cgi-bin
 113   raw index_template $${deploy-index-template:location}/$${deploy-index-template:filename}
 114   key password zero-parameters:monitor-password
 115   raw extra_eggs_interpreter ${buildout:directory}/bin/${extra-eggs:interpreter}
 116   raw default_page /welcome.html
 117
 118 [deploy-index-template]
 119 recipe = hexagonit.recipe.download
 120 url = ${index-template:location}/$${:filename}
 121 destination = $${monitor-directory:www}
 122 filename = ${index-template:filename}
 123 download-only = true
 124 mode = 0644
 125
 126 [deploy-status-cgi]
 127 recipe = slapos.recipe.template:jinja2
 128 template = ${status-cgi:location}/${status-cgi:filename}
 129 rendered = $${monitor-parameters:monitoring-cgi}/$${:filename}
 130 filename = status.cgi
 131 mode = 0744
 132 context =
 133   key json_file monitor-parameters:json-path
 134   raw python_executable ${buildout:executable}
 135
 136 [deploy-settings-cgi]
 137 recipe = slapos.recipe.template:jinja2
 138 template = ${settings-cgi:location}/${settings-cgi:filename}
 139 rendered = $${monitor-parameters:knowledge0-cgi}/$${:filename}
 140 filename = settings.cgi
 141 mode = 0744
 142 context =
 143   raw config_cfg $${buildout:directory}/knowledge0.cfg
 144   raw timestamp $${buildout:directory}/.timestamp
 145   raw python_executable ${buildout:executable}
 146   key pwd monitor-parameters:knowledge0-cgi
 147   key this_file :filename
 148
 149 [deploy-monitor-script]
 150 recipe = slapos.recipe.template:jinja2
 151 template = ${monitor-bin:location}/${monitor-bin:filename}
 152 rendered = $${monitor-parameters:executable}
 153 mode = 0744
 154 context =
 155   section directory monitor-directory
 156   key monitoring_file_json monitor-parameters:json-path
 157   key monitoring_folder_bool monitor-parameters:result-dir
 158   raw python_executable ${buildout:executable}
 159
 160 [deploy-rss-script]
 161 recipe = hexagonit.recipe.download
 162 url = ${rss-bin:destination}/${rss-bin:filename}
 163 destination = $${monitor-directory:bin}
 164 filename = ${rss-bin:filename}
 165 mode = 0744
 166 download-only = true
 167
 168 [make-rss]
 169 recipe = slapos.recipe.template
 170 url = ${make-rss-script:output}
 171 output = $${monitor-directory:bin}/make-rss.sh
 172 mode = 0744
 173
 174 [monitor-htaccess]
 175 recipe = plone.recipe.command
 176 stop-on-error = true
 177 htaccess-path = $${monitor-directory:monitor}/.htaccess
 178 command = ${apache:location}/bin/htpasswd -cb $${:htaccess-path} admin $${zero-parameters:monitor-password}
 179
 180 [monitor-directory-access]
 181 recipe = plone.recipe.command
 182 command = ln -s $${:source} $${monitor-directory:monitor-private-directory}
 183 source =
 184
 185 [cadirectory]
 186 recipe = slapos.cookbook:mkdirectory
 187 requests = $${monitor-directory:ca-dir}/requests/
 188 private = $${monitor-directory:ca-dir}/private/
 189 certs = $${monitor-directory:ca-dir}/certs/
 190 newcerts = $${monitor-directory:ca-dir}/newcerts/
 191 crl = $${monitor-directory:ca-dir}/crl/
 192
 193 [certificate-authority]
 194 recipe = slapos.cookbook:certificate_authority
 195 openssl-binary = ${openssl:location}/bin/openssl
 196 ca-dir = $${monitor-directory:ca-dir}
 197 requests-directory = $${cadirectory:requests}
 198 wrapper = $${monitor-directory:service}/certificate_authority
 199 ca-private = $${cadirectory:private}
 200 ca-certs = $${cadirectory:certs}
 201 ca-newcerts = $${cadirectory:newcerts}
 202 ca-crl = $${cadirectory:crl}
 203
 204 [ca-httpd]
 205 <= certificate-authority
 206 recipe = slapos.cookbook:certificate_authority.request
 207 key-file = $${cadirectory:certs}/httpd.key
 208 cert-file = $${cadirectory:certs}/httpd.crt
 209 executable = $${monitor-directory:bin}/cgi-httpd
 210 wrapper = $${monitor-directory:service}/cgi-httpd
 211 # Put domain name
 212 name = example.com
 213
 214 ###########
 215 # Deploy a webserver running cgi scripts for monitoring
 216 ###########
 217 [public]
 218 recipe = slapos.cookbook:zero-knowledge.write
 219 filename = knowledge0.cfg
 220 monitor-password = passwordtochange
 221
 222 [zero-parameters]
 223 recipe = slapos.cookbook:zero-knowledge.read
 224 filename = $${public:filename}
 225
 226 # XXX could it be something lighter?
 227 [cgi-httpd-configuration-file]
 228 recipe = collective.recipe.template
 229 input = inline:
 230   PidFile "$${:pid-file}"
 231   ServerName example.com
 232   ServerAdmin someone@email
 233   <IfDefine !MonitorPort>
 234   Listen [$${:listening-ip}]:$${monitor-parameters:port}
 235   Define MonitorPort
 236   </IfDefine>
 237   DocumentRoot "$${:document-root}"
 238   ErrorLog "$${:error-log}"
 239   LoadModule unixd_module modules/mod_unixd.so
 240   LoadModule access_compat_module modules/mod_access_compat.so
 241   LoadModule authz_core_module modules/mod_authz_core.so
 242   LoadModule authn_core_module modules/mod_authn_core.so
 243   LoadModule authz_host_module modules/mod_authz_host.so
 244   LoadModule mime_module modules/mod_mime.so
 245   LoadModule cgid_module modules/mod_cgid.so
 246   LoadModule dir_module modules/mod_dir.so
 247   LoadModule ssl_module modules/mod_ssl.so
 248   LoadModule alias_module modules/mod_alias.so
 249   LoadModule autoindex_module modules/mod_autoindex.so
 250   LoadModule auth_basic_module modules/mod_auth_basic.so
 251   LoadModule authz_user_module modules/mod_authz_user.so
 252   LoadModule authn_file_module modules/mod_authn_file.so
 253
 254   # SSL Configuration
 255   <IfDefine !SSLConfigured>
 256   Define SSLConfigured
 257   SSLCertificateFile $${ca-httpd:cert-file}
 258   SSLCertificateKeyFile $${ca-httpd:key-file}
 259   SSLRandomSeed startup builtin
 260   SSLRandomSeed connect builtin
 261   SSLRandomSeed startup /dev/urandom 256
 262   SSLRandomSeed connect builtin
 263   SSLProtocol -ALL +SSLv3 +TLSv1
 264   SSLHonorCipherOrder On
 265   SSLCipherSuite RC4-SHA:HIGH:!ADH
 266   </IfDefine>
 267   SSLEngine   On
 268   ScriptSock $${:cgid-pid-file}
 269   <Directory $${:document-root}>
 270     SSLVerifyDepth    1
 271     SSLRequireSSL
 272     SSLOptions        +StrictRequire
 273     # XXX: security????
 274     Options +ExecCGI
 275     AddHandler cgi-script .cgi
 276     DirectoryIndex $${deploy-index:filename}
 277   </Directory>
 278   Alias /private/ $${monitor-parameters:private-directory}/
 279   <Directory $${monitor-parameters:private-directory}>
 280   Order Deny,Allow
 281   Deny from env=AUTHREQUIRED
 282   <Files ".??*">
 283     Order Allow,Deny
 284     Deny from all
 285   </Files>
 286   AuthType Basic
 287   AuthName "Private access"
 288   AuthUserFile "$${monitor-parameters:htaccess-file}"
 289   Require valid-user
 290   Options Indexes FollowSymLinks
 291   Satisfy all
 292   </Directory>
 293 output = $${monitor-directory:etc}/cgi-httpd.conf
 294 listening-ip = $${slap-parameters:ipv6-random}
 295 # XXX: randomize-me
 296 htdocs = $${monitor-directory:www}
 297 pid-file = $${monitor-directory:run}/cgi-httpd.pid
 298 cgid-pid-file = $${monitor-directory:run}/cgi-httpd-cgid.pid
 299 document-root = $${monitor-directory:www}
 300 error-log = $${monitor-directory:log}/cgi-httpd-error-log
 301
 302 [cgi-httpd-wrapper]
 303 recipe = slapos.cookbook:wrapper
 304 apache-executable = ${apache:location}/bin/httpd
 305 command-line = $${:apache-executable} -f $${cgi-httpd-configuration-file:output} -DFOREGROUND
 306 wrapper-path = $${ca-httpd:executable}
 307
 308 [cgi-httpd-graceful-wrapper]
 309 recipe = slapos.cookbook:wrapper
 310 command-line = kill -USR1 $(cat $${cgi-httpd-configuration-file:pid-file})
 311 wrapper-path = $${monitor-directory:etc-run}/cgi-httpd-graceful
 312
 313 [monitor-promise]
 314 recipe = slapos.cookbook:check_url_available
 315 path = $${monitor-directory:promises}/monitor
 316 url = https://[$${cgi-httpd-configuration-file:listening-ip}]:$${monitor-parameters:port}/$${deploy-index:filename}
 317 check-secure = 1
 318 dash_path = ${dash:location}/bin/dash
 319 curl_path = ${curl:location}/bin/curl
 320
 321 [publish-connection-informations]
 322 recipe = slapos.cookbook:publish
 323 monitor_url = $${monitor-parameters:url}
 324 IMPORTANT_monitor_info = Change the monitor_password as soon as possible ! Default is : $${public:monitor-password} . You can change it in the setting.cgi section of your monitorin interface