monitor: add possibility to refresh status
[slapos.git] / stack / monitor / monitor.cfg.in
1 [slap-parameters]
2 recipe = slapos.cookbook:slapconfiguration
3 computer = $${slap-connection:computer-id}
4 partition = $${slap-connection:partition-id}
5 url = $${slap-connection:server-url}
6 key = $${slap-connection:key-file}
7 cert = $${slap-connection:cert-file}
8
9 [monitor-parameters]
10 json-filename = monitor.json
11 json-path = $${monitor-directory:monitor-result}/$${:json-filename}
12 rss-filename = rssfeed.html
13 rss-path = $${monitor-directory:public-cgi}/$${:rss-filename}
14 executable = $${monitor-directory:bin}/monitor.py
15 port = 9685
16 htaccess-file = $${monitor-directory:etc}/.htaccess-monitor
17 url = https://[$${slap-parameters:ipv6-random}]:$${:port}
18 index-filename = index.cgi
19 index-path = $${monitor-directory:www}/$${:index-filename}
20
21 [monitor-directory]
22 recipe = slapos.cookbook:mkdirectory
23 # Standard directory needed by monitoring stack
24 home = $${buildout:directory}
25 etc = $${:home}/etc
26 bin = $${:home}/bin
27 srv = $${:home}/srv
28 var = $${:home}/var
29 log = $${:var}/log
30 run = $${:var}/run
31 service = $${:etc}/service/
32 etc-run = $${:etc}/run/
33 tmp = $${:home}/tmp
34 promise = $${:etc}/promise
35
36 cron-entries = $${:etc}/cron.d
37 crontabs = $${:etc}/crontabs
38 cronstamps = $${:etc}/cronstamps
39
40 ca-dir = $${:srv}/ssl
41 www = $${:var}/www
42
43 cgi-bin = $${:var}/cgi-bin
44 monitoring-cgi = $${:cgi-bin}/monitoring
45 knowledge0-cgi = $${:cgi-bin}/zero-knowledge
46 public-cgi = $${:cgi-bin}/public
47
48 monitor-custom-scripts = $${:etc}/monitor
49 monitor-result = $${:var}/monitor
50 monitor-result-bool = $${:monitor-result}/bool
51 private-directory = $${:srv}/monitor-private
52
53 [public-symlink]
54 recipe = cns.recipe.symlink
55 symlink = $${monitor-directory:public-cgi} = $${monitor-directory:www}/public
56 autocreate = true
57
58 [cron]
59 recipe = slapos.cookbook:cron
60 dcrond-binary = ${dcron:location}/sbin/crond
61 cron-entries = $${monitor-directory:cron-entries}
62 crontabs = $${monitor-directory:crontabs}
63 cronstamps = $${monitor-directory:cronstamps}
64 catcher = $${cron-simplelogger:wrapper}
65 binary = $${monitor-directory:service}/crond
66
67 # Add log to cron
68 [cron-simplelogger]
69 recipe = slapos.cookbook:simplelogger
70 wrapper = $${monitor-directory:bin}/cron_simplelogger
71 log = $${monitor-directory:log}/cron.log
72
73 [cron-entry-monitor]
74 <= cron
75 recipe = slapos.cookbook:cron.d
76 name = launch-monitor
77 frequency = */5 * * * *
78 command = $${deploy-monitor-script:rendered} -a
79
80 [cron-entry-rss]
81 <= cron
82 recipe = slapos.cookbook:cron.d
83 name = build-rss
84 frequency = */5 * * * *
85 command = $${make-rss:rendered}
86
87 [setup-static-files]
88 recipe = hexagonit.recipe.download
89 url = ${download-static-files:destination}/${download-static-files:filename}
90 filename = static
91 destination = $${monitor-directory:www}
92 ignore-existing = true
93 mode = 0644
94
95 [deploy-index]
96 recipe = slapos.recipe.template:jinja2
97 template = ${index:location}/${index:filename}
98 rendered = $${monitor-parameters:index-path}
99 mode = 0744
100 context =
101   key cgi_directory monitor-directory:cgi-bin
102   raw index_template $${deploy-index-template:location}/$${deploy-index-template:filename}
103   key password zero-parameters:monitor-password
104   raw extra_eggs_interpreter ${buildout:directory}/bin/${extra-eggs:interpreter}
105   raw default_page /welcome.html
106
107 [deploy-index-template]
108 recipe = hexagonit.recipe.download
109 url = ${index-template:location}/$${:filename}
110 destination = $${monitor-directory:www}
111 filename = ${index-template:filename}
112 download-only = true
113 mode = 0644
114
115 [deploy-status-cgi]
116 recipe = slapos.recipe.template:jinja2
117 template = ${status-cgi:location}/${status-cgi:filename}
118 rendered = $${monitor-directory:monitoring-cgi}/$${:filename}
119 filename = status.cgi
120 mode = 0744
121 context =
122   key json_file monitor-parameters:json-path
123   key monitor_bin monitor-parameters:executable
124   key pwd monitor-directory:monitoring-cgi
125   key this_file :filename
126   raw python_executable ${buildout:executable}
127
128 [deploy-settings-cgi]
129 recipe = slapos.recipe.template:jinja2
130 template = ${settings-cgi:location}/${settings-cgi:filename}
131 rendered = $${monitor-directory:knowledge0-cgi}/$${:filename}
132 filename = settings.cgi
133 mode = 0744
134 context =
135   raw config_cfg $${buildout:directory}/knowledge0.cfg
136   raw timestamp $${buildout:directory}/.timestamp
137   raw python_executable ${buildout:executable}
138   key pwd monitor-directory:knowledge0-cgi
139   key this_file :filename
140
141 [deploy-monitor-script]
142 recipe = slapos.recipe.template:jinja2
143 template = ${monitor-bin:location}/${monitor-bin:filename}
144 rendered = $${monitor-parameters:executable}
145 mode = 0744
146 context =
147   section directory monitor-directory
148   key monitoring_file_json monitor-parameters:json-path
149   raw python_executable ${buildout:executable}
150
151 [make-rss]
152 recipe = slapos.recipe.template:jinja2
153 template = ${make-rss-script:output}
154 rendered = $${monitor-directory:bin}/make-rss.sh
155 mode = 0744
156 context =
157   section directory monitor-directory
158   section monitor_parameters monitor-parameters
159
160 [monitor-htaccess]
161 recipe = plone.recipe.command
162 stop-on-error = true
163 htaccess-path = $${monitor-parameters:htaccess-file}
164 command = ${apache:location}/bin/htpasswd -cb $${:htaccess-path} admin $${zero-parameters:monitor-password}
165
166 [monitor-directory-access]
167 recipe = plone.recipe.command
168 command = ln -s $${:source} $${monitor-directory:private-directory}
169 source =
170
171 [cadirectory]
172 recipe = slapos.cookbook:mkdirectory
173 requests = $${monitor-directory:ca-dir}/requests/
174 private = $${monitor-directory:ca-dir}/private/
175 certs = $${monitor-directory:ca-dir}/certs/
176 newcerts = $${monitor-directory:ca-dir}/newcerts/
177 crl = $${monitor-directory:ca-dir}/crl/
178
179 [certificate-authority]
180 recipe = slapos.cookbook:certificate_authority
181 openssl-binary = ${openssl:location}/bin/openssl
182 ca-dir = $${monitor-directory:ca-dir}
183 requests-directory = $${cadirectory:requests}
184 wrapper = $${monitor-directory:service}/certificate_authority
185 ca-private = $${cadirectory:private}
186 ca-certs = $${cadirectory:certs}
187 ca-newcerts = $${cadirectory:newcerts}
188 ca-crl = $${cadirectory:crl}
189
190 [ca-httpd]
191 <= certificate-authority
192 recipe = slapos.cookbook:certificate_authority.request
193 key-file = $${cadirectory:certs}/httpd.key
194 cert-file = $${cadirectory:certs}/httpd.crt
195 executable = $${monitor-directory:bin}/cgi-httpd
196 wrapper = $${monitor-directory:service}/cgi-httpd
197 # Put domain name
198 name = example.com
199
200 ###########
201 # Deploy a webserver running cgi scripts for monitoring
202 ###########
203 [public]
204 recipe = slapos.cookbook:zero-knowledge.write
205 filename = knowledge0.cfg
206 monitor-password = passwordtochange
207
208 [zero-parameters]
209 recipe = slapos.cookbook:zero-knowledge.read
210 filename = $${public:filename}
211
212 # XXX could it be something lighter?
213 [cgi-httpd-configuration-file]
214 recipe = collective.recipe.template
215 input = inline:
216   PidFile "$${:pid-file}"
217   ServerName example.com
218   ServerAdmin someone@email
219   <IfDefine !MonitorPort>
220   Listen [$${:listening-ip}]:$${monitor-parameters:port}
221   Define MonitorPort
222   </IfDefine>
223   DocumentRoot "$${:document-root}"
224   ErrorLog "$${:error-log}"
225   LoadModule unixd_module modules/mod_unixd.so
226   LoadModule access_compat_module modules/mod_access_compat.so
227   LoadModule authz_core_module modules/mod_authz_core.so
228   LoadModule authn_core_module modules/mod_authn_core.so
229   LoadModule authz_host_module modules/mod_authz_host.so
230   LoadModule mime_module modules/mod_mime.so
231   LoadModule cgid_module modules/mod_cgid.so
232   LoadModule dir_module modules/mod_dir.so
233   LoadModule ssl_module modules/mod_ssl.so
234   LoadModule alias_module modules/mod_alias.so
235   LoadModule autoindex_module modules/mod_autoindex.so
236   LoadModule auth_basic_module modules/mod_auth_basic.so
237   LoadModule authz_user_module modules/mod_authz_user.so
238   LoadModule authn_file_module modules/mod_authn_file.so
239
240   # SSL Configuration
241   <IfDefine !SSLConfigured>
242   Define SSLConfigured
243   SSLCertificateFile $${ca-httpd:cert-file}
244   SSLCertificateKeyFile $${ca-httpd:key-file}
245   SSLRandomSeed startup builtin
246   SSLRandomSeed connect builtin
247   SSLRandomSeed startup /dev/urandom 256
248   SSLRandomSeed connect builtin
249   SSLProtocol -ALL +SSLv3 +TLSv1
250   SSLHonorCipherOrder On
251   SSLCipherSuite RC4-SHA:HIGH:!ADH
252   </IfDefine>
253   SSLEngine   On
254   ScriptSock $${:cgid-pid-file}
255   <Directory $${:document-root}>
256     SSLVerifyDepth    1
257     SSLRequireSSL
258     SSLOptions        +StrictRequire
259     # XXX: security????
260     Options +ExecCGI
261     AddHandler cgi-script .cgi
262     DirectoryIndex $${monitor-parameters:index-filename}
263   </Directory>
264   Alias /private/ $${monitor-directory:private-directory}/
265   <Directory $${monitor-directory:private-directory}>
266   Order Deny,Allow
267   Deny from env=AUTHREQUIRED
268   <Files ".??*">
269     Order Allow,Deny
270     Deny from all
271   </Files>
272   AuthType Basic
273   AuthName "Private access"
274   AuthUserFile "$${monitor-htaccess:htaccess-path}"
275   Require valid-user
276   Options Indexes FollowSymLinks
277   Satisfy all
278   </Directory>
279 output = $${monitor-directory:etc}/cgi-httpd.conf
280 listening-ip = $${slap-parameters:ipv6-random}
281 # XXX: randomize-me
282 htdocs = $${monitor-directory:www}
283 pid-file = $${monitor-directory:run}/cgi-httpd.pid
284 cgid-pid-file = $${monitor-directory:run}/cgi-httpd-cgid.pid
285 document-root = $${monitor-directory:www}
286 error-log = $${monitor-directory:log}/cgi-httpd-error-log
287
288 [cgi-httpd-wrapper]
289 recipe = slapos.cookbook:wrapper
290 apache-executable = ${apache:location}/bin/httpd
291 command-line = $${:apache-executable} -f $${cgi-httpd-configuration-file:output} -DFOREGROUND
292 wrapper-path = $${ca-httpd:executable}
293
294 [cgi-httpd-graceful-wrapper]
295 recipe = slapos.cookbook:wrapper
296 command-line = kill -USR1 $(cat $${cgi-httpd-configuration-file:pid-file})
297 wrapper-path = $${monitor-directory:etc-run}/cgi-httpd-graceful
298
299 [monitor-promise]
300 recipe = slapos.cookbook:check_url_available
301 path = $${monitor-directory:promise}/monitor
302 url = $${monitor-parameters:url}/$${monitor-parameters:index-filename}
303 check-secure = 1
304 dash_path = ${dash:location}/bin/dash
305 curl_path = ${curl:location}/bin/curl
306
307 [publish-connection-informations]
308 recipe = slapos.cookbook:publish
309 monitor_url = $${monitor-parameters:url}
310 IMPORTANT_monitor_info = Change the monitor_password as soon as possible ! Default is : $${public:monitor-password} . You can change it in the setting.cgi section of your monitorin interface